Ryan Bloom [Sat, 7 Oct 2000 05:41:59 +0000 (05:41 +0000)]
The newest incarnation of http_filter. This is far from perfect, but it
is a step in the right direction. The idea is that the http_filter knows
about the http protocol. So, it uses that knowledge to discover HTTP
request headers, and sends those headers up to getline. However, it keeps
the request body saved in it's ctx pointer.
Later, when ap_get_client_block is called, we have set the remaining field
in the conn_rec. This tells the http_filter how much of the remaining
data is request body, and how much isn't. So, the http_filter can return
the request body unparsed up throught ap_get_client_block.
This doesn't even try to work with chunked input data, and there are still
some other bugs in it, but it works for small-ish files in my tests, and
it lets other people play with the concept of input filters. I will try
to play with this more, but others should feel free to hack around in it
too.
Greg Stein [Sat, 7 Oct 2000 00:50:42 +0000 (00:50 +0000)]
forward-port John Vasta's checkin to mod_dav 1.1.x (on Sep 25, 2000). this
begins some work to upgrade the versioning support to some of the more
recent drafts.
- get_resource hook has new params
- create_collection hook no longer takes a pool
- new dav_auto_version_info structure to group up autoversion
rollback/commit handling data
- new functions for getting workspace, target-selector, etc
- supportedlock hook now takes the resource in question (since different
resources may have different locks)
- new resource types; tweaks in props.c to support them
- some tweaks with resource creation, Location header, etc.
Here it is, the Win32 part of the big canonical errors patch.
The reason is really, really simple. If we ever choose to mix clib and
dos error codes, they criss-cross and don't line up, but they share the
same number space. As I wrote the new APR_IS_ERROR macros, I realized
we were about to shoot ourselves in the foot.
These changes nearly entirely affect Win32 only. The next big patch will
affect all of the rv == APR_ENOENT type problems throughout the system.
Ryan Bloom [Fri, 6 Oct 2000 16:41:30 +0000 (16:41 +0000)]
Fix a potential memory overrun error in ap_get_client_block. The problem
is that the bucket code does not respect the length passed into it. This
is correct for buckets, but it means that when we get data out of the
buckets, we may have to split the bucket to make sure that any copy
operations are safe. We were originally doing the split at the number of
characters read from the bucket, but we really want to do it at the length
of the buffer.
Greg Stein [Fri, 6 Oct 2000 12:49:21 +0000 (12:49 +0000)]
*) convert fs/lock.c to use APR UUIDs for the opaque locktokens.
*) blow away opaquelock.c and dav_opaquelock.h since direct use of APR UUIDs
is quite easy.
*) toss the uuid_state from the per-server config in mod_dav.c
Ryan Bloom [Fri, 6 Oct 2000 06:07:07 +0000 (06:07 +0000)]
Add the first draft of the http_filter. In time this filter will split
the bucket brigade between the headers and the body. Right now it just
converts \r\n to \n\0.
Ryan Bloom [Thu, 5 Oct 2000 22:40:28 +0000 (22:40 +0000)]
Modify ap_get_client_block to use the bucket brigades instead of BUFF.
I'm pretty sure this isn't complete, but it has worked in my tests with
a very simple CGI.
The lots of little ones... APR_IS_STATUS_condition(rv) conditional macros
replacing the majority of fallible rv == APR_condition tests. But there
are lots more to fix, these are the obvious ones that already did proper
canonical error conversion.
