RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/apache2 mod_jk2.c

2002-09-22 Thread Mladen Turk 



> -Original Message-
> From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] 
> 
> I agree that my patch is buggy in the case of a request 
> coming from 80 or 443, but if we want to support port bases V 
> hosting, we need to pass it down, if not 
> 
> [uri:www.something.com:8080/somecontext]
> 
> Definitely will not work (this not works now i.e).. so to 
> pass the port as part of the hostname is needed when port is 
> different from 80 and 443..
>

I agree to that. I know that neither my patch is perfect, but...
We can use the sheme://hostname[:port] parsing but that has to go in the
server part of the connector.
The apache will give you same r->hostname no matter what the port number
is.

I was thinking to make those vhost mappings more like uri mappings.
Like:

[uri:vhost1:*]
Will map all the port numbers so we can even use the port 0 (default
one).

Or more selective
[uri:vhost1:8080]
Will map only the 8080 port of the vhost1


 
> 
> 1) globals ( for all VS and Default ) and 
> 2) particular ( for a concrete VS or Default )
> 
> This needs to do 2 passes for the mapper, one for the 
> particular mappings with host+port ( if not 80 or 443 ) as 
> vhost, and if none found other for the Global mappings with 
> NULL as vhost.. that is what isapi does..
> 

Yes, but this will need to change the init phase not the map phase. If
we provide the hostname to the uriMap it has to map that vhost.
Global mappings should explicitly be defined, not assumed, because you
will not be able to differentiate default and virtual hosts.



MT.


--
To unsubscribe, e-mail:   
For additional commands, e-mail:

RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/apach e2 mod_jk2.c

2002-09-22 Thread Amund Elstad 

What's so bad about requiring the user to specify a port for all mappings
with a virtual host in workers2.properties ? You may be able to support one
default port (80 or 443), but not both without adding additional config
options in worker2.properties - or am I wrong ?

Although r->server->port may be 0, ap_get_server_port(r) may AFAIK not.

It is probably not a good idea to use req->hostname by default either,
because it is supplied by the client. For example (with req->hostname) to
have mod_jk2 serve:

http://localhost/context/blah
and http://127.0.0.1/context/blah

you will need to add a lot of extra configuration to workers2.properties (I
don't think the alias option works yet so duplication is needed).

Using req->server->server_hostname or ap_get_server_name(req) is IMO better.
ap_get_server_name(req) defaults to request->server->server_hostname but can
be configured (USE_CANONICAL_NAME) to return request->hostname or even do a
reverse
dns-lookup of the connection address.

So why not:

Index: mod_jk2.c
===
RCS file:
/home/cvspublic/jakarta-tomcat-connectors/jk/native2/server/apache2/mod_jk2.
c,v
retrieving revision 1.52
diff -u -r1.52 mod_jk2.c
--- mod_jk2.c   22 Sep 2002 09:35:46 -  1.52
+++ mod_jk2.c   22 Sep 2002 19:46:07 -
@@ -679,8 +679,10 @@
 */
 
 uriEnv = workerEnv->uriMap->mapUri(env, workerEnv->uriMap,
-r->server->is_virtual ? r->hostname : NULL,
-r->uri );
+r->server->is_virtual ? 
+apr_psprintf(r->pool,"%s:%d", 
+ap_get_server_name(r),
+ap_get_server_port(r)) : NULL, r->uri );
 
 if( uriEnv== NULL || uriEnv->workerName == NULL) {
 workerEnv->globalEnv->releaseEnv( workerEnv->globalEnv, env );

-Original Message-
From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]]
Sent: 22. september 2002 20:07
To: 'Tomcat Developers List'; '[EMAIL PROTECTED]'
Subject: RE: cvs commit:
jakarta-tomcat-connectors/jk/native2/server/apach e2 mod_jk2.c


I agree that my patch is buggy in the case of a request coming from 80
or 443, but if we want to support port bases V hosting, we need to pass
it down, if not 

[uri:www.something.com:8080/somecontext]

Definitely will not work (this not works now i.e).. so to pass the port
as part of the hostname is needed when port is different from 80 and
443..

