RE: [EXTERNAL] Re: No content returned from directive handler sample.

2019-07-30 Thread Nebergall, Christopher 
Have you seen this example?

https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/modules/examples/mod_example_hooks.c

It will show you how to log at the very least.

-Topher
-Original Message-
From: Bill Moo  
Sent: Tuesday, July 30, 2019 11:06 AM
To: modules-dev@httpd.apache.org
Subject: [EXTERNAL] Re: No content returned from directive handler sample.

If it help anyone then here if the code I am using:

/* module mod_graphing.c: */
#include 
#include "apr_hash.h"
#include "ap_config.h"
#include "ap_provider.h"
#include "httpd.h"
#include "http_core.h"
#include "http_config.h"
#include "http_log.h"
#include "http_protocol.h"
#include "http_request.h"

extern module mod_graphing ;

/* Struct used to store template settings for a graph */ typedef struct {
const char *m_Name ;
const char *m_Template ;
unsigned intrefresh ;
} PROCEDURE ;

/* Our configuration prototype and declaration: */ typedef struct {
const char *m_SQL ; /* SQL Connection String */
const char *m_Usr ; /* SQL User name */
const char *m_Pwd ; /* SQL Password */
unsigned long   m_Port ; /* Port No */
PROCEDURE * m_Procs ;/* Array of Procedure Structures */ } CONFIG ;

static int configHandler(request_rec *) ; const char * configSetSQL(cmd_parms 
*, void *, const char *) ; const char * configSetPort(cmd_parms *, void *, 
const char *) ; //const char * configSetPort(cmd_parms *, void *, const 
unsigned long *) ; const char * configSetSQLUser(cmd_parms *, void *, const 
char *, const char *) ; static void register_hooks(apr_pool_t *) ;

static CONFIG Config;

/* Handler for the "examplePath" directive */ const char * 
configSetSQL(cmd_parms * cmd, void * cfg, const char * arg) {
Config.m_SQL = arg ;
return NULL ;
}

const char * configSetPort(cmd_parms * cmd, void * cfg, const char * arg) {
Config.m_Port = atol(arg) ;
return NULL ;
}

const char * configSetSQLUser(cmd_parms * cmd, void * cfg, const char
* usr, const char * pwd) {
Config.m_Usr = usr ;
Config.m_Pwd = pwd ;
return NULL ;
}

/* The directive structure for our name tag: */ extern const command_rec 
configDirectives[] = {
AP_INIT_TAKE1("sqlConnection", configSetSQL, NULL, ACCESS_CONF, "Set the 
PostgreSQL Connection"),
AP_INIT_TAKE1("sqlPortNo”, configSetPort, NULL, ACCESS_CONF, "Set SQL Port 
No”),
AP_INIT_TAKE2("sqlUserInfo", configSetSQLUser, NULL, ACCESS_CONF, "Set 
PostgreSQL Username / Password"),
{ NULL }
};

/* Our module handler: */
static int configHandler(request_rec *r) {
if(!r->handler || strcmp(r->handler, "configHandler")) return(DECLINED);
ap_set_content_type(r, "text/plain");
ap_rprintf(r, "User IP : %s", r->useragent_ip) ;
ap_rprintf(r, "SQL Conn : %s", Config->m_SQL) ;
ap_rprintf(r, "SQL User : %s, %s", Config->m_Usr, Config->m_Pwd) ;
ap_rprintf(r, “Port No : %ul", Config->m_Port) ;
return OK;
};

/* The hook registration function (also initializes the default config
values): */
static void register_hooks(apr_pool_t *pool) {
Config.m_SQL = NULL ;
Config.m_Usr = NULL ;
Config.m_Pwd = NULL ;
Config.m_Port = 0 ;
Config.m_Procs = NULL ;
ap_hook_handler(configHandler, NULL, NULL, APR_HOOK_LAST); };

/* Our module name tag: */
module AP_MODULE_DECLARE_DATA mod_graphing = {
STANDARD20_MODULE_STUFF,
NULL,   /* Per-directory configuration handler */
NULL,   /* Merge handler for per-directory configurations */
NULL,   /* Per-server configuration handler */
NULL,   /* Merge handler for per-server configurations */
configDirectives, /* Any directives we may have for httpd */
register_hooks  /* Our hook registering function */
};

Apologies for polluting the thread with this.

