Re: mod_fcgid POST broken if FcgiAuthorizer is run

2009-10-09 Thread Chris Darroch 

Jeff Trawick wrote:


Chris Darroch has a patch for that, which is a small part of

http://people.apache.org/~chrisd/patches/mod_fcgid_auth/mod_fcgid-1auth-trunk.patch

which applies to the old mod_fcgid 2.2 but which he has submitted here
for inclusion.  If you get stuck, look in there at some of the checks
for role == responder, one or more of which are for the
responder+authorizer-on-same-request issue.


  Yes -- and I'm really, really going to prioritize breaking this
patchset up (I know I'm a moron for having run everything together)
next week and trying to commit portions one at a time to mod_fcgid trunk.

  I know, because we do it in production, that I have a single script
running as both authorizer and responder, and it does work OK ... I just
have to go back in line by line and figure out what each change was for.

  Please do hassle me next week if I don't show some signs of progress
on this front.

Chris.

--
GPG Key ID: 366A375B
GPG Key Fingerprint: 485E 5041 17E1 E2BB C263  E4DE C8E3 FA36 366A 375B

Re: [mod_fcgid] FcgidWrapper parsing

2009-10-09 Thread William A. Rowe, Jr. 
Rainer Jung wrote:
> On 09.10.2009 20:55, Jeff Trawick wrote:
>> Related to clarifying the executable part of the wrapper command-line
>> (823657): Handling wrapper executables with embedded blanks,
>> especially to confront the FcgiWrapper "C:/PROGRA~1/PHP/php-cgi.exe"
>> .php meme.  (Dig the quotes; you might anticipate you could spell out
>> the proper path in there, but quotes are for cmd+args, the first
>> blank-delimited
>> token of which must be the executable file.)
>>
>> The fact that a patch to handle that started growing more than I
>> expected makes me ask: Is it worth the trouble supporting something
>> like
>>
>> FcgidWrapper "'C:/Program Files/PHP/php-cgi.exe' -c /some/odd/ini/file" .php
>>
>> Can I do something like that when defining a piped logger? (executable
>> with blanks + arguments)  I tried but was unable, either because of a
>> Unix shell-ism or a Jeff-ism.
> 
> Tat: there comes httpd 2.2.12+
> 
> The usual piped logger syntax uses an intermediate shell with "-c" to
> actually start the logger. Bill added an alternative "||" syntax in
> 2.2.12 (see CHANGES) which spawns without the shell.
> 
> Using the Syntax
> 
> "||/my/path/with\ spaces/rotatelogs /my/log/path/access_log 86400"
> 
> I'm able to use rotatelogs with white space in the installation path.
> Backslash as an escaped worked in the log file name to.
> 
> Using Solaris and compiling with xpg4 shell for spawning which should
> not be relevant here, since "||" shouldn't use the shell.

Nested doublequotes should also work as delimiters.  "blah \"blah blah\" blah"

Re: DAV Provider Patch

2009-10-09 Thread Graham Leggett 
Brian J. France wrote:

> Depends.
> 
> Should a mod_dav_fs type module (like mod_dav_fs_database) update
> r->filename so other modules like mod_dav_acl could use the filename
> from the request_rec.
> Or should mod_dav_acl use a hook function to get the pathname because
> r->filename would not be set correctly since that is a path on disk in
> the case of mod_dav_fs_database?
> 
> My patch (version 3) left the get_pathname hook with the assumption that
> r->filename should not be used and instead a hook should be used.

Thanks for this, committed to httpd-trunk in r823703.

Regards,
Graham
--


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [mod_fcgid] FcgidWrapper parsing

2009-10-09 Thread Rainer Jung 
On 09.10.2009 20:55, Jeff Trawick wrote:
> Related to clarifying the executable part of the wrapper command-line
> (823657): Handling wrapper executables with embedded blanks,
> especially to confront the FcgiWrapper "C:/PROGRA~1/PHP/php-cgi.exe"
> .php meme.  (Dig the quotes; you might anticipate you could spell out
> the proper path in there, but quotes are for cmd+args, the first
> blank-delimited
> token of which must be the executable file.)
> 
> The fact that a patch to handle that started growing more than I
> expected makes me ask: Is it worth the trouble supporting something
> like
> 
> FcgidWrapper "'C:/Program Files/PHP/php-cgi.exe' -c /some/odd/ini/file" .php
> 
> Can I do something like that when defining a piped logger? (executable
> with blanks + arguments)  I tried but was unable, either because of a
> Unix shell-ism or a Jeff-ism.

Tat: there comes httpd 2.2.12+

The usual piped logger syntax uses an intermediate shell with "-c" to
actually start the logger. Bill added an alternative "||" syntax in
2.2.12 (see CHANGES) which spawns without the shell.

Using the Syntax

"||/my/path/with\ spaces/rotatelogs /my/log/path/access_log 86400"

I'm able to use rotatelogs with white space in the installation path.
Backslash as an escaped worked in the log file name to.

Using Solaris and compiling with xpg4 shell for spawning which should
not be relevant here, since "||" shouldn't use the shell.

Regards,

Rainer

Re: Making a binary distribution package... for AIX

2009-10-09 Thread Rainer Jung 
On 09.10.2009 00:39, Michael Felt wrote:
> In case the question is not obvious - why is the code not finding it's
> own expat.h file? Is it not suppossed to - meaning install the expat
> package?

Yes, it should.

> On Thu, Oct 8, 2009 at 6:11 PM, Michael Felt  > wrote:
> 
> ok. build/binbuild.sh is the starting point it seems - and I get an
> error.
> 
> /bin/sh /data/prj/httpd-2.2.14/srclib/apr/libtool --silent
> --mode=compile cc -qlanglvl=extc89 -g -qHALT=E   -DHAVE_CONFIG_H
> -U__STR__ -D_THREAD_SAFE -D_LARGEFILE64_SOURCE  
> -I/data/prj/httpd-2.2.14/srclib/apr-util/include
> -I/data/prj/httpd-2.2.14/srclib/apr-util/include/private 
> -I/data/prj/httpd-2.2.14/srclib/apr/include 
> -I/data/prj/httpd-2.2.14/srclib/apr-util/xml/expat/include  -o
> xml/apr_xml.lo -c xml/apr_xml.c && touch xml/apr_xml.lo
> "xml/apr_xml.c", line 35.10: 1506-296 (S) #include file 
> not found.
> "xml/apr_xml.c", line 66.5: 1506-046 (S) Syntax error.
> "xml/apr_xml.c", line 67.10: 1506-007 (S) "enum XML_Error" is undefined.
> "xml/apr_xml.c", line 344.28: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> "xml/apr_xml.c", line 345.13: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> "xml/apr_xml.c", line 364.60: 1506-277 (S) Syntax error: possible
> missing ')' or ','?
> "xml/apr_xml.c", line 381.13: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> "xml/apr_xml.c", line 382.17: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> "xml/apr_xml.c", line 390.29: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> "xml/apr_xml.c", line 391.35: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> "xml/apr_xml.c", line 392.41: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> "xml/apr_xml.c", line 404.35: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> "xml/apr_xml.c", line 414.17: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> "xml/apr_xml.c", line 418.36: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> "xml/apr_xml.c", line 422.55: 1506-022 (S) "xp" is not a member of
> "struct apr_xml_parser".
> make[3]: *** [xml/apr_xml.lo] Error 1
> make[3]: Leaving directory `/data/prj/httpd-2.2.14/srclib/apr-util'
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory `/data/prj/httpd-2.2.14/srclib/apr-util'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/data/prj/httpd-2.2.14/srclib'
> make: *** [all-recursive] Error 1
> ERROR: Failed to build Apache. See "build.log" for details.

