Merge ~ahasenack/ubuntu/+source/apache2:bionic-includeoptional-1766186 into ubuntu/+source/apache2:ubuntu/bionic-devel

Proposed by Andreas Hasenack on 2018-06-07
Status: Merged
Approved by: Christian Ehrhardt  on 2018-06-11
Approved revision: 4a4345b9ec249953077ac92ea875a7851f07b1bd
Merge reported by: Andreas Hasenack
Merged at revision: 4a4345b9ec249953077ac92ea875a7851f07b1bd
Proposed branch: ~ahasenack/ubuntu/+source/apache2:bionic-includeoptional-1766186
Merge into: ubuntu/+source/apache2:ubuntu/bionic-devel
Diff against target: 422423 lines (+414137/-0)
1365 files modified
debian/changelog (+8/-0)
debian/patches/includeoptional-ignore-non-existent.patch (+61/-0)
debian/patches/series (+1/-0)
docs/manual/style/latex/atbeginend.sty (+80/-0)
docs/manual/style/manualpage.dtd (+29/-0)
docs/manual/style/modulesynopsis.dtd (+85/-0)
docs/manual/style/scripts/MINIFY (+5/-0)
docs/manual/style/scripts/prettify.js (+1622/-0)
docs/manual/style/scripts/prettify.min.js (+123/-0)
docs/manual/style/sitemap.dtd (+42/-0)
docs/manual/style/version.ent (+24/-0)
docs/manual/suexec.html (+21/-0)
docs/manual/suexec.html.en (+643/-0)
docs/manual/suexec.html.fr (+689/-0)
docs/manual/suexec.html.ja.utf8 (+643/-0)
docs/manual/suexec.html.ko.euc-kr (+564/-0)
docs/manual/suexec.html.tr.utf8 (+583/-0)
docs/manual/upgrading.html (+9/-0)
docs/manual/upgrading.html.en (+530/-0)
docs/manual/upgrading.html.fr (+589/-0)
docs/manual/urlmapping.html (+21/-0)
docs/manual/urlmapping.html.en (+379/-0)
docs/manual/urlmapping.html.fr (+402/-0)
docs/manual/urlmapping.html.ja.utf8 (+318/-0)
docs/manual/urlmapping.html.ko.euc-kr (+277/-0)
docs/manual/urlmapping.html.tr.utf8 (+365/-0)
docs/manual/vhosts/details.html (+17/-0)
docs/manual/vhosts/details.html.en (+348/-0)
docs/manual/vhosts/details.html.fr (+369/-0)
docs/manual/vhosts/details.html.ko.euc-kr (+412/-0)
docs/manual/vhosts/details.html.tr.utf8 (+319/-0)
docs/manual/vhosts/examples.html (+21/-0)
docs/manual/vhosts/examples.html.en (+566/-0)
docs/manual/vhosts/examples.html.fr (+586/-0)
docs/manual/vhosts/examples.html.ja.utf8 (+680/-0)
docs/manual/vhosts/examples.html.ko.euc-kr (+657/-0)
docs/manual/vhosts/examples.html.tr.utf8 (+562/-0)
docs/manual/vhosts/fd-limits.html (+21/-0)
docs/manual/vhosts/fd-limits.html.en (+155/-0)
docs/manual/vhosts/fd-limits.html.fr (+167/-0)
docs/manual/vhosts/fd-limits.html.ja.utf8 (+157/-0)
docs/manual/vhosts/fd-limits.html.ko.euc-kr (+152/-0)
docs/manual/vhosts/fd-limits.html.tr.utf8 (+150/-0)
docs/manual/vhosts/index.html (+29/-0)
docs/manual/vhosts/index.html.de (+124/-0)
docs/manual/vhosts/index.html.en (+126/-0)
docs/manual/vhosts/index.html.fr (+127/-0)
docs/manual/vhosts/index.html.ja.utf8 (+120/-0)
docs/manual/vhosts/index.html.ko.euc-kr (+119/-0)
docs/manual/vhosts/index.html.tr.utf8 (+123/-0)
docs/manual/vhosts/index.html.zh-cn.utf8 (+105/-0)
docs/manual/vhosts/ip-based.html (+21/-0)
docs/manual/vhosts/ip-based.html.en (+210/-0)
docs/manual/vhosts/ip-based.html.fr (+213/-0)
docs/manual/vhosts/ip-based.html.ja.utf8 (+190/-0)
docs/manual/vhosts/ip-based.html.ko.euc-kr (+180/-0)
docs/manual/vhosts/ip-based.html.tr.utf8 (+211/-0)
docs/manual/vhosts/mass.html (+17/-0)
docs/manual/vhosts/mass.html.en (+337/-0)
docs/manual/vhosts/mass.html.fr (+352/-0)
docs/manual/vhosts/mass.html.ko.euc-kr (+453/-0)
docs/manual/vhosts/mass.html.tr.utf8 (+324/-0)
docs/manual/vhosts/name-based.html (+25/-0)
docs/manual/vhosts/name-based.html.de (+299/-0)
docs/manual/vhosts/name-based.html.en (+224/-0)
docs/manual/vhosts/name-based.html.fr (+267/-0)
docs/manual/vhosts/name-based.html.ja.utf8 (+303/-0)
docs/manual/vhosts/name-based.html.ko.euc-kr (+266/-0)
docs/manual/vhosts/name-based.html.tr.utf8 (+238/-0)
docs/server-status/README.md (+40/-0)
docs/server-status/server-status.lua (+1901/-0)
emacs-style (+12/-0)
httpd.dep (+68/-0)
httpd.dsp (+111/-0)
httpd.mak (+344/-0)
httpd.spec (+506/-0)
include/.indent.pro (+54/-0)
include/ap_compat.h (+30/-0)
include/ap_config.h (+206/-0)
include/ap_config_auto.h.in (+298/-0)
include/ap_config_layout.h.in (+64/-0)
include/ap_expr.h (+353/-0)
include/ap_hooks.h (+162/-0)
include/ap_listen.h (+163/-0)
include/ap_mmn.h (+538/-0)
include/ap_mpm.h (+235/-0)
include/ap_provider.h (+100/-0)
include/ap_regex.h (+248/-0)
include/ap_regkey.h (+219/-0)
include/ap_release.h (+83/-0)
include/ap_slotmem.h (+199/-0)
include/ap_socache.h (+230/-0)
include/apache_noprobes.h (+344/-0)
include/heartbeat.h (+60/-0)
include/http_config.h (+1379/-0)
include/http_connection.h (+168/-0)
include/http_core.h (+1049/-0)
include/http_log.h (+836/-0)
include/http_main.h (+88/-0)
include/http_protocol.h (+1021/-0)
include/http_request.h (+630/-0)
include/http_vhost.h (+119/-0)
include/httpd.h (+2403/-0)
include/mod_auth.h (+141/-0)
include/mod_core.h (+103/-0)
include/mod_request.h (+64/-0)
include/mpm_common.h (+470/-0)
include/scoreboard.h (+244/-0)
include/util_cfgtree.h (+98/-0)
include/util_charset.h (+72/-0)
include/util_cookies.h (+146/-0)
include/util_ebcdic.h (+92/-0)
include/util_fcgi.h (+280/-0)
include/util_filter.h (+639/-0)
include/util_ldap.h (+398/-0)
include/util_md5.h (+72/-0)
include/util_mutex.h (+223/-0)
include/util_script.h (+233/-0)
include/util_time.h (+117/-0)
include/util_varbuf.h (+197/-0)
include/util_xml.h (+51/-0)
libhttpd.dep (+2421/-0)
libhttpd.dsp (+842/-0)
libhttpd.mak (+1354/-0)
modules/Makefile.in (+6/-0)
modules/NWGNUmakefile (+121/-0)
modules/README (+67/-0)
modules/aaa/.indent.pro (+54/-0)
modules/aaa/Makefile.in (+3/-0)
modules/aaa/NWGNUaccesscompat (+248/-0)
modules/aaa/NWGNUallowmethods (+248/-0)
modules/aaa/NWGNUauthbasc (+248/-0)
modules/aaa/NWGNUauthdigt (+248/-0)
modules/aaa/NWGNUauthform (+250/-0)
modules/aaa/NWGNUauthnano (+248/-0)
modules/aaa/NWGNUauthndbd (+249/-0)
modules/aaa/NWGNUauthndbm (+248/-0)
modules/aaa/NWGNUauthnfil (+248/-0)
modules/aaa/NWGNUauthnsocache (+248/-0)
modules/aaa/NWGNUauthnzldap (+264/-0)
modules/aaa/NWGNUauthzdbd (+249/-0)
modules/aaa/NWGNUauthzdbm (+248/-0)
modules/aaa/NWGNUauthzgrp (+247/-0)
modules/aaa/NWGNUauthzusr (+247/-0)
modules/aaa/NWGNUmakefile (+270/-0)
modules/aaa/config.m4 (+84/-0)
modules/aaa/mod_access_compat.c (+374/-0)
modules/aaa/mod_access_compat.dep (+59/-0)
modules/aaa/mod_access_compat.dsp (+111/-0)
modules/aaa/mod_access_compat.mak (+353/-0)
modules/aaa/mod_allowmethods.c (+158/-0)
modules/aaa/mod_allowmethods.dep (+56/-0)
modules/aaa/mod_allowmethods.dsp (+111/-0)
modules/aaa/mod_allowmethods.mak (+353/-0)
modules/aaa/mod_auth_basic.c (+512/-0)
modules/aaa/mod_auth_basic.dep (+63/-0)
modules/aaa/mod_auth_basic.dsp (+111/-0)
modules/aaa/mod_auth_basic.mak (+353/-0)
modules/aaa/mod_auth_digest.c (+2115/-0)
modules/aaa/mod_auth_digest.dep (+68/-0)
modules/aaa/mod_auth_digest.dsp (+111/-0)
modules/aaa/mod_auth_digest.mak (+353/-0)
modules/aaa/mod_auth_form.c (+1333/-0)
modules/aaa/mod_auth_form.dep (+66/-0)
modules/aaa/mod_auth_form.dsp (+111/-0)
modules/aaa/mod_auth_form.mak (+353/-0)
modules/aaa/mod_authn_anon.c (+215/-0)
modules/aaa/mod_authn_anon.dep (+58/-0)
modules/aaa/mod_authn_anon.dsp (+111/-0)
modules/aaa/mod_authn_anon.mak (+381/-0)
modules/aaa/mod_authn_core.c (+386/-0)
modules/aaa/mod_authn_core.dep (+58/-0)
modules/aaa/mod_authn_core.dsp (+111/-0)
modules/aaa/mod_authn_core.mak (+381/-0)
modules/aaa/mod_authn_dbd.c (+309/-0)
modules/aaa/mod_authn_dbd.dep (+56/-0)
modules/aaa/mod_authn_dbd.dsp (+115/-0)
modules/aaa/mod_authn_dbd.mak (+409/-0)
modules/aaa/mod_authn_dbm.c (+208/-0)
modules/aaa/mod_authn_dbm.dep (+61/-0)
modules/aaa/mod_authn_dbm.dsp (+111/-0)
modules/aaa/mod_authn_dbm.mak (+381/-0)
modules/aaa/mod_authn_file.c (+194/-0)
modules/aaa/mod_authn_file.dep (+60/-0)
modules/aaa/mod_authn_file.dsp (+111/-0)
modules/aaa/mod_authn_file.mak (+381/-0)
modules/aaa/mod_authn_socache.c (+475/-0)
modules/aaa/mod_authn_socache.dep (+62/-0)
modules/aaa/mod_authn_socache.dsp (+111/-0)
modules/aaa/mod_authn_socache.mak (+353/-0)
modules/aaa/mod_authnz_fcgi.c (+1363/-0)
modules/aaa/mod_authnz_fcgi.dep (+61/-0)
modules/aaa/mod_authnz_fcgi.dsp (+119/-0)
modules/aaa/mod_authnz_fcgi.mak (+353/-0)
modules/aaa/mod_authnz_ldap.c (+1958/-0)
modules/aaa/mod_authnz_ldap.dep (+70/-0)
modules/aaa/mod_authnz_ldap.dsp (+111/-0)
modules/aaa/mod_authnz_ldap.mak (+381/-0)
modules/aaa/mod_authz_core.c (+1164/-0)
modules/aaa/mod_authz_core.dep (+60/-0)
modules/aaa/mod_authz_core.dsp (+111/-0)
modules/aaa/mod_authz_core.mak (+381/-0)
modules/aaa/mod_authz_dbd.c (+409/-0)
modules/aaa/mod_authz_dbd.dep (+61/-0)
modules/aaa/mod_authz_dbd.dsp (+119/-0)
modules/aaa/mod_authz_dbd.h (+44/-0)
modules/aaa/mod_authz_dbd.mak (+409/-0)
modules/aaa/mod_authz_dbm.c (+336/-0)
modules/aaa/mod_authz_dbm.dep (+62/-0)
modules/aaa/mod_authz_dbm.dsp (+111/-0)
modules/aaa/mod_authz_dbm.mak (+381/-0)
modules/aaa/mod_authz_groupfile.c (+331/-0)
modules/aaa/mod_authz_groupfile.dep (+61/-0)
modules/aaa/mod_authz_groupfile.dsp (+111/-0)
modules/aaa/mod_authz_groupfile.mak (+381/-0)
modules/aaa/mod_authz_host.c (+389/-0)
modules/aaa/mod_authz_host.dep (+60/-0)
modules/aaa/mod_authz_host.dsp (+111/-0)
modules/aaa/mod_authz_host.mak (+381/-0)
modules/aaa/mod_authz_owner.c (+189/-0)
modules/aaa/mod_authz_owner.dep (+59/-0)
modules/aaa/mod_authz_owner.dsp (+111/-0)
modules/aaa/mod_authz_owner.h (+27/-0)
modules/aaa/mod_authz_owner.mak (+381/-0)
modules/aaa/mod_authz_user.c (+146/-0)
modules/aaa/mod_authz_user.dep (+58/-0)
modules/aaa/mod_authz_user.dsp (+111/-0)
modules/aaa/mod_authz_user.mak (+381/-0)
modules/arch/netware/libprews.c (+79/-0)
modules/arch/netware/mod_netware.c (+206/-0)
modules/arch/netware/mod_nw_ssl.c (+1285/-0)
modules/arch/unix/Makefile.in (+3/-0)
modules/arch/unix/config5.m4 (+24/-0)
modules/arch/unix/mod_privileges.c (+588/-0)
modules/arch/unix/mod_unixd.c (+426/-0)
modules/arch/unix/mod_unixd.h (+41/-0)
modules/arch/win32/Makefile.in (+3/-0)
modules/arch/win32/config.m4 (+9/-0)
modules/arch/win32/mod_isapi.c (+1727/-0)
modules/arch/win32/mod_isapi.dep (+61/-0)
modules/arch/win32/mod_isapi.dsp (+115/-0)
modules/arch/win32/mod_isapi.h (+271/-0)
modules/arch/win32/mod_isapi.mak (+353/-0)
modules/arch/win32/mod_win32.c (+563/-0)
modules/cache/.indent.pro (+54/-0)
modules/cache/Makefile.in (+3/-0)
modules/cache/NWGNUcach_dsk (+262/-0)
modules/cache/NWGNUcach_socache (+263/-0)
modules/cache/NWGNUmakefile (+250/-0)
modules/cache/NWGNUmod_cach (+265/-0)
modules/cache/NWGNUsocachdbm (+261/-0)
modules/cache/NWGNUsocachmem (+261/-0)
modules/cache/NWGNUsocachshmcb (+261/-0)
modules/cache/cache_common.h (+56/-0)
modules/cache/cache_disk_common.h (+68/-0)
modules/cache/cache_socache_common.h (+57/-0)
modules/cache/cache_storage.c (+791/-0)
modules/cache/cache_storage.h (+76/-0)
modules/cache/cache_util.c (+1344/-0)
modules/cache/cache_util.h (+341/-0)
modules/cache/config.m4 (+142/-0)
modules/cache/mod_cache.c (+2717/-0)
modules/cache/mod_cache.dep (+194/-0)
modules/cache/mod_cache.dsp (+131/-0)
modules/cache/mod_cache.h (+192/-0)
modules/cache/mod_cache.mak (+370/-0)
modules/cache/mod_cache_disk.c (+1584/-0)
modules/cache/mod_cache_disk.dep (+59/-0)
modules/cache/mod_cache_disk.dsp (+115/-0)
modules/cache/mod_cache_disk.h (+91/-0)
modules/cache/mod_cache_disk.mak (+381/-0)
modules/cache/mod_cache_socache.c (+1542/-0)
modules/cache/mod_cache_socache.dep (+67/-0)
modules/cache/mod_cache_socache.dsp (+115/-0)
modules/cache/mod_cache_socache.mak (+381/-0)
modules/cache/mod_file_cache.c (+414/-0)
modules/cache/mod_file_cache.dep (+56/-0)
modules/cache/mod_file_cache.dsp (+111/-0)
modules/cache/mod_file_cache.exp (+1/-0)
modules/cache/mod_file_cache.mak (+353/-0)
modules/cache/mod_socache_dbm.c (+595/-0)
modules/cache/mod_socache_dbm.dep (+60/-0)
modules/cache/mod_socache_dbm.dsp (+111/-0)
modules/cache/mod_socache_dbm.mak (+353/-0)
modules/cache/mod_socache_dc.c (+198/-0)
modules/cache/mod_socache_dc.dep (+55/-0)
modules/cache/mod_socache_dc.dsp (+111/-0)
modules/cache/mod_socache_dc.mak (+353/-0)
modules/cache/mod_socache_memcache.c (+431/-0)
modules/cache/mod_socache_memcache.dep (+59/-0)
modules/cache/mod_socache_memcache.dsp (+111/-0)
modules/cache/mod_socache_memcache.mak (+353/-0)
modules/cache/mod_socache_shmcb.c (+1072/-0)
modules/cache/mod_socache_shmcb.dep (+56/-0)
modules/cache/mod_socache_shmcb.dsp (+111/-0)
modules/cache/mod_socache_shmcb.mak (+353/-0)
modules/cluster/Makefile.in (+3/-0)
modules/cluster/NWGNUmakefile (+246/-0)
modules/cluster/NWGNUmodheartbeat (+257/-0)
modules/cluster/NWGNUmodheartmonitor (+257/-0)
modules/cluster/README.heartbeat (+33/-0)
modules/cluster/README.heartmonitor (+30/-0)
modules/cluster/config5.m4 (+17/-0)
modules/cluster/mod_heartbeat.c (+228/-0)
modules/cluster/mod_heartbeat.dep (+55/-0)
modules/cluster/mod_heartbeat.dsp (+123/-0)
modules/cluster/mod_heartbeat.mak (+380/-0)
modules/cluster/mod_heartmonitor.c (+918/-0)
modules/cluster/mod_heartmonitor.dep (+63/-0)
modules/cluster/mod_heartmonitor.dsp (+123/-0)
modules/cluster/mod_heartmonitor.mak (+380/-0)
modules/config7.m4 (+56/-0)
modules/core/Makefile.in (+3/-0)
modules/core/NWGNUmakefile (+257/-0)
modules/core/config.m4 (+60/-0)
modules/core/mod_macro.c (+955/-0)
modules/core/mod_macro.dep (+45/-0)
modules/core/mod_macro.dsp (+111/-0)
modules/core/mod_macro.mak (+353/-0)
modules/core/mod_so.c (+442/-0)
modules/core/mod_so.h (+38/-0)
modules/core/mod_watchdog.c (+723/-0)
modules/core/mod_watchdog.dep (+59/-0)
modules/core/mod_watchdog.dsp (+115/-0)
modules/core/mod_watchdog.h (+213/-0)
modules/core/mod_watchdog.mak (+353/-0)
modules/core/test/Makefile (+67/-0)
modules/core/test/conf/inc63_1.conf (+5/-0)
modules/core/test/conf/inc63_2.conf (+3/-0)
modules/core/test/conf/test01.conf (+3/-0)
modules/core/test/conf/test02.conf (+3/-0)
modules/core/test/conf/test03.conf (+5/-0)
modules/core/test/conf/test04.conf (+5/-0)
modules/core/test/conf/test05.conf (+5/-0)
modules/core/test/conf/test06.conf (+6/-0)
modules/core/test/conf/test07.conf (+3/-0)
modules/core/test/conf/test08.conf (+3/-0)
modules/core/test/conf/test09.conf (+6/-0)
modules/core/test/conf/test10.conf (+10/-0)
modules/core/test/conf/test11.conf (+15/-0)
modules/core/test/conf/test12.conf (+12/-0)
modules/core/test/conf/test13.conf (+18/-0)
modules/core/test/conf/test14.conf (+23/-0)
modules/core/test/conf/test15.conf (+9/-0)
modules/core/test/conf/test16.conf (+11/-0)
modules/core/test/conf/test17.conf (+10/-0)
modules/core/test/conf/test18.conf (+10/-0)
modules/core/test/conf/test19.conf (+26/-0)
modules/core/test/conf/test20.conf (+11/-0)
modules/core/test/conf/test21.conf (+11/-0)
modules/core/test/conf/test22.conf (+11/-0)
modules/core/test/conf/test23.conf (+15/-0)
modules/core/test/conf/test24.conf (+23/-0)
modules/core/test/conf/test25.conf (+27/-0)
modules/core/test/conf/test26.conf (+19/-0)
modules/core/test/conf/test27.conf (+22/-0)
modules/core/test/conf/test28.conf (+13/-0)
modules/core/test/conf/test29.conf (+10/-0)
modules/core/test/conf/test30.conf (+12/-0)
modules/core/test/conf/test31.conf (+16/-0)
modules/core/test/conf/test32.conf (+7/-0)
modules/core/test/conf/test33.conf (+3/-0)
modules/core/test/conf/test34.conf (+14/-0)
modules/core/test/conf/test35.conf (+10/-0)
modules/core/test/conf/test36.conf (+12/-0)
modules/core/test/conf/test37.conf (+7/-0)
modules/core/test/conf/test38.conf (+10/-0)
modules/core/test/conf/test39.conf (+23/-0)
modules/core/test/conf/test40.conf (+33/-0)
modules/core/test/conf/test41.conf (+20/-0)
modules/core/test/conf/test42.conf (+13/-0)
modules/core/test/conf/test43.conf (+29/-0)
modules/core/test/conf/test44.conf (+19/-0)
modules/core/test/conf/test45.conf (+7/-0)
modules/core/test/conf/test46.conf (+11/-0)
modules/core/test/conf/test47.conf (+15/-0)
modules/core/test/conf/test48.conf (+23/-0)
modules/core/test/conf/test49.conf (+2/-0)
modules/core/test/conf/test50.conf (+5/-0)
modules/core/test/conf/test51.conf (+9/-0)
modules/core/test/conf/test52.conf (+8/-0)
modules/core/test/conf/test53.conf (+2/-0)
modules/core/test/conf/test54.conf (+6/-0)
modules/core/test/conf/test55.conf (+11/-0)
modules/core/test/conf/test56.conf (+18/-0)
modules/core/test/conf/test57.conf (+4/-0)
modules/core/test/conf/test58.conf (+4/-0)
modules/core/test/conf/test59.conf (+4/-0)
modules/core/test/conf/test60.conf (+17/-0)
modules/core/test/conf/test61.conf (+18/-0)
modules/core/test/conf/test62.conf (+25/-0)
modules/core/test/conf/test63.conf (+9/-0)
modules/core/test/conf/test64.conf (+5/-0)
modules/core/test/conf/test65.conf (+11/-0)
modules/core/test/conf/test66.conf (+7/-0)
modules/core/test/conf/test67.conf (+1/-0)
modules/core/test/conf/test68.conf (+5/-0)
modules/core/test/conf/test69.conf (+14/-0)
modules/core/test/ref/test01.out (+3/-0)
modules/core/test/ref/test02.out (+3/-0)
modules/core/test/ref/test03.out (+3/-0)
modules/core/test/ref/test04.out (+3/-0)
modules/core/test/ref/test05.out (+3/-0)
modules/core/test/ref/test06.out (+3/-0)
modules/core/test/ref/test07.out (+3/-0)
modules/core/test/ref/test08.out (+3/-0)
modules/core/test/ref/test09.out (+3/-0)
modules/core/test/ref/test10.out (+3/-0)
modules/core/test/ref/test11.out (+6/-0)
modules/core/test/ref/test12.out (+7/-0)
modules/core/test/ref/test13.out (+8/-0)
modules/core/test/ref/test14.out (+14/-0)
modules/core/test/ref/test15.out (+6/-0)
modules/core/test/ref/test16.out (+5/-0)
modules/core/test/ref/test17.out (+7/-0)
modules/core/test/ref/test18.out (+7/-0)
modules/core/test/ref/test19.out (+9/-0)
modules/core/test/ref/test20.out (+4/-0)
modules/core/test/ref/test21.out (+5/-0)
modules/core/test/ref/test22.out (+6/-0)
modules/core/test/ref/test23.out (+7/-0)
modules/core/test/ref/test24.out (+8/-0)
modules/core/test/ref/test25.out (+9/-0)
modules/core/test/ref/test26.out (+11/-0)
modules/core/test/ref/test27.out (+8/-0)
modules/core/test/ref/test28.out (+6/-0)
modules/core/test/ref/test29.out (+4/-0)
modules/core/test/ref/test30.out (+7/-0)
modules/core/test/ref/test31.out (+23/-0)
modules/core/test/ref/test32.out (+3/-0)
modules/core/test/ref/test33.out (+3/-0)
modules/core/test/ref/test34.out (+13/-0)
modules/core/test/ref/test35.out (+13/-0)
modules/core/test/ref/test36.out (+20/-0)
modules/core/test/ref/test37.out (+3/-0)
modules/core/test/ref/test38.out (+6/-0)
modules/core/test/ref/test39.out (+7/-0)
modules/core/test/ref/test40.out (+18/-0)
modules/core/test/ref/test41.out (+9/-0)
modules/core/test/ref/test42.out (+15/-0)
modules/core/test/ref/test43.out (+8/-0)
modules/core/test/ref/test44.out (+5/-0)
modules/core/test/ref/test45.out (+19/-0)
modules/core/test/ref/test46.out (+9/-0)
modules/core/test/ref/test47.out (+8/-0)
modules/core/test/ref/test48.out (+20/-0)
modules/core/test/ref/test49.out (+3/-0)
modules/core/test/ref/test50.out (+3/-0)
modules/core/test/ref/test51.out (+3/-0)
modules/core/test/ref/test52.out (+6/-0)
modules/core/test/ref/test53.out (+3/-0)
modules/core/test/ref/test54.out (+6/-0)
modules/core/test/ref/test55.out (+8/-0)
modules/core/test/ref/test56.out (+12/-0)
modules/core/test/ref/test57.out (+3/-0)
modules/core/test/ref/test58.out (+3/-0)
modules/core/test/ref/test59.out (+3/-0)
modules/core/test/ref/test60.out (+15/-0)
modules/core/test/ref/test61.out (+9/-0)
modules/core/test/ref/test62.out (+15/-0)
modules/core/test/ref/test63.out (+10/-0)
modules/core/test/ref/test64.out (+7/-0)
modules/core/test/ref/test65.out (+7/-0)
modules/core/test/ref/test66.out (+7/-0)
modules/core/test/ref/test67.out (+5/-0)
modules/core/test/ref/test68.out (+6/-0)
modules/core/test/ref/test69.out (+10/-0)
modules/database/Makefile.in (+3/-0)
modules/database/NWGNUmakefile (+262/-0)
modules/database/config.m4 (+8/-0)
modules/database/mod_dbd.c (+992/-0)
modules/database/mod_dbd.dep (+58/-0)
modules/database/mod_dbd.dsp (+115/-0)
modules/database/mod_dbd.h (+123/-0)
modules/database/mod_dbd.mak (+353/-0)
modules/dav/fs/Makefile.in (+3/-0)
modules/dav/fs/NWGNUmakefile (+269/-0)
modules/dav/fs/config6.m4 (+23/-0)
modules/dav/fs/dbm.c (+771/-0)
modules/dav/fs/lock.c (+1445/-0)
modules/dav/fs/mod_dav_fs.c (+108/-0)
modules/dav/fs/mod_dav_fs.dep (+203/-0)
modules/dav/fs/mod_dav_fs.dsp (+135/-0)
modules/dav/fs/mod_dav_fs.mak (+407/-0)
modules/dav/fs/repos.c (+2254/-0)
modules/dav/fs/repos.h (+84/-0)
modules/dav/lock/Makefile.in (+3/-0)
modules/dav/lock/NWGNUmakefile (+259/-0)
modules/dav/lock/config6.m4 (+17/-0)
modules/dav/lock/locks.c (+1211/-0)
modules/dav/lock/locks.h (+33/-0)
modules/dav/lock/mod_dav_lock.c (+104/-0)
modules/dav/lock/mod_dav_lock.dep (+100/-0)
modules/dav/lock/mod_dav_lock.dsp (+127/-0)
modules/dav/lock/mod_dav_lock.mak (+389/-0)
modules/dav/main/Makefile.in (+3/-0)
modules/dav/main/NWGNUmakefile (+268/-0)
modules/dav/main/config5.m4 (+21/-0)
modules/dav/main/liveprop.c (+140/-0)
modules/dav/main/mod_dav.c (+4946/-0)
modules/dav/main/mod_dav.dep (+354/-0)
modules/dav/main/mod_dav.dsp (+147/-0)
modules/dav/main/mod_dav.h (+2553/-0)
modules/dav/main/mod_dav.mak (+406/-0)
modules/dav/main/props.c (+1125/-0)
modules/dav/main/providers.c (+58/-0)
modules/dav/main/std_liveprop.c (+226/-0)
modules/dav/main/util.c (+2152/-0)
modules/dav/main/util_lock.c (+798/-0)
modules/debugging/Makefile.in (+3/-0)
modules/debugging/NWGNUmakefile (+246/-0)
modules/debugging/NWGNUmodbucketeer (+248/-0)
modules/debugging/NWGNUmoddumpio (+248/-0)
modules/debugging/README (+1/-0)
modules/debugging/config.m4 (+7/-0)
modules/debugging/mod_bucketeer.c (+187/-0)
modules/debugging/mod_bucketeer.dep (+53/-0)
modules/debugging/mod_bucketeer.dsp (+111/-0)
modules/debugging/mod_bucketeer.mak (+353/-0)
modules/debugging/mod_dumpio.c (+250/-0)
modules/debugging/mod_dumpio.dep (+50/-0)
modules/debugging/mod_dumpio.dsp (+111/-0)
modules/debugging/mod_dumpio.mak (+353/-0)
modules/echo/.indent.pro (+54/-0)
modules/echo/Makefile.in (+3/-0)
modules/echo/NWGNUmakefile (+257/-0)
modules/echo/config.m4 (+9/-0)
modules/echo/mod_echo.c (+218/-0)
modules/echo/mod_echo.dep (+56/-0)
modules/echo/mod_echo.dsp (+111/-0)
modules/echo/mod_echo.mak (+353/-0)
modules/examples/Makefile.in (+3/-0)
modules/examples/NWGNUcase_flt (+256/-0)
modules/examples/NWGNUcase_flt_in (+256/-0)
modules/examples/NWGNUexample_hooks (+257/-0)
modules/examples/NWGNUexample_ipc (+257/-0)
modules/examples/NWGNUmakefile (+257/-0)
modules/examples/README (+54/-0)
modules/examples/config.m4 (+9/-0)
modules/examples/mod_case_filter.c (+139/-0)
modules/examples/mod_case_filter.dep (+46/-0)
modules/examples/mod_case_filter.dsp (+111/-0)
modules/examples/mod_case_filter.mak (+353/-0)
modules/examples/mod_case_filter_in.c (+160/-0)
modules/examples/mod_case_filter_in.dep (+46/-0)
modules/examples/mod_case_filter_in.dsp (+111/-0)
modules/examples/mod_case_filter_in.mak (+353/-0)
modules/examples/mod_example_hooks.c (+1534/-0)
modules/examples/mod_example_hooks.dep (+62/-0)
modules/examples/mod_example_hooks.dsp (+111/-0)
modules/examples/mod_example_hooks.mak (+353/-0)
modules/examples/mod_example_ipc.c (+356/-0)
modules/examples/mod_example_ipc.dep (+56/-0)
modules/examples/mod_example_ipc.dsp (+111/-0)
modules/examples/mod_example_ipc.mak (+353/-0)
modules/experimental/.indent.pro (+54/-0)
modules/experimental/Makefile.in (+3/-0)
modules/experimental/NWGNUmakefile (+253/-0)
modules/experimental/config.m4 (+4/-0)
modules/filters/.indent.pro (+54/-0)
modules/filters/Makefile.in (+3/-0)
modules/filters/NWGNUcharsetl (+257/-0)
modules/filters/NWGNUdeflate (+279/-0)
modules/filters/NWGNUextfiltr (+248/-0)
modules/filters/NWGNUmakefile (+273/-0)
modules/filters/NWGNUmod_data (+248/-0)
modules/filters/NWGNUmod_filter (+248/-0)
modules/filters/NWGNUmod_request (+248/-0)
modules/filters/NWGNUmodbuffer (+256/-0)
modules/filters/NWGNUmodsed (+259/-0)
modules/filters/NWGNUproxyhtml (+261/-0)
modules/filters/NWGNUratelimit (+256/-0)
modules/filters/NWGNUreflector (+256/-0)
modules/filters/NWGNUreqtimeout (+256/-0)
modules/filters/NWGNUsubstitute (+256/-0)
modules/filters/NWGNUxml2enc (+258/-0)
modules/filters/config.m4 (+197/-0)
modules/filters/libsed.h (+172/-0)
modules/filters/mod_brotli.c (+592/-0)
modules/filters/mod_brotli.dep (+45/-0)
modules/filters/mod_brotli.dsp (+111/-0)
modules/filters/mod_brotli.mak (+353/-0)
modules/filters/mod_buffer.c (+353/-0)
modules/filters/mod_buffer.dep (+48/-0)
modules/filters/mod_buffer.dsp (+111/-0)
modules/filters/mod_buffer.mak (+353/-0)
modules/filters/mod_charset_lite.c (+1142/-0)
modules/filters/mod_charset_lite.dep (+60/-0)
modules/filters/mod_charset_lite.dsp (+111/-0)
modules/filters/mod_charset_lite.exp (+1/-0)
modules/filters/mod_charset_lite.mak (+353/-0)
modules/filters/mod_data.c (+255/-0)
modules/filters/mod_data.dep (+55/-0)
modules/filters/mod_data.dsp (+111/-0)
modules/filters/mod_data.mak (+353/-0)
modules/filters/mod_deflate.c (+1912/-0)
modules/filters/mod_deflate.dep (+52/-0)
modules/filters/mod_deflate.dsp (+111/-0)
modules/filters/mod_deflate.exp (+1/-0)
modules/filters/mod_deflate.mak (+353/-0)
modules/filters/mod_ext_filter.c (+956/-0)
modules/filters/mod_ext_filter.dep (+58/-0)
modules/filters/mod_ext_filter.dsp (+111/-0)
modules/filters/mod_ext_filter.exp (+1/-0)
modules/filters/mod_ext_filter.mak (+353/-0)
modules/filters/mod_filter.c (+767/-0)
modules/filters/mod_filter.dep (+50/-0)
modules/filters/mod_filter.dsp (+111/-0)
modules/filters/mod_filter.mak (+353/-0)
modules/filters/mod_include.c (+4236/-0)
modules/filters/mod_include.dep (+63/-0)
modules/filters/mod_include.dsp (+115/-0)
modules/filters/mod_include.exp (+1/-0)
modules/filters/mod_include.h (+120/-0)
modules/filters/mod_include.mak (+353/-0)
modules/filters/mod_proxy_html.c (+1281/-0)
modules/filters/mod_proxy_html.dep (+58/-0)
modules/filters/mod_proxy_html.dsp (+123/-0)
modules/filters/mod_proxy_html.mak (+352/-0)
modules/filters/mod_ratelimit.c (+356/-0)
modules/filters/mod_ratelimit.dep (+45/-0)
modules/filters/mod_ratelimit.dsp (+115/-0)
modules/filters/mod_ratelimit.h (+51/-0)
modules/filters/mod_ratelimit.mak (+353/-0)
modules/filters/mod_reflector.c (+226/-0)
modules/filters/mod_reflector.dep (+57/-0)
modules/filters/mod_reflector.dsp (+111/-0)
modules/filters/mod_reflector.mak (+353/-0)
modules/filters/mod_reqtimeout.c (+657/-0)
modules/filters/mod_reqtimeout.dep (+58/-0)
modules/filters/mod_reqtimeout.dsp (+111/-0)
modules/filters/mod_reqtimeout.mak (+353/-0)
modules/filters/mod_request.c (+397/-0)
modules/filters/mod_request.dep (+55/-0)
modules/filters/mod_request.dsp (+115/-0)
modules/filters/mod_request.mak (+353/-0)
modules/filters/mod_sed.c (+537/-0)
modules/filters/mod_sed.dep (+109/-0)
modules/filters/mod_sed.dsp (+135/-0)
modules/filters/mod_sed.mak (+380/-0)
modules/filters/mod_substitute.c (+730/-0)
modules/filters/mod_substitute.dep (+53/-0)
modules/filters/mod_substitute.dsp (+111/-0)
modules/filters/mod_substitute.mak (+353/-0)
modules/filters/mod_xml2enc.c (+631/-0)
modules/filters/mod_xml2enc.dep (+54/-0)
modules/filters/mod_xml2enc.dsp (+123/-0)
modules/filters/mod_xml2enc.h (+55/-0)
modules/filters/mod_xml2enc.mak (+352/-0)
modules/filters/regexp.c (+599/-0)
modules/filters/regexp.h (+112/-0)
modules/filters/sed.h (+61/-0)
modules/filters/sed0.c (+1026/-0)
modules/filters/sed1.c (+1020/-0)
modules/generators/.indent.pro (+54/-0)
modules/generators/Makefile.in (+3/-0)
modules/generators/NWGNUautoindex (+249/-0)
modules/generators/NWGNUinfo (+248/-0)
modules/generators/NWGNUmakefile (+249/-0)
modules/generators/NWGNUmod_asis (+249/-0)
modules/generators/NWGNUmod_cgi (+249/-0)
modules/generators/NWGNUstatus (+248/-0)
modules/generators/config5.m4 (+81/-0)
modules/generators/mod_asis.c (+128/-0)
modules/generators/mod_asis.dep (+56/-0)
modules/generators/mod_asis.dsp (+111/-0)
modules/generators/mod_asis.exp (+1/-0)
modules/generators/mod_asis.mak (+353/-0)
modules/generators/mod_autoindex.c (+2348/-0)
modules/generators/mod_autoindex.dep (+61/-0)
modules/generators/mod_autoindex.dsp (+111/-0)
modules/generators/mod_autoindex.exp (+1/-0)
modules/generators/mod_autoindex.mak (+353/-0)
modules/generators/mod_cgi.c (+1281/-0)
modules/generators/mod_cgi.dep (+64/-0)
modules/generators/mod_cgi.dsp (+115/-0)
modules/generators/mod_cgi.exp (+1/-0)
modules/generators/mod_cgi.h (+67/-0)
modules/generators/mod_cgi.mak (+353/-0)
modules/generators/mod_cgid.c (+1980/-0)
modules/generators/mod_cgid.exp (+1/-0)
modules/generators/mod_info.c (+1011/-0)
modules/generators/mod_info.dep (+66/-0)
modules/generators/mod_info.dsp (+111/-0)
modules/generators/mod_info.exp (+1/-0)
modules/generators/mod_info.mak (+353/-0)
modules/generators/mod_status.c (+1014/-0)
modules/generators/mod_status.dep (+60/-0)
modules/generators/mod_status.dsp (+111/-0)
modules/generators/mod_status.exp (+1/-0)
modules/generators/mod_status.h (+64/-0)
modules/generators/mod_status.mak (+353/-0)
modules/generators/mod_suexec.c (+139/-0)
modules/generators/mod_suexec.h (+33/-0)
modules/http/.indent.pro (+54/-0)
modules/http/Makefile.in (+3/-0)
modules/http/byterange_filter.c (+611/-0)
modules/http/chunk_filter.c (+196/-0)
modules/http/config.m4 (+20/-0)
modules/http/http_core.c (+328/-0)
modules/http/http_etag.c (+220/-0)
modules/http/http_filters.c (+1907/-0)
modules/http/http_protocol.c (+1690/-0)
modules/http/http_request.c (+836/-0)
modules/http/mod_mime.c (+1026/-0)
modules/http/mod_mime.dep (+55/-0)
modules/http/mod_mime.dsp (+111/-0)
modules/http/mod_mime.exp (+1/-0)
modules/http/mod_mime.mak (+353/-0)
modules/http2/.gitignore (+35/-0)
modules/http2/Makefile.in (+20/-0)
modules/http2/NWGNUmakefile (+246/-0)
modules/http2/NWGNUmod_http2 (+395/-0)
modules/http2/NWGNUproxyht2 (+288/-0)
modules/http2/README.h2 (+70/-0)
modules/http2/config2.m4 (+235/-0)
modules/http2/h2.h (+160/-0)
modules/http2/h2_alt_svc.c (+130/-0)
modules/http2/h2_alt_svc.h (+39/-0)
modules/http2/h2_bucket_beam.c (+1273/-0)
modules/http2/h2_bucket_beam.h (+405/-0)
modules/http2/h2_bucket_eos.c (+111/-0)
modules/http2/h2_bucket_eos.h (+31/-0)
modules/http2/h2_config.c (+677/-0)
modules/http2/h2_config.h (+103/-0)
modules/http2/h2_conn.c (+366/-0)
modules/http2/h2_conn.h (+76/-0)
modules/http2/h2_conn_io.c (+388/-0)
modules/http2/h2_conn_io.h (+76/-0)
modules/http2/h2_ctx.c (+120/-0)
modules/http2/h2_ctx.h (+77/-0)
modules/http2/h2_filter.c (+560/-0)
modules/http2/h2_filter.h (+72/-0)
modules/http2/h2_from_h1.c (+862/-0)
modules/http2/h2_from_h1.h (+49/-0)
modules/http2/h2_h2.c (+765/-0)
modules/http2/h2_h2.h (+78/-0)
modules/http2/h2_headers.c (+177/-0)
modules/http2/h2_headers.h (+76/-0)
modules/http2/h2_mplx.c (+1270/-0)
modules/http2/h2_mplx.h (+329/-0)
modules/http2/h2_ngn_shed.c (+391/-0)
modules/http2/h2_ngn_shed.h (+78/-0)
modules/http2/h2_private.h (+27/-0)
modules/http2/h2_proxy_session.c (+1583/-0)
modules/http2/h2_proxy_session.h (+127/-0)
modules/http2/h2_proxy_util.c (+1336/-0)
modules/http2/h2_proxy_util.h (+255/-0)
modules/http2/h2_push.c (+1059/-0)
modules/http2/h2_push.h (+118/-0)
modules/http2/h2_request.c (+337/-0)
modules/http2/h2_request.h (+47/-0)
modules/http2/h2_session.c (+2288/-0)
modules/http2/h2_session.h (+224/-0)
modules/http2/h2_stream.c (+1083/-0)
modules/http2/h2_stream.h (+314/-0)
modules/http2/h2_switch.c (+194/-0)
modules/http2/h2_switch.h (+29/-0)
modules/http2/h2_task.c (+761/-0)
modules/http2/h2_task.h (+126/-0)
modules/http2/h2_util.c (+2010/-0)
modules/http2/h2_util.h (+543/-0)
modules/http2/h2_version.h (+40/-0)
modules/http2/h2_workers.c (+371/-0)
modules/http2/h2_workers.h (+82/-0)
modules/http2/mod_http2.c (+383/-0)
modules/http2/mod_http2.dep (+1433/-0)
modules/http2/mod_http2.dsp (+195/-0)
modules/http2/mod_http2.h (+95/-0)
modules/http2/mod_http2.mak (+542/-0)
modules/http2/mod_proxy_http2.c (+670/-0)
modules/http2/mod_proxy_http2.dep (+208/-0)
modules/http2/mod_proxy_http2.dsp (+119/-0)
modules/http2/mod_proxy_http2.h (+20/-0)
modules/http2/mod_proxy_http2.mak (+427/-0)
modules/ldap/Makefile.in (+3/-0)
modules/ldap/NWGNUmakefile (+264/-0)
modules/ldap/README.ldap (+47/-0)
modules/ldap/config.m4 (+25/-0)
modules/ldap/mod_ldap.dep (+192/-0)
modules/ldap/mod_ldap.dsp (+127/-0)
modules/ldap/mod_ldap.mak (+371/-0)
modules/ldap/util_ldap.c (+3222/-0)
modules/ldap/util_ldap_cache.c (+464/-0)
modules/ldap/util_ldap_cache.h (+204/-0)
modules/ldap/util_ldap_cache_mgr.c (+882/-0)
modules/loggers/.indent.pro (+54/-0)
modules/loggers/Makefile.in (+3/-0)
modules/loggers/NWGNUforensic (+258/-0)
modules/loggers/NWGNUlogdebug (+258/-0)
modules/loggers/NWGNUmakefile (+247/-0)
modules/loggers/NWGNUmodlogio (+258/-0)
modules/loggers/config.m4 (+20/-0)
modules/loggers/mod_log_config.c (+1858/-0)
modules/loggers/mod_log_config.dep (+62/-0)
modules/loggers/mod_log_config.dsp (+111/-0)
modules/loggers/mod_log_config.exp (+1/-0)
modules/loggers/mod_log_config.h (+74/-0)
modules/loggers/mod_log_config.mak (+353/-0)
modules/loggers/mod_log_debug.c (+287/-0)
modules/loggers/mod_log_debug.dep (+54/-0)
modules/loggers/mod_log_debug.dsp (+111/-0)
modules/loggers/mod_log_debug.mak (+325/-0)
modules/loggers/mod_log_forensic.c (+289/-0)
modules/loggers/mod_log_forensic.dep (+53/-0)
modules/loggers/mod_log_forensic.dsp (+111/-0)
modules/loggers/mod_log_forensic.exp (+1/-0)
modules/loggers/mod_log_forensic.mak (+353/-0)
modules/loggers/mod_logio.c (+284/-0)
modules/loggers/mod_logio.dep (+59/-0)
modules/loggers/mod_logio.dsp (+111/-0)
modules/loggers/mod_logio.mak (+353/-0)
modules/lua/Makefile.in (+3/-0)
modules/lua/NWGNUmakefile (+287/-0)
modules/lua/README (+54/-0)
modules/lua/config.m4 (+113/-0)
modules/lua/docs/README (+12/-0)
modules/lua/docs/basic-configuration.txt (+141/-0)
modules/lua/docs/building-from-subversion.txt (+72/-0)
modules/lua/docs/running-developer-tests.txt (+16/-0)
modules/lua/docs/writing-handlers.txt (+49/-0)
modules/lua/lua_apr.c (+104/-0)
modules/lua/lua_apr.h (+36/-0)
modules/lua/lua_config.c (+277/-0)
modules/lua/lua_config.h (+31/-0)
modules/lua/lua_dbd.c (+843/-0)
modules/lua/lua_dbd.h (+66/-0)
modules/lua/lua_passwd.c (+178/-0)
modules/lua/lua_passwd.h (+90/-0)
modules/lua/lua_request.c (+3024/-0)
modules/lua/lua_request.h (+58/-0)
modules/lua/lua_vmprep.c (+551/-0)
modules/lua/lua_vmprep.h (+147/-0)
modules/lua/mod_lua.c (+2174/-0)
modules/lua/mod_lua.dep (+418/-0)
modules/lua/mod_lua.dsp (+163/-0)
modules/lua/mod_lua.h (+177/-0)
modules/lua/mod_lua.mak (+407/-0)
modules/lua/test/helpers.lua (+36/-0)
modules/lua/test/htdocs/config_tests.lua (+37/-0)
modules/lua/test/htdocs/filters.lua (+7/-0)
modules/lua/test/htdocs/find_me.txt (+1/-0)
modules/lua/test/htdocs/headers.lua (+6/-0)
modules/lua/test/htdocs/hooks.lua (+29/-0)
modules/lua/test/htdocs/other.lua (+21/-0)
modules/lua/test/htdocs/simple.lua (+4/-0)
modules/lua/test/htdocs/test.lua (+129/-0)
modules/lua/test/lib/kangaroo.lua (+19/-0)
modules/lua/test/moonunit.lua (+52/-0)
modules/lua/test/test.lua (+126/-0)
modules/lua/test/test_httpd.conf (+31/-0)
modules/mappers/.indent.pro (+54/-0)
modules/mappers/Makefile.in (+3/-0)
modules/mappers/NWGNUactions (+248/-0)
modules/mappers/NWGNUimagemap (+249/-0)
modules/mappers/NWGNUmakefile (+250/-0)
modules/mappers/NWGNUrewrite (+250/-0)
modules/mappers/NWGNUspeling (+248/-0)
modules/mappers/NWGNUuserdir (+249/-0)
modules/mappers/NWGNUvhost (+249/-0)
modules/mappers/config9.m4 (+19/-0)
modules/mappers/mod_actions.c (+230/-0)
modules/mappers/mod_actions.dep (+58/-0)
modules/mappers/mod_actions.dsp (+111/-0)
modules/mappers/mod_actions.exp (+1/-0)
modules/mappers/mod_actions.mak (+353/-0)
modules/mappers/mod_alias.c (+726/-0)
modules/mappers/mod_alias.dep (+51/-0)
modules/mappers/mod_alias.dsp (+111/-0)
modules/mappers/mod_alias.exp (+1/-0)
modules/mappers/mod_alias.mak (+353/-0)
modules/mappers/mod_dir.c (+417/-0)
modules/mappers/mod_dir.dep (+60/-0)
modules/mappers/mod_dir.dsp (+111/-0)
modules/mappers/mod_dir.exp (+1/-0)
modules/mappers/mod_dir.mak (+353/-0)
modules/mappers/mod_imagemap.c (+897/-0)
modules/mappers/mod_imagemap.dep (+60/-0)
modules/mappers/mod_imagemap.dsp (+111/-0)
modules/mappers/mod_imagemap.exp (+1/-0)
modules/mappers/mod_imagemap.mak (+353/-0)
modules/mappers/mod_negotiation.c (+3228/-0)
modules/mappers/mod_negotiation.dep (+58/-0)
modules/mappers/mod_negotiation.dsp (+111/-0)
modules/mappers/mod_negotiation.exp (+1/-0)
modules/mappers/mod_negotiation.mak (+353/-0)
modules/mappers/mod_rewrite.c (+5326/-0)
modules/mappers/mod_rewrite.dep (+65/-0)
modules/mappers/mod_rewrite.dsp (+111/-0)
modules/mappers/mod_rewrite.exp (+1/-0)
modules/mappers/mod_rewrite.h (+42/-0)
modules/mappers/mod_rewrite.mak (+353/-0)
modules/mappers/mod_speling.c (+533/-0)
modules/mappers/mod_speling.dep (+51/-0)
modules/mappers/mod_speling.dsp (+111/-0)
modules/mappers/mod_speling.exp (+1/-0)
modules/mappers/mod_speling.mak (+353/-0)
modules/mappers/mod_userdir.c (+390/-0)
modules/mappers/mod_userdir.dep (+46/-0)
modules/mappers/mod_userdir.dsp (+111/-0)
modules/mappers/mod_userdir.exp (+1/-0)
modules/mappers/mod_userdir.mak (+353/-0)
modules/mappers/mod_vhost_alias.c (+457/-0)
modules/mappers/mod_vhost_alias.dep (+50/-0)
modules/mappers/mod_vhost_alias.dsp (+111/-0)
modules/mappers/mod_vhost_alias.exp (+1/-0)
modules/mappers/mod_vhost_alias.mak (+353/-0)
modules/metadata/.indent.pro (+54/-0)
modules/metadata/Makefile.in (+3/-0)
modules/metadata/NWGNUcernmeta (+248/-0)
modules/metadata/NWGNUexpires (+248/-0)
modules/metadata/NWGNUheaders (+249/-0)
modules/metadata/NWGNUmakefile (+254/-0)
modules/metadata/NWGNUmimemagi (+248/-0)
modules/metadata/NWGNUmodident (+248/-0)
modules/metadata/NWGNUmodversion (+248/-0)
modules/metadata/NWGNUremoteip (+248/-0)
modules/metadata/NWGNUuniqueid (+257/-0)
modules/metadata/NWGNUusertrk (+248/-0)
modules/metadata/config.m4 (+24/-0)
modules/metadata/mod_cern_meta.c (+371/-0)
modules/metadata/mod_cern_meta.dep (+55/-0)
modules/metadata/mod_cern_meta.dsp (+111/-0)
modules/metadata/mod_cern_meta.exp (+1/-0)
modules/metadata/mod_cern_meta.mak (+353/-0)
modules/metadata/mod_env.c (+190/-0)
modules/metadata/mod_env.dep (+47/-0)
modules/metadata/mod_env.dsp (+111/-0)
modules/metadata/mod_env.exp (+1/-0)
modules/metadata/mod_env.mak (+353/-0)
modules/metadata/mod_expires.c (+571/-0)
modules/metadata/mod_expires.dep (+54/-0)
modules/metadata/mod_expires.dsp (+111/-0)
modules/metadata/mod_expires.exp (+1/-0)
modules/metadata/mod_expires.mak (+353/-0)
modules/metadata/mod_headers.c (+1020/-0)
modules/metadata/mod_headers.dep (+57/-0)
modules/metadata/mod_headers.dsp (+111/-0)
modules/metadata/mod_headers.exp (+1/-0)
modules/metadata/mod_headers.mak (+353/-0)
modules/metadata/mod_ident.c (+344/-0)
modules/metadata/mod_ident.dep (+52/-0)
modules/metadata/mod_ident.dsp (+111/-0)
modules/metadata/mod_ident.exp (+1/-0)
modules/metadata/mod_ident.mak (+353/-0)
modules/metadata/mod_mime_magic.c (+2471/-0)
modules/metadata/mod_mime_magic.dep (+58/-0)
modules/metadata/mod_mime_magic.dsp (+111/-0)
modules/metadata/mod_mime_magic.exp (+1/-0)
modules/metadata/mod_mime_magic.mak (+353/-0)
modules/metadata/mod_remoteip.c (+466/-0)
modules/metadata/mod_remoteip.dep (+53/-0)
modules/metadata/mod_remoteip.dsp (+111/-0)
modules/metadata/mod_remoteip.mak (+353/-0)
modules/metadata/mod_setenvif.c (+648/-0)
modules/metadata/mod_setenvif.dep (+56/-0)
modules/metadata/mod_setenvif.dsp (+111/-0)
modules/metadata/mod_setenvif.exp (+1/-0)
modules/metadata/mod_setenvif.mak (+353/-0)
modules/metadata/mod_unique_id.c (+316/-0)
modules/metadata/mod_unique_id.dep (+50/-0)
modules/metadata/mod_unique_id.dsp (+111/-0)
modules/metadata/mod_unique_id.exp (+1/-0)
modules/metadata/mod_unique_id.mak (+353/-0)
modules/metadata/mod_usertrack.c (+459/-0)
modules/metadata/mod_usertrack.dep (+51/-0)
modules/metadata/mod_usertrack.dsp (+111/-0)
modules/metadata/mod_usertrack.exp (+1/-0)
modules/metadata/mod_usertrack.mak (+353/-0)
modules/metadata/mod_version.c (+313/-0)
modules/metadata/mod_version.dep (+45/-0)
modules/metadata/mod_version.dsp (+111/-0)
modules/metadata/mod_version.exp (+1/-0)
modules/metadata/mod_version.mak (+353/-0)
modules/proxy/.indent.pro (+58/-0)
modules/proxy/CHANGES (+223/-0)
modules/proxy/Makefile.in (+4/-0)
modules/proxy/NWGNUmakefile (+259/-0)
modules/proxy/NWGNUproxy (+337/-0)
modules/proxy/NWGNUproxyajp (+264/-0)
modules/proxy/NWGNUproxybalancer (+260/-0)
modules/proxy/NWGNUproxycon (+251/-0)
modules/proxy/NWGNUproxyexpress (+256/-0)
modules/proxy/NWGNUproxyfcgi (+261/-0)
modules/proxy/NWGNUproxyftp (+260/-0)
modules/proxy/NWGNUproxyhcheck (+254/-0)
modules/proxy/NWGNUproxyhtp (+260/-0)
modules/proxy/NWGNUproxylbm_busy (+250/-0)
modules/proxy/NWGNUproxylbm_hb (+251/-0)
modules/proxy/NWGNUproxylbm_req (+251/-0)
modules/proxy/NWGNUproxylbm_traf (+251/-0)
modules/proxy/NWGNUproxyscgi (+260/-0)
modules/proxy/NWGNUproxywstunnel (+250/-0)
modules/proxy/ajp.h (+520/-0)
modules/proxy/ajp_header.c (+885/-0)
modules/proxy/ajp_header.h (+195/-0)
modules/proxy/ajp_link.c (+115/-0)
modules/proxy/ajp_msg.c (+641/-0)
modules/proxy/ajp_utils.c (+137/-0)
modules/proxy/balancers/Makefile.in (+3/-0)
modules/proxy/balancers/config2.m4 (+8/-0)
modules/proxy/balancers/mod_lbmethod_bybusyness.c (+161/-0)
modules/proxy/balancers/mod_lbmethod_bybusyness.dep (+76/-0)
modules/proxy/balancers/mod_lbmethod_bybusyness.dsp (+123/-0)
modules/proxy/balancers/mod_lbmethod_bybusyness.mak (+408/-0)
modules/proxy/balancers/mod_lbmethod_byrequests.c (+201/-0)
modules/proxy/balancers/mod_lbmethod_byrequests.dep (+76/-0)
modules/proxy/balancers/mod_lbmethod_byrequests.dsp (+123/-0)
modules/proxy/balancers/mod_lbmethod_byrequests.mak (+408/-0)
modules/proxy/balancers/mod_lbmethod_bytraffic.c (+170/-0)
modules/proxy/balancers/mod_lbmethod_bytraffic.dep (+76/-0)
modules/proxy/balancers/mod_lbmethod_bytraffic.dsp (+123/-0)
modules/proxy/balancers/mod_lbmethod_bytraffic.mak (+408/-0)
modules/proxy/balancers/mod_lbmethod_heartbeat.c (+467/-0)
modules/proxy/balancers/mod_lbmethod_heartbeat.dep (+77/-0)
modules/proxy/balancers/mod_lbmethod_heartbeat.dsp (+123/-0)
modules/proxy/balancers/mod_lbmethod_heartbeat.mak (+408/-0)
modules/proxy/config.m4 (+76/-0)
modules/proxy/libproxy.exp (+1/-0)
modules/proxy/mod_proxy.c (+2916/-0)
modules/proxy/mod_proxy.dep (+153/-0)
modules/proxy/mod_proxy.dsp (+127/-0)
modules/proxy/mod_proxy.h (+1211/-0)
modules/proxy/mod_proxy.mak (+361/-0)
modules/proxy/mod_proxy_ajp.c (+829/-0)
modules/proxy/mod_proxy_ajp.dep (+356/-0)
modules/proxy/mod_proxy_ajp.dsp (+151/-0)
modules/proxy/mod_proxy_ajp.mak (+416/-0)
modules/proxy/mod_proxy_balancer.c (+1829/-0)
modules/proxy/mod_proxy_balancer.dep (+76/-0)
modules/proxy/mod_proxy_balancer.dsp (+123/-0)
modules/proxy/mod_proxy_balancer.mak (+380/-0)
modules/proxy/mod_proxy_connect.c (+486/-0)
modules/proxy/mod_proxy_connect.dep (+73/-0)
modules/proxy/mod_proxy_connect.dsp (+123/-0)
modules/proxy/mod_proxy_connect.mak (+380/-0)
modules/proxy/mod_proxy_express.c (+221/-0)
modules/proxy/mod_proxy_express.dep (+74/-0)
modules/proxy/mod_proxy_express.dsp (+123/-0)
modules/proxy/mod_proxy_express.mak (+380/-0)
modules/proxy/mod_proxy_fcgi.c (+1174/-0)
modules/proxy/mod_proxy_fcgi.dep (+75/-0)
modules/proxy/mod_proxy_fcgi.dsp (+123/-0)
modules/proxy/mod_proxy_fcgi.mak (+380/-0)
modules/proxy/mod_proxy_fdpass.c (+241/-0)
modules/proxy/mod_proxy_fdpass.h (+41/-0)
modules/proxy/mod_proxy_ftp.c (+2125/-0)
modules/proxy/mod_proxy_ftp.dep (+74/-0)
modules/proxy/mod_proxy_ftp.dsp (+123/-0)
modules/proxy/mod_proxy_ftp.mak (+380/-0)
modules/proxy/mod_proxy_hcheck.c (+1224/-0)
modules/proxy/mod_proxy_hcheck.dep (+5/-0)
modules/proxy/mod_proxy_hcheck.dsp (+123/-0)
modules/proxy/mod_proxy_hcheck.mak (+380/-0)
modules/proxy/mod_proxy_http.c (+2043/-0)
modules/proxy/mod_proxy_http.dep (+73/-0)
modules/proxy/mod_proxy_http.dsp (+123/-0)
modules/proxy/mod_proxy_http.mak (+380/-0)
modules/proxy/mod_proxy_scgi.c (+674/-0)
modules/proxy/mod_proxy_scgi.dep (+75/-0)
modules/proxy/mod_proxy_scgi.dsp (+123/-0)
modules/proxy/mod_proxy_scgi.mak (+380/-0)
modules/proxy/mod_proxy_wstunnel.c (+390/-0)
modules/proxy/mod_proxy_wstunnel.dep (+73/-0)
modules/proxy/mod_proxy_wstunnel.dsp (+123/-0)
modules/proxy/mod_proxy_wstunnel.mak (+380/-0)
modules/proxy/proxy_util.c (+3867/-0)
modules/proxy/proxy_util.h (+45/-0)
modules/proxy/scgi.h (+36/-0)
modules/session/Makefile.in (+4/-0)
modules/session/NWGNUmakefile (+257/-0)
modules/session/NWGNUsession (+254/-0)
modules/session/NWGNUsession_cookie (+253/-0)
modules/session/NWGNUsession_crypto (+255/-0)
modules/session/NWGNUsession_dbd (+253/-0)
modules/session/config.m4 (+68/-0)
modules/session/mod_session.c (+668/-0)
modules/session/mod_session.dep (+56/-0)
modules/session/mod_session.dsp (+115/-0)
modules/session/mod_session.h (+186/-0)
modules/session/mod_session.mak (+353/-0)
modules/session/mod_session_cookie.c (+284/-0)
modules/session/mod_session_cookie.dep (+49/-0)
modules/session/mod_session_cookie.dsp (+111/-0)
modules/session/mod_session_cookie.mak (+381/-0)
modules/session/mod_session_crypto.c (+805/-0)
modules/session/mod_session_crypto.dep (+57/-0)
modules/session/mod_session_crypto.dsp (+111/-0)
modules/session/mod_session_crypto.mak (+381/-0)
modules/session/mod_session_dbd.c (+640/-0)
modules/session/mod_session_dbd.dep (+60/-0)
modules/session/mod_session_dbd.dsp (+111/-0)
modules/session/mod_session_dbd.mak (+409/-0)
modules/slotmem/Makefile.in (+3/-0)
modules/slotmem/NWGNUmakefile (+246/-0)
modules/slotmem/NWGNUslotmem_plain (+250/-0)
modules/slotmem/NWGNUslotmem_shm (+250/-0)
modules/slotmem/config.m4 (+10/-0)
modules/slotmem/mod_slotmem_plain.c (+343/-0)
modules/slotmem/mod_slotmem_plain.dep (+51/-0)
modules/slotmem/mod_slotmem_plain.dsp (+111/-0)
modules/slotmem/mod_slotmem_plain.mak (+353/-0)
modules/slotmem/mod_slotmem_shm.c (+809/-0)
modules/slotmem/mod_slotmem_shm.dep (+57/-0)
modules/slotmem/mod_slotmem_shm.dsp (+111/-0)
modules/slotmem/mod_slotmem_shm.mak (+353/-0)
modules/ssl/Makefile.in (+20/-0)
modules/ssl/NWGNUmakefile (+327/-0)
modules/ssl/README (+106/-0)
modules/ssl/README.dsov.fig (+346/-0)
modules/ssl/README.dsov.ps (+1138/-0)
modules/ssl/config.m4 (+57/-0)
modules/ssl/mod_ssl.c (+716/-0)
modules/ssl/mod_ssl.dep (+1086/-0)
modules/ssl/mod_ssl.dsp (+195/-0)
modules/ssl/mod_ssl.h (+88/-0)
modules/ssl/mod_ssl.mak (+500/-0)
modules/ssl/mod_ssl_openssl.h (+73/-0)
modules/ssl/ssl_engine_config.c (+2032/-0)
modules/ssl/ssl_engine_init.c (+2020/-0)
modules/ssl/ssl_engine_io.c (+2215/-0)
modules/ssl/ssl_engine_kernel.c (+2457/-0)
modules/ssl/ssl_engine_log.c (+238/-0)
modules/ssl/ssl_engine_mutex.c (+111/-0)
modules/ssl/ssl_engine_ocsp.c (+304/-0)
modules/ssl/ssl_engine_pphrase.c (+621/-0)
modules/ssl/ssl_engine_rand.c (+177/-0)
modules/ssl/ssl_engine_vars.c (+1244/-0)
modules/ssl/ssl_private.h (+1068/-0)
modules/ssl/ssl_scache.c (+239/-0)
modules/ssl/ssl_util.c (+471/-0)
modules/ssl/ssl_util_ocsp.c (+419/-0)
modules/ssl/ssl_util_ssl.c (+505/-0)
modules/ssl/ssl_util_ssl.h (+78/-0)
modules/ssl/ssl_util_stapling.c (+873/-0)
modules/test/.indent.pro (+54/-0)
modules/test/Makefile.in (+3/-0)
modules/test/NWGNUmakefile (+257/-0)
modules/test/NWGNUoptfnexport (+256/-0)
modules/test/NWGNUoptfnimport (+256/-0)
modules/test/NWGNUopthookexport (+256/-0)
modules/test/NWGNUopthookimport (+256/-0)
modules/test/README (+1/-0)
modules/test/config.m4 (+13/-0)
modules/test/mod_dialup.c (+306/-0)
modules/test/mod_optional_fn_export.c (+48/-0)
modules/test/mod_optional_fn_export.h (+19/-0)
modules/test/mod_optional_fn_import.c (+55/-0)
modules/test/mod_optional_hook_export.c (+44/-0)
modules/test/mod_optional_hook_export.h (+24/-0)
modules/test/mod_optional_hook_import.c (+45/-0)
os/.indent.pro (+54/-0)
os/Makefile.in (+4/-0)
os/bs2000/ebcdic.c (+210/-0)
os/bs2000/ebcdic.h (+33/-0)
os/bs2000/os.c (+136/-0)
os/bs2000/os.h (+40/-0)
os/config.m4 (+26/-0)
os/netware/modules.c (+117/-0)
os/netware/netware_config_layout.h (+31/-0)
os/netware/os.h (+57/-0)
os/netware/pre_nw.h (+70/-0)
os/netware/util_nw.c (+112/-0)
os/os2/Makefile.in (+5/-0)
os/os2/config.m4 (+3/-0)
os/os2/core.mk (+7/-0)
os/os2/core_header.def (+19/-0)
os/os2/os.h (+40/-0)
os/os2/util_os2.c (+39/-0)
os/unix/Makefile.in (+5/-0)
os/unix/config.m4 (+7/-0)
os/unix/os.h (+52/-0)
os/unix/unixd.c (+690/-0)
os/unix/unixd.h (+142/-0)
os/win32/BaseAddr.ref (+132/-0)
os/win32/Makefile.in (+5/-0)
os/win32/ap_regkey.c (+642/-0)
os/win32/modules.c (+56/-0)
os/win32/os.h (+139/-0)
os/win32/util_win32.c (+148/-0)
os/win32/win32_config_layout.h (+31/-0)
server/.indent.pro (+54/-0)
server/Makefile.in (+103/-0)
server/NWGNUmakefile (+261/-0)
server/buildmark.c (+29/-0)
server/config.c (+2699/-0)
server/config.m4 (+19/-0)
server/connection.c (+228/-0)
server/core.c (+5401/-0)
server/core_filters.c (+889/-0)
server/eoc_bucket.c (+55/-0)
server/eor_bucket.c (+102/-0)
server/error_bucket.c (+77/-0)
server/gen_test_char.c (+173/-0)
server/gen_test_char.dep (+7/-0)
server/gen_test_char.dsp (+94/-0)
server/gen_test_char.mak (+234/-0)
server/listen.c (+938/-0)
server/log.c (+1956/-0)
server/main.c (+827/-0)
server/mpm/MPM.NAMING (+14/-0)
server/mpm/Makefile.in (+4/-0)
server/mpm/config.m4 (+128/-0)
server/mpm/config2.m4 (+89/-0)
server/mpm/event/Makefile.in (+1/-0)
server/mpm/event/config.m4 (+15/-0)
server/mpm/event/config3.m4 (+7/-0)
server/mpm/event/event.c (+3756/-0)
server/mpm/event/fdqueue.c (+533/-0)
server/mpm/event/fdqueue.h (+106/-0)
server/mpm/event/mpm_default.h (+56/-0)
server/mpm/mpmt_os2/Makefile.in (+1/-0)
server/mpm/mpmt_os2/config.m4 (+10/-0)
server/mpm/mpmt_os2/config5.m4 (+3/-0)
server/mpm/mpmt_os2/mpm_default.h (+57/-0)
server/mpm/mpmt_os2/mpmt_os2.c (+614/-0)
server/mpm/mpmt_os2/mpmt_os2_child.c (+488/-0)
server/mpm/netware/mpm_default.h (+78/-0)
server/mpm/netware/mpm_netware.c (+1363/-0)
server/mpm/prefork/Makefile.in (+1/-0)
server/mpm/prefork/config.m4 (+7/-0)
server/mpm/prefork/config3.m4 (+1/-0)
server/mpm/prefork/mpm_default.h (+51/-0)
server/mpm/prefork/prefork.c (+1516/-0)
server/mpm/winnt/Makefile.in (+1/-0)
server/mpm/winnt/child.c (+1266/-0)
server/mpm/winnt/config.m4 (+10/-0)
server/mpm/winnt/config3.m4 (+2/-0)
server/mpm/winnt/mpm_default.h (+60/-0)
server/mpm/winnt/mpm_winnt.c (+1785/-0)
server/mpm/winnt/mpm_winnt.h (+96/-0)
server/mpm/winnt/nt_eventlog.c (+171/-0)
server/mpm/winnt/service.c (+1241/-0)
server/mpm/worker/Makefile.in (+2/-0)
server/mpm/worker/config.m4 (+11/-0)
server/mpm/worker/config3.m4 (+5/-0)
server/mpm/worker/fdqueue.c (+412/-0)
server/mpm/worker/fdqueue.h (+75/-0)
server/mpm/worker/mpm_default.h (+55/-0)
server/mpm/worker/worker.c (+2382/-0)
server/mpm_common.c (+571/-0)
server/mpm_unix.c (+1078/-0)
server/protocol.c (+2391/-0)
server/provider.c (+197/-0)
server/request.c (+2511/-0)
server/scoreboard.c (+666/-0)
server/util.c (+3309/-0)
server/util_cfgtree.c (+46/-0)
server/util_charset.c (+28/-0)
server/util_cookies.c (+290/-0)
server/util_debug.c (+225/-0)
server/util_ebcdic.c (+117/-0)
server/util_expr_eval.c (+1822/-0)
server/util_expr_parse.c (+2130/-0)
server/util_expr_parse.h (+104/-0)
server/util_expr_parse.y (+217/-0)
server/util_expr_private.h (+141/-0)
server/util_expr_scan.c (+2669/-0)
server/util_expr_scan.l (+400/-0)
server/util_fcgi.c (+290/-0)
server/util_filter.c (+732/-0)
server/util_md5.c (+166/-0)
server/util_mutex.c (+561/-0)
server/util_pcre.c (+299/-0)
server/util_regex.c (+210/-0)
server/util_script.c (+900/-0)
server/util_time.c (+306/-0)
server/util_xml.c (+140/-0)
server/vhost.c (+1267/-0)
srclib/Makefile.in (+5/-0)
support/.indent.pro (+54/-0)
support/Makefile.in (+89/-0)
support/NWGNUab (+330/-0)
support/NWGNUhtcacheclean (+253/-0)
support/NWGNUhtdbm (+252/-0)
support/NWGNUhtdigest (+251/-0)
support/NWGNUhtpasswd (+252/-0)
support/NWGNUhttxt2dbm (+251/-0)
support/NWGNUlogres (+258/-0)
support/NWGNUmakefile (+51/-0)
support/NWGNUrotlogs (+250/-0)
support/README (+65/-0)
support/SHA1/README.sha1 (+34/-0)
support/SHA1/convert-sha1.pl (+36/-0)
support/SHA1/htpasswd-sha1.pl (+22/-0)
support/SHA1/ldif-sha1.example (+19/-0)
support/ab.c (+2553/-0)
support/ab.dep (+37/-0)
support/ab.dsp (+106/-0)
support/ab.mak (+317/-0)
support/abs.dep (+37/-0)
support/abs.dsp (+144/-0)
support/abs.mak (+374/-0)
support/apachectl.in (+106/-0)
support/apxs.in (+791/-0)
support/check_forensic (+51/-0)
support/checkgid.c (+110/-0)
support/config.m4 (+151/-0)
support/dbmmanage.in (+312/-0)
support/envvars-std.in (+28/-0)
support/fcgistarter.c (+220/-0)
support/fcgistarter.dep (+29/-0)
support/fcgistarter.dsp (+106/-0)
support/fcgistarter.mak (+317/-0)
support/htcacheclean.c (+1829/-0)
support/htcacheclean.dep (+37/-0)
support/htcacheclean.dsp (+106/-0)
support/htcacheclean.mak (+317/-0)
support/htdbm.c (+472/-0)
support/htdbm.dep (+58/-0)
support/htdbm.dsp (+110/-0)
support/htdbm.mak (+326/-0)
support/htdigest.c (+303/-0)
support/htdigest.dep (+27/-0)
support/htdigest.dsp (+106/-0)
support/htdigest.mak (+317/-0)
support/htpasswd.c (+509/-0)
support/htpasswd.dep (+57/-0)
support/htpasswd.dsp (+110/-0)
support/htpasswd.mak (+326/-0)
support/httxt2dbm.c (+335/-0)
support/httxt2dbm.dep (+26/-0)
support/httxt2dbm.dsp (+106/-0)
support/httxt2dbm.mak (+317/-0)
support/list_hooks.pl (+101/-0)
support/log_server_status.in (+76/-0)
support/logresolve.c (+329/-0)
support/logresolve.dep (+26/-0)
support/logresolve.dsp (+106/-0)
support/logresolve.mak (+317/-0)
support/logresolve.pl.in (+225/-0)
support/passwd_common.c (+344/-0)
support/passwd_common.h (+123/-0)
support/phf_abuse_log.cgi.in (+38/-0)
support/rotatelogs.c (+731/-0)
support/rotatelogs.dep (+28/-0)
support/rotatelogs.dsp (+106/-0)
support/rotatelogs.mak (+317/-0)
support/split-logfile.in (+69/-0)
support/suexec.c (+652/-0)
support/suexec.h (+109/-0)
support/win32/ApacheMonitor.c (+1671/-0)
support/win32/ApacheMonitor.dep (+18/-0)
support/win32/ApacheMonitor.dsp (+143/-0)
support/win32/ApacheMonitor.h (+78/-0)
support/win32/ApacheMonitor.mak (+309/-0)
support/win32/ApacheMonitor.manifest (+10/-0)
support/win32/ApacheMonitor.rc (+103/-0)
support/win32/wintty.c (+374/-0)
support/win32/wintty.dep (+5/-0)
support/win32/wintty.dsp (+106/-0)
support/win32/wintty.mak (+317/-0)
test/.indent.pro (+54/-0)
test/Makefile.in (+20/-0)
test/README (+3/-0)
test/check_chunked (+58/-0)
test/cls.c (+182/-0)
test/make_sni.sh (+396/-0)
test/tcpdumpscii.txt (+50/-0)
test/test-writev.c (+101/-0)
test/test_find.c (+78/-0)
test/test_limits.c (+200/-0)
test/test_parser.c (+75/-0)
test/test_select.c (+46/-0)
test/time-sem.c (+591/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  2018-06-07 Approve on 2018-06-11
Canonical Server Team 2018-06-07 Pending
Review via email: mp+347651@code.launchpad.net

