APACHE 2.1 STATUS:                                              -*-text-*-
Last modified at [$Date: 2003/03/07 20:24:07 $]

Release [NOTE that only Alpha/Beta releases occur in 2.1 development]:

     2.1.0   : in development

Please consult the following STATUS files for information
on related projects:

     * srclib/apr/STATUS
     * srclib/apr-util/STATUS
     * docs/STATUS

Contributors looking for a mission:

     * just do an egrep on "TODO" or "XXX" and see what's there


CURRENT RELEASE NOTES:


RELEASE SHOWSTOPPERS:


CURRENT VOTES:

     * httpd-std.conf and friends

       a) httpd-std.conf should be tailored by install (from src or
          binbuild) even if user has existing httpd.conf
          +1:   trawick, slive, gregames, ianh, Ken, wrowe, jwoolley, jim, nd
            wrowe - prefer httpd.default.conf to avoid ambiguity with cvs

       b) tailored httpd-std.conf should be copied by install to
          sysconfdir/examples
          -0:   striker

       c) tailored httpd-std.conf should be installed to
          sysconfdir/examples or manualdir/exampleconf/
          +1:   slive, trawick, Ken, nd (prefer the latter)

       d) Installing a set of default config files when upgrading a server
          doesn't make ANY sense at all.
          +1:   ianh - medium/big sites don't use 'standard config' anyway, as it
                       usually needs major customizations
          -1:   Ken, wrowe, jwoolley, jim, nd
            wrowe - diff is wonderful when comparing old/new default configs,
                    even for customized sites that ianh mentions
            jim - ... assuming that the default configs have been updated
                      with the required inline docs to explain the
                      changes

     * If the parent process dies, should the remaining child processes
       "gracefully" self-terminate. Or maybe we should make it a runtime
       option, or have a concept of 2 parent processes (one being a
       "hot spare").
       See: Message-ID: <3C58232C.FE91F19F@...>

       Self-destruct: Ken, Martin, Lars
       Not self-destruct: BrianP, Ian, Cliff, BillS
       Make it runtime configurable: Aaron, jim, Justin, wrowe, rederpj, nd

       /* The below was a concept on *how* to handle the problem */
       Have 2 parents: +1: jim
                       -1: Justin, wrowe, rederpj, nd
                       +0: Lars, Martin (while standing by, could it do
                                         something useful?)

     * Make the worker MPM the default MPM for threaded Unix boxes.
       +1:   Justin, Ian, Cliff, BillS, striker, wrowe, nd
       +0:   BrianP, Aaron (mutex contention is looking better with the
             latest code, let's continue tuning and testing), rederpj, jim
       -0:   Lars

RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:

     * RFC 2616 violations.
       Closed PRs: 15857.
       Open PRs: 15852, 15859, 15861, 15864, 15865, 15866, 15868, 15869,
                 15870, 16120, 16125, 16126, 16133, 16135, 16136, 16137,
                 16138, 16139, 16140, 16142, 16518, 16520, 16521,
       jerenkrantz says: need to decide how many we need to backport and/or
                         if these rise to showstopper status.

     * There is a bug in how we sort some hooks, at least the pre-config
       hook.  The first time we call the hooks, they are in the correct
       order, but the second time, we don't sort them correctly.  Currently,
       the modules/http/config.m4 file has been renamed to
       modules/http/config2.m4 to work around this problem, it should moved
       back when this is fixed.

         OtherBill offers that this is a SERIOUS problem.  We do not sort
         correctly by the ordering arguments passed to the register hook
         functions.  This was proven when I reordered the open_logs hook
         to attempt to open the error logs prior to the access logs.  Possibly
         the entire sorting code needs to be refactored.

     * pipes deadlock on all platforms with limited pipe buffers (e.g. both
       Linux and Win32, as opposed to only Win32 on 1.3).  The right solution
       is either GStein's proposal for a "CGI Brigade", or OtherBill's proposal
       for "Poll Buckets" for "Polling Filter Chains".  Or maybe both :-)

     * All handlers should always send content down even if r->header_only
       is set.  If not, it means that the HEAD requests don't generate the
       same headers as a GET which is wrong.