 When I do a build (not on AIX), then configure produces an output line

setting APRUTIL_INCLUDES to
"-I/my/apache/build/dir/srclib/apr-util/xml/expat/lib"

and later

setting EXTRA_INCLUDES to "-I$(top_builddir)/srclib/pcre -I.
...
-I/my/apache/build/dir/srclib/apr/include
-I/my/apache/build/dir/srclib/apr-util/include
-I/my/apache/build/dir/srclib/apr-util/xml/expat/lib
..."

Then when doing the make,

/usr/bin/ksh /my/apache/build/dir/srclib/apr/libtool --silent --mode=compile
...
-I/my/apache/build/dir/srclib/apr-util/include
-I/my/apache/build/dir/srclib/apr-util/include/private
-I/my/apache/build/dir/srclib/apr/include
-I/my/apache/build/dir/srclib/apr-util/xml/expat/lib  -o xml/apr_xml.lo
-c xml/apr_xml.c && touch xml/apr_xml.lo

So the path -I/my/apache/build/dir/srclib/apr-util/xml/expat/lib is
correct and the header file gets found.

In your snippet there is a
-I/data/prj/httpd-2.2.14/srclib/apr-util/xml/expat/include which is
wrong. Did you give explicit instructions to configure where to find
expat? You don't need to.

> mich...@x054:[/data/prj/httpd-2.2.14]find . -name expat.h
> ./srclib/apr-util/xml/expat.h
> 
> mich...@x054:[/data/prj/httpd-2.2.14]find . -name apr_xml.c
> ./srclib/apr-util/xml/apr_xml.c
> 
> mich...@x054:[/data/prj/httpd-2.2.14]find / -fstype jfs2 -name expat.h
> /data/prj/httpd-2.2.14/srclib/apr-util/xml/expat/lib/expat.h
> /data/prj/Python-2.6.3/Modules/expat/expat.h
> /usr/local/apache2/include/expat.h

That contradicts the result of your first find:

/data/prj/httpd-2.2.14 + ./srclib/apr-util/xml/expat.h !=
/data/prj/httpd-2.2.14/srclib/apr-util/xml/expat/lib/expat.h

Regards,

Rainer

Re: KEYS missing 2.2.14 signer's key

2009-10-09 Thread Graham Leggett 
John Kristoff wrote:

> I wouldn't be surprised if the number of people who actually PGP verify
> httpd packages could be counted on one hand, but I happen to be one of
> them.  Just pointing out that Graham Leggett (PGP key id 0x751D7F27) is
> listed on the download page as having signed 2.2.14 and indeed has, but
> his key is not in the KEYS file.  Obviously having it there would be
> nice for at least ~5 of us.  :-)

To get copies of keys, follow the instructions to verify tarballs here:

http://httpd.apache.org/dev/verification.html

Which will lead you to the keys file here:

http://www.apache.org/dist/httpd/KEYS

Alternatively, put "site:httpd.apache.org KEYS" into Google.

Regards,
Graham
--


smime.p7s
Description: S/MIME Cryptographic Signature

KEYS missing 2.2.14 signer's key

2009-10-09 Thread John Kristoff 
I wouldn't be surprised if the number of people who actually PGP verify
httpd packages could be counted on one hand, but I happen to be one of
them.  Just pointing out that Graham Leggett (PGP key id 0x751D7F27) is
listed on the download page as having signed 2.2.14 and indeed has, but
his key is not in the KEYS file.  Obviously having it there would be
nice for at least ~5 of us.  :-)

John

Re: mod_fcgid POST broken if FcgiAuthorizer is run

2009-10-09 Thread Jeff Trawick 
On Fri, Oct 9, 2009 at 3:30 PM, Jeff Trawick  wrote:
> On Fri, Oct 9, 2009 at 1:26 PM, Barry Scott  wrote:
>> Jeff Trawick wrote:
>>>
>>> On Fri, Oct 9, 2009 at 12:04 PM, Barry Scott 
>>> wrote:
>>>

 This has been filed as issue
 https://issues.apache.org/bugzilla/show_bug.cgi?id=47973

>>> See patch attached to the PR.  Thanks!
>>>
>>>
>>
>> No joy I get internal server error.
>>
>> But the patch below works for my case.
> ...
>
>> Index: modules/fcgid/fcgid_bridge.c
>> ===
>> --- modules/fcgid/fcgid_bridge.c    (revision 823573)
>> +++ modules/fcgid/fcgid_bridge.c    (working copy)
>> @@ -470,6 +470,8 @@
>>        return HTTP_INTERNAL_SERVER_ERROR;
>>    }
>>
>> +    if (role == FCGI_RESPONDER) {
>> +
>>    /* Stdin header and body */
>>    /* XXX HACK: I have to read all the request into memory before sending it
>>       to fastcgi application server, this prevents slow clients from
>> @@ -624,6 +626,7 @@
>>        apr_brigade_destroy(input_brigade);
>>    }
>>    while (!seen_eos);
>> +    } /* end handling request body for responders */
>>
>>    /* Append an empty body stdin header */
>>    stdin_request_header = apr_bucket_alloc(sizeof(FCGI_Header),
>>
>>
>
> Variation number three:
>
> As with your patch, it remembers to add the eos bucket to the brigade
> of data sent to the app.  As with my earlier patch, it doesn't send
> the trailing FCGI_STDIN record.
>
> In the spec (http://www.fastcgi.com/devkit/doc/fcgi-spec.html#S6.3),
> there's no mention of FCGI_STDIN for an FCGI_AUTHORIZER.  I
> double-checked that mod_fcgid.c strips any CONTENT_LENGTH when calling
> the authorizer, which the spec does call for.
>
> I won't be shocked if it still fails for you; in that case I think we
> need to try to understand exactly why the trailing FCGI_STDIN record
> is needed.
>
> (FWIW, my authorizer is Perl using the FCGI module.  The protocol
> implementation on the app side could explain the difference in our
> observations.)

Silly me.  Chris's patch at
http://people.apache.org/~chrisd/patches/mod_fcgid_auth/mod_fcgid-1auth-trunk.patch
handles this, and it does send a trailing FCGI_STDIN record to an
authorizer.

Chris, AYT?

Re: mod_fcgid POST broken if FcgiAuthorizer is run

2009-10-09 Thread Jeff Trawick 
On Fri, Oct 9, 2009 at 1:26 PM, Barry Scott  wrote:
> Jeff Trawick wrote:
>>
>> On Fri, Oct 9, 2009 at 12:04 PM, Barry Scott 
>> wrote:
>>
>>>
>>> This has been filed as issue
>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=47973
>>>
>> See patch attached to the PR.  Thanks!
>>
>>
>
> No joy I get internal server error.
>
> But the patch below works for my case.
...

> Index: modules/fcgid/fcgid_bridge.c
> ===
> --- modules/fcgid/fcgid_bridge.c    (revision 823573)
> +++ modules/fcgid/fcgid_bridge.c    (working copy)
> @@ -470,6 +470,8 @@
>        return HTTP_INTERNAL_SERVER_ERROR;
>    }
>
> +    if (role == FCGI_RESPONDER) {
> +
>    /* Stdin header and body */
>    /* XXX HACK: I have to read all the request into memory before sending it
>       to fastcgi application server, this prevents slow clients from
> @@ -624,6 +626,7 @@
>        apr_brigade_destroy(input_brigade);
>    }
>    while (!seen_eos);
> +    } /* end handling request body for responders */
>
>    /* Append an empty body stdin header */
>    stdin_request_header = apr_bucket_alloc(sizeof(FCGI_Header),
>
>

Variation number three:

As with your patch, it remembers to add the eos bucket to the brigade
of data sent to the app.  As with my earlier patch, it doesn't send
the trailing FCGI_STDIN record.

In the spec (http://www.fastcgi.com/devkit/doc/fcgi-spec.html#S6.3),
there's no mention of FCGI_STDIN for an FCGI_AUTHORIZER.  I
double-checked that mod_fcgid.c strips any CONTENT_LENGTH when calling
the authorizer, which the spec does call for.

I won't be shocked if it still fails for you; in that case I think we
need to try to understand exactly why the trailing FCGI_STDIN record
is needed.

(FWIW, my authorizer is Perl using the FCGI module.  The protocol
implementation on the app side could explain the difference in our
observations.)

--- modules/fcgid/fcgid_bridge.c.orig   2009-10-09 12:09:12.032405619 -0400
+++ modules/fcgid/fcgid_bridge.c2009-10-09 15:12:25.838920760 -0400
@@ -470,6 +470,8 @@
 return HTTP_INTERNAL_SERVER_ERROR;
 }

+if (role == FCGI_RESPONDER) {
+
 /* Stdin header and body */
 /* XXX HACK: I have to read all the request into memory before sending it
to fastcgi application server, this prevents slow clients from
@@ -640,6 +642,8 @@
 }
 APR_BRIGADE_INSERT_TAIL(output_brigade, bucket_header);

+} /* end handling request body for responders */
+
 /* The eos bucket now */
 bucket_eos = apr_bucket_eos_create(r->connection->bucket_alloc);
 APR_BRIGADE_INSERT_TAIL(output_brigade, bucket_eos);


-- 
Born in Roswell... married an alien...

Re: [VOTE] release httpd mod_ftp-0.9.6 beta?

2009-10-09 Thread Jeff Trawick 
On Fri, Oct 9, 2009 at 3:05 PM, William A. Rowe, Jr.
 wrote:
> William A. Rowe, Jr. wrote:
>>
>> Please fetch up the newly prepared mod_ftp-0.9.6.tar.gz (or .bz2), or the
>> win32/netware/os2 suitable package mod_ftp-0.9.6-crlf.zip from;
>>
>>   [ ] +1 to release as 0.9.6-beta
>>   [ ] +1 to release as 0.9.6 GA
>
> +1 for GA; wrowe
> +.5 for GA; trawick, rjung
> binding +1 for beta; wrowe, trawick, rpluem, fuankg, rjung
>
> Additional positive feedback from Jorge and Mario (linux, win32)
>
> It would be good in the next cycle, with all of the small improvements that 
> Jeff and I
> had worked on, to bless this as GA.  Unfortunately .5 votes don't sum to 1 :)

It is a beta now but could still be GA if nobody finds a regression
and something magic happens and we get votes for GA, right?

Re: [VOTE] release httpd mod_ftp-0.9.6 beta?

2009-10-09 Thread William A. Rowe, Jr. 
William A. Rowe, Jr. wrote:
> 
> Please fetch up the newly prepared mod_ftp-0.9.6.tar.gz (or .bz2), or the
> win32/netware/os2 suitable package mod_ftp-0.9.6-crlf.zip from;
> 
>   [ ] +1 to release as 0.9.6-beta
>   [ ] +1 to release as 0.9.6 GA

+1 for GA; wrowe
+.5 for GA; trawick, rjung
binding +1 for beta; wrowe, trawick, rpluem, fuankg, rjung

Additional positive feedback from Jorge and Mario (linux, win32)

It would be good in the next cycle, with all of the small improvements that 
Jeff and I
had worked on, to bless this as GA.  Unfortunately .5 votes don't sum to 1 :)

Thanks everyone for reviewing!

[mod_fcgid] FcgidWrapper parsing

2009-10-09 Thread Jeff Trawick 
Related to clarifying the executable part of the wrapper command-line
(823657): Handling wrapper executables with embedded blanks,
especially to confront the FcgiWrapper "C:/PROGRA~1/PHP/php-cgi.exe"
.php meme.  (Dig the quotes; you might anticipate you could spell out
the proper path in there, but quotes are for cmd+args, the first
blank-delimited
token of which must be the executable file.)

The fact that a patch to handle that started growing more than I
expected makes me ask: Is it worth the trouble supporting something
like

FcgidWrapper "'C:/Program Files/PHP/php-cgi.exe' -c /some/odd/ini/file" .php

Can I do something like that when defining a piped logger? (executable
with blanks + arguments)  I tried but was unable, either because of a
Unix shell-ism or a Jeff-ism.

SSLRequire: requiring a particular OID in extKeyUsage

2009-10-09 Thread Graham Leggett 
Hi all,

I am trying to solve the problem of limiting access to those who present
a client cert containing a specific extKeyUsage OID.

So far, the config that I have for httpd-trunk is this:

SSLRequire "1.3.6.1.5.5.7.3.4" in PeerExtList("2.5.29.37")

Stepping through the code in a debugger, the PeerExtList() returns a
list containing just one single entry in the list: "A, B, C", when in
theory, it should return an actual list "A, "B", "C".

As a result, while stepping through the code, an attempt is made to
compare "B" with "A, B, C", and this comparison fails, and we get 403
forbidden (I would have expected it to compare "B" to "A", "B" and then
(not) "C" in turn, resulting in success).

Can someone confirm for me whether I am using SSLRequire correctly, or
whether I have found something that needs a patch?

I tried this also on httpd-2.2, using the config below, and this gives
the same behaviour:

SSLRequire "1.3.6.1.5.5.7.3.4" in OID("2.5.29.37")

Regards,
Graham
--


smime.p7s
Description: S/MIME Cryptographic Signature

Re: mod_fcgid POST broken if FcgiAuthorizer is run

2009-10-09 Thread Jeff Trawick 
On Fri, Oct 9, 2009 at 1:26 PM, Barry Scott  wrote:
> Jeff Trawick wrote:
>>
>> On Fri, Oct 9, 2009 at 12:04 PM, Barry Scott 
>> wrote:
>>
>>>
>>> This has been filed as issue
>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=47973
>>>
>>> Further testing of our application has shown up a problem using
>>> mod_fcgid 2.3.4.
>>>
>>> With the following configuration we are seeing the request body
>>> of POST messages get stripped out if FcgidAuthorizer is used for
>>> Location /player.  If we comment out the "Require onelan magic" the
>>> POSTs work.
>>>
>>> Looking at bridge_request we see the code is reading the input buckets
>>> and feeding then to the Authorizer.
>>>
>>> It seems to us that:
>>>
>>> Either this must not happen if the fcgid is an authorizer
>>>
>>
>> right
>>
>>
>>>
>>> or the buckets must be put back for whatever handles
>>> the POST to process.
>>>
>>> Barry
>>>
>>
>> See patch attached to the PR.  Thanks!
>>
>>
>
> No joy I get internal server error.
>
> But the patch below works for my case.
>
> Note: I don't understand the details of HTTPD to know if this patch is
> going to cause problems in other use cases, or indeed is only working
> by luck.

I'll have a look; thanks!

>
> One test that needs doing is to have a Responder and an Authorizer running
> for the same request. I'll see if I can do that test for you next week with
> the pieces
> I have.

Chris Darroch has a patch for that, which is a small part of

http://people.apache.org/~chrisd/patches/mod_fcgid_auth/mod_fcgid-1auth-trunk.patch

which applies to the old mod_fcgid 2.2 but which he has submitted here
for inclusion.  If you get stuck, look in there at some of the checks
for role == responder, one or more of which are for the
responder+authorizer-on-same-request issue.

Re: mod_fcgid POST broken if FcgiAuthorizer is run

2009-10-09 Thread Barry Scott 

Jeff Trawick wrote:

On Fri, Oct 9, 2009 at 12:04 PM, Barry Scott  wrote:
  

This has been filed as issue
https://issues.apache.org/bugzilla/show_bug.cgi?id=47973

Further testing of our application has shown up a problem using
mod_fcgid 2.3.4.

With the following configuration we are seeing the request body
of POST messages get stripped out if FcgidAuthorizer is used for
Location /player.  If we comment out the "Require onelan magic" the
POSTs work.

Looking at bridge_request we see the code is reading the input buckets
and feeding then to the Authorizer.

It seems to us that:

Either this must not happen if the fcgid is an authorizer



right

  

or the buckets must be put back for whatever handles
the POST to process.

Barry



See patch attached to the PR.  Thanks!

  


No joy I get internal server error.

But the patch below works for my case.

Note: I don't understand the details of HTTPD to know if this patch is
going to cause problems in other use cases, or indeed is only working
by luck.

One test that needs doing is to have a Responder and an Authorizer running
for the same request. I'll see if I can do that test for you next week 
with the pieces

I have.

Index: modules/fcgid/fcgid_bridge.c
===
--- modules/fcgid/fcgid_bridge.c(revision 823573)
+++ modules/fcgid/fcgid_bridge.c(working copy)
@@ -470,6 +470,8 @@
return HTTP_INTERNAL_SERVER_ERROR;
}

+if (role == FCGI_RESPONDER) {
+
/* Stdin header and body */
/* XXX HACK: I have to read all the request into memory before 
sending it

   to fastcgi application server, this prevents slow clients from
@@ -624,6 +626,7 @@
apr_brigade_destroy(input_brigade);
}
while (!seen_eos);
+} /* end handling request body for responders */

/* Append an empty body stdin header */
stdin_request_header = apr_bucket_alloc(sizeof(FCGI_Header),

Re: Making a binary distribution package... for AIX

2009-10-09 Thread Graham Leggett 
Michael Felt wrote:

> Current Status:
> ==
> mich...@x054:[/data/prj/httpd-2.2.14]bindist/bin/httpd -?
> exec(): 0509-036 Cannot load program bindist/bin/httpd because of the
> following errors:
> rtld: 0712-001 Symbol XML_StopParser was referenced
>   from module /data/prj/httpd-2.2.14/bindist/lib/libaprutil-1.so(),
> but a runtime definition
>   of the symbol was not found.

Another thing I suggest you do - for quite a while now, packagers have
packaged up dependencies separately from httpd. Both the solaris and rpm
packaging is done separately for APR and APR-util, and the included APR
and APR-util directory trees inside the httpd tarball are ignored.

You'll find similar scripts for RPM and Solaris packaging in the APR and
APR-util projects, you may find it easier to package those first, and
when they're done, configure httpd to depend on those packages.

Regards,
Graham
--


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Making a binary distribution package... for AIX

2009-10-09 Thread Michael Felt 
On Fri, Oct 9, 2009 at 1:21 AM, Graham Leggett  wrote:

> Michael Felt wrote:
>
> > Or, not having looked at it yet - should I be focusing on a replacement
> > for rpmbuild (assuming it is a script)?
>
> rpmbuild is a full-on application, which has some pretty involved
> features for building a package. What this means is that armed with just
> a spec file, you can build an RPM (or an SRPM, which is the source code,
> spec file and patches rolled together into a bundle for easy rebuild).
>
> A lot of the packaging systems for other platforms are a lot more basic.
> They assume you've done the legwork doing the actual build, the
> packaging system kicks in at the last step and turns your
> tree-of-binaries into a package, not much more sophisticated than humble
> tar.
>
> I think as an example, you should rather be looking at the scripts that
> do the Solaris packaging.
>
> In the Solaris case, the build/pkg/buildpkg.sh script does the actual
> build (you'll recognise the ./configure;make;make install in there), and
> once the binaries are built and staged in a temp directory, the various
> package making commands unique to Solaris are kicked off (pkgproto,
> pkgtrans) that combine the binaries and the pkginfo template into the
> package itself.
>
> The key most interesting bits from your perspective are probably:
>
> - You want to stage the binaries at some temp location, like
> /var/tmp/foo.12345/, which in turn becomes the "root" of the install.
>
> You achieve this by adding the DESTDIR variable to make install. This
> causes the whole install procedure to pretend you're installing in /usr
> (for example), but instead it places the binaries into
> /var/tmp/foo.12345/usr/. When you package the files, httpd's paths are
> all set up correctly for the final system, you won't find
> /var/tmp/foo.12345 lurking in any files.
>
> - You'll probably need a template file of some kind. In the rpm case the
> template file is the spec file. In the Solaris case, the template file
> is called "pkginfo", and this file is populated by filling in the
> template called "pkginfo.in".
>
> Unlike the RPM spec file, which must be correctly built and populated
> before httpd is tarred up and released as a tarball for rpmbuild to work
> properly (and which is why the spec template is filled in by the
> buildconf script), the pkginfo.in file is processed at build time by
> autoconf as an ordinary part of the httpd ./configure;make;make install
> process. Once ./configure;make;make install is done, the pkginfo file
> has been processed and is ready to be used by the Solaris packaging
> commands.
>
> I would imagine your packaging would probably follow a similar pattern.
>
> Regards,
> Graham
> --
>
> ran the build/binbuild.sh script again - after building and installing the
expat2.01 package.
It all seemed to build well - getthe the right .guess file has worked
wonders.

However, AIX is still not really a favorite of the configure or libtool
world.

I suppose every system has it way of inserting a default search order for
libraries. For a distribution I would want a more neutral one than the
configure/libtool process is building - also because it is not working.

I know that I could use CFLAGS='-blibpath:/some/path:/another/path' to
create a default path that would work - but I am hoping someone might have
some ideas about what could be done to make integrated to the process,
rather than force fed.

Current Status:
==
mich...@x054:[/data/prj/httpd-2.2.14]bindist/bin/httpd -?
exec(): 0509-036 Cannot load program bindist/bin/httpd because of the
following errors:
rtld: 0712-001 Symbol XML_StopParser was referenced
  from module /data/prj/httpd-2.2.14/bindist/lib/libaprutil-1.so(), but
a runtime definition
  of the symbol was not found.
mich...@x054:[/data/prj/httpd-2.2.14]dump -H bindist/bin/httpd -?

bindist/bin/httpd:

***Loader Section***
  Loader Header Information
VERSION# #SYMtableENT #RELOCentLENidSTR
0x0001   0x02fa   0x0957   0x00ae

#IMPfilIDOFFidSTR LENstrTBLOFFstrTBL
0x0006   0xb7a4   0x39eb   0xb852


***Import File Strings***
INDEX  PATH  BASEMEMBER

0
/data/prj/httpd-2.2.14/bindist/lib:/usr/local/apache2/lib:/usr/vac/lib:/usr/lib:/lib

1libaprutil-1.so

2libapr-1.so

3libpthread.ashr_xpg5.o

4libc.a  shr.o

5librtl.ashr.o

dump: -?: dump: 0654-106 Cannot open the specified file.
mich...@x054:[/data/prj/httpd-2.2.14]

Re: mod_fcgid POST broken if FcgiAuthorizer is run

2009-10-09 Thread Jeff Trawick 
On Fri, Oct 9, 2009 at 12:04 PM, Barry Scott  wrote:
> This has been filed as issue
> https://issues.apache.org/bugzilla/show_bug.cgi?id=47973
>
> Further testing of our application has shown up a problem using
> mod_fcgid 2.3.4.
>
> With the following configuration we are seeing the request body
> of POST messages get stripped out if FcgidAuthorizer is used for
> Location /player.  If we comment out the "Require onelan magic" the
> POSTs work.
>
> Looking at bridge_request we see the code is reading the input buckets
> and feeding then to the Authorizer.
>
> It seems to us that:
>
> Either this must not happen if the fcgid is an authorizer

right

> or the buckets must be put back for whatever handles
> the POST to process.
>
> Barry

See patch attached to the PR.  Thanks!

Re: [VOTE] release httpd mod_fcgid-2.3.4

2009-10-09 Thread Jeff Trawick 
On Fri, Oct 9, 2009 at 12:04 PM, Barry Scott  wrote:
> Jeff Trawick wrote:
>>
>> On Fri, Oct 9, 2009 at 11:00 AM, Barry Scott 
>> wrote:
>>
>>>
>>> Barry Scott wrote:
>>>

 William A. Rowe, Jr. wrote:

>
> Thanks to Jeff's catch, we scuttled 2.3.3.  We have yet another
> candidate
> for your consideration.  Please fetch up the newly minted
> mod_fcgid-2.3.4.tar.gz
> (or .tar.bz2) or the win32/netware suitable package
> mod_fcgid-2.3.3-crlf.zip from:
>
>  http://httpd.apache.org/dev/dist/mod_fcgid/
>
> review, take it for a spin, and cast your choice
>
>  [ ] -1 for any release of 2.3.4 (regressed from 2.3.1?)
>  [ ] +1 to release as 2.3.4-beta
>  [ ] +1 to release as 2.3.4-GA
>
> For getting started,
>
> http://svn.apache.org/repos/asf/httpd/mod_fcgid/tags/2.3.4/README-FCGID
>
>
>

 Further testing of our application has shown up a problem.

 With the following configuration we are seeing the request body
 of POST messages get stripped out if FcgidAuthorizer is used for
 Location /player.  If we comment out the "Require onelan magic" the
 POSTs work.

 Have I misconfigured or is this a bug in mod_fcgid?

 Barry


 ...
 LoadModule fcgid_module modules/mod_fcgid.so

 FcgidCmdOptions /usr/local/onelan/html/dsmauthorizer.fcgi MaxProcesses 1
 FcgidCmdOptions /usr/local/onelan/html/dsm.fcgi MaxProcesses 1
 FcgidCmdOptions /usr/local/onelan/html/dsmxml.fcgi MaxProcesses 1


 

  #+ Rewrite Web API Rules
  RewriteEngine on

  # security - deny TRACE and TRACK requests
  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  RewriteRule .* - [F]
  #- Rewrite Web API Rules

  #+ Rewrite Web API Rules
  # make the URLs hide the use of dsm.fcgi
  RewriteRule ^/$ /dsm.fcgi [L]
  RewriteRule ^/(status|options|organisation|tools|setup|help)($|.*$)
 /dsm.fcgi/$1$2 [L]
  #- Rewrite Web API Rules

  #+ Rewrite XML API Rules
  # make the URLs hide the use of dsmxml.fcgi
  RewriteRule ^/(XML)($|.*$) /dsmxml.fcgi/$1$2 [L]
  #- Rewrite XML API Rules

  #+ Rewrite VPN
  ReWriteMap ntb_ip_address
 prg:/usr/local/onelan/dsm/bin/vpn_lookup_ip_address
  RewriteRule ^/player/(\d+)\.(.*)
 http://${ntb_ip_address:$1}:8080/player/$1.$2 [P]
  #- Rewrite VPN

  #+ Locations Web VPN API
  
        #+ HTTP auth file
      Order allow,deny
      Allow from all
      AuthType Digest
      AuthName "Manager System"
      AuthGroupFile /etc/onelan/common/http.group
      AuthUserFile /etc/onelan/common/http.passwd
      Require onelan magic
      #- HTTP auth file

      FcgidAuthorizer /usr/local/onelan/html/dsmauthorizer.fcgi
  
 



>>>
>>> Looking at bridge_request we see the code is reading the input buckets
>>> and feeding then to the Authorizer.
>>>
>>> It seems to us that:
>>>
>>> Either this must not happen if the fcgid is an authorizer
>>> or the buckets must be put back for whatever handles
>>> the POST to process.
>>>
>>
>> yeah; looks like bridge_request() doesn't look at role (FCGI_RESPONDER
>> vs. FCGID_AUTHORIZER)
>>
>> (unless you think this is a regression, start a new thread and/or open
>> a Bugzilla entry)
>>
>>
>
> 2.3.1 is broken the same way - I guess its a day one bug.

We'd also be worried if 2.2 is NOT broken the same way.  (regression
over what lots of people are using)

>
> Bug report and new thread started.

Cool...  Testing simple patch now.

Re: [VOTE] release httpd mod_fcgid-2.3.4

2009-10-09 Thread Barry Scott 

Jeff Trawick wrote:

On Fri, Oct 9, 2009 at 11:00 AM, Barry Scott  wrote:
  

Barry Scott wrote:


William A. Rowe, Jr. wrote:
  

Thanks to Jeff's catch, we scuttled 2.3.3.  We have yet another
candidate
for your consideration.  Please fetch up the newly minted
mod_fcgid-2.3.4.tar.gz
(or .tar.bz2) or the win32/netware suitable package
mod_fcgid-2.3.3-crlf.zip from:

  http://httpd.apache.org/dev/dist/mod_fcgid/

review, take it for a spin, and cast your choice

  [ ] -1 for any release of 2.3.4 (regressed from 2.3.1?)
  [ ] +1 to release as 2.3.4-beta
  [ ] +1 to release as 2.3.4-GA

For getting started,

http://svn.apache.org/repos/asf/httpd/mod_fcgid/tags/2.3.4/README-FCGID




Further testing of our application has shown up a problem.

With the following configuration we are seeing the request body
of POST messages get stripped out if FcgidAuthorizer is used for
Location /player.  If we comment out the "Require onelan magic" the
POSTs work.

Have I misconfigured or is this a bug in mod_fcgid?

Barry


...
LoadModule fcgid_module modules/mod_fcgid.so

FcgidCmdOptions /usr/local/onelan/html/dsmauthorizer.fcgi MaxProcesses 1
FcgidCmdOptions /usr/local/onelan/html/dsm.fcgi MaxProcesses 1
FcgidCmdOptions /usr/local/onelan/html/dsmxml.fcgi MaxProcesses 1




  #+ Rewrite Web API Rules
  RewriteEngine on

  # security - deny TRACE and TRACK requests
  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  RewriteRule .* - [F]
  #- Rewrite Web API Rules

  #+ Rewrite Web API Rules
  # make the URLs hide the use of dsm.fcgi
  RewriteRule ^/$ /dsm.fcgi [L]
  RewriteRule ^/(status|options|organisation|tools|setup|help)($|.*$)
/dsm.fcgi/$1$2 [L]
  #- Rewrite Web API Rules

  #+ Rewrite XML API Rules
  # make the URLs hide the use of dsmxml.fcgi
  RewriteRule ^/(XML)($|.*$) /dsmxml.fcgi/$1$2 [L]
  #- Rewrite XML API Rules

  #+ Rewrite VPN
  ReWriteMap ntb_ip_address
prg:/usr/local/onelan/dsm/bin/vpn_lookup_ip_address
  RewriteRule ^/player/(\d+)\.(.*)
http://${ntb_ip_address:$1}:8080/player/$1.$2 [P]
  #- Rewrite VPN

  #+ Locations Web VPN API
  
#+ HTTP auth file
  Order allow,deny
  Allow from all
  AuthType Digest
  AuthName "Manager System"
  AuthGroupFile /etc/onelan/common/http.group
  AuthUserFile /etc/onelan/common/http.passwd
  Require onelan magic
  #- HTTP auth file

  FcgidAuthorizer /usr/local/onelan/html/dsmauthorizer.fcgi
  



  

Looking at bridge_request we see the code is reading the input buckets
and feeding then to the Authorizer.

It seems to us that:

Either this must not happen if the fcgid is an authorizer
or the buckets must be put back for whatever handles
the POST to process.



yeah; looks like bridge_request() doesn't look at role (FCGI_RESPONDER
vs. FCGID_AUTHORIZER)

(unless you think this is a regression, start a new thread and/or open
a Bugzilla entry)

  


2.3.1 is broken the same way - I guess its a day one bug.

Bug report and new thread started.

Barry

mod_fcgid POST broken if FcgiAuthorizer is run

2009-10-09 Thread Barry Scott 
This has been filed as issue 
https://issues.apache.org/bugzilla/show_bug.cgi?id=47973


Further testing of our application has shown up a problem using
mod_fcgid 2.3.4.

With the following configuration we are seeing the request body
of POST messages get stripped out if FcgidAuthorizer is used for
Location /player.  If we comment out the "Require onelan magic" the
POSTs work.

Looking at bridge_request we see the code is reading the input buckets
and feeding then to the Authorizer.

It seems to us that:

Either this must not happen if the fcgid is an authorizer
or the buckets must be put back for whatever handles
the POST to process.

Barry


...
LoadModule fcgid_module modules/mod_fcgid.so

FcgidCmdOptions /usr/local/onelan/html/dsmauthorizer.fcgi MaxProcesses 1
FcgidCmdOptions /usr/local/onelan/html/dsm.fcgi MaxProcesses 1
FcgidCmdOptions /usr/local/onelan/html/dsmxml.fcgi MaxProcesses 1




  #+ Rewrite Web API Rules
  RewriteEngine on

  # security - deny TRACE and TRACK requests
  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  RewriteRule .* - [F]
  #- Rewrite Web API Rules

  #+ Rewrite Web API Rules
  # make the URLs hide the use of dsm.fcgi
  RewriteRule ^/$ /dsm.fcgi [L]
  RewriteRule ^/(status|options|organisation|tools|setup|help)($|.*$) 
/dsm.fcgi/$1$2 [L]

  #- Rewrite Web API Rules

  #+ Rewrite XML API Rules
  # make the URLs hide the use of dsmxml.fcgi
  RewriteRule ^/(XML)($|.*$) /dsmxml.fcgi/$1$2 [L]
  #- Rewrite XML API Rules

  #+ Rewrite VPN
  ReWriteMap ntb_ip_address 
prg:/usr/local/onelan/dsm/bin/vpn_lookup_ip_address
  RewriteRule ^/player/(\d+)\.(.*) 
http://${ntb_ip_address:$1}:8080/player/$1.$2 [P]

  #- Rewrite VPN

  #+ Locations Web VPN API
  
#+ HTTP auth file
  Order allow,deny
  Allow from all
  AuthType Digest
  AuthName "Manager System"
  AuthGroupFile /etc/onelan/common/http.group
  AuthUserFile /etc/onelan/common/http.passwd
  Require onelan magic
  #- HTTP auth file

  FcgidAuthorizer /usr/local/onelan/html/dsmauthorizer.fcgi

Re: [VOTE] release httpd mod_fcgid-2.3.4

2009-10-09 Thread Jeff Trawick 
On Fri, Oct 9, 2009 at 11:00 AM, Barry Scott  wrote:
> Barry Scott wrote:
>>
>> William A. Rowe, Jr. wrote:
>> > Thanks to Jeff's catch, we scuttled 2.3.3.  We have yet another
>> > candidate
>> > for your consideration.  Please fetch up the newly minted
>> > mod_fcgid-2.3.4.tar.gz
>> > (or .tar.bz2) or the win32/netware suitable package
>> > mod_fcgid-2.3.3-crlf.zip from:
>> >
>> >   http://httpd.apache.org/dev/dist/mod_fcgid/
>> >
>> > review, take it for a spin, and cast your choice
>> >
>> >   [ ] -1 for any release of 2.3.4 (regressed from 2.3.1?)
>> >   [ ] +1 to release as 2.3.4-beta
>> >   [ ] +1 to release as 2.3.4-GA
>> >
>> > For getting started,
>> >
>> > http://svn.apache.org/repos/asf/httpd/mod_fcgid/tags/2.3.4/README-FCGID
>> >
>> >
>>
>> Further testing of our application has shown up a problem.
>>
>> With the following configuration we are seeing the request body
>> of POST messages get stripped out if FcgidAuthorizer is used for
>> Location /player.  If we comment out the "Require onelan magic" the
>> POSTs work.
>>
>> Have I misconfigured or is this a bug in mod_fcgid?
>>
>> Barry
>>
>>
>> ...
>> LoadModule fcgid_module modules/mod_fcgid.so
>>
>> FcgidCmdOptions /usr/local/onelan/html/dsmauthorizer.fcgi MaxProcesses 1
>> FcgidCmdOptions /usr/local/onelan/html/dsm.fcgi MaxProcesses 1
>> FcgidCmdOptions /usr/local/onelan/html/dsmxml.fcgi MaxProcesses 1
>>
>>
>> 
>>
>>   #+ Rewrite Web API Rules
>>   RewriteEngine on
>>
>>   # security - deny TRACE and TRACK requests
>>   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>   RewriteRule .* - [F]
>>   #- Rewrite Web API Rules
>>
>>   #+ Rewrite Web API Rules
>>   # make the URLs hide the use of dsm.fcgi
>>   RewriteRule ^/$ /dsm.fcgi [L]
>>   RewriteRule ^/(status|options|organisation|tools|setup|help)($|.*$)
>> /dsm.fcgi/$1$2 [L]
>>   #- Rewrite Web API Rules
>>
>>   #+ Rewrite XML API Rules
>>   # make the URLs hide the use of dsmxml.fcgi
>>   RewriteRule ^/(XML)($|.*$) /dsmxml.fcgi/$1$2 [L]
>>   #- Rewrite XML API Rules
>>
>>   #+ Rewrite VPN
>>   ReWriteMap ntb_ip_address
>> prg:/usr/local/onelan/dsm/bin/vpn_lookup_ip_address
>>   RewriteRule ^/player/(\d+)\.(.*)
>> http://${ntb_ip_address:$1}:8080/player/$1.$2 [P]
>>   #- Rewrite VPN
>>
>>   #+ Locations Web VPN API
>>   
>>         #+ HTTP auth file
>>       Order allow,deny
>>       Allow from all
>>       AuthType Digest
>>       AuthName "Manager System"
>>       AuthGroupFile /etc/onelan/common/http.group
>>       AuthUserFile /etc/onelan/common/http.passwd
>>       Require onelan magic
>>       #- HTTP auth file
>>
>>       FcgidAuthorizer /usr/local/onelan/html/dsmauthorizer.fcgi
>>   
>> 
>>
>>
>
> Looking at bridge_request we see the code is reading the input buckets
> and feeding then to the Authorizer.
>
> It seems to us that:
>
> Either this must not happen if the fcgid is an authorizer
> or the buckets must be put back for whatever handles
> the POST to process.

yeah; looks like bridge_request() doesn't look at role (FCGI_RESPONDER
vs. FCGID_AUTHORIZER)

(unless you think this is a regression, start a new thread and/or open
a Bugzilla entry)

Re: [VOTE] release httpd mod_fcgid-2.3.4

2009-10-09 Thread Barry Scott 

Barry Scott wrote:

William A. Rowe, Jr. wrote:
> Thanks to Jeff's catch, we scuttled 2.3.3.  We have yet another 
candidate
> for your consideration.  Please fetch up the newly minted 
mod_fcgid-2.3.4.tar.gz
> (or .tar.bz2) or the win32/netware suitable package 
mod_fcgid-2.3.3-crlf.zip from:

>
>   http://httpd.apache.org/dev/dist/mod_fcgid/
>
> review, take it for a spin, and cast your choice
>
>   [ ] -1 for any release of 2.3.4 (regressed from 2.3.1?)
>   [ ] +1 to release as 2.3.4-beta
>   [ ] +1 to release as 2.3.4-GA
>
> For getting started,
>
> http://svn.apache.org/repos/asf/httpd/mod_fcgid/tags/2.3.4/README-FCGID
>
>

Further testing of our application has shown up a problem.

With the following configuration we are seeing the request body
of POST messages get stripped out if FcgidAuthorizer is used for
Location /player.  If we comment out the "Require onelan magic" the
POSTs work.

Have I misconfigured or is this a bug in mod_fcgid?

Barry


...
LoadModule fcgid_module modules/mod_fcgid.so

FcgidCmdOptions /usr/local/onelan/html/dsmauthorizer.fcgi MaxProcesses 1
FcgidCmdOptions /usr/local/onelan/html/dsm.fcgi MaxProcesses 1
FcgidCmdOptions /usr/local/onelan/html/dsmxml.fcgi MaxProcesses 1




   #+ Rewrite Web API Rules
   RewriteEngine on

   # security - deny TRACE and TRACK requests
   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
   RewriteRule .* - [F]
   #- Rewrite Web API Rules

   #+ Rewrite Web API Rules
   # make the URLs hide the use of dsm.fcgi
   RewriteRule ^/$ /dsm.fcgi [L]
   RewriteRule ^/(status|options|organisation|tools|setup|help)($|.*$) 
/dsm.fcgi/$1$2 [L]

   #- Rewrite Web API Rules

   #+ Rewrite XML API Rules
   # make the URLs hide the use of dsmxml.fcgi
   RewriteRule ^/(XML)($|.*$) /dsmxml.fcgi/$1$2 [L]
   #- Rewrite XML API Rules

   #+ Rewrite VPN
   ReWriteMap ntb_ip_address 
prg:/usr/local/onelan/dsm/bin/vpn_lookup_ip_address
   RewriteRule ^/player/(\d+)\.(.*) 
http://${ntb_ip_address:$1}:8080/player/$1.$2 [P]

   #- Rewrite VPN

   #+ Locations Web VPN API
   
 #+ HTTP auth file
   Order allow,deny
   Allow from all
   AuthType Digest
   AuthName "Manager System"
   AuthGroupFile /etc/onelan/common/http.group
   AuthUserFile /etc/onelan/common/http.passwd
   Require onelan magic
   #- HTTP auth file

   FcgidAuthorizer /usr/local/onelan/html/dsmauthorizer.fcgi
   





Looking at bridge_request we see the code is reading the input buckets
and feeding then to the Authorizer.

It seems to us that:

Either this must not happen if the fcgid is an authorizer
or the buckets must be put back for whatever handles
the POST to process.

Barry

Re: [VOTE] release httpd mod_fcgid-2.3.4

2009-10-09 Thread Barry Scott 

William A. Rowe, Jr. wrote:
> Thanks to Jeff's catch, we scuttled 2.3.3.  We have yet another candidate
> for your consideration.  Please fetch up the newly minted 
mod_fcgid-2.3.4.tar.gz
> (or .tar.bz2) or the win32/netware suitable package 
mod_fcgid-2.3.3-crlf.zip from:

>
>   http://httpd.apache.org/dev/dist/mod_fcgid/
>
> review, take it for a spin, and cast your choice
>
>   [ ] -1 for any release of 2.3.4 (regressed from 2.3.1?)
>   [ ] +1 to release as 2.3.4-beta
>   [ ] +1 to release as 2.3.4-GA
>
> For getting started,
>
> http://svn.apache.org/repos/asf/httpd/mod_fcgid/tags/2.3.4/README-FCGID
>
>

Further testing of our application has shown up a problem.

With the following configuration we are seeing the request body
of POST messages get stripped out if FcgidAuthorizer is used for
Location /player.  If we comment out the "Require onelan magic" the
POSTs work.

Have I misconfigured or is this a bug in mod_fcgid?

Barry


...
LoadModule fcgid_module modules/mod_fcgid.so

FcgidCmdOptions /usr/local/onelan/html/dsmauthorizer.fcgi MaxProcesses 1
FcgidCmdOptions /usr/local/onelan/html/dsm.fcgi MaxProcesses 1
FcgidCmdOptions /usr/local/onelan/html/dsmxml.fcgi MaxProcesses 1




   #+ Rewrite Web API Rules
   RewriteEngine on

   # security - deny TRACE and TRACK requests
   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
   RewriteRule .* - [F]
   #- Rewrite Web API Rules

   #+ Rewrite Web API Rules
   # make the URLs hide the use of dsm.fcgi
   RewriteRule ^/$ /dsm.fcgi [L]
   RewriteRule ^/(status|options|organisation|tools|setup|help)($|.*$) 
/dsm.fcgi/$1$2 [L]

   #- Rewrite Web API Rules

   #+ Rewrite XML API Rules
   # make the URLs hide the use of dsmxml.fcgi
   RewriteRule ^/(XML)($|.*$) /dsmxml.fcgi/$1$2 [L]
   #- Rewrite XML API Rules

   #+ Rewrite VPN
   ReWriteMap ntb_ip_address 
prg:/usr/local/onelan/dsm/bin/vpn_lookup_ip_address
   RewriteRule ^/player/(\d+)\.(.*) 
http://${ntb_ip_address:$1}:8080/player/$1.$2 [P]

   #- Rewrite VPN

   #+ Locations Web VPN API
   
  
   #+ HTTP auth file

   Order allow,deny
   Allow from all
   AuthType Digest
   AuthName "Manager System"
   AuthGroupFile /etc/onelan/common/http.group
   AuthUserFile /etc/onelan/common/http.passwd
   Require onelan magic
   #- HTTP auth file

   FcgidAuthorizer /usr/local/onelan/html/dsmauthorizer.fcgi

Re: Cannot compile mod_disk_cache.c (rev. 821993)

2009-10-09 Thread Graham Leggett 
Alexander Alfimov wrote:

> I assume I can apply patches to this code:
> http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/cache/

Apply the patches to the base of httpd v2.2.14, like this:

cd httpd-2.2.14
cat .patch | patch -p0

Regards,
Graham
--


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Cannot compile mod_disk_cache.c (rev. 821993)

2009-10-09 Thread Alexander Alfimov 
Graham Leggett  писал(а) в своём письме Fri, 09 Oct 2009  
01:30:30 +0300:



Alexander Alfimov wrote:


I want to try the "CacheQuickHandler Off" directive which became
available in Apache 2.3


Use the patches attached, these are what we use against v2.2, and what I
plan to ultimately propose for backport to v2.2 once it sees more  
testing.


Apply them in this order:

# thundering herd lock
Patch4: http://people.apache.org/~minfrin/httpd-cache-thundering.patch
# cache quick handler patch
Patch5: httpd-cache-quick-821552.patch
Patch6: httpd-cache-quick-821202.patch
Patch7: httpd-cache-quick-821301.patch

The second set of patches won't apply cleanly unless you apply the
thundering herd lock patch, which is why I have included it here.

Please feed back any issues you find, I will definitely take a look.

Regards,
Graham
--


Graham,

I assume I can apply patches to this code:
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/cache/

Please advise if this is incorrect.

Thank you.

--
Best Regards,
Alexander Alfimov