Re: [VOTE] release httpd mod_ftp-0.9.6 beta?
On Mon, Sep 28, 2009 at 11:28 PM, William A. Rowe, Jr. wrote: > Following Rainer's Solaris discoveries and our DISTDIR suggestions, > > Please fetch up the newly prepared mod_ftp-0.9.6.tar.gz (or .bz2), or the > win32/netware/os2 suitable package mod_ftp-0.9.6-crlf.zip from; > > http://httpd.apache.org/dev/dist/mod_ftp/ > > review, take it for a spin, and cast your choice > > [ ] -1 for any release of 0.9.6 (regressed from 0.9.2 or earlier?) > [ ] +1 to release as 0.9.6-beta > [ ] +1 to release as 0.9.6 GA > +1 for beta + 0.5 for GA (I don't know enough about it to be more sure)
Re: mod_fcgid - cannot get authorizer process to be started
At this point let me ask this: Is it possible with the current code to ever have the fcgid Authorizer called? If it is not possible I'm willing to try and code the missing pieces, with a little help being pointed in the right direction. Barry
Re: [mod_fcgid] Cleaning up configuration directive names
Jeff Trawick wrote: I borrowed a few ideas from my friends and botched the rest personally: (omitting FCGID prefix) leave alone AccessChecker AccessCheckerAuthoritative Authenticator AuthenticatorAuthoritative Authorizer AuthorizerAuthoritative Wrapper MaxRequestsPerProcess PassHeader It may just be me but I keep up mis-speaking Authorizer for Authenticator. The Authorizer I would have called the AccessChecker if that was not already used for another phase of checking. Maybe PreAuthAccessCheck and PostAuthAccessCheck. Barry
Re: mod_fcgid - cannot get authorizer process to be started
On Wed, Sep 30, 2009 at 11:37 AM, Barry Scott wrote: > At this point let me ask this: > > Is it possible with the current code to ever have the fcgid Authorizer > called? > yes This works for me, though it uses the unfortunate valid-group hack with httpd 2.2 so that no authorizers running before fcgid think they should evaluate: = 2.2> AuthBasicAuthoritative Off # AuthBasicProvider foo # work around problem with AAA in mod_fcgid (it can't track more than # one AAA script per URL, and even then the URL can't be handled by a # FastCGI app) # # FastCgiAccessChecker %%MYHG%%/apache/fastcgi/apps/access_check.pl # FastCgiAuthenticator %%MYHG%%/apache/fastcgi/apps/authenticate.pl # FastCgiAuthorizer%%MYHG%%/apache/fastcgi/apps/authorize.pl FastCgiAccessChecker %%MYHG%%/apache/fcgid/apps/aaa.pl FastCgiAuthenticator %%MYHG%%/apache/fcgid/apps/aaa.pl FastCgiAuthorizer%%MYHG%%/apache/fcgid/apps/aaa.pl FastCgiAccessCheckerAuthoritative On FastCgiAuthenticatorAuthoritative On FastCgiAuthorizerAuthoritativeOn AuthType Basic AuthName "foo" Require group foo = 2.2> Require valid-group Order allow,deny Allow from all = 2.3> Require group foo > > If it is not possible I'm willing to try and code the missing pieces, with > a little > help being pointed in the right direction. > I hope some "require" experts could jump in ;) A good solution might be to associate a script with a particular require-ment so that mod_fcgid can check the Require for any require-ments implemented by a FastCGI script. [too] simple example: FCGIDRequire mydb-user /path/to/my/authorizer.sh Require mydb-user SetEnv whatever-needed-by-authorizer.sh
Re: [mod_fcgid] Cleaning up configuration directive names
On Wed, Sep 30, 2009 at 11:40 AM, Barry Scott wrote: > Jeff Trawick wrote: > >> I borrowed a few ideas from my friends and botched the rest personally: >> >> (omitting FCGID prefix) >> >> leave alone >> >> AccessChecker >> AccessCheckerAuthoritative >> Authenticator >> AuthenticatorAuthoritative >> Authorizer >> AuthorizerAuthoritative >> Wrapper >> MaxRequestsPerProcess >> PassHeader >> >> It may just be me but I keep up mis-speaking Authorizer for > Authenticator. > The Authorizer I would have called the AccessChecker if that was not > already > used for another phase of checking. Maybe PreAuthAccessCheck and > PostAuthAccessCheck. > Access check, authentication, and authorization are the three Apache phases for modules to implement, hence the names. http://httpd.apache.org/docs/2.2/howto/auth.html
Re: slotmem improving doall
On Sep 29, 2009, at 5:23 AM, jean-frederic clere wrote: Hi, I would like to change the doall / ap_slotmem_callback_fn_t logic. For the moment we can't stop the doall loop, but it could be interesting to do so (for example while search for a value in the slotmems). My idea is to return APR_SUCCESS when done and APR_INCOMPLETE if we want to go on doing the loop. How would it be re-entrant?
Re: mod_fcgid - cannot get authorizer process to be started
On Wed, Sep 30, 2009 at 12:11 PM, Jeff Trawick wrote: > On Wed, Sep 30, 2009 at 11:37 AM, Barry Scott wrote: > >> At this point let me ask this: >> >> Is it possible with the current code to ever have the fcgid Authorizer >> called? >> > > yes > > This works for me, though it uses the unfortunate valid-group hack with > httpd 2.2 so that no authorizers running before fcgid think they should > evaluate: > > > = 2.2> > AuthBasicAuthoritative Off > # AuthBasicProvider foo > > > # work around problem with AAA in mod_fcgid (it can't track more than > # one AAA script per URL, and even then the URL can't be handled by a > # FastCGI app) > # > # FastCgiAccessChecker %%MYHG%%/apache/fastcgi/apps/access_check.pl > # FastCgiAuthenticator %%MYHG%%/apache/fastcgi/apps/authenticate.pl > # FastCgiAuthorizer%%MYHG%%/apache/fastcgi/apps/authorize.pl > > FastCgiAccessChecker %%MYHG%%/apache/fcgid/apps/aaa.pl > FastCgiAuthenticator %%MYHG%%/apache/fcgid/apps/aaa.pl > FastCgiAuthorizer%%MYHG%%/apache/fcgid/apps/aaa.pl > > FastCgiAccessCheckerAuthoritative On > FastCgiAuthenticatorAuthoritative On > FastCgiAuthorizerAuthoritativeOn > > AuthType Basic > AuthName "foo" > > > > > Require group foo > > > = 2.2> > Require valid-group > > > Order allow,deny > Allow from all > > > = 2.3> > Require group foo > > > > > > >> >> If it is not possible I'm willing to try and code the missing pieces, with >> a little >> help being pointed in the right direction. >> > > I hope some "require" experts could jump in ;) > > A good solution might be to associate a script with a particular > require-ment so that mod_fcgid can check the Require for any require-ments > implemented by a FastCGI script. > > [too] simple example: > > FCGIDRequire mydb-user /path/to/my/authorizer.sh > > > Require mydb-user > SetEnv whatever-needed-by-authorizer.sh > > > BTW, authentication is another area where mod_fcgid could better fit in with httpd (in this case, 2.2+). Bundled authn module implement a "provider," and the admin can specify which provider(s) handles authn. That's better than just calling all the authn hooks in a somewhat mysterious order and having them look at other config to decide if they should try to authenticate. It would be nice to configure a FastCGI authenticator as a provider, and then specify that the provider should be used within a particular container.
Re: [Fwd: backport and enhancement of patch 724717]
Following a remark from Guenter, it seems that the patch 724717 removed some variables. Only the details of the DNs are handled by the new function but not the complet DNs The enclosed patch should correct this I hope by adding the four variables back. regards and have fun Peter Sylvester *** httpd-HEAD_r820216/modules/ssl/ssl_engine_kernel.c 2009-05-27 07:41:07.0 +0200 --- httpd-HEAD_r820216ps/modules/ssl/ssl_engine_kernel.c 2009-09-30 17:37:36.0 +0200 *** static const char *ssl_hook_Fixup_vars[] *** 1038,1049 --- 1038,1053 "SSL_CLIENT_V_START", "SSL_CLIENT_V_END", "SSL_CLIENT_V_REMAIN", + "SSL_CLIENT_S_DN", + "SSL_CLIENT_I_DN", "SSL_CLIENT_A_KEY", "SSL_CLIENT_A_SIG", "SSL_SERVER_M_VERSION", "SSL_SERVER_M_SERIAL", "SSL_SERVER_V_START", "SSL_SERVER_V_END", + "SSL_SERVER_S_DN", + "SSL_SERVER_I_DN", "SSL_SERVER_A_KEY", "SSL_SERVER_A_SIG", "SSL_SESSION_ID",
Re: [VOTE] release httpd mod_fcgid-2.3.2?
On Sep 28, 2009, at 11:30 PM, William A. Rowe, Jr. wrote: Quick on the heels of mod_fcgid 2.3.1 we have another candidate for your consideration, with many improvements to docs and especially the authn/authz interface. Please fetch up the newly minted mod_fcgid-2.3.2.tar.gz (or bz2) or the win32 suitable package mod_fcgid-2.3.2-crlf.zip from: http://httpd.apache.org/dev/dist/mod_fcgid/ review, take it for a spin, and cast your choice [ ] -1 for any release of 2.3.2 (regressed from 2.3.1?) [ ] +1 to release as 2.3.2-beta [ ] +1 to release as 2.3.2-GA Note no configuration updates occur yet on make install. Not sure what our 'example' aught to look like, yet. Documentation still needs substantial attention from fans to fill in the text. For getting started, http://svn.apache.org/repos/asf/httpd/mod_fcgid/tags/2.3.2/README- FCGID +1 release as 2.3.2-beta
Re: [Fwd: backport and enhancement of patch 724717]
On 09/30/2009 06:24 PM, Peter Sylvester wrote: > Following a remark from Guenter, it seems that > the patch 724717 removed some variables. > Only the details of the DNs are handled by the > new function but not the complet DNs > > The enclosed patch should correct this I hope > by adding the four variables back. Thanks for the patch. Committed as r820401. Regards Rüdiger
mod_serf uses non-public API
Hi, mod_serf uses in line 102: ap_process_request_after_handler(ctx->r); while in http_request.h line 319 we have: void ap_process_request_after_handler(request_rec *r); so this seems not a function yet declared for export. Gün.
Re: mod_serf uses non-public API
very likely, mod_serf in its current for should just be polished to replace mod_proxy_*, and all of the async stuff should be pushed towards the MPMs.. On Wed, Sep 30, 2009 at 5:57 PM, Guenter Knauf wrote: > Hi, > mod_serf uses in line 102: > ap_process_request_after_handler(ctx->r); > > while in http_request.h line 319 we have: > void ap_process_request_after_handler(request_rec *r); > > so this seems not a function yet declared for export. > > Gün. > > >
Re: mod_serf uses non-public API
Paul, Paul Querna schrieb: > very likely, mod_serf in its current for should just be polished to > replace mod_proxy_*, and all of the async stuff should be pushed > towards the MPMs.. well the question is: do we want to export ap_process_request_after_handler() in the future, and if so we should AP_DECLARE it; I've just found that test/mod_dial_up.c uses this function too in line 119 ... Gün.
Re: svn commit: r820427 - in /httpd/httpd/trunk/modules: cluster/mod_heartmonitor.c core/mod_watchdog.c core/mod_watchdog.h
Hi Jeff, traw...@apache.org schrieb: > Author: trawick > Date: Wed Sep 30 20:00:37 2009 > New Revision: 820427 > > URL: http://svn.apache.org/viewvc?rev=820427&view=rev > Log: > change the callable functions in the mod_watchdog API > to optional hooks to avoid module ordering or other symbol > resolution issues; affected: > > ap_watchdog_get_instance > ap_watchdog_register_callback > ap_watchdog_set_callback_interval > > Modified: > httpd/httpd/trunk/modules/cluster/mod_heartmonitor.c > httpd/httpd/trunk/modules/core/mod_watchdog.c > httpd/httpd/trunk/modules/core/mod_watchdog.h this breaks NetWare export list; and I did spent hours with Rainer last time get the mod_watchdog exported symbols in; can you perhaps help a bit with the awk stuff - I'm no expert with this; see: http://svn.apache.org/viewvc?rev=820503&view=rev where I started with it, but too late to get it right ATM ... thanks, Gün.
Re: [vote] release httpd-2.2.14?
Hi, Graham Leggett schrieb: > Still waiting for www.apache.org/dist/httpd to pick up the binaries, > have pinging infra to see if there is anything wrong. still not sync'd, also my NetWare binaries not; there is something wrong ... Gün.
