Checkout Tools
  • last updated 46 mins ago
Constraints: committers
Constraints: files
Constraints: dates
update license header text
  1. … 235 more files in changeset.
Revert copyright date change patch. Wait until we have

a universal policy and procedure... we cannot willy

nilly change the dates unless significant or

material changes are made.

  1. … 207 more files in changeset.
Update to 2006

  1. … 207 more files in changeset.
general property cleanup

  1. … 847 more files in changeset.
apply Apache License, Version 2.0

  1. … 49 more files in changeset.
update license to 2004

  1. … 158 more files in changeset.
update license to 2003.

  1. … 156 more files in changeset.

Update our copyright for this year, plus fix two files that had included

the wrong license.

  1. … 155 more files in changeset.

Fix the file-owner and file-group processing; I inadvertently

added them as 'and' operations, so if they were specified but

not matched, nothing else could match either. Fixed..

No file owner/groups on OS/2 either.

Fixed a compile problem for Win32 and NetWare

Fix recent mod_auth breakage (is there an OS2 patch lurking out there?)

Submitted by: Pavel Novy <>

get*id() don't work on Windows; thanks to OtherBill for pointing

it out.

  1. … 2 more files in changeset.

Add support for 'Require file-owner' and 'Require file-group'.

  1. … 1 more file in changeset.
Change everything to The Apache Software License 1.1

  1. … 133 more files in changeset.
Change URLs for the HTTP server project to point to

  1. … 135 more files in changeset.
It's already late 2000, and our copyright notices still say "1999".

  1. … 135 more files in changeset.
Make implementation/descriptions of the FLAG directives

AuthAuthoritative, MetaFiles and ExtendedStatus consistent with

documentation and the standard way of implementation those directives.

Submitted by: David MacKenzie <>, Ralf S. Engelschall

Reviewed by: Ralf S. Engelschall

PR: 5642

  1. … 3 more files in changeset.

Fix some spacing issues in the SHA1 and ap_validate_password

changes. ap_validate_password() isn't called by anything in

the core, so the link may well omit it -- causing DSO mod_auth*

modules to fail to load. Force a reference to it into the

core server so that won't happen. As soon as ap_checkpass.c

includes any other symbols routinely referenced by the core,

the kludge at the bottom of http_main.c can go away. Or earlier,

if someone finds a better solution.

  1. … 8 more files in changeset.
In order to fold in support for SHA / LDAP Directory Interchange

Format style passwords (which make integration or migration between

apache and netscape intstallations easier) the following has been done:

1. move ap_validate_passwd() out into its own function, and

change includes from ap_md5.h into ap_checkpasswd.h in the

various auth sections.

2. collate some to64 encodings into a single ap_to64

3. Add a ap_sha1.c along the lines of ap_md5.c

4. Add some flags to htpasswd, and make some man page chnages

Added some blurp in the html docs.

5. add a directory SHA1 in support with some usefull examples

for peoply trying to integrate or migrate from/to netscape


Obtained from Clinton Wong <> and reworked into

something sepearate from ap_mda5c.c

But it could benefit from further abstraction; same goed for the

various base64, uunecode and mime-style base64 encoders we have

floating around.

Also, we could deal with string lenghts and verify lengths better.

Added Files:









Modified Files:












  1. … 19 more files in changeset.

Rework the ap_MD5Encode() routine to use FreeBSD's algorithm

and a private significator ("$apr1"); also make it reentrant.

Abstract the password checking into a new routine,

ap_validate_password(plaintext, hashed), and modify mod_auth*.c

to use it instead of each doing the algorithm check.

Obtained from: FreeBSD 3.0 /usr/src/lib/libcrypt/crypt.c (MD5)

  1. … 10 more files in changeset.
We have found the prototype for crypt. Since people actually once in

a while are "nice enough" to write in telling me that they know where

the prototype is on their system based on that comment, plus we

don't do the casting associated with the comment any more, it can

go away.


Obtained from:

Submitted by:

Reviewed by:

  1. … 2 more files in changeset.

Enhance the authentication password handling so that stored

passwords can be encrypted with either DES or MD5. htpasswd can

now generate either on systems that allow both, and MD5 on

Win32. .htpasswd files can contain both types; usernames

with passwords encrypted with MD5 and usernames with DES

passwords can appear in the same file. The authentication

modules (mod_auth, mod_auth_db, mod_auth_dbm) autosense the

correct algorithm from the stored password.

This gives us encrypted passwords on Win32 at last. This is

only the first part of the patch; some changes to allow the

Win32 side to build properly are being fixed and should be

committed to-morrow. However, Unix systems can build with

and use these immediately.

Submitted by: Ryan Bloom <rbb@Raleigh.IBM.Com>

Reviewed by: Ken Coar

  1. … 8 more files in changeset.
``Oh, by the way: the same procedure as last year?

The same procedure as _every_ year, James!''

So, a lot of touched files here, but it's just a tiny harmless patch.

As every year we bump up the year number in our copyright headers.

1. "199x-1998" => "199x-1999"

2. "1998" => "1998-1999"

  1. … 126 more files in changeset.
Log an error if we encounter a malformed "require" directive in

mod_auth if we know that we know that no other module can deal with



Obtained from:

Submitted by:

Reviewed by:

  1. … 1 more file in changeset.
Fix `require ...' directive parsing in mod_auth, mod_auth_dbm and mod_auth_db

by using ap_getword_white() (which uses ap_isspace()) instead of

ap_getword(..., ' ') (which parses only according to spaces but not tabs).

Submitted by: James Morris <>

Reviewed and extended to other mods: Ralf S. Engelschall

PR: 3105

  1. … 3 more files in changeset.
Correct the error_log mess in a uniform manner. Add ap_log_rerror() which

includes the client ip address in the log message (it takes a request_rec *

instead of a server_rec *).

PR: 2661

  1. … 37 more files in changeset.
Add a warning if a valid user that enters a proper password fails

to get access to a directory because they aren't in the list of

those allowed access.


Obtained from:

Submitted by:

Reviewed by:

added 'const' in a couple of causes because Ben fixed this in the include file. This fixes the compiler warning for all the sent_pw pointers

  1. … 3 more files in changeset.