FOr the other 2 the is_virtual and the changes inside the mapper..

The initial idea was to do what isapi_redirector from jk does right now,
in jk i_r.dll there are 2 types of mappings:

1) globals ( for all VS and Default ) and 
2) particular ( for a concrete VS or Default )

This needs to do 2 passes for the mapper, one for the particular
mappings with host+port ( if not 80 or 443 ) as vhost, and if none found
other for the Global mappings with NULL as vhost.. that is what isapi
does..

For the mapper, i was trying to need only one pass in the mapper, but
after looking at the code, it was buggy, as VS request from a registered
vhost, never will be mapped to anything outside of that vhost, so it's
need to do the two passes..

So my grandtotal for my first commits after months is 2 bugs in 2
commits, nice startup, thanks Mladen.. ;)

Saludos ,
Ignacio J. Ortega


> -Mensaje original-
> De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Enviado el: 22 de septiembre de 2002 11:36
> Para: [EMAIL PROTECTED]
> Asunto: cvs commit: 
> jakarta-tomcat-connectors/jk/native2/server/apache2
> mod_jk2.c
> 
> 
> mturk   2002/09/22 02:35:46
> 
>   Modified:jk/native2/server/apache2 mod_jk2.c
>   Log:
>   Cannot use the hostname:server_port cause the port is 0 for all
>   host:80 requests. Also is_virtual is used for separating default and
>   virtual hosts. In case of default server host the hostname provided
>   to uriMap _MUST_ be NULL to be able to map the default uri:/
>   
>   Revision  ChangesPath
>   1.52  +2 -2  
> jakarta-tomcat-connectors/jk/native2/server/apache2/mod_jk2.c
>   
>   Index: mod_jk2.c
>   ===
>   RCS file: 
> /home/cvs/jakarta-tomcat-connectors/jk/native2/server/apache2/
> mod_jk2.c,v
>   retrieving revision 1.51
>   retrieving revision 1.52
>   diff -u -r1.51 -r1.52
>   --- mod_jk2.c   22 Sep 2002 02:50:42 -  1.51
>   +++ mod_jk2.c   22 Sep 2002 09:35:46 -  1.52
>   @@ -679,7 +679,7 @@
>*/
>
>uriEnv = workerEnv->uriMap->mapUri(env, workerEnv->uriMap,
>   -
> apr_psprintf(r->pool,"%s:%d",r->hostname,r->server->port),
>   +r->server->is_virtual ? r->hostname : NULL,
>r->uri );
>
>if( uriEnv== NULL || uriEnv->workerName == NULL) {
>   
>   
>   
> 
> --
> To unsubscribe, e-mail:   

For additional commands, e-mail:



--
To un

cvs commit: jakarta-tomcat-4.0 RELEASE-NOTES-4.1.txt

2002-09-22 Thread billbarker 

billbarker2002/09/22 17:32:46

  Modified:.RELEASE-NOTES-4.1.txt
  Log:
  Document SSL-auth fix.
  
  Revision  ChangesPath
  1.21  +2 -1  jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt
  
  Index: RELEASE-NOTES-4.1.txt
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- RELEASE-NOTES-4.1.txt 19 Sep 2002 13:17:17 -  1.20
  +++ RELEASE-NOTES-4.1.txt 23 Sep 2002 00:32:46 -  1.21
  @@ -177,6 +177,7 @@
   [4.1.11] Administration Webapp:
Fix adding a context with the administration webapp.
   
  +[4.1.12] Fix SSL-cert authentication when using the Coyote Connector.
   
   --
   Catalina Bug Fixes:
  
  
  

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: [PATCH][5] Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator SSLAuthenticator.java

2002-09-22 Thread Bill Barker 

I know, I know, compile then commit :-(.

Fixed now.
- Original Message -
From: "Steve Downey" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Sunday, September 22, 2002 12:48 PM
Subject: [PATCH][5] Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator
SSLAuthenticator.java


JDK 1.4's javac doesn't like this. It's complaining about casting Object to
X509Certificate[].