On Tue, 30 Jul 2019 at 16:55, Bill Moo  wrote:
>
> Well I have tired what you suggested Eric but to no avail so 
> regrettably no further forward. I have even tried several variations 
> in both the Location and Directory entries.
>
> The Apache2 install I have is stock on Ubuntu 18.04 so I don't think 
> there are any proxying modules in place.
>
> Can you, or indeed anyone, tell me how I can write 'debug' output to 
> either the console or one of the Apache logs please. If I can do this 
> I'll at least be able to see if my code is being called prior to the 
> DECLINE.
>
> On Tue, 30 Jul 2019 at 16:44, Eric Covener  wrote:
> >
> > On Tue, Jul 30, 2019 at 11:41 AM Bill Moo  wrote:
> > >
> > > Hey, thanks for the quick reply. But I'll be honest and confess to 
> > > not knowing exactly what you are meaning. If I do understand 
> > > correctly then the Location is correct but the Directory entry 
> > > needs to be /var/www/html/info is this correct?
> >
> > Yes, it should be a full filesystem path  -- if you need that kind 
> > of section at all.
> > 2nd caveat -- proxy-like modules can short-circuit the mapping 
> > altogether and no directory

Re: [EXTERNAL] SNI extension for healthchecks

2018-10-19 Thread Nebergall, Christopher 
Does this help?

https://bz.apache.org/bugzilla/show_bug.cgi?id=55782

Sent from my iPhone

On Oct 19, 2018, at 3:52 AM, Dominik Stillhard 
mailto:dominik.stillh...@united-security-providers.ch>>
 wrote:

I asked this on the users mailing list and didn’t get any feedback so far, so 
i’ll forward it here. Maybe someone here has an idea…
bugreport: https://bz.apache.org/bugzilla/show_bug.cgi?id=62837


Von: Stillhard, Dominik
Gesendet: Dienstag, 16. Oktober 2018 12:44
An: us...@httpd.apache.org
Betreff: [users@httpd] SNI extension for healthchecks [signed OK]

Hello all

I face the problem, that the sni extension is not set on healthcheck-requests 
to a backend using tls. Because healthchecks are negative, this leads to 
ordinary requests also beeing denied.

on the backend server i have the following error:
AH02033: No hostname was provided via SNI for a name based virtual host
I’ve also investigated it with wireshark, the extionsion is defenitely not set.

My config looks as follows:
-
Listen 127.0.0.1:443
ServerName www.localhost.com


ServerName www.localhost.com
ServerAlias localhost.com
SSLCertificateFile /etc/httpd/ssl/ca.crt
SSLCertificateKeyFile /etc/httpd/ssl/ca.key
SSLEngine on
SSLProxyEngine on

ProxyHCExpr isok {%{REQUEST_STATUS} =~ /^[23]/}
ProxyHCTemplate template hcinterval=5 hcexpr=isok hcmethod=get 
hcuri=/healthcheck.php

  
BalancerMember https://127.0.0.1:8443
BalancerMember https://127.0.0.1:8444
ProxyPreserveHost On
SSLProxyProtocol  TLSv1
  
  
ProxyPass  balancer://mycluster/
ProxyPassReverse  balancer://mycluster/
  

-
I’ve read that ProxyPreserveHost should be «on», but this doesn’t solve the 
problem ..
Am I missing something, or is this eventually a bug in mod_proxy_hcheck?
Thanks in advance for help/ideas on this!

Cheers
Dominik

RE: [EXTERNAL] Re: tcp/ip sockets in apache module

2014-05-23 Thread Nebergall, Christopher 
Also since there is no reason AFAIK that what you are attempting shouldn't work 
in your debugging make extra sure that the apache hook you are using is 
actually being called in your test requests, and that understand the order that 
hooks are called in - for example if set up the socket in one hook then expect 
to use in another - make sure that the socket isn't NULL or worse set to a 
random memory value in the second call.Also you can use a lot of 
ap_log_rerror entries in your code to help in debugging.

http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html#ga7b7009cfaad5a84be316e523d7ef1236

-Topher
-Original Message-
From: Jeff Trawick [mailto:traw...@gmail.com] 
Sent: Friday, May 23, 2014 1:14 PM
To: modules-dev@httpd.apache.org
Subject: [EXTERNAL] Re: tcp/ip sockets in apache module

On Fri, May 23, 2014 at 1:58 PM, Jeremy Thompson jer...@warehousesports.com
 wrote:

 I'Ll give that a shot.  I'Ve used source level debugging in IDE's but it
 looks like I'Ll be using GDB for this one. Thanks.


Have a look at

http://httpd.apache.org/dev/debugging.html

On Windows, you can start httpd normally and attach to the httpd child
process from the Visual Studio IDE in order to debug.







 On 5/23/14 10:41 , Jeff Trawick traw...@gmail.com wrote:

 On Fri, May 23, 2014 at 1:27 PM, Jeremy Thompson
 jer...@warehousesports.com
  wrote:
 
  I'm trying to write a module for apache.  I've successfully compile in a
  test module that doesn't do a whole lot yet.  I would like to be able to
  use
  tcp/ip sockets in the module to talk to another server.  I added in some
  test code that should connect to my listening server and say hello
 whenever
  a request is made.  I'm not getting any errors upon compiling the module
  with the sockets stuff added but its not actually doing anything.
   Basically
  its ignoring my connect and send code.  Does anyone have a small working
  example of this or am I just way off base in using TCP/IP for external
  communication to a module.  Thanks.
 
  ~Jeremy
 
 
 You need to know how to step through your code with a source level
 debugger
 so you can figure out these sorts of problems on your own.
 
 Do you know how to do that?  Are you trying but it isn't stopping in your
 code?  Is there some other issue with source level debugging?
 
 --
 Born in Roswell... married an alien...
 http://emptyhammock.com/
 http://edjective.org/






-- 
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/

secure use of ap_get_server_name/port

2008-03-06 Thread Nebergall, Christopher 
I'm looking for secure versions of ap_get_server_name and ap_get_server_port 
which can be trusted to always evaluate to the correct host and port for 
re-constructing the original URL the user requested.   I've removed all of the 
code below which seemed to rely on DNS, or info sent from the client.  Is the 
code below a sufficient minimal set to get working secure versions of those 
functions?  I'm confused why there are so many different ways to get the 
hostname or port.  It seems that if the ServerName directive is there it should 
return a value and that would be it.   Also why would code like cport below 
ever be zero?

API_EXPORT(const char *) ap_get_server_name2(request_rec *r)
{
return r-hostname?r-hostname:r-server-server_hostname;
}

API_EXPORT(unsigned) ap_get_server_port2(const request_rec *r)
{
unsigned port;
unsigned cport = ntohs(r-connection-local_addr.sin_port);
port = cport ? cport : r-server-port ? r-server-port : 
ap_default_port(r);
return port;
}

-Christopher

Original apache 1.3 code

-
API_EXPORT(const char *) ap_get_server_name(request_rec *r)
{
conn_rec *conn = r-connection;
core_dir_config *d;

d = (core_dir_config *)ap_get_module_config(r-per_dir_config,
core_module);

if (d-use_canonical_name == USE_CANONICAL_NAME_OFF) {
return r-hostname ? r-hostname : r-server-server_hostname;
}
if (d-use_canonical_name == USE_CANONICAL_NAME_DNS) {
if (conn-local_host == NULL) {
struct in_addr *iaddr;
struct hostent *hptr;
int old_stat;
old_stat = ap_update_child_status(conn-child_num,
  SERVER_BUSY_DNS, r);
iaddr = (conn-local_addr.sin_addr);
hptr = gethostbyaddr((char *)iaddr, sizeof(struct in_addr),
 AF_INET);
if (hptr != NULL) {
conn-local_host = ap_pstrdup(conn-pool,
  (void *)hptr-h_name);
ap_str_tolower(conn-local_host);
}
else {
conn-local_host = ap_pstrdup(conn-pool,
  r-server-server_hostname);
}
(void) ap_update_child_status(conn-child_num, old_stat, r);
}
return conn-local_host;
}
/* default */
return r-server-server_hostname;
}

API_EXPORT(unsigned) ap_get_server_port(const request_rec *r)
{
unsigned port;
unsigned cport = ntohs(r-connection-local_addr.sin_port);
core_dir_config *d =
  (core_dir_config *)ap_get_module_config(r-per_dir_config, core_module);

if (d-use_canonical_name == USE_CANONICAL_NAME_OFF
|| d-use_canonical_name == USE_CANONICAL_NAME_DNS) {

/* With UseCanonicalName Off Apache will form self-referential
 * URLs using the hostname and port supplied by the client if
 * any are supplied (otherwise it will use the canonical name).
 */
port = r-parsed_uri.port_str ? r-parsed_uri.port :
  cport ? cport :
r-server-port ? r-server-port :
  ap_default_port(r);
} else { /* d-use_canonical_name == USE_CANONICAL_NAME_ON */
port = r-server-port ? r-server-port :
  cport ? cport :
ap_default_port(r);
}

/* default */
return port;
}

RE: secure use of ap_get_server_name/port

2008-03-06 Thread Nebergall, Christopher 
Sorry let me clarify.   I'm looking at doing external policy evaluation of the 
URI like is done is most SSO products.   I have to create a policy for every 
URL the user may hit (with support for wildcards).  I would like to minimize 
the number of policies created.  So while there may be 5 different ways a user 
may type the hostname and port portions of the URI for the same content, I 
would want it to evaluate to just 1 definitive answer that I can create policy 
for (or at least as few as possible).   Plus I need to beware of malicious 
users.  If they set an invalid host header, I don't want a case where apache 
ignores the host header and host header port because it doesn't know about the 
server mentioned in the host header, but the policy code still uses it to do 
policy evaluation. That creates a case where the code would be granting or 
denying access based on the wrong policy.

Example

ServerName foo.com
ServerAlias bob.smith.bar.com *.jones.com

Assume these requests:

GET http://bob.smith.bar.com/cgi-bin/printenv
GET http://mark.jones.com/cgi-bin/printenv

I want all of these evaluated to only http://foo.com/cgi-bin/printenv

Which API's would do this for the server name and host portions?

-Christopher
-Original Message-
From: Ray Morris [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 06, 2008 3:32 PM
To: modules-dev@httpd.apache.org
Subject: Re: secure use of ap_get_server_name/port

On 03/06/2008 01:09:37 PM, Nebergall, Christopher wrote:
 I'm looking for secure versions of ap_get_server_name and
 ap_get_server_port which can be trusted to always evaluate to the
 correct host and port for re-constructing the original URL the user
 requested.

  The text part of your question seems to contradict itself regarding what 
you're actually wanting, then the code gives a third result.  Let's be sure 
exactly what you want.  If you really do want to reconstruct the orginal URL 
requested, the hostname will be found in headers_in:


host = apr_pstrdup( r-pool, apr_table_get(r-main-headers_in, Host) ); if 
(host == NULL) {
# The client didn't specify a hostname, so punt:
host = apr_pstrdup( r-pool, ap_get_server_name(r) );
if (host == NULL) return 0;
}


 I've removed all of the code below which seemed to rely on DNS, or
 info sent from the client.

  I thought you wanted to reconstruct what the client sent, but now you say you 
want to remove any reference to what the client sent?  You're asking for two 
opposite things.



 It seems that if the ServerName directive is there it should return a
 value and that would be it.

   The ServerName may have no relationship at all to the original URL requested 
by the client, which is what you said you wanted.

ServerName foo.com
ServerAlias bob.smith.bar.com

GET http://bob.smith.bar.com/


 I'm confused why there are so many different ways to get the hostname
 or port.

  Assume this configuration and no other hosts on the server for the four 
following requests:

ServerName foo.com
ServerAlias bob.smith.bar.com *.jones.com

CASE 1
Assume this request:
GET http://bob.smith.bar.com/

  There are at least two correct answers for the hostname - one can get the 
value of ServerName, as you mentioned, or one cause use the ServerAlias which 
matched the request.
So we need to functions to do the two different things.
Given the possibility of UseCanonicalName, we may want three functions - one 
for the first answer, one for the second answer, and one that respects that 
silly UseCanonicalName directive.

CASE 2
Assume this request:
GET http://joe.jones.com/

  Now we have three hostnames you be interested in - the specified ServerName, 
foo.com, the alias that matched, *.jones.com, and the actual hostname 
requested, joe.jones.com.  Throw in the fact that UseCanonicalName may be on or 
off and you need four functions in order to be able to get whichever answer you 
seek.

CASE 3
Assume noname.com resolves to 123.123.123.123, an IP on this server.

Assume this request:
GET http://noname.com/

  Now we have four possible answers - the value of ServerName, the the 
requested host name, or the match, which is just the IP - or is it an empty 
name?

  I could go on and on, but I think the point is clear - there are a lot of 
ways to get different hostnames, depending on what you're looking for.  You say 
you are confused about why there are so many ways to get the host name, but 
then again you're also confused about which hostname you want - the one from 
the original request or the one from the ServerName directive.
One could also throw in the possibility that this request isn't the orginal 
request, but is a sub-request.
In that case there could up to twelve different answers you may be interested 
in - the four answers from case 4, each regarding THIS request, it's parent, or 
the main original request.

   In most cases, the best one to use is probably the hostname that was 
actually requested for this request:
apr_table_get(r-headers_in