RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Larry, Thanks. The restored mod_jk behavior is the same as Tomcat 3.3.x with DecodeInterceptor ... safe=true/, the default. Unsafe escapes give 403's. We can add a similar option to mod_jk to turn off the checking. Though, I can't image a situation where it would make sense to accept the risks to gain access to these escapes. The problem is that i_r2.dll is spitting 403 on any URL that contains %2F, remeber fuilter do see ALL the request that pass for the IIS server, we are rejecting URL NOT for tomcat, like in /test%2Ftest.asp, this is the wrong behaviour the user seeing, and i think it's a little agressive, dont you? so this needs to be solved.. Saludos, Ignacio J. Ortega - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
-Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 4:51 AM To: 'Tomcat Developers List' Subject: RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c Larry, Thanks. The restored mod_jk behavior is the same as Tomcat 3.3.x with DecodeInterceptor ... safe=true/, the default. Unsafe escapes give 403's. We can add a similar option to mod_jk to turn off the checking. Though, I can't image a situation where it would make sense to accept the risks to gain access to these escapes. The problem is that i_r2.dll is spitting 403 on any URL that contains %2F, remeber fuilter do see ALL the request that pass for the IIS server, we are rejecting URL NOT for tomcat, like in /test%2Ftest.asp, this is the wrong behaviour the user seeing, and i think it's a little agressive, dont you? so this needs to be solved.. Saludos, Ignacio J. Ortega - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
I'm seem to be getting into a habit of clicking Send instead of Save. :( I think this is something that to some degree is a necessary evil. Hopefully I will be able to tell more when I can get back into the code. The trick is allowing this okay URL to succeed while preventing malicious uses of %2F from also succeeding. Cheers, Larry -Original Message- From: Larry Isaacs Sent: Thursday, February 06, 2003 8:02 AM To: Tomcat Developers List Subject: RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c -Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 4:51 AM To: 'Tomcat Developers List' Subject: RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c Larry, Thanks. The restored mod_jk behavior is the same as Tomcat 3.3.x with DecodeInterceptor ... safe=true/, the default. Unsafe escapes give 403's. We can add a similar option to mod_jk to turn off the checking. Though, I can't image a situation where it would make sense to accept the risks to gain access to these escapes. The problem is that i_r2.dll is spitting 403 on any URL that contains %2F, remeber fuilter do see ALL the request that pass for the IIS server, we are rejecting URL NOT for tomcat, like in /test%2Ftest.asp, this is the wrong behaviour the user seeing, and i think it's a little agressive, dont you? so this needs to be solved.. Saludos, Ignacio J. Ortega - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Larry, Sorry, Clicked the wrong button. :) No problem, :), i undertands the concerns, and the change seems a little daring i know.. anyway, reviewing by peers works, thanks god.. :) To finish the thought, with the change below, does http://localhost/test%2F/test.jsp still go to Tomcat? Or is it blocked from going to Tomcat because it is a bad URL. If it doesn't go to Tomcat, how do we know some other filter in the chain isn't going to serve it statically? take into account that to be able to map we first need to unescape the url. it's the unescaping function the one that gives this errors, so we can only block these url prior to do the mapping, so we really dont know if the url should go to tomcat or not at this point.. And It's almost the same case that in apache you need to explicitely block WEB-INF, if you want block people from look at there when using a configuration where tomcat context it's directly configured as an apache served directory.. something that needs to be tweaked to be secure.. I think this is the same case, it's an advanced configuration, there are posible source disclosures, but it's a risk you can sort out.. like in the apache WEB-INF case.. And the casual and default configuration, doesnt have this advance features.. Do you see other way to fix 16759? Saludos, Ignacio J. Ortega - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
I've haven't looked at the full source in a while, so I'm somewhat guessing at the exact impact. I'm working on a Tomcat 3.3.2 release plan which will need to integrate use of the J-T-C connectors. I should be able to take a more in depth look at this as part of that. I wouldn't see it as a step forward where we increase the vulnerability of the majority, and the effort needed to deal with that, in favor of satisfying a small minority that insist on using inherently unsafe escape sequences. Maybe this new behavior should be an option like it is in Tomcat 3.3.x. The default is to err on the side of safety. Operating in this less safe envrionment could be specifically requested via an option, and the user is responsible for dealing with the impact. How does that sound? Cheers, Larry -Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 4:04 AM To: 'Tomcat Developers List' Subject: RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c Larry, Sorry, Clicked the wrong button. :) No problem, :), i undertands the concerns, and the change seems a little daring i know.. anyway, reviewing by peers works, thanks god.. :) To finish the thought, with the change below, does http://localhost/test%2F/test.jsp still go to Tomcat? Or is it blocked from going to Tomcat because it is a bad URL. If it doesn't go to Tomcat, how do we know some other filter in the chain isn't going to serve it statically? take into account that to be able to map we first need to unescape the url. it's the unescaping function the one that gives this errors, so we can only block these url prior to do the mapping, so we really dont know if the url should go to tomcat or not at this point.. And It's almost the same case that in apache you need to explicitely block WEB-INF, if you want block people from look at there when using a configuration where tomcat context it's directly configured as an apache served directory.. something that needs to be tweaked to be secure.. I think this is the same case, it's an advanced configuration, there are posible source disclosures, but it's a risk you can sort out.. like in the apache WEB-INF case.. And the casual and default configuration, doesnt have this advance features.. Do you see other way to fix 16759? Saludos, Ignacio J. Ortega - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Larry, I wouldn't see it as a step forward where we increase the vulnerability of the majority, and the effort needed to deal with that, in favor of satisfying a small minority that insist on using inherently unsafe escape sequences. Maybe this new behavior should be an option like it is in Tomcat 3.3.x. The default is to err on the side of safety. Operating in this less safe envrionment could be specifically requested via an option, and the user is responsible for dealing with the impact. How does that sound? Ok, no problem, but there must be a middle ground. Perhaps the tests (jk_req_util.c/jk_requtil_unescapeUrl) now overreact a bit, maybe we can tone down the code, just now it barfs on any embedded '/' %2F, tomcat deals without problems with this issues, and later there is an agressive uri filtering on ./ and combinations.. maybe is better to let this pass without problems to tc, and let tomcat deal with it.. tested and it works very well.. How about this way? In the mean time i'll revert the change.. Saludos, Ignacio J. Ortega - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Thanks. The restored mod_jk behavior is the same as Tomcat 3.3.x with DecodeInterceptor ... safe=true/, the default. Unsafe escapes give 403's. We can add a similar option to mod_jk to turn off the checking. Though, I can't image a situation where it would make sense to accept the risks to gain access to these escapes. Cheers, Larry -Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 5:02 PM To: 'Tomcat Developers List' Subject: RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c Larry, I wouldn't see it as a step forward where we increase the vulnerability of the majority, and the effort needed to deal with that, in favor of satisfying a small minority that insist on using inherently unsafe escape sequences. Maybe this new behavior should be an option like it is in Tomcat 3.3.x. The default is to err on the side of safety. Operating in this less safe envrionment could be specifically requested via an option, and the user is responsible for dealing with the impact. How does that sound? Ok, no problem, but there must be a middle ground. Perhaps the tests (jk_req_util.c/jk_requtil_unescapeUrl) now overreact a bit, maybe we can tone down the code, just now it barfs on any embedded '/' %2F, tomcat deals without problems with this issues, and later there is an agressive uri filtering on ./ and combinations.. maybe is better to let this pass without problems to tc, and let tomcat deal with it.. tested and it works very well.. How about this way? In the mean time i'll revert the change.. Saludos, Ignacio J. Ortega - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Hi Nacho, My brain is isn't firing on all cylinders at the moment, but this makes me a little nervous. I think some of the problems in the past have been where malicious escaping would prevent request from being forwarded to Tomcat, and would be served statically. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 3:46 PM To: [EMAIL PROTECTED] Subject: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c nacho 2003/02/04 12:45:50 Modified:jk/native2/server/isapi jk_isapi_plugin.c Log: Fix for Bug#16759 ISAPI_REDIRECTOR Handles %2F improperly Now a uri considered not valid or bad by jk2 is passed down the filter chain, so letting the server continue processing, also relaxed logging to info as they are not errors anymore.. Revision ChangesPath 1.54 +10 -6 jakarta-tomcat-connectors/jk/native2/server/isapi/jk_isapi_plugin.c Index: jk_isapi_plugin.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/server/isapi/jk _isapi_plugin.c,v retrieving revision 1.53 retrieving revision 1.54 diff -u -r1.53 -r1.54 --- jk_isapi_plugin.c 4 Feb 2003 07:44:23 - 1.53 +++ jk_isapi_plugin.c 4 Feb 2003 20:45:49 - 1.54 @@ -316,20 +316,24 @@ rc = jk_requtil_unescapeUrl(uri); if (rc == BAD_REQUEST) { -env-l-jkLog(env, env-l, JK_LOG_ERROR, +env-l-jkLog(env, env-l, JK_LOG_INFO, HttpFilterProc [%s] contains one or more invalid escape sequences.\n, uri); -write_error_response(pfc,400 Bad Request, HTML_ERROR_400); +// XXX: Let any other filter process the request, +// if they take any security measure or not doesnt matter. +// write_error_response(pfc,400 Bad Request, HTML_ERROR_400); workerEnv-globalEnv-releaseEnv( workerEnv-globalEnv, env ); -return SF_STATUS_REQ_FINISHED; +return SF_STATUS_REQ_NEXT_NOTIFICATION; } else if(rc == BAD_PATH) { -env-l-jkLog(env, env-l, JK_LOG_EMERG, +env-l-jkLog(env, env-l, JK_LOG_INFO, HttpFilterProc [%s] contains forbidden escape sequences.\n, uri); -write_error_response(pfc,403 Forbidden, HTML_ERROR_403); +// XXX: Let any other filter process the request, +// if they take any security measure or not doesnt matter. +// write_error_response(pfc,403 Forbidden, HTML_ERROR_403); workerEnv-globalEnv-releaseEnv( workerEnv-globalEnv, env ); -return SF_STATUS_REQ_FINISHED; +return SF_STATUS_REQ_NEXT_NOTIFICATION; } jk_requtil_getParents(uri); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Sorry, Clicked the wrong button. :) To finish the thought, with the change below, does http://localhost/test%2F/test.jsp still go to Tomcat? Or is it blocked from going to Tomcat because it is a bad URL. If it doesn't go to Tomcat, how do we know some other filter in the chain isn't going to serve it statically? Larry -Original Message- From: Larry Isaacs Sent: Tuesday, February 04, 2003 8:17 PM To: Tomcat Developers List Subject: RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c Hi Nacho, My brain is isn't firing on all cylinders at the moment, but this makes me a little nervous. I think some of the problems in the past have been where malicious escaping would prevent request from being forwarded to Tomcat, and would be served statically. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 3:46 PM To: [EMAIL PROTECTED] Subject: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c nacho 2003/02/04 12:45:50 Modified:jk/native2/server/isapi jk_isapi_plugin.c Log: Fix for Bug#16759 ISAPI_REDIRECTOR Handles %2F improperly Now a uri considered not valid or bad by jk2 is passed down the filter chain, so letting the server continue processing, also relaxed logging to info as they are not errors anymore.. Revision ChangesPath 1.54 +10 -6 jakarta-tomcat-connectors/jk/native2/server/isapi/jk_isapi_plugin.c Index: jk_isapi_plugin.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/server/isapi/jk _isapi_plugin.c,v retrieving revision 1.53 retrieving revision 1.54 diff -u -r1.53 -r1.54 --- jk_isapi_plugin.c 4 Feb 2003 07:44:23 - 1.53 +++ jk_isapi_plugin.c 4 Feb 2003 20:45:49 - 1.54 @@ -316,20 +316,24 @@ rc = jk_requtil_unescapeUrl(uri); if (rc == BAD_REQUEST) { -env-l-jkLog(env, env-l, JK_LOG_ERROR, +env-l-jkLog(env, env-l, JK_LOG_INFO, HttpFilterProc [%s] contains one or more invalid escape sequences.\n, uri); -write_error_response(pfc,400 Bad Request, HTML_ERROR_400); +// XXX: Let any other filter process the request, +// if they take any security measure or not doesnt matter. +// write_error_response(pfc,400 Bad Request, HTML_ERROR_400); workerEnv-globalEnv-releaseEnv( workerEnv-globalEnv, env ); -return SF_STATUS_REQ_FINISHED; +return SF_STATUS_REQ_NEXT_NOTIFICATION; } else if(rc == BAD_PATH) { -env-l-jkLog(env, env-l, JK_LOG_EMERG, +env-l-jkLog(env, env-l, JK_LOG_INFO, HttpFilterProc [%s] contains forbidden escape sequences.\n, uri); -write_error_response(pfc,403 Forbidden, HTML_ERROR_403); +// XXX: Let any other filter process the request, +// if they take any security measure or not doesnt matter. +// write_error_response(pfc,403 Forbidden, HTML_ERROR_403); workerEnv-globalEnv-releaseEnv( workerEnv-globalEnv, env ); -return SF_STATUS_REQ_FINISHED; +return SF_STATUS_REQ_NEXT_NOTIFICATION; } jk_requtil_getParents(uri); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Mladen, there are 2 ways to configure i_r2.dll, with a properties file in the same dir where the dll resides, and using the registry, i'm all to this patch but i like to see it configurable in the p file aswell, right now this needs to have jk2 inited as is using jk2 own p files reading methods, using jk2 pools and map objets and so on , see read_registry_init_data in jk_isapi_plugin.c.., Saludos , Ignacio J. Ortega -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Enviado el: 6 de julio de 2002 10:06 Para: [EMAIL PROTECTED] Asunto: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c mturk 2002/07/06 01:05:49 Modified:jk/native2/server/isapi jk_isapi_plugin.c Log: Fix the Q250397 bug introducing authComplete registry param that one when set enables the SF_NOTIFY_AUTH_COMPLETE filter notification. Remove the iis5 version checking acordingly using new approach. Revision ChangesPath 1.35 +83 -46 jakarta-tomcat-connectors/jk/native2/server/isapi/jk_isapi_plugin.c Index: jk_isapi_plugin.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/server/isapi/jk _isapi_plugin.c,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- jk_isapi_plugin.c 5 Jul 2002 08:12:09 - 1.34 +++ jk_isapi_plugin.c 6 Jul 2002 08:05:49 - 1.35 @@ -85,6 +85,7 @@ #define SERVER_ROOT_TAG (serverRoot) #define EXTENSION_URI_TAG (extensionUri) #define WORKERS_FILE_TAG(workersFile) +#define USE_AUTH_COMP_TAG (authComplete) static char file_name[_MAX_PATH]; @@ -93,7 +94,7 @@ static int is_inited = JK_FALSE; static int is_mapread = JK_FALSE; static int was_inited = JK_FALSE; -static int iis5 = -1; +static int auth_notification_flags = 0; static jk_workerEnv_t *workerEnv; static apr_pool_t *jk_globalPool; @@ -117,7 +118,7 @@ static jk_env_t* jk2_create_config(); - +static int get_auth_flags(); static void write_error_response(PHTTP_FILTER_CONTEXT pfc,char *status,char * msg) @@ -151,20 +152,23 @@ if (pVer-dwFilterVersion http_filter_revision) { pVer-dwFilterVersion = http_filter_revision; } - +auth_notification_flags = get_auth_flags(); #ifdef SF_NOTIFY_AUTH_COMPLETE - -pVer-dwFlags = SF_NOTIFY_ORDER_HIGH| -SF_NOTIFY_SECURE_PORT | -SF_NOTIFY_NONSECURE_PORT| -SF_NOTIFY_PREPROC_HEADERS | -SF_NOTIFY_AUTH_COMPLETE; -#else -pVer-dwFlags = SF_NOTIFY_ORDER_HIGH| -SF_NOTIFY_SECURE_PORT | -SF_NOTIFY_NONSECURE_PORT| -SF_NOTIFY_PREPROC_HEADERS; +if (auth_notification_flags == SF_NOTIFY_AUTH_COMPLETE) { +pVer-dwFlags = SF_NOTIFY_ORDER_HIGH| +SF_NOTIFY_SECURE_PORT | +SF_NOTIFY_NONSECURE_PORT| +SF_NOTIFY_PREPROC_HEADERS | +SF_NOTIFY_AUTH_COMPLETE; +} +else #endif +{ +pVer-dwFlags = SF_NOTIFY_ORDER_HIGH| +SF_NOTIFY_SECURE_PORT | +SF_NOTIFY_NONSECURE_PORT| +SF_NOTIFY_PREPROC_HEADERS; +} strcpy(pVer-lpszFilterDesc, VERSION_STRING); @@ -201,28 +205,8 @@ } if (is_inited is_mapread) { env = workerEnv-globalEnv-getEnv( workerEnv-globalEnv ); -if (is_inited (iis5 0) ) { -char serverSoftware[256]; -DWORD dwLen = sizeof(serverSoftware); -iis5=0; -if (pfc-GetServerVariable(pfc,SERVER_SOFTWARE, serverSoftware, dwLen)){ -iis5=(atof(serverSoftware + 14) = 5.0); -if (iis5) { -env-l-jkLog(env, env-l, JK_LOG_INFO,Detected IIS = 5.0\n); -} else { -env-l-jkLog(env, env-l, JK_LOG_INFO,Detected IIS 5.0\n); -} -} -} -#ifdef SF_NOTIFY_AUTH_COMPLETE -if (is_inited - (((SF_NOTIFY_PREPROC_HEADERS == dwNotificationType) !iis5) || - ((SF_NOTIFY_AUTH_COMPLETE == dwNotificationType) iis5) - ) -) -#else -if (is_inited (SF_NOTIFY_PREPROC_HEADERS == dwNotificationType)) -#endif + +if (auth_notification_flags == dwNotificationType) { char uri[INTERNET_MAX_URL_LENGTH]; char
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
-Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Sent: 7. srpanj 2002 21:28 To: 'Tomcat Developers List' Subject: RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c Mladen, there are 2 ways to configure i_r2.dll, with a properties file in the same dir where the dll resides, and using the registry, i'm all to this patch but i like to see it configurable in the p file aswell, right now this needs to have jk2 inited as is using jk2 own p files reading methods, using jk2 pools and map objets and so on , see read_registry_init_data in jk_isapi_plugin.c.., I'm aware of that, but the problem is that all that has to happen in the phase that we don't have a environment created yet. The solution is either to create the environment prior to or inside the GetFilterVersion to be able to use the current file or registry functions, or use the one I've created. Since I think that this patch is only temporary solution to the SF_NOTIFY_AUTH_COMPLETE problems, and will eventually disappear, rearranging environment creation process and initialization would be IMO overhead. But if you can think of a cleaner solution that wouldn't involve any kind of locking inside either DllMain or GetFilterVersion, and that way locking the iis itself, than we could use the existing configuration mechanism. MT. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
-Original Message- From: Mladen Turk [mailto:[EMAIL PROTECTED]] Sent: 7. srpanj 2002 21:50 To: 'Tomcat Developers List' Subject: RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c Mladen, there are 2 ways to configure i_r2.dll, with a I'm aware of that, but the problem is that all that has to happen in the phase that we don't have a environment created yet. The solution is either to create the environment prior to or inside the GetFilterVersion Ok, it can be used in the GetFilterVersion, just tested moving creation to that function. I'll change that tomorrow to use the existing config param mechanism. MT. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Added few #ifdefs to make it compile with my version of MSVC ( probably an old one ). It's not a new MSVC version, You need to download the Microsoft Platform SDK, to get the includes and libs needed to compile an isapi_redirector2.dll with all the later developments, mainly to be able to specify tomcatAuthentication=false on iis5, that is to be able to use Native IIS Auth on tomcat, so i would prefer very much to add the needed info to some readme, than to permit to build a non Complete i_r2.dll Saludos , Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
On Thu, 23 May 2002, Ignacio J. Ortega wrote: Added few #ifdefs to make it compile with my version of MSVC ( probably an old one ). It's not a new MSVC version, You need to download the Microsoft Platform SDK, to get the includes and libs needed to compile an isapi_redirector2.dll with all the later developments, mainly to be able to specify tomcatAuthentication=false on iis5, that is to be able to use Native IIS Auth on tomcat, so i would prefer very much to add the needed info to some readme, than to permit to build a non Complete i_r2.dll Well, I don't think it hurts too much to allow a build with the 'plain' MSVC ( just 3 #ifdefs, the code is reasonably clean ). I'll try to get the SDK, but if it requires me to signon ( to passport :-) - I'll give up. I assume some ISAPI servers ( and PWS ) do not support the new stuff anyway. I'm fine with requiring the MP SDK if it's easy to download, but at least for now I would prefer beeing able to compile with a plain MSVC. Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]