On Saturday 21 September 2002 02:50 am, [EMAIL PROTECTED] wrote:
> billbarker2002/09/20 23:50:30
>
>   Modified:catalina/src/share/org/apache/catalina/authenticator
> SSLAuthenticator.java
>   Log:
>   Final level in replacing CertificatesValve under Coyote.
>
>   This is a little hackish, but is portable to 4.x without changing the
> API.  Here, it should probably change once Coyote is properly exposed to
> Catalina.
>
>   If there aren't any major complaints, I'll port to the 4.1 branch later.
>
>   Revision  ChangesPath
>   1.2   +7 -4
>
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticato
>r/SSLAuthenticator.java
>
>   Index: SSLAuthenticator.java
>   ===
>   RCS file:
>
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/au
>thenticator/SSLAuthenticator.java,v retrieving revision 1.1
>   retrieving revision 1.2
>   diff -u -r1.1 -r1.2
>   --- SSLAuthenticator.java 18 Jul 2002 16:48:02 - 1.1
>   +++ SSLAuthenticator.java 21 Sep 2002 06:50:30 - 1.2
>   @@ -150,6 +150,9 @@
>log(" Looking up certificates");
>X509Certificate certs[] = (X509Certificate[])
>
> request.getRequest().getAttribute(Globals.CERTIFICATES_ATTR); + if ((certs
> == null) || (certs.length < 1)) {
>   + certs =
> request.getRequest().getAttribute(Globals.SSL_CERTIFICATE_ATTR); + }
>if ((certs == null) || (certs.length < 1)) {
>if (debug >= 1)
>log("  No certificates included with this request");







> --
> To unsubscribe, e-mail:

> For additional commands, e-mail:



--
To unsubscribe, e-mail:   
For additional commands, e-mail:

cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator SSLAuthenticator.java

2002-09-22 Thread billbarker 

billbarker2002/09/22 17:25:10

  Modified:catalina/src/share/org/apache/catalina/authenticator
SSLAuthenticator.java
  Log:
  Port cast fix from 5.0 branch.
  
  Revision  ChangesPath
  1.13  +6 -5  
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
  
  Index: SSLAuthenticator.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- SSLAuthenticator.java 23 Sep 2002 00:16:35 -  1.12
  +++ SSLAuthenticator.java 23 Sep 2002 00:25:10 -  1.13
  @@ -151,7 +151,8 @@
   X509Certificate certs[] = (X509Certificate[])
   request.getRequest().getAttribute(Globals.CERTIFICATES_ATTR);
   if ((certs == null) || (certs.length < 1)) {
  -certs = request.getRequest().getAttribute(Globals.SSL_CERTIFICATE_ATTR);
  +certs = (X509Certificate[])
  +request.getRequest().getAttribute(Globals.SSL_CERTIFICATE_ATTR);
   }
   if ((certs == null) || (certs.length < 1)) {
   if (debug >= 1)
  
  
  

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator SSLAuthenticator.java

2002-09-22 Thread billbarker 

billbarker2002/09/22 17:24:32

  Modified:catalina/src/share/org/apache/catalina/authenticator
SSLAuthenticator.java
  Log:
  Fix class-cast problem with previous patch.
  
  Submitted By: Dave [EMAIL PROTECTED]
  
  Revision  ChangesPath
  1.4   +6 -5  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
  
  Index: SSLAuthenticator.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- SSLAuthenticator.java 21 Sep 2002 07:25:21 -  1.3
  +++ SSLAuthenticator.java 23 Sep 2002 00:24:32 -  1.4
  @@ -151,7 +151,8 @@
   X509Certificate certs[] = (X509Certificate[])
   request.getRequest().getAttribute(Globals.CERTIFICATES_ATTR);
   if ((certs == null) || (certs.length < 1)) {
  -certs = request.getRequest().getAttribute(Globals.SSL_CERTIFICATE_ATTR);
  +certs = (X509Certificate[])
  +request.getRequest().getAttribute(Globals.SSL_CERTIFICATE_ATTR);
   }
   if ((certs == null) || (certs.length < 1)) {
   if (debug >= 1)
  
  
  

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator SSLAuthenticator.java

2002-09-22 Thread billbarker 

billbarker2002/09/22 17:16:35

  Modified:catalina/src/share/org/apache/catalina Globals.java
   catalina/src/share/org/apache/catalina/authenticator
SSLAuthenticator.java
  Log:
  Port SSL-auth fix from the 5.0 branch.
  
