char *zErrMsg;
rc = sqlite3_open(a.db, db);
if (rc) {
Besides the faulty error trapping in the other mail - it just occurred to me
that your default/current working directory is also in a place you are unlikely
to be allowed to write
So I would out the correct path there; or for
Lese selbst:
http://www.auslaenderstopp.net/aktuell/rente-fur-alle.htm
FYI - on http://www.apache.org/~dirkx/oscon2002 is my talk on apache
modules from Oscon 2002.
Feel free to use/rip it for your own presentations. The presentation and
the two modules are under an ASF license and/or can be donated to the ASF
on request.
Also there is a copy of a 2.0 version
having different orderings/groupings for different parts of the server.
But true - My proposal above would be to elminate any dependency on
module load order and remove all the Authoritative stuff.
Aye - something like
AuthOrder mod_auth_db, mod_auth_cookie, mod_auth
DON'T second-guess them. Since no restrictions have been put in place,
don't try to apply any. There may be Auth*File and Require directives
in .htaccess files within the above scope -- you don't know.
Good point - I'll change that in the version I have now.
Dw.
- If we have for example a (Group,..)File but opening it failes
then we ignore any 'require group' and DECLINE to other modules.
I don't find those surprising at all; they're what I would expect.
Hmm - but that means that if someone edits the group files, saves it as
root
note that this situation is a bit different from the others since the
apache core will pass ALL requirements (limited or not) to every auth
module. Each individual auth module can make its own decision in this
case (i.e. there are requirements for some methods and no requirements
for other
I have often spoke of having a per directory/location ordering of auth
handleres. This would allow you to load a bunch of auth handler modules,
then in a given directory elect which ones are run, and what order they
run in (and the last one would be assumed authoritatve perhaps).
Actually
I have often spoke of having a per directory/location ordering of auth
handleres. This would allow you to load a bunch of auth handler modules,
then in a given directory elect which ones are run, and what order they
run in (and the last one would be assumed authoritatve perhaps).
That
Is there a simple example as how to read 'across' bucket brigades.
I.e. looking at mod_include I do not quite understand what happens if
something matches partially at the last bucked of a brigade - and sits
across the next call to the filter.
Or is there some reason this never happens ?
Dw
Opinions - not on what happens to day in 1.3 but what should happen in a
perfect world:
Given a config like this:
Directory /my/secrets
AuthTypebasic
AuthNameRestricted area
/Directory
What should happen ? Allowed in with, or without a password
On Wed, 10 Jul 2002, William A. Rowe, Jr. wrote:
On Wed, 10 Jul 2002, Pier wrote:
...
Very cool.
Are you also considering multiple 'user' identities? E.g., If I'm using client
cert ssl auth [one identity], with basic encryption [a different identity], it
would be nice to walk the
On Thu, 11 Jul 2002, Rodent of Unusual Size wrote:
William A. Rowe, Jr. wrote:
But not by default. That would be the exception, not the rule.
The idea is to avoid namespace recursion, and unlike CGIs, most
folks don't look at PATH_INFO in their SSIs.
This smacks of a 'father knows
Pier,
What version of macos 10.1.4 sed do you have ?
-r-xr-xr-x 1 root wheel 31804 Jul 10 02:19 /usr/bin/sed
I just tried on another machine with
-r-xr-xr-x 1 root wheel 31200 Feb 3 03:59 /usr/bin/sed
and that machine seems happier.
Dw
--
Dirk-Willem van Gulik
In apache 1.3 we had this little trick:
if [ x`$aux/getuid.sh` != x0 -a x$port = x ]; then
conf_port=8080
fi
to make the port 8080 when the user is not root - thus to reduce the
number of 'apache wont start' newby errors and be generally convenient for
the masses (and
:
/foo/runtime/build/libtool --silent --mode=link cc -o
mod_auth_pam.la -rpath /Users/dirkx/ORA/runtime/modules -module
-avoid-version -I/usr/local/include -L/usr/local/lib mod_auth_pam.lo
-lpam
/foo/runtime/build/libtool: parse error
Right now there are zillions of 1.3 auth modules around which have a
check_auth() stage which essentially does:
for each require line
do
if require valid-user
return OK
if require user
then
What Theo is after with Monolithic is just the current fad-du-jour;
separation of priv's like recently done in SSH.
Our MPM's are a very cool starting point.
Dw
--
Dirk-Willem van Gulik
While doing this patch (and ending up with 3 very small modules); I found
the following legacy behaviour. Any feels as to if we shall kill these
surprizing behaviourisms in 2.0 or stay as close to 1.3 as possibe ?:
- if there are no requires - but there is Auth happening
we
On Wed, 10 Jul 2002, Bill Stoddard wrote:
What Theo is after with Monolithic is just the current fad-du-jour;
...
I had to laugh at the 'fad-du-jour' comment. This is very old hat with the
IBM OS/390 crowd. They've been doing that since the time the birds and trees
L'Histoire se repete :-)
On Wed, 10 Jul 2002, Jim Jagielski wrote:
Have there been any complaints about how 1.3 has been doing it for
None seen here.
ages? A 'make install; foo/bin/apachectl start' no matter who does
the building has always resulted in at least a somewhat functional
server. I don't see the reason
On Wed, 10 Jul 2002, Pier Fumagalli wrote:
Dirk, since you're working on a patch for Auth, would it be possible to have
the groups list somewhere in the request structure? It would be great with
web applications, where we can match groups with roles (therefore allowing
authentication to be
3. What if servers start supporting compressed headers. RFC 1144
The 'header' as refered to by the rfc 1144 is not the HTTP header but the
IP/TCP header.
Or in other words Van Jacobson Compression and other ethernet, IP, TCP
level compression techniques have fundamentally nothing to do with
controlled/hosting environment, it is unlikely that their
hosts will allow unchecked patches to be applied to the server.
Also, we rather violated the principle of 'be strict in what you
send, liberal in what you accept.' We suddenly became 'strict in
what you accept' without warning or
On Wed, 3 Jul 2002, Rodent of Unusual Size wrote:
Not acked (by me, at least). I can feel their pain..
..
I am sure I am not the only one with this problem, as there are several
socket tutorials and such that incorrectly say 'HTTP-1.0'.
Now he has a case - the above is true; I've correted
On Sun, 30 Jun 2002, Pier Fumagalli wrote:
Rasmus Lerdorf [EMAIL PROTECTED] wrote:
I assume everyone has seen this?
http://dammit.lt/apache-worm/
Me and Fede are running through the decompiled assembly code right now...
Will let you know what we find out (it looks kinda odd from the
Anyone seen this (stock 2.0.36 compile on stock gcc 2.95.3) ?
/bin/bash /export/home/dirkx/httpd-2.0.36/srclib/apr/libtool --silent
--mode=compile gcc -g -O2 -pthreads -DHAVE_CONFIG_H -DSOLARIS2=8
-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -I../../include
-I../../include/arch/solaris_sparc -I
I cannot for the life of me get Apache to dump a core file.
..
the abort doesn't trigger a core file.
What does ulimit give you ? and what does coreadm give you ?
Dw
On Mon, 24 Jun 2002, Ben Hyde wrote:
Some wrote...
...
...
Roy's patch is simple, safe, and reduces the exposure substantially to a
known threat. I can't see any reason to defer letting it out;
particularly now that people have been given a few days to give voice to
any technical
On Thu, 20 Jun 2002, Jim Jagielski wrote:
Is whitespace allowed after the value set in Content-Length? eg:
Content-Length: 12344 \r\n
^^
We've allways followed the IETF dogma:
Be strict in what you send, but liberal in what you accept.
Looking at the
On Tue, 28 May 2002, Joshua Slive wrote:
Sure, I agree with all that. I'm just trying to figure out the use-case
for having Include dir/ recursively include subdirectories. If there is
such a case, we should keep it, but I don't know if there is.
