• last updated 9 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Bug fix: avoid confusion between command argument and option, when argument starts with "-"

  1. … 81 more files in changeset.
Bugfix ad_user_login

-expire flag for ad_set_signed_cookie (and therefore ad_set_cookie) was not specified by ad_user_login and set false per-default. This prevented parameters to set cookie expiration to have an effect, even when -max_age was correctly specified.

Now we set the -expire flag according to the -forever flag.

merged changes from the oacs-5-9 branch and resolved conflicts

  1. … 7834 more files in changeset.
- add [ad_conn behind_proxy_p] and [ad_conn behind_secure_proxy_p] to centralize logic

- use the new function fix [security::get_qualified_url] when running behind a proxy

  1. … 2 more files in changeset.
- Dont add host_node_id to query parameter when it is set to 0

Provide more infrastructure support for host-node-maps for more flexible domain handling

- add optional -cookie_domain parameter to the following functions

ad_user_login

ad_user_logout

sec_generate_session_id_cookie

auth::issue_login (wrapper for ad_user_login)

if not specified, the functions are full backward compatible

- add optional parameter -host_node_id to auth::authenticate

which refers to the node_id in the host-node-map

- pass host_node_id from from/to register pages

TODO:

1) probably, sec_generate_session_id_cookie picks up the wrong

session_id via [ad_conn session_id]

2) check interaction with CookieDomain (probably, we need

must not pass host_node_id wheren CookieDomain is non-empty)

  1. … 7 more files in changeset.
- fix bug for obtaining logout_url on host-node mapped subsites

- factor out security::get_register_subsite to streamline behavior of ad_get_login_url and ad_get_logout_url

security::driver: consider additionally nsssl_v4 nsssl_v6 as possible names

Make sure that driver dict d is set in host-node-mapped cases (many thanks to stefan sobernig for pointin that out)

- Refactor ad_get_login_url reduce replicated code and to make semantics clearer

- ad_get_login_url handles now as well cases, where a subsite is mapped to an application package on a subsite

- fix a bug in util_current_location in connection with hostnode map

  1. … 2 more files in changeset.
allow host header fields with trailing dots (as these are allowed from DNS)

Standardize spelling of names of products (Tcl, AOLserver, PostgreSQL, NaviServer)

  1. … 43 more files in changeset.
Fix editing bug

Fix spelling errors

  1. … 22 more files in changeset.
- Tcl idioms: simplify access to first character

  1. … 8 more files in changeset.
- fix name/address check: one should not check for the hostname (or

its IP address), but the for DNS name of the configured driver and

its IP addresses. If a host has multiple IP addresses, there might

not be a nsd driver configured on the hostname of the machine.

- make documentation more precise

- provide cross references to similar commands

  1. … 1 more file in changeset.
- fix variable name in lmap statement

- push coockie encoding to emulation level (naviserver does this natively, the aolserver variant handles it no the low-level functions)

  1. … 1 more file in changeset.
ease reading of debug messages; don't unset coockie(s) if there is no session cookie

Fix security::validated_host_header on configurations without virtual hosts

Streamlined one more place with new infrastructure (security::configured_driver_info)

Simplified code, improved documentation

- improve documentation

Prettify code

- improve proc documentation

- Make security::locations aware of potentially multiple drivers listening on multiple ports

- use "ns_driver info" when available

  1. … 1 more file in changeset.
security::validated_host_header:

- check also in nssock sections for v4 and v6

- check as well virtual server configuration

- perform nonce-computation independent of user_id computation

- put resetting of untrusted user_id to the right place

  1. … 1 more file in changeset.
- provide initial value for untrusted user_id

- setting nonce always (also for non-authenticated requests)