  Revision  ChangesPath
  1.44  +8 -4  
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Globals.java
  
  Index: Globals.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Globals.java,v
  retrieving revision 1.43
  retrieving revision 1.44
  diff -u -r1.43 -r1.44
  --- Globals.java  21 Dec 2001 21:15:44 -  1.43
  +++ Globals.java  23 Sep 2002 00:16:35 -  1.44
  @@ -83,6 +83,10 @@
   public static final String CERTIFICATES_ATTR =
   "javax.servlet.request.X509Certificate";
   
  +/**
  + * SSL Certificate Request Attributite.
  + */
  +public static final String SSL_CERTIFICATE_ATTR = 
"org.apache.coyote.request.X509Certificate";
   
   /**
* The request attribute under which we store the name of the cipher suite
  
  
  
  1.12  +7 -4  
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
  
  Index: SSLAuthenticator.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- SSLAuthenticator.java 9 Jun 2002 02:19:41 -   1.11
  +++ SSLAuthenticator.java 23 Sep 2002 00:16:35 -  1.12
  @@ -151,6 +151,9 @@
   X509Certificate certs[] = (X509Certificate[])
   request.getRequest().getAttribute(Globals.CERTIFICATES_ATTR);
   if ((certs == null) || (certs.length < 1)) {
  +certs = request.getRequest().getAttribute(Globals.SSL_CERTIFICATE_ATTR);
  +}
  +if ((certs == null) || (certs.length < 1)) {
   if (debug >= 1)
   log("  No certificates included with this request");
   hres.sendError(HttpServletResponse.SC_BAD_REQUEST,
  
  
  

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4 Constants.java CoyoteRequest.java

2002-09-22 Thread billbarker 

billbarker2002/09/22 17:12:26

  Modified:coyote/src/java/org/apache/coyote/tomcat4 Constants.java
CoyoteRequest.java
  Log:
  Porting SSL-auth fix from Tomcat5.
  
  Revision  ChangesPath
  1.4   +5 -0  
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/Constants.java
  
  Index: Constants.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/Constants.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- Constants.java31 Jan 2002 18:42:29 -  1.3
  +++ Constants.java23 Sep 2002 00:12:26 -  1.4
  @@ -82,4 +82,9 @@
*/
   public static final String AUTHORIZATION_HEADER = "authorization";
   
  +/**
  + * SSL Certificate Request Attributite.
  + */
  +public static final String SSL_CERTIFICATE_ATTR = 
"org.apache.coyote.request.X509Certificate";
  +
   }
  
  
  
  1.26  +18 -9 
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteRequest.java
  
  Index: CoyoteRequest.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteRequest.java,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- CoyoteRequest.java11 Jul 2002 08:33:22 -  1.25
  +++ CoyoteRequest.java23 Sep 2002 00:12:26 -  1.26
  @@ -784,14 +784,23 @@
* @param name Name of the request attribute to return
*/
   public Object getAttribute(String name) {
  - Object attr=attributes.get(name);
  +Object attr=attributes.get(name);
   
  - if(attr!=null)
  - return(attr);
  +if(attr!=null)
  +return(attr);
   
  - return coyoteRequest.getAttribute(name);
  +attr =  coyoteRequest.getAttribute(name);
  +if(attr != null)
  +return attr;
  +// XXX Should move to Globals
  +if(Constants.SSL_CERTIFICATE_ATTR.equals(name)) {
  +coyoteRequest.action(ActionCode.ACTION_REQ_SSL_CERTIFICATE, null);
  +attr = getAttribute(Globals.CERTIFICATES_ATTR);
  +if(attr != null)
  +attributes.put(name, attr);
  +}
  +return attr;
   }
  -
   
   /**
* Return the names of all request attributes for this Request, or an
  
  
  

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

[PATCH][5] Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator SSLAuthenticator.java

2002-09-22 Thread Steve Downey 

JDK 1.4's javac doesn't like this. It's complaining about casting Object to 
X509Certificate[].

On Saturday 21 September 2002 02:50 am, [EMAIL PROTECTED] wrote:
> billbarker2002/09/20 23:50:30
>
>   Modified:catalina/src/share/org/apache/catalina/authenticator
> SSLAuthenticator.java
>   Log:
>   Final level in replacing CertificatesValve under Coyote.
>
>   This is a little hackish, but is portable to 4.x without changing the
> API.  Here, it should probably change once Coyote is properly exposed to
> Catalina.
>
>   If there aren't any major complaints, I'll port to the 4.1 branch later.
>
>   Revision  ChangesPath
>   1.2   +7 -4 
> jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticato
>r/SSLAuthenticator.java
>
>   Index: SSLAuthenticator.java
>   ===
>   RCS file:
> /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/au
>thenticator/SSLAuthenticator.java,v retrieving revision 1.1
>   retrieving revision 1.2
>   diff -u -r1.1 -r1.2
>   --- SSLAuthenticator.java   18 Jul 2002 16:48:02 -  1.1
>   +++ SSLAuthenticator.java   21 Sep 2002 06:50:30 -  1.2
>   @@ -150,6 +150,9 @@
>log(" Looking up certificates");
>X509Certificate certs[] = (X509Certificate[])
>   
> request.getRequest().getAttribute(Globals.CERTIFICATES_ATTR); +   if ((certs
> == null) || (certs.length < 1)) {
>   +   certs =
> request.getRequest().getAttribute(Globals.SSL_CERTIFICATE_ATTR); +}
>if ((certs == null) || (certs.length < 1)) {
>if (debug >= 1)
>log("  No certificates included with this request");


Index: SSLAuthenticator.java
===
RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java,v
retrieving revision 1.3
diff -u -r1.3 SSLAuthenticator.java
--- SSLAuthenticator.java	21 Sep 2002 07:25:21 -	1.3
+++ SSLAuthenticator.java	22 Sep 2002 19:46:43 -
@@ -151,7 +151,7 @@
 X509Certificate certs[] = (X509Certificate[])
 request.getRequest().getAttribute(Globals.CERTIFICATES_ATTR);
 if ((certs == null) || (certs.length < 1)) {
-certs = request.getRequest().getAttribute(Globals.SSL_CERTIFICATE_ATTR);
+certs =  (X509Certificate[])  request.getRequest().getAttribute(Globals.SSL_CERTIFICATE_ATTR);
 }
 if ((certs == null) || (certs.length < 1)) {
 if (debug >= 1)



--
To unsubscribe, e-mail:   
For additional commands, e-mail:

[5] [PATCH] TC5 Build error and other bits

2002-09-22 Thread Dave 

Compile error fix for SSLAuthenticator.java and some url fixes for the
servlet examples.

Dave
[EMAIL PROTECTED]



fixes2.diff
Description: Binary data


fixes3.diff
Description: Binary data


fixes.diff
Description: Binary data

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

RE: cvs commit: jakarta-tomcat-connectors/jk/native2/server/apache2 mod_jk2.c

2002-09-22 Thread Ignacio J. Ortega 

I agree that my patch is buggy in the case of a request coming from 80
or 443, but if we want to support port bases V hosting, we need to pass
it down, if not 

[uri:www.something.com:8080/somecontext]

Definitely will not work (this not works now i.e).. so to pass the port
as part of the hostname is needed when port is different from 80 and
443..

FOr the other 2 the is_virtual and the changes inside the mapper..

The initial idea was to do what isapi_redirector from jk does right now,
in jk i_r.dll there are 2 types of mappings:

1) globals ( for all VS and Default ) and 
2) particular ( for a concrete VS or Default )

This needs to do 2 passes for the mapper, one for the particular
mappings with host+port ( if not 80 or 443 ) as vhost, and if none found
other for the Global mappings with NULL as vhost.. that is what isapi
does..

