Re: Possible bug in libapreq
I took a peek at this. Basically, Joseph and the folks at Mozilla found that some odd quirk in FireFox is causing the bytestream to be sent with funny packet payloads of, mostly, 1 byte, 4095 bytes, 1 byte, 4095 bytes, etc. That seems to be a client issue. What's happening is that occasionally, we get a 0 byte payload (as can be seen in a log Joseph posted at http://staging.sr.admission.net/joetemp/libapreq_debug_ff20_win32_https.txt). Once that happens, multipart_buffer_read returns 0 and ApacheRequest_parse_multipart breaks out of the data-reading loop for that parameter and starts reading line-by-line looking for the next boundary/header (which it may or may not find since we're treating binary data as text, so all bets are off). I'm not sure how we can hack around that (nor should we if it can be fixed) and my personal opinion is this is still FireFox's problem; not ours. I'll CC this to the bug report at rt.cpan.org and Mozilla's bugzilla. Issac Joseph Huckaby wrote: Hey libapreq dev team, I recently logged a bug for Firefox 2.0 which results in corrupted file uploads over HTTPS (Firefox 2.0 Win32 only). However, further research seems indicate libapreq may be involved (I cannot reproduce it outside libareq, for instance using PHP or the Perl CGI module). If you have a moment can you take a look and see what you think? Here is the Firefox bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=356470 Thanks! I use your excellent Apache::Request module extensively in my company's core software (Apache 1.3.x, libapreq 1.33), and we're not sure what to do about Firefox 2.0. The bug appears to have to do with the way libapreq reads bytes off the incoming socket. With Firefox 2.0 Win32 HTTPS occasionally it reads 0 bytes, and then drops out of the loop and discards up to 200K from the file being uploaded. It's all detailed out in the FF bug report. - Joe Joseph Huckaby Lead Software Engineer AdMission Corporation http://www.admissioncorp.com
Re: Customize lib path list (lib64 et al)?
On Sun, Jan 07, 2007 at 06:09:38PM -0600, William Rowe wrote: There is a very slick feature in perl, burried quite deeply, that might be useful for our users of ./configure (and apr's as well.) loclibpth/locincpth define the system search order They don't, though. The *toolchain* defines the header/library search paths and there is no portable way to extract those paths from the toolchain. configure code which requires knowledge of the search paths is hence inevitably broken and non-portable, and usually fails to obey CPPFLAGS/LDFLAGS to boot. joe
segfault w/ APR_BUCKET_PREV...
Happy Monday, I'm getting a segfault whenever I try to read the next bucket. I'm trying to do this without losing the current bucket. If I do: b = APR_BUCKET_NEXT(b); apr_bucket_read(b, str, len, APR_NONBLOCK_READ); b = APR_BUCKET_PREV(b); I get a segfault. I'm not sure what the correct way to go about this is, but what it amounts to is trying to test for a strmatch spanning across adjacent buckets. My code looks like this (with the irrelevant bits removed): /* * We're finished finding full matches in the current bucket, * but we need to consider the case of matches that would span * the current bucket and the next bucket. * * Actually, we don't need to do this if we're not inserting * globally (flag done is set) or if the next bucket is an EOS * or FLUSH bucket. * * First we'll grab the largest possible partial match from * the tail of our current bucket. That will be the last * (strlen(match_str) - 1) characters. * * Then, we'll prefetch and read the next bucket, then * concat the tail piece we grabbed to the head of the * next bucket. We'll search for a match within the len of * the current tail piece. * * If we don't find a match, that means we had no partial * match and can go on to cycling through the buckets in a * normal fasion. To flag for this case, we'll set our * tail_str to NULL. * * Otherwise: * * - If we're inserting before a match, we should process it now. * * - If we're replacing the match, we should split our * current bucket at the match point and disregard the split * off tail. We'll then ... * * - If we're inserting after a match, we should ... */ if ( ( ! done ) ( ! APR_BUCKET_IS_EOS(APR_BUCKET_NEXT(b)) ) ( ! APR_BUCKET_IS_FLUSH(APR_BUCKET_NEXT(b)) ) ) { char *tmp_str = NULL; tail_str = apr_pstrdup(f-r-pool, str); if ( len strlen(cfg-match_str) ) { tail_str[len] = '\0'; } else { tail_str += (len - strlen(cfg-match_str)) + 1; tail_str[strlen(cfg-match_str)] = '\0'; } len_tail = strlen(tail_str); b = APR_BUCKET_NEXT(b); apr_bucket_read(b, str, len, APR_NONBLOCK_READ); b = APR_BUCKET_PREV(b); . . . Any ideas? -- Drew