Description of the change

Please use git to review this MP. The diff generated by LP is incorrect.

Simple backport from upstream to silently ignore a non-existent file path when IncludeOptional is used. I also included documentation changes, even though this version of apache only includes the generated html and not the xml source. Another drawback is that I updated only the English doc. If preferred, I can drop that from the patch.

PPA with test packages: ppa:ahasenack/apache-includeoptional-1766186 (https://launchpad.net/~ahasenack/+archive/ubuntu/apache-includeoptional-1766186/)

Testing instructions:
sudo apt install apache2 apache2-doc
echo "IncludeOptional /etc/apache2/nothere/bug*.conf" | sudo tee /etc/apache2/conf-enabled/bug.conf
echo "IncludeOptional /etc/apache2/nothere/bug.conf" | sudo tee -a /etc/apache2/conf-enabled/bug.conf
echo "IncludeOptional /etc/apache2/bug.conf" | sudo tee -a /etc/apache2/conf-enabled/bug.conf
# this will fail with the non-fixed packages, and restart fine with the fixed packages
sudo systemctl restart apache2

Browse to http://<apache-ip>/manual/en/mod/core.html#includeoptional and verify the documentation was updated:
"""
... or if a file path does not exist on the file system.
"""

Cosmic is already fixed, since it has a newer apache where the fix was applied upstream.

To post a comment you must log in.
Christian Ehrhardt  (paelzer) wrote :

Tested from ppa - ok
Changelog - ok
Patch content - ok
Patch headers - ok
References - ok

For the sake of a review being supposed to have feedback here a micro-thing "line 1 of the patch ends in a whitespace"

review: Approve
Andreas Hasenack (ahasenack) wrote :

Thanks, fixed. Could you please push the upload tag for 4a4345b9ec249953077ac92ea875a7851f07b1bd (current bionic branch HEAD). I can upload this one.

Christian Ehrhardt  (paelzer) wrote :

