Modify the body of a post request Multipar/form-data?

2010-06-10 Thread Eddy 
Hi,

I have a Firefox module that encrypts the body content for a POST and GET
request.
The apache module  must decrypt the content and send a crypted reply to the
client.
So, in my apache module, i have a filter to modify the body. For a  POST
 x-www-form-urlencoded, the content is decrypt but
in case of multipart the content is decrypted too late, the mod php has
already tried to process the content.
So I add a handler to my module and i get the data before php, so I decrypt
the content  but I can't inject the uncrypted data in the request.
How modify (decrypt data) the body content before all module ?

Regards,
Eddy

Re: Modify the body of a post request Multipar/form-data?

2010-06-10 Thread Nick Kew 

On 10 Jun 2010, at 07:34, Eddy wrote:

 How modify (decrypt data) the body content before all module ?

That's what filters do.

See mod_ssl for secure encryption.  Or in your case since it's only the 
body content, see for example mod_deflate for a comparable task.

-- 
Nick Kew

Re: Modify the body of a post request Multipar/form-data?

2010-06-10 Thread Eddy 
For illustrate my problem :

I have register a filter like in deflate :
ap_register_input_filter(PerseusFilterName,perseus_in_filter, NULL,
AP_FTYPE_CONTENT_SET);

In httpd.conf :
SetInputFilter PERSEUS

So, I test with a crypted content and i hae in error.log :


Perseus handler, Perseus header found : pcc
[Thu Jun 10 11:29:28 2010] [error] [client 127.0.0.1] PHP Warning:  Missing
boundary in multipart/form-data POS
T data in Unknown on line 0, referer: http://localhost/
Input Filter begin
The handler do nothing, then php processes the encrypted content and fails.
Then, my Filter begin and decrypt the data but it's too late.

May-be I forget something, i don't understand the problem.

For the deflate module,  just set SetInputFilter Deflate in httpd.conf
enought?

Eddy




On Thu, Jun 10, 2010 at 10:54 AM, Eddy eddy.deli...@gmail.com wrote:

 Yes i try to do the same thing but I have a problem, my filter begins too
 late and php has already process the data.
 I must do a error somewhere.
 Thanks for your help.
 Eddy

   On Thu, Jun 10, 2010 at 10:29 AM, Nick Kew n...@apache.org wrote:


 On 10 Jun 2010, at 07:34, Eddy wrote:

  How modify (decrypt data) the body content before all module ?

 That's what filters do.

 See mod_ssl for secure encryption.  Or in your case since it's only the
 body content, see for example mod_deflate for a comparable task.

 --
 Nick Kew

Re: svn commit: r951893 - in /httpd/httpd/trunk: configure.in include/ap_mmn.h include/http_config.h include/http_log.h include/httpd.h server/config.c server/core.c server/log.c server/util_debug.c

2010-06-10 Thread Ruediger Pluem 


On 06/09/2010 10:00 PM, Stefan Fritsch wrote:
 On Wed, 9 Jun 2010, Ruediger Pluem wrote:


 +#if __STDC_VERSION__ = 199901L  defined(APLOG_MAX_LOGLEVEL)
 +/* need additional step to expand APLOG_MARK first */
 +#define ap_log_perror(...) ap_log_perror__(__VA_ARGS__)
 +#define ap_log_perror__(file, line, mi, level, status, p,
 ...)\
 +do { if ((level) = APLOG_MAX_LOGLEVEL
 )  \
 + ap_do_log_perror(file, line, mi, level, status,
 p,   \
 + __VA_ARGS__); } while(0)
 +#else
 +#define ap_log_perror ap_log_perror_
 +#endif
 +AP_DECLARE(void) ap_log_perror_(const char *file, int line, int
 module_index,
 +int level, apr_status_t status,
 apr_pool_t *p,
 +const char *fmt, ...)
 +   __attribute__((format(printf,7,8)));


 I am still confused then.
 Why having AP_DECLARE(void) ap_log_perror_ then?
 Why define ap_log_perror to ap_log_perror_ on non C99 compilers then?
 ap_do_log_perror only shows up in the definition of ap_log_perror__
 nowhere else.
 What does it do?
 