     * HP/UX 10.20: compile breakage in APR.  Looks like it should be easy
       to fix, probably just some extraneous #include's that are fouling
       things up.
       PR: 9457
       Jeff: See my reply and patch in the PR (and previous commit to
       stop using "pipe" as a field name).  If patch is committed, we
       should be okay.  I'll wait to see if the user tests the patch.
       Update by Jeff 20020722: I got an account on HP 10.20.  It looks
       like some of the APR thread detection is screwed up.  If we find
       pthread.h but we can't compile the pthread test program we still
       think we can use threads.  For that reason, the patch I posted
       to the PR won't work as-is since a failed compile of the test
       program means nothing.

     * exec cmd and suexec arg-passing enhancements
       Status: Patches proposed
       Message-ID: <20020526041748.A29148@...>
       (see the "proc.patch" and "suexec-shell.patch" links in this message)

     * The 2.0.36 worker MPM graceless shutdown changes work but are
       a bit clunky on some platforms; eg, on Linux, the loop to
       join each worker thread seems to hang, and the parent ends up
       killing off the child with SIGKILL.  But at least it shuts down.

     * --enable-mods-shared="foo1 foo2" is busted on Darwin.  Pier
         posted a patch (Message-ID: <B8DBBE8D.575A%pier@...>).

     * We do not properly substitute the prefix-variables in the configuration
       scripts or generated-configs.  (i.e. if sysconfdir is etc,
       httpd-std.conf points to conf.)

     * If any request gets through ap_process_request_internal() and is
       scheduled to be served by the core handler, without a flag that this
       r->filename was tested by dir/file_walk, we need to 500 at the very
       end of the ap_process_request_internal() processing so sub_req-esters
       know this request cannot be run.  This provides authors of older
       modules better compatibility, while still improving the security and
       robustness of 2.0.

         Status: still need to decide where this goes, OtherBill comments...
         Message-ID: <065701c14526$495203b0$96c0b0d0@...>
         [Deleted comments regarding the ap_run_handler phase, as irrelevant
             as BillS points out that "common case will be caught in
  	     default_handler already (with the r->finfo.filetype == 0 check)"
             and the issue is detecting this -before- we try to run the req.]

	 gregames says: can this happen somehow without a broken module
             being involved?  If not, why waste cycles trying to defend against
             potential broken modules?  It seems futile.
         wrowe counters: no, it shouldn't happen unless the module is broken.
             But the right answer is to fail the request up-front in dir/file
             walk if the path was entirely invalid; and we can't do that either
             UNTIL 2.1 or we break modules that haven't hooked map_to_storage.

     * With AP_MODE_EXHAUSTIVE in the core, it is finally clear to me
       how the Perchild MPM should be re-written.  It hasn't worked
       correctly since filters were added because it wasn't possible to
       get the content that had already been written and the socket at
       the same time.  This mode lets us do that, so the MPM can be
       fixed.

     * htpasswd blindly processes the file you give it, and does no
       sanity checking before totally corrupting whatever file it was
       you thought you had. It should check the input file and bail
       if it finds non-comment lines that do not contain exactly 1
       ':' character.
         Message-ID: <20020217150457.A31632@...>

     * Can a static httpd be built reliably?
         Message-ID: <20020207142751.T31582@...>

     * [Ken] Test suite failures:
       o worker is also failing some of the 'cgi' subtests
       (see <URL:http://Source-Zone.Org/Apache/regression/>):
         Justin says: "Worker should be fine and passes httpd-test here.
                       I think it's a perl or a httpd-test problem."

     * Usage of APR_BRIGADE_NORMALIZE in core_input_filter should be
       removed if possible.
         Message-ID:
<Pine.LNX.4.33.0201202232430.318-100000@...>
         Jeff wonders if we still care about this.  It is no longer an
         API issue but simply an extra trip through the brigade.

     * The Add...Filter and Set...Filter directives do not allow the
       administrator to order filters, beyond the order of filename (mime)
       extensions.  It isn't clear if Set...Filter(s) should be inserted
       before or after the Add...Filter(s) which are ordered by sequence of
       filename extensions.  At minimum, some sort of +-[0-10] syntax seems
       like a nice solution.  See ROADMAP.

