Merge ~ahasenack/ubuntu/+source/apache2:xenial-includeoptional-1766186 into ubuntu/+source/apache2:ubuntu/xenial-devel
- Git
- lp:~ahasenack/ubuntu/+source/apache2
- xenial-includeoptional-1766186
- Merge into ubuntu/xenial-devel
Status: | Merged |
---|---|
Approved by: | Christian Ehrhardt |
Approved revision: | 6cca101bd238b307980179f2344dcb5b7515eb93 |
Merge reported by: | Andreas Hasenack |
Merged at revision: | 6cca101bd238b307980179f2344dcb5b7515eb93 |
Proposed branch: | ~ahasenack/ubuntu/+source/apache2:xenial-includeoptional-1766186 |
Merge into: | ubuntu/+source/apache2:ubuntu/xenial-devel |
Diff against target: |
339829 lines (+333155/-0) 1097 files modified
debian/changelog (+8/-0) debian/patches/includeoptional-ignore-non-existent.patch (+61/-0) debian/patches/series (+1/-0) docs/manual/style/latex/atbeginend.sty (+80/-0) docs/manual/style/manualpage.dtd (+29/-0) docs/manual/style/modulesynopsis.dtd (+77/-0) docs/manual/style/scripts/MINIFY (+5/-0) docs/manual/style/scripts/prettify.js (+1622/-0) docs/manual/style/scripts/prettify.min.js (+123/-0) docs/manual/style/sitemap.dtd (+42/-0) docs/manual/style/version.ent (+24/-0) docs/manual/suexec.html (+21/-0) docs/manual/suexec.html.en (+643/-0) docs/manual/suexec.html.fr (+689/-0) docs/manual/suexec.html.ja.utf8 (+643/-0) docs/manual/suexec.html.ko.euc-kr (+564/-0) docs/manual/suexec.html.tr.utf8 (+583/-0) docs/manual/upgrading.html (+9/-0) docs/manual/upgrading.html.en (+416/-0) docs/manual/upgrading.html.fr (+454/-0) docs/manual/urlmapping.html (+21/-0) docs/manual/urlmapping.html.en (+379/-0) docs/manual/urlmapping.html.fr (+402/-0) docs/manual/urlmapping.html.ja.utf8 (+318/-0) docs/manual/urlmapping.html.ko.euc-kr (+277/-0) docs/manual/urlmapping.html.tr.utf8 (+365/-0) docs/manual/vhosts/details.html (+17/-0) docs/manual/vhosts/details.html.en (+348/-0) docs/manual/vhosts/details.html.fr (+369/-0) docs/manual/vhosts/details.html.ko.euc-kr (+412/-0) docs/manual/vhosts/details.html.tr.utf8 (+319/-0) docs/manual/vhosts/examples.html (+21/-0) docs/manual/vhosts/examples.html.en (+568/-0) docs/manual/vhosts/examples.html.fr (+588/-0) docs/manual/vhosts/examples.html.ja.utf8 (+680/-0) docs/manual/vhosts/examples.html.ko.euc-kr (+657/-0) docs/manual/vhosts/examples.html.tr.utf8 (+561/-0) docs/manual/vhosts/fd-limits.html (+21/-0) docs/manual/vhosts/fd-limits.html.en (+155/-0) docs/manual/vhosts/fd-limits.html.fr (+167/-0) docs/manual/vhosts/fd-limits.html.ja.utf8 (+157/-0) docs/manual/vhosts/fd-limits.html.ko.euc-kr (+152/-0) docs/manual/vhosts/fd-limits.html.tr.utf8 (+150/-0) docs/manual/vhosts/index.html (+29/-0) docs/manual/vhosts/index.html.de (+124/-0) docs/manual/vhosts/index.html.en (+119/-0) docs/manual/vhosts/index.html.fr (+121/-0) docs/manual/vhosts/index.html.ja.utf8 (+120/-0) docs/manual/vhosts/index.html.ko.euc-kr (+119/-0) docs/manual/vhosts/index.html.tr.utf8 (+119/-0) docs/manual/vhosts/index.html.zh-cn.utf8 (+104/-0) docs/manual/vhosts/ip-based.html (+21/-0) docs/manual/vhosts/ip-based.html.en (+210/-0) docs/manual/vhosts/ip-based.html.fr (+213/-0) docs/manual/vhosts/ip-based.html.ja.utf8 (+190/-0) docs/manual/vhosts/ip-based.html.ko.euc-kr (+180/-0) docs/manual/vhosts/ip-based.html.tr.utf8 (+211/-0) docs/manual/vhosts/mass.html (+17/-0) docs/manual/vhosts/mass.html.en (+337/-0) docs/manual/vhosts/mass.html.fr (+352/-0) docs/manual/vhosts/mass.html.ko.euc-kr (+453/-0) docs/manual/vhosts/mass.html.tr.utf8 (+324/-0) docs/manual/vhosts/name-based.html (+25/-0) docs/manual/vhosts/name-based.html.de (+299/-0) docs/manual/vhosts/name-based.html.en (+224/-0) docs/manual/vhosts/name-based.html.fr (+267/-0) docs/manual/vhosts/name-based.html.ja.utf8 (+303/-0) docs/manual/vhosts/name-based.html.ko.euc-kr (+266/-0) docs/manual/vhosts/name-based.html.tr.utf8 (+238/-0) emacs-style (+12/-0) httpd.dsp (+111/-0) httpd.spec (+505/-0) include/.indent.pro (+54/-0) include/ap_compat.h (+30/-0) include/ap_config.h (+206/-0) include/ap_config_auto.h.in (+293/-0) include/ap_config_layout.h.in (+64/-0) include/ap_expr.h (+353/-0) include/ap_hooks.h (+162/-0) include/ap_listen.h (+163/-0) include/ap_mmn.h (+499/-0) include/ap_mpm.h (+235/-0) include/ap_provider.h (+100/-0) include/ap_regex.h (+248/-0) include/ap_regkey.h (+219/-0) include/ap_release.h (+83/-0) include/ap_slotmem.h (+199/-0) include/ap_socache.h (+230/-0) include/apache_noprobes.h (+344/-0) include/heartbeat.h (+60/-0) include/http_config.h (+1362/-0) include/http_connection.h (+154/-0) include/http_core.h (+1006/-0) include/http_log.h (+836/-0) include/http_main.h (+88/-0) include/http_protocol.h (+991/-0) include/http_request.h (+615/-0) include/http_vhost.h (+119/-0) include/httpd.h (+2324/-0) include/mod_auth.h (+141/-0) include/mod_core.h (+103/-0) include/mod_request.h (+64/-0) include/mpm_common.h (+470/-0) include/scoreboard.h (+239/-0) include/util_cfgtree.h (+98/-0) include/util_charset.h (+72/-0) include/util_cookies.h (+146/-0) include/util_ebcdic.h (+92/-0) include/util_fcgi.h (+280/-0) include/util_filter.h (+639/-0) include/util_ldap.h (+398/-0) include/util_md5.h (+72/-0) include/util_mutex.h (+223/-0) include/util_script.h (+233/-0) include/util_time.h (+117/-0) include/util_varbuf.h (+197/-0) include/util_xml.h (+51/-0) libhttpd.dsp (+813/-0) modules/Makefile.in (+6/-0) modules/NWGNUmakefile (+121/-0) modules/README (+67/-0) modules/aaa/.indent.pro (+54/-0) modules/aaa/Makefile.in (+3/-0) modules/aaa/NWGNUaccesscompat (+248/-0) modules/aaa/NWGNUallowmethods (+248/-0) modules/aaa/NWGNUauthbasc (+248/-0) modules/aaa/NWGNUauthdigt (+248/-0) modules/aaa/NWGNUauthform (+250/-0) modules/aaa/NWGNUauthnano (+248/-0) modules/aaa/NWGNUauthndbd (+249/-0) modules/aaa/NWGNUauthndbm (+248/-0) modules/aaa/NWGNUauthnfil (+248/-0) modules/aaa/NWGNUauthnsocache (+248/-0) modules/aaa/NWGNUauthnzldap (+264/-0) modules/aaa/NWGNUauthzdbd (+249/-0) modules/aaa/NWGNUauthzdbm (+248/-0) modules/aaa/NWGNUauthzgrp (+247/-0) modules/aaa/NWGNUauthzusr (+247/-0) modules/aaa/NWGNUmakefile (+270/-0) modules/aaa/config.m4 (+84/-0) modules/aaa/mod_access_compat.c (+376/-0) modules/aaa/mod_access_compat.dsp (+111/-0) modules/aaa/mod_allowmethods.c (+158/-0) modules/aaa/mod_allowmethods.dsp (+111/-0) modules/aaa/mod_auth_basic.c (+512/-0) modules/aaa/mod_auth_basic.dsp (+111/-0) modules/aaa/mod_auth_digest.c (+2072/-0) modules/aaa/mod_auth_digest.dsp (+111/-0) modules/aaa/mod_auth_form.c (+1333/-0) modules/aaa/mod_auth_form.dsp (+111/-0) modules/aaa/mod_authn_anon.c (+215/-0) modules/aaa/mod_authn_anon.dsp (+111/-0) modules/aaa/mod_authn_core.c (+386/-0) modules/aaa/mod_authn_core.dsp (+111/-0) modules/aaa/mod_authn_dbd.c (+314/-0) modules/aaa/mod_authn_dbd.dsp (+115/-0) modules/aaa/mod_authn_dbm.c (+208/-0) modules/aaa/mod_authn_dbm.dsp (+111/-0) modules/aaa/mod_authn_file.c (+194/-0) modules/aaa/mod_authn_file.dsp (+111/-0) modules/aaa/mod_authn_socache.c (+480/-0) modules/aaa/mod_authn_socache.dsp (+111/-0) modules/aaa/mod_authnz_fcgi.c (+1363/-0) modules/aaa/mod_authnz_fcgi.dsp (+119/-0) modules/aaa/mod_authnz_ldap.c (+1954/-0) modules/aaa/mod_authnz_ldap.dsp (+111/-0) modules/aaa/mod_authz_core.c (+1164/-0) modules/aaa/mod_authz_core.dsp (+111/-0) modules/aaa/mod_authz_dbd.c (+405/-0) modules/aaa/mod_authz_dbd.dsp (+119/-0) modules/aaa/mod_authz_dbd.h (+44/-0) modules/aaa/mod_authz_dbm.c (+336/-0) modules/aaa/mod_authz_dbm.dsp (+111/-0) modules/aaa/mod_authz_groupfile.c (+331/-0) modules/aaa/mod_authz_groupfile.dsp (+111/-0) modules/aaa/mod_authz_host.c (+316/-0) modules/aaa/mod_authz_host.dsp (+111/-0) modules/aaa/mod_authz_owner.c (+189/-0) modules/aaa/mod_authz_owner.dsp (+111/-0) modules/aaa/mod_authz_owner.h (+27/-0) modules/aaa/mod_authz_user.c (+146/-0) modules/aaa/mod_authz_user.dsp (+111/-0) modules/arch/netware/libprews.c (+79/-0) modules/arch/netware/mod_netware.c (+206/-0) modules/arch/netware/mod_nw_ssl.c (+1286/-0) modules/arch/unix/Makefile.in (+3/-0) modules/arch/unix/config5.m4 (+24/-0) modules/arch/unix/mod_privileges.c (+588/-0) modules/arch/unix/mod_unixd.c (+426/-0) modules/arch/unix/mod_unixd.h (+41/-0) modules/arch/win32/Makefile.in (+3/-0) modules/arch/win32/config.m4 (+9/-0) modules/arch/win32/mod_isapi.c (+1727/-0) modules/arch/win32/mod_isapi.dsp (+115/-0) modules/arch/win32/mod_isapi.h (+271/-0) modules/arch/win32/mod_win32.c (+563/-0) modules/cache/.indent.pro (+54/-0) modules/cache/Makefile.in (+3/-0) modules/cache/NWGNUcach_dsk (+262/-0) modules/cache/NWGNUcach_socache (+263/-0) modules/cache/NWGNUmakefile (+250/-0) modules/cache/NWGNUmod_cach (+265/-0) modules/cache/NWGNUsocachdbm (+261/-0) modules/cache/NWGNUsocachmem (+260/-0) modules/cache/NWGNUsocachshmcb (+261/-0) modules/cache/cache_common.h (+56/-0) modules/cache/cache_disk_common.h (+68/-0) modules/cache/cache_socache_common.h (+57/-0) modules/cache/cache_storage.c (+780/-0) modules/cache/cache_storage.h (+76/-0) modules/cache/cache_util.c (+1328/-0) modules/cache/cache_util.h (+335/-0) modules/cache/config.m4 (+142/-0) modules/cache/mod_cache.c (+2697/-0) modules/cache/mod_cache.dsp (+131/-0) modules/cache/mod_cache.h (+192/-0) modules/cache/mod_cache_disk.c (+1573/-0) modules/cache/mod_cache_disk.dsp (+115/-0) modules/cache/mod_cache_disk.h (+91/-0) modules/cache/mod_cache_socache.c (+1569/-0) modules/cache/mod_cache_socache.dsp (+115/-0) modules/cache/mod_file_cache.c (+414/-0) modules/cache/mod_file_cache.dsp (+111/-0) modules/cache/mod_file_cache.exp (+1/-0) modules/cache/mod_socache_dbm.c (+598/-0) modules/cache/mod_socache_dbm.dsp (+111/-0) modules/cache/mod_socache_dc.c (+198/-0) modules/cache/mod_socache_dc.dsp (+111/-0) modules/cache/mod_socache_memcache.c (+371/-0) modules/cache/mod_socache_memcache.dsp (+111/-0) modules/cache/mod_socache_shmcb.c (+1068/-0) modules/cache/mod_socache_shmcb.dsp (+111/-0) modules/cluster/Makefile.in (+3/-0) modules/cluster/NWGNUmakefile (+246/-0) modules/cluster/NWGNUmodheartbeat (+257/-0) modules/cluster/NWGNUmodheartmonitor (+257/-0) modules/cluster/README.heartbeat (+33/-0) modules/cluster/README.heartmonitor (+30/-0) modules/cluster/config5.m4 (+17/-0) modules/cluster/mod_heartbeat.c (+228/-0) modules/cluster/mod_heartbeat.dsp (+123/-0) modules/cluster/mod_heartmonitor.c (+907/-0) modules/cluster/mod_heartmonitor.dsp (+123/-0) modules/config7.m4 (+56/-0) modules/core/Makefile.in (+3/-0) modules/core/NWGNUmakefile (+257/-0) modules/core/config.m4 (+60/-0) modules/core/mod_macro.c (+955/-0) modules/core/mod_macro.dsp (+111/-0) modules/core/mod_so.c (+442/-0) modules/core/mod_so.h (+38/-0) modules/core/mod_watchdog.c (+702/-0) modules/core/mod_watchdog.dsp (+115/-0) modules/core/mod_watchdog.h (+213/-0) modules/core/test/Makefile (+67/-0) modules/core/test/conf/inc63_1.conf (+5/-0) modules/core/test/conf/inc63_2.conf (+3/-0) modules/core/test/conf/test01.conf (+3/-0) modules/core/test/conf/test02.conf (+3/-0) modules/core/test/conf/test03.conf (+5/-0) modules/core/test/conf/test04.conf (+5/-0) modules/core/test/conf/test05.conf (+5/-0) modules/core/test/conf/test06.conf (+6/-0) modules/core/test/conf/test07.conf (+3/-0) modules/core/test/conf/test08.conf (+3/-0) modules/core/test/conf/test09.conf (+6/-0) modules/core/test/conf/test10.conf (+10/-0) modules/core/test/conf/test11.conf (+15/-0) modules/core/test/conf/test12.conf (+12/-0) modules/core/test/conf/test13.conf (+18/-0) modules/core/test/conf/test14.conf (+23/-0) modules/core/test/conf/test15.conf (+9/-0) modules/core/test/conf/test16.conf (+11/-0) modules/core/test/conf/test17.conf (+10/-0) modules/core/test/conf/test18.conf (+10/-0) modules/core/test/conf/test19.conf (+26/-0) modules/core/test/conf/test20.conf (+11/-0) modules/core/test/conf/test21.conf (+11/-0) modules/core/test/conf/test22.conf (+11/-0) modules/core/test/conf/test23.conf (+15/-0) modules/core/test/conf/test24.conf (+23/-0) modules/core/test/conf/test25.conf (+27/-0) modules/core/test/conf/test26.conf (+19/-0) modules/core/test/conf/test27.conf (+22/-0) modules/core/test/conf/test28.conf (+13/-0) modules/core/test/conf/test29.conf (+10/-0) modules/core/test/conf/test30.conf (+12/-0) modules/core/test/conf/test31.conf (+16/-0) modules/core/test/conf/test32.conf (+7/-0) modules/core/test/conf/test33.conf (+3/-0) modules/core/test/conf/test34.conf (+14/-0) modules/core/test/conf/test35.conf (+10/-0) modules/core/test/conf/test36.conf (+12/-0) modules/core/test/conf/test37.conf (+7/-0) modules/core/test/conf/test38.conf (+10/-0) modules/core/test/conf/test39.conf (+23/-0) modules/core/test/conf/test40.conf (+33/-0) modules/core/test/conf/test41.conf (+20/-0) modules/core/test/conf/test42.conf (+13/-0) modules/core/test/conf/test43.conf (+29/-0) modules/core/test/conf/test44.conf (+19/-0) modules/core/test/conf/test45.conf (+7/-0) modules/core/test/conf/test46.conf (+11/-0) modules/core/test/conf/test47.conf (+15/-0) modules/core/test/conf/test48.conf (+23/-0) modules/core/test/conf/test49.conf (+2/-0) modules/core/test/conf/test50.conf (+5/-0) modules/core/test/conf/test51.conf (+9/-0) modules/core/test/conf/test52.conf (+8/-0) modules/core/test/conf/test53.conf (+2/-0) modules/core/test/conf/test54.conf (+6/-0) modules/core/test/conf/test55.conf (+11/-0) modules/core/test/conf/test56.conf (+18/-0) modules/core/test/conf/test57.conf (+4/-0) modules/core/test/conf/test58.conf (+4/-0) modules/core/test/conf/test59.conf (+4/-0) modules/core/test/conf/test60.conf (+17/-0) modules/core/test/conf/test61.conf (+18/-0) modules/core/test/conf/test62.conf (+25/-0) modules/core/test/conf/test63.conf (+9/-0) modules/core/test/conf/test64.conf (+5/-0) modules/core/test/conf/test65.conf (+11/-0) modules/core/test/conf/test66.conf (+7/-0) modules/core/test/conf/test67.conf (+1/-0) modules/core/test/conf/test68.conf (+5/-0) modules/core/test/conf/test69.conf (+14/-0) modules/core/test/ref/test01.out (+3/-0) modules/core/test/ref/test02.out (+3/-0) modules/core/test/ref/test03.out (+3/-0) modules/core/test/ref/test04.out (+3/-0) modules/core/test/ref/test05.out (+3/-0) modules/core/test/ref/test06.out (+3/-0) modules/core/test/ref/test07.out (+3/-0) modules/core/test/ref/test08.out (+3/-0) modules/core/test/ref/test09.out (+3/-0) modules/core/test/ref/test10.out (+3/-0) modules/core/test/ref/test11.out (+6/-0) modules/core/test/ref/test12.out (+7/-0) modules/core/test/ref/test13.out (+8/-0) modules/core/test/ref/test14.out (+14/-0) modules/core/test/ref/test15.out (+6/-0) modules/core/test/ref/test16.out (+5/-0) modules/core/test/ref/test17.out (+7/-0) modules/core/test/ref/test18.out (+7/-0) modules/core/test/ref/test19.out (+9/-0) modules/core/test/ref/test20.out (+4/-0) modules/core/test/ref/test21.out (+5/-0) modules/core/test/ref/test22.out (+6/-0) modules/core/test/ref/test23.out (+7/-0) modules/core/test/ref/test24.out (+8/-0) modules/core/test/ref/test25.out (+9/-0) modules/core/test/ref/test26.out (+11/-0) modules/core/test/ref/test27.out (+8/-0) modules/core/test/ref/test28.out (+6/-0) modules/core/test/ref/test29.out (+4/-0) modules/core/test/ref/test30.out (+7/-0) modules/core/test/ref/test31.out (+23/-0) modules/core/test/ref/test32.out (+3/-0) modules/core/test/ref/test33.out (+3/-0) modules/core/test/ref/test34.out (+13/-0) modules/core/test/ref/test35.out (+13/-0) modules/core/test/ref/test36.out (+20/-0) modules/core/test/ref/test37.out (+3/-0) modules/core/test/ref/test38.out (+6/-0) modules/core/test/ref/test39.out (+7/-0) modules/core/test/ref/test40.out (+18/-0) modules/core/test/ref/test41.out (+9/-0) modules/core/test/ref/test42.out (+15/-0) modules/core/test/ref/test43.out (+8/-0) modules/core/test/ref/test44.out (+5/-0) modules/core/test/ref/test45.out (+19/-0) modules/core/test/ref/test46.out (+9/-0) modules/core/test/ref/test47.out (+8/-0) modules/core/test/ref/test48.out (+20/-0) modules/core/test/ref/test49.out (+3/-0) modules/core/test/ref/test50.out (+3/-0) modules/core/test/ref/test51.out (+3/-0) modules/core/test/ref/test52.out (+6/-0) modules/core/test/ref/test53.out (+3/-0) modules/core/test/ref/test54.out (+6/-0) modules/core/test/ref/test55.out (+8/-0) modules/core/test/ref/test56.out (+12/-0) modules/core/test/ref/test57.out (+3/-0) modules/core/test/ref/test58.out (+3/-0) modules/core/test/ref/test59.out (+3/-0) modules/core/test/ref/test60.out (+15/-0) modules/core/test/ref/test61.out (+9/-0) modules/core/test/ref/test62.out (+15/-0) modules/core/test/ref/test63.out (+10/-0) modules/core/test/ref/test64.out (+7/-0) modules/core/test/ref/test65.out (+7/-0) modules/core/test/ref/test66.out (+7/-0) modules/core/test/ref/test67.out (+5/-0) modules/core/test/ref/test68.out (+6/-0) modules/core/test/ref/test69.out (+10/-0) modules/database/Makefile.in (+3/-0) modules/database/NWGNUmakefile (+262/-0) modules/database/config.m4 (+8/-0) modules/database/mod_dbd.c (+992/-0) modules/database/mod_dbd.dsp (+115/-0) modules/database/mod_dbd.h (+123/-0) modules/dav/fs/Makefile.in (+3/-0) modules/dav/fs/NWGNUmakefile (+269/-0) modules/dav/fs/config6.m4 (+23/-0) modules/dav/fs/dbm.c (+771/-0) modules/dav/fs/lock.c (+1445/-0) modules/dav/fs/mod_dav_fs.c (+108/-0) modules/dav/fs/mod_dav_fs.dsp (+135/-0) modules/dav/fs/repos.c (+2254/-0) modules/dav/fs/repos.h (+84/-0) modules/dav/lock/Makefile.in (+3/-0) modules/dav/lock/NWGNUmakefile (+259/-0) modules/dav/lock/config6.m4 (+17/-0) modules/dav/lock/locks.c (+1211/-0) modules/dav/lock/locks.h (+33/-0) modules/dav/lock/mod_dav_lock.c (+104/-0) modules/dav/lock/mod_dav_lock.dsp (+127/-0) modules/dav/main/Makefile.in (+3/-0) modules/dav/main/NWGNUmakefile (+268/-0) modules/dav/main/config5.m4 (+21/-0) modules/dav/main/liveprop.c (+140/-0) modules/dav/main/mod_dav.c (+4927/-0) modules/dav/main/mod_dav.dsp (+147/-0) modules/dav/main/mod_dav.h (+2497/-0) modules/dav/main/props.c (+1126/-0) modules/dav/main/providers.c (+58/-0) modules/dav/main/std_liveprop.c (+226/-0) modules/dav/main/util.c (+2152/-0) modules/dav/main/util_lock.c (+798/-0) modules/debugging/Makefile.in (+3/-0) modules/debugging/NWGNUmakefile (+246/-0) modules/debugging/NWGNUmodbucketeer (+248/-0) modules/debugging/NWGNUmoddumpio (+248/-0) modules/debugging/README (+1/-0) modules/debugging/config.m4 (+7/-0) modules/debugging/mod_bucketeer.c (+187/-0) modules/debugging/mod_bucketeer.dsp (+111/-0) modules/debugging/mod_dumpio.c (+250/-0) modules/debugging/mod_dumpio.dsp (+111/-0) modules/echo/.indent.pro (+54/-0) modules/echo/Makefile.in (+3/-0) modules/echo/NWGNUmakefile (+257/-0) modules/echo/config.m4 (+9/-0) modules/echo/mod_echo.c (+219/-0) modules/echo/mod_echo.dsp (+111/-0) modules/examples/Makefile.in (+3/-0) modules/examples/NWGNUcase_flt (+256/-0) modules/examples/NWGNUcase_flt_in (+256/-0) modules/examples/NWGNUexample_hooks (+257/-0) modules/examples/NWGNUexample_ipc (+257/-0) modules/examples/NWGNUmakefile (+257/-0) modules/examples/README (+54/-0) modules/examples/config.m4 (+9/-0) modules/examples/mod_case_filter.c (+139/-0) modules/examples/mod_case_filter.dsp (+111/-0) modules/examples/mod_case_filter_in.c (+160/-0) modules/examples/mod_case_filter_in.dsp (+111/-0) modules/examples/mod_example_hooks.c (+1533/-0) modules/examples/mod_example_hooks.dsp (+111/-0) modules/examples/mod_example_ipc.c (+356/-0) modules/examples/mod_example_ipc.dsp (+111/-0) modules/experimental/.indent.pro (+54/-0) modules/experimental/Makefile.in (+3/-0) modules/experimental/NWGNUmakefile (+253/-0) modules/experimental/config.m4 (+4/-0) modules/filters/.indent.pro (+54/-0) modules/filters/Makefile.in (+3/-0) modules/filters/NWGNUcharsetl (+257/-0) modules/filters/NWGNUdeflate (+279/-0) modules/filters/NWGNUextfiltr (+248/-0) modules/filters/NWGNUmakefile (+273/-0) modules/filters/NWGNUmod_data (+248/-0) modules/filters/NWGNUmod_filter (+248/-0) modules/filters/NWGNUmod_request (+248/-0) modules/filters/NWGNUmodbuffer (+256/-0) modules/filters/NWGNUmodsed (+259/-0) modules/filters/NWGNUproxyhtml (+261/-0) modules/filters/NWGNUratelimit (+256/-0) modules/filters/NWGNUreflector (+256/-0) modules/filters/NWGNUreqtimeout (+256/-0) modules/filters/NWGNUsubstitute (+256/-0) modules/filters/NWGNUxml2enc (+258/-0) modules/filters/config.m4 (+145/-0) modules/filters/libsed.h (+172/-0) modules/filters/mod_buffer.c (+353/-0) modules/filters/mod_buffer.dsp (+111/-0) modules/filters/mod_charset_lite.c (+1142/-0) modules/filters/mod_charset_lite.dsp (+111/-0) modules/filters/mod_charset_lite.exp (+1/-0) modules/filters/mod_data.c (+255/-0) modules/filters/mod_data.dsp (+111/-0) modules/filters/mod_deflate.c (+1913/-0) modules/filters/mod_deflate.dsp (+111/-0) modules/filters/mod_deflate.exp (+1/-0) modules/filters/mod_ext_filter.c (+949/-0) modules/filters/mod_ext_filter.dsp (+111/-0) modules/filters/mod_ext_filter.exp (+1/-0) modules/filters/mod_filter.c (+767/-0) modules/filters/mod_filter.dsp (+111/-0) modules/filters/mod_include.c (+4219/-0) modules/filters/mod_include.dsp (+115/-0) modules/filters/mod_include.exp (+1/-0) modules/filters/mod_include.h (+120/-0) modules/filters/mod_proxy_html.c (+1281/-0) modules/filters/mod_proxy_html.dsp (+123/-0) modules/filters/mod_ratelimit.c (+313/-0) modules/filters/mod_ratelimit.dsp (+115/-0) modules/filters/mod_ratelimit.h (+51/-0) modules/filters/mod_reflector.c (+226/-0) modules/filters/mod_reflector.dsp (+111/-0) modules/filters/mod_reqtimeout.c (+646/-0) modules/filters/mod_reqtimeout.dsp (+111/-0) modules/filters/mod_request.c (+397/-0) modules/filters/mod_request.dsp (+115/-0) modules/filters/mod_sed.c (+537/-0) modules/filters/mod_sed.dsp (+135/-0) modules/filters/mod_substitute.c (+730/-0) modules/filters/mod_substitute.dsp (+111/-0) modules/filters/mod_xml2enc.c (+631/-0) modules/filters/mod_xml2enc.dsp (+123/-0) modules/filters/mod_xml2enc.h (+55/-0) modules/filters/regexp.c (+599/-0) modules/filters/regexp.h (+112/-0) modules/filters/sed.h (+61/-0) modules/filters/sed0.c (+1026/-0) modules/filters/sed1.c (+1019/-0) modules/generators/.indent.pro (+54/-0) modules/generators/Makefile.in (+3/-0) modules/generators/NWGNUautoindex (+249/-0) modules/generators/NWGNUinfo (+248/-0) modules/generators/NWGNUmakefile (+249/-0) modules/generators/NWGNUmod_asis (+249/-0) modules/generators/NWGNUmod_cgi (+249/-0) modules/generators/NWGNUstatus (+248/-0) modules/generators/config5.m4 (+81/-0) modules/generators/mod_asis.c (+128/-0) modules/generators/mod_asis.dsp (+111/-0) modules/generators/mod_asis.exp (+1/-0) modules/generators/mod_autoindex.c (+2340/-0) modules/generators/mod_autoindex.dsp (+111/-0) modules/generators/mod_autoindex.exp (+1/-0) modules/generators/mod_cgi.c (+1285/-0) modules/generators/mod_cgi.dsp (+115/-0) modules/generators/mod_cgi.exp (+1/-0) modules/generators/mod_cgi.h (+67/-0) modules/generators/mod_cgid.c (+1961/-0) modules/generators/mod_cgid.exp (+1/-0) modules/generators/mod_info.c (+1011/-0) modules/generators/mod_info.dsp (+111/-0) modules/generators/mod_info.exp (+1/-0) modules/generators/mod_status.c (+987/-0) modules/generators/mod_status.dsp (+111/-0) modules/generators/mod_status.exp (+1/-0) modules/generators/mod_status.h (+64/-0) modules/generators/mod_suexec.c (+139/-0) modules/generators/mod_suexec.h (+33/-0) modules/http/.indent.pro (+54/-0) modules/http/Makefile.in (+3/-0) modules/http/byterange_filter.c (+611/-0) modules/http/chunk_filter.c (+196/-0) modules/http/config.m4 (+20/-0) modules/http/http_core.c (+328/-0) modules/http/http_etag.c (+220/-0) modules/http/http_filters.c (+1742/-0) modules/http/http_protocol.c (+1678/-0) modules/http/http_request.c (+801/-0) modules/http/mod_mime.c (+1026/-0) modules/http/mod_mime.dsp (+111/-0) modules/http/mod_mime.exp (+1/-0) modules/http2/.gitignore (+35/-0) modules/http2/Makefile.in (+20/-0) modules/http2/NWGNUmakefile (+331/-0) modules/http2/README.h2 (+70/-0) modules/http2/config.m4 (+197/-0) modules/http2/h2_alt_svc.c (+132/-0) modules/http2/h2_alt_svc.h (+39/-0) modules/http2/h2_bucket_eoc.c (+109/-0) modules/http2/h2_bucket_eoc.h (+31/-0) modules/http2/h2_bucket_eos.c (+109/-0) modules/http2/h2_bucket_eos.h (+30/-0) modules/http2/h2_config.c (+576/-0) modules/http2/h2_config.h (+92/-0) modules/http2/h2_conn.c (+329/-0) modules/http2/h2_conn.h (+55/-0) modules/http2/h2_conn_io.c (+401/-0) modules/http2/h2_conn_io.h (+74/-0) modules/http2/h2_ctx.c (+90/-0) modules/http2/h2_ctx.h (+63/-0) modules/http2/h2_from_h1.c (+589/-0) modules/http2/h2_from_h1.h (+74/-0) modules/http2/h2_h2.c (+687/-0) modules/http2/h2_h2.h (+119/-0) modules/http2/h2_io.c (+298/-0) modules/http2/h2_io.h (+155/-0) modules/http2/h2_io_set.c (+171/-0) modules/http2/h2_io_set.h (+56/-0) modules/http2/h2_mplx.c (+972/-0) modules/http2/h2_mplx.h (+373/-0) modules/http2/h2_private.h (+36/-0) modules/http2/h2_push.c (+395/-0) modules/http2/h2_push.h (+31/-0) modules/http2/h2_request.c (+455/-0) modules/http2/h2_request.h (+86/-0) modules/http2/h2_response.c (+180/-0) modules/http2/h2_response.h (+82/-0) modules/http2/h2_session.c (+1766/-0) modules/http2/h2_session.h (+207/-0) modules/http2/h2_stream.c (+684/-0) modules/http2/h2_stream.h (+309/-0) modules/http2/h2_stream_set.c (+145/-0) modules/http2/h2_stream_set.h (+51/-0) modules/http2/h2_switch.c (+182/-0) modules/http2/h2_switch.h (+29/-0) modules/http2/h2_task.c (+267/-0) modules/http2/h2_task.h (+78/-0) modules/http2/h2_task_input.c (+207/-0) modules/http2/h2_task_input.h (+46/-0) modules/http2/h2_task_output.c (+148/-0) modules/http2/h2_task_output.h (+56/-0) modules/http2/h2_task_queue.c (+181/-0) modules/http2/h2_task_queue.h (+99/-0) modules/http2/h2_util.c (+987/-0) modules/http2/h2_util.h (+183/-0) modules/http2/h2_version.h (+34/-0) modules/http2/h2_worker.c (+204/-0) modules/http2/h2_worker.h (+153/-0) modules/http2/h2_workers.c (+384/-0) modules/http2/h2_workers.h (+88/-0) modules/http2/mod_h2.h (+19/-0) modules/http2/mod_http2.c (+146/-0) modules/http2/mod_http2.dsp (+215/-0) modules/ldap/Makefile.in (+3/-0) modules/ldap/NWGNUmakefile (+264/-0) modules/ldap/README.ldap (+47/-0) modules/ldap/config.m4 (+25/-0) modules/ldap/mod_ldap.dsp (+127/-0) modules/ldap/util_ldap.c (+3222/-0) modules/ldap/util_ldap_cache.c (+464/-0) modules/ldap/util_ldap_cache.h (+204/-0) modules/ldap/util_ldap_cache_mgr.c (+882/-0) modules/loggers/.indent.pro (+54/-0) modules/loggers/Makefile.in (+3/-0) modules/loggers/NWGNUforensic (+258/-0) modules/loggers/NWGNUlogdebug (+258/-0) modules/loggers/NWGNUmakefile (+247/-0) modules/loggers/NWGNUmodlogio (+258/-0) modules/loggers/config.m4 (+20/-0) modules/loggers/mod_log_config.c (+1825/-0) modules/loggers/mod_log_config.dsp (+111/-0) modules/loggers/mod_log_config.exp (+1/-0) modules/loggers/mod_log_config.h (+74/-0) modules/loggers/mod_log_debug.c (+283/-0) modules/loggers/mod_log_debug.dsp (+111/-0) modules/loggers/mod_log_forensic.c (+289/-0) modules/loggers/mod_log_forensic.dsp (+111/-0) modules/loggers/mod_log_forensic.exp (+1/-0) modules/loggers/mod_logio.c (+285/-0) modules/loggers/mod_logio.dsp (+111/-0) modules/lua/Makefile.in (+3/-0) modules/lua/NWGNUmakefile (+284/-0) modules/lua/README (+80/-0) modules/lua/config.m4 (+208/-0) modules/lua/docs/README (+12/-0) modules/lua/docs/basic-configuration.txt (+141/-0) modules/lua/docs/building-from-subversion.txt (+72/-0) modules/lua/docs/running-developer-tests.txt (+16/-0) modules/lua/docs/writing-handlers.txt (+49/-0) modules/lua/lua_apr.c (+100/-0) modules/lua/lua_apr.h (+36/-0) modules/lua/lua_config.c (+276/-0) modules/lua/lua_config.h (+31/-0) modules/lua/lua_dbd.c (+843/-0) modules/lua/lua_dbd.h (+66/-0) modules/lua/lua_passwd.c (+178/-0) modules/lua/lua_passwd.h (+90/-0) modules/lua/lua_request.c (+2954/-0) modules/lua/lua_request.h (+58/-0) modules/lua/lua_vmprep.c (+526/-0) modules/lua/lua_vmprep.h (+147/-0) modules/lua/mod_lua.c (+2172/-0) modules/lua/mod_lua.dsp (+163/-0) modules/lua/mod_lua.h (+176/-0) modules/lua/test/helpers.lua (+36/-0) modules/lua/test/htdocs/config_tests.lua (+37/-0) modules/lua/test/htdocs/filters.lua (+7/-0) modules/lua/test/htdocs/find_me.txt (+1/-0) modules/lua/test/htdocs/headers.lua (+6/-0) modules/lua/test/htdocs/hooks.lua (+29/-0) modules/lua/test/htdocs/other.lua (+21/-0) modules/lua/test/htdocs/simple.lua (+4/-0) modules/lua/test/htdocs/test.lua (+129/-0) modules/lua/test/lib/kangaroo.lua (+19/-0) modules/lua/test/moonunit.lua (+52/-0) modules/lua/test/test.lua (+126/-0) modules/lua/test/test_httpd.conf (+31/-0) modules/mappers/.indent.pro (+54/-0) modules/mappers/Makefile.in (+3/-0) modules/mappers/NWGNUactions (+248/-0) modules/mappers/NWGNUimagemap (+249/-0) modules/mappers/NWGNUmakefile (+250/-0) modules/mappers/NWGNUrewrite (+250/-0) modules/mappers/NWGNUspeling (+248/-0) modules/mappers/NWGNUuserdir (+249/-0) modules/mappers/NWGNUvhost (+249/-0) modules/mappers/config9.m4 (+19/-0) modules/mappers/mod_actions.c (+226/-0) modules/mappers/mod_actions.dsp (+111/-0) modules/mappers/mod_actions.exp (+1/-0) modules/mappers/mod_alias.c (+543/-0) modules/mappers/mod_alias.dsp (+111/-0) modules/mappers/mod_alias.exp (+1/-0) modules/mappers/mod_dir.c (+417/-0) modules/mappers/mod_dir.dsp (+111/-0) modules/mappers/mod_dir.exp (+1/-0) modules/mappers/mod_imagemap.c (+903/-0) modules/mappers/mod_imagemap.dsp (+111/-0) modules/mappers/mod_imagemap.exp (+1/-0) modules/mappers/mod_negotiation.c (+3227/-0) modules/mappers/mod_negotiation.dsp (+111/-0) modules/mappers/mod_negotiation.exp (+1/-0) modules/mappers/mod_rewrite.c (+5218/-0) modules/mappers/mod_rewrite.dsp (+111/-0) modules/mappers/mod_rewrite.exp (+1/-0) modules/mappers/mod_rewrite.h (+42/-0) modules/mappers/mod_speling.c (+533/-0) modules/mappers/mod_speling.dsp (+111/-0) modules/mappers/mod_speling.exp (+1/-0) modules/mappers/mod_userdir.c (+390/-0) modules/mappers/mod_userdir.dsp (+111/-0) modules/mappers/mod_userdir.exp (+1/-0) modules/mappers/mod_vhost_alias.c (+457/-0) modules/mappers/mod_vhost_alias.dsp (+111/-0) modules/mappers/mod_vhost_alias.exp (+1/-0) modules/metadata/.indent.pro (+54/-0) modules/metadata/Makefile.in (+3/-0) modules/metadata/NWGNUcernmeta (+248/-0) modules/metadata/NWGNUexpires (+248/-0) modules/metadata/NWGNUheaders (+249/-0) modules/metadata/NWGNUmakefile (+254/-0) modules/metadata/NWGNUmimemagi (+248/-0) modules/metadata/NWGNUmodident (+248/-0) modules/metadata/NWGNUmodversion (+248/-0) modules/metadata/NWGNUremoteip (+248/-0) modules/metadata/NWGNUuniqueid (+257/-0) modules/metadata/NWGNUusertrk (+248/-0) modules/metadata/config.m4 (+24/-0) modules/metadata/mod_cern_meta.c (+371/-0) modules/metadata/mod_cern_meta.dsp (+111/-0) modules/metadata/mod_cern_meta.exp (+1/-0) modules/metadata/mod_env.c (+179/-0) modules/metadata/mod_env.dsp (+111/-0) modules/metadata/mod_env.exp (+1/-0) modules/metadata/mod_expires.c (+571/-0) modules/metadata/mod_expires.dsp (+111/-0) modules/metadata/mod_expires.exp (+1/-0) modules/metadata/mod_headers.c (+1019/-0) modules/metadata/mod_headers.dsp (+111/-0) modules/metadata/mod_headers.exp (+1/-0) modules/metadata/mod_ident.c (+344/-0) modules/metadata/mod_ident.dsp (+111/-0) modules/metadata/mod_ident.exp (+1/-0) modules/metadata/mod_mime_magic.c (+2471/-0) modules/metadata/mod_mime_magic.dsp (+111/-0) modules/metadata/mod_mime_magic.exp (+1/-0) modules/metadata/mod_remoteip.c (+447/-0) modules/metadata/mod_remoteip.dsp (+111/-0) modules/metadata/mod_setenvif.c (+649/-0) modules/metadata/mod_setenvif.dsp (+111/-0) modules/metadata/mod_setenvif.exp (+1/-0) modules/metadata/mod_unique_id.c (+408/-0) modules/metadata/mod_unique_id.dsp (+111/-0) modules/metadata/mod_unique_id.exp (+1/-0) modules/metadata/mod_usertrack.c (+460/-0) modules/metadata/mod_usertrack.dsp (+111/-0) modules/metadata/mod_usertrack.exp (+1/-0) modules/metadata/mod_version.c (+313/-0) modules/metadata/mod_version.dsp (+111/-0) modules/metadata/mod_version.exp (+1/-0) modules/proxy/.indent.pro (+58/-0) modules/proxy/CHANGES (+223/-0) modules/proxy/Makefile.in (+4/-0) modules/proxy/NWGNUmakefile (+258/-0) modules/proxy/NWGNUproxy (+332/-0) modules/proxy/NWGNUproxyajp (+264/-0) modules/proxy/NWGNUproxybalancer (+260/-0) modules/proxy/NWGNUproxycon (+251/-0) modules/proxy/NWGNUproxyexpress (+256/-0) modules/proxy/NWGNUproxyfcgi (+261/-0) modules/proxy/NWGNUproxyftp (+260/-0) modules/proxy/NWGNUproxyhtp (+260/-0) modules/proxy/NWGNUproxylbm_busy (+250/-0) modules/proxy/NWGNUproxylbm_hb (+251/-0) modules/proxy/NWGNUproxylbm_req (+251/-0) modules/proxy/NWGNUproxylbm_traf (+251/-0) modules/proxy/NWGNUproxyscgi (+260/-0) modules/proxy/NWGNUproxywstunnel (+250/-0) modules/proxy/ajp.h (+520/-0) modules/proxy/ajp_header.c (+885/-0) modules/proxy/ajp_header.h (+195/-0) modules/proxy/ajp_link.c (+115/-0) modules/proxy/ajp_msg.c (+639/-0) modules/proxy/ajp_utils.c (+137/-0) modules/proxy/balancers/Makefile.in (+3/-0) modules/proxy/balancers/config2.m4 (+8/-0) modules/proxy/balancers/mod_lbmethod_bybusyness.c (+160/-0) modules/proxy/balancers/mod_lbmethod_bybusyness.dsp (+123/-0) modules/proxy/balancers/mod_lbmethod_byrequests.c (+200/-0) modules/proxy/balancers/mod_lbmethod_byrequests.dsp (+123/-0) modules/proxy/balancers/mod_lbmethod_bytraffic.c (+169/-0) modules/proxy/balancers/mod_lbmethod_bytraffic.dsp (+123/-0) modules/proxy/balancers/mod_lbmethod_heartbeat.c (+466/-0) modules/proxy/balancers/mod_lbmethod_heartbeat.dsp (+123/-0) modules/proxy/config.m4 (+66/-0) modules/proxy/examples/mod_lbmethod_rr.c (+134/-0) modules/proxy/examples/mod_lbmethod_rr.dsp (+111/-0) modules/proxy/libproxy.exp (+1/-0) modules/proxy/mod_proxy.c (+2829/-0) modules/proxy/mod_proxy.dsp (+127/-0) modules/proxy/mod_proxy.h (+1048/-0) modules/proxy/mod_proxy_ajp.c (+826/-0) modules/proxy/mod_proxy_ajp.dsp (+151/-0) modules/proxy/mod_proxy_balancer.c (+1718/-0) modules/proxy/mod_proxy_balancer.dsp (+123/-0) modules/proxy/mod_proxy_connect.c (+518/-0) modules/proxy/mod_proxy_connect.dsp (+123/-0) modules/proxy/mod_proxy_express.c (+223/-0) modules/proxy/mod_proxy_express.dsp (+123/-0) modules/proxy/mod_proxy_fcgi.c (+952/-0) modules/proxy/mod_proxy_fcgi.dsp (+123/-0) modules/proxy/mod_proxy_fdpass.c (+241/-0) modules/proxy/mod_proxy_fdpass.h (+41/-0) modules/proxy/mod_proxy_ftp.c (+2126/-0) modules/proxy/mod_proxy_ftp.dsp (+123/-0) modules/proxy/mod_proxy_http.c (+2093/-0) modules/proxy/mod_proxy_http.dsp (+123/-0) modules/proxy/mod_proxy_scgi.c (+673/-0) modules/proxy/mod_proxy_scgi.dsp (+123/-0) modules/proxy/mod_proxy_wstunnel.c (+417/-0) modules/proxy/mod_proxy_wstunnel.dsp (+123/-0) modules/proxy/proxy_util.c (+3638/-0) modules/proxy/proxy_util.h (+45/-0) modules/proxy/scgi.h (+36/-0) modules/session/Makefile.in (+4/-0) modules/session/NWGNUmakefile (+257/-0) modules/session/NWGNUsession (+254/-0) modules/session/NWGNUsession_cookie (+253/-0) modules/session/NWGNUsession_crypto (+255/-0) modules/session/NWGNUsession_dbd (+253/-0) modules/session/config.m4 (+68/-0) modules/session/mod_session.c (+669/-0) modules/session/mod_session.dsp (+115/-0) modules/session/mod_session.h (+186/-0) modules/session/mod_session_cookie.c (+284/-0) modules/session/mod_session_cookie.dsp (+111/-0) modules/session/mod_session_crypto.c (+649/-0) modules/session/mod_session_crypto.dsp (+111/-0) modules/session/mod_session_dbd.c (+640/-0) modules/session/mod_session_dbd.dsp (+111/-0) modules/slotmem/Makefile.in (+3/-0) modules/slotmem/NWGNUmakefile (+246/-0) modules/slotmem/NWGNUslotmem_plain (+250/-0) modules/slotmem/NWGNUslotmem_shm (+250/-0) modules/slotmem/config.m4 (+10/-0) modules/slotmem/mod_slotmem_plain.c (+343/-0) modules/slotmem/mod_slotmem_plain.dsp (+111/-0) modules/slotmem/mod_slotmem_shm.c (+809/-0) modules/slotmem/mod_slotmem_shm.dsp (+111/-0) modules/ssl/Makefile.in (+20/-0) modules/ssl/NWGNUmakefile (+327/-0) modules/ssl/README (+106/-0) modules/ssl/README.dsov.fig (+346/-0) modules/ssl/README.dsov.ps (+1138/-0) modules/ssl/config.m4 (+57/-0) modules/ssl/mod_ssl.c (+648/-0) modules/ssl/mod_ssl.dsp (+195/-0) modules/ssl/mod_ssl.h (+67/-0) modules/ssl/ssl_engine_config.c (+1954/-0) modules/ssl/ssl_engine_init.c (+1893/-0) modules/ssl/ssl_engine_io.c (+2069/-0) modules/ssl/ssl_engine_kernel.c (+2414/-0) modules/ssl/ssl_engine_log.c (+238/-0) modules/ssl/ssl_engine_mutex.c (+111/-0) modules/ssl/ssl_engine_ocsp.c (+300/-0) modules/ssl/ssl_engine_pphrase.c (+621/-0) modules/ssl/ssl_engine_rand.c (+177/-0) modules/ssl/ssl_engine_vars.c (+1238/-0) modules/ssl/ssl_private.h (+987/-0) modules/ssl/ssl_scache.c (+239/-0) modules/ssl/ssl_util.c (+425/-0) modules/ssl/ssl_util_ocsp.c (+319/-0) modules/ssl/ssl_util_ssl.c (+505/-0) modules/ssl/ssl_util_ssl.h (+74/-0) modules/ssl/ssl_util_stapling.c (+866/-0) modules/test/.indent.pro (+54/-0) modules/test/Makefile.in (+3/-0) modules/test/NWGNUmakefile (+257/-0) modules/test/NWGNUoptfnexport (+256/-0) modules/test/NWGNUoptfnimport (+256/-0) modules/test/NWGNUopthookexport (+256/-0) modules/test/NWGNUopthookimport (+256/-0) modules/test/README (+1/-0) modules/test/config.m4 (+13/-0) modules/test/mod_dialup.c (+306/-0) modules/test/mod_optional_fn_export.c (+48/-0) modules/test/mod_optional_fn_export.h (+19/-0) modules/test/mod_optional_fn_import.c (+55/-0) modules/test/mod_optional_hook_export.c (+44/-0) modules/test/mod_optional_hook_export.h (+24/-0) modules/test/mod_optional_hook_import.c (+45/-0) os/.indent.pro (+54/-0) os/Makefile.in (+4/-0) os/bs2000/ebcdic.c (+210/-0) os/bs2000/ebcdic.h (+33/-0) os/bs2000/os.c (+136/-0) os/bs2000/os.h (+40/-0) os/config.m4 (+26/-0) os/netware/modules.c (+117/-0) os/netware/netware_config_layout.h (+31/-0) os/netware/os.h (+57/-0) os/netware/pre_nw.h (+70/-0) os/netware/util_nw.c (+112/-0) os/os2/Makefile.in (+5/-0) os/os2/config.m4 (+3/-0) os/os2/core.mk (+7/-0) os/os2/core_header.def (+19/-0) os/os2/os.h (+40/-0) os/os2/util_os2.c (+39/-0) os/unix/Makefile.in (+5/-0) os/unix/config.m4 (+7/-0) os/unix/os.h (+52/-0) os/unix/unixd.c (+541/-0) os/unix/unixd.h (+117/-0) os/win32/BaseAddr.ref (+130/-0) os/win32/Makefile.in (+5/-0) os/win32/ap_regkey.c (+642/-0) os/win32/modules.c (+56/-0) os/win32/os.h (+139/-0) os/win32/util_win32.c (+148/-0) os/win32/win32_config_layout.h (+31/-0) server/.indent.pro (+54/-0) server/Makefile.in (+103/-0) server/NWGNUmakefile (+261/-0) server/buildmark.c (+29/-0) server/config.c (+2626/-0) server/config.m4 (+19/-0) server/connection.c (+215/-0) server/core.c (+5162/-0) server/core_filters.c (+890/-0) server/eoc_bucket.c (+55/-0) server/eor_bucket.c (+102/-0) server/error_bucket.c (+77/-0) server/gen_test_char.c (+146/-0) server/gen_test_char.dsp (+94/-0) server/listen.c (+922/-0) server/log.c (+1932/-0) server/main.c (+802/-0) server/mpm/MPM.NAMING (+14/-0) server/mpm/Makefile.in (+4/-0) server/mpm/config.m4 (+128/-0) server/mpm/config2.m4 (+89/-0) server/mpm/event/Makefile.in (+1/-0) server/mpm/event/config.m4 (+15/-0) server/mpm/event/config3.m4 (+7/-0) server/mpm/event/event.c (+3638/-0) server/mpm/event/fdqueue.c (+507/-0) server/mpm/event/fdqueue.h (+104/-0) server/mpm/event/mpm_default.h (+56/-0) server/mpm/mpmt_os2/Makefile.in (+1/-0) server/mpm/mpmt_os2/config.m4 (+10/-0) server/mpm/mpmt_os2/config5.m4 (+3/-0) server/mpm/mpmt_os2/mpm_default.h (+57/-0) server/mpm/mpmt_os2/mpmt_os2.c (+616/-0) server/mpm/mpmt_os2/mpmt_os2_child.c (+488/-0) server/mpm/netware/mpm_default.h (+78/-0) server/mpm/netware/mpm_netware.c (+1370/-0) server/mpm/prefork/Makefile.in (+1/-0) server/mpm/prefork/config.m4 (+7/-0) server/mpm/prefork/config3.m4 (+1/-0) server/mpm/prefork/mpm_default.h (+51/-0) server/mpm/prefork/prefork.c (+1627/-0) server/mpm/winnt/Makefile.in (+1/-0) server/mpm/winnt/child.c (+1340/-0) server/mpm/winnt/config.m4 (+10/-0) server/mpm/winnt/config3.m4 (+2/-0) server/mpm/winnt/mpm_default.h (+60/-0) server/mpm/winnt/mpm_winnt.c (+1793/-0) server/mpm/winnt/mpm_winnt.h (+99/-0) server/mpm/winnt/nt_eventlog.c (+171/-0) server/mpm/winnt/service.c (+1241/-0) server/mpm/worker/Makefile.in (+2/-0) server/mpm/worker/config.m4 (+11/-0) server/mpm/worker/config3.m4 (+5/-0) server/mpm/worker/fdqueue.c (+412/-0) server/mpm/worker/fdqueue.h (+75/-0) server/mpm/worker/mpm_default.h (+55/-0) server/mpm/worker/worker.c (+2540/-0) server/mpm_common.c (+572/-0) server/mpm_unix.c (+1065/-0) server/protocol.c (+2032/-0) server/provider.c (+197/-0) server/request.c (+2474/-0) server/scoreboard.c (+621/-0) server/util.c (+3121/-0) server/util_cfgtree.c (+46/-0) server/util_charset.c (+28/-0) server/util_cookies.c (+290/-0) server/util_debug.c (+225/-0) server/util_ebcdic.c (+117/-0) server/util_expr_eval.c (+1797/-0) server/util_expr_parse.c (+2130/-0) server/util_expr_parse.h (+104/-0) server/util_expr_parse.y (+217/-0) server/util_expr_private.h (+141/-0) server/util_expr_scan.c (+2669/-0) server/util_expr_scan.l (+400/-0) server/util_fcgi.c (+287/-0) server/util_filter.c (+731/-0) server/util_md5.c (+166/-0) server/util_mutex.c (+560/-0) server/util_pcre.c (+299/-0) server/util_regex.c (+209/-0) server/util_script.c (+871/-0) server/util_time.c (+306/-0) server/util_xml.c (+140/-0) server/vhost.c (+1086/-0) srclib/Makefile.in (+5/-0) support/.indent.pro (+54/-0) support/Makefile.in (+89/-0) support/NWGNUab (+330/-0) support/NWGNUhtcacheclean (+253/-0) support/NWGNUhtdbm (+252/-0) support/NWGNUhtdigest (+251/-0) support/NWGNUhtpasswd (+252/-0) support/NWGNUhttxt2dbm (+251/-0) support/NWGNUlogres (+258/-0) support/NWGNUmakefile (+51/-0) support/NWGNUrotlogs (+250/-0) support/README (+65/-0) support/SHA1/README.sha1 (+34/-0) support/SHA1/convert-sha1.pl (+36/-0) support/SHA1/htpasswd-sha1.pl (+22/-0) support/SHA1/ldif-sha1.example (+19/-0) support/ab.c (+2417/-0) support/ab.dsp (+106/-0) support/abs.dsp (+117/-0) support/apachectl.in (+106/-0) support/apxs.in (+791/-0) support/check_forensic (+51/-0) support/checkgid.c (+110/-0) support/config.m4 (+151/-0) support/dbmmanage.in (+312/-0) support/envvars-std.in (+28/-0) support/fcgistarter.c (+220/-0) support/fcgistarter.dsp (+106/-0) support/htcacheclean.c (+1829/-0) support/htcacheclean.dsp (+106/-0) support/htdbm.c (+472/-0) support/htdbm.dsp (+110/-0) support/htdigest.c (+293/-0) support/htdigest.dsp (+106/-0) support/htpasswd.c (+509/-0) support/htpasswd.dsp (+110/-0) support/httxt2dbm.c (+335/-0) support/httxt2dbm.dsp (+106/-0) support/list_hooks.pl (+101/-0) support/log_server_status.in (+76/-0) support/logresolve.c (+329/-0) support/logresolve.dsp (+106/-0) support/logresolve.pl.in (+225/-0) support/passwd_common.c (+344/-0) support/passwd_common.h (+123/-0) support/phf_abuse_log.cgi.in (+38/-0) support/rotatelogs.c (+731/-0) support/rotatelogs.dsp (+106/-0) support/split-logfile.in (+69/-0) support/suexec.c (+651/-0) support/suexec.h (+109/-0) support/win32/ApacheMonitor.c (+1669/-0) support/win32/ApacheMonitor.dsp (+143/-0) support/win32/ApacheMonitor.h (+78/-0) support/win32/ApacheMonitor.manifest (+10/-0) support/win32/ApacheMonitor.rc (+103/-0) support/win32/wintty.c (+374/-0) support/win32/wintty.dsp (+106/-0) test/.indent.pro (+54/-0) test/Makefile.in (+20/-0) test/README (+3/-0) test/check_chunked (+58/-0) test/cls.c (+182/-0) test/make_sni.sh (+396/-0) test/tcpdumpscii.txt (+50/-0) test/test-writev.c (+101/-0) test/test_find.c (+78/-0) test/test_limits.c (+200/-0) test/test_parser.c (+75/-0) test/test_select.c (+46/-0) test/time-sem.c (+591/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christian Ehrhardt (community) | Approve | ||
Canonical Server | Pending | ||
Review via email: mp+347648@code.launchpad.net |
Commit message
Description of the change
Please use git to review this MP. The diff generated by LP is incorrect.
