merge from trunk to acl6 branch

ChangeLog

@@ -1,4 +1,8 @@
 *******************************************************************************
+Thu Mar  7 08:13:09 PST 2002
+merge from trunk to acl6 branch
+cmd: join.sh trunk trunk_to_acl6_merge7 trunk_to_acl6_merge8 aserve
+*******************************************************************************
 Mon Jan 21 13:58:24 PST 2002
 merge from trunk to acl6 branch
 cmd: join.sh trunk trunk_to_acl6_merge6 trunk_to_acl6_merge7 aserve
@@ -36,6 +40,29 @@ command: ../../join.sh trunk trunk_to_acl61_merge1 trunk_to_acl61_merge2 aserve
 merge from trunk to acl61 branch
 command: ../../join.sh trunk acl61 trunk_to_acl61_merge1 aserve
 *******************************************************************************
+2002-02-28  John Foderaro  <jkf@tiger.franz.com>
+1.2.23
+>>>	*  incompatible change:
+	    The path part of a uri can't contain certain characters
+	    unless they are escaped like %xx.  Even characters that
+	    needn't be escaped *can* be escaped.  Thus to canonicalize
+	    the uri path and to allow it to be easily mapped to filenames
+	    we now decode the uri path (convert %xx to the actual character)
+	    before processing it (looking for matches in the published
+	    entities).   If you had published a path like "foo%20bar"
+	    then you must change it to "foo bar".
+	 * cgi.cl - add default for :script-name arg
+	 * various - open socket in nodelay mode to maximize performance
+
+
+
+2002-02-13  John Foderaro  <jkf@tiger.franz.com>
+1.2.22
+	* authorize.cl - add new authorizer: function-authorizer
+
+	* cgi.cl - run-cgi-program takes a :env arguemnt to allow
+	    additional environment variables to be specified.
+
 2002-01-15  John Foderaro  <jkf@tiger.franz.com>
 1.2.21
 	* main.cl - fix bug where the value of 

authorize.cl

@@ -23,7 +23,7 @@
 ;; Suite 330, Boston, MA  02111-1307  USA
 ;;
 
-;; $Id: authorize.cl,v 1.4.10.1 2002/01/21 21:58:52 layer Exp $
+;; $Id: authorize.cl,v 1.4.10.2 2002/03/07 16:13:55 layer Exp $
 
 ;; Description:
 ;;   classes and functions for authorizing access to entities
@@ -52,7 +52,7 @@
 	    :initform nil)
    (realm  :accessor password-authorizer-realm
 	   :initarg :realm
-	   :initform "Allegro iServe")
+	   :initform "AllegroServe")
    ))
 
 
@@ -180,7 +180,23 @@
     ))
 
 
-
+;; - function authorization
+
+(defclass function-authorizer (authorizer)
+  ((function :accessor function-authorizer-function
+	     :initarg :function
+	     :initform nil)))
+
+(defmethod authorize ((auth function-authorizer)
+		      (req http-request)
+		      (ent entity))
+  (let ((fun (function-authorizer-function auth)))
+    (if* fun
+       then (funcall fun req ent auth))))
+
+
+
+
 
 
 

cgi.cl

@@ -23,7 +23,7 @@
 ;; Suite 330, Boston, MA  02111-1307  USA
 ;;
 ;;
-;; $Id: cgi.cl,v 1.5.4.2 2002/01/21 21:58:52 layer Exp $
+;; $Id: cgi.cl,v 1.5.4.3 2002/03/07 16:13:55 layer Exp $
 
 ;; Description:
 ;;   common gateway interface (running external programs)
@@ -39,11 +39,12 @@
 			&key
 			path-info
 			path-translated
-			script-name
+			(script-name (net.uri:uri-path (request-uri req)))
 			(query-string nil query-string-p)
 			auth-type
 			(timeout 200)
 			error-output
+			env
 			)
   ;; program is a string naming a external command to run.
   ;; invoke the program after setting all of the environment variables
@@ -155,6 +156,18 @@
 					       (string (car head)))))
 			  (cdr head))
 		    envs)))
+
+    (dolist (header env)
+      (if* (not (and (consp header)
+		     (stringp (car header))
+		     (stringp (cdr header))))
+	 then (error "bad form for environment value: ~s" header))
+      (let ((ent (assoc (car header) envs :test #'equal)))
+	(if* ent
+	   then ; replace value with user specified value
+		(setf (cdr ent) (cdr header))
+	   else ; add new value
+		(push header envs))))
 