 It allows (with C99 compilers) to remove debug/trace logging at compile
 time by defining APLOG_MAX_LOGLEVEL. The other ap_log_*error functions
 allow the same.
 
 

Sorry for be a PITN, but if APLOG_MAX_LOGLEVEL is defined on a C99 environment
this results is the following:

config.c: In function 'ap_process_config_tree':
config.c:1871: warning: implicit declaration of function 'ap_do_log_perror'
log.c: In function 'ap_log_pid':
log.c:892: warning: implicit declaration of function 'ap_do_log_perror'
util.c: In function 'ap_get_local_host':
util.c:2009: warning: implicit declaration of function 'ap_do_log_perror'
listen.c: In function 'make_sock':
listen.c:57: warning: implicit declaration of function 'ap_do_log_perror'
core.c: In function 'set_document_root':
core.c:1215: warning: implicit declaration of function 'ap_do_log_perror'
mod_so.c: In function 'load_module':
mod_so.c:186: warning: implicit declaration of function 'ap_do_log_perror'
http_protocol.c: In function 'ap_method_register':
http_protocol.c:500: warning: implicit declaration of function 
'ap_do_log_perror'
server/.libs/libmain.a(log.o): In function `ap_log_pid':
/usr/src/apache/httpd-trunk/server/log.c:892: undefined reference to 
`ap_do_log_perror'
server/.libs/libmain.a(listen.o): In function `alloc_listener':
/usr/src/apache/httpd-trunk/server/listen.c:284: undefined reference to 
`ap_do_log_perror'
/usr/src/apache/httpd-trunk/server/listen.c:322: undefined reference to 
`ap_do_log_perror'
server/.libs/libmain.a(listen.o): In function `ap_apply_accept_filter':
/usr/src/apache/httpd-trunk/server/listen.c:225: undefined reference to 
`ap_do_log_perror'
server/.libs/libmain.a(listen.o): In function `make_sock':
/usr/src/apache/httpd-trunk/server/listen.c:57: undefined reference to 
`ap_do_log_perror'
server/.libs/libmain.a(listen.o):/usr/src/apache/httpd-trunk/server/listen.c:67:
 more undefined references to
`ap_do_log_perror' follow
collect2: ld returned 1 exit status
make[1]: *** [httpd] Fehler 1
make: *** [all-recursive] Fehler 1


Regards

RĂ¼diger

Authentication of proxy over own module

2010-06-10 Thread Petr Hracek 
Hello apache users,

I would like to explain my problem.
I have developed the module which is used for authorization to web pages.
It works fine without problem but I would like to use that module for
authorization
of proxy requests as well.
Proxy requests are not defined in settings of browser (in Firefox
Tools-Options-LAN settings - Manual configuration of proxy).

In apache conf. file I have following:

VirtualHost _default_:443

SSLEngine on
SSLProxyEngine on

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
RewriteMap foo txt:/opt/apache/conf/foo.map
RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P]
RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P]
RewriteRule ^/([^/]+)$ ${foo:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*) ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2
[L]

IfModule mod_authz_host.c
   Directory /
  Options +Indexes +Multiviews
  AuthType FOOM
  require   valid-user
  satisfy Any
   /Directory
/IfModule

Location /PAC/
   ProxyPass http://192.168.0.23:8080/PACAdmin
   ProxyPassReverse http://192.168.0.23:8080/PACAdmin
   ProxyPassReverseCookie   /PACAdmin   /PAC
   Order Allow,deny
   Allow from all
/Location

How I can used own module for authorization location /PAC/?
When user will enter URL http://192.168.0.23:8080/PAC
then firstly my own module will authorized that page and afterwards location
/PAC will be shown.
Is it possible to do it somehow?

Thanks for your help.
-- 
Best Regards / S pozdravem
Petr Hracek

type_checker

2010-06-10 Thread Petr Hracek 
Dear apache users,

sorry for bother you with this question but I have a little problem with
multilanguage support in FF or IE.