pushed the tag

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 5d1ae07..e81196b 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+apache2 (2.4.29-1ubuntu4.2) bionic; urgency=medium
7+
8+ * debian/patches/includeoptional-ignore-non-existent.patch: silently
9+ ignore a not existent file path with IncludeOptional . Closes LP:
10+ #1766186.
11+
12+ -- Andreas Hasenack <andreas@canonical.com> Thu, 07 Jun 2018 18:10:10 -0300
13+
14 apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium
15
16 * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
17diff --git a/debian/patches/includeoptional-ignore-non-existent.patch b/debian/patches/includeoptional-ignore-non-existent.patch
18new file mode 100644
19index 0000000..22a6e8b
20--- /dev/null
21+++ b/debian/patches/includeoptional-ignore-non-existent.patch
22@@ -0,0 +1,61 @@
23+Description: silently ignore a not existent file path with IncludeOptional
24+ In https://bz.apache.org/bugzilla/show_bug.cgi?id=57585 some use cases
25+ were reported in which IncludeOptional seems to be too strict in its
26+ sanity checks.
27+ .
28+ This change is a proposal to relax IncludeOptional checks to silently
29+ fail when a file path is not existent rather than returning SyntaxError.
30+Origin: backport, https://github.com/apache/httpd/commit/a17ce7dd5e6277867ca48659f70c4bb8a11add56
31+Bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=57585
32+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1766186
33+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878920
34+Last-Update: 2018-06-07
35+
36+--- a/server/config.c
37++++ b/server/config.c
38+@@ -1951,6 +1951,15 @@
39+
40+ return NULL;
41+ }
42++ else if (optional) {
43++ /* If the optinal flag is set (like for IncludeOptional) we can
44++ * tolerate that no file or directory is present and bail out.
45++ */
46++ apr_finfo_t finfo;
47++ if (apr_stat(&finfo, fname, APR_FINFO_TYPE, ptemp) != APR_SUCCESS
48++ || finfo.filetype == APR_NOFILE)
49++ return NULL;
50++ }
51+
52+ return ap_process_resource_config(s, fname, conftree, p, ptemp);
53+ }
54+@@ -2001,6 +2010,12 @@
55+ */
56+ rv = apr_dir_open(&dirp, path, ptemp);
57+ if (rv != APR_SUCCESS) {
58++ /* If the directory doesn't exist and the optional flag is set
59++ * there is no need to return an error.
60++ */
61++ if (rv == APR_ENOENT && optional) {
62++ return NULL;
63++ }
64+ return apr_psprintf(p, "Could not open config directory %s: %pm",
65+ path, &rv);
66+ }
67+--- a/docs/manual/mod/core.html.en
68++++ b/docs/manual/mod/core.html.en
69+@@ -2383,10 +2383,10 @@
70+ </table>
71+ <p>This directive allows inclusion of other configuration files
72+ from within the server configuration files. It works identically to the
73+- <code class="directive"><a href="#include">Include</a></code> directive, with the
74+- exception that if wildcards do not match any file or directory, the
75+- <code class="directive"><a href="#includeoptional">IncludeOptional</a></code> directive will be
76+- silently ignored instead of causing an error.</p>
77++ <code class="directive"><a href="#include">Include</a></code> directive, but it will be
78++ silently ignored (instead of causing an error) if wildcards are used and
79++ they do not match any file or directory or if a file path does not exist
80++ on the file system.</p>
81+
82+ <h3>See also</h3>
83+ <ul>
84diff --git a/debian/patches/series b/debian/patches/series
85index b6471c0..d9d8038 100644
86--- a/debian/patches/series
87+++ b/debian/patches/series
88@@ -22,3 +22,4 @@ CVE-2018-1283.patch
89 CVE-2018-1301.patch
90 CVE-2018-1303.patch
91 CVE-2018-1312.patch
92+includeoptional-ignore-non-existent.patch
93diff --git a/docs/manual/style/latex/atbeginend.sty b/docs/manual/style/latex/atbeginend.sty
94new file mode 100644
95index 0000000..79b555d
96--- /dev/null
97+++ b/docs/manual/style/latex/atbeginend.sty
98@@ -0,0 +1,80 @@
99+% atbeginend.sty
100+%
101+% Licensed to the Apache Software Foundation (ASF) under one or more
102+% contributor license agreements. See the NOTICE file distributed with
103+% this work for additional information regarding copyright ownership.
104+% The ASF licenses this file to You under the Apache License, Version 2.0
105+% (the "License"); you may not use this file except in compliance with
106+% the License. You may obtain a copy of the License at
107+%
108+% http://www.apache.org/licenses/LICENSE-2.0
109+%
110+% Unless required by applicable law or agreed to in writing, software
111+% distributed under the License is distributed on an "AS IS" BASIS,
112+% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
113+% See the License for the specific language governing permissions and
114+% limitations under the License.
115+
116+% defines
117+% \BeforeBegin{environment}{code-to-execute}
118+% \BeforeEnd {environment}{code-to-execute}
119+% \AfterBegin {environment}{code-to-execute}
120+% \AfterEnd {environment}{code-to-execute}
121+%
122+% Save \begin and \end to \BeginEnvironment and \EndEnvironment
123+\let\BeginEnvironment=\begin
124+\let\EndEnvironment=\end
125+
126+\def\IfUnDef#1{\expandafter\ifx\csname#1\endcsname\relax}
127+
128+% Null command needed to for \nothing{something}=.nothing.
129+\def\NullCom#1{}
130+
131+\def\begin#1{%
132+%
133+% if defined \BeforeBeg for this environment, execute it
134+\IfUnDef{BeforeBeg#1}\else\csname BeforeBeg#1\endcsname\fi%
135+%
136+%
137+%
138+\IfUnDef{AfterBeg#1}% This is done to skip the command for environments
139+ % which can take arguments, like multicols; YOU MUST NOT
140+ % USE \AfterBegin{...}{...} for such environments!
141+ \let\SaveBegEng=\BeginEnvironment%
142+\else%
143+ % Start this environment
144+ \BeginEnvironment{#1}%
145+ % and execute code after \begin{environment}
146+ \csname AfterBeg#1\endcsname%
147+ %
148+ \let\SaveBegEng=\NullCom%
149+\fi%
150+\SaveBegEng{#1}%
151+}
152+
153+
154+\def\end#1{%
155+%
156+% execute code before \end{environment}
157+\IfUnDef{BeforeEnd#1}\else\csname BeforeEnd#1\endcsname\fi%
158+%
159+% close this environment
160+\EndEnvironment{#1}%
161+%
162+% and execute code after \begin{environment}
163+\IfUnDef{AfterEnd#1}\else\csname AfterEnd#1\endcsname\fi%
164+}
165+
166+
167+%% Now, define commands
168+% \BeforeBegin{environment}{code-to-execute}
169+% \BeforeEnd {environment}{code-to-execute}
170+% \AfterBegin {environment}{code-to-execute}
171+% \AfterEnd {environment}{code-to-execute}
172+
173+\def\BeforeBegin#1#2{\expandafter\gdef\csname BeforeBeg#1\endcsname
174+{#2}}
175+\def\BeforeEnd #1#2{\expandafter\gdef\csname BeforeEnd#1\endcsname
176+{#2}}
177+\def\AfterBegin #1#2{\expandafter\gdef\csname AfterBeg#1\endcsname {#2}}
178+\def\AfterEnd #1#2{\expandafter\gdef\csname AfterEnd#1\endcsname{#2}}
179diff --git a/docs/manual/style/manualpage.dtd b/docs/manual/style/manualpage.dtd
180new file mode 100644
181index 0000000..e9c22a0
182--- /dev/null
183+++ b/docs/manual/style/manualpage.dtd
184@@ -0,0 +1,29 @@
185+<?xml version='1.0' encoding='UTF-8' ?>
186+
187+<!--
188+ Licensed to the Apache Software Foundation (ASF) under one or more
189+ contributor license agreements. See the NOTICE file distributed with
190+ this work for additional information regarding copyright ownership.
191+ The ASF licenses this file to You under the Apache License, Version 2.0
192+ (the "License"); you may not use this file except in compliance with
193+ the License. You may obtain a copy of the License at
194+
195+ http://www.apache.org/licenses/LICENSE-2.0
196+
197+ Unless required by applicable law or agreed to in writing, software
198+ distributed under the License is distributed on an "AS IS" BASIS,
199+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200+ See the License for the specific language governing permissions and
201+ limitations under the License.
202+-->
203+
204+<!ENTITY % common SYSTEM "common.dtd">
205+%common;
206+
207+<!-- <manualpage> is the root element -->
208+<!ELEMENT manualpage (parentdocument?, title, summary?,
209+seealso*, section*)>
210+
211+<!ATTLIST manualpage metafile CDATA #REQUIRED
212+ upgrade CDATA #IMPLIED
213+>
214diff --git a/docs/manual/style/modulesynopsis.dtd b/docs/manual/style/modulesynopsis.dtd
215new file mode 100644
216index 0000000..1ca9b06
217--- /dev/null
218+++ b/docs/manual/style/modulesynopsis.dtd
219@@ -0,0 +1,85 @@
220+<?xml version='1.0' encoding='UTF-8' ?>
221+
222+<!--
223+ Licensed to the Apache Software Foundation (ASF) under one or more
224+ contributor license agreements. See the NOTICE file distributed with
225+ this work for additional information regarding copyright ownership.
226+ The ASF licenses this file to You under the Apache License, Version 2.0
227+ (the "License"); you may not use this file except in compliance with
228+ the License. You may obtain a copy of the License at
229+
230+ http://www.apache.org/licenses/LICENSE-2.0
231+
232+ Unless required by applicable law or agreed to in writing, software
233+ distributed under the License is distributed on an "AS IS" BASIS,
234+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
235+ See the License for the specific language governing permissions and
236+ limitations under the License.
237+-->
238+
239+<!ENTITY % sitemap SYSTEM "sitemap.dtd">
240+%sitemap;
241+
242+<!ELEMENT modulesynopsis (name , description, status, hint?, sourcefile?,
243+identifier? , compatibility? , summary? , seealso* , section*,
244+directivesynopsis*)>
245+
246+<!ATTLIST modulesynopsis metafile CDATA #REQUIRED
247+ upgrade CDATA #IMPLIED>
248+
249+<!ELEMENT directivesynopsis (name , description? , syntax? , default?
250+, contextlist? , override? , modulelist?, status?, compatibility? ,
251+usage?, seealso*)>
252+
253+<!ELEMENT name (#PCDATA)>
254+
255+<!ELEMENT status (#PCDATA)>
256+
257+<!ELEMENT hint %Inline;>
258+
259+<!ELEMENT identifier (#PCDATA)>
260+
261+<!ELEMENT sourcefile (#PCDATA)>
262+
263+<!ELEMENT compatibility %Inline;>
264+
265+<!ELEMENT description %Inline;>
266+
267+<!ATTLIST directivesynopsis type CDATA #IMPLIED
268+ location CDATA #IMPLIED >
269+
270+<!ELEMENT syntax %Inline;>
271+
272+<!ELEMENT default (#PCDATA | directive | br)*>
273+
274+<!ELEMENT contextlist (context+)+>
275+
276+<!ELEMENT context (#PCDATA)>
277+
278+<!ELEMENT override (#PCDATA)>
279+
280+<!ELEMENT usage %Block;>
281+
282+<!-- Used in index.xml -->
283+<!ELEMENT moduleindex (title, summary, seealso*)>
284+
285+<!ATTLIST moduleindex metafile CDATA #REQUIRED>
286+
287+<!-- Used in directive.xml -->
288+<!ELEMENT directiveindex (title | summary)+>
289+
290+<!ATTLIST directiveindex metafile CDATA #REQUIRED>
291+
292+<!-- Used in quickreference.xml -->
293+<!ELEMENT quickreference (title | summary | legend)+>
294+<!ATTLIST quickreference metafile CDATA #REQUIRED>
295+
296+<!ELEMENT legend (table, table)>
297+
298+<!-- Used in overrides.xml -->
299+<!ELEMENT overrideindex (title | summary | overridesummary)+>
300+<!ATTLIST overrideindex metafile CDATA #REQUIRED>
301+
302+<!ELEMENT overridesummary %Block;>
303+<!ATTLIST overridesummary class CDATA #IMPLIED
304+ fallback CDATA #IMPLIED>
305diff --git a/docs/manual/style/scripts/MINIFY b/docs/manual/style/scripts/MINIFY
306new file mode 100644
307index 0000000..2c1efc3
308--- /dev/null
309+++ b/docs/manual/style/scripts/MINIFY
310@@ -0,0 +1,5 @@
311+#!/bin/sh
312+
313+(echo '// see prettify.js for copyright, license and expanded version'; python -mrjsmin <prettify.js) >prettify.min.js
314+
315+# needs python and rjsmin installed
316diff --git a/docs/manual/style/scripts/prettify.js b/docs/manual/style/scripts/prettify.js
317new file mode 100644
318index 0000000..bb74158
319--- /dev/null
320+++ b/docs/manual/style/scripts/prettify.js
321@@ -0,0 +1,1622 @@
322+// Copyright (C) 2006 Google Inc.
323+//
324+// Licensed under the Apache License, Version 2.0 (the "License");
325+// you may not use this file except in compliance with the License.
326+// You may obtain a copy of the License at
327+//
328+// http://www.apache.org/licenses/LICENSE-2.0
329+//
330+// Unless required by applicable law or agreed to in writing, software
331+// distributed under the License is distributed on an "AS IS" BASIS,
332+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
333+// See the License for the specific language governing permissions and
334+// limitations under the License.
335+
336+
337+/**
338+ * @fileoverview
339+ * some functions for browser-side pretty printing of code contained in html.
340+ *
341+ * <p>
342+ * For a fairly comprehensive set of languages see the
343+ * <a href="http://google-code-prettify.googlecode.com/svn/trunk/README.html#langs">README</a>
344+ * file that came with this source. At a minimum, the lexer should work on a
345+ * number of languages including C and friends, Java, Python, Bash, SQL, HTML,
346+ * XML, CSS, Javascript, and Makefiles. It works passably on Ruby, PHP and Awk
347+ * and a subset of Perl, but, because of commenting conventions, doesn't work on
348+ * Smalltalk, Lisp-like, or CAML-like languages without an explicit lang class.
349+ * <p>
350+ * Usage: <ol>
351+ * <li> include this source file in an html page via
352+ * {@code <script type="text/javascript" src="/path/to/prettify.js"></script>}
353+ * <li> define style rules. See the example page for examples.
354+ * <li> mark the {@code <pre>} and {@code <code>} tags in your source with
355+ * {@code class=prettyprint.}
356+ * You can also use the (html deprecated) {@code <xmp>} tag, but the pretty
357+ * printer needs to do more substantial DOM manipulations to support that, so
358+ * some css styles may not be preserved.
359+ * </ol>
360+ * That's it. I wanted to keep the API as simple as possible, so there's no
361+ * need to specify which language the code is in, but if you wish, you can add
362+ * another class to the {@code <pre>} or {@code <code>} element to specify the
363+ * language, as in {@code <pre class="prettyprint lang-java">}. Any class that
364+ * starts with "lang-" followed by a file extension, specifies the file type.
365+ * See the "lang-*.js" files in this directory for code that implements
366+ * per-language file handlers.
367+ * <p>
368+ * Change log:<br>
369+ * cbeust, 2006/08/22
370+ * <blockquote>
371+ * Java annotations (start with "@") are now captured as literals ("lit")
372+ * </blockquote>
373+ * @requires console
374+ */
375+
376+// JSLint declarations
377+/*global console, document, navigator, setTimeout, window, define */
378+
379+/**
380+ * Split {@code prettyPrint} into multiple timeouts so as not to interfere with
381+ * UI events.
382+ * If set to {@code false}, {@code prettyPrint()} is synchronous.
383+ */
384+window['PR_SHOULD_USE_CONTINUATION'] = true;
385+
386+/**
387+ * Find all the {@code <pre>} and {@code <code>} tags in the DOM with
388+ * {@code class=prettyprint} and prettify them.
389+ *
390+ * @param {Function?} opt_whenDone if specified, called when the last entry
391+ * has been finished.
392+ */
393+var prettyPrintOne;
394+/**
395+ * Pretty print a chunk of code.
396+ *
397+ * @param {string} sourceCodeHtml code as html
398+ * @return {string} code as html, but prettier
399+ */
400+var prettyPrint;
401+
402+
403+(function () {
404+ var win = window;
405+ // Keyword lists for various languages.
406+ // We use things that coerce to strings to make them compact when minified
407+ // and to defeat aggressive optimizers that fold large string constants.
408+ var FLOW_CONTROL_KEYWORDS = ["break,continue,do,else,for,if,return,while"];
409+ var C_KEYWORDS = [FLOW_CONTROL_KEYWORDS,"auto,case,char,const,default," +
410+ "double,enum,extern,float,goto,int,long,register,short,signed,sizeof,module," +
411+ "static,struct,switch,typedef,union,unsigned,void,volatile"];
412+ var COMMON_KEYWORDS = [C_KEYWORDS,"catch,class,delete,false,import," +
413+ "new,operator,private,protected,public,this,throw,true,try,typeof"];
414+ var CPP_KEYWORDS = [COMMON_KEYWORDS,"alignof,align_union,asm,axiom,bool," +
415+ "concept,concept_map,const_cast,constexpr,decltype," +
416+ "dynamic_cast,explicit,export,friend,inline,late_check," +
417+ "mutable,namespace,nullptr,reinterpret_cast,static_assert,static_cast," +
418+ "template,typeid,typename,using,virtual,where,request_req"];
419+ var JAVA_KEYWORDS = [COMMON_KEYWORDS,
420+ "abstract,boolean,byte,extends,final,finally,implements,import," +
421+ "instanceof,null,native,package,strictfp,super,synchronized,throws," +
422+ "transient"];
423+ var CSHARP_KEYWORDS = [JAVA_KEYWORDS,
424+ "as,base,by,checked,decimal,delegate,descending,dynamic,event," +
425+ "fixed,foreach,from,group,implicit,in,interface,internal,into,is,let," +
426+ "lock,object,out,override,orderby,params,partial,readonly,ref,sbyte," +
427+ "sealed,stackalloc,string,select,uint,ulong,unchecked,unsafe,ushort," +
428+ "var,virtual,where"];
429+ var COFFEE_KEYWORDS = "all,and,by,catch,class,else,extends,false,finally," +
430+ "for,if,in,is,isnt,loop,new,no,not,null,of,off,on,or,return,super,then," +
431+ "throw,true,try,unless,until,when,while,yes";
432+ var JSCRIPT_KEYWORDS = [COMMON_KEYWORDS,
433+ "debugger,eval,export,function,get,null,set,undefined,var,with," +
434+ "Infinity,NaN"];
435+ var PERL_KEYWORDS = "caller,delete,die,do,dump,else,elsif,eval,exit,foreach,for," +
436+ "goto,if,import,last,local,my,next,no,our,print,printf,package,redo,require," +
437+ "sub,undef,unless,until,use,wantarray,while,BEGIN,END";
438+ var PHP_KEYWORDS = "abstract,and,array,as,break,case,catch,cfunction,class," +
439+ "clone,const,continue,declare,default,do,else,elseif,enddeclare,endfor," +
440+ "endforeach,endif,endswitch,endwhile,extends,final,for,foreach,function," +
441+ "global,goto,if,implements,interface,instanceof,namespace,new,old_function," +
442+ "or,private,protected,public,static,switch,throw,try,use,var,while,xor," +
443+ "die,echo,empty,exit,eval,include,include_once,isset,list,require," +
444+ "require_once,return,print,unset";
445+ var PYTHON_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "and,as,assert,class,def,del," +
446+ "elif,except,exec,finally,from,global,import,in,is,lambda," +
447+ "nonlocal,not,or,pass,print,raise,try,with,yield," +
448+ "False,True,None"];
449+ var RUBY_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "alias,and,begin,case,class," +
450+ "def,defined,elsif,end,ensure,false,in,module,next,nil,not,or,redo," +
451+ "rescue,retry,self,super,then,true,undef,unless,until,when,yield," +
452+ "BEGIN,END"];
453+ var SH_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "case,done,elif,esac,eval,fi," +
454+ "function,in,local,set,then,until,echo"];
455+ var CONFIG_ENVS = ["User-Agent,HTTP_USER_AGENT,HTTP_REFERER,HTTP_COOKIE,HTTP_FORWARDED,HTTP_HOST,HTTP_PROXY_CONNECTION,HTTP_ACCEPT,REMOTE_ADDR,REMOTE_HOST,REMOTE_PORT,REMOTE_USER,REMOTE_IDENT,REQUEST_METHOD,SCRIPT_FILENAME,PATH_INFO,QUERY_STRING,AUTH_TYPE,DOCUMENT_ROOT,SERVER_ADMIN,SERVER_NAME,SERVER_ADDR,SERVER_PORT,SERVER_PROTOCOL,SERVER_SOFTWARE,TIME_YEAR,TIME_MON,TIME_DAY,TIME_HOUR,TIME_MIN,TIME_SEC,TIME_WDAY,TIME,API_VERSION,THE_REQUEST,REQUEST_URI,REQUEST_FILENAME,IS_SUBREQ,HTTPS,REQUEST_SCHEME"];
456+ var CONFIG_KEYWORDS = ["AcceptFilter,AcceptPathInfo,AccessFileName,Action,AddAlt,AddAltByEncoding,AddAltByType,AddCharset,AddDefaultCharset,AddDescription,AddEncoding,AddHandler,AddIcon,AddIconByEncoding,AddIconByType,AddInputFilter,AddLanguage,AddModuleInfo,AddOutputFilter,AddOutputFilterByType,AddType,Alias,AliasMatch,Allow,AllowCONNECT,AllowEncodedSlashes,AllowMethods,AllowOverride,AllowOverrideList,Anonymous,Anonymous_LogEmail,Anonymous_MustGiveEmail,Anonymous_NoUserID,Anonymous_VerifyEmail,AsyncRequestWorkerFactor,AuthBasicAuthoritative,AuthBasicFake,AuthBasicProvider,AuthBasicUseDigestAlgorithm,AuthDBDUserPWQuery,AuthDBDUserRealmQuery,AuthDBMGroupFile,AuthDBMType,AuthDBMUserFile,AuthDigestAlgorithm,AuthDigestDomain,AuthDigestNonceLifetime,AuthDigestProvider,AuthDigestQop,AuthDigestShmemSize,AuthFormAuthoritative,AuthFormBody,AuthFormDisableNoStore,AuthFormFakeBasicAuth,AuthFormLocation,AuthFormLoginRequiredLocation,AuthFormLoginSuccessLocation,AuthFormLogoutLocation,AuthFormMethod,AuthFormMimetype,AuthFormPassword,AuthFormProvider,AuthFormSitePassphrase,AuthFormSize,AuthFormUsername,AuthGroupFile,AuthLDAPAuthorizePrefix,AuthLDAPBindAuthoritative,AuthLDAPBindDN,AuthLDAPBindPassword,AuthLDAPCharsetConfig,AuthLDAPCompareAsUser,AuthLDAPCompareDNOnServer,AuthLDAPDereferenceAliases,AuthLDAPGroupAttribute,AuthLDAPGroupAttributeIsDN,AuthLDAPInitialBindAsUser,AuthLDAPInitialBindPattern,AuthLDAPMaxSubGroupDepth,AuthLDAPRemoteUserAttribute,AuthLDAPRemoteUserIsDN,AuthLDAPSearchAsUser,AuthLDAPSubGroupAttribute,AuthLDAPSubGroupClass,AuthLDAPUrl,AuthMerging,AuthName,AuthnCacheContext,AuthnCacheEnable,AuthnCacheProvideFor,AuthnCacheSOCache,AuthnCacheTimeout,<AuthnProviderAlias>,AuthnzFcgiCheckAuthnProvider,AuthnzFcgiDefineProvider,AuthType,AuthUserFile,AuthzDBDLoginToReferer,AuthzDBDQuery,AuthzDBDRedirectQuery,AuthzDBMType,<AuthzProviderAlias>,AuthzSendForbiddenOnFailure,BalancerGrowth,BalancerInherit,BalancerMember,BalancerPersist,BrotliAlterETag,BrotliCompressionMaxInputBlock,BrotliCompressionQuality,BrotliCompressionWindow,BrotliFilterNote,BrowserMatch,BrowserMatchNoCase,BufferedLogs,BufferSize,CacheDefaultExpire,CacheDetailHeader,CacheDirLength,CacheDirLevels,CacheDisable,CacheEnable,CacheFile,CacheHeader,CacheIgnoreCacheControl,CacheIgnoreHeaders,CacheIgnoreNoLastMod,CacheIgnoreQueryString,CacheIgnoreURLSessionIdentifiers,CacheKeyBaseURL,CacheLastModifiedFactor,CacheLock,CacheLockMaxAge,CacheLockPath,CacheMaxExpire,CacheMaxFileSize,CacheMinExpire,CacheMinFileSize,CacheNegotiatedDocs,CacheQuickHandler,CacheReadSize,CacheReadTime,CacheRoot,CacheSocache,CacheSocacheMaxSize,CacheSocacheMaxTime,CacheSocacheMinTime,CacheSocacheReadSize,CacheSocacheReadTime,CacheStaleOnError,CacheStoreExpired,CacheStoreNoStore,CacheStorePrivate,CGIDScriptTimeout,CGIMapExtension,CGIPassAuth,CGIVar,CharsetDefault,CharsetOptions,CharsetSourceEnc,CheckCaseOnly,CheckSpelling,ChrootDir,ContentDigest,CookieDomain,CookieExpires,CookieName,CookieStyle,CookieTracking,CoreDumpDirectory,CustomLog,Dav,DavDepthInfinity,DavGenericLockDB,DavLockDB,DavMinTimeout,DBDExptime,DBDInitSQL,DBDKeep,DBDMax,DBDMin,DBDParams,DBDPersist,DBDPrepareSQL,DBDriver,DefaultIcon,DefaultLanguage,DefaultRuntimeDir,DefaultType,Define,DeflateBufferSize,DeflateCompressionLevel,DeflateFilterNote,DeflateInflateLimitRequestBody,DeflateInflateRatioBurst,DeflateInflateRatioLimit,DeflateMemLevel,DeflateWindowSize,Deny,<Directory>,DirectoryCheckHandler,DirectoryIndex,DirectoryIndexRedirect,<DirectoryMatch>,DirectorySlash,DocumentRoot,DTracePrivileges,DumpIOInput,DumpIOOutput,<Else>,<ElseIf>,EnableExceptionHook,EnableMMAP,EnableSendfile,Error,ErrorDocument,ErrorLog,ErrorLogFormat,Example,ExpiresActive,ExpiresByType,ExpiresDefault,ExtendedStatus,ExtFilterDefine,ExtFilterOptions,FallbackResource,FileETag,<Files>,<FilesMatch>,FilterChain,FilterDeclare,FilterProtocol,FilterProvider,FilterTrace,ForceLanguagePriority,ForceType,ForensicLog,GlobalLog,GprofDir,GracefulShutdownTimeout,Group,H2CopyFiles,H2Direct,H2EarlyHints,H2MaxSessionStreams,H2MaxWorkerIdleSeconds,H2MaxWorkers,H2MinWorkers,H2ModernTLSOnly,H2Push,H2PushDiarySize,H2PushPriority,H2PushResource,H2SerializeHeaders,H2StreamMaxMemSize,H2TLSCoolDownSecs,H2TLSWarmUpSize,H2Upgrade,H2WindowSize,Header,HeaderName,HeartbeatAddress,HeartbeatListen,HeartbeatMaxServers,HeartbeatStorage,HeartbeatStorage,HostnameLookups,HttpProtocolOptions,IdentityCheck,IdentityCheckTimeout,<If>,<IfDefine>,<IfModule>,<IfVersion>,ImapBase,ImapDefault,ImapMenu,Include,IncludeOptional,IndexHeadInsert,IndexIgnore,IndexIgnoreReset,IndexOptions,IndexOrderDefault,IndexStyleSheet,InputSed,ISAPIAppendLogToErrors,ISAPIAppendLogToQuery,ISAPICacheFile,ISAPIFakeAsync,ISAPILogNotSupported,ISAPIReadAheadBuffer,KeepAlive,KeepAliveTimeout,KeptBodySize,LanguagePriority,LDAPCacheEntries,LDAPCacheTTL,LDAPConnectionPoolTTL,LDAPConnectionTimeout,LDAPLibraryDebug,LDAPOpCacheEntries,LDAPOpCacheTTL,LDAPReferralHopLimit,LDAPReferrals,LDAPRetries,LDAPRetryDelay,LDAPSharedCacheFile,LDAPSharedCacheSize,LDAPTimeout,LDAPTrustedClientCert,LDAPTrustedGlobalCert,LDAPTrustedMode,LDAPVerifyServerCert,<Limit>,<LimitExcept>,LimitInternalRecursion,LimitRequestBody,LimitRequestFields,LimitRequestFieldSize,LimitRequestLine,LimitXMLRequestBody,Listen,ListenBackLog,ListenCoresBucketsRatio,LoadFile,LoadModule,<Location>,<LocationMatch>,LogFormat,LogIOTrackTTFB,LogLevel,LogMessage,LuaAuthzProvider,LuaCodeCache,LuaHookAccessChecker,LuaHookAuthChecker,LuaHookCheckUserID,LuaHookFixups,LuaHookInsertFilter,LuaHookLog,LuaHookMapToStorage,LuaHookTranslateName,LuaHookTypeChecker,LuaInherit,LuaInputFilter,LuaMapHandler,LuaOutputFilter,LuaPackageCPath,LuaPackagePath,LuaQuickHandler,LuaRoot,LuaScope,<Macro>,MaxConnectionsPerChild,MaxKeepAliveRequests,MaxMemFree,MaxRangeOverlaps,MaxRangeReversals,MaxRanges,MaxRequestWorkers,MaxSpareServers,MaxSpareThreads,MaxThreads,MemcacheConnTTL,MergeTrailers,MetaDir,MetaFiles,MetaSuffix,MimeMagicFile,MinSpareServers,MinSpareThreads,MMapFile,ModemStandard,ModMimeUsePathInfo,MultiviewsMatch,Mutex,NameVirtualHost,NoProxy,NWSSLTrustedCerts,NWSSLUpgradeable,Options,Order,OutputSed,PassEnv,PidFile,PrivilegesMode,Protocol,ProtocolEcho,Protocols,ProtocolsHonorOrder,<Proxy>,ProxyAddHeaders,ProxyBadHeader,ProxyBlock,ProxyDomain,ProxyErrorOverride,ProxyExpressDBMFile,ProxyExpressDBMType,ProxyExpressEnable,ProxyFCGIBackendType,ProxyFCGISetEnvIf,ProxyFtpDirCharset,ProxyFtpEscapeWildcards,ProxyFtpListOnWildcard,ProxyHCExpr,ProxyHCTemplate,ProxyHCTPsize,ProxyHTMLBufSize,ProxyHTMLCharsetOut,ProxyHTMLDocType,ProxyHTMLEnable,ProxyHTMLEvents,ProxyHTMLExtended,ProxyHTMLFixups,ProxyHTMLInterp,ProxyHTMLLinks,ProxyHTMLMeta,ProxyHTMLStripComments,ProxyHTMLURLMap,ProxyIOBufferSize,<ProxyMatch>,ProxyMaxForwards,ProxyPass,ProxyPassInherit,ProxyPassInterpolateEnv,ProxyPassMatch,ProxyPassReverse,ProxyPassReverseCookieDomain,ProxyPassReverseCookiePath,ProxyPreserveHost,ProxyReceiveBufferSize,ProxyRemote,ProxyRemoteMatch,ProxyRequests,ProxySCGIInternalRedirect,ProxySCGISendfile,ProxySet,ProxySourceAddress,ProxyStatus,ProxyTimeout,ProxyVia,QualifyRedirectURL,ReadmeName,ReceiveBufferSize,Redirect,RedirectMatch,RedirectPermanent,RedirectTemp,ReflectorHeader,RegisterHttpMethod,RemoteIPHeader,RemoteIPInternalProxy,RemoteIPInternalProxyList,RemoteIPProxiesHeader,RemoteIPTrustedProxy,RemoteIPTrustedProxyList,RemoveCharset,RemoveEncoding,RemoveHandler,RemoveInputFilter,RemoveLanguage,RemoveOutputFilter,RemoveType,RequestHeader,RequestReadTimeout,Require,<RequireAll>,<RequireAny>,<RequireNone>,RewriteBase,RewriteCond,RewriteEngine,RewriteMap,RewriteOptions,RewriteRule,RLimitCPU,RLimitMEM,RLimitNPROC,Satisfy,ScoreBoardFile,Script,ScriptAlias,ScriptAliasMatch,ScriptInterpreterSource,ScriptLog,ScriptLogBuffer,ScriptLogLength,ScriptSock,SecureListen,SeeRequestTail,SendBufferSize,ServerAdmin,ServerAlias,ServerLimit,ServerName,ServerPath,ServerRoot,ServerSignature,ServerTokens,Session,SessionCookieName,SessionCookieName2,SessionCookieRemove,SessionCryptoCipher,SessionCryptoDriver,SessionCryptoPassphrase,SessionCryptoPassphraseFile,SessionDBDCookieName,SessionDBDCookieName2,SessionDBDCookieRemove,SessionDBDDeleteLabel,SessionDBDInsertLabel,SessionDBDPerUser,SessionDBDSelectLabel,SessionDBDUpdateLabel,SessionEnv,SessionExclude,SessionHeader,SessionInclude,SessionMaxAge,SetEnv,SetEnvIf,SetEnvIfExpr,SetEnvIfNoCase,SetHandler,SetInputFilter,SetOutputFilter,SSIEndTag,SSIErrorMsg,SSIETag,SSILastModified,SSILegacyExprParser,SSIStartTag,SSITimeFormat,SSIUndefinedEcho,SSLCACertificateFile,SSLCACertificatePath,SSLCADNRequestFile,SSLCADNRequestPath,SSLCARevocationCheck,SSLCARevocationFile,SSLCARevocationPath,SSLCertificateChainFile,SSLCertificateFile,SSLCertificateKeyFile,SSLCipherSuite,SSLCompression,SSLCryptoDevice,SSLEngine,SSLFIPS,SSLHonorCipherOrder,SSLInsecureRenegotiation,SSLOCSPDefaultResponder,SSLOCSPEnable,SSLOCSPNoverify,SSLOCSPOverrideResponder,SSLOCSPProxyURL,SSLOCSPResponderCertificateFile,SSLOCSPResponderTimeout,SSLOCSPResponseMaxAge,SSLOCSPResponseTimeSkew,SSLOCSPUseRequestNonce,SSLOpenSSLConfCmd,SSLOptions,SSLPassPhraseDialog,SSLProtocol,SSLProxyCACertificateFile,SSLProxyCACertificatePath,SSLProxyCARevocationCheck,SSLProxyCARevocationFile,SSLProxyCARevocationPath,SSLProxyCheckPeerCN,SSLProxyCheckPeerExpire,SSLProxyCheckPeerName,SSLProxyCipherSuite,SSLProxyEngine,SSLProxyMachineCertificateChainFile,SSLProxyMachineCertificateFile,SSLProxyMachineCertificatePath,SSLProxyProtocol,SSLProxyVerify,SSLProxyVerifyDepth,SSLRandomSeed,SSLRenegBufferSize,SSLRequire,SSLRequireSSL,SSLSessionCache,SSLSessionCacheTimeout,SSLSessionTicketKeyFile,SSLSessionTickets,SSLSRPUnknownUserSeed,SSLSRPVerifierFile,SSLStaplingCache,SSLStaplingErrorCacheTimeout,SSLStaplingFakeTryLater,SSLStaplingForceURL,SSLStaplingResponderTimeout,SSLStaplingResponseMaxAge,SSLStaplingResponseTimeSkew,SSLStaplingReturnResponderErrors,SSLStaplingStandardCacheTimeout,SSLStrictSNIVHostCheck,SSLUserName,SSLUseStapling,SSLVerifyClient,SSLVerifyDepth,StartServers,StartThreads,Substitute,SubstituteInheritBefore,SubstituteMaxLineLength,Suexec,SuexecUserGroup,ThreadLimit,ThreadsPerChild,ThreadStackSize,TimeOut,TraceEnable,TransferLog,TypesConfig,UnDefine,UndefMacro,UnsetEnv,Use,UseCanonicalName,UseCanonicalPhysicalPort,User,UserDir,VHostCGIMode,VHostCGIPrivs,VHostGroup,VHostPrivs,VHostSecure,VHostUser,VirtualDocumentRoot,VirtualDocumentRootIP,<VirtualHost>,VirtualScriptAlias,VirtualScriptAliasIP,WatchdogInterval,XBitHack,xml2EncAlias,xml2EncDefault,xml2StartParse"];
457+ var CONFIG_OPTIONS = /^[\\+\\-]?(AuthConfig|IncludesNOEXEC|ExecCGI|FollowSymLinks|MultiViews|Includes|Indexes|SymLinksIfOwnerMatch)\b/i;
458+ var ALL_KEYWORDS = [
459+ CPP_KEYWORDS, CSHARP_KEYWORDS, JSCRIPT_KEYWORDS, PERL_KEYWORDS +
460+ PYTHON_KEYWORDS, RUBY_KEYWORDS, SH_KEYWORDS, CONFIG_KEYWORDS, PHP_KEYWORDS];
461+ var C_TYPES = /^(DIR|FILE|vector|(de|priority_)?queue|list|stack|(const_)?iterator|(multi)?(set|map)|bitset|u?(int|float|char|void|const|static|struct)\d*(_t)?\b)|[a-z_]+_rec|cmd_parms\b/;
462+
463+ // token style names. correspond to css classes
464+ /**
465+ * token style for a string literal
466+ * @const
467+ */
468+ var PR_STRING = 'str';
469+ /**
470+ * token style for a keyword
471+ * @const
472+ */
473+ var PR_KEYWORD = 'kwd';
474+ /**
475+ * token style for a comment
476+ * @const
477+ */
478+ var PR_COMMENT = 'com';
479+ /**
480+ * token style for a type
481+ * @const
482+ */
483+ var PR_TYPE = 'typ';
484+ /**
485+ * token style for a literal value. e.g. 1, null, true.
486+ * @const
487+ */
488+ var PR_LITERAL = 'lit';
489+ /**
490+ * token style for a punctuation string.
491+ * @const
492+ */
493+ var PR_PUNCTUATION = 'pun';
494+ /**
495+ * token style for plain text.
496+ * @const
497+ */
498+ var PR_PLAIN = 'pln';
499+
500+ /**
501+ * token style for an sgml tag.
502+ * @const
503+ */
504+ var PR_TAG = 'tag';
505+ /**
506+ * token style for a markup declaration such as a DOCTYPE.
507+ * @const
508+ */
509+ var PR_DECLARATION = 'dec';
510+ /**
511+ * token style for embedded source.
512+ * @const
513+ */
514+ var PR_SOURCE = 'src';
515+ /**
516+ * token style for an sgml attribute name.
517+ * @const
518+ */
519+ var PR_ATTRIB_NAME = 'atn';
520+ /**
521+ * token style for an sgml attribute value.
522+ * @const
523+ */
524+ var PR_ATTRIB_VALUE = 'atv';
525+
526+ /**
527+ * A class that indicates a section of markup that is not code, e.g. to allow
528+ * embedding of line numbers within code listings.
529+ * @const
530+ */
531+ var PR_NOCODE = 'nocode';
532+
533+
534+
535+/**
536+ * A set of tokens that can precede a regular expression literal in
537+ * javascript
538+ * http://web.archive.org/web/20070717142515/http://www.mozilla.org/js/language/js20/rationale/syntax.html
539+ * has the full list, but I've removed ones that might be problematic when
540+ * seen in languages that don't support regular expression literals.
541+ *
542+ * <p>Specifically, I've removed any keywords that can't precede a regexp
543+ * literal in a syntactically legal javascript program, and I've removed the
544+ * "in" keyword since it's not a keyword in many languages, and might be used
545+ * as a count of inches.
546+ *
547+ * <p>The link above does not accurately describe EcmaScript rules since
548+ * it fails to distinguish between (a=++/b/i) and (a++/b/i) but it works
549+ * very well in practice.
550+ *
551+ * @private
552+ * @const
553+ */
554+var REGEXP_PRECEDER_PATTERN = '(?:^^\\.?|[+-]|[!=]=?=?|\\#|%=?|&&?=?|\\(|\\*=?|[+\\-]=|->|\\/=?|::?|<<?=?|>>?>?=?|,|;|\\?|@|\\[|~|{|\\^\\^?=?|\\|\\|?=?|break|case|continue|delete|do|else|finally|instanceof|return|throw|try|typeof)\\s*';
555+
556+// CAVEAT: this does not properly handle the case where a regular
557+// expression immediately follows another since a regular expression may
558+// have flags for case-sensitivity and the like. Having regexp tokens
559+// adjacent is not valid in any language I'm aware of, so I'm punting.
560+// TODO: maybe style special characters inside a regexp as punctuation.
561+
562+
563+ /**
564+ * Given a group of {@link RegExp}s, returns a {@code RegExp} that globally
565+ * matches the union of the sets of strings matched by the input RegExp.
566+ * Since it matches globally, if the input strings have a start-of-input
567+ * anchor (/^.../), it is ignored for the purposes of unioning.
568+ * @param {Array.<RegExp>} regexs non multiline, non-global regexs.
569+ * @return {RegExp} a global regex.
570+ */
571+ function combinePrefixPatterns(regexs) {
572+ var capturedGroupIndex = 0;
573+
574+ var needToFoldCase = false;
575+ var ignoreCase = false;
576+ for (var i = 0, n = regexs.length; i < n; ++i) {
577+ var regex = regexs[i];
578+ if (regex.ignoreCase) {
579+ ignoreCase = true;
580+ } else if (/[a-z]/i.test(regex.source.replace(
581+ /\\u[0-9a-f]{4}|\\x[0-9a-f]{2}|\\[^ux]/gi, ''))) {
582+ needToFoldCase = true;
583+ ignoreCase = false;
584+ break;
585+ }
586+ }
587+
588+ var escapeCharToCodeUnit = {
589+ 'b': 8,
590+ 't': 9,
591+ 'n': 0xa,
592+ 'v': 0xb,
593+ 'f': 0xc,
594+ 'r': 0xd
595+ };
596+
597+ function decodeEscape(charsetPart) {
598+ var cc0 = charsetPart.charCodeAt(0);
599+ if (cc0 !== 92 /* \\ */) {
600+ return cc0;
601+ }
602+ var c1 = charsetPart.charAt(1);
603+ cc0 = escapeCharToCodeUnit[c1];
604+ if (cc0) {
605+ return cc0;
606+ } else if ('0' <= c1 && c1 <= '7') {
607+ return parseInt(charsetPart.substring(1), 8);
608+ } else if (c1 === 'u' || c1 === 'x') {
609+ return parseInt(charsetPart.substring(2), 16);
610+ } else {
611+ return charsetPart.charCodeAt(1);
612+ }
613+ }
614+
615+ function encodeEscape(charCode) {
616+ if (charCode < 0x20) {
617+ return (charCode < 0x10 ? '\\x0' : '\\x') + charCode.toString(16);
618+ }
619+ var ch = String.fromCharCode(charCode);
620+ return (ch === '\\' || ch === '-' || ch === ']' || ch === '^')
621+ ? "\\" + ch : ch;
622+ }
623+
624+ function caseFoldCharset(charSet) {
625+ var charsetParts = charSet.substring(1, charSet.length - 1).match(
626+ new RegExp(
627+ '\\\\u[0-9A-Fa-f]{4}'
628+ + '|\\\\x[0-9A-Fa-f]{2}'
629+ + '|\\\\[0-3][0-7]{0,2}'
630+ + '|\\\\[0-7]{1,2}'
631+ + '|\\\\[\\s\\S]'
632+ + '|-'
633+ + '|[^-\\\\]',
634+ 'g'));
635+ var ranges = [];
636+ var inverse = charsetParts[0] === '^';
637+
638+ var out = ['['];
639+ if (inverse) { out.push('^'); }
640+
641+ for (var i = inverse ? 1 : 0, n = charsetParts.length; i < n; ++i) {
642+ var p = charsetParts[i];
643+ if (/\\[bdsw]/i.test(p)) { // Don't muck with named groups.
644+ out.push(p);
645+ } else {
646+ var start = decodeEscape(p);
647+ var end;
648+ if (i + 2 < n && '-' === charsetParts[i + 1]) {
649+ end = decodeEscape(charsetParts[i + 2]);
650+ i += 2;
651+ } else {
652+ end = start;
653+ }
654+ ranges.push([start, end]);
655+ // If the range might intersect letters, then expand it.
656+ // This case handling is too simplistic.
657+ // It does not deal with non-latin case folding.
658+ // It works for latin source code identifiers though.
659+ if (!(end < 65 || start > 122)) {
660+ if (!(end < 65 || start > 90)) {
661+ ranges.push([Math.max(65, start) | 32, Math.min(end, 90) | 32]);
662+ }
663+ if (!(end < 97 || start > 122)) {
664+ ranges.push([Math.max(97, start) & ~32, Math.min(end, 122) & ~32]);
665+ }
666+ }
667+ }
668+ }
669+
670+ // [[1, 10], [3, 4], [8, 12], [14, 14], [16, 16], [17, 17]]
671+ // -> [[1, 12], [14, 14], [16, 17]]
672+ ranges.sort(function (a, b) { return (a[0] - b[0]) || (b[1] - a[1]); });
673+ var consolidatedRanges = [];
674+ var lastRange = [];
675+ for (var i = 0; i < ranges.length; ++i) {
676+ var range = ranges[i];
677+ if (range[0] <= lastRange[1] + 1) {
678+ lastRange[1] = Math.max(lastRange[1], range[1]);
679+ } else {
680+ consolidatedRanges.push(lastRange = range);
681+ }
682+ }
683+
684+ for (var i = 0; i < consolidatedRanges.length; ++i) {
685+ var range = consolidatedRanges[i];
686+ out.push(encodeEscape(range[0]));
687+ if (range[1] > range[0]) {
688+ if (range[1] + 1 > range[0]) { out.push('-'); }
689+ out.push(encodeEscape(range[1]));
690+ }
691+ }
692+ out.push(']');
693+ return out.join('');
694+ }
695+
696+ function allowAnywhereFoldCaseAndRenumberGroups(regex) {
697+ // Split into character sets, escape sequences, punctuation strings
698+ // like ('(', '(?:', ')', '^'), and runs of characters that do not
699+ // include any of the above.
700+ var parts = regex.source.match(
701+ new RegExp(
702+ '(?:'
703+ + '\\[(?:[^\\x5C\\x5D]|\\\\[\\s\\S])*\\]' // a character set
704+ + '|\\\\u[A-Fa-f0-9]{4}' // a unicode escape
705+ + '|\\\\x[A-Fa-f0-9]{2}' // a hex escape
706+ + '|\\\\[0-9]+' // a back-reference or octal escape
707+ + '|\\\\[^ux0-9]' // other escape sequence
708+ + '|\\(\\?[:!=]' // start of a non-capturing group
709+ + '|[\\(\\)\\^]' // start/end of a group, or line start
710+ + '|[^\\x5B\\x5C\\(\\)\\^]+' // run of other characters
711+ + ')',
712+ 'g'));
713+ var n = parts.length;
714+
715+ // Maps captured group numbers to the number they will occupy in
716+ // the output or to -1 if that has not been determined, or to
717+ // undefined if they need not be capturing in the output.
718+ var capturedGroups = [];
719+
720+ // Walk over and identify back references to build the capturedGroups
721+ // mapping.
722+ for (var i = 0, groupIndex = 0; i < n; ++i) {
723+ var p = parts[i];
724+ if (p === '(') {
725+ // groups are 1-indexed, so max group index is count of '('
726+ ++groupIndex;
727+ } else if ('\\' === p.charAt(0)) {
728+ var decimalValue = +p.substring(1);
729+ if (decimalValue) {
730+ if (decimalValue <= groupIndex) {
731+ capturedGroups[decimalValue] = -1;
732+ } else {
733+ // Replace with an unambiguous escape sequence so that
734+ // an octal escape sequence does not turn into a backreference
735+ // to a capturing group from an earlier regex.
736+ parts[i] = encodeEscape(decimalValue);
737+ }
738+ }
739+ }
740+ }
741+
742+ // Renumber groups and reduce capturing groups to non-capturing groups
743+ // where possible.
744+ for (var i = 1; i < capturedGroups.length; ++i) {
745+ if (-1 === capturedGroups[i]) {
746+ capturedGroups[i] = ++capturedGroupIndex;
747+ }
748+ }
749+ for (var i = 0, groupIndex = 0; i < n; ++i) {
750+ var p = parts[i];
751+ if (p === '(') {
752+ ++groupIndex;
753+ if (!capturedGroups[groupIndex]) {
754+ parts[i] = '(?:';
755+ }
756+ } else if ('\\' === p.charAt(0)) {
757+ var decimalValue = +p.substring(1);
758+ if (decimalValue && decimalValue <= groupIndex) {
759+ parts[i] = '\\' + capturedGroups[decimalValue];
760+ }
761+ }
762+ }
763+
764+ // Remove any prefix anchors so that the output will match anywhere.
765+ // ^^ really does mean an anchored match though.
766+ for (var i = 0; i < n; ++i) {
767+ if ('^' === parts[i] && '^' !== parts[i + 1]) { parts[i] = ''; }
768+ }
769+
770+ // Expand letters to groups to handle mixing of case-sensitive and
771+ // case-insensitive patterns if necessary.
772+ if (regex.ignoreCase && needToFoldCase) {
773+ for (var i = 0; i < n; ++i) {
774+ var p = parts[i];
775+ var ch0 = p.charAt(0);
776+ if (p.length >= 2 && ch0 === '[') {
777+ parts[i] = caseFoldCharset(p);
778+ } else if (ch0 !== '\\') {
779+ // TODO: handle letters in numeric escapes.
780+ parts[i] = p.replace(
781+ /[a-zA-Z]/g,
782+ function (ch) {
783+ var cc = ch.charCodeAt(0);
784+ return '[' + String.fromCharCode(cc & ~32, cc | 32) + ']';
785+ });
786+ }
787+ }
788+ }
789+
790+ return parts.join('');
791+ }
792+
793+ var rewritten = [];
794+ for (var i = 0, n = regexs.length; i < n; ++i) {
795+ var regex = regexs[i];
796+ if (regex.global || regex.multiline) { throw new Error('' + regex); }
797+ rewritten.push(
798+ '(?:' + allowAnywhereFoldCaseAndRenumberGroups(regex) + ')');
799+ }
800+
801+ return new RegExp(rewritten.join('|'), ignoreCase ? 'gi' : 'g');
802+ }
803+
804+
805+ /**
806+ * Split markup into a string of source code and an array mapping ranges in
807+ * that string to the text nodes in which they appear.
808+ *
809+ * <p>
810+ * The HTML DOM structure:</p>
811+ * <pre>
812+ * (Element "p"
813+ * (Element "b"
814+ * (Text "print ")) ; #1
815+ * (Text "'Hello '") ; #2
816+ * (Element "br") ; #3
817+ * (Text " + 'World';")) ; #4
818+ * </pre>
819+ * <p>
820+ * corresponds to the HTML
821+ * {@code <p><b>print </b>'Hello '<br> + 'World';</p>}.</p>
822+ *
823+ * <p>
824+ * It will produce the output:</p>
825+ * <pre>
826+ * {
827+ * sourceCode: "print 'Hello '\n + 'World';",
828+ * // 1 2
829+ * // 012345678901234 5678901234567
830+ * spans: [0, #1, 6, #2, 14, #3, 15, #4]
831+ * }
832+ * </pre>
833+ * <p>
834+ * where #1 is a reference to the {@code "print "} text node above, and so
835+ * on for the other text nodes.
836+ * </p>
837+ *
838+ * <p>
839+ * The {@code} spans array is an array of pairs. Even elements are the start
840+ * indices of substrings, and odd elements are the text nodes (or BR elements)
841+ * that contain the text for those substrings.
842+ * Substrings continue until the next index or the end of the source.
843+ * </p>
844+ *
845+ * @param {Node} node an HTML DOM subtree containing source-code.
846+ * @param {boolean} isPreformatted true if white-space in text nodes should
847+ * be considered significant.
848+ * @return {Object} source code and the text nodes in which they occur.
849+ */
850+ function extractSourceSpans(node, isPreformatted) {
851+ var nocode = /(?:^|\s)nocode(?:\s|$)/;
852+
853+ var chunks = [];
854+ var length = 0;
855+ var spans = [];
856+ var k = 0;
857+
858+ function walk(node) {
859+ switch (node.nodeType) {
860+ case 1: // Element
861+ if (nocode.test(node.className)) { return; }
862+ for (var child = node.firstChild; child; child = child.nextSibling) {
863+ walk(child);
864+ }
865+ var nodeName = node.nodeName.toLowerCase();
866+ if ('br' === nodeName || 'li' === nodeName) {
867+ chunks[k] = '\n';
868+ spans[k << 1] = length++;
869+ spans[(k++ << 1) | 1] = node;
870+ }
871+ break;
872+ case 3: case 4: // Text
873+ var text = node.nodeValue;
874+ if (text.length) {
875+ if (!isPreformatted) {
876+ text = text.replace(/[ \t\r\n]+/g, ' ');
877+ } else {
878+ text = text.replace(/\r\n?/g, '\n'); // Normalize newlines.
879+ text = text.replace(/^(\r?\n\s*)+/g, ''); // Remove leading newlines
880+ text = text.replace(/^\s*/g, ''); // Remove leading spaces due to indented formatting
881+ text = text.replace(/(\r?\n\s*)+$/g, ''); // Remove ending newlines
882+
883+ }
884+ // TODO: handle tabs here?
885+ chunks[k] = text;
886+ spans[k << 1] = length;
887+ length += text.length;
888+ spans[(k++ << 1) | 1] = node;
889+ }
890+ break;
891+ }
892+ }
893+
894+ walk(node);
895+
896+ return {
897+ sourceCode: chunks.join('').replace(/\n$/, ''),
898+ spans: spans
899+ };
900+ }
901+
902+
903+ /**
904+ * Apply the given language handler to sourceCode and add the resulting
905+ * decorations to out.
906+ * @param {number} basePos the index of sourceCode within the chunk of source
907+ * whose decorations are already present on out.
908+ */
909+ function appendDecorations(basePos, sourceCode, langHandler, out) {
910+ if (!sourceCode) { return; }
911+ var job = {
912+ sourceCode: sourceCode,
913+ basePos: basePos
914+ };
915+ langHandler(job);
916+ out.push.apply(out, job.decorations);
917+ }
918+
919+ var notWs = /\S/;
920+
921+ /**
922+ * Given an element, if it contains only one child element and any text nodes
923+ * it contains contain only space characters, return the sole child element.
924+ * Otherwise returns undefined.
925+ * <p>
926+ * This is meant to return the CODE element in {@code <pre><code ...>} when
927+ * there is a single child element that contains all the non-space textual
928+ * content, but not to return anything where there are multiple child elements
929+ * as in {@code <pre><code>...</code><code>...</code></pre>} or when there
930+ * is textual content.
931+ */
932+ function childContentWrapper(element) {
933+ var wrapper = undefined;
934+ for (var c = element.firstChild; c; c = c.nextSibling) {
935+ var type = c.nodeType;
936+ wrapper = (type === 1) // Element Node
937+ ? (wrapper ? element : c)
938+ : (type === 3) // Text Node
939+ ? (notWs.test(c.nodeValue) ? element : wrapper)
940+ : wrapper;
941+ }
942+ return wrapper === element ? undefined : wrapper;
943+ }
944+
945+ /** Given triples of [style, pattern, context] returns a lexing function,
946+ * The lexing function interprets the patterns to find token boundaries and
947+ * returns a decoration list of the form
948+ * [index_0, style_0, index_1, style_1, ..., index_n, style_n]
949+ * where index_n is an index into the sourceCode, and style_n is a style
950+ * constant like PR_PLAIN. index_n-1 <= index_n, and style_n-1 applies to
951+ * all characters in sourceCode[index_n-1:index_n].
952+ *
953+ * The stylePatterns is a list whose elements have the form
954+ * [style : string, pattern : RegExp, DEPRECATED, shortcut : string].
955+ *
956+ * Style is a style constant like PR_PLAIN, or can be a string of the
957+ * form 'lang-FOO', where FOO is a language extension describing the
958+ * language of the portion of the token in $1 after pattern executes.
959+ * E.g., if style is 'lang-lisp', and group 1 contains the text
960+ * '(hello (world))', then that portion of the token will be passed to the
961+ * registered lisp handler for formatting.
962+ * The text before and after group 1 will be restyled using this decorator
963+ * so decorators should take care that this doesn't result in infinite
964+ * recursion. For example, the HTML lexer rule for SCRIPT elements looks
965+ * something like ['lang-js', /<[s]cript>(.+?)<\/script>/]. This may match
966+ * '<script>foo()<\/script>', which would cause the current decorator to
967+ * be called with '<script>' which would not match the same rule since
968+ * group 1 must not be empty, so it would be instead styled as PR_TAG by
969+ * the generic tag rule. The handler registered for the 'js' extension would
970+ * then be called with 'foo()', and finally, the current decorator would
971+ * be called with '<\/script>' which would not match the original rule and
972+ * so the generic tag rule would identify it as a tag.
973+ *
974+ * Pattern must only match prefixes, and if it matches a prefix, then that
975+ * match is considered a token with the same style.
976+ *
977+ * Context is applied to the last non-whitespace, non-comment token
978+ * recognized.
979+ *
980+ * Shortcut is an optional string of characters, any of which, if the first
981+ * character, gurantee that this pattern and only this pattern matches.
982+ *
983+ * @param {Array} shortcutStylePatterns patterns that always start with
984+ * a known character. Must have a shortcut string.
985+ * @param {Array} fallthroughStylePatterns patterns that will be tried in
986+ * order if the shortcut ones fail. May have shortcuts.
987+ *
988+ * @return {function (Object)} a
989+ * function that takes source code and returns a list of decorations.
990+ */
991+ function createSimpleLexer(shortcutStylePatterns, fallthroughStylePatterns) {
992+ var shortcuts = {};
993+ var tokenizer;
994+ (function () {
995+ var allPatterns = shortcutStylePatterns.concat(fallthroughStylePatterns);
996+ var allRegexs = [];
997+ var regexKeys = {};
998+ for (var i = 0, n = allPatterns.length; i < n; ++i) {
999+ var patternParts = allPatterns[i];
1000+ var shortcutChars = patternParts[3];
1001+ if (shortcutChars) {
1002+ for (var c = shortcutChars.length; --c >= 0;) {
1003+ shortcuts[shortcutChars.charAt(c)] = patternParts;
1004+ }
1005+ }
1006+ var regex = patternParts[1];
1007+ var k = '' + regex;
1008+ if (!regexKeys.hasOwnProperty(k)) {
1009+ allRegexs.push(regex);
1010+ regexKeys[k] = null;
1011+ }
1012+ }
1013+ allRegexs.push(/[\0-\uffff]/);
1014+ tokenizer = combinePrefixPatterns(allRegexs);
1015+ })();
1016+
1017+ var nPatterns = fallthroughStylePatterns.length;
1018+
1019+ /**
1020+ * Lexes job.sourceCode and produces an output array job.decorations of
1021+ * style classes preceded by the position at which they start in
1022+ * job.sourceCode in order.
1023+ *
1024+ * @param {Object} job an object like <pre>{
1025+ * sourceCode: {string} sourceText plain text,
1026+ * basePos: {int} position of job.sourceCode in the larger chunk of
1027+ * sourceCode.
1028+ * }</pre>
1029+ */
1030+ var decorate = function (job) {
1031+ var sourceCode = job.sourceCode, basePos = job.basePos;
1032+ /** Even entries are positions in source in ascending order. Odd enties
1033+ * are style markers (e.g., PR_COMMENT) that run from that position until
1034+ * the end.
1035+ * @type {Array.<number|string>}
1036+ */
1037+ var decorations = [basePos, PR_PLAIN];
1038+ var pos = 0; // index into sourceCode
1039+ var tokens = sourceCode.match(tokenizer) || [];
1040+ var styleCache = {};
1041+
1042+ for (var ti = 0, nTokens = tokens.length; ti < nTokens; ++ti) {
1043+ var token = tokens[ti];
1044+ var style = styleCache[token];
1045+ var match = void 0;
1046+
1047+ var isEmbedded;
1048+ if (typeof style === 'string') {
1049+ isEmbedded = false;
1050+ } else {
1051+ var patternParts = shortcuts[token.charAt(0)];
1052+ if (patternParts) {
1053+ match = token.match(patternParts[1]);
1054+ style = patternParts[0];
1055+ } else {
1056+ for (var i = 0; i < nPatterns; ++i) {
1057+ patternParts = fallthroughStylePatterns[i];
1058+ match = token.match(patternParts[1]);
1059+ if (match) {
1060+ style = patternParts[0];
1061+ break;
1062+ }
1063+ }
1064+
1065+ if (!match) { // make sure that we make progress
1066+ style = PR_PLAIN;
1067+ }
1068+ }
1069+
1070+ isEmbedded = style.length >= 5 && 'lang-' === style.substring(0, 5);
1071+ if (isEmbedded && !(match && typeof match[1] === 'string')) {
1072+ isEmbedded = false;
1073+ style = PR_SOURCE;
1074+ }
1075+
1076+ if (!isEmbedded) { styleCache[token] = style; }
1077+ }
1078+
1079+ var tokenStart = pos;
1080+ pos += token.length;
1081+
1082+ if (!isEmbedded) {
1083+ decorations.push(basePos + tokenStart, style);
1084+ } else { // Treat group 1 as an embedded block of source code.
1085+ var embeddedSource = match[1];
1086+ var embeddedSourceStart = token.indexOf(embeddedSource);
1087+ var embeddedSourceEnd = embeddedSourceStart + embeddedSource.length;
1088+ if (match[2]) {
1089+ // If embeddedSource can be blank, then it would match at the
1090+ // beginning which would cause us to infinitely recurse on the
1091+ // entire token, so we catch the right context in match[2].
1092+ embeddedSourceEnd = token.length - match[2].length;
1093+ embeddedSourceStart = embeddedSourceEnd - embeddedSource.length;
1094+ }
1095+ var lang = style.substring(5);
1096+ // Decorate the left of the embedded source
1097+ appendDecorations(
1098+ basePos + tokenStart,
1099+ token.substring(0, embeddedSourceStart),
1100+ decorate, decorations);
1101+ // Decorate the embedded source
1102+ appendDecorations(
1103+ basePos + tokenStart + embeddedSourceStart,
1104+ embeddedSource,
1105+ langHandlerForExtension(lang, embeddedSource),
1106+ decorations);
1107+ // Decorate the right of the embedded section
1108+ appendDecorations(
1109+ basePos + tokenStart + embeddedSourceEnd,
1110+ token.substring(embeddedSourceEnd),
1111+ decorate, decorations);
1112+ }
1113+ }
1114+ job.decorations = decorations;
1115+ };
1116+ return decorate;
1117+ }
1118+
1119+ /** returns a function that produces a list of decorations from source text.
1120+ *
1121+ * This code treats ", ', and ` as string delimiters, and \ as a string
1122+ * escape. It does not recognize perl's qq() style strings.
1123+ * It has no special handling for double delimiter escapes as in basic, or
1124+ * the tripled delimiters used in python, but should work on those regardless
1125+ * although in those cases a single string literal may be broken up into
1126+ * multiple adjacent string literals.
1127+ *
1128+ * It recognizes C, C++, and shell style comments.
1129+ *
1130+ * @param {Object} options a set of optional parameters.
1131+ * @return {function (Object)} a function that examines the source code
1132+ * in the input job and builds the decoration list.
1133+ */
1134+ function sourceDecorator(options) {
1135+ var shortcutStylePatterns = [], fallthroughStylePatterns = [];
1136+ if (options['tripleQuotedStrings']) {
1137+ // '''multi-line-string''', 'single-line-string', and double-quoted
1138+ shortcutStylePatterns.push(
1139+ [PR_STRING, /^(?:\'\'\'(?:[^\'\\]|\\[\s\S]|\'{1,2}(?=[^\']))*(?:\'\'\'|$)|\"\"\"(?:[^\"\\]|\\[\s\S]|\"{1,2}(?=[^\"]))*(?:\"\"\"|$)|\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$))/,
1140+ null, '\'"']);
1141+ } else if (options['multiLineStrings']) {
1142+ // 'multi-line-string', "multi-line-string"
1143+ shortcutStylePatterns.push(
1144+ [PR_STRING, /^(?:\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$)|\`(?:[^\\\`]|\\[\s\S])*(?:\`|$))/,
1145+ null, '\'"`']);
1146+ } else {
1147+ // 'single-line-string', "single-line-string"
1148+ shortcutStylePatterns.push(
1149+ [PR_STRING,
1150+ /^(?:\'(?:[^\\\'\r\n]|\\.)*(?:\'|$)|\"(?:[^\\\"\r\n]|\\.)*(?:\"|$))/,
1151+ null, '"\'']);
1152+ }
1153+ if (options['verbatimStrings']) {
1154+ // verbatim-string-literal production from the C# grammar. See issue 93.
1155+ fallthroughStylePatterns.push(
1156+ [PR_STRING, /^@\"(?:[^\"]|\"\")*(?:\"|$)/, null]);
1157+ }
1158+ var hc = options['hashComments'];
1159+ if (hc) {
1160+ if (options['cStyleComments']) {
1161+ if (hc > 1) { // multiline hash comments
1162+ shortcutStylePatterns.push(
1163+ [PR_COMMENT, /^#(?:##(?:[^#]|#(?!##))*(?:###|$)|.*)/, null, '#']);
1164+ } else {
1165+ // Stop C preprocessor declarations at an unclosed open comment
1166+ shortcutStylePatterns.push(
1167+ [PR_COMMENT, /^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\r\n]*)/,
1168+ null, '#']);
1169+ }
1170+ // #include <stdio.h>
1171+ fallthroughStylePatterns.push(
1172+ [PR_STRING,
1173+ /^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h(?:h|pp|\+\+)?|[a-z]\w*)>/,
1174+ null]);
1175+ } else {
1176+ shortcutStylePatterns.push([PR_COMMENT, /^#[^\r\n]*/, null, '#']);
1177+ }
1178+ }
1179+ if (options['cStyleComments']) {
1180+ fallthroughStylePatterns.push([PR_COMMENT, /^\/\/[^\r\n]*/, null]);
1181+ fallthroughStylePatterns.push(
1182+ [PR_COMMENT, /^\/\*[\s\S]*?(?:\*\/|$)/, null]);
1183+ }
1184+ if (options['regexLiterals']) {
1185+ /**
1186+ * @const
1187+ */
1188+ var REGEX_LITERAL = (
1189+ // A regular expression literal starts with a slash that is
1190+ // not followed by * or / so that it is not confused with
1191+ // comments.
1192+ '/(?=[^/*])'
1193+ // and then contains any number of raw characters,
1194+ + '(?:[^/\\x5B\\x5C]'
1195+ // escape sequences (\x5C),
1196+ + '|\\x5C[\\s\\S]'
1197+ // or non-nesting character sets (\x5B\x5D);
1198+ + '|\\x5B(?:[^\\x5C\\x5D]|\\x5C[\\s\\S])*(?:\\x5D|$))+'
1199+ // finally closed by a /.
1200+ + '/');
1201+ fallthroughStylePatterns.push(
1202+ ['lang-regex',
1203+ new RegExp('^' + REGEXP_PRECEDER_PATTERN + '(' + REGEX_LITERAL + ')')
1204+ ]);
1205+ }
1206+
1207+ var types = options['types'];
1208+ if (types) {
1209+ fallthroughStylePatterns.push([PR_TYPE, types]);
1210+ }
1211+
1212+ if (options['strings']) {
1213+ var strings = ("" + options['strings']).replace(/^ | $/g, '').replace(/-/g, '\\-');
1214+ fallthroughStylePatterns.push(
1215+ [PR_STRING,
1216+ new RegExp('(?:' + strings.replace(/[\s,]+/g, '|') + ')'),
1217+ , null]
1218+ );
1219+ }
1220+
1221+ var keywords = ("" + options['keywords']).replace(/^ | $/g, '');
1222+ if (keywords.length) {
1223+ fallthroughStylePatterns.push(
1224+ [PR_KEYWORD,
1225+ new RegExp('^(?:' + keywords.replace(/[\s,]+/g, '|') + ')\\b'),
1226+ null]);
1227+ }
1228+
1229+ shortcutStylePatterns.push([PR_PLAIN, /^\s+/, null, ' \r\n\t\xA0']);
1230+ if (options['httpdComments']) {
1231+ fallthroughStylePatterns.push(
1232+ [PR_PLAIN, /^.*\S.*#/i, null]
1233+ );
1234+ }
1235+
1236+ fallthroughStylePatterns.push(
1237+ // TODO(mikesamuel): recognize non-latin letters and numerals in idents
1238+ [PR_LITERAL, /^@[a-z_$][a-z_$@0-9]*|\bNULL\b/i, null],
1239+ [PR_LITERAL, CONFIG_OPTIONS, null],
1240+ //[PR_STRING, CONFIG_ENVS, null],
1241+ [PR_TAG, /^\b(AuthzProviderAlias|AuthnProviderAlias|RequireAny|RequireAll|RequireNone|Directory|DirectoryMatch|Location|LocationMatch|VirtualHost|If|Else|ElseIf|Proxy\b|LoadBalancer|Files|FilesMatch|Limit|LimitExcept|IfDefine|IfModule|IfVersion)\b/, null],
1242+ [PR_TYPE, /^(?:[@_]?[A-Z]+[a-z][A-Za-z_$@0-9]*|\w+_(t|req|module)\b)/, null],
1243+ [PR_TAG, /^apr_[a-z_0-9]+|ap_[a-z_0-9]+/i, null],
1244+ [PR_PLAIN, /^[a-z_$][a-z_$@0-9\-]*/i, null],
1245+ [PR_LITERAL,
1246+ new RegExp(
1247+ '^(?:'
1248+ // A hex number
1249+ + '0x[a-f0-9]+'
1250+ // An IPv6 Address
1251+ + '|[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+'
1252+ // or an octal or decimal number,
1253+ + '|(?:\\d(?:_\\d+)*\\d*(?:\\.\\d*)?|\\.\\d\\+)'
1254+ // possibly in scientific notation
1255+ + '(?:e[+\\-]?\\d+)?'
1256+ + ')'
1257+ // with an optional modifier like UL for unsigned long
1258+ + '[a-z]*', 'i'),
1259+ null, '0123456789'],
1260+ // Don't treat escaped quotes in bash as starting strings. See issue 144.
1261+ [PR_PLAIN, /^\\[\s\S]?/, null],
1262+ [PR_PUNCTUATION, /^.[^\s\w\.$@\'\"\`\/\#\\]*/, null]);
1263+
1264+ return createSimpleLexer(shortcutStylePatterns, fallthroughStylePatterns);
1265+ }
1266+
1267+ var decorateSource = sourceDecorator({
1268+ 'keywords': ALL_KEYWORDS,
1269+ 'hashComments': true,
1270+ 'cStyleComments': true,
1271+ 'multiLineStrings': true,
1272+ 'regexLiterals': true
1273+ });
1274+
1275+ /**
1276+ * Given a DOM subtree, wraps it in a list, and puts each line into its own
1277+ * list item.
1278+ *
1279+ * @param {Node} node modified in place. Its content is pulled into an
1280+ * HTMLOListElement, and each line is moved into a separate list item.
1281+ * This requires cloning elements, so the input might not have unique
1282+ * IDs after numbering.
1283+ * @param {boolean} isPreformatted true iff white-space in text nodes should
1284+ * be treated as significant.
1285+ */
1286+ function numberLines(node, opt_startLineNum, isPreformatted) {
1287+ var nocode = /(?:^|\s)nocode(?:\s|$)/;
1288+ var lineBreak = /\r\n?|\n/;
1289+
1290+ var document = node.ownerDocument;
1291+
1292+ var li = document.createElement('li');
1293+ while (node.firstChild) {
1294+ li.appendChild(node.firstChild);
1295+ }
1296+ // An array of lines. We split below, so this is initialized to one
1297+ // un-split line.
1298+ var listItems = [li];
1299+
1300+ function walk(node) {
1301+ switch (node.nodeType) {
1302+ case 1: // Element
1303+ if (nocode.test(node.className)) { break; }
1304+ if ('br' === node.nodeName) {
1305+ breakAfter(node);
1306+ // Discard the <BR> since it is now flush against a </LI>.
1307+ if (node.parentNode) {
1308+ node.parentNode.removeChild(node);
1309+ }
1310+ } else {
1311+ for (var child = node.firstChild; child; child = child.nextSibling) {
1312+ walk(child);
1313+ }
1314+ }
1315+ break;
1316+ case 3: case 4: // Text
1317+ if (isPreformatted) {
1318+ var text = node.nodeValue;
1319+ var match = text.match(lineBreak);
1320+ if (match) {
1321+ var firstLine = text.substring(0, match.index);
1322+ node.nodeValue = firstLine;
1323+ var tail = text.substring(match.index + match[0].length);
1324+ if (tail) {
1325+ var parent = node.parentNode;
1326+ parent.insertBefore(
1327+ document.createTextNode(tail), node.nextSibling);
1328+ }
1329+ breakAfter(node);
1330+ if (!firstLine) {
1331+ // Don't leave blank text nodes in the DOM.
1332+ node.parentNode.removeChild(node);
1333+ }
1334+ }
1335+ }
1336+ break;
1337+ }
1338+ }
1339+
1340+ // Split a line after the given node.
1341+ function breakAfter(lineEndNode) {
1342+ // If there's nothing to the right, then we can skip ending the line
1343+ // here, and move root-wards since splitting just before an end-tag
1344+ // would require us to create a bunch of empty copies.
1345+ while (!lineEndNode.nextSibling) {
1346+ lineEndNode = lineEndNode.parentNode;
1347+ if (!lineEndNode) { return; }
1348+ }
1349+
1350+ function breakLeftOf(limit, copy) {
1351+ // Clone shallowly if this node needs to be on both sides of the break.
1352+ var rightSide = copy ? limit.cloneNode(false) : limit;
1353+ var parent = limit.parentNode;
1354+ if (parent) {
1355+ // We clone the parent chain.
1356+ // This helps us resurrect important styling elements that cross lines.
1357+ // E.g. in <i>Foo<br>Bar</i>
1358+ // should be rewritten to <li><i>Foo</i></li><li><i>Bar</i></li>.
1359+ var parentClone = breakLeftOf(parent, 1);
1360+ // Move the clone and everything to the right of the original
1361+ // onto the cloned parent.
1362+ var next = limit.nextSibling;
1363+ parentClone.appendChild(rightSide);
1364+ for (var sibling = next; sibling; sibling = next) {
1365+ next = sibling.nextSibling;
1366+ parentClone.appendChild(sibling);
1367+ }
1368+ }
1369+ return rightSide;
1370+ }
1371+
1372+ var copiedListItem = breakLeftOf(lineEndNode.nextSibling, 0);
1373+
1374+ // Walk the parent chain until we reach an unattached LI.
1375+ for (var parent;
1376+ // Check nodeType since IE invents document fragments.
1377+ (parent = copiedListItem.parentNode) && parent.nodeType === 1;) {
1378+ copiedListItem = parent;
1379+ }
1380+ // Put it on the list of lines for later processing.
1381+ listItems.push(copiedListItem);
1382+ }
1383+
1384+ // Split lines while there are lines left to split.
1385+ for (var i = 0; // Number of lines that have been split so far.
1386+ i < listItems.length; // length updated by breakAfter calls.
1387+ ++i) {
1388+ walk(listItems[i]);
1389+ }
1390+
1391+ // Make sure numeric indices show correctly.
1392+ if (opt_startLineNum === (opt_startLineNum|0)) {
1393+ listItems[0].setAttribute('value', opt_startLineNum);
1394+ }
1395+
1396+ var ol = document.createElement('ol');
1397+ ol.className = 'linenums';
1398+ var offset = Math.max(0, ((opt_startLineNum - 1 /* zero index */)) | 0) || 0;
1399+ for (var i = 0, n = listItems.length; i < n; ++i) {
1400+ li = listItems[i];
1401+ // Stick a class on the LIs so that stylesheets can
1402+ // color odd/even rows, or any other row pattern that
1403+ // is co-prime with 10.
1404+ li.className = 'L' + ((i + offset) % 1);
1405+ if (!li.firstChild) {
1406+ li.appendChild(document.createTextNode('\xA0'));
1407+ }
1408+ ol.appendChild(li);
1409+ }
1410+
1411+ node.appendChild(ol);
1412+ }
1413+
1414+ /**
1415+ * Breaks {@code job.sourceCode} around style boundaries in
1416+ * {@code job.decorations} and modifies {@code job.sourceNode} in place.
1417+ * @param {Object} job like <pre>{
1418+ * sourceCode: {string} source as plain text,
1419+ * spans: {Array.<number|Node>} alternating span start indices into source
1420+ * and the text node or element (e.g. {@code <BR>}) corresponding to that
1421+ * span.
1422+ * decorations: {Array.<number|string} an array of style classes preceded
1423+ * by the position at which they start in job.sourceCode in order
1424+ * }</pre>
1425+ * @private
1426+ */
1427+ function recombineTagsAndDecorations(job) {
1428+ var isIE8OrEarlier = /\bMSIE\s(\d+)/.exec(navigator.userAgent);
1429+ isIE8OrEarlier = isIE8OrEarlier && +isIE8OrEarlier[1] <= 8;
1430+ var newlineRe = /\n/g;
1431+
1432+ var source = job.sourceCode;
1433+ var sourceLength = source.length;
1434+ // Index into source after the last code-unit recombined.
1435+ var sourceIndex = 0;
1436+
1437+ var spans = job.spans;
1438+ var nSpans = spans.length;
1439+ // Index into spans after the last span which ends at or before sourceIndex.
1440+ var spanIndex = 0;
1441+
1442+ var decorations = job.decorations;
1443+ var nDecorations = decorations.length;
1444+ // Index into decorations after the last decoration which ends at or before
1445+ // sourceIndex.
1446+ var decorationIndex = 0;
1447+
1448+ // Remove all zero-length decorations.
1449+ decorations[nDecorations] = sourceLength;
1450+ var decPos, i;
1451+ for (i = decPos = 0; i < nDecorations;) {
1452+ if (decorations[i] !== decorations[i + 2]) {
1453+ decorations[decPos++] = decorations[i++];
1454+ decorations[decPos++] = decorations[i++];
1455+ } else {
1456+ i += 2;
1457+ }
1458+ }
1459+ nDecorations = decPos;
1460+
1461+ // Simplify decorations.
1462+ for (i = decPos = 0; i < nDecorations;) {
1463+ var startPos = decorations[i];
1464+ // Conflate all adjacent decorations that use the same style.
1465+ var startDec = decorations[i + 1];
1466+ var end = i + 2;
1467+ while (end + 2 <= nDecorations && decorations[end + 1] === startDec) {
1468+ end += 2;
1469+ }
1470+ decorations[decPos++] = startPos;
1471+ decorations[decPos++] = startDec;
1472+ i = end;
1473+ }
1474+
1475+ nDecorations = decorations.length = decPos;
1476+
1477+ var sourceNode = job.sourceNode;
1478+ var oldDisplay;
1479+ if (sourceNode) {
1480+ oldDisplay = sourceNode.style.display;
1481+ sourceNode.style.display = 'none';
1482+ }
1483+ try {
1484+ var decoration = null;
1485+ var X = 0;
1486+ while (spanIndex < nSpans) {
1487+ X = X + 1;
1488+ if (X > 5000) { break; }
1489+ var spanStart = spans[spanIndex];
1490+ var spanEnd = spans[spanIndex + 2] || sourceLength;
1491+
1492+ var decEnd = decorations[decorationIndex + 2] || sourceLength;
1493+
1494+ var end = Math.min(spanEnd, decEnd);
1495+
1496+ var textNode = spans[spanIndex + 1];
1497+ var styledText;
1498+ if (textNode.nodeType !== 1 // Don't muck with <BR>s or <LI>s
1499+ // Don't introduce spans around empty text nodes.
1500+ && (styledText = source.substring(sourceIndex, end))) {
1501+ // This may seem bizarre, and it is. Emitting LF on IE causes the
1502+ // code to display with spaces instead of line breaks.
1503+ // Emitting Windows standard issue linebreaks (CRLF) causes a blank
1504+ // space to appear at the beginning of every line but the first.
1505+ // Emitting an old Mac OS 9 line separator makes everything spiffy.
1506+ if (isIE8OrEarlier) {
1507+ styledText = styledText.replace(newlineRe, '\r');
1508+ }
1509+ textNode.nodeValue = styledText;
1510+ var document = textNode.ownerDocument;
1511+ var span = document.createElement('span');
1512+ span.className = decorations[decorationIndex + 1];
1513+ var parentNode = textNode.parentNode;
1514+ parentNode.replaceChild(span, textNode);
1515+ span.appendChild(textNode);
1516+ if (sourceIndex < spanEnd) { // Split off a text node.
1517+ spans[spanIndex + 1] = textNode
1518+ // TODO: Possibly optimize by using '' if there's no flicker.
1519+ = document.createTextNode(source.substring(end, spanEnd));
1520+ parentNode.insertBefore(textNode, span.nextSibling);
1521+ }
1522+ }
1523+
1524+ sourceIndex = end;
1525+
1526+ if (sourceIndex >= spanEnd) {
1527+ spanIndex += 2;
1528+ }
1529+ if (sourceIndex >= decEnd) {
1530+ decorationIndex += 2;
1531+ }
1532+ }
1533+ } finally {
1534+ if (sourceNode) {
1535+ sourceNode.style.display = oldDisplay;
1536+ }
1537+ }
1538+ }
1539+
1540+
1541+ /** Maps language-specific file extensions to handlers. */
1542+ var langHandlerRegistry = {};
1543+ /** Register a language handler for the given file extensions.
1544+ * @param {function (Object)} handler a function from source code to a list
1545+ * of decorations. Takes a single argument job which describes the
1546+ * state of the computation. The single parameter has the form
1547+ * {@code {
1548+ * sourceCode: {string} as plain text.
1549+ * decorations: {Array.<number|string>} an array of style classes
1550+ * preceded by the position at which they start in
1551+ * job.sourceCode in order.
1552+ * The language handler should assigned this field.
1553+ * basePos: {int} the position of source in the larger source chunk.
1554+ * All positions in the output decorations array are relative
1555+ * to the larger source chunk.
1556+ * } }
1557+ * @param {Array.<string>} fileExtensions
1558+ */
1559+ function registerLangHandler(handler, fileExtensions) {
1560+ for (var i = fileExtensions.length; --i >= 0;) {
1561+ var ext = fileExtensions[i];
1562+ if (!langHandlerRegistry.hasOwnProperty(ext)) {
1563+ langHandlerRegistry[ext] = handler;
1564+ } else if (win['console']) {
1565+ console['warn']('cannot override language handler %s', ext);
1566+ }
1567+ }
1568+ }
1569+ function langHandlerForExtension(extension, source) {
1570+ if (!(extension && langHandlerRegistry.hasOwnProperty(extension))) {
1571+ // Treat it as markup if the first non whitespace character is a < and
1572+ // the last non-whitespace character is a >.
1573+ extension = /^\s*</.test(source)
1574+ ? 'default-markup'
1575+ : 'default-code';
1576+ }
1577+ return langHandlerRegistry[extension];
1578+ }
1579+ registerLangHandler(decorateSource, ['default-code']);
1580+ registerLangHandler(
1581+ createSimpleLexer(
1582+ [],
1583+ [
1584+ [PR_PLAIN, /^[^<?]+/],
1585+ [PR_DECLARATION, /^<!\w[^>]*(?:>|$)/],
1586+ [PR_COMMENT, /^<\!--[\s\S]*?(?:-\->|$)/],
1587+ // Unescaped content in an unknown language
1588+ ['lang-', /^<\?([\s\S]+?)(?:\?>|$)/],
1589+ ['lang-', /^<%([\s\S]+?)(?:%>|$)/],
1590+ [PR_PUNCTUATION, /^(?:<[%?]|[%?]>)/],
1591+ ['lang-', /^<xmp\b[^>]*>([\s\S]+?)<\/xmp\b[^>]*>/i],
1592+ // Unescaped content in javascript. (Or possibly vbscript).
1593+ ['lang-js', /^<script\b[^>]*>([\s\S]*?)(<\/script\b[^>]*>)/i],
1594+ // Contains unescaped stylesheet content
1595+ ['lang-css', /^<style\b[^>]*>([\s\S]*?)(<\/style\b[^>]*>)/i],
1596+ ['lang-in.tag', /^(<\/?[a-z][^<>]*>)/i]
1597+ ]),
1598+ ['default-markup', 'htm', 'html', 'mxml', 'xhtml', 'xml', 'xsl']);
1599+ registerLangHandler(
1600+ createSimpleLexer(
1601+ [
1602+ [PR_PLAIN, /^[\s]+/, null, ' \t\r\n'],
1603+ [PR_ATTRIB_VALUE, /^(?:\"[^\"]*\"?|\'[^\']*\'?)/, null, '\"\'']
1604+ ],
1605+ [
1606+ [PR_TAG, /^^<\/?[a-z](?:[\w.:-]*\w)?|\/?>$/i],
1607+ [PR_ATTRIB_NAME, /^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i],
1608+ ['lang-uq.val', /^=\s*([^>\'\"\s]*(?:[^>\'\"\s\/]|\/(?=\s)))/],
1609+ [PR_PUNCTUATION, /^[=<>\/]+/],
1610+ ['lang-js', /^on\w+\s*=\s*\"([^\"]+)\"/i],
1611+ ['lang-js', /^on\w+\s*=\s*\'([^\']+)\'/i],
1612+ ['lang-js', /^on\w+\s*=\s*([^\"\'>\s]+)/i],
1613+ ['lang-css', /^style\s*=\s*\"([^\"]+)\"/i],
1614+ ['lang-css', /^style\s*=\s*\'([^\']+)\'/i],
1615+ ['lang-css', /^style\s*=\s*([^\"\'>\s]+)/i]
1616+ ]),
1617+ ['in.tag']);
1618+ registerLangHandler(
1619+ createSimpleLexer([], [[PR_ATTRIB_VALUE, /^[\s\S]+/]]), ['uq.val']);
1620+ registerLangHandler(sourceDecorator({
1621+ 'keywords': CPP_KEYWORDS,
1622+ 'hashComments': true,
1623+ 'cStyleComments': true,
1624+ 'types': C_TYPES
1625+ }), ['c', 'cc', 'cpp', 'cxx', 'cyc', 'm']);
1626+ registerLangHandler(sourceDecorator({
1627+ 'keywords': PHP_KEYWORDS,
1628+ 'hashComments': false,
1629+ 'cStyleComments': true,
1630+ 'multiLineStrings': true,
1631+ 'regexLiterals': true
1632+// 'types': C_TYPES,
1633+ }), ['php', 'phtml', 'inc']);
1634+ registerLangHandler(sourceDecorator({
1635+ 'keywords': 'null,true,false'
1636+ }), ['json']);
1637+ registerLangHandler(sourceDecorator({
1638+ 'keywords': CSHARP_KEYWORDS,
1639+ 'hashComments': true,
1640+ 'cStyleComments': true,
1641+ 'verbatimStrings': true,
1642+ 'types': C_TYPES
1643+ }), ['cs']);
1644+ registerLangHandler(sourceDecorator({
1645+ 'keywords': JAVA_KEYWORDS,
1646+ 'cStyleComments': true
1647+ }), ['java']);
1648+ registerLangHandler(sourceDecorator({
1649+ 'keywords': SH_KEYWORDS,
1650+ 'hashComments': true,
1651+ 'multiLineStrings': true
1652+ }), ['bsh', 'csh', 'sh']);
1653+ registerLangHandler(sourceDecorator({
1654+ 'keywords': PYTHON_KEYWORDS,
1655+ 'hashComments': true,
1656+ 'multiLineStrings': true,
1657+ 'tripleQuotedStrings': true
1658+ }), ['cv', 'py']);
1659+ registerLangHandler(sourceDecorator({
1660+ 'keywords': PERL_KEYWORDS,
1661+ 'hashComments': true,
1662+ 'multiLineStrings': true,
1663+ 'regexLiterals': true
1664+ }), ['perl', 'pl', 'pm']);
1665+ registerLangHandler(sourceDecorator({
1666+ 'keywords': RUBY_KEYWORDS,
1667+ 'hashComments': true,
1668+ 'multiLineStrings': true,
1669+ 'regexLiterals': true
1670+ }), ['rb']);
1671+ registerLangHandler(sourceDecorator({
1672+ 'keywords': JSCRIPT_KEYWORDS,
1673+ 'cStyleComments': true,
1674+ 'regexLiterals': true
1675+ }), ['js']);
1676+ registerLangHandler(sourceDecorator({
1677+ 'keywords': COFFEE_KEYWORDS,
1678+ 'hashComments': 3, // ### style block comments
1679+ 'cStyleComments': true,
1680+ 'multilineStrings': true,
1681+ 'tripleQuotedStrings': true,
1682+ 'regexLiterals': true
1683+ }), ['coffee']);
1684+ registerLangHandler(
1685+ createSimpleLexer([], [[PR_STRING, /^[\s\S]+/]]), ['regex']);
1686+ registerLangHandler(sourceDecorator({
1687+ 'keywords': CONFIG_KEYWORDS,
1688+ 'literals': CONFIG_OPTIONS,
1689+ 'strings': CONFIG_ENVS,
1690+ 'hashComments': true,
1691+ 'cStyleComments': false,
1692+ 'multiLineStrings': false,
1693+ 'regexLiterals': false,
1694+ 'httpdComments': true
1695+ }), ['config']);
1696+
1697+ function applyDecorator(job) {
1698+ var opt_langExtension = job.langExtension;
1699+
1700+ try {
1701+ // Extract tags, and convert the source code to plain text.
1702+ var sourceAndSpans = extractSourceSpans(job.sourceNode, job.pre);
1703+ /** Plain text. @type {string} */
1704+ var source = sourceAndSpans.sourceCode;
1705+ job.sourceCode = source;
1706+ job.spans = sourceAndSpans.spans;
1707+ job.basePos = 0;
1708+
1709+ // Apply the appropriate language handler
1710+ langHandlerForExtension(opt_langExtension, source)(job);
1711+
1712+ // Integrate the decorations and tags back into the source code,
1713+ // modifying the sourceNode in place.
1714+ recombineTagsAndDecorations(job);
1715+ } catch (e) {
1716+ if (win['console']) {
1717+ console['log'](e && e['stack'] ? e['stack'] : e);
1718+ }
1719+ }
1720+ }
1721+
1722+ /**
1723+ * @param sourceCodeHtml {string} The HTML to pretty print.
1724+ * @param opt_langExtension {string} The language name to use.
1725+ * Typically, a filename extension like 'cpp' or 'java'.
1726+ * @param opt_numberLines {number|boolean} True to number lines,
1727+ * or the 1-indexed number of the first line in sourceCodeHtml.
1728+ */
1729+ function prettyPrintOne(sourceCodeHtml, opt_langExtension, opt_numberLines) {
1730+ var container = document.createElement('pre');
1731+ // This could cause images to load and onload listeners to fire.
1732+ // E.g. <img onerror="alert(1337)" src="nosuchimage.png">.
1733+ // We assume that the inner HTML is from a trusted source.
1734+ container.innerHTML = sourceCodeHtml;
1735+ if (opt_numberLines) {
1736+ numberLines(container, opt_numberLines, true);
1737+ }
1738+
1739+ var job = {
1740+ langExtension: opt_langExtension,
1741+ numberLines: opt_numberLines,
1742+ sourceNode: container,
1743+ pre: 1
1744+ };
1745+ applyDecorator(job);
1746+ return container.innerHTML;
1747+ }
1748+
1749+ function prettyPrint(opt_whenDone) {
1750+ function byTagName(tn) { return document.getElementsByTagName(tn); }
1751+ // fetch a list of nodes to rewrite
1752+ var codeSegments = [byTagName('pre'), byTagName('code'), byTagName('xmp')];
1753+ var elements = [];
1754+ for (var i = 0; i < codeSegments.length; ++i) {
1755+ for (var j = 0, n = codeSegments[i].length; j < n; ++j) {
1756+ elements.push(codeSegments[i][j]);
1757+ }
1758+ }
1759+ codeSegments = null;
1760+
1761+ var clock = Date;
1762+ if (!clock['now']) {
1763+ clock = { 'now': function () { return +(new Date); } };
1764+ }
1765+
1766+ // The loop is broken into a series of continuations to make sure that we
1767+ // don't make the browser unresponsive when rewriting a large page.
1768+ var k = 0;
1769+ var prettyPrintingJob;
1770+
1771+ var langExtensionRe = /\blang(?:uage)?-([\w.]+)(?!\S)/;
1772+ var prettyPrintRe = /\bprettyprint\b/;
1773+ var prettyPrintedRe = /\bprettyprinted\b/;
1774+ var preformattedTagNameRe = /pre|xmp/i;
1775+ var codeRe = /^code$/i;
1776+ var preCodeXmpRe = /^(?:pre|code|xmp)$/i;
1777+
1778+ function doWork() {
1779+ var endTime = (win['PR_SHOULD_USE_CONTINUATION'] ?
1780+ clock['now']() + 250 /* ms */ :
1781+ Infinity);
1782+ for (; k < elements.length && clock['now']() < endTime; k++) {
1783+ var cs = elements[k];
1784+ var className = cs.className;
1785+ if (prettyPrintRe.test(className)
1786+ // Don't redo this if we've already done it.
1787+ // This allows recalling pretty print to just prettyprint elements
1788+ // that have been added to the page since last call.
1789+ && !prettyPrintedRe.test(className)) {
1790+
1791+ // make sure this is not nested in an already prettified element
1792+ var nested = false;
1793+ for (var p = cs.parentNode; p; p = p.parentNode) {
1794+ var tn = p.tagName;
1795+ if (preCodeXmpRe.test(tn)
1796+ && p.className && prettyPrintRe.test(p.className)) {
1797+ nested = true;
1798+ break;
1799+ }
1800+ }
1801+ if (!nested) {
1802+ // Mark done. If we fail to prettyprint for whatever reason,
1803+ // we shouldn't try again.
1804+ cs.className += ' prettyprinted';
1805+
1806+ // If the classes includes a language extensions, use it.
1807+ // Language extensions can be specified like
1808+ // <pre class="prettyprint lang-cpp">
1809+ // the language extension "cpp" is used to find a language handler
1810+ // as passed to PR.registerLangHandler.
1811+ // HTML5 recommends that a language be specified using "language-"
1812+ // as the prefix instead. Google Code Prettify supports both.
1813+ // http://dev.w3.org/html5/spec-author-view/the-code-element.html
1814+ var langExtension = className.match(langExtensionRe);
1815+ // Support <pre class="prettyprint"><code class="language-c">
1816+ var wrapper;
1817+ if (!langExtension && (wrapper = childContentWrapper(cs))
1818+ && codeRe.test(wrapper.tagName)) {
1819+ langExtension = wrapper.className.match(langExtensionRe);
1820+ }
1821+
1822+ if (langExtension) { langExtension = langExtension[1]; }
1823+
1824+ var preformatted;
1825+ if (preformattedTagNameRe.test(cs.tagName)) {
1826+ preformatted = 1;
1827+ } else {
1828+ var currentStyle = cs['currentStyle'];
1829+ var whitespace = (
1830+ currentStyle
1831+ ? currentStyle['whiteSpace']
1832+ : (document.defaultView
1833+ && document.defaultView.getComputedStyle)
1834+ ? document.defaultView.getComputedStyle(cs, null)
1835+ .getPropertyValue('white-space')
1836+ : 0);
1837+ preformatted = whitespace
1838+ && 'pre' === whitespace.substring(0, 3);
1839+ }
1840+
1841+ // Look for a class like linenums or linenums:<n> where <n> is the
1842+ // 1-indexed number of the first line.
1843+ var lineNums = cs.className.match(/\blinenums\b(?::(\d+))?/);
1844+ lineNums = lineNums
1845+ ? lineNums[1] && lineNums[1].length ? +lineNums[1] : true
1846+ : false;
1847+ if (lineNums) { numberLines(cs, lineNums, preformatted); }
1848+
1849+ // do the pretty printing
1850+ prettyPrintingJob = {
1851+ langExtension: langExtension,
1852+ sourceNode: cs,
1853+ numberLines: lineNums,
1854+ pre: preformatted
1855+ };
1856+ applyDecorator(prettyPrintingJob);
1857+ }
1858+ }
1859+ }
1860+ if (k < elements.length) {