     ;; now to invoke the program
     ;; this requires acl6.1 on unix since this is the first version

client.cl

@@ -23,7 +23,7 @@
 ;; Suite 330, Boston, MA  02111-1307  USA
 ;;
 ;;
-;; $Id: client.cl,v 1.21.2.6 2002/01/21 21:58:52 layer Exp $
+;; $Id: client.cl,v 1.21.2.7 2002/03/07 16:13:55 layer Exp $
 
 ;; Description:
 ;;   http client code.
@@ -398,13 +398,15 @@ or \"foo.com:8000\", not ~s" proxy))
 					     :remote-port pport
 					     :format :bivalent
 					     :type net.aserve::*socket-stream-type*
+					     :nodelay t
 					     )))
        else (setq sock 
 	      (socket:make-socket :remote-host host
 				  :remote-port port
 				  :format :bivalent
 				  :type 
 				  net.aserve::*socket-stream-type*
+				  :nodelay t
 
 				  ))
 	    (if* ssl

doc/aserve.html

@@ -8,7 +8,7 @@
 <body>
 
 <h1 align="center">AllegroServe - A Web Application Server<br>
-<small><small><small>version <font face="Courier New">1.2.21</font></small></small></small></h1>
+<small><small><small>version <font face="Courier New">1.2.23</font></small></small></small></h1>
 
 <p align="left"><strong><small>copyright(c) 2000-2001. Franz Inc</small></strong></p>
 
@@ -62,6 +62,7 @@ <h2 align="left">Table of Contents</h2>
 &nbsp; <a href="#f-set-basic-authorization">set-basic-authorization</a><br>
 &nbsp; <a href="#c-password-authorizer">password-authorizer</a><br>
 &nbsp; <a href="#c-location-authorizer">location-authorizer</a></font><br>
+&nbsp;&nbsp;&nbsp;&nbsp; <a href="#c-function-authorizer"><font face="Courier New">function-authorizer</font></a><br>
 <a href="#cookies">Cookies</a><br>
 <font face="Courier New">&nbsp; <a href="#f-set-cookie-header">set-cookie-header</a><br>
 &nbsp; <a href="#f-get-cookie-values">get-cookie-values</a></font><br>
@@ -288,9 +289,13 @@ <h3>Components of a request</h3>
 
 <ul>
   <li>the <strong>path</strong> of the url.&nbsp; This is the part of the url after the host
-    name and before the query string (if any).&nbsp; For example in the url&nbsp; <a
-    href="http://bar.com:8030/files/foo?xx=3&amp;yy=4">http://bar.com:8030/files/foo?xx=3&amp;yy=4</a>
-    the part we call the path&nbsp; is just <strong>/files/foo.</strong></li>
+    name and before the query string (if any).&nbsp; For example in the url&nbsp; <font
+    color="#0080FF"><u><strong>http://bar.com:8030/files/foo?xx=3&amp;yy=4</strong></u></font>
+    the part we call the path&nbsp; is just <strong><font color="#0080FF">/files/foo</font>.<br>
+    If </strong>the path contains escaped characters (e.g. /foo%20bar) then we replace the %xx
+    in the path with the actual character before processing the request.&nbsp; Thus if you're
+    publishing an entity to handle a uri such as <font color="#0080FF"><u><strong>http://www.machine.com/foo%20bar</strong></u></font>
+    you should publish the path <strong>&quot;foo bar&quot;</strong> and <em>not</em> <strong>&quot;foo%20bar&quot;</strong>.</li>
   <li>the <strong>host</strong> to which the request is directed.&nbsp;&nbsp; This is not
     necessarily the host that is receiving the request due to virtual hosts and proxy
     servers.&nbsp; This value comes from the <strong>Host:</strong> header line, if one is
@@ -619,8 +624,11 @@ <h3>Allow and Deny Processing</h3>
 to subdirectories<br>
 ; publish html and cgi files, but not those beginning with a period<br>
 (:files :allow (&quot;\\.html$&quot; &quot;\\.cgi$&quot;) :deny (&quot;^\\.&quot;)) <br>
-(:mime :types ((&quot;text/jil&quot; &quot;jil&quot; &quot;jlc&quot;) (&quot;text/c&quot;
-&quot;c&quot; &quot;cc&quot;)))</font></p>
+; specify mime type for non-standard file extensions.&nbsp; Also<br>
+; specify that a file named exactly ChangeLog should be given<br>
+; mime type &quot;text/plain&quot;<br>
+(:mime :types ((&quot;text/jil&quot; &quot;jil&quot; &quot;jlc&quot;)
+(&quot;text/plain&quot; &quot;cl&quot; (&quot;ChangeLog&quot;))))</font></p>
 
