cvs commit: jakarta-tomcat-connectors/jni/native/build tcnative.m4
mturk 2005/06/11 23:10:13 Modified:jni/native Makefile.in configure.in jni/native/build tcnative.m4 Log: Fix compilation by favoring CFLAGS, CPPFLAGS, LIBS and LDFLAGS set before calling configure. Revision ChangesPath 1.9 +5 -1 jakarta-tomcat-connectors/jni/native/Makefile.in Index: Makefile.in === RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/Makefile.in,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- Makefile.in 6 Jun 2005 16:15:20 - 1.8 +++ Makefile.in 12 Jun 2005 06:10:13 - 1.9 @@ -2,6 +2,9 @@ # Top-level Makefile for TCNATIVE # +CFLAGS = @CFLAGS@ +CPPFLAGS = @CPPFLAGS@ + # gets substituted into some targets [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ @@ -9,7 +12,8 @@ srcdir = @srcdir@ VPATH = @srcdir@ -INCLUDES = @SSL_CFLAGS@ @TCNATIVE_INCLUDES@ @TCNATIVE_PRIV_INCLUDES@ @APR_INCLUDES@ +# this sucks, but it's the only way to add extra flags to the LT_COMPILE +INCLUDES = @CFLAGS@ @CPPFLAGS@ @TCNATIVE_INCLUDES@ @TCNATIVE_PRIV_INCLUDES@ @APR_INCLUDES@ TCNATIVE_LDFLAGS = @TCNATIVE_LDFLAGS@ TCNATIVE_LIBS = @TCNATIVE_LIBS@ 1.5 +4 -3 jakarta-tomcat-connectors/jni/native/configure.in Index: configure.in === RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/configure.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- configure.in 6 Jun 2005 16:15:20 - 1.4 +++ configure.in 12 Jun 2005 06:10:13 - 1.5 @@ -81,8 +81,6 @@ dnl APR_SETIFNULL(CC, `$apr_config --cc`) APR_SETIFNULL(CPP, `$apr_config --cpp`) -APR_ADDTO(CFLAGS, `$apr_config --cflags`) -APR_ADDTO(CPPFLAGS, `$apr_config --cppflags`) AC_PROG_INSTALL @@ -133,14 +131,17 @@ dnl dnl Prep all the flags and stuff for compilation and export to other builds dnl +APR_ADDTO(TCNATIVE_LIBS, [$LIBS]) APR_ADDTO(TCNATIVE_LIBS, [$APR_LIBS]) +APR_ADDTO(TCNATIVE_LDFLAGS, [$LDFLAGS]) AC_SUBST(TCNATIVE_EXPORT_LIBS) AC_SUBST(TCNATIVE_PRIV_INCLUDES) AC_SUBST(TCNATIVE_INCLUDES) AC_SUBST(TCNATIVE_LDFLAGS) AC_SUBST(TCNATIVE_LIBS) -AC_SUBST(LDFLAGS) +AC_SUBST(CFLAGS) +AC_SUBST(CPPFLAGS) dnl copy apr's rules.mk into our build directory. if test ! -d ./build; then 1.9 +1 -2 jakarta-tomcat-connectors/jni/native/build/tcnative.m4 Index: tcnative.m4 === RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/build/tcnative.m4,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- tcnative.m4 8 Jun 2005 07:56:24 - 1.8 +++ tcnative.m4 12 Jun 2005 06:10:13 - 1.9 @@ -320,8 +320,7 @@ dnl (a) define preprocessor symbols if test $tcn_ssltk_type = openssl; then APR_SETVAR(SSL_LIBS, [-lssl -lcrypto]) -APR_ADDTO(SSL_CFLAGS, [-DHAVE_OPENSSL]) +APR_ADDTO(CFLAGS, [-DHAVE_OPENSSL]) fi AC_SUBST(SSL_LIBS) - AC_SUBST(SSL_CFLAGS) ]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jni/native/src info.c ssl.c sslutils.c
mturk 2005/06/12 00:01:03
Modified:jni/native/include tcn.h
jni/native/src info.c ssl.c sslutils.c
Log:
Fix various compile time warnings for -Wall
Revision ChangesPath
1.17 +17 -10jakarta-tomcat-connectors/jni/native/include/tcn.h
Index: tcn.h
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/tcn.h,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- tcn.h 11 Jun 2005 18:21:12 - 1.16
+++ tcn.h 12 Jun 2005 07:01:03 - 1.17
@@ -26,7 +26,19 @@
#error Missing APR_HAS_THREADS support from APR.
