Re: Possible bug in libapreq

[Issac Goldstand]

I took a peek at this.  Basically, Joseph and the folks at Mozilla found
that some odd quirk in FireFox is causing the bytestream to be sent with
funny packet payloads of, mostly, 1 byte, 4095 bytes, 1 byte, 4095
bytes, etc.  That seems to be a client issue.

What's happening is that occasionally, we get a 0 byte payload (as can
be seen in a log Joseph posted at
http://staging.sr.admission.net/joetemp/libapreq_debug_ff20_win32_https.txt).
 Once that happens, multipart_buffer_read returns 0 and
ApacheRequest_parse_multipart breaks out of the data-reading loop for
that parameter and starts reading line-by-line looking for the next
boundary/header (which it may or may not find since we're treating
binary data as text, so all bets are off).

I'm not sure how we can hack around that (nor should we if it can be
fixed) and my personal opinion is this is still FireFox's problem; not
ours.

I'll CC this to the bug report at rt.cpan.org and Mozilla's bugzilla.

  Issac

Joseph Huckaby wrote:
 Hey libapreq dev team,
 
 I recently logged a bug for Firefox 2.0 which results in corrupted
 file uploads over HTTPS (Firefox 2.0 Win32 only).  However, further
 research seems indicate libapreq may be involved (I cannot
 reproduce it outside libareq, for instance using PHP or the Perl CGI
 module).  If you have a moment can you take a look and see what you
 think?  Here is the Firefox bug report:
 
 https://bugzilla.mozilla.org/show_bug.cgi?id=356470
 
 Thanks!  I use your excellent Apache::Request module extensively in my
 company's core software (Apache 1.3.x, libapreq 1.33), and we're not
 sure what to do about Firefox 2.0.
 
 The bug appears to have to do with the way libapreq reads bytes off
 the incoming socket.  With Firefox 2.0 Win32 HTTPS occasionally it
 reads 0 bytes, and then drops out of the loop and discards up to 200K
 from the file being uploaded.  It's all detailed out in the FF bug
 report.
 
 - Joe
 
 Joseph Huckaby
 Lead Software Engineer
 AdMission Corporation
 http://www.admissioncorp.com

Re: Customize lib path list (lib64 et al)?

[Joe Orton]

On Sun, Jan 07, 2007 at 06:09:38PM -0600, William Rowe wrote:
 There is a very slick feature in perl, burried quite deeply, that
 might be useful for our users of ./configure (and apr's as well.)
 
 loclibpth/locincpth define the system search order

They don't, though.  The *toolchain* defines the header/library search 
paths and there is no portable way to extract those paths from the 
toolchain.  configure code which requires knowledge of the search paths 
is hence inevitably broken and non-portable, and usually fails to obey 
CPPFLAGS/LDFLAGS to boot.

joe

segfault w/ APR_BUCKET_PREV...

[Drew Bertola]

Happy Monday,

I'm getting a segfault whenever I try to read the next bucket.  I'm
trying to do this without losing the current bucket.

If I do:

b = APR_BUCKET_NEXT(b);
apr_bucket_read(b, str, len, APR_NONBLOCK_READ);
b = APR_BUCKET_PREV(b);

I get a segfault.

I'm not sure what the correct way to go about this is, but what it
amounts to is trying to test for a strmatch spanning across adjacent
buckets.

My code looks like this (with the irrelevant bits removed):

  /*
   * We're finished finding full matches in the current bucket,
   * but we need to consider the case of matches that would span
   * the current bucket and the next bucket.
   *
   * Actually, we don't need to do this if we're not inserting
   * globally (flag done is set) or if the next bucket is an EOS
   * or FLUSH bucket.
   *
   * First we'll grab the largest possible partial match from
   * the tail of our current bucket.  That will be the last
   * (strlen(match_str) - 1) characters.
   *
   * Then, we'll prefetch and read the next bucket, then
   * concat the tail piece we grabbed to the head of the
   * next bucket.  We'll search for a match within the len of
   * the current tail piece.
   *
   * If we don't find a match, that means we had no partial
   * match and can go on to cycling through the buckets in a
   * normal fasion.  To flag for this case, we'll set our
   * tail_str to NULL.
   *
   * Otherwise:
   *
   * - If we're inserting before a match, we should process it now.
   *
   * - If we're replacing the match, we should split our
   * current bucket at the match point and disregard the split
   * off tail.  We'll then ...
   * 
   * - If we're inserting after a match, we should ...
   */
  if ( ( ! done ) 
   ( ! APR_BUCKET_IS_EOS(APR_BUCKET_NEXT(b)) ) 
   ( ! APR_BUCKET_IS_FLUSH(APR_BUCKET_NEXT(b)) ) )
{
  char *tmp_str = NULL;

  tail_str = apr_pstrdup(f-r-pool, str);
 
  if ( len  strlen(cfg-match_str) )
{
  tail_str[len] = '\0';
}
  else
{
  tail_str += (len - strlen(cfg-match_str)) + 1;
  tail_str[strlen(cfg-match_str)] = '\0';
}
 
  len_tail = strlen(tail_str);

  b = APR_BUCKET_NEXT(b);

  apr_bucket_read(b,
  str,
  len,
  APR_NONBLOCK_READ);

  b = APR_BUCKET_PREV(b);
 
  . . .


Any ideas?

--
Drew

Re: [VOTE] httpd-2.2.4 release candidate for review

[Jim Jagielski]

On Jan 6, 2007, at 2:41 AM, William A. Rowe, Jr. wrote:

http://httpd.apache.org/dev/dist/ will soon (within the hour, upon  
resync)

contain the following tarballs for approval

httpd-2.2.4.tar.bz2 [.asc|.md5]
httpd-2.2.4.tar.gz [.asc|.md5]
httpd-2.2.4-win32-src.zip [.asc|.md5]

 +/-1
 [  ] Release httpd 2.2.4

Let the voting begin, and kick off 2.2.5 efforts.  I understand Jim  
is still

interested in RM'ing 2.2.5 later this month.



Tested via Perl test framework, no regressions:

   OS X 10.4.8 (PPC)
   Sol 8
   SUSE 10.0
   FreeBSD 5.5R

Bug 35083 - SSL error trapping

[Marc Stern - Approach]

I patched mod_ssl to trap SSL errors related to certificate validation, 
allow the SSL connection anyway, then redirect to an error page.
Although this works well, this is not implemented the best way, and I 
got some feedback on how to do it better.
Before implementing it, I'd like to check some points, after an in-depth 
thought.


1. The current idea is to trap validation-related errors, like 
certificate expiration/revocation.
Shouldn't we also trap negotiation errors, like incompatible 
ciphersuites and protocols between browser and server ?

Maybe other ones ?

2. Recommendations are to use one directive to relax the check on 
certificates (or on ciphersuites, ...), and other ones to trap errors by 
checking environment variables and redirect the 403 errors to a specific 
page.
a. Doesn't this introduce a security risk, in case the check on 
certificates is relaxed and the other directives are not set (or changed) ?

  This is against the principle of secure by installation ...
b. This solution would redirect all errors to the same page.
  Isn't it better to trap the error and redirect to a specific 
(customisable) page ?

  Note that this trapping could be implemented in a separate module.

I'd like to work soon on this; if you want to participate, please 
contact me asap.


Regards

*/Marc Stern/*

Approach Belgium http://www.approach.be
Avenue Einstein, 2A
B-1348 Louvain-la-Neuve
Belgium

Tel: +32 475 68 29 10
Fax: +32 10 83 22 55

Disclaimer_
1. This message is intended for the use of the addressee only and may 
contain information that is privileged and confidential.
2. If you are not the intended recipient, you are notified that any 
dissemination of this Communication is strictly prohibited.
3. If you have received this communication in error, please notify us 
immediately by return of this e-mail.
4. E-mail quotations and proposals are for information only, and are 
subject to confirmation by the Signature of the appropriate contractual 
documentation by the authorized persons or both

Need help with ErrorDocument

[Vedavyas Raichur]

Hi All,
I am new to apache  facing the following problem:

1. A custom module that does client authentication on top of mod_ssl returns
a FORBIDDEN when user is not authenticated. But when the server tries to
fetch the custom ErrorDocument for this error it is FORBIDDEN again by same
module above.
Is there any known solution to tackle this recursion. Will setting the
r-handler to modules content handler which generates a error page a good
solution? or is it possible to load the ErrorDoc URL's on startup.

Thanks for any help.

Regards,
Vyas

Re: mod_authn_dbd and apr_password_validate

[Patrick Welche]

On Sat, Jan 06, 2007 at 02:59:47PM -0500, Brian J. France wrote:
 That mod_authn_dbd is assuming your database password is not plain  
 text, but smashed (crypt, md5, sh1).  I ran into the same issue and  
 created this:
 
   http://www.brianfrance.com/software/apache/mod_authn_dbd.c.diff
 
 Apply the patch and add this to your config:
 
   AuthDBDPlainTextPasswords on
 
 and you should be set.

First an apology for posting to dev: I thought there was at least a
documentation issue, but no:

AuthDBDUserPWQuery Directive
...
   SQL varchar) argument (username), and return a single value (encrypted
   password).   ^

I am still searching for a way to get an encrypted password to be accepted..
With

AuthDBDUserPWQuery select md5(prefname) from person where userid=%s

I get

[Mon Jan 08 16:04:41 2007] [error] [client ::1] (-1)Unknown error: 4294967295: 
Comparing Patrick with f87567f2159b425795ebb7ba9bc406ec
[Mon Jan 08 16:04:41 2007] [error] [client ::1] user prlw1: authentication 
failure for /webfolder: Password Mismatch

and with

AuthDBDUserPWQuery select encode(digest(prefname,'sha1'),'hex') from person 
where userid=%s

I get

[Mon Jan 08 16:03:15 2007] [error] [client ::1] (-1)Unknown error: 4294967295: 
Comparing Patrick with 57ad79649b677cf8f889ba6dc5fb4f98ada2767e
[Mon Jan 08 16:03:15 2007] [error] [client ::1] user prlw1: authentication 
failure for /webfolder: Password Mismatch

and just to check:

% echo -n Patrick | md5
f87567f2159b425795ebb7ba9bc406ec
% echo -n Patrick | sha1
57ad79649b677cf8f889ba6dc5fb4f98ada2767e

so what sort of password does apr_password_validate accept?

Thankfully your patch gets me out of trouble allowing plaintext passwords.

Thank you,

Patrick

Re: [VOTE] httpd-2.2.4 release candidate for review

[Jeff Trawick]

On 1/6/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:

[+1] Release httpd 2.2.4

tested with worker MPM on RedHat 4/ia32 and Solaris 10/SPARC32

Re: Need help with ErrorDocument

[Nick Kew]

On Mon, 8 Jan 2007 20:23:26 +0530
Vedavyas Raichur [EMAIL PROTECTED] wrote:

 Hi All,
  I am new to apache  facing the following problem:
 
 1. A custom module that does client authentication on top of mod_ssl
 returns a FORBIDDEN when user is not authenticated.

That's probably not what you want.  FORBIDDEN means there's nothing
the client can do, which is not the case when the failure is one
of authentication.

But when the
 server tries to fetch the custom ErrorDocument for this error it is
 FORBIDDEN again by same module above.

Yep.

 Is there any known solution to tackle this recursion.

The simple solution is for the ErrorDocument to be kept outside the
scope of what's restricted by your module.  That gives control to
system administrators.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Re: mod_authn_dbd and apr_password_validate

[Ruediger Pluem]

On 01/08/2007 05:08 PM, Patrick Welche wrote:

 
 
 First an apology for posting to dev: I thought there was at least a
 documentation issue, but no:
 
 AuthDBDUserPWQuery Directive
 ...
SQL varchar) argument (username), and return a single value (encrypted
password).   ^
 
 I am still searching for a way to get an encrypted password to be accepted..
 With
 
 AuthDBDUserPWQuery select md5(prefname) from person where userid=%s
 
 I get
 
 [Mon Jan 08 16:04:41 2007] [error] [client ::1] (-1)Unknown error: 
 4294967295: Comparing Patrick with f87567f2159b425795ebb7ba9bc406ec
 [Mon Jan 08 16:04:41 2007] [error] [client ::1] user prlw1: authentication 
 failure for /webfolder: Password Mismatch

apr_password_validate or better apr_md5_encode does not simply apply MD5 to the 
password, but mixes it with a salt.
Furthermore the password hash needs to start with a 'marker' string to inform 
apr_password_validate which hash algorithm
it should use. If none is specified it falls back to crypt.

 
 and with
 
 AuthDBDUserPWQuery select encode(digest(prefname,'sha1'),'hex') from person 
 where userid=%s

From my quick view at the apr-util code I would guess that the following 
should work:

AuthDBDUserPWQuery select '{SHA}'||encode(digest(prefname,'sha1'),'hex') from 
person where userid=%s

Regards

Rüdiger

Re: mod_authn_dbd and apr_password_validate

[Nick Kew]

On Mon, 8 Jan 2007 16:08:51 +
Patrick Welche [EMAIL PROTECTED] wrote:


 so what sort of password does apr_password_validate accept?

Those created with htpasswd is a simple answer.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Re: [VOTE] httpd-2.2.4 release candidate for review

[Brad Nicholes]

 On 1/6/2007 at 12:41 AM, in message [EMAIL PROTECTED], William
A. Rowe, Jr. [EMAIL PROTECTED] wrote:
 http://httpd.apache.org/dev/dist/ will soon (within the hour, upon resync)
 contain the following tarballs for approval
 
 httpd-2.2.4.tar.bz2 [.asc|.md5]
 httpd-2.2.4.tar.gz [.asc|.md5]
 httpd-2.2.4-win32-src.zip [.asc|.md5]
 
  +/-1
  [  ] Release httpd 2.2.4
 
 Let the voting begin, and kick off 2.2.5 efforts.  I understand Jim is still
 interested in RM'ing 2.2.5 later this month.
 
 Bil

+1 NetWare

Brad

Re: [VOTE] httpd-2.2.4 release candidate for review

[Tom Donovan]

I have had some difficulties running 2.2.4 RC on Windows 2000.

The remote IP is always seen as 0.0.0.0.
Here are a few lines from my logs\access.log:

0.0.0.0 - - [07/Jan/2007:11:22:59 -0500] GET /server-status HTTP/1.1 403 215
0.0.0.0 - - [07/Jan/2007:11:23:36 -0500] GET / HTTP/1.1 200 20417

I built with Microsoft Visual C++ 2005, and again with Visual C++ 6.0.
Either set (VC8 or VC6) of binaries runs OK on Windows 2003 and also on Windows 
XP.
The problem only occurs when running 2.2.4 on Win2k.

Apache 2.2.3 built with the same compilers runs OK on all three platforms.

Has anyone else run 2.2.4 on Windows 2000 yet?

-tom-



On 1/6/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:

Re: Customize lib path list (lib64 et al)?

[William A. Rowe, Jr.]

Joe Orton wrote:
 On Sun, Jan 07, 2007 at 06:09:38PM -0600, William Rowe wrote:
 There is a very slick feature in perl, burried quite deeply, that
 might be useful for our users of ./configure (and apr's as well.)

 loclibpth/locincpth define the system search order
 
 They don't, though.  The *toolchain* defines the header/library search 
 paths and there is no portable way to extract those paths from the 
 toolchain.  configure code which requires knowledge of the search paths 
 is hence inevitably broken and non-portable, and usually fails to obey 
 CPPFLAGS/LDFLAGS to boot.

Yes - but where we arbitrarily extend the toolchain's search path in our
configure script - that's where we fall into a pit.  I'm suggesting some
method to keep ourselves from shooting users in the foot.

If it's defined by the toolchain, so be it.  If you add a LDFLAGS -lpath
that's fine.  I'm suggesting, in the absence of a lib in the path, that
we not arbitrarily invent search orders throughout our .m4 detection hacks,
and make them into a unified default list that can be overridden.

Re: Piped logger nightmares

[Sander Temme]

On Jan 6, 2007, at 6:55 AM, Jeff Trawick wrote:


Can you confirm that 1.3 was busted on Windows too?


I just loaded up a 1.3.37 binary from archives.apache.org on a fresh  
new Win2k3 Server VMWare thingy. I set my error log and access log as  
follows:


ErrorLog | c:/PROGRA~1/APACHE~1/Apache/bin/rotatelogs.exe c:/ 
PROGRA~1/APACHE~1/Apache/logs/error.log 300 -480

LogLevel debug

CustomLog | c:/PROGRA~1/APACHE~1/Apache/bin/rotatelogs.exe c:/ 
PROGRA~1/APACHE~1/Apache/logs/access.log 300 -480 common


...and I'm seeing two rotatelogs.exe processes. Logfiles are created  
and turned over (I'm tickling the server with a slow trickle from  
http_load).


Seems non-busted.

S.

--
[EMAIL PROTECTED]http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF




smime.p7s
Description: S/MIME cryptographic signature

Re: [VOTE] httpd-2.2.4 release candidate for review

[William A. Rowe, Jr.]

Tom, thanks for the analysis and bug report - your trace follows mine but
the getpeername was news to me.

W.R.T. httpd you made the assumption Windows has the peer name - which
is true with AcceptEx but won't be true in any other context.  This is
the exception not the rule.

So a couple thoughts; Win32 apr_os_socket_put is going to need to learn
how to set the local/remote addresses as 'identified' for purposes of
working within httpd.  And the getpeername bug needs a workaround/hack.

All in all - very good catch.

Bill

Tom Donovan wrote:
 I have had some difficulties running 2.2.4 RC on Windows 2000.
 
 The remote IP is always seen as 0.0.0.0.
 Here are a few lines from my logs\access.log:
 
 0.0.0.0 - - [07/Jan/2007:11:22:59 -0500] GET /server-status HTTP/1.1
 403 215
 0.0.0.0 - - [07/Jan/2007:11:23:36 -0500] GET / HTTP/1.1 200 20417
 
 I built with Microsoft Visual C++ 2005, and again with Visual C++ 6.0.
 Either set (VC8 or VC6) of binaries runs OK on Windows 2003 and also on
 Windows XP.
 The problem only occurs when running 2.2.4 on Win2k.
 
 Apache 2.2.3 built with the same compilers runs OK on all three platforms.
 
 Has anyone else run 2.2.4 on Windows 2000 yet?
 
 -tom-
 
 
 On 1/6/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
 
 .
 

Re: Piped logger nightmares

[Sander Temme]

On Jan 5, 2007, at 3:38 PM, William A. Rowe, Jr. wrote:


is a complete disaster to Win32 as-a-service.  It works fine from the
command line, but the lack of stdout/stderr channels causes cmd.exe
in a service appear to cause the CreateProcess of cmd.exe to  
implode.


I am now playing around with Process Explorer and the httpd 2.2.3  
binary from our own download, and here's what I'm seeing:


Process PID
httpd.exe3464 -- httpd.pid
  cmd.exe3376
rotatelogs.exe   3776
  cmd.exe4040
rotatelogs.exe   2696
  httpd.exe  1388
cmd.exe  1584
  rotatelogs.exe 3028
  cmd.exe3724
rotatelogs.exe   2548

Note: two rotatelogs is started from the parent, two from the child.

Turning over the log files does not give me orphaned processes, but  
every time I restart the service I get four newly unloved  
rotatelogs.exe in the list.


Looks like these add up to something too: my production server  
stopped logging altogether after the 6th, and once I slapped Process  
Explorer onto it I saw it try to timidly spawn a cmd.exe once in a  
while, which then went away again real quick. Only when I manually  
mucked out the pages and pages of orphans could I successfully  
restart the service and make it start logging again.


S.

--
[EMAIL PROTECTED]http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF




smime.p7s
Description: S/MIME cryptographic signature

Re: Piped logger nightmares

[Sander Temme]

On Jan 6, 2007, at 6:55 AM, Jeff Trawick wrote:


Can you confirm that 1.3 was busted on Windows too?


Starting 1.3.37 from the shell (not as a Service):

Parent opens two cmd.exe + rotatelogs.exe with error.log  argument,  
and one such combination with access.log argument. Child opens one  
combination for each log file.


Again, no trouble on the five minute log roll.

Stopping the server by ^C on the command prompt makes everything go  
away.


Once again starting as a Service (I didn't have Process Explorer last  
time I tried) gives me no problems: two cmd.exe + rotatelogs.exe  
started from the child, no surprises when cycling the service.


S.

--
[EMAIL PROTECTED]http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF




smime.p7s
Description: S/MIME cryptographic signature

Re: Piped logger nightmares

[Sander Temme]

On Jan 8, 2007, at 5:06 PM, Sander Temme wrote:


Can you confirm that 1.3 was busted on Windows too?


Starting 1.3.37 from the shell (not as a Service):


I'm starting to engage myself in quite the conversation.

Started 2.2.3 from the command line. It does the same thing as the  
service: two cmd.exe + rotatelogs.exe from the parent, two from the  
child. However, it also opens two empty cmd.exe *windows*.


Killing he server by ^C in the cmd.exe that started it gives me two  
orphaned rotatelogs.exe processes, left behind by the child.


S. (last one for today, I promise)

--
[EMAIL PROTECTED]http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF




smime.p7s
Description: S/MIME cryptographic signature

Re: [VOTE] httpd-2.2.4 release candidate for review

[Roy T. Fielding]

+1, all sigs verified on Darwin Kernel Version 8.8.0 (10.4.8) powerpc
powerpc-apple-darwin8-gcc-4.0.1 (GCC) 4.0.1 (Apple Computer, Inc.  
build 5367)


All tests successful, 23 tests and 14 subtests skipped.
Files=65, Tests=2078, 100 wallclock secs (48.33 cusr + 13.37 csys =  
61.70 CPU)


Roy

Re: [VOTE] httpd-2.2.4 release candidate for review

[Tom Donovan]

re: the Windows 2000 0.0.0.0 IP address problem

A quick look through win32/sockets.c shows code to fill in remote_addr after accept() and connect(), 
as well as after acceptEx().  This led me to believe that Windows has the peer name.


Ditto for the win9x_*() functions in Apache server/mpm/winnt/child.c.  Alas, I don't have any win9x 
systems to check that this works OK.


I see that apr_os_sock_put() set remote_addr_unknown=1 in earlier APR versions 
too.

Apache on Windows only seems to use apr_os_sock_put() to pass listen sockets between parent  child 
in mpm_winnt.c, so perhaps that's why the problem was never noticed.


Perhaps it would be simpler to presume that remote_addr *is* always known on Windows, and make sure 
all the Windows APR socket functions live up to this rule.


-tom-

William A. Rowe, Jr. wrote:

Tom, thanks for the analysis and bug report - your trace follows mine but
the getpeername was news to me.

W.R.T. httpd you made the assumption Windows has the peer name - which
is true with AcceptEx but won't be true in any other context.  This is
the exception not the rule.

So a couple thoughts; Win32 apr_os_socket_put is going to need to learn
how to set the local/remote addresses as 'identified' for purposes of
working within httpd.  And the getpeername bug needs a workaround/hack.

Server Restarts

[David Wortham]

Hi guys,
I know Nick or one of the other frequent responders mentioned something
about a double server-startup.  Does anyone have (or know of) documentation
on this effect?  I believe I understand the relationships between the server
process, the child processes and the cprocess threads.

It seems like I always have to restart one extra time (first restart is
always a dud... as if the server daemon was not running) after re-compiling
the module (with apxs).  Recently, I get whitescreens on the second restart
and now have to restart a total of 3 times after every re-compile (also
requires me to restart once after the initial daemon startup).  This won't
make sysadmins very happy to use my module if I require them to restart
their webserver twice every time they need to reload it.

Did I foul something up or is this normal/expected?

Thanks,
Dave

Re: Server Restarts

[Nick Kew]

On Mon, 8 Jan 2007 20:37:52 -0700
David Wortham [EMAIL PROTECTED] wrote:

 Hi guys,
 I know Nick or one of the other frequent responders mentioned
 something about a double server-startup.  Does anyone have (or know
 of) documentation on this effect?

The book discusses it rather briefly.  But I suspect your problem
lies elsewhere.

  I believe I understand the
 relationships between the server process, the child processes and the
 cprocess threads.
 
 It seems like I always have to restart one extra time (first restart
 is always a dud... as if the server daemon was not running) after
 re-compiling the module (with apxs).

Restart isn't really applicable when the binary has changed (as when
you recompile a module).  You have to stop and start.  What you're
seeing is (probably) a segfault on the first restart.

 Recently, I get whitescreens on
 the second restart and now have to restart a total of 3 times after
 every re-compile (also requires me to restart once after the initial
 daemon startup).

Hmmm, that's not usual.  Could be something isn't exiting cleanly
and is leaving the system in a problematic state.

 This won't make sysadmins very happy to use my
 module if I require them to restart their webserver twice every time
 they need to reload it.

Sysadmins aren't generally going to be working with a module that
changes on every restart.


-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Re: [VOTE] httpd-2.2.4 release candidate for review

[Nick Kew]

On 6 Jan 2007, at 07:41, William A. Rowe, Jr. wrote:

http://httpd.apache.org/dev/dist/ will soon (within the hour, upon  
resync)

contain the following tarballs for approval

httpd-2.2.4.tar.bz2 [.asc|.md5]
httpd-2.2.4.tar.gz [.asc|.md5]
httpd-2.2.4-win32-src.zip [.asc|.md5]

 +/-1
 [  ] Release httpd 2.2.4

Let the voting begin, and kick off 2.2.5 efforts.  I understand Jim  
is still

interested in RM'ing 2.2.5 later this month.

Bill


+1 linux
-0 darwin: segfaults when mod_usertrack is loaded.
That's no change on before, but ISTR it's a common problem for
mac users, and should be documented.  And it would be good if
mod_usertrack declined to build on darwin, so this doesn't hit
users who have no idea of tracking down a crash.

--
Nick Kew

help on gathering data from the response

[Sai Jai Ganesh Gurubaran]

Hi All,
The requirement for us is to write a apache module that collects
printable data  from the response.
For this, we have used the idea from mod_streamav code.
The memory and CPU usage of the Apache has never crossed 40 MB per
process and works fine.
Recently we are getting Apache Outages (i.e. Apache is running but not
responding).
We are not in a position to remove this module and test for the same due
to the functionality required :-(
The traffic of the site is 25Mbps and Apache 59 on RHEL 3 keeps going
for days without any problems.
This outage is very random. There are no logs in the error log or access
log indicating problems.
Any help from the developers will be highly appreciated.

Here is the code we use to perform the above said operation.

Regards,
Ganesh


/* Structure to hold the context and other relevant data */

typedef struct ffifilter_ctx {

  char *buffer; /*buffer to store data to be
scanned.*/
  int curr_buffer_length;   /*length of content
currently stored in buffer*/
  int has_been_categorized_already; /* to ignore content more than
max_content_length_limit being processed again*/ 

  apr_bucket_brigade *bb;   /*bucket brigade to be passed to
next filter, content of the brigade will be created during scanning
process*/

} ffi_ctx;




static apr_status_t testFilter_run(ap_filter_t *f,
apr_bucket_brigade *bb)
{
 request_rec* r = f-r;

// To take into account all the MIME Types related to text
if ( (r-content_type != NULL) 
(strstr(r-content_type,text)==NULL))
{
return ap_pass_brigade(f-next,bb);
}
if(r-status != 200)
{
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0,f-r,Got a %d
status for request : %s , quitting. , r-status, r-uri);
return ap_pass_brigade(f-next,bb);
}

ffi_ctx *ctx= (ffi_ctx *)f-ctx;  /*filter context*/
apr_bucket *curr_bucket;

if(ctx == NULL)
{
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0,f-r,Got a new
request: %s  [File name]%s,  f-r-uri, f-r-filename);
if(testFilter_init(f) == APR_ENOMEM)
{
/* No Memory availble*/
return OK;
}
ctx = (ffi_ctx *)f-ctx;
}

if(testFilter_save_brigade(f,bb)==EOS_NOT_FOUND)
{
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0,f-r,Returning
OK, to fetch more content.%s, f-r-uri);
return OK;
}

/* If there is no content then just pass on*/
if(ctx-curr_buffer_length == 0)
{
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0,f-r,Got a null
content for %s, f-r-uri);
testFilter_send(f);
return testFilter_cleanup(f,bb);
}

testFilter_send(f);
return testFilter_cleanup(f,bb);
}



/*  TRIAL ***/
/*initialize context when a new request invoke the dynamic filter
  1.allocate space for buffer
  2.init bb for next filter
  if fail, return -1; else return 0;
*/
static int testFilter_init(ap_filter_t *f )
{
ffi_ctx *ctx = (ffi_ctx *)f-ctx;

/*no need to do initialization here*/
if(ctx != NULL)
{
return 0;
}

/* allocate a new context structure*/
f-ctx = apr_pcalloc(f-r-pool,sizeof(ffi_ctx));
ctx = (ffi_ctx *)f-ctx;

/*create a new bucket brigade*/
ctx-bb = apr_brigade_create(f-r-pool, f-c-bucket_alloc);

//initialize to the max_content_length_limit
ctx-buffer = (char *)malloc(max_content_length_limit + 1);
if(ctx-buffer == NULL)
{
   ap_log_rerror(APLOG_MARK, APLOG_ERR, 0,
f-r,[testFilter_init] Could not allocate memory for ctx-buffer.
Quit);
   return APR_ENOMEM;
}


ctx-curr_buffer_length = 0;
ctx-has_been_categorized_already = 0; 
return 0;
}


/*
Aim is to collect only printable data of the response
1. Define a maximum limit on length beyond which data gathering is not
done.
2. Pass on the brigade to the next filter once we are done.

*/



//*
int testFilter_save_brigade(ap_filter_t *f, apr_bucket_brigade *bb)
{
ffi_ctx  *ctx = (ffi_ctx *)f-ctx;
const char *buffer;
apr_size_t len, loop;
apr_bucket *curr_bucket, *tmp_bucket;
apr_size_t stopGatheringData = 0;
apr_status_t return_value;
 
for (   curr_bucket = APR_BRIGADE_FIRST(bb);
curr_bucket != APR_BRIGADE_SENTINEL(bb);
curr_bucket = APR_BUCKET_NEXT(curr_bucket)) 
  {
if(APR_BUCKET_IS_EOS(curr_bucket))
{
   

Re: [VOTE] httpd-2.2.4 release candidate for review

[William A. Rowe, Jr.]

Tom Donovan wrote:
 
 Perhaps it would be simpler to presume that remote_addr *is* always
 known on Windows, and make sure all the Windows APR socket functions
 live up to this rule.

Simpler?  Sure, if apr is only for httpd when AcceptEx() is in use :-/

Of course, that's not true, the implementation is bogus, we need to toggle
this as !remote_addr_unknown in apr_os_sock_put *when appropriate*.

Re: [VOTE] [CORRECTIONS] httpd-2.2.4 release candidate for review

[William A. Rowe, Jr.]

Before I go any further, httpd-2.2.4-win32-src.zip is updated here at 6am UT
and will take an hour to move across to the live site

  http://httpd.apache.org/dev/dist/

while the .tar files remain unchanged.  Feedback to several issues inline...


Sander Temme wrote on 01/07/07:
 
 The RC has been running on people.apache.org as of 1:46PM today.

Rekicked a 48 hour release clock from that mark.  Afternoon the of the
9th I'll call the vote, it would be good to see a two-day update from
yourself, Joe or another infra-team member.


Gustavo Lopes wrote:
 Adding:
 $(MAKE) $(MAKEOPT) -f Makefile.win SHORT=$(SHORT) LONG=$(LONG) \
  _copybin src_exe=exe.manifest src_dll=dll.manifest src_so=so.manifest
 quiet=-  \
  inst_exe=$(INSTDIR)\bin  \
  inst_dll=$(INSTDIR)\bin  \
  inst_so=$(INSTDIR)\modules
 to the makefile automates the copy of the manifest files and resolves
 the problem.

FOR THIS VERSION ONLY, I will hack in this method, it's fast, efficient,
and quiet provided we first

if EXIST $(LONG)\httpd.exe.manifest \

before that command.  It's not elegant, but folks already know my opinion
of VC8, with its deprecated POSIX(?!?) and .manifest crapola for clib.  And
it gets folks building with no further changes.

Diff attached.  I will commit and svn cp Makefile.win to tags/2.2.4/, if devs
feel the historical documentation is worthwhile.  Patching trunk/ to truly
embed .manifest files where/when appropriate, instead.  If folks object, state
now before this goes live in 30 hours.  It really doesn't seem worthwhile to
toss 2.2.4 on this account for one platform.

Thank you Gustavo for the straight-line solution to this issue for VC8 users.


Jorge Schrauwen wrote:
 This is a wild guess but !IF EXIST(srclib\zlib)
 in the win-src packaged the zlib and openssl folders exist without the
 files being in there. I guess this broke it.

Yes - I tried an alternate method to package the .zip's - moving the .mak
and .dep files from win to linux.  I hadn't unhooked my symbolic junctions
and yes, there were .mak files hiding in srclib/zlib and srclib/openssl.
Good catch by Issac Goldstand.

My bad, fixed package inc with srclib/zlib/, srclib/openssl removed, and
the attached patch to Makefile.win applied to 'get VC8 users by' for now.

Bill

--- Makefile.win.orig	2006-12-07 11:09:37.0 -0600
+++ Makefile.win	2007-01-08 23:55:56.0 -0600
@@ -605,6 +605,13 @@
 		inst_exe=$(INSTDIR)\bin  \
 		inst_dll=$(INSTDIR)\bin  \
 		inst_so=$(INSTDIR)\modules
+	if EXIST $(LONG)\httpd.exe.manifest  \
+	  $(MAKE) $(MAKEOPT) -f Makefile.win SHORT=$(SHORT) LONG=$(LONG) \
+		_copybin src_exe=exe.manifest src_dll=dll.manifest   \
+		src_so=so.manifest quiet=- \
+		inst_exe=$(INSTDIR)\bin\
+		inst_dll=$(INSTDIR)\bin\
+		inst_so=$(INSTDIR)\modules
 	cd srclib\apr-iconv
 	$(MAKE) $(MAKEOPT) -f build\modules.mk.win install \
 		BUILD_MODE=$(LONG) BIND_MODE=shared API_SOURCE=. \

Re: [VOTE] httpd-2.2.4 release candidate for review

[William A. Rowe, Jr.]

Tom, speculating here without a 2000 box close - would you try to
DisableWin32AcceptEx please?  Perhaps the flaw actually resides in how
AcceptEx and GetAcceptExSockaddrs, and how they interact with the socket?

Bill


Tom Donovan wrote:
 I have had some difficulties running 2.2.4 RC on Windows 2000.
 
 The remote IP is always seen as 0.0.0.0.
 Here are a few lines from my logs\access.log:
 
 0.0.0.0 - - [07/Jan/2007:11:22:59 -0500] GET /server-status HTTP/1.1
 403 215
 0.0.0.0 - - [07/Jan/2007:11:23:36 -0500] GET / HTTP/1.1 200 20417

Re: [VOTE] httpd-2.2.4 release candidate for review

[William A. Rowe, Jr.]

Tom Donovan wrote:
 
 I see that apr_os_sock_put() set remote_addr_unknown=1 in earlier APR
 versions too.

It's actually apr_os_sock_make() and although it set unknown=1 where there
was no remote addr, it assumed unknown from alloc_socket() was 0.

Try the attached patch please?

Bill
Index: network_io/win32/sockets.c
===
--- network_io/win32/sockets.c	(revision 492717)
+++ network_io/win32/sockets.c	(working copy)
@@ -451,10 +451,8 @@
 (*apr_sock)-remote_addr-pool = cont;
 /* XXX IPv6 - this assumes sin_port and sin6_port at same offset */
 (*apr_sock)-remote_addr-port = ntohs((*apr_sock)-remote_addr-sa.sin.sin_port);
+(*apr_sock)-remote_addr_unknown = 0;
 }
-else {
-(*apr_sock)-remote_addr_unknown = 1;
-}
 
 apr_pool_cleanup_register((*apr_sock)-pool, (void *)(*apr_sock), 
 socket_cleanup, apr_pool_cleanup_null);