 <p>&nbsp;</p>
 
@@ -1059,7 +1067,7 @@ <h2><a name="cgi-program"></a>CGI Program Execution</h2>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 script-name query-string <br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-auth-type timeout error-output)</strong></font></p>
+auth-type timeout error-output env)</strong></font></p>
 
 <p>In response to an http request, this runs <strong>program</strong> which must be a
 string naming an exectuable program or script followed optionally by command line
@@ -1074,7 +1082,15 @@ <h2><a name="cgi-program"></a>CGI Program Execution</h2>
 variable, and similarly for<strong> path-translated, script-name, query-string</strong>
 and <strong>auth-type.</strong>&nbsp;&nbsp; If <strong>query-string</strong> is <em>not</em>
 given and the <strong>uri</strong> that invoked this request contains a query part then
-that query part is passed in the QUERY_STRING environment variable.</p>
+that query part is passed in the QUERY_STRING environment variable.&nbsp;&nbsp; If <strong>script-name</strong>
+is not given then its value defaults to the path of the uri of the request.&nbsp;&nbsp; If
+you wish to add or modify the environment variables set for the cgi process you can
+specify a value for <strong>env.&nbsp; </strong>The value of <strong>env</strong> should
+be a list of conses, the car of each cons containing the environment variable name (a
+string) and the cdr of each cons containing the environment variable value (a
+string).&nbsp;&nbsp; <strong>env</strong> is checked after all the standard environment
+variables are computed and the value given in <strong>env</strong> will override the value
+computed automatically.</p>
 
 <p>cgi programs send their result to standard output (file descriptor 1 on Unix).&nbsp; If
 they encounter problems they often send informative messages to standard error (file
@@ -1468,9 +1484,9 @@ <h3>authorizer classes</h3>
 
 <p>If an entity has an associated <strong>authorizer</strong> object, then before that
 entity's response function is run the authorizer is tested to see if&nbsp; it will accept
-or deny the current request.&nbsp;&nbsp;&nbsp; AllegroServe supplies two interesting
-subclasses of <strong>authorizer</strong> and users are free to add their own subclasses
-to support their own authorization needs.&nbsp;&nbsp; </p>
+or deny the current request.&nbsp;&nbsp;&nbsp; AllegroServe supplies three &nbsp;
+interesting subclasses of <strong>authorizer</strong> and users are free to add their own
+subclasses to support their own authorization needs.&nbsp;&nbsp; </p>
 
 <p>The protocol followed during authorization is this: 
 
@@ -1618,6 +1634,26 @@ <h3>authorizer classes</h3>
 
 </pre>
 
+<p><strong><a name="c-function-authorizer"></a>function-authorizer </strong>&nbsp; [class]</p>
+
+<p>This authorizer contains a function provided by the user which is used to test if the
+request is authorized.&nbsp;&nbsp; The function take three arguments, the http-request
+object, the entity and the authorizer object.&nbsp;&nbsp; It must return one of the four
+value that the <strong>authorize</strong> function returns, namely <strong>t, nil :deny</strong>
+or <strong>:done.</strong></p>
+
+<p>A function-authorizer is created as follows</p>
+
+<pre>(make-instance 'function-authorizer
+    :function #'(lambda (req ent auth)
+                          t  ; always authorize
+                 ))</pre>
+
+<p>The function slot can be set using (setf function-authorizer-function) if you wish to
+change it after the authorizer has been created.</p>
+
+<p>&nbsp;</p>
+
 <h2><a name="cookies"></a>Cookies</h2>
 