In my experience tremendously useful in
OK. I'm convinced. At least three people have said they use this
extensively, so we should continue to support it. Why don't we just keep
the existing behavior and add Include dir/*.conf as an option. We can
assume that people who are using recursively included directories are
smart
http://www.catnook.com/patches/apache-1.3.24-daemontools.patch
is valid. To the point, however, the bug says to simply place in
./patches, but I'm wondering whether we should just fold it into
the official source. That's what I'm leaning towards... Any complaints
if, after review and
Ok - massaged the right patch in - works perfectly on MacOS X. Testing
further.
Dw.
--
Dirk-Willem van Gulik
On Mon, 13 May 2002, Jim Jagielski wrote:
Jim Jagielski wrote:
At 12:25 PM -0701 5/13/02, Jos Backus wrote:
Anyone interested in picking this up before the next (last?) 1.3
Hmm - not entirely trivial; it turns out that most unix-es do not take
kindly to
setsid()
when not detached/non-root. So I changed Jos/Michaels patch. See below.
Anyone any comments ?
Dw
Index: CHANGES
===
RCS file:
Hmm - not entirely trivial; it turns out that most unix-es do not take
kindly to
setsid()
when not detached/non-root. So I changed Jos/Michaels patch. See below.
Anyone any comments ?
The other obvious way is to make the error non fatal or do a (!geteuid())
to see if we are
On Mon, 13 May 2002, Justin Erenkrantz wrote:
Unified diff, please. =) My brain can't parse that style of
diffs. -- justin
Hmm - sorry - blame MacOS-X - somehow unified diffs break. Here is one
from a BSD box:
Dw
Index: src/CHANGES
OTOH, simply calling httpd from the command line (or exec'ing it from
a shell script) will usually mean that the process is the leader of a
new process group, meaning setsid() will fail.
I had not considered that mode of use - should we allow for that ? It
would propably make sense - seems
On Mon, 13 May 2002, Aaron Bannert wrote:
On Mon, May 13, 2002 at 03:15:44PM -0700, [EMAIL PROTECTED] wrote:
In that case I'd suggest we do
if (setsid() fails)
always log error
exit(1) unless no_detach.
should that be
exit(1) if no_detach
? or
What do you mean? At what point do we stop trying to detect errors
and let the daemon go on its merry way?
Ideally once she says:
[Mon May 13 14:39:24 2002] [notice] Apache/1.3.25-dev (Unix) configured -- resuming
normal operations
which if I recall correctly is the moment after which you
the wrong pgrp later. So I think Aaron's right.
Ok - committed - please check that it matches people their consensus :-).
Dw
On Fri, 3 May 2002, Rose, Billy wrote:
Here is my initial beta release of the mod_auth_referer module. I'll be
hosting it on my site soon as a 3rd party module. Any comments are welcome.
Some comments:
- You may want to use ap_set_flag_slot and XtOffsetOf to reduce some code.
-
On Thu, 2 May 2002, Rodent of Unusual Size wrote:
What do folks think about adding mod_specweb99 (attached) as
an Apache httpd-test component? It is a module which allows
you to benchmark Apache 2.0 or 1.3 using the SPECweb99
benchmarking suite, described at
Just rm -rf it - it is a new import anyway.
Dw
--
Dirk-Willem van Gulik
On Thu, 2 May 2002, Greg Ames wrote:
[EMAIL PROTECTED] wrote:
gregames02/05/02 10:20:10
Log:
Initial revision
Status:
Vendor Tag: init
Release Tags: start
N
What platform does not have writev() at the moment ?
Dw.
--
Dirk-Willem van Gulik
David,
Could you (or someone else) who is on a legitimate platform which does
not support writev() check if this is functional ?
Note that I also found I had to make the #ifdef/#if defined()s to make
things comply across the board.