My module does not handler like type_checker yet.
in the configuration file of Apache2 I have following:

AddLanguage en .en_US
AddLanguage en-us .en_US
AddLanguage en-gb .en_GB
AddLanguage de .de
AddLanguage de-at .de
AddLanguage de-DE .de
AddLanguage pt-br .pt_BR
AddLanguage pt .pt
AddLanguage es .es
AddLanguage fr .fr
AddLanguage it .it
AddLanguage nl .nl

LanguagePriority en-us en en-gb de fr it es nl pt

On the system I have only HTML pages like index.en_US and index.de,
foo.en_US and foo.de

FIRST CASE:
Unfortunatelly when in the browser I set two languages
first de-at
second en-us
then page is always shown in English language.

SECOND CASE:
When browser is so that languages are:
first de-at
second de
third en_us
then page is always shown in German language.

How I should implement type_checker in my module which will modify request
so that in FIRST CASE will work correctly.

Thank you in advance
-- 
Best Regards / S pozdravem
Petr Hracek

Re: svn commit: r951893 - in /httpd/httpd/trunk: configure.in include/ap_mmn.h include/http_config.h include/http_log.h include/httpd.h server/config.c server/core.c server/log.c server/util_debug.c

2010-06-10 Thread Rainer Jung 

On 10.06.2010 08:09, Ruediger Pluem wrote:



On 06/09/2010 10:00 PM, Stefan Fritsch wrote:

On Wed, 9 Jun 2010, Ruediger Pluem wrote:




+#if __STDC_VERSION__= 199901L  defined(APLOG_MAX_LOGLEVEL)
+/* need additional step to expand APLOG_MARK first */
+#define ap_log_perror(...) ap_log_perror__(__VA_ARGS__)
+#define ap_log_perror__(file, line, mi, level, status, p,
...)\
+do { if ((level)= APLOG_MAX_LOGLEVEL
)  \
+ ap_do_log_perror(file, line, mi, level, status,
p,   \
+ __VA_ARGS__); } while(0)
+#else
+#define ap_log_perror ap_log_perror_
+#endif
+AP_DECLARE(void) ap_log_perror_(const char *file, int line, int
module_index,
+int level, apr_status_t status,
apr_pool_t *p,
+const char *fmt, ...)
+   __attribute__((format(printf,7,8)));


I am still confused then.
Why having AP_DECLARE(void) ap_log_perror_ then?
Why define ap_log_perror to ap_log_perror_ on non C99 compilers then?
ap_do_log_perror only shows up in the definition of ap_log_perror__
nowhere else.
What does it do?


It allows (with C99 compilers) to remove debug/trace logging at compile
time by defining APLOG_MAX_LOGLEVEL. The other ap_log_*error functions
allow the same.




Sorry for be a PITN, but if APLOG_MAX_LOGLEVEL is defined on a C99 environment
this results is the following:

config.c: In function 'ap_process_config_tree':
config.c:1871: warning: implicit declaration of function 'ap_do_log_perror'
log.c: In function 'ap_log_pid':
log.c:892: warning: implicit declaration of function 'ap_do_log_perror'
util.c: In function 'ap_get_local_host':
util.c:2009: warning: implicit declaration of function 'ap_do_log_perror'
listen.c: In function 'make_sock':
listen.c:57: warning: implicit declaration of function 'ap_do_log_perror'
core.c: In function 'set_document_root':
core.c:1215: warning: implicit declaration of function 'ap_do_log_perror'
mod_so.c: In function 'load_module':
mod_so.c:186: warning: implicit declaration of function 'ap_do_log_perror'
http_protocol.c: In function 'ap_method_register':
http_protocol.c:500: warning: implicit declaration of function 
'ap_do_log_perror'
server/.libs/libmain.a(log.o): In function `ap_log_pid':
/usr/src/apache/httpd-trunk/server/log.c:892: undefined reference to 
`ap_do_log_perror'
server/.libs/libmain.a(listen.o): In function `alloc_listener':
/usr/src/apache/httpd-trunk/server/listen.c:284: undefined reference to 
`ap_do_log_perror'
/usr/src/apache/httpd-trunk/server/listen.c:322: undefined reference to 
`ap_do_log_perror'
server/.libs/libmain.a(listen.o): In function `ap_apply_accept_filter':
/usr/src/apache/httpd-trunk/server/listen.c:225: undefined reference to 
`ap_do_log_perror'
server/.libs/libmain.a(listen.o): In function `make_sock':
/usr/src/apache/httpd-trunk/server/listen.c:57: undefined reference to 
`ap_do_log_perror'
server/.libs/libmain.a(listen.o):/usr/src/apache/httpd-trunk/server/listen.c:67:
 more undefined references to
`ap_do_log_perror' follow
collect2: ld returned 1 exit status
make[1]: *** [httpd] Fehler 1
make: *** [all-recursive] Fehler 1


Fixed and tested (r953248).

Rainer

Re: type_checker

2010-06-10 Thread Nick Kew 

On 10 Jun 2010, at 09:37, Petr Hracek wrote:

 Dear apache users,

This is the developers list.  Users are us...@.

 My module does not handler like type_checker yet.

Your module?  As opposed to mod_negotiation?

 How I should implement type_checker in my module which will modify request so 
 that in FIRST CASE will work correctly.

See the content negotiation docs.  And check your spelling.

-- 
Nick Kew

Re: type_checker

2010-06-10 Thread Petr Hracek 
Could you please help me what spelling is wrong?

I want to add type_checker to my module as last step of course if there will
be no other option.

2010/6/10 Nick Kew n...@webthing.com


 On 10 Jun 2010, at 09:37, Petr Hracek wrote:

  Dear apache users,

 This is the developers list.  Users are us...@.

  My module does not handler like type_checker yet.

 Your module?  As opposed to mod_negotiation?

  How I should implement type_checker in my module which will modify
 request so that in FIRST CASE will work correctly.

 See the content negotiation docs.  And check your spelling.

 --
 Nick Kew




-- 
Best Regards / S pozdravem
Petr Hracek

Re: mod_socache_shmcb bogosity?

2010-06-10 Thread Joe Orton 
On Wed, Jun 09, 2010 at 11:30:45AM -0500, William Rowe wrote:
 Just noticed that our shmcb socache never replaces an identical node
 on -store, leading to multiple entries for the same id (with different
 expiries and data, obviously).

 Is this deliberate?  What is the distcache/memcached/dbm behavior, are
 they all replacing the existing node?  What is the programming contract?

It's a cyclic buffer - the most recently stored entry should be returned 
by a retrieve operation... the old entry should effectively be invisible 
to the caller.  Is that not working?

w.r.t. contract: specific behaviour will vary across the providers; 
could nail down the -retrieve API with a bunch of stuff which is *not* 
guaranteed, I suppose, is that what you're thinking of?  object 
returned may be out-of-date/stale, etc

Regards, Joe

Re: Alpha of 2.3.6 next week

2010-06-10 Thread Jim Jagielski 
Okey dokey... unless I hear otherwise w/i a few hours, I will
tag and roll 2.3.6-alpha

On Jun 8, 2010, at 4:25 PM, Mario Brandt wrote:

 Thanks Stefan,
 it builds fine.
 
 
 Mario
 
 On Tue, Jun 8, 2010 at 21:51, Stefan Fritsch s...@sfritsch.de wrote:
 This should be fixed now and I hopefully have also addressed Bill's
 concern about r952724. I don't see any blocker for an alpha-release
 anymore.

Re: Alpha of 2.3.6 next week

2010-06-10 Thread William A. Rowe Jr. 
And with a few addt'l patches, it builds clean (excluding some recent
ldap oddities coming from MS's toolchain), thanks for taking a good
look into this Mario.

On 6/8/2010 3:25 PM, Mario Brandt wrote:
 Thanks Stefan,
 it builds fine.
 
 Mario
 
 On Tue, Jun 8, 2010 at 21:51, Stefan Fritsch s...@sfritsch.de wrote:
 This should be fixed now and I hopefully have also addressed Bill's
 concern about r952724. I don't see any blocker for an alpha-release
 anymore.

Re: Alpha of 2.3.6 next week

2010-06-10 Thread Jim Jagielski 
FWIW, I'm holding off based on a proxy/closing connection issue...

On Jun 10, 2010, at 8:47 AM, Jim Jagielski wrote:

 Okey dokey... unless I hear otherwise w/i a few hours, I will
 tag and roll 2.3.6-alpha
 
 On Jun 8, 2010, at 4:25 PM, Mario Brandt wrote:
 
 Thanks Stefan,
 it builds fine.
 
 
 Mario
 
 On Tue, Jun 8, 2010 at 21:51, Stefan Fritsch s...@sfritsch.de wrote:
 This should be fixed now and I hopefully have also addressed Bill's
 concern about r952724. I don't see any blocker for an alpha-release
 anymore.

Re: Module build defaults for trunk

2010-06-10 Thread Stefan Fritsch 
On Monday 07 June 2010, Rainer Jung wrote:
 - build most module set by default.
Alternatives are:
- all
- few (same set as was default before the change)
- none

I would like to have an option for developers/testers that builds 
every module that can be built with the currently installed libraries. 
The attached patch adds a reallyall set. My auto-fu could be better 
but the patch works for me (tm). Of course, I am open for better names 
than reallyall.

The patch also removes the --enable-distcache option. If the user 
requested mod_socache_dc we already know he wants distcache. No need 
for a special option (unless it allowed to select the prefix, which it 
didn't).

And it also makes the --with-serf option default to /usr. Same 
reasoning: If the user requested mod_serf, he wants --with-serf.
diff --git a/acinclude.m4 b/acinclude.m4
index 6f7fe74..e49ac78 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -282,7 +282,8 @@ AC_DEFUN(APACHE_MODULE,[
   _apmod_extra_msg=
   dnl When --enable-modules=most is set and the module was not explicitly
   dnl requested, allow a module to disable itself if its pre-reqs fail.
-  if test $module_selection = most -a $enable_$1 = most; then
+  if test $module_selection = most -a $enable_$1 = most ||
+ test $module_selection = reallyall; then
 _apmod_error_fatal=no
   else
 _apmod_error_fatal=yes
@@ -292,19 +293,21 @@ AC_DEFUN(APACHE_MODULE,[
   elif test $enable_$1 = yes; then
 enable_$1=$module_default
   elif test $enable_$1 = most; then
-if test $module_selection = most -o $module_selection = all; then
+if test $module_selection = most -o $module_selection = all -o $module_selection = reallyall; then
   enable_$1=$module_default
 elif test $module_selection = few -o $module_selection = none; then
   enable_$1=no
 fi
 _apmod_extra_msg= ($module_selection)
   elif test $enable_$1 = maybe-all; then
-if test $module_selection = all; then
+if test $module_selection = all -o $module_selection = reallyall; then
   enable_$1=$module_default
   _apmod_extra_msg= (all)
 else
   enable_$1=no
 fi
+  elif test $enable_$1 = no -a $module_selection = reallyall; then
+  enable_$1=$module_default
   fi
   if test $enable_$1 != no; then
 dnl If we plan to enable it, allow the module to run some autoconf magic
@@ -361,14 +364,15 @@ AC_DEFUN(APACHE_ENABLE_MODULES,[
 
 
   AC_ARG_ENABLE(modules,
-  APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Space-separated list of modules to enable | all | most | few | none),[
+  APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Space-separated list of modules to enable | all | most | few | none| reallyall),[
 if test $enableval = none; then
module_default=no
module_selection=none
 else
   for i in $enableval; do
-if test $i = all -o $i = most -o $i = few; then
+if test $i = all -o $i = most -o $i = few -o $i = reallyall; then
   module_selection=$i
+		echo module_selection: $module_selection
 else
   i=`echo $i | sed 's/-/_/g'`
   eval enable_$i=shared
@@ -378,9 +382,9 @@ AC_DEFUN(APACHE_ENABLE_MODULES,[
   ])
   
   AC_ARG_ENABLE(mods-shared,
-  APACHE_HELP_STRING(--enable-mods-shared=MODULE-LIST,Space-separated list of shared modules to enable | all | most | few),[
+  APACHE_HELP_STRING(--enable-mods-shared=MODULE-LIST,Space-separated list of shared modules to enable | all | most | few| reallyall),[
 for i in $enableval; do
-  if test $i = all -o $i = most -o $i = few; then
+  if test $i = all -o $i = most -o $i = few -o $i = reallyall; then
 module_selection=$i
 module_default=shared
   else
diff --git a/modules/cache/config.m4 b/modules/cache/config.m4
index a750b96..f2461ce 100644
--- a/modules/cache/config.m4
+++ b/modules/cache/config.m4
@@ -16,43 +16,11 @@ APACHE_MODULE(cache, dynamic file caching, $cache_objs, , most)
 APACHE_MODULE(disk_cache, disk caching module, , , most)
 
 AC_DEFUN([CHECK_DISTCACHE], [
-  AC_MSG_CHECKING(whether Distcache is required)
-  ap_ssltk_dc=no
-  tmp_nomessage=
-  tmp_forced=no
-  AC_ARG_ENABLE(distcache,
-APACHE_HELP_STRING(--enable-distcache,Enable distcache support),
-ap_ssltk_dc=$enableval
-tmp_nomessage=
-tmp_forced=yes
-if test x$ap_ssltk_dc = x; then
-  ap_ssltk_dc=yes
-  dnl our errors become tests revealed that...
-  tmp_forced=no
-fi
-if test $ap_ssltk_dc != yes -a $ap_ssltk_dc != no; then
-  tmp_nomessage=--enable-distcache had illegal syntax - disabling
-  ap_ssltk_dc=no
-fi)
-  if test $tmp_forced = no; then
-AC_MSG_RESULT($ap_ssltk_dc (default))
-  else
-AC_MSG_RESULT($ap_ssltk_dc (specified))
-  fi
-  if test $tmp_forced = yes -a x$ap_ssltk_dc = xno -a x$tmp_nomessage != x; then
-AC_MSG_ERROR(distcache support failed: $tmp_nomessage)
-  fi
-  if test $ap_ssltk_dc = yes; then
-AC_CHECK_HEADER(
-  [distcache/dc_client.h],
-

Re: mod_socache_shmcb bogosity?

2010-06-10 Thread William A. Rowe Jr. 
On 6/10/2010 7:15 AM, Joe Orton wrote:
 On Wed, Jun 09, 2010 at 11:30:45AM -0500, William Rowe wrote:
 Just noticed that our shmcb socache never replaces an identical node
 on -store, leading to multiple entries for the same id (with different
 expiries and data, obviously).

 Is this deliberate?  What is the distcache/memcached/dbm behavior, are
 they all replacing the existing node?  What is the programming contract?
 
 It's a cyclic buffer - the most recently stored entry should be returned 
 by a retrieve operation... the old entry should effectively be invisible 
 to the caller.  Is that not working?

Have not checked specifically, the problem I observed was ejecting other
unexpired elts as other records were repeatedly updated.

It seems the simple fix is to change the pre-store free logic,

 * expire records [do this only if space needed?  right now, it's on all stores]

 * if enospace, compress removed/expired records until space is available

 * if still enospace, drop the first-to-expire [current behavior]

Seem sensible?

 w.r.t. contract: specific behaviour will vary across the providers; 
 could nail down the -retrieve API with a bunch of stuff which is *not* 
 guaranteed, I suppose, is that what you're thinking of?  object 
 returned may be out-of-date/stale, etc

If we know it may be stale, we should declare that (in the shmcb case, this
never happens, IIRC).  We obviously should declare this is a lossy cache.

In other events, the current logic of max 256 caches keyed on the first byte
of ID is not sufficiently resuable.  What do folks suggest for the most 
efficient
hash method?

I'm thinking we add to the hints that hashing is required, or assuring that
the data is 8-bit hashed already and leading bytes are just fine for choosing
subcaches.  In order to achieve the goal above of compressing records, it would
seem sensible to favor more subcaches with no more than 64k worth of elts, which
ensures any compressing memcpy's are more efficient.