 <p>Cookies are name value pairs that a web server can direct a web browser to save and

doc/tutorial.html

@@ -62,17 +62,17 @@ <h1>Starting AllegroServe</h1>
 
 <p>Now the web server is up and running.&nbsp;&nbsp; Let's assume that we're running
 AllegroServe on a machine named <strong>test.franz.com</strong>.&nbsp; If you now go to a
-web browser and ask for <a href="http://test.franz.com">http://test.franz.com</a>&nbsp;
+web browser and ask for <font color="#0080FF"><u><strong>http://test.franz.com</strong></u></font>&nbsp;
 you will contact this AllegroServe server and it will respond that whatever you asked for
-wasn't found on the server (since we haven't published any pages).&nbsp; You can also try <a
-href="http://test">http://test</a> and get the same result (although the response message
-will be slightly different).&nbsp; If you are running the web browser on test.franz.com as
-well you can ask for <a href="http://localhost">http://localhost</a> and get a similar
-&quot;not found&quot; response.&nbsp;&nbsp;&nbsp; This demonstrates that web servers are
-known by many names.&nbsp; If you choose to take advantage of that (creating what are
-known as <strong>Virtual Hosts</strong>) then AllegroServe will support you .&nbsp;
-However if you want to create web pages that are served by whatever name can be used to
-reach the server, then AllegroServe will allow you to do that as well.</p>
+wasn't found on the server (since we haven't published any pages).&nbsp; You can also try <font
+color="#0080FF"><u><strong>http://test</strong></u></font> and get the same result
+(although the response message will be slightly different).&nbsp; If you are running the
+web browser on test.franz.com as well you can ask for <font color="#0080FF"><u><strong>http://localhost</strong></u></font>
+and get a similar &quot;not found&quot; response.&nbsp;&nbsp;&nbsp; This demonstrates that
+web servers are known by many names.&nbsp; If you choose to take advantage of that
+(creating what are known as <strong>Virtual Hosts</strong>) then AllegroServe will support
+you .&nbsp; However if you want to create web pages that are served by whatever name can
+be used to reach the server, then AllegroServe will allow you to do that as well.</p>
 
 <p>Type <strong>:proc</strong> to Lisp and look at which Lisp lightweight processes are
 running:</p>
@@ -108,22 +108,21 @@ <h1>Publishing a file</h1>
 #&lt;net.aserve::file-entity @ #x2076e0c2&gt;
 tutorial(31):</pre>
 
-<p>If you are running on Windows then the file will have a name like 
-c:\tmp\sample.txt&nbsp;&nbsp; When this file name is
-written in a Lisp string it would be &quot;c:\\tmp\\sample.txt&quot;
-due to the special nature of the backslash character.</p>
+<p>If you are running on Windows then the file will have a name like
+c:\tmp\sample.txt&nbsp;&nbsp; When this file name is written in a Lisp string it would be
+&quot;c:\\tmp\\sample.txt&quot; due to the special nature of the backslash character.</p>
 
-<p>Now if we ask a web browser for <a href="http://test.franz.com/foo">http://test.franz.com:8000/foo</a>
+<p>Now if we ask a web browser for <font color="#0080FF"><u><strong>http://test.franz.com:8000/foo</strong></u></font>
 we'll see the contents of the file in the web browser.&nbsp; Since we didn't specify a
 content-type in the call to <strong>publish-file</strong> the content-type will be
 determined by the &quot;<strong>txt</strong>&quot; file type, which is associated with the
 &quot;<strong>text/plain</strong>&quot; content-type.</p>
 
 <p>Because we didn't specify a <strong>:host</strong> argument to <strong>publish-file </strong>AllegroServe
 will return this page to any browser regardless of the host name used to name the machine.
-&nbsp; So AllegroServe will respond to requests for <a href="http://test.franz.com/foo">http://test.franz.com:8000/foo</a>
-and <a href="http://test/foo">http://test:8000/foo</a> and <a href="http://localhost/foo">http://localhost:8000/foo</a>.
-&nbsp;&nbsp; </p>
+&nbsp; So AllegroServe will respond to requests for <font color="#0080FF"><u><strong>http://test.franz.com:8000/foo</strong></u></font>
+and <font color="#0080FF"><u><strong>http://test:8000/foo</strong></u></font> and <font
+color="#0080FF"><u><strong>http://localhost:8000/foo</strong></u></font>. &nbsp;&nbsp; </p>
 
 <p>If we do </p>
 
@@ -132,21 +131,21 @@ <h1>Publishing a file</h1>
 #&lt;net.aserve::file-entity @ #x2076e0c2&gt;
 tutorial(31):</pre>
 
-<p>Then AllegroServe will only respond to requests for <a href="http://test.franz.com/foo">http://test.franz.com:8000/foo</a>.
+<p>Then AllegroServe will only respond to requests for <font color="#0080FF"><u><strong>http://test.franz.com:8000/foo</strong></u></font>.
 &nbsp; If we do</p>
 
 <pre>tutorial(30): (publish-file :path &quot;/foo&quot; :file &quot;/tmp/sample.txt&quot; 
                             :host (&quot;test&quot; &quot;test.franz.com&quot;))
 #&lt;net.aserve::file-entity @ #x2076e0c2&gt;
 tutorial(31):</pre>
 
-<p>Then AllegroServe will only respond to <a href="http://test.franz.com/foo">http://test.franz.com:8000/foo</a>
-and <a href="http://test/foo">http://test:8000/foo</a>.&nbsp;&nbsp;&nbsp; This type of
-restriction is useful if you want to create the illusion that a single machine is really a
-set of machines, each with its own set of web pages.&nbsp;&nbsp; Suppose that the machine <strong>test.franz.com</strong>
-also had the name <strong>sales.franz.com</strong>.&nbsp; You could publish two different
-ways to respond to the &quot;<strong>/foo</strong>&quot; url, depending on the host name
-specified in the request</p>
+<p>Then AllegroServe will only respond to <font color="#0080FF"><u><strong>http://test.franz.com:8000/foo
+</strong></u></font>and <font color="#0080FF"><u><strong>http://test:8000/foo</strong></u></font>.&nbsp;&nbsp;&nbsp;
+This type of restriction is useful if you want to create the illusion that a single
+machine is really a set of machines, each with its own set of web pages.&nbsp;&nbsp;
+Suppose that the machine <strong>test.franz.com</strong> also had the name <strong>sales.franz.com</strong>.&nbsp;
+You could publish two different ways to respond to the &quot;<strong>/foo</strong>&quot;
+url, depending on the host name specified in the request</p>
 
 <pre>tutorial(30): (publish-file :path &quot;/foo&quot; :file &quot;/tmp/<strong>test</strong>-sample.txt&quot; 
                             :host &quot;<strong>test</strong>.franz.com&quot;)
@@ -155,9 +154,9 @@ <h1>Publishing a file</h1>
                             :host &quot;<strong>sales</strong>.franz.com&quot;)
 #&lt;net.aserve::file-entity @ #x2076e324&gt;</pre>
 
-<p>Now you will get different results if you ask for&nbsp; <a
-href="http://test.franz.com/foo">http://test.franz.com:8000/foo</a> and <a
-href="http://sales.franz.com/foo">http://sales.franz.com:8000/foo</a>. </p>
+<p>Now you will get different results if you ask for&nbsp;<font color="#0080FF"><u><strong>
+http://test.franz.com:8000/foo</strong></u></font> and <font color="#0080FF"><u><strong>http://sales.franz.com:8000/foo</strong></u></font>.
+</p>
 
 <h1>Publishing a computed page</h1>
 
@@ -301,7 +300,7 @@ <h1>Publishing a form</h1>
 
 <h2>form data in a query string</h2>
 
-<p>In a url like <a href="http://www.machine.com/foo/bar?name=joe&amp;age=34">http://www.machine.com/foo/bar?name=gen&amp;age=28</a>
+<p>In a url like <font color="#0080FF"><u><strong>http://www.machine.com/foo/bar?name=gen&amp;age=28</strong></u></font>
 the characters after the question mark are the <strong>query-string</strong>. &nbsp;&nbsp;
 The query string is <strong>not</strong> used by AllegroServe to determine the entity to
 handle the request.&nbsp; When the entity begins processing the request it can ask for the
@@ -542,9 +541,8 @@ <h2>source address</h2>
 </pre>
 
 <p>To see how this example works differently depending on whether the access is through
-the loopback network or the regular network, try accessing it via <a
-href="http://localhost:8000/local-secret">http://localhost:8000/local-secret</a> and <a
-href="http://test.franz.com:8000/local-secret">http://test.franz.com:8000/local-secret</a>
+the loopback network or the regular network, try accessing it via <font color="#0080FF"><u><strong>http://localhost:8000/local-secret</strong></u></font>
+and <font color="#0080FF"><u><strong>http://test.franz.com:8000/local-secret</strong></u></font>
 &nbsp; (where we are assuming that you are running on <strong>test-franz.com</strong>). </p>
 
 <h1>Multiple servers</h1>