1861+ // finish up in a continuation
1862+ setTimeout(doWork, 250);
1863+ } else if (opt_whenDone) {
1864+ opt_whenDone();
1865+ }
1866+ }
1867+
1868+ doWork();
1869+ }
1870+
1871+ /**
1872+ * Contains functions for creating and registering new language handlers.
1873+ * @type {Object}
1874+ */
1875+ var PR = win['PR'] = {
1876+ 'createSimpleLexer': createSimpleLexer,
1877+ 'registerLangHandler': registerLangHandler,
1878+ 'sourceDecorator': sourceDecorator,
1879+ 'PR_ATTRIB_NAME': PR_ATTRIB_NAME,
1880+ 'PR_ATTRIB_VALUE': PR_ATTRIB_VALUE,
1881+ 'PR_COMMENT': PR_COMMENT,
1882+ 'PR_DECLARATION': PR_DECLARATION,
1883+ 'PR_KEYWORD': PR_KEYWORD,
1884+ 'PR_LITERAL': PR_LITERAL,
1885+ 'PR_NOCODE': PR_NOCODE,
1886+ 'PR_PLAIN': PR_PLAIN,
1887+ 'PR_PUNCTUATION': PR_PUNCTUATION,
1888+ 'PR_SOURCE': PR_SOURCE,
1889+ 'PR_STRING': PR_STRING,
1890+ 'PR_TAG': PR_TAG,
1891+ 'PR_TYPE': PR_TYPE,
1892+ 'prettyPrintOne': win['prettyPrintOne'] = prettyPrintOne,
1893+ 'prettyPrint': win['prettyPrint'] = prettyPrint
1894+ };
1895+
1896+
1897+/* Register Lua syntaxes */
1898+ PR['registerLangHandler'](
1899+ PR['createSimpleLexer'](
1900+ [
1901+ // Whitespace
1902+ [PR['PR_PLAIN'], /^[\t\n\r \xA0]+/, null, '\t\n\r \xA0'],
1903+ // A double or single quoted, possibly multi-line, string.
1904+ [PR['PR_STRING'], /^(?:\"(?:[^\"\\]|\\[\s\S])*(?:\"|$)|\'(?:[^\'\\]|\\[\s\S])*(?:\'|$))/, null, '"\'']
1905+ ],
1906+ [
1907+ // A comment is either a line comment that starts with two dashes, or
1908+ // two dashes preceding a long bracketed block.
1909+ [PR['PR_COMMENT'], /^--(?:\[(=*)\[[\s\S]*?(?:\]\1\]|$)|[^\r\n]*)/],
1910+ [PR['PR_TYPE'], /^nil|false|true/],
1911+ // A long bracketed block not preceded by -- is a string.
1912+ [PR['PR_STRING'], /^\[(=*)\[[\s\S]*?(?:\]\1\]|$)/],
1913+ [PR['PR_KEYWORD'], /^(?:and|break|do|else|elseif|end|for|function|if|in|local|not|or|repeat|require|return|then|until|while)\b/, null],
1914+ // A number is a hex integer literal, a decimal real literal, or in
1915+ // scientific notation.
1916+ [PR['PR_LITERAL'],
1917+ /^[+-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],
1918+ // An identifier
1919+ [PR['PR_PLAIN'], /^[a-z_]\w*/i],
1920+ // A run of punctuation
1921+ [PR['PR_PUNCTUATION'], /^[^\w\t\n\r \xA0][^\w\t\n\r \xA0\"\'\-\+=]*/]
1922+ ]),
1923+ ['lua']);
1924+
1925+
1926+ // Make PR available via the Asynchronous Module Definition (AMD) API.
1927+ // Per https://github.com/amdjs/amdjs-api/wiki/AMD:
1928+ // The Asynchronous Module Definition (AMD) API specifies a
1929+ // mechanism for defining modules such that the module and its
1930+ // dependencies can be asynchronously loaded.
1931+ // ...
1932+ // To allow a clear indicator that a global define function (as
1933+ // needed for script src browser loading) conforms to the AMD API,
1934+ // any global define function SHOULD have a property called "amd"
1935+ // whose value is an object. This helps avoid conflict with any
1936+ // other existing JavaScript code that could have defined a define()
1937+ // function that does not conform to the AMD API.
1938+ if (typeof define === "function" && define['amd']) {
1939+ define("google-code-prettify", [], function () {
1940+ return PR;
1941+ });
1942+ }
1943+})();
1944diff --git a/docs/manual/style/scripts/prettify.min.js b/docs/manual/style/scripts/prettify.min.js
1945new file mode 100644
1946index 0000000..adb92be
1947--- /dev/null
1948+++ b/docs/manual/style/scripts/prettify.min.js
1949@@ -0,0 +1,123 @@
1950+// see prettify.js for copyright, license and expanded version
1951+window['PR_SHOULD_USE_CONTINUATION']=true;var prettyPrintOne;var prettyPrint;(function(){var win=window;var FLOW_CONTROL_KEYWORDS=["break,continue,do,else,for,if,return,while"];var C_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"auto,case,char,const,default,"+"double,enum,extern,float,goto,int,long,register,short,signed,sizeof,module,"+"static,struct,switch,typedef,union,unsigned,void,volatile"];var COMMON_KEYWORDS=[C_KEYWORDS,"catch,class,delete,false,import,"+"new,operator,private,protected,public,this,throw,true,try,typeof"];var CPP_KEYWORDS=[COMMON_KEYWORDS,"alignof,align_union,asm,axiom,bool,"+"concept,concept_map,const_cast,constexpr,decltype,"+"dynamic_cast,explicit,export,friend,inline,late_check,"+"mutable,namespace,nullptr,reinterpret_cast,static_assert,static_cast,"+"template,typeid,typename,using,virtual,where,request_req"];var JAVA_KEYWORDS=[COMMON_KEYWORDS,"abstract,boolean,byte,extends,final,finally,implements,import,"+"instanceof,null,native,package,strictfp,super,synchronized,throws,"+"transient"];var CSHARP_KEYWORDS=[JAVA_KEYWORDS,"as,base,by,checked,decimal,delegate,descending,dynamic,event,"+"fixed,foreach,from,group,implicit,in,interface,internal,into,is,let,"+"lock,object,out,override,orderby,params,partial,readonly,ref,sbyte,"+"sealed,stackalloc,string,select,uint,ulong,unchecked,unsafe,ushort,"+"var,virtual,where"];var COFFEE_KEYWORDS="all,and,by,catch,class,else,extends,false,finally,"+"for,if,in,is,isnt,loop,new,no,not,null,of,off,on,or,return,super,then,"+"throw,true,try,unless,until,when,while,yes";var JSCRIPT_KEYWORDS=[COMMON_KEYWORDS,"debugger,eval,export,function,get,null,set,undefined,var,with,"+"Infinity,NaN"];var PERL_KEYWORDS="caller,delete,die,do,dump,else,elsif,eval,exit,foreach,for,"+"goto,if,import,last,local,my,next,no,our,print,printf,package,redo,require,"+"sub,undef,unless,until,use,wantarray,while,BEGIN,END";var PHP_KEYWORDS="abstract,and,array,as,break,case,catch,cfunction,class,"+"clone,const,continue,declare,default,do,else,elseif,enddeclare,endfor,"+"endforeach,endif,endswitch,endwhile,extends,final,for,foreach,function,"+"global,goto,if,implements,interface,instanceof,namespace,new,old_function,"+"or,private,protected,public,static,switch,throw,try,use,var,while,xor,"+"die,echo,empty,exit,eval,include,include_once,isset,list,require,"+"require_once,return,print,unset";var PYTHON_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"and,as,assert,class,def,del,"+"elif,except,exec,finally,from,global,import,in,is,lambda,"+"nonlocal,not,or,pass,print,raise,try,with,yield,"+"False,True,None"];var RUBY_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"alias,and,begin,case,class,"+"def,defined,elsif,end,ensure,false,in,module,next,nil,not,or,redo,"+"rescue,retry,self,super,then,true,undef,unless,until,when,yield,"+"BEGIN,END"];var SH_KEYWORDS=[FLOW_CONTROL_KEYWORDS,"case,done,elif,esac,eval,fi,"+"function,in,local,set,then,until,echo"];var CONFIG_ENVS=["User-Agent,HTTP_USER_AGENT,HTTP_REFERER,HTTP_COOKIE,HTTP_FORWARDED,HTTP_HOST,HTTP_PROXY_CONNECTION,HTTP_ACCEPT,REMOTE_ADDR,REMOTE_HOST,REMOTE_PORT,REMOTE_USER,REMOTE_IDENT,REQUEST_METHOD,SCRIPT_FILENAME,PATH_INFO,QUERY_STRING,AUTH_TYPE,DOCUMENT_ROOT,SERVER_ADMIN,SERVER_NAME,SERVER_ADDR,SERVER_PORT,SERVER_PROTOCOL,SERVER_SOFTWARE,TIME_YEAR,TIME_MON,TIME_DAY,TIME_HOUR,TIME_MIN,TIME_SEC,TIME_WDAY,TIME,API_VERSION,THE_REQUEST,REQUEST_URI,REQUEST_FILENAME,IS_SUBREQ,HTTPS,REQUEST_SCHEME"];var CONFIG_KEYWORDS=["AcceptFilter,AcceptPathInfo,AccessFileName,Action,AddAlt,AddAltByEncoding,AddAltByType,AddCharset,AddDefaultCharset,AddDescription,AddEncoding,AddHandler,AddIcon,AddIconByEncoding,AddIconByType,AddInputFilter,AddLanguage,AddModuleInfo,AddOutputFilter,AddOutputFilterByType,AddType,Alias,AliasMatch,Allow,AllowCONNECT,AllowEncodedSlashes,AllowMethods,AllowOverride,AllowOverrideList,Anonymous,Anonymous_LogEmail,Anonymous_MustGiveEmail,Anonymous_NoUserID,Anonymous_VerifyEmail,AsyncRequestWorkerFactor,AuthBasicAuthoritative,AuthBasicFake,AuthBasicProvider,AuthBasicUseDigestAlgorithm,AuthDBDUserPWQuery,AuthDBDUserRealmQuery,AuthDBMGroupFile,AuthDBMType,AuthDBMUserFile,AuthDigestAlgorithm,AuthDigestDomain,AuthDigestNonceLifetime,AuthDigestProvider,AuthDigestQop,AuthDigestShmemSize,AuthFormAuthoritative,AuthFormBody,AuthFormDisableNoStore,AuthFormFakeBasicAuth,AuthFormLocation,AuthFormLoginRequiredLocation,AuthFormLoginSuccessLocation,AuthFormLogoutLocation,AuthFormMethod,AuthFormMimetype,AuthFormPassword,AuthFormProvider,AuthFormSitePassphrase,AuthFormSize,AuthFormUsername,AuthGroupFile,AuthLDAPAuthorizePrefix,AuthLDAPBindAuthoritative,AuthLDAPBindDN,AuthLDAPBindPassword,AuthLDAPCharsetConfig,AuthLDAPCompareAsUser,AuthLDAPCompareDNOnServer,AuthLDAPDereferenceAliases,AuthLDAPGroupAttribute,AuthLDAPGroupAttributeIsDN,AuthLDAPInitialBindAsUser,AuthLDAPInitialBindPattern,AuthLDAPMaxSubGroupDepth,AuthLDAPRemoteUserAttribute,AuthLDAPRemoteUserIsDN,AuthLDAPSearchAsUser,AuthLDAPSubGroupAttribute,AuthLDAPSubGroupClass,AuthLDAPUrl,AuthMerging,AuthName,AuthnCacheContext,AuthnCacheEnable,AuthnCacheProvideFor,AuthnCacheSOCache,AuthnCacheTimeout,<AuthnProviderAlias>,AuthnzFcgiCheckAuthnProvider,AuthnzFcgiDefineProvider,AuthType,AuthUserFile,AuthzDBDLoginToReferer,AuthzDBDQuery,AuthzDBDRedirectQuery,AuthzDBMType,<AuthzProviderAlias>,AuthzSendForbiddenOnFailure,BalancerGrowth,BalancerInherit,BalancerMember,BalancerPersist,BrotliAlterETag,BrotliCompressionMaxInputBlock,BrotliCompressionQuality,BrotliCompressionWindow,BrotliFilterNote,BrowserMatch,BrowserMatchNoCase,BufferedLogs,BufferSize,CacheDefaultExpire,CacheDetailHeader,CacheDirLength,CacheDirLevels,CacheDisable,CacheEnable,CacheFile,CacheHeader,CacheIgnoreCacheControl,CacheIgnoreHeaders,CacheIgnoreNoLastMod,CacheIgnoreQueryString,CacheIgnoreURLSessionIdentifiers,CacheKeyBaseURL,CacheLastModifiedFactor,CacheLock,CacheLockMaxAge,CacheLockPath,CacheMaxExpire,CacheMaxFileSize,CacheMinExpire,CacheMinFileSize,CacheNegotiatedDocs,CacheQuickHandler,CacheReadSize,CacheReadTime,CacheRoot,CacheSocache,CacheSocacheMaxSize,CacheSocacheMaxTime,CacheSocacheMinTime,CacheSocacheReadSize,CacheSocacheReadTime,CacheStaleOnError,CacheStoreExpired,CacheStoreNoStore,CacheStorePrivate,CGIDScriptTimeout,CGIMapExtension,CGIPassAuth,CGIVar,CharsetDefault,CharsetOptions,CharsetSourceEnc,CheckCaseOnly,CheckSpelling,ChrootDir,ContentDigest,CookieDomain,CookieExpires,CookieName,CookieStyle,CookieTracking,CoreDumpDirectory,CustomLog,Dav,DavDepthInfinity,DavGenericLockDB,DavLockDB,DavMinTimeout,DBDExptime,DBDInitSQL,DBDKeep,DBDMax,DBDMin,DBDParams,DBDPersist,DBDPrepareSQL,DBDriver,DefaultIcon,DefaultLanguage,DefaultRuntimeDir,DefaultType,Define,DeflateBufferSize,DeflateCompressionLevel,DeflateFilterNote,DeflateInflateLimitRequestBody,DeflateInflateRatioBurst,DeflateInflateRatioLimit,DeflateMemLevel,DeflateWindowSize,Deny,<Directory>,DirectoryCheckHandler,DirectoryIndex,DirectoryIndexRedirect,<DirectoryMatch>,DirectorySlash,DocumentRoot,DTracePrivileges,DumpIOInput,DumpIOOutput,<Else>,<ElseIf>,EnableExceptionHook,EnableMMAP,EnableSendfile,Error,ErrorDocument,ErrorLog,ErrorLogFormat,Example,ExpiresActive,ExpiresByType,ExpiresDefault,ExtendedStatus,ExtFilterDefine,ExtFilterOptions,FallbackResource,FileETag,<Files>,<FilesMatch>,FilterChain,FilterDeclare,FilterProtocol,FilterProvider,FilterTrace,ForceLanguagePriority,ForceType,ForensicLog,GlobalLog,GprofDir,GracefulShutdownTimeout,Group,H2CopyFiles,H2Direct,H2EarlyHints,H2MaxSessionStreams,H2MaxWorkerIdleSeconds,H2MaxWorkers,H2MinWorkers,H2ModernTLSOnly,H2Push,H2PushDiarySize,H2PushPriority,H2PushResource,H2SerializeHeaders,H2StreamMaxMemSize,H2TLSCoolDownSecs,H2TLSWarmUpSize,H2Upgrade,H2WindowSize,Header,HeaderName,HeartbeatAddress,HeartbeatListen,HeartbeatMaxServers,HeartbeatStorage,HeartbeatStorage,HostnameLookups,HttpProtocolOptions,IdentityCheck,IdentityCheckTimeout,<If>,<IfDefine>,<IfModule>,<IfVersion>,ImapBase,ImapDefault,ImapMenu,Include,IncludeOptional,IndexHeadInsert,IndexIgnore,IndexIgnoreReset,IndexOptions,IndexOrderDefault,IndexStyleSheet,InputSed,ISAPIAppendLogToErrors,ISAPIAppendLogToQuery,ISAPICacheFile,ISAPIFakeAsync,ISAPILogNotSupported,ISAPIReadAheadBuffer,KeepAlive,KeepAliveTimeout,KeptBodySize,LanguagePriority,LDAPCacheEntries,LDAPCacheTTL,LDAPConnectionPoolTTL,LDAPConnectionTimeout,LDAPLibraryDebug,LDAPOpCacheEntries,LDAPOpCacheTTL,LDAPReferralHopLimit,LDAPReferrals,LDAPRetries,LDAPRetryDelay,LDAPSharedCacheFile,LDAPSharedCacheSize,LDAPTimeout,LDAPTrustedClientCert,LDAPTrustedGlobalCert,LDAPTrustedMode,LDAPVerifyServerCert,<Limit>,<LimitExcept>,LimitInternalRecursion,LimitRequestBody,LimitRequestFields,LimitRequestFieldSize,LimitRequestLine,LimitXMLRequestBody,Listen,ListenBackLog,ListenCoresBucketsRatio,LoadFile,LoadModule,<Location>,<LocationMatch>,LogFormat,LogIOTrackTTFB,LogLevel,LogMessage,LuaAuthzProvider,LuaCodeCache,LuaHookAccessChecker,LuaHookAuthChecker,LuaHookCheckUserID,LuaHookFixups,LuaHookInsertFilter,LuaHookLog,LuaHookMapToStorage,LuaHookTranslateName,LuaHookTypeChecker,LuaInherit,LuaInputFilter,LuaMapHandler,LuaOutputFilter,LuaPackageCPath,LuaPackagePath,LuaQuickHandler,LuaRoot,LuaScope,<Macro>,MaxConnectionsPerChild,MaxKeepAliveRequests,MaxMemFree,MaxRangeOverlaps,MaxRangeReversals,MaxRanges,MaxRequestWorkers,MaxSpareServers,MaxSpareThreads,MaxThreads,MemcacheConnTTL,MergeTrailers,MetaDir,MetaFiles,MetaSuffix,MimeMagicFile,MinSpareServers,MinSpareThreads,MMapFile,ModemStandard,ModMimeUsePathInfo,MultiviewsMatch,Mutex,NameVirtualHost,NoProxy,NWSSLTrustedCerts,NWSSLUpgradeable,Options,Order,OutputSed,PassEnv,PidFile,PrivilegesMode,Protocol,ProtocolEcho,Protocols,ProtocolsHonorOrder,<Proxy>,ProxyAddHeaders,ProxyBadHeader,ProxyBlock,ProxyDomain,ProxyErrorOverride,ProxyExpressDBMFile,ProxyExpressDBMType,ProxyExpressEnable,ProxyFCGIBackendType,ProxyFCGISetEnvIf,ProxyFtpDirCharset,ProxyFtpEscapeWildcards,ProxyFtpListOnWildcard,ProxyHCExpr,ProxyHCTemplate,ProxyHCTPsize,ProxyHTMLBufSize,ProxyHTMLCharsetOut,ProxyHTMLDocType,ProxyHTMLEnable,ProxyHTMLEvents,ProxyHTMLExtended,ProxyHTMLFixups,ProxyHTMLInterp,ProxyHTMLLinks,ProxyHTMLMeta,ProxyHTMLStripComments,ProxyHTMLURLMap,ProxyIOBufferSize,<ProxyMatch>,ProxyMaxForwards,ProxyPass,ProxyPassInherit,ProxyPassInterpolateEnv,ProxyPassMatch,ProxyPassReverse,ProxyPassReverseCookieDomain,ProxyPassReverseCookiePath,ProxyPreserveHost,ProxyReceiveBufferSize,ProxyRemote,ProxyRemoteMatch,ProxyRequests,ProxySCGIInternalRedirect,ProxySCGISendfile,ProxySet,ProxySourceAddress,ProxyStatus,ProxyTimeout,ProxyVia,QualifyRedirectURL,ReadmeName,ReceiveBufferSize,Redirect,RedirectMatch,RedirectPermanent,RedirectTemp,ReflectorHeader,RegisterHttpMethod,RemoteIPHeader,RemoteIPInternalProxy,RemoteIPInternalProxyList,RemoteIPProxiesHeader,RemoteIPTrustedProxy,RemoteIPTrustedProxyList,RemoveCharset,RemoveEncoding,RemoveHandler,RemoveInputFilter,RemoveLanguage,RemoveOutputFilter,RemoveType,RequestHeader,RequestReadTimeout,Require,<RequireAll>,<RequireAny>,<RequireNone>,RewriteBase,RewriteCond,RewriteEngine,RewriteMap,RewriteOptions,RewriteRule,RLimitCPU,RLimitMEM,RLimitNPROC,Satisfy,ScoreBoardFile,Script,ScriptAlias,ScriptAliasMatch,ScriptInterpreterSource,ScriptLog,ScriptLogBuffer,ScriptLogLength,ScriptSock,SecureListen,SeeRequestTail,SendBufferSize,ServerAdmin,ServerAlias,ServerLimit,ServerName,ServerPath,ServerRoot,ServerSignature,ServerTokens,Session,SessionCookieName,SessionCookieName2,SessionCookieRemove,SessionCryptoCipher,SessionCryptoDriver,SessionCryptoPassphrase,SessionCryptoPassphraseFile,SessionDBDCookieName,SessionDBDCookieName2,SessionDBDCookieRemove,SessionDBDDeleteLabel,SessionDBDInsertLabel,SessionDBDPerUser,SessionDBDSelectLabel,SessionDBDUpdateLabel,SessionEnv,SessionExclude,SessionHeader,SessionInclude,SessionMaxAge,SetEnv,SetEnvIf,SetEnvIfExpr,SetEnvIfNoCase,SetHandler,SetInputFilter,SetOutputFilter,SSIEndTag,SSIErrorMsg,SSIETag,SSILastModified,SSILegacyExprParser,SSIStartTag,SSITimeFormat,SSIUndefinedEcho,SSLCACertificateFile,SSLCACertificatePath,SSLCADNRequestFile,SSLCADNRequestPath,SSLCARevocationCheck,SSLCARevocationFile,SSLCARevocationPath,SSLCertificateChainFile,SSLCertificateFile,SSLCertificateKeyFile,SSLCipherSuite,SSLCompression,SSLCryptoDevice,SSLEngine,SSLFIPS,SSLHonorCipherOrder,SSLInsecureRenegotiation,SSLOCSPDefaultResponder,SSLOCSPEnable,SSLOCSPNoverify,SSLOCSPOverrideResponder,SSLOCSPProxyURL,SSLOCSPResponderCertificateFile,SSLOCSPResponderTimeout,SSLOCSPResponseMaxAge,SSLOCSPResponseTimeSkew,SSLOCSPUseRequestNonce,SSLOpenSSLConfCmd,SSLOptions,SSLPassPhraseDialog,SSLProtocol,SSLProxyCACertificateFile,SSLProxyCACertificatePath,SSLProxyCARevocationCheck,SSLProxyCARevocationFile,SSLProxyCARevocationPath,SSLProxyCheckPeerCN,SSLProxyCheckPeerExpire,SSLProxyCheckPeerName,SSLProxyCipherSuite,SSLProxyEngine,SSLProxyMachineCertificateChainFile,SSLProxyMachineCertificateFile,SSLProxyMachineCertificatePath,SSLProxyProtocol,SSLProxyVerify,SSLProxyVerifyDepth,SSLRandomSeed,SSLRenegBufferSize,SSLRequire,SSLRequireSSL,SSLSessionCache,SSLSessionCacheTimeout,SSLSessionTicketKeyFile,SSLSessionTickets,SSLSRPUnknownUserSeed,SSLSRPVerifierFile,SSLStaplingCache,SSLStaplingErrorCacheTimeout,SSLStaplingFakeTryLater,SSLStaplingForceURL,SSLStaplingResponderTimeout,SSLStaplingResponseMaxAge,SSLStaplingResponseTimeSkew,SSLStaplingReturnResponderErrors,SSLStaplingStandardCacheTimeout,SSLStrictSNIVHostCheck,SSLUserName,SSLUseStapling,SSLVerifyClient,SSLVerifyDepth,StartServers,StartThreads,Substitute,SubstituteInheritBefore,SubstituteMaxLineLength,Suexec,SuexecUserGroup,ThreadLimit,ThreadsPerChild,ThreadStackSize,TimeOut,TraceEnable,TransferLog,TypesConfig,UnDefine,UndefMacro,UnsetEnv,Use,UseCanonicalName,UseCanonicalPhysicalPort,User,UserDir,VHostCGIMode,VHostCGIPrivs,VHostGroup,VHostPrivs,VHostSecure,VHostUser,VirtualDocumentRoot,VirtualDocumentRootIP,<VirtualHost>,VirtualScriptAlias,VirtualScriptAliasIP,WatchdogInterval,XBitHack,xml2EncAlias,xml2EncDefault,xml2StartParse"];var CONFIG_OPTIONS=/^[\\+\\-]?(AuthConfig|IncludesNOEXEC|ExecCGI|FollowSymLinks|MultiViews|Includes|Indexes|SymLinksIfOwnerMatch)\b/i;var ALL_KEYWORDS=[CPP_KEYWORDS,CSHARP_KEYWORDS,JSCRIPT_KEYWORDS,PERL_KEYWORDS+
1952+PYTHON_KEYWORDS,RUBY_KEYWORDS,SH_KEYWORDS,CONFIG_KEYWORDS,PHP_KEYWORDS];var C_TYPES=/^(DIR|FILE|vector|(de|priority_)?queue|list|stack|(const_)?iterator|(multi)?(set|map)|bitset|u?(int|float|char|void|const|static|struct)\d*(_t)?\b)|[a-z_]+_rec|cmd_parms\b/;var PR_STRING='str';var PR_KEYWORD='kwd';var PR_COMMENT='com';var PR_TYPE='typ';var PR_LITERAL='lit';var PR_PUNCTUATION='pun';var PR_PLAIN='pln';var PR_TAG='tag';var PR_DECLARATION='dec';var PR_SOURCE='src';var PR_ATTRIB_NAME='atn';var PR_ATTRIB_VALUE='atv';var PR_NOCODE='nocode';var REGEXP_PRECEDER_PATTERN='(?:^^\\.?|[+-]|[!=]=?=?|\\#|%=?|&&?=?|\\(|\\*=?|[+\\-]=|->|\\/=?|::?|<<?=?|>>?>?=?|,|;|\\?|@|\\[|~|{|\\^\\^?=?|\\|\\|?=?|break|case|continue|delete|do|else|finally|instanceof|return|throw|try|typeof)\\s*';function combinePrefixPatterns(regexs){var capturedGroupIndex=0;var needToFoldCase=false;var ignoreCase=false;for(var i=0,n=regexs.length;i<n;++i){var regex=regexs[i];if(regex.ignoreCase){ignoreCase=true;}else if(/[a-z]/i.test(regex.source.replace(/\\u[0-9a-f]{4}|\\x[0-9a-f]{2}|\\[^ux]/gi,''))){needToFoldCase=true;ignoreCase=false;break;}}
1953+var escapeCharToCodeUnit={'b':8,'t':9,'n':0xa,'v':0xb,'f':0xc,'r':0xd};function decodeEscape(charsetPart){var cc0=charsetPart.charCodeAt(0);if(cc0!==92){return cc0;}
1954+var c1=charsetPart.charAt(1);cc0=escapeCharToCodeUnit[c1];if(cc0){return cc0;}else if('0'<=c1&&c1<='7'){return parseInt(charsetPart.substring(1),8);}else if(c1==='u'||c1==='x'){return parseInt(charsetPart.substring(2),16);}else{return charsetPart.charCodeAt(1);}}
1955+function encodeEscape(charCode){if(charCode<0x20){return(charCode<0x10?'\\x0':'\\x')+charCode.toString(16);}
1956+var ch=String.fromCharCode(charCode);return(ch==='\\'||ch==='-'||ch===']'||ch==='^')?"\\"+ch:ch;}
1957+function caseFoldCharset(charSet){var charsetParts=charSet.substring(1,charSet.length-1).match(new RegExp('\\\\u[0-9A-Fa-f]{4}'
1958++'|\\\\x[0-9A-Fa-f]{2}'
1959++'|\\\\[0-3][0-7]{0,2}'
1960++'|\\\\[0-7]{1,2}'
1961++'|\\\\[\\s\\S]'
1962++'|-'
1963++'|[^-\\\\]','g'));var ranges=[];var inverse=charsetParts[0]==='^';var out=['['];if(inverse){out.push('^');}
1964+for(var i=inverse?1:0,n=charsetParts.length;i<n;++i){var p=charsetParts[i];if(/\\[bdsw]/i.test(p)){out.push(p);}else{var start=decodeEscape(p);var end;if(i+2<n&&'-'===charsetParts[i+1]){end=decodeEscape(charsetParts[i+2]);i+=2;}else{end=start;}
1965+ranges.push([start,end]);if(!(end<65||start>122)){if(!(end<65||start>90)){ranges.push([Math.max(65,start)|32,Math.min(end,90)|32]);}
1966+if(!(end<97||start>122)){ranges.push([Math.max(97,start)&~32,Math.min(end,122)&~32]);}}}}
1967+ranges.sort(function(a,b){return(a[0]-b[0])||(b[1]-a[1]);});var consolidatedRanges=[];var lastRange=[];for(var i=0;i<ranges.length;++i){var range=ranges[i];if(range[0]<=lastRange[1]+1){lastRange[1]=Math.max(lastRange[1],range[1]);}else{consolidatedRanges.push(lastRange=range);}}
1968+for(var i=0;i<consolidatedRanges.length;++i){var range=consolidatedRanges[i];out.push(encodeEscape(range[0]));if(range[1]>range[0]){if(range[1]+1>range[0]){out.push('-');}
1969+out.push(encodeEscape(range[1]));}}
1970+out.push(']');return out.join('');}
1971+function allowAnywhereFoldCaseAndRenumberGroups(regex){var parts=regex.source.match(new RegExp('(?:'
1972++'\\[(?:[^\\x5C\\x5D]|\\\\[\\s\\S])*\\]'
1973++'|\\\\u[A-Fa-f0-9]{4}'
1974++'|\\\\x[A-Fa-f0-9]{2}'
1975++'|\\\\[0-9]+'
1976++'|\\\\[^ux0-9]'
1977++'|\\(\\?[:!=]'
1978++'|[\\(\\)\\^]'
1979++'|[^\\x5B\\x5C\\(\\)\\^]+'
1980++')','g'));var n=parts.length;var capturedGroups=[];for(var i=0,groupIndex=0;i<n;++i){var p=parts[i];if(p==='('){++groupIndex;}else if('\\'===p.charAt(0)){var decimalValue=+p.substring(1);if(decimalValue){if(decimalValue<=groupIndex){capturedGroups[decimalValue]=-1;}else{parts[i]=encodeEscape(decimalValue);}}}}
1981+for(var i=1;i<capturedGroups.length;++i){if(-1===capturedGroups[i]){capturedGroups[i]=++capturedGroupIndex;}}
1982+for(var i=0,groupIndex=0;i<n;++i){var p=parts[i];if(p==='('){++groupIndex;if(!capturedGroups[groupIndex]){parts[i]='(?:';}}else if('\\'===p.charAt(0)){var decimalValue=+p.substring(1);if(decimalValue&&decimalValue<=groupIndex){parts[i]='\\'+capturedGroups[decimalValue];}}}
1983+for(var i=0;i<n;++i){if('^'===parts[i]&&'^'!==parts[i+1]){parts[i]='';}}
1984+if(regex.ignoreCase&&needToFoldCase){for(var i=0;i<n;++i){var p=parts[i];var ch0=p.charAt(0);if(p.length>=2&&ch0==='['){parts[i]=caseFoldCharset(p);}else if(ch0!=='\\'){parts[i]=p.replace(/[a-zA-Z]/g,function(ch){var cc=ch.charCodeAt(0);return'['+String.fromCharCode(cc&~32,cc|32)+']';});}}}
1985+return parts.join('');}
1986+var rewritten=[];for(var i=0,n=regexs.length;i<n;++i){var regex=regexs[i];if(regex.global||regex.multiline){throw new Error(''+regex);}
1987+rewritten.push('(?:'+allowAnywhereFoldCaseAndRenumberGroups(regex)+')');}
1988+return new RegExp(rewritten.join('|'),ignoreCase?'gi':'g');}
1989+function extractSourceSpans(node,isPreformatted){var nocode=/(?:^|\s)nocode(?:\s|$)/;var chunks=[];var length=0;var spans=[];var k=0;function walk(node){switch(node.nodeType){case 1:if(nocode.test(node.className)){return;}
1990+for(var child=node.firstChild;child;child=child.nextSibling){walk(child);}
1991+var nodeName=node.nodeName.toLowerCase();if('br'===nodeName||'li'===nodeName){chunks[k]='\n';spans[k<<1]=length++;spans[(k++<<1)|1]=node;}
1992+break;case 3:case 4:var text=node.nodeValue;if(text.length){if(!isPreformatted){text=text.replace(/[ \t\r\n]+/g,' ');}else{text=text.replace(/\r\n?/g,'\n');text=text.replace(/^(\r?\n\s*)+/g,'');text=text.replace(/^\s*/g,'');text=text.replace(/(\r?\n\s*)+$/g,'');}
1993+chunks[k]=text;spans[k<<1]=length;length+=text.length;spans[(k++<<1)|1]=node;}
1994+break;}}
1995+walk(node);return{sourceCode:chunks.join('').replace(/\n$/,''),spans:spans};}
1996+function appendDecorations(basePos,sourceCode,langHandler,out){if(!sourceCode){return;}
1997+var job={sourceCode:sourceCode,basePos:basePos};langHandler(job);out.push.apply(out,job.decorations);}
1998+var notWs=/\S/;function childContentWrapper(element){var wrapper=undefined;for(var c=element.firstChild;c;c=c.nextSibling){var type=c.nodeType;wrapper=(type===1)?(wrapper?element:c):(type===3)?(notWs.test(c.nodeValue)?element:wrapper):wrapper;}
1999+return wrapper===element?undefined:wrapper;}
2000+function createSimpleLexer(shortcutStylePatterns,fallthroughStylePatterns){var shortcuts={};var tokenizer;(function(){var allPatterns=shortcutStylePatterns.concat(fallthroughStylePatterns);var allRegexs=[];var regexKeys={};for(var i=0,n=allPatterns.length;i<n;++i){var patternParts=allPatterns[i];var shortcutChars=patternParts[3];if(shortcutChars){for(var c=shortcutChars.length;--c>=0;){shortcuts[shortcutChars.charAt(c)]=patternParts;}}
2001+var regex=patternParts[1];var k=''+regex;if(!regexKeys.hasOwnProperty(k)){allRegexs.push(regex);regexKeys[k]=null;}}
2002+allRegexs.push(/[\0-\uffff]/);tokenizer=combinePrefixPatterns(allRegexs);})();var nPatterns=fallthroughStylePatterns.length;var decorate=function(job){var sourceCode=job.sourceCode,basePos=job.basePos;var decorations=[basePos,PR_PLAIN];var pos=0;var tokens=sourceCode.match(tokenizer)||[];var styleCache={};for(var ti=0,nTokens=tokens.length;ti<nTokens;++ti){var token=tokens[ti];var style=styleCache[token];var match=void 0;var isEmbedded;if(typeof style==='string'){isEmbedded=false;}else{var patternParts=shortcuts[token.charAt(0)];if(patternParts){match=token.match(patternParts[1]);style=patternParts[0];}else{for(var i=0;i<nPatterns;++i){patternParts=fallthroughStylePatterns[i];match=token.match(patternParts[1]);if(match){style=patternParts[0];break;}}
2003+if(!match){style=PR_PLAIN;}}
2004+isEmbedded=style.length>=5&&'lang-'===style.substring(0,5);if(isEmbedded&&!(match&&typeof match[1]==='string')){isEmbedded=false;style=PR_SOURCE;}
2005+if(!isEmbedded){styleCache[token]=style;}}
2006+var tokenStart=pos;pos+=token.length;if(!isEmbedded){decorations.push(basePos+tokenStart,style);}else{var embeddedSource=match[1];var embeddedSourceStart=token.indexOf(embeddedSource);var embeddedSourceEnd=embeddedSourceStart+embeddedSource.length;if(match[2]){embeddedSourceEnd=token.length-match[2].length;embeddedSourceStart=embeddedSourceEnd-embeddedSource.length;}
2007+var lang=style.substring(5);appendDecorations(basePos+tokenStart,token.substring(0,embeddedSourceStart),decorate,decorations);appendDecorations(basePos+tokenStart+embeddedSourceStart,embeddedSource,langHandlerForExtension(lang,embeddedSource),decorations);appendDecorations(basePos+tokenStart+embeddedSourceEnd,token.substring(embeddedSourceEnd),decorate,decorations);}}
2008+job.decorations=decorations;};return decorate;}
2009+function sourceDecorator(options){var shortcutStylePatterns=[],fallthroughStylePatterns=[];if(options['tripleQuotedStrings']){shortcutStylePatterns.push([PR_STRING,/^(?:\'\'\'(?:[^\'\\]|\\[\s\S]|\'{1,2}(?=[^\']))*(?:\'\'\'|$)|\"\"\"(?:[^\"\\]|\\[\s\S]|\"{1,2}(?=[^\"]))*(?:\"\"\"|$)|\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$))/,null,'\'"']);}else if(options['multiLineStrings']){shortcutStylePatterns.push([PR_STRING,/^(?:\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$)|\`(?:[^\\\`]|\\[\s\S])*(?:\`|$))/,null,'\'"`']);}else{shortcutStylePatterns.push([PR_STRING,/^(?:\'(?:[^\\\'\r\n]|\\.)*(?:\'|$)|\"(?:[^\\\"\r\n]|\\.)*(?:\"|$))/,null,'"\'']);}
2010+if(options['verbatimStrings']){fallthroughStylePatterns.push([PR_STRING,/^@\"(?:[^\"]|\"\")*(?:\"|$)/,null]);}
2011+var hc=options['hashComments'];if(hc){if(options['cStyleComments']){if(hc>1){shortcutStylePatterns.push([PR_COMMENT,/^#(?:##(?:[^#]|#(?!##))*(?:###|$)|.*)/,null,'#']);}else{shortcutStylePatterns.push([PR_COMMENT,/^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\r\n]*)/,null,'#']);}
2012+fallthroughStylePatterns.push([PR_STRING,/^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h(?:h|pp|\+\+)?|[a-z]\w*)>/,null]);}else{shortcutStylePatterns.push([PR_COMMENT,/^#[^\r\n]*/,null,'#']);}}
2013+if(options['cStyleComments']){fallthroughStylePatterns.push([PR_COMMENT,/^\/\/[^\r\n]*/,null]);fallthroughStylePatterns.push([PR_COMMENT,/^\/\*[\s\S]*?(?:\*\/|$)/,null]);}
2014+if(options['regexLiterals']){var REGEX_LITERAL=('/(?=[^/*])'
2015++'(?:[^/\\x5B\\x5C]'
2016++'|\\x5C[\\s\\S]'
2017++'|\\x5B(?:[^\\x5C\\x5D]|\\x5C[\\s\\S])*(?:\\x5D|$))+'
2018++'/');fallthroughStylePatterns.push(['lang-regex',new RegExp('^'+REGEXP_PRECEDER_PATTERN+'('+REGEX_LITERAL+')')]);}
2019+var types=options['types'];if(types){fallthroughStylePatterns.push([PR_TYPE,types]);}
2020+if(options['strings']){var strings=(""+options['strings']).replace(/^ | $/g,'').replace(/-/g,'\\-');fallthroughStylePatterns.push([PR_STRING,new RegExp('(?:'+strings.replace(/[\s,]+/g,'|')+')'),,null]);}
2021+var keywords=(""+options['keywords']).replace(/^ | $/g,'');if(keywords.length){fallthroughStylePatterns.push([PR_KEYWORD,new RegExp('^(?:'+keywords.replace(/[\s,]+/g,'|')+')\\b'),null]);}
2022+shortcutStylePatterns.push([PR_PLAIN,/^\s+/,null,' \r\n\t\xA0']);if(options['httpdComments']){fallthroughStylePatterns.push([PR_PLAIN,/^.*\S.*#/i,null]);}
2023+fallthroughStylePatterns.push([PR_LITERAL,/^@[a-z_$][a-z_$@0-9]*|\bNULL\b/i,null],[PR_LITERAL,CONFIG_OPTIONS,null],[PR_TAG,/^\b(AuthzProviderAlias|AuthnProviderAlias|RequireAny|RequireAll|RequireNone|Directory|DirectoryMatch|Location|LocationMatch|VirtualHost|If|Else|ElseIf|Proxy\b|LoadBalancer|Files|FilesMatch|Limit|LimitExcept|IfDefine|IfModule|IfVersion)\b/,null],[PR_TYPE,/^(?:[@_]?[A-Z]+[a-z][A-Za-z_$@0-9]*|\w+_(t|req|module)\b)/,null],[PR_TAG,/^apr_[a-z_0-9]+|ap_[a-z_0-9]+/i,null],[PR_PLAIN,/^[a-z_$][a-z_$@0-9\-]*/i,null],[PR_LITERAL,new RegExp('^(?:'
2024++'0x[a-f0-9]+'
2025++'|[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+:[a-f0-9:]+'
2026++'|(?:\\d(?:_\\d+)*\\d*(?:\\.\\d*)?|\\.\\d\\+)'
2027++'(?:e[+\\-]?\\d+)?'
2028++')'
2029++'[a-z]*','i'),null,'0123456789'],[PR_PLAIN,/^\\[\s\S]?/,null],[PR_PUNCTUATION,/^.[^\s\w\.$@\'\"\`\/\#\\]*/,null]);return createSimpleLexer(shortcutStylePatterns,fallthroughStylePatterns);}
2030+var decorateSource=sourceDecorator({'keywords':ALL_KEYWORDS,'hashComments':true,'cStyleComments':true,'multiLineStrings':true,'regexLiterals':true});function numberLines(node,opt_startLineNum,isPreformatted){var nocode=/(?:^|\s)nocode(?:\s|$)/;var lineBreak=/\r\n?|\n/;var document=node.ownerDocument;var li=document.createElement('li');while(node.firstChild){li.appendChild(node.firstChild);}
2031+var listItems=[li];function walk(node){switch(node.nodeType){case 1:if(nocode.test(node.className)){break;}
2032+if('br'===node.nodeName){breakAfter(node);if(node.parentNode){node.parentNode.removeChild(node);}}else{for(var child=node.firstChild;child;child=child.nextSibling){walk(child);}}
2033+break;case 3:case 4:if(isPreformatted){var text=node.nodeValue;var match=text.match(lineBreak);if(match){var firstLine=text.substring(0,match.index);node.nodeValue=firstLine;var tail=text.substring(match.index+match[0].length);if(tail){var parent=node.parentNode;parent.insertBefore(document.createTextNode(tail),node.nextSibling);}
2034+breakAfter(node);if(!firstLine){node.parentNode.removeChild(node);}}}
2035+break;}}
2036+function breakAfter(lineEndNode){while(!lineEndNode.nextSibling){lineEndNode=lineEndNode.parentNode;if(!lineEndNode){return;}}
2037+function breakLeftOf(limit,copy){var rightSide=copy?limit.cloneNode(false):limit;var parent=limit.parentNode;if(parent){var parentClone=breakLeftOf(parent,1);var next=limit.nextSibling;parentClone.appendChild(rightSide);for(var sibling=next;sibling;sibling=next){next=sibling.nextSibling;parentClone.appendChild(sibling);}}
2038+return rightSide;}
2039+var copiedListItem=breakLeftOf(lineEndNode.nextSibling,0);for(var parent;(parent=copiedListItem.parentNode)&&parent.nodeType===1;){copiedListItem=parent;}
2040+listItems.push(copiedListItem);}
2041+for(var i=0;i<listItems.length;++i){walk(listItems[i]);}
2042+if(opt_startLineNum===(opt_startLineNum|0)){listItems[0].setAttribute('value',opt_startLineNum);}
2043+var ol=document.createElement('ol');ol.className='linenums';var offset=Math.max(0,((opt_startLineNum-1))|0)||0;for(var i=0,n=listItems.length;i<n;++i){li=listItems[i];li.className='L'+((i+offset)%1);if(!li.firstChild){li.appendChild(document.createTextNode('\xA0'));}
2044+ol.appendChild(li);}
2045+node.appendChild(ol);}
2046+function recombineTagsAndDecorations(job){var isIE8OrEarlier=/\bMSIE\s(\d+)/.exec(navigator.userAgent);isIE8OrEarlier=isIE8OrEarlier&&+isIE8OrEarlier[1]<=8;var newlineRe=/\n/g;var source=job.sourceCode;var sourceLength=source.length;var sourceIndex=0;var spans=job.spans;var nSpans=spans.length;var spanIndex=0;var decorations=job.decorations;var nDecorations=decorations.length;var decorationIndex=0;decorations[nDecorations]=sourceLength;var decPos,i;for(i=decPos=0;i<nDecorations;){if(decorations[i]!==decorations[i+2]){decorations[decPos++]=decorations[i++];decorations[decPos++]=decorations[i++];}else{i+=2;}}
2047+nDecorations=decPos;for(i=decPos=0;i<nDecorations;){var startPos=decorations[i];var startDec=decorations[i+1];var end=i+2;while(end+2<=nDecorations&&decorations[end+1]===startDec){end+=2;}
2048+decorations[decPos++]=startPos;decorations[decPos++]=startDec;i=end;}
2049+nDecorations=decorations.length=decPos;var sourceNode=job.sourceNode;var oldDisplay;if(sourceNode){oldDisplay=sourceNode.style.display;sourceNode.style.display='none';}
2050+try{var decoration=null;var X=0;while(spanIndex<nSpans){X=X+1;if(X>5000){break;}
2051+var spanStart=spans[spanIndex];var spanEnd=spans[spanIndex+2]||sourceLength;var decEnd=decorations[decorationIndex+2]||sourceLength;var end=Math.min(spanEnd,decEnd);var textNode=spans[spanIndex+1];var styledText;if(textNode.nodeType!==1&&(styledText=source.substring(sourceIndex,end))){if(isIE8OrEarlier){styledText=styledText.replace(newlineRe,'\r');}
2052+textNode.nodeValue=styledText;var document=textNode.ownerDocument;var span=document.createElement('span');span.className=decorations[decorationIndex+1];var parentNode=textNode.parentNode;parentNode.replaceChild(span,textNode);span.appendChild(textNode);if(sourceIndex<spanEnd){spans[spanIndex+1]=textNode=document.createTextNode(source.substring(end,spanEnd));parentNode.insertBefore(textNode,span.nextSibling);}}
2053+sourceIndex=end;if(sourceIndex>=spanEnd){spanIndex+=2;}
2054+if(sourceIndex>=decEnd){decorationIndex+=2;}}}finally{if(sourceNode){sourceNode.style.display=oldDisplay;}}}
2055+var langHandlerRegistry={};function registerLangHandler(handler,fileExtensions){for(var i=fileExtensions.length;--i>=0;){var ext=fileExtensions[i];if(!langHandlerRegistry.hasOwnProperty(ext)){langHandlerRegistry[ext]=handler;}else if(win['console']){console['warn']('cannot override language handler %s',ext);}}}
2056+function langHandlerForExtension(extension,source){if(!(extension&&langHandlerRegistry.hasOwnProperty(extension))){extension=/^\s*</.test(source)?'default-markup':'default-code';}
2057+return langHandlerRegistry[extension];}
2058+registerLangHandler(decorateSource,['default-code']);registerLangHandler(createSimpleLexer([],[[PR_PLAIN,/^[^<?]+/],[PR_DECLARATION,/^<!\w[^>]*(?:>|$)/],[PR_COMMENT,/^<\!--[\s\S]*?(?:-\->|$)/],['lang-',/^<\?([\s\S]+?)(?:\?>|$)/],['lang-',/^<%([\s\S]+?)(?:%>|$)/],[PR_PUNCTUATION,/^(?:<[%?]|[%?]>)/],['lang-',/^<xmp\b[^>]*>([\s\S]+?)<\/xmp\b[^>]*>/i],['lang-js',/^<script\b[^>]*>([\s\S]*?)(<\/script\b[^>]*>)/i],['lang-css',/^<style\b[^>]*>([\s\S]*?)(<\/style\b[^>]*>)/i],['lang-in.tag',/^(<\/?[a-z][^<>]*>)/i]]),['default-markup','htm','html','mxml','xhtml','xml','xsl']);registerLangHandler(createSimpleLexer([[PR_PLAIN,/^[\s]+/,null,' \t\r\n'],[PR_ATTRIB_VALUE,/^(?:\"[^\"]*\"?|\'[^\']*\'?)/,null,'\"\'']],[[PR_TAG,/^^<\/?[a-z](?:[\w.:-]*\w)?|\/?>$/i],[PR_ATTRIB_NAME,/^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i],['lang-uq.val',/^=\s*([^>\'\"\s]*(?:[^>\'\"\s\/]|\/(?=\s)))/],[PR_PUNCTUATION,/^[=<>\/]+/],['lang-js',/^on\w+\s*=\s*\"([^\"]+)\"/i],['lang-js',/^on\w+\s*=\s*\'([^\']+)\'/i],['lang-js',/^on\w+\s*=\s*([^\"\'>\s]+)/i],['lang-css',/^style\s*=\s*\"([^\"]+)\"/i],['lang-css',/^style\s*=\s*\'([^\']+)\'/i],['lang-css',/^style\s*=\s*([^\"\'>\s]+)/i]]),['in.tag']);registerLangHandler(createSimpleLexer([],[[PR_ATTRIB_VALUE,/^[\s\S]+/]]),['uq.val']);registerLangHandler(sourceDecorator({'keywords':CPP_KEYWORDS,'hashComments':true,'cStyleComments':true,'types':C_TYPES}),['c','cc','cpp','cxx','cyc','m']);registerLangHandler(sourceDecorator({'keywords':PHP_KEYWORDS,'hashComments':false,'cStyleComments':true,'multiLineStrings':true,'regexLiterals':true}),['php','phtml','inc']);registerLangHandler(sourceDecorator({'keywords':'null,true,false'}),['json']);registerLangHandler(sourceDecorator({'keywords':CSHARP_KEYWORDS,'hashComments':true,'cStyleComments':true,'verbatimStrings':true,'types':C_TYPES}),['cs']);registerLangHandler(sourceDecorator({'keywords':JAVA_KEYWORDS,'cStyleComments':true}),['java']);registerLangHandler(sourceDecorator({'keywords':SH_KEYWORDS,'hashComments':true,'multiLineStrings':true}),['bsh','csh','sh']);registerLangHandler(sourceDecorator({'keywords':PYTHON_KEYWORDS,'hashComments':true,'multiLineStrings':true,'tripleQuotedStrings':true}),['cv','py']);registerLangHandler(sourceDecorator({'keywords':PERL_KEYWORDS,'hashComments':true,'multiLineStrings':true,'regexLiterals':true}),['perl','pl','pm']);registerLangHandler(sourceDecorator({'keywords':RUBY_KEYWORDS,'hashComments':true,'multiLineStrings':true,'regexLiterals':true}),['rb']);registerLangHandler(sourceDecorator({'keywords':JSCRIPT_KEYWORDS,'cStyleComments':true,'regexLiterals':true}),['js']);registerLangHandler(sourceDecorator({'keywords':COFFEE_KEYWORDS,'hashComments':3,'cStyleComments':true,'multilineStrings':true,'tripleQuotedStrings':true,'regexLiterals':true}),['coffee']);registerLangHandler(createSimpleLexer([],[[PR_STRING,/^[\s\S]+/]]),['regex']);registerLangHandler(sourceDecorator({'keywords':CONFIG_KEYWORDS,'literals':CONFIG_OPTIONS,'strings':CONFIG_ENVS,'hashComments':true,'cStyleComments':false,'multiLineStrings':false,'regexLiterals':false,'httpdComments':true}),['config']);function applyDecorator(job){var opt_langExtension=job.langExtension;try{var sourceAndSpans=extractSourceSpans(job.sourceNode,job.pre);var source=sourceAndSpans.sourceCode;job.sourceCode=source;job.spans=sourceAndSpans.spans;job.basePos=0;langHandlerForExtension(opt_langExtension,source)(job);recombineTagsAndDecorations(job);}catch(e){if(win['console']){console['log'](e&&e['stack']?e['stack']:e);}}}
2059+function prettyPrintOne(sourceCodeHtml,opt_langExtension,opt_numberLines){var container=document.createElement('pre');container.innerHTML=sourceCodeHtml;if(opt_numberLines){numberLines(container,opt_numberLines,true);}
2060+var job={langExtension:opt_langExtension,numberLines:opt_numberLines,sourceNode:container,pre:1};applyDecorator(job);return container.innerHTML;}
2061+function prettyPrint(opt_whenDone){function byTagName(tn){return document.getElementsByTagName(tn);}
2062+var codeSegments=[byTagName('pre'),byTagName('code'),byTagName('xmp')];var elements=[];for(var i=0;i<codeSegments.length;++i){for(var j=0,n=codeSegments[i].length;j<n;++j){elements.push(codeSegments[i][j]);}}
2063+codeSegments=null;var clock=Date;if(!clock['now']){clock={'now':function(){return+(new Date);}};}
2064+var k=0;var prettyPrintingJob;var langExtensionRe=/\blang(?:uage)?-([\w.]+)(?!\S)/;var prettyPrintRe=/\bprettyprint\b/;var prettyPrintedRe=/\bprettyprinted\b/;var preformattedTagNameRe=/pre|xmp/i;var codeRe=/^code$/i;var preCodeXmpRe=/^(?:pre|code|xmp)$/i;function doWork(){var endTime=(win['PR_SHOULD_USE_CONTINUATION']?clock['now']()+250:Infinity);for(;k<elements.length&&clock['now']()<endTime;k++){var cs=elements[k];var className=cs.className;if(prettyPrintRe.test(className)&&!prettyPrintedRe.test(className)){var nested=false;for(var p=cs.parentNode;p;p=p.parentNode){var tn=p.tagName;if(preCodeXmpRe.test(tn)&&p.className&&prettyPrintRe.test(p.className)){nested=true;break;}}
2065+if(!nested){cs.className+=' prettyprinted';var langExtension=className.match(langExtensionRe);var wrapper;if(!langExtension&&(wrapper=childContentWrapper(cs))&&codeRe.test(wrapper.tagName)){langExtension=wrapper.className.match(langExtensionRe);}