For the mapper, i was trying to need only one pass in the mapper, but
after looking at the code, it was buggy, as VS request from a registered
vhost, never will be mapped to anything outside of that vhost, so it's
need to do the two passes..

So my grandtotal for my first commits after months is 2 bugs in 2
commits, nice startup, thanks Mladen.. ;)

Saludos ,
Ignacio J. Ortega


> -Mensaje original-
> De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Enviado el: 22 de septiembre de 2002 11:36
> Para: [EMAIL PROTECTED]
> Asunto: cvs commit: 
> jakarta-tomcat-connectors/jk/native2/server/apache2
> mod_jk2.c
> 
> 
> mturk   2002/09/22 02:35:46
> 
>   Modified:jk/native2/server/apache2 mod_jk2.c
>   Log:
>   Cannot use the hostname:server_port cause the port is 0 for all
>   host:80 requests. Also is_virtual is used for separating default and
>   virtual hosts. In case of default server host the hostname provided
>   to uriMap _MUST_ be NULL to be able to map the default uri:/
>   
>   Revision  ChangesPath
>   1.52  +2 -2  
> jakarta-tomcat-connectors/jk/native2/server/apache2/mod_jk2.c
>   
>   Index: mod_jk2.c
>   ===
>   RCS file: 
> /home/cvs/jakarta-tomcat-connectors/jk/native2/server/apache2/
> mod_jk2.c,v
>   retrieving revision 1.51
>   retrieving revision 1.52
>   diff -u -r1.51 -r1.52
>   --- mod_jk2.c   22 Sep 2002 02:50:42 -  1.51
>   +++ mod_jk2.c   22 Sep 2002 09:35:46 -  1.52
>   @@ -679,7 +679,7 @@
>*/
>
>uriEnv = workerEnv->uriMap->mapUri(env, workerEnv->uriMap,
>   -
> apr_psprintf(r->pool,"%s:%d",r->hostname,r->server->port),
>   +r->server->is_virtual ? r->hostname : NULL,
>r->uri );
>
>if( uriEnv== NULL || uriEnv->workerName == NULL) {
>   
>   
>   
> 
> --
> To unsubscribe, e-mail:   

For additional commands, e-mail:



--
To unsubscribe, e-mail:   
For additional commands, e-mail:

DO NOT REPLY [Bug 12904] New: - Session hijaking - see script's comment

2002-09-22 Thread bugzilla 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12904

Session hijaking - see script's comment

   Summary: Session hijaking - see script's comment
   Product: Tomcat 4
   Version: 4.0.2 Final
  Platform: Other
OS/Version: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Other
 Component: Unknown
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


#!/bin/sh

#
# Demonstrate a session hijaking against a Jakarta/Tomcat 4.0.3 JSP page.
# 
# Objective: intrusion in a user-established http session context
# from another IP through JSESSIONID interception and reuse.
#
# Test against:
#  - a JSP page which increment a session-counter 
#
# How:
#  - Execute an HTTP call from an IP address
#  - Obtain a JSESSION ID
#  - Execute another HTTP from another IP address reusing JSESSION ID
#
# Result:
#  - The per user session counter have a double increment
#
# Defacement:
#  - The second HTTP request WOULD BE REJECTED due to an unadmissible
#source IP/JSESSION ID couple
#
# Test environment:
#   Linux Mandrake 8.1
#   JVM 1.3.1
#   Tomcat 4.0.2
#
#

# a page which return an auto-incremental number (1 counter per session)
URL=http://k900:8080/autosc3000/app/jsp/Mytest2.jsp
cookie="x"
i=0

while : ; do
  m=$[$i%2]

  if [ $m = "1" ]; then
address=k900
  else
address=localhost
  fi

  # HTTP request to tomcat
  wget --header="Cookie: $cookie" -s --bind-address=$address -O x $URL \
> /dev/null 2>/dev/null
  echo -n $address" "
  cat x | grep Mytest -A 1 | tail -1

  if [ $cookie = "x" ]; then
cookie="`cat x | grep Set-Cookie | tr ";" " " | awk '{print $2}'`"
  fi

  i=$[$i+1]
  sleep 1
done

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_uriMap.c

2002-09-22 Thread mturk 

mturk   2002/09/22 02:58:16

  Modified:jk/native2/common jk_uriMap.c
  Log:
  Each host has to be defined in the workers2.properties, so if the
  host is provided in the request but non found in the uriMap return
  NULL instead using default host (uri:/). Further more I reverted the
  Natcho's patches for checking virtual hosts, cause all mappings are
  allready in the correct uriMap.
  
  Revision  ChangesPath
  1.40  +14 -15jakarta-tomcat-connectors/jk/native2/common/jk_uriMap.c
  
  Index: jk_uriMap.c
  ===
  RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_uriMap.c,v
  retrieving revision 1.39
  retrieving revision 1.40
  diff -u -r1.39 -r1.40
  --- jk_uriMap.c   22 Sep 2002 02:50:42 -  1.39
  +++ jk_uriMap.c   22 Sep 2002 09:58:16 -  1.40
  @@ -260,7 +260,8 @@
   return uriMap->vhosts->valueAt( env, uriMap->vhosts, i);
   }
   }
  -/* Can't find vhost, return default */
  +/* Can't find vhost */
  +return NULL;
   }
   return uriMap->defaultVhost;
   }
  @@ -357,6 +358,7 @@
   env->l->jkLog(env, env->l, JK_LOG_DEBUG, "uriMap.init() set default 
host\n"); 
   /* XXX Initializes vhosts from uris */
   jk2_uriMap_correctHosts(env,uriMap);
  +
   /* Initialize the vhosts table */
   for(i = 0 ; i < uriMap->maps->size( env, uriMap->maps ) ; i++) {
   uriEnv=uriMap->maps->valueAt( env, uriMap->maps, i );
  @@ -441,7 +443,8 @@
   if( uri!=NULL && context!=NULL && strcmp( uri, context ) == 0 ) {
   char *vhost= uriEnv->virtual;
   jk_uriEnv_t *hostEnv=jk2_uriMap_hostMap( env, uriMap, vhost );
  -
  +if (!hostEnv)
  +continue;
   if( uriMap->mbean->debug > 5 ) 
   env->l->jkLog(env, env->l, JK_LOG_DEBUG,
 "uriMap.init() loaded context %s %s %#lx %#lx %#lx\n",
  @@ -478,6 +481,7 @@
   char *uri= uriEnv->uri;
   jk_uriEnv_t *ctxEnv;
   
  +if( hostEnv==NULL ) continue;
   if( uri==NULL ) continue;
   uriEnv->uriMap=uriMap;
   uriEnv->init( env, uriEnv );
  @@ -591,7 +595,11 @@
   }
   
   hostEnv=jk2_uriMap_hostMap( env, uriMap, vhost );
  -
  +if (!hostEnv) {
  +env->l->jkLog(env, env->l, JK_LOG_INFO,
  +  "uriMap.mapUri() cannot find host %s/\n", vhost);
  +return NULL;
  +}
   if( uriMap->mbean->debug > 1 )
   env->l->jkLog(env, env->l, JK_LOG_DEBUG,
 "uriMap.mapUri() found host %s\n", hostEnv->virtual);
  @@ -623,10 +631,7 @@
   
   /* As per Servlet spec, do exact match first */
   match=jk2_uriMap_exactMap( env, uriMap, ctxEnv->exactMatch, uri, uriLen, 
reverse );
  -if( match != NULL && 
  -(( match->virtual==NULL && hostEnv->virtual==NULL ) || 
  - ( hostEnv->virtual!=NULL && 
strcasecmp(match->virtual,hostEnv->virtual)==0 ))
  -   ) {
  +if( match != NULL ) {
   /* restore */
   if( url_rewrite ) *url_rewrite=origChar;
   if( uriMap->mbean->debug > 0 )
  @@ -638,10 +643,7 @@
   