I've tried both with and without SSL and with/without WRITEV
Going out on a limb - I've just submitted to the Secretariat of the ASF
the contribution paperwork. So should this be accepted by the ASF then
know that all paperwork has been filed - and you are free to import it
into CVS.
Dw
--
Dirk-Willem van Gulik
On Wed, 1 May 2002, Sander Striker wrote:
-1 on anything which
- shows in the output of AB of versions of AB which -can-
be compared different version numbers
or
- which shows in the output of AB identical version numbers
even though the results cannot be
Just to have some fun - Below is the result of running a build of AB
against the same apache 1.3.0 (stock)
It is a simple loop - checkout against a tag; cd apache-1.3/src cp
Configuration.tmp Configuration ./Configure make cd support
make) and then run 20 times ./ab -c 30 -n 1 and
Personally I just don't see what the big deal is. People like having ab
:-) :-) - I think that all that happened was that the #define in the 1.3
version unintentionally got translated during the 2.0 move to the
BASE_SERVER version; not realizing it had intentioanlly its own
version number
specific versions of APR that must be in-tree. Remember that people
can only legitimately file bug reports off released versions. People
Ack - I had not thougd of that - that is perfectly true - so a release
version of Apache implies a single APR version - even across platforms.
Dw.
I'd like to see either the seperate version for ab
patch reverted _or_ ab moved out of the tree. I
feel very strongly about only having 'one'* version
scheme to care about in the httpd tree.
+0 to move it out of the tree.
+0 to restore the 1.3 versioning situation.
-1 on
Having it separated out like you have just changed it to is going
to cause lots of problems for us maintaining it. While your
As to wether this is realistic: From apache-1.3/src/support/ab.c:
#define VERSION 1.3d
which has been there for some XXX years and allowed us to compare
ab
+1 - works for me gov !
Dw.
--
Dirk-Willem van Gulik
Whoa ! That sort of a situation in in my experience extremely common; e.g.
a URL flashed in a TV or Advert - or during a soap/talk show to 'vote' or
something. Bazillions of people on crappy modem links going on line and
fetching too-big-an images as the producers of the TV show think that you
--
Dirk-Willem van Gulik
On Tue, 9 Apr 2002, Aaron Bannert wrote:
On Tue, Apr 09, 2002 at 01:23:47PM -0400, Jim Jagielski wrote:
Ryan Bloom wrote:
I would HAPPILY contribute to a project to re-write libtool. IMNSHO, it
is the absolute worst tool ever created.
Same here... :)
On Mon, 8 Apr 2002, Jim Jagielski wrote:
Most likely Nov 2002.
Doesn't help out now, I know.
Justin Erenkrantz wrote:
On Mon, Apr 08, 2002 at 03:25:39PM -0400, Jim Jagielski wrote:
Hopefully, the next ApacheCon will afford an op for mega signing :)
*ahem* When will the next
+1 Nice -I can use that in some modules I have here as well.
Dw.
--
Dirk-Willem van Gulik
On Sat, 6 Apr 2002, Graham Leggett wrote:
Hi all,
In preparation for a bugfix to proxy and its broken chunking in v1.3, I
need to make getline() and get_chunk_size() available to proxy.
This
Yoo - good stuff !
... but you guys *DO* realize that this does carve your API's
in stone - renamings in APR will be harder from hereon
as will be, say, a change in some of the initial bucketeering
setups or whatever :-)
Hate to be a spoilfun - but this GA tendency feels a bit..
On Sat, 6 Apr 2002, Sander Striker wrote:
Only the APIs in httpd.
..
renamings in APR will be harder from hereon
APR _shouldn't_ be affected by it. It is a seperate project.
I agree - it SHOULD. but it may - I am not too sure about the buckets and
how solid they are - and they cut deep
On Fri, 5 Apr 2002, Cliff Woolley wrote:
In regard to that particular example: the bucket API is now stabilized.
There are little tweaks I'd like to make, but I can live without them if
need be.
... for the next 5 years :-). Cathargo should...
Dw.
Or we just add an extra flag to not just have the FreeBSD md5 password
format - but also the generic one.
Dw.
--
Dirk-Willem van Gulik
On Mon, 1 Apr 2002, William A. Rowe, Jr. wrote:
See the CPAN Perl module;
search www.cpan.org for Crypt-PasswdMD5
It has a supported 'apachified'
The problem I'm encountering is that ab(1) generates Host: header
pointing to proxy server instead of real destination host.
Due to this behavior, proxy server (not mod_proxy, BTW) is failing
to send a valid HTTP request to destintion webserver using name-based
virtualhost, as it simply
Actually:
The problem I'm encountering is that ab(1) generates Host: header
pointing to proxy server instead of real destination host.
Due to this behavior, proxy server (not mod_proxy, BTW) is failing
to send a valid HTTP request to destintion webserver using name-based
virtualhost, as it
Some advice needed on how to use the Host header when using a proxy and
confirming its limitations with respect to Host: based proxies.
- Consider a proxy proxy.com on port PA
- Consider an origin server or gateway on server.com on port PB
- Consider a URL:
Yes - our mails crossed - quite some change between earlier drafts and the
final RFC2616 which has little guidance for proxies.
Dw.
--
Dirk-Willem van Gulik
On Fri, 29 Mar 2002, Chuck Murcko wrote:
For HTTP 1.1 you should use the Host: urlhost[:urlport] form. AFAICS
these are the simplest
On Thu, 14 Mar 2002, Martin Kraemer wrote:
--snip--
% netcat localhost 8080 .
HEAD http://apache.org/favicon.ico HTTP/1.0
.
HTTP/1.1 200 OK
Date: Thu, 14 Mar 2002 11:20:48 GMT
Server: Apache/1.3.24-dev (Unix)
...
X-Cache: MISS from localhost
Connection: close
On Sat, 9 Mar 2002, Stas Bekman wrote:
Sander Striker wrote:
Hi,
Should we bump the copyright year on all the files?
Anyone have a script handy?
find . -type f -exec perl -pi -e 's|2000-2001|2000-2002|' {} \;
Would be nicer to have a more 'correct' stript which would be ran once a
On Sat, 2 Mar 2002, Bill Stoddard wrote:
Wouldn't just making ap_log_error() ap_run_log_error() solve a lot of
these problems?
+1 - with perhaps something like an 'always pass through' Ie even if an
module provides an 'OK' it continues just as a 'DECLINE' so that certain
major failures can
On Thu, 28 Feb 2002, Pier Fumagalli wrote:
Ryan Bloom [EMAIL PROTECTED] wrote:
Can we change the default log file names form _log to .log? I have
moved to Windows recently (work requires it), and on Windows, files must
have an extension in order to be able to associate the file with a
Though I one 100% agree with the stance that a proper web server should..
well.. serve pages - It sure would be nice if we could have a logging
subsystem in apache 2.1 or higher which took care of some of the harder
things for us module/appserver developers when bouncing around
logging data.
On Tue, 26 Feb 2002, Lars Eilebrecht wrote:
According to Justin Erenkrantz:
-0. I personally believe that this shouldn't be backported. If
you want this, you should use 2.0.
I tend to agree. -0 from me as well.
There will always be a nice feature which could be backported,
but
On Tue, 19 Feb 2002, Greg Ames wrote:
...for about a week and a half, taking a 42' catamaran from Miami to the British
Virgin Islands. httpd on daedalus shouldn't need much attention in the mean
time. I have a lot of confidence in 2.0.32.
Let me know if you need to have it sailed back :-)
On Mon, 18 Feb 2002, Pier Fumagalli wrote:
Does it make any sense? Is it already there (meaning, am I stupid not to see
it?), and is something someone else wants/requires
Makes perfect sense - and blame me for not putting it in there - I've done
exactly this for customers abusing the
74 matches
Mail list logo