Simple backport from upstream to silently ignore a not existent file path when IncludeOptional is used. I also included documentation changes, even though this version of apache only includes the generated html and not the xml source. Another drawback is that I updated only the English doc. If preferred, I can drop that from the patch.
PPA with test packages: ppa:ahasenack/
Testing instructions:
sudo apt install apache2 apache2-doc
echo "IncludeOptional /etc/apache2/
echo "IncludeOptional /etc/apache2/
echo "IncludeOptional /etc/apache2/
# this will fail with the non-fixed packages, and restart fine with the fixed packages
sudo systemctl restart apache2
Browse to http://<apache-
"""
... or if a file path does not exist on the file system.
"""
Cosmic is already fixed, since it has a newer apache where the fix was applied upstream.
Christian Ehrhardt (paelzer) wrote : | # |
Christian Ehrhardt (paelzer) : | # |
Andreas Hasenack (ahasenack) wrote : | # |
Thanks, fixed. Could you please push the upload tag for 3c6c23745e57646
Christian Ehrhardt (paelzer) wrote : | # |
Tag pushed after ppa version fixup
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog | |||
2 | index 583443c..d5870c6 100644 | |||
3 | --- a/debian/changelog | |||
4 | +++ b/debian/changelog | |||
5 | @@ -1,3 +1,11 @@ | |||
6 | 1 | apache2 (2.4.18-2ubuntu3.9) xenial; urgency=medium | ||
7 | 2 | |||
8 | 3 | * debian/patches/includeoptional-ignore-non-existent.patch: silently | ||
9 | 4 | ignore a not existent file path with IncludeOptional . Closes LP: | ||
10 | 5 | #1766186. | ||
11 | 6 | |||
12 | 7 | -- Andreas Hasenack <andreas@canonical.com> Thu, 07 Jun 2018 16:43:03 -0300 | ||
13 | 8 | |||
14 | 1 | apache2 (2.4.18-2ubuntu3.8) xenial-security; urgency=medium | 9 | apache2 (2.4.18-2ubuntu3.8) xenial-security; urgency=medium |
15 | 2 | 10 | ||
16 | 3 | * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig | 11 | * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig |
17 | diff --git a/debian/patches/includeoptional-ignore-non-existent.patch b/debian/patches/includeoptional-ignore-non-existent.patch | |||
18 | 4 | new file mode 100644 | 12 | new file mode 100644 |
19 | index 0000000..cc002ad | |||
20 | --- /dev/null | |||
21 | +++ b/debian/patches/includeoptional-ignore-non-existent.patch | |||
22 | @@ -0,0 +1,61 @@ | |||
23 | 1 | Description: silently ignore a not existent file path with IncludeOptional | ||
24 | 2 | In https://bz.apache.org/bugzilla/show_bug.cgi?id=57585 some use cases | ||
25 | 3 | were reported in which IncludeOptional seems to be too strict in its | ||
26 | 4 | sanity checks. | ||
27 | 5 | . | ||
28 | 6 | This change is a proposal to relax IncludeOptional checks to silently | ||
29 | 7 | fail when a file path is not existent rather than returning SyntaxError. | ||
30 | 8 | Origin: backport, https://github.com/apache/httpd/commit/a17ce7dd5e6277867ca48659f70c4bb8a11add56 | ||
31 | 9 | Bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=57585 | ||
32 | 10 | Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1766186 | ||
33 | 11 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878920 | ||
34 | 12 | Last-Update: 2018-06-07 | ||
35 | 13 | |||
36 | 14 | --- a/server/config.c | ||
37 | 15 | +++ b/server/config.c | ||
38 | 16 | @@ -1888,6 +1888,15 @@ | ||
39 | 17 | |||
40 | 18 | return NULL; | ||
41 | 19 | } | ||
42 | 20 | + else if (optional) { | ||
43 | 21 | + /* If the optinal flag is set (like for IncludeOptional) we can | ||
44 | 22 | + * tolerate that no file or directory is present and bail out. | ||
45 | 23 | + */ | ||
46 | 24 | + apr_finfo_t finfo; | ||
47 | 25 | + if (apr_stat(&finfo, fname, APR_FINFO_TYPE, ptemp) != APR_SUCCESS | ||
48 | 26 | + || finfo.filetype == APR_NOFILE) | ||
49 | 27 | + return NULL; | ||
50 | 28 | + } | ||
51 | 29 | |||
52 | 30 | return ap_process_resource_config(s, fname, conftree, p, ptemp); | ||
53 | 31 | } | ||
54 | 32 | @@ -1938,6 +1947,12 @@ | ||
55 | 33 | */ | ||
56 | 34 | rv = apr_dir_open(&dirp, path, ptemp); | ||
57 | 35 | if (rv != APR_SUCCESS) { | ||
58 | 36 | + /* If the directory doesn't exist and the optional flag is set | ||
59 | 37 | + * there is no need to return an error. | ||
60 | 38 | + */ | ||
61 | 39 | + if (rv == APR_ENOENT && optional) { | ||
62 | 40 | + return NULL; | ||
63 | 41 | + } | ||
64 | 42 | return apr_psprintf(p, "Could not open config directory %s: %pm", | ||
65 | 43 | path, &rv); | ||
66 | 44 | } | ||
67 | 45 | --- a/docs/manual/mod/core.html.en | ||
68 | 46 | +++ b/docs/manual/mod/core.html.en | ||
69 | 47 | @@ -2201,10 +2201,10 @@ | ||
70 | 48 | </table> | ||
71 | 49 | <p>This directive allows inclusion of other configuration files | ||
72 | 50 | from within the server configuration files. It works identically to the | ||
73 | 51 | - <code class="directive"><a href="#include">Include</a></code> directive, with the | ||
74 | 52 | - exception that if wildcards do not match any file or directory, the | ||
75 | 53 | - <code class="directive"><a href="#includeoptional">IncludeOptional</a></code> directive will be | ||
76 | 54 | - silently ignored instead of causing an error.</p> | ||
77 | 55 | + <code class="directive"><a href="#include">Include</a></code> directive, but it will be | ||
78 | 56 | + silently ignored (instead of causing an error) if wildcards are used and | ||
79 | 57 | + they do not match any file or directory or if a file path does not exist | ||
80 | 58 | + on the file system.</p> | ||
81 | 59 | |||
82 | 60 | <h3>See also</h3> | ||
83 | 61 | <ul> | ||
84 | diff --git a/debian/patches/series b/debian/patches/series | |||
85 | index e270fe1..d2152b5 100644 | |||
86 | --- a/debian/patches/series | |||
87 | +++ b/debian/patches/series | |||
88 | @@ -30,3 +30,4 @@ CVE-2018-1283.patch | |||
89 | 30 | CVE-2018-1301.patch | 30 | CVE-2018-1301.patch |
90 | 31 | CVE-2018-1303.patch | 31 | CVE-2018-1303.patch |
91 | 32 | CVE-2018-1312.patch | 32 | CVE-2018-1312.patch |
92 | 33 | includeoptional-ignore-non-existent.patch | ||
93 | diff --git a/docs/manual/style/latex/atbeginend.sty b/docs/manual/style/latex/atbeginend.sty | |||
94 | 33 | new file mode 100644 | 34 | new file mode 100644 |
95 | index 0000000..79b555d | |||
96 | --- /dev/null | |||
97 | +++ b/docs/manual/style/latex/atbeginend.sty | |||
98 | @@ -0,0 +1,80 @@ | |||
99 | 1 | % atbeginend.sty | ||
100 | 2 | % | ||
101 | 3 | % Licensed to the Apache Software Foundation (ASF) under one or more | ||
102 | 4 | % contributor license agreements. See the NOTICE file distributed with | ||
103 | 5 | % this work for additional information regarding copyright ownership. | ||
104 | 6 | % The ASF licenses this file to You under the Apache License, Version 2.0 | ||
105 | 7 | % (the "License"); you may not use this file except in compliance with | ||
106 | 8 | % the License. You may obtain a copy of the License at | ||
107 | 9 | % | ||
108 | 10 | % http://www.apache.org/licenses/LICENSE-2.0 | ||
109 | 11 | % | ||
110 | 12 | % Unless required by applicable law or agreed to in writing, software | ||
111 | 13 | % distributed under the License is distributed on an "AS IS" BASIS, | ||
112 | 14 | % WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
113 | 15 | % See the License for the specific language governing permissions and | ||
114 | 16 | % limitations under the License. | ||
115 | 17 | |||
116 | 18 | % defines | ||
117 | 19 | % \BeforeBegin{environment}{code-to-execute} | ||
118 | 20 | % \BeforeEnd {environment}{code-to-execute} | ||
119 | 21 | % \AfterBegin {environment}{code-to-execute} | ||
120 | 22 | % \AfterEnd {environment}{code-to-execute} | ||
121 | 23 | % | ||
122 | 24 | % Save \begin and \end to \BeginEnvironment and \EndEnvironment | ||
123 | 25 | \let\BeginEnvironment=\begin | ||
124 | 26 | \let\EndEnvironment=\end | ||
125 | 27 | |||
126 | 28 | \def\IfUnDef#1{\expandafter\ifx\csname#1\endcsname\relax} | ||
127 | 29 | |||
128 | 30 | % Null command needed to for \nothing{something}=.nothing. | ||
129 | 31 | \def\NullCom#1{} | ||
130 | 32 | |||
131 | 33 | \def\begin#1{% | ||
132 | 34 | % | ||
133 | 35 | % if defined \BeforeBeg for this environment, execute it | ||
134 | 36 | \IfUnDef{BeforeBeg#1}\else\csname BeforeBeg#1\endcsname\fi% | ||
135 | 37 | % | ||
136 | 38 | % | ||
137 | 39 | % | ||
138 | 40 | \IfUnDef{AfterBeg#1}% This is done to skip the command for environments | ||
139 | 41 | % which can take arguments, like multicols; YOU MUST NOT | ||
140 | 42 | % USE \AfterBegin{...}{...} for such environments! | ||
141 | 43 | \let\SaveBegEng=\BeginEnvironment% | ||
142 | 44 | \else% | ||
143 | 45 | % Start this environment | ||
144 | 46 | \BeginEnvironment{#1}% | ||
145 | 47 | % and execute code after \begin{environment} | ||
146 | 48 | \csname AfterBeg#1\endcsname% | ||
147 | 49 | % | ||
148 | 50 | \let\SaveBegEng=\NullCom% | ||
149 | 51 | \fi% | ||
150 | 52 | \SaveBegEng{#1}% | ||
151 | 53 | } | ||
152 | 54 | |||
153 | 55 | |||
154 | 56 | \def\end#1{% | ||
155 | 57 | % | ||
156 | 58 | % execute code before \end{environment} | ||
157 | 59 | \IfUnDef{BeforeEnd#1}\else\csname BeforeEnd#1\endcsname\fi% | ||
158 | 60 | % | ||
159 | 61 | % close this environment | ||
160 | 62 | \EndEnvironment{#1}% | ||
161 | 63 | % | ||
162 | 64 | % and execute code after \begin{environment} | ||
163 | 65 | \IfUnDef{AfterEnd#1}\else\csname AfterEnd#1\endcsname\fi% | ||
164 | 66 | } | ||
165 | 67 | |||
166 | 68 | |||
167 | 69 | %% Now, define commands | ||
168 | 70 | % \BeforeBegin{environment}{code-to-execute} | ||
169 | 71 | % \BeforeEnd {environment}{code-to-execute} | ||
170 | 72 | % \AfterBegin {environment}{code-to-execute} | ||
171 | 73 | % \AfterEnd {environment}{code-to-execute} | ||
172 | 74 | |||
173 | 75 | \def\BeforeBegin#1#2{\expandafter\gdef\csname BeforeBeg#1\endcsname | ||
174 | 76 | {#2}} | ||
175 | 77 | \def\BeforeEnd #1#2{\expandafter\gdef\csname BeforeEnd#1\endcsname | ||
176 | 78 | {#2}} | ||
177 | 79 | \def\AfterBegin #1#2{\expandafter\gdef\csname AfterBeg#1\endcsname {#2}} | ||
178 | 80 | \def\AfterEnd #1#2{\expandafter\gdef\csname AfterEnd#1\endcsname{#2}} | ||
179 | diff --git a/docs/manual/style/manualpage.dtd b/docs/manual/style/manualpage.dtd | |||
180 | 0 | new file mode 100644 | 81 | new file mode 100644 |
181 | index 0000000..e9c22a0 | |||
182 | --- /dev/null | |||
183 | +++ b/docs/manual/style/manualpage.dtd | |||
184 | @@ -0,0 +1,29 @@ | |||
185 | 1 | <?xml version='1.0' encoding='UTF-8' ?> | ||
186 | 2 | |||
187 | 3 | <!-- | ||
188 | 4 | Licensed to the Apache Software Foundation (ASF) under one or more | ||
189 | 5 | contributor license agreements. See the NOTICE file distributed with | ||
190 | 6 | this work for additional information regarding copyright ownership. | ||
191 | 7 | The ASF licenses this file to You under the Apache License, Version 2.0 | ||
192 | 8 | (the "License"); you may not use this file except in compliance with | ||
193 | 9 | the License. You may obtain a copy of the License at | ||
194 | 10 | |||
195 | 11 | http://www.apache.org/licenses/LICENSE-2.0 | ||
196 | 12 | |||
197 | 13 | Unless required by applicable law or agreed to in writing, software | ||
198 | 14 | distributed under the License is distributed on an "AS IS" BASIS, | ||
199 | 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
200 | 16 | See the License for the specific language governing permissions and | ||
201 | 17 | limitations under the License. | ||
202 | 18 | --> | ||
203 | 19 | |||
204 | 20 | <!ENTITY % common SYSTEM "common.dtd"> | ||
205 | 21 | %common; | ||
206 | 22 | |||
207 | 23 | <!-- <manualpage> is the root element --> | ||
208 | 24 | <!ELEMENT manualpage (parentdocument?, title, summary?, | ||
209 | 25 | seealso*, section*)> | ||
210 | 26 | |||
211 | 27 | <!ATTLIST manualpage metafile CDATA #REQUIRED | ||
212 | 28 | upgrade CDATA #IMPLIED | ||
213 | 29 | > | ||
214 | diff --git a/docs/manual/style/modulesynopsis.dtd b/docs/manual/style/modulesynopsis.dtd | |||
215 | 0 | new file mode 100644 | 30 | new file mode 100644 |
216 | index 0000000..4dac5ef | |||
217 | --- /dev/null | |||
218 | +++ b/docs/manual/style/modulesynopsis.dtd | |||
219 | @@ -0,0 +1,77 @@ | |||
220 | 1 | <?xml version='1.0' encoding='UTF-8' ?> | ||
221 | 2 | |||
222 | 3 | <!-- | ||
223 | 4 | Licensed to the Apache Software Foundation (ASF) under one or more | ||
224 | 5 | contributor license agreements. See the NOTICE file distributed with | ||
225 | 6 | this work for additional information regarding copyright ownership. | ||
226 | 7 | The ASF licenses this file to You under the Apache License, Version 2.0 | ||
227 | 8 | (the "License"); you may not use this file except in compliance with | ||
228 | 9 | the License. You may obtain a copy of the License at | ||
229 | 10 | |||
230 | 11 | http://www.apache.org/licenses/LICENSE-2.0 | ||
231 | 12 | |||
232 | 13 | Unless required by applicable law or agreed to in writing, software | ||
233 | 14 | distributed under the License is distributed on an "AS IS" BASIS, | ||
234 | 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
235 | 16 | See the License for the specific language governing permissions and | ||
236 | 17 | limitations under the License. | ||
237 | 18 | --> | ||
238 | 19 | |||
239 | 20 | <!ENTITY % sitemap SYSTEM "sitemap.dtd"> | ||
240 | 21 | %sitemap; | ||
241 | 22 | |||
242 | 23 | <!ELEMENT modulesynopsis (name , description, status, hint?, sourcefile?, | ||
243 | 24 | identifier? , compatibility? , summary? , seealso* , section*, | ||
244 | 25 | directivesynopsis*)> | ||
245 | 26 | |||
246 | 27 | <!ATTLIST modulesynopsis metafile CDATA #REQUIRED | ||
247 | 28 | upgrade CDATA #IMPLIED> | ||
248 | 29 | |||
249 | 30 | <!ELEMENT directivesynopsis (name , description? , syntax? , default? | ||
250 | 31 | , contextlist? , override? , modulelist?, status?, compatibility? , | ||
251 | 32 | usage?, seealso*)> | ||
252 | 33 | |||
253 | 34 | <!ELEMENT name (#PCDATA)> | ||
254 | 35 | |||
255 | 36 | <!ELEMENT status (#PCDATA)> | ||
256 | 37 | |||
257 | 38 | <!ELEMENT hint %Inline;> | ||
258 | 39 | |||
259 | 40 | <!ELEMENT identifier (#PCDATA)> | ||
260 | 41 | |||
261 | 42 | <!ELEMENT sourcefile (#PCDATA)> | ||
262 | 43 | |||
263 | 44 | <!ELEMENT compatibility %Inline;> | ||
264 | 45 | |||
265 | 46 | <!ELEMENT description %Inline;> | ||
266 | 47 | |||
267 | 48 | <!ATTLIST directivesynopsis type CDATA #IMPLIED | ||
268 | 49 | location CDATA #IMPLIED > | ||
269 | 50 | |||
270 | 51 | <!ELEMENT syntax %Inline;> | ||
271 | 52 | |||
272 | 53 | <!ELEMENT default (#PCDATA | directive | br)*> | ||
273 | 54 | |||
274 | 55 | <!ELEMENT contextlist (context+)+> | ||
275 | 56 | |||
276 | 57 | <!ELEMENT context (#PCDATA)> | ||
277 | 58 | |||
278 | 59 | <!ELEMENT override (#PCDATA)> | ||
279 | 60 | |||
280 | 61 | <!ELEMENT usage %Block;> | ||
281 | 62 | |||
282 | 63 | <!-- Used in index.xml --> | ||
283 | 64 | <!ELEMENT moduleindex (title, summary, seealso*)> | ||
284 | 65 | |||
285 | 66 | <!ATTLIST moduleindex metafile CDATA #REQUIRED> | ||
286 | 67 | |||
287 | 68 | <!-- Used in directive.xml --> | ||
288 | 69 | <!ELEMENT directiveindex (title | summary)+> | ||
289 | 70 | |||
290 | 71 | <!ATTLIST directiveindex metafile CDATA #REQUIRED> | ||
291 | 72 | |||
292 | 73 | <!-- Used in quickreference.xml --> | ||
293 | 74 | <!ELEMENT quickreference (title | summary | legend)+> | ||
294 | 75 | <!ATTLIST quickreference metafile CDATA #REQUIRED> | ||
295 | 76 | |||
296 | 77 | <!ELEMENT legend (table, table)> | ||
297 | diff --git a/docs/manual/style/scripts/MINIFY b/docs/manual/style/scripts/MINIFY | |||
298 | 0 | new file mode 100644 | 78 | new file mode 100644 |
299 | index 0000000..2c1efc3 | |||
300 | --- /dev/null | |||
301 | +++ b/docs/manual/style/scripts/MINIFY | |||
302 | @@ -0,0 +1,5 @@ | |||
303 | 1 | #!/bin/sh | ||
304 | 2 | |||
305 | 3 | (echo '// see prettify.js for copyright, license and expanded version'; python -mrjsmin <prettify.js) >prettify.min.js | ||
306 | 4 | |||
307 | 5 | # needs python and rjsmin installed | ||
308 | diff --git a/docs/manual/style/scripts/prettify.js b/docs/manual/style/scripts/prettify.js | |||
309 | 0 | new file mode 100644 | 6 | new file mode 100644 |
310 | index 0000000..2fa959a | |||
311 | --- /dev/null | |||
312 | +++ b/docs/manual/style/scripts/prettify.js | |||
313 | @@ -0,0 +1,1622 @@ | |||
314 | 1 | // Copyright (C) 2006 Google Inc. | ||
315 | 2 | // | ||
316 | 3 | // Licensed under the Apache License, Version 2.0 (the "License"); | ||
317 | 4 | // you may not use this file except in compliance with the License. | ||
318 | 5 | // You may obtain a copy of the License at | ||
319 | 6 | // | ||
320 | 7 | // http://www.apache.org/licenses/LICENSE-2.0 | ||
321 | 8 | // | ||
322 | 9 | // Unless required by applicable law or agreed to in writing, software | ||
323 | 10 | // distributed under the License is distributed on an "AS IS" BASIS, | ||
324 | 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
325 | 12 | // See the License for the specific language governing permissions and | ||
326 | 13 | // limitations under the License. | ||
327 | 14 | |||
328 | 15 | |||
329 | 16 | /** | ||
330 | 17 | * @fileoverview | ||
331 | 18 | * some functions for browser-side pretty printing of code contained in html. | ||
332 | 19 | * | ||
333 | 20 | * <p> | ||
334 | 21 | * For a fairly comprehensive set of languages see the | ||
335 | 22 | * <a href="http://google-code-prettify.googlecode.com/svn/trunk/README.html#langs">README</a> | ||
336 | 23 | * file that came with this source. At a minimum, the lexer should work on a | ||
337 | 24 | * number of languages including C and friends, Java, Python, Bash, SQL, HTML, | ||
338 | 25 | * XML, CSS, Javascript, and Makefiles. It works passably on Ruby, PHP and Awk | ||
339 | 26 | * and a subset of Perl, but, because of commenting conventions, doesn't work on | ||
340 | 27 | * Smalltalk, Lisp-like, or CAML-like languages without an explicit lang class. | ||
341 | 28 | * <p> | ||
342 | 29 | * Usage: <ol> | ||
343 | 30 | * <li> include this source file in an html page via | ||
344 | 31 | * {@code <script type="text/javascript" src="/path/to/prettify.js"></script>} | ||
345 | 32 | * <li> define style rules. See the example page for examples. | ||
346 | 33 | * <li> mark the {@code <pre>} and {@code <code>} tags in your source with | ||
347 | 34 | * {@code class=prettyprint.} | ||
348 | 35 | * You can also use the (html deprecated) {@code <xmp>} tag, but the pretty | ||
349 | 36 | * printer needs to do more substantial DOM manipulations to support that, so | ||
350 | 37 | * some css styles may not be preserved. | ||
351 | 38 | * </ol> | ||
352 | 39 | * That's it. I wanted to keep the API as simple as possible, so there's no | ||
353 | 40 | * need to specify which language the code is in, but if you wish, you can add | ||
354 | 41 | * another class to the {@code <pre>} or {@code <code>} element to specify the | ||
355 | 42 | * language, as in {@code <pre class="prettyprint lang-java">}. Any class that | ||
356 | 43 | * starts with "lang-" followed by a file extension, specifies the file type. | ||
357 | 44 | * See the "lang-*.js" files in this directory for code that implements | ||
358 | 45 | * per-language file handlers. | ||
359 | 46 | * <p> | ||
360 | 47 | * Change log:<br> | ||
361 | 48 | * cbeust, 2006/08/22 | ||
362 | 49 | * <blockquote> | ||
363 | 50 | * Java annotations (start with "@") are now captured as literals ("lit") | ||
364 | 51 | * </blockquote> | ||
365 | 52 | * @requires console | ||
366 | 53 | */ | ||
367 | 54 | |||
368 | 55 | // JSLint declarations | ||
369 | 56 | /*global console, document, navigator, setTimeout, window, define */ | ||
370 | 57 | |||
371 | 58 | /** | ||
372 | 59 | * Split {@code prettyPrint} into multiple timeouts so as not to interfere with | ||
373 | 60 | * UI events. | ||
374 | 61 | * If set to {@code false}, {@code prettyPrint()} is synchronous. | ||
375 | 62 | */ | ||
376 | 63 | window['PR_SHOULD_USE_CONTINUATION'] = true; | ||
377 | 64 | |||
378 | 65 | /** | ||
379 | 66 | * Find all the {@code <pre>} and {@code <code>} tags in the DOM with | ||
380 | 67 | * {@code class=prettyprint} and prettify them. | ||
381 | 68 | * | ||
382 | 69 | * @param {Function?} opt_whenDone if specified, called when the last entry | ||
383 | 70 | * has been finished. | ||
384 | 71 | */ | ||
385 | 72 | var prettyPrintOne; | ||
386 | 73 | /** | ||
387 | 74 | * Pretty print a chunk of code. | ||
388 | 75 | * | ||
389 | 76 | * @param {string} sourceCodeHtml code as html | ||
390 | 77 | * @return {string} code as html, but prettier | ||
391 | 78 | */ | ||
392 | 79 | var prettyPrint; | ||
393 | 80 | |||
394 | 81 | |||
395 | 82 | (function () { | ||
396 | 83 | var win = window; | ||
397 | 84 | // Keyword lists for various languages. | ||
398 | 85 | // We use things that coerce to strings to make them compact when minified | ||
399 | 86 | // and to defeat aggressive optimizers that fold large string constants. | ||
400 | 87 | var FLOW_CONTROL_KEYWORDS = ["break,continue,do,else,for,if,return,while"]; | ||
401 | 88 | var C_KEYWORDS = [FLOW_CONTROL_KEYWORDS,"auto,case,char,const,default," + | ||
402 | 89 | "double,enum,extern,float,goto,int,long,register,short,signed,sizeof,module," + | ||
403 | 90 | "static,struct,switch,typedef,union,unsigned,void,volatile"]; | ||
404 | 91 | var COMMON_KEYWORDS = [C_KEYWORDS,"catch,class,delete,false,import," + | ||
405 | 92 | "new,operator,private,protected,public,this,throw,true,try,typeof"]; | ||
406 | 93 | var CPP_KEYWORDS = [COMMON_KEYWORDS,"alignof,align_union,asm,axiom,bool," + | ||
407 | 94 | "concept,concept_map,const_cast,constexpr,decltype," + | ||
408 | 95 | "dynamic_cast,explicit,export,friend,inline,late_check," + | ||
409 | 96 | "mutable,namespace,nullptr,reinterpret_cast,static_assert,static_cast," + | ||
410 | 97 | "template,typeid,typename,using,virtual,where,request_req"]; | ||
411 | 98 | var JAVA_KEYWORDS = [COMMON_KEYWORDS, | ||
412 | 99 | "abstract,boolean,byte,extends,final,finally,implements,import," + | ||
413 | 100 | "instanceof,null,native,package,strictfp,super,synchronized,throws," + | ||
414 | 101 | "transient"]; | ||
415 | 102 | var CSHARP_KEYWORDS = [JAVA_KEYWORDS, | ||
416 | 103 | "as,base,by,checked,decimal,delegate,descending,dynamic,event," + | ||
417 | 104 | "fixed,foreach,from,group,implicit,in,interface,internal,into,is,let," + | ||
418 | 105 | "lock,object,out,override,orderby,params,partial,readonly,ref,sbyte," + | ||
419 | 106 | "sealed,stackalloc,string,select,uint,ulong,unchecked,unsafe,ushort," + | ||
420 | 107 | "var,virtual,where"]; | ||
421 | 108 | var COFFEE_KEYWORDS = "all,and,by,catch,class,else,extends,false,finally," + | ||
422 | 109 | "for,if,in,is,isnt,loop,new,no,not,null,of,off,on,or,return,super,then," + | ||
423 | 110 | "throw,true,try,unless,until,when,while,yes"; | ||
424 | 111 | var JSCRIPT_KEYWORDS = [COMMON_KEYWORDS, | ||
425 | 112 | "debugger,eval,export,function,get,null,set,undefined,var,with," + | ||
426 | 113 | "Infinity,NaN"]; | ||
427 | 114 | var PERL_KEYWORDS = "caller,delete,die,do,dump,else,elsif,eval,exit,foreach,for," + | ||
428 | 115 | "goto,if,import,last,local,my,next,no,our,print,printf,package,redo,require," + | ||
429 | 116 | "sub,undef,unless,until,use,wantarray,while,BEGIN,END"; | ||
430 | 117 | var PHP_KEYWORDS = "abstract,and,array,as,break,case,catch,cfunction,class," + | ||
431 | 118 | "clone,const,continue,declare,default,do,else,elseif,enddeclare,endfor," + | ||
432 | 119 | "endforeach,endif,endswitch,endwhile,extends,final,for,foreach,function," + | ||
433 | 120 | "global,goto,if,implements,interface,instanceof,namespace,new,old_function," + | ||
434 | 121 | "or,private,protected,public,static,switch,throw,try,use,var,while,xor," + | ||
435 | 122 | "die,echo,empty,exit,eval,include,include_once,isset,list,require," + | ||
436 | 123 | "require_once,return,print,unset"; | ||
437 | 124 | var PYTHON_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "and,as,assert,class,def,del," + | ||
438 | 125 | "elif,except,exec,finally,from,global,import,in,is,lambda," + | ||
439 | 126 | "nonlocal,not,or,pass,print,raise,try,with,yield," + | ||
440 | 127 | "False,True,None"]; | ||
441 | 128 | var RUBY_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "alias,and,begin,case,class," + | ||
442 | 129 | "def,defined,elsif,end,ensure,false,in,module,next,nil,not,or,redo," + | ||
443 | 130 | "rescue,retry,self,super,then,true,undef,unless,until,when,yield," + | ||
444 | 131 | "BEGIN,END"]; | ||
445 | 132 | var SH_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "case,done,elif,esac,eval,fi," + | ||
446 | 133 | "function,in,local,set,then,until,echo"]; | ||
447 | 134 | var CONFIG_ENVS = ["User-Agent,HTTP_USER_AGENT,HTTP_REFERER,HTTP_COOKIE,HTTP_FORWARDED,HTTP_HOST,HTTP_PROXY_CONNECTION,HTTP_ACCEPT,REMOTE_ADDR,REMOTE_HOST,REMOTE_PORT,REMOTE_USER,REMOTE_IDENT,REQUEST_METHOD,SCRIPT_FILENAME,PATH_INFO,QUERY_STRING,AUTH_TYPE,DOCUMENT_ROOT,SERVER_ADMIN,SERVER_NAME,SERVER_ADDR,SERVER_PORT,SERVER_PROTOCOL,SERVER_SOFTWARE,TIME_YEAR,TIME_MON,TIME_DAY,TIME_HOUR,TIME_MIN,TIME_SEC,TIME_WDAY,TIME,API_VERSION,THE_REQUEST,REQUEST_URI,REQUEST_FILENAME,IS_SUBREQ,HTTPS,REQUEST_SCHEME"]; | ||
448 | 135 | var CONFIG_KEYWORDS = ["Macro,UndefMacro,Use,AuthLDAPURL,AcceptFilter,AcceptPathInfo,AccessFileName,Action,AddAlt,AddAltByEncoding,AddAltByType,AddCharset,AddDefaultCharset,AddDescription,AddEncoding,AddHandler,AddIcon,AddIconByEncoding,AddIconByType,AddInputFilter,AddLanguage,AddModuleInfo,AddOutputFilter,AddOutputFilterByType,AddType,Alias,AliasMatch,Allow,AllowCONNECT,AllowEncodedSlashes,AllowMethods,AllowOverride,AllowOverrideList,Anonymous,Anonymous_LogEmail,Anonymous_MustGiveEmail,Anonymous_NoUserID,Anonymous_VerifyEmail,AsyncRequestWorkerFactor,AuthBasicAuthoritative,AuthBasicProvider,AuthDBDUserPWQuery,AuthDBDUserRealmQuery,AuthDBMGroupFile,AuthDBMType,AuthDBMUserFile,AuthDigestAlgorithm,AuthDigestDomain,AuthDigestNcCheck,AuthDigestNonceFormat,AuthDigestNonceLifetime,AuthDigestProvider,AuthDigestQop,AuthDigestShmemSize,AuthFormAuthoritative,AuthFormBody,AuthFormDisableNoStore,AuthFormFakeBasicAuth,AuthFormLocation,AuthFormLoginRequiredLocation,AuthFormLoginSuccessLocation,AuthFormLogoutLocation,AuthFormMethod,AuthFormMimetype,AuthFormPassword,AuthFormProvider,AuthFormSitePassphrase,AuthFormSize,AuthFormUsername,AuthGroupFile,AuthLDAPAuthorizePrefix,AuthLDAPBindAuthoritative,AuthLDAPBindDN,AuthLDAPBindPassword,AuthLDAPCharsetConfig,AuthLDAPCompareAsUser,AuthLDAPCompareDNOnServer,AuthLDAPDereferenceAliases,AuthLDAPGroupAttribute,AuthLDAPGroupAttributeIsDN,AuthLDAPInitialBindAsUser,AuthLDAPInitialBindPattern,AuthLDAPMaxSubGroupDepth,AuthLDAPRemoteUserAttribute,AuthLDAPRemoteUserIsDN,AuthLDAPSearchAsUser,AuthLDAPSubGroupAttribute,AuthLDAPSubGroupClass,AuthLDAPUrl,AuthMerging,AuthName,AuthnCacheContext,AuthnCacheEnable,AuthnCacheProvideFor,AuthnCacheSOCache,AuthnCacheTimeout,<AuthnProviderAlias>,AuthType,AuthUserFile,AuthzDBDLoginToReferer,AuthzDBDQuery,AuthzDBDRedirectQuery,AuthzDBMType,<AuthzProviderAlias>,AuthzSendForbiddenOnFailure,BalancerGrowth,BalancerMember,BrowserMatch,BrowserMatchNoCase,BufferedLogs,BufferSize,CacheDefaultExpire,CacheDetailHeader,CacheDirLength,CacheDirLevels,CacheDisable,CacheEnable,CacheFile,CacheHeader,CacheIgnoreCacheControl,CacheIgnoreHeaders,CacheIgnoreNoLastMod,CacheIgnoreQueryString,CacheIgnoreURLSessionIdentifiers,CacheKeyBaseURL,CacheLastModifiedFactor,CacheLock,CacheLockMaxAge,CacheLockPath,CacheMaxExpire,CacheMaxFileSize,CacheMinExpire,CacheMinFileSize,CacheNegotiatedDocs,CacheQuickHandler,CacheReadSize,CacheReadTime,CacheRoot,CacheStaleOnError,CacheStoreExpired,CacheStoreNoStore,CacheStorePrivate,CGIMapExtension,CharsetDefault,CharsetOptions,CharsetSourceEnc,CheckCaseOnly,CheckSpelling,ChrootDir,ContentDigest,CookieDomain,CookieExpires,CookieName,CookieStyle,CookieTracking,CoreDumpDirectory,CustomLog,Dav,DavDepthInfinity,DavGenericLockDB,DavLockDB,DavMinTimeout,DBDExptime,DBDInitSQL,DBDKeep,DBDMax,DBDMin,DBDParams,DBDPersist,DBDPrepareSQL,DBDriver,DefaultIcon,DefaultLanguage,DefaultRuntimeDir,DefaultType,Define,DeflateBufferSize,DeflateCompressionLevel,DeflateFilterNote,DeflateMemLevel,DeflateWindowSize,Deny,<Directory>,DirectoryIndex,DirectoryIndexRedirect,<DirectoryMatch>,DirectorySlash,DocumentRoot,DTracePrivileges,DumpIOInput,DumpIOOutput,<Else>,<ElseIf>,EnableExceptionHook,EnableMMAP,EnableSendfile,Error,ErrorDocument,ErrorLog,ErrorLogFormat,Example,ExpiresActive,ExpiresByType,ExpiresDefault,ExtendedStatus,ExtFilterDefine,ExtFilterOptions,FallbackResource,FileETag,<Files>,<FilesMatch>,FilterChain,FilterDeclare,FilterProtocol,FilterProvider,FilterTrace,ForceLanguagePriority,ForceType,ForensicLog,GprofDir,GracefulShutdownTimeout,Group,Header,HeaderName,HeartbeatAddress,HeartbeatListen,HeartbeatMaxServers,HeartbeatStorage,HeartbeatStorage,HostnameLookups,IdentityCheck,IdentityCheckTimeout,<If>,<IfDefine>,<IfModule>,<IfVersion>,ImapBase,ImapDefault,ImapMenu,Include,IncludeOptional,IndexHeadInsert,IndexIgnore,IndexIgnoreReset,IndexOptions,IndexOrderDefault,IndexStyleSheet,InputSed,ISAPIAppendLogToErrors,ISAPIAppendLogToQuery,ISAPICacheFile,ISAPIFakeAsync,ISAPILogNotSupported,ISAPIReadAheadBuffer,KeepAlive,KeepAliveTimeout,KeptBodySize,LanguagePriority,LDAPCacheEntries,LDAPCacheTTL,LDAPConnectionPoolTTL,LDAPConnectionTimeout,LDAPLibraryDebug,LDAPOpCacheEntries,LDAPOpCacheTTL,LDAPReferralHopLimit,LDAPReferrals,LDAPRetries,LDAPRetryDelay,LDAPSharedCacheFile,LDAPSharedCacheSize,LDAPTimeout,LDAPTrustedClientCert,LDAPTrustedGlobalCert,LDAPTrustedMode,LDAPVerifyServerCert,<Limit>,<LimitExcept>,LimitInternalRecursion,LimitRequestBody,LimitRequestFields,LimitRequestFieldSize,LimitRequestLine,LimitXMLRequestBody,Listen,ListenBackLog,LoadFile,LoadModule,<Location>,<LocationMatch>,LogFormat,LogLevel,LogMessage,LuaCodeCache,LuaHookAccessChecker,LuaHookAuthChecker,LuaAuthzProvider,LuaHookCheckUserID,LuaHookFixups,LuaHookInsertFilter,LuaHookMapToStorage,LuaHookTranslateName,LuaHookTypeChecker,LuaInherit,LuaInputFilter,LuaMapHandler,LuaOutputFilter,LuaPackageCPath,LuaPackagePath,LuaQuickHandler,LuaRoot,LuaScope,MaxConnectionsPerChild,MaxKeepAliveRequests,MaxMemFree,MaxRangeOverlaps,MaxRangeReversals,MaxRanges,MaxRequestWorkers,MaxSpareServers,MaxSpareThreads,MaxThreads,MetaDir,MetaFiles,MetaSuffix,MimeMagicFile,MinSpareServers,MinSpareThreads,MMapFile,ModemStandard,ModMimeUsePathInfo,MultiviewsMatch,Mutex,NameVirtualHost,NoProxy,NWSSLTrustedCerts,NWSSLUpgradeable,Options,Order,OutputSed,PassEnv,PidFile,PrivilegesMode,Protocol,ProtocolEcho,<Proxy>,ProxyAddHeaders,ProxyBadHeader,ProxyBlock,ProxyDomain,ProxyErrorOverride,ProxyExpressDBMFile,ProxyExpressDBMType,ProxyExpressEnable,ProxyFtpDirCharset,ProxyFtpEscapeWildcards,ProxyFtpListOnWildcard,ProxyHTMLBufSize,ProxyHTMLCharsetOut,ProxyHTMLDocType,ProxyHTMLEnable,ProxyHTMLEvents,ProxyHTMLExtended,ProxyHTMLFixups,ProxyHTMLInterp,ProxyHTMLLinks,ProxyHTMLStripComments,ProxyHTMLURLMap,ProxyIOBufferSize,<ProxyMatch>,ProxyMaxForwards,ProxyPass,ProxyPassInterpolateEnv,ProxyPassMatch,ProxyPassReverse,ProxyPassReverseCookieDomain,ProxyPassReverseCookiePath,ProxyPreserveHost,ProxyReceiveBufferSize,ProxyRemote,ProxyRemoteMatch,ProxyRequests,ProxySCGIInternalRedirect,ProxySCGISendfile,ProxySet,ProxySourceAddress,ProxyStatus,ProxyTimeout,ProxyVia,ReadmeName,ReceiveBufferSize,Redirect,RedirectMatch,RedirectPermanent,RedirectTemp,ReflectorHeader,RemoteIPHeader,RemoteIPInternalProxy,RemoteIPInternalProxyList,RemoteIPProxiesHeader,RemoteIPTrustedProxy,RemoteIPTrustedProxyList,RemoveCharset,RemoveEncoding,RemoveHandler,RemoveInputFilter,RemoveLanguage,RemoveOutputFilter,RemoveType,RequestHeader,RequestReadTimeout,Require,<RequireAll>,<RequireAny>,<RequireNone>,RewriteBase,RewriteCond,RewriteEngine,RewriteMap,RewriteOptions,RewriteRule,RLimitCPU,RLimitMEM,RLimitNPROC,Satisfy,ScoreBoardFile,Script,ScriptAlias,ScriptAliasMatch,ScriptInterpreterSource,ScriptLog,ScriptLogBuffer,ScriptLogLength,ScriptSock,SecureListen,SeeRequestTail,SendBufferSize,ServerAdmin,ServerAlias,ServerLimit,ServerName,ServerPath,ServerRoot,ServerSignature,ServerTokens,Session,SessionCookieName,SessionCookieName2,SessionCookieRemove,SessionCryptoCipher,SessionCryptoDriver,SessionCryptoPassphrase,SessionCryptoPassphraseFile,SessionDBDCookieName,SessionDBDCookieName2,SessionDBDCookieRemove,SessionDBDDeleteLabel,SessionDBDInsertLabel,SessionDBDPerUser,SessionDBDSelectLabel,SessionDBDUpdateLabel,SessionEnv,SessionExclude,SessionHeader,SessionInclude,SessionMaxAge,SetEnv,SetEnvIf,SetEnvIfExpr,SetEnvIfNoCase,SetHandler,SetInputFilter,SetOutputFilter,SSIEndTag,SSIErrorMsg,SSIETag,SSILastModified,SSILegacyExprParser,SSIStartTag,SSITimeFormat,SSIUndefinedEcho,SSLCACertificateFile,SSLCACertificatePath,SSLCADNRequestFile,SSLCADNRequestPath,SSLCARevocationCheck,SSLCARevocationFile,SSLCARevocationPath,SSLCertificateChainFile,SSLCertificateFile,SSLCertificateKeyFile,SSLCipherSuite,SSLCryptoDevice,SSLEngine,SSLFIPS,SSLHonorCipherOrder,SSLInsecureRenegotiation,SSLOCSPDefaultResponder,SSLOCSPEnable,SSLOCSPOverrideResponder,SSLOCSPResponderTimeout,SSLOCSPResponseMaxAge,SSLOCSPResponseTimeSkew,SSLOptions,SSLPassPhraseDialog,SSLProtocol,SSLProxyCACertificateFile,SSLProxyCACertificatePath,SSLProxyCARevocationCheck,SSLProxyCARevocationFile,SSLProxyCARevocationPath,SSLProxyCheckPeerCN,SSLProxyCheckPeerExpire,SSLProxyCipherSuite,SSLProxyEngine,SSLProxyMachineCertificateChainFile,SSLProxyMachineCertificateFile,SSLProxyMachineCertificatePath,SSLProxyProtocol,SSLProxyVerify,SSLProxyVerifyDepth,SSLRandomSeed,SSLRenegBufferSize,SSLRequire,SSLRequireSSL,SSLSessionCache,SSLSessionCacheTimeout,SSLSessionTicketKeyFile,SSLStaplingCache,SSLStaplingErrorCacheTimeout,SSLStaplingFakeTryLater,SSLStaplingForceURL,SSLStaplingResponderTimeout,SSLStaplingResponseMaxAge,SSLStaplingResponseTimeSkew,SSLStaplingReturnResponderErrors,SSLStaplingStandardCacheTimeout,SSLStrictSNIVHostCheck,SSLUserName,SSLUseStapling,SSLVerifyClient,SSLVerifyDepth,StartServers,StartThreads,Substitute,Suexec,SuexecUserGroup,ThreadLimit,ThreadsPerChild,ThreadStackSize,TimeOut,TraceEnable,TransferLog,TypesConfig,UnDefine,UnsetEnv,UseCanonicalName,UseCanonicalPhysicalPort,User,UserDir,VHostCGIMode,VHostCGIPrivs,VHostGroup,VHostPrivs,VHostSecure,VHostUser,VirtualDocumentRoot,VirtualDocumentRootIP,<VirtualHost>,VirtualScriptAlias,VirtualScriptAliasIP,WatchdogInterval,XBitHack,xml2EncAlias,xml2EncDefault,xml2StartParse,RewriteLog,RewriteLogLevel"]; | ||
449 | 136 | var CONFIG_OPTIONS = /^[\\+\\-]?(AuthConfig|IncludesNOEXEC|ExecCGI|FollowSymLinks|MultiViews|Includes|Indexes|SymLinksIfOwnerMatch)\b/i; | ||
450 | 137 | var ALL_KEYWORDS = [ | ||
451 | 138 | CPP_KEYWORDS, CSHARP_KEYWORDS, JSCRIPT_KEYWORDS, PERL_KEYWORDS + | ||
452 | 139 | PYTHON_KEYWORDS, RUBY_KEYWORDS, SH_KEYWORDS, CONFIG_KEYWORDS, PHP_KEYWORDS]; | ||
453 | 140 | var C_TYPES = /^(DIR|FILE|vector|(de|priority_)?queue|list|stack|(const_)?iterator|(multi)?(set|map)|bitset|u?(int|float|char|void|const|static|struct)\d*(_t)?\b)|[a-z_]+_rec|cmd_parms\b/; | ||
454 | 141 | |||
455 | 142 | // token style names. correspond to css classes | ||
456 | 143 | /** | ||
457 | 144 | * token style for a string literal | ||
458 | 145 | * @const | ||
459 | 146 | */ | ||
460 | 147 | var PR_STRING = 'str'; | ||
461 | 148 | /** | ||
462 | 149 | * token style for a keyword | ||
463 | 150 | * @const | ||
464 | 151 | */ | ||
465 | 152 | var PR_KEYWORD = 'kwd'; | ||
466 | 153 | /** | ||
467 | 154 | * token style for a comment | ||
468 | 155 | * @const | ||
469 | 156 | */ | ||
470 | 157 | var PR_COMMENT = 'com'; | ||
471 | 158 | /** | ||
472 | 159 | * token style for a type | ||
473 | 160 | * @const | ||
474 | 161 | */ | ||
475 | 162 | var PR_TYPE = 'typ'; | ||
476 | 163 | /** | ||
477 | 164 | * token style for a literal value. e.g. 1, null, true. | ||
478 | 165 | * @const | ||
479 | 166 | */ | ||
480 | 167 | var PR_LITERAL = 'lit'; | ||
481 | 168 | /** | ||
482 | 169 | * token style for a punctuation string. | ||
483 | 170 | * @const | ||
484 | 171 | */ | ||
485 | 172 | var PR_PUNCTUATION = 'pun'; | ||
486 | 173 | /** | ||
487 | 174 | * token style for plain text. | ||
488 | 175 | * @const | ||
489 | 176 | */ | ||
490 | 177 | var PR_PLAIN = 'pln'; | ||
491 | 178 | |||
492 | 179 | /** | ||
493 | 180 | * token style for an sgml tag. | ||
494 | 181 | * @const | ||
495 | 182 | */ | ||
496 | 183 | var PR_TAG = 'tag'; | ||
497 | 184 | /** | ||
498 | 185 | * token style for a markup declaration such as a DOCTYPE. | ||
499 | 186 | * @const | ||
500 | 187 | */ | ||
501 | 188 | var PR_DECLARATION = 'dec'; | ||
502 | 189 | /** | ||
503 | 190 | * token style for embedded source. | ||
504 | 191 | * @const | ||
505 | 192 | */ | ||
506 | 193 | var PR_SOURCE = 'src'; | ||
507 | 194 | /** | ||
508 | 195 | * token style for an sgml attribute name. | ||
509 | 196 | * @const | ||
510 | 197 | */ | ||
511 | 198 | var PR_ATTRIB_NAME = 'atn'; | ||
512 | 199 | /** | ||
513 | 200 | * token style for an sgml attribute value. | ||
514 | 201 | * @const | ||
515 | 202 | */ | ||
516 | 203 | var PR_ATTRIB_VALUE = 'atv'; | ||
517 | 204 | |||
518 | 205 | /** | ||
519 | 206 | * A class that indicates a section of markup that is not code, e.g. to allow | ||
520 | 207 | * embedding of line numbers within code listings. | ||
521 | 208 | * @const | ||
522 | 209 | */ | ||
523 | 210 | var PR_NOCODE = 'nocode'; | ||
524 | 211 | |||
525 | 212 | |||
526 | 213 | |||
527 | 214 | /** | ||
528 | 215 | * A set of tokens that can precede a regular expression literal in | ||
529 | 216 | * javascript | ||
530 | 217 | * http://web.archive.org/web/20070717142515/http://www.mozilla.org/js/language/js20/rationale/syntax.html | ||
531 | 218 | * has the full list, but I've removed ones that might be problematic when | ||
532 | 219 | * seen in languages that don't support regular expression literals. | ||
533 | 220 | * | ||
534 | 221 | * <p>Specifically, I've removed any keywords that can't precede a regexp | ||
535 | 222 | * literal in a syntactically legal javascript program, and I've removed the | ||
536 | 223 | * "in" keyword since it's not a keyword in many languages, and might be used | ||
537 | 224 | * as a count of inches. | ||
538 | 225 | * | ||
539 | 226 | * <p>The link above does not accurately describe EcmaScript rules since | ||
540 | 227 | * it fails to distinguish between (a=++/b/i) and (a++/b/i) but it works | ||
541 | 228 | * very well in practice. | ||
542 | 229 | * | ||
543 | 230 | * @private | ||
544 | 231 | * @const | ||
545 | 232 | */ | ||
546 | 233 | var REGEXP_PRECEDER_PATTERN = '(?:^^\\.?|[+-]|[!=]=?=?|\\#|%=?|&&?=?|\\(|\\*=?|[+\\-]=|->|\\/=?|::?|<<?=?|>>?>?=?|,|;|\\?|@|\\[|~|{|\\^\\^?=?|\\|\\|?=?|break|case|continue|delete|do|else|finally|instanceof|return|throw|try|typeof)\\s*'; | ||
547 | 234 | |||
548 | 235 | // CAVEAT: this does not properly handle the case where a regular | ||
549 | 236 | // expression immediately follows another since a regular expression may | ||
550 | 237 | // have flags for case-sensitivity and the like. Having regexp tokens | ||
551 | 238 | // adjacent is not valid in any language I'm aware of, so I'm punting. | ||
552 | 239 | // TODO: maybe style special characters inside a regexp as punctuation. | ||
553 | 240 | |||
554 | 241 | |||
555 | 242 | /** | ||
556 | 243 | * Given a group of {@link RegExp}s, returns a {@code RegExp} that globally | ||
557 | 244 | * matches the union of the sets of strings matched by the input RegExp. | ||
558 | 245 | * Since it matches globally, if the input strings have a start-of-input | ||
559 | 246 | * anchor (/^.../), it is ignored for the purposes of unioning. | ||
560 | 247 | * @param {Array.<RegExp>} regexs non multiline, non-global regexs. | ||
561 | 248 | * @return {RegExp} a global regex. | ||
562 | 249 | */ | ||
563 | 250 | function combinePrefixPatterns(regexs) { | ||
564 | 251 | var capturedGroupIndex = 0; | ||
565 | 252 | |||
566 | 253 | var needToFoldCase = false; | ||
567 | 254 | var ignoreCase = false; | ||
568 | 255 | for (var i = 0, n = regexs.length; i < n; ++i) { | ||
569 | 256 | var regex = regexs[i]; | ||
570 | 257 | if (regex.ignoreCase) { | ||
571 | 258 | ignoreCase = true; | ||
572 | 259 | } else if (/[a-z]/i.test(regex.source.replace( | ||
573 | 260 | /\\u[0-9a-f]{4}|\\x[0-9a-f]{2}|\\[^ux]/gi, ''))) { | ||
574 | 261 | needToFoldCase = true; | ||
575 | 262 | ignoreCase = false; | ||
576 | 263 | break; | ||
577 | 264 | } | ||
578 | 265 | } | ||
579 | 266 | |||
580 | 267 | var escapeCharToCodeUnit = { | ||
581 | 268 | 'b': 8, | ||
582 | 269 | 't': 9, | ||
583 | 270 | 'n': 0xa, | ||
584 | 271 | 'v': 0xb, | ||
585 | 272 | 'f': 0xc, | ||
586 | 273 | 'r': 0xd | ||
587 | 274 | }; | ||
588 | 275 | |||
589 | 276 | function decodeEscape(charsetPart) { | ||
590 | 277 | var cc0 = charsetPart.charCodeAt(0); | ||
591 | 278 | if (cc0 !== 92 /* \\ */) { | ||
592 | 279 | return cc0; | ||
593 | 280 | } | ||
594 | 281 | var c1 = charsetPart.charAt(1); | ||
595 | 282 | cc0 = escapeCharToCodeUnit[c1]; | ||
596 | 283 | if (cc0) { | ||
597 | 284 | return cc0; | ||
598 | 285 | } else if ('0' <= c1 && c1 <= '7') { | ||
599 | 286 | return parseInt(charsetPart.substring(1), 8); | ||
600 | 287 | } else if (c1 === 'u' || c1 === 'x') { | ||
601 | 288 | return parseInt(charsetPart.substring(2), 16); | ||
602 | 289 | } else { | ||
603 | 290 | return charsetPart.charCodeAt(1); | ||
604 | 291 | } | ||
605 | 292 | } | ||
606 | 293 | |||
607 | 294 | function encodeEscape(charCode) { | ||
608 | 295 | if (charCode < 0x20) { | ||
609 | 296 | return (charCode < 0x10 ? '\\x0' : '\\x') + charCode.toString(16); | ||
610 | 297 | } | ||
611 | 298 | var ch = String.fromCharCode(charCode); | ||
612 | 299 | return (ch === '\\' || ch === '-' || ch === ']' || ch === '^') | ||
613 | 300 | ? "\\" + ch : ch; | ||
614 | 301 | } | ||
615 | 302 | |||
616 | 303 | function caseFoldCharset(charSet) { | ||
617 | 304 | var charsetParts = charSet.substring(1, charSet.length - 1).match( | ||
618 | 305 | new RegExp( | ||
619 | 306 | '\\\\u[0-9A-Fa-f]{4}' | ||
620 | 307 | + '|\\\\x[0-9A-Fa-f]{2}' | ||
621 | 308 | + '|\\\\[0-3][0-7]{0,2}' | ||
622 | 309 | + '|\\\\[0-7]{1,2}' | ||
623 | 310 | + '|\\\\[\\s\\S]' | ||
624 | 311 | + '|-' | ||
625 | 312 | + '|[^-\\\\]', | ||
626 | 313 | 'g')); | ||
627 | 314 | var ranges = []; | ||
628 | 315 | var inverse = charsetParts[0] === '^'; | ||
629 | 316 | |||
630 | 317 | var out = ['[']; | ||
631 | 318 | if (inverse) { out.push('^'); } | ||
632 | 319 | |||
633 | 320 | for (var i = inverse ? 1 : 0, n = charsetParts.length; i < n; ++i) { | ||
634 | 321 | var p = charsetParts[i]; | ||
635 | 322 | if (/\\[bdsw]/i.test(p)) { // Don't muck with named groups. | ||
636 | 323 | out.push(p); | ||
637 | 324 | } else { | ||
638 | 325 | var start = decodeEscape(p); | ||
639 | 326 | var end; | ||
640 | 327 | if (i + 2 < n && '-' === charsetParts[i + 1]) { | ||
641 | 328 | end = decodeEscape(charsetParts[i + 2]); | ||
642 | 329 | i += 2; | ||
643 | 330 | } else { | ||
644 | 331 | end = start; | ||
645 | 332 | } | ||
646 | 333 | ranges.push([start, end]); | ||
647 | 334 | // If the range might intersect letters, then expand it. | ||
648 | 335 | // This case handling is too simplistic. | ||
649 | 336 | // It does not deal with non-latin case folding. | ||
650 | 337 | // It works for latin source code identifiers though. | ||
651 | 338 | if (!(end < 65 || start > 122)) { | ||
652 | 339 | if (!(end < 65 || start > 90)) { | ||
653 | 340 | ranges.push([Math.max(65, start) | 32, Math.min(end, 90) | 32]); | ||
654 | 341 | } | ||
655 | 342 | if (!(end < 97 || start > 122)) { | ||
656 | 343 | ranges.push([Math.max(97, start) & ~32, Math.min(end, 122) & ~32]); | ||
657 | 344 | } | ||
658 | 345 | } | ||
659 | 346 | } | ||
660 | 347 | } | ||
661 | 348 | |||
662 | 349 | // [[1, 10], [3, 4], [8, 12], [14, 14], [16, 16], [17, 17]] | ||
663 | 350 | // -> [[1, 12], [14, 14], [16, 17]] | ||
664 | 351 | ranges.sort(function (a, b) { return (a[0] - b[0]) || (b[1] - a[1]); }); | ||
665 | 352 | var consolidatedRanges = []; | ||
666 | 353 | var lastRange = []; | ||
667 | 354 | for (var i = 0; i < ranges.length; ++i) { | ||
668 | 355 | var range = ranges[i]; | ||
669 | 356 | if (range[0] <= lastRange[1] + 1) { | ||
670 | 357 | lastRange[1] = Math.max(lastRange[1], range[1]); | ||
671 | 358 | } else { | ||
672 | 359 | consolidatedRanges.push(lastRange = range); | ||
673 | 360 | } | ||
674 | 361 | } | ||
675 | 362 | |||
676 | 363 | for (var i = 0; i < consolidatedRanges.length; ++i) { | ||
677 | 364 | var range = consolidatedRanges[i]; | ||
678 | 365 | out.push(encodeEscape(range[0])); | ||
679 | 366 | if (range[1] > range[0]) { | ||
680 | 367 | if (range[1] + 1 > range[0]) { out.push('-'); } | ||
681 | 368 | out.push(encodeEscape(range[1])); | ||
682 | 369 | } | ||
683 | 370 | } | ||
684 | 371 | out.push(']'); | ||
685 | 372 | return out.join(''); | ||
686 | 373 | } | ||
687 | 374 | |||
688 | 375 | function allowAnywhereFoldCaseAndRenumberGroups(regex) { | ||
689 | 376 | // Split into character sets, escape sequences, punctuation strings | ||
690 | 377 | // like ('(', '(?:', ')', '^'), and runs of characters that do not | ||
691 | 378 | // include any of the above. | ||
692 | 379 | var parts = regex.source.match( | ||
693 | 380 | new RegExp( | ||
694 | 381 | '(?:' | ||
695 | 382 | + '\\[(?:[^\\x5C\\x5D]|\\\\[\\s\\S])*\\]' // a character set | ||
696 | 383 | + '|\\\\u[A-Fa-f0-9]{4}' // a unicode escape | ||
697 | 384 | + '|\\\\x[A-Fa-f0-9]{2}' // a hex escape | ||
698 | 385 | + '|\\\\[0-9]+' // a back-reference or octal escape | ||
699 | 386 | + '|\\\\[^ux0-9]' // other escape sequence | ||
700 | 387 | + '|\\(\\?[:!=]' // start of a non-capturing group | ||
701 | 388 | + '|[\\(\\)\\^]' // start/end of a group, or line start | ||
702 | 389 | + '|[^\\x5B\\x5C\\(\\)\\^]+' // run of other characters | ||
703 | 390 | + ')', | ||
704 | 391 | 'g')); | ||
705 | 392 | var n = parts.length; | ||
706 | 393 | |||
707 | 394 | // Maps captured group numbers to the number they will occupy in | ||
708 | 395 | // the output or to -1 if that has not been determined, or to | ||
709 | 396 | // undefined if they need not be capturing in the output. | ||
710 | 397 | var capturedGroups = []; | ||
711 | 398 | |||
712 | 399 | // Walk over and identify back references to build the capturedGroups | ||
713 | 400 | // mapping. | ||
714 | 401 | for (var i = 0, groupIndex = 0; i < n; ++i) { | ||
715 | 402 | var p = parts[i]; | ||
716 | 403 | if (p === '(') { | ||
717 | 404 | // groups are 1-indexed, so max group index is count of '(' | ||
718 | 405 | ++groupIndex; | ||
719 | 406 | } else if ('\\' === p.charAt(0)) { | ||
720 | 407 | var decimalValue = +p.substring(1); | ||
721 | 408 | if (decimalValue) { | ||
722 | 409 | if (decimalValue <= groupIndex) { | ||
723 | 410 | capturedGroups[decimalValue] = -1; | ||
724 | 411 | } else { | ||
725 | 412 | // Replace with an unambiguous escape sequence so that | ||
726 | 413 | // an octal escape sequence does not turn into a backreference | ||
727 | 414 | // to a capturing group from an earlier regex. | ||
728 | 415 | parts[i] = encodeEscape(decimalValue); | ||
729 | 416 | } | ||
730 | 417 | } | ||
731 | 418 | } | ||
732 | 419 | } | ||
733 | 420 | |||
734 | 421 | // Renumber groups and reduce capturing groups to non-capturing groups | ||
735 | 422 | // where possible. | ||
736 | 423 | for (var i = 1; i < capturedGroups.length; ++i) { | ||
737 | 424 | if (-1 === capturedGroups[i]) { | ||
738 | 425 | capturedGroups[i] = ++capturedGroupIndex; | ||
739 | 426 | } | ||
740 | 427 | } | ||
741 | 428 | for (var i = 0, groupIndex = 0; i < n; ++i) { | ||
742 | 429 | var p = parts[i]; | ||
743 | 430 | if (p === '(') { | ||
744 | 431 | ++groupIndex; | ||
745 | 432 | if (!capturedGroups[groupIndex]) { | ||
746 | 433 | parts[i] = '(?:'; | ||
747 | 434 | } | ||
748 | 435 | } else if ('\\' === p.charAt(0)) { | ||
749 | 436 | var decimalValue = +p.substring(1); | ||
750 | 437 | if (decimalValue && decimalValue <= groupIndex) { | ||
751 | 438 | parts[i] = '\\' + capturedGroups[decimalValue]; | ||
752 | 439 | } | ||
753 | 440 | } | ||
754 | 441 | } | ||
755 | 442 | |||
756 | 443 | // Remove any prefix anchors so that the output will match anywhere. | ||
757 | 444 | // ^^ really does mean an anchored match though. | ||
758 | 445 | for (var i = 0; i < n; ++i) { | ||
759 | 446 | if ('^' === parts[i] && '^' !== parts[i + 1]) { parts[i] = ''; } | ||
760 | 447 | } | ||
761 | 448 | |||
762 | 449 | // Expand letters to groups to handle mixing of case-sensitive and | ||
763 | 450 | // case-insensitive patterns if necessary. | ||
764 | 451 | if (regex.ignoreCase && needToFoldCase) { | ||
765 | 452 | for (var i = 0; i < n; ++i) { | ||
766 | 453 | var p = parts[i]; | ||
767 | 454 | var ch0 = p.charAt(0); | ||
768 | 455 | if (p.length >= 2 && ch0 === '[') { | ||
769 | 456 | parts[i] = caseFoldCharset(p); | ||
770 | 457 | } else if (ch0 !== '\\') { | ||
771 | 458 | // TODO: handle letters in numeric escapes. | ||
772 | 459 | parts[i] = p.replace( | ||
773 | 460 | /[a-zA-Z]/g, | ||
774 | 461 | function (ch) { | ||
775 | 462 | var cc = ch.charCodeAt(0); | ||
776 | 463 | return '[' + String.fromCharCode(cc & ~32, cc | 32) + ']'; | ||
777 | 464 | }); | ||
778 | 465 | } | ||
779 | 466 | } | ||
780 | 467 | } | ||
781 | 468 | |||
782 | 469 | return parts.join(''); | ||
783 | 470 | } | ||
784 | 471 | |||
785 | 472 | var rewritten = []; | ||
786 | 473 | for (var i = 0, n = regexs.length; i < n; ++i) { | ||
787 | 474 | var regex = regexs[i]; | ||
788 | 475 | if (regex.global || regex.multiline) { throw new Error('' + regex); } | ||
789 | 476 | rewritten.push( | ||
790 | 477 | '(?:' + allowAnywhereFoldCaseAndRenumberGroups(regex) + ')'); | ||
791 | 478 | } | ||
792 | 479 | |||
793 | 480 | return new RegExp(rewritten.join('|'), ignoreCase ? 'gi' : 'g'); | ||
794 | 481 | } | ||
795 | 482 | |||
796 | 483 | |||
797 | 484 | /** | ||
798 | 485 | * Split markup into a string of source code and an array mapping ranges in | ||
799 | 486 | * that string to the text nodes in which they appear. | ||
800 | 487 | * | ||
801 | 488 | * <p> | ||
802 | 489 | * The HTML DOM structure:</p> | ||
803 | 490 | * <pre> | ||
804 | 491 | * (Element "p" | ||
805 | 492 | * (Element "b" | ||
806 | 493 | * (Text "print ")) ; #1 | ||
807 | 494 | * (Text "'Hello '") ; #2 | ||
808 | 495 | * (Element "br") ; #3 | ||
809 | 496 | * (Text " + 'World';")) ; #4 | ||
810 | 497 | * </pre> | ||
811 | 498 | * <p> | ||
812 | 499 | * corresponds to the HTML | ||
813 | 500 | * {@code <p><b>print </b>'Hello '<br> + 'World';</p>}.</p> | ||
814 | 501 | * | ||
815 | 502 | * <p> | ||
816 | 503 | * It will produce the output:</p> | ||
817 | 504 | * <pre> | ||
818 | 505 | * { | ||
819 | 506 | * sourceCode: "print 'Hello '\n + 'World';", | ||
820 | 507 | * // 1 2 | ||
821 | 508 | * // 012345678901234 5678901234567 | ||
822 | 509 | * spans: [0, #1, 6, #2, 14, #3, 15, #4] | ||
823 | 510 | * } | ||
824 | 511 | * </pre> | ||
825 | 512 | * <p> | ||
826 | 513 | * where #1 is a reference to the {@code "print "} text node above, and so | ||
827 | 514 | * on for the other text nodes. | ||
828 | 515 | * </p> | ||
829 | 516 | * | ||
830 | 517 | * <p> | ||
831 | 518 | * The {@code} spans array is an array of pairs. Even elements are the start | ||
832 | 519 | * indices of substrings, and odd elements are the text nodes (or BR elements) | ||
833 | 520 | * that contain the text for those substrings. | ||
834 | 521 | * Substrings continue until the next index or the end of the source. | ||
835 | 522 | * </p> | ||
836 | 523 | * | ||
837 | 524 | * @param {Node} node an HTML DOM subtree containing source-code. | ||
838 | 525 | * @param {boolean} isPreformatted true if white-space in text nodes should | ||
839 | 526 | * be considered significant. | ||
840 | 527 | * @return {Object} source code and the text nodes in which they occur. | ||
841 | 528 | */ | ||
842 | 529 | function extractSourceSpans(node, isPreformatted) { | ||
843 | 530 | var nocode = /(?:^|\s)nocode(?:\s|$)/; | ||
844 | 531 | |||
845 | 532 | var chunks = []; | ||
846 | 533 | var length = 0; | ||
847 | 534 | var spans = []; | ||
848 | 535 | var k = 0; | ||
849 | 536 | |||
850 | 537 | function walk(node) { | ||
851 | 538 | switch (node.nodeType) { | ||
852 | 539 | case 1: // Element | ||
853 | 540 | if (nocode.test(node.className)) { return; } | ||
854 | 541 | for (var child = node.firstChild; child; child = child.nextSibling) { | ||
855 | 542 | walk(child); | ||
856 | 543 | } | ||
857 | 544 | var nodeName = node.nodeName.toLowerCase(); | ||
858 | 545 | if ('br' === nodeName || 'li' === nodeName) { | ||
859 | 546 | chunks[k] = '\n'; | ||
860 | 547 | spans[k << 1] = length++; | ||
861 | 548 | spans[(k++ << 1) | 1] = node; | ||
862 | 549 | } | ||
863 | 550 | break; | ||
864 | 551 | case 3: case 4: // Text | ||
865 | 552 | var text = node.nodeValue; | ||
866 | 553 | if (text.length) { | ||
867 | 554 | if (!isPreformatted) { | ||
868 | 555 | text = text.replace(/[ \t\r\n]+/g, ' '); | ||
869 | 556 | } else { | ||
870 | 557 | text = text.replace(/\r\n?/g, '\n'); // Normalize newlines. | ||
871 | 558 | text = text.replace(/^(\r?\n\s*)+/g, ''); // Remove leading newlines | ||
872 | 559 | text = text.replace(/^\s*/g, ''); // Remove leading spaces due to indented formatting | ||
873 | 560 | text = text.replace(/(\r?\n\s*)+$/g, ''); // Remove ending newlines | ||
874 | 561 | |||
875 | 562 | } | ||
876 | 563 | // TODO: handle tabs here? | ||
877 | 564 | chunks[k] = text; | ||
878 | 565 | spans[k << 1] = length; | ||
879 | 566 | length += text.length; | ||
880 | 567 | spans[(k++ << 1) | 1] = node; | ||
881 | 568 | } | ||
882 | 569 | break; | ||
883 | 570 | } | ||
884 | 571 | } | ||
885 | 572 | |||
886 | 573 | walk(node); | ||
887 | 574 | |||
888 | 575 | return { | ||
889 | 576 | sourceCode: chunks.join('').replace(/\n$/, ''), | ||
890 | 577 | spans: spans | ||
891 | 578 | }; | ||
892 | 579 | } | ||
893 | 580 | |||
894 | 581 | |||
895 | 582 | /** | ||
896 | 583 | * Apply the given language handler to sourceCode and add the resulting | ||
897 | 584 | * decorations to out. | ||
898 | 585 | * @param {number} basePos the index of sourceCode within the chunk of source | ||
899 | 586 | * whose decorations are already present on out. | ||
900 | 587 | */ | ||
901 | 588 | function appendDecorations(basePos, sourceCode, langHandler, out) { | ||
902 | 589 | if (!sourceCode) { return; } | ||
903 | 590 | var job = { | ||
904 | 591 | sourceCode: sourceCode, | ||
905 | 592 | basePos: basePos | ||
906 | 593 | }; | ||
907 | 594 | langHandler(job); | ||
908 | 595 | out.push.apply(out, job.decorations); | ||
909 | 596 | } | ||
910 | 597 | |||
911 | 598 | var notWs = /\S/; | ||
912 | 599 | |||
913 | 600 | /** | ||
914 | 601 | * Given an element, if it contains only one child element and any text nodes | ||
915 | 602 | * it contains contain only space characters, return the sole child element. | ||
916 | 603 | * Otherwise returns undefined. | ||
917 | 604 | * <p> | ||
918 | 605 | * This is meant to return the CODE element in {@code <pre><code ...>} when | ||
919 | 606 | * there is a single child element that contains all the non-space textual | ||
920 | 607 | * content, but not to return anything where there are multiple child elements | ||
921 | 608 | * as in {@code <pre><code>...</code><code>...</code></pre>} or when there | ||
922 | 609 | * is textual content. | ||
923 | 610 | */ | ||
924 | 611 | function childContentWrapper(element) { | ||
925 | 612 | var wrapper = undefined; | ||
926 | 613 | for (var c = element.firstChild; c; c = c.nextSibling) { | ||
927 | 614 | var type = c.nodeType; | ||
928 | 615 | wrapper = (type === 1) // Element Node | ||
929 | 616 | ? (wrapper ? element : c) | ||
930 | 617 | : (type === 3) // Text Node | ||
931 | 618 | ? (notWs.test(c.nodeValue) ? element : wrapper) | ||
932 | 619 | : wrapper; | ||
933 | 620 | } | ||
934 | 621 | return wrapper === element ? undefined : wrapper; | ||
935 | 622 | } | ||
936 | 623 | |||
937 | 624 | /** Given triples of [style, pattern, context] returns a lexing function, | ||
938 | 625 | * The lexing function interprets the patterns to find token boundaries and | ||
939 | 626 | * returns a decoration list of the form | ||
940 | 627 | * [index_0, style_0, index_1, style_1, ..., index_n, style_n] | ||
941 | 628 | * where index_n is an index into the sourceCode, and style_n is a style | ||
942 | 629 | * constant like PR_PLAIN. index_n-1 <= index_n, and style_n-1 applies to | ||
943 | 630 | * all characters in sourceCode[index_n-1:index_n]. | ||
944 | 631 | * | ||
945 | 632 | * The stylePatterns is a list whose elements have the form | ||
946 | 633 | * [style : string, pattern : RegExp, DEPRECATED, shortcut : string]. | ||
947 | 634 | * | ||
948 | 635 | * Style is a style constant like PR_PLAIN, or can be a string of the | ||
949 | 636 | * form 'lang-FOO', where FOO is a language extension describing the | ||
950 | 637 | * language of the portion of the token in $1 after pattern executes. | ||
951 | 638 | * E.g., if style is 'lang-lisp', and group 1 contains the text | ||
952 | 639 | * '(hello (world))', then that portion of the token will be passed to the | ||
953 | 640 | * registered lisp handler for formatting. | ||
954 | 641 | * The text before and after group 1 will be restyled using this decorator | ||
955 | 642 | * so decorators should take care that this doesn't result in infinite | ||
956 | 643 | * recursion. For example, the HTML lexer rule for SCRIPT elements looks | ||
957 | 644 | * something like ['lang-js', /<[s]cript>(.+?)<\/script>/]. This may match | ||
958 | 645 | * '<script>foo()<\/script>', which would cause the current decorator to | ||
959 | 646 | * be called with '<script>' which would not match the same rule since | ||
960 | 647 | * group 1 must not be empty, so it would be instead styled as PR_TAG by | ||
961 | 648 | * the generic tag rule. The handler registered for the 'js' extension would | ||
962 | 649 | * then be called with 'foo()', and finally, the current decorator would | ||
963 | 650 | * be called with '<\/script>' which would not match the original rule and | ||
964 | 651 | * so the generic tag rule would identify it as a tag. | ||
965 | 652 | * | ||
966 | 653 | * Pattern must only match prefixes, and if it matches a prefix, then that | ||
967 | 654 | * match is considered a token with the same style. | ||
968 | 655 | * | ||
969 | 656 | * Context is applied to the last non-whitespace, non-comment token | ||
970 | 657 | * recognized. | ||
971 | 658 | * | ||
972 | 659 | * Shortcut is an optional string of characters, any of which, if the first | ||
973 | 660 | * character, gurantee that this pattern and only this pattern matches. | ||
974 | 661 | * | ||
975 | 662 | * @param {Array} shortcutStylePatterns patterns that always start with | ||
976 | 663 | * a known character. Must have a shortcut string. | ||
977 | 664 | * @param {Array} fallthroughStylePatterns patterns that will be tried in | ||
978 | 665 | * order if the shortcut ones fail. May have shortcuts. | ||
979 | 666 | * | ||
980 | 667 | * @return {function (Object)} a | ||
981 | 668 | * function that takes source code and returns a list of decorations. | ||
982 | 669 | */ | ||
983 | 670 | function createSimpleLexer(shortcutStylePatterns, fallthroughStylePatterns) { | ||
984 | 671 | var shortcuts = {}; | ||
985 | 672 | var tokenizer; | ||
986 | 673 | (function () { | ||
987 | 674 | var allPatterns = shortcutStylePatterns.concat(fallthroughStylePatterns); | ||
988 | 675 | var allRegexs = []; | ||
989 | 676 | var regexKeys = {}; | ||
990 | 677 | for (var i = 0, n = allPatterns.length; i < n; ++i) { | ||
991 | 678 | var patternParts = allPatterns[i]; | ||
992 | 679 | var shortcutChars = patternParts[3]; | ||
993 | 680 | if (shortcutChars) { | ||
994 | 681 | for (var c = shortcutChars.length; --c >= 0;) { | ||
995 | 682 | shortcuts[shortcutChars.charAt(c)] = patternParts; | ||
996 | 683 | } | ||
997 | 684 | } | ||
998 | 685 | var regex = patternParts[1]; | ||
999 | 686 | var k = '' + regex; | ||
1000 | 687 | if (!regexKeys.hasOwnProperty(k)) { | ||
1001 | 688 | allRegexs.push(regex); | ||
1002 | 689 | regexKeys[k] = null; | ||
1003 | 690 | } | ||
1004 | 691 | } | ||
1005 | 692 | allRegexs.push(/[\0-\uffff]/); | ||
1006 | 693 | tokenizer = combinePrefixPatterns(allRegexs); | ||
1007 | 694 | })(); | ||
1008 | 695 | |||
1009 | 696 | var nPatterns = fallthroughStylePatterns.length; | ||
1010 | 697 | |||
1011 | 698 | /** | ||
1012 | 699 | * Lexes job.sourceCode and produces an output array job.decorations of | ||
1013 | 700 | * style classes preceded by the position at which they start in | ||
1014 | 701 | * job.sourceCode in order. | ||
1015 | 702 | * | ||
1016 | 703 | * @param {Object} job an object like <pre>{ | ||
1017 | 704 | * sourceCode: {string} sourceText plain text, | ||
1018 | 705 | * basePos: {int} position of job.sourceCode in the larger chunk of | ||
1019 | 706 | * sourceCode. | ||
1020 | 707 | * }</pre> | ||
1021 | 708 | */ | ||
1022 | 709 | var decorate = function (job) { | ||
1023 | 710 | var sourceCode = job.sourceCode, basePos = job.basePos; | ||
1024 | 711 | /** Even entries are positions in source in ascending order. Odd enties | ||
1025 | 712 | * are style markers (e.g., PR_COMMENT) that run from that position until | ||
1026 | 713 | * the end. | ||
1027 | 714 | * @type {Array.<number|string>} | ||
1028 | 715 | */ | ||
1029 | 716 | var decorations = [basePos, PR_PLAIN]; | ||
1030 | 717 | var pos = 0; // index into sourceCode | ||
1031 | 718 | var tokens = sourceCode.match(tokenizer) || []; | ||
1032 | 719 | var styleCache = {}; | ||
1033 | 720 | |||
1034 | 721 | for (var ti = 0, nTokens = tokens.length; ti < nTokens; ++ti) { | ||
1035 | 722 | var token = tokens[ti]; | ||
1036 | 723 | var style = styleCache[token]; | ||
1037 | 724 | var match = void 0; | ||
1038 | 725 | |||
1039 | 726 | var isEmbedded; | ||
1040 | 727 | if (typeof style === 'string') { | ||
1041 | 728 | isEmbedded = false; | ||
1042 | 729 | } else { | ||
1043 | 730 | var patternParts = shortcuts[token.charAt(0)]; | ||
1044 | 731 | if (patternParts) { | ||
1045 | 732 | match = token.match(patternParts[1]); | ||
1046 | 733 | style = patternParts[0]; | ||
1047 | 734 | } else { | ||
1048 | 735 | for (var i = 0; i < nPatterns; ++i) { | ||
1049 | 736 | patternParts = fallthroughStylePatterns[i]; | ||
1050 | 737 | match = token.match(patternParts[1]); | ||
1051 | 738 | if (match) { | ||
1052 | 739 | style = patternParts[0]; | ||
1053 | 740 | break; | ||
1054 | 741 | } | ||
1055 | 742 | } | ||
1056 | 743 | |||
1057 | 744 | if (!match) { // make sure that we make progress | ||
1058 | 745 | style = PR_PLAIN; | ||
1059 | 746 | } | ||
1060 | 747 | } | ||
1061 | 748 | |||
1062 | 749 | isEmbedded = style.length >= 5 && 'lang-' === style.substring(0, 5); | ||
1063 | 750 | if (isEmbedded && !(match && typeof match[1] === 'string')) { | ||
1064 | 751 | isEmbedded = false; | ||
1065 | 752 | style = PR_SOURCE; | ||
1066 | 753 | } | ||
1067 | 754 | |||
1068 | 755 | if (!isEmbedded) { styleCache[token] = style; } | ||
1069 | 756 | } | ||
1070 | 757 | |||
1071 | 758 | var tokenStart = pos; | ||
1072 | 759 | pos += token.length; | ||
1073 | 760 | |||
1074 | 761 | if (!isEmbedded) { | ||
1075 | 762 | decorations.push(basePos + tokenStart, style); | ||
1076 | 763 | } else { // Treat group 1 as an embedded block of source code. | ||
1077 | 764 | var embeddedSource = match[1]; | ||
1078 | 765 | var embeddedSourceStart = token.indexOf(embeddedSource); | ||
1079 | 766 | var embeddedSourceEnd = embeddedSourceStart + embeddedSource.length; | ||
1080 | 767 | if (match[2]) { | ||
1081 | 768 | // If embeddedSource can be blank, then it would match at the | ||
1082 | 769 | // beginning which would cause us to infinitely recurse on the | ||
1083 | 770 | // entire token, so we catch the right context in match[2]. | ||
1084 | 771 | embeddedSourceEnd = token.length - match[2].length; | ||
1085 | 772 | embeddedSourceStart = embeddedSourceEnd - embeddedSource.length; | ||
1086 | 773 | } | ||
1087 | 774 | var lang = style.substring(5); | ||
1088 | 775 | // Decorate the left of the embedded source | ||
1089 | 776 | appendDecorations( | ||
1090 | 777 | basePos + tokenStart, | ||
1091 | 778 | token.substring(0, embeddedSourceStart), | ||
1092 | 779 | decorate, decorations); | ||
1093 | 780 | // Decorate the embedded source | ||
1094 | 781 | appendDecorations( | ||
1095 | 782 | basePos + tokenStart + embeddedSourceStart, | ||
1096 | 783 | embeddedSource, | ||
1097 | 784 | langHandlerForExtension(lang, embeddedSource), | ||
1098 | 785 | decorations); | ||
1099 | 786 | // Decorate the right of the embedded section | ||
1100 | 787 | appendDecorations( | ||
1101 | 788 | basePos + tokenStart + embeddedSourceEnd, | ||
1102 | 789 | token.substring(embeddedSourceEnd), | ||
1103 | 790 | decorate, decorations); | ||
1104 | 791 | } | ||
1105 | 792 | } | ||
1106 | 793 | job.decorations = decorations; | ||
1107 | 794 | }; | ||
1108 | 795 | return decorate; | ||
1109 | 796 | } | ||
1110 | 797 | |||
1111 | 798 | /** returns a function that produces a list of decorations from source text. | ||
1112 | 799 | * | ||
1113 | 800 | * This code treats ", ', and ` as string delimiters, and \ as a string | ||
1114 | 801 | * escape. It does not recognize perl's qq() style strings. | ||
1115 | 802 | * It has no special handling for double delimiter escapes as in basic, or | ||
1116 | 803 | * the tripled delimiters used in python, but should work on those regardless | ||
1117 | 804 | * although in those cases a single string literal may be broken up into | ||
1118 | 805 | * multiple adjacent string literals. | ||
1119 | 806 | * | ||
1120 | 807 | * It recognizes C, C++, and shell style comments. | ||
1121 | 808 | * | ||
1122 | 809 | * @param {Object} options a set of optional parameters. | ||
1123 | 810 | * @return {function (Object)} a function that examines the source code | ||
1124 | 811 | * in the input job and builds the decoration list. | ||
1125 | 812 | */ | ||
1126 | 813 | function sourceDecorator(options) { | ||
1127 | 814 | var shortcutStylePatterns = [], fallthroughStylePatterns = []; | ||
1128 | 815 | if (options['tripleQuotedStrings']) { | ||
1129 | 816 | // '''multi-line-string''', 'single-line-string', and double-quoted | ||
1130 | 817 | shortcutStylePatterns.push( | ||
1131 | 818 | [PR_STRING, /^(?:\'\'\'(?:[^\'\\]|\\[\s\S]|\'{1,2}(?=[^\']))*(?:\'\'\'|$)|\"\"\"(?:[^\"\\]|\\[\s\S]|\"{1,2}(?=[^\"]))*(?:\"\"\"|$)|\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$))/, | ||
1132 | 819 | null, '\'"']); | ||
1133 | 820 | } else if (options['multiLineStrings']) { | ||
1134 | 821 | // 'multi-line-string', "multi-line-string" | ||
1135 | 822 | shortcutStylePatterns.push( | ||
1136 | 823 | [PR_STRING, /^(?:\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$)|\`(?:[^\\\`]|\\[\s\S])*(?:\`|$))/, | ||
1137 | 824 | null, '\'"`']); | ||
1138 | 825 | } else { | ||
1139 | 826 | // 'single-line-string', "single-line-string" | ||
1140 | 827 | shortcutStylePatterns.push( | ||
1141 | 828 | [PR_STRING, | ||
1142 | 829 | /^(?:\'(?:[^\\\'\r\n]|\\.)*(?:\'|$)|\"(?:[^\\\"\r\n]|\\.)*(?:\"|$))/, | ||
1143 | 830 | null, '"\'']); | ||
1144 | 831 | } | ||
1145 | 832 | if (options['verbatimStrings']) { | ||
1146 | 833 | // verbatim-string-literal production from the C# grammar. See issue 93. | ||
1147 | 834 | fallthroughStylePatterns.push( | ||
1148 | 835 | [PR_STRING, /^@\"(?:[^\"]|\"\")*(?:\"|$)/, null]); | ||
1149 | 836 | } | ||
1150 | 837 | var hc = options['hashComments']; | ||
1151 | 838 | if (hc) { | ||
1152 | 839 | if (options['cStyleComments']) { | ||
1153 | 840 | if (hc > 1) { // multiline hash comments | ||
1154 | 841 | shortcutStylePatterns.push( | ||
1155 | 842 | [PR_COMMENT, /^#(?:##(?:[^#]|#(?!##))*(?:###|$)|.*)/, null, '#']); | ||
1156 | 843 | } else { | ||
1157 | 844 | // Stop C preprocessor declarations at an unclosed open comment | ||
1158 | 845 | shortcutStylePatterns.push( | ||
1159 | 846 | [PR_COMMENT, /^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\r\n]*)/, | ||
1160 | 847 | null, '#']); | ||
1161 | 848 | } | ||
1162 | 849 | // #include <stdio.h> | ||
1163 | 850 | fallthroughStylePatterns.push( | ||
1164 | 851 | [PR_STRING, | ||
1165 | 852 | /^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h(?:h|pp|\+\+)?|[a-z]\w*)>/, | ||
1166 | 853 | null]); | ||
1167 | 854 | } else { | ||
1168 | 855 | shortcutStylePatterns.push([PR_COMMENT, /^#[^\r\n]*/, null, '#']); | ||
1169 | 856 | } | ||
1170 | 857 | } | ||
1171 | 858 | if (options['cStyleComments']) { | ||
1172 | 859 | fallthroughStylePatterns.push([PR_COMMENT, /^\/\/[^\r\n]*/, null]); | ||
1173 | 860 | fallthroughStylePatterns.push( | ||
1174 | 861 | [PR_COMMENT, /^\/\*[\s\S]*?(?:\*\/|$)/, null]); | ||
1175 | 862 | } | ||
1176 | 863 | if (options['regexLiterals']) { | ||
1177 | 864 | /** | ||
1178 | 865 | * @const | ||
1179 | 866 | */ | ||
1180 | 867 | var REGEX_LITERAL = ( | ||
1181 | 868 | // A regular expression literal starts with a slash that is | ||
1182 | 869 | // not followed by * or / so that it is not confused with | ||
1183 | 870 | // comments. | ||
1184 | 871 | '/(?=[^/*])' | ||
1185 | 872 | // and then contains any number of raw characters, | ||
1186 | 873 | + '(?:[^/\\x5B\\x5C]' | ||
1187 | 874 | // escape sequences (\x5C), | ||
1188 | 875 | + '|\\x5C[\\s\\S]' | ||
1189 | 876 | // or non-nesting character sets (\x5B\x5D); | ||
1190 | 877 | + '|\\x5B(?:[^\\x5C\\x5D]|\\x5C[\\s\\S])*(?:\\x5D|$))+' | ||
1191 | 878 | // finally closed by a /. | ||
1192 | 879 | + '/'); | ||
1193 | 880 | fallthroughStylePatterns.push( | ||
1194 | 881 | ['lang-regex', | ||
1195 | 882 | new RegExp('^' + REGEXP_PRECEDER_PATTERN + '(' + REGEX_LITERAL + ')') | ||
1196 | 883 | ]); | ||
1197 | 884 | } | ||
1198 | 885 | |||
1199 | 886 | var types = options['types']; | ||
1200 | 887 | if (types) { | ||
1201 | 888 | fallthroughStylePatterns.push([PR_TYPE, types]); | ||
1202 | 889 | } | ||
1203 | 890 | |||
1204 | 891 | if (options['strings']) { | ||
1205 | 892 | var strings = ("" + options['strings']).replace(/^ | $/g, '').replace(/-/g, '\\-'); | ||
1206 | 893 | fallthroughStylePatterns.push( | ||
1207 | 894 | [PR_STRING, | ||
1208 | 895 | new RegExp('(?:' + strings.replace(/[\s,]+/g, '|') + ')'), | ||
1209 | 896 | , null] | ||
1210 | 897 | ); | ||
1211 | 898 | } | ||
1212 | 899 | |||
1213 | 900 | var keywords = ("" + options['keywords']).replace(/^ | $/g, ''); | ||
1214 | 901 | if (keywords.length) { | ||
1215 | 902 | fallthroughStylePatterns.push( | ||
1216 | 903 | [PR_KEYWORD, | ||
1217 | 904 | new RegExp('^(?:' + keywords.replace(/[\s,]+/g, '|') + ')\\b'), | ||
1218 | 905 | null]); | ||
1219 | 906 | } | ||
1220 | 907 | |||
1221 | 908 | shortcutStylePatterns.push([PR_PLAIN, /^\s+/, null, ' \r\n\t\xA0']); | ||
1222 | 909 | if (options['httpdComments']) { | ||
1223 | 910 | fallthroughStylePatterns.push( | ||
1224 | 911 | [PR_PLAIN, /^.*\S.*#/i, null] | ||
1225 | 912 | ); | ||
1226 | 913 | } | ||
1227 | 914 | |||
1228 | 915 | fallthroughStylePatterns.push( | ||
1229 | 916 | // TODO(mikesamuel): recognize non-latin letters and numerals in idents | ||
1230 | 917 | [PR_LITERAL, /^@[a-z_$][a-z_$@0-9]*|\bNULL\b/i, null], | ||
1231 | 918 | [PR_LITERAL, CONFIG_OPTIONS, null], | ||
1232 | 919 | //[PR_STRING, CONFIG_ENVS, null], | ||
1233 | 920 | [PR_TAG, /^\b(AuthzProviderAlias|AuthnProviderAlias|RequireAny|RequireAll|RequireNone|Directory|DirectoryMatch|Location|LocationMatch|VirtualHost|If|Else|ElseIf|Proxy\b|LoadBalancer|Files|FilesMatch|Limit|LimitExcept|IfDefine|IfModule|IfVersion)\b/, null], | ||
1234 | 921 | [PR_TYPE, /^(?:[@_]?[A-Z]+[a-z][A-Za-z_$@0-9]*|\w+_(t|req|module)\b)/, null], | ||
1235 | 922 | [PR_TAG, /^apr_[a-z_0-9]+|ap_[a-z_0-9]+/i, null], | ||
1236 | 923 | [PR_PLAIN, /^[a-z_$][a-z_$@0-9\-]*/i, null], | ||
1237 | 924 | [PR_LITERAL, | ||
1238 | 925 | new RegExp( | ||
1239 | 926 | '^(?:' | ||
1240 | 927 | // A hex number | ||
1241 | 928 | + '0x[a-f0-9]+' | ||
1242 | 929 | // An IPv6 Address | ||
1243 | 930 | + '|[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+' | ||
1244 | 931 | // or an octal or decimal number, | ||
1245 | 932 | + '|(?:\\d(?:_\\d+)*\\d*(?:\\.\\d*)?|\\.\\d\\+)' | ||
1246 | 933 | // possibly in scientific notation | ||
1247 | 934 | + '(?:e[+\\-]?\\d+)?' | ||
1248 | 935 | + ')' | ||
1249 | 936 | // with an optional modifier like UL for unsigned long | ||
1250 | 937 | + '[a-z]*', 'i'), | ||
1251 | 938 | null, '0123456789'], | ||
1252 | 939 | // Don't treat escaped quotes in bash as starting strings. See issue 144. | ||
1253 | 940 | [PR_PLAIN, /^\\[\s\S]?/, null], | ||
1254 | 941 | [PR_PUNCTUATION, /^.[^\s\w\.$@\'\"\`\/\#\\]*/, null]); | ||
1255 | 942 | |||
1256 | 943 | return createSimpleLexer(shortcutStylePatterns, fallthroughStylePatterns); | ||
1257 | 944 | } | ||
1258 | 945 | |||
1259 | 946 | var decorateSource = sourceDecorator({ | ||
1260 | 947 | 'keywords': ALL_KEYWORDS, | ||
1261 | 948 | 'hashComments': true, | ||
1262 | 949 | 'cStyleComments': true, | ||
1263 | 950 | 'multiLineStrings': true, | ||
1264 | 951 | 'regexLiterals': true | ||
1265 | 952 | }); | ||
1266 | 953 | |||
1267 | 954 | /** | ||
1268 | 955 | * Given a DOM subtree, wraps it in a list, and puts each line into its own | ||
1269 | 956 | * list item. | ||
1270 | 957 | * | ||
1271 | 958 | * @param {Node} node modified in place. Its content is pulled into an | ||
1272 | 959 | * HTMLOListElement, and each line is moved into a separate list item. | ||
1273 | 960 | * This requires cloning elements, so the input might not have unique | ||
1274 | 961 | * IDs after numbering. | ||
1275 | 962 | * @param {boolean} isPreformatted true iff white-space in text nodes should | ||
1276 | 963 | * be treated as significant. | ||
1277 | 964 | */ | ||
1278 | 965 | function numberLines(node, opt_startLineNum, isPreformatted) { | ||
1279 | 966 | var nocode = /(?:^|\s)nocode(?:\s|$)/; | ||
1280 | 967 | var lineBreak = /\r\n?|\n/; | ||
1281 | 968 | |||
1282 | 969 | var document = node.ownerDocument; | ||
1283 | 970 | |||
1284 | 971 | var li = document.createElement('li'); | ||
1285 | 972 | while (node.firstChild) { | ||
1286 | 973 | li.appendChild(node.firstChild); | ||
1287 | 974 | } | ||
1288 | 975 | // An array of lines. We split below, so this is initialized to one | ||
1289 | 976 | // un-split line. | ||
1290 | 977 | var listItems = [li]; | ||
1291 | 978 | |||
1292 | 979 | function walk(node) { | ||
1293 | 980 | switch (node.nodeType) { | ||
1294 | 981 | case 1: // Element | ||
1295 | 982 | if (nocode.test(node.className)) { break; } | ||
1296 | 983 | if ('br' === node.nodeName) { | ||
1297 | 984 | breakAfter(node); | ||
1298 | 985 | // Discard the <BR> since it is now flush against a </LI>. | ||
1299 | 986 | if (node.parentNode) { | ||
1300 | 987 | node.parentNode.removeChild(node); | ||
1301 | 988 | } | ||
1302 | 989 | } else { | ||
1303 | 990 | for (var child = node.firstChild; child; child = child.nextSibling) { | ||
1304 | 991 | walk(child); | ||
1305 | 992 | } | ||
1306 | 993 | } | ||
1307 | 994 | break; | ||
1308 | 995 | case 3: case 4: // Text | ||
1309 | 996 | if (isPreformatted) { | ||
1310 | 997 | var text = node.nodeValue; | ||
1311 | 998 | var match = text.match(lineBreak); | ||
1312 | 999 | if (match) { | ||
1313 | 1000 | var firstLine = text.substring(0, match.index); | ||
1314 | 1001 | node.nodeValue = firstLine; | ||
1315 | 1002 | var tail = text.substring(match.index + match[0].length); | ||
1316 | 1003 | if (tail) { | ||
1317 | 1004 | var parent = node.parentNode; | ||
1318 | 1005 | parent.insertBefore( | ||
1319 | 1006 | document.createTextNode(tail), node.nextSibling); | ||
1320 | 1007 | } | ||
1321 | 1008 | breakAfter(node); | ||
1322 | 1009 | if (!firstLine) { | ||
1323 | 1010 | // Don't leave blank text nodes in the DOM. | ||
1324 | 1011 | node.parentNode.removeChild(node); | ||
1325 | 1012 | } | ||
1326 | 1013 | } | ||
1327 | 1014 | } | ||
1328 | 1015 | break; | ||
1329 | 1016 | } | ||
1330 | 1017 | } | ||
1331 | 1018 | |||
1332 | 1019 | // Split a line after the given node. | ||
1333 | 1020 | function breakAfter(lineEndNode) { | ||
1334 | 1021 | // If there's nothing to the right, then we can skip ending the line | ||
1335 | 1022 | // here, and move root-wards since splitting just before an end-tag | ||
1336 | 1023 | // would require us to create a bunch of empty copies. | ||
1337 | 1024 | while (!lineEndNode.nextSibling) { | ||
1338 | 1025 | lineEndNode = lineEndNode.parentNode; | ||
1339 | 1026 | if (!lineEndNode) { return; } | ||
1340 | 1027 | } | ||
1341 | 1028 | |||
1342 | 1029 | function breakLeftOf(limit, copy) { | ||
1343 | 1030 | // Clone shallowly if this node needs to be on both sides of the break. | ||
1344 | 1031 | var rightSide = copy ? limit.cloneNode(false) : limit; | ||
1345 | 1032 | var parent = limit.parentNode; | ||
1346 | 1033 | if (parent) { | ||
1347 | 1034 | // We clone the parent chain. | ||
1348 | 1035 | // This helps us resurrect important styling elements that cross lines. | ||
1349 | 1036 | // E.g. in <i>Foo<br>Bar</i> | ||
1350 | 1037 | // should be rewritten to <li><i>Foo</i></li><li><i>Bar</i></li>. | ||
1351 | 1038 | var parentClone = breakLeftOf(parent, 1); | ||
1352 | 1039 | // Move the clone and everything to the right of the original | ||
1353 | 1040 | // onto the cloned parent. | ||
1354 | 1041 | var next = limit.nextSibling; | ||
1355 | 1042 | parentClone.appendChild(rightSide); | ||
1356 | 1043 | for (var sibling = next; sibling; sibling = next) { | ||
1357 | 1044 | next = sibling.nextSibling; | ||
1358 | 1045 | parentClone.appendChild(sibling); | ||
1359 | 1046 | } | ||
1360 | 1047 | } | ||
1361 | 1048 | return rightSide; | ||
1362 | 1049 | } | ||
1363 | 1050 | |||
1364 | 1051 | var copiedListItem = breakLeftOf(lineEndNode.nextSibling, 0); | ||
1365 | 1052 | |||
1366 | 1053 | // Walk the parent chain until we reach an unattached LI. | ||
1367 | 1054 | for (var parent; | ||
1368 | 1055 | // Check nodeType since IE invents document fragments. | ||
1369 | 1056 | (parent = copiedListItem.parentNode) && parent.nodeType === 1;) { | ||
1370 | 1057 | copiedListItem = parent; | ||
1371 | 1058 | } | ||
1372 | 1059 | // Put it on the list of lines for later processing. | ||
1373 | 1060 | listItems.push(copiedListItem); | ||
1374 | 1061 | } | ||
1375 | 1062 | |||
1376 | 1063 | // Split lines while there are lines left to split. | ||
1377 | 1064 | for (var i = 0; // Number of lines that have been split so far. | ||
1378 | 1065 | i < listItems.length; // length updated by breakAfter calls. | ||
1379 | 1066 | ++i) { | ||
1380 | 1067 | walk(listItems[i]); | ||
1381 | 1068 | } | ||
1382 | 1069 | |||
1383 | 1070 | // Make sure numeric indices show correctly. | ||
1384 | 1071 | if (opt_startLineNum === (opt_startLineNum|0)) { | ||
1385 | 1072 | listItems[0].setAttribute('value', opt_startLineNum); | ||
1386 | 1073 | } | ||
1387 | 1074 | |||
1388 | 1075 | var ol = document.createElement('ol'); | ||
1389 | 1076 | ol.className = 'linenums'; | ||
1390 | 1077 | var offset = Math.max(0, ((opt_startLineNum - 1 /* zero index */)) | 0) || 0; | ||
1391 | 1078 | for (var i = 0, n = listItems.length; i < n; ++i) { | ||
1392 | 1079 | li = listItems[i]; | ||
1393 | 1080 | // Stick a class on the LIs so that stylesheets can | ||
1394 | 1081 | // color odd/even rows, or any other row pattern that | ||
1395 | 1082 | // is co-prime with 10. | ||
1396 | 1083 | li.className = 'L' + ((i + offset) % 1); | ||
1397 | 1084 | if (!li.firstChild) { | ||
1398 | 1085 | li.appendChild(document.createTextNode('\xA0')); | ||
1399 | 1086 | } | ||
1400 | 1087 | ol.appendChild(li); | ||
1401 | 1088 | } | ||
1402 | 1089 | |||
1403 | 1090 | node.appendChild(ol); | ||
1404 | 1091 | } | ||
1405 | 1092 | |||
1406 | 1093 | /** | ||
1407 | 1094 | * Breaks {@code job.sourceCode} around style boundaries in | ||
1408 | 1095 | * {@code job.decorations} and modifies {@code job.sourceNode} in place. | ||
1409 | 1096 | * @param {Object} job like <pre>{ | ||
1410 | 1097 | * sourceCode: {string} source as plain text, | ||
1411 | 1098 | * spans: {Array.<number|Node>} alternating span start indices into source | ||
1412 | 1099 | * and the text node or element (e.g. {@code <BR>}) corresponding to that | ||
1413 | 1100 | * span. | ||
1414 | 1101 | * decorations: {Array.<number|string} an array of style classes preceded | ||
1415 | 1102 | * by the position at which they start in job.sourceCode in order | ||
1416 | 1103 | * }</pre> | ||
1417 | 1104 | * @private | ||
1418 | 1105 | */ | ||
1419 | 1106 | function recombineTagsAndDecorations(job) { | ||
1420 | 1107 | var isIE8OrEarlier = /\bMSIE\s(\d+)/.exec(navigator.userAgent); | ||
1421 | 1108 | isIE8OrEarlier = isIE8OrEarlier && +isIE8OrEarlier[1] <= 8; | ||
1422 | 1109 | var newlineRe = /\n/g; | ||
1423 | 1110 | |||
1424 | 1111 | var source = job.sourceCode; | ||
1425 | 1112 | var sourceLength = source.length; | ||
1426 | 1113 | // Index into source after the last code-unit recombined. | ||
1427 | 1114 | var sourceIndex = 0; | ||
1428 | 1115 | |||
1429 | 1116 | var spans = job.spans; | ||
1430 | 1117 | var nSpans = spans.length; | ||
1431 | 1118 | // Index into spans after the last span which ends at or before sourceIndex. | ||
1432 | 1119 | var spanIndex = 0; | ||
1433 | 1120 | |||
1434 | 1121 | var decorations = job.decorations; | ||
1435 | 1122 | var nDecorations = decorations.length; | ||
1436 | 1123 | // Index into decorations after the last decoration which ends at or before | ||
1437 | 1124 | // sourceIndex. | ||
1438 | 1125 | var decorationIndex = 0; | ||
1439 | 1126 | |||
1440 | 1127 | // Remove all zero-length decorations. | ||
1441 | 1128 | decorations[nDecorations] = sourceLength; | ||
1442 | 1129 | var decPos, i; | ||
1443 | 1130 | for (i = decPos = 0; i < nDecorations;) { | ||
1444 | 1131 | if (decorations[i] !== decorations[i + 2]) { | ||
1445 | 1132 | decorations[decPos++] = decorations[i++]; | ||
1446 | 1133 | decorations[decPos++] = decorations[i++]; | ||
1447 | 1134 | } else { | ||
1448 | 1135 | i += 2; | ||
1449 | 1136 | } | ||
1450 | 1137 | } | ||
1451 | 1138 | nDecorations = decPos; | ||
1452 | 1139 | |||
1453 | 1140 | // Simplify decorations. | ||
1454 | 1141 | for (i = decPos = 0; i < nDecorations;) { | ||
1455 | 1142 | var startPos = decorations[i]; | ||
1456 | 1143 | // Conflate all adjacent decorations that use the same style. | ||
1457 | 1144 | var startDec = decorations[i + 1]; | ||
1458 | 1145 | var end = i + 2; | ||
1459 | 1146 | while (end + 2 <= nDecorations && decorations[end + 1] === startDec) { | ||
1460 | 1147 | end += 2; | ||
1461 | 1148 | } | ||
1462 | 1149 | decorations[decPos++] = startPos; | ||
1463 | 1150 | decorations[decPos++] = startDec; | ||
1464 | 1151 | i = end; | ||
1465 | 1152 | } | ||
1466 | 1153 | |||
1467 | 1154 | nDecorations = decorations.length = decPos; | ||
1468 | 1155 | |||
1469 | 1156 | var sourceNode = job.sourceNode; | ||
1470 | 1157 | var oldDisplay; | ||
1471 | 1158 | if (sourceNode) { | ||
1472 | 1159 | oldDisplay = sourceNode.style.display; | ||
1473 | 1160 | sourceNode.style.display = 'none'; | ||
1474 | 1161 | } | ||
1475 | 1162 | try { | ||
1476 | 1163 | var decoration = null; | ||
1477 | 1164 | var X = 0; | ||
1478 | 1165 | while (spanIndex < nSpans) { | ||
1479 | 1166 | X = X + 1; | ||
1480 | 1167 | if (X > 5000) { break; } | ||
1481 | 1168 | var spanStart = spans[spanIndex]; | ||
1482 | 1169 | var spanEnd = spans[spanIndex + 2] || sourceLength; | ||
1483 | 1170 | |||
1484 | 1171 | var decEnd = decorations[decorationIndex + 2] || sourceLength; | ||
1485 | 1172 | |||
1486 | 1173 | var end = Math.min(spanEnd, decEnd); | ||
1487 | 1174 | |||
1488 | 1175 | var textNode = spans[spanIndex + 1]; | ||
1489 | 1176 | var styledText; | ||
1490 | 1177 | if (textNode.nodeType !== 1 // Don't muck with <BR>s or <LI>s | ||
1491 | 1178 | // Don't introduce spans around empty text nodes. | ||
1492 | 1179 | && (styledText = source.substring(sourceIndex, end))) { | ||
1493 | 1180 | // This may seem bizarre, and it is. Emitting LF on IE causes the | ||
1494 | 1181 | // code to display with spaces instead of line breaks. | ||
1495 | 1182 | // Emitting Windows standard issue linebreaks (CRLF) causes a blank | ||
1496 | 1183 | // space to appear at the beginning of every line but the first. | ||
1497 | 1184 | // Emitting an old Mac OS 9 line separator makes everything spiffy. | ||
1498 | 1185 | if (isIE8OrEarlier) { | ||
1499 | 1186 | styledText = styledText.replace(newlineRe, '\r'); | ||
1500 | 1187 | } | ||
1501 | 1188 | textNode.nodeValue = styledText; | ||
1502 | 1189 | var document = textNode.ownerDocument; | ||
1503 | 1190 | var span = document.createElement('span'); | ||
1504 | 1191 | span.className = decorations[decorationIndex + 1]; | ||
1505 | 1192 | var parentNode = textNode.parentNode; | ||
1506 | 1193 | parentNode.replaceChild(span, textNode); | ||
1507 | 1194 | span.appendChild(textNode); | ||
1508 | 1195 | if (sourceIndex < spanEnd) { // Split off a text node. | ||
1509 | 1196 | spans[spanIndex + 1] = textNode | ||
1510 | 1197 | // TODO: Possibly optimize by using '' if there's no flicker. | ||
1511 | 1198 | = document.createTextNode(source.substring(end, spanEnd)); | ||
1512 | 1199 | parentNode.insertBefore(textNode, span.nextSibling); | ||
1513 | 1200 | } | ||
1514 | 1201 | } | ||
1515 | 1202 | |||
1516 | 1203 | sourceIndex = end; | ||
1517 | 1204 | |||
1518 | 1205 | if (sourceIndex >= spanEnd) { | ||
1519 | 1206 | spanIndex += 2; | ||
1520 | 1207 | } | ||
1521 | 1208 | if (sourceIndex >= decEnd) { | ||
1522 | 1209 | decorationIndex += 2; | ||
1523 | 1210 | } | ||
1524 | 1211 | } | ||
1525 | 1212 | } finally { | ||
1526 | 1213 | if (sourceNode) { | ||
1527 | 1214 | sourceNode.style.display = oldDisplay; | ||
1528 | 1215 | } | ||
1529 | 1216 | } | ||
1530 | 1217 | } | ||
1531 | 1218 | |||
1532 | 1219 | |||
1533 | 1220 | /** Maps language-specific file extensions to handlers. */ | ||
1534 | 1221 | var langHandlerRegistry = {}; | ||
1535 | 1222 | /** Register a language handler for the given file extensions. | ||
1536 | 1223 | * @param {function (Object)} handler a function from source code to a list | ||
1537 | 1224 | * of decorations. Takes a single argument job which describes the | ||
1538 | 1225 | * state of the computation. The single parameter has the form | ||
1539 | 1226 | * {@code { | ||
1540 | 1227 | * sourceCode: {string} as plain text. | ||
1541 | 1228 | * decorations: {Array.<number|string>} an array of style classes | ||
1542 | 1229 | * preceded by the position at which they start in | ||
1543 | 1230 | * job.sourceCode in order. | ||
1544 | 1231 | * The language handler should assigned this field. | ||
1545 | 1232 | * basePos: {int} the position of source in the larger source chunk. | ||
1546 | 1233 | * All positions in the output decorations array are relative | ||
1547 | 1234 | * to the larger source chunk. | ||
1548 | 1235 | * } } | ||
1549 | 1236 | * @param {Array.<string>} fileExtensions | ||
1550 | 1237 | */ | ||
1551 | 1238 | function registerLangHandler(handler, fileExtensions) { | ||
1552 | 1239 | for (var i = fileExtensions.length; --i >= 0;) { | ||
1553 | 1240 | var ext = fileExtensions[i]; | ||
1554 | 1241 | if (!langHandlerRegistry.hasOwnProperty(ext)) { | ||
1555 | 1242 | langHandlerRegistry[ext] = handler; | ||
1556 | 1243 | } else if (win['console']) { | ||
1557 | 1244 | console['warn']('cannot override language handler %s', ext); | ||
1558 | 1245 | } | ||
1559 | 1246 | } | ||
1560 | 1247 | } | ||
1561 | 1248 | function langHandlerForExtension(extension, source) { | ||
1562 | 1249 | if (!(extension && langHandlerRegistry.hasOwnProperty(extension))) { | ||
1563 | 1250 | // Treat it as markup if the first non whitespace character is a < and | ||
1564 | 1251 | // the last non-whitespace character is a >. | ||
1565 | 1252 | extension = /^\s*</.test(source) | ||
1566 | 1253 | ? 'default-markup' | ||
1567 | 1254 | : 'default-code'; | ||
1568 | 1255 | } | ||
1569 | 1256 | return langHandlerRegistry[extension]; | ||
1570 | 1257 | } | ||
1571 | 1258 | registerLangHandler(decorateSource, ['default-code']); | ||
1572 | 1259 | registerLangHandler( | ||
1573 | 1260 | createSimpleLexer( | ||
1574 | 1261 | [], | ||
1575 | 1262 | [ | ||
1576 | 1263 | [PR_PLAIN, /^[^<?]+/], | ||
1577 | 1264 | [PR_DECLARATION, /^<!\w[^>]*(?:>|$)/], | ||
1578 | 1265 | [PR_COMMENT, /^<\!--[\s\S]*?(?:-\->|$)/], | ||
1579 | 1266 | // Unescaped content in an unknown language | ||
1580 | 1267 | ['lang-', /^<\?([\s\S]+?)(?:\?>|$)/], | ||
1581 | 1268 | ['lang-', /^<%([\s\S]+?)(?:%>|$)/], | ||
1582 | 1269 | [PR_PUNCTUATION, /^(?:<[%?]|[%?]>)/], | ||
1583 | 1270 | ['lang-', /^<xmp\b[^>]*>([\s\S]+?)<\/xmp\b[^>]*>/i], | ||
1584 | 1271 | // Unescaped content in javascript. (Or possibly vbscript). | ||
1585 | 1272 | ['lang-js', /^<script\b[^>]*>([\s\S]*?)(<\/script\b[^>]*>)/i], | ||
1586 | 1273 | // Contains unescaped stylesheet content | ||
1587 | 1274 | ['lang-css', /^<style\b[^>]*>([\s\S]*?)(<\/style\b[^>]*>)/i], | ||
1588 | 1275 | ['lang-in.tag', /^(<\/?[a-z][^<>]*>)/i] | ||
1589 | 1276 | ]), | ||
1590 | 1277 | ['default-markup', 'htm', 'html', 'mxml', 'xhtml', 'xml', 'xsl']); | ||
1591 | 1278 | registerLangHandler( | ||
1592 | 1279 | createSimpleLexer( | ||
1593 | 1280 | [ | ||
1594 | 1281 | [PR_PLAIN, /^[\s]+/, null, ' \t\r\n'], | ||
1595 | 1282 | [PR_ATTRIB_VALUE, /^(?:\"[^\"]*\"?|\'[^\']*\'?)/, null, '\"\''] | ||
1596 | 1283 | ], | ||
1597 | 1284 | [ | ||
1598 | 1285 | [PR_TAG, /^^<\/?[a-z](?:[\w.:-]*\w)?|\/?>$/i], | ||
1599 | 1286 | [PR_ATTRIB_NAME, /^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i], | ||
1600 | 1287 | ['lang-uq.val', /^=\s*([^>\'\"\s]*(?:[^>\'\"\s\/]|\/(?=\s)))/], | ||
1601 | 1288 | [PR_PUNCTUATION, /^[=<>\/]+/], | ||
1602 | 1289 | ['lang-js', /^on\w+\s*=\s*\"([^\"]+)\"/i], | ||
1603 | 1290 | ['lang-js', /^on\w+\s*=\s*\'([^\']+)\'/i], | ||
1604 | 1291 | ['lang-js', /^on\w+\s*=\s*([^\"\'>\s]+)/i], | ||
1605 | 1292 | ['lang-css', /^style\s*=\s*\"([^\"]+)\"/i], | ||
1606 | 1293 | ['lang-css', /^style\s*=\s*\'([^\']+)\'/i], | ||
1607 | 1294 | ['lang-css', /^style\s*=\s*([^\"\'>\s]+)/i] | ||
1608 | 1295 | ]), | ||
1609 | 1296 | ['in.tag']); | ||
1610 | 1297 | registerLangHandler( | ||
1611 | 1298 | createSimpleLexer([], [[PR_ATTRIB_VALUE, /^[\s\S]+/]]), ['uq.val']); | ||
1612 | 1299 | registerLangHandler(sourceDecorator({ | ||
1613 | 1300 | 'keywords': CPP_KEYWORDS, | ||
1614 | 1301 | 'hashComments': true, | ||
1615 | 1302 | 'cStyleComments': true, | ||
1616 | 1303 | 'types': C_TYPES | ||
1617 | 1304 | }), ['c', 'cc', 'cpp', 'cxx', 'cyc', 'm']); | ||
1618 | 1305 | registerLangHandler(sourceDecorator({ | ||
1619 | 1306 | 'keywords': PHP_KEYWORDS, | ||
1620 | 1307 | 'hashComments': false, | ||
1621 | 1308 | 'cStyleComments': true, | ||
1622 | 1309 | 'multiLineStrings': true, | ||
1623 | 1310 | 'regexLiterals': true | ||
1624 | 1311 | // 'types': C_TYPES, | ||
1625 | 1312 | }), ['php', 'phtml', 'inc']); | ||
1626 | 1313 | registerLangHandler(sourceDecorator({ | ||
1627 | 1314 | 'keywords': 'null,true,false' | ||
1628 | 1315 | }), ['json']); | ||
1629 | 1316 | registerLangHandler(sourceDecorator({ | ||
1630 | 1317 | 'keywords': CSHARP_KEYWORDS, | ||
1631 | 1318 | 'hashComments': true, | ||
1632 | 1319 | 'cStyleComments': true, | ||
1633 | 1320 | 'verbatimStrings': true, | ||
1634 | 1321 | 'types': C_TYPES | ||
1635 | 1322 | }), ['cs']); | ||
1636 | 1323 | registerLangHandler(sourceDecorator({ | ||
1637 | 1324 | 'keywords': JAVA_KEYWORDS, | ||
1638 | 1325 | 'cStyleComments': true | ||
1639 | 1326 | }), ['java']); | ||
1640 | 1327 | registerLangHandler(sourceDecorator({ | ||
1641 | 1328 | 'keywords': SH_KEYWORDS, | ||
1642 | 1329 | 'hashComments': true, | ||
1643 | 1330 | 'multiLineStrings': true | ||
1644 | 1331 | }), ['bsh', 'csh', 'sh']); | ||
1645 | 1332 | registerLangHandler(sourceDecorator({ | ||
1646 | 1333 | 'keywords': PYTHON_KEYWORDS, | ||
1647 | 1334 | 'hashComments': true, | ||
1648 | 1335 | 'multiLineStrings': true, | ||
1649 | 1336 | 'tripleQuotedStrings': true | ||
1650 | 1337 | }), ['cv', 'py']); | ||
1651 | 1338 | registerLangHandler(sourceDecorator({ | ||
1652 | 1339 | 'keywords': PERL_KEYWORDS, | ||
1653 | 1340 | 'hashComments': true, | ||
1654 | 1341 | 'multiLineStrings': true, | ||
1655 | 1342 | 'regexLiterals': true | ||
1656 | 1343 | }), ['perl', 'pl', 'pm']); | ||
1657 | 1344 | registerLangHandler(sourceDecorator({ | ||
1658 | 1345 | 'keywords': RUBY_KEYWORDS, | ||
1659 | 1346 | 'hashComments': true, | ||
1660 | 1347 | 'multiLineStrings': true, | ||
1661 | 1348 | 'regexLiterals': true | ||
1662 | 1349 | }), ['rb']); | ||
1663 | 1350 | registerLangHandler(sourceDecorator({ | ||
1664 | 1351 | 'keywords': JSCRIPT_KEYWORDS, | ||
1665 | 1352 | 'cStyleComments': true, | ||
1666 | 1353 | 'regexLiterals': true | ||
1667 | 1354 | }), ['js']); | ||
1668 | 1355 | registerLangHandler(sourceDecorator({ | ||
1669 | 1356 | 'keywords': COFFEE_KEYWORDS, | ||
1670 | 1357 | 'hashComments': 3, // ### style block comments | ||
1671 | 1358 | 'cStyleComments': true, | ||
1672 | 1359 | 'multilineStrings': true, | ||
1673 | 1360 | 'tripleQuotedStrings': true, | ||
1674 | 1361 | 'regexLiterals': true | ||
1675 | 1362 | }), ['coffee']); | ||
1676 | 1363 | registerLangHandler( | ||
1677 | 1364 | createSimpleLexer([], [[PR_STRING, /^[\s\S]+/]]), ['regex']); | ||
1678 | 1365 | registerLangHandler(sourceDecorator({ | ||
1679 | 1366 | 'keywords': CONFIG_KEYWORDS, | ||
1680 | 1367 | 'literals': CONFIG_OPTIONS, | ||
1681 | 1368 | 'strings': CONFIG_ENVS, | ||
1682 | 1369 | 'hashComments': true, | ||
1683 | 1370 | 'cStyleComments': false, | ||
1684 | 1371 | 'multiLineStrings': false, | ||
1685 | 1372 | 'regexLiterals': false, | ||
1686 | 1373 | 'httpdComments': true | ||
1687 | 1374 | }), ['config']); | ||
1688 | 1375 | |||
1689 | 1376 | function applyDecorator(job) { | ||
1690 | 1377 | var opt_langExtension = job.langExtension; | ||
1691 | 1378 | |||
1692 | 1379 | try { | ||
1693 | 1380 | // Extract tags, and convert the source code to plain text. | ||
1694 | 1381 | var sourceAndSpans = extractSourceSpans(job.sourceNode, job.pre); | ||
1695 | 1382 | /** Plain text. @type {string} */ | ||
1696 | 1383 | var source = sourceAndSpans.sourceCode; | ||
1697 | 1384 | job.sourceCode = source; | ||
1698 | 1385 | job.spans = sourceAndSpans.spans; | ||
1699 | 1386 | job.basePos = 0; | ||
1700 | 1387 | |||
1701 | 1388 | // Apply the appropriate language handler | ||
1702 | 1389 | langHandlerForExtension(opt_langExtension, source)(job); | ||
1703 | 1390 | |||
1704 | 1391 | // Integrate the decorations and tags back into the source code, | ||
1705 | 1392 | // modifying the sourceNode in place. | ||
1706 | 1393 | recombineTagsAndDecorations(job); | ||
1707 | 1394 | } catch (e) { | ||
1708 | 1395 | if (win['console']) { | ||
1709 | 1396 | console['log'](e && e['stack'] ? e['stack'] : e); | ||
1710 | 1397 | } | ||
1711 | 1398 | } | ||
1712 | 1399 | } | ||
1713 | 1400 | |||
1714 | 1401 | /** | ||
1715 | 1402 | * @param sourceCodeHtml {string} The HTML to pretty print. | ||
1716 | 1403 | * @param opt_langExtension {string} The language name to use. | ||
1717 | 1404 | * Typically, a filename extension like 'cpp' or 'java'. | ||
1718 | 1405 | * @param opt_numberLines {number|boolean} True to number lines, | ||
1719 | 1406 | * or the 1-indexed number of the first line in sourceCodeHtml. | ||
1720 | 1407 | */ | ||
1721 | 1408 | function prettyPrintOne(sourceCodeHtml, opt_langExtension, opt_numberLines) { | ||
1722 | 1409 | var container = document.createElement('pre'); | ||
1723 | 1410 | // This could cause images to load and onload listeners to fire. | ||
1724 | 1411 | // E.g. <img onerror="alert(1337)" src="nosuchimage.png">. | ||
1725 | 1412 | // We assume that the inner HTML is from a trusted source. | ||
1726 | 1413 | container.innerHTML = sourceCodeHtml; | ||
1727 | 1414 | if (opt_numberLines) { | ||
1728 | 1415 | numberLines(container, opt_numberLines, true); | ||
1729 | 1416 | } | ||
1730 | 1417 | |||
1731 | 1418 | var job = { | ||
1732 | 1419 | langExtension: opt_langExtension, | ||
1733 | 1420 | numberLines: opt_numberLines, | ||
1734 | 1421 | sourceNode: container, | ||
1735 | 1422 | pre: 1 | ||
1736 | 1423 | }; | ||
1737 | 1424 | applyDecorator(job); | ||
1738 | 1425 | return container.innerHTML; | ||
1739 | 1426 | } | ||
1740 | 1427 | |||
1741 | 1428 | function prettyPrint(opt_whenDone) { | ||
1742 | 1429 | function byTagName(tn) { return document.getElementsByTagName(tn); } | ||
1743 | 1430 | // fetch a list of nodes to rewrite | ||
1744 | 1431 | var codeSegments = [byTagName('pre'), byTagName('code'), byTagName('xmp')]; | ||
1745 | 1432 | var elements = []; | ||
1746 | 1433 | for (var i = 0; i < codeSegments.length; ++i) { | ||
1747 | 1434 | for (var j = 0, n = codeSegments[i].length; j < n; ++j) { | ||
1748 | 1435 | elements.push(codeSegments[i][j]); | ||
1749 | 1436 | } | ||
1750 | 1437 | } | ||
1751 | 1438 | codeSegments = null; | ||
1752 | 1439 | |||
1753 | 1440 | var clock = Date; | ||
1754 | 1441 | if (!clock['now']) { | ||
1755 | 1442 | clock = { 'now': function () { return +(new Date); } }; | ||
1756 | 1443 | } | ||
1757 | 1444 | |||
1758 | 1445 | // The loop is broken into a series of continuations to make sure that we | ||
1759 | 1446 | // don't make the browser unresponsive when rewriting a large page. | ||
1760 | 1447 | var k = 0; | ||
1761 | 1448 | var prettyPrintingJob; | ||
1762 | 1449 | |||
1763 | 1450 | var langExtensionRe = /\blang(?:uage)?-([\w.]+)(?!\S)/; | ||
1764 | 1451 | var prettyPrintRe = /\bprettyprint\b/; | ||
1765 | 1452 | var prettyPrintedRe = /\bprettyprinted\b/; | ||
1766 | 1453 | var preformattedTagNameRe = /pre|xmp/i; | ||
1767 | 1454 | var codeRe = /^code$/i; | ||
1768 | 1455 | var preCodeXmpRe = /^(?:pre|code|xmp)$/i; | ||
1769 | 1456 | |||
1770 | 1457 | function doWork() { | ||
1771 | 1458 | var endTime = (win['PR_SHOULD_USE_CONTINUATION'] ? | ||
1772 | 1459 | clock['now']() + 250 /* ms */ : | ||
1773 | 1460 | Infinity); | ||
1774 | 1461 | for (; k < elements.length && clock['now']() < endTime; k++) { | ||
1775 | 1462 | var cs = elements[k]; | ||
1776 | 1463 | var className = cs.className; | ||
1777 | 1464 | if (prettyPrintRe.test(className) | ||
1778 | 1465 | // Don't redo this if we've already done it. | ||
1779 | 1466 | // This allows recalling pretty print to just prettyprint elements | ||
1780 | 1467 | // that have been added to the page since last call. | ||
1781 | 1468 | && !prettyPrintedRe.test(className)) { | ||
1782 | 1469 | |||
1783 | 1470 | // make sure this is not nested in an already prettified element | ||
1784 | 1471 | var nested = false; | ||
1785 | 1472 | for (var p = cs.parentNode; p; p = p.parentNode) { | ||
1786 | 1473 | var tn = p.tagName; | ||
1787 | 1474 | if (preCodeXmpRe.test(tn) | ||
1788 | 1475 | && p.className && prettyPrintRe.test(p.className)) { | ||
1789 | 1476 | nested = true; | ||
1790 | 1477 | break; | ||
1791 | 1478 | } | ||
1792 | 1479 | } | ||
1793 | 1480 | if (!nested) { | ||
1794 | 1481 | // Mark done. If we fail to prettyprint for whatever reason, | ||
1795 | 1482 | // we shouldn't try again. | ||
1796 | 1483 | cs.className += ' prettyprinted'; | ||
1797 | 1484 | |||
1798 | 1485 | // If the classes includes a language extensions, use it. | ||
1799 | 1486 | // Language extensions can be specified like | ||
1800 | 1487 | // <pre class="prettyprint lang-cpp"> | ||
1801 | 1488 | // the language extension "cpp" is used to find a language handler | ||
1802 | 1489 | // as passed to PR.registerLangHandler. | ||
1803 | 1490 | // HTML5 recommends that a language be specified using "language-" | ||
1804 | 1491 | // as the prefix instead. Google Code Prettify supports both. | ||
1805 | 1492 | // http://dev.w3.org/html5/spec-author-view/the-code-element.html | ||
1806 | 1493 | var langExtension = className.match(langExtensionRe); | ||
1807 | 1494 | // Support <pre class="prettyprint"><code class="language-c"> | ||
1808 | 1495 | var wrapper; | ||
1809 | 1496 | if (!langExtension && (wrapper = childContentWrapper(cs)) | ||
1810 | 1497 | && codeRe.test(wrapper.tagName)) { | ||
1811 | 1498 | langExtension = wrapper.className.match(langExtensionRe); | ||
1812 | 1499 | } | ||
1813 | 1500 | |||
1814 | 1501 | if (langExtension) { langExtension = langExtension[1]; } | ||
1815 | 1502 | |||
1816 | 1503 | var preformatted; | ||
1817 | 1504 | if (preformattedTagNameRe.test(cs.tagName)) { | ||
1818 | 1505 | preformatted = 1; | ||
1819 | 1506 | } else { | ||
1820 | 1507 | var currentStyle = cs['currentStyle']; | ||
1821 | 1508 | var whitespace = ( | ||
1822 | 1509 | currentStyle | ||
1823 | 1510 | ? currentStyle['whiteSpace'] | ||
1824 | 1511 | : (document.defaultView | ||
1825 | 1512 | && document.defaultView.getComputedStyle) | ||
1826 | 1513 | ? document.defaultView.getComputedStyle(cs, null) | ||
1827 | 1514 | .getPropertyValue('white-space') | ||
1828 | 1515 | : 0); | ||
1829 | 1516 | preformatted = whitespace | ||
1830 | 1517 | && 'pre' === whitespace.substring(0, 3); | ||
1831 | 1518 | } | ||
1832 | 1519 | |||
1833 | 1520 | // Look for a class like linenums or linenums:<n> where <n> is the | ||
1834 | 1521 | // 1-indexed number of the first line. | ||
1835 | 1522 | var lineNums = cs.className.match(/\blinenums\b(?::(\d+))?/); | ||
1836 | 1523 | lineNums = lineNums | ||
1837 | 1524 | ? lineNums[1] && lineNums[1].length ? +lineNums[1] : true | ||
1838 | 1525 | : false; | ||
1839 | 1526 | if (lineNums) { numberLines(cs, lineNums, preformatted); } | ||
1840 | 1527 | |||
1841 | 1528 | // do the pretty printing | ||
1842 | 1529 | prettyPrintingJob = { | ||
1843 | 1530 | langExtension: langExtension, | ||
1844 | 1531 | sourceNode: cs, | ||
1845 | 1532 | numberLines: lineNums, | ||
1846 | 1533 | pre: preformatted | ||
1847 | 1534 | }; | ||
1848 | 1535 | applyDecorator(prettyPrintingJob); | ||
1849 | 1536 | } | ||
1850 | 1537 | } | ||
1851 | 1538 | } | ||
1852 | 1539 | if (k < elements.length) { | ||
1853 | 1540 | // finish up in a continuation | ||
1854 | 1541 | setTimeout(doWork, 250); | ||
1855 | 1542 | } else if (opt_whenDone) { | ||
1856 | 1543 | opt_whenDone(); | ||
1857 | 1544 | } | ||
1858 | 1545 | } | ||
1859 | 1546 | |||
1860 | 1547 | doWork(); | ||
1861 | 1548 | } | ||
1862 | 1549 | |||
1863 | 1550 | /** | ||
1864 | 1551 | * Contains functions for creating and registering new language handlers. | ||
1865 | 1552 | * @type {Object} | ||
1866 | 1553 | */ | ||
1867 | 1554 | var PR = win['PR'] = { | ||
1868 | 1555 | 'createSimpleLexer': createSimpleLexer, | ||
1869 | 1556 | 'registerLangHandler': registerLangHandler, | ||
1870 | 1557 | 'sourceDecorator': sourceDecorator, | ||
1871 | 1558 | 'PR_ATTRIB_NAME': PR_ATTRIB_NAME, | ||
1872 | 1559 | 'PR_ATTRIB_VALUE': PR_ATTRIB_VALUE, | ||
1873 | 1560 | 'PR_COMMENT': PR_COMMENT, | ||
1874 | 1561 | 'PR_DECLARATION': PR_DECLARATION, | ||
1875 | 1562 | 'PR_KEYWORD': PR_KEYWORD, | ||
1876 | 1563 | 'PR_LITERAL': PR_LITERAL, | ||
1877 | 1564 | 'PR_NOCODE': PR_NOCODE, | ||
1878 | 1565 | 'PR_PLAIN': PR_PLAIN, | ||
1879 | 1566 | 'PR_PUNCTUATION': PR_PUNCTUATION, | ||
1880 | 1567 | 'PR_SOURCE': PR_SOURCE, | ||
1881 | 1568 | 'PR_STRING': PR_STRING, | ||
1882 | 1569 | 'PR_TAG': PR_TAG, | ||
1883 | 1570 | 'PR_TYPE': PR_TYPE, | ||
1884 | 1571 | 'prettyPrintOne': win['prettyPrintOne'] = prettyPrintOne, | ||
1885 | 1572 | 'prettyPrint': win['prettyPrint'] = prettyPrint | ||
1886 | 1573 | }; | ||
1887 | 1574 | |||
1888 | 1575 | |||
1889 | 1576 | /* Register Lua syntaxes */ | ||
1890 | 1577 | PR['registerLangHandler']( | ||
1891 | 1578 | PR['createSimpleLexer']( | ||
1892 | 1579 | [ | ||
1893 | 1580 | // Whitespace | ||
1894 | 1581 | [PR['PR_PLAIN'], /^[\t\n\r \xA0]+/, null, '\t\n\r \xA0'], | ||
1895 | 1582 | // A double or single quoted, possibly multi-line, string. | ||
1896 | 1583 | [PR['PR_STRING'], /^(?:\"(?:[^\"\\]|\\[\s\S])*(?:\"|$)|\'(?:[^\'\\]|\\[\s\S])*(?:\'|$))/, null, '"\''] | ||
1897 | 1584 | ], | ||
1898 | 1585 | [ | ||
1899 | 1586 | // A comment is either a line comment that starts with two dashes, or | ||
1900 | 1587 | // two dashes preceding a long bracketed block. | ||
1901 | 1588 | [PR['PR_COMMENT'], /^--(?:\[(=*)\[[\s\S]*?(?:\]\1\]|$)|[^\r\n]*)/], | ||
1902 | 1589 | [PR['PR_TYPE'], /^nil|false|true/], | ||
1903 | 1590 | // A long bracketed block not preceded by -- is a string. | ||
1904 | 1591 | [PR['PR_STRING'], /^\[(=*)\[[\s\S]*?(?:\]\1\]|$)/], | ||
1905 | 1592 | [PR['PR_KEYWORD'], /^(?:and|break|do|else|elseif|end|for|function|if|in|local|not|or|repeat|require|return|then|until|while)\b/, null], | ||
1906 | 1593 | // A number is a hex integer literal, a decimal real literal, or in | ||
1907 | 1594 | // scientific notation. | ||
1908 | 1595 | [PR['PR_LITERAL'], | ||
1909 | 1596 | /^[+-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i], | ||
1910 | 1597 | // An identifier | ||
1911 | 1598 | [PR['PR_PLAIN'], /^[a-z_]\w*/i], | ||
1912 | 1599 | // A run of punctuation | ||
1913 | 1600 | [PR['PR_PUNCTUATION'], /^[^\w\t\n\r \xA0][^\w\t\n\r \xA0\"\'\-\+=]*/] | ||
1914 | 1601 | ]), | ||
1915 | 1602 | ['lua']); | ||
1916 | 1603 | |||
1917 | 1604 | |||
1918 | 1605 | // Make PR available via the Asynchronous Module Definition (AMD) API. | ||
1919 | 1606 | // Per https://github.com/amdjs/amdjs-api/wiki/AMD: | ||
1920 | 1607 | // The Asynchronous Module Definition (AMD) API specifies a | ||
1921 | 1608 | // mechanism for defining modules such that the module and its | ||
1922 | 1609 | // dependencies can be asynchronously loaded. | ||
1923 | 1610 | // ... | ||
1924 | 1611 | // To allow a clear indicator that a global define function (as | ||
1925 | 1612 | // needed for script src browser loading) conforms to the AMD API, | ||
1926 | 1613 | // any global define function SHOULD have a property called "amd" | ||
1927 | 1614 | // whose value is an object. This helps avoid conflict with any | ||
1928 | 1615 | // other existing JavaScript code that could have defined a define() | ||
1929 | 1616 | // function that does not conform to the AMD API. | ||
1930 | 1617 | if (typeof define === "function" && define['amd']) { | ||
1931 | 1618 | define("google-code-prettify", [], function () { | ||
1932 | 1619 | return PR; | ||
1933 | 1620 | }); | ||
1934 | 1621 | } | ||
1935 | 1622 | })(); | ||
1936 | diff --git a/docs/manual/style/scripts/prettify.min.js b/docs/manual/style/scripts/prettify.min.js | |||
1937 | 0 | new file mode 100644 | 1623 | new file mode 100644 |
1938 | index 0000000..4f0f9f5 | |||
1939 | --- /dev/null | |||
1940 | +++ b/docs/manual/style/scripts/prettify.min.js | |||
1941 | @@ -0,0 +1,123 @@ | |||
1942 | 1 | // see prettify.js for copyright, license and expanded version | ||
1943 | 2 | window['PR_SHOULD_USE_CONTINUATION']=true;var prettyPrintOne;var prettyPrint;(function(){var win=window;var FLOW_CONTROL_KEYWORDS=["break,continue,do,else,for,if,return,while"];var C_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"auto,case,char,const,default,"+"double,enum,extern,float,goto,int,long,register,short,signed,sizeof,module,"+"static,struct,switch,typedef,union,unsigned,void,volatile"];var COMMON_KEYWORDS=[C_KEYWORDS,"catch,class,delete,false,import,"+"new,operator,private,protected,public,this,throw,true,try,typeof"];var CPP_KEYWORDS=[COMMON_KEYWORDS,"alignof,align_union,asm,axiom,bool,"+"concept,concept_map,const_cast,constexpr,decltype,"+"dynamic_cast,explicit,export,friend,inline,late_check,"+"mutable,namespace,nullptr,reinterpret_cast,static_assert,static_cast,"+"template,typeid,typename,using,virtual,where,request_req"];var JAVA_KEYWORDS=[COMMON_KEYWORDS,"abstract,boolean,byte,extends,final,finally,implements,import,"+"instanceof,null,native,package,strictfp,super,synchronized,throws,"+"transient"];var CSHARP_KEYWORDS=[JAVA_KEYWORDS,"as,base,by,checked,decimal,delegate,descending,dynamic,event,"+"fixed,foreach,from,group,implicit,in,interface,internal,into,is,let,"+"lock,object,out,override,orderby,params,partial,readonly,ref,sbyte,"+"sealed,stackalloc,string,select,uint,ulong,unchecked,unsafe,ushort,"+"var,virtual,where"];var COFFEE_KEYWORDS="all,and,by,catch,class,else,extends,false,finally,"+"for,if,in,is,isnt,loop,new,no,not,null,of,off,on,or,return,super,then,"+"throw,true,try,unless,until,when,while,yes";var JSCRIPT_KEYWORDS=[COMMON_KEYWORDS,"debugger,eval,export,function,get,null,set,undefined,var,with,"+"Infinity,NaN"];var PERL_KEYWORDS="caller,delete,die,do,dump,else,elsif,eval,exit,foreach,for,"+"goto,if,import,last,local,my,next,no,our,print,printf,package,redo,require,"+"sub,undef,unless,until,use,wantarray,while,BEGIN,END";var PHP_KEYWORDS="abstract,and,array,as,break,case,catch,cfunction,class,"+"clone,const,continue,declare,default,do,else,elseif,enddeclare,endfor,"+"endforeach,endif,endswitch,endwhile,extends,final,for,foreach,function,"+"global,goto,if,implements,interface,instanceof,namespace,new,old_function,"+"or,private,protected,public,static,switch,throw,try,use,var,while,xor,"+"die,echo,empty,exit,eval,include,include_once,isset,list,require,"+"require_once,return,print,unset";var PYTHON_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"and,as,assert,class,def,del,"+"elif,except,exec,finally,from,global,import,in,is,lambda,"+"nonlocal,not,or,pass,print,raise,try,with,yield,"+"False,True,None"];var RUBY_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"alias,and,begin,case,class,"+"def,defined,elsif,end,ensure,false,in,module,next,nil,not,or,redo,"+"rescue,retry,self,super,then,true,undef,unless,until,when,yield,"+"BEGIN,END"];var SH_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"case,done,elif,esac,eval,fi,"+"function,in,local,set,then,until,echo"];var CONFIG_ENVS=["User-Agent,HTTP_USER_AGENT,HTTP_REFERER,HTTP_COOKIE,HTTP_FORWARDED,HTTP_HOST,HTTP_PROXY_CONNECTION,HTTP_ACCEPT,REMOTE_ADDR,REMOTE_HOST,REMOTE_PORT,REMOTE_USER,REMOTE_IDENT,REQUEST_METHOD,SCRIPT_FILENAME,PATH_INFO,QUERY_STRING,AUTH_TYPE,DOCUMENT_ROOT,SERVER_ADMIN,SERVER_NAME,SERVER_ADDR,SERVER_PORT,SERVER_PROTOCOL,SERVER_SOFTWARE,TIME_YEAR,TIME_MON,TIME_DAY,TIME_HOUR,TIME_MIN,TIME_SEC,TIME_WDAY,TIME,API_VERSION,THE_REQUEST,REQUEST_URI,REQUEST_FILENAME,IS_SUBREQ,HTTPS,REQUEST_SCHEME"];var CONFIG_KEYWORDS=["Macro,UndefMacro,Use,AuthLDAPURL,AcceptFilter,AcceptPathInfo,AccessFileName,Action,AddAlt,AddAltByEncoding,AddAltByType,AddCharset,AddDefaultCharset,AddDescription,AddEncoding,AddHandler,AddIcon,AddIconByEncoding,AddIconByType,AddInputFilter,AddLanguage,AddModuleInfo,AddOutputFilter,AddOutputFilterByType,AddType,Alias,AliasMatch,Allow,AllowCONNECT,AllowEncodedSlashes,AllowMethods,AllowOverride,AllowOverrideList,Anonymous,Anonymous_LogEmail,Anonymous_MustGiveEmail,Anonymous_NoUserID,Anonymous_VerifyEmail,AsyncRequestWorkerFactor,AuthBasicAuthoritative,AuthBasicProvider,AuthDBDUserPWQuery,AuthDBDUserRealmQuery,AuthDBMGroupFile,AuthDBMType,AuthDBMUserFile,AuthDigestAlgorithm,AuthDigestDomain,AuthDigestNcCheck,AuthDigestNonceFormat,AuthDigestNonceLifetime,AuthDigestProvider,AuthDigestQop,AuthDigestShmemSize,AuthFormAuthoritative,AuthFormBody,AuthFormDisableNoStore,AuthFormFakeBasicAuth,AuthFormLocation,AuthFormLoginRequiredLocation,AuthFormLoginSuccessLocation,AuthFormLogoutLocation,AuthFormMethod,AuthFormMimetype,AuthFormPassword,AuthFormProvider,AuthFormSitePassphrase,AuthFormSize,AuthFormUsername,AuthGroupFile,AuthLDAPAuthorizePrefix,AuthLDAPBindAuthoritative,AuthLDAPBindDN,AuthLDAPBindPassword,AuthLDAPCharsetConfig,AuthLDAPCompareAsUser,AuthLDAPCompareDNOnServer,AuthLDAPDereferenceAliases,AuthLDAPGroupAttribute,AuthLDAPGroupAttributeIsDN,AuthLDAPInitialBindAsUser,AuthLDAPInitialBindPattern,AuthLDAPMaxSubGroupDepth,AuthLDAPRemoteUserAttribute,AuthLDAPRemoteUserIsDN,AuthLDAPSearchAsUser,AuthLDAPSubGroupAttribute,AuthLDAPSubGroupClass,AuthLDAPUrl,AuthMerging,AuthName,AuthnCacheContext,AuthnCacheEnable,AuthnCacheProvideFor,AuthnCacheSOCache,AuthnCacheTimeout,<AuthnProviderAlias>,AuthType,AuthUserFile,AuthzDBDLoginToReferer,AuthzDBDQuery,AuthzDBDRedirectQuery,AuthzDBMType,<AuthzProviderAlias>,AuthzSendForbiddenOnFailure,BalancerGrowth,BalancerMember,BrowserMatch,BrowserMatchNoCase,BufferedLogs,BufferSize,CacheDefaultExpire,CacheDetailHeader,CacheDirLength,CacheDirLevels,CacheDisable,CacheEnable,CacheFile,CacheHeader,CacheIgnoreCacheControl,CacheIgnoreHeaders,CacheIgnoreNoLastMod,CacheIgnoreQueryString,CacheIgnoreURLSessionIdentifiers,CacheKeyBaseURL,CacheLastModifiedFactor,CacheLock,CacheLockMaxAge,CacheLockPath,CacheMaxExpire,CacheMaxFileSize,CacheMinExpire,CacheMinFileSize,CacheNegotiatedDocs,CacheQuickHandler,CacheReadSize,CacheReadTime,CacheRoot,CacheStaleOnError,CacheStoreExpired,CacheStoreNoStore,CacheStorePrivate,CGIMapExtension,CharsetDefault,CharsetOptions,CharsetSourceEnc,CheckCaseOnly,CheckSpelling,ChrootDir,ContentDigest,CookieDomain,CookieExpires,CookieName,CookieStyle,CookieTracking,CoreDumpDirectory,CustomLog,Dav,DavDepthInfinity,DavGenericLockDB,DavLockDB,DavMinTimeout,DBDExptime,DBDInitSQL,DBDKeep,DBDMax,DBDMin,DBDParams,DBDPersist,DBDPrepareSQL,DBDriver,DefaultIcon,DefaultLanguage,DefaultRuntimeDir,DefaultType,Define,DeflateBufferSize,DeflateCompressionLevel,DeflateFilterNote,DeflateMemLevel,DeflateWindowSize,Deny,<Directory>,DirectoryIndex,DirectoryIndexRedirect,<DirectoryMatch>,DirectorySlash,DocumentRoot,DTracePrivileges,DumpIOInput,DumpIOOutput,<Else>,<ElseIf>,EnableExceptionHook,EnableMMAP,EnableSendfile,Error,ErrorDocument,ErrorLog,ErrorLogFormat,Example,ExpiresActive,ExpiresByType,ExpiresDefault,ExtendedStatus,ExtFilterDefine,ExtFilterOptions,FallbackResource,FileETag,<Files>,<FilesMatch>,FilterChain,FilterDeclare,FilterProtocol,FilterProvider,FilterTrace,ForceLanguagePriority,ForceType,ForensicLog,GprofDir,GracefulShutdownTimeout,Group,Header,HeaderName,HeartbeatAddress,HeartbeatListen,HeartbeatMaxServers,HeartbeatStorage,HeartbeatStorage,HostnameLookups,IdentityCheck,IdentityCheckTimeout,<If>,<IfDefine>,<IfModule>,<IfVersion>,ImapBase,ImapDefault,ImapMenu,Include,IncludeOptional,IndexHeadInsert,IndexIgnore,IndexIgnoreReset,IndexOptions,IndexOrderDefault,IndexStyleSheet,InputSed,ISAPIAppendLogToErrors,ISAPIAppendLogToQuery,ISAPICacheFile,ISAPIFakeAsync,ISAPILogNotSupported,ISAPIReadAheadBuffer,KeepAlive,KeepAliveTimeout,KeptBodySize,LanguagePriority,LDAPCacheEntries,LDAPCacheTTL,LDAPConnectionPoolTTL,LDAPConnectionTimeout,LDAPLibraryDebug,LDAPOpCacheEntries,LDAPOpCacheTTL,LDAPReferralHopLimit,LDAPReferrals,LDAPRetries,LDAPRetryDelay,LDAPSharedCacheFile,LDAPSharedCacheSize,LDAPTimeout,LDAPTrustedClientCert,LDAPTrustedGlobalCert,LDAPTrustedMode,LDAPVerifyServerCert,<Limit>,<LimitExcept>,LimitInternalRecursion,LimitRequestBody,LimitRequestFields,LimitRequestFieldSize,LimitRequestLine,LimitXMLRequestBody,Listen,ListenBackLog,LoadFile,LoadModule,<Location>,<LocationMatch>,LogFormat,LogLevel,LogMessage,LuaCodeCache,LuaHookAccessChecker,LuaHookAuthChecker,LuaAuthzProvider,LuaHookCheckUserID,LuaHookFixups,LuaHookInsertFilter,LuaHookMapToStorage,LuaHookTranslateName,LuaHookTypeChecker,LuaInherit,LuaInputFilter,LuaMapHandler,LuaOutputFilter,LuaPackageCPath,LuaPackagePath,LuaQuickHandler,LuaRoot,LuaScope,MaxConnectionsPerChild,MaxKeepAliveRequests,MaxMemFree,MaxRangeOverlaps,MaxRangeReversals,MaxRanges,MaxRequestWorkers,MaxSpareServers,MaxSpareThreads,MaxThreads,MetaDir,MetaFiles,MetaSuffix,MimeMagicFile,MinSpareServers,MinSpareThreads,MMapFile,ModemStandard,ModMimeUsePathInfo,MultiviewsMatch,Mutex,NameVirtualHost,NoProxy,NWSSLTrustedCerts,NWSSLUpgradeable,Options,Order,OutputSed,PassEnv,PidFile,PrivilegesMode,Protocol,ProtocolEcho,<Proxy>,ProxyAddHeaders,ProxyBadHeader,ProxyBlock,ProxyDomain,ProxyErrorOverride,ProxyExpressDBMFile,ProxyExpressDBMType,ProxyExpressEnable,ProxyFtpDirCharset,ProxyFtpEscapeWildcards,ProxyFtpListOnWildcard,ProxyHTMLBufSize,ProxyHTMLCharsetOut,ProxyHTMLDocType,ProxyHTMLEnable,ProxyHTMLEvents,ProxyHTMLExtended,ProxyHTMLFixups,ProxyHTMLInterp,ProxyHTMLLinks,ProxyHTMLStripComments,ProxyHTMLURLMap,ProxyIOBufferSize,<ProxyMatch>,ProxyMaxForwards,ProxyPass,ProxyPassInterpolateEnv,ProxyPassMatch,ProxyPassReverse,ProxyPassReverseCookieDomain,ProxyPassReverseCookiePath,ProxyPreserveHost,ProxyReceiveBufferSize,ProxyRemote,ProxyRemoteMatch,ProxyRequests,ProxySCGIInternalRedirect,ProxySCGISendfile,ProxySet,ProxySourceAddress,ProxyStatus,ProxyTimeout,ProxyVia,ReadmeName,ReceiveBufferSize,Redirect,RedirectMatch,RedirectPermanent,RedirectTemp,ReflectorHeader,RemoteIPHeader,RemoteIPInternalProxy,RemoteIPInternalProxyList,RemoteIPProxiesHeader,RemoteIPTrustedProxy,RemoteIPTrustedProxyList,RemoveCharset,RemoveEncoding,RemoveHandler,RemoveInputFilter,RemoveLanguage,RemoveOutputFilter,RemoveType,RequestHeader,RequestReadTimeout,Require,<RequireAll>,<RequireAny>,<RequireNone>,RewriteBase,RewriteCond,RewriteEngine,RewriteMap,RewriteOptions,RewriteRule,RLimitCPU,RLimitMEM,RLimitNPROC,Satisfy,ScoreBoardFile,Script,ScriptAlias,ScriptAliasMatch,ScriptInterpreterSource,ScriptLog,ScriptLogBuffer,ScriptLogLength,ScriptSock,SecureListen,SeeRequestTail,SendBufferSize,ServerAdmin,ServerAlias,ServerLimit,ServerName,ServerPath,ServerRoot,ServerSignature,ServerTokens,Session,SessionCookieName,SessionCookieName2,SessionCookieRemove,SessionCryptoCipher,SessionCryptoDriver,SessionCryptoPassphrase,SessionCryptoPassphraseFile,SessionDBDCookieName,SessionDBDCookieName2,SessionDBDCookieRemove,SessionDBDDeleteLabel,SessionDBDInsertLabel,SessionDBDPerUser,SessionDBDSelectLabel,SessionDBDUpdateLabel,SessionEnv,SessionExclude,SessionHeader,SessionInclude,SessionMaxAge,SetEnv,SetEnvIf,SetEnvIfExpr,SetEnvIfNoCase,SetHandler,SetInputFilter,SetOutputFilter,SSIEndTag,SSIErrorMsg,SSIETag,SSILastModified,SSILegacyExprParser,SSIStartTag,SSITimeFormat,SSIUndefinedEcho,SSLCACertificateFile,SSLCACertificatePath,SSLCADNRequestFile,SSLCADNRequestPath,SSLCARevocationCheck,SSLCARevocationFile,SSLCARevocationPath,SSLCertificateChainFile,SSLCertificateFile,SSLCertificateKeyFile,SSLCipherSuite,SSLCryptoDevice,SSLEngine,SSLFIPS,SSLHonorCipherOrder,SSLInsecureRenegotiation,SSLOCSPDefaultResponder,SSLOCSPEnable,SSLOCSPOverrideResponder,SSLOCSPResponderTimeout,SSLOCSPResponseMaxAge,SSLOCSPResponseTimeSkew,SSLOptions,SSLPassPhraseDialog,SSLProtocol,SSLProxyCACertificateFile,SSLProxyCACertificatePath,SSLProxyCARevocationCheck,SSLProxyCARevocationFile,SSLProxyCARevocationPath,SSLProxyCheckPeerCN,SSLProxyCheckPeerExpire,SSLProxyCipherSuite,SSLProxyEngine,SSLProxyMachineCertificateChainFile,SSLProxyMachineCertificateFile,SSLProxyMachineCertificatePath,SSLProxyProtocol,SSLProxyVerify,SSLProxyVerifyDepth,SSLRandomSeed,SSLRenegBufferSize,SSLRequire,SSLRequireSSL,SSLSessionCache,SSLSessionCacheTimeout,SSLSessionTicketKeyFile,SSLStaplingCache,SSLStaplingErrorCacheTimeout,SSLStaplingFakeTryLater,SSLStaplingForceURL,SSLStaplingResponderTimeout,SSLStaplingResponseMaxAge,SSLStaplingResponseTimeSkew,SSLStaplingReturnResponderErrors,SSLStaplingStandardCacheTimeout,SSLStrictSNIVHostCheck,SSLUserName,SSLUseStapling,SSLVerifyClient,SSLVerifyDepth,StartServers,StartThreads,Substitute,Suexec,SuexecUserGroup,ThreadLimit,ThreadsPerChild,ThreadStackSize,TimeOut,TraceEnable,TransferLog,TypesConfig,UnDefine,UnsetEnv,UseCanonicalName,UseCanonicalPhysicalPort,User,UserDir,VHostCGIMode,VHostCGIPrivs,VHostGroup,VHostPrivs,VHostSecure,VHostUser,VirtualDocumentRoot,VirtualDocumentRootIP,<VirtualHost>,VirtualScriptAlias,VirtualScriptAliasIP,WatchdogInterval,XBitHack,xml2EncAlias,xml2EncDefault,xml2StartParse,RewriteLog,RewriteLogLevel"];var CONFIG_OPTIONS=/^[\\+\\-]?(AuthConfig|IncludesNOEXEC|ExecCGI|FollowSymLinks|MultiViews|Includes|Indexes|SymLinksIfOwnerMatch)\b/i;var ALL_KEYWORDS=[CPP_KEYWORDS,CSHARP_KEYWORDS,JSCRIPT_KEYWORDS,PERL_KEYWORDS+ | ||
1944 | 3 | PYTHON_KEYWORDS,RUBY_KEYWORDS,SH_KEYWORDS,CONFIG_KEYWORDS,PHP_KEYWORDS];var C_TYPES=/^(DIR|FILE|vector|(de|priority_)?queue|list|stack|(const_)?iterator|(multi)?(set|map)|bitset|u?(int|float|char|void|const|static|struct)\d*(_t)?\b)|[a-z_]+_rec|cmd_parms\b/;var PR_STRING='str';var PR_KEYWORD='kwd';var PR_COMMENT='com';var PR_TYPE='typ';var PR_LITERAL='lit';var PR_PUNCTUATION='pun';var PR_PLAIN='pln';var PR_TAG='tag';var PR_DECLARATION='dec';var PR_SOURCE='src';var PR_ATTRIB_NAME='atn';var PR_ATTRIB_VALUE='atv';var PR_NOCODE='nocode';var REGEXP_PRECEDER_PATTERN='(?:^^\\.?|[+-]|[!=]=?=?|\\#|%=?|&&?=?|\\(|\\*=?|[+\\-]=|->|\\/=?|::?|<<?=?|>>?>?=?|,|;|\\?|@|\\[|~|{|\\^\\^?=?|\\|\\|?=?|break|case|continue|delete|do|else|finally|instanceof|return|throw|try|typeof)\\s*';function combinePrefixPatterns(regexs){var capturedGroupIndex=0;var needToFoldCase=false;var ignoreCase=false;for(var i=0,n=regexs.length;i<n;++i){var regex=regexs[i];if(regex.ignoreCase){ignoreCase=true;}else if(/[a-z]/i.test(regex.source.replace(/\\u[0-9a-f]{4}|\\x[0-9a-f]{2}|\\[^ux]/gi,''))){needToFoldCase=true;ignoreCase=false;break;}} | ||
1945 | 4 | var escapeCharToCodeUnit={'b':8,'t':9,'n':0xa,'v':0xb,'f':0xc,'r':0xd};function decodeEscape(charsetPart){var cc0=charsetPart.charCodeAt(0);if(cc0!==92){return cc0;} | ||
1946 | 5 | var c1=charsetPart.charAt(1);cc0=escapeCharToCodeUnit[c1];if(cc0){return cc0;}else if('0'<=c1&&c1<='7'){return parseInt(charsetPart.substring(1),8);}else if(c1==='u'||c1==='x'){return parseInt(charsetPart.substring(2),16);}else{return charsetPart.charCodeAt(1);}} | ||
1947 | 6 | function encodeEscape(charCode){if(charCode<0x20){return(charCode<0x10?'\\x0':'\\x')+charCode.toString(16);} | ||
1948 | 7 | var ch=String.fromCharCode(charCode);return(ch==='\\'||ch==='-'||ch===']'||ch==='^')?"\\"+ch:ch;} | ||
1949 | 8 | function caseFoldCharset(charSet){var charsetParts=charSet.substring(1,charSet.length-1).match(new RegExp('\\\\u[0-9A-Fa-f]{4}' | ||
1950 | 9 | +'|\\\\x[0-9A-Fa-f]{2}' | ||
1951 | 10 | +'|\\\\[0-3][0-7]{0,2}' | ||
1952 | 11 | +'|\\\\[0-7]{1,2}' | ||
1953 | 12 | +'|\\\\[\\s\\S]' | ||
1954 | 13 | +'|-' | ||
1955 | 14 | +'|[^-\\\\]','g'));var ranges=[];var inverse=charsetParts[0]==='^';var out=['['];if(inverse){out.push('^');} | ||
1956 | 15 | for(var i=inverse?1:0,n=charsetParts.length;i<n;++i){var p=charsetParts[i];if(/\\[bdsw]/i.test(p)){out.push(p);}else{var start=decodeEscape(p);var end;if(i+2<n&&'-'===charsetParts[i+1]){end=decodeEscape(charsetParts[i+2]);i+=2;}else{end=start;} | ||
1957 | 16 | ranges.push([start,end]);if(!(end<65||start>122)){if(!(end<65||start>90)){ranges.push([Math.max(65,start)|32,Math.min(end,90)|32]);} | ||
1958 | 17 | if(!(end<97||start>122)){ranges.push([Math.max(97,start)&~32,Math.min(end,122)&~32]);}}}} | ||
1959 | 18 | ranges.sort(function(a,b){return(a[0]-b[0])||(b[1]-a[1]);});var consolidatedRanges=[];var lastRange=[];for(var i=0;i<ranges.length;++i){var range=ranges[i];if(range[0]<=lastRange[1]+1){lastRange[1]=Math.max(lastRange[1],range[1]);}else{consolidatedRanges.push(lastRange=range);}} | ||
1960 | 19 | for(var i=0;i<consolidatedRanges.length;++i){var range=consolidatedRanges[i];out.push(encodeEscape(range[0]));if(range[1]>range[0]){if(range[1]+1>range[0]){out.push('-');} | ||
1961 | 20 | out.push(encodeEscape(range[1]));}} | ||
1962 | 21 | out.push(']');return out.join('');} | ||
1963 | 22 | function allowAnywhereFoldCaseAndRenumberGroups(regex){var parts=regex.source.match(new RegExp('(?:' | ||
1964 | 23 | +'\\[(?:[^\\x5C\\x5D]|\\\\[\\s\\S])*\\]' | ||
1965 | 24 | +'|\\\\u[A-Fa-f0-9]{4}' | ||
1966 | 25 | +'|\\\\x[A-Fa-f0-9]{2}' | ||
1967 | 26 | +'|\\\\[0-9]+' | ||
1968 | 27 | +'|\\\\[^ux0-9]' | ||
1969 | 28 | +'|\\(\\?[:!=]' | ||
1970 | 29 | +'|[\\(\\)\\^]' | ||
1971 | 30 | +'|[^\\x5B\\x5C\\(\\)\\^]+' | ||
1972 | 31 | +')','g'));var n=parts.length;var capturedGroups=[];for(var i=0,groupIndex=0;i<n;++i){var p=parts[i];if(p==='('){++groupIndex;}else if('\\'===p.charAt(0)){var decimalValue=+p.substring(1);if(decimalValue){if(decimalValue<=groupIndex){capturedGroups[decimalValue]=-1;}else{parts[i]=encodeEscape(decimalValue);}}}} | ||
1973 | 32 | for(var i=1;i<capturedGroups.length;++i){if(-1===capturedGroups[i]){capturedGroups[i]=++capturedGroupIndex;}} | ||
1974 | 33 | for(var i=0,groupIndex=0;i<n;++i){var p=parts[i];if(p==='('){++groupIndex;if(!capturedGroups[groupIndex]){parts[i]='(?:';}}else if('\\'===p.charAt(0)){var decimalValue=+p.substring(1);if(decimalValue&&decimalValue<=groupIndex){parts[i]='\\'+capturedGroups[decimalValue];}}} | ||
1975 | 34 | for(var i=0;i<n;++i){if('^'===parts[i]&&'^'!==parts[i+1]){parts[i]='';}} | ||
1976 | 35 | if(regex.ignoreCase&&needToFoldCase){for(var i=0;i<n;++i){var p=parts[i];var ch0=p.charAt(0);if(p.length>=2&&ch0==='['){parts[i]=caseFoldCharset(p);}else if(ch0!=='\\'){parts[i]=p.replace(/[a-zA-Z]/g,function(ch){var cc=ch.charCodeAt(0);return'['+String.fromCharCode(cc&~32,cc|32)+']';});}}} | ||
1977 | 36 | return parts.join('');} | ||
1978 | 37 | var rewritten=[];for(var i=0,n=regexs.length;i<n;++i){var regex=regexs[i];if(regex.global||regex.multiline){throw new Error(''+regex);} | ||
1979 | 38 | rewritten.push('(?:'+allowAnywhereFoldCaseAndRenumberGroups(regex)+')');} | ||
1980 | 39 | return new RegExp(rewritten.join('|'),ignoreCase?'gi':'g');} | ||
1981 | 40 | function extractSourceSpans(node,isPreformatted){var nocode=/(?:^|\s)nocode(?:\s|$)/;var chunks=[];var length=0;var spans=[];var k=0;function walk(node){switch(node.nodeType){case 1:if(nocode.test(node.className)){return;} | ||
1982 | 41 | for(var child=node.firstChild;child;child=child.nextSibling){walk(child);} | ||
1983 | 42 | var nodeName=node.nodeName.toLowerCase();if('br'===nodeName||'li'===nodeName){chunks[k]='\n';spans[k<<1]=length++;spans[(k++<<1)|1]=node;} | ||
1984 | 43 | break;case 3:case 4:var text=node.nodeValue;if(text.length){if(!isPreformatted){text=text.replace(/[ \t\r\n]+/g,' ');}else{text=text.replace(/\r\n?/g,'\n');text=text.replace(/^(\r?\n\s*)+/g,'');text=text.replace(/^\s*/g,'');text=text.replace(/(\r?\n\s*)+$/g,'');} | ||
1985 | 44 | chunks[k]=text;spans[k<<1]=length;length+=text.length;spans[(k++<<1)|1]=node;} | ||
1986 | 45 | break;}} | ||
1987 | 46 | walk(node);return{sourceCode:chunks.join('').replace(/\n$/,''),spans:spans};} | ||
1988 | 47 | function appendDecorations(basePos,sourceCode,langHandler,out){if(!sourceCode){return;} | ||
1989 | 48 | var job={sourceCode:sourceCode,basePos:basePos};langHandler(job);out.push.apply(out,job.decorations);} | ||
1990 | 49 | var notWs=/\S/;function childContentWrapper(element){var wrapper=undefined;for(var c=element.firstChild;c;c=c.nextSibling){var type=c.nodeType;wrapper=(type===1)?(wrapper?element:c):(type===3)?(notWs.test(c.nodeValue)?element:wrapper):wrapper;} | ||
1991 | 50 | return wrapper===element?undefined:wrapper;} | ||
1992 | 51 | function createSimpleLexer(shortcutStylePatterns,fallthroughStylePatterns){var shortcuts={};var tokenizer;(function(){var allPatterns=shortcutStylePatterns.concat(fallthroughStylePatterns);var allRegexs=[];var regexKeys={};for(var i=0,n=allPatterns.length;i<n;++i){var patternParts=allPatterns[i];var shortcutChars=patternParts[3];if(shortcutChars){for(var c=shortcutChars.length;--c>=0;){shortcuts[shortcutChars.charAt(c)]=patternParts;}} | ||
1993 | 52 | var regex=patternParts[1];var k=''+regex;if(!regexKeys.hasOwnProperty(k)){allRegexs.push(regex);regexKeys[k]=null;}} | ||
1994 | 53 | allRegexs.push(/[\0-\uffff]/);tokenizer=combinePrefixPatterns(allRegexs);})();var nPatterns=fallthroughStylePatterns.length;var decorate=function(job){var sourceCode=job.sourceCode,basePos=job.basePos;var decorations=[basePos,PR_PLAIN];var pos=0;var tokens=sourceCode.match(tokenizer)||[];var styleCache={};for(var ti=0,nTokens=tokens.length;ti<nTokens;++ti){var token=tokens[ti];var style=styleCache[token];var match=void 0;var isEmbedded;if(typeof style==='string'){isEmbedded=false;}else{var patternParts=shortcuts[token.charAt(0)];if(patternParts){match=token.match(patternParts[1]);style=patternParts[0];}else{for(var i=0;i<nPatterns;++i){patternParts=fallthroughStylePatterns[i];match=token.match(patternParts[1]);if(match){style=patternParts[0];break;}} | ||
1995 | 54 | if(!match){style=PR_PLAIN;}} | ||
1996 | 55 | isEmbedded=style.length>=5&&'lang-'===style.substring(0,5);if(isEmbedded&&!(match&&typeof match[1]==='string')){isEmbedded=false;style=PR_SOURCE;} | ||
1997 | 56 | if(!isEmbedded){styleCache[token]=style;}} | ||
1998 | 57 | var tokenStart=pos;pos+=token.length;if(!isEmbedded){decorations.push(basePos+tokenStart,style);}else{var embeddedSource=match[1];var embeddedSourceStart=token.indexOf(embeddedSource);var embeddedSourceEnd=embeddedSourceStart+embeddedSource.length;if(match[2]){embeddedSourceEnd=token.length-match[2].length;embeddedSourceStart=embeddedSourceEnd-embeddedSource.length;} | ||
1999 | 58 | var lang=style.substring(5);appendDecorations(basePos+tokenStart,token.substring(0,embeddedSourceStart),decorate,decorations);appendDecorations(basePos+tokenStart+embeddedSourceStart,embeddedSource,langHandlerForExtension(lang,embeddedSource),decorations);appendDecorations(basePos+tokenStart+embeddedSourceEnd,token.substring(embeddedSourceEnd),decorate,decorations);}} | ||
2000 | 59 | job.decorations=decorations;};return decorate;} | ||
2001 | 60 | function sourceDecorator(options){var shortcutStylePatterns=[],fallthroughStylePatterns=[];if(options['tripleQuotedStrings']){shortcutStylePatterns.push([PR_STRING,/^(?:\'\'\'(?:[^\'\\]|\\[\s\S]|\'{1,2}(?=[^\']))*(?:\'\'\'|$)|\"\"\"(?:[^\"\\]|\\[\s\S]|\"{1,2}(?=[^\"]))*(?:\"\"\"|$)|\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$))/,null,'\'"']);}else if(options['multiLineStrings']){shortcutStylePatterns.push([PR_STRING,/^(?:\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$)|\`(?:[^\\\`]|\\[\s\S])*(?:\`|$))/,null,'\'"`']);}else{shortcutStylePatterns.push([PR_STRING,/^(?:\'(?:[^\\\'\r\n]|\\.)*(?:\'|$)|\"(?:[^\\\"\r\n]|\\.)*(?:\"|$))/,null,'"\'']);} | ||
2002 | 61 | if(options['verbatimStrings']){fallthroughStylePatterns.push([PR_STRING,/^@\"(?:[^\"]|\"\")*(?:\"|$)/,null]);} | ||
2003 | 62 | var hc=options['hashComments'];if(hc){if(options['cStyleComments']){if(hc>1){shortcutStylePatterns.push([PR_COMMENT,/^#(?:##(?:[^#]|#(?!##))*(?:###|$)|.*)/,null,'#']);}else{shortcutStylePatterns.push([PR_COMMENT,/^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\r\n]*)/,null,'#']);} | ||
2004 | 63 | fallthroughStylePatterns.push([PR_STRING,/^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h(?:h|pp|\+\+)?|[a-z]\w*)>/,null]);}else{shortcutStylePatterns.push([PR_COMMENT,/^#[^\r\n]*/,null,'#']);}} | ||
2005 | 64 | if(options['cStyleComments']){fallthroughStylePatterns.push([PR_COMMENT,/^\/\/[^\r\n]*/,null]);fallthroughStylePatterns.push([PR_COMMENT,/^\/\*[\s\S]*?(?:\*\/|$)/,null]);} | ||
2006 | 65 | if(options['regexLiterals']){var REGEX_LITERAL=('/(?=[^/*])' | ||
2007 | 66 | +'(?:[^/\\x5B\\x5C]' | ||
2008 | 67 | +'|\\x5C[\\s\\S]' | ||
2009 | 68 | +'|\\x5B(?:[^\\x5C\\x5D]|\\x5C[\\s\\S])*(?:\\x5D|$))+' | ||
2010 | 69 | +'/');fallthroughStylePatterns.push(['lang-regex',new RegExp('^'+REGEXP_PRECEDER_PATTERN+'('+REGEX_LITERAL+')')]);} | ||
2011 | 70 | var types=options['types'];if(types){fallthroughStylePatterns.push([PR_TYPE,types]);} | ||
2012 | 71 | if(options['strings']){var strings=(""+options['strings']).replace(/^ | $/g,'').replace(/-/g,'\\-');fallthroughStylePatterns.push([PR_STRING,new RegExp('(?:'+strings.replace(/[\s,]+/g,'|')+')'),,null]);} | ||
2013 | 72 | var keywords=(""+options['keywords']).replace(/^ | $/g,'');if(keywords.length){fallthroughStylePatterns.push([PR_KEYWORD,new RegExp('^(?:'+keywords.replace(/[\s,]+/g,'|')+')\\b'),null]);} | ||
2014 | 73 | shortcutStylePatterns.push([PR_PLAIN,/^\s+/,null,' \r\n\t\xA0']);if(options['httpdComments']){fallthroughStylePatterns.push([PR_PLAIN,/^.*\S.*#/i,null]);} | ||
2015 | 74 | fallthroughStylePatterns.push([PR_LITERAL,/^@[a-z_$][a-z_$@0-9]*|\bNULL\b/i,null],[PR_LITERAL,CONFIG_OPTIONS,null],[PR_TAG,/^\b(AuthzProviderAlias|AuthnProviderAlias|RequireAny|RequireAll|RequireNone|Directory|DirectoryMatch|Location|LocationMatch|VirtualHost|If|Else|ElseIf|Proxy\b|LoadBalancer|Files|FilesMatch|Limit|LimitExcept|IfDefine|IfModule|IfVersion)\b/,null],[PR_TYPE,/^(?:[@_]?[A-Z]+[a-z][A-Za-z_$@0-9]*|\w+_(t|req|module)\b)/,null],[PR_TAG,/^apr_[a-z_0-9]+|ap_[a-z_0-9]+/i,null],[PR_PLAIN,/^[a-z_$][a-z_$@0-9\-]*/i,null],[PR_LITERAL,new RegExp('^(?:' | ||
2016 | 75 | +'0x[a-f0-9]+' | ||
2017 | 76 | +'|[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+' | ||
2018 | 77 | +'|(?:\\d(?:_\\d+)*\\d*(?:\\.\\d*)?|\\.\\d\\+)' | ||
2019 | 78 | +'(?:e[+\\-]?\\d+)?' | ||
2020 | 79 | +')' | ||
2021 | 80 | +'[a-z]*','i'),null,'0123456789'],[PR_PLAIN,/^\\[\s\S]?/,null],[PR_PUNCTUATION,/^.[^\s\w\.$@\'\"\`\/\#\\]*/,null]);return createSimpleLexer(shortcutStylePatterns,fallthroughStylePatterns);} | ||
2022 | 81 | var decorateSource=sourceDecorator({'keywords':ALL_KEYWORDS,'hashComments':true,'cStyleComments':true,'multiLineStrings':true,'regexLiterals':true});function numberLines(node,opt_startLineNum,isPreformatted){var nocode=/(?:^|\s)nocode(?:\s|$)/;var lineBreak=/\r\n?|\n/;var document=node.ownerDocument;var li=document.createElement('li');while(node.firstChild){li.appendChild(node.firstChild);} | ||
2023 | 82 | var listItems=[li];function walk(node){switch(node.nodeType){case 1:if(nocode.test(node.className)){break;} | ||
2024 | 83 | if('br'===node.nodeName){breakAfter(node);if(node.parentNode){node.parentNode.removeChild(node);}}else{for(var child=node.firstChild;child;child=child.nextSibling){walk(child);}} | ||
2025 | 84 | break;case 3:case 4:if(isPreformatted){var text=node.nodeValue;var match=text.match(lineBreak);if(match){var firstLine=text.substring(0,match.index);node.nodeValue=firstLine;var tail=text.substring(match.index+match[0].length);if(tail){var parent=node.parentNode;parent.insertBefore(document.createTextNode(tail),node.nextSibling);} | ||
2026 | 85 | breakAfter(node);if(!firstLine){node.parentNode.removeChild(node);}}} | ||
2027 | 86 | break;}} | ||
2028 | 87 | function breakAfter(lineEndNode){while(!lineEndNode.nextSibling){lineEndNode=lineEndNode.parentNode;if(!lineEndNode){return;}} | ||
2029 | 88 | function breakLeftOf(limit,copy){var rightSide=copy?limit.cloneNode(false):limit;var parent=limit.parentNode;if(parent){var parentClone=breakLeftOf(parent,1);var next=limit.nextSibling;parentClone.appendChild(rightSide);for(var sibling=next;sibling;sibling=next){next=sibling.nextSibling;parentClone.appendChild(sibling);}} | ||
2030 | 89 | return rightSide;} | ||
2031 | 90 | var copiedListItem=breakLeftOf(lineEndNode.nextSibling,0);for(var parent;(parent=copiedListItem.parentNode)&&parent.nodeType===1;){copiedListItem=parent;} | ||
2032 | 91 | listItems.push(copiedListItem);} | ||
2033 | 92 | for(var i=0;i<listItems.length;++i){walk(listItems[i]);} | ||
2034 | 93 | if(opt_startLineNum===(opt_startLineNum|0)){listItems[0].setAttribute('value',opt_startLineNum);} | ||
2035 | 94 | var ol=document.createElement('ol');ol.className='linenums';var offset=Math.max(0,((opt_startLineNum-1))|0)||0;for(var i=0,n=listItems.length;i<n;++i){li=listItems[i];li.className='L'+((i+offset)%1);if(!li.firstChild){li.appendChild(document.createTextNode('\xA0'));} | ||
2036 | 95 | ol.appendChild(li);} | ||
2037 | 96 | node.appendChild(ol);} | ||
2038 | 97 | function recombineTagsAndDecorations(job){var isIE8OrEarlier=/\bMSIE\s(\d+)/.exec(navigator.userAgent);isIE8OrEarlier=isIE8OrEarlier&&+isIE8OrEarlier[1]<=8;var newlineRe=/\n/g;var source=job.sourceCode;var sourceLength=source.length;var sourceIndex=0;var spans=job.spans;var nSpans=spans.length;var spanIndex=0;var decorations=job.decorations;var nDecorations=decorations.length;var decorationIndex=0;decorations[nDecorations]=sourceLength;var decPos,i;for(i=decPos=0;i<nDecorations;){if(decorations[i]!==decorations[i+2]){decorations[decPos++]=decorations[i++];decorations[decPos++]=decorations[i++];}else{i+=2;}} | ||
2039 | 98 | nDecorations=decPos;for(i=decPos=0;i<nDecorations;){var startPos=decorations[i];var startDec=decorations[i+1];var end=i+2;while(end+2<=nDecorations&&decorations[end+1]===startDec){end+=2;} | ||
2040 | 99 | decorations[decPos++]=startPos;decorations[decPos++]=startDec;i=end;} | ||
2041 | 100 | nDecorations=decorations.length=decPos;var sourceNode=job.sourceNode;var oldDisplay;if(sourceNode){oldDisplay=sourceNode.style.display;sourceNode.style.display='none';} | ||
2042 | 101 | try{var decoration=null;var X=0;while(spanIndex<nSpans){X=X+1;if(X>5000){break;} | ||
2043 | 102 | var spanStart=spans[spanIndex];var spanEnd=spans[spanIndex+2]||sourceLength;var decEnd=decorations[decorationIndex+2]||sourceLength;var end=Math.min(spanEnd,decEnd);var textNode=spans[spanIndex+1];var styledText;if(textNode.nodeType!==1&&(styledText=source.substring(sourceIndex,end))){if(isIE8OrEarlier){styledText=styledText.replace(newlineRe,'\r');} | ||
2044 | 103 | textNode.nodeValue=styledText;var document=textNode.ownerDocument;var span=document.createElement('span');span.className=decorations[decorationIndex+1];var parentNode=textNode.parentNode;parentNode.replaceChild(span,textNode);span.appendChild(textNode);if(sourceIndex<spanEnd){spans[spanIndex+1]=textNode=document.createTextNode(source.substring(end,spanEnd));parentNode.insertBefore(textNode,span.nextSibling);}} | ||
2045 | 104 | sourceIndex=end;if(sourceIndex>=spanEnd){spanIndex+=2;} | ||
2046 | 105 | if(sourceIndex>=decEnd){decorationIndex+=2;}}}finally{if(sourceNode){sourceNode.style.display=oldDisplay;}}} | ||
2047 | 106 | var langHandlerRegistry={};function registerLangHandler(handler,fileExtensions){for(var i=fileExtensions.length;--i>=0;){var ext=fileExtensions[i];if(!langHandlerRegistry.hasOwnProperty(ext)){langHandlerRegistry[ext]=handler;}else if(win['console']){console['warn']('cannot override language handler %s',ext);}}} | ||
2048 | 107 | function langHandlerForExtension(extension,source){if(!(extension&&langHandlerRegistry.hasOwnProperty(extension))){extension=/^\s*</.test(source)?'default-markup':'default-code';} | ||
2049 | 108 | return langHandlerRegistry[extension];} | ||
2050 | 109 | registerLangHandler(decorateSource,['default-code']);registerLangHandler(createSimpleLexer([],[[PR_PLAIN,/^[^<?]+/],[PR_DECLARATION,/^<!\w[^>]*(?:>|$)/],[PR_COMMENT,/^<\!--[\s\S]*?(?:-\->|$)/],['lang-',/^<\?([\s\S]+?)(?:\?>|$)/],['lang-',/^<%([\s\S]+?)(?:%>|$)/],[PR_PUNCTUATION,/^(?:<[%?]|[%?]>)/],['lang-',/^<xmp\b[^>]*>([\s\S]+?)<\/xmp\b[^>]*>/i],['lang-js',/^<script\b[^>]*>([\s\S]*?)(<\/script\b[^>]*>)/i],['lang-css',/^<style\b[^>]*>([\s\S]*?)(<\/style\b[^>]*>)/i],['lang-in.tag',/^(<\/?[a-z][^<>]*>)/i]]),['default-markup','htm','html','mxml','xhtml','xml','xsl']);registerLangHandler(createSimpleLexer([[PR_PLAIN,/^[\s]+/,null,' \t\r\n'],[PR_ATTRIB_VALUE,/^(?:\"[^\"]*\"?|\'[^\']*\'?)/,null,'\"\'']],[[PR_TAG,/^^<\/?[a-z](?:[\w.:-]*\w)?|\/?>$/i],[PR_ATTRIB_NAME,/^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i],['lang-uq.val',/^=\s*([^>\'\"\s]*(?:[^>\'\"\s\/]|\/(?=\s)))/],[PR_PUNCTUATION,/^[=<>\/]+/],['lang-js',/^on\w+\s*=\s*\"([^\"]+)\"/i],['lang-js',/^on\w+\s*=\s*\'([^\']+)\'/i],['lang-js',/^on\w+\s*=\s*([^\"\'>\s]+)/i],['lang-css',/^style\s*=\s*\"([^\"]+)\"/i],['lang-css',/^style\s*=\s*\'([^\']+)\'/i],['lang-css',/^style\s*=\s*([^\"\'>\s]+)/i]]),['in.tag']);registerLangHandler(createSimpleLexer([],[[PR_ATTRIB_VALUE,/^[\s\S]+/]]),['uq.val']);registerLangHandler(sourceDecorator({'keywords':CPP_KEYWORDS,'hashComments':true,'cStyleComments':true,'types':C_TYPES}),['c','cc','cpp','cxx','cyc','m']);registerLangHandler(sourceDecorator({'keywords':PHP_KEYWORDS,'hashComments':false,'cStyleComments':true,'multiLineStrings':true,'regexLiterals':true}),['php','phtml','inc']);registerLangHandler(sourceDecorator({'keywords':'null,true,false'}),['json']);registerLangHandler(sourceDecorator({'keywords':CSHARP_KEYWORDS,'hashComments':true,'cStyleComments':true,'verbatimStrings':true,'types':C_TYPES}),['cs']);registerLangHandler(sourceDecorator({'keywords':JAVA_KEYWORDS,'cStyleComments':true}),['java']);registerLangHandler(sourceDecorator({'keywords':SH_KEYWORDS,'hashComments':true,'multiLineStrings':true}),['bsh','csh','sh']);registerLangHandler(sourceDecorator({'keywords':PYTHON_KEYWORDS,'hashComments':true,'multiLineStrings':true,'tripleQuotedStrings':true}),['cv','py']);registerLangHandler(sourceDecorator({'keywords':PERL_KEYWORDS,'hashComments':true,'multiLineStrings':true,'regexLiterals':true}),['perl','pl','pm']);registerLangHandler(sourceDecorator({'keywords':RUBY_KEYWORDS,'hashComments':true,'multiLineStrings':true,'regexLiterals':true}),['rb']);registerLangHandler(sourceDecorator({'keywords':JSCRIPT_KEYWORDS,'cStyleComments':true,'regexLiterals':true}),['js']);registerLangHandler(sourceDecorator({'keywords':COFFEE_KEYWORDS,'hashComments':3,'cStyleComments':true,'multilineStrings':true,'tripleQuotedStrings':true,'regexLiterals':true}),['coffee']);registerLangHandler(createSimpleLexer([],[[PR_STRING,/^[\s\S]+/]]),['regex']);registerLangHandler(sourceDecorator({'keywords':CONFIG_KEYWORDS,'literals':CONFIG_OPTIONS,'strings':CONFIG_ENVS,'hashComments':true,'cStyleComments':false,'multiLineStrings':false,'regexLiterals':false,'httpdComments':true}),['config']);function applyDecorator(job){var opt_langExtension=job.langExtension;try{var sourceAndSpans=extractSourceSpans(job.sourceNode,job.pre);var source=sourceAndSpans.sourceCode;job.sourceCode=source;job.spans=sourceAndSpans.spans;job.basePos=0;langHandlerForExtension(opt_langExtension,source)(job);recombineTagsAndDecorations(job);}catch(e){if(win['console']){console['log'](e&&e['stack']?e['stack']:e);}}} | ||
2051 | 110 | function prettyPrintOne(sourceCodeHtml,opt_langExtension,opt_numberLines){var container=document.createElement('pre');container.innerHTML=sourceCodeHtml;if(opt_numberLines){numberLines(container,opt_numberLines,true);} | ||
2052 | 111 | var job={langExtension:opt_langExtension,numberLines:opt_numberLines,sourceNode:container,pre:1};applyDecorator(job);return container.innerHTML;} | ||
2053 | 112 | function prettyPrint(opt_whenDone){function byTagName(tn){return document.getElementsByTagName(tn);} | ||
2054 | 113 | var codeSegments=[byTagName('pre'),byTagName('code'),byTagName('xmp')];var elements=[];for(var i=0;i<codeSegments.length;++i){for(var j=0,n=codeSegments[i].length;j<n;++j){elements.push(codeSegments[i][j]);}} | ||
2055 | 114 | codeSegments=null;var clock=Date;if(!clock['now']){clock={'now':function(){return+(new Date);}};} | ||
2056 | 115 | var k=0;var prettyPrintingJob;var langExtensionRe=/\blang(?:uage)?-([\w.]+)(?!\S)/;var prettyPrintRe=/\bprettyprint\b/;var prettyPrintedRe=/\bprettyprinted\b/;var preformattedTagNameRe=/pre|xmp/i;var codeRe=/^code$/i;var preCodeXmpRe=/^(?:pre|code|xmp)$/i;function doWork(){var endTime=(win['PR_SHOULD_USE_CONTINUATION']?clock['now']()+250:Infinity);for(;k<elements.length&&clock['now']()<endTime;k++){var cs=elements[k];var className=cs.className;if(prettyPrintRe.test(className)&&!prettyPrintedRe.test(className)){var nested=false;for(var p=cs.parentNode;p;p=p.parentNode){var tn=p.tagName;if(preCodeXmpRe.test(tn)&&p.className&&prettyPrintRe.test(p.className)){nested=true;break;}} | ||
2057 | 116 | if(!nested){cs.className+=' prettyprinted';var langExtension=className.match(langExtensionRe);var wrapper;if(!langExtension&&(wrapper=childContentWrapper(cs))&&codeRe.test(wrapper.tagName)){langExtension=wrapper.className.match(langExtensionRe);} | ||
2058 | 117 | if(langExtension){langExtension=langExtension[1];} | ||
2059 | 118 | var preformatted;if(preformattedTagNameRe.test(cs.tagName)){preformatted=1;}else{var currentStyle=cs['currentStyle'];var whitespace=(currentStyle?currentStyle['whiteSpace']:(document.defaultView&&document.defaultView.getComputedStyle)?document.defaultView.getComputedStyle(cs,null).getPropertyValue('white-space'):0);preformatted=whitespace&&'pre'===whitespace.substring(0,3);} | ||
2060 | 119 | var lineNums=cs.className.match(/\blinenums\b(?::(\d+))?/);lineNums=lineNums?lineNums[1]&&lineNums[1].length?+lineNums[1]:true:false;if(lineNums){numberLines(cs,lineNums,preformatted);} | ||
2061 | 120 | prettyPrintingJob={langExtension:langExtension,sourceNode:cs,numberLines:lineNums,pre:preformatted};applyDecorator(prettyPrintingJob);}}} | ||
2062 | 121 | if(k<elements.length){setTimeout(doWork,250);}else if(opt_whenDone){opt_whenDone();}} | ||
2063 | 122 | doWork();} | ||
2064 | 123 | var PR=win['PR']={'createSimpleLexer':createSimpleLexer,'registerLangHandler':registerLangHandler,'sourceDecorator':sourceDecorator,'PR_ATTRIB_NAME':PR_ATTRIB_NAME,'PR_ATTRIB_VALUE':PR_ATTRIB_VALUE,'PR_COMMENT':PR_COMMENT,'PR_DECLARATION':PR_DECLARATION,'PR_KEYWORD':PR_KEYWORD,'PR_LITERAL':PR_LITERAL,'PR_NOCODE':PR_NOCODE,'PR_PLAIN':PR_PLAIN,'PR_PUNCTUATION':PR_PUNCTUATION,'PR_SOURCE':PR_SOURCE,'PR_STRING':PR_STRING,'PR_TAG':PR_TAG,'PR_TYPE':PR_TYPE,'prettyPrintOne':win['prettyPrintOne']=prettyPrintOne,'prettyPrint':win['prettyPrint']=prettyPrint};PR['registerLangHandler'](PR['createSimpleLexer']([[PR['PR_PLAIN'],/^[\t\n\r \xA0]+/,null,'\t\n\r \xA0'],[PR['PR_STRING'],/^(?:\"(?:[^\"\\]|\\[\s\S])*(?:\"|$)|\'(?:[^\'\\]|\\[\s\S])*(?:\'|$))/,null,'"\'']],[[PR['PR_COMMENT'],/^--(?:\[(=*)\[[\s\S]*?(?:\]\1\]|$)|[^\r\n]*)/],[PR['PR_TYPE'],/^nil|false|true/],[PR['PR_STRING'],/^\[(=*)\[[\s\S]*?(?:\]\1\]|$)/],[PR['PR_KEYWORD'],/^(?:and|break|do|else|elseif|end|for|function|if|in|local|not|or|repeat|require|return|then|until|while)\b/,null],[PR['PR_LITERAL'],/^[+-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],[PR['PR_PLAIN'],/^[a-z_]\w*/i],[PR['PR_PUNCTUATION'],/^[^\w\t\n\r \xA0][^\w\t\n\r \xA0\"\'\-\+=]*/]]),['lua']);if(typeof define==="function"&&define['amd']){define("google-code-prettify",[],function(){return PR;});}})(); | ||
2065 | 0 | \ No newline at end of file | 124 | \ No newline at end of file |
2066 | diff --git a/docs/manual/style/sitemap.dtd b/docs/manual/style/sitemap.dtd | |||
2067 | 1 | new file mode 100644 | 125 | new file mode 100644 |
2068 | index 0000000..829f326 | |||
2069 | --- /dev/null | |||
2070 | +++ b/docs/manual/style/sitemap.dtd | |||
2071 | @@ -0,0 +1,42 @@ | |||
2072 | 1 | <?xml version='1.0' encoding='UTF-8' ?> | ||
2073 | 2 | |||
2074 | 3 | <!-- | ||
2075 | 4 | Licensed to the Apache Software Foundation (ASF) under one or more | ||
2076 | 5 | contributor license agreements. See the NOTICE file distributed with | ||
2077 | 6 | this work for additional information regarding copyright ownership. | ||
2078 | 7 | The ASF licenses this file to You under the Apache License, Version 2.0 | ||
2079 | 8 | (the "License"); you may not use this file except in compliance with | ||
2080 | 9 | the License. You may obtain a copy of the License at | ||
2081 | 10 | |||
2082 | 11 | http://www.apache.org/licenses/LICENSE-2.0 | ||
2083 | 12 | |||
2084 | 13 | Unless required by applicable law or agreed to in writing, software | ||
2085 | 14 | distributed under the License is distributed on an "AS IS" BASIS, | ||
2086 | 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
2087 | 16 | See the License for the specific language governing permissions and | ||
2088 | 17 | limitations under the License. | ||
2089 | 18 | --> | ||
2090 | 19 | |||
2091 | 20 | <!ENTITY % common SYSTEM "common.dtd"> | ||
2092 | 21 | %common; | ||
2093 | 22 | |||
2094 | 23 | <!-- <sitemap> is the root element --> | ||
2095 | 24 | <!ELEMENT sitemap (title, summary?, seealso*, category*)> | ||
2096 | 25 | |||
2097 | 26 | <!ATTLIST sitemap metafile CDATA #REQUIRED | ||
2098 | 27 | upgrade CDATA #IMPLIED | ||
2099 | 28 | > | ||
2100 | 29 | |||
2101 | 30 | <!-- <indexpage> is another root element --> | ||
2102 | 31 | <!ELEMENT indexpage (parentdocument, title, category*)> | ||
2103 | 32 | |||
2104 | 33 | <!ATTLIST indexpage metafile CDATA #REQUIRED | ||
2105 | 34 | upgrade CDATA #IMPLIED | ||
2106 | 35 | > | ||
2107 | 36 | |||
2108 | 37 | <!ELEMENT category (title, page*)> | ||
2109 | 38 | <!ATTLIST category id ID #IMPLIED> | ||
2110 | 39 | |||
2111 | 40 | <!ELEMENT page (#PCDATA)> | ||
2112 | 41 | <!ATTLIST page href CDATA #IMPLIED | ||
2113 | 42 | separate (yes | no) "no" > | ||
2114 | diff --git a/docs/manual/style/version.ent b/docs/manual/style/version.ent | |||
2115 | 0 | new file mode 100644 | 43 | new file mode 100644 |
2116 | index 0000000..5ae5960 | |||
2117 | --- /dev/null | |||
2118 | +++ b/docs/manual/style/version.ent | |||
2119 | @@ -0,0 +1,24 @@ | |||
2120 | 1 | <?xml version='1.0' encoding='UTF-8' ?> | ||
2121 | 2 | |||
2122 | 3 | <!-- | ||
2123 | 4 | Licensed to the Apache Software Foundation (ASF) under one or more | ||
2124 | 5 | contributor license agreements. See the NOTICE file distributed with | ||
2125 | 6 | this work for additional information regarding copyright ownership. | ||
2126 | 7 | The ASF licenses this file to You under the Apache License, Version 2.0 | ||
2127 | 8 | (the "License"); you may not use this file except in compliance with | ||
2128 | 9 | the License. You may obtain a copy of the License at | ||
2129 | 10 | |||
2130 | 11 | http://www.apache.org/licenses/LICENSE-2.0 | ||
2131 | 12 | |||
2132 | 13 | Unless required by applicable law or agreed to in writing, software | ||
2133 | 14 | distributed under the License is distributed on an "AS IS" BASIS, | ||
2134 | 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
2135 | 16 | See the License for the specific language governing permissions and | ||
2136 | 17 | limitations under the License. | ||
2137 | 18 | --> | ||
2138 | 19 | |||
2139 | 20 | <!ENTITY httpd.major "2"> | ||
2140 | 21 | <!ENTITY httpd.minor "4"> | ||
2141 | 22 | <!ENTITY httpd.patch "18"> | ||
2142 | 23 | |||
2143 | 24 | <!ENTITY httpd.docs "2.4"> | ||
2144 | diff --git a/docs/manual/suexec.html b/docs/manual/suexec.html | |||
2145 | 0 | new file mode 100644 | 25 | new file mode 100644 |
2146 | index 0000000..c4cc65b | |||
2147 | --- /dev/null | |||
2148 | +++ b/docs/manual/suexec.html | |||
2149 | @@ -0,0 +1,21 @@ | |||
2150 | 1 | # GENERATED FROM XML -- DO NOT EDIT | ||
2151 | 2 | |||
2152 | 3 | URI: suexec.html.en | ||
2153 | 4 | Content-Language: en | ||
2154 | 5 | Content-type: text/html; charset=ISO-8859-1 | ||
2155 | 6 | |||
2156 | 7 | URI: suexec.html.fr | ||
2157 | 8 | Content-Language: fr | ||
2158 | 9 | Content-type: text/html; charset=ISO-8859-1 | ||
2159 | 10 | |||
2160 | 11 | URI: suexec.html.ja.utf8 | ||
2161 | 12 | Content-Language: ja | ||
2162 | 13 | Content-type: text/html; charset=UTF-8 | ||
2163 | 14 | |||
2164 | 15 | URI: suexec.html.ko.euc-kr | ||
2165 | 16 | Content-Language: ko | ||
2166 | 17 | Content-type: text/html; charset=EUC-KR | ||
2167 | 18 | |||
2168 | 19 | URI: suexec.html.tr.utf8 | ||
2169 | 20 | Content-Language: tr | ||
2170 | 21 | Content-type: text/html; charset=UTF-8 | ||
2171 | diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en | |||
2172 | 0 | new file mode 100644 | 22 | new file mode 100644 |
2173 | index 0000000..ef38896 | |||
2174 | --- /dev/null | |||
2175 | +++ b/docs/manual/suexec.html.en | |||
2176 | @@ -0,0 +1,643 @@ | |||
2177 | 1 | <?xml version="1.0" encoding="ISO-8859-1"?> | ||
2178 | 2 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | ||
2179 | 3 | <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head> | ||
2180 | 4 | <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" /> | ||
2181 | 5 | <!-- | ||
2182 | 6 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
2183 | 7 | This file is generated from xml source: DO NOT EDIT | ||
2184 | 8 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
2185 | 9 | --> | ||
2186 | 10 | <title>suEXEC Support - Apache HTTP Server Version 2.4</title> | ||
2187 | 11 | <link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> | ||
2188 | 12 | <link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> | ||
2189 | 13 | <link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" /> | ||
2190 | 14 | <script src="./style/scripts/prettify.min.js" type="text/javascript"> | ||
2191 | 15 | </script> | ||
2192 | 16 | |||
2193 | 17 | <link href="./images/favicon.ico" rel="shortcut icon" /></head> | ||
2194 | 18 | <body id="manual-page"><div id="page-header"> | ||
2195 | 19 | <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p> | ||
2196 | 20 | <p class="apache">Apache HTTP Server Version 2.4</p> | ||
2197 | 21 | <img alt="" src="./images/feather.gif" /></div> | ||
2198 | 22 | <div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> | ||
2199 | 23 | <div id="path"> | ||
2200 | 24 | <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>suEXEC Support</h1> | ||
2201 | 25 | <div class="toplang"> | ||
2202 | 26 | <p><span>Available Languages: </span><a href="./en/suexec.html" title="English"> en </a> | | ||
2203 | 27 | <a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> | | ||
2204 | 28 | <a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | | ||
2205 | 29 | <a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | | ||
2206 | 30 | <a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p> | ||
2207 | 31 | </div> | ||
2208 | 32 | |||
2209 | 33 | <p>The <strong>suEXEC</strong> feature provides users of the Apache | ||
2210 | 34 | HTTP Server the ability | ||
2211 | 35 | to run <strong>CGI</strong> and <strong>SSI</strong> programs | ||
2212 | 36 | under user IDs different from the user ID of the calling | ||
2213 | 37 | web server. Normally, when a CGI or SSI program executes, it | ||
2214 | 38 | runs as the same user who is running the web server.</p> | ||
2215 | 39 | |||
2216 | 40 | <p>Used properly, this feature can reduce | ||
2217 | 41 | considerably the security risks involved with allowing users to | ||
2218 | 42 | develop and run private CGI or SSI programs. However, if suEXEC | ||
2219 | 43 | is improperly configured, it can cause any number of problems | ||
2220 | 44 | and possibly create new holes in your computer's security. If | ||
2221 | 45 | you aren't familiar with managing <em>setuid root</em> programs | ||
2222 | 46 | and the security issues they present, we highly recommend that | ||
2223 | 47 | you not consider using suEXEC.</p> | ||
2224 | 48 | </div> | ||
2225 | 49 | <div id="quickview"><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">Before we begin</a></li> | ||
2226 | 50 | <li><img alt="" src="./images/down.gif" /> <a href="#model">suEXEC Security Model</a></li> | ||
2227 | 51 | <li><img alt="" src="./images/down.gif" /> <a href="#install">Configuring & Installing | ||
2228 | 52 | suEXEC</a></li> | ||
2229 | 53 | <li><img alt="" src="./images/down.gif" /> <a href="#enable">Enabling & Disabling | ||
2230 | 54 | suEXEC</a></li> | ||
2231 | 55 | <li><img alt="" src="./images/down.gif" /> <a href="#usage">Using suEXEC</a></li> | ||
2232 | 56 | <li><img alt="" src="./images/down.gif" /> <a href="#debug">Debugging suEXEC</a></li> | ||
2233 | 57 | <li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">Beware the Jabberwock: | ||
2234 | 58 | Warnings & Examples</a></li> | ||
2235 | 59 | </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> | ||
2236 | 60 | <div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
2237 | 61 | <div class="section"> | ||
2238 | 62 | <h2><a name="before" id="before">Before we begin</a></h2> | ||
2239 | 63 | |||
2240 | 64 | <p>Before jumping head-first into this document, | ||
2241 | 65 | you should be aware that certain assumptions are made about you and | ||
2242 | 66 | the environment in which you will be using suexec.</p> | ||
2243 | 67 | |||
2244 | 68 | <p>First, it is assumed that you are using a UNIX | ||
2245 | 69 | derivative operating system that is capable of | ||
2246 | 70 | <strong>setuid</strong> and <strong>setgid</strong> operations. | ||
2247 | 71 | All command examples are given in this regard. Other platforms, | ||
2248 | 72 | if they are capable of supporting suEXEC, may differ in their | ||
2249 | 73 | configuration.</p> | ||
2250 | 74 | |||
2251 | 75 | <p>Second, it is assumed you are familiar with | ||
2252 | 76 | some basic concepts of your computer's security and its | ||
2253 | 77 | administration. This involves an understanding of | ||
2254 | 78 | <strong>setuid/setgid</strong> operations and the various | ||
2255 | 79 | effects they may have on your system and its level of | ||
2256 | 80 | security.</p> | ||
2257 | 81 | |||
2258 | 82 | <p>Third, it is assumed that you are using an | ||
2259 | 83 | <strong>unmodified</strong> version of suEXEC code. All code | ||
2260 | 84 | for suEXEC has been carefully scrutinized and tested by the | ||
2261 | 85 | developers as well as numerous beta testers. Every precaution | ||
2262 | 86 | has been taken to ensure a simple yet solidly safe base of | ||
2263 | 87 | code. Altering this code can cause unexpected problems and new | ||
2264 | 88 | security risks. It is <strong>highly</strong> recommended you | ||
2265 | 89 | not alter the suEXEC code unless you are well versed in the | ||
2266 | 90 | particulars of security programming and are willing to share | ||
2267 | 91 | your work with the Apache HTTP Server development team for consideration.</p> | ||
2268 | 92 | |||
2269 | 93 | <p>Fourth, and last, it has been the decision of | ||
2270 | 94 | the Apache HTTP Server development team to <strong>NOT</strong> make suEXEC part of | ||
2271 | 95 | the default installation of Apache httpd. To this end, suEXEC | ||
2272 | 96 | configuration requires of the administrator careful attention | ||
2273 | 97 | to details. After due consideration has been given to the | ||
2274 | 98 | various settings for suEXEC, the administrator may install | ||
2275 | 99 | suEXEC through normal installation methods. The values for | ||
2276 | 100 | these settings need to be carefully determined and specified by | ||
2277 | 101 | the administrator to properly maintain system security during | ||
2278 | 102 | the use of suEXEC functionality. It is through this detailed | ||
2279 | 103 | process that we hope to limit suEXEC | ||
2280 | 104 | installation only to those who are careful and determined | ||
2281 | 105 | enough to use it.</p> | ||
2282 | 106 | |||
2283 | 107 | <p>Still with us? Yes? Good. Let's move on!</p> | ||
2284 | 108 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
2285 | 109 | <div class="section"> | ||
2286 | 110 | <h2><a name="model" id="model">suEXEC Security Model</a></h2> | ||
2287 | 111 | |||
2288 | 112 | <p>Before we begin configuring and installing | ||
2289 | 113 | suEXEC, we will first discuss the security model you are about | ||
2290 | 114 | to implement. By doing so, you may better understand what | ||
2291 | 115 | exactly is going on inside suEXEC and what precautions are | ||
2292 | 116 | taken to ensure your system's security.</p> | ||
2293 | 117 | |||
2294 | 118 | <p><strong>suEXEC</strong> is based on a setuid | ||
2295 | 119 | "wrapper" program that is called by the main Apache HTTP Server. | ||
2296 | 120 | This wrapper is called when an HTTP request is made for a CGI | ||
2297 | 121 | or SSI program that the administrator has designated to run as | ||
2298 | 122 | a userid other than that of the main server. When such a | ||
2299 | 123 | request is made, Apache httpd provides the suEXEC wrapper with the | ||
2300 | 124 | program's name and the user and group IDs under which the | ||
2301 | 125 | program is to execute.</p> | ||
2302 | 126 | |||
2303 | 127 | <p>The wrapper then employs the following process | ||
2304 | 128 | to determine success or failure -- if any one of these | ||
2305 | 129 | conditions fail, the program logs the failure and exits with an | ||
2306 | 130 | error, otherwise it will continue:</p> | ||
2307 | 131 | |||
2308 | 132 | <ol> | ||
2309 | 133 | <li> | ||
2310 | 134 | <strong>Is the user executing this wrapper a valid user of | ||
2311 | 135 | this system?</strong> | ||
2312 | 136 | |||
2313 | 137 | <p class="indent"> | ||
2314 | 138 | This is to ensure that the user executing the wrapper is | ||
2315 | 139 | truly a user of the system. | ||
2316 | 140 | </p> | ||
2317 | 141 | </li> | ||
2318 | 142 | |||
2319 | 143 | <li> | ||
2320 | 144 | <strong>Was the wrapper called with the proper number of | ||
2321 | 145 | arguments?</strong> | ||
2322 | 146 | |||
2323 | 147 | <p class="indent"> | ||
2324 | 148 | The wrapper will only execute if it is given the proper | ||
2325 | 149 | number of arguments. The proper argument format is known | ||
2326 | 150 | to the Apache HTTP Server. If the wrapper is not receiving | ||
2327 | 151 | the proper number of arguments, it is either being | ||
2328 | 152 | hacked, or there is something wrong with the suEXEC | ||
2329 | 153 | portion of your Apache httpd binary. | ||
2330 | 154 | </p> | ||
2331 | 155 | </li> | ||
2332 | 156 | |||
2333 | 157 | <li> | ||
2334 | 158 | <strong>Is this valid user allowed to run the | ||
2335 | 159 | wrapper?</strong> | ||
2336 | 160 | |||
2337 | 161 | <p class="indent"> | ||
2338 | 162 | Is this user the user allowed to run this wrapper? Only | ||
2339 | 163 | one user (the Apache user) is allowed to execute this | ||
2340 | 164 | program. | ||
2341 | 165 | </p> | ||
2342 | 166 | </li> | ||
2343 | 167 | |||
2344 | 168 | <li> | ||
2345 | 169 | <strong>Does the target CGI or SSI program have an unsafe | ||
2346 | 170 | hierarchical reference?</strong> | ||
2347 | 171 | |||
2348 | 172 | <p class="indent"> | ||
2349 | 173 | Does the target CGI or SSI program's path contain a leading | ||
2350 | 174 | '/' or have a '..' backreference? These are not allowed; the | ||
2351 | 175 | target CGI/SSI program must reside within suEXEC's document | ||
2352 | 176 | root (see <code>--with-suexec-docroot=<em>DIR</em></code> | ||
2353 | 177 | below). | ||
2354 | 178 | </p> | ||
2355 | 179 | </li> | ||
2356 | 180 | |||
2357 | 181 | <li> | ||
2358 | 182 | <strong>Is the target user name valid?</strong> | ||
2359 | 183 | |||
2360 | 184 | <p class="indent"> | ||
2361 | 185 | Does the target user exist? | ||
2362 | 186 | </p> | ||
2363 | 187 | </li> | ||
2364 | 188 | |||
2365 | 189 | <li> | ||
2366 | 190 | <strong>Is the target group name valid?</strong> | ||
2367 | 191 | |||
2368 | 192 | <p class="indent"> | ||
2369 | 193 | Does the target group exist? | ||
2370 | 194 | </p> | ||
2371 | 195 | </li> | ||
2372 | 196 | |||
2373 | 197 | <li> | ||
2374 | 198 | <strong>Is the target user <em>NOT</em> superuser?</strong> | ||
2375 | 199 | |||
2376 | 200 | |||
2377 | 201 | <p class="indent"> | ||
2378 | 202 | suEXEC does not allow <code><em>root</em></code> | ||
2379 | 203 | to execute CGI/SSI programs. | ||
2380 | 204 | </p> | ||
2381 | 205 | </li> | ||
2382 | 206 | |||
2383 | 207 | <li> | ||
2384 | 208 | <strong>Is the target userid <em>ABOVE</em> the minimum ID | ||
2385 | 209 | number?</strong> | ||
2386 | 210 | |||
2387 | 211 | <p class="indent"> | ||
2388 | 212 | The minimum user ID number is specified during | ||
2389 | 213 | configuration. This allows you to set the lowest possible | ||
2390 | 214 | userid that will be allowed to execute CGI/SSI programs. | ||
2391 | 215 | This is useful to block out "system" accounts. | ||
2392 | 216 | </p> | ||
2393 | 217 | </li> | ||
2394 | 218 | |||
2395 | 219 | <li> | ||
2396 | 220 | <strong>Is the target group <em>NOT</em> the superuser | ||
2397 | 221 | group?</strong> | ||
2398 | 222 | |||
2399 | 223 | <p class="indent"> | ||
2400 | 224 | Presently, suEXEC does not allow the <code><em>root</em></code> | ||
2401 | 225 | group to execute CGI/SSI programs. | ||
2402 | 226 | </p> | ||
2403 | 227 | </li> | ||
2404 | 228 | |||
2405 | 229 | <li> | ||
2406 | 230 | <strong>Is the target groupid <em>ABOVE</em> the minimum ID | ||
2407 | 231 | number?</strong> | ||
2408 | 232 | |||
2409 | 233 | <p class="indent"> | ||
2410 | 234 | The minimum group ID number is specified during | ||
2411 | 235 | configuration. This allows you to set the lowest possible | ||
2412 | 236 | groupid that will be allowed to execute CGI/SSI programs. | ||
2413 | 237 | This is useful to block out "system" groups. | ||
2414 | 238 | </p> | ||
2415 | 239 | </li> | ||
2416 | 240 | |||
2417 | 241 | <li> | ||
2418 | 242 | <strong>Can the wrapper successfully become the target user | ||
2419 | 243 | and group?</strong> | ||
2420 | 244 | |||
2421 | 245 | <p class="indent"> | ||
2422 | 246 | Here is where the program becomes the target user and | ||
2423 | 247 | group via setuid and setgid calls. The group access list | ||
2424 | 248 | is also initialized with all of the groups of which the | ||
2425 | 249 | user is a member. | ||
2426 | 250 | </p> | ||
2427 | 251 | </li> | ||
2428 | 252 | |||
2429 | 253 | <li> | ||
2430 | 254 | <strong>Can we change directory to the one in which the target | ||
2431 | 255 | CGI/SSI program resides?</strong> | ||
2432 | 256 | |||
2433 | 257 | <p class="indent"> | ||
2434 | 258 | If it doesn't exist, it can't very well contain files. If we | ||
2435 | 259 | can't change directory to it, it might as well not exist. | ||
2436 | 260 | </p> | ||
2437 | 261 | </li> | ||
2438 | 262 | |||
2439 | 263 | <li> | ||
2440 | 264 | <strong>Is the directory within the httpd webspace?</strong> | ||
2441 | 265 | |||
2442 | 266 | <p class="indent"> | ||
2443 | 267 | If the request is for a regular portion of the server, is | ||
2444 | 268 | the requested directory within suEXEC's document root? If | ||
2445 | 269 | the request is for a <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>, is the requested directory | ||
2446 | 270 | within the directory configured as suEXEC's userdir (see | ||
2447 | 271 | <a href="#install">suEXEC's configuration options</a>)? | ||
2448 | 272 | </p> | ||
2449 | 273 | </li> | ||
2450 | 274 | |||
2451 | 275 | <li> | ||
2452 | 276 | <strong>Is the directory <em>NOT</em> writable by anyone | ||
2453 | 277 | else?</strong> | ||
2454 | 278 | |||
2455 | 279 | <p class="indent"> | ||
2456 | 280 | We don't want to open up the directory to others; only | ||
2457 | 281 | the owner user may be able to alter this directories | ||
2458 | 282 | contents. | ||
2459 | 283 | </p> | ||
2460 | 284 | </li> | ||
2461 | 285 | |||
2462 | 286 | <li> | ||
2463 | 287 | <strong>Does the target CGI/SSI program exist?</strong> | ||
2464 | 288 | |||
2465 | 289 | <p class="indent"> | ||
2466 | 290 | If it doesn't exists, it can't very well be executed. | ||
2467 | 291 | </p> | ||
2468 | 292 | </li> | ||
2469 | 293 | |||
2470 | 294 | <li> | ||
2471 | 295 | <strong>Is the target CGI/SSI program <em>NOT</em> writable | ||
2472 | 296 | by anyone else?</strong> | ||
2473 | 297 | |||
2474 | 298 | <p class="indent"> | ||
2475 | 299 | We don't want to give anyone other than the owner the | ||
2476 | 300 | ability to change the CGI/SSI program. | ||
2477 | 301 | </p> | ||
2478 | 302 | </li> | ||
2479 | 303 | |||
2480 | 304 | <li> | ||
2481 | 305 | <strong>Is the target CGI/SSI program <em>NOT</em> setuid or | ||
2482 | 306 | setgid?</strong> | ||
2483 | 307 | |||
2484 | 308 | <p class="indent"> | ||
2485 | 309 | We do not want to execute programs that will then change | ||
2486 | 310 | our UID/GID again. | ||
2487 | 311 | </p> | ||
2488 | 312 | </li> | ||
2489 | 313 | |||
2490 | 314 | <li> | ||
2491 | 315 | <strong>Is the target user/group the same as the program's | ||
2492 | 316 | user/group?</strong> | ||
2493 | 317 | |||
2494 | 318 | <p class="indent"> | ||
2495 | 319 | Is the user the owner of the file? | ||
2496 | 320 | </p> | ||
2497 | 321 | </li> | ||
2498 | 322 | |||
2499 | 323 | <li> | ||
2500 | 324 | <strong>Can we successfully clean the process environment | ||
2501 | 325 | to ensure safe operations?</strong> | ||
2502 | 326 | |||
2503 | 327 | <p class="indent"> | ||
2504 | 328 | suEXEC cleans the process' environment by establishing a | ||
2505 | 329 | safe execution PATH (defined during configuration), as | ||
2506 | 330 | well as only passing through those variables whose names | ||
2507 | 331 | are listed in the safe environment list (also created | ||
2508 | 332 | during configuration). | ||
2509 | 333 | </p> | ||
2510 | 334 | </li> | ||
2511 | 335 | |||
2512 | 336 | <li> | ||
2513 | 337 | <strong>Can we successfully become the target CGI/SSI program | ||
2514 | 338 | and execute?</strong> | ||
2515 | 339 | |||
2516 | 340 | <p class="indent"> | ||
2517 | 341 | Here is where suEXEC ends and the target CGI/SSI program begins. | ||
2518 | 342 | </p> | ||
2519 | 343 | </li> | ||
2520 | 344 | </ol> | ||
2521 | 345 | |||
2522 | 346 | <p>This is the standard operation of the | ||
2523 | 347 | suEXEC wrapper's security model. It is somewhat stringent and | ||
2524 | 348 | can impose new limitations and guidelines for CGI/SSI design, | ||
2525 | 349 | but it was developed carefully step-by-step with security in | ||
2526 | 350 | mind.</p> | ||
2527 | 351 | |||
2528 | 352 | <p>For more information as to how this security | ||
2529 | 353 | model can limit your possibilities in regards to server | ||
2530 | 354 | configuration, as well as what security risks can be avoided | ||
2531 | 355 | with a proper suEXEC setup, see the <a href="#jabberwock">"Beware the Jabberwock"</a> section of this | ||
2532 | 356 | document.</p> | ||
2533 | 357 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
2534 | 358 | <div class="section"> | ||
2535 | 359 | <h2><a name="install" id="install">Configuring & Installing | ||
2536 | 360 | suEXEC</a></h2> | ||
2537 | 361 | |||
2538 | 362 | <p>Here's where we begin the fun.</p> | ||
2539 | 363 | |||
2540 | 364 | <p><strong>suEXEC configuration | ||
2541 | 365 | options</strong><br /> | ||
2542 | 366 | </p> | ||
2543 | 367 | |||
2544 | 368 | <dl> | ||
2545 | 369 | <dt><code>--enable-suexec</code></dt> | ||
2546 | 370 | |||
2547 | 371 | <dd>This option enables the suEXEC feature which is never | ||
2548 | 372 | installed or activated by default. At least one | ||
2549 | 373 | <code>--with-suexec-xxxxx</code> option has to be provided | ||
2550 | 374 | together with the <code>--enable-suexec</code> option to let | ||
2551 | 375 | APACI accept your request for using the suEXEC feature.</dd> | ||
2552 | 376 | |||
2553 | 377 | <dt><code>--with-suexec-bin=<em>PATH</em></code></dt> | ||
2554 | 378 | |||
2555 | 379 | <dd>The path to the <code>suexec</code> binary must be hard-coded | ||
2556 | 380 | in the server for security reasons. Use this option to override | ||
2557 | 381 | the default path. <em>e.g.</em> | ||
2558 | 382 | <code>--with-suexec-bin=/usr/sbin/suexec</code></dd> | ||
2559 | 383 | |||
2560 | 384 | <dt><code>--with-suexec-caller=<em>UID</em></code></dt> | ||
2561 | 385 | |||
2562 | 386 | <dd>The <a href="mod/mpm_common.html#user">username</a> under which | ||
2563 | 387 | httpd normally runs. This is the only user allowed to | ||
2564 | 388 | execute the suEXEC wrapper.</dd> | ||
2565 | 389 | |||
2566 | 390 | <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt> | ||
2567 | 391 | |||
2568 | 392 | <dd>Define to be the subdirectory under users' home | ||
2569 | 393 | directories where suEXEC access should be allowed. All | ||
2570 | 394 | executables under this directory will be executable by suEXEC | ||
2571 | 395 | as the user so they should be "safe" programs. If you are | ||
2572 | 396 | using a "simple" <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> | ||
2573 | 397 | directive (ie. one without a "*" in it) this should be set to the same | ||
2574 | 398 | value. suEXEC will not work properly in cases where the <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> directive points to | ||
2575 | 399 | a location that is not the same as the user's home directory | ||
2576 | 400 | as referenced in the <code>passwd</code> file. Default value is | ||
2577 | 401 | "<code>public_html</code>".<br /> | ||
2578 | 402 | If you have virtual hosts with a different <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> for each, | ||
2579 | 403 | you will need to define them to all reside in one parent | ||
2580 | 404 | directory; then name that parent directory here. <strong>If | ||
2581 | 405 | this is not defined properly, "~userdir" cgi requests will | ||
2582 | 406 | not work!</strong></dd> | ||
2583 | 407 | |||
2584 | 408 | <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt> | ||
2585 | 409 | |||
2586 | 410 | <dd>Define as the DocumentRoot set for httpd. This will be | ||
2587 | 411 | the only hierarchy (aside from <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>s) that can be used for suEXEC behavior. The | ||
2588 | 412 | default directory is the <code>--datadir</code> value with the suffix | ||
2589 | 413 | "<code>/htdocs</code>", <em>e.g.</em> if you configure with | ||
2590 | 414 | "<code>--datadir=/home/apache</code>" the directory | ||
2591 | 415 | "<code>/home/apache/htdocs</code>" is used as document root for the | ||
2592 | 416 | suEXEC wrapper.</dd> | ||
2593 | 417 | |||
2594 | 418 | <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt> | ||
2595 | 419 | |||
2596 | 420 | <dd>Define this as the lowest UID allowed to be a target user | ||
2597 | 421 | for suEXEC. For most systems, 500 or 100 is common. Default | ||
2598 | 422 | value is 100.</dd> | ||
2599 | 423 | |||
2600 | 424 | <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt> | ||
2601 | 425 | |||
2602 | 426 | <dd>Define this as the lowest GID allowed to be a target | ||
2603 | 427 | group for suEXEC. For most systems, 100 is common and | ||
2604 | 428 | therefore used as default value.</dd> | ||
2605 | 429 | |||
2606 | 430 | <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt> | ||
2607 | 431 | |||
2608 | 432 | <dd>This defines the filename to which all suEXEC | ||
2609 | 433 | transactions and errors are logged (useful for auditing and | ||
2610 | 434 | debugging purposes). By default the logfile is named | ||
2611 | 435 | "<code>suexec_log</code>" and located in your standard logfile | ||
2612 | 436 | directory (<code>--logfiledir</code>).</dd> | ||
2613 | 437 | |||
2614 | 438 | <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt> | ||
2615 | 439 | |||
2616 | 440 | <dd>Define a safe PATH environment to pass to CGI | ||
2617 | 441 | executables. Default value is | ||
2618 | 442 | "<code>/usr/local/bin:/usr/bin:/bin</code>".</dd> | ||
2619 | 443 | </dl> | ||
2620 | 444 | |||
2621 | 445 | <h3>Compiling and installing the suEXEC wrapper</h3> | ||
2622 | 446 | |||
2623 | 447 | |||
2624 | 448 | <p>If you have enabled the suEXEC feature with the | ||
2625 | 449 | <code>--enable-suexec</code> option the <code>suexec</code> binary | ||
2626 | 450 | (together with httpd itself) is automatically built if you execute | ||
2627 | 451 | the <code>make</code> command.</p> | ||
2628 | 452 | |||
2629 | 453 | <p>After all components have been built you can execute the | ||
2630 | 454 | command <code>make install</code> to install them. The binary image | ||
2631 | 455 | <code>suexec</code> is installed in the directory defined by the | ||
2632 | 456 | <code>--sbindir</code> option. The default location is | ||
2633 | 457 | "/usr/local/apache2/bin/suexec".</p> | ||
2634 | 458 | |||
2635 | 459 | <p>Please note that you need <strong><em>root | ||
2636 | 460 | privileges</em></strong> for the installation step. In order | ||
2637 | 461 | for the wrapper to set the user ID, it must be installed as | ||
2638 | 462 | owner <code><em>root</em></code> and must have the setuserid | ||
2639 | 463 | execution bit set for file modes.</p> | ||
2640 | 464 | |||
2641 | 465 | |||
2642 | 466 | <h3>Setting paranoid permissions</h3> | ||
2643 | 467 | |||
2644 | 468 | |||
2645 | 469 | <p>Although the suEXEC wrapper will check to ensure that its | ||
2646 | 470 | caller is the correct user as specified with the | ||
2647 | 471 | <code>--with-suexec-caller</code> <code class="program"><a href="./programs/configure.html">configure</a></code> | ||
2648 | 472 | option, there is | ||
2649 | 473 | always the possibility that a system or library call suEXEC uses | ||
2650 | 474 | before this check may be exploitable on your system. To counter | ||
2651 | 475 | this, and because it is best-practise in general, you should use | ||
2652 | 476 | filesystem permissions to ensure that only the group httpd | ||
2653 | 477 | runs as may execute suEXEC.</p> | ||
2654 | 478 | |||
2655 | 479 | <p>If for example, your web server is configured to run as:</p> | ||
2656 | 480 | |||
2657 | 481 | <pre class="prettyprint lang-config">User www | ||
2658 | 482 | Group webgroup</pre> | ||
2659 | 483 | |||
2660 | 484 | |||
2661 | 485 | <p>and <code class="program"><a href="./programs/suexec.html">suexec</a></code> is installed at | ||
2662 | 486 | "/usr/local/apache2/bin/suexec", you should run:</p> | ||
2663 | 487 | |||
2664 | 488 | <div class="example"><p><code> | ||
2665 | 489 | chgrp webgroup /usr/local/apache2/bin/suexec<br /> | ||
2666 | 490 | chmod 4750 /usr/local/apache2/bin/suexec<br /> | ||
2667 | 491 | </code></p></div> | ||
2668 | 492 | |||
2669 | 493 | <p>This will ensure that only the group httpd runs as can even | ||
2670 | 494 | execute the suEXEC wrapper.</p> | ||
2671 | 495 | |||
2672 | 496 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
2673 | 497 | <div class="section"> | ||
2674 | 498 | <h2><a name="enable" id="enable">Enabling & Disabling | ||
2675 | 499 | suEXEC</a></h2> | ||
2676 | 500 | |||
2677 | 501 | <p>Upon startup of httpd, it looks for the file | ||
2678 | 502 | <code class="program"><a href="./programs/suexec.html">suexec</a></code> in the directory defined by the | ||
2679 | 503 | <code>--sbindir</code> option (default is | ||
2680 | 504 | "/usr/local/apache/sbin/suexec"). If httpd finds a properly | ||
2681 | 505 | configured suEXEC wrapper, it will print the following message | ||
2682 | 506 | to the error log:</p> | ||
2683 | 507 | |||
2684 | 508 | <div class="example"><p><code> | ||
2685 | 509 | [notice] suEXEC mechanism enabled (wrapper: <var>/path/to/suexec</var>) | ||
2686 | 510 | </code></p></div> | ||
2687 | 511 | |||
2688 | 512 | <p>If you don't see this message at server startup, the server is | ||
2689 | 513 | most likely not finding the wrapper program where it expects | ||
2690 | 514 | it, or the executable is not installed <em>setuid root</em>.</p> | ||
2691 | 515 | |||
2692 | 516 | <p>If you want to enable the suEXEC mechanism for the first time | ||
2693 | 517 | and an Apache HTTP Server is already running you must kill and | ||
2694 | 518 | restart httpd. Restarting it with a simple HUP or USR1 signal | ||
2695 | 519 | will not be enough. </p> | ||
2696 | 520 | <p>If you want to disable suEXEC you should kill and restart | ||
2697 | 521 | httpd after you have removed the <code class="program"><a href="./programs/suexec.html">suexec</a></code> file.</p> | ||
2698 | 522 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
2699 | 523 | <div class="section"> | ||
2700 | 524 | <h2><a name="usage" id="usage">Using suEXEC</a></h2> | ||
2701 | 525 | |||
2702 | 526 | <p>Requests for CGI programs will call the suEXEC wrapper only if | ||
2703 | 527 | they are for a virtual host containing a <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> directive or if | ||
2704 | 528 | they are processed by <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code>.</p> | ||
2705 | 529 | |||
2706 | 530 | <p><strong>Virtual Hosts:</strong><br /> One way to use the suEXEC | ||
2707 | 531 | wrapper is through the <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> directive in | ||
2708 | 532 | <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> definitions. By | ||
2709 | 533 | setting this directive to values different from the main server | ||
2710 | 534 | user ID, all requests for CGI resources will be executed as the | ||
2711 | 535 | <em>User</em> and <em>Group</em> defined for that <code class="directive"><a href="./mod/core.html#virtualhost"><VirtualHost></a></code>. If this | ||
2712 | 536 | directive is not specified for a <code class="directive"><a href="./mod/core.html#virtualhost"><VirtualHost></a></code> then the main server userid | ||
2713 | 537 | is assumed.</p> | ||
2714 | 538 | |||
2715 | 539 | <p><strong>User directories:</strong><br /> Requests that are | ||
2716 | 540 | processed by <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> will call the suEXEC | ||
2717 | 541 | wrapper to execute CGI programs under the userid of the requested | ||
2718 | 542 | user directory. The only requirement needed for this feature to | ||
2719 | 543 | work is for CGI execution to be enabled for the user and that the | ||
2720 | 544 | script must meet the scrutiny of the <a href="#model">security | ||
2721 | 545 | checks</a> above. See also the | ||
2722 | 546 | <code>--with-suexec-userdir</code> <a href="#install">compile | ||
2723 | 547 | time option</a>.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
2724 | 548 | <div class="section"> | ||
2725 | 549 | <h2><a name="debug" id="debug">Debugging suEXEC</a></h2> | ||
2726 | 550 | |||
2727 | 551 | <p>The suEXEC wrapper will write log information | ||
2728 | 552 | to the file defined with the <code>--with-suexec-logfile</code> | ||
2729 | 553 | option as indicated above. If you feel you have configured and | ||
2730 | 554 | installed the wrapper properly, have a look at this log and the | ||
2731 | 555 | error_log for the server to see where you may have gone astray.</p> | ||
2732 | 556 | |||
2733 | 557 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
2734 | 558 | <div class="section"> | ||
2735 | 559 | <h2><a name="jabberwock" id="jabberwock">Beware the Jabberwock: | ||
2736 | 560 | Warnings & Examples</a></h2> | ||
2737 | 561 | |||
2738 | 562 | <p><strong>NOTE!</strong> This section may not be | ||
2739 | 563 | complete. For the latest revision of this section of the | ||
2740 | 564 | documentation, see the <a href="http://httpd.apache.org/docs/2.4/suexec.html">Online | ||
2741 | 565 | Documentation</a> version.</p> | ||
2742 | 566 | |||
2743 | 567 | <p>There are a few points of interest regarding | ||
2744 | 568 | the wrapper that can cause limitations on server setup. Please | ||
2745 | 569 | review these before submitting any "bugs" regarding suEXEC.</p> | ||
2746 | 570 | |||
2747 | 571 | <ul> | ||
2748 | 572 | <li><strong>suEXEC Points Of Interest</strong></li> | ||
2749 | 573 | |||
2750 | 574 | <li> | ||
2751 | 575 | Hierarchy limitations | ||
2752 | 576 | |||
2753 | 577 | <p class="indent"> | ||
2754 | 578 | For security and efficiency reasons, all suEXEC requests | ||
2755 | 579 | must remain within either a top-level document root for | ||
2756 | 580 | virtual host requests, or one top-level personal document | ||
2757 | 581 | root for userdir requests. For example, if you have four | ||
2758 | 582 | VirtualHosts configured, you would need to structure all | ||
2759 | 583 | of your VHosts' document roots off of one main httpd | ||
2760 | 584 | document hierarchy to take advantage of suEXEC for | ||
2761 | 585 | VirtualHosts. (Example forthcoming.) | ||
2762 | 586 | </p> | ||
2763 | 587 | </li> | ||
2764 | 588 | |||
2765 | 589 | <li> | ||
2766 | 590 | suEXEC's PATH environment variable | ||
2767 | 591 | |||
2768 | 592 | <p class="indent"> | ||
2769 | 593 | This can be a dangerous thing to change. Make certain | ||
2770 | 594 | every path you include in this define is a | ||
2771 | 595 | <strong>trusted</strong> directory. You don't want to | ||
2772 | 596 | open people up to having someone from across the world | ||
2773 | 597 | running a trojan horse on them. | ||
2774 | 598 | </p> | ||
2775 | 599 | </li> | ||
2776 | 600 | |||
2777 | 601 | <li> | ||
2778 | 602 | Altering the suEXEC code | ||
2779 | 603 | |||
2780 | 604 | <p class="indent"> | ||
2781 | 605 | Again, this can cause <strong>Big Trouble</strong> if you | ||
2782 | 606 | try this without knowing what you are doing. Stay away | ||
2783 | 607 | from it if at all possible. | ||
2784 | 608 | </p> | ||
2785 | 609 | </li> | ||
2786 | 610 | </ul> | ||
2787 | 611 | |||
2788 | 612 | </div></div> | ||
2789 | 613 | <div class="bottomlang"> | ||
2790 | 614 | <p><span>Available Languages: </span><a href="./en/suexec.html" title="English"> en </a> | | ||
2791 | 615 | <a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> | | ||
2792 | 616 | <a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | | ||
2793 | 617 | <a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | | ||
2794 | 618 | <a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p> | ||
2795 | 619 | </div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> | ||
2796 | 620 | <script type="text/javascript"><!--//--><![CDATA[//><!-- | ||
2797 | 621 | var comments_shortname = 'httpd'; | ||
2798 | 622 | var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html'; | ||
2799 | 623 | (function(w, d) { | ||
2800 | 624 | if (w.location.hostname.toLowerCase() == "httpd.apache.org") { | ||
2801 | 625 | d.write('<div id="comments_thread"><\/div>'); | ||
2802 | 626 | var s = d.createElement('script'); | ||
2803 | 627 | s.type = 'text/javascript'; | ||
2804 | 628 | s.async = true; | ||
2805 | 629 | s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; | ||
2806 | 630 | (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); | ||
2807 | 631 | } | ||
2808 | 632 | else { | ||
2809 | 633 | d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); | ||
2810 | 634 | } | ||
2811 | 635 | })(window, document); | ||
2812 | 636 | //--><!]]></script></div><div id="footer"> | ||
2813 | 637 | <p class="apache">Copyright 2015 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> | ||
2814 | 638 | <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- | ||
2815 | 639 | if (typeof(prettyPrint) !== 'undefined') { | ||
2816 | 640 | prettyPrint(); | ||
2817 | 641 | } | ||
2818 | 642 | //--><!]]></script> | ||
2819 | 643 | </body></html> | ||
2820 | 0 | \ No newline at end of file | 644 | \ No newline at end of file |
2821 | diff --git a/docs/manual/suexec.html.fr b/docs/manual/suexec.html.fr | |||
2822 | 1 | new file mode 100644 | 645 | new file mode 100644 |
2823 | index 0000000..8e26ed6 | |||
2824 | --- /dev/null | |||
2825 | +++ b/docs/manual/suexec.html.fr | |||
2826 | @@ -0,0 +1,689 @@ | |||
2827 | 1 | <?xml version="1.0" encoding="ISO-8859-1"?> | ||
2828 | 2 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | ||
2829 | 3 | <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head> | ||
2830 | 4 | <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" /> | ||
2831 | 5 | <!-- | ||
2832 | 6 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
2833 | 7 | This file is generated from xml source: DO NOT EDIT | ||
2834 | 8 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
2835 | 9 | --> | ||
2836 | 10 | <title>Support suEXEC - Serveur Apache HTTP Version 2.4</title> | ||
2837 | 11 | <link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> | ||
2838 | 12 | <link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> | ||
2839 | 13 | <link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" /> | ||
2840 | 14 | <script src="./style/scripts/prettify.min.js" type="text/javascript"> | ||
2841 | 15 | </script> | ||
2842 | 16 | |||
2843 | 17 | <link href="./images/favicon.ico" rel="shortcut icon" /></head> | ||
2844 | 18 | <body id="manual-page"><div id="page-header"> | ||
2845 | 19 | <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossaire</a> | <a href="./sitemap.html">Plan du site</a></p> | ||
2846 | 20 | <p class="apache">Serveur Apache HTTP Version 2.4</p> | ||
2847 | 21 | <img alt="" src="./images/feather.gif" /></div> | ||
2848 | 22 | <div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> | ||
2849 | 23 | <div id="path"> | ||
2850 | 24 | <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">Serveur HTTP</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Support suEXEC</h1> | ||
2851 | 25 | <div class="toplang"> | ||
2852 | 26 | <p><span>Langues Disponibles: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English"> en </a> | | ||
2853 | 27 | <a href="./fr/suexec.html" title="Fran�ais"> fr </a> | | ||
2854 | 28 | <a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | | ||
2855 | 29 | <a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | | ||
2856 | 30 | <a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p> | ||
2857 | 31 | </div> | ||
2858 | 32 | |||
2859 | 33 | <p>La fonctionnalit� <strong>suEXEC</strong> permet | ||
2860 | 34 | l'ex�cution des programmes <strong>CGI</strong> et | ||
2861 | 35 | <strong>SSI</strong> sous un utilisateur autre que celui sous | ||
2862 | 36 | lequel s'ex�cute le serveur web qui appelle ces programmes. | ||
2863 | 37 | Normalement, lorsqu'un programme CGI ou SSI est lanc�, il | ||
2864 | 38 | s'ex�cute sous le m�me utilisateur que celui du serveur web qui | ||
2865 | 39 | l'appelle.</p> | ||
2866 | 40 | |||
2867 | 41 | <p>Utilis�e de mani�re appropri�e, cette fonctionnalit� peut | ||
2868 | 42 | r�duire consid�rablement les risques de s�curit� encourus | ||
2869 | 43 | lorsqu'on autorise les utilisateurs � d�velopper et faire | ||
2870 | 44 | s'ex�cuter des programmes CGI ou SSI de leur cru. Cependant, mal | ||
2871 | 45 | configur�, suEXEC peut causer de nombreux probl�mes et m�me cr�er | ||
2872 | 46 | de nouvelles failles dans la s�curit� de votre ordinateur. Si | ||
2873 | 47 | vous n'�tes pas familier avec la gestion des programmes | ||
2874 | 48 | <em>setuid root</em> et les risques de s�curit� qu'ils comportent, | ||
2875 | 49 | nous vous recommandons vivement de ne pas tenter | ||
2876 | 50 | d'utiliser suEXEC.</p> | ||
2877 | 51 | </div> | ||
2878 | 52 | <div id="quickview"><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">Avant de commencer</a></li> | ||
2879 | 53 | <li><img alt="" src="./images/down.gif" /> <a href="#model">Mod�le de s�curit� de suEXEC</a></li> | ||
2880 | 54 | <li><img alt="" src="./images/down.gif" /> <a href="#install">Configurer et installer suEXEC</a></li> | ||
2881 | 55 | <li><img alt="" src="./images/down.gif" /> <a href="#enable">Activation et d�sactivation | ||
2882 | 56 | de suEXEC</a></li> | ||
2883 | 57 | <li><img alt="" src="./images/down.gif" /> <a href="#usage">Utilisation de suEXEC</a></li> | ||
2884 | 58 | <li><img alt="" src="./images/down.gif" /> <a href="#debug">D�bogage de suEXEC</a></li> | ||
2885 | 59 | <li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">Avis � la population ! | ||
2886 | 60 | Avertissements et exemples</a></li> | ||
2887 | 61 | </ul><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div> | ||
2888 | 62 | <div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
2889 | 63 | <div class="section"> | ||
2890 | 64 | <h2><a name="before" id="before">Avant de commencer</a></h2> | ||
2891 | 65 | |||
2892 | 66 | <p>Avant de foncer t�te baiss�e dans la lecture de ce document, | ||
2893 | 67 | vous devez tenir compte de certaines hypoth�ses concernant vous-m�me | ||
2894 | 68 | et l'environnement dans lequel vous allez utiliser suexec.</p> | ||
2895 | 69 | |||
2896 | 70 | <p>Premi�rement, vous devez utiliser un syst�me d'exploitation | ||
2897 | 71 | UNIX ou d�riv�, capable d'effectuer des op�rations | ||
2898 | 72 | <strong>setuid</strong> et <strong>setgid</strong>. Tous les | ||
2899 | 73 | exemples de commande sont donn�s en cons�quence. D'autres | ||
2900 | 74 | plates-formes, m�me si elles supportent suEXEC, peuvent | ||
2901 | 75 | avoir une configuration diff�rente.</p> | ||
2902 | 76 | |||
2903 | 77 | <p>Deuxi�mement, vous devez �tre familier avec les concepts de base | ||
2904 | 78 | relatifs � la s�curit� de votre ordinateur et son administration. | ||
2905 | 79 | Ceci implique la compr�hension des op�rations | ||
2906 | 80 | <strong>setuid/setgid</strong> et des diff�rents effets qu'elles | ||
2907 | 81 | peuvent produire sur votre syst�me et son niveau de s�curit�.</p> | ||
2908 | 82 | |||
2909 | 83 | <p>Troisi�mement, vous devez utiliser une version | ||
2910 | 84 | <strong>non modifi�e</strong> du code de suEXEC. L'ensemble du | ||
2911 | 85 | code de suEXEC a �t� scrut� et test� avec soin par les d�veloppeurs | ||
2912 | 86 | et de nombreux b�ta testeurs. Toutes les pr�cautions ont �t� prises | ||
2913 | 87 | pour s'assurer d'une base s�re de code non seulement simple, mais | ||
2914 | 88 | aussi solide. La modification de ce code peut causer des probl�mes | ||
2915 | 89 | inattendus et de nouveaux risques de s�curit�. Il est | ||
2916 | 90 | <strong>vivement</strong> recommand� de ne pas modifier le code de | ||
2917 | 91 | suEXEC, � moins que vous ne soyez un programmeur sp�cialiste des | ||
2918 | 92 | particularit�s li�es � la s�curit�, et souhaitez partager votre | ||
2919 | 93 | travail avec l'�quipe de d�veloppement du serveur HTTP Apache afin | ||
2920 | 94 | de pouvoir en discuter.</p> | ||
2921 | 95 | |||
2922 | 96 | <p>Quatri�mement et derni�rement, l'�quipe de d�veloppement du | ||
2923 | 97 | serveur HTTP Apache a d�cid� de ne | ||
2924 | 98 | <strong>PAS</strong> inclure suEXEC dans l'installation par d�faut | ||
2925 | 99 | d'Apache httpd. Pour pouvoir mettre en oeuvre suEXEC, l'administrateur | ||
2926 | 100 | doit porter la plus grande attention aux d�tails. Apr�s avoir bien | ||
2927 | 101 | r�fl�chi aux diff�rents points de la configuration de suEXEC, | ||
2928 | 102 | l'administrateur peut l'installer selon les m�thodes classiques. | ||
2929 | 103 | Les valeurs des param�tres de configuration doivent �tre | ||
2930 | 104 | d�termin�es et sp�cifi�es avec soin par l'administrateur, afin de | ||
2931 | 105 | maintenir la s�curit� du syst�me de mani�re appropri�e lors de | ||
2932 | 106 | l'utilisation de la fonctionnalit� suEXEC. C'est par le biais de | ||
2933 | 107 | ce processus minutieux que nous esp�rons r�server | ||
2934 | 108 | l'installation de suEXEC aux administrateurs prudents et | ||
2935 | 109 | suffisamment d�termin�s � vouloir l'utiliser.</p> | ||
2936 | 110 | |||
2937 | 111 | <p>Vous �tes encore avec nous ? Oui ? Bien. | ||
2938 | 112 | Alors nous pouvons continuer !</p> | ||
2939 | 113 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
2940 | 114 | <div class="section"> | ||
2941 | 115 | <h2><a name="model" id="model">Mod�le de s�curit� de suEXEC</a></h2> | ||
2942 | 116 | |||
2943 | 117 | <p>Avant d'installer et configurer suEXEC, nous allons tout d'abord | ||
2944 | 118 | d�crire le mod�le de s�curit� que vous �tes sur le point | ||
2945 | 119 | d'impl�menter. Vous devriez ainsi mieux comprendre ce qui se passe | ||
2946 | 120 | vraiment � l'int�rieur de suEXEC et quelles pr�cautions ont �t� | ||
2947 | 121 | prises pour pr�server la s�curit� de votre syst�me.</p> | ||
2948 | 122 | |||
2949 | 123 | <p><strong>suEXEC</strong> est bas� sur un programme "conteneur" | ||
2950 | 124 | (wrapper) setuid qui est appel� par le serveur HTTP Apache principal. | ||
2951 | 125 | Ce conteneur est appel� quand une requ�te HTTP concerne | ||
2952 | 126 | un programme CGI ou SSI que l'administrateur | ||
2953 | 127 | a d�cid� de faire s'ex�cuter | ||
2954 | 128 | sous un utilisateur autre que celui du serveur principal. | ||
2955 | 129 | Lorsqu'il re�oit une telle requ�te, Apache httpd fournit au conteneur | ||
2956 | 130 | suEXEC le nom du programme, ainsi que les identifiants utilisateur | ||
2957 | 131 | et groupe sous lesquels le programme doit s'ex�cuter.</p> | ||
2958 | 132 | |||
2959 | 133 | <p>Le conteneur effectue ensuite les v�rifications suivantes afin | ||
2960 | 134 | de d�terminer la r�ussite ou l'�chec du processus -- si une seule | ||
2961 | 135 | de ces conditions n'est pas v�rifi�e, le programme journalise | ||
2962 | 136 | l'erreur et se termine en retournant un code d'erreur, sinon il | ||
2963 | 137 | continue :</p> | ||
2964 | 138 | |||
2965 | 139 | <ol> | ||
2966 | 140 | <li> | ||
2967 | 141 | <strong>L'utilisateur qui ex�cute le conteneur est-il un | ||
2968 | 142 | utilisateur valide de ce syst�me ?</strong> | ||
2969 | 143 | |||
2970 | 144 | <p class="indent"> | ||
2971 | 145 | Ceci permet de s'assurer que l'utilisateur qui ex�cute le | ||
2972 | 146 | conteneur est vraiment un utilisateur appartenant au syst�me. | ||
2973 | 147 | </p> | ||
2974 | 148 | </li> | ||
2975 | 149 | |||
2976 | 150 | <li> | ||
2977 | 151 | <strong>Le conteneur a-t-il �t� appel� avec un nombre | ||
2978 | 152 | d'arguments correct ?</strong> | ||
2979 | 153 | |||
2980 | 154 | <p class="indent"> | ||
2981 | 155 | Le conteneur ne s'ex�cutera que si on lui fournit un nombre | ||
2982 | 156 | d'arguments correct. Le serveur HTTP apache sait quel est le | ||
2983 | 157 | bon format des arguments. Si le conteneur ne re�oit pas un | ||
2984 | 158 | nombre d'arguments correct, soit il a �t� modifi�, | ||
2985 | 159 | soit quelque chose ne va pas dans la portion suEXEC de | ||
2986 | 160 | votre binaire Apache httpd. | ||
2987 | 161 | </p> | ||
2988 | 162 | </li> | ||
2989 | 163 | |||
2990 | 164 | <li> | ||
2991 | 165 | <strong>Cet utilisateur valide est-il autoris� � ex�cuter le | ||
2992 | 166 | conteneur ?</strong> | ||
2993 | 167 | |||
2994 | 168 | <p class="indent"> | ||
2995 | 169 | Cet utilisateur est-il celui autoris� � ex�cuter le | ||
2996 | 170 | conteneur ? Un seul utilisateur (celui d'Apache) est | ||
2997 | 171 | autoris� � ex�cuter ce programme. | ||
2998 | 172 | </p> | ||
2999 | 173 | </li> | ||
3000 | 174 | |||
3001 | 175 | <li> | ||
3002 | 176 | <strong>Le chemin du programme CGI ou SSI cible est-il | ||
3003 | 177 | non s�r ?</strong> | ||
3004 | 178 | |||
3005 | 179 | <p class="indent"> | ||
3006 | 180 | Le chemin du programme CGI ou SSI cible d�bute-t-il par un | ||
3007 | 181 | '/' ou contient-il une r�f�rence arri�re '..' ? Ceci est | ||
3008 | 182 | interdit ; le programme CGI ou SSI cible doit se trouver dans | ||
3009 | 183 | la hi�rarchie de la racine des documents de suEXEC (voir | ||
3010 | 184 | <code>--with-suexec-docroot=<em>DIR</em></code> ci-dessous). | ||
3011 | 185 | </p> | ||
3012 | 186 | </li> | ||
3013 | 187 | |||
3014 | 188 | <li> | ||
3015 | 189 | <strong>Le nom utilisateur cible est-il valide ?</strong> | ||
3016 | 190 | |||
3017 | 191 | <p class="indent"> | ||
3018 | 192 | L'utilisateur cible existe-t-il ? | ||
3019 | 193 | </p> | ||
3020 | 194 | </li> | ||
3021 | 195 | |||
3022 | 196 | <li> | ||
3023 | 197 | <strong>Le nom du groupe cible est-il valide ?</strong> | ||
3024 | 198 | |||
3025 | 199 | <p class="indent"> | ||
3026 | 200 | Le groupe cible existe-t-il ? | ||
3027 | 201 | </p> | ||
3028 | 202 | </li> | ||
3029 | 203 | |||
3030 | 204 | <li> | ||
3031 | 205 | <strong>L'utilisateur cible n'est-il <em>PAS</em> | ||
3032 | 206 | superutilisateur ?</strong> | ||
3033 | 207 | |||
3034 | 208 | |||
3035 | 209 | <p class="indent"> | ||
3036 | 210 | suEXEc ne permet pas � | ||
3037 | 211 | <code><em>root</em></code> d'ex�cuter des programmes CGI/SSI. | ||
3038 | 212 | </p> | ||
3039 | 213 | </li> | ||
3040 | 214 | |||
3041 | 215 | <li> | ||
3042 | 216 | <strong>Le num�ro de l'identifiant de l'utilisateur cible | ||
3043 | 217 | est-il <em>SUPERIEUR</em> au num�ro d'identifiant | ||
3044 | 218 | minimum ?</strong> | ||
3045 | 219 | |||
3046 | 220 | <p class="indent"> | ||
3047 | 221 | Le num�ro d'identifiant utilisateur minimum est d�fini � | ||
3048 | 222 | l'ex�cution du script configure. Ceci vous permet de d�finir | ||
3049 | 223 | le num�ro d'identifiant utilisateur le plus bas qui sera | ||
3050 | 224 | autoris� � �x�cuter des programmes CGI/SSI. En particulier, | ||
3051 | 225 | cela permet d'�carter les comptes syst�me. | ||
3052 | 226 | </p> | ||
3053 | 227 | </li> | ||
3054 | 228 | |||
3055 | 229 | <li> | ||
3056 | 230 | <strong>Le groupe cible n'est-il <em>PAS</em> le groupe | ||
3057 | 231 | superutilisateur ?</strong> | ||
3058 | 232 | |||
3059 | 233 | <p class="indent"> | ||
3060 | 234 | Actuellement, suEXEC ne permet pas au groupe | ||
3061 | 235 | <code><em>root</em></code> d'ex�cuter des programmes CGI/SSI. | ||
3062 | 236 | </p> | ||
3063 | 237 | </li> | ||
3064 | 238 | |||
3065 | 239 | <li> | ||
3066 | 240 | <strong> Le num�ro d'identifiant du groupe cible est-il | ||
3067 | 241 | <em>SUPERIEUR</em> au num�ro d'identifiant minimum ?</strong> | ||
3068 | 242 | |||
3069 | 243 | <p class="indent"> | ||
3070 | 244 | Le num�ro d'identifiant de groupe minimum est sp�cifi� lors | ||
3071 | 245 | de l'ex�cution du script configure. Ceci vous permet de | ||
3072 | 246 | d�finir l'identifiant de groupe le plus bas possible qui sera | ||
3073 | 247 | autoris� � ex�cuter des programmes CGI/SSI, et est | ||
3074 | 248 | particuli�rement utile pour �carter les groupes "syst�me". | ||
3075 | 249 | </p> | ||
3076 | 250 | </li> | ||
3077 | 251 | |||
3078 | 252 | <li> | ||
3079 | 253 | <strong>Le conteneur peut-il obtenir avec succ�s l'identit� | ||
3080 | 254 | des utilisateur et groupe cibles ?</strong> | ||
3081 | 255 | |||
3082 | 256 | <p class="indent"> | ||
3083 | 257 | C'est ici que le programme obtient l'identit� des utilisateur | ||
3084 | 258 | et groupe cibles via des appels � setuid et setgid. De m�me, | ||
3085 | 259 | la liste des acc�s groupe est initialis�e avec tous les | ||
3086 | 260 | groupes auxquels l'utilisateur cible appartient. | ||
3087 | 261 | </p> | ||
3088 | 262 | </li> | ||
3089 | 263 | |||
3090 | 264 | <li> | ||
3091 | 265 | <strong>Peut-on se positionner dans le r�pertoire dans dequel | ||
3092 | 266 | sont situ�s les programmes CGI/SSI ?</strong> | ||
3093 | 267 | |||
3094 | 268 | <p class="indent"> | ||
3095 | 269 | S'il n'existe pas, il ne peut pas contenir de fichier. Et si | ||
3096 | 270 | l'on ne peut pas s'y positionner, il n'existe probablement | ||
3097 | 271 | pas. | ||
3098 | 272 | </p> | ||
3099 | 273 | </li> | ||
3100 | 274 | |||
3101 | 275 | <li> | ||
3102 | 276 | <strong>Le r�pertoire est-il dans l'espace web | ||
3103 | 277 | de httpd ?</strong> | ||
3104 | 278 | |||
3105 | 279 | <p class="indent"> | ||
3106 | 280 | Si la requ�te concerne une portion de la racine du serveur, | ||
3107 | 281 | le r�pertoire demand� est-il dans la hi�rarchie de la racine | ||
3108 | 282 | des documents de suEXEC ? Si la requ�te concerne un | ||
3109 | 283 | <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>, le r�pertoire demand� est-il dans | ||
3110 | 284 | la hi�rarchie du r�pertoire d�fini comme le r�pertoire | ||
3111 | 285 | utilisateur de suEXEC (voir les | ||
3112 | 286 | <a href="#install">options de configuration de suEXEC</a>) ? | ||
3113 | 287 | </p> | ||
3114 | 288 | </li> | ||
3115 | 289 | |||
3116 | 290 | <li> | ||
3117 | 291 | <strong>L'�criture dans le r�pertoire est-elle interdite pour | ||
3118 | 292 | un utilisateur autre que le propri�taire </strong> | ||
3119 | 293 | |||
3120 | 294 | <p class="indent"> | ||
3121 | 295 | Le r�pertoire ne doit pas �tre ouvert aux autres | ||
3122 | 296 | utilisateurs ; seul l'utilisateur propri�taire doit pouvoir | ||
3123 | 297 | modifier le contenu du r�pertoire. | ||
3124 | 298 | </p> | ||
3125 | 299 | </li> | ||
3126 | 300 | |||
3127 | 301 | <li> | ||
3128 | 302 | <strong>Le programme CGI/SSI cible existe-t-il ?</strong> | ||
3129 | 303 | |||
3130 | 304 | <p class="indent"> | ||
3131 | 305 | S'il n'existe pas, il ne peut pas �tre ex�cut�. | ||
3132 | 306 | </p> | ||
3133 | 307 | </li> | ||
3134 | 308 | |||
3135 | 309 | <li> | ||
3136 | 310 | <strong>Les utilisateurs autres que le propri�taire n'ont-ils | ||
3137 | 311 | <em>PAS</em> de droits en �criture sur le programme | ||
3138 | 312 | CGI/SSI ?</strong> | ||
3139 | 313 | |||
3140 | 314 | <p class="indent"> | ||
3141 | 315 | Les utilisateurs autres que le propri�taire ne doivent pas | ||
3142 | 316 | pouvoir modifier le programme CGI/SSI. | ||
3143 | 317 | </p> | ||
3144 | 318 | </li> | ||
3145 | 319 | |||
3146 | 320 | <li> | ||
3147 | 321 | <strong>Le programme CGI/SSI n'est-il <em>PAS</em> setuid ou | ||
3148 | 322 | setgid ?</strong> | ||
3149 | 323 | |||
3150 | 324 | <p class="indent"> | ||
3151 | 325 | Les programmes cibles ne doivent pas pouvoir modifier � | ||
3152 | 326 | nouveau les identifiants utilisateur/groupe. | ||
3153 | 327 | </p> | ||
3154 | 328 | </li> | ||
3155 | 329 | |||
3156 | 330 | <li> | ||
3157 | 331 | <strong>Le couple utilisateur/groupe cible est-il le m�me que | ||
3158 | 332 | celui du programme ?</strong> | ||
3159 | 333 | |||
3160 | 334 | <p class="indent"> | ||
3161 | 335 | L'utilisateur est-il le propri�taire du fichier ? | ||
3162 | 336 | </p> | ||
3163 | 337 | </li> | ||
3164 | 338 | |||
3165 | 339 | <li> | ||
3166 | 340 | <strong>Peut-on nettoyer avec succ�s l'environnement des | ||
3167 | 341 | processus afin de garantir la s�ret� des op�rations ?</strong> | ||
3168 | 342 | |||
3169 | 343 | <p class="indent"> | ||
3170 | 344 | suExec nettoie l'environnement des processus en �tablissant | ||
3171 | 345 | un chemin d'ex�cution s�r (d�fini lors de la configuration), | ||
3172 | 346 | et en ne passant que les variables dont les noms font partie | ||
3173 | 347 | de la liste de l'environnement s�r (cr��e de m�me lors de la | ||
3174 | 348 | configuration). | ||
3175 | 349 | </p> | ||
3176 | 350 | </li> | ||
3177 | 351 | |||
3178 | 352 | <li> | ||
3179 | 353 | <strong>Le conteneur peut-il avec succ�s se substituer au | ||
3180 | 354 | programme CGI/SSI cible et s'ex�cuter ?</strong> | ||
3181 | 355 | |||
3182 | 356 | <p class="indent"> | ||
3183 | 357 | C'est l� o� l'ex�cution de suEXEC s'arr�te et o� commence | ||
3184 | 358 | celle du programme CGI/ssi cible. | ||
3185 | 359 | </p> | ||
3186 | 360 | </li> | ||
3187 | 361 | </ol> | ||
3188 | 362 | |||
3189 | 363 | <p>Ce sont les op�rations standards effectu�es par le mod�le de | ||
3190 | 364 | s�curit� du conteneur suEXEC. Il peut para�tre strict et est | ||
3191 | 365 | susceptible d'imposer de nouvelles limitations et orientations | ||
3192 | 366 | dans la conception des programmes CGI/SSI, mais il a �t� d�velopp� | ||
3193 | 367 | avec le plus grand soin, �tape par �tape, en se focalisant sur | ||
3194 | 368 | la s�curit�.</p> | ||
3195 | 369 | |||
3196 | 370 | <p>Pour plus d'informations sur la mesure dans laquelle ce mod�le | ||
3197 | 371 | de s�curit� peut limiter vos possibilit�s au regard de la | ||
3198 | 372 | configuration du serveur, ainsi que les risques de s�curit� qui | ||
3199 | 373 | peuvent �tre �vit�s gr�ce � une configuration appropri�e de suEXEC, | ||
3200 | 374 | se r�f�rer � la section <a href="#jabberwock">"Avis � la population !"</a> de ce document.</p> | ||
3201 | 375 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
3202 | 376 | <div class="section"> | ||
3203 | 377 | <h2><a name="install" id="install">Configurer et installer suEXEC</a></h2> | ||
3204 | 378 | |||
3205 | 379 | <p>C'est ici que nous entrons dans le vif du sujet.</p> | ||
3206 | 380 | |||
3207 | 381 | <p><strong>Options de configuration de suEXEC</strong><br /> | ||
3208 | 382 | </p> | ||
3209 | 383 | |||
3210 | 384 | <dl> | ||
3211 | 385 | <dt><code>--enable-suexec</code></dt> | ||
3212 | 386 | |||
3213 | 387 | <dd>Cette option active la fonctionnalit� suEXEC qui n'est | ||
3214 | 388 | jamais install�e ou activ�e par d�faut. Au moins une option | ||
3215 | 389 | <code>--with-suexec-xxxxx</code> doit accompagner l'option | ||
3216 | 390 | <code>--enable-suexec</code> pour qu'APACI (l'utilitaire de | ||
3217 | 391 | configuration de la compilation d'Apache) accepte votre demande | ||
3218 | 392 | d'utilisation de la fonctionnalit� suEXEC.</dd> | ||
3219 | 393 | |||
3220 | 394 | <dt><code>--with-suexec-bin=<em>PATH</em></code></dt> | ||
3221 | 395 | |||
3222 | 396 | <dd>Le chemin du binaire <code>suexec</code> doit �tre cod� en | ||
3223 | 397 | dur dans le serveur pour des raisons de s�curit�. Cette option | ||
3224 | 398 | vous permet de modifier le chemin par d�faut. | ||
3225 | 399 | <em>Par exemple</em> | ||
3226 | 400 | <code>--with-suexec-bin=/usr/sbin/suexec</code></dd> | ||
3227 | 401 | |||
3228 | 402 | <dt><code>--with-suexec-caller=<em>UID</em></code></dt> | ||
3229 | 403 | |||
3230 | 404 | <dd>L'<a href="mod/mpm_common.html#user">utilisateur</a> sous | ||
3231 | 405 | lequel httpd s'ex�cute habituellement. C'est le seul utilisateur | ||
3232 | 406 | autoris� � ex�cuter le wrapper suEXEC.</dd> | ||
3233 | 407 | |||
3234 | 408 | <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt> | ||
3235 | 409 | |||
3236 | 410 | <dd>Cette option d�finit le sous-r�pertoire de la hi�rarchie des | ||
3237 | 411 | r�pertoires utilisateurs dans lequel l'utilisation | ||
3238 | 412 | de suEXEC sera autoris�e. Tous les ex�cutables situ�s dans ce | ||
3239 | 413 | r�pertoire seront ex�cutables par suEXEC sous l'utilisateur | ||
3240 | 414 | cible ; ces programmes doivent donc �tre s�rs. Si vous utilisez | ||
3241 | 415 | une directive <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> | ||
3242 | 416 | "simple" (c'est � dire ne contenant pas de | ||
3243 | 417 | "*"), l'option --with-suexec-userdir | ||
3244 | 418 | devra contenir la m�me valeur. SuEXEC ne fonctionnera pas | ||
3245 | 419 | correctement si la directive <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> contient une valeur | ||
3246 | 420 | diff�rente du r�pertoire home de l'utilisateur tel qu'il est | ||
3247 | 421 | d�fini dans le fichier <code>passwd</code>. la valeur par d�faut | ||
3248 | 422 | est "<code>public_html</code>".<br /> | ||
3249 | 423 | Si vous avez plusieurs h�tes virtuels avec une directive | ||
3250 | 424 | <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> diff�rente | ||
3251 | 425 | pour chacun d'entre eux, vous devrez faire en sorte que chaque | ||
3252 | 426 | UserDir poss�de un r�pertoire parent commun ; donnez alors � | ||
3253 | 427 | l'option --with-suexec-userdir le nom | ||
3254 | 428 | de ce r�pertoire commun. <strong>Si tout ceci n'est pas d�fini | ||
3255 | 429 | correctement, les requ�tes CGI "~userdir" ne fonctionneront | ||
3256 | 430 | pas !</strong></dd> | ||
3257 | 431 | |||
3258 | 432 | <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt> | ||
3259 | 433 | |||
3260 | 434 | <dd>Cette option fonctionne comme la directive DocumentRoot pour | ||
3261 | 435 | httpd. Il s'agit de la seule hi�rarchie (en dehors des directives | ||
3262 | 436 | <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>) dans laquelle la fonctionnalit� suEXEC | ||
3263 | 437 | pourra �tre utilis�e. La valeur par d�faut est la valeur de | ||
3264 | 438 | <code>--datadir</code> accompagn�e du suffixe | ||
3265 | 439 | "<code>/htdocs</code>" ; | ||
3266 | 440 | <em>Par exemple</em>, si vous ex�cutez configure avec | ||
3267 | 441 | "<code>--datadir=/home/apache</code>", la valeur | ||
3268 | 442 | "<code>/home/apache/htdocs</code>" sera utilis�e par d�faut comme | ||
3269 | 443 | racine des documents pour le conteneur suEXEC.</dd> | ||
3270 | 444 | |||
3271 | 445 | <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt> | ||
3272 | 446 | |||
3273 | 447 | <dd>Cette option d�finit l'identifiant utilisateur le plus bas | ||
3274 | 448 | avec lequel un utilisateur pourra �tre la cible de | ||
3275 | 449 | suEXEC. 500 ou 100 sont des valeurs courantes sur la plupart des | ||
3276 | 450 | syst�mes. la valeur par d�faut est 100.</dd> | ||
3277 | 451 | |||
3278 | 452 | <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt> | ||
3279 | 453 | |||
3280 | 454 | <dd>Cette option d�finit l'identifiant de groupe le plus bas | ||
3281 | 455 | avec lequel un utilisateur pourra �tre la cible de | ||
3282 | 456 | suEXEC. 100 est une valeur courante sur la plupart des | ||
3283 | 457 | syst�mes et est par cons�quent la valeur par d�faut.</dd> | ||
3284 | 458 | |||
3285 | 459 | <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt> | ||
3286 | 460 | |||
3287 | 461 | <dd>Cette option permet de d�finir le fichier dans lequel | ||
3288 | 462 | toutes les transactions et erreurs de suEXEC seront journalis�es | ||
3289 | 463 | (� des fins d'analyse ou de d�bogage). Par d�faut, le fichier | ||
3290 | 464 | journal se nomme "<code>suexec_log</code>" et se trouve dans votre | ||
3291 | 465 | r�pertoire standard des fichiers journaux d�fini par | ||
3292 | 466 | <code>--logfiledir</code></dd> | ||
3293 | 467 | |||
3294 | 468 | <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt> | ||
3295 | 469 | |||
3296 | 470 | <dd>Cette option permet de d�finir une variable d'environnement | ||
3297 | 471 | PATH s�re � passer aux ex�cutables CGI. La valeur par d�faut | ||
3298 | 472 | est "<code>/usr/local/bin:/usr/bin:/bin</code>".</dd> | ||
3299 | 473 | </dl> | ||
3300 | 474 | |||
3301 | 475 | <h3>Compilation et installation du conteneur suEXEC</h3> | ||
3302 | 476 | |||
3303 | 477 | |||
3304 | 478 | <p>Si vous avez activ� la fonctionnalit� suEXEC � l'aide de | ||
3305 | 479 | l'option <code>--enable-suexec</code>, le binaire | ||
3306 | 480 | <code>suexec</code> sera automatiquement construit (en m�me temps | ||
3307 | 481 | que httpd) lorsque vous ex�cuterez la commande | ||
3308 | 482 | <code>make</code>.</p> | ||
3309 | 483 | |||
3310 | 484 | <p>Lorsque tous les composants auront �t� construits, vous pourrez | ||
3311 | 485 | ex�cuter la commande <code>make install</code> afin de les | ||
3312 | 486 | installer. Le binaire <code>suexec</code> sera install� dans le | ||
3313 | 487 | r�pertoire d�fini � l'aide de l'option <code>--sbindir</code>. La | ||
3314 | 488 | localisation par d�faut est "/usr/local/apache2/bin/suexec".</p> | ||
3315 | 489 | <p>Veuillez noter que vous aurez besoin des | ||
3316 | 490 | <strong><em>privil�ges root</em></strong> pour passer l'�tape de | ||
3317 | 491 | l'installation. Pour que le conteneur puisse changer | ||
3318 | 492 | l'identifiant utilisateur, il doit avoir comme propri�taire | ||
3319 | 493 | <code><em>root</em></code>, et les droits du fichier doivent | ||
3320 | 494 | inclure le bit d'ex�cution setuserid.</p> | ||
3321 | 495 | |||
3322 | 496 | |||
3323 | 497 | <h3>>Mise en place de permissions pour | ||
3324 | 498 | parano�aque</h3> | ||
3325 | 499 | |||
3326 | 500 | <p>Bien que le conteneur suEXEC v�rifie que l'utilisateur qui | ||
3327 | 501 | l'appelle correspond bien � l'utilisateur sp�cifi� � l'aide de | ||
3328 | 502 | l'option <code>--with-suexec-caller</code> du programme | ||
3329 | 503 | <code class="program"><a href="./programs/configure.html">configure</a></code>, il subsiste toujours le risque qu'un | ||
3330 | 504 | appel syst�me ou une biblioth�que fasse appel � suEXEC avant que | ||
3331 | 505 | cette v�rification ne soit exploitable sur votre syst�me. Pour | ||
3332 | 506 | tenir compte de ceci, et parce que c'est en g�n�ral la meilleure | ||
3333 | 507 | pratique, vous devez utiliser les permissions du syst�me de | ||
3334 | 508 | fichiers afin de vous assurer que seul le groupe sous lequel | ||
3335 | 509 | s'ex�cute httpd puisse faire appel � suEXEC.</p> | ||
3336 | 510 | |||
3337 | 511 | <p>Si, par exemple, votre serveur web est configur� pour | ||
3338 | 512 | s'ex�cuter en tant que :</p> | ||
3339 | 513 | |||
3340 | 514 | <pre class="prettyprint lang-config">User www | ||
3341 | 515 | Group webgroup</pre> | ||
3342 | 516 | |||
3343 | 517 | |||
3344 | 518 | <p>et <code class="program"><a href="./programs/suexec.html">suexec</a></code> se trouve � | ||
3345 | 519 | "/usr/local/apache2/bin/suexec", vous devez ex�cuter les | ||
3346 | 520 | commandes</p> | ||
3347 | 521 | |||
3348 | 522 | <div class="example"><p><code> | ||
3349 | 523 | chgrp webgroup /usr/local/apache2/bin/suexec<br /> | ||
3350 | 524 | chmod 4750 /usr/local/apache2/bin/suexec<br /> | ||
3351 | 525 | </code></p></div> | ||
3352 | 526 | |||
3353 | 527 | <p>Ceci permet de s'assurer que seul le groupe sous lequel httpd | ||
3354 | 528 | s'ex�cute (ici webgroup) puisse faire appel au conteneur | ||
3355 | 529 | suEXEC.</p> | ||
3356 | 530 | |||
3357 | 531 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
3358 | 532 | <div class="section"> | ||
3359 | 533 | <h2><a name="enable" id="enable">Activation et d�sactivation | ||
3360 | 534 | de suEXEC</a></h2> | ||
3361 | 535 | |||
3362 | 536 | <p>Au d�marrage, httpd v�rifie la pr�sence du fichier | ||
3363 | 537 | <code class="program"><a href="./programs/suexec.html">suexec</a></code> dans le r�pertoire d�fini par | ||
3364 | 538 | l'option <code>--sbindir</code> du script configure (le | ||
3365 | 539 | r�pertoire par d�faut est "/usr/local/apache/sbin/suexec"). Si | ||
3366 | 540 | httpd trouve un conteneur suEXEC correctement configur�, il | ||
3367 | 541 | enregistrera le message suivant dans le journal des erreurs :</p> | ||
3368 | 542 | |||
3369 | 543 | <div class="example"><p><code> | ||
3370 | 544 | [notice] suEXEC mechanism enabled (wrapper: <var>/path/to/suexec</var>) | ||
3371 | 545 | </code></p></div> | ||
3372 | 546 | |||
3373 | 547 | <p>Si ce message n'est pas g�n�r� au d�marrage du serveur, ce | ||
3374 | 548 | dernier ne trouve probablement pas le programme conteneur � | ||
3375 | 549 | l'endroit o� il est sens� �tre, ou l'ex�cutable suexec n'est pas | ||
3376 | 550 | install� en <em>setuid root</em>.</p> | ||
3377 | 551 | |||
3378 | 552 | <p>Si le serveur HTTP Apache est d�j� en cours d'ex�cution, et si | ||
3379 | 553 | vous activez le m�canisme suEXEC pour la premi�re fois, vous | ||
3380 | 554 | devez arr�ter et red�marrer httpd. Un red�marrage | ||
3381 | 555 | � l'aide d'un simple signal HUP ou USR1 suffira. </p> | ||
3382 | 556 | <p>Pour d�sactiver suEXEC, vous devez supprimer le fichier | ||
3383 | 557 | <code class="program"><a href="./programs/suexec.html">suexec</a></code>, puis arr�ter et red�marrer | ||
3384 | 558 | httpd.</p> | ||
3385 | 559 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
3386 | 560 | <div class="section"> | ||
3387 | 561 | <h2><a name="usage" id="usage">Utilisation de suEXEC</a></h2> | ||
3388 | 562 | |||
3389 | 563 | <p>Les requ�tes pour des programmes CGI ne feront appel au | ||
3390 | 564 | conteneur suEXEC que si elles concernent un h�te virtuel | ||
3391 | 565 | contenant une directive <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code>, ou si elles sont | ||
3392 | 566 | trait�es par <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code>.</p> | ||
3393 | 567 | |||
3394 | 568 | <p><strong>H�tes virtuels :</strong><br /> Une des m�thodes | ||
3395 | 569 | d'utilisation du conteneur suEXEC consiste � ins�rer une | ||
3396 | 570 | directive <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> dans une section | ||
3397 | 571 | <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code>. En d�finissant | ||
3398 | 572 | des valeurs diff�rentes de celles du serveur principal, toutes les | ||
3399 | 573 | requ�tes pour des ressources CGI seront ex�cut�es sous | ||
3400 | 574 | les <em>User</em> et <em>Group</em> d�finis pour cette section | ||
3401 | 575 | <code class="directive"><a href="./mod/core.html#virtualhost"><VirtualHost></a></code>. Si cette | ||
3402 | 576 | directive est absente de la section <code class="directive"><a href="./mod/core.html#virtualhost"><VirtualHost></a></code>, l'utilisateur du | ||
3403 | 577 | serveur principal sera pris par d�faut</p> | ||
3404 | 578 | |||
3405 | 579 | <p><strong>R�pertoires des utilisateurs :</strong><br /> Avec | ||
3406 | 580 | cette m�thode, les | ||
3407 | 581 | requ�tes trait�es par <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> appelleront le | ||
3408 | 582 | conteneur suEXEC pour ex�cuter le programme CGI sous l'identifiant | ||
3409 | 583 | utilisateur du r�pertoire utilisateur concern�. Seuls pr�requis | ||
3410 | 584 | pour pouvoir acc�der � cette fonctionnalit� : l'ex�cution des CGI | ||
3411 | 585 | doit �tre activ�e pour l'utilisateur concern�, et le script doit | ||
3412 | 586 | passer avec succ�s le test des <a href="#model">v�rifications de | ||
3413 | 587 | s�curit�</a> d�crit plus haut. Voir aussi l' | ||
3414 | 588 | <a href="#install">option de compilation</a> | ||
3415 | 589 | <code>--with-suexec-userdir</code>.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
3416 | 590 | <div class="section"> | ||
3417 | 591 | <h2><a name="debug" id="debug">D�bogage de suEXEC</a></h2> | ||
3418 | 592 | |||
3419 | 593 | <p>Le conteneur suEXEC va �crire ses informations de journalisation | ||
3420 | 594 | dans le fichier d�fini par l'option de compilation | ||
3421 | 595 | <code>--with-suexec-logfile</code> comme indiqu� plus haut. Si vous | ||
3422 | 596 | pensez avoir configur� et install� correctement le conteneur, | ||
3423 | 597 | consultez ce journal, ainsi que le journal des erreurs du serveur | ||
3424 | 598 | afin de d�terminer l'endroit o� vous avez fait fausse route.</p> | ||
3425 | 599 | |||
3426 | 600 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
3427 | 601 | <div class="section"> | ||
3428 | 602 | <h2><a name="jabberwock" id="jabberwock">Avis � la population ! | ||
3429 | 603 | Avertissements et exemples</a></h2> | ||
3430 | 604 | |||
3431 | 605 | <p><strong>NOTE !</strong> Cette section est peut-�tre incompl�te. | ||
3432 | 606 | Pour en consulter la derni�re r�vision, voir la version de la <a href="http://httpd.apache.org/docs/2.4/suexec.html">Documentation en ligne</a>.</p> | ||
3433 | 607 | |||
3434 | 608 | <p>Quelques points importants du conteneur peuvent | ||
3435 | 609 | imposer des contraintes du point de vue de la configuration du | ||
3436 | 610 | serveur. Veuillez en prendre connaissance avant de soumettre un | ||
3437 | 611 | rapport de bogue � propos de suEXEC.</p> | ||
3438 | 612 | |||
3439 | 613 | <ul> | ||
3440 | 614 | <li><strong>Points importants de suEXEC</strong></li> | ||
3441 | 615 | |||
3442 | 616 | <li> | ||
3443 | 617 | Limitations concernant la hi�rarchie. | ||
3444 | 618 | |||
3445 | 619 | <p class="indent"> | ||
3446 | 620 | Pour des raisons de s�curit� et d'efficacit�, toutes les | ||
3447 | 621 | requ�tes suEXEC ne doivent concerner que des ressources | ||
3448 | 622 | situ�es dans la racine des documents d�finie pour les | ||
3449 | 623 | requ�tes concernant un h�te virtuel, ou des ressources | ||
3450 | 624 | situ�es dans la racine des documents d�finies pour les | ||
3451 | 625 | requ�tes concernant un r�pertoire utilisateur. Par exemple, | ||
3452 | 626 | si vous avez configur� quatre h�tes virtuels, vous devrez | ||
3453 | 627 | d�finir la structure des racines de documents de vos h�tes | ||
3454 | 628 | virtuels en dehors d'une hi�rarchie de documents principale | ||
3455 | 629 | de httpd, afin de tirer parti de suEXEC dans le contexte des | ||
3456 | 630 | h�tes virtuels (Exemple � venir). | ||
3457 | 631 | </p> | ||
3458 | 632 | </li> | ||
3459 | 633 | |||
3460 | 634 | <li> | ||
3461 | 635 | La variable d'environnement PATH de suEXEC | ||
3462 | 636 | |||
3463 | 637 | <p class="indent"> | ||
3464 | 638 | Modifier cette variable peut s'av�rer dangereux. Assurez-vous | ||
3465 | 639 | que tout chemin que vous ajoutez � cette variable est un | ||
3466 | 640 | r�pertoire <strong>de confiance</strong>. Vous n'avez | ||
3467 | 641 | probablement pas l'intention d'ouvrir votre serveur de fa�on | ||
3468 | 642 | � ce que l'on puisse y ex�cuter un cheval de Troie. | ||
3469 | 643 | </p> | ||
3470 | 644 | </li> | ||
3471 | 645 | |||
3472 | 646 | <li> | ||
3473 | 647 | Modification de suEXEC | ||
3474 | 648 | |||
3475 | 649 | <p class="indent"> | ||
3476 | 650 | Encore une fois, ceci peut vous causer de | ||
3477 | 651 | <strong>graves ennuis</strong> si vous vous y essayez sans | ||
3478 | 652 | savoir ce que vous faites. Evitez de vous y risquer dans la | ||
3479 | 653 | mesure du possible. | ||
3480 | 654 | </p> | ||
3481 | 655 | </li> | ||
3482 | 656 | </ul> | ||
3483 | 657 | |||
3484 | 658 | </div></div> | ||
3485 | 659 | <div class="bottomlang"> | ||
3486 | 660 | <p><span>Langues Disponibles: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English"> en </a> | | ||
3487 | 661 | <a href="./fr/suexec.html" title="Fran�ais"> fr </a> | | ||
3488 | 662 | <a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | | ||
3489 | 663 | <a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | | ||
3490 | 664 | <a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p> | ||
3491 | 665 | </div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> | ||
3492 | 666 | <script type="text/javascript"><!--//--><![CDATA[//><!-- | ||
3493 | 667 | var comments_shortname = 'httpd'; | ||
3494 | 668 | var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html'; | ||
3495 | 669 | (function(w, d) { | ||
3496 | 670 | if (w.location.hostname.toLowerCase() == "httpd.apache.org") { | ||
3497 | 671 | d.write('<div id="comments_thread"><\/div>'); | ||
3498 | 672 | var s = d.createElement('script'); | ||
3499 | 673 | s.type = 'text/javascript'; | ||
3500 | 674 | s.async = true; | ||
3501 | 675 | s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; | ||
3502 | 676 | (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); | ||
3503 | 677 | } | ||
3504 | 678 | else { | ||
3505 | 679 | d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); | ||
3506 | 680 | } | ||
3507 | 681 | })(window, document); | ||
3508 | 682 | //--><!]]></script></div><div id="footer"> | ||
3509 | 683 | <p class="apache">Copyright 2015 The Apache Software Foundation.<br />Autoris� sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> | ||
3510 | 684 | <p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossaire</a> | <a href="./sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- | ||
3511 | 685 | if (typeof(prettyPrint) !== 'undefined') { | ||
3512 | 686 | prettyPrint(); | ||
3513 | 687 | } | ||
3514 | 688 | //--><!]]></script> | ||
3515 | 689 | </body></html> | ||
3516 | 0 | \ No newline at end of file | 690 | \ No newline at end of file |
3517 | diff --git a/docs/manual/suexec.html.ja.utf8 b/docs/manual/suexec.html.ja.utf8 | |||
3518 | 1 | new file mode 100644 | 691 | new file mode 100644 |
3519 | index 0000000..2300b47 | |||
3520 | --- /dev/null | |||
3521 | +++ b/docs/manual/suexec.html.ja.utf8 | |||
3522 | @@ -0,0 +1,643 @@ | |||
3523 | 1 | <?xml version="1.0" encoding="UTF-8"?> | ||
3524 | 2 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | ||
3525 | 3 | <html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja"><head> | ||
3526 | 4 | <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> | ||
3527 | 5 | <!-- | ||
3528 | 6 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
3529 | 7 | This file is generated from xml source: DO NOT EDIT | ||
3530 | 8 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
3531 | 9 | --> | ||
3532 | 10 | <title>suEXEC サポート - Apache HTTP サーバ バージョン 2.4</title> | ||
3533 | 11 | <link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> | ||
3534 | 12 | <link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> | ||
3535 | 13 | <link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" /> | ||
3536 | 14 | <script src="./style/scripts/prettify.min.js" type="text/javascript"> | ||
3537 | 15 | </script> | ||
3538 | 16 | |||
3539 | 17 | <link href="./images/favicon.ico" rel="shortcut icon" /></head> | ||
3540 | 18 | <body id="manual-page"><div id="page-header"> | ||
3541 | 19 | <p class="menu"><a href="./mod/">モジュール</a> | <a href="./mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">用語</a> | <a href="./sitemap.html">サイトマップ</a></p> | ||
3542 | 20 | <p class="apache">Apache HTTP サーバ バージョン 2.4</p> | ||
3543 | 21 | <img alt="" src="./images/feather.gif" /></div> | ||
3544 | 22 | <div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> | ||
3545 | 23 | <div id="path"> | ||
3546 | 24 | <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP サーバ</a> > <a href="http://httpd.apache.org/docs/">ドキュメンテーション</a> > <a href="./">バージョン 2.4</a></div><div id="page-content"><div id="preamble"><h1>suEXEC サポート</h1> | ||
3547 | 25 | <div class="toplang"> | ||
3548 | 26 | <p><span>翻訳済み言語: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English"> en </a> | | ||
3549 | 27 | <a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | | ||
3550 | 28 | <a href="./ja/suexec.html" title="Japanese"> ja </a> | | ||
3551 | 29 | <a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | | ||
3552 | 30 | <a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> | ||
3553 | 31 | </div> | ||
3554 | 32 | <div class="outofdate">この日本語訳はすでに古くなっている | ||
3555 | 33 | 可能性があります。 | ||
3556 | 34 | 最近更新された内容を見るには英語版をご覧下さい。 | ||
3557 | 35 | </div> | ||
3558 | 36 | |||
3559 | 37 | <p><strong>suEXEC</strong> | ||
3560 | 38 | 機能により、Apache ユーザは Web サーバを実行しているユーザ ID とは | ||
3561 | 39 | 異なるユーザ ID で <strong>CGI</strong> プログラムや <strong>SSI</strong> | ||
3562 | 40 | プログラムを実行することができます。CGI プログラムまたは SSI | ||
3563 | 41 | プログラムを実行する場合、通常は web サーバと同じユーザで実行されます。 | ||
3564 | 42 | </p> | ||
3565 | 43 | |||
3566 | 44 | <p>適切に使用すると、この機能によりユーザが個別の CGI | ||
3567 | 45 | や SSI プログラムを開発し実行することで生じるセキュリティ上の危険を、 | ||
3568 | 46 | かなり減らすことができます。しかし、suEXEC の設定が不適切だと、 | ||
3569 | 47 | 多くの問題が生じ、あなたのコンピュータに新しいセキュリティホールを | ||
3570 | 48 | 作ってしまう可能性があります。あなたが <em>setuid root</em> | ||
3571 | 49 | されたプログラムと、それらから生じるセキュリティ上の問題の管理に | ||
3572 | 50 | 詳しくないようなら、suEXEC の使用を検討しないように強く推奨します。 | ||
3573 | 51 | </p> | ||
3574 | 52 | </div> | ||
3575 | 53 | <div id="quickview"><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">始める前に</a></li> | ||
3576 | 54 | <li><img alt="" src="./images/down.gif" /> <a href="#model">suEXEC セキュリティモデル</a></li> | ||
3577 | 55 | <li><img alt="" src="./images/down.gif" /> <a href="#install">suEXEC | ||
3578 | 56 | の設定とインストール</a></li> | ||
3579 | 57 | <li><img alt="" src="./images/down.gif" /> <a href="#enable">suEXEC | ||
3580 | 58 | の有効化と無効化</a></li> | ||
3581 | 59 | <li><img alt="" src="./images/down.gif" /> <a href="#usage">suEXEC の使用</a></li> | ||
3582 | 60 | <li><img alt="" src="./images/down.gif" /> <a href="#debug">suEXEC のデバッグ</a></li> | ||
3583 | 61 | <li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">とかげに注意: 警告と事例</a></li> | ||
3584 | 62 | </ul><ul class="seealso"><li><a href="#comments_section">コメント</a></li></ul></div> | ||
3585 | 63 | <div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
3586 | 64 | <div class="section"> | ||
3587 | 65 | <h2><a name="before" id="before">始める前に</a></h2> | ||
3588 | 66 | |||
3589 | 67 | <p>この文書の先頭に飛ぶ前に、Apache | ||
3590 | 68 | グループとこの文書での仮定を知っておくべきでしょう。 | ||
3591 | 69 | </p> | ||
3592 | 70 | |||
3593 | 71 | <p>第 1 に、あなたが <strong>setuid</strong> と | ||
3594 | 72 | <strong>setgid</strong> 操作が可能な UNIX | ||
3595 | 73 | 由来のオペレーティングシステムを使っていることを想定しています。 | ||
3596 | 74 | これは、すべてのコマンド例にあてはまります。 | ||
3597 | 75 | その他のプラットホームでは、もし suEXEC | ||
3598 | 76 | がサポートされていたとしても設定は異なるかもしれません。</p> | ||
3599 | 77 | |||
3600 | 78 | <p>第 2 に、あなたが使用中のコンピュータの | ||
3601 | 79 | セキュリティに関する基本的な概念と、それらの管理について詳しいことを | ||
3602 | 80 | 想定しています。これは、<strong>setuid/setgid</strong> | ||
3603 | 81 | 操作、あなたのシステム上でのその操作による様々な効果、 | ||
3604 | 82 | セキュリティレベルについてあなたが理解しているということを含みます。 | ||
3605 | 83 | </p> | ||
3606 | 84 | |||
3607 | 85 | <p>第 3 に、<strong>改造されていない</strong> suEXEC | ||
3608 | 86 | コードの使用を想定しています。suEXEC のコードは、 | ||
3609 | 87 | 多くのベータテスタだけでなく、開発者によっても注意深く精査され | ||
3610 | 88 | テストされています。それらの注意により、簡潔で信頼できる安全な | ||
3611 | 89 | コードの基盤が保証されます。このコードを改変することで、 | ||
3612 | 90 | 予期されない問題や新しいセキュリティ上の危険が生じることがあります。 | ||
3613 | 91 | セキュリティプログラミングの詳細に通じていて、 | ||
3614 | 92 | 今後の検討のために成果を Apache | ||
3615 | 93 | グループと共有しようと思うのでなければ、suEXEC | ||
3616 | 94 | コードは変えないことを <strong>強く</strong>推奨します。</p> | ||
3617 | 95 | |||
3618 | 96 | <p>第 4 に、これが最後ですが、suEXEC を Apache | ||
3619 | 97 | のデフォルトインストールには<strong>含めない</strong>ことが | ||
3620 | 98 | Apache グループで決定されています。これは、suEXEC | ||
3621 | 99 | の設定には管理者の詳細にわたる慎重な注意が必要だからです。 | ||
3622 | 100 | suEXEC の様々な設定について検討が終われば、管理者は suEXEC | ||
3623 | 101 | を通常のインストール方法でインストールすることができます。 | ||
3624 | 102 | これらの設定値は、suEXEC | ||
3625 | 103 | 機能の使用中にシステムセキュリティを適切に保つために、 | ||
3626 | 104 | 管理者によって慎重に決定され指定されることが必要です。 | ||
3627 | 105 | この詳細な手順により、Apache グループは、suEXEC | ||
3628 | 106 | のインストールについて、注意深く十分に検討してそれを使用することを | ||
3629 | 107 | 決定した場合に限っていただきたいと考えています。 | ||
3630 | 108 | </p> | ||
3631 | 109 | |||
3632 | 110 | <p>それでも進みますか? よろしい。では、先へ進みましょう!</p> | ||
3633 | 111 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
3634 | 112 | <div class="section"> | ||
3635 | 113 | <h2><a name="model" id="model">suEXEC セキュリティモデル</a></h2> | ||
3636 | 114 | |||
3637 | 115 | <p>suEXEC の設定とインストールを始める前に、 | ||
3638 | 116 | まず実装しようとしているセキュリティモデルについて論じておきます。 | ||
3639 | 117 | それには、suEXEC の内部で行なわれていること、 | ||
3640 | 118 | システムのセキュリティを保証するために警告されることを | ||
3641 | 119 | よく理解しておいた方がよいでしょう。</p> | ||
3642 | 120 | |||
3643 | 121 | <p><strong>suEXEC</strong> は、Apache web | ||
3644 | 122 | サーバから呼び出される setuid された "wrapper" | ||
3645 | 123 | プログラムが基本となっています。設計した CGI、または SSI | ||
3646 | 124 | プログラムへの HTTP リクエストがあると、この wrapper | ||
3647 | 125 | が呼び出されます。このようなリクエストがあると、Apache | ||
3648 | 126 | はそのプログラムが実行される際のプログラム名とユーザ ID とグループ | ||
3649 | 127 | ID を指定して suEXEC wrapper を実行します。 | ||
3650 | 128 | </p> | ||
3651 | 129 | |||
3652 | 130 | <p>それから、wrapper は成功または失敗を決定するため | ||
3653 | 131 | 以下の処理を行ないます。これらの状態のうち一つでも失敗した場合、 | ||
3654 | 132 | プログラムは失敗をログに記録してエラーで終了します。 | ||
3655 | 133 | そうでなければ、後の処理が続けられます。</p> | ||
3656 | 134 | |||
3657 | 135 | <ol> | ||
3658 | 136 | <li> | ||
3659 | 137 | <strong>wrapper | ||
3660 | 138 | を実行しているユーザはこのシステムの正当なユーザか?</strong> | ||
3661 | 139 | |||
3662 | 140 | <p class="indent"> | ||
3663 | 141 | これは、wrapper を実行しているユーザが | ||
3664 | 142 | 本当にシステムの利用者であることを保証するためです。 | ||
3665 | 143 | </p> | ||
3666 | 144 | </li> | ||
3667 | 145 | |||
3668 | 146 | |||
3669 | 147 | <li> | ||
3670 | 148 | <strong>wrapper が適切な数の引数で呼び出されたか?</strong> | ||
3671 | 149 | |||
3672 | 150 | |||
3673 | 151 | <p class="indent"> | ||
3674 | 152 | wrapper は適切な数の引数が与えられた場合にのみ実行されます。 | ||
3675 | 153 | 適切な引数のフォーマットは Apache Web サーバに解釈されます。 | ||
3676 | 154 | 適切な数の引数を受け取らなければ、攻撃をされたか | ||
3677 | 155 | あなたの Apache バイナリの suEXEC の部分が | ||
3678 | 156 | どこかおかしい可能性があります。 | ||
3679 | 157 | </p> | ||
3680 | 158 | </li> | ||
3681 | 159 | |||
3682 | 160 | <li> | ||
3683 | 161 | <strong>この正当なユーザは wrapper | ||
3684 | 162 | の実行を許可されているか?</strong> | ||
3685 | 163 | |||
3686 | 164 | <p class="indent"> | ||
3687 | 165 | このユーザは wrapper 実行を許可されたユーザですか? | ||
3688 | 166 | ただ一人のユーザ (Apache ユーザ) だけが、 | ||
3689 | 167 | このプログラムの実行を許可されます。 | ||
3690 | 168 | </p> | ||
3691 | 169 | </li> | ||
3692 | 170 | |||
3693 | 171 | <li> | ||
3694 | 172 | <strong>対象の CGI, SSI プログラムが安全でない階層の参照をしているか? | ||
3695 | 173 | </strong> | ||
3696 | 174 | |||
3697 | 175 | <p class="indent"> | ||
3698 | 176 | 対象の CGI, SSI プログラムが '/' から始まる、または | ||
3699 | 177 | '..' による参照を行なっていますか? これらは許可されません。 | ||
3700 | 178 | 対象のプログラムは suEXEC のドキュメントルート | ||
3701 | 179 | (下記の <code>--with-suexec-docroot=<em>DIR</em></code> を参照) | ||
3702 | 180 | 内に存在しなければなりません。 | ||
3703 | 181 | </p> | ||
3704 | 182 | </li> | ||
3705 | 183 | |||
3706 | 184 | <li> | ||
3707 | 185 | <strong>対象となるユーザ名は正当なものか?</strong> | ||
3708 | 186 | |||
3709 | 187 | <p class="indent"> | ||
3710 | 188 | 対象となるユーザ名は存在していますか? | ||
3711 | 189 | </p> | ||
3712 | 190 | </li> | ||
3713 | 191 | |||
3714 | 192 | <li> | ||
3715 | 193 | <strong>対象となるグループ名は正当なものか?</strong> | ||
3716 | 194 | |||
3717 | 195 | <p class="indent"> | ||
3718 | 196 | 対象となるグループ名は存在していますか? | ||
3719 | 197 | </p> | ||
3720 | 198 | </li> | ||
3721 | 199 | |||
3722 | 200 | <li> | ||
3723 | 201 | <strong>目的のユーザはスーパーユーザでは<em>ない</em>か? | ||
3724 | 202 | </strong> | ||
3725 | 203 | |||
3726 | 204 | <p class="indent"> | ||
3727 | 205 | 今のところ、suEXEC は <code><em>root</em></code> による CGI/SSI | ||
3728 | 206 | プログラムの実行を許可していません。 | ||
3729 | 207 | </p> | ||
3730 | 208 | </li> | ||
3731 | 209 | |||
3732 | 210 | <li> | ||
3733 | 211 | <strong>対象となるユーザ ID は、最小の ID | ||
3734 | 212 | 番号よりも<em>大きい</em>か? </strong> | ||
3735 | 213 | |||
3736 | 214 | <p class="indent"> | ||
3737 | 215 | 最小ユーザ ID 番号は設定時に指定されます。これは、 | ||
3738 | 216 | CGI/SSI プログラム実行を許可されるユーザ ID | ||
3739 | 217 | のとりうる最小値です。これは | ||
3740 | 218 | "system" 用のアカウントを閉め出すのに有効です。 | ||
3741 | 219 | </p> | ||
3742 | 220 | </li> | ||
3743 | 221 | |||
3744 | 222 | <li> | ||
3745 | 223 | <strong>対象となるグループはスーパーユーザのグループでは | ||
3746 | 224 | <em>ない</em>か?</strong> | ||
3747 | 225 | |||
3748 | 226 | <p class="indent"> | ||
3749 | 227 | 今のところ、suEXEC は 'root' グループによる CGI/SSI | ||
3750 | 228 | プログラムの実行を許可していません。 | ||
3751 | 229 | </p> | ||
3752 | 230 | </li> | ||
3753 | 231 | |||
3754 | 232 | <li> | ||
3755 | 233 | <strong>対象となるグループ ID は最小の ID | ||
3756 | 234 | 番号よりも<em>大きい</em>か?</strong> | ||
3757 | 235 | |||
3758 | 236 | <p class="indent"> | ||
3759 | 237 | 最小グループ ID 番号は設定時に指定されます。これは、 | ||
3760 | 238 | CGI/SSI プログラム実行を許可されるグループ | ||
3761 | 239 | ID のとりうる最小値です。 | ||
3762 | 240 | これは "system" 用のグループを閉め出すのに有効です。 | ||
3763 | 241 | </p> | ||
3764 | 242 | </li> | ||
3765 | 243 | |||
3766 | 244 | <li> | ||
3767 | 245 | <strong>wrapper が正常に対象となるユーザとグループになれるか? | ||
3768 | 246 | </strong> | ||
3769 | 247 | |||
3770 | 248 | <p class="indent"> | ||
3771 | 249 | ここで、setuid と setgid | ||
3772 | 250 | の起動によりプログラムは対象となるユーザとグループになります。 | ||
3773 | 251 | グループアクセスリストは、 | ||
3774 | 252 | ユーザが属しているすべてのグループで初期化されます。 | ||
3775 | 253 | </p> | ||
3776 | 254 | </li> | ||
3777 | 255 | |||
3778 | 256 | <li> | ||
3779 | 257 | <strong>CGI/SSI プログラムが置かれているディレクトリに移動 | ||
3780 | 258 | (change directory) できるか?</strong> | ||
3781 | 259 | |||
3782 | 260 | <p class="indent"> | ||
3783 | 261 | ディレクトリが存在しないなら、そのファイルも存在しないかもしれません。 | ||
3784 | 262 | ディレクトリに移動できないのであれば、おそらく存在もしないでしょう。 | ||
3785 | 263 | </p> | ||
3786 | 264 | </li> | ||
3787 | 265 | |||
3788 | 266 | <li> | ||
3789 | 267 | <strong>ディレクトリが Apache のドキュメントツリー内にあるか? | ||
3790 | 268 | </strong> | ||
3791 | 269 | |||
3792 | 270 | <p class="indent"> | ||
3793 | 271 | リクエストがサーバ内のものであれば、 | ||
3794 | 272 | 要求されたディレクトリが suEXEC のドキュメントルート配下にありますか? | ||
3795 | 273 | リクエストが UserDir のものであれば、要求されたディレクトリが suEXEC | ||
3796 | 274 | のユーザのドキュメントルート配下にありますか? | ||
3797 | 275 | (<a href="#install">suEXEC 設定オプション</a> 参照) | ||
3798 | 276 | </p> | ||
3799 | 277 | </li> | ||
3800 | 278 | |||
3801 | 279 | <li> | ||
3802 | 280 | <strong>ディレクトリを他のユーザが書き込めるようになって | ||
3803 | 281 | <em>いない</em>か?</strong> | ||
3804 | 282 | |||
3805 | 283 | <p class="indent"> | ||
3806 | 284 | ディレクトリを他ユーザに開放しないようにします。 | ||
3807 | 285 | 所有ユーザだけがこのディレクトリの内容を改変できるようにします。 | ||
3808 | 286 | </p> | ||
3809 | 287 | </li> | ||
3810 | 288 | |||
3811 | 289 | |||
3812 | 290 | <li> | ||
3813 | 291 | <strong>対象となる CGI/SSI プログラムは存在するか?</strong> | ||
3814 | 292 | |||
3815 | 293 | <p class="indent"> | ||
3816 | 294 | 存在しなければ実行できません。 | ||
3817 | 295 | </p> | ||
3818 | 296 | </li> | ||
3819 | 297 | |||
3820 | 298 | <li> | ||
3821 | 299 | <strong>対象となる CGI/SSI プログラムファイルが他アカウントから | ||
3822 | 300 | 書き込めるようになって<em>いない</em>か?</strong> | ||
3823 | 301 | |||
3824 | 302 | <p class="indent"> | ||
3825 | 303 | 所有者以外には CGI/SSI プログラムを変更する権限は与えられません。 | ||
3826 | 304 | </p> | ||
3827 | 305 | </li> | ||
3828 | 306 | |||
3829 | 307 | |||
3830 | 308 | <li> | ||
3831 | 309 | <strong>対象となる CGI/SSI プログラムが setuid または setgid | ||
3832 | 310 | されて<em>いない</em>か?</strong> | ||
3833 | 311 | |||
3834 | 312 | <p class="indent"> | ||
3835 | 313 | UID/GID を再度変更してのプログラム実行はしません | ||
3836 | 314 | </p> | ||
3837 | 315 | </li> | ||
3838 | 316 | |||
3839 | 317 | |||
3840 | 318 | <li> | ||
3841 | 319 | <strong>対象となるユーザ/グループがプログラムの | ||
3842 | 320 | ユーザ/グループと同じか?</strong> | ||
3843 | 321 | |||
3844 | 322 | <p class="indent"> | ||
3845 | 323 | ユーザがそのファイルの所有者ですか? | ||
3846 | 324 | </p> | ||
3847 | 325 | </li> | ||
3848 | 326 | |||
3849 | 327 | <li> | ||
3850 | 328 | <strong>安全な動作を保証するための環境変数クリアが可能か? | ||
3851 | 329 | </strong> | ||
3852 | 330 | |||
3853 | 331 | <p class="indent"> | ||
3854 | 332 | suEXEC は、安全な環境変数のリスト | ||
3855 | 333 | (これらは設定時に作成されます) 内の変数として渡される安全な | ||
3856 | 334 | PATH 変数 (設定時に指定されます) を設定することで、 | ||
3857 | 335 | プロセスの環境変数をクリアします。 | ||
3858 | 336 | </p> | ||
3859 | 337 | </li> | ||
3860 | 338 | |||
3861 | 339 | |||
3862 | 340 | <li> | ||
3863 | 341 | <strong>対象となる CGI/SSI プログラムを exec して実行できるか?</strong> | ||
3864 | 342 | |||
3865 | 343 | |||
3866 | 344 | <p class="indent"> | ||
3867 | 345 | ここで suEXEC が終了し、対象となるプログラムが開始されます。 | ||
3868 | 346 | </p> | ||
3869 | 347 | </li> | ||
3870 | 348 | </ol> | ||
3871 | 349 | |||
3872 | 350 | <p>ここまでが suEXEC の wrapper | ||
3873 | 351 | におけるセキュリティモデルの標準的な動作です。もう少し厳重に | ||
3874 | 352 | CGI/SSI 設計についての新しい制限や規定を取り入れることもできますが、 | ||
3875 | 353 | suEXEC はセキュリティに注意して慎重に少しずつ開発されてきました。 | ||
3876 | 354 | </p> | ||
3877 | 355 | |||
3878 | 356 | <p>このセキュリティモデルを用いて | ||
3879 | 357 | サーバ設定時にどのように許すことを制限するか、また、suEXEC | ||
3880 | 358 | を適切に設定するとどのようなセキュリティ上の危険を避けられるかに | ||
3881 | 359 | 関するより詳しい情報については、<a href="#jabberwock">"とかげに注意" | ||
3882 | 360 | (Beware the Jabberwock)</a> の章を参照してください。 | ||
3883 | 361 | </p> | ||
3884 | 362 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
3885 | 363 | <div class="section"> | ||
3886 | 364 | <h2><a name="install" id="install">suEXEC | ||
3887 | 365 | の設定とインストール</a></h2> | ||
3888 | 366 | |||
3889 | 367 | <p>ここから楽しくなります。</p> | ||
3890 | 368 | |||
3891 | 369 | <p><strong>suEXEC | ||
3892 | 370 | 設定オプション</strong><br /> | ||
3893 | 371 | </p> | ||
3894 | 372 | |||
3895 | 373 | <dl> | ||
3896 | 374 | <dt><code>--enable-suexec</code></dt> | ||
3897 | 375 | |||
3898 | 376 | <dd>このオプションは、デフォルトではインストールされず、 | ||
3899 | 377 | 有効にはならない suEXEC 機能を有効にします。 | ||
3900 | 378 | suEXEC を使うように APACI に要求するには、<code>--enable-suexec</code> | ||
3901 | 379 | オプションにあわせて少なくとも一つは <code>--with-suexec-xxxxx</code> | ||
3902 | 380 | オプションが指定されなければなりません。</dd> | ||
3903 | 381 | |||
3904 | 382 | <dt><code>--with-suexec-bin=<em>PATH</em></code></dt> | ||
3905 | 383 | |||
3906 | 384 | <dd>セキュリティ上の理由により、<code>suexec</code> バイナリのパスはサーバに | ||
3907 | 385 | ハードコードされている必要があります。デフォルトのパスを | ||
3908 | 386 | 変えたいときはこのオプションを使ってください。<em>例えば</em>、 | ||
3909 | 387 | <code>--with-suexec-bin=/usr/sbin/suexec</code> のように。</dd> | ||
3910 | 388 | |||
3911 | 389 | <dt><code>--with-suexec-caller=<em>UID</em></code></dt> | ||
3912 | 390 | |||
3913 | 391 | <dd>Apache を通常動作させる<a href="mod/mpm_common.html#user">ユーザ名</a>を指定します。 | ||
3914 | 392 | このユーザだけが suexec の実行を許可されたユーザになります。</dd> | ||
3915 | 393 | |||
3916 | 394 | <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt> | ||
3917 | 395 | |||
3918 | 396 | <dd>suEXEC がアクセスを許されるユーザホームディレクトリ配下の | ||
3919 | 397 | サブディレクトリを指定します。 | ||
3920 | 398 | このディレクトリ以下の全実行ファイルは、"安全な"プログラムになるよう、 | ||
3921 | 399 | suEXEC がそのユーザとして実行できるようにします。 | ||
3922 | 400 | "単純な" UserDir ディレクティブを使っている場合 | ||
3923 | 401 | (すなわち "*" を含まないもの)、これと同じ値を設定すべきです。 | ||
3924 | 402 | Userdir ディレクティブがそのユーザのパスワードファイル内の | ||
3925 | 403 | ホームディレクトリと同じ場所を指していなければ、 | ||
3926 | 404 | suEXEC は適切に動作しません。デフォルトは "public_html" です。 | ||
3927 | 405 | <br /> | ||
3928 | 406 | 各 UserDir が異なった仮想ホストを設定している場合、 | ||
3929 | 407 | それらを全て一つの親ディレクトリに含めて、 | ||
3930 | 408 | その親ディレクトリの名前をここで指定する必要があります。 | ||
3931 | 409 | <strong>このように指定されなければ "~userdir" cgi | ||
3932 | 410 | へのリクエストが動作しません。</strong></dd> | ||
3933 | 411 | |||
3934 | 412 | <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt> | ||
3935 | 413 | |||
3936 | 414 | <dd>Apache のドキュメントルートを設定します。これが suEXEC | ||
3937 | 415 | の動作で使用する唯一のディレクトリ階層になります (UserDir | ||
3938 | 416 | の指定は別)。デフォルトでは <code>--datedir</code> に "/htdocs" | ||
3939 | 417 | というサフィックスをつけたものです。 | ||
3940 | 418 | "<code>--datadir=/home/apache</code>" として設定すると、 | ||
3941 | 419 | suEXEC wrapper にとって "/home/apache/htdocs" | ||
3942 | 420 | がドキュメントルートとして使われます。</dd> | ||
3943 | 421 | |||
3944 | 422 | <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt> | ||
3945 | 423 | |||
3946 | 424 | <dd>suEXEC の対象ユーザとして許される UID の最小値を指定します。 | ||
3947 | 425 | 大抵のシステムでは 500 か 100 が一般的です。 | ||
3948 | 426 | デフォルト値は 100 です。</dd> | ||
3949 | 427 | |||
3950 | 428 | <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt> | ||
3951 | 429 | |||
3952 | 430 | <dd>suEXEC の対象グループとして許される GID | ||
3953 | 431 | の最小値を指定します。大抵のシステムでは 100 が一般的なので、 | ||
3954 | 432 | デフォルト値としても 100 が使われています。</dd> | ||
3955 | 433 | |||
3956 | 434 | <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt> | ||
3957 | 435 | |||
3958 | 436 | <dd>suEXEC の処理とエラーが記録されるファイル名を指定します。 | ||
3959 | 437 | (監査やデバッグ目的に有用) | ||
3960 | 438 | デフォルトではログファイルは "suexec_log" という名前で、 | ||
3961 | 439 | 標準のログファイルディレクトリ (<code>--logfiledir</code>) に置かれます。 | ||
3962 | 440 | </dd> | ||
3963 | 441 | |||
3964 | 442 | <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt> | ||
3965 | 443 | |||
3966 | 444 | <dd>CGI 実行ファイルに渡される安全な PATH 環境変数です。 | ||
3967 | 445 | デフォルト値は "/usr/local/bin:/usr/bin:/bin" です。 | ||
3968 | 446 | </dd> | ||
3969 | 447 | </dl> | ||
3970 | 448 | |||
3971 | 449 | <p><strong>suEXEC wrapper | ||
3972 | 450 | のコンパイルとインストール</strong><br /> | ||
3973 | 451 | <code>--enable-suexec</code> オプションで suEXEC 機能を有効にすると、 | ||
3974 | 452 | "make" コマンドを実行した時に <code>suexec</code> のバイナリ (Apache 自体も) | ||
3975 | 453 | が自動的に作成されます。 | ||
3976 | 454 | <br /> | ||
3977 | 455 | すべての構成要素が作成されると、それらのインストールには | ||
3978 | 456 | <code>make install</code> コマンドが実行できます。バイナリイメージの <code>suexec</code> | ||
3979 | 457 | は <code>--sbindir</code> オプションで指定されたディレクトリにインストールされます。 | ||
3980 | 458 | デフォルトの場所は "/usr/local/apache/bin/suexec" です。<br /> | ||
3981 | 459 | インストール時には <strong><em>root</em></strong> | ||
3982 | 460 | 権限が必要なので注意してください。wrapper がユーザ ID | ||
3983 | 461 | を設定するために、所有者 <code><em>root</em></code> | ||
3984 | 462 | でのセットユーザ ID | ||
3985 | 463 | ビットをそのファイルのモードに設定しなければなりません。 | ||
3986 | 464 | </p> | ||
3987 | 465 | |||
3988 | 466 | <p><strong>安全なパーミッションを設定する</strong><br /> | ||
3989 | 467 | suEXEC ラッパーは、<code>--with-suexec-caller</code> <code class="program"><a href="./programs/configure.html">configure</a></code> | ||
3990 | 468 | オプションで指定した正しいユーザで起動されていることを確認しますが、 | ||
3991 | 469 | システム上でこのチェックが行なわれる前に、 | ||
3992 | 470 | suEXEC が呼ぶシステムやライブラリが脆弱である可能性は残ります。対抗策として、 | ||
3993 | 471 | 一般に良い習慣ともされいますが、 | ||
3994 | 472 | ファイルシステムパーミッションを使って | ||
3995 | 473 | Apache の実行時のグループのみが suEXEC を実行できるように | ||
3996 | 474 | するのが良いでしょう。</p> | ||
3997 | 475 | |||
3998 | 476 | <p>たとえば、次のようにサーバが設定されていたとします。</p> | ||
3999 | 477 | |||
4000 | 478 | <div class="example"><p><code> | ||
4001 | 479 | User www<br /> | ||
4002 | 480 | Group webgroup<br /> | ||
4003 | 481 | </code></p></div> | ||
4004 | 482 | |||
4005 | 483 | <p><code class="program"><a href="./programs/suexec.html">suexec</a></code> が "/usr/local/apache2/bin/suexec" | ||
4006 | 484 | にインストールされていた場合、次のように設定する必要があります。</p> | ||
4007 | 485 | |||
4008 | 486 | <div class="example"><p><code> | ||
4009 | 487 | chgrp webgroup /usr/local/apache2/bin/suexec<br /> | ||
4010 | 488 | chmod 4750 /usr/local/apache2/bin/suexec<br /> | ||
4011 | 489 | </code></p></div> | ||
4012 | 490 | |||
4013 | 491 | <p>これで Apache が実行されるグループのみが | ||
4014 | 492 | suEXEC ラッパーを実行できるということを | ||
4015 | 493 | 確証します。</p> | ||
4016 | 494 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4017 | 495 | <div class="section"> | ||
4018 | 496 | <h2><a name="enable" id="enable">suEXEC | ||
4019 | 497 | の有効化と無効化</a></h2> | ||
4020 | 498 | |||
4021 | 499 | <p>起動時に、Apache は <code>--sbindir</code> | ||
4022 | 500 | オプションで設定されたディレクトリで | ||
4023 | 501 | <code>suexec</code> を探します | ||
4024 | 502 | (デフォルトは "/usr/local/apache/sbin/suexec") 。 | ||
4025 | 503 | 適切に設定された suEXEC がみつかると、 | ||
4026 | 504 | エラーログに以下のメッセージが出力されます。</p> | ||
4027 | 505 | |||
4028 | 506 | <div class="example"><p><code> | ||
4029 | 507 | [notice] suEXEC mechanism enabled (wrapper: <var>/path/to/suexec</var>) | ||
4030 | 508 | </code></p></div> | ||
4031 | 509 | |||
4032 | 510 | <p>サーバ起動時にこのメッセージが出ない場合、 | ||
4033 | 511 | 大抵はサーバが想定した場所で wrapper プログラムが見つからなかったか、 | ||
4034 | 512 | <em>setuid root</em> としてインストールされていないかです。</p> | ||
4035 | 513 | |||
4036 | 514 | <p>suEXEC の仕組みを使用するのが初めてで、Apache が既に動作中であれば、 | ||
4037 | 515 | Apache を kill して、再起動しなければなりません。HUP シグナルや | ||
4038 | 516 | USR1 シグナルによる単純な再起動では不十分です。</p> | ||
4039 | 517 | <p>suEXEC を無効にする場合は、<code>suexec</code> ファイルを削除してから | ||
4040 | 518 | Apache を kill して再起動します。 | ||
4041 | 519 | </p> | ||
4042 | 520 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4043 | 521 | <div class="section"> | ||
4044 | 522 | <h2><a name="usage" id="usage">suEXEC の使用</a></h2> | ||
4045 | 523 | |||
4046 | 524 | <p>CGI プログラムへのリクエストが suEXEC ラッパーを呼ぶのは、 | ||
4047 | 525 | <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> ディレクティブを | ||
4048 | 526 | 含むバーチャルホストへのリクエストか、<code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> により | ||
4049 | 527 | 処理されたリクエストの場合に限ります。</p> | ||
4050 | 528 | |||
4051 | 529 | <p><strong>仮想ホスト:</strong><br /> | ||
4052 | 530 | suEXEC wrapper の使い方として、 | ||
4053 | 531 | <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> 設定での | ||
4054 | 532 | <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> | ||
4055 | 533 | ディレクティブを通したものがあります。 | ||
4056 | 534 | このディレクティブをメインサーバのユーザ ID | ||
4057 | 535 | と異なるものにすると、CGI リソースへのすべてのリクエストは、その | ||
4058 | 536 | <code class="directive"><a href="./mod/core.html#virtualhost"><VirtualHost></a></code> で指定された <em>User</em> と | ||
4059 | 537 | <em>Group</em> として実行されます。<code class="directive"><a href="./mod/core.html#virtualhost"><VirtualHost></a></code> | ||
4060 | 538 | でこのディレクティブが指定されていない場合、 | ||
4061 | 539 | メインサーバのユーザ ID が想定されます。</p> | ||
4062 | 540 | |||
4063 | 541 | <p><strong>ユーザディレクトリ:</strong><br /> | ||
4064 | 542 | <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> により処理されたリクエストは | ||
4065 | 543 | リクエストされたユーザディレクトリのユーザ ID で CGI プログラムを | ||
4066 | 544 | 実行するために suEXEC ラッパーを呼びます。 | ||
4067 | 545 | この機能を動作させるために必要なことは、CGI | ||
4068 | 546 | をそのユーザで実行できること、そのスクリプトが上記の<a href="#model">セキュリティ検査</a>をパスできることです。 | ||
4069 | 547 | <a href="#install">コンパイル | ||
4070 | 548 | 時のオプション</a> <code>--with-suexec-userdir</code> も参照してください。</p> | ||
4071 | 549 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4072 | 550 | <div class="section"> | ||
4073 | 551 | <h2><a name="debug" id="debug">suEXEC のデバッグ</a></h2> | ||
4074 | 552 | |||
4075 | 553 | <p>suEXEC wrapper は、上記で述べた <code>--with-suexec-logfile</code> | ||
4076 | 554 | オプションで指定されたファイルにログ情報を記録します。 | ||
4077 | 555 | wrapper を適切に設定、インストールできていると思う場合、 | ||
4078 | 556 | どこで迷っているか見ようとするならこのログとサーバの | ||
4079 | 557 | エラーログを見るとよいでしょう。</p> | ||
4080 | 558 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4081 | 559 | <div class="section"> | ||
4082 | 560 | <h2><a name="jabberwock" id="jabberwock">とかげに注意: 警告と事例</a></h2> | ||
4083 | 561 | |||
4084 | 562 | <p><strong>注意!</strong> | ||
4085 | 563 | この章は完全ではありません。この章の最新改訂版については、 | ||
4086 | 564 | Apache グループの<a href="http://httpd.apache.org/docs/2.4/suexec.html"> | ||
4087 | 565 | オンラインドキュメント</a>版を参照してください。 | ||
4088 | 566 | </p> | ||
4089 | 567 | |||
4090 | 568 | <p>サーバの設定に制限をもうける wrapper について、 | ||
4091 | 569 | いくつか興味深い点があります。suEXEC に関する "バグ" | ||
4092 | 570 | を報告する前にこれらを確認してください。</p> | ||
4093 | 571 | |||
4094 | 572 | <ul> | ||
4095 | 573 | <li><strong>suEXEC の興味深い点</strong></li> | ||
4096 | 574 | |||
4097 | 575 | <li>階層構造の制限 | ||
4098 | 576 | |||
4099 | 577 | |||
4100 | 578 | <p class="indent"> | ||
4101 | 579 | セキュリティと効率の理由から、<code>suEXEC</code> の全てのリクエストは | ||
4102 | 580 | 仮想ホストへのリクエストにおける最上位のドキュメントルート内か、 | ||
4103 | 581 | ユーザディレクトリへのリクエストにおける個々のユーザの最上位の | ||
4104 | 582 | ドキュメントルート内に残らなければなりません。 | ||
4105 | 583 | 例えば、四つの仮想ホストを設定している場合、 | ||
4106 | 584 | 仮想ホストの suEXEC に有利なように、メインの Apache | ||
4107 | 585 | ドキュメント階層の外側に全ての仮想ホストのドキュメントルートを | ||
4108 | 586 | 構築する必要があります。(例は後日記載) | ||
4109 | 587 | </p> | ||
4110 | 588 | </li> | ||
4111 | 589 | |||
4112 | 590 | <li>suEXEC の PATH 環境変数 | ||
4113 | 591 | |||
4114 | 592 | |||
4115 | 593 | <p class="indent"> | ||
4116 | 594 | これを変更するのは危険です。この指定に含まれる各パスが | ||
4117 | 595 | <strong>信頼できる</strong> | ||
4118 | 596 | ディレクトリであることを確認してください。 | ||
4119 | 597 | 世界からのアクセスにより、誰かがホスト上でトロイの木馬 | ||
4120 | 598 | を実行できるようにはしたくないでしょう。 | ||
4121 | 599 | </p> | ||
4122 | 600 | </li> | ||
4123 | 601 | |||
4124 | 602 | <li>suEXEC コードの改造 | ||
4125 | 603 | |||
4126 | 604 | |||
4127 | 605 | <p class="indent"> | ||
4128 | 606 | 繰り返しますが、何をやろうとしているか把握せずにこれをやると | ||
4129 | 607 | <strong>大きな問題</strong>を引き起こしかねません。 | ||
4130 | 608 | 可能な限り避けてください。 | ||
4131 | 609 | </p> | ||
4132 | 610 | </li> | ||
4133 | 611 | </ul> | ||
4134 | 612 | </div></div> | ||
4135 | 613 | <div class="bottomlang"> | ||
4136 | 614 | <p><span>翻訳済み言語: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English"> en </a> | | ||
4137 | 615 | <a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | | ||
4138 | 616 | <a href="./ja/suexec.html" title="Japanese"> ja </a> | | ||
4139 | 617 | <a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | | ||
4140 | 618 | <a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> | ||
4141 | 619 | </div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">コメント</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> | ||
4142 | 620 | <script type="text/javascript"><!--//--><![CDATA[//><!-- | ||
4143 | 621 | var comments_shortname = 'httpd'; | ||
4144 | 622 | var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html'; | ||
4145 | 623 | (function(w, d) { | ||
4146 | 624 | if (w.location.hostname.toLowerCase() == "httpd.apache.org") { | ||
4147 | 625 | d.write('<div id="comments_thread"><\/div>'); | ||
4148 | 626 | var s = d.createElement('script'); | ||
4149 | 627 | s.type = 'text/javascript'; | ||
4150 | 628 | s.async = true; | ||
4151 | 629 | s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; | ||
4152 | 630 | (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); | ||
4153 | 631 | } | ||
4154 | 632 | else { | ||
4155 | 633 | d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); | ||
4156 | 634 | } | ||
4157 | 635 | })(window, document); | ||
4158 | 636 | //--><!]]></script></div><div id="footer"> | ||
4159 | 637 | <p class="apache">Copyright 2015 The Apache Software Foundation.<br />この文書は <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> のライセンスで提供されています。.</p> | ||
4160 | 638 | <p class="menu"><a href="./mod/">モジュール</a> | <a href="./mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">用語</a> | <a href="./sitemap.html">サイトマップ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- | ||
4161 | 639 | if (typeof(prettyPrint) !== 'undefined') { | ||
4162 | 640 | prettyPrint(); | ||
4163 | 641 | } | ||
4164 | 642 | //--><!]]></script> | ||
4165 | 643 | </body></html> | ||
4166 | 0 | \ No newline at end of file | 644 | \ No newline at end of file |
4167 | diff --git a/docs/manual/suexec.html.ko.euc-kr b/docs/manual/suexec.html.ko.euc-kr | |||
4168 | 1 | new file mode 100644 | 645 | new file mode 100644 |
4169 | index 0000000..93931d5 | |||
4170 | --- /dev/null | |||
4171 | +++ b/docs/manual/suexec.html.ko.euc-kr | |||
4172 | @@ -0,0 +1,564 @@ | |||
4173 | 1 | <?xml version="1.0" encoding="EUC-KR"?> | ||
4174 | 2 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | ||
4175 | 3 | <html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head> | ||
4176 | 4 | <meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" /> | ||
4177 | 5 | <!-- | ||
4178 | 6 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
4179 | 7 | This file is generated from xml source: DO NOT EDIT | ||
4180 | 8 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
4181 | 9 | --> | ||
4182 | 10 | <title>suEXEC ���� - Apache HTTP Server Version 2.4</title> | ||
4183 | 11 | <link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> | ||
4184 | 12 | <link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> | ||
4185 | 13 | <link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" /> | ||
4186 | 14 | <script src="./style/scripts/prettify.min.js" type="text/javascript"> | ||
4187 | 15 | </script> | ||
4188 | 16 | |||
4189 | 17 | <link href="./images/favicon.ico" rel="shortcut icon" /></head> | ||
4190 | 18 | <body id="manual-page"><div id="page-header"> | ||
4191 | 19 | <p class="menu"><a href="./mod/">���</a> | <a href="./mod/directives.html">���þ��</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">���</a> | <a href="./sitemap.html">����Ʈ��</a></p> | ||
4192 | 20 | <p class="apache">Apache HTTP Server Version 2.4</p> | ||
4193 | 21 | <img alt="" src="./images/feather.gif" /></div> | ||
4194 | 22 | <div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> | ||
4195 | 23 | <div id="path"> | ||
4196 | 24 | <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>suEXEC ����</h1> | ||
4197 | 25 | <div class="toplang"> | ||
4198 | 26 | <p><span>������ ���: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English"> en </a> | | ||
4199 | 27 | <a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | | ||
4200 | 28 | <a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | | ||
4201 | 29 | <a href="./ko/suexec.html" title="Korean"> ko </a> | | ||
4202 | 30 | <a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> | ||
4203 | 31 | </div> | ||
4204 | 32 | <div class="outofdate">�� ������ �ֽ��� ������ �ƴմϴ�. | ||
4205 | 33 | �ֱٿ� ����� ������ ���� ������ �����ϼ���.</div> | ||
4206 | 34 | |||
4207 | 35 | <p><strong>suEXEC</strong> ����� ����ġ�� <strong>CGI</strong>�� | ||
4208 | 36 | <strong>SSI</strong> ����� �������� ������ ����� ID�� | ||
4209 | 37 | �ƴ� �ٸ� ����� ID�� �����ϵ��� �Ѵ�. ���� CGI�� SSI ���α��� | ||
4210 | 38 | �����ϸ� �������� ������ ����ڿ� ���� ����ڷ� �����Ѵ�.</p> | ||
4211 | 39 | |||
4212 | 40 | <p>�� ����� ������ ����ϸ� ����ڰ� ���� CGI�� SSI ���α��� | ||
4213 | 41 | �����ϰ� �����Ҷ� ���� �� �ִ� ���������� ����� ���� | ||
4214 | 42 | �� �ִ�. ���� suEXEC�� �������ϰ� �����Ǹ� ���� ������ | ||
4215 | 43 | ��ǻ�Ϳ� ���ο� ���� ������ ���� �� �ִ�. ���� <em>setuid root</em> | ||
4216 | 44 | ���α��� �̷� ���α��� ���� ������ �����ϴٸ� suEXEC�� | ||
4217 | 45 | ��������ʱ� �������� �ٶ���.</p> | ||
4218 | 46 | </div> | ||
4219 | 47 | <div id="quickview"><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">�����ϱ� ����</a></li> | ||
4220 | 48 | <li><img alt="" src="./images/down.gif" /> <a href="#model">suEXEC ���ȸ�</a></li> | ||
4221 | 49 | <li><img alt="" src="./images/down.gif" /> <a href="#install">suEXEC ������ ��ġ</a></li> | ||
4222 | 50 | <li><img alt="" src="./images/down.gif" /> <a href="#enable">suEXEC �� ���</a></li> | ||
4223 | 51 | <li><img alt="" src="./images/down.gif" /> <a href="#usage">suEXEC ����ϱ�</a></li> | ||
4224 | 52 | <li><img alt="" src="./images/down.gif" /> <a href="#debug">suEXEC ������ϱ�</a></li> | ||
4225 | 53 | <li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">�ٽ� �ѹ� �����϶�: ���� ����</a></li> | ||
4226 | 54 | </ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> | ||
4227 | 55 | <div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4228 | 56 | <div class="section"> | ||
4229 | 57 | <h2><a name="before" id="before">�����ϱ� ����</a></h2> | ||
4230 | 58 | |||
4231 | 59 | <p>�����ϱ� ���� �켱 ����ġ��� �� ������ ������ ������.</p> | ||
4232 | 60 | |||
4233 | 61 | <p>���� <strong>setuid</strong>�� <strong>setgid</strong> | ||
4234 | 62 | ����� ������ ���н��� �ü���� ����Ѵٰ� �����Ѵ�. ��� | ||
4235 | 63 | ��ɾ� ���鵵 ���� ������ �Ѵ�. suEXEC�� �����ϴ� �ٸ� �÷����� | ||
4236 | 64 | ����ϴٸ� ������ �ٸ� �� �ִ�.</p> | ||
4237 | 65 | |||
4238 | 66 | <p>�ι�°, ����� ��ǻ�� ������ �⺻ ����� ������ �ͼ��ϴٰ� | ||
4239 | 67 | �����Ѵ�. ����� <strong>setuid/setgid</strong> ��ɰ� | ||
4240 | 68 | �̵��� �ý��۰� ���ȿ� ��ġ�� ���� ��� ���� ���ذ� ���Եȴ�.</p> | ||
4241 | 69 | |||
4242 | 70 | <p>����°, suEXEC �ڵ��� <strong>������������</strong> | ||
4243 | 71 | ������ ����Ѵٰ� �����Ѵ�. �����ڿ� ���� ��Ÿ���͵��� | ||
4244 | 72 | suEXEC�� ���õ� ��� �ڵ带 ���ɽ����� �����ϰ� �˻��ߴ�. | ||
4245 | 73 | �ڵ带 �����ϰ� �ϰ� Ȯ���� ������ �����ϱ����� ��� ���Ǹ� | ||
4246 | 74 | ����. �� �ڵ带 �����ϸ� ����ġ���� ������ ���ο� ���� | ||
4247 | 75 | ������ ���� �� �ִ�. ���� ���α��ֿ� ���� �ſ� �� �˰� | ||
4248 | 76 | �ڵ带 ���캸������ ����ġ��� �۾��� ������ �ǻ簡 ���ٸ� | ||
4249 | 77 | suEXEC �ڵ带 ���������ʱ� <strong>������</strong> ���Ѵ�.</p> | ||
4250 | 78 | |||
4251 | 79 | <p>��°���� ����������, ����ġ���� suEXEC�� ����ġ | ||
4252 | 80 | �⺻��ġ�� �������� <strong>�ʱ��</strong> �����ߴ�. �ᱹ | ||
4253 | 81 | �����ڰ� ���Ǹ� ��←�� suEXEC�� �����ؾ� �Ѵ�. suEXEC�� | ||
4254 | 82 | ���� ������ �� ������� �����ڴ� �Ϲ����� ��ġ����� suEXEC�� | ||
4255 | 83 | ��ġ�� �� �ִ�. suEXEC ����� ����ϴ� �ý����� ������ å������ | ||
4256 | 84 | �����ڴ� �� ���������� �����ְ� ���캸�� �����ؾ� �Ѵ�. | ||
4257 | 85 | �̷� ���� ������ suEXEC�� ����Ҹ�ŭ �����ְ� ��ȣ�� | ||
4258 | 86 | ������� suEXEC�� ����ϵ��� ����ġ���� ���ϱ� �����̴�.</p> | ||
4259 | 87 | |||
4260 | 88 | <p>������ ����ϱ� ���ϴ°�? ����? ����. ���� ��������!</p> | ||
4261 | 89 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4262 | 90 | <div class="section"> | ||
4263 | 91 | <h2><a name="model" id="model">suEXEC ���ȸ�</a></h2> | ||
4264 | 92 | |||
4265 | 93 | <p>suEXEC�� �����ϰ� ��ġ�ϱ� ���� �츮�� ���ȸ��� ���� | ||
4266 | 94 | �����Ѵ�. �̸� ���� ��Ȯ�� suEXEC �ȿ����� ���� ���� �Ͼ�� | ||
4267 | 95 | �ý����� ������ ���� ������ �����ؾ� ���� �� �� ������ �� | ||
4268 | 96 | �ִ�.</p> | ||
4269 | 97 | |||
4270 | 98 | <p><strong>suEXEC</strong>�� ����ġ �������� �θ��� setuid | ||
4271 | 99 | "wrapper" ���α��� ������� �Ѵ�. �� wrapper�� �����ڰ� | ||
4272 | 100 | �ּ����� �ٸ� userid�� �����ϵ��� ������ CGI�� SSI ���α��� | ||
4273 | 101 | HTTP ��û�� ���� �Ҹ���. �̷� ��û�� ���� ����ġ�� suEXEC | ||
4274 | 102 | wrapper���� ���α���� ���α��� ������ ����ڿ� �� | ||
4275 | 103 | ID�� �����Ѵ�.</p> | ||
4276 | 104 | |||
4277 | 105 | <p>���� wrapper�� ���� ������ ���� ������ ���и� �����Ѵ�. | ||
4278 | 106 | �� ������ �ϳ��� �����ϸ� ���α��� ���з� ��ϵǰ� ������ | ||
4279 | 107 | ���� �����Ѵ�. �������� ������ ������ ����Ѵ�:</p> | ||
4280 | 108 | |||
4281 | 109 | <ol> | ||
4282 | 110 | <li> | ||
4283 | 111 | <strong>wrapper�� �����ϴ� ����ڰ� �ý����� �������� | ||
4284 | 112 | �������</strong> | ||
4285 | 113 | |||
4286 | 114 | <p class="indent"> | ||
4287 | 115 | wrapper�� �����ϴ� ����ڰ� ������ �ý����� ��������� | ||
4288 | 116 | Ȯ���Ѵ�. | ||
4289 | 117 | </p> | ||
4290 | 118 | </li> | ||
4291 | 119 | |||
4292 | 120 | <li> | ||
4293 | 121 | <strong>������ ���� �ƱԸ�Ʈ�� wrapper�� �����ϴ°�?</strong> | ||
4294 | 122 | |||
4295 | 123 | <p class="indent"> | ||
4296 | 124 | wrapper�� ������ ���� �ƱԸ�Ʈ�� �־�߸� ����ȴ�. | ||
4297 | 125 | ����ġ �������� �� ������ �ȴ�. wrapper�� ������ ���� | ||
4298 | 126 | �ƱԸ�Ʈ�� �������ϸ� ��ŷ�Ǿ��ų� ����ġ�� suEXEC�� | ||
4299 | 127 | ���� ������ �ִ� ���̴�. | ||
4300 | 128 | </p> | ||
4301 | 129 | </li> | ||
4302 | 130 | |||
4303 | 131 | <li> | ||
4304 | 132 | <strong>�� ����ڰ� wrapper�� �����ϵ��� ���Ǿ���?</strong> | ||
4305 | 133 | |||
4306 | 134 | <p class="indent"> | ||
4307 | 135 | �� ����ڰ� wrapper�� �����ϵ��� ���Ǿ���? ���� | ||
4308 | 136 | �� �����(����ġ �����)���� �� ���α��� ������ | ||
4309 | 137 | �� �ִ�. | ||
4310 | 138 | </p> | ||
4311 | 139 | </li> | ||
4312 | 140 | |||
4313 | 141 | <li> | ||
4314 | 142 | <strong>������ CGI�� SSI ����� ������������ ���������� | ||
4315 | 143 | �����°�?</strong> | ||
4316 | 144 | |||
4317 | 145 | <p class="indent"> | ||
4318 | 146 | ������ CGI�� SSI ���α��� '/'�� �����ϰų� ������ | ||
4319 | 147 | '..'�� �����°�? �̵��� ����� �� ����. ������ CGI/SSI | ||
4320 | 148 | ���α��� suEXEC ���� root (�Ʒ� | ||
4321 | 149 | <code>--with-suexec-docroot=<em>DIR</em></code> ����) | ||
4322 | 150 | ���� �־�� �Ѵ�. | ||
4323 | 151 | </p> | ||
4324 | 152 | </li> | ||
4325 | 153 | |||
4326 | 154 | <li> | ||
4327 | 155 | <strong>������ ����ڸ��� ��ȿ�Ѱ�?</strong> | ||
4328 | 156 | |||
4329 | 157 | <p class="indent"> | ||
4330 | 158 | ������ ����ڰ� �����ϴ°�? | ||
4331 | 159 | </p> | ||
4332 | 160 | </li> | ||
4333 | 161 | |||
4334 | 162 | <li> | ||
4335 | 163 | <strong>������ ����� ��ȿ�Ѱ�?</strong> | ||
4336 | 164 | |||
4337 | 165 | <p class="indent"> | ||
4338 | 166 | ������ ���� �����ϴ°�? | ||
4339 | 167 | </p> | ||
4340 | 168 | </li> | ||
4341 | 169 | |||
4342 | 170 | <li> | ||
4343 | 171 | <strong>������ ����ڰ� superuser�� <em>�ƴѰ�</em>?</strong> | ||
4344 | 172 | |||
4345 | 173 | |||
4346 | 174 | <p class="indent"> | ||
4347 | 175 | ���� suEXEC�� <code><em>root</em></code>�� CGI/SSI | ||
4348 | 176 | ���α��� ������ �� ������ �Ѵ�. | ||
4349 | 177 | </p> | ||
4350 | 178 | </li> | ||
4351 | 179 | |||
4352 | 180 | <li> | ||
4353 | 181 | <strong>������ userid�� �ּ� ID ���ں��� <em>ū��</em>?</strong> | ||
4354 | 182 | |||
4355 | 183 | <p class="indent"> | ||
4356 | 184 | �������� �ּ� ����� ID ���ڸ� �����Ѵ�. ���� CGI/SSI | ||
4357 | 185 | ���α��� ������ �� �ִ� userid�� �ּ�ġ�� ������ | ||
4358 | 186 | �� �ִ�. "�ý��ۿ�" ������ �����Ҷ� �����ϴ�. | ||
4359 | 187 | </p> | ||
4360 | 188 | </li> | ||
4361 | 189 | |||
4362 | 190 | <li> | ||
4363 | 191 | <strong>������ ���� superuser ���� <em>�ƴѰ�</em>?</strong> | ||
4364 | 192 | |||
4365 | 193 | <p class="indent"> | ||
4366 | 194 | ���� suEXEC�� <code><em>root</em></code> ���� CGI/SSI | ||
4367 | 195 | ���α��� ������ �� ������ �Ѵ�. | ||
4368 | 196 | </p> | ||
4369 | 197 | </li> | ||
4370 | 198 | |||
4371 | 199 | <li> | ||
4372 | 200 | <strong>������ groupid�� �ּ� ID ���ں��� <em>ū��</em>?</strong> | ||
4373 | 201 | |||
4374 | 202 | <p class="indent"> | ||
4375 | 203 | �������� �ּ� �� ID ���ڸ� �����Ѵ�. ���� CGI/SSI | ||
4376 | 204 | ���α��� ������ �� �ִ� groupid�� �ּ�ġ�� ������ | ||
4377 | 205 | �� �ִ�. "�ý��ۿ�" ���� �����Ҷ� �����ϴ�. | ||
4378 | 206 | </p> | ||
4379 | 207 | </li> | ||
4380 | 208 | |||
4381 | 209 | <li> | ||
4382 | 210 | <strong>wrapper�� ���������� ������ ����ڿ� ���� | ||
4383 | 211 | �� �� �ִ°�?</strong> | ||
4384 | 212 | |||
4385 | 213 | <p class="indent"> | ||
4386 | 214 | �� �ܰ迡�� ���α��� setuid�� setgid ȣ���� �Ͽ� | ||
4387 | 215 | ������ ����ڿ� ���� �ȴ�. ��, �� ���ٸ���� | ||
4388 | 216 | ����ڰ� �ش�� ��� ������ �ʱ�ȭ�ȴ�. | ||
4389 | 217 | </p> | ||
4390 | 218 | </li> | ||
4391 | 219 | |||
4392 | 220 | <li> | ||
4393 | 221 | <strong>CGI/SSI ���α��� �ִ� ���丮�� ���丮�� | ||
4394 | 222 | ������ �� �ִ°�?</strong> | ||
4395 | 223 | |||
4396 | 224 | <p class="indent"> | ||
4397 | 225 | ���丮�� �������� �ʴٸ� ������ ���� �� ����. �̰����� | ||
4398 | 226 | ���丮�� ������ �� ���ٸ� ���丮�� �������� ���� | ||
4399 | 227 | ���̴�. | ||
4400 | 228 | </p> | ||
4401 | 229 | </li> | ||
4402 | 230 | |||
4403 | 231 | <li> | ||
4404 | 232 | <strong>���丮�� ����ġ ������ �ȿ� �ִ°�?</strong> | ||
4405 | 233 | |||
4406 | 234 | <p class="indent"> | ||
4407 | 235 | ������ �Ϲ����� �κ��� ��û�� ��� ��û�ϴ� ���丮�� | ||
4408 | 236 | suEXEC ���� root �Ʒ� �ִ°�? UserDir�� ��û�� ��� | ||
4409 | 237 | ��û�ϴ� ���丮�� suEXEC userdir�� ������ (<a href="#install">suEXEC ���� �ɼ�</a> ����) ���丮 | ||
4410 | 238 | �Ʒ��� �ִ°�? | ||
4411 | 239 | </p> | ||
4412 | 240 | </li> | ||
4413 | 241 | |||
4414 | 242 | <li> | ||
4415 | 243 | <strong>�ٸ� ������ ���丮�� ��������� <em>���°�</em>?</strong> | ||
4416 | 244 | |||
4417 | 245 | <p class="indent"> | ||
4418 | 246 | ���丮�� �ٸ� ������� ����α� �������ʴ´�. ���� | ||
4419 | 247 | �����ڸ��� ���丮 ������ ������ �� �ִ�. | ||
4420 | 248 | </p> | ||
4421 | 249 | </li> | ||
4422 | 250 | |||
4423 | 251 | <li> | ||
4424 | 252 | <strong>������ CGI/SSI ���α��� �����ϴ°�?</strong> | ||
4425 | 253 | |||
4426 | 254 | <p class="indent"> | ||
4427 | 255 | ���������ʴٸ� ������ ���� ����. | ||
4428 | 256 | </p> | ||
4429 | 257 | </li> | ||
4430 | 258 | |||
4431 | 259 | <li> | ||
4432 | 260 | <strong>�ٸ� ������ ������ CGI/SSI ���α��� ��������� | ||
4433 | 261 | <em>���°�</em>?</strong> | ||
4434 | 262 | |||
4435 | 263 | <p class="indent"> | ||
4436 | 264 | �����ڿ� ������ CGI/SSI ���α��� �����ϱ� �������ʴ´�. | ||
4437 | 265 | </p> | ||
4438 | 266 | </li> | ||
4439 | 267 | |||
4440 | 268 | <li> | ||
4441 | 269 | <strong>������ CGI/SSI ����� setuid�� setgid�� | ||
4442 | 270 | <em>�ƴѰ�</em>?</strong> | ||
4443 | 271 | |||
4444 | 272 | <p class="indent"> | ||
4445 | 273 | �츮�� ���α��� �ٽ� UID/GID�� �����ϱ� �������ʴ´�. | ||
4446 | 274 | </p> | ||
4447 | 275 | </li> | ||
4448 | 276 | |||
4449 | 277 | <li> | ||
4450 | 278 | <strong>������ �����/���� ����� �����/��� ������?</strong> | ||
4451 | 279 | |||
4452 | 280 | <p class="indent"> | ||
4453 | 281 | ����ڰ� ������ �������ΰ�? | ||
4454 | 282 | </p> | ||
4455 | 283 | </li> | ||
4456 | 284 | |||
4457 | 285 | <li> | ||
4458 | 286 | <strong>������ ������ ���� ���μ����� ȯ�溯���� û���� | ||
4459 | 287 | �� �ִ°�?</strong> | ||
4460 | 288 | |||
4461 | 289 | <p class="indent"> | ||
4462 | 290 | suEXEC�� (�������� ������) ������ ���� PATH�� ���, | ||
4463 | 291 | (�̰͵� �������� ����) ������ ȯ�溯�� ��Ͽ� ���ŵ� | ||
4464 | 292 | ������ ����� ���μ����� ȯ�溯���� �����. | ||
4465 | 293 | </p> | ||
4466 | 294 | </li> | ||
4467 | 295 | |||
4468 | 296 | <li> | ||
4469 | 297 | <strong>���������� ������ CGI/SSI ����� ������ | ||
4470 | 298 | �� �ִ°�?</strong> | ||
4471 | 299 | |||
4472 | 300 | <p class="indent"> | ||
4473 | 301 | ���⼭ suEXEC�� ������ ������ CGI/SSI ���α��� �����Ѵ�. | ||
4474 | 302 | </p> | ||
4475 | 303 | </li> | ||
4476 | 304 | </ol> | ||
4477 | 305 | |||
4478 | 306 | <p>�̰��� suEXEC wrapper ���ȸ��� ǥ�� �����̴�. �ټ� | ||
4479 | 307 | �����ϰ� CGI/SSI ���迡 ���ο� ������ ������, ������ ���ο� | ||
4480 | 308 | �ΰ� �Ѵܰ辿 ���ɽ����� ���������.</p> | ||
4481 | 309 | |||
4482 | 310 | <p>�� ���� ���� ���� ������ � ������ �ִ����� ������ | ||
4483 | 311 | suEXEC �������� � ���� ������ ���� �� �ִ����� ���� �� | ||
4484 | 312 | ������ <a href="#jabberwock">"�ٽ� �ѹ� �����϶�"</a> ���� | ||
4485 | 313 | �����϶�.</p> | ||
4486 | 314 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4487 | 315 | <div class="section"> | ||
4488 | 316 | <h2><a name="install" id="install">suEXEC ������ ��ġ</a></h2> | ||
4489 | 317 | |||
4490 | 318 | <p>���� ����ִ� ������ �����Ѵ�.</p> | ||
4491 | 319 | |||
4492 | 320 | <p><strong>suEXEC ���� �ɼ�</strong><br /> | ||
4493 | 321 | </p> | ||
4494 | 322 | |||
4495 | 323 | <dl> | ||
4496 | 324 | <dt><code>--enable-suexec</code></dt> | ||
4497 | 325 | |||
4498 | 326 | <dd>�� �ɼ��� �⺻������ ��ġ�ǰų� Ȱ��ȭ�����ʴ� suEXEC | ||
4499 | 327 | ����� Ȱ��ȭ�Ѵ�. APACI�� suEXEC�� �Ƶ��̷��� | ||
4500 | 328 | <code>--enable-suexec</code> �ɼǿܿ� | ||
4501 | 329 | <code>--with-suexec-xxxxx</code> �ɼ��� �ּ��� �Ѱ� | ||
4502 | 330 | �ʿ��ϴ�.</dd> | ||
4503 | 331 | |||
4504 | 332 | <dt><code>--with-suexec-bin=<em>PATH</em></code></dt> | ||
4505 | 333 | |||
4506 | 334 | <dd><code>suexec</code> ���̳ʸ� ��δ� ���Ȼ� ������ | ||
4507 | 335 | ������ ��ϵǾ� �Ѵ�. ��� �⺻���� �����Ϸ��� �� �ɼ��� | ||
4508 | 336 | ����Ѵ�. <em>���� ���</em> | ||
4509 | 337 | <code>--with-suexec-bin=/usr/sbin/suexec</code></dd> | ||
4510 | 338 | |||
4511 | 339 | <dt><code>--with-suexec-caller=<em>UID</em></code></dt> | ||
4512 | 340 | |||
4513 | 341 | <dd>���� ����ġ�� �����ϴ� <a href="mod/mpm_common.html#user">����ڸ�</a>. ���α��� | ||
4514 | 342 | ������ �� �ִ� ������ ����ڴ�.</dd> | ||
4515 | 343 | |||
4516 | 344 | <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt> | ||
4517 | 345 | |||
4518 | 346 | <dd>suEXEC ������ ���Ǵ� ����� Ȩ���丮�� �������丮�� | ||
4519 | 347 | �����Ѵ�. �� ���丮�� �ִ� ��� ���������� ������� | ||
4520 | 348 | suEXEC�� ����Ƿ�, ��� ���α��� "�����ؾ�" �Ѵ�. (���� | ||
4521 | 349 | ���, ���� "*"�� ����) "������" UserDir ���þ ����Ѵٸ� | ||
4522 | 350 | ���� ���� �����ؾ� �Ѵ�. UserDir ���þ passwd ���Ͽ� | ||
4523 | 351 | ���� ����� Ȩ���丮�� �ٸ��� suEXEC�� ���������� | ||
4524 | 352 | �۵����� �ʴ´�. �⺻���� "public_html"�̴�.<br /> | ||
4525 | 353 | ����ȣ��Ʈ���� ���� �ٸ� UserDir�� ����Ѵٸ� ��� �� | ||
4526 | 354 | �θ� ���丮 �ȿ� �ֵ��� �����ؾ� �ϰ�, �� �θ� ���丮���� | ||
4527 | 355 | ���� ���´�. <strong>�̷��� �������� ������, "~userdir" | ||
4528 | 356 | cgi ��û�� �۵����� �ʴ´�!</strong></dd> | ||
4529 | 357 | |||
4530 | 358 | <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt> | ||
4531 | 359 | |||
4532 | 360 | <dd>����ġ�� DocumentRoot�� �����Ѵ�. �̴� suEXEC�� ����� | ||
4533 | 361 | �� �ִ� (UserDirs�� ������) ������ �����̴�. �⺻ ���丮�� | ||
4534 | 362 | <code>--datadir</code> ���� "/htdocs"�� ���� ���̴�. | ||
4535 | 363 | <em>���� ���</em> "<code>--datadir=/home/apache</code>"�� | ||
4536 | 364 | �����ߴٸ� suEXEC wrapper�� document root�� | ||
4537 | 365 | "/home/apache/htdocs" ���丮�� ����Ѵ�.</dd> | ||
4538 | 366 | |||
4539 | 367 | <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt> | ||
4540 | 368 | |||
4541 | 369 | <dd>suEXEC���� ���������� ������� �ּ� UID�� �����Ѵ�. | ||
4542 | 370 | ��κ��� �ý��ۿ��� 500�̳� 100�� �����ϴ�. �⺻���� | ||
4543 | 371 | 100�̴�.</dd> | ||
4544 | 372 | |||
4545 | 373 | <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt> | ||
4546 | 374 | |||
4547 | 375 | <dd>suEXEC���� ���������� ���� �ּ� GID�� �����Ѵ�. | ||
4548 | 376 | ��κ��� �ý��ۿ��� 100�� �����ϹǷ� �� ���� �⺻���̴�.</dd> | ||
4549 | 377 | |||
4550 | 378 | <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt> | ||
4551 | 379 | |||
4552 | 380 | <dd>��� suEXEC �۵��� ������ (���ó� ����� ������ ������) | ||
4553 | 381 | ����� �α����ϸ��� �����Ѵ�. �⺻������ �α������� �̸��� | ||
4554 | 382 | "suexec_log"�̰� ǥ�� �α����� ���丮�� | ||
4555 | 383 | (<code>--logfiledir</code>) ��ġ�Ѵ�.</dd> | ||
4556 | 384 | |||
4557 | 385 | <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt> | ||
4558 | 386 | |||
4559 | 387 | <dd>CGI �������Ͽ� �Ѱ��� ������ PATH ȯ�溯���� �����Ѵ�. | ||
4560 | 388 | �⺻���� "/usr/local/bin:/usr/bin:/bin"�̴�.</dd> | ||
4561 | 389 | </dl> | ||
4562 | 390 | |||
4563 | 391 | <p><strong>suEXEC wrapper�� �������ϰ� ��ġ�ϱ�</strong><br /> | ||
4564 | 392 | <code>--enable-suexec</code> �ɼ����� suEXEC ����� �����ϰ��� | ||
4565 | 393 | ��� <code>make</code> ��ɾ �����ϸ� <code>suexec</code> | ||
4566 | 394 | ���������� (����ġ�� �Բ�) �ڵ����� ���������.<br /> | ||
4567 | 395 | ������ �������� �� <code>make install</code> ��ɾ | ||
4568 | 396 | �����Ͽ� ��ġ�� �� �ִ�. ���̳ʸ����� <code>suexec</code>�� | ||
4569 | 397 | <code>--sbindir</code> �ɼ����� ������ ���丮�� ��ġ�ȴ�. | ||
4570 | 398 | �⺻ ��ġ�� "/usr/local/apache2/sbin/suexec"�̴�.<br /> | ||
4571 | 399 | ��ġ ������ <strong><em>root ����</em></strong>�� �ʿ����� | ||
4572 | 400 | �����϶�. wrapper�� ����� ID�� �����ϱ����ؼ��� �����ڰ� | ||
4573 | 401 | <code><em>root</em></code>�̰� ���ϸ��� setuserid �����Ʈ�� | ||
4574 | 402 | �����Ǿ� �Ѵ�.</p> | ||
4575 | 403 | |||
4576 | 404 | <p><strong>���������� ���Ѽ���</strong><br /> | ||
4577 | 405 | suEXEC wrapper�� �ڽ��� ������ ����ڰ� ���� �ɼ� | ||
4578 | 406 | <code>--with-suexec-caller</code>�� ������ �ùٸ� ��������� | ||
4579 | 407 | Ȯ���� ������, �� �˻� ������ suEXEC�� ����ϴ� �ý���ȣ�� | ||
4580 | 408 | Ȥ�� ���̺귯�� �Լ��� ���۵Ǿ��� �� �ִ�. �̸� ����ϸ� | ||
4581 | 409 | �Ϲ������� ���� �����̹Ƿ� ���� ����ġ�� �����ϴ� �츸�� | ||
4582 | 410 | suEXEC�� ������ �� �ֵ��� ���Ͻý��� ������ �����ؾ� �Ѵ�.</p> | ||
4583 | 411 | |||
4584 | 412 | <p>���� ���, �������� ������ ���� �����ϰ�:</p> | ||
4585 | 413 | |||
4586 | 414 | <div class="example"><p><code> | ||
4587 | 415 | User www<br /> | ||
4588 | 416 | Group webgroup<br /> | ||
4589 | 417 | </code></p></div> | ||
4590 | 418 | |||
4591 | 419 | <p><code>suexec</code>�� "/usr/local/apache2/sbin/suexec"�� | ||
4592 | 420 | ��ġ�Ͽ��ٸ�, ������ �����ؾ� �Ѵ�:</p> | ||
4593 | 421 | |||
4594 | 422 | <div class="example"><p><code> | ||
4595 | 423 | chgrp webgroup /usr/local/apache2/bin/suexec<br /> | ||
4596 | 424 | chmod 4750 /usr/local/apache2/bin/suexec<br /> | ||
4597 | 425 | </code></p></div> | ||
4598 | 426 | |||
4599 | 427 | <p>���� ���� ����ġ�� �����ϴ� �츸�� suEXEC wrapper�� | ||
4600 | 428 | ������ �� �ִ�.</p> | ||
4601 | 429 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4602 | 430 | <div class="section"> | ||
4603 | 431 | <h2><a name="enable" id="enable">suEXEC �� ���</a></h2> | ||
4604 | 432 | |||
4605 | 433 | <p>����ġ�� �����Ҷ� <code>--sbindir</code> �ɼ����� ������ | ||
4606 | 434 | ���丮���� <code>suexec</code> ������ (�⺻�� | ||
4607 | 435 | "/usr/local/apache2/sbin/suexec") ã�´�. ����ġ�� | ||
4608 | 436 | ���������� ������ suEXEC wrapper�� �߰��ϸ� ���� �α�(error | ||
4609 | 437 | log)�� ������ ���� ����Ѵ�:</p> | ||
4610 | 438 | |||
4611 | 439 | <div class="example"><p><code> | ||
4612 | 440 | [notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>) | ||
4613 | 441 | </code></p></div> | ||
4614 | 442 | |||
4615 | 443 | <p>���� �����߿� �̷� ������ ���ٸ� ������ ����� ��ҿ��� | ||
4616 | 444 | wrapper ���α��� ã�� ���߰ų�, ���������� <em>setuid | ||
4617 | 445 | root</em>�� ��ġ�����ʾұ� ������ ���̴�.</p> | ||
4618 | 446 | |||
4619 | 447 | <p>ó������ suEXEC ����� ����ϰ� �Ͱ� �̹� ����ġ ������ | ||
4620 | 448 | �������̶��, ����ġ�� ���̰� �ٽ� �����ؾ� �Ѵ�. ������ | ||
4621 | 449 | HUP�̳� USR1 �ñ׳η� ������ϴ� �����δ� ������� �ʴ�. </p> | ||
4622 | 450 | <p>suEXEC�� �Ȼ���Ϸ��� <code>suexec</code> ������ ������ | ||
4623 | 451 | ����ġ�� ���̰� ������ؾ� �Ѵ�. </p> | ||
4624 | 452 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4625 | 453 | <div class="section"> | ||
4626 | 454 | <h2><a name="usage" id="usage">suEXEC ����ϱ�</a></h2> | ||
4627 | 455 | |||
4628 | 456 | <p>CGI ���α� ��û�� ��� <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> ���þ | ||
4629 | 457 | ����� ����ȣ��Ʈ�� ��û�� �Ͽ��ų� <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code>�� | ||
4630 | 458 | ��û�� ó���ϴ� ��쿡�� suEXEC wrapper�� ȣ���Ѵ�.</p> | ||
4631 | 459 | |||
4632 | 460 | <p><strong>����ȣ��Ʈ:</strong><br /> suEXEC wrapper�� | ||
4633 | 461 | ����ϴ� �Ѱ��� ����� <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> ���ǿ� <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> ���þ | ||
4634 | 462 | ����ϴ� ���̴�. �� ���þ �ּ��� ����� ID�� �ٸ��� | ||
4635 | 463 | �����ϸ� CGI �ڿ��� ��� ��û�� <code class="directive"><a href="./mod/core.html#virtualhost"><VirtualHost></a></code>���� | ||
4636 | 464 | ������ <em>User</em>�� <em>Group</em>���� ����ȴ�. �� | ||
4637 | 465 | ���þ���� <code class="directive"><a href="./mod/core.html#virtualhost"><VirtualHost></a></code>�� ������ �ּ��� | ||
4638 | 466 | userid�� ����Ѵ�.</p> | ||
4639 | 467 | |||
4640 | 468 | <p><strong>����� ���丮:</strong><br /> | ||
4641 | 469 | <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code>�� ��û�� ó���Ѵٸ� suEXEC | ||
4642 | 470 | wrapper�� ȣ���Ͽ�, ��û�� ����� ���丮�� �ش��ϴ� ����� | ||
4643 | 471 | ID�� CGI ���α��� �����Ѵ�. �� ����� �����Ϸ��� ����� | ||
4644 | 472 | ID�� CGI�� ������ �� �ְ� ��ũ��Ʈ�� ���� <a href="#model">���� | ||
4645 | 473 | �˻�</a> ���� �����ؾ� �Ѵ�. <a href="#install">���� | ||
4646 | 474 | �ɼ�</a> <code>--with-suexec-userdir</code>�� �����϶�.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4647 | 475 | <div class="section"> | ||
4648 | 476 | <h2><a name="debug" id="debug">suEXEC ������ϱ�</a></h2> | ||
4649 | 477 | |||
4650 | 478 | <p>suEXEC wrapper�� �α� ������ ������ �ٷ� | ||
4651 | 479 | <code>--with-suexec-logfile</code> �ɼ����� ������ ���Ͽ� | ||
4652 | 480 | ����. wrapper�� �ùٷ� �����ϰ� ��ġ�ߴٸ� ��� �߸��Ǿ����� | ||
4653 | 481 | �� �α����Ͽ� ������ error_log�� �������.</p> | ||
4654 | 482 | |||
4655 | 483 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4656 | 484 | <div class="section"> | ||
4657 | 485 | <h2><a name="jabberwock" id="jabberwock">�ٽ� �ѹ� �����϶�: ���� ����</a></h2> | ||
4658 | 486 | |||
4659 | 487 | <p><strong>����!</strong> �� ������ �������� ���� �� �ִ�. | ||
4660 | 488 | ����ġ���� <a href="http://httpd.apache.org/docs/2.4/suexec.html">�¶��� | ||
4661 | 489 | ����</a>���� �� ������ �ֽ����� �����϶�.</p> | ||
4662 | 490 | |||
4663 | 491 | <p>wrapper�� ���� ������ �����ϴ� ��� ��̷ο� ���� �ִ�. | ||
4664 | 492 | suEXEC�� ���õ� "����"�� �����ϱ� ���� �̵��� ���캸�� �ٶ���.</p> | ||
4665 | 493 | |||
4666 | 494 | <ul> | ||
4667 | 495 | <li><strong>suEXEC ���� ����</strong></li> | ||
4668 | 496 | |||
4669 | 497 | <li> | ||
4670 | 498 | ���丮 ���� ���� | ||
4671 | 499 | |||
4672 | 500 | <p class="indent"> | ||
4673 | 501 | ���Ȱ� ȿ������ ���� ��� suEXEC ��û�� ����ȣ��Ʈ�� | ||
4674 | 502 | ��� �ֻ��� document root Ȥ�� userdir ��û�� ��� | ||
4675 | 503 | �ֻ��� ���� document root �ȿ��� ���ؾ� �Ѵ�. ���� | ||
4676 | 504 | ���, ����ȣ��Ʈ �װ��� �����ߴٸ� ����ȣ��Ʈ���� | ||
4677 | 505 | suEXEC�� �̿��ϱ����� ����ȣ��Ʈ�� document root�� | ||
4678 | 506 | �� ����ġ ���� �������� �ۿ� ������ �ʿ䰡 �ִ�. | ||
4679 | 507 | (������ ������.) | ||
4680 | 508 | </p> | ||
4681 | 509 | </li> | ||
4682 | 510 | |||
4683 | 511 | <li> | ||
4684 | 512 | suEXEC�� PATH ȯ�溯�� | ||
4685 | 513 | |||
4686 | 514 | <p class="indent"> | ||
4687 | 515 | �����ϸ� ������ �� �ִ�. ��� �����ϴ� ��� ��ΰ� | ||
4688 | 516 | <strong>���� �� �ִ�</strong> ���丮���� Ȯ���϶�. | ||
4689 | 517 | �� �������� �������� �װ��� �ִ� Ʈ���̸� �����ϱ� | ||
4690 | 518 | ������ ���� ���̴�. | ||
4691 | 519 | </p> | ||
4692 | 520 | </li> | ||
4693 | 521 | |||
4694 | 522 | <li> | ||
4695 | 523 | suEXEC �ڵ� �����ϱ� | ||
4696 | 524 | |||
4697 | 525 | <p class="indent"> | ||
4698 | 526 | �ݺ��ؼ� ��������, ����� ������ �ϴ��� �� �õ��Ѵٸ� | ||
4699 | 527 | <strong>ū ����</strong>�� ���� �� �ִ�. � ��쿡�� | ||
4700 | 528 | ������������. | ||
4701 | 529 | </p> | ||
4702 | 530 | </li> | ||
4703 | 531 | </ul> | ||
4704 | 532 | |||
4705 | 533 | </div></div> | ||
4706 | 534 | <div class="bottomlang"> | ||
4707 | 535 | <p><span>������ ���: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English"> en </a> | | ||
4708 | 536 | <a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | | ||
4709 | 537 | <a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | | ||
4710 | 538 | <a href="./ko/suexec.html" title="Korean"> ko </a> | | ||
4711 | 539 | <a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> | ||
4712 | 540 | </div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> | ||
4713 | 541 | <script type="text/javascript"><!--//--><![CDATA[//><!-- | ||
4714 | 542 | var comments_shortname = 'httpd'; | ||
4715 | 543 | var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html'; | ||
4716 | 544 | (function(w, d) { | ||
4717 | 545 | if (w.location.hostname.toLowerCase() == "httpd.apache.org") { | ||
4718 | 546 | d.write('<div id="comments_thread"><\/div>'); | ||
4719 | 547 | var s = d.createElement('script'); | ||
4720 | 548 | s.type = 'text/javascript'; | ||
4721 | 549 | s.async = true; | ||
4722 | 550 | s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; | ||
4723 | 551 | (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); | ||
4724 | 552 | } | ||
4725 | 553 | else { | ||
4726 | 554 | d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); | ||
4727 | 555 | } | ||
4728 | 556 | })(window, document); | ||
4729 | 557 | //--><!]]></script></div><div id="footer"> | ||
4730 | 558 | <p class="apache">Copyright 2015 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> | ||
4731 | 559 | <p class="menu"><a href="./mod/">���</a> | <a href="./mod/directives.html">���þ��</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">���</a> | <a href="./sitemap.html">����Ʈ��</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- | ||
4732 | 560 | if (typeof(prettyPrint) !== 'undefined') { | ||
4733 | 561 | prettyPrint(); | ||
4734 | 562 | } | ||
4735 | 563 | //--><!]]></script> | ||
4736 | 564 | </body></html> | ||
4737 | 0 | \ No newline at end of file | 565 | \ No newline at end of file |
4738 | diff --git a/docs/manual/suexec.html.tr.utf8 b/docs/manual/suexec.html.tr.utf8 | |||
4739 | 1 | new file mode 100644 | 566 | new file mode 100644 |
4740 | index 0000000..b3f7ed3 | |||
4741 | --- /dev/null | |||
4742 | +++ b/docs/manual/suexec.html.tr.utf8 | |||
4743 | @@ -0,0 +1,583 @@ | |||
4744 | 1 | <?xml version="1.0" encoding="UTF-8"?> | ||
4745 | 2 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | ||
4746 | 3 | <html xmlns="http://www.w3.org/1999/xhtml" lang="tr" xml:lang="tr"><head> | ||
4747 | 4 | <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> | ||
4748 | 5 | <!-- | ||
4749 | 6 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
4750 | 7 | This file is generated from xml source: DO NOT EDIT | ||
4751 | 8 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
4752 | 9 | --> | ||
4753 | 10 | <title>SuEXEC Desteği - Apache HTTP Sunucusu Sürüm 2.4</title> | ||
4754 | 11 | <link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> | ||
4755 | 12 | <link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> | ||
4756 | 13 | <link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" /> | ||
4757 | 14 | <script src="./style/scripts/prettify.min.js" type="text/javascript"> | ||
4758 | 15 | </script> | ||
4759 | 16 | |||
4760 | 17 | <link href="./images/favicon.ico" rel="shortcut icon" /></head> | ||
4761 | 18 | <body id="manual-page"><div id="page-header"> | ||
4762 | 19 | <p class="menu"><a href="./mod/">Modüller</a> | <a href="./mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="./glossary.html">Terimler</a> | <a href="./sitemap.html">Site Haritası</a></p> | ||
4763 | 20 | <p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p> | ||
4764 | 21 | <img alt="" src="./images/feather.gif" /></div> | ||
4765 | 22 | <div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> | ||
4766 | 23 | <div id="path"> | ||
4767 | 24 | <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Sunucusu</a> > <a href="http://httpd.apache.org/docs/">Belgeleme</a> > <a href="./">Sürüm 2.4</a></div><div id="page-content"><div id="preamble"><h1>SuEXEC Desteği</h1> | ||
4768 | 25 | <div class="toplang"> | ||
4769 | 26 | <p><span>Mevcut Diller: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English"> en </a> | | ||
4770 | 27 | <a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | | ||
4771 | 28 | <a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | | ||
4772 | 29 | <a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | | ||
4773 | 30 | <a href="./tr/suexec.html" title="Türkçe"> tr </a></p> | ||
4774 | 31 | </div> | ||
4775 | 32 | |||
4776 | 33 | <p><strong>SuEXEC</strong> özelliği, Apache HTTP Sunucusu kullanıcılarına | ||
4777 | 34 | <strong>CGI</strong> ve <strong>SSI</strong> programlarını sunucunun | ||
4778 | 35 | aidiyetinde çalıştığı kullanıcıdan farklı bir kullanıcının aidiyetinde | ||
4779 | 36 | çalıştırma olanağı verir. Normalde, <strong>CGI</strong> ve | ||
4780 | 37 | <strong>SSI</strong> programlarını çalıştıranla sunucuyu çalıştıran | ||
4781 | 38 | aynı kullanıcıdır.</p> | ||
4782 | 39 | |||
4783 | 40 | <p>Gerektiği gibi kullanıldığında bu özellik, kullanıcılara | ||
4784 | 41 | <strong>CGI</strong> ve <strong>SSI</strong> programlarını çalıştırma | ||
4785 | 42 | ve geliştirmeye izin vermekle ortaya çıkan güvenlik risklerini azaltır. | ||
4786 | 43 | Bununla birlikte, <strong>suEXEC</strong> gerektiği gibi | ||
4787 | 44 | yapılandırılmadığı takdirde bazı sorunlara yol açabilir ve bilgisayar | ||
4788 | 45 | güvenliğinizde yeni delikler ortaya çıkmasına sebep olabilir. | ||
4789 | 46 | Güvenlikle ilgili mevcut sorunlarla başa çıkmada ve <em>setuid | ||
4790 | 47 | root</em> programları yönetmekte bilgi ve deneyim sahibi değilseniz | ||
4791 | 48 | <strong>suEXEC</strong> kullanmayı kesinlikle düşünmemenizi | ||
4792 | 49 | öneririz.</p> | ||
4793 | 50 | </div> | ||
4794 | 51 | <div id="quickview"><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">Başlamadan önce</a></li> | ||
4795 | 52 | <li><img alt="" src="./images/down.gif" /> <a href="#model">SuEXEC Güvenlik Modeli</a></li> | ||
4796 | 53 | <li><img alt="" src="./images/down.gif" /> <a href="#install">suEXEC’in Yapılandırılması ve Kurulumu</a></li> | ||
4797 | 54 | <li><img alt="" src="./images/down.gif" /> <a href="#enable">suEXEC’in etkin kılınması ve iptal edilmesi</a></li> | ||
4798 | 55 | <li><img alt="" src="./images/down.gif" /> <a href="#usage">SuEXEC’in kullanımı</a></li> | ||
4799 | 56 | <li><img alt="" src="./images/down.gif" /> <a href="#debug">SuEXEC ve hata ayıklama</a></li> | ||
4800 | 57 | <li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">Uyarılar ve Örnekler</a></li> | ||
4801 | 58 | </ul><ul class="seealso"><li><a href="#comments_section">Yorum</a></li></ul></div> | ||
4802 | 59 | <div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4803 | 60 | <div class="section"> | ||
4804 | 61 | <h2><a name="before" id="before">Başlamadan önce</a></h2> | ||
4805 | 62 | |||
4806 | 63 | <p>Belgeye balıklama dalmadan önce, suexec'i kullanacağınız ortam ve | ||
4807 | 64 | kendiniz hakkında yapılmış çeşitli kabuller hakkında bilgi sahibi | ||
4808 | 65 | olmalısınız.</p> | ||
4809 | 66 | |||
4810 | 67 | <p>Öncelikle, üzerinde <strong>setuid</strong> va <strong>setgid</strong> | ||
4811 | 68 | işlemlerinin yapılabildiği Unix türevi bir işletim sistemi | ||
4812 | 69 | kullandığınızı varsayıyoruz. Tüm komut örnekleri buna dayanarak | ||
4813 | 70 | verilmiştir. Bu desteğe sahip başka platformlar varsa onlardaki | ||
4814 | 71 | yapılandırma burada anlattığımız yapılandırmadan farklı olabilir.</p> | ||
4815 | 72 | |||
4816 | 73 | <p>İkinci olarak, bilgisayarınızın güvenliği ve yönetimi ile ilgili bazı | ||
4817 | 74 | temel kavramları bildiğinizi kabul ediyoruz. Buna | ||
4818 | 75 | <strong>setuid/setgid</strong> işlemlerinin sisteminiz ve güvenlik | ||
4819 | 76 | seviyesi üzerindeki etkilerini bilmek dahildir.</p> | ||
4820 | 77 | |||
4821 | 78 | <p>Üçüncü olarak, <strong>suEXEC</strong> kodunun | ||
4822 | 79 | <strong>değiştirilmemiş</strong> bir sürümünü kullandığınızı | ||
4823 | 80 | varsayıyoruz. Tüm suEXEC kodu, geliştiricilerin yanında sayısız beta | ||
4824 | 81 | kullanıcısı tarafından dikkatle incelenmiş ve denenmiştir. Kodların hem | ||
4825 | 82 | basit hem de sağlam bir şekilde güvenli olması için gerekli tüm | ||
4826 | 83 | önlemler alınmıştır. Bu kodun değiştirilmesi beklenmedik sorunlara ve | ||
4827 | 84 | yeni güvenlik risklerine yol açabilir. Özellikle güvenlikle ilgili | ||
4828 | 85 | programlarda deneyimli değilseniz suEXEC kodunda kesinlikle bir | ||
4829 | 86 | değişiklik yapmamalısınız. Değişiklik yaparsanız kodlarınızı gözden | ||
4830 | 87 | geçirmek ve tartışmak üzere Apache HTTP Sunucusu geliştirme ekibi ile | ||
4831 | 88 | paylaşmanızı öneririz.</p> | ||
4832 | 89 | |||
4833 | 90 | <p>Dördüncü ve son olarak, Apache HTTP Sunucusu geliştirme ekibinin | ||
4834 | 91 | suEXEC’i öntanımlı httpd kurulumunun bir parçası yapmama kararından | ||
4835 | 92 | bahsetmek gerekir. Bunun sonucu olarak, suEXEC yapılandırması sistem | ||
4836 | 93 | yöneticisinin ayrıntılı bir incelemesini gerektirir. Gerekli incelemeden | ||
4837 | 94 | sonra yönetici tarafından suEXEC yapılandırma seçeneklerine karar | ||
4838 | 95 | verilip, normal yollardan sisteme kurulumu yapılır. Bu seçeneklerin | ||
4839 | 96 | belirlenmesi, suEXEC işlevselliğinin kullanımı sırasında sistem | ||
4840 | 97 | güvenliğini gerektiği gibi sağlamak için yönetici tarafından dikkatle | ||
4841 | 98 | saptanmayı gerektirir. Bu sürecin ayrıntılarının yöneticiye bırakılma | ||
4842 | 99 | sebebi, suEXEC kurulumunu, suEXEC’i dikkatle kullanacak yeterliliğe sahip | ||
4843 | 100 | olanlarla sınırlama beklentimizdir.</p> | ||
4844 | 101 | |||
4845 | 102 | <p>Hala bizimle misiniz? Evet mi? Pekala, o halde devam!</p> | ||
4846 | 103 | </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> | ||
4847 | 104 | <div class="section"> | ||
4848 | 105 | <h2><a name="model" id="model">SuEXEC Güvenlik Modeli</a></h2> | ||
4849 | 106 | |||
4850 | 107 | <p>SuEXEC yapılandırması ve kurulumuna girişmeden önce biraz da | ||
4851 | 108 | gerçekleşmesini istediğiniz güvenlik modelinin ayrıntıları üzerinde | ||
4852 | 109 | duralım. Böylece, suEXEC’in içinde olup bitenleri ve sisteminizin | ||
4853 | 110 | güvenliği için alınacak önlemleri daha iyi anlayabilirsiniz.</p> | ||
4854 | 111 | |||
4855 | 112 | <p><strong>suEXEC</strong> işlevselliği, Apache HTTP Sunucusu tarafından | ||
4856 | 113 | gerektiği takdirde artalanda çalıştırılan bir setuid programa dayanır. | ||
4857 | 114 | Bu program, bir CGI veya SSI betiğine bir HTTP isteği yapıldığı zaman, | ||
4858 | 115 | bu betiği, yöneticinin ana sunucunun aidiyetinde çalıştığı kullanıcıdan | ||
4859 | 116 | farklı olarak seçtiği bir kullanıcının aidiyetinde çalıştırmak için | ||
4860 | 117 | çağrılır. Böyle bir istek geldiğinde, Apache httpd artalandaki setuid | ||
4861 | 118 | programına, HTTP isteği yapılan programın ismiyle beraber aidiyetinde | ||
4862 | 119 | çalışacağı kullanıcı ve grup kimliklerini de aktarır.</p> | ||
4863 | 120 | |||
4864 | 121 | <p>Artalanda çalıştırılan setuid program başarıyı ve başarısızlığı | ||
4865 | 122 | aşağıdaki süreci izleyerek saptar. Bunlardan herhangi biri başarısız | ||
4866 | 123 | olursa program başarısızlık durumunu günlüğe kaydeder ve bir hata | ||
4867 | 124 | vererek çıkar. Aksi takdirde çalışmaya devam eder.</p> | ||
4868 | 125 | |||
4869 | 126 | <ol> | ||
4870 | 127 | <li> | ||
4871 | 128 | <strong>Setuid programı çalıştıran kullanıcı sistemin geçerli | ||
4872 | 129 | kullanıcılarından biri mi?</strong> | ||
4873 | 130 | |||
4874 | 131 | <p class="indent">Bu, setuid programı çalıştıran kullanıcının | ||
4875 | 132 | sistemin gerçek bir kullanıcısı olduğunudan emin olunmasını sağlar. | ||
4876 | 133 | </p> | ||
4877 | 134 | </li> | ||
4878 | 135 | |||
4879 | 136 | <li> | ||
4880 | 137 | <strong>Setuid program yeterli sayıda argümanla çağrılmış mı? | ||
4881 | 138 | </strong> | ||
4882 | 139 | |||
4883 | 140 | <p class="indent">Apache HTTP Sunucusunun artalanda çağırdığı | ||
4884 | 141 | setuid program ancak yeterli sayıda argüman sağlandığı takdirde | ||
4885 | 142 | çalışacaktır. Argümanların sayısını ve sırasını Apache HTTP sunucusu | ||
4886 | 143 | bilir. Eğer setuid program yeterli sayıda argümanla çağrılmamışsa | ||
4887 | 144 | ya kendisinde bir değişiklik yapılmıştır ya da kurulu Apache httpd | ||
4888 | 145 | çalıştırılabilirinin suEXEC ile ilgili kısmında yanlış giden bir | ||
4889 | 146 | şeyler vardır.</p> | ||
4890 | 147 | </li> | ||
4891 | 148 | |||
4892 | 149 | <li> | ||
4893 | 150 | <strong>Bu geçerli kullanıcının bu setuid programı çalıştırma | ||
4894 | 151 | yetkisi var mı?</strong> | ||
4895 | 152 | |||
4896 | 153 | <p class="indent">Sadece tek bir kullanıcı (Apache’nin aidiyetinde | ||
4897 | 154 | çalıştığı kullanıcı) bu programı çalıştırmaya yetkilidir.</p> | ||
4898 | 155 | </li> | ||
4899 | 156 | |||
4900 | 157 | <li> | ||
4901 | 158 | <strong>Hedef CGI veya SSI programı hiyerarşik olarak güvenliği | ||
4902 | 159 | bozacak bir dosya yolu üzerinde mi?</strong> | ||
4903 | 160 | |||
4904 | 161 | <p class="indent">Hedef CGI veya SSI programının dosya yolu '/' veya | ||
4905 | 162 | '..' ile başlıyor mu? Buna izin verilmez. Hedef CGI veya SSI | ||
4906 | 163 | programı suEXEC’in belge kök dizininde yer almalıdır (aşağıda | ||
4907 | 164 | <code>--with-suexec-docroot=<em>DİZİN</em></code> seçeneğine | ||
4908 | 165 | bakınız).</p> | ||
4909 | 166 | </li> | ||
4910 | 167 | |||
4911 | 168 | <li> | ||
4912 | 169 | <strong>Hedef kullanıcı ismi geçerli mi?</strong> | ||
4913 | 170 | |||
4914 | 171 | <p class="indent">Hedef kullanıcı mevcut mu?</p> | ||
4915 | 172 | </li> | ||
4916 | 173 | |||
4917 | 174 | <li> | ||
4918 | 175 | <strong>Hedef grup ismi geçerli mi?</strong> | ||
4919 | 176 | |||
4920 | 177 | <p class="indent">Hedef grup mevcut mu?</p> | ||
4921 | 178 | </li> | ||
4922 | 179 | |||
4923 | 180 | <li> | ||
4924 | 181 | <strong>Hedef kullanıcı <code>root</code> değil, değil mi?</strong> | ||
4925 | 182 | |||
4926 | 183 | <p class="indent">Mevcut durumda, <code>root</code> kullanıcısının | ||
4927 | 184 | CGI/SSI programlarını çalıştırmasına izin verilmemektedir.</p> | ||
4928 | 185 | </li> | ||
4929 | 186 | |||
4930 | 187 | <li> | ||
4931 | 188 | <strong>Hedef kullanıcı kimliği asgari kullanıcı numarasından | ||
4932 | 189 | <em>BÜYÜK</em> mü?</strong> | ||
4933 | 190 | |||
4934 | 191 | <p class="indent">Asgari kullanıcı numarası yapılandırma sırasında | ||
4935 | 192 | belirtilir. Böylece CGI/SSI programlarını çalıştırmasına izin | ||
4936 | 193 | verilecek olası en düşük kullanıcı numarasını belirlemeniz mümkün | ||
4937 | 194 | kılınmıştır. Bu bazı “sistem” hesaplarını devreden çıkarmak için | ||
4938 | 195 | yararlıdır.</p> | ||
4939 | 196 | </li> | ||
4940 | 197 | |||
4941 | 198 | <li> | ||
4942 | 199 | <strong>Hedef grup <code>root</code> değil, değil mi?</strong> | ||
4943 | 200 | |||
4944 | 201 | <p class="indent"><code>root</code> grubunun CGI/SSI | ||
4945 | 202 | programlarını çalıştırmasına izin verilmemektedir.</p> | ||
4946 | 203 | </li> | ||
4947 | 204 | |||
4948 | 205 | <li> | ||
4949 | 206 | <strong>Hedef grup numarası asgari grup numarasından | ||
4950 | 207 | <em>BÜYÜK</em> mü?</strong> | ||
4951 | 208 | |||
4952 | 209 | <p class="indent">Asgari grup numarası yapılandırma sırasında | ||
4953 | 210 | belirtilir. Böylece CGI/SSI programlarını çalıştırmasına izin | ||
4954 | 211 | verilecek olası en düşük grup numarasını belirlemeniz mümkün | ||
4955 | 212 | kılınmıştır. Bu bazı “sistem” hesaplarını devreden çıkarmak için | ||
4956 | 213 | yararlıdır.</p> | ||
4957 | 214 | </li> | ||
4958 | 215 | |||
4959 | 216 | <li> | ||
4960 | 217 | <strong>Apache’nin artalanda çağırdığı setuid program hedef | ||
4961 | 218 | kullanıcı ve grubun aidiyetine geçebildi mi?</strong> | ||
4962 | 219 | |||
4963 | 220 | <p class="indent">Bu noktadan itibaren program setuid ve setgid | ||
4964 | 221 | çağrıları üzerinden hedef kullanıcı ve grubun aidiyetine geçer. | ||
4965 | 222 | Erişim grubu listesi de ayrıca kullanıcının üyesi olduğu tüm | ||
4966 | 223 | gruplara genişletilir.</p> | ||
4967 | 224 | </li> | ||
4968 | 225 | |||
4969 | 226 | <li> | ||
4970 | 227 | <strong>Hedef CGI/SSI programının bulunduğu dizine geçebildik mi? | ||
4971 | 228 | </strong> | ||
4972 | 229 | |||
4973 | 230 | <p class="indent">Dizin mevcut değilse dosyaları da içeremez. Hedef | ||
4974 | 231 | dizine geçemiyorsak bu, dizin mevcut olmadığından olabilir.</p> | ||
4975 | 232 | </li> | ||
4976 | 233 | |||
4977 | 234 | <li> | ||
4978 | 235 | <strong>Hedef dizin Apache için izin verilen yerlerden biri mi? | ||
4979 | 236 | </strong> | ||
4980 | 237 | |||
4981 | 238 | <p class="indent">İstek sunucunun normal bir bölümü için yapılmış | ||
4982 | 239 | olsa da istenen dizin acaba suEXEC’in belge kök dizini altında mı? | ||
4983 | 240 | Yani, istenen dizin, suEXEC’in aidiyetinde çalıştığı kullanıcının | ||
4984 | 241 | ev dizini altında bulunan, <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> ile belirtilen dizinin altında mı? (<a href="#install">suEXEC’in yapılandırma seçeneklerine</a> | ||
4985 | 242 | bakınız).</p> | ||
4986 | 243 | </li> | ||
4987 | 244 | |||
4988 | 245 | <li> | ||
4989 | 246 | <strong>Hedef dizin başkaları tarafından yazılabilen bir dizin değil, | ||
4990 | 247 | değil mi?</strong> | ||
4991 | 248 | |||
4992 | 249 | <p class="indent">Başkaları da yazabilsin diye bir dizin açmıyoruz; | ||
4993 | 250 | dizin içeriğini sadece sahibi değiştirebilmelidir.</p> | ||
4994 | 251 | </li> | ||
4995 | 252 | |||
4996 | 253 | <li> | ||
4997 | 254 | <strong>Hedef CGI/SSI programı mevcut mu?</strong> | ||
4998 | 255 | |||
4999 | 256 | <p class="indent">Mevcut değilse çalıştırılamaz.</p> | ||
5000 | 257 | </li> |
as in the Bionic merge +1 /code.launchpad .net/~ahasenack /ubuntu/ +source/ apache2/ +git/apache2/ +merge/ 347651
https:/