Ensure that net_time filter isn't added on subreqs - we assume that it is
added on !r->main requests. This led to infinite loop/SEGV when dealing
with anything that created a subreq.
(I don't think core_create_req is a good place for adding this filter.)
Ryan Bloom [Mon, 4 Mar 2002 05:54:44 +0000 (05:54 +0000)]
Adding the same filters over and over again used to be okay, because
we would lose the extra filters. Now, if a filter is added, it is run.
Unfortunately, this can cause an infinite loop, or it can cause request
headers to appear twice. This commit removes two instances in the core
where we were inserting filters for a second and third time. The bug
was that error responses were causing infinite loops.
This also removes the reset_filters function, which did the exact
same thing as add_required_filters. The two functions were both called
in error conditions, which was part of what caused this bug.
Ryan Bloom [Mon, 4 Mar 2002 05:29:04 +0000 (05:29 +0000)]
If we insert a protocol filter before we insert a request filter, we
must set the r->output_filter to r->proto_output_filter. If we don't,
then as soon as we insert the request filter, the protocol filter will
be removed. This was causing headers to not be sent on some requests.
Ryan Bloom [Sun, 3 Mar 2002 22:34:55 +0000 (22:34 +0000)]
Classify some of the input filters as the correct types. Previous to
this patch, the type wasn't too important, because all filters were
put on the same list. After this patch, the filter type is very important,
because there are three different types of filters, and they are all treated
differently, namely:
CONNECTION: Filters of this type are valid for the lifetime of this
connection.
PROTOCOL: Filters of this type are valid for the lifetime of this
request from the point of view of the client, this means
that the request is valid from the time that the request
is sent until the time that the response is received.
CONTENT: Filters of this type are valid for the time that this
content is used to satisfy a request. For simple requests,
this is identical to PROTOCOL, but internal redirects
and sub-requests can change the content without ending
the request.
It is important to realize that the three major types above are actually
broken down into smaller groups in the code, to ensure that the ordering
of filters is always correct.
Ryan Bloom [Sun, 3 Mar 2002 22:04:03 +0000 (22:04 +0000)]
This fixes most of the header bug that was committed last night. The server
is seg faulting on pipelined requests currently, but I want to get people
back to a running server.
Ryan Bloom [Sun, 3 Mar 2002 06:04:08 +0000 (06:04 +0000)]
This finishes the mod_dir/mod_negotiation bug. This final part of the
solution ensures that we don't lose filters if they are added later than
we expect. The problem could be seen if a connection filter was added
after a request-based filter was added in the past. The problem was that
the request-based filters pointed to the first filter in the connection
record, so the new connection filter was never called. Now, all filters
are put on their correct filter lists, and we are sure to always update
all pointers when adding a filter.
Ryan Bloom [Sun, 3 Mar 2002 02:15:52 +0000 (02:15 +0000)]
Fix the mod_dir/mod_negotiation bug, where redirects and sub requests
were not getting the correct filters. This is done by creating a location
in the request rec that holds protocol level filters. Protocol level
filters survive for one request, from the time the request is received
from the user to the time the response is sent. r->output_filters now
stores the request level filters, which are only valid for the lifetime
of one request_rec.
This patch works, but it is not complete. The second half of the problem
is that add_any_filter doesn't check where it puts the filters that it
adds, so it is possible for filters to be put on this wrong list, and
for filters to be lost completely during request processing. That half
of the fix will be coming in the next day or so.
Submitted by: Will Rowe, Justin Erenkrantz, Ryan Bloom
Doug MacEachern [Sun, 3 Mar 2002 00:46:07 +0000 (00:46 +0000)]
reuse existing private key if possible for all SSLPassPhraseDialog
types, not just builtin. on win32 for example, a pipe dialog might
allocate a wintty for prompting, which results in 4 prompts at
startup, 2 for each child and 2 within each when httpd "restarts
itself".
update comments on this and wrap them a bit.
Rich Bowen [Sat, 2 Mar 2002 02:37:17 +0000 (02:37 +0000)]
Added example of denying, or allowing, particular users to have UserDir
directories.
In a discussion on IRC, it was requested that an explicit example of
this configuration be provided in the documentation.
next_filter of NULL to any ap_sub_req_lookup*() fn implies the subreq
will never be run - or we expect to pass the subreq to fast_redirect.
The comming fix will break invalid ap_sub_req_lookups* expecting to
run subrequests with the next_filter NULL semantic.
Significant cleanup and enable wintty to -always- escape from the service
context when the run-as-user is LocalSystem or has access to the windows
station and desktop. The original method did not give us a visible tty
unless the 'Allow Service to Interact with Desktop' toggle was set.
Cliff Woolley [Fri, 1 Mar 2002 05:43:57 +0000 (05:43 +0000)]
We don't need transfer_brigade() because we already have macros to do that
for us, and faster. :)
Warning, though: transfer_brigade() was equivalent to APR_BRIGADE_CONCAT(),
and I don't think that was the right behavior for one of the two callers!
I changed that one to use APR_BRIGADE_PREPEND() since by my inspection that
looks like what it should be, but please check me on this.
Greg Stein [Fri, 1 Mar 2002 03:25:49 +0000 (03:25 +0000)]
Give mod_dav the ability to output both standard and customized
<D:error> responses. It's crucial for marshalling svn error messages
back over to the client; and someday it will be needed to return
specific <DAV:> errors as dictated by the DeltaV spec.
* mod_dav.h (dav_error): add two new fields -- an optional error
namespace, and an error-tag-name. Remove the 'delayed computation'
function and cxt ptrs in this struct; they were never used.
(dav_new_error_tag): new alternative constructor that takes new
fields.
How can reach our goals if we never have them? So, I ask, "Can we kill
all showstoppers in a week?" Are there enough developers paying attention
to go showstopper hunting?
Doug MacEachern [Thu, 28 Feb 2002 05:28:43 +0000 (05:28 +0000)]
remove #ifdef SHARED_MODULE around ssl library cleanup calls.
SHARED_MODULE is no longer defined, so we were leaking.
plus we always do a full startup/teardown regardless of being a dso or
static.
Doug MacEachern [Thu, 28 Feb 2002 05:17:03 +0000 (05:17 +0000)]
various SSLCACertificatePath fixes:
- return value from apr_dir_read() was checking != APR_SUCCESS rather
than == APR_SUCCESS, so no certs were ever loaded.
- wasn't checking return value of apr_dir_open(), now log an error and
ssl_die() on failure.
Doug MacEachern [Thu, 28 Feb 2002 04:59:07 +0000 (04:59 +0000)]
plug leak in ssl_init_FindCAList() where return value of
X509_NAME_oneline() used for trace logging was not freed.
now passes in a static buffer so no buffer is malloced.
Doug MacEachern [Thu, 28 Feb 2002 03:48:26 +0000 (03:48 +0000)]
need to free the stacks returned by calls to SSL_load_client_CA_file()
in ssl_init_FindCAList(). values are pushed into another stack which
gets freed when SSL context is destroyed.
Aaron Bannert [Thu, 28 Feb 2002 02:56:15 +0000 (02:56 +0000)]
No longer assume SERVER_CONFIG_FILE is in the "conf" directory. Instead
look for it in the $sysconfdir.
This required the use of a new m4 function from APR that retrieves
the fully "expanded", or recursively interpolated, value of the
$sysconfdir variable.
Doug MacEachern [Thu, 28 Feb 2002 01:47:26 +0000 (01:47 +0000)]
always reusing existing private key for given vhost on restarts if key
is encrypted and mtime stamp has not changed. this prevents getting
prompted twice for passphrase on windows and elsewhere when server is
started with -DNO_DETACH.
Doug MacEachern [Thu, 28 Feb 2002 00:01:57 +0000 (00:01 +0000)]
mod_ssl was "leaking" on restart since mc->tTmpKeys table entries
were allocated using apr_palloc out of s->process->pool and pushed
into an apr_array_header_t.
solve the problem by moving from apr_array_header_t's to an apr_hash_t.
also add ssl_asn1_table_{set,unset} wrappers to use malloc/free so we
do not "leak" from s->process->pool.
Allan K. Edwards [Wed, 27 Feb 2002 21:16:19 +0000 (21:16 +0000)]
ownership of the brigade is passed in the ap_pass_brigade call
so make sure that it doesn't get left lying around. This tickled
a bug with mod_deflate and resulted in a bucket being compressed
more than once.
Introduce PassPhraseDialog 'pipe' mechanism. This builds on DougM's
apr-ization of the 'tty', and changes his naming a bit so we clearly
identify the pipe-to and pipe-from the user.
This patch invokes a bidirectional piped dialog to the user.
This is the directive handling commit only, the mechanics patch will
follow. PassPhraseDialog "|/path/to/pipe" will use the bidirectional
pipe to have a 'conversation', along the lines of the tty dialog with
PassPhraseDialog 'builtin'. This is entirely different than the 'exec'
method, which simply runs once for each passphrase, and doesn't allow
for failure/retries, and certainly doesn't offer any sensible 'dialog'.
Aaron Bannert [Wed, 27 Feb 2002 19:40:27 +0000 (19:40 +0000)]
Set defaults for non-autoconf path variables. Also export a couple
variables that for whatever reason weren't being placed into
config_vars.mk.
Warning: This commit alters the "default" layout (ie. when no --enable-layout
is specified). The most notable change will be htdocs in $prefix/share/htdocs,
which works with the autoconf defaults, but may not be what we want. This
will require more work.
This baffled .mak exported build targets for mod_ssl/abs. They will
recognize their output only as .\Release|Debug\mod_ssl.so, etc. Without
the leading .\ kept getting 'dunno how to make ... target'
Must admit, my use case was focused on services. It seems that if we
had a console, we weren't reassigning stdhandles with AllocConsole().
Open the conin/conout very explicitly, and clean up some other cruft.
Aaron Bannert [Wed, 27 Feb 2002 17:16:29 +0000 (17:16 +0000)]
Fix --sysconfdir and --localstatedir, which were being ignored.
Fix --enable-layout to work.
showstoppers--
Note: As far as we can tell, autoconf will not let us override our layout
settings from paramers like --prefix, etc. This is unfortunate, but
we will not let this get in the way of --enable-layout working. This
will be made clear in the docs.
Aaron Bannert [Wed, 27 Feb 2002 17:06:33 +0000 (17:06 +0000)]
Fix --enable-layout to work again.
Fix bug where --sysconfdir and --localstatedir were being ignored by APR.
Caution: When specifying --enable-layout, common arguments like --prefix,
--exec-prefix, etc. will be ignored and the settings from the layout
will be used instead.
I just tried to do a graceful restart while pounding my box with worker
MPM and no segfaults. Am I missing something or were these fixed with
Jeff's latest fixes?
Don't set bytes_sent to be 0 when r->assbackwards since this screws up
logging.
The content length filter seems to track bytes_sent properly regardless
of HTTP version. The HTTP header filter knows not to send C-L (or any
headers) to this client.
Doug MacEachern [Wed, 27 Feb 2002 03:33:38 +0000 (03:33 +0000)]
change builtin passphrase prompt to use stdout rather than stderr.
and switch to using apr_file api for portability.
stderr has already been redirected to the error_log.
rather than attempting to temporarily rehook it to the terminal,
we print the prompt to stdout before EVP_read_pw_string turns
off tty echo. which is also more portable.
Doug MacEachern [Wed, 27 Feb 2002 03:21:09 +0000 (03:21 +0000)]
changing mod_ssl to do a full startup/teardown on each restart rather
than hack to only read passphrase on 1st round startup. this change:
- fixes current segv on restarts (SHARED_MODULE is not defined)
- allows LoadModule ssl_module to be added to httpd.conf on restart
(was core dumping previously)
- allows certs/keys to be changed on restart provided key is not
encrypted or SSLPassPhraseDialog is exec. if key is encrypted and
SSLPassPhraseDialog is builtin, existing private keys will be reused
on restart (which happens currently for any type of key/dialog).
note: mod_ssl currently leaks on restart; leaks more with this change.
fixes to come.
Aaron Bannert [Tue, 26 Feb 2002 18:41:58 +0000 (18:41 +0000)]
These variables need to be delimited with {} or they will conflict with
other variables in the same namespace with a shorter prefix substring.
How did this ever work before? I ran into this while testing some of
the recent layout-fixing patches.