#endif
-#define TCN_DO_STATISTICS 1
+#if defined(DEBUG) || defined(_DEBUG)
+/* On -DDEBUG use the statistics */
+#ifndef TCN_DO_STATISTICS
+#define TCN_DO_STATISTICS
+#endif
+#endif
+#include stdio.h
+#include stdlib.h
+#if defined(_WIN32) !defined(__CYGWIN__)
+#include process.h
+#else
+#include unistd.h
+#endif
#include jni.h
#if defined(_DEBUG) || defined(DEBUG)
@@ -65,7 +77,8 @@
#define TCN_AINFO_CLASS TCN_CLASS_PATH Sockaddr
#define TCN_ERROR_CLASS TCN_CLASS_PATH Error
-#define UNREFERENCED(P) (P)
+#define UNREFERENCED(P) (P) = (P)
+#define UNREFERENCED_STDARGS e = e; o = o
#ifdef WIN32
#define LLT(X) (X)
#else
@@ -76,7 +89,6 @@
/* On stack buffer size */
#define TCN_BUFFER_SZ 8192
#define TCN_STDARGS JNIEnv *e, jobject o
-#define UNREFERENCED_STDARGSe; o
#define TCN_IMPLEMENT_CALL(RT, CL, FN) \
JNIEXPORT RT JNICALL Java_org_apache_tomcat_jni_##CL##_##FN
@@ -97,13 +109,8 @@
#define J2T(T) (apr_time_t)((T))
-#if 1
#define TCN_BEGIN_MACRO if (1) {
-#define TCN_END_MACRO } else (void *)(0)
-#else
-#define TCN_BEGIN_MACRO do {
-#define TCN_END_MACRO } while (0)
-#endif
+#define TCN_END_MACRO } else (void)(0)
#define TCN_ALLOC_CSTRING(V) \
const char *c##V = V ? (const char *)((*e)-GetStringUTFChars(e, V, 0))
: NULL
1.7 +7 -7 jakarta-tomcat-connectors/jni/native/src/info.c
Index: info.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/info.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- info.c24 May 2005 09:24:40 - 1.6
+++ info.c12 Jun 2005 07:01:03 - 1.7
@@ -34,14 +34,14 @@
if (_fid##N == NULL) { \
(*e)-ExceptionClear(e);\
goto cleanup; \
-} (void *)(0)
+} else (void)(0)
#define GET_FINFO_J(N) \
_fid##N = (*e)-GetFieldID(e, finfo, #N, J); \
if (_fid##N == NULL) { \
(*e)-ExceptionClear(e);\
goto cleanup; \
-} (void *)(0)
+} else (void)(0)
#define GET_FINFO_S(N) \
_fid##N = (*e)-GetFieldID(e, finfo, #N,\
@@ -49,7 +49,7 @@
if (_fid##N == NULL) { \
(*e)-ExceptionClear(e);\
goto cleanup; \
-} (void *)(0)
+} else (void)(0)
#define SET_FINFO_I(N, V) \
(*e)-SetIntField(e, obj, _fid##N, (jint)(V))
@@ -70,14 +70,14 @@
if (_aid##N == NULL) { \
(*e)-ExceptionClear(e);\
goto cleanup; \
-} (void *)(0)
+} else (void)(0)
#define GET_AINFO_J(N) \
_aid##N = (*e)-GetFieldID(e, ainfo, #N, J); \
if (_aid##N == NULL) { \
(*e)-ExceptionClear(e);\
goto cleanup; \
-} (void *)(0)
+} else (void)(0)
#define GET_AINFO_S(N) \
_aid##N = (*e)-GetFieldID(e, ainfo, #N,\
@@ -85,7 +85,7 @@
if (_aid##N == NULL) { \
(*e)-ExceptionClear(e);\
goto cleanup; \
-} (void *)(0)
+} else (void)(0)
#define SET_AINFO_I(N, V) \
(*e)-SetIntField(e, obj, _aid##N, (jint)(V))
1.34 +2 -2 jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- ssl.c 11 Jun 2005 18:22:25 - 1.33
+++ ssl.c 12 Jun 2005 07:01:03 - 1.34
@@ -48,7 +48,7 @@
if (SSL_temp_keys[idx]) { \
DO NOT REPLY [Bug 34389] - Tomcat 5.5.9 Cluster fix pack
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34389. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34389 --- Additional Comments From [EMAIL PROTECTED] 2005-06-12 09:19 --- Download the binary attachment and extract this in your Tomcat 5.5.9 distribution. Peter -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c sslutils.c
mturk 2005/06/12 00:33:08
Modified:jni/java/org/apache/tomcat/jni SSL.java
jni/native/include ssl_private.h
jni/native/src ssl.c sslcontext.c sslutils.c
Added: jni/java/org/apache/tomcat/jni PasswordCallback.java
Log:
Change PasswordCallback instead BIO for obtaining passwords.
A single global function is enough.
Revision ChangesPath
1.18 +4 -4
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
Index: SSL.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- SSL.java 11 Jun 2005 18:16:42 - 1.17
+++ SSL.java 12 Jun 2005 07:33:08 - 1.18
@@ -220,10 +220,10 @@
public static native int closeBIO(long bio);
/**
- * Set global Password callback BIO for obtaining passwords.
- * @param bio BIO to use.
+ * Set global Password callback for obtaining passwords.
+ * @param callback PasswordCallback implementation to use.
*/
- public static native void setPasswordBIO(long bio);
+ public static native void setPasswordCallback(PasswordCallback
callback);
/**
* Set global Password for decrypting certificates and keys.
1.1
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/PasswordCallback.java
Index: PasswordCallback.java
===
/*
* Copyright 1999-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the License);
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an AS IS BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.tomcat.jni;
/** PasswordCallback Interface
*
* @author Mladen Turk
* @version $Revision: 1.1 $, $Date: 2005/06/12 07:33:07 $
*/
public interface PasswordCallback {
/**
* Called when the password is required
* @param prompt Password prompt
* @return Valid password or null
*/
public String callback(String prompt);
}
1.27 +2 -2
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- ssl_private.h 11 Jun 2005 18:20:10 - 1.26
+++ ssl_private.h 12 Jun 2005 07:33:08 - 1.27
@@ -168,7 +168,7 @@
typedef struct {
charpassword[SSL_MAX_PASSWORD_LEN];
const char *prompt;
-BIO*bio;
+tcn_callback_t cb;
} tcn_pass_cb_t;
extern tcn_pass_cb_t tcn_password_callback;
1.35 +21 -11jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- ssl.c 12 Jun 2005 07:01:03 - 1.34
+++ ssl.c 12 Jun 2005 07:33:08 - 1.35
@@ -113,6 +113,12 @@
if (!ssl_initialized)
return APR_SUCCESS;
ssl_initialized = 0;
+
+if (tcn_password_callback.cb.obj) {
+TCN_UNLOAD_CLASS(tcn_password_callback.cb.env,
+ tcn_password_callback.cb.obj);
+}
+
SSL_TMP_KEYS_FREE(RSA);
SSL_TMP_KEYS_FREE(DH);
/*
@@ -693,19 +699,23 @@
return APR_SUCCESS;
}
-TCN_IMPLEMENT_CALL(void, SSL, setPasswordBIO)(TCN_STDARGS, jlong bio)
+TCN_IMPLEMENT_CALL(void, SSL, setPasswordCallback)(TCN_STDARGS,
+ jobject callback)
{
-BIO *bio_handle = J2P(bio, BIO *);
+jclass cls;
-UNREFERENCED_STDARGS;
-if (tcn_password_callback.bio
-tcn_password_callback.bio != bio_handle) {
-SSL_BIO_close(tcn_password_callback.bio);
-tcn_password_callback.bio = bio_handle;
+UNREFERENCED(o);
+if (tcn_password_callback.cb.obj) {
+TCN_UNLOAD_CLASS(tcn_password_callback.cb.env,
+ tcn_password_callback.cb.obj);
}
-else
-return;
cvs commit: jakarta-tomcat-connectors/jni/native/src sslnetwork.c sslutils.c
mturk 2005/06/12 03:31:17
Modified:jni/examples/org/apache/tomcat/jni SSLServer.java
jni/java/org/apache/tomcat/jni SSLSocket.java
jni/native/include ssl_private.h
jni/native/src sslnetwork.c sslutils.c
Log:
Implement SSLSocket.read and SSLSocket.write,
as well as example. Use 'openssl s_clent to test'
Revision ChangesPath
1.6 +64 -13
jakarta-tomcat-connectors/jni/examples/org/apache/tomcat/jni/SSLServer.java
Index: SSLServer.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/examples/org/apache/tomcat/jni/SSLServer.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- SSLServer.java11 Jun 2005 07:03:45 - 1.5
+++ SSLServer.java12 Jun 2005 10:31:16 - 1.6
@@ -18,12 +18,14 @@
public static int serverPort= 0;
public static int serverNmax= 0;
public static int serverNrun= 0;
-public static long serverPool = 0;
public static long serverCtx= 0;
+public static long serverPool = 0;
public static String serverCert = null;
public static String serverKey = null;
public static String serverCiphers = null;
public static String serverPassword = null;
+public static String serverCAFile = null;
+
private static Acceptor serverAcceptor = null;
private static Object threadLock = new Object();
@@ -41,6 +43,7 @@
serverNmax = Integer.decode(props.getProperty(server.max,
1)).intValue();
serverCert = props.getProperty(server.cert, server.pem);
serverKey = props.getProperty(server.key, null);
+serverCAFile = props.getProperty(server.cacertificate, null);
serverCiphers = props.getProperty(server.ciphers, ALL);
serverPassword = props.getProperty(server.password, null);
}
@@ -60,7 +63,7 @@
SSLContext.setCipherSuite(serverCtx, serverCiphers);
/* Load Server key and certificate */
SSLContext.setCertificate(serverCtx, serverCert, serverKey,
serverPassword, SSL.SSL_AIDX_RSA);
-SSLContext.setVerify(serverCtx, SSL.SSL_CVERIFY_REQUIRE, 10);
+SSLContext.setVerify(serverCtx, SSL.SSL_CVERIFY_NONE, 10);
serverAcceptor = new Acceptor();
serverAcceptor.start();
@@ -97,14 +100,6 @@
pool);
serverSock = Socket.create(Socket.APR_INET,
Socket.SOCK_STREAM,
Socket.APR_PROTO_TCP, pool);
-long sa = Address.get(Socket.APR_LOCAL, serverSock);
-Sockaddr addr = new Sockaddr();
-if (Address.fill(addr, sa)) {
-System.out.println(Host: + addr.hostname);
-System.out.println(Server: + addr.servname);
-System.out.println(IP: + Address.getip(sa) +
- : + addr.port);
-}
int rc = Socket.bind(serverSock, inetAddress);
if (rc != 0) {
throw(new Exception(Can't create Acceptor: bind: +
Error.strerror(rc)));
@@ -149,9 +144,18 @@
Socket.timeoutSet(clientSock, 1000);
long sslSocket = SSLSocket.attach(SSLServer.serverCtx,
clientSock, pool);
i = SSLSocket.handshake(sslSocket);
-System.out.println(Handskake : + i);
+if (i == 0) {
-SSLSocket.close(sslSocket);
+Worker worker = new Worker(sslSocket, i++,
+
this.getClass().getName());
+SSLServer.incThreads();
+worker.start();
+
+}
+else {
+System.out.println(Handshake error: +
SSL.getLastError());
+SSLSocket.close(sslSocket);
+}
}
}
catch( Exception ex ) {
@@ -159,6 +163,53 @@
}
}
}
+
+private class Worker extends Thread {
+private int workerId = 0;
+private long clientSock = 0;
+private byte [] wellcomeMsg = null;
+
+public Worker(long clientSocket, int workerId, String from) {
+this.clientSock = clientSocket;
+this.workerId = workerId;
+wellcomeMsg = (SSLServer server id: + this.workerId + from
+
+ from + \r\n).getBytes();
+}
+
+public void run() {
+boolean doClose =
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http HttpConnector.java HttpHeader.java HttpProcessor.java HttpRequestImpl.java HttpRequestLine.java HttpRequestStream.java HttpResponseImpl.java HttpResponseStream.java
markt 2005/06/12 08:21:44 Modified:catalina/src/share/org/apache/catalina/connector HttpRequestFacade.java HttpResponseBase.java HttpResponseFacade.java RequestBase.java RequestFacade.java RequestWrapper.java ResponseBase.java ResponseFacade.java ResponseWrapper.java ResponseWriter.java catalina/src/share/org/apache/catalina/connector/http10 HttpConnector.java HttpProcessor.java catalina/src/share/org/apache/catalina/connector/http HttpConnector.java HttpHeader.java HttpProcessor.java HttpRequestImpl.java HttpRequestLine.java HttpRequestStream.java HttpResponseImpl.java HttpResponseStream.java Log: Remove unused imports identified by Eclipse Revision ChangesPath 1.4 +1 -8 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestFacade.java Index: HttpRequestFacade.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestFacade.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- HttpRequestFacade.java26 Aug 2004 21:30:19 - 1.3 +++ HttpRequestFacade.java12 Jun 2005 15:21:44 - 1.4 @@ -18,14 +18,7 @@ package org.apache.catalina.connector; -import java.security.Principal; -import java.util.Locale; import java.util.Enumeration; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletInputStream; -import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.Cookie; import javax.servlet.http.HttpSession; 1.56 +1 -3 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java Index: HttpResponseBase.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v retrieving revision 1.55 retrieving revision 1.56 diff -u -r1.55 -r1.56 --- HttpResponseBase.java 26 Aug 2004 21:30:19 - 1.55 +++ HttpResponseBase.java 12 Jun 2005 15:21:44 - 1.56 @@ -25,7 +25,6 @@ import java.net.MalformedURLException; // import java.net.URL; import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.PrivilegedExceptionAction; import java.security.PrivilegedActionException; import java.text.SimpleDateFormat; @@ -45,7 +44,6 @@ import org.apache.catalina.Globals; import org.apache.catalina.Logger; import org.apache.catalina.util.CookieTools; -import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.URL; 1.7 +1 -3 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseFacade.java Index: HttpResponseFacade.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseFacade.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- HttpResponseFacade.java 26 Aug 2004 21:30:19 - 1.6 +++ HttpResponseFacade.java 12 Jun 2005 15:21:44 - 1.7 @@ -19,8 +19,6 @@ import java.io.IOException; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.Cookie; import org.apache.catalina.HttpResponse; 1.23 +1 -3 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/RequestBase.java Index: RequestBase.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/RequestBase.java,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- RequestBase.java 26 Aug 2004 21:30:19 - 1.22 +++ RequestBase.java 12 Jun 2005 15:21:44 - 1.23 @@ -24,7 +24,6 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.Socket; -import java.security.Principal; import java.util.ArrayList; import java.util.Enumeration; import java.util.HashMap; @@ -33,7 +32,6 @@ import java.util.Map; import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; -import javax.servlet.ServletException; import javax.servlet.ServletInputStream; import
DO NOT REPLY [Bug 35336] New: - RFE: JK 1.2.13 (isapi_redirect) should be able to bypass IIS authentication, patch provided
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=35336.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35336
Summary: RFE: JK 1.2.13 (isapi_redirect) should be able to bypass
IIS authentication, patch provided
Product: Tomcat 5
Version: 5.5.9
Platform: PC
OS/Version: Windows 2000
Status: NEW
Severity: enhancement
Priority: P2
Component: Native:JK
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]
With JK 2.0.4 it was possible to handle authentication completely within the
webapp (for example using jCIFS) as if the tomcat http connector would be used.
The virtual directory jakarta is configured to do no (basic/windows)
authentication (i.e. anonymous).
With JK 1.2.13 I was not able to configure the same behaviour. IIS/JK 1.2.13
interferes with the authentication process. Authentication headers which should
be forwarded to tomcat are removed from the request.
It should be possible to authenticate using tomcat/webapp means independent
from
the used connector (http or JK). That means for example the tomcat manager
could
be simply used over IIS/JK without doing any extra authentication configuration
and/or usermanagement at IIS side. The userdatabase would be conf\tomcat-users.
xml. Tomcat users could use IIS, but keep the authentication process within
Tomcat. I found some mails in the tomcat-users mailinglist about authentication
probs with JK/IIS, so I assume this RFE would be also useful for others.
It seems when a IIS version before IIS 5 is recognized, IIS/JK will not
interfere with authentication process. Tomcat or the webapp could do
authentication undisturbed.
I have made a modification to jk_isapi_plugin.c, which will provide the
functionality for doing this for me.
With this modification ISAPI_redirect will operate as if an IIS Version before
5
is recognized but only if the registry key
Software\Apache Software Foundation\Jakarta Isapi Redirector\1.
0\bypass_iis5_auth = '1' exists. Without this key the modification has no
effect, so this should not break current installations.
Could someone apply this patch or at least the functionality to the JK codebase?
Please feel free to change the patch code, if it does not fit source code
requirements. (I am not a C developer)
*** jk-1.2.13-src\jk\native\iis\jk_isapi_plugin.c 2005-05-15 13:10:12.0
+-0200
--- jk-1.2.13-src\jk\native\iis\jk_isapi_plugin_modified.c 2005-06-08 11:31:38.
0 +-0200
***
*** 64,69
--- 64,71
#define REGISTRY_LOCATION (Software\\Apache Software
Foundation\\Jakarta Isapi Redirector\\1.0)
#define EXTENSION_URI_TAG (extension_uri)
! #define BYPASS_IIS5_AUTH (bypass_iis5_auth)
!
#define URI_SELECT_TAG (uri_select)
#define URI_SELECT_PARSED_VERB (parsed)
#define URI_SELECT_UNPARSED_VERB(unparsed)
***
*** 120,125
--- 122,128
static int is_inited = JK_FALSE;
static int is_mapread = JK_FALSE;
static int iis5 = -1;
+ static int bypass_iis5 = 0;
static jk_uri_worker_map_t *uw_map = NULL;
static jk_logger_t *logger = NULL;
***
*** 694,699
--- 697,706
iis5 = (atof(serverSoftware + 14) = 5.0);
if (iis5) {
jk_log(logger, JK_LOG_DEBUG, Detected IIS = 5.0);
+ if (bypass_iis5) {
+ jk_log(logger, JK_LOG_DEBUG, bypass_iis5_auth0 set
iis5=0)
;
+ iis5 = 0;
+ }
}
else {
jk_log(logger, JK_LOG_DEBUG, Detected IIS 5.0);
***
*** 1323,1328
--- 1330,1343
}
}
! if (get_registry_config_parameter(hkey,
! BYPASS_IIS5_AUTH,
! tmpbuf, sizeof(tmpbuf))) {
! if (tmpbuf[0]'0') {
! bypass_iis5=1;
! }
! }
!
RegCloseKey(hkey);
}
return ok;
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: AJP using APR
Bill Barker wrote: Costin Manolache [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Bill Barker wrote: If I understand you correctly, you want MsgAjp to use ByteBuffer instead of byte []. At the cost of never supporting JDK 1.3 ever again, this would probably actually improve the performance of ChannelSocket (after changing it to use a blocking SocketChannel). The biggest difference will be if it's a 'direct' buffer, i.e. zero copy. Classpath ( gcj, kaffe, etc ) also has byte buffer support - so it should be ok, if anyone needs jdk1.3, they can use the old code. Yes, the idea was that it would be a direct buffer. But where is the code ? It's on my hard-drive. Unlike Remy's APR stuff, o.a.jk is supposed to be a pretty stable package(s) at this point. I can't just check in stuff like this without a lot of testing to make sure that it doesn't break anything more than JDK 1.3 compatibility ;-). That's why C has conditional compilation - and java has some options-controlled ugly 'if' code :-) It doesn't break anything if the option/def is not selected ( just makes the code a bit uglier ). This way even JDK1.3 will be happy. The biggest problem in JNI ( and probably - in Java playing nice with other languages and the rest of the platform ) is the objects and buffers moving around almost randomly. Yes, it may improve a bit the garbage collection speed - so people can create millions of garbage objects without thinking about it, unlike most other languages that require you to think when allocating objects - but it is the kind of optimization that has disastrous consequences on the rest of the systems. Luckily gcj and kaffe and mono don't do this crazy thing. Direct buffers is one band-aid that should be used whenever possible. Costin Costin Rémy This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Summer of code - next steps?
I re-re-read the FAQ and here is what I interpret: Anyone may submit to Google a proposal (any meaning a student). Google will then take their favorite 200 and pass these along to the mentoring organizations. The mentoring organizations can give a thumbs up or down because they need to approve that the work was done at the end of the time period. Its up to the discretion of each project to incorporate the code produced by the student. But if the code is not worthy to be accepted, the student can still be paid (by Google) if the mentor says its OK. [I would imagine there could be cases where code is produced but not committed for a variety of reasons.] So it seems the wiki was a communication vehicle to let folks know what project mentoring organizatoins were interested in since it was up the mentoring organizations to say yes or no to whether they wish to mentor a specific proposal. I have no idea of the ramifications if multiple folks are interested in the same project and it they should submit competing or complementary proposals. I guess the google group dedicated to this has more information there. -Tim Remy Maucherat wrote: Tim Funk wrote: For those interested in Summer of code what do we need to do next? Is having the Wiki up to date enough? And we sit back while participants submit their proposals and Google chooses whom will get the stipend, while the folks listed on the Wiki mentor? http://code.google.com/soc_application.html Very good questions :) I'm interested too. I added the JSTL tag plugins for Jasper as another project, BTW. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AJP using APR
- Original Message - From: Costin Manolache [EMAIL PROTECTED] To: tomcat-dev@jakarta.apache.org Sent: Sunday, June 12, 2005 5:31 PM Subject: Re: AJP using APR Bill Barker wrote: Costin Manolache [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Bill Barker wrote: If I understand you correctly, you want MsgAjp to use ByteBuffer instead of byte []. At the cost of never supporting JDK 1.3 ever again, this would probably actually improve the performance of ChannelSocket (after changing it to use a blocking SocketChannel). The biggest difference will be if it's a 'direct' buffer, i.e. zero copy. Classpath ( gcj, kaffe, etc ) also has byte buffer support - so it should be ok, if anyone needs jdk1.3, they can use the old code. Yes, the idea was that it would be a direct buffer. But where is the code ? It's on my hard-drive. Unlike Remy's APR stuff, o.a.jk is supposed to be a pretty stable package(s) at this point. I can't just check in stuff like this without a lot of testing to make sure that it doesn't break anything more than JDK 1.3 compatibility ;-). That's why C has conditional compilation - and java has some options-controlled ugly 'if' code :-) It doesn't break anything if the option/def is not selected ( just makes the code a bit uglier ). This way even JDK1.3 will be happy. Yeah, well, I hate ugly ;-). Using NIO will be switchable (and off by default for BC for now). Mark says he doesn't want to use j-t-c HEAD for 4.1.x, and if there is ever another 3.3 release, I'll just add a comment that using the Coyote-JK connector requires JDK 1.4 (similar to the one for the HTTP/1.1 connector). The old AJP connector works well enough in 3.3. I've been spending the weekend fighting with APR-1, that doesn't want to use the OpenSSL .a files. At this point, I'm probably just going to admit defeat. It's a test box, so I can simply install a test-version of the OpenSSL .so files and link against that. It's sad that the libtool from httpd-2.0.50 works fine with the .a files :(, but APR-1 doesn't. The biggest problem in JNI ( and probably - in Java playing nice with other languages and the rest of the platform ) is the objects and buffers moving around almost randomly. Yes, it may improve a bit the garbage collection speed - so people can create millions of garbage objects without thinking about it, unlike most other languages that require you to think when allocating objects - but it is the kind of optimization that has disastrous consequences on the rest of the systems. Luckily gcj and kaffe and mono don't do this crazy thing. Direct buffers is one band-aid that should be used whenever possible. Fortunately, this is Remy's problem ;-). Costin This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AJP using APR [T20050613001A]
Dear tomcat-dev@jakarta.apache.org, Thanks for writing to Webshots! We received your message on 6/12/2005. Your tracking number for this message is : T20050613001A ** IMPORTANT: PLEASE DO NOT REPLY TO THIS EMAIL! ** This is an automatic response to let you know that your Webshots Corporate email will be personally answered as soon as possible, usually within 3 business days. Our customer support staff is available to respond to messages during regular business hours, excluding holidays. Thanks again for your questions and comments, The Webshots Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