Jeff Trawick [Thu, 5 Oct 2000 16:55:10 +0000 (16:55 +0000)]
Add a bit of infrastructure which will be needed for input filtering:
1) separate filter lists hanging off the r and the c
requests start off with the same filter list as the connection
the input filter list is not initialized for subrequests
internal redirects start off with the same filter list as the
connection
2) AddInputFilter directive (blatant rip-off of Ryan's AddOutputFilter
directive); as with AddOutputFilter, the network is implicitly to the
right of the specified filter list; this may not be the most
intuitive way to specify the filters; not sure yet
Ryan Bloom [Thu, 5 Oct 2000 05:42:06 +0000 (05:42 +0000)]
Multiple build and configuration fixes
Build process:
-add datadir and localstatedir substitutions
-fix layout name
-fix logfilename misspelling
-fix evaluation of installation dir variables and
-replace $foobar by $(foobar) to be usefull in the makefile
Cross compile:
-add rules for cross-compiling in rules.mk. Okay, rule to check for
$CC_FOR_BUILD is still missing
-use CHECK_TOOL instead of CHECK_PROG for ranlib
-add missing "AR=@AR@" to severaly Makefile.in's
-cache result for "struct rlimit"
-compile all helper programs with native and cross compiler
and use the native version to generate header file
Ryan Bloom [Thu, 5 Oct 2000 03:44:22 +0000 (03:44 +0000)]
If mod_so is compiled into the server, we need to create libexec, even
if there are no shared modules compiled. This is in keeping with what
we did with Apache 1.3, and it allows APXS to work, even if there were no
shared modules installed initially.
Jeff Trawick [Thu, 5 Oct 2000 02:11:11 +0000 (02:11 +0000)]
The new request_rec set up for redirects needs to pick up the
output filter chain from the conn_rec. Any required request
filters will be inserted later.
Ryan Bloom [Wed, 4 Oct 2000 23:19:33 +0000 (23:19 +0000)]
Connection oriented filters are now stored in the conn_rec instead of the
request_rec. This means that a conn_rec must be supplied when calling
ap_add_filter. The reason for this change is that we need to be able to
add the core_filter (whether or SSL or not) before we try to read the
request. This way, if a request fails, we can actually send the error
page back to the client. With this change, we add the core filter to the
conn_rec during the pre-connection phase.
Submitted by: Ryan Bloom, Jeff Trawick, and Greg Ames
Jeff Trawick [Wed, 4 Oct 2000 22:09:46 +0000 (22:09 +0000)]
In core_output_filter(), reset nbytes to zero after calling
writev_it_all() in case we have another brigade to process.
Otherwise, nbytes is bogus for the second brigade and
writev_it_all() doesn't know when to quit (it loops).
In writev_it_all(), when compensating for bytes already sent
don't go beyond the number of iovs we were passed on input.
Bill Stoddard [Wed, 4 Oct 2000 19:11:03 +0000 (19:11 +0000)]
Take another shot at reimplementing core_output_filter. This implementation buffers
brigades across multiple calls until MAX_IOVEC_TO_WRITE or
MIN_SIZE_TO_WRITE thresholds are hit. This implementation does not attempt
to coalesce bytes. Moving a bit further down the filter learning curve...
Jeff Trawick [Wed, 4 Oct 2000 17:14:00 +0000 (17:14 +0000)]
Clean up md5 digest support in default_handler() a bit:
1) don't compute md5 if we have a content filter; it is almost always wrong
2) add note about adding md5 filter in the future; this can be done
3) delete some APACHE_XLATE/CHARSET_EBCDIC baggage associated with md5
digest support; part of this deleted baggage is a segfault on
subrequests referencing r->rrx (which is not allocated for subrequests)
Jeff Trawick [Tue, 3 Oct 2000 22:08:38 +0000 (22:08 +0000)]
Change ap_send_fd() so that it returns a proper apr_status_t value
instead of the number of bytes sent.
default_handler() ignores the ap_send_fd() return code, but
mod_file_cache doesn't. When mod_file_cache's handler called
ap_send_fd(), the client would get the desired file plus an
error document (500 internal server error), which was delivered
because mod_file_cache's handler returned an error since
ap_send_fd() returned non-zero.
Also in this commit is a hack to be able to compile when APACHE_XLATE
is defined.
Jeff Trawick [Tue, 3 Oct 2000 21:56:43 +0000 (21:56 +0000)]
Change core_input_filter() so that it returns an empty brigade upon
FIN/EOF or error. This meshes with what getline() looks for. It isn't
perfect, but it avoids some nasty loops consuming all available storage
on http/1.1 connections. In keepalive state, we call getline to read the
next request... getline() calls core_input_filter() (indirectly)...
core_input_filter() calls apr_recv() which returns APR_SUCCESS/0 bytes
to signal FIN/EOF. But core_input_filter() returned a bucket with length
zero to getline(), so getline() called core_input_filter() again.
Jeff Trawick [Tue, 3 Oct 2000 21:48:31 +0000 (21:48 +0000)]
Fix some bad calls to ap_log_error(); some of these neglected to
turn on APLOG_NOERRNO even though no syscall failure was being
reported; others passed errno instead of the APR retcode.
Jeff Trawick [Tue, 3 Oct 2000 15:05:26 +0000 (15:05 +0000)]
The previous commit pointed out an unfortunate problem with the
ap_os_case_canonical_filename() interface: It returns const char * on
platforms where no mapping is ever performed but char * on platforms
where mapping can occur. Such a discrepancy seems to be a good choice,
as no platform is penalized with extra pathlength.
This tweak gets rid of a const misuse warning on systems where
ap_os_case_canonical_filename() returns const char *.
Ok... I've been waiting to find out what happens when we commit to two
trees at once. To that end, this is the caching and rather stable 2.0
mod_isapi, with the docs brought over from 1.3 and freshened a bit.
Ryan Bloom [Tue, 3 Oct 2000 00:44:00 +0000 (00:44 +0000)]
Replace ap_get_data_from_filter and ap_save_data_to_filter with
ap_save_brigade. This function does not try to save the actual brigade to
a specific location. If just traverses the brigade, calls setaside if
it is available and concatenates it with a previously setaside brigade.
The resulting brigade is returned to the caller for them to save it to
the appropriate location.
Bill Stoddard [Mon, 2 Oct 2000 22:00:59 +0000 (22:00 +0000)]
Fix two problems. First we are setting aside the wrong bucket brigade. Second, we need to
check that a setaside routine is defined for the bucket before attempting to call it. Not sure
at all if we even want to keep this routine as it does not allow using filter->ctx for other
purposes.
Ryan Bloom [Mon, 2 Oct 2000 19:52:37 +0000 (19:52 +0000)]
Move where the CORE_IN filter is added to the server. We used to do this
in ap_new_connection, but that is bogus, because then other modules can't
put their own filter in. Now, we do this in a new pre-connection hook
function. Later, we will want to add some checking to make sure that this
is really an HTTP request that we are adding the filter for.
Yes - it's blatently obvious that this should be 'bucketized', but the
sequence I will follow is:
*) compatibility of sources
*) extension to async + transmitfile emulated support
*) localization of ISAPI* directives to Directory, File blocks
*) addition of ISAPI caching
*) recode for buckets.
I'm actually looking forward to the mod_cgi bucketization as a model.
Ryan Bloom [Mon, 2 Oct 2000 00:47:28 +0000 (00:47 +0000)]
Implement input filtering. This is definately not completely correct, but
it is a good first step. It is possible to add filters when reading from
the client with this change.
Bill Stoddard [Fri, 29 Sep 2000 18:12:14 +0000 (18:12 +0000)]
First cut at a filter to buffer/coalesce multiple small buckets into a single large bucket.
This implementation is limited to coalescing a single string of small (< MIN_BUCKET_SIZE)
buckets into one large bucket. If a brigade contains a string of small buckets followed by a
large bucket followed by another string of small buckets, only the first string will be coalesced.
This implementation works very well with the output generated by mod_autoindex though.
The number of iovecs handled by http_core is reduced to three from over a thousand for my
test case.
Create a helper function "get_canned_error_string" for use by
ap_send_error_response. The new function simply returns the error response
string corresponding to given HTTP error core. This makes it easier to
change the mechanism for sending these strings, because we no longer have
r[v]puts calls spread throughout the error string generation code.
Jeff Trawick [Tue, 26 Sep 2000 19:38:41 +0000 (19:38 +0000)]
Debug messages in mod_charset_lite are now controlled by
CharsetOptions DebugLevel=n instead of CharsetDebug on/off. Use the debug
level to decide which debug messages to issue (if any). Use ap_log_rerror()
instead of ap_log_error() when appropriate.
Describe CharsetOptions in the doc.
Jeff Trawick [Tue, 26 Sep 2000 15:08:26 +0000 (15:08 +0000)]
Sanity-check the use of multiple instances of XLATEOUT in a
filter chain. If the translation performed by an instance
being run for the first time clashes with an instance already
in place, disable the new instance.
Set BSD_MAKEFILE in configure.in. The macro APACHE_GEN_MAKEFILES is
executed in the context of config.status with variable substitution
already performed, so the check in the macro itself did not work.
Cleaner feature tests and new -d -m -s -p options for crypt, MD5, SHA1
and plaintext password cyphers. Not certain what the $^O tag for
NETWARE really is, so this may need to be fixed.
David Reid [Sun, 24 Sep 2000 12:40:05 +0000 (12:40 +0000)]
We don't have config.guess until later in the build cycle, so change the
test to use uname. with this change a clean CVS copy will build using
./buildconf;./configure;make exactly like it should.
Jeff Trawick [Sat, 23 Sep 2000 22:09:30 +0000 (22:09 +0000)]
The new core post_read_request hook needs to return something
(DECLINED). This allows Apache to serve pages again (other than
the 500 Internal Server Error page, that is).
Ryan Bloom [Sat, 23 Sep 2000 18:39:30 +0000 (18:39 +0000)]
Combine the calls to add the core_filter to one place. Basically, it is
safe to add the core_filter during the post_read_request, and it means
that we only have to add the filter once in the code. This should make
it easier to add an SSL module in the future.
Tony Finch [Sat, 23 Sep 2000 00:05:45 +0000 (00:05 +0000)]
Fix a security problem that affects certain configurations of mod_rewrite.
If the result of a RewriteRule is a filename that contains expansion
specifiers, especially regexp backreferences $0..$9 and %0..%9, then it
may be possible for an attacker to access any file on the web server.
The fix replaces a multi-pass string expander with a one-pass expander,
and includes the code quality improvements that were committed separately
to 1.3.
Bill Stoddard [Fri, 22 Sep 2000 20:36:20 +0000 (20:36 +0000)]
Make the core_filter use apr_sendv and apr_sendfile as appropriate. This is still a bit crufty
but it is an improvement over the previous implementation.
Note 1: Only needed for BSD/OS.
Note 2: Invent better heuristic (timestamp checks for build/*.mk).
Note 3: Conversion is currently one-way
Note 4: Don't package on BSD/OS.
Jeff Trawick [Fri, 22 Sep 2000 14:57:08 +0000 (14:57 +0000)]
mod_include now tweaks the subrequest output filter chain so that
only *subsequent* filters from the original request are inherited.
Previously, *all* filters from the original request were inherited.
Currently, any filter which runs a subrequest should do the same
thing (though a cleaner interface may be appropriate.)
With this change, subrequests are properly filtered much more often.
Jeff Trawick [Fri, 22 Sep 2000 11:37:05 +0000 (11:37 +0000)]
Provide a socklen_t to the user of APR as a portability aid. Some
systems have unsigned sockaddr len parameters; others have signed.
When passing the length by address (as to accept()) a warning is
generated if the sign is not correct.
This patch assumes that, if no native socklen_t is provided,
apr_socklen_t is always signed; that can be easily tweaked for
certain platforms later.
Inside APR, apr_socklen_t is only used currently in the Unix
implementation.
Submitted by: Victor J. Orlikowski <v.j.orlikowski@gte.net>
Reviewed by: Jeff Trawick