2066+if(langExtension){langExtension=langExtension[1];}
2067+var preformatted;if(preformattedTagNameRe.test(cs.tagName)){preformatted=1;}else{var currentStyle=cs['currentStyle'];var whitespace=(currentStyle?currentStyle['whiteSpace']:(document.defaultView&&document.defaultView.getComputedStyle)?document.defaultView.getComputedStyle(cs,null).getPropertyValue('white-space'):0);preformatted=whitespace&&'pre'===whitespace.substring(0,3);}
2068+var lineNums=cs.className.match(/\blinenums\b(?::(\d+))?/);lineNums=lineNums?lineNums[1]&&lineNums[1].length?+lineNums[1]:true:false;if(lineNums){numberLines(cs,lineNums,preformatted);}
2069+prettyPrintingJob={langExtension:langExtension,sourceNode:cs,numberLines:lineNums,pre:preformatted};applyDecorator(prettyPrintingJob);}}}
2070+if(k<elements.length){setTimeout(doWork,250);}else if(opt_whenDone){opt_whenDone();}}
2071+doWork();}
2072+var PR=win['PR']={'createSimpleLexer':createSimpleLexer,'registerLangHandler':registerLangHandler,'sourceDecorator':sourceDecorator,'PR_ATTRIB_NAME':PR_ATTRIB_NAME,'PR_ATTRIB_VALUE':PR_ATTRIB_VALUE,'PR_COMMENT':PR_COMMENT,'PR_DECLARATION':PR_DECLARATION,'PR_KEYWORD':PR_KEYWORD,'PR_LITERAL':PR_LITERAL,'PR_NOCODE':PR_NOCODE,'PR_PLAIN':PR_PLAIN,'PR_PUNCTUATION':PR_PUNCTUATION,'PR_SOURCE':PR_SOURCE,'PR_STRING':PR_STRING,'PR_TAG':PR_TAG,'PR_TYPE':PR_TYPE,'prettyPrintOne':win['prettyPrintOne']=prettyPrintOne,'prettyPrint':win['prettyPrint']=prettyPrint};PR['registerLangHandler'](PR['createSimpleLexer']([[PR['PR_PLAIN'],/^[\t\n\r \xA0]+/,null,'\t\n\r \xA0'],[PR['PR_STRING'],/^(?:\"(?:[^\"\\]|\\[\s\S])*(?:\"|$)|\'(?:[^\'\\]|\\[\s\S])*(?:\'|$))/,null,'"\'']],[[PR['PR_COMMENT'],/^--(?:\[(=*)\[[\s\S]*?(?:\]\1\]|$)|[^\r\n]*)/],[PR['PR_TYPE'],/^nil|false|true/],[PR['PR_STRING'],/^\[(=*)\[[\s\S]*?(?:\]\1\]|$)/],[PR['PR_KEYWORD'],/^(?:and|break|do|else|elseif|end|for|function|if|in|local|not|or|repeat|require|return|then|until|while)\b/,null],[PR['PR_LITERAL'],/^[+-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],[PR['PR_PLAIN'],/^[a-z_]\w*/i],[PR['PR_PUNCTUATION'],/^[^\w\t\n\r \xA0][^\w\t\n\r \xA0\"\'\-\+=]*/]]),['lua']);if(typeof define==="function"&&define['amd']){define("google-code-prettify",[],function(){return PR;});}})();
2073\ No newline at end of file
2074diff --git a/docs/manual/style/sitemap.dtd b/docs/manual/style/sitemap.dtd
2075new file mode 100644
2076index 0000000..829f326
2077--- /dev/null
2078+++ b/docs/manual/style/sitemap.dtd
2079@@ -0,0 +1,42 @@
2080+<?xml version='1.0' encoding='UTF-8' ?>
2081+
2082+<!--
2083+ Licensed to the Apache Software Foundation (ASF) under one or more
2084+ contributor license agreements. See the NOTICE file distributed with
2085+ this work for additional information regarding copyright ownership.
2086+ The ASF licenses this file to You under the Apache License, Version 2.0
2087+ (the "License"); you may not use this file except in compliance with
2088+ the License. You may obtain a copy of the License at
2089+
2090+ http://www.apache.org/licenses/LICENSE-2.0
2091+
2092+ Unless required by applicable law or agreed to in writing, software
2093+ distributed under the License is distributed on an "AS IS" BASIS,
2094+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2095+ See the License for the specific language governing permissions and
2096+ limitations under the License.
2097+-->
2098+
2099+<!ENTITY % common SYSTEM "common.dtd">
2100+%common;
2101+
2102+<!-- <sitemap> is the root element -->
2103+<!ELEMENT sitemap (title, summary?, seealso*, category*)>
2104+
2105+<!ATTLIST sitemap metafile CDATA #REQUIRED
2106+ upgrade CDATA #IMPLIED
2107+>
2108+
2109+<!-- <indexpage> is another root element -->
2110+<!ELEMENT indexpage (parentdocument, title, category*)>
2111+
2112+<!ATTLIST indexpage metafile CDATA #REQUIRED
2113+ upgrade CDATA #IMPLIED
2114+>
2115+
2116+<!ELEMENT category (title, page*)>
2117+<!ATTLIST category id ID #IMPLIED>
2118+
2119+<!ELEMENT page (#PCDATA)>
2120+<!ATTLIST page href CDATA #IMPLIED
2121+ separate (yes | no) "no" >
2122diff --git a/docs/manual/style/version.ent b/docs/manual/style/version.ent
2123new file mode 100644
2124index 0000000..b44b2a7
2125--- /dev/null
2126+++ b/docs/manual/style/version.ent
2127@@ -0,0 +1,24 @@
2128+<?xml version='1.0' encoding='UTF-8' ?>
2129+
2130+<!--
2131+ Licensed to the Apache Software Foundation (ASF) under one or more
2132+ contributor license agreements. See the NOTICE file distributed with
2133+ this work for additional information regarding copyright ownership.
2134+ The ASF licenses this file to You under the Apache License, Version 2.0
2135+ (the "License"); you may not use this file except in compliance with
2136+ the License. You may obtain a copy of the License at
2137+
2138+ http://www.apache.org/licenses/LICENSE-2.0
2139+
2140+ Unless required by applicable law or agreed to in writing, software
2141+ distributed under the License is distributed on an "AS IS" BASIS,
2142+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2143+ See the License for the specific language governing permissions and
2144+ limitations under the License.
2145+-->
2146+
2147+<!ENTITY httpd.major "2">
2148+<!ENTITY httpd.minor "4">
2149+<!ENTITY httpd.patch "29">
2150+
2151+<!ENTITY httpd.docs "2.4">
2152diff --git a/docs/manual/suexec.html b/docs/manual/suexec.html
2153new file mode 100644
2154index 0000000..c4cc65b
2155--- /dev/null
2156+++ b/docs/manual/suexec.html
2157@@ -0,0 +1,21 @@
2158+# GENERATED FROM XML -- DO NOT EDIT
2159+
2160+URI: suexec.html.en
2161+Content-Language: en
2162+Content-type: text/html; charset=ISO-8859-1
2163+
2164+URI: suexec.html.fr
2165+Content-Language: fr
2166+Content-type: text/html; charset=ISO-8859-1
2167+
2168+URI: suexec.html.ja.utf8
2169+Content-Language: ja
2170+Content-type: text/html; charset=UTF-8
2171+
2172+URI: suexec.html.ko.euc-kr
2173+Content-Language: ko
2174+Content-type: text/html; charset=EUC-KR
2175+
2176+URI: suexec.html.tr.utf8
2177+Content-Language: tr
2178+Content-type: text/html; charset=UTF-8
2179diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en
2180new file mode 100644
2181index 0000000..28be5fd
2182--- /dev/null
2183+++ b/docs/manual/suexec.html.en
2184@@ -0,0 +1,643 @@
2185+<?xml version="1.0" encoding="ISO-8859-1"?>
2186+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
2187+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
2188+<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
2189+<!--
2190+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2191+ This file is generated from xml source: DO NOT EDIT
2192+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2193+ -->
2194+<title>suEXEC Support - Apache HTTP Server Version 2.4</title>
2195+<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
2196+<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
2197+<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
2198+<script src="./style/scripts/prettify.min.js" type="text/javascript">
2199+</script>
2200+
2201+<link href="./images/favicon.ico" rel="shortcut icon" /></head>
2202+<body id="manual-page"><div id="page-header">
2203+<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p>
2204+<p class="apache">Apache HTTP Server Version 2.4</p>
2205+<img alt="" src="./images/feather.png" /></div>
2206+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="./images/left.gif" /></a></div>
2207+<div id="path">
2208+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>suEXEC Support</h1>
2209+<div class="toplang">
2210+<p><span>Available Languages: </span><a href="./en/suexec.html" title="English">&nbsp;en&nbsp;</a> |
2211+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |
2212+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
2213+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
2214+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e">&nbsp;tr&nbsp;</a></p>
2215+</div>
2216+
2217+ <p>The <strong>suEXEC</strong> feature provides users of the Apache
2218+ HTTP Server the ability
2219+ to run <strong>CGI</strong> and <strong>SSI</strong> programs
2220+ under user IDs different from the user ID of the calling
2221+ web server. Normally, when a CGI or SSI program executes, it
2222+ runs as the same user who is running the web server.</p>
2223+
2224+ <p>Used properly, this feature can reduce
2225+ considerably the security risks involved with allowing users to
2226+ develop and run private CGI or SSI programs. However, if suEXEC
2227+ is improperly configured, it can cause any number of problems
2228+ and possibly create new holes in your computer's security. If
2229+ you aren't familiar with managing <em>setuid root</em> programs
2230+ and the security issues they present, we highly recommend that
2231+ you not consider using suEXEC.</p>
2232+ </div>
2233+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">Before we begin</a></li>
2234+<li><img alt="" src="./images/down.gif" /> <a href="#model">suEXEC Security Model</a></li>
2235+<li><img alt="" src="./images/down.gif" /> <a href="#install">Configuring &amp; Installing
2236+ suEXEC</a></li>
2237+<li><img alt="" src="./images/down.gif" /> <a href="#enable">Enabling &amp; Disabling
2238+ suEXEC</a></li>
2239+<li><img alt="" src="./images/down.gif" /> <a href="#usage">Using suEXEC</a></li>
2240+<li><img alt="" src="./images/down.gif" /> <a href="#debug">Debugging suEXEC</a></li>
2241+<li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">Beware the Jabberwock:
2242+ Warnings &amp; Examples</a></li>
2243+</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
2244+<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2245+<div class="section">
2246+<h2><a name="before" id="before">Before we begin</a></h2>
2247+
2248+ <p>Before jumping head-first into this document,
2249+ you should be aware that certain assumptions are made about you and
2250+ the environment in which you will be using suexec.</p>
2251+
2252+ <p>First, it is assumed that you are using a UNIX
2253+ derivative operating system that is capable of
2254+ <strong>setuid</strong> and <strong>setgid</strong> operations.
2255+ All command examples are given in this regard. Other platforms,
2256+ if they are capable of supporting suEXEC, may differ in their
2257+ configuration.</p>
2258+
2259+ <p>Second, it is assumed you are familiar with
2260+ some basic concepts of your computer's security and its
2261+ administration. This involves an understanding of
2262+ <strong>setuid/setgid</strong> operations and the various
2263+ effects they may have on your system and its level of
2264+ security.</p>
2265+
2266+ <p>Third, it is assumed that you are using an
2267+ <strong>unmodified</strong> version of suEXEC code. All code
2268+ for suEXEC has been carefully scrutinized and tested by the
2269+ developers as well as numerous beta testers. Every precaution
2270+ has been taken to ensure a simple yet solidly safe base of
2271+ code. Altering this code can cause unexpected problems and new
2272+ security risks. It is <strong>highly</strong> recommended you
2273+ not alter the suEXEC code unless you are well versed in the
2274+ particulars of security programming and are willing to share
2275+ your work with the Apache HTTP Server development team for consideration.</p>
2276+
2277+ <p>Fourth, and last, it has been the decision of
2278+ the Apache HTTP Server development team to <strong>NOT</strong> make suEXEC part of
2279+ the default installation of Apache httpd. To this end, suEXEC
2280+ configuration requires of the administrator careful attention
2281+ to details. After due consideration has been given to the
2282+ various settings for suEXEC, the administrator may install
2283+ suEXEC through normal installation methods. The values for
2284+ these settings need to be carefully determined and specified by
2285+ the administrator to properly maintain system security during
2286+ the use of suEXEC functionality. It is through this detailed
2287+ process that we hope to limit suEXEC
2288+ installation only to those who are careful and determined
2289+ enough to use it.</p>
2290+
2291+ <p>Still with us? Yes? Good. Let's move on!</p>
2292+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2293+<div class="section">
2294+<h2><a name="model" id="model">suEXEC Security Model</a></h2>
2295+
2296+ <p>Before we begin configuring and installing
2297+ suEXEC, we will first discuss the security model you are about
2298+ to implement. By doing so, you may better understand what
2299+ exactly is going on inside suEXEC and what precautions are
2300+ taken to ensure your system's security.</p>
2301+
2302+ <p><strong>suEXEC</strong> is based on a setuid
2303+ "wrapper" program that is called by the main Apache HTTP Server.
2304+ This wrapper is called when an HTTP request is made for a CGI
2305+ or SSI program that the administrator has designated to run as
2306+ a userid other than that of the main server. When such a
2307+ request is made, Apache httpd provides the suEXEC wrapper with the
2308+ program's name and the user and group IDs under which the
2309+ program is to execute.</p>
2310+
2311+ <p>The wrapper then employs the following process
2312+ to determine success or failure -- if any one of these
2313+ conditions fail, the program logs the failure and exits with an
2314+ error, otherwise it will continue:</p>
2315+
2316+ <ol>
2317+ <li>
2318+ <strong>Is the user executing this wrapper a valid user of
2319+ this system?</strong>
2320+
2321+ <p class="indent">
2322+ This is to ensure that the user executing the wrapper is
2323+ truly a user of the system.
2324+ </p>
2325+ </li>
2326+
2327+ <li>
2328+ <strong>Was the wrapper called with the proper number of
2329+ arguments?</strong>
2330+
2331+ <p class="indent">
2332+ The wrapper will only execute if it is given the proper
2333+ number of arguments. The proper argument format is known
2334+ to the Apache HTTP Server. If the wrapper is not receiving
2335+ the proper number of arguments, it is either being
2336+ hacked, or there is something wrong with the suEXEC
2337+ portion of your Apache httpd binary.
2338+ </p>
2339+ </li>
2340+
2341+ <li>
2342+ <strong>Is this valid user allowed to run the
2343+ wrapper?</strong>
2344+
2345+ <p class="indent">
2346+ Is this user the user allowed to run this wrapper? Only
2347+ one user (the Apache user) is allowed to execute this
2348+ program.
2349+ </p>
2350+ </li>
2351+
2352+ <li>
2353+ <strong>Does the target CGI or SSI program have an unsafe
2354+ hierarchical reference?</strong>
2355+
2356+ <p class="indent">
2357+ Does the target CGI or SSI program's path contain a leading
2358+ '/' or have a '..' backreference? These are not allowed; the
2359+ target CGI/SSI program must reside within suEXEC's document
2360+ root (see <code>--with-suexec-docroot=<em>DIR</em></code>
2361+ below).
2362+ </p>
2363+ </li>
2364+
2365+ <li>
2366+ <strong>Is the target user name valid?</strong>
2367+
2368+ <p class="indent">
2369+ Does the target user exist?
2370+ </p>
2371+ </li>
2372+
2373+ <li>
2374+ <strong>Is the target group name valid?</strong>
2375+
2376+ <p class="indent">
2377+ Does the target group exist?
2378+ </p>
2379+ </li>
2380+
2381+ <li>
2382+ <strong>Is the target user <em>NOT</em> superuser?</strong>
2383+
2384+
2385+ <p class="indent">
2386+ suEXEC does not allow <code><em>root</em></code>
2387+ to execute CGI/SSI programs.
2388+ </p>
2389+ </li>
2390+
2391+ <li>
2392+ <strong>Is the target userid <em>ABOVE</em> the minimum ID
2393+ number?</strong>
2394+
2395+ <p class="indent">
2396+ The minimum user ID number is specified during
2397+ configuration. This allows you to set the lowest possible
2398+ userid that will be allowed to execute CGI/SSI programs.
2399+ This is useful to block out "system" accounts.
2400+ </p>
2401+ </li>
2402+
2403+ <li>
2404+ <strong>Is the target group <em>NOT</em> the superuser
2405+ group?</strong>
2406+
2407+ <p class="indent">
2408+ Presently, suEXEC does not allow the <code><em>root</em></code>
2409+ group to execute CGI/SSI programs.
2410+ </p>
2411+ </li>
2412+
2413+ <li>
2414+ <strong>Is the target groupid <em>ABOVE</em> the minimum ID
2415+ number?</strong>
2416+
2417+ <p class="indent">
2418+ The minimum group ID number is specified during
2419+ configuration. This allows you to set the lowest possible
2420+ groupid that will be allowed to execute CGI/SSI programs.
2421+ This is useful to block out "system" groups.
2422+ </p>
2423+ </li>
2424+
2425+ <li>
2426+ <strong>Can the wrapper successfully become the target user
2427+ and group?</strong>
2428+
2429+ <p class="indent">
2430+ Here is where the program becomes the target user and
2431+ group via setuid and setgid calls. The group access list
2432+ is also initialized with all of the groups of which the
2433+ user is a member.
2434+ </p>
2435+ </li>
2436+
2437+ <li>
2438+ <strong>Can we change directory to the one in which the target
2439+ CGI/SSI program resides?</strong>
2440+
2441+ <p class="indent">
2442+ If it doesn't exist, it can't very well contain files. If we
2443+ can't change directory to it, it might as well not exist.
2444+ </p>
2445+ </li>
2446+
2447+ <li>
2448+ <strong>Is the directory within the httpd webspace?</strong>
2449+
2450+ <p class="indent">
2451+ If the request is for a regular portion of the server, is
2452+ the requested directory within suEXEC's document root? If
2453+ the request is for a <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>, is the requested directory
2454+ within the directory configured as suEXEC's userdir (see
2455+ <a href="#install">suEXEC's configuration options</a>)?
2456+ </p>
2457+ </li>
2458+
2459+ <li>
2460+ <strong>Is the directory <em>NOT</em> writable by anyone
2461+ else?</strong>
2462+
2463+ <p class="indent">
2464+ We don't want to open up the directory to others; only
2465+ the owner user may be able to alter this directories
2466+ contents.
2467+ </p>
2468+ </li>
2469+
2470+ <li>
2471+ <strong>Does the target CGI/SSI program exist?</strong>
2472+
2473+ <p class="indent">
2474+ If it doesn't exists, it can't very well be executed.
2475+ </p>
2476+ </li>
2477+
2478+ <li>
2479+ <strong>Is the target CGI/SSI program <em>NOT</em> writable
2480+ by anyone else?</strong>
2481+
2482+ <p class="indent">
2483+ We don't want to give anyone other than the owner the
2484+ ability to change the CGI/SSI program.
2485+ </p>
2486+ </li>
2487+
2488+ <li>
2489+ <strong>Is the target CGI/SSI program <em>NOT</em> setuid or
2490+ setgid?</strong>
2491+
2492+ <p class="indent">
2493+ We do not want to execute programs that will then change
2494+ our UID/GID again.
2495+ </p>
2496+ </li>
2497+
2498+ <li>
2499+ <strong>Is the target user/group the same as the program's
2500+ user/group?</strong>
2501+
2502+ <p class="indent">
2503+ Is the user the owner of the file?
2504+ </p>
2505+ </li>
2506+
2507+ <li>
2508+ <strong>Can we successfully clean the process environment
2509+ to ensure safe operations?</strong>
2510+
2511+ <p class="indent">
2512+ suEXEC cleans the process' environment by establishing a
2513+ safe execution PATH (defined during configuration), as
2514+ well as only passing through those variables whose names
2515+ are listed in the safe environment list (also created
2516+ during configuration).
2517+ </p>
2518+ </li>
2519+
2520+ <li>
2521+ <strong>Can we successfully become the target CGI/SSI program
2522+ and execute?</strong>
2523+
2524+ <p class="indent">
2525+ Here is where suEXEC ends and the target CGI/SSI program begins.
2526+ </p>
2527+ </li>
2528+ </ol>
2529+
2530+ <p>This is the standard operation of the
2531+ suEXEC wrapper's security model. It is somewhat stringent and
2532+ can impose new limitations and guidelines for CGI/SSI design,
2533+ but it was developed carefully step-by-step with security in
2534+ mind.</p>
2535+
2536+ <p>For more information as to how this security
2537+ model can limit your possibilities in regards to server
2538+ configuration, as well as what security risks can be avoided
2539+ with a proper suEXEC setup, see the <a href="#jabberwock">"Beware the Jabberwock"</a> section of this
2540+ document.</p>
2541+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2542+<div class="section">
2543+<h2><a name="install" id="install">Configuring &amp; Installing
2544+ suEXEC</a></h2>
2545+
2546+ <p>Here's where we begin the fun.</p>
2547+
2548+ <p><strong>suEXEC configuration
2549+ options</strong><br />
2550+ </p>
2551+
2552+ <dl>
2553+ <dt><code>--enable-suexec</code></dt>
2554+
2555+ <dd>This option enables the suEXEC feature which is never
2556+ installed or activated by default. At least one
2557+ <code>--with-suexec-xxxxx</code> option has to be provided
2558+ together with the <code>--enable-suexec</code> option to let
2559+ APACI accept your request for using the suEXEC feature.</dd>
2560+
2561+ <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
2562+
2563+ <dd>The path to the <code>suexec</code> binary must be hard-coded
2564+ in the server for security reasons. Use this option to override
2565+ the default path. <em>e.g.</em>
2566+ <code>--with-suexec-bin=/usr/sbin/suexec</code></dd>
2567+
2568+ <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
2569+
2570+ <dd>The <a href="mod/mpm_common.html#user">username</a> under which
2571+ httpd normally runs. This is the only user allowed to
2572+ execute the suEXEC wrapper.</dd>
2573+
2574+ <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
2575+
2576+ <dd>Define to be the subdirectory under users' home
2577+ directories where suEXEC access should be allowed. All
2578+ executables under this directory will be executable by suEXEC
2579+ as the user so they should be "safe" programs. If you are
2580+ using a "simple" <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>
2581+ directive (ie. one without a "*" in it) this should be set to the same
2582+ value. suEXEC will not work properly in cases where the <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> directive points to
2583+ a location that is not the same as the user's home directory
2584+ as referenced in the <code>passwd</code> file. Default value is
2585+ "<code>public_html</code>".<br />
2586+ If you have virtual hosts with a different <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> for each,
2587+ you will need to define them to all reside in one parent
2588+ directory; then name that parent directory here. <strong>If
2589+ this is not defined properly, "~userdir" cgi requests will
2590+ not work!</strong></dd>
2591+
2592+ <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
2593+
2594+ <dd>Define as the DocumentRoot set for httpd. This will be
2595+ the only hierarchy (aside from <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>s) that can be used for suEXEC behavior. The
2596+ default directory is the <code>--datadir</code> value with the suffix
2597+ "<code>/htdocs</code>", <em>e.g.</em> if you configure with
2598+ "<code>--datadir=/home/apache</code>" the directory
2599+ "<code>/home/apache/htdocs</code>" is used as document root for the
2600+ suEXEC wrapper.</dd>
2601+
2602+ <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
2603+
2604+ <dd>Define this as the lowest UID allowed to be a target user
2605+ for suEXEC. For most systems, 500 or 100 is common. Default
2606+ value is 100.</dd>
2607+
2608+ <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
2609+
2610+ <dd>Define this as the lowest GID allowed to be a target
2611+ group for suEXEC. For most systems, 100 is common and
2612+ therefore used as default value.</dd>
2613+
2614+ <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
2615+
2616+ <dd>This defines the filename to which all suEXEC
2617+ transactions and errors are logged (useful for auditing and
2618+ debugging purposes). By default the logfile is named
2619+ "<code>suexec_log</code>" and located in your standard logfile
2620+ directory (<code>--logfiledir</code>).</dd>
2621+
2622+ <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
2623+
2624+ <dd>Define a safe PATH environment to pass to CGI
2625+ executables. Default value is
2626+ "<code>/usr/local/bin:/usr/bin:/bin</code>".</dd>
2627+ </dl>
2628+
2629+ <h3>Compiling and installing the suEXEC wrapper</h3>
2630+
2631+
2632+ <p>If you have enabled the suEXEC feature with the
2633+ <code>--enable-suexec</code> option the <code>suexec</code> binary
2634+ (together with httpd itself) is automatically built if you execute
2635+ the <code>make</code> command.</p>
2636+
2637+ <p>After all components have been built you can execute the
2638+ command <code>make install</code> to install them. The binary image
2639+ <code>suexec</code> is installed in the directory defined by the
2640+ <code>--sbindir</code> option. The default location is
2641+ "/usr/local/apache2/bin/suexec".</p>
2642+
2643+ <p>Please note that you need <strong><em>root
2644+ privileges</em></strong> for the installation step. In order
2645+ for the wrapper to set the user ID, it must be installed as
2646+ owner <code><em>root</em></code> and must have the setuserid
2647+ execution bit set for file modes.</p>
2648+
2649+
2650+ <h3>Setting paranoid permissions</h3>
2651+
2652+
2653+ <p>Although the suEXEC wrapper will check to ensure that its
2654+ caller is the correct user as specified with the
2655+ <code>--with-suexec-caller</code> <code class="program"><a href="./programs/configure.html">configure</a></code>
2656+ option, there is
2657+ always the possibility that a system or library call suEXEC uses
2658+ before this check may be exploitable on your system. To counter
2659+ this, and because it is best-practise in general, you should use
2660+ filesystem permissions to ensure that only the group httpd
2661+ runs as may execute suEXEC.</p>
2662+
2663+ <p>If for example, your web server is configured to run as:</p>
2664+
2665+ <pre class="prettyprint lang-config">User www
2666+Group webgroup</pre>
2667+
2668+
2669+ <p>and <code class="program"><a href="./programs/suexec.html">suexec</a></code> is installed at
2670+ "/usr/local/apache2/bin/suexec", you should run:</p>
2671+
2672+ <div class="example"><p><code>
2673+ chgrp webgroup /usr/local/apache2/bin/suexec<br />
2674+ chmod 4750 /usr/local/apache2/bin/suexec<br />
2675+ </code></p></div>
2676+
2677+ <p>This will ensure that only the group httpd runs as can even
2678+ execute the suEXEC wrapper.</p>
2679+
2680+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2681+<div class="section">
2682+<h2><a name="enable" id="enable">Enabling &amp; Disabling
2683+ suEXEC</a></h2>
2684+
2685+ <p>Upon startup of httpd, it looks for the file
2686+ <code class="program"><a href="./programs/suexec.html">suexec</a></code> in the directory defined by the
2687+ <code>--sbindir</code> option (default is
2688+ "/usr/local/apache/sbin/suexec"). If httpd finds a properly
2689+ configured suEXEC wrapper, it will print the following message
2690+ to the error log:</p>
2691+
2692+<div class="example"><p><code>
2693+ [notice] suEXEC mechanism enabled (wrapper: <var>/path/to/suexec</var>)
2694+</code></p></div>
2695+
2696+ <p>If you don't see this message at server startup, the server is
2697+ most likely not finding the wrapper program where it expects
2698+ it, or the executable is not installed <em>setuid root</em>.</p>
2699+
2700+ <p>If you want to enable the suEXEC mechanism for the first time
2701+ and an Apache HTTP Server is already running you must kill and
2702+ restart httpd. Restarting it with a simple HUP or USR1 signal
2703+ will not be enough. </p>
2704+ <p>If you want to disable suEXEC you should kill and restart
2705+ httpd after you have removed the <code class="program"><a href="./programs/suexec.html">suexec</a></code> file.</p>
2706+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2707+<div class="section">
2708+<h2><a name="usage" id="usage">Using suEXEC</a></h2>
2709+
2710+ <p>Requests for CGI programs will call the suEXEC wrapper only if
2711+ they are for a virtual host containing a <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> directive or if
2712+ they are processed by <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code>.</p>
2713+
2714+ <p><strong>Virtual Hosts:</strong><br /> One way to use the suEXEC
2715+ wrapper is through the <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> directive in
2716+ <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> definitions. By
2717+ setting this directive to values different from the main server
2718+ user ID, all requests for CGI resources will be executed as the
2719+ <em>User</em> and <em>Group</em> defined for that <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>. If this
2720+ directive is not specified for a <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code> then the main server userid
2721+ is assumed.</p>
2722+
2723+ <p><strong>User directories:</strong><br /> Requests that are
2724+ processed by <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> will call the suEXEC
2725+ wrapper to execute CGI programs under the userid of the requested
2726+ user directory. The only requirement needed for this feature to
2727+ work is for CGI execution to be enabled for the user and that the
2728+ script must meet the scrutiny of the <a href="#model">security
2729+ checks</a> above. See also the
2730+ <code>--with-suexec-userdir</code> <a href="#install">compile
2731+ time option</a>.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2732+<div class="section">
2733+<h2><a name="debug" id="debug">Debugging suEXEC</a></h2>
2734+
2735+ <p>The suEXEC wrapper will write log information
2736+ to the file defined with the <code>--with-suexec-logfile</code>
2737+ option as indicated above. If you feel you have configured and
2738+ installed the wrapper properly, have a look at this log and the
2739+ error_log for the server to see where you may have gone astray.</p>
2740+
2741+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2742+<div class="section">
2743+<h2><a name="jabberwock" id="jabberwock">Beware the Jabberwock:
2744+ Warnings &amp; Examples</a></h2>
2745+
2746+ <p><strong>NOTE!</strong> This section may not be
2747+ complete. For the latest revision of this section of the
2748+ documentation, see the <a href="http://httpd.apache.org/docs/2.4/suexec.html">Online
2749+ Documentation</a> version.</p>
2750+
2751+ <p>There are a few points of interest regarding
2752+ the wrapper that can cause limitations on server setup. Please
2753+ review these before submitting any "bugs" regarding suEXEC.</p>
2754+
2755+ <ul>
2756+ <li><strong>suEXEC Points Of Interest</strong></li>
2757+
2758+ <li>
2759+ Hierarchy limitations
2760+
2761+ <p class="indent">
2762+ For security and efficiency reasons, all suEXEC requests
2763+ must remain within either a top-level document root for
2764+ virtual host requests, or one top-level personal document
2765+ root for userdir requests. For example, if you have four
2766+ VirtualHosts configured, you would need to structure all
2767+ of your VHosts' document roots off of one main httpd
2768+ document hierarchy to take advantage of suEXEC for
2769+ VirtualHosts. (Example forthcoming.)
2770+ </p>
2771+ </li>
2772+
2773+ <li>
2774+ suEXEC's PATH environment variable
2775+
2776+ <p class="indent">
2777+ This can be a dangerous thing to change. Make certain
2778+ every path you include in this define is a
2779+ <strong>trusted</strong> directory. You don't want to
2780+ open people up to having someone from across the world
2781+ running a trojan horse on them.
2782+ </p>
2783+ </li>
2784+
2785+ <li>
2786+ Altering the suEXEC code
2787+
2788+ <p class="indent">
2789+ Again, this can cause <strong>Big Trouble</strong> if you
2790+ try this without knowing what you are doing. Stay away
2791+ from it if at all possible.
2792+ </p>
2793+ </li>
2794+ </ul>
2795+
2796+</div></div>
2797+<div class="bottomlang">
2798+<p><span>Available Languages: </span><a href="./en/suexec.html" title="English">&nbsp;en&nbsp;</a> |
2799+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |
2800+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
2801+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
2802+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e">&nbsp;tr&nbsp;</a></p>
2803+</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
2804+<script type="text/javascript"><!--//--><![CDATA[//><!--
2805+var comments_shortname = 'httpd';
2806+var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html';
2807+(function(w, d) {
2808+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
2809+ d.write('<div id="comments_thread"><\/div>');
2810+ var s = d.createElement('script');
2811+ s.type = 'text/javascript';
2812+ s.async = true;
2813+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
2814+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
2815+ }
2816+ else {
2817+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
2818+ }
2819+})(window, document);
2820+//--><!]]></script></div><div id="footer">
2821+<p class="apache">Copyright 2017 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
2822+<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
2823+if (typeof(prettyPrint) !== 'undefined') {
2824+ prettyPrint();
2825+}
2826+//--><!]]></script>
2827+</body></html>
2828\ No newline at end of file
2829diff --git a/docs/manual/suexec.html.fr b/docs/manual/suexec.html.fr
2830new file mode 100644
2831index 0000000..02aa50c
2832--- /dev/null
2833+++ b/docs/manual/suexec.html.fr
2834@@ -0,0 +1,689 @@
2835+<?xml version="1.0" encoding="ISO-8859-1"?>
2836+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
2837+<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head>
2838+<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
2839+<!--
2840+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2841+ This file is generated from xml source: DO NOT EDIT
2842+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2843+ -->
2844+<title>Support suEXEC - Serveur Apache HTTP Version 2.4</title>
2845+<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
2846+<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
2847+<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
2848+<script src="./style/scripts/prettify.min.js" type="text/javascript">
2849+</script>
2850+
2851+<link href="./images/favicon.ico" rel="shortcut icon" /></head>
2852+<body id="manual-page"><div id="page-header">
2853+<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossaire</a> | <a href="./sitemap.html">Plan du site</a></p>
2854+<p class="apache">Serveur Apache HTTP Version 2.4</p>
2855+<img alt="" src="./images/feather.png" /></div>
2856+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="./images/left.gif" /></a></div>
2857+<div id="path">
2858+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">Serveur HTTP</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Support suEXEC</h1>
2859+<div class="toplang">
2860+<p><span>Langues Disponibles: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
2861+<a href="./fr/suexec.html" title="Fran�ais">&nbsp;fr&nbsp;</a> |
2862+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
2863+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
2864+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e">&nbsp;tr&nbsp;</a></p>
2865+</div>
2866+
2867+ <p>La fonctionnalit� <strong>suEXEC</strong> permet
2868+ l'ex�cution des programmes <strong>CGI</strong> et
2869+ <strong>SSI</strong> sous un utilisateur autre que celui sous
2870+ lequel s'ex�cute le serveur web qui appelle ces programmes.
2871+ Normalement, lorsqu'un programme CGI ou SSI est lanc�, il
2872+ s'ex�cute sous le m�me utilisateur que celui du serveur web qui
2873+ l'appelle.</p>
2874+
2875+ <p>Utilis�e de mani�re appropri�e, cette fonctionnalit� peut
2876+ r�duire consid�rablement les risques de s�curit� encourus
2877+ lorsqu'on autorise les utilisateurs � d�velopper et faire
2878+ s'ex�cuter des programmes CGI ou SSI de leur cru. Cependant, mal
2879+ configur�, suEXEC peut causer de nombreux probl�mes et m�me cr�er
2880+ de nouvelles failles dans la s�curit� de votre ordinateur. Si
2881+ vous n'�tes pas familier avec la gestion des programmes
2882+ <em>setuid root</em> et les risques de s�curit� qu'ils comportent,
2883+ nous vous recommandons vivement de ne pas tenter
2884+ d'utiliser suEXEC.</p>
2885+ </div>
2886+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">Avant de commencer</a></li>
2887+<li><img alt="" src="./images/down.gif" /> <a href="#model">Mod�le de s�curit� de suEXEC</a></li>
2888+<li><img alt="" src="./images/down.gif" /> <a href="#install">Configurer et installer suEXEC</a></li>
2889+<li><img alt="" src="./images/down.gif" /> <a href="#enable">Activation et d�sactivation
2890+de suEXEC</a></li>
2891+<li><img alt="" src="./images/down.gif" /> <a href="#usage">Utilisation de suEXEC</a></li>
2892+<li><img alt="" src="./images/down.gif" /> <a href="#debug">D�bogage de suEXEC</a></li>
2893+<li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">Avis � la population !
2894+ Avertissements et exemples</a></li>
2895+</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div>
2896+<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2897+<div class="section">
2898+<h2><a name="before" id="before">Avant de commencer</a></h2>
2899+
2900+ <p>Avant de foncer t�te baiss�e dans la lecture de ce document,
2901+ vous devez tenir compte de certaines hypoth�ses concernant vous-m�me
2902+ et l'environnement dans lequel vous allez utiliser suexec.</p>
2903+
2904+ <p>Premi�rement, vous devez utiliser un syst�me d'exploitation
2905+ UNIX ou d�riv�, capable d'effectuer des op�rations
2906+ <strong>setuid</strong> et <strong>setgid</strong>. Tous les
2907+ exemples de commande sont donn�s en cons�quence. D'autres
2908+ plates-formes, m�me si elles supportent suEXEC, peuvent
2909+ avoir une configuration diff�rente.</p>
2910+
2911+ <p>Deuxi�mement, vous devez �tre familier avec les concepts de base
2912+ relatifs � la s�curit� de votre ordinateur et son administration.
2913+ Ceci implique la compr�hension des op�rations
2914+ <strong>setuid/setgid</strong> et des diff�rents effets qu'elles
2915+ peuvent produire sur votre syst�me et son niveau de s�curit�.</p>
2916+
2917+ <p>Troisi�mement, vous devez utiliser une version
2918+ <strong>non modifi�e</strong> du code de suEXEC. L'ensemble du
2919+ code de suEXEC a �t� scrut� et test� avec soin par les d�veloppeurs
2920+ et de nombreux b�ta testeurs. Toutes les pr�cautions ont �t� prises
2921+ pour s'assurer d'une base s�re de code non seulement simple, mais
2922+ aussi solide. La modification de ce code peut causer des probl�mes
2923+ inattendus et de nouveaux risques de s�curit�. Il est
2924+ <strong>vivement</strong> recommand� de ne pas modifier le code de
2925+ suEXEC, � moins que vous ne soyez un programmeur sp�cialiste des
2926+ particularit�s li�es � la s�curit�, et souhaitez partager votre
2927+ travail avec l'�quipe de d�veloppement du serveur HTTP Apache afin
2928+ de pouvoir en discuter.</p>
2929+
2930+ <p>Quatri�mement et derni�rement, l'�quipe de d�veloppement du
2931+ serveur HTTP Apache a d�cid� de ne
2932+ <strong>PAS</strong> inclure suEXEC dans l'installation par d�faut
2933+ d'Apache httpd. Pour pouvoir mettre en oeuvre suEXEC, l'administrateur
2934+ doit porter la plus grande attention aux d�tails. Apr�s avoir bien
2935+ r�fl�chi aux diff�rents points de la configuration de suEXEC,
2936+ l'administrateur peut l'installer selon les m�thodes classiques.
2937+ Les valeurs des param�tres de configuration doivent �tre
2938+ d�termin�es et sp�cifi�es avec soin par l'administrateur, afin de
2939+ maintenir la s�curit� du syst�me de mani�re appropri�e lors de
2940+ l'utilisation de la fonctionnalit� suEXEC. C'est par le biais de
2941+ ce processus minutieux que nous esp�rons r�server
2942+ l'installation de suEXEC aux administrateurs prudents et
2943+ suffisamment d�termin�s � vouloir l'utiliser.</p>
2944+
2945+ <p>Vous �tes encore avec nous ? Oui ? Bien.
2946+ Alors nous pouvons continuer !</p>
2947+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
2948+<div class="section">
2949+<h2><a name="model" id="model">Mod�le de s�curit� de suEXEC</a></h2>
2950+
2951+ <p>Avant d'installer et configurer suEXEC, nous allons tout d'abord
2952+ d�crire le mod�le de s�curit� que vous �tes sur le point
2953+ d'impl�menter. Vous devriez ainsi mieux comprendre ce qui se passe
2954+ vraiment � l'int�rieur de suEXEC et quelles pr�cautions ont �t�
2955+ prises pour pr�server la s�curit� de votre syst�me.</p>
2956+
2957+ <p><strong>suEXEC</strong> est bas� sur un programme "conteneur"
2958+ (wrapper) setuid qui est appel� par le serveur HTTP Apache principal.
2959+ Ce conteneur est appel� quand une requ�te HTTP concerne
2960+ un programme CGI ou SSI que l'administrateur
2961+ a d�cid� de faire s'ex�cuter
2962+ sous un utilisateur autre que celui du serveur principal.
2963+ Lorsqu'il re�oit une telle requ�te, Apache httpd fournit au conteneur
2964+ suEXEC le nom du programme, ainsi que les identifiants utilisateur
2965+ et groupe sous lesquels le programme doit s'ex�cuter.</p>
2966+
2967+ <p>Le conteneur effectue ensuite les v�rifications suivantes afin
2968+ de d�terminer la r�ussite ou l'�chec du processus -- si une seule
2969+ de ces conditions n'est pas v�rifi�e, le programme journalise
2970+ l'erreur et se termine en retournant un code d'erreur, sinon il
2971+ continue :</p>
2972+
2973+ <ol>
2974+ <li>
2975+ <strong>L'utilisateur qui ex�cute le conteneur est-il un
2976+ utilisateur valide de ce syst�me ?</strong>
2977+
2978+ <p class="indent">
2979+ Ceci permet de s'assurer que l'utilisateur qui ex�cute le
2980+ conteneur est vraiment un utilisateur appartenant au syst�me.
2981+ </p>
2982+ </li>
2983+
2984+ <li>
2985+ <strong>Le conteneur a-t-il �t� appel� avec un nombre
2986+ d'arguments correct ?</strong>
2987+
2988+ <p class="indent">
2989+ Le conteneur ne s'ex�cutera que si on lui fournit un nombre
2990+ d'arguments correct. Le serveur HTTP apache sait quel est le
2991+ bon format des arguments. Si le conteneur ne re�oit pas un
2992+ nombre d'arguments correct, soit il a �t� modifi�,
2993+ soit quelque chose ne va pas dans la portion suEXEC de
2994+ votre binaire Apache httpd.
2995+ </p>
2996+ </li>
2997+
2998+ <li>
2999+ <strong>Cet utilisateur valide est-il autoris� � ex�cuter le
3000+ conteneur ?</strong>
3001+
3002+ <p class="indent">
3003+ Cet utilisateur est-il celui autoris� � ex�cuter le
3004+ conteneur ? Un seul utilisateur (celui d'Apache) est
3005+ autoris� � ex�cuter ce programme.
3006+ </p>
3007+ </li>
3008+
3009+ <li>
3010+ <strong>Le chemin du programme CGI ou SSI cible est-il
3011+ non s�r ?</strong>
3012+
3013+ <p class="indent">
3014+ Le chemin du programme CGI ou SSI cible d�bute-t-il par un
3015+ '/' ou contient-il une r�f�rence arri�re '..' ? Ceci est
3016+ interdit ; le programme CGI ou SSI cible doit se trouver dans
3017+ la hi�rarchie de la racine des documents de suEXEC (voir
3018+ <code>--with-suexec-docroot=<em>DIR</em></code> ci-dessous).
3019+ </p>
3020+ </li>
3021+
3022+ <li>
3023+ <strong>Le nom utilisateur cible est-il valide ?</strong>
3024+
3025+ <p class="indent">
3026+ L'utilisateur cible existe-t-il ?
3027+ </p>
3028+ </li>
3029+
3030+ <li>
3031+ <strong>Le nom du groupe cible est-il valide ?</strong>
3032+
3033+ <p class="indent">
3034+ Le groupe cible existe-t-il ?
3035+ </p>
3036+ </li>
3037+
3038+ <li>
3039+ <strong>L'utilisateur cible n'est-il <em>PAS</em>
3040+ superutilisateur ?</strong>
3041+
3042+
3043+ <p class="indent">
3044+ suEXEc ne permet pas �
3045+ <code><em>root</em></code> d'ex�cuter des programmes CGI/SSI.
3046+ </p>
3047+ </li>
3048+
3049+ <li>
3050+ <strong>Le num�ro de l'identifiant de l'utilisateur cible
3051+ est-il <em>SUPERIEUR</em> au num�ro d'identifiant
3052+ minimum ?</strong>
3053+
3054+ <p class="indent">
3055+ Le num�ro d'identifiant utilisateur minimum est d�fini �
3056+ l'ex�cution du script configure. Ceci vous permet de d�finir
3057+ le num�ro d'identifiant utilisateur le plus bas qui sera
3058+ autoris� � �x�cuter des programmes CGI/SSI. En particulier,
3059+ cela permet d'�carter les comptes syst�me.
3060+ </p>
3061+ </li>
3062+
3063+ <li>
3064+ <strong>Le groupe cible n'est-il <em>PAS</em> le groupe
3065+ superutilisateur ?</strong>
3066+
3067+ <p class="indent">
3068+ Actuellement, suEXEC ne permet pas au groupe
3069+ <code><em>root</em></code> d'ex�cuter des programmes CGI/SSI.
3070+ </p>
3071+ </li>
3072+
3073+ <li>
3074+ <strong> Le num�ro d'identifiant du groupe cible est-il
3075+ <em>SUPERIEUR</em> au num�ro d'identifiant minimum ?</strong>
3076+
3077+ <p class="indent">
3078+ Le num�ro d'identifiant de groupe minimum est sp�cifi� lors
3079+ de l'ex�cution du script configure. Ceci vous permet de
3080+ d�finir l'identifiant de groupe le plus bas possible qui sera
3081+ autoris� � ex�cuter des programmes CGI/SSI, et est
3082+ particuli�rement utile pour �carter les groupes "syst�me".
3083+ </p>
3084+ </li>
3085+
3086+ <li>
3087+ <strong>Le conteneur peut-il obtenir avec succ�s l'identit�
3088+ des utilisateur et groupe cibles ?</strong>
3089+
3090+ <p class="indent">
3091+ C'est ici que le programme obtient l'identit� des utilisateur
3092+ et groupe cibles via des appels � setuid et setgid. De m�me,
3093+ la liste des acc�s groupe est initialis�e avec tous les
3094+ groupes auxquels l'utilisateur cible appartient.
3095+ </p>
3096+ </li>
3097+
3098+ <li>
3099+ <strong>Peut-on se positionner dans le r�pertoire dans dequel
3100+ sont situ�s les programmes CGI/SSI ?</strong>
3101+
3102+ <p class="indent">
3103+ S'il n'existe pas, il ne peut pas contenir de fichier. Et si
3104+ l'on ne peut pas s'y positionner, il n'existe probablement
3105+ pas.
3106+ </p>
3107+ </li>
3108+
3109+ <li>
3110+ <strong>Le r�pertoire est-il dans l'espace web
3111+ de httpd ?</strong>
3112+
3113+ <p class="indent">
3114+ Si la requ�te concerne une portion de la racine du serveur,
3115+ le r�pertoire demand� est-il dans la hi�rarchie de la racine
3116+ des documents de suEXEC ? Si la requ�te concerne un
3117+ <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>, le r�pertoire demand� est-il dans
3118+ la hi�rarchie du r�pertoire d�fini comme le r�pertoire
3119+ utilisateur de suEXEC (voir les
3120+ <a href="#install">options de configuration de suEXEC</a>) ?
3121+ </p>
3122+ </li>
3123+
3124+ <li>
3125+ <strong>L'�criture dans le r�pertoire est-elle interdite pour
3126+ un utilisateur autre que le propri�taire </strong>
3127+
3128+ <p class="indent">
3129+ Le r�pertoire ne doit pas �tre ouvert aux autres
3130+ utilisateurs ; seul l'utilisateur propri�taire doit pouvoir
3131+ modifier le contenu du r�pertoire.
3132+ </p>
3133+ </li>
3134+
3135+ <li>
3136+ <strong>Le programme CGI/SSI cible existe-t-il ?</strong>
3137+
3138+ <p class="indent">
3139+ S'il n'existe pas, il ne peut pas �tre ex�cut�.
3140+ </p>
3141+ </li>
3142+
3143+ <li>
3144+ <strong>Les utilisateurs autres que le propri�taire n'ont-ils
3145+ <em>PAS</em> de droits en �criture sur le programme
3146+ CGI/SSI ?</strong>
3147+
3148+ <p class="indent">
3149+ Les utilisateurs autres que le propri�taire ne doivent pas
3150+ pouvoir modifier le programme CGI/SSI.
3151+ </p>
3152+ </li>
3153+
3154+ <li>
3155+ <strong>Le programme CGI/SSI n'est-il <em>PAS</em> setuid ou
3156+ setgid ?</strong>
3157+
3158+ <p class="indent">
3159+ Les programmes cibles ne doivent pas pouvoir modifier �
3160+ nouveau les identifiants utilisateur/groupe.
3161+ </p>
3162+ </li>
3163+
3164+ <li>
3165+ <strong>Le couple utilisateur/groupe cible est-il le m�me que
3166+ celui du programme ?</strong>
3167+
3168+ <p class="indent">
3169+ L'utilisateur est-il le propri�taire du fichier ?
3170+ </p>
3171+ </li>
3172+
3173+ <li>
3174+ <strong>Peut-on nettoyer avec succ�s l'environnement des
3175+ processus afin de garantir la s�ret� des op�rations ?</strong>
3176+
3177+ <p class="indent">
3178+ suExec nettoie l'environnement des processus en �tablissant
3179+ un chemin d'ex�cution s�r (d�fini lors de la configuration),
3180+ et en ne passant que les variables dont les noms font partie
3181+ de la liste de l'environnement s�r (cr��e de m�me lors de la
3182+ configuration).
3183+ </p>
3184+ </li>
3185+
3186+ <li>
3187+ <strong>Le conteneur peut-il avec succ�s se substituer au
3188+ programme CGI/SSI cible et s'ex�cuter ?</strong>
3189+
3190+ <p class="indent">
3191+ C'est l� o� l'ex�cution de suEXEC s'arr�te et o� commence
3192+ celle du programme CGI/ssi cible.
3193+ </p>
3194+ </li>
3195+ </ol>
3196+
3197+ <p>Ce sont les op�rations standards effectu�es par le mod�le de
3198+ s�curit� du conteneur suEXEC. Il peut para�tre strict et est
3199+ susceptible d'imposer de nouvelles limitations et orientations
3200+ dans la conception des programmes CGI/SSI, mais il a �t� d�velopp�
3201+ avec le plus grand soin, �tape par �tape, en se focalisant sur
3202+ la s�curit�.</p>
3203+
3204+ <p>Pour plus d'informations sur la mesure dans laquelle ce mod�le
3205+ de s�curit� peut limiter vos possibilit�s au regard de la
3206+ configuration du serveur, ainsi que les risques de s�curit� qui
3207+ peuvent �tre �vit�s gr�ce � une configuration appropri�e de suEXEC,
3208+ se r�f�rer � la section <a href="#jabberwock">"Avis � la population !"</a> de ce document.</p>
3209+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3210+<div class="section">
3211+<h2><a name="install" id="install">Configurer et installer suEXEC</a></h2>
3212+
3213+ <p>C'est ici que nous entrons dans le vif du sujet.</p>
3214+
3215+ <p><strong>Options de configuration de suEXEC</strong><br />
3216+ </p>
3217+
3218+ <dl>
3219+ <dt><code>--enable-suexec</code></dt>
3220+
3221+ <dd>Cette option active la fonctionnalit� suEXEC qui n'est
3222+ jamais install�e ou activ�e par d�faut. Au moins une option
3223+ <code>--with-suexec-xxxxx</code> doit accompagner l'option
3224+ <code>--enable-suexec</code> pour qu'APACI (l'utilitaire de
3225+ configuration de la compilation d'Apache) accepte votre demande
3226+ d'utilisation de la fonctionnalit� suEXEC.</dd>
3227+
3228+ <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
3229+
3230+ <dd>Le chemin du binaire <code>suexec</code> doit �tre cod� en
3231+ dur dans le serveur pour des raisons de s�curit�. Cette option
3232+ vous permet de modifier le chemin par d�faut.
3233+ <em>Par exemple</em>
3234+ <code>--with-suexec-bin=/usr/sbin/suexec</code></dd>
3235+
3236+ <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
3237+
3238+ <dd>L'<a href="mod/mpm_common.html#user">utilisateur</a> sous
3239+ lequel httpd s'ex�cute habituellement. C'est le seul utilisateur
3240+ autoris� � ex�cuter le wrapper suEXEC.</dd>
3241+
3242+ <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
3243+
3244+ <dd>Cette option d�finit le sous-r�pertoire de la hi�rarchie des
3245+ r�pertoires utilisateurs dans lequel l'utilisation
3246+ de suEXEC sera autoris�e. Tous les ex�cutables situ�s dans ce
3247+ r�pertoire seront ex�cutables par suEXEC sous l'utilisateur
3248+ cible ; ces programmes doivent donc �tre s�rs. Si vous utilisez
3249+ une directive <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>
3250+ "simple" (c'est � dire ne contenant pas de
3251+ "*"), l'option --with-suexec-userdir
3252+ devra contenir la m�me valeur. SuEXEC ne fonctionnera pas
3253+ correctement si la directive <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> contient une valeur
3254+ diff�rente du r�pertoire home de l'utilisateur tel qu'il est
3255+ d�fini dans le fichier <code>passwd</code>. la valeur par d�faut
3256+ est "<code>public_html</code>".<br />
3257+ Si vous avez plusieurs h�tes virtuels avec une directive
3258+ <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> diff�rente
3259+ pour chacun d'entre eux, vous devrez faire en sorte que chaque
3260+ UserDir poss�de un r�pertoire parent commun ; donnez alors �
3261+ l'option --with-suexec-userdir le nom
3262+ de ce r�pertoire commun. <strong>Si tout ceci n'est pas d�fini
3263+ correctement, les requ�tes CGI "~userdir" ne fonctionneront
3264+ pas !</strong></dd>
3265+
3266+ <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
3267+
3268+ <dd>Cette option fonctionne comme la directive DocumentRoot pour
3269+ httpd. Il s'agit de la seule hi�rarchie (en dehors des directives
3270+ <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>) dans laquelle la fonctionnalit� suEXEC
3271+ pourra �tre utilis�e. La valeur par d�faut est la valeur de
3272+ <code>--datadir</code> accompagn�e du suffixe
3273+ "<code>/htdocs</code>" ;
3274+ <em>Par exemple</em>, si vous ex�cutez configure avec
3275+ "<code>--datadir=/home/apache</code>", la valeur
3276+ "<code>/home/apache/htdocs</code>" sera utilis�e par d�faut comme
3277+ racine des documents pour le conteneur suEXEC.</dd>
3278+
3279+ <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
3280+
3281+ <dd>Cette option d�finit l'identifiant utilisateur le plus bas
3282+ avec lequel un utilisateur pourra �tre la cible de
3283+ suEXEC. 500 ou 100 sont des valeurs courantes sur la plupart des
3284+ syst�mes. la valeur par d�faut est 100.</dd>
3285+
3286+ <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
3287+
3288+ <dd>Cette option d�finit l'identifiant de groupe le plus bas
3289+ avec lequel un utilisateur pourra �tre la cible de
3290+ suEXEC. 100 est une valeur courante sur la plupart des
3291+ syst�mes et est par cons�quent la valeur par d�faut.</dd>
3292+
3293+ <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
3294+
3295+ <dd>Cette option permet de d�finir le fichier dans lequel
3296+ toutes les transactions et erreurs de suEXEC seront journalis�es
3297+ (� des fins d'analyse ou de d�bogage). Par d�faut, le fichier
3298+ journal se nomme "<code>suexec_log</code>" et se trouve dans votre
3299+ r�pertoire standard des fichiers journaux d�fini par
3300+ <code>--logfiledir</code></dd>
3301+
3302+ <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
3303+
3304+ <dd>Cette option permet de d�finir une variable d'environnement
3305+ PATH s�re � passer aux ex�cutables CGI. La valeur par d�faut
3306+ est "<code>/usr/local/bin:/usr/bin:/bin</code>".</dd>
3307+ </dl>
3308+
3309+ <h3>Compilation et installation du conteneur suEXEC</h3>
3310+
3311+
3312+ <p>Si vous avez activ� la fonctionnalit� suEXEC � l'aide de
3313+ l'option <code>--enable-suexec</code>, le binaire
3314+ <code>suexec</code> sera automatiquement construit (en m�me temps
3315+ que httpd) lorsque vous ex�cuterez la commande
3316+ <code>make</code>.</p>
3317+
3318+ <p>Lorsque tous les composants auront �t� construits, vous pourrez
3319+ ex�cuter la commande <code>make install</code> afin de les
3320+ installer. Le binaire <code>suexec</code> sera install� dans le
3321+ r�pertoire d�fini � l'aide de l'option <code>--sbindir</code>. La
3322+ localisation par d�faut est "/usr/local/apache2/bin/suexec".</p>
3323+ <p>Veuillez noter que vous aurez besoin des
3324+ <strong><em>privil�ges root</em></strong> pour passer l'�tape de
3325+ l'installation. Pour que le conteneur puisse changer
3326+ l'identifiant utilisateur, il doit avoir comme propri�taire
3327+ <code><em>root</em></code>, et les droits du fichier doivent
3328+ inclure le bit d'ex�cution setuserid.</p>
3329+
3330+
3331+ <h3>&gt;Mise en place de permissions pour
3332+ parano�aque</h3>
3333+
3334+ <p>Bien que le conteneur suEXEC v�rifie que l'utilisateur qui
3335+ l'appelle correspond bien � l'utilisateur sp�cifi� � l'aide de
3336+ l'option <code>--with-suexec-caller</code> du programme
3337+ <code class="program"><a href="./programs/configure.html">configure</a></code>, il subsiste toujours le risque qu'un
3338+ appel syst�me ou une biblioth�que fasse appel � suEXEC avant que
3339+ cette v�rification ne soit exploitable sur votre syst�me. Pour
3340+ tenir compte de ceci, et parce que c'est en g�n�ral la meilleure
3341+ pratique, vous devez utiliser les permissions du syst�me de
3342+ fichiers afin de vous assurer que seul le groupe sous lequel
3343+ s'ex�cute httpd puisse faire appel � suEXEC.</p>
3344+
3345+ <p>Si, par exemple, votre serveur web est configur� pour
3346+ s'ex�cuter en tant que :</p>
3347+
3348+<pre class="prettyprint lang-config">User www
3349+Group webgroup</pre>
3350+
3351+
3352+ <p>et <code class="program"><a href="./programs/suexec.html">suexec</a></code> se trouve �
3353+ "/usr/local/apache2/bin/suexec", vous devez ex�cuter les
3354+ commandes</p>
3355+
3356+<div class="example"><p><code>
3357+ chgrp webgroup /usr/local/apache2/bin/suexec<br />
3358+ chmod 4750 /usr/local/apache2/bin/suexec<br />
3359+</code></p></div>
3360+
3361+ <p>Ceci permet de s'assurer que seul le groupe sous lequel httpd
3362+ s'ex�cute (ici webgroup) puisse faire appel au conteneur
3363+ suEXEC.</p>
3364+
3365+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3366+<div class="section">
3367+<h2><a name="enable" id="enable">Activation et d�sactivation
3368+de suEXEC</a></h2>
3369+
3370+ <p>Au d�marrage, httpd v�rifie la pr�sence du fichier
3371+ <code class="program"><a href="./programs/suexec.html">suexec</a></code> dans le r�pertoire d�fini par
3372+ l'option <code>--sbindir</code> du script configure (le
3373+ r�pertoire par d�faut est "/usr/local/apache/sbin/suexec"). Si
3374+ httpd trouve un conteneur suEXEC correctement configur�, il
3375+ enregistrera le message suivant dans le journal des erreurs :</p>
3376+
3377+<div class="example"><p><code>
3378+ [notice] suEXEC mechanism enabled (wrapper: <var>/path/to/suexec</var>)
3379+</code></p></div>
3380+
3381+ <p>Si ce message n'est pas g�n�r� au d�marrage du serveur, ce
3382+ dernier ne trouve probablement pas le programme conteneur �
3383+ l'endroit o� il est sens� �tre, ou l'ex�cutable suexec n'est pas
3384+ install� en <em>setuid root</em>.</p>
3385+
3386+ <p>Si le serveur HTTP Apache est d�j� en cours d'ex�cution, et si
3387+ vous activez le m�canisme suEXEC pour la premi�re fois, vous
3388+ devez arr�ter et red�marrer httpd. Un red�marrage
3389+ � l'aide d'un simple signal HUP ou USR1 suffira. </p>
3390+ <p>Pour d�sactiver suEXEC, vous devez supprimer le fichier
3391+ <code class="program"><a href="./programs/suexec.html">suexec</a></code>, puis arr�ter et red�marrer
3392+ httpd.</p>
3393+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3394+<div class="section">
3395+<h2><a name="usage" id="usage">Utilisation de suEXEC</a></h2>
3396+
3397+ <p>Les requ�tes pour des programmes CGI ne feront appel au
3398+ conteneur suEXEC que si elles concernent un h�te virtuel
3399+ contenant une directive <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code>, ou si elles sont
3400+ trait�es par <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code>.</p>
3401+
3402+ <p><strong>H�tes virtuels :</strong><br /> Une des m�thodes
3403+ d'utilisation du conteneur suEXEC consiste � ins�rer une
3404+ directive <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> dans une section
3405+ <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code>. En d�finissant
3406+ des valeurs diff�rentes de celles du serveur principal, toutes les
3407+ requ�tes pour des ressources CGI seront ex�cut�es sous
3408+ les <em>User</em> et <em>Group</em> d�finis pour cette section
3409+ <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>. Si cette
3410+ directive est absente de la section <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>, l'utilisateur du
3411+ serveur principal sera pris par d�faut</p>
3412+
3413+ <p><strong>R�pertoires des utilisateurs :</strong><br /> Avec
3414+ cette m�thode, les
3415+ requ�tes trait�es par <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> appelleront le
3416+ conteneur suEXEC pour ex�cuter le programme CGI sous l'identifiant
3417+ utilisateur du r�pertoire utilisateur concern�. Seuls pr�requis
3418+ pour pouvoir acc�der � cette fonctionnalit� : l'ex�cution des CGI
3419+ doit �tre activ�e pour l'utilisateur concern�, et le script doit
3420+ passer avec succ�s le test des <a href="#model">v�rifications de
3421+ s�curit�</a> d�crit plus haut. Voir aussi l'
3422+ <a href="#install">option de compilation</a>
3423+ <code>--with-suexec-userdir</code>.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3424+<div class="section">
3425+<h2><a name="debug" id="debug">D�bogage de suEXEC</a></h2>
3426+
3427+ <p>Le conteneur suEXEC va �crire ses informations de journalisation
3428+ dans le fichier d�fini par l'option de compilation
3429+ <code>--with-suexec-logfile</code> comme indiqu� plus haut. Si vous
3430+ pensez avoir configur� et install� correctement le conteneur,
3431+ consultez ce journal, ainsi que le journal des erreurs du serveur
3432+ afin de d�terminer l'endroit o� vous avez fait fausse route.</p>
3433+
3434+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3435+<div class="section">
3436+<h2><a name="jabberwock" id="jabberwock">Avis � la population !
3437+ Avertissements et exemples</a></h2>
3438+
3439+ <p><strong>NOTE !</strong> Cette section est peut-�tre incompl�te.
3440+ Pour en consulter la derni�re r�vision, voir la version de la <a href="http://httpd.apache.org/docs/2.4/suexec.html">Documentation en ligne</a>.</p>
3441+
3442+ <p>Quelques points importants du conteneur peuvent
3443+ imposer des contraintes du point de vue de la configuration du
3444+ serveur. Veuillez en prendre connaissance avant de soumettre un
3445+ rapport de bogue � propos de suEXEC.</p>
3446+
3447+ <ul>
3448+ <li><strong>Points importants de suEXEC</strong></li>
3449+
3450+ <li>
3451+ Limitations concernant la hi�rarchie.
3452+
3453+ <p class="indent">
3454+ Pour des raisons de s�curit� et d'efficacit�, toutes les
3455+ requ�tes suEXEC ne doivent concerner que des ressources
3456+ situ�es dans la racine des documents d�finie pour les
3457+ requ�tes concernant un h�te virtuel, ou des ressources
3458+ situ�es dans la racine des documents d�finies pour les
3459+ requ�tes concernant un r�pertoire utilisateur. Par exemple,
3460+ si vous avez configur� quatre h�tes virtuels, vous devrez
3461+ d�finir la structure des racines de documents de vos h�tes
3462+ virtuels en dehors d'une hi�rarchie de documents principale
3463+ de httpd, afin de tirer parti de suEXEC dans le contexte des
3464+ h�tes virtuels (Exemple � venir).
3465+ </p>
3466+ </li>
3467+
3468+ <li>
3469+ La variable d'environnement PATH de suEXEC
3470+
3471+ <p class="indent">
3472+ Modifier cette variable peut s'av�rer dangereux. Assurez-vous
3473+ que tout chemin que vous ajoutez � cette variable est un
3474+ r�pertoire <strong>de confiance</strong>. Vous n'avez
3475+ probablement pas l'intention d'ouvrir votre serveur de fa�on
3476+ � ce que l'on puisse y ex�cuter un cheval de Troie.
3477+ </p>
3478+ </li>
3479+
3480+ <li>
3481+ Modification de suEXEC
3482+
3483+ <p class="indent">
3484+ Encore une fois, ceci peut vous causer de
3485+ <strong>graves ennuis</strong> si vous vous y essayez sans
3486+ savoir ce que vous faites. Evitez de vous y risquer dans la
3487+ mesure du possible.
3488+ </p>
3489+ </li>
3490+ </ul>
3491+
3492+</div></div>
3493+<div class="bottomlang">
3494+<p><span>Langues Disponibles: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
3495+<a href="./fr/suexec.html" title="Fran�ais">&nbsp;fr&nbsp;</a> |
3496+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
3497+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
3498+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T�rk�e">&nbsp;tr&nbsp;</a></p>
3499+</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
3500+<script type="text/javascript"><!--//--><![CDATA[//><!--
3501+var comments_shortname = 'httpd';
3502+var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html';
3503+(function(w, d) {
3504+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
3505+ d.write('<div id="comments_thread"><\/div>');
3506+ var s = d.createElement('script');
3507+ s.type = 'text/javascript';
3508+ s.async = true;
3509+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
3510+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
3511+ }
3512+ else {
3513+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
3514+ }
3515+})(window, document);
3516+//--><!]]></script></div><div id="footer">
3517+<p class="apache">Copyright 2017 The Apache Software Foundation.<br />Autoris� sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
3518+<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossaire</a> | <a href="./sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
3519+if (typeof(prettyPrint) !== 'undefined') {
3520+ prettyPrint();
3521+}
3522+//--><!]]></script>
3523+</body></html>
3524\ No newline at end of file
3525diff --git a/docs/manual/suexec.html.ja.utf8 b/docs/manual/suexec.html.ja.utf8
3526new file mode 100644
3527index 0000000..31fd90d
3528--- /dev/null
3529+++ b/docs/manual/suexec.html.ja.utf8
3530@@ -0,0 +1,643 @@
3531+<?xml version="1.0" encoding="UTF-8"?>
3532+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3533+<html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja"><head>
3534+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
3535+<!--
3536+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
3537+ This file is generated from xml source: DO NOT EDIT
3538+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
3539+ -->
3540+<title>suEXEC サポート - Apache HTTP サーバ バージョン 2.4</title>
3541+<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
3542+<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
3543+<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
3544+<script src="./style/scripts/prettify.min.js" type="text/javascript">
3545+</script>
3546+
3547+<link href="./images/favicon.ico" rel="shortcut icon" /></head>
3548+<body id="manual-page"><div id="page-header">
3549+<p class="menu"><a href="./mod/">モジュール</a> | <a href="./mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">用語</a> | <a href="./sitemap.html">サイトマップ</a></p>
3550+<p class="apache">Apache HTTP サーバ バージョン 2.4</p>
3551+<img alt="" src="./images/feather.png" /></div>
3552+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="./images/left.gif" /></a></div>
3553+<div id="path">
3554+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP サーバ</a> &gt; <a href="http://httpd.apache.org/docs/">ドキュメンテーション</a> &gt; <a href="./">バージョン 2.4</a></div><div id="page-content"><div id="preamble"><h1>suEXEC サポート</h1>
3555+<div class="toplang">
3556+<p><span>翻訳済み言語: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
3557+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
3558+<a href="./ja/suexec.html" title="Japanese">&nbsp;ja&nbsp;</a> |
3559+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
3560+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
3561+</div>
3562+<div class="outofdate">この日本語訳はすでに古くなっている
3563+ 可能性があります。
3564+ 最近更新された内容を見るには英語版をご覧下さい。
3565+ </div>
3566+
3567+ <p><strong>suEXEC</strong>
3568+ 機能により、Apache ユーザは Web サーバを実行しているユーザ ID とは
3569+ 異なるユーザ ID で <strong>CGI</strong> プログラムや <strong>SSI</strong>
3570+ プログラムを実行することができます。CGI プログラムまたは SSI
3571+ プログラムを実行する場合、通常は web サーバと同じユーザで実行されます。
3572+ </p>
3573+
3574+ <p>適切に使用すると、この機能によりユーザが個別の CGI
3575+ や SSI プログラムを開発し実行することで生じるセキュリティ上の危険を、
3576+ かなり減らすことができます。しかし、suEXEC の設定が不適切だと、
3577+ 多くの問題が生じ、あなたのコンピュータに新しいセキュリティホールを
3578+ 作ってしまう可能性があります。あなたが <em>setuid root</em>
3579+ されたプログラムと、それらから生じるセキュリティ上の問題の管理に
3580+ 詳しくないようなら、suEXEC の使用を検討しないように強く推奨します。
3581+ </p>
3582+ </div>
3583+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">始める前に</a></li>
3584+<li><img alt="" src="./images/down.gif" /> <a href="#model">suEXEC セキュリティモデル</a></li>
3585+<li><img alt="" src="./images/down.gif" /> <a href="#install">suEXEC
3586+ の設定とインストール</a></li>
3587+<li><img alt="" src="./images/down.gif" /> <a href="#enable">suEXEC
3588+ の有効化と無効化</a></li>
3589+<li><img alt="" src="./images/down.gif" /> <a href="#usage">suEXEC の使用</a></li>
3590+<li><img alt="" src="./images/down.gif" /> <a href="#debug">suEXEC のデバッグ</a></li>
3591+<li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">とかげに注意: 警告と事例</a></li>
3592+</ul><h3>参照</h3><ul class="seealso"><li><a href="#comments_section">コメント</a></li></ul></div>
3593+<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3594+<div class="section">
3595+<h2><a name="before" id="before">始める前に</a></h2>
3596+
3597+ <p>この文書の先頭に飛ぶ前に、Apache
3598+ グループとこの文書での仮定を知っておくべきでしょう。
3599+ </p>
3600+
3601+ <p>第 1 に、あなたが <strong>setuid</strong> と
3602+ <strong>setgid</strong> 操作が可能な UNIX
3603+ 由来のオペレーティングシステムを使っていることを想定しています。
3604+ これは、すべてのコマンド例にあてはまります。
3605+ その他のプラットホームでは、もし suEXEC
3606+ がサポートされていたとしても設定は異なるかもしれません。</p>
3607+
3608+ <p>第 2 に、あなたが使用中のコンピュータの
3609+ セキュリティに関する基本的な概念と、それらの管理について詳しいことを
3610+ 想定しています。これは、<strong>setuid/setgid</strong>
3611+ 操作、あなたのシステム上でのその操作による様々な効果、
3612+ セキュリティレベルについてあなたが理解しているということを含みます。
3613+ </p>
3614+
3615+ <p>第 3 に、<strong>改造されていない</strong> suEXEC
3616+ コードの使用を想定しています。suEXEC のコードは、
3617+ 多くのベータテスタだけでなく、開発者によっても注意深く精査され
3618+ テストされています。それらの注意により、簡潔で信頼できる安全な
3619+ コードの基盤が保証されます。このコードを改変することで、
3620+ 予期されない問題や新しいセキュリティ上の危険が生じることがあります。
3621+ セキュリティプログラミングの詳細に通じていて、
3622+ 今後の検討のために成果を Apache
3623+ グループと共有しようと思うのでなければ、suEXEC
3624+ コードは変えないことを <strong>強く</strong>推奨します。</p>
3625+
3626+ <p>第 4 に、これが最後ですが、suEXEC を Apache
3627+ のデフォルトインストールには<strong>含めない</strong>ことが
3628+ Apache グループで決定されています。これは、suEXEC
3629+ の設定には管理者の詳細にわたる慎重な注意が必要だからです。
3630+ suEXEC の様々な設定について検討が終われば、管理者は suEXEC
3631+ を通常のインストール方法でインストールすることができます。
3632+ これらの設定値は、suEXEC
3633+ 機能の使用中にシステムセキュリティを適切に保つために、
3634+ 管理者によって慎重に決定され指定されることが必要です。
3635+ この詳細な手順により、Apache グループは、suEXEC
3636+ のインストールについて、注意深く十分に検討してそれを使用することを
3637+ 決定した場合に限っていただきたいと考えています。
3638+ </p>
3639+
3640+ <p>それでも進みますか? よろしい。では、先へ進みましょう!</p>
3641+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3642+<div class="section">
3643+<h2><a name="model" id="model">suEXEC セキュリティモデル</a></h2>
3644+
3645+ <p>suEXEC の設定とインストールを始める前に、
3646+ まず実装しようとしているセキュリティモデルについて論じておきます。
3647+ それには、suEXEC の内部で行なわれていること、
3648+ システムのセキュリティを保証するために警告されることを
3649+ よく理解しておいた方がよいでしょう。</p>
3650+
3651+ <p><strong>suEXEC</strong> は、Apache web
3652+ サーバから呼び出される setuid された "wrapper"
3653+ プログラムが基本となっています。設計した CGI、または SSI
3654+ プログラムへの HTTP リクエストがあると、この wrapper
3655+ が呼び出されます。このようなリクエストがあると、Apache
3656+ はそのプログラムが実行される際のプログラム名とユーザ ID とグループ
3657+ ID を指定して suEXEC wrapper を実行します。
3658+ </p>
3659+
3660+ <p>それから、wrapper は成功または失敗を決定するため
3661+ 以下の処理を行ないます。これらの状態のうち一つでも失敗した場合、
3662+ プログラムは失敗をログに記録してエラーで終了します。
3663+ そうでなければ、後の処理が続けられます。</p>
3664+
3665+ <ol>
3666+ <li>
3667+ <strong>wrapper
3668+ を実行しているユーザはこのシステムの正当なユーザか?</strong>
3669+
3670+ <p class="indent">
3671+ これは、wrapper を実行しているユーザが
3672+ 本当にシステムの利用者であることを保証するためです。
3673+ </p>
3674+ </li>
3675+
3676+
3677+ <li>
3678+ <strong>wrapper が適切な数の引数で呼び出されたか?</strong>
3679+
3680+
3681+ <p class="indent">
3682+ wrapper は適切な数の引数が与えられた場合にのみ実行されます。
3683+ 適切な引数のフォーマットは Apache Web サーバに解釈されます。
3684+ 適切な数の引数を受け取らなければ、攻撃をされたか
3685+ あなたの Apache バイナリの suEXEC の部分が
3686+ どこかおかしい可能性があります。
3687+ </p>
3688+ </li>
3689+
3690+ <li>
3691+ <strong>この正当なユーザは wrapper
3692+ の実行を許可されているか?</strong>
3693+
3694+ <p class="indent">
3695+ このユーザは wrapper 実行を許可されたユーザですか?
3696+ ただ一人のユーザ (Apache ユーザ) だけが、
3697+ このプログラムの実行を許可されます。
3698+ </p>
3699+ </li>
3700+
3701+ <li>
3702+ <strong>対象の CGI, SSI プログラムが安全でない階層の参照をしているか?
3703+ </strong>
3704+
3705+ <p class="indent">
3706+ 対象の CGI, SSI プログラムが '/' から始まる、または
3707+ '..' による参照を行なっていますか? これらは許可されません。
3708+ 対象のプログラムは suEXEC のドキュメントルート
3709+ (下記の <code>--with-suexec-docroot=<em>DIR</em></code> を参照)
3710+ 内に存在しなければなりません。
3711+ </p>
3712+ </li>
3713+
3714+ <li>
3715+ <strong>対象となるユーザ名は正当なものか?</strong>
3716+
3717+ <p class="indent">
3718+ 対象となるユーザ名は存在していますか?
3719+ </p>
3720+ </li>
3721+
3722+ <li>
3723+ <strong>対象となるグループ名は正当なものか?</strong>
3724+
3725+ <p class="indent">
3726+ 対象となるグループ名は存在していますか?
3727+ </p>
3728+ </li>
3729+
3730+ <li>
3731+ <strong>目的のユーザはスーパーユーザでは<em>ない</em>か?
3732+ </strong>
3733+
3734+ <p class="indent">
3735+ 今のところ、suEXEC は <code><em>root</em></code> による CGI/SSI
3736+ プログラムの実行を許可していません。
3737+ </p>
3738+ </li>
3739+
3740+ <li>
3741+ <strong>対象となるユーザ ID は、最小の ID
3742+ 番号よりも<em>大きい</em>か? </strong>
3743+
3744+ <p class="indent">
3745+ 最小ユーザ ID 番号は設定時に指定されます。これは、
3746+ CGI/SSI プログラム実行を許可されるユーザ ID
3747+ のとりうる最小値です。これは
3748+ "system" 用のアカウントを閉め出すのに有効です。
3749+ </p>
3750+ </li>
3751+
3752+ <li>
3753+ <strong>対象となるグループはスーパーユーザのグループでは
3754+ <em>ない</em>か?</strong>
3755+
3756+ <p class="indent">
3757+ 今のところ、suEXEC は 'root' グループによる CGI/SSI
3758+ プログラムの実行を許可していません。
3759+ </p>
3760+ </li>
3761+
3762+ <li>
3763+ <strong>対象となるグループ ID は最小の ID
3764+ 番号よりも<em>大きい</em>か?</strong>
3765+
3766+ <p class="indent">
3767+ 最小グループ ID 番号は設定時に指定されます。これは、
3768+ CGI/SSI プログラム実行を許可されるグループ
3769+ ID のとりうる最小値です。
3770+ これは "system" 用のグループを閉め出すのに有効です。
3771+ </p>
3772+ </li>
3773+
3774+ <li>
3775+ <strong>wrapper が正常に対象となるユーザとグループになれるか?
3776+ </strong>
3777+
3778+ <p class="indent">
3779+ ここで、setuid と setgid
3780+ の起動によりプログラムは対象となるユーザとグループになります。
3781+ グループアクセスリストは、
3782+ ユーザが属しているすべてのグループで初期化されます。
3783+ </p>
3784+ </li>
3785+
3786+ <li>
3787+ <strong>CGI/SSI プログラムが置かれているディレクトリに移動
3788+ (change directory) できるか?</strong>
3789+
3790+ <p class="indent">
3791+ ディレクトリが存在しないなら、そのファイルも存在しないかもしれません。
3792+ ディレクトリに移動できないのであれば、おそらく存在もしないでしょう。
3793+ </p>
3794+ </li>
3795+
3796+ <li>
3797+ <strong>ディレクトリが Apache のドキュメントツリー内にあるか?
3798+ </strong>
3799+
3800+ <p class="indent">
3801+ リクエストがサーバ内のものであれば、
3802+ 要求されたディレクトリが suEXEC のドキュメントルート配下にありますか?
3803+ リクエストが UserDir のものであれば、要求されたディレクトリが suEXEC
3804+ のユーザのドキュメントルート配下にありますか?
3805+ (<a href="#install">suEXEC 設定オプション</a> 参照)
3806+ </p>
3807+ </li>
3808+
3809+ <li>
3810+ <strong>ディレクトリを他のユーザが書き込めるようになって
3811+ <em>いない</em>か?</strong>
3812+
3813+ <p class="indent">
3814+ ディレクトリを他ユーザに開放しないようにします。
3815+ 所有ユーザだけがこのディレクトリの内容を改変できるようにします。
3816+ </p>
3817+ </li>
3818+
3819+
3820+ <li>
3821+ <strong>対象となる CGI/SSI プログラムは存在するか?</strong>
3822+
3823+ <p class="indent">
3824+ 存在しなければ実行できません。
3825+ </p>
3826+ </li>
3827+
3828+ <li>
3829+ <strong>対象となる CGI/SSI プログラムファイルが他アカウントから
3830+ 書き込めるようになって<em>いない</em>か?</strong>
3831+
3832+ <p class="indent">
3833+ 所有者以外には CGI/SSI プログラムを変更する権限は与えられません。
3834+ </p>
3835+ </li>
3836+
3837+
3838+ <li>
3839+ <strong>対象となる CGI/SSI プログラムが setuid または setgid
3840+ されて<em>いない</em>か?</strong>
3841+
3842+ <p class="indent">
3843+ UID/GID を再度変更してのプログラム実行はしません
3844+ </p>
3845+ </li>
3846+
3847+
3848+ <li>
3849+ <strong>対象となるユーザ/グループがプログラムの
3850+ ユーザ/グループと同じか?</strong>
3851+
3852+ <p class="indent">
3853+ ユーザがそのファイルの所有者ですか?
3854+ </p>
3855+ </li>
3856+
3857+ <li>
3858+ <strong>安全な動作を保証するための環境変数クリアが可能か?
3859+ </strong>
3860+
3861+ <p class="indent">
3862+ suEXEC は、安全な環境変数のリスト
3863+ (これらは設定時に作成されます) 内の変数として渡される安全な
3864+ PATH 変数 (設定時に指定されます) を設定することで、
3865+ プロセスの環境変数をクリアします。
3866+ </p>
3867+ </li>
3868+
3869+
3870+ <li>
3871+ <strong>対象となる CGI/SSI プログラムを exec して実行できるか?</strong>
3872+
3873+
3874+ <p class="indent">
3875+ ここで suEXEC が終了し、対象となるプログラムが開始されます。
3876+ </p>
3877+ </li>
3878+ </ol>
3879+
3880+ <p>ここまでが suEXEC の wrapper
3881+ におけるセキュリティモデルの標準的な動作です。もう少し厳重に
3882+ CGI/SSI 設計についての新しい制限や規定を取り入れることもできますが、
3883+ suEXEC はセキュリティに注意して慎重に少しずつ開発されてきました。
3884+ </p>
3885+
3886+ <p>このセキュリティモデルを用いて
3887+ サーバ設定時にどのように許すことを制限するか、また、suEXEC
3888+ を適切に設定するとどのようなセキュリティ上の危険を避けられるかに
3889+ 関するより詳しい情報については、<a href="#jabberwock">"とかげに注意"
3890+ (Beware the Jabberwock)</a> の章を参照してください。
3891+ </p>
3892+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
3893+<div class="section">
3894+<h2><a name="install" id="install">suEXEC
3895+ の設定とインストール</a></h2>
3896+
3897+ <p>ここから楽しくなります。</p>
3898+
3899+ <p><strong>suEXEC
3900+ 設定オプション</strong><br />
3901+ </p>
3902+
3903+ <dl>
3904+ <dt><code>--enable-suexec</code></dt>
3905+
3906+ <dd>このオプションは、デフォルトではインストールされず、
3907+ 有効にはならない suEXEC 機能を有効にします。
3908+ suEXEC を使うように APACI に要求するには、<code>--enable-suexec</code>
3909+ オプションにあわせて少なくとも一つは <code>--with-suexec-xxxxx</code>
3910+ オプションが指定されなければなりません。</dd>
3911+
3912+ <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
3913+
3914+ <dd>セキュリティ上の理由により、<code>suexec</code> バイナリのパスはサーバに
3915+ ハードコードされている必要があります。デフォルトのパスを
3916+ 変えたいときはこのオプションを使ってください。<em>例えば</em>、
3917+ <code>--with-suexec-bin=/usr/sbin/suexec</code> のように。</dd>
3918+
3919+ <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
3920+
3921+ <dd>Apache を通常動作させる<a href="mod/mpm_common.html#user">ユーザ名</a>を指定します。
3922+ このユーザだけが suexec の実行を許可されたユーザになります。</dd>
3923+
3924+ <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
3925+
3926+ <dd>suEXEC がアクセスを許されるユーザホームディレクトリ配下の
3927+ サブディレクトリを指定します。
3928+ このディレクトリ以下の全実行ファイルは、"安全な"プログラムになるよう、
3929+ suEXEC がそのユーザとして実行できるようにします。
3930+ "単純な" UserDir ディレクティブを使っている場合
3931+ (すなわち "*" を含まないもの)、これと同じ値を設定すべきです。
3932+ Userdir ディレクティブがそのユーザのパスワードファイル内の
3933+ ホームディレクトリと同じ場所を指していなければ、
3934+ suEXEC は適切に動作しません。デフォルトは "public_html" です。
3935+ <br />
3936+ 各 UserDir が異なった仮想ホストを設定している場合、
3937+ それらを全て一つの親ディレクトリに含めて、
3938+ その親ディレクトリの名前をここで指定する必要があります。
3939+ <strong>このように指定されなければ "~userdir" cgi
3940+ へのリクエストが動作しません。</strong></dd>
3941+
3942+ <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
3943+
3944+ <dd>Apache のドキュメントルートを設定します。これが suEXEC
3945+ の動作で使用する唯一のディレクトリ階層になります (UserDir
3946+ の指定は別)。デフォルトでは <code>--datedir</code> に "/htdocs"
3947+ というサフィックスをつけたものです。
3948+ "<code>--datadir=/home/apache</code>" として設定すると、
3949+ suEXEC wrapper にとって "/home/apache/htdocs"
3950+ がドキュメントルートとして使われます。</dd>
3951+
3952+ <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
3953+
3954+ <dd>suEXEC の対象ユーザとして許される UID の最小値を指定します。
3955+ 大抵のシステムでは 500 か 100 が一般的です。
3956+ デフォルト値は 100 です。</dd>
3957+
3958+ <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
3959+
3960+ <dd>suEXEC の対象グループとして許される GID
3961+ の最小値を指定します。大抵のシステムでは 100 が一般的なので、
3962+ デフォルト値としても 100 が使われています。</dd>
3963+
3964+ <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
3965+
3966+ <dd>suEXEC の処理とエラーが記録されるファイル名を指定します。
3967+ (監査やデバッグ目的に有用)
3968+ デフォルトではログファイルは "suexec_log" という名前で、
3969+ 標準のログファイルディレクトリ (<code>--logfiledir</code>) に置かれます。
3970+ </dd>
3971+
3972+ <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
3973+
3974+ <dd>CGI 実行ファイルに渡される安全な PATH 環境変数です。
3975+ デフォルト値は "/usr/local/bin:/usr/bin:/bin" です。
3976+ </dd>
3977+ </dl>
3978+
3979+ <p><strong>suEXEC wrapper
3980+ のコンパイルとインストール</strong><br />
3981+ <code>--enable-suexec</code> オプションで suEXEC 機能を有効にすると、
3982+ "make" コマンドを実行した時に <code>suexec</code> のバイナリ (Apache 自体も)
3983+ が自動的に作成されます。
3984+ <br />
3985+ すべての構成要素が作成されると、それらのインストールには
3986+ <code>make install</code> コマンドが実行できます。バイナリイメージの <code>suexec</code>
3987+ は <code>--sbindir</code> オプションで指定されたディレクトリにインストールされます。
3988+ デフォルトの場所は "/usr/local/apache/bin/suexec" です。<br />
3989+ インストール時には <strong><em>root</em></strong>
3990+ 権限が必要なので注意してください。wrapper がユーザ ID
3991+ を設定するために、所有者 <code><em>root</em></code>
3992+ でのセットユーザ ID
3993+ ビットをそのファイルのモードに設定しなければなりません。
3994+ </p>
3995+
3996+ <p><strong>安全なパーミッションを設定する</strong><br />
3997+ suEXEC ラッパーは、<code>--with-suexec-caller</code> <code class="program"><a href="./programs/configure.html">configure</a></code>
3998+ オプションで指定した正しいユーザで起動されていることを確認しますが、
3999+ システム上でこのチェックが行なわれる前に、
4000+ suEXEC が呼ぶシステムやライブラリが脆弱である可能性は残ります。対抗策として、
4001+ 一般に良い習慣ともされいますが、
4002+ ファイルシステムパーミッションを使って
4003+ Apache の実行時のグループのみが suEXEC を実行できるように
4004+ するのが良いでしょう。</p>
4005+
4006+ <p>たとえば、次のようにサーバが設定されていたとします。</p>
4007+
4008+<div class="example"><p><code>
4009+ User www<br />
4010+ Group webgroup<br />
4011+</code></p></div>
4012+
4013+ <p><code class="program"><a href="./programs/suexec.html">suexec</a></code> が "/usr/local/apache2/bin/suexec"
4014+ にインストールされていた場合、次のように設定する必要があります。</p>
4015+
4016+<div class="example"><p><code>
4017+ chgrp webgroup /usr/local/apache2/bin/suexec<br />
4018+ chmod 4750 /usr/local/apache2/bin/suexec<br />
4019+</code></p></div>
4020+
4021+ <p>これで Apache が実行されるグループのみが
4022+ suEXEC ラッパーを実行できるということを
4023+ 確証します。</p>
4024+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4025+<div class="section">
4026+<h2><a name="enable" id="enable">suEXEC
4027+ の有効化と無効化</a></h2>
4028+
4029+ <p>起動時に、Apache は <code>--sbindir</code>
4030+ オプションで設定されたディレクトリで
4031+ <code>suexec</code> を探します
4032+ (デフォルトは "/usr/local/apache/sbin/suexec") 。
4033+ 適切に設定された suEXEC がみつかると、
4034+ エラーログに以下のメッセージが出力されます。</p>
4035+
4036+<div class="example"><p><code>
4037+ [notice] suEXEC mechanism enabled (wrapper: <var>/path/to/suexec</var>)
4038+</code></p></div>
4039+
4040+ <p>サーバ起動時にこのメッセージが出ない場合、
4041+ 大抵はサーバが想定した場所で wrapper プログラムが見つからなかったか、
4042+ <em>setuid root</em> としてインストールされていないかです。</p>
4043+
4044+ <p>suEXEC の仕組みを使用するのが初めてで、Apache が既に動作中であれば、
4045+ Apache を kill して、再起動しなければなりません。HUP シグナルや
4046+ USR1 シグナルによる単純な再起動では不十分です。</p>
4047+ <p>suEXEC を無効にする場合は、<code>suexec</code> ファイルを削除してから
4048+ Apache を kill して再起動します。
4049+ </p>
4050+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4051+<div class="section">
4052+<h2><a name="usage" id="usage">suEXEC の使用</a></h2>
4053+
4054+ <p>CGI プログラムへのリクエストが suEXEC ラッパーを呼ぶのは、
4055+ <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> ディレクティブを
4056+ 含むバーチャルホストへのリクエストか、<code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> により
4057+ 処理されたリクエストの場合に限ります。</p>
4058+
4059+ <p><strong>仮想ホスト:</strong><br />
4060+ suEXEC wrapper の使い方として、
4061+ <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> 設定での
4062+ <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code>
4063+ ディレクティブを通したものがあります。
4064+ このディレクティブをメインサーバのユーザ ID
4065+ と異なるものにすると、CGI リソースへのすべてのリクエストは、その
4066+ <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code> で指定された <em>User</em> と
4067+ <em>Group</em> として実行されます。<code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>
4068+ でこのディレクティブが指定されていない場合、
4069+ メインサーバのユーザ ID が想定されます。</p>
4070+
4071+ <p><strong>ユーザディレクトリ:</strong><br />
4072+ <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> により処理されたリクエストは
4073+ リクエストされたユーザディレクトリのユーザ ID で CGI プログラムを
4074+ 実行するために suEXEC ラッパーを呼びます。
4075+ この機能を動作させるために必要なことは、CGI
4076+ をそのユーザで実行できること、そのスクリプトが上記の<a href="#model">セキュリティ検査</a>をパスできることです。
4077+ <a href="#install">コンパイル
4078+ 時のオプション</a> <code>--with-suexec-userdir</code> も参照してください。</p>
4079+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4080+<div class="section">
4081+<h2><a name="debug" id="debug">suEXEC のデバッグ</a></h2>
4082+
4083+ <p>suEXEC wrapper は、上記で述べた <code>--with-suexec-logfile</code>
4084+ オプションで指定されたファイルにログ情報を記録します。
4085+ wrapper を適切に設定、インストールできていると思う場合、
4086+ どこで迷っているか見ようとするならこのログとサーバの
4087+ エラーログを見るとよいでしょう。</p>
4088+ </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4089+<div class="section">
4090+<h2><a name="jabberwock" id="jabberwock">とかげに注意: 警告と事例</a></h2>
4091+
4092+ <p><strong>注意!</strong>
4093+ この章は完全ではありません。この章の最新改訂版については、
4094+ Apache グループの<a href="http://httpd.apache.org/docs/2.4/suexec.html">
4095+ オンラインドキュメント</a>版を参照してください。
4096+ </p>
4097+
4098+ <p>サーバの設定に制限をもうける wrapper について、
4099+ いくつか興味深い点があります。suEXEC に関する "バグ"
4100+ を報告する前にこれらを確認してください。</p>
4101+
4102+ <ul>
4103+ <li><strong>suEXEC の興味深い点</strong></li>
4104+
4105+ <li>階層構造の制限
4106+
4107+
4108+ <p class="indent">
4109+ セキュリティと効率の理由から、<code>suEXEC</code> の全てのリクエストは
4110+ 仮想ホストへのリクエストにおける最上位のドキュメントルート内か、
4111+ ユーザディレクトリへのリクエストにおける個々のユーザの最上位の
4112+ ドキュメントルート内に残らなければなりません。
4113+ 例えば、四つの仮想ホストを設定している場合、
4114+ 仮想ホストの suEXEC に有利なように、メインの Apache
4115+ ドキュメント階層の外側に全ての仮想ホストのドキュメントルートを
4116+ 構築する必要があります。(例は後日記載)
4117+ </p>
4118+ </li>
4119+
4120+ <li>suEXEC の PATH 環境変数
4121+
4122+
4123+ <p class="indent">
4124+ これを変更するのは危険です。この指定に含まれる各パスが
4125+ <strong>信頼できる</strong>
4126+ ディレクトリであることを確認してください。
4127+ 世界からのアクセスにより、誰かがホスト上でトロイの木馬
4128+ を実行できるようにはしたくないでしょう。
4129+ </p>
4130+ </li>
4131+
4132+ <li>suEXEC コードの改造
4133+
4134+
4135+ <p class="indent">
4136+ 繰り返しますが、何をやろうとしているか把握せずにこれをやると
4137+ <strong>大きな問題</strong>を引き起こしかねません。
4138+ 可能な限り避けてください。
4139+ </p>
4140+ </li>
4141+ </ul>
4142+</div></div>
4143+<div class="bottomlang">
4144+<p><span>翻訳済み言語: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
4145+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
4146+<a href="./ja/suexec.html" title="Japanese">&nbsp;ja&nbsp;</a> |
4147+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
4148+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
4149+</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">コメント</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
4150+<script type="text/javascript"><!--//--><![CDATA[//><!--
4151+var comments_shortname = 'httpd';
4152+var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html';
4153+(function(w, d) {
4154+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
4155+ d.write('<div id="comments_thread"><\/div>');
4156+ var s = d.createElement('script');
4157+ s.type = 'text/javascript';
4158+ s.async = true;
4159+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
4160+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
4161+ }
4162+ else {
4163+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
4164+ }
4165+})(window, document);
4166+//--><!]]></script></div><div id="footer">
4167+<p class="apache">Copyright 2017 The Apache Software Foundation.<br />この文書は <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> のライセンスで提供されています。.</p>
4168+<p class="menu"><a href="./mod/">モジュール</a> | <a href="./mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">用語</a> | <a href="./sitemap.html">サイトマップ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
4169+if (typeof(prettyPrint) !== 'undefined') {
4170+ prettyPrint();
4171+}
4172+//--><!]]></script>
4173+</body></html>
4174\ No newline at end of file
4175diff --git a/docs/manual/suexec.html.ko.euc-kr b/docs/manual/suexec.html.ko.euc-kr
4176new file mode 100644
4177index 0000000..0e8df7a
4178--- /dev/null
4179+++ b/docs/manual/suexec.html.ko.euc-kr
4180@@ -0,0 +1,564 @@
4181+<?xml version="1.0" encoding="EUC-KR"?>
4182+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4183+<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head>
4184+<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" />
4185+<!--
4186+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
4187+ This file is generated from xml source: DO NOT EDIT
4188+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
4189+ -->
4190+<title>suEXEC ���� - Apache HTTP Server Version 2.4</title>
4191+<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
4192+<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
4193+<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
4194+<script src="./style/scripts/prettify.min.js" type="text/javascript">
4195+</script>
4196+
4197+<link href="./images/favicon.ico" rel="shortcut icon" /></head>
4198+<body id="manual-page"><div id="page-header">
4199+<p class="menu"><a href="./mod/">���</a> | <a href="./mod/directives.html">���þ��</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">���</a> | <a href="./sitemap.html">����Ʈ��</a></p>
4200+<p class="apache">Apache HTTP Server Version 2.4</p>
4201+<img alt="" src="./images/feather.png" /></div>
4202+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="./images/left.gif" /></a></div>
4203+<div id="path">
4204+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>suEXEC ����</h1>
4205+<div class="toplang">
4206+<p><span>������ ���: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
4207+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
4208+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
4209+<a href="./ko/suexec.html" title="Korean">&nbsp;ko&nbsp;</a> |
4210+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a></p>
4211+</div>
4212+<div class="outofdate">�� ������ �ֽ��� ������ �ƴմϴ�.
4213+ �ֱٿ� ����� ������ ���� ������ �����ϼ���.</div>
4214+
4215+ <p><strong>suEXEC</strong> ����� ����ġ�� <strong>CGI</strong>��
4216+ <strong>SSI</strong> ���α׷��� �������� ������ ����� ID��
4217+ �ƴ� �ٸ� ����� ID�� �����ϵ��� �Ѵ�. ���� CGI�� SSI ���α׷���
4218+ �����ϸ� �������� ������ ����ڿ� ���� ����ڷ� �����Ѵ�.</p>
4219+
4220+ <p>�� ����� ������ ����ϸ� ����ڰ� ���� CGI�� SSI ���α׷���
4221+ �����ϰ� �����Ҷ� �߻��� �� �ִ� ���������� ����� ����
4222+ �� �ִ�. �׷��� suEXEC�� �������ϰ� �����Ǹ� ���� ������
4223+ ��ǻ�Ϳ� ���ο� ���� ������ ���� �� �ִ�. ���� <em>setuid root</em>
4224+ ���α׷��� �̷� ���α׷��� ���� ������ �����ϴٸ� suEXEC��
4225+ ��������ʱ� �������� �ٶ���.</p>
4226+ </div>
4227+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">�����ϱ� ����</a></li>
4228+<li><img alt="" src="./images/down.gif" /> <a href="#model">suEXEC ���ȸ�</a></li>
4229+<li><img alt="" src="./images/down.gif" /> <a href="#install">suEXEC ������ ��ġ</a></li>
4230+<li><img alt="" src="./images/down.gif" /> <a href="#enable">suEXEC �� ���</a></li>
4231+<li><img alt="" src="./images/down.gif" /> <a href="#usage">suEXEC ����ϱ�</a></li>
4232+<li><img alt="" src="./images/down.gif" /> <a href="#debug">suEXEC ������ϱ�</a></li>
4233+<li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">�ٽ� �ѹ� �����϶�: ���� ����</a></li>
4234+</ul><h3>����</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
4235+<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4236+<div class="section">
4237+<h2><a name="before" id="before">�����ϱ� ����</a></h2>
4238+
4239+ <p>�����ϱ� ���� �켱 ����ġ�׷�� �� ������ ������ ������.</p>
4240+
4241+ <p>���� <strong>setuid</strong>�� <strong>setgid</strong>
4242+ ����� ������ ���н��� �ü���� ����Ѵٰ� �����Ѵ�. ���
4243+ ��ɾ� ���鵵 ���� ������ �Ѵ�. suEXEC�� �����ϴ� �ٸ� �÷�����
4244+ ����ϴٸ� ������ �ٸ� �� �ִ�.</p>
4245+
4246+ <p>�ι�°, ����� ��ǻ�� ������ �⺻ ����� ������ �ͼ��ϴٰ�
4247+ �����Ѵ�. ���⿡�� <strong>setuid/setgid</strong> ��ɰ�
4248+ �̵��� �ý��۰� ���ȿ� ��ġ�� ���� ���⿡ ���� ���ذ� ���Եȴ�.</p>
4249+
4250+ <p>����°, suEXEC �ڵ��� <strong>������������</strong>
4251+ ������ ����Ѵٰ� �����Ѵ�. �����ڿ� ���� ��Ÿ�׽��͵���
4252+ suEXEC�� ���õ� ��� �ڵ带 ���ɽ����� �����ϰ� �˻��ߴ�.
4253+ �ڵ带 �����ϰ� �ϰ� Ȯ���� ������ �����ϱ����� ��� ���Ǹ�
4254+ ��￴��. �� �ڵ带 �����ϸ� ����ġ���� ������ ���ο� ����
4255+ ������ �߻��� �� �ִ�. ���� ���α׷��ֿ� ���� �ſ� �� �˰�
4256+ �ڵ带 ���캸������ ����ġ�׷�� �۾��� ������ �ǻ簡 ���ٸ�
4257+ suEXEC �ڵ带 ���������ʱ� <strong>������</strong> ���Ѵ�.</p>
4258+
4259+ <p>�׹�°���� ����������, ����ġ�׷��� suEXEC�� ����ġ
4260+ �⺻��ġ�� �������� <strong>�ʱ��</strong> �����ߴ�. �ᱹ
4261+ �����ڰ� ���Ǹ� ��←�� suEXEC�� �����ؾ� �Ѵ�. suEXEC��
4262+ ���� ������ �� ������� �����ڴ� �Ϲ����� ��ġ����� suEXEC��
4263+ ��ġ�� �� �ִ�. suEXEC ����� ����ϴ� �ý����� ������ å������
4264+ �����ڴ� �� ���������� �����ְ� ���캸�� �����ؾ� �Ѵ�.
4265+ �̷� ���� ������ suEXEC�� ����Ҹ�ŭ �����ְ� ��ȣ��
4266+ ������� suEXEC�� ����ϵ��� ����ġ�׷��� ���ϱ� �����̴�.</p>
4267+
4268+ <p>������ ����ϱ� ���ϴ°�? �׷���? ����. ���� ��������!</p>
4269+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4270+<div class="section">
4271+<h2><a name="model" id="model">suEXEC ���ȸ�</a></h2>
4272+
4273+ <p>suEXEC�� �����ϰ� ��ġ�ϱ� ���� �츮�� ���ȸ��� ����
4274+ �����Ѵ�. �̸� ���� ��Ȯ�� suEXEC �ȿ����� ���� ���� �Ͼ��
4275+ �ý����� ������ ���� ������ �����ؾ� ���� �� �� ������ ��
4276+ �ִ�.</p>
4277+
4278+ <p><strong>suEXEC</strong>�� ����ġ �������� �θ��� setuid
4279+ "wrapper" ���α׷��� ������� �Ѵ�. �� wrapper�� �����ڰ�
4280+ �ּ����� �ٸ� userid�� �����ϵ��� ������ CGI�� SSI ���α׷���
4281+ HTTP ��û�� ���� �Ҹ���. �̷� ��û�� ���� ����ġ�� suEXEC
4282+ wrapper���� ���α׷���� ���α׷��� ������ ����ڿ� �׷�
4283+ ID�� �����Ѵ�.</p>
4284+
4285+ <p>�׷��� wrapper�� ���� ������ ���� ������ ���и� �����Ѵ�.
4286+ �� ������ �ϳ��� �����ϸ� ���α׷��� ���з� ��ϵǰ� ������
4287+ ���� �����Ѵ�. �������� ������ ������ ����Ѵ�:</p>
4288+
4289+ <ol>
4290+ <li>
4291+ <strong>wrapper�� �����ϴ� ����ڰ� �ý����� ��������
4292+ �������</strong>
4293+
4294+ <p class="indent">
4295+ wrapper�� �����ϴ� ����ڰ� ������ �ý����� ���������
4296+ Ȯ���Ѵ�.
4297+ </p>
4298+ </li>
4299+
4300+ <li>
4301+ <strong>������ ���� �ƱԸ�Ʈ�� wrapper�� �����ϴ°�?</strong>
4302+
4303+ <p class="indent">
4304+ wrapper�� ������ ���� �ƱԸ�Ʈ�� �־�߸� ����ȴ�.
4305+ ����ġ �������� �� ������ �ȴ�. wrapper�� ������ ����
4306+ �ƱԸ�Ʈ�� �������ϸ� ��ŷ�Ǿ��ų� ����ġ�� suEXEC��
4307+ ���� ������ �ִ� ���̴�.
4308+ </p>
4309+ </li>
4310+
4311+ <li>
4312+ <strong>�� ����ڰ� wrapper�� �����ϵ��� ���Ǿ���?</strong>
4313+
4314+ <p class="indent">
4315+ �� ����ڰ� wrapper�� �����ϵ��� ���Ǿ���? ����
4316+ �� �����(����ġ �����)���� �� ���α׷��� ������
4317+ �� �ִ�.
4318+ </p>
4319+ </li>
4320+
4321+ <li>
4322+ <strong>������ CGI�� SSI ���α׷��� ������������ ����������
4323+ �����°�?</strong>
4324+
4325+ <p class="indent">
4326+ ������ CGI�� SSI ���α׷��� '/'�� �����ϰų� ������
4327+ '..'�� �����°�? �̵��� ����� �� ����. ������ CGI/SSI
4328+ ���α׷��� suEXEC ���� root (�Ʒ�
4329+ <code>--with-suexec-docroot=<em>DIR</em></code> ����)
4330+ ���� �־�� �Ѵ�.
4331+ </p>
4332+ </li>
4333+
4334+ <li>
4335+ <strong>������ ����ڸ��� ��ȿ�Ѱ�?</strong>
4336+
4337+ <p class="indent">
4338+ ������ ����ڰ� �����ϴ°�?
4339+ </p>
4340+ </li>
4341+
4342+ <li>
4343+ <strong>������ �׷���� ��ȿ�Ѱ�?</strong>
4344+
4345+ <p class="indent">
4346+ ������ �׷��� �����ϴ°�?
4347+ </p>
4348+ </li>
4349+
4350+ <li>
4351+ <strong>������ ����ڰ� superuser�� <em>�ƴѰ�</em>?</strong>
4352+
4353+
4354+ <p class="indent">
4355+ ���� suEXEC�� <code><em>root</em></code>�� CGI/SSI
4356+ ���α׷��� ������ �� ������ �Ѵ�.
4357+ </p>
4358+ </li>
4359+
4360+ <li>
4361+ <strong>������ userid�� �ּ� ID ���ں��� <em>ū��</em>?</strong>
4362+
4363+ <p class="indent">
4364+ �������� �ּ� ����� ID ���ڸ� �����Ѵ�. �׷��� CGI/SSI
4365+ ���α׷��� ������ �� �ִ� userid�� �ּ�ġ�� ������
4366+ �� �ִ�. "�ý��ۿ�" ������ �����Ҷ� �����ϴ�.
4367+ </p>
4368+ </li>
4369+
4370+ <li>
4371+ <strong>������ �׷��� superuser �׷��� <em>�ƴѰ�</em>?</strong>
4372+
4373+ <p class="indent">
4374+ ���� suEXEC�� <code><em>root</em></code> �׷��� CGI/SSI
4375+ ���α׷��� ������ �� ������ �Ѵ�.
4376+ </p>
4377+ </li>
4378+
4379+ <li>
4380+ <strong>������ groupid�� �ּ� ID ���ں��� <em>ū��</em>?</strong>
4381+
4382+ <p class="indent">
4383+ �������� �ּ� �׷� ID ���ڸ� �����Ѵ�. �׷��� CGI/SSI
4384+ ���α׷��� ������ �� �ִ� groupid�� �ּ�ġ�� ������
4385+ �� �ִ�. "�ý��ۿ�" �׷��� �����Ҷ� �����ϴ�.
4386+ </p>
4387+ </li>
4388+
4389+ <li>
4390+ <strong>wrapper�� ���������� ������ ����ڿ� �׷���
4391+ �� �� �ִ°�?</strong>
4392+
4393+ <p class="indent">
4394+ �� �ܰ迡�� ���α׷��� setuid�� setgid ȣ���� �Ͽ�
4395+ ������ ����ڿ� �׷��� �ȴ�. ��, �׷� ���ٸ����
4396+ ����ڰ� �ش�� ��� �׷����� �ʱ�ȭ�ȴ�.
4397+ </p>
4398+ </li>
4399+
4400+ <li>
4401+ <strong>CGI/SSI ���α׷��� �ִ� ���丮�� ���丮��
4402+ ������ �� �ִ°�?</strong>
4403+
4404+ <p class="indent">
4405+ ���丮�� �������� �ʴٸ� ������ ���� �� ����. �̰�����
4406+ ���丮�� ������ �� ���ٸ� ���丮�� �������� ����
4407+ ���̴�.
4408+ </p>
4409+ </li>
4410+
4411+ <li>
4412+ <strong>���丮�� ����ġ ������ �ȿ� �ִ°�?</strong>
4413+
4414+ <p class="indent">
4415+ ������ �Ϲ����� �κ��� ��û�� ��� ��û�ϴ� ���丮��
4416+ suEXEC ���� root �Ʒ� �ִ°�? UserDir�� ��û�� ���
4417+ ��û�ϴ� ���丮�� suEXEC userdir�� ������ (<a href="#install">suEXEC ���� �ɼ�</a> ����) ���丮
4418+ �Ʒ��� �ִ°�?
4419+ </p>
4420+ </li>
4421+
4422+ <li>
4423+ <strong>�ٸ� ������ ���丮�� ��������� <em>���°�</em>?</strong>
4424+
4425+ <p class="indent">
4426+ ���丮�� �ٸ� ������� ����α� �������ʴ´�. ����
4427+ �����ڸ��� ���丮 ������ ������ �� �ִ�.
4428+ </p>
4429+ </li>
4430+
4431+ <li>
4432+ <strong>������ CGI/SSI ���α׷��� �����ϴ°�?</strong>
4433+
4434+ <p class="indent">
4435+ ���������ʴٸ� ������ ���� ����.
4436+ </p>
4437+ </li>
4438+
4439+ <li>
4440+ <strong>�ٸ� ������ ������ CGI/SSI ���α׷��� ���������
4441+ <em>���°�</em>?</strong>
4442+
4443+ <p class="indent">
4444+ �����ڿ� ������ CGI/SSI ���α׷��� �����ϱ� �������ʴ´�.
4445+ </p>
4446+ </li>
4447+
4448+ <li>
4449+ <strong>������ CGI/SSI ���α׷��� setuid�� setgid��
4450+ <em>�ƴѰ�</em>?</strong>
4451+
4452+ <p class="indent">
4453+ �츮�� ���α׷��� �ٽ� UID/GID�� �����ϱ� �������ʴ´�.
4454+ </p>
4455+ </li>
4456+
4457+ <li>
4458+ <strong>������ �����/�׷��� ���α׷��� �����/�׷�� ������?</strong>
4459+
4460+ <p class="indent">
4461+ ����ڰ� ������ �������ΰ�?
4462+ </p>
4463+ </li>
4464+
4465+ <li>
4466+ <strong>������ ������ ���� ���μ����� ȯ�溯���� û����
4467+ �� �ִ°�?</strong>
4468+
4469+ <p class="indent">
4470+ suEXEC�� (�������� ������) ������ ���� PATH�� ���,
4471+ (�̰͵� �������� ����) ������ ȯ�溯�� ��Ͽ� ���ŵ�
4472+ ������ ����� ���μ����� ȯ�溯���� �����.
4473+ </p>
4474+ </li>
4475+
4476+ <li>
4477+ <strong>���������� ������ CGI/SSI ���α׷��� ������
4478+ �� �ִ°�?</strong>
4479+
4480+ <p class="indent">
4481+ ���⼭ suEXEC�� ������ ������ CGI/SSI ���α׷��� �����Ѵ�.
4482+ </p>
4483+ </li>
4484+ </ol>
4485+
4486+ <p>�̰��� suEXEC wrapper ���ȸ��� ǥ�� �����̴�. �ټ�
4487+ �����ϰ� CGI/SSI ���迡 ���ο� ������ ������, ������ ���ο�
4488+ �ΰ� �Ѵܰ辿 ���ɽ����� ���������.</p>
4489+
4490+ <p>�� ���� ���� ���� ������ � ������ �ִ����� ������
4491+ suEXEC �������� � ���� ������ ���� �� �ִ����� ���� ��
4492+ ������ <a href="#jabberwock">"�ٽ� �ѹ� �����϶�"</a> ����
4493+ �����϶�.</p>
4494+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4495+<div class="section">
4496+<h2><a name="install" id="install">suEXEC ������ ��ġ</a></h2>
4497+
4498+ <p>���� ����ִ� ������ �����Ѵ�.</p>
4499+
4500+ <p><strong>suEXEC ���� �ɼ�</strong><br />
4501+ </p>
4502+
4503+ <dl>
4504+ <dt><code>--enable-suexec</code></dt>
4505+
4506+ <dd>�� �ɼ��� �⺻������ ��ġ�ǰų� Ȱ��ȭ�����ʴ� suEXEC
4507+ ����� Ȱ��ȭ�Ѵ�. APACI�� suEXEC�� �޾Ƶ��̷���
4508+ <code>--enable-suexec</code> �ɼǿܿ�
4509+ <code>--with-suexec-xxxxx</code> �ɼ��� �ּ��� �Ѱ�
4510+ �ʿ��ϴ�.</dd>
4511+
4512+ <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
4513+
4514+ <dd><code>suexec</code> ���̳ʸ� ��δ� ���Ȼ� ������
4515+ ������ ��ϵǾ� �Ѵ�. ��� �⺻���� �����Ϸ��� �� �ɼ���
4516+ ����Ѵ�. <em>���� ���</em>
4517+ <code>--with-suexec-bin=/usr/sbin/suexec</code></dd>
4518+
4519+ <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
4520+
4521+ <dd>���� ����ġ�� �����ϴ� <a href="mod/mpm_common.html#user">����ڸ�</a>. ���α׷���
4522+ ������ �� �ִ� ������ ����ڴ�.</dd>
4523+
4524+ <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
4525+
4526+ <dd>suEXEC ������ ���Ǵ� ����� Ȩ���丮�� �������丮��
4527+ �����Ѵ�. �� ���丮�� �ִ� ��� ���������� �������
4528+ suEXEC�� ����Ƿ�, ��� ���α׷��� "�����ؾ�" �Ѵ�. (����
4529+ ���, ���� "*"�� ����) "������" UserDir ���þ ����Ѵٸ�
4530+ ���� ���� �����ؾ� �Ѵ�. UserDir ���þ passwd ���Ͽ�
4531+ ���� ����� Ȩ���丮�� �ٸ��� suEXEC�� ����������
4532+ �۵����� �ʴ´�. �⺻���� "public_html"�̴�.<br />
4533+ ����ȣ��Ʈ���� ���� �ٸ� UserDir�� ����Ѵٸ� ��� ��
4534+ �θ� ���丮 �ȿ� �ֵ��� �����ؾ� �ϰ�, �� �θ� ���丮����
4535+ ���� ���´�. <strong>�̷��� �������� ������, "~userdir"
4536+ cgi ��û�� �۵����� �ʴ´�!</strong></dd>
4537+
4538+ <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
4539+
4540+ <dd>����ġ�� DocumentRoot�� �����Ѵ�. �̴� suEXEC�� �����
4541+ �� �ִ� (UserDirs�� ������) ������ �����̴�. �⺻ ���丮��
4542+ <code>--datadir</code> ���� "/htdocs"�� ���� ���̴�.
4543+ <em>���� ���</em> "<code>--datadir=/home/apache</code>"��
4544+ �����ߴٸ� suEXEC wrapper�� document root��
4545+ "/home/apache/htdocs" ���丮�� ����Ѵ�.</dd>
4546+
4547+ <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
4548+
4549+ <dd>suEXEC���� ���������� ������� �ּ� UID�� �����Ѵ�.
4550+ ��κ��� �ý��ۿ��� 500�̳� 100�� �����ϴ�. �⺻����
4551+ 100�̴�.</dd>
4552+
4553+ <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
4554+
4555+ <dd>suEXEC���� ���������� �׷��� �ּ� GID�� �����Ѵ�.
4556+ ��κ��� �ý��ۿ��� 100�� �����ϹǷ� �� ���� �⺻���̴�.</dd>
4557+
4558+ <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
4559+
4560+ <dd>��� suEXEC �۵��� ������ (���ó� ����� ������ ������)
4561+ ����� �α����ϸ��� �����Ѵ�. �⺻������ �α������� �̸���
4562+ "suexec_log"�̰� ǥ�� �α����� ���丮��
4563+ (<code>--logfiledir</code>) ��ġ�Ѵ�.</dd>
4564+
4565+ <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
4566+
4567+ <dd>CGI �������Ͽ� �Ѱ��� ������ PATH ȯ�溯���� �����Ѵ�.
4568+ �⺻���� "/usr/local/bin:/usr/bin:/bin"�̴�.</dd>
4569+ </dl>
4570+
4571+ <p><strong>suEXEC wrapper�� �������ϰ� ��ġ�ϱ�</strong><br />
4572+ <code>--enable-suexec</code> �ɼ����� suEXEC ����� �����ϰ���
4573+ ��� <code>make</code> ��ɾ �����ϸ� <code>suexec</code>
4574+ ���������� (����ġ�� �Բ�) �ڵ����� ���������.<br />
4575+ ������ �������� �� <code>make install</code> ��ɾ
4576+ �����Ͽ� ��ġ�� �� �ִ�. ���̳ʸ����� <code>suexec</code>��
4577+ <code>--sbindir</code> �ɼ����� ������ ���丮�� ��ġ�ȴ�.
4578+ �⺻ ��ġ�� "/usr/local/apache2/sbin/suexec"�̴�.<br />
4579+ ��ġ ������ <strong><em>root ����</em></strong>�� �ʿ�����
4580+ �����϶�. wrapper�� ����� ID�� �����ϱ����ؼ��� �����ڰ�
4581+ <code><em>root</em></code>�̰� ���ϸ��� setuserid �����Ʈ��
4582+ �����Ǿ� �Ѵ�.</p>
4583+
4584+ <p><strong>���������� ���Ѽ���</strong><br />
4585+ suEXEC wrapper�� �ڽ��� ������ ����ڰ� ���� �ɼ�
4586+ <code>--with-suexec-caller</code>�� ������ �ùٸ� ���������
4587+ Ȯ���� ������, �� �˻� ������ suEXEC�� ����ϴ� �ý���ȣ��
4588+ Ȥ�� ���̺귯�� �Լ��� ���۵Ǿ��� �� �ִ�. �̸� ����ϸ�
4589+ �Ϲ������� ���� �����̹Ƿ� ���� ����ġ�� �����ϴ� �׷츸��
4590+ suEXEC�� ������ �� �ֵ��� ���Ͻý��� ������ �����ؾ� �Ѵ�.</p>
4591+
4592+ <p>���� ���, �������� ������ ���� �����ϰ�:</p>
4593+
4594+<div class="example"><p><code>
4595+ User www<br />
4596+ Group webgroup<br />
4597+</code></p></div>
4598+
4599+ <p><code>suexec</code>�� "/usr/local/apache2/sbin/suexec"��
4600+ ��ġ�Ͽ��ٸ�, ������ �����ؾ� �Ѵ�:</p>
4601+
4602+<div class="example"><p><code>
4603+ chgrp webgroup /usr/local/apache2/bin/suexec<br />
4604+ chmod 4750 /usr/local/apache2/bin/suexec<br />
4605+</code></p></div>
4606+
4607+ <p>�׷��� ���� ����ġ�� �����ϴ� �׷츸�� suEXEC wrapper��
4608+ ������ �� �ִ�.</p>
4609+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4610+<div class="section">
4611+<h2><a name="enable" id="enable">suEXEC �� ���</a></h2>
4612+
4613+ <p>����ġ�� �����Ҷ� <code>--sbindir</code> �ɼ����� ������
4614+ ���丮���� <code>suexec</code> ������ (�⺻��
4615+ "/usr/local/apache2/sbin/suexec") ã�´�. ����ġ��
4616+ ���������� ������ suEXEC wrapper�� �߰��ϸ� ���� �α�(error
4617+ log)�� ������ ���� ����Ѵ�:</p>
4618+
4619+<div class="example"><p><code>
4620+ [notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>)
4621+</code></p></div>
4622+
4623+ <p>���� �����߿� �̷� ������ ���ٸ� ������ ����� ��ҿ���
4624+ wrapper ���α׷��� ã�� ���߰ų�, ���������� <em>setuid
4625+ root</em>�� ��ġ�����ʾұ� ������ ���̴�.</p>
4626+
4627+ <p>ó������ suEXEC ����� ����ϰ� �Ͱ� �̹� ����ġ ������
4628+ �������̶��, ����ġ�� ���̰� �ٽ� �����ؾ� �Ѵ�. ������
4629+ HUP�̳� USR1 �ñ׳η� ������ϴ� �����δ� ������� �ʴ�. </p>
4630+ <p>suEXEC�� �Ȼ���Ϸ��� <code>suexec</code> ������ ������
4631+ ����ġ�� ���̰� ������ؾ� �Ѵ�. </p>
4632+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4633+<div class="section">
4634+<h2><a name="usage" id="usage">suEXEC ����ϱ�</a></h2>
4635+
4636+ <p>CGI ���α׷� ��û�� ��� <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> ���þ
4637+ ����� ����ȣ��Ʈ�� ��û�� �Ͽ��ų� <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code>��
4638+ ��û�� ó���ϴ� ��쿡�� suEXEC wrapper�� ȣ���Ѵ�.</p>
4639+
4640+ <p><strong>����ȣ��Ʈ:</strong><br /> suEXEC wrapper��
4641+ ����ϴ� �Ѱ��� ����� <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> ���ǿ� <code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> ���þ
4642+ ����ϴ� ���̴�. �� ���þ �ּ��� ����� ID�� �ٸ���
4643+ �����ϸ� CGI �ڿ��� ��� ��û�� <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>����
4644+ ������ <em>User</em>�� <em>Group</em>���� ����ȴ�. ��
4645+ ���þ���� <code class="directive"><a href="./mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>�� ������ �ּ���
4646+ userid�� ����Ѵ�.</p>
4647+
4648+ <p><strong>����� ���丮:</strong><br />
4649+ <code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code>�� ��û�� ó���Ѵٸ� suEXEC
4650+ wrapper�� ȣ���Ͽ�, ��û�� ����� ���丮�� �ش��ϴ� �����
4651+ ID�� CGI ���α׷��� �����Ѵ�. �� ����� �����Ϸ��� �����
4652+ ID�� CGI�� ������ �� �ְ� ��ũ��Ʈ�� ���� <a href="#model">����
4653+ �˻�</a> �׸��� �����ؾ� �Ѵ�. <a href="#install">����
4654+ �ɼ�</a> <code>--with-suexec-userdir</code>�� �����϶�.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4655+<div class="section">
4656+<h2><a name="debug" id="debug">suEXEC ������ϱ�</a></h2>
4657+
4658+ <p>suEXEC wrapper�� �α� ������ ������ �ٷ�
4659+ <code>--with-suexec-logfile</code> �ɼ����� ������ ���Ͽ�
4660+ ����. wrapper�� �ùٷ� �����ϰ� ��ġ�ߴٸ� ��� �߸��Ǿ�����
4661+ �� �α����Ͽ� ������ error_log�� �������.</p>
4662+
4663+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4664+<div class="section">
4665+<h2><a name="jabberwock" id="jabberwock">�ٽ� �ѹ� �����϶�: ���� ����</a></h2>
4666+
4667+ <p><strong>����!</strong> �� ������ �������� ���� �� �ִ�.
4668+ ����ġ�׷��� <a href="http://httpd.apache.org/docs/2.4/suexec.html">�¶���
4669+ ����</a>���� �� ������ �ֽ����� �����϶�.</p>
4670+
4671+ <p>wrapper�� ���� ������ �����ϴ� ��� ��̷ο� ���� �ִ�.
4672+ suEXEC�� ���õ� "����"�� �����ϱ� ���� �̵��� ���캸�� �ٶ���.</p>
4673+
4674+ <ul>
4675+ <li><strong>suEXEC ���� ����</strong></li>
4676+
4677+ <li>
4678+ ���丮 ���� ����
4679+
4680+ <p class="indent">
4681+ ���Ȱ� ȿ������ ���� ��� suEXEC ��û�� ����ȣ��Ʈ��
4682+ ��� �ֻ��� document root Ȥ�� userdir ��û�� ���
4683+ �ֻ��� ���� document root �ȿ��� �߻��ؾ� �Ѵ�. ����
4684+ ���, ����ȣ��Ʈ �װ��� �����ߴٸ� ����ȣ��Ʈ����
4685+ suEXEC�� �̿��ϱ����� ����ȣ��Ʈ�� document root��
4686+ �� ����ġ ���� �������� �ۿ� ������ �ʿ䰡 �ִ�.
4687+ (������ ������.)
4688+ </p>
4689+ </li>
4690+
4691+ <li>
4692+ suEXEC�� PATH ȯ�溯��
4693+
4694+ <p class="indent">
4695+ �����ϸ� ������ �� �ִ�. ���⿡ �����ϴ� ��� ��ΰ�
4696+ <strong>���� �� �ִ�</strong> ���丮���� Ȯ���϶�.
4697+ �� �������� �������� �װ��� �ִ� Ʈ���̸񸶸� �����ϱ�
4698+ ������ ���� ���̴�.
4699+ </p>
4700+ </li>
4701+
4702+ <li>
4703+ suEXEC �ڵ� �����ϱ�
4704+
4705+ <p class="indent">
4706+ �ݺ��ؼ� ��������, ����� ������ �ϴ��� �𸣰� �õ��Ѵٸ�
4707+ <strong>ū ����</strong>�� �߻��� �� �ִ�. � ��쿡��
4708+ ������������.
4709+ </p>
4710+ </li>
4711+ </ul>
4712+
4713+</div></div>
4714+<div class="bottomlang">
4715+<p><span>������ ���: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
4716+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
4717+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
4718+<a href="./ko/suexec.html" title="Korean">&nbsp;ko&nbsp;</a> |
4719+<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a></p>
4720+</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
4721+<script type="text/javascript"><!--//--><![CDATA[//><!--
4722+var comments_shortname = 'httpd';
4723+var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html';
4724+(function(w, d) {
4725+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
4726+ d.write('<div id="comments_thread"><\/div>');
4727+ var s = d.createElement('script');
4728+ s.type = 'text/javascript';
4729+ s.async = true;
4730+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
4731+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
4732+ }
4733+ else {
4734+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
4735+ }
4736+})(window, document);
4737+//--><!]]></script></div><div id="footer">
4738+<p class="apache">Copyright 2017 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
4739+<p class="menu"><a href="./mod/">���</a> | <a href="./mod/directives.html">���þ��</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">���</a> | <a href="./sitemap.html">����Ʈ��</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
4740+if (typeof(prettyPrint) !== 'undefined') {
4741+ prettyPrint();
4742+}
4743+//--><!]]></script>
4744+</body></html>
4745\ No newline at end of file
4746diff --git a/docs/manual/suexec.html.tr.utf8 b/docs/manual/suexec.html.tr.utf8
4747new file mode 100644
4748index 0000000..bed106c
4749--- /dev/null
4750+++ b/docs/manual/suexec.html.tr.utf8
4751@@ -0,0 +1,583 @@
4752+<?xml version="1.0" encoding="UTF-8"?>
4753+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4754+<html xmlns="http://www.w3.org/1999/xhtml" lang="tr" xml:lang="tr"><head>
4755+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
4756+<!--
4757+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
4758+ This file is generated from xml source: DO NOT EDIT
4759+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
4760+ -->
4761+<title>SuEXEC Desteği - Apache HTTP Sunucusu Sürüm 2.4</title>
4762+<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
4763+<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
4764+<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
4765+<script src="./style/scripts/prettify.min.js" type="text/javascript">
4766+</script>
4767+
4768+<link href="./images/favicon.ico" rel="shortcut icon" /></head>
4769+<body id="manual-page"><div id="page-header">
4770+<p class="menu"><a href="./mod/">Modüller</a> | <a href="./mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="./glossary.html">Terimler</a> | <a href="./sitemap.html">Site Haritası</a></p>
4771+<p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p>
4772+<img alt="" src="./images/feather.png" /></div>
4773+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="./images/left.gif" /></a></div>
4774+<div id="path">
4775+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Sunucusu</a> &gt; <a href="http://httpd.apache.org/docs/">Belgeleme</a> &gt; <a href="./">Sürüm 2.4</a></div><div id="page-content"><div id="preamble"><h1>SuEXEC Desteği</h1>
4776+<div class="toplang">
4777+<p><span>Mevcut Diller: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
4778+<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
4779+<a href="./ja/suexec.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
4780+<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
4781+<a href="./tr/suexec.html" title="Türkçe">&nbsp;tr&nbsp;</a></p>
4782+</div>
4783+
4784+ <p><strong>SuEXEC</strong> özelliği, Apache HTTP Sunucusu kullanıcılarına
4785+ <strong>CGI</strong> ve <strong>SSI</strong> programlarını sunucunun
4786+ aidiyetinde çalıştığı kullanıcıdan farklı bir kullanıcının aidiyetinde
4787+ çalıştırma olanağı verir. Normalde, <strong>CGI</strong> ve
4788+ <strong>SSI</strong> programlarını çalıştıranla sunucuyu çalıştıran
4789+ aynı kullanıcıdır.</p>
4790+
4791+ <p>Gerektiği gibi kullanıldığında bu özellik, kullanıcılara
4792+ <strong>CGI</strong> ve <strong>SSI</strong> programlarını çalıştırma
4793+ ve geliştirmeye izin vermekle ortaya çıkan güvenlik risklerini azaltır.
4794+ Bununla birlikte, <strong>suEXEC</strong> gerektiği gibi
4795+ yapılandırılmadığı takdirde bazı sorunlara yol açabilir ve bilgisayar
4796+ güvenliğinizde yeni delikler ortaya çıkmasına sebep olabilir.
4797+ Güvenlikle ilgili mevcut sorunlarla başa çıkmada ve <em>setuid
4798+ root</em> programları yönetmekte bilgi ve deneyim sahibi değilseniz
4799+ <strong>suEXEC</strong> kullanmayı kesinlikle düşünmemenizi
4800+ öneririz.</p>
4801+ </div>
4802+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">Başlamadan önce</a></li>
4803+<li><img alt="" src="./images/down.gif" /> <a href="#model">SuEXEC Güvenlik Modeli</a></li>
4804+<li><img alt="" src="./images/down.gif" /> <a href="#install">suEXEC’in Yapılandırılması ve Kurulumu</a></li>
4805+<li><img alt="" src="./images/down.gif" /> <a href="#enable">suEXEC’in etkin kılınması ve iptal edilmesi</a></li>
4806+<li><img alt="" src="./images/down.gif" /> <a href="#usage">SuEXEC’in kullanımı</a></li>
4807+<li><img alt="" src="./images/down.gif" /> <a href="#debug">SuEXEC ve hata ayıklama</a></li>
4808+<li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">Uyarılar ve Örnekler</a></li>
4809+</ul><h3>Ayrıca bakınız:</h3><ul class="seealso"><li><a href="#comments_section">Yorum</a></li></ul></div>
4810+<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4811+<div class="section">
4812+<h2><a name="before" id="before">Başlamadan önce</a></h2>
4813+
4814+ <p>Belgeye balıklama dalmadan önce, suexec'i kullanacağınız ortam ve
4815+ kendiniz hakkında yapılmış çeşitli kabuller hakkında bilgi sahibi
4816+ olmalısınız.</p>
4817+
4818+ <p>Öncelikle, üzerinde <strong>setuid</strong> va <strong>setgid</strong>
4819+ işlemlerinin yapılabildiği Unix türevi bir işletim sistemi
4820+ kullandığınızı varsayıyoruz. Tüm komut örnekleri buna dayanarak
4821+ verilmiştir. Bu desteğe sahip başka platformlar varsa onlardaki
4822+ yapılandırma burada anlattığımız yapılandırmadan farklı olabilir.</p>
4823+
4824+ <p>İkinci olarak, bilgisayarınızın güvenliği ve yönetimi ile ilgili bazı
4825+ temel kavramları bildiğinizi kabul ediyoruz. Buna
4826+ <strong>setuid/setgid</strong> işlemlerinin sisteminiz ve güvenlik
4827+ seviyesi üzerindeki etkilerini bilmek dahildir.</p>
4828+
4829+ <p>Üçüncü olarak, <strong>suEXEC</strong> kodunun
4830+ <strong>değiştirilmemiş</strong> bir sürümünü kullandığınızı
4831+ varsayıyoruz. Tüm suEXEC kodu, geliştiricilerin yanında sayısız beta
4832+ kullanıcısı tarafından dikkatle incelenmiş ve denenmiştir. Kodların hem
4833+ basit hem de sağlam bir şekilde güvenli olması için gerekli tüm
4834+ önlemler alınmıştır. Bu kodun değiştirilmesi beklenmedik sorunlara ve
4835+ yeni güvenlik risklerine yol açabilir. Özellikle güvenlikle ilgili
4836+ programlarda deneyimli değilseniz suEXEC kodunda kesinlikle bir
4837+ değişiklik yapmamalısınız. Değişiklik yaparsanız kodlarınızı gözden
4838+ geçirmek ve tartışmak üzere Apache HTTP Sunucusu geliştirme ekibi ile
4839+ paylaşmanızı öneririz.</p>
4840+
4841+ <p>Dördüncü ve son olarak, Apache HTTP Sunucusu geliştirme ekibinin
4842+ suEXEC’i öntanımlı httpd kurulumunun bir parçası yapmama kararından
4843+ bahsetmek gerekir. Bunun sonucu olarak, suEXEC yapılandırması sistem
4844+ yöneticisinin ayrıntılı bir incelemesini gerektirir. Gerekli incelemeden
4845+ sonra yönetici tarafından suEXEC yapılandırma seçeneklerine karar
4846+ verilip, normal yollardan sisteme kurulumu yapılır. Bu seçeneklerin
4847+ belirlenmesi, suEXEC işlevselliğinin kullanımı sırasında sistem
4848+ güvenliğini gerektiği gibi sağlamak için yönetici tarafından dikkatle
4849+ saptanmayı gerektirir. Bu sürecin ayrıntılarının yöneticiye bırakılma
4850+ sebebi, suEXEC kurulumunu, suEXEC’i dikkatle kullanacak yeterliliğe sahip
4851+ olanlarla sınırlama beklentimizdir.</p>
4852+
4853+ <p>Hala bizimle misiniz? Evet mi? Pekala, o halde devam!</p>
4854+</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
4855+<div class="section">
4856+<h2><a name="model" id="model">SuEXEC Güvenlik Modeli</a></h2>
4857+
4858+ <p>SuEXEC yapılandırması ve kurulumuna girişmeden önce biraz da
4859+ gerçekleşmesini istediğiniz güvenlik modelinin ayrıntıları üzerinde
4860+ duralım. Böylece, suEXEC’in içinde olup bitenleri ve sisteminizin
4861+ güvenliği için alınacak önlemleri daha iyi anlayabilirsiniz.</p>
4862+
4863+ <p><strong>suEXEC</strong> işlevselliği, Apache HTTP Sunucusu tarafından
4864+ gerektiği takdirde artalanda çalıştırılan bir setuid programa dayanır.
4865+ Bu program, bir CGI veya SSI betiğine bir HTTP isteği yapıldığı zaman,
4866+ bu betiği, yöneticinin ana sunucunun aidiyetinde çalıştığı kullanıcıdan
4867+ farklı olarak seçtiği bir kullanıcının aidiyetinde çalıştırmak için
4868+ çağrılır. Böyle bir istek geldiğinde, Apache httpd artalandaki setuid
4869+ programına, HTTP isteği yapılan programın ismiyle beraber aidiyetinde
4870+ çalışacağı kullanıcı ve grup kimliklerini de aktarır.</p>
4871+
4872+ <p>Artalanda çalıştırılan setuid program başarıyı ve başarısızlığı
4873+ aşağıdaki süreci izleyerek saptar. Bunlardan herhangi biri başarısız
4874+ olursa program başarısızlık durumunu günlüğe kaydeder ve bir hata
4875+ vererek çıkar. Aksi takdirde çalışmaya devam eder.</p>
4876+
4877+ <ol>
4878+ <li>
4879+ <strong>Setuid programı çalıştıran kullanıcı sistemin geçerli
4880+ kullanıcılarından biri mi?</strong>
4881+
4882+ <p class="indent">Bu, setuid programı çalıştıran kullanıcının
4883+ sistemin gerçek bir kullanıcısı olduğunudan emin olunmasını sağlar.
4884+ </p>
4885+ </li>
4886+
4887+ <li>
4888+ <strong>Setuid program yeterli sayıda argümanla çağrılmış mı?
4889+ </strong>
4890+
4891+ <p class="indent">Apache HTTP Sunucusunun artalanda çağırdığı
4892+ setuid program ancak yeterli sayıda argüman sağlandığı takdirde
4893+ çalışacaktır. Argümanların sayısını ve sırasını Apache HTTP sunucusu
4894+ bilir. Eğer setuid program yeterli sayıda argümanla çağrılmamışsa
4895+ ya kendisinde bir değişiklik yapılmıştır ya da kurulu Apache httpd
4896+ çalıştırılabilirinin suEXEC ile ilgili kısmında yanlış giden bir
4897+ şeyler vardır.</p>
4898+ </li>
4899+
4900+ <li>
4901+ <strong>Bu geçerli kullanıcının bu setuid programı çalıştırma
4902+ yetkisi var mı?</strong>
4903+
4904+ <p class="indent">Sadece tek bir kullanıcı (Apache’nin aidiyetinde
4905+ çalıştığı kullanıcı) bu programı çalıştırmaya yetkilidir.</p>
4906+ </li>
4907+
4908+ <li>
4909+ <strong>Hedef CGI veya SSI programı hiyerarşik olarak güvenliği
4910+ bozacak bir dosya yolu üzerinde mi?</strong>
4911+
4912+ <p class="indent">Hedef CGI veya SSI programının dosya yolu '/' veya
4913+ '..' ile başlıyor mu? Buna izin verilmez. Hedef CGI veya SSI
4914+ programı suEXEC’in belge kök dizininde yer almalıdır (aşağıda
4915+ <code>--with-suexec-docroot=<em>DİZİN</em></code> seçeneğine
4916+ bakınız).</p>
4917+ </li>
4918+
4919+ <li>
4920+ <strong>Hedef kullanıcı ismi geçerli mi?</strong>
4921+
4922+ <p class="indent">Hedef kullanıcı mevcut mu?</p>
4923+ </li>
4924+
4925+ <li>
4926+ <strong>Hedef grup ismi geçerli mi?</strong>
4927+
4928+ <p class="indent">Hedef grup mevcut mu?</p>
4929+ </li>
4930+
4931+ <li>
4932+ <strong>Hedef kullanıcı <code>root</code> değil, değil mi?</strong>
4933+
4934+ <p class="indent">Mevcut durumda, <code>root</code> kullanıcısının
4935+ CGI/SSI programlarını çalıştırmasına izin verilmemektedir.</p>
4936+ </li>
4937+
4938+ <li>
4939+ <strong>Hedef kullanıcı kimliği asgari kullanıcı numarasından
4940+ <em>BÜYÜK</em> mü?</strong>
4941+
4942+ <p class="indent">Asgari kullanıcı numarası yapılandırma sırasında
4943+ belirtilir. Böylece CGI/SSI programlarını çalıştırmasına izin
4944+ verilecek olası en düşük kullanıcı numarasını belirlemeniz mümkün
4945+ kılınmıştır. Bu bazı “sistem” hesaplarını devreden çıkarmak için
4946+ yararlıdır.</p>
4947+ </li>
4948+
4949+ <li>
4950+ <strong>Hedef grup <code>root</code> değil, değil mi?</strong>
4951+
4952+ <p class="indent"><code>root</code> grubunun CGI/SSI
4953+ programlarını çalıştırmasına izin verilmemektedir.</p>
4954+ </li>
4955+
4956+ <li>
4957+ <strong>Hedef grup numarası asgari grup numarasından
4958+ <em>BÜYÜK</em> mü?</strong>
4959+
4960+ <p class="indent">Asgari grup numarası yapılandırma sırasında
4961+ belirtilir. Böylece CGI/SSI programlarını çalıştırmasına izin
4962+ verilecek olası en düşük grup numarasını belirlemeniz mümkün
4963+ kılınmıştır. Bu bazı “sistem” hesaplarını devreden çıkarmak için
4964+ yararlıdır.</p>
4965+ </li>
4966+
4967+ <li>
4968+ <strong>Apache’nin artalanda çağırdığı setuid program hedef
4969+ kullanıcı ve grubun aidiyetine geçebildi mi?</strong>
4970+
4971+ <p class="indent">Bu noktadan itibaren program setuid ve setgid
4972+ çağrıları üzerinden hedef kullanıcı ve grubun aidiyetine geçer.
4973+ Erişim grubu listesi de ayrıca kullanıcının üyesi olduğu tüm
4974+ gruplara genişletilir.</p>
4975+ </li>
4976+
4977+ <li>
4978+ <strong>Hedef CGI/SSI programının bulunduğu dizine geçebildik mi?
4979+ </strong>
4980+
4981+ <p class="indent">Dizin mevcut değilse dosyaları da içeremez. Hedef
4982+ dizine geçemiyorsak bu, dizin mevcut olmadığından olabilir.</p>
4983+ </li>
4984+
4985+ <li>
4986+ <strong>Hedef dizin Apache için izin verilen yerlerden biri mi?
4987+ </strong>
4988+
4989+ <p class="indent">İstek sunucunun normal bir bölümü için yapılmış
4990+ olsa da istenen dizin acaba suEXEC’in belge kök dizini altında mı?
4991+ Yani, istenen dizin, suEXEC’in aidiyetinde çalıştığı kullanıcının
4992+ ev dizini altında bulunan, <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code> ile belirtilen dizinin altında mı? (<a href="#install">suEXEC’in yapılandırma seçeneklerine</a>
4993+ bakınız).</p>
4994+ </li>
4995+
4996+ <li>
4997+ <strong>Hedef dizin başkaları tarafından yazılabilen bir dizin değil,
4998+ değil mi?</strong>
4999+
5000+ <p class="indent">Başkaları da yazabilsin diye bir dizin açmıyoruz;
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches