Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c jk_uri_worker_map.h
My apologies, the incorrect dll was being tested. With so many releases in recent months, sometimes they get mixed up. When can we get this in an official release?;-) Thanks, Derrick From: Mladen Turk [EMAIL PROTECTED] Reply-To: Tomcat Developers List tomcat-dev@jakarta.apache.org To: Tomcat Developers List tomcat-dev@jakarta.apache.org Subject: Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c jk_uri_worker_map.h Date: Thu, 23 Jun 2005 09:43:37 +0200 Derrick Koes wrote: I tested yesterday's CVS head for compliance with session ID URL rewriting. This fails. The jsessionid is lost from the URL. Well, I tested that with the /servlets-examples/servlet/SessionExample and the jsessionid's *are* preserved. Can you post the 'JkLogLevel debug' for the requests that are in your opinion dropping the jsessionid? Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c jk_uri_worker_map.h
Derrick Koes wrote: I tested yesterday's CVS head for compliance with session ID URL rewriting. This fails. The jsessionid is lost from the URL. Well, I tested that with the /servlets-examples/servlet/SessionExample and the jsessionid's *are* preserved. Can you post the 'JkLogLevel debug' for the requests that are in your opinion dropping the jsessionid? Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c jk_uri_worker_map.h
I tested yesterday's CVS head for compliance with session ID URL rewriting. This fails. The jsessionid is lost from the URL. Derrick From: [EMAIL PROTECTED] Reply-To: Tomcat Developers List tomcat-dev@jakarta.apache.org To: [EMAIL PROTECTED] Subject: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c jk_uri_worker_map.h Date: 16 Jun 2005 06:28:38 - mturk 2005/06/15 23:28:38 Modified:jk/native/common jk_uri_worker_map.c jk_uri_worker_map.h Log: Do not modify the provided uri inplace, but rather use the stack buffer for that. Also change the map_uri_to_worker to be 'const char'. Revision ChangesPath 1.56 +17 -12 jakarta-tomcat-connectors/jk/native/common/jk_uri_worker_map.c Index: jk_uri_worker_map.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_uri_worker_map.c,v retrieving revision 1.55 retrieving revision 1.56 diff -u -r1.55 -r1.56 --- jk_uri_worker_map.c 18 May 2005 11:09:55 - 1.55 +++ jk_uri_worker_map.c 16 Jun 2005 06:28:38 - 1.56 @@ -411,12 +411,13 @@ const char *map_uri_to_worker(jk_uri_worker_map_t *uw_map, - char *uri, jk_logger_t *l) + const char *uri, jk_logger_t *l) { unsigned int i; char *url_rewrite; -char rewrite_char = ';'; const char *rv = NULL; +const char *url = uri; +char buf[JK_MAX_URI_LEN+1]; JK_TRACE_ENTER(l); if (!uw_map || !uri) { @@ -432,10 +433,16 @@ } url_rewrite = strstr(uri, JK_PATH_SESSION_IDENTIFIER); if (url_rewrite) { -rewrite_char = *url_rewrite; -*url_rewrite = '\0'; +size_t len = url_rewrite - uri; +if (len JK_MAX_URI_LEN) +len = JK_MAX_URI_LEN; +strncpy(buf, uri, len); +buf[len] = '\0'; +url = buf[0]; +if (JK_IS_DEBUG_LEVEL(l)) +jk_log(l, JK_LOG_DEBUG, Removing Session path '%s' URI '%s', + url_rewrite, url); } - if (uw_map-fname) uri_worker_map_update(uw_map, l); if (JK_IS_DEBUG_LEVEL(l)) @@ -456,7 +463,7 @@ if (uwr-match_type MATCH_TYPE_WILDCHAR_PATH) { const char *wname; /* Map is already sorted by context_len */ -if (wildchar_match(uri, uwr-context, +if (wildchar_match(url, uwr-context, #ifdef WIN32 1 #else @@ -473,8 +480,8 @@ goto cleanup; } } -else if (JK_STRNCMP(uwr-context, uri, uwr-context_len) == 0) { -if (strlen(uri) == uwr-context_len) { +else if (JK_STRNCMP(uwr-context, url, uwr-context_len) == 0) { +if (strlen(url) == uwr-context_len) { if (JK_IS_DEBUG_LEVEL(l)) jk_log(l, JK_LOG_DEBUG, Found an exact match %s - %s, @@ -489,10 +496,8 @@ JK_TRACE_EXIT(l); cleanup: -if (url_rewrite) -*url_rewrite = rewrite_char; if (rv uw_map-nosize) { -if (is_nomap_match(uw_map, uri, rv, l)) { +if (is_nomap_match(uw_map, url, rv, l)) { if (JK_IS_DEBUG_LEVEL(l)) jk_log(l, JK_LOG_DEBUG, Denying matching for worker %s by nomatch rule, 1.20 +3 -2 jakarta-tomcat-connectors/jk/native/common/jk_uri_worker_map.h Index: jk_uri_worker_map.h === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_uri_worker_map.h,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- jk_uri_worker_map.h 26 Apr 2005 15:28:18 - 1.19 +++ jk_uri_worker_map.h 16 Jun 2005 06:28:38 - 1.20 @@ -52,6 +52,7 @@ #define MATCH_TYPE_DISABLED 0x2000 #define MATCH_TYPE_STOPPED 0x4000 +#define JK_MAX_URI_LEN 4095 struct uri_worker_record { /* Original uri for logging */ @@ -113,7 +114,7 @@ const char *puri, const char *pworker, jk_logger_t *l); const char *map_uri_to_worker(jk_uri_worker_map_t *uw_map, - char *uri, jk_logger_t *l); + const char *uri, jk_logger_t *l); int uri_worker_map_load(jk_uri_worker_map_t *uw_map, jk_logger_t *l); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
- Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 3:24 AM Subject: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c mturk 2004/12/17 03:24:38 Modified:jk/native/common jk_uri_worker_map.c Log: Fix url rewrite for jksessionid. It should fix all jksessionid bugs, cause previous implemantation didn't handle that properly. I'm -1 on this patch. map_uri_to_worker doesn't need all of this spaghetti just because IIS is broken. This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
Bill Barker wrote: I'm -1 on this patch. map_uri_to_worker doesn't need all of this spaghetti just because IIS is broken. No, it's not related to IIS at all. The previous implementation was taking the uri an cut out the ';jseessionid=...' from the url. Take a look at JK2 and it's jk_uriMap.c: url is rewritten, but restored on exit that jk did not do. That is exactly what this patch does. Regards, Mladen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
Bill Barker wrote: I'm -1 on this patch. map_uri_to_worker doesn't need all of this spaghetti just because IIS is broken. Continuing from last reply... Also, I'm stunned with the fact that there is no reports in Bugzilla about that. I mean we have used the uri: /uri;jsessionid=?params and made: url_rewrite = strstr(uri, ;jsessionid') then *url = '\0'; Thus cutting everything including jsessionid. The JK2 allways restored that on exit (take a look at '*url_rewrite = origChar'). Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
Bill Barker wrote: I'm -1 on this patch. map_uri_to_worker doesn't need all of this spaghetti just because IIS is broken. Also you can see the difference with Apache2. Open http://host/servlets-examples/servlet/SessionExample Now, click on the 'Url encoded' link. You will see the ';jsessionid=' in the url. Click the 'refresh' without the patch and you'll loose everything after ';'. Use the patch, and the url will be preserved. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
- Original Message - From: Mladen Turk [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Friday, December 17, 2004 8:06 AM Subject: Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c Bill Barker wrote: I'm -1 on this patch. map_uri_to_worker doesn't need all of this spaghetti just because IIS is broken. No, it's not related to IIS at all. Of course it is related to IIS, since IIS is the only one that (wrongly) doesn't pass a copy of the URI to map_uri_to_worker The previous implementation was taking the uri an cut out the ';jseessionid=...' from the url. Take a look at JK2 and it's jk_uriMap.c: url is rewritten, but restored on exit that jk did not do. That is exactly what this patch does. Yeah, well, JK2 is hardly a shining example of how things should be done ;-). jk_uriMap.c is well known to be seriously broken. Regards, Mladen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
Bill Barker wrote: No, it's not related to IIS at all. Of course it is related to IIS, since IIS is the only one that (wrongly) doesn't pass a copy of the URI to map_uri_to_worker OK. Seems that you catch me on that :). But since the request is supposed to be atomic why to strdup an uri? I'd rather remove char *uri = apr_pstrdup(r-pool, r-uri); before calling map_uri_to_worker then adding strdup to IIS. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
- Original Message - From: Mladen Turk [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Friday, December 17, 2004 9:34 AM Subject: Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c Bill Barker wrote: No, it's not related to IIS at all. Of course it is related to IIS, since IIS is the only one that (wrongly) doesn't pass a copy of the URI to map_uri_to_worker OK. Seems that you catch me on that :). But since the request is supposed to be atomic why to strdup an uri? I'd rather remove char *uri = apr_pstrdup(r-pool, r-uri); before calling map_uri_to_worker then adding strdup to IIS. It was done to fix a '//' bypass traversal bug (e.g. http://myserver/myapp//foo.jsp would serve the source of the JSP). map_uri_to_worker calls jk_no2slash, which modifies the URI in ways that are hard to undo. The reason that the call is done outside of map_uri_to_worker is simply that apr_pstrdup is better than jk_pool_strdup. Otherwise, it's trying to be like location_walk in Apache. In the case of IIS, something like: char temp_uri[INTERNET_MAX_URL_LENGTH]; strcpy(temp_uri, uri); worker = map_uri_to_worker(uw_map, temp_uri, logger); is probably no worse than the rest of the code :). However, I kept breaking IIS whenever I tried to change things in it, so I just gave up at some point. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
Bill Barker wrote: But since the request is supposed to be atomic why to strdup an uri? I'd rather remove char *uri = apr_pstrdup(r-pool, r-uri); before calling map_uri_to_worker then adding strdup to IIS. It was done to fix a '//' bypass traversal bug (e.g. http://myserver/myapp//foo.jsp would serve the source of the JSP). Yep, but is that really the responsibility of the JK? The jk is supposed to be a proxy, so as less intervention in the protocol the better results will be. I have comment out the jk_no2slash checking inside map_uri_to_worker cause found no difference with or without it. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
- Original Message - From: Mladen Turk [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Friday, December 17, 2004 11:59 AM Subject: Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c Bill Barker wrote: But since the request is supposed to be atomic why to strdup an uri? I'd rather remove char *uri = apr_pstrdup(r-pool, r-uri); before calling map_uri_to_worker then adding strdup to IIS. It was done to fix a '//' bypass traversal bug (e.g. http://myserver/myapp//foo.jsp would serve the source of the JSP). Yep, but is that really the responsibility of the JK? The jk is supposed to be a proxy, so as less intervention in the protocol the better results will be. It's consistant with location_walk in Apache, so at least for mod_jk.so is seems to be pretty important that the uri mapping rules work the same way. Without the consistancy, configuration for JK becomes even harder than for JK2 :(. I have comment out the jk_no2slash checking inside map_uri_to_worker cause found no difference with or without it. Try with only: JkMount /myapp/*.jsp and requesting: http://myserver//myapp/index.jsp Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
another data point RE: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
The fix made early this morning (~7-8am Eastern) works to fix the problem I was having with URL rewriting. I'll grab the latest code set again soon and retry. Thanks for your fast response on this Mladen. JK2s eol is the impetus for my usage of JK and this is the one glaring defect/difference I've found to this point. Derrick -Original Message- From: Mladen Turk [mailto:[EMAIL PROTECTED] Sent: Friday, December 17, 2004 2:59 PM To: Tomcat Developers List Subject: Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c Bill Barker wrote: But since the request is supposed to be atomic why to strdup an uri? I'd rather remove char *uri = apr_pstrdup(r-pool, r-uri); before calling map_uri_to_worker then adding strdup to IIS. It was done to fix a '//' bypass traversal bug (e.g. http://myserver/myapp//foo.jsp would serve the source of the JSP). Yep, but is that really the responsibility of the JK? The jk is supposed to be a proxy, so as less intervention in the protocol the better results will be. I have comment out the jk_no2slash checking inside map_uri_to_worker cause found no difference with or without it. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
Bill Barker wrote: Try with only: JkMount /myapp/*.jsp and requesting: http://myserver//myapp/index.jsp Yes I did, and it really doesn't mater. Well my jsp's are inside tomcat application, so I admit there can be problems if the .jsp is hanging around somewhere outside web application :). Also I've tried that with 5.0/5.5, so if it breaks some older tomcat versions feel free to include the jk_no2slash checking again, and compare every char with the slash in the uri on the each request made. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: another data point RE: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
Derrick Koes wrote: The fix made early this morning (~7-8am Eastern) works to fix the problem I was having with URL rewriting. I'll grab the latest code set again soon and retry. Cool, those are really good news! Glad that it works finally :). Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
- Original Message - From: Mladen Turk [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Friday, December 17, 2004 12:47 PM Subject: Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c Bill Barker wrote: Try with only: JkMount /myapp/*.jsp and requesting: http://myserver//myapp/index.jsp Yes I did, and it really doesn't mater. Well my jsp's are inside tomcat application, so I admit there can be problems if the .jsp is hanging around somewhere outside web application :). It's for when you want Apache to act as the default servlet, so you have: Alias /myapp/ /path/to/myapp/ JkMount /myapp/*.jsp ajp13 Also I've tried that with 5.0/5.5, so if it breaks some older tomcat versions feel free to include the jk_no2slash checking again, and compare every char with the slash in the uri on the each request made. All of the Tomcat mappers from 3.3 up will handle the request fine if it ever sees it. However, with the code as it is now, mod_jk will refuse the request. Now that mod_jk is hopelessly broken, I guess I'll just have to wait for proxy_ajp before upgrading. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c
Bill Barker wrote: and requesting: http://myserver//myapp/index.jsp Yes I did, and it really doesn't mater. Well my jsp's are inside tomcat application, so I admit there can be problems if the .jsp is hanging around somewhere outside web application :). It's for when you want Apache to act as the default servlet, so you have: Alias /myapp/ /path/to/myapp/ JkMount /myapp/*.jsp ajp13 First of all it has nothing to do with the two slashes in the url. I agree: Alias /foo/ /opt/tomcat/webapps/jsp-examples JkMount /foo/*.jsp wlb Produces Tomcat returning 404 error page (Tomcat). But that is exactly how jk 1.2.6 behaves. So I really do not understand your post. Regrads, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]