Re: [PATCH] Suppress proxy: error linking cache file...
Bill Stoddard wrote: There have been a couple of PRs opened against this. I believe the condition arises when the server is configured as a proxy gateway (aka reverse proxy) and multiple processes are serving the same backend file at the same time. Only one of the processes will actually succeed at saving the file, the others will fail with the message "[error] (17)File exists: proxy: error linking cache file ...". Changing the message level from APLOG_ERR to APLOG_INFO will keep this message out of the logs w/o major overhaul of this code. Any objections to committing this to 1.3? +1. Regards, Graham -- - [EMAIL PROTECTED] "There's a moon over Bourbon Street tonight..."
[PATCH-2] Allowing extended characters in LDAPauthentication...
Second cut at allowing extended characters. The name of the directive changed to
"AuthLDAPCharsetConversion" rather than "AuthLDAPConvertFromLanguage" since it is
mainly dealing with character sets rather than languages. It also changed from an
AP_INIT_TAKE1 to and AP_INIT_TAKE12 to allow for an optional "to" character set rather
than assuming "utf8". If no "to" character set is given then it will default to
"utf8". Also the output buffer for the conversion to UTF8 is larger.
Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com
>>> [EMAIL PROTECTED] Friday, December 06, 2002 3:36:26 PM >>>
I'm not very LDAP experienced, but nevertheless I see some problems:
* Brad Nicholes wrote:
> Attached is the first attempt at allowing user ID's with extended characters
> as a valid login ID.
Some browsers cannot use non-ascii characters (they cut as the first
occurence). But that's probably a browser problem and not should not be
subject of discussion.
Next: IIRC should characters that are not ISO-8859-1 be sent as RFC 2047
encoded words. Actually I don't know a browser, that does that, but...
> There are still problems with allowing extended
> characters in passwords
hmm. password data should be opaque 8-bit, shouldn't it?
> This patch adds a new directive "AuthLDAPConvertFromLanguage" to
> mod_auth_ldap that allows the admin to either define a specific language
> when converting the user ID to UTF8 of try to derive the language from the
> header.
*hrm*. That should be splitted. You should not hardcode any assignments
between a language and a charset. For example, the charset of 'de' may be
iso-8859-1 or iso-8859-15 or utf-7 or utf-8 or somewhat (windows-1252...).
You should at least allow the admin to do the assignments himself (similar
to mod_mime's AddLanguage).
> It allows the admin to specify "use-header" which will attempt to
> determine which language to convert from, by parsing the accept-language
> header from the request. Once the user ID has been converted to UTF8,
> authentication is performed against the LDAP directory using the raw
> password as it was recieved in the request. I have considered allowing the
> admin to specify the "to" language since the UTF8 language ID is iconv()
> implementation dependant and may not be the same on all platforms.
Just a Note (may be relevant for the user):
Here seems to be some confusion. UTF-8 is *not* a language, it's a
character encoding, or mime-speaking a charset.
One issue of the patch itself:
+if (convset) {
+inbytes = strlen(user);
+outbytes = (inbytes+1)*2;
+outbuf = apr_pcalloc(r->pool, outbytes);
+
+/* Convert the user name to UTF-8. This is only valid for LDAP v3
*/
+if (convset && (apr_xlate_conv_buffer(convset, user, &inbytes,
outbuf, &outbytes) == APR_SUCCESS)) {
+user = apr_pstrdup(r->pool, outbuf);
+}
+}
outbytes seems to be too small. UTF-8 may require more than the double
space of the original string. (at least 3 times more).
my 0.02 ¤ ([EUR] not present in iso-8859-1 ;-)
nd
--
If God intended people to be naked, they would be born that way.
-- Oscar Wilde
mod_auth_ldap.c.patch
Description: Binary data
new-ish core dump on daedalus
I just noticed that we had a seg fault on Dec. 2. The dump is now in /usr/local/apache2.0.43b/corefiles/httpd.core.2 (gdb) bt #0 ap_escape_html (p=0x8152018, s=0x8158018 "Cookie: ASPSESSIONIDGQGQGTHO=FDLGHGOBJJJNPCKBHGOGAFFP; DTMLASTPOPUP=%7Bts+%272002%2D12%2D02+22%3A39%3A34%27%7D; CFTOKEN=16145632; VJ UTrackID=66.200.155.34.14801038898591969; AFFILIATE_SCOPE=N; ASPSES"...) at util.c:1703 #1 0x8075025 in ap_get_mime_headers_core (r=0x8152050, bb=0x8152d28) at protocol.c:781 #2 0x80753f7 in ap_read_request (conn=0x8142128) at protocol.c:947 #3 0x8060056 in ap_process_http_connection (c=0x8142128) at http_core.c:312 #4 0x80711db in ap_run_process_connection (c=0x8142128) at connection.c:85 #5 0x80714f0 in ap_process_connection (c=0x8142128, csd=0x8142050) at connection.c:207 #6 0x80664e4 in child_main (child_num_arg=131) at prefork.c:696 line 1703 of server/util.c: 1703x[j] = s[i]; (gdb) p i $4 = 37872 (gdb) p j $5 = 38016 h, odd. I thought we had an 8k-or-so limit on input line size. Plus, there's code at the beginning of this function to calculate the amount of memory to palloc for x. Greg
[PATCH]es next auth 2.1 stuff ;-)
the first (colon.diff) reintroduces a feature, that got lost somehow at the
auth rewrite: the possibility to add groups and/or other data behind the
password after a colon.
the second patch (dbmdigest.diff) uses the advantages of the auth rewrite
and adds support for digest authentication to the authn_dbm module. The
hash key is "$user:$realm" (perl speaking), the value is the hash,
optionally followed by a colon and other garbage, if you want.
Currently there's no official tool to create such databases. So for now
I've used a little perlscript, more or less stolen from the mod_rewrite
docs, to convert a htdigest-created flatfile to sdbm (df2dd.pl)
Sorry for harassing you so often... ;-)
nd
--
If God intended people to be naked, they would be born that way.
-- Oscar Wilde
Index: modules/aaa/mod_authn_dbm.c
===
RCS file: /home/cvspublic/httpd-2.0/modules/aaa/mod_authn_dbm.c,v
retrieving revision 1.8
diff -u -r1.8 mod_authn_dbm.c
--- modules/aaa/mod_authn_dbm.c 30 Nov 2002 18:48:41 - 1.8
+++ modules/aaa/mod_authn_dbm.c 9 Dec 2002 20:46:50 -
@@ -156,6 +156,7 @@
apr_datum_t dbm_pw;
apr_status_t rv;
char *dbm_password = NULL;
+char *colon_pw;
rv = fetch_dbm(conf->dbmtype, conf->pwfile, user, &dbm_pw, r->pool);
@@ -172,6 +173,11 @@
if (!dbm_password) {
return AUTH_USER_NOT_FOUND;
+}
+
+colon_pw = strchr(dbm_password, ':');
+if (colon_pw) {
+*colon_pw = '\0';
}
rv = apr_password_validate(password, dbm_password);
Index: modules/aaa/mod_authn_dbm.c
===
RCS file: /home/cvspublic/httpd-2.0/modules/aaa/mod_authn_dbm.c,v
retrieving revision 1.8
diff -u -r1.8 mod_authn_dbm.c
--- modules/aaa/mod_authn_dbm.c 30 Nov 2002 18:48:41 - 1.8
+++ modules/aaa/mod_authn_dbm.c 9 Dec 2002 20:54:21 -
@@ -189,10 +195,49 @@
return AUTH_GRANTED;
}
+static authn_status get_dbm_realm_hash(request_rec *r, const char *user,
+ const char *realm, char **rethash)
+{
+authn_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &authn_dbm_module);
+apr_datum_t dbm_hd;
+apr_status_t rv;
+char *dbm_hash = NULL;
+char *colon_hash;
+
+rv = fetch_dbm(conf->dbmtype, conf->pwfile,
+ apr_pstrcat(r->pool, user, ":", realm, NULL),
+ &dbm_hd, r->pool);
+
+if (rv != APR_SUCCESS) {
+ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "Could not open dbm (type %s) hash file: %s",
+ conf->dbmtype, conf->pwfile);
+return AUTH_GENERAL_ERROR;
+}
+
+if (dbm_hd.dptr) {
+dbm_hash = apr_pstrmemdup(r->pool, dbm_hd.dptr, dbm_hd.dsize);
+}
+
+if (!dbm_hash) {
+return AUTH_USER_NOT_FOUND;
+}
+
+colon_hash = strchr(dbm_hash, ':');
+if (colon_hash) {
+*colon_hash = '\0';
+}
+
+*rethash = dbm_hash;
+
+return AUTH_USER_FOUND;
+}
+
static const authn_provider authn_dbm_provider =
{
&check_dbm_pw,
-NULL, /* No realm support yet. */
+&get_dbm_realm_hash
};
static void register_hooks(apr_pool_t *p)
#!/path/to/bin/perl
##
## df2dd.pl -- convert txt digest file to dbm format
##
use SDBM_File;
use Fcntl;
my ($txtmap, $dbmmap) = @ARGV;
use vars '%DB';
open(TXT, "<$txtmap") or die "Couldn't open $txtmap!\n";
tie (%DB, 'SDBM_File', $dbmmap,O_RDWR|O_TRUNC|O_CREAT, 0644)
or die "Couldn't create $dbmmap!\n";
while () {
next if (/^\s*#/ or /^\s*$/);
s/^\s+//; s/\s+\z//;
my ($user, $realm, $hash) = split /:/;
$DB{"$user:$realm"} = $hash
if (defined $user and defined $realm and defined $hash);
}
untie %DB;
close(TXT);
__END__
Re: [PATCH] Allowing extended characters inLDAPauthentication...
I'm not sure that ...ByLanguage is correct either. The AuthLDAPConvertFromLanguage directive can take either a language identifier (es, de, fr, en, etc.) or a charset (ISO-8859-xx, etc). The end result should be a character set ID that can be passed to apr_xlate_open(). I am thinking that maybe the best name would be "AuthLDAPCharsetConversion " where would be the language or charset that you are converting from and would be the character set that you are converting to (obviously). Since LDAP expects UTF8 encoding, if is omitted then the default would be UTF8 since it doesn't really make any sense to convert to anything else. The parameter is only available to allow the user to specify the correct UTF8 string ID that corresponds to the platform's implementation of iconv() (if that is even an issue???). I thought about implementing the UTF8 conversion through an input filter, but I'm not sure I want to take that task on yet. I am also not sure that the two issues are related anyway. LDAP needs a specialized conversion. It only needs to have the user name portion of the authentication string converted to UTF8. A filter would UTF8 encode everything which wouldn't necessarily be correct. I see some issues with it anyway. 1. Why should all requests take the conversion hit if it isn't needed or wanted? 2. LDAP, at least the Novell LDAP SDK, can not deal with encoded passwords. The password part of the authentication header must not be UTF8 encoded. 3. How do you deal with decrypting->converting->encryption the authentication header so that the conversion to UTF8 is transparent to the rest of the code? Base64 may not be a problem, but what about digest? 4. Other authentication modules do not expect UTF8 and would have to be retrofitted. Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com >>> [EMAIL PROTECTED] Friday, December 06, 2002 11:07:05 PM >>> At 03:42 PM 12/6/2002, Brad Nicholes wrote: >This patch adds a new directive "AuthLDAPConvertFromLanguage" to mod_auth_ldap >that allows the admin to either define a specific language when converting the user >ID to UTF8 of try to derive the language from the header. Ewww... charsets aren't languages. '...ByLanguage' would be more appropriate. More to the point... all headers suffer from this problem. If we are going to address dealing with non-utf-8 headers into a canonical utf-8 form, I'd prefer some directive to deal with this across the board. Win32 would actually prefer to deal in utf-8 identifiers, and if we invest the energy in 'fixups' for one canonical header (user/passwords) then we aught to think about dealing with them all in one place. And that place wouldn't be in ldap, but more likely in a module like mod_charset_headers or something that will just deal with all of the implications of HTTP/1.1's inbound 'opaque' high-bit characters; perhaps we fix outbound header fields as well. Just my (selfish) 2c :) Bill p.s. honest - hadn't even read on to Andre's response when I wrote the response above, but +1 to his observations :)
Re: cvs commit: httpd-2.0/server .cvsignore Makefile.in
--On Saturday, December 7, 2002 8:54 AM -0800 Aaron Bannert <[EMAIL PROTECTED]> wrote: --includes) if test "$location" = "installed"; then flags="$flags -I$includedir $INCLUDES" elif test "$location" = "source"; then flags="$flags -I$APU_SOURCE_DIR/include $INCLUDES" else flags="$flags -I$thisdir/include -I$APU_SOURCE_DIR/include $INCLUDES" fi ;; (Also, while we're on the topic: what is the else case for?) VPATH builds. -- justin
Re: [PATCH] Suppress proxy: error linking cache file...
+1 Bill Stoddard wrote: > > There have been a couple of PRs opened against this. I believe the condition > arises when the server is configured as a proxy gateway (aka reverse proxy) and > multiple processes are serving the same backend file at the same time. Only one > of the processes will actually succeed at saving the file, the others will fail > with the message "[error] (17)File exists: proxy: error linking cache file ...". > Changing the message level from APLOG_ERR to APLOG_INFO will keep this message > out of the logs w/o major overhaul of this code. Any objections to committing > this to 1.3? > > $ cvs diff -u proxy_cache.c > Index: proxy_cache.c > === > RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_cache.c,v > retrieving revision 1.89 > diff -u -r1.89 proxy_cache.c > --- proxy_cache.c 5 Sep 2002 19:53:35 - 1.89 > +++ proxy_cache.c 9 Dec 2002 18:56:17 - > @@ -1799,7 +1799,7 @@ > #else > > if (link(c->tempfile, c->filename) == -1) > -ap_log_error(APLOG_MARK, APLOG_ERR, s, > +ap_log_error(APLOG_MARK, APLOG_INFO, s, > "proxy: error linking cache file %s to %s", > c->tempfile, c->filename); > if (unlink(c->tempfile) == -1) > $ > -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "A society that will trade a little liberty for a little order will lose both and deserve neither" - T.Jefferson
Re: Can't compile HEAD on Linux
Yep, it was cured by reverting Fred's changes to server/Makefile.in (sorry Fred). Upgrading awk didn't help on beos. Apart from that changes to htpasswd mean it's broken on a non-unix box due to using P_tmpdir. This is something that APR should fix but it's currently involved in a competition to see how far up it's own butt it can stick it's head... david - Original Message - From: "Thom May" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, December 09, 2002 6:46 PM Subject: Re: Can't compile HEAD on Linux > * Wilfredo S?nchez ([EMAIL PROTECTED]) wrote : > > Yeah, do you still have the log from when it failed? I noticed you > > took it off the URL you posted. > > > > Sander, you ran into the same build failures? > See Eric Gillespie's posts to dev@apr; David was seeing the same thing with > BeOS; I could reproduce with GNU awk 3.0.3 but 3.1.3 fixed the problem. > Basically, there were two problems: > > find -maxdepth is a GNUism; > and *something* in your changes was breaking the generation of exports.c. > > If anyone wants an account on a NetBSD box to play with this, drop me a mail > with an ssh key. > Cheers, > -Thom, apologising for being vague but being short on time. >
Re: Can't compile HEAD on Linux
* Wilfredo S?nchez ([EMAIL PROTECTED]) wrote : > Yeah, do you still have the log from when it failed? I noticed you > took it off the URL you posted. > > Sander, you ran into the same build failures? See Eric Gillespie's posts to dev@apr; David was seeing the same thing with BeOS; I could reproduce with GNU awk 3.0.3 but 3.1.3 fixed the problem. Basically, there were two problems: find -maxdepth is a GNUism; and *something* in your changes was breaking the generation of exports.c. If anyone wants an account on a NetBSD box to play with this, drop me a mail with an ssh key. Cheers, -Thom, apologising for being vague but being short on time.
[PATCH] Suppress proxy: error linking cache file...
There have been a couple of PRs opened against this. I believe the condition arises when the server is configured as a proxy gateway (aka reverse proxy) and multiple processes are serving the same backend file at the same time. Only one of the processes will actually succeed at saving the file, the others will fail with the message "[error] (17)File exists: proxy: error linking cache file ...". Changing the message level from APLOG_ERR to APLOG_INFO will keep this message out of the logs w/o major overhaul of this code. Any objections to committing this to 1.3? $ cvs diff -u proxy_cache.c Index: proxy_cache.c === RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_cache.c,v retrieving revision 1.89 diff -u -r1.89 proxy_cache.c --- proxy_cache.c 5 Sep 2002 19:53:35 - 1.89 +++ proxy_cache.c 9 Dec 2002 18:56:17 - @@ -1799,7 +1799,7 @@ #else if (link(c->tempfile, c->filename) == -1) -ap_log_error(APLOG_MARK, APLOG_ERR, s, +ap_log_error(APLOG_MARK, APLOG_INFO, s, "proxy: error linking cache file %s to %s", c->tempfile, c->filename); if (unlink(c->tempfile) == -1) $
Re: Can't compile HEAD on Linux
Wilfredo Sánchez wrote: > Yeah, do you still have the log from when it failed? I noticed you > took it off the URL you posted. No, sorry. -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/
Re: Can't compile HEAD on Linux
Yeah, do you still have the log from when it failed? I noticed you took it off the URL you posted. Sander, you ran into the same build failures? -wsv On Monday, December 9, 2002, at 03:35 AM, Sebastian Bergmann wrote: I checked out HEAD, thus 2.1, no?
Re: [PATCH] ap_default_port() and Apache 1.3 on NetWare
Since the SSL support for NetWare is handled by the OS rather than through MOD_SSL, determining the default port for a request needs to be handled differently. NetWare already handled part of this by implementing ap_http_method() to actually ask Winsock what http method was being used rather than hard coding it to "http". Apparently we forgot to also allow ap_default_port() to also ask rather than hard coding "80". I will be committing this patch shortly. Thanks Pavel. Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com >>> [EMAIL PROTECTED] Monday, December 09, 2002 9:18:23 AM >>> Jim Jagielski wrote: > At 11:13 AM +0100 12/9/02, Pavel Novy wrote: > >>Port 443 is not treated as a default port for the https method on >>NetWare, so wrong redirects like this are occuring: >> >>"https://server_name/some_location"; (missing a trailing slash) >>-> "https://server_name:443/some_location/"; >> > > > Pavel, how is the above redirect wrong? Or do you mean you'd prefer > the redirect simply not add the port information (though it is correct)? > I think it's abnormal behaviour of Apache to switch from "server" to "server:port" (add port) in such cases, when port number is default for scheme. I never seen this for "http" scheme (tested on Linux and NetWare), the same for "https" on Linux. Why for "https" on NetWare? Not absolutely sure, but it seems it doesn't matter here what UseCanonicalName is set to. Also, when accessing a page like "https://someserver/someplace"; and such place is protected, user is asked twice for authentication credentials (once for "server", once for "server:443"). It's not right, though. In fact, such bahaviour may vary depending on browser used to access the page... Pavel
Re: [PATCH] ap_default_port() and Apache 1.3 on NetWare
Pavel Novy wrote: > > I think it's abnormal behaviour of Apache to switch from "server" to > "server:port" (add port) in such cases, when port number is default for > scheme. I never seen this for "http" scheme (tested on Linux and > NetWare), the same for "https" on Linux. Why for "https" on NetWare? > Not absolutely sure, but it seems it doesn't matter here what > UseCanonicalName is set to. > > Also, when accessing a page like "https://someserver/someplace"; and such > place is protected, user is asked twice for authentication credentials > (once for "server", once for "server:443"). It's not right, though. In > fact, such bahaviour may vary depending on browser used to access the > page... > Hmmm. Yes, it does seem Netware specific. Good catch. -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "A society that will trade a little liberty for a little order will lose both and deserve neither" - T.Jefferson
Re: [PATCH] ap_default_port() and Apache 1.3 on NetWare
Jim Jagielski wrote: At 11:13 AM +0100 12/9/02, Pavel Novy wrote: Port 443 is not treated as a default port for the https method on NetWare, so wrong redirects like this are occuring: "https://server_name/some_location"; (missing a trailing slash) -> "https://server_name:443/some_location/"; Pavel, how is the above redirect wrong? Or do you mean you'd prefer the redirect simply not add the port information (though it is correct)? I think it's abnormal behaviour of Apache to switch from "server" to "server:port" (add port) in such cases, when port number is default for scheme. I never seen this for "http" scheme (tested on Linux and NetWare), the same for "https" on Linux. Why for "https" on NetWare? Not absolutely sure, but it seems it doesn't matter here what UseCanonicalName is set to. Also, when accessing a page like "https://someserver/someplace"; and such place is protected, user is asked twice for authentication credentials (once for "server", once for "server:443"). It's not right, though. In fact, such bahaviour may vary depending on browser used to access the page... Pavel
Re: mod_deflate with mod_jk
Joshua Slive wrote:
On Mon, 9 Dec 2002, Henri Gomez wrote:
Ok, it works with SetOutputFilter DEFLATE, I'm now wonder
how to remove *.gif/*.jpg and *.js from being compressed.
I think you will find yourself much better off if you take a few minutes
to peruse:
http://httpd.apache.org/docs-2.0/mod/mod_deflate.html
which André recently spent some time updating. It has an example that
does exactly what you want.
I tried by it didn't works on the Apache 2.0.39 present in my iSeries
(AS/400).
But it works great on my Linux box with 2.0.43.
BTW, I updated mod_jk 1.2.2-dev, 2.0.4-dev and also mod_webapp
to set the content type the correct way, previously there was
a direct set of content-type and I now use ap_set_content_type :
---
hgomez 2002/12/09 05:19:18
Modified:jk/native/apache-2.0 mod_jk.c
Log:
Make jk works with filters in Apache 2.0, ie mod_deflate and
AddOutputFilterByType DEFLATE text/html.
Revision ChangesPath
1.62 +5 -2
jakarta-tomcat-connectors/jk/native/apache-2.0/mod_jk.c
Index: mod_jk.c
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jk/native/apache-2.0/mod_jk.c,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- mod_jk.c 6 Dec 2002 18:54:45 - 1.61
+++ mod_jk.c 9 Dec 2002 13:19:17 - 1.62
@@ -240,7 +240,10 @@
if(!strcasecmp(header_names[h], "Content-type")) {
char *tmp = apr_pstrdup(r->pool, header_values[h]);
ap_content_type_tolower(tmp);
-r->content_type = tmp;
+/* It should be done like this in Apache 2.0 */
+/* This way, Apache 2.0 will be able to set the
output filter */
+/* and it make jk useable with deflate using
AddOutputFilterByType DEFLATE text/html */
+ap_set_content_type(r, tmp);
} else if(!strcasecmp(header_names[h], "Location")) {
#ifdef AS400
/* Fix escapes in Location Header URL*/
RE: [PATCH] prevent apxs from inserting AddModule
+1 and committed.
>
> Resend. I found a bug report on this as well:
>
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11212
>
> - Forwarded message from Joe Orton <[EMAIL PROTECTED]> -
>
> From: Joe Orton <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Mail-Followup-To: [EMAIL PROTECTED]
> Date: Wed, 27 Nov 2002 16:18:26 +
> Subject: [PATCH] prevent apxs from inserting AddModule
> User-Agent: Mutt/1.4i
>
> If an httpd.conf has commented out AddModule directives, apxs -i -a will
> add an un-commented AddModule directive for the new module, which breaks
> the config. Here's a fix:
>
> --- support/apxs.in 19 Sep 2002 05:43:16 - 1.47
> +++ support/apxs.in 27 Nov 2002 16:12:00 -
> @@ -490,9 +490,8 @@
> ##
>
> # determine installation commands
> -# and corresponding LoadModule/AddModule directives
> +# and corresponding LoadModule directive
> my @lmd = ();
> -my @amd = ();
> my @cmds = ();
> my $f;
> foreach $f (@args) {
> @@ -546,7 +545,6 @@
> $dir =~ s|(.)$|$1/|;
> $t =~ s|\.la$|.so|;
> push(@lmd, sprintf("LoadModule %-18s %s", "${name}_module",
> "$dir$t"));
> -push(@amd, sprintf("AddModule %s", $filename));
> }
>
> # execute the commands
> @@ -582,15 +580,7 @@
> $lmd =~ m|LoadModule\s+(.+?)_module.*|;
> notice("[$what module `$1' in
> $CFG_SYSCONFDIR/$CFG_TARGET.conf]");
> }
> -my $amd;
> -foreach $amd (@amd) {
> -if ($content !~ m|\n#?\s*$amd|) {
> - $content =~
> s|^(.*\n#?\s*AddModule\s+[^\n]+\n)|$1$c$amd\n|sg;
> -} else {
> - $content =~ s|^(.*\n)#?\s*$amd[^\n]*\n|$1$c$amd\n|sg;
> -}
> -}
> -if (@lmd or @amd) {
> +if (@lmd) {
> if (open(FP, ">$CFG_SYSCONFDIR/$CFG_TARGET.conf.new")) {
> print FP $content;
> close(FP);
>
> - End forwarded message -
>
RE: [patch] comment fix
Committed. Thanks.
> AddModule doesn't exist...
>
> Index: server/config.c
> ===
> RCS file: /home/cvspublic/httpd-2.0/server/config.c,v
> retrieving revision 1.156
> diff -u -r1.156 config.c
> --- server/config.c 12 Sep 2002 20:04:07 - 1.156
> +++ server/config.c 9 Dec 2002 04:24:21 -
> @@ -444,7 +444,7 @@
>
> AP_DECLARE(void) ap_add_module(module *m, apr_pool_t *p)
> {
> -/* This could be called from an AddModule httpd.conf command,
> +/* This could be called from an LoadModule httpd.conf command,
>* after the file has been linked and the module structure within it
>* teased out...
>*/
>
>
> __
> Stas BekmanJAm_pH --> Just Another mod_perl Hacker
> http://stason.org/ mod_perl Guide ---> http://perl.apache.org
> mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
> http://modperlbook.org http://apache.org http://ticketmaster.com
>
RE: [PATCH] Fix proxy's handling of input bodies
> --On Tuesday, December 3, 2002 8:10 AM -0800 Brian Pane > <[EMAIL PROTECTED]> wrote: > > >> This sounds a bit more reasonable to me. That is, send chunked if > >> the client will accept chunked, else send a connection: close > >> header (which will tell the client we are done sending). As a > >> compromise, we could start off buffering and if we hit some magic > >> threshold and we still do not know the c-l, add a connection: > >> close header and start sending. > > > > +1. Buffering up to, say, 8KB sounds good to me. For anything > > larger than that, there's little harm in sending Connection: close. > > Actually, I just remembered that's invalid. > A request can't indicate > its end of the request body with a Connection: Close. A server can > do that for a response, but not a client with a request. I remember > encountering this situation before (with a really poorly implemented > custom proxy), and Roy pointed out that this is a no-no in the RFC. > (You can't get away with a 'half-close.') > > So, it's either T-E or C-L. If it is C-L, we must buffer everything. > No way around this. -- justin > Oops, right you are... I just re-read your original message. I missed the fact that you were talking about a -request- not a response. Bleh. Bill
Re: mod_deflate with mod_jk
On Mon, 9 Dec 2002, Henri Gomez wrote: > Ok, it works with SetOutputFilter DEFLATE, I'm now wonder > how to remove *.gif/*.jpg and *.js from being compressed. I think you will find yourself much better off if you take a few minutes to peruse: http://httpd.apache.org/docs-2.0/mod/mod_deflate.html which André recently spent some time updating. It has an example that does exactly what you want. Joshua.
Re: [PATCH] ap_default_port() and Apache 1.3 on NetWare
At 11:13 AM +0100 12/9/02, Pavel Novy wrote: >Port 443 is not treated as a default port for the https method on >NetWare, so wrong redirects like this are occuring: > >"https://server_name/some_location"; (missing a trailing slash) >-> "https://server_name:443/some_location/"; > Pavel, how is the above redirect wrong? Or do you mean you'd prefer the redirect simply not add the port information (though it is correct)? -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "A society that will trade a little liberty for a little order will lose both and deserve neither" - T.Jefferson
Re: mod_deflate with mod_jk
Henri Gomez wrote:
André Malo wrote:
* Henri Gomez wrote:
Ok, it works with SetOutputFilter DEFLATE, I'm now wonder
how to remove *.gif/*.jpg and *.js from being compressed.
hmm.
SetEnv no-gzip
Hum, it didn't seems to works on my iSeries.
Neither with :
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
?
If mod_jk uses the appropriate Apache API call (ap_set_content_type),
Not yet, since we'll have to reparse the tomcat reply which is not
done today.
AddOutputFilterByType DEFLATE text/html
I'll try to see how to add it...
The actual jk code in response processing is :
if(!strcasecmp(header_names[h], "Content-type")) {
char *tmp = apr_pstrdup(r->pool, header_values[h]);
ap_content_type_tolower(tmp);
r->content_type = tmp;
}
I update to use ap_set_content_type(r, tmp) instead of r->content_type =
tmp and it works now !!!
Regards.
BTW, the fix will be in JK 1.2.2 / 2.0.3, also in mod_webapp and
right now in jakarta-tomcat-connectors CVS...
Re: mod_deflate with mod_jk
André Malo wrote: * Henri Gomez wrote: Ok, it works with SetOutputFilter DEFLATE, I'm now wonder how to remove *.gif/*.jpg and *.js from being compressed. hmm. SetEnv no-gzip Hum, it didn't seems to works on my iSeries. Neither with : SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary ? If mod_jk uses the appropriate Apache API call (ap_set_content_type), Not yet, since we'll have to reparse the tomcat reply which is not done today. AddOutputFilterByType DEFLATE text/html I'll try to see how to add it...
RE: Can't compile HEAD on Linux
> From: Sebastian Bergmann [mailto:[EMAIL PROTECTED]] > Sent: 09 December 2002 12:35 > Thom May wrote: > > Yes, Sander reverted server/Makefile.in on 2.0; your problem is > > probably still existant on 2.1 > > I checked out HEAD, thus 2.1, no? Yes. Sander
Re: Can't compile HEAD on Linux
Thom May wrote: > Yes, Sander reverted server/Makefile.in on 2.0; your problem is > probably still existant on 2.1 I checked out HEAD, thus 2.1, no? -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/
Re: mod_deflate with mod_jk
* Henri Gomez wrote: > Ok, it works with SetOutputFilter DEFLATE, I'm now wonder > how to remove *.gif/*.jpg and *.js from being compressed. hmm. SetEnv no-gzip ? If mod_jk uses the appropriate Apache API call (ap_set_content_type), AddOutputFilterByType DEFLATE text/html works, too. nd -- Real programmers confuse Christmas and Halloween because DEC 25 = OCT 31. -- Unknown (found in ssl_engine_mutex.c)
Re: [PATCH] prevent apxs from inserting AddModule
* Joe Orton ([EMAIL PROTECTED]) wrote : > Resend. I found a bug report on this as well: > > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11212 > > - Forwarded message from Joe Orton <[EMAIL PROTECTED]> - > > From: Joe Orton <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Mail-Followup-To: [EMAIL PROTECTED] > Date: Wed, 27 Nov 2002 16:18:26 + > Subject: [PATCH] prevent apxs from inserting AddModule > User-Agent: Mutt/1.4i > > If an httpd.conf has commented out AddModule directives, apxs -i -a will > add an un-commented AddModule directive for the new module, which breaks > the config. Here's a fix: > +1 from me. -Thom
Re: Can't compile HEAD on Linux
* Sebastian Bergmann ([EMAIL PROTECTED]) wrote : > Sebastian Bergmann wrote: > >> I can't compile current HEAD of httpd-2.0 > > > > Am I the only one experiencing this? an updated build log is here: > > http://www.sebastian-bergmann.de/stuff/httpd.txt > > Odd. After a fresh checkout from CVS it built just fine. > Yes, Sander reverted server/Makefile.in on 2.0; your problem is probably still existant on 2.1 -Thom
[PATCH] ap_default_port() and Apache 1.3 on NetWare
Port 443 is not treated as a default port for the https method on
NetWare, so wrong redirects like this are occuring:
"https://server_name/some_location"; (missing a trailing slash)
-> "https://server_name:443/some_location/";
Here comes a set of patches designed to fix that issue.
Thanks,
Pavel
--- src/include/httpd.h 2002-10-01 00:12:04.0 +0200
+++ src/include/httpd.h 2002-12-07 19:14:32.0 +0100
@@ -143,10 +143,11 @@
#define ap_is_default_port(port,r) ((port) == ap_default_port(r))
#ifdef NETWARE
#define ap_http_method(r) ap_os_http_method(r)
+#define ap_default_port(r) ap_os_default_port(r)
#else
#define ap_http_method(r) "http"
-#endif
#define ap_default_port(r) DEFAULT_HTTP_PORT
+#endif
/* - Default user name and group name running standalone -- */
/* --- These may be specified as numbers by placing a # before a number --- */
--- src/os/netware/os.h 2002-06-18 12:12:10.0 +0200
+++ src/os/netware/os.h 2002-12-07 19:43:12.0 +0100
@@ -186,5 +186,6 @@
void init_name_space(void);
int ap_os_is_filename_valid(const char *file);
char *ap_os_http_method(void *r);
+unsigned short ap_os_default_port(void *r);
#endif /*! APACHE_OS_H*/
--- src/os/netware/os.c 2002-03-14 00:12:06.0 +0100
+++ src/os/netware/os.c 2002-12-07 19:47:42.0 +0100
@@ -502,3 +502,8 @@
if (optParam & (SO_SSL_ENABLE | SO_SSL_SERVER)) return "https";
return "http";
}
+
+unsigned short ap_os_default_port(void *r)
+{
+ return ap_default_port_for_scheme(ap_os_http_method(r));
+}
Re: mod_deflate with mod_jk
Joshua Slive wrote: On Wed, 4 Dec 2002, Henri Gomez wrote: I built deflate and jk but deflate seems to compress only static (ie no servlet/jsp) contents. AddOutputFilter DEFLATE html Either I'm missing something silly, or you are. But don't you want SetOutputFilter DEFLATE What you have won't work unless all your jsp file have the .html extension. Ok, it works with SetOutputFilter DEFLATE, I'm now wonder how to remove *.gif/*.jpg and *.js from being compressed. Regards
[PATCH] prevent apxs from inserting AddModule
Resend. I found a bug report on this as well:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11212
- Forwarded message from Joe Orton <[EMAIL PROTECTED]> -
From: Joe Orton <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Mail-Followup-To: [EMAIL PROTECTED]
Date: Wed, 27 Nov 2002 16:18:26 +
Subject: [PATCH] prevent apxs from inserting AddModule
User-Agent: Mutt/1.4i
If an httpd.conf has commented out AddModule directives, apxs -i -a will
add an un-commented AddModule directive for the new module, which breaks
the config. Here's a fix:
--- support/apxs.in 19 Sep 2002 05:43:16 - 1.47
+++ support/apxs.in 27 Nov 2002 16:12:00 -
@@ -490,9 +490,8 @@
##
# determine installation commands
-# and corresponding LoadModule/AddModule directives
+# and corresponding LoadModule directive
my @lmd = ();
-my @amd = ();
my @cmds = ();
my $f;
foreach $f (@args) {
@@ -546,7 +545,6 @@
$dir =~ s|(.)$|$1/|;
$t =~ s|\.la$|.so|;
push(@lmd, sprintf("LoadModule %-18s %s", "${name}_module", "$dir$t"));
-push(@amd, sprintf("AddModule %s", $filename));
}
# execute the commands
@@ -582,15 +580,7 @@
$lmd =~ m|LoadModule\s+(.+?)_module.*|;
notice("[$what module `$1' in $CFG_SYSCONFDIR/$CFG_TARGET.conf]");
}
-my $amd;
-foreach $amd (@amd) {
-if ($content !~ m|\n#?\s*$amd|) {
- $content =~ s|^(.*\n#?\s*AddModule\s+[^\n]+\n)|$1$c$amd\n|sg;
-} else {
- $content =~ s|^(.*\n)#?\s*$amd[^\n]*\n|$1$c$amd\n|sg;
-}
-}
-if (@lmd or @amd) {
+if (@lmd) {
if (open(FP, ">$CFG_SYSCONFDIR/$CFG_TARGET.conf.new")) {
print FP $content;
close(FP);
- End forwarded message -
Re: Can't compile HEAD on Linux
Sebastian Bergmann wrote: >> I can't compile current HEAD of httpd-2.0 > > Am I the only one experiencing this? an updated build log is here: > http://www.sebastian-bergmann.de/stuff/httpd.txt Odd. After a fresh checkout from CVS it built just fine. -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/
mod_ldap and threaded MPMs
Hi all, When httpd is compiled with the worker MPM (threaded), mod_ldap's connection pool fails - many connections to the LDAP server are opened until connections run out. The prefork MPM seems to work fine. I don't have much time this week to look at this, if someone who knows threads and locking could look at this I would be very grateful :) Regards, Graham -- - [EMAIL PROTECTED] "There's a moon over Bourbon Street tonight..."
Re: Can't compile HEAD on Linux
Sebastian Bergmann wrote: > I can't compile current HEAD of httpd-2.0 Am I the only one experiencing this? an updated build log is here: http://www.sebastian-bergmann.de/stuff/httpd.txt -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/
authentification module
Hello! I'm intrested about an external authentification module if that already exist. My problem is: On host A I have an Apache Web server whit a some information that should be accessed only by some user. User account are on host B and I thing that I cand make that authentification through ftp. Any idea or any existent apache module? Thx. Ovidiu Egyed