     * Get perchild to work on platforms other than Linux. This
       will require a portable mechanism to pass data and file/socket
       descriptors between vhost child groups. An API was proposed
       on dev@apr:
         Message-ID: <20020111115006.K1529@...>

     * Try to get libtool inter-library dependency code working on AIX.
         Message-ID: <cm3n10lx555.fsf@...>

       Justin says: If we get it working on AIX, we can enable this
                    on all platforms and clean up our build system
                    somewhat.
       Jeff says:   I thought I tested a patch for you sometime in
                    January that you were going to commit within a few
                    days.

     * Handling of %2f in URIs.  Currently both 1.3 and 2.0
       completely disallow %2f in the request URI path (see
       ap_unescape_url() in util.c).  It's permitted and passed
       through in the query string, however.  Roy says the
       original reason for disallowing it, from five years ago,
       was to protect CGI scripts that applied PATH_INFO to
       a filesystem location and which might be tricked by
       ..%2f..%2f(...).  We *should* allow path-info of the
       form 'http://foo.com/index.cgi/path/to/path%2finfo'.
       Since we've revamped a lot of our processing of path
       segments, it would be nice to allow this, or at least
       allow it conditionally with a directive.

         OtherBill adds that %2f as the SECOND character of a multibyte
         sequence causes the request to fail!  This happens notably in
         the ja-jis encoding.

     * FreeBSD, threads, and worker MPM.  All seems to work fine
       if you only have one worker process with many threads.  Add
       a second worker process and the accept lock seems to be
       lost.  This might be an APR issue with how it deals with
       the child_init hook (i.e. the fcntl lock needs to be resynced).
       More examination and analysis is required.
         Status: This has also been reported on Cygwin.
                 FreeBSD 4.7 was reputed to have 'fixed' threads.  Not.
         Message-ID: <3C2CC514.8EF3BED1@...> (cygnus)

       Aaron says: I spent some time disecting this and have come to
               the conclusion that it is not a problem in the worker MPM
               (or at least, it is not isolated to a problem in worker).
               I'll list some of the problems I'm seeing in case someone
               else wants to pick up where I've left off:
                - Delivery of just about any signal to one of the child
                  processes will send it into an infinite loop as well.
                - Even though the parent is spinning out of control,
                  at first the child or children will appear to work
                  properly. At times it is possible to get it into a state,
                  however, where a request will hang until another concurrent
                  request "kicks" the first, at which point the second will
                  hang. My theory is that this has to do with the
                  pthread_cond_*() implementation in FreeBSD, but it's still
                  possible that it is in APR.

       Justin adds: Oh, FreeBSD threads are implemented entirely with
                    select()/poll()/longjmp().  Welcome to the nightmare.
                    So, that means a ktrace output also has the thread
                    scheduling internals in it (since it is all the same to
                    the kernel).  Which makes it hard to distinguish between
                    our select() calls and their select() calls.
                    *bangs head on wall repeatedly*  But, some of the libc_r
                    files have a DBG_MSG #define.  This is moderately helpful
                    when used with -DNO_DETACH.  The kernel scheduler isn't
                    waking up the threads on a select().  Yum.  And, I bet
                    those decrementing select calls have to do with the
                    scheduler.  Time to brush up on our OS fundamentals.

     * There is increasing demand from module writers for an API
       that will allow them to control the server ŕ la apachectl.
       Reasons include sole-function servers that need to die if
       an external dependency (e.g., a database) fails, et cetera.
       Perhaps something in the (ever more abused) scoreboard?

              On the other hand, we already have a pipe that goes between parent
              and child for graceful shutdown events, along with an API that
              can be used to send a message down that pipe.  In threaded MPMs,
              it is easy enough to make that one pipe be used for graceful
              and graceless events, and it is also easy to open that pipe
              to both parent and child for writing.  Then we just need to
              figure out how to do graceless on non-threaded MPMs.

     * Allow the DocumentRoot directive within <Location > scopes?  This
       allows the beloved (crusty) Alias /foo/ /somepath/foo/ followed
       by a <Directory /somepath/foo> to become simply
       <Location /foo/> DocumentRoot /somefile/foo (IMHO a bit more legible
       and in-your-face.)  DocumentRoot unset would be accepted [and would
       not permit content to be served, only virtual resources such as
       server-info or server-status.
       This proposed change would _not_ depricate Alias.
         striker: See the thread starting with Message-ID:
           JLEGKKNELMHCJPNMOKHOGEEJFBAA.striker@....

