On Thursday 15 November 2001 10:00 pm, [EMAIL PROTECTED] wrote:
> The presence of this set of directives throws a wrench into the works:
> > <LimitExcept GET PROPFIND OPTIONS REPORT>
> > require valid-user
> > </LimitExcept>
>
> The code that parses this from the conf file sees "REPORT" as a
> request type, sez, "Hmm...I dunno what REPORT is, so just to be safe
> I'll dynamically register that method" [see core.c:ap_limit_section()]:
>
> else if (methnum == M_INVALID) {
> /* method has not been registered yet, but resorce restriction
> * is always checked before method handling, so register it.
> */
> methnum = ap_method_register(cmd->pool, method);
>
> This results in the REPORT requests being assigned a request number
> that is NOT M_INVALID (in fact, in my specific instance it's M_INVALID
> + 1, which I suppose is the first of many slots for dynamically
> registered request types).
>
> So, we get down into mod_dav.c, in dav_handler(), and after a series
> of checks to see if the incoming request has a known request number,
> dav_handler() make a quick sanity check:
>
> /*
> * NOTE: When Apache moves creates defines for the add'l DAV methods,
> * then it will no longer use M_INVALID. This code must be
> * updated each time Apache adds method defines.
> */
> if (r->method_number != M_INVALID) {
> return DECLINED;
> }
>
> It's this sanity check which is failing. The REPORT request has a
> valid request number, but obviously not one that mod_dav could use --
> since the number is dynamically allotted, who's to say it will always
> be M_INVALID + 1. I betcha I could modify the conf file in such a way
> that some other request type got that slot and REPORT got a different
> one.
>
> I'm not sure what the right fix is, having no real knowledge of
> httpd's internals. The options that come to mind are:
>
> * Have the server NOT register the REPORT request type.
>
> But this seems like a bad idea...I assume that code is there for a
> reason, and the comment above it may be all the reason that's
> needed.
>
> * Remove the sanity check from mod_dav.c
>
> We *know* this works (that's how the code is on svn.collab.net
> today), but it means that every unregistered request type coming
> into mod_dav will suffer about 20 strcmp's. That sucks. But, I
> can't think of anything else offhand to solve it.
Option 3. :-) We have APIs to allow you to check the dynamically registered
methods.
Ryan
______________________________________________________________
Ryan Bloom [EMAIL PROTECTED]
Covalent Technologies [EMAIL PROTECTED]
--------------------------------------------------------------