   /* Then prefix match */
   match=jk2_uriMap_prefixMap( env, uriMap, ctxEnv->prefixMatch, uri, uriLen, 
reverse );
  -if( match != NULL && 
  -(( match->virtual==NULL && hostEnv->virtual==NULL ) || 
  - ( hostEnv->virtual!=NULL && 
strcasecmp(match->virtual,hostEnv->virtual)==0 ))
  -   ) {
  +if( match != NULL ) {
   char c=uri[match->prefix_len];
   /* XXX Filter prefix matches to allow only exact 
  matches with an optional path_info or query string at end.
  @@ -665,10 +667,7 @@
   if( suffix!=NULL ) {
   match=jk2_uriMap_suffixMap( env, uriMap, ctxEnv->suffixMatch,
   suffix, strlen( suffix ), reverse);
  -if( match != NULL && 
  -(( match->virtual==NULL && hostEnv->virtual==NULL ) || 
  - ( hostEnv->virtual!=NULL && 
strcasecmp(match->virtual,hostEnv->virtual)==0 ))
  -   ) {
  +if( match != NULL ) {
   /* restore */
   if( url_rewrite ) *url_rewrite=origChar;
   if( uriMap->mbean->debug > 0 )
  
  
  

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

DO NOT REPLY [Bug 12900] - How to log into tomat webserver administration tool ?

2002-09-22 Thread bugzilla 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12900

How to log into tomat webserver administration tool ?

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||INVALID



--- Additional Comments From [EMAIL PROTECTED]  2002-09-22 09:43 ---
Please read the guidelines on bug reports. This is a user question, and should
be posted on tomcat-user.

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

DO NOT REPLY [Bug 11552] - Iteration tags do not resynchronize scripting variables after doAfterBody()

2002-09-22 Thread bugzilla 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11552

Iteration tags do not resynchronize scripting variables after doAfterBody()

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution||FIXED



--- Additional Comments From [EMAIL PROTECTED]  2002-09-22 09:41 ---
It is fixed in 4.1.11. Please do not reopen a bug before checking the CVS HEAD
(if you cannot do that, do not reopen the bug until the next release). Thanks.

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

cvs commit: jakarta-tomcat-connectors/jk/native2/server/apache2 mod_jk2.c

2002-09-22 Thread mturk 

mturk   2002/09/22 02:35:46

  Modified:jk/native2/server/apache2 mod_jk2.c
  Log:
  Cannot use the hostname:server_port cause the port is 0 for all
  host:80 requests. Also is_virtual is used for separating default and
  virtual hosts. In case of default server host the hostname provided
  to uriMap _MUST_ be NULL to be able to map the default uri:/
  
  Revision  ChangesPath
  1.52  +2 -2  jakarta-tomcat-connectors/jk/native2/server/apache2/mod_jk2.c
  
  Index: mod_jk2.c
  ===
  RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/server/apache2/mod_jk2.c,v
  retrieving revision 1.51
  retrieving revision 1.52
  diff -u -r1.51 -r1.52
  --- mod_jk2.c 22 Sep 2002 02:50:42 -  1.51
  +++ mod_jk2.c 22 Sep 2002 09:35:46 -  1.52
  @@ -679,7 +679,7 @@
   */
   
   uriEnv = workerEnv->uriMap->mapUri(env, workerEnv->uriMap,
  -apr_psprintf(r->pool,"%s:%d",r->hostname,r->server->port),
  +r->server->is_virtual ? r->hostname : NULL,
   r->uri );
   
   if( uriEnv== NULL || uriEnv->workerName == NULL) {
  
  
  

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

DO NOT REPLY [Bug 12900] New: - How to log into tomat webserver administration tool ?

2002-09-22 Thread bugzilla 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12900

How to log into tomat webserver administration tool ?

   Summary: How to log into tomat webserver administration tool ?
   Product: Tomcat 4
   Version: 4.1.10
  Platform: Other
OS/Version: Other
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Webapps:Administration
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


Is there any document which can guide me in setting up the initial logging into
tomcat webserver administration and manager ?

--
To unsubscribe, e-mail:   
For additional commands, e-mail: