Ryan Bloom [Sun, 8 Oct 2000 00:55:46 +0000 (00:55 +0000)]
Remove ap_send_fb and ap_send_fb_length. These functions don't make much
sense anymore, because the BUFFs that Apache used to use it for have all
been replaced with buckets. BUFFs can't be used with filters, and Apache
doesn't use these functions anywhere anymore, so they need to go away now.
Ryan Bloom [Sat, 7 Oct 2000 21:54:16 +0000 (21:54 +0000)]
Update send_the_file to fall back to a read/write loop on platforms
without sendfile. This also makes the apr_hdtr_t type available on
all platforms, regardless of whether apr_sendfile is defined or not.
Submitted by: Brian Havard and Ryan Bloom
Ryan Bloom [Sat, 7 Oct 2000 18:10:02 +0000 (18:10 +0000)]
The core filter should not be using its own brigade inside its own ctx
structure. This changes the core_output_filter to use a brigade inside
the conn_rec. Think of this as analagous to the BUFF in the conn_rec.
The idea is that if we have pipelined requests, and it isn't worth it to
send the last bit of data from the first request, we want to save that
extra bit of data to the conn_rec, so that the next request sends it
automatically.
Addresses the huge issue that Crypt::PasswdMD5 is probably not, and
Digest::SHA1 is possibly not already installed, but the user may not
even need it for their files! Also inform the user what to grab and
where. Finally, assures that the old Crypt::PasswdMD5 (that didn't
export apache_md5_crypt()) will work nonetheless.
There is still one -big- problem ... the list of xDBM_Files options
won't necessarily correspond to how Apache was built, nor if they
are using mod_auth_db vs. mod_auth_dbm. This has -got- to be fixed
(although it's an old problem.)
Ryan Bloom [Sat, 7 Oct 2000 05:41:59 +0000 (05:41 +0000)]
The newest incarnation of http_filter. This is far from perfect, but it
is a step in the right direction. The idea is that the http_filter knows
about the http protocol. So, it uses that knowledge to discover HTTP
request headers, and sends those headers up to getline. However, it keeps
the request body saved in it's ctx pointer.
Later, when ap_get_client_block is called, we have set the remaining field
in the conn_rec. This tells the http_filter how much of the remaining
data is request body, and how much isn't. So, the http_filter can return
the request body unparsed up throught ap_get_client_block.
This doesn't even try to work with chunked input data, and there are still
some other bugs in it, but it works for small-ish files in my tests, and
it lets other people play with the concept of input filters. I will try
to play with this more, but others should feel free to hack around in it
too.
Greg Stein [Sat, 7 Oct 2000 00:50:42 +0000 (00:50 +0000)]
forward-port John Vasta's checkin to mod_dav 1.1.x (on Sep 25, 2000). this
begins some work to upgrade the versioning support to some of the more
recent drafts.
- get_resource hook has new params
- create_collection hook no longer takes a pool
- new dav_auto_version_info structure to group up autoversion
rollback/commit handling data
- new functions for getting workspace, target-selector, etc
- supportedlock hook now takes the resource in question (since different
resources may have different locks)
- new resource types; tweaks in props.c to support them
- some tweaks with resource creation, Location header, etc.
Here it is, the Win32 part of the big canonical errors patch.
The reason is really, really simple. If we ever choose to mix clib and
dos error codes, they criss-cross and don't line up, but they share the
same number space. As I wrote the new APR_IS_ERROR macros, I realized
we were about to shoot ourselves in the foot.
These changes nearly entirely affect Win32 only. The next big patch will
affect all of the rv == APR_ENOENT type problems throughout the system.
Ryan Bloom [Fri, 6 Oct 2000 16:41:30 +0000 (16:41 +0000)]
Fix a potential memory overrun error in ap_get_client_block. The problem
is that the bucket code does not respect the length passed into it. This
is correct for buckets, but it means that when we get data out of the
buckets, we may have to split the bucket to make sure that any copy
operations are safe. We were originally doing the split at the number of
characters read from the bucket, but we really want to do it at the length
of the buffer.
Greg Stein [Fri, 6 Oct 2000 12:49:21 +0000 (12:49 +0000)]
*) convert fs/lock.c to use APR UUIDs for the opaque locktokens.
*) blow away opaquelock.c and dav_opaquelock.h since direct use of APR UUIDs
is quite easy.
*) toss the uuid_state from the per-server config in mod_dav.c
Ryan Bloom [Fri, 6 Oct 2000 06:07:07 +0000 (06:07 +0000)]
Add the first draft of the http_filter. In time this filter will split
the bucket brigade between the headers and the body. Right now it just
converts \r\n to \n\0.
Ryan Bloom [Thu, 5 Oct 2000 22:40:28 +0000 (22:40 +0000)]
Modify ap_get_client_block to use the bucket brigades instead of BUFF.
I'm pretty sure this isn't complete, but it has worked in my tests with
a very simple CGI.
The lots of little ones... APR_IS_STATUS_condition(rv) conditional macros
replacing the majority of fallible rv == APR_condition tests. But there
are lots more to fix, these are the obvious ones that already did proper
canonical error conversion.
Jeff Trawick [Thu, 5 Oct 2000 16:55:10 +0000 (16:55 +0000)]
Add a bit of infrastructure which will be needed for input filtering:
1) separate filter lists hanging off the r and the c
requests start off with the same filter list as the connection
the input filter list is not initialized for subrequests
internal redirects start off with the same filter list as the
connection
2) AddInputFilter directive (blatant rip-off of Ryan's AddOutputFilter
directive); as with AddOutputFilter, the network is implicitly to the
right of the specified filter list; this may not be the most
intuitive way to specify the filters; not sure yet
Ryan Bloom [Thu, 5 Oct 2000 05:42:06 +0000 (05:42 +0000)]
Multiple build and configuration fixes
Build process:
-add datadir and localstatedir substitutions
-fix layout name
-fix logfilename misspelling
-fix evaluation of installation dir variables and
-replace $foobar by $(foobar) to be usefull in the makefile
Cross compile:
-add rules for cross-compiling in rules.mk. Okay, rule to check for
$CC_FOR_BUILD is still missing
-use CHECK_TOOL instead of CHECK_PROG for ranlib
-add missing "AR=@AR@" to severaly Makefile.in's
-cache result for "struct rlimit"
-compile all helper programs with native and cross compiler
and use the native version to generate header file
Ryan Bloom [Thu, 5 Oct 2000 03:44:22 +0000 (03:44 +0000)]
If mod_so is compiled into the server, we need to create libexec, even
if there are no shared modules compiled. This is in keeping with what
we did with Apache 1.3, and it allows APXS to work, even if there were no
shared modules installed initially.
Jeff Trawick [Thu, 5 Oct 2000 02:11:11 +0000 (02:11 +0000)]
The new request_rec set up for redirects needs to pick up the
output filter chain from the conn_rec. Any required request
filters will be inserted later.
Ryan Bloom [Wed, 4 Oct 2000 23:19:33 +0000 (23:19 +0000)]
Connection oriented filters are now stored in the conn_rec instead of the
request_rec. This means that a conn_rec must be supplied when calling
ap_add_filter. The reason for this change is that we need to be able to
add the core_filter (whether or SSL or not) before we try to read the
request. This way, if a request fails, we can actually send the error
page back to the client. With this change, we add the core filter to the
conn_rec during the pre-connection phase.
Submitted by: Ryan Bloom, Jeff Trawick, and Greg Ames
Jeff Trawick [Wed, 4 Oct 2000 22:09:46 +0000 (22:09 +0000)]
In core_output_filter(), reset nbytes to zero after calling
writev_it_all() in case we have another brigade to process.
Otherwise, nbytes is bogus for the second brigade and
writev_it_all() doesn't know when to quit (it loops).
In writev_it_all(), when compensating for bytes already sent
don't go beyond the number of iovs we were passed on input.
Bill Stoddard [Wed, 4 Oct 2000 19:11:03 +0000 (19:11 +0000)]
Take another shot at reimplementing core_output_filter. This implementation buffers
brigades across multiple calls until MAX_IOVEC_TO_WRITE or
MIN_SIZE_TO_WRITE thresholds are hit. This implementation does not attempt
to coalesce bytes. Moving a bit further down the filter learning curve...
Jeff Trawick [Wed, 4 Oct 2000 17:14:00 +0000 (17:14 +0000)]
Clean up md5 digest support in default_handler() a bit:
1) don't compute md5 if we have a content filter; it is almost always wrong
2) add note about adding md5 filter in the future; this can be done
3) delete some APACHE_XLATE/CHARSET_EBCDIC baggage associated with md5
digest support; part of this deleted baggage is a segfault on
subrequests referencing r->rrx (which is not allocated for subrequests)
Jeff Trawick [Tue, 3 Oct 2000 22:08:38 +0000 (22:08 +0000)]
Change ap_send_fd() so that it returns a proper apr_status_t value
instead of the number of bytes sent.
default_handler() ignores the ap_send_fd() return code, but
mod_file_cache doesn't. When mod_file_cache's handler called
ap_send_fd(), the client would get the desired file plus an
error document (500 internal server error), which was delivered
because mod_file_cache's handler returned an error since
ap_send_fd() returned non-zero.
Also in this commit is a hack to be able to compile when APACHE_XLATE
is defined.
Jeff Trawick [Tue, 3 Oct 2000 21:56:43 +0000 (21:56 +0000)]
Change core_input_filter() so that it returns an empty brigade upon
FIN/EOF or error. This meshes with what getline() looks for. It isn't
perfect, but it avoids some nasty loops consuming all available storage
on http/1.1 connections. In keepalive state, we call getline to read the
next request... getline() calls core_input_filter() (indirectly)...
core_input_filter() calls apr_recv() which returns APR_SUCCESS/0 bytes
to signal FIN/EOF. But core_input_filter() returned a bucket with length
zero to getline(), so getline() called core_input_filter() again.
Jeff Trawick [Tue, 3 Oct 2000 21:48:31 +0000 (21:48 +0000)]
Fix some bad calls to ap_log_error(); some of these neglected to
turn on APLOG_NOERRNO even though no syscall failure was being
reported; others passed errno instead of the APR retcode.
Jeff Trawick [Tue, 3 Oct 2000 15:05:26 +0000 (15:05 +0000)]
The previous commit pointed out an unfortunate problem with the
ap_os_case_canonical_filename() interface: It returns const char * on
platforms where no mapping is ever performed but char * on platforms
where mapping can occur. Such a discrepancy seems to be a good choice,
as no platform is penalized with extra pathlength.
This tweak gets rid of a const misuse warning on systems where
ap_os_case_canonical_filename() returns const char *.
Ok... I've been waiting to find out what happens when we commit to two
trees at once. To that end, this is the caching and rather stable 2.0
mod_isapi, with the docs brought over from 1.3 and freshened a bit.
Ryan Bloom [Tue, 3 Oct 2000 00:44:00 +0000 (00:44 +0000)]
Replace ap_get_data_from_filter and ap_save_data_to_filter with
ap_save_brigade. This function does not try to save the actual brigade to
a specific location. If just traverses the brigade, calls setaside if
it is available and concatenates it with a previously setaside brigade.
The resulting brigade is returned to the caller for them to save it to
the appropriate location.
Bill Stoddard [Mon, 2 Oct 2000 22:00:59 +0000 (22:00 +0000)]
Fix two problems. First we are setting aside the wrong bucket brigade. Second, we need to
check that a setaside routine is defined for the bucket before attempting to call it. Not sure
at all if we even want to keep this routine as it does not allow using filter->ctx for other
purposes.
Ryan Bloom [Mon, 2 Oct 2000 19:52:37 +0000 (19:52 +0000)]
Move where the CORE_IN filter is added to the server. We used to do this
in ap_new_connection, but that is bogus, because then other modules can't
put their own filter in. Now, we do this in a new pre-connection hook
function. Later, we will want to add some checking to make sure that this
is really an HTTP request that we are adding the filter for.
Yes - it's blatently obvious that this should be 'bucketized', but the
sequence I will follow is:
*) compatibility of sources
*) extension to async + transmitfile emulated support
*) localization of ISAPI* directives to Directory, File blocks
*) addition of ISAPI caching
*) recode for buckets.
I'm actually looking forward to the mod_cgi bucketization as a model.
Ryan Bloom [Mon, 2 Oct 2000 00:47:28 +0000 (00:47 +0000)]
Implement input filtering. This is definately not completely correct, but
it is a good first step. It is possible to add filters when reading from
the client with this change.
Bill Stoddard [Fri, 29 Sep 2000 18:12:14 +0000 (18:12 +0000)]
First cut at a filter to buffer/coalesce multiple small buckets into a single large bucket.
This implementation is limited to coalescing a single string of small (< MIN_BUCKET_SIZE)
buckets into one large bucket. If a brigade contains a string of small buckets followed by a
large bucket followed by another string of small buckets, only the first string will be coalesced.
This implementation works very well with the output generated by mod_autoindex though.
The number of iovecs handled by http_core is reduced to three from over a thousand for my
test case.
Create a helper function "get_canned_error_string" for use by
ap_send_error_response. The new function simply returns the error response
string corresponding to given HTTP error core. This makes it easier to
change the mechanism for sending these strings, because we no longer have
r[v]puts calls spread throughout the error string generation code.
Jeff Trawick [Tue, 26 Sep 2000 19:38:41 +0000 (19:38 +0000)]
Debug messages in mod_charset_lite are now controlled by
CharsetOptions DebugLevel=n instead of CharsetDebug on/off. Use the debug
level to decide which debug messages to issue (if any). Use ap_log_rerror()
instead of ap_log_error() when appropriate.
Describe CharsetOptions in the doc.
Jeff Trawick [Tue, 26 Sep 2000 15:08:26 +0000 (15:08 +0000)]
Sanity-check the use of multiple instances of XLATEOUT in a
filter chain. If the translation performed by an instance
being run for the first time clashes with an instance already
in place, disable the new instance.
Set BSD_MAKEFILE in configure.in. The macro APACHE_GEN_MAKEFILES is
executed in the context of config.status with variable substitution
already performed, so the check in the macro itself did not work.
Cleaner feature tests and new -d -m -s -p options for crypt, MD5, SHA1
and plaintext password cyphers. Not certain what the $^O tag for
NETWARE really is, so this may need to be fixed.
David Reid [Sun, 24 Sep 2000 12:40:05 +0000 (12:40 +0000)]
We don't have config.guess until later in the build cycle, so change the
test to use uname. with this change a clean CVS copy will build using
./buildconf;./configure;make exactly like it should.
Jeff Trawick [Sat, 23 Sep 2000 22:09:30 +0000 (22:09 +0000)]
The new core post_read_request hook needs to return something
(DECLINED). This allows Apache to serve pages again (other than
the 500 Internal Server Error page, that is).
Ryan Bloom [Sat, 23 Sep 2000 18:39:30 +0000 (18:39 +0000)]
Combine the calls to add the core_filter to one place. Basically, it is
safe to add the core_filter during the post_read_request, and it means
that we only have to add the filter once in the code. This should make
it easier to add an SSL module in the future.
Tony Finch [Sat, 23 Sep 2000 00:05:45 +0000 (00:05 +0000)]
Fix a security problem that affects certain configurations of mod_rewrite.
If the result of a RewriteRule is a filename that contains expansion
specifiers, especially regexp backreferences $0..$9 and %0..%9, then it
may be possible for an attacker to access any file on the web server.
The fix replaces a multi-pass string expander with a one-pass expander,
and includes the code quality improvements that were committed separately
to 1.3.
Bill Stoddard [Fri, 22 Sep 2000 20:36:20 +0000 (20:36 +0000)]
Make the core_filter use apr_sendv and apr_sendfile as appropriate. This is still a bit crufty
but it is an improvement over the previous implementation.