Re: [VOTE] httpd-2.2.4 release candidate for review
On Jan 6, 2007, at 2:41 AM, William A. Rowe, Jr. wrote: http://httpd.apache.org/dev/dist/ will soon (within the hour, upon resync) contain the following tarballs for approval httpd-2.2.4.tar.bz2 [.asc|.md5] httpd-2.2.4.tar.gz [.asc|.md5] httpd-2.2.4-win32-src.zip [.asc|.md5] +/-1 [ ] Release httpd 2.2.4 Let the voting begin, and kick off 2.2.5 efforts. I understand Jim is still interested in RM'ing 2.2.5 later this month. Tested via Perl test framework, no regressions: OS X 10.4.8 (PPC) Sol 8 SUSE 10.0 FreeBSD 5.5R
Bug 35083 - SSL error trapping
I patched mod_ssl to trap SSL errors related to certificate validation, allow the SSL connection anyway, then redirect to an error page. Although this works well, this is not implemented the best way, and I got some feedback on how to do it better. Before implementing it, I'd like to check some points, after an in-depth thought. 1. The current idea is to trap validation-related errors, like certificate expiration/revocation. Shouldn't we also trap negotiation errors, like incompatible ciphersuites and protocols between browser and server ? Maybe other ones ? 2. Recommendations are to use one directive to relax the check on certificates (or on ciphersuites, ...), and other ones to trap errors by checking environment variables and redirect the 403 errors to a specific page. a. Doesn't this introduce a security risk, in case the check on certificates is relaxed and the other directives are not set (or changed) ? This is against the principle of secure by installation ... b. This solution would redirect all errors to the same page. Isn't it better to trap the error and redirect to a specific (customisable) page ? Note that this trapping could be implemented in a separate module. I'd like to work soon on this; if you want to participate, please contact me asap. Regards */Marc Stern/* Approach Belgium http://www.approach.be Avenue Einstein, 2A B-1348 Louvain-la-Neuve Belgium Tel: +32 475 68 29 10 Fax: +32 10 83 22 55 Disclaimer_ 1. This message is intended for the use of the addressee only and may contain information that is privileged and confidential. 2. If you are not the intended recipient, you are notified that any dissemination of this Communication is strictly prohibited. 3. If you have received this communication in error, please notify us immediately by return of this e-mail. 4. E-mail quotations and proposals are for information only, and are subject to confirmation by the Signature of the appropriate contractual documentation by the authorized persons or both
Need help with ErrorDocument
Hi All, I am new to apache facing the following problem: 1. A custom module that does client authentication on top of mod_ssl returns a FORBIDDEN when user is not authenticated. But when the server tries to fetch the custom ErrorDocument for this error it is FORBIDDEN again by same module above. Is there any known solution to tackle this recursion. Will setting the r-handler to modules content handler which generates a error page a good solution? or is it possible to load the ErrorDoc URL's on startup. Thanks for any help. Regards, Vyas
Re: mod_authn_dbd and apr_password_validate
On Sat, Jan 06, 2007 at 02:59:47PM -0500, Brian J. France wrote: That mod_authn_dbd is assuming your database password is not plain text, but smashed (crypt, md5, sh1). I ran into the same issue and created this: http://www.brianfrance.com/software/apache/mod_authn_dbd.c.diff Apply the patch and add this to your config: AuthDBDPlainTextPasswords on and you should be set. First an apology for posting to dev: I thought there was at least a documentation issue, but no: AuthDBDUserPWQuery Directive ... SQL varchar) argument (username), and return a single value (encrypted password). ^ I am still searching for a way to get an encrypted password to be accepted.. With AuthDBDUserPWQuery select md5(prefname) from person where userid=%s I get [Mon Jan 08 16:04:41 2007] [error] [client ::1] (-1)Unknown error: 4294967295: Comparing Patrick with f87567f2159b425795ebb7ba9bc406ec [Mon Jan 08 16:04:41 2007] [error] [client ::1] user prlw1: authentication failure for /webfolder: Password Mismatch and with AuthDBDUserPWQuery select encode(digest(prefname,'sha1'),'hex') from person where userid=%s I get [Mon Jan 08 16:03:15 2007] [error] [client ::1] (-1)Unknown error: 4294967295: Comparing Patrick with 57ad79649b677cf8f889ba6dc5fb4f98ada2767e [Mon Jan 08 16:03:15 2007] [error] [client ::1] user prlw1: authentication failure for /webfolder: Password Mismatch and just to check: % echo -n Patrick | md5 f87567f2159b425795ebb7ba9bc406ec % echo -n Patrick | sha1 57ad79649b677cf8f889ba6dc5fb4f98ada2767e so what sort of password does apr_password_validate accept? Thankfully your patch gets me out of trouble allowing plaintext passwords. Thank you, Patrick
Re: [VOTE] httpd-2.2.4 release candidate for review
On 1/6/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote: [+1] Release httpd 2.2.4 tested with worker MPM on RedHat 4/ia32 and Solaris 10/SPARC32
Re: Need help with ErrorDocument
On Mon, 8 Jan 2007 20:23:26 +0530 Vedavyas Raichur [EMAIL PROTECTED] wrote: Hi All, I am new to apache facing the following problem: 1. A custom module that does client authentication on top of mod_ssl returns a FORBIDDEN when user is not authenticated. That's probably not what you want. FORBIDDEN means there's nothing the client can do, which is not the case when the failure is one of authentication. But when the server tries to fetch the custom ErrorDocument for this error it is FORBIDDEN again by same module above. Yep. Is there any known solution to tackle this recursion. The simple solution is for the ErrorDocument to be kept outside the scope of what's restricted by your module. That gives control to system administrators. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Re: mod_authn_dbd and apr_password_validate
On 01/08/2007 05:08 PM, Patrick Welche wrote: First an apology for posting to dev: I thought there was at least a documentation issue, but no: AuthDBDUserPWQuery Directive ... SQL varchar) argument (username), and return a single value (encrypted password). ^ I am still searching for a way to get an encrypted password to be accepted.. With AuthDBDUserPWQuery select md5(prefname) from person where userid=%s I get [Mon Jan 08 16:04:41 2007] [error] [client ::1] (-1)Unknown error: 4294967295: Comparing Patrick with f87567f2159b425795ebb7ba9bc406ec [Mon Jan 08 16:04:41 2007] [error] [client ::1] user prlw1: authentication failure for /webfolder: Password Mismatch apr_password_validate or better apr_md5_encode does not simply apply MD5 to the password, but mixes it with a salt. Furthermore the password hash needs to start with a 'marker' string to inform apr_password_validate which hash algorithm it should use. If none is specified it falls back to crypt. and with AuthDBDUserPWQuery select encode(digest(prefname,'sha1'),'hex') from person where userid=%s From my quick view at the apr-util code I would guess that the following should work: AuthDBDUserPWQuery select '{SHA}'||encode(digest(prefname,'sha1'),'hex') from person where userid=%s Regards RĂ¼diger
Re: mod_authn_dbd and apr_password_validate
On Mon, 8 Jan 2007 16:08:51 + Patrick Welche [EMAIL PROTECTED] wrote: so what sort of password does apr_password_validate accept? Those created with htpasswd is a simple answer. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Re: [VOTE] httpd-2.2.4 release candidate for review
On 1/6/2007 at 12:41 AM, in message [EMAIL PROTECTED], William A. Rowe, Jr. [EMAIL PROTECTED] wrote: http://httpd.apache.org/dev/dist/ will soon (within the hour, upon resync) contain the following tarballs for approval httpd-2.2.4.tar.bz2 [.asc|.md5] httpd-2.2.4.tar.gz [.asc|.md5] httpd-2.2.4-win32-src.zip [.asc|.md5] +/-1 [ ] Release httpd 2.2.4 Let the voting begin, and kick off 2.2.5 efforts. I understand Jim is still interested in RM'ing 2.2.5 later this month. Bil +1 NetWare Brad
Re: [VOTE] httpd-2.2.4 release candidate for review
I have had some difficulties running 2.2.4 RC on Windows 2000. The remote IP is always seen as 0.0.0.0. Here are a few lines from my logs\access.log: 0.0.0.0 - - [07/Jan/2007:11:22:59 -0500] GET /server-status HTTP/1.1 403 215 0.0.0.0 - - [07/Jan/2007:11:23:36 -0500] GET / HTTP/1.1 200 20417 I built with Microsoft Visual C++ 2005, and again with Visual C++ 6.0. Either set (VC8 or VC6) of binaries runs OK on Windows 2003 and also on Windows XP. The problem only occurs when running 2.2.4 on Win2k. Apache 2.2.3 built with the same compilers runs OK on all three platforms. Has anyone else run 2.2.4 on Windows 2000 yet? -tom- On 1/6/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
Re: Customize lib path list (lib64 et al)?
Joe Orton wrote: On Sun, Jan 07, 2007 at 06:09:38PM -0600, William Rowe wrote: There is a very slick feature in perl, burried quite deeply, that might be useful for our users of ./configure (and apr's as well.) loclibpth/locincpth define the system search order They don't, though. The *toolchain* defines the header/library search paths and there is no portable way to extract those paths from the toolchain. configure code which requires knowledge of the search paths is hence inevitably broken and non-portable, and usually fails to obey CPPFLAGS/LDFLAGS to boot. Yes - but where we arbitrarily extend the toolchain's search path in our configure script - that's where we fall into a pit. I'm suggesting some method to keep ourselves from shooting users in the foot. If it's defined by the toolchain, so be it. If you add a LDFLAGS -lpath that's fine. I'm suggesting, in the absence of a lib in the path, that we not arbitrarily invent search orders throughout our .m4 detection hacks, and make them into a unified default list that can be overridden.
Re: Piped logger nightmares
On Jan 6, 2007, at 6:55 AM, Jeff Trawick wrote: Can you confirm that 1.3 was busted on Windows too? I just loaded up a 1.3.37 binary from archives.apache.org on a fresh new Win2k3 Server VMWare thingy. I set my error log and access log as follows: ErrorLog | c:/PROGRA~1/APACHE~1/Apache/bin/rotatelogs.exe c:/ PROGRA~1/APACHE~1/Apache/logs/error.log 300 -480 LogLevel debug CustomLog | c:/PROGRA~1/APACHE~1/Apache/bin/rotatelogs.exe c:/ PROGRA~1/APACHE~1/Apache/logs/access.log 300 -480 common ...and I'm seeing two rotatelogs.exe processes. Logfiles are created and turned over (I'm tickling the server with a slow trickle from http_load). Seems non-busted. S. -- [EMAIL PROTECTED]http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] httpd-2.2.4 release candidate for review
Tom, thanks for the analysis and bug report - your trace follows mine but the getpeername was news to me. W.R.T. httpd you made the assumption Windows has the peer name - which is true with AcceptEx but won't be true in any other context. This is the exception not the rule. So a couple thoughts; Win32 apr_os_socket_put is going to need to learn how to set the local/remote addresses as 'identified' for purposes of working within httpd. And the getpeername bug needs a workaround/hack. All in all - very good catch. Bill Tom Donovan wrote: I have had some difficulties running 2.2.4 RC on Windows 2000. The remote IP is always seen as 0.0.0.0. Here are a few lines from my logs\access.log: 0.0.0.0 - - [07/Jan/2007:11:22:59 -0500] GET /server-status HTTP/1.1 403 215 0.0.0.0 - - [07/Jan/2007:11:23:36 -0500] GET / HTTP/1.1 200 20417 I built with Microsoft Visual C++ 2005, and again with Visual C++ 6.0. Either set (VC8 or VC6) of binaries runs OK on Windows 2003 and also on Windows XP. The problem only occurs when running 2.2.4 on Win2k. Apache 2.2.3 built with the same compilers runs OK on all three platforms. Has anyone else run 2.2.4 on Windows 2000 yet? -tom- On 1/6/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote: .
Re: Piped logger nightmares
On Jan 5, 2007, at 3:38 PM, William A. Rowe, Jr. wrote: is a complete disaster to Win32 as-a-service. It works fine from the command line, but the lack of stdout/stderr channels causes cmd.exe in a service appear to cause the CreateProcess of cmd.exe to implode. I am now playing around with Process Explorer and the httpd 2.2.3 binary from our own download, and here's what I'm seeing: Process PID httpd.exe3464 -- httpd.pid cmd.exe3376 rotatelogs.exe 3776 cmd.exe4040 rotatelogs.exe 2696 httpd.exe 1388 cmd.exe 1584 rotatelogs.exe 3028 cmd.exe3724 rotatelogs.exe 2548 Note: two rotatelogs is started from the parent, two from the child. Turning over the log files does not give me orphaned processes, but every time I restart the service I get four newly unloved rotatelogs.exe in the list. Looks like these add up to something too: my production server stopped logging altogether after the 6th, and once I slapped Process Explorer onto it I saw it try to timidly spawn a cmd.exe once in a while, which then went away again real quick. Only when I manually mucked out the pages and pages of orphans could I successfully restart the service and make it start logging again. S. -- [EMAIL PROTECTED]http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: Piped logger nightmares
On Jan 6, 2007, at 6:55 AM, Jeff Trawick wrote: Can you confirm that 1.3 was busted on Windows too? Starting 1.3.37 from the shell (not as a Service): Parent opens two cmd.exe + rotatelogs.exe with error.log argument, and one such combination with access.log argument. Child opens one combination for each log file. Again, no trouble on the five minute log roll. Stopping the server by ^C on the command prompt makes everything go away. Once again starting as a Service (I didn't have Process Explorer last time I tried) gives me no problems: two cmd.exe + rotatelogs.exe started from the child, no surprises when cycling the service. S. -- [EMAIL PROTECTED]http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: Piped logger nightmares
On Jan 8, 2007, at 5:06 PM, Sander Temme wrote: Can you confirm that 1.3 was busted on Windows too? Starting 1.3.37 from the shell (not as a Service): I'm starting to engage myself in quite the conversation. Started 2.2.3 from the command line. It does the same thing as the service: two cmd.exe + rotatelogs.exe from the parent, two from the child. However, it also opens two empty cmd.exe *windows*. Killing he server by ^C in the cmd.exe that started it gives me two orphaned rotatelogs.exe processes, left behind by the child. S. (last one for today, I promise) -- [EMAIL PROTECTED]http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] httpd-2.2.4 release candidate for review
+1, all sigs verified on Darwin Kernel Version 8.8.0 (10.4.8) powerpc powerpc-apple-darwin8-gcc-4.0.1 (GCC) 4.0.1 (Apple Computer, Inc. build 5367) All tests successful, 23 tests and 14 subtests skipped. Files=65, Tests=2078, 100 wallclock secs (48.33 cusr + 13.37 csys = 61.70 CPU) Roy
Re: [VOTE] httpd-2.2.4 release candidate for review
re: the Windows 2000 0.0.0.0 IP address problem A quick look through win32/sockets.c shows code to fill in remote_addr after accept() and connect(), as well as after acceptEx(). This led me to believe that Windows has the peer name. Ditto for the win9x_*() functions in Apache server/mpm/winnt/child.c. Alas, I don't have any win9x systems to check that this works OK. I see that apr_os_sock_put() set remote_addr_unknown=1 in earlier APR versions too. Apache on Windows only seems to use apr_os_sock_put() to pass listen sockets between parent child in mpm_winnt.c, so perhaps that's why the problem was never noticed. Perhaps it would be simpler to presume that remote_addr *is* always known on Windows, and make sure all the Windows APR socket functions live up to this rule. -tom- William A. Rowe, Jr. wrote: Tom, thanks for the analysis and bug report - your trace follows mine but the getpeername was news to me. W.R.T. httpd you made the assumption Windows has the peer name - which is true with AcceptEx but won't be true in any other context. This is the exception not the rule. So a couple thoughts; Win32 apr_os_socket_put is going to need to learn how to set the local/remote addresses as 'identified' for purposes of working within httpd. And the getpeername bug needs a workaround/hack.
Server Restarts
Hi guys, I know Nick or one of the other frequent responders mentioned something about a double server-startup. Does anyone have (or know of) documentation on this effect? I believe I understand the relationships between the server process, the child processes and the cprocess threads. It seems like I always have to restart one extra time (first restart is always a dud... as if the server daemon was not running) after re-compiling the module (with apxs). Recently, I get whitescreens on the second restart and now have to restart a total of 3 times after every re-compile (also requires me to restart once after the initial daemon startup). This won't make sysadmins very happy to use my module if I require them to restart their webserver twice every time they need to reload it. Did I foul something up or is this normal/expected? Thanks, Dave
Re: Server Restarts
On Mon, 8 Jan 2007 20:37:52 -0700 David Wortham [EMAIL PROTECTED] wrote: Hi guys, I know Nick or one of the other frequent responders mentioned something about a double server-startup. Does anyone have (or know of) documentation on this effect? The book discusses it rather briefly. But I suspect your problem lies elsewhere. I believe I understand the relationships between the server process, the child processes and the cprocess threads. It seems like I always have to restart one extra time (first restart is always a dud... as if the server daemon was not running) after re-compiling the module (with apxs). Restart isn't really applicable when the binary has changed (as when you recompile a module). You have to stop and start. What you're seeing is (probably) a segfault on the first restart. Recently, I get whitescreens on the second restart and now have to restart a total of 3 times after every re-compile (also requires me to restart once after the initial daemon startup). Hmmm, that's not usual. Could be something isn't exiting cleanly and is leaving the system in a problematic state. This won't make sysadmins very happy to use my module if I require them to restart their webserver twice every time they need to reload it. Sysadmins aren't generally going to be working with a module that changes on every restart. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Re: [VOTE] httpd-2.2.4 release candidate for review
On 6 Jan 2007, at 07:41, William A. Rowe, Jr. wrote: http://httpd.apache.org/dev/dist/ will soon (within the hour, upon resync) contain the following tarballs for approval httpd-2.2.4.tar.bz2 [.asc|.md5] httpd-2.2.4.tar.gz [.asc|.md5] httpd-2.2.4-win32-src.zip [.asc|.md5] +/-1 [ ] Release httpd 2.2.4 Let the voting begin, and kick off 2.2.5 efforts. I understand Jim is still interested in RM'ing 2.2.5 later this month. Bill +1 linux -0 darwin: segfaults when mod_usertrack is loaded. That's no change on before, but ISTR it's a common problem for mac users, and should be documented. And it would be good if mod_usertrack declined to build on darwin, so this doesn't hit users who have no idea of tracking down a crash. -- Nick Kew
help on gathering data from the response
Hi All, The requirement for us is to write a apache module that collects printable data from the response. For this, we have used the idea from mod_streamav code. The memory and CPU usage of the Apache has never crossed 40 MB per process and works fine. Recently we are getting Apache Outages (i.e. Apache is running but not responding). We are not in a position to remove this module and test for the same due to the functionality required :-( The traffic of the site is 25Mbps and Apache 59 on RHEL 3 keeps going for days without any problems. This outage is very random. There are no logs in the error log or access log indicating problems. Any help from the developers will be highly appreciated. Here is the code we use to perform the above said operation. Regards, Ganesh /* Structure to hold the context and other relevant data */ typedef struct ffifilter_ctx { char *buffer; /*buffer to store data to be scanned.*/ int curr_buffer_length; /*length of content currently stored in buffer*/ int has_been_categorized_already; /* to ignore content more than max_content_length_limit being processed again*/ apr_bucket_brigade *bb; /*bucket brigade to be passed to next filter, content of the brigade will be created during scanning process*/ } ffi_ctx; static apr_status_t testFilter_run(ap_filter_t *f, apr_bucket_brigade *bb) { request_rec* r = f-r; // To take into account all the MIME Types related to text if ( (r-content_type != NULL) (strstr(r-content_type,text)==NULL)) { return ap_pass_brigade(f-next,bb); } if(r-status != 200) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0,f-r,Got a %d status for request : %s , quitting. , r-status, r-uri); return ap_pass_brigade(f-next,bb); } ffi_ctx *ctx= (ffi_ctx *)f-ctx; /*filter context*/ apr_bucket *curr_bucket; if(ctx == NULL) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0,f-r,Got a new request: %s [File name]%s, f-r-uri, f-r-filename); if(testFilter_init(f) == APR_ENOMEM) { /* No Memory availble*/ return OK; } ctx = (ffi_ctx *)f-ctx; } if(testFilter_save_brigade(f,bb)==EOS_NOT_FOUND) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0,f-r,Returning OK, to fetch more content.%s, f-r-uri); return OK; } /* If there is no content then just pass on*/ if(ctx-curr_buffer_length == 0) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0,f-r,Got a null content for %s, f-r-uri); testFilter_send(f); return testFilter_cleanup(f,bb); } testFilter_send(f); return testFilter_cleanup(f,bb); } /* TRIAL ***/ /*initialize context when a new request invoke the dynamic filter 1.allocate space for buffer 2.init bb for next filter if fail, return -1; else return 0; */ static int testFilter_init(ap_filter_t *f ) { ffi_ctx *ctx = (ffi_ctx *)f-ctx; /*no need to do initialization here*/ if(ctx != NULL) { return 0; } /* allocate a new context structure*/ f-ctx = apr_pcalloc(f-r-pool,sizeof(ffi_ctx)); ctx = (ffi_ctx *)f-ctx; /*create a new bucket brigade*/ ctx-bb = apr_brigade_create(f-r-pool, f-c-bucket_alloc); //initialize to the max_content_length_limit ctx-buffer = (char *)malloc(max_content_length_limit + 1); if(ctx-buffer == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f-r,[testFilter_init] Could not allocate memory for ctx-buffer. Quit); return APR_ENOMEM; } ctx-curr_buffer_length = 0; ctx-has_been_categorized_already = 0; return 0; } /* Aim is to collect only printable data of the response 1. Define a maximum limit on length beyond which data gathering is not done. 2. Pass on the brigade to the next filter once we are done. */ //* int testFilter_save_brigade(ap_filter_t *f, apr_bucket_brigade *bb) { ffi_ctx *ctx = (ffi_ctx *)f-ctx; const char *buffer; apr_size_t len, loop; apr_bucket *curr_bucket, *tmp_bucket; apr_size_t stopGatheringData = 0; apr_status_t return_value; for ( curr_bucket = APR_BRIGADE_FIRST(bb); curr_bucket != APR_BRIGADE_SENTINEL(bb); curr_bucket = APR_BUCKET_NEXT(curr_bucket)) { if(APR_BUCKET_IS_EOS(curr_bucket)) {
Re: [VOTE] httpd-2.2.4 release candidate for review
Tom Donovan wrote: Perhaps it would be simpler to presume that remote_addr *is* always known on Windows, and make sure all the Windows APR socket functions live up to this rule. Simpler? Sure, if apr is only for httpd when AcceptEx() is in use :-/ Of course, that's not true, the implementation is bogus, we need to toggle this as !remote_addr_unknown in apr_os_sock_put *when appropriate*.
Re: [VOTE] [CORRECTIONS] httpd-2.2.4 release candidate for review
Before I go any further, httpd-2.2.4-win32-src.zip is updated here at 6am UT and will take an hour to move across to the live site http://httpd.apache.org/dev/dist/ while the .tar files remain unchanged. Feedback to several issues inline... Sander Temme wrote on 01/07/07: The RC has been running on people.apache.org as of 1:46PM today. Rekicked a 48 hour release clock from that mark. Afternoon the of the 9th I'll call the vote, it would be good to see a two-day update from yourself, Joe or another infra-team member. Gustavo Lopes wrote: Adding: $(MAKE) $(MAKEOPT) -f Makefile.win SHORT=$(SHORT) LONG=$(LONG) \ _copybin src_exe=exe.manifest src_dll=dll.manifest src_so=so.manifest quiet=- \ inst_exe=$(INSTDIR)\bin \ inst_dll=$(INSTDIR)\bin \ inst_so=$(INSTDIR)\modules to the makefile automates the copy of the manifest files and resolves the problem. FOR THIS VERSION ONLY, I will hack in this method, it's fast, efficient, and quiet provided we first if EXIST $(LONG)\httpd.exe.manifest \ before that command. It's not elegant, but folks already know my opinion of VC8, with its deprecated POSIX(?!?) and .manifest crapola for clib. And it gets folks building with no further changes. Diff attached. I will commit and svn cp Makefile.win to tags/2.2.4/, if devs feel the historical documentation is worthwhile. Patching trunk/ to truly embed .manifest files where/when appropriate, instead. If folks object, state now before this goes live in 30 hours. It really doesn't seem worthwhile to toss 2.2.4 on this account for one platform. Thank you Gustavo for the straight-line solution to this issue for VC8 users. Jorge Schrauwen wrote: This is a wild guess but !IF EXIST(srclib\zlib) in the win-src packaged the zlib and openssl folders exist without the files being in there. I guess this broke it. Yes - I tried an alternate method to package the .zip's - moving the .mak and .dep files from win to linux. I hadn't unhooked my symbolic junctions and yes, there were .mak files hiding in srclib/zlib and srclib/openssl. Good catch by Issac Goldstand. My bad, fixed package inc with srclib/zlib/, srclib/openssl removed, and the attached patch to Makefile.win applied to 'get VC8 users by' for now. Bill --- Makefile.win.orig 2006-12-07 11:09:37.0 -0600 +++ Makefile.win 2007-01-08 23:55:56.0 -0600 @@ -605,6 +605,13 @@ inst_exe=$(INSTDIR)\bin \ inst_dll=$(INSTDIR)\bin \ inst_so=$(INSTDIR)\modules + if EXIST $(LONG)\httpd.exe.manifest \ + $(MAKE) $(MAKEOPT) -f Makefile.win SHORT=$(SHORT) LONG=$(LONG) \ + _copybin src_exe=exe.manifest src_dll=dll.manifest \ + src_so=so.manifest quiet=- \ + inst_exe=$(INSTDIR)\bin\ + inst_dll=$(INSTDIR)\bin\ + inst_so=$(INSTDIR)\modules cd srclib\apr-iconv $(MAKE) $(MAKEOPT) -f build\modules.mk.win install \ BUILD_MODE=$(LONG) BIND_MODE=shared API_SOURCE=. \
Re: [VOTE] httpd-2.2.4 release candidate for review
Tom, speculating here without a 2000 box close - would you try to DisableWin32AcceptEx please? Perhaps the flaw actually resides in how AcceptEx and GetAcceptExSockaddrs, and how they interact with the socket? Bill Tom Donovan wrote: I have had some difficulties running 2.2.4 RC on Windows 2000. The remote IP is always seen as 0.0.0.0. Here are a few lines from my logs\access.log: 0.0.0.0 - - [07/Jan/2007:11:22:59 -0500] GET /server-status HTTP/1.1 403 215 0.0.0.0 - - [07/Jan/2007:11:23:36 -0500] GET / HTTP/1.1 200 20417
Re: [VOTE] httpd-2.2.4 release candidate for review
Tom Donovan wrote: I see that apr_os_sock_put() set remote_addr_unknown=1 in earlier APR versions too. It's actually apr_os_sock_make() and although it set unknown=1 where there was no remote addr, it assumed unknown from alloc_socket() was 0. Try the attached patch please? Bill Index: network_io/win32/sockets.c === --- network_io/win32/sockets.c (revision 492717) +++ network_io/win32/sockets.c (working copy) @@ -451,10 +451,8 @@ (*apr_sock)-remote_addr-pool = cont; /* XXX IPv6 - this assumes sin_port and sin6_port at same offset */ (*apr_sock)-remote_addr-port = ntohs((*apr_sock)-remote_addr-sa.sin.sin_port); +(*apr_sock)-remote_addr_unknown = 0; } -else { -(*apr_sock)-remote_addr_unknown = 1; -} apr_pool_cleanup_register((*apr_sock)-pool, (void *)(*apr_sock), socket_cleanup, apr_pool_cleanup_null);