     * Win32: Rotatelogs sometimes is not terminated when Apache
       goes down hard.  FirstBill was looking at possibly tracking the
       child's-child processes in the parent process.
         stoddard: Shared scoreboard might offer a good way for the parent
         to keep track of 'other child' processes and whack them if the child
         goes down.
         Other thoughts on walking the process chain using the NT kernel
         have also been proposed on APR.

     * Eliminate unnecessary creation of pipes in mod_cgid

     * Combine log_child and piped_log_spawn. Clean up http_log.c.
       Common logging API.

     * Platforms that do not support fork (primarily Win32 and AS/400)
       Architect start-up code that avoids initializing all the modules
       in the parent process on platforms that do not support fork.

     * There are still a number of places in the code where we are
       losing error status (i.e. throwing away the error returned by a
       system call and replacing it with a generic error code)

     * Mass vhosting version of suEXEC.

     * All DBMs suffer from confusion in support/dbmmanage (perl script) since
       the dbmmanage employs the first-matched dbm format.  This is not
       necessarily the library that Apache was built with.  Aught to
       rewrite dbmmanage upon installation to bin/ with the proper library
       for predictable mod_auth_dbm administration.
         Questions; htdbm exists, time to kill dbmmanage, or does it remain
                    useful as a perl dbm management example?  If we keep it,
                    do we address the issue above?

     * Integrate mod_dav.
         Some additional items remaining:
         - case_preserved_filename stuff
             (use the new canonical name stuff?)
         - find a new home for ap_text(_header)
         - is it possible to remove the DAV: namespace stuff from util_xml?

     * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
       are a bit wonky.  The function should probably be exposed as a utility
       function (such as ap_translate_url2fs() or ap_validate_fs_url() or
       something).  Another approach would be a new hook phase after
       "translate" which would allow the module to munge what the
       translation has decided to do.
         Status: Greg +1 (volunteers)

     * Explore use of a post-config hook for the code in http_main.c which
       calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
       ap_sort_hooks()  [to reduce the logic in main()]

     * read the config tree just once, and process N times (as necessary)

     * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack

     * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
       into a VirtualHost container) to 2.0.

     * shift stuff to mod_core.h

     * callers of ap_run_create_request() should check the return value
       for failure (Doug volunteers)

     * Win32: Get Apache working on Windows 95/98. The following work
         (at least) needs to be done:
         - Document warning that OSR2 is required (for Crypt functions, in
         rand.c, at least.)  This could be resolved with an SSL library, or
         randomization in APR itself.
         - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
         actually works) and add in a splash of Win9x service code.

     * Fix the worker MPM to use POD to kill child processes instead
       of ap_os_killpg, regardless of how they should die.

     * Scoreboard structures could be changed in the future such that
       proper alignment is not maintained, leading to segfaults on
       some systems.  Cliff posted a patch to deal with this issue but
       later recanted. See this message to dev@...:
       Message-ID: <Pine.LNX.4.44.0203011354090.16457-200000@deepthought
                   .cs.virginia.edu>

     * When sufficiently tested, the AllowEncodedSlashes/%2f patch
       needs to be backported to 2.0 and 1.3.

TODO ISSUES REMAINING IN MOD_SSL:

     * In order to use a DSO version of mod_ssl we have to link with
       -lssl and -lcrypto. A workaround is in place right now where the
       entire EXTRA_LIBS macro is being appended to the objects list, but
       this is a hack. We should either revamp the APACHE_CHECK_SSL_TOOLKIT
       autoconf function or come up with some other autoconf checks to
       search for libssl and libcrypto and properly add them to mod_ssl's
       link flags.

     * SSL renegotiations in combination with POST request

     * Port or dispose all code inside #if 0...#endif blocks that remain
       from the porting effort.

     * Do we need SSL_set_read_ahead()?

     * the ssl_expr api is NOT THREAD SAFE.  race conditions exist:
        -in ssl_expr_comp() if SSLRequire is used in .htaccess
         (ssl_expr_info is global)
        -is ssl_expr_eval() if there is an error
         (ssl_expr_error is global)

     * SSLRequire directive (parsing of) leaks memory

     * Diffie-Hellman-Parameters for temporary keys are hardcoded in
       ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
       "it is suggested that keys be changed daily or every 500
       transactions, and more often if possible."

     * ssl_var_lookup could be rewritten to be MUCH faster

     * CRL callback should be pluggable

     * session cache store should be pluggable

     * init functions should return status code rather than ssl_die()

     * ssl_engine_pphrase.c needs to be reworked so it is generic enough
       to also decrypt proxy keys

     * the shmcb code should just align its memory segment rather than
       jumping through all the "safe" memcpy and memset hoops

WISH LIST
     * mod_proxy performance: when mod_proxy is configured to do proxy
       gateway (aka reverse proxy), it would be nice to be able to reuse
       connections to the backend servers. Now, connections to the
       backend servers are taken down when the corresponding frontend
       connection is taken down.

     * mod_proxy: Ability to run SSL over proxy gateway connections,
       encrypting (or reencrypting) at the proxy.

     * mod_proxy: Add capability of mod_proxy to load balance across
       a farm of backend servers.

     * mod_cache: Handle ESI tags.

EXPERIMENTAL MODULES:

     Experimental modules should eventually be be promoted to fully supported
     status or removed from the repository entirely (ie, the
     'experiment' failed). This section tracks what needs to happen to
     get the modules promoted to fully supported status.

     mod_cache/mod_mem_cache/mod_disk_cache:
     * mod_cache: handle cache_control: no_cache "field_name" to enable
       cacheing the response w/o header "field_name"
       See RFC2616 section 14.9.1

     * mod_mem_cache: Consider adding a RevalidateTimeout directive to
       specify time at which local cached content is to be revalidated
       (ie, underlying file stat'ed to see if it has changed).

     * mod_cache: CacheEnable/CacheDisable should accept regular expressions.

     * mod_cache: Fix dependency on ATOMIC operators. Need
       APR_HAS_ATOMIC_* feature macros.

     * mod_disk_cache: Implement garbage collection

     * mod_mem_cache/mod_disk_cache: Need to be able to query cache
       status (num of entries, cache object properties, etc.).
       mod_status could be extended to query optional hooks defined
       by modules for the purpose of reporting module status.
       mod_cache (et. al.) could define optional hooks that are called
       to collect status.  Status should be queryable by
       HTTP or SNMP?

     * Enable mod_cache/mod_mem_cache/mod_disk_cache to handle
       multiviews

     * mod_mem_cache/mod_disk_cache: Complete implementing config
       directives (mod_disk_cache: CacheExpiryCheck and GC directives
       including CacheGc*, CacheSize, and, CacheTimeMargin)
       (mod_mem_cache: MCacheMaxObjectCount) and
       (mod_cache: CacheForceCompletion).

     mod_auth_ldap/util_ldap:
     * General stabilization and testing


PRs that have been suspended forever waiting for someone to
put them into 'the next release':

     * documentation and Q&A

       PR#2221: Make online documentation search link back to my installation
         Status:

       PR#2906: Propose that Apache recommend $UNIQUE_ID for all "session id"
       algorithms
         Status:

       PR#2793: When will Apache support P3P? Any Plans?
         Status:

     * build

       PR#2113: HTTP Server Rebuild Line Needs Changing for the better
         Status:

       PR#2421: problem specifying ndbm library for build ?with autoconfigure
         Status:

     * config

       PR#76: missing call to "setlocale();"
         Status:

       PR#628: Request of "Options SymLinksIfGroupMatch"
         Status:

       PR#793: RLimitCPU and RLimitMEM don't apply to all children like they
should
         Status:

       PR#922:  it is useful to allow specifiction that root-owned symlinks
       should always be followed
         Status:

       PR#1028: DoS attacks involving memory consumption
         Status:

       PR#1191: setlogin() is not called, causing problems with e.g. identd
         Status:

       PR#1204: regerror() exists, use it
         Status:

       PR#2284: Can not POST to ErrorDocument - Apache/1.3b6
         Status:

       PR#2396: Proposal for TimeZone directive
         Status:

       PR#2446: AllowOverride FileInfo is too coarse
         Status:

       PR#2760: [PATCH] User/Group for <Directory> and <Location> i.e. not only
       in global and <Virtual>.
         Status:

       PR#2907: suggestion: power up your Include directive :)
         Status:

       PR#3018: cannot limit some HTTP methods
         Status:

       PR#3677: New ErrorDocumentMatch directive
         Status:

       PR#4244: "Files" and "FilesMatch" regexp does not recognize bang as
       negation operator
         Status:

       PR#5993: AllowOverride should have a 'CheckNone' and 'AllowNone' argument
       instead of only 'None'
         Status:

     * mod_access

       PR#537: mod_access syntax allows hosts that should be restricted
         Status:

       PR#1287: add allow,deny/deny,allow warning to mod_access
         Status:

       PR#2512: <IfDenied> directive wanted
         Status:

     * mod_auth-any

       PR#557: ~UserHome directories are not honored in absolute pathname
       requests (.htaccess)
         Status:

       PR#1117: Using NIS passwd.byname dbm files with AuthDBMUserFile
         Status:

       PR#1809: Suggestion for improving authentication modules and core source
       code, problem with 401 and ErrorDocument
         Status:

     * mod_autoindex

       PR#1263: Add frame-safe anchor attribute to mod_autoindex links
         Status:

     * mod_cgi (and suexec)

       PR#921: suexec Uses cwd before filling it in, doesn't use syslog
         Status:

       PR#1176: Apache cannot handle continuation line in headers
         Status:

       PR#1120: suexec does not parse arguments to #exec cmd
         Status:

       PR#1268: CGI scripts running as Apache user: security (suexec etc.)
         Status:

       PR#1285: Error messages could be easier to spot in cgi.log file for
suexec.c
         Status:

       PR#1905: suexec - Allow modules to set user:group for execution.
         Status:

       PR#2360: suexec for general access of user content?
         Status:

       PR#2460: TimeOut applies to output of CGI scripts
         Status:

       PR#2573: CGI's for general use still have to be run as another user
       with suExec
         Status:

       PR#4241: Need to be able to override shebang line to make CGI scripts
       more portable.
         Status:

       PR#4490: mod_cgi prevents handling of OPTIONS requests
         Status:

     * mod_env

       PR#370: Modified PATH environemnt variable is not passed, instead
       system's is used
         Status:

     * mod_headers

       PR#1383: I make mod_headers to modify request headers as well as
       response ones.
         Status:

       PR#1677: mod_headers should allow mod_log_config-style formats in
       header values
         Status:

     * mod_imap

       PR#759: imap should read <MAP><AREA>*</MAP> too!
         Status:

     * mod_include

       PR#78: Additional status for XBitHack directive
         Status:

       PR#623: A smarter "Last Modified" value for SSI documents (see PR number
600)
         Status:

       PR#1145: mod_include
       Allow for Last-Modified: without resorting to XBitHack
         Status:

       PR#1803: patches to mod_include to allow for file tests
         Status:

       PR#4459: Suggestion for better handling of Last-modified headers
         Status:

     * mod_info

       PR#2415: /server-info doesn't check for the virtual host to list the info
         Status:

     * mod_log-any

       PR#1050: Logging of virtual server to error_log as well
         Status:

       PR#1358: Selective url-encode of log fields (or maybe a pseudo
       log_rewrite module?)
         Status:

       PR#2073: pipelined connections are not logged correctly
         Status:

       PR#4448: Please allow CGI env variables (QUERY_STRING, ...) to be logged
       with %{}e
         Status:

     * mod_negotiation

       PR#3191: no way to set global quality-of-source (qs) coneg values
       with multiviews
         Status:

     * mod_proxy

       PR#362: Mod_proxy doesn't allow change of error pages
         Status:

       PR#440: Proxy doesn't deliver documents if not connected
         Status:

       PR#534: proxy converts ~name to %7Ename when name starts with a dot (.)
         Status:

       PR#612: Proxy FTP Authentication Fails
         Status:

       PR#700: Proxy doesn't do links right for OpenVMS files through ftp:
         Status:

       PR#980: Controlling Access to Remote Proxies would be nice...
         Status:

       PR#994: Adding authentication "on the fly" through the proxy module
         Status:

       PR#1085: ProxyRemote make a dead cycle.
         Status:

       PR#1166: ``nph-'' not honored (no buffering) for ProxyRemote mapping
         Status:

       PR#1290: Need to know "hit-rate" on proxy cache
         Status:

       PR#1532: Proxy transfer logging
         Status:

       PR#1547: No HTTP_X_FORWARDED_FOR set...
         Status:

       PR#1567: ProxyRemote proxy requests fail authentication by firewall
         Status:

       PR#1702: mod_proxy to support persistent conns?
         Status:

       PR#1878: listing of proxy cache content
         Status:

       PR#2314: patterns in ProxyRemote
         Status:

       PR#2648: Cache file names in Proxy module
         Status:

       PR#3568: Accessing URL through proxy server corrupts data.
         Status:

       PR#3605: Some anonymous FTP URLs ask for authentication
         Status:

     * mod_rewrite

       PR#1582: mod_rewrite forms REQUEST_URI different than mod_cgi does
         Status:

       PR#2074: mod_rewrite doesn't pass Proxy Throughput on internal subrequests
         Status:

     * mod_status

       PR#2138: mod_status always displays 256 possible connection slots
         Status:

       PR#2343: Status module averages are for entire uptime
         Status:

     * apache-api

       PR#1004: request_config field in request_rec is moderately bogus
         Status:

       PR#1158: improvements to child spawning API
         Status:

       PR#1233: there is no way to keep per-connection per-module state
         Status:

       PR#2024: adding auth_why to conn_rec
         Status:

       PR#2873: Feedback/Comment on APACI
         Status:

       PR#3143: No module specific data hook for per-connection data
         Status:

     * generally odds and ends

       PR#2431: A small addition to rotatelogs.c to improve program
functionality.
         Status:

       PR#2763: mailto tags and bundling bug report script
         Status:

       PR#2785: os-aix Support for System Resource Controller
         Status:

       PR#2889: Inclusion of RPM spec file in CVS/distributions
         Status:

       PR#5713: os-windows [PATCH] install as win32 service with domain account
         Status: Cannot accept password-as-arg, we should prompt the
                 user when -k install/-k config with a user argument.



Other bugs that need fixing:

     * ap_discard_request should be converted to use the bucket API
       directly rather than waste cycles copying buffers with the old API.

     * MaxRequestsPerChild measures connections, not requests.
         Until someone has a better way, we'll probably just rename it
         "MaxConnectionsPerChild".

     * Regex containers don't work in an intutive way
         Status: No one has come up with an efficient way to fix this
         behavior. Dean has suggested getting rid of regex containers
         completely.
         OtherBill suggests: We at least seem to agree on eliminating
                             the <Container ~ foo> forms, and using only
                             <ContainerMatch foo> semantics.

     * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
       sigwaiting thread. We need to work around this, perhaps unless
       there is hope soon for a fixed glibc.

     * orig_ct in the byterange/multipart handling may not be
       needed. Apache 1.3 just never stashed "multipart" into
       r->content_type. We should probably follow suit since the
       byterange stuff doesn't want the rest of the code to see the
       multipart content-type; the other code should still think it is
       dealing with the <orig_ct> stuff.
         Status: Greg volunteers to investigate (esp. since he was most
                 likely the one to break it :-)

Binaries (probably not till beta):

  Platform                      Avail.  Volunteer
  ------------------------------------------------------------------
  AIX 4.3.3                     no      Bill Stoddard
  Mandrake 8.1                  no      open
  FreeBSD 4.1                   no      open
  hppa2.0w-hp-hpux11.00         no      Cliff Woolley
  i386-pc-solaris2.8            no      Aaron Bannert
  i386-unknown-freebsd4.5       no
  i386-unknown-freebsd4.6       no      Cliff Woolley
  i686-pc-linux-gnu-slackware81 no      Cliff Woolley
  i686-pc-linux-gnu-rh70        no      Aaron Bannert
  i686-pc-linux-gnu-rh73        no      Cliff Woolley
  ia64-hp-hpux11.20             no
  powerpc-apple-darwin5.5       no      Aaron Bannert
  powerpc-unknown-linux-gnu     no      Graham Leggett
  s390-ibm-linux                no      Greg Ames
  sparc-sun-solaris2.8          no      Jim Jagielski
  NetWare                       no      Brad Nicholes
  OS/2                          no      Brian Havard
  OS/390                        no      Greg Ames
  Win32-x86                     no      William Rowe

Hi all,

I am not able to unsubscribe instead of my repeated attempt.
My mail-box is getting flooded.
Could somebody help me to remove my entry from group.

Regards
Manoj Kumar Jain

On Thu, 8 May 2003, Manoj Kumar Jain wrote:

> I am not able to unsubscribe instead of my repeated attempt.
> My mail-box is getting flooded.
> Could somebody help me to remove my entry from group.

There are instructions for unsubscribing in the headers of every message
sent to the list.  All you have to do is send a blank message to

dev-unsubscribe@...


--Cliff

Hello,
        We are using Apache 2.0 in our application. our application supports both windows and Unix (Tru64). I had built my module which uses Apache 2.0 APIs and creates DLL (test.dll) . We are loading this DLL by LoadModule in "httpd.conf". I was able to start Apache and also my application works properly without any problems on windows.

        The same application we support it on Unix also without any code change. I had built the same module with Apche 2.0 and created shared library "test.so". I load this library by LoadModule from httpd.conf.

LoadModule test_handle modules/test.so
        If I add this in httpd.conf, when I start Apache, simply it hangs, it does not come to the prompt and  does not spawn any hutted processes and also no error.

        If I don't load this shared library, Apache is starting no problems. If I load my shared library then only apache does not start. How Load module  ( my shared library) holds the apache from start. How LoadModule is related in spawning the httpd processes. I had tried many ways, nothing was working. what could be the problem. Same application is running on Windows, no problems at all, this problem I am facing it on Unix only, it does not give  any error/log to locate the problem.

Anybody has any clues or suggestions. any help is much appreciated.

Thanks,
GS

Ed Korthof wrote:
> Hi --
>
> The Header directive in mod_headers.c doesn't allow for embedded
> percentage characters (%).  This can be useful for writing out values
> encoded via MIME semantics: some MIME headers allow a character set
> indicator -- RFC 2184 allows this in the Content-disposition header, for
> the filename, to indicate the encoding of the bytes in the name.
>
> The example that I have working (at least for IE ... Mozilla ignores the
> relevant header, sadly) uses percentage characters to encode the data in
> the filename -- this seems to be the safest approach when the characters
> may be in an encoding other than what the client expects.  This produces
> headers more or less like the following:
>
> Content-disposition: attachment;
filename*=utf-8'ja'%e7%a7%81%e3%81%ae%e3%83%86%e3%82%b9%e3%83%88%e8%a1%a8%e7%a4%\
ba.txt
>
> (wrapping seems to be optional)
>
> Anyway, I had to modify mod_headers.c to allow that behavior.  The
> attached patch allows percentage characters to be included in Header
> constant string values by doubling them up.  I reused an existing
> function -- constant_item -- because that seems more or less consistent
> with the design (it looks like all the tag formatting functions are
> treated the same); and it works, at least in 2.0.45.  I didn't update
> the generated .html.en doc for this -- just the .xml doc.
>
> thanks --
>
> Ed
>
>
> ------------------------------------------------------------------------
>
> Index: docs/manual/mod/mod_headers.xml
> ===================================================================
> RCS file: /home/cvspublic/httpd-2.0/docs/manual/mod/mod_headers.xml,v
> retrieving revision 1.6
> diff -u -r1.6 mod_headers.xml
> --- docs/manual/mod/mod_headers.xml 11 Apr 2003 01:25:52 -0000 1.6
> +++ docs/manual/mod/mod_headers.xml 7 May 2003 19:01:27 -0000
> @@ -244,6 +244,10 @@
>      <tr><td><code>%{FOOBAR}e</code></td>
>          <td>The contents of the <a href="../env.html">environment
>          variable</a> <code>FOOBAR</code>.</td></tr>
> +
> +    <tr><td><code>%%</code></td>
> +        <td>This syntax can be used to include a percentage sign (%) as
> +        in a litteral character string.</td></tr>

litteral -> literal

+1 on the patch.

bill

If you send gdb back trace of hanged process it will be helpful.

If you dont know how to do it :

use "ps -aef | grep httpd" command to find pid then use "gdb httpd <pid>" to
open gdb.

After gdb prompt comes up, type "bt" to see backtrace.

--

On Thu, 8 May 2003 20:01:49
  Guntupalli, Santhi wrote:
>Hello,
> We are using Apache 2.0 in our application. our application supports
>both windows and Unix (Tru64). I had built my module which uses Apache 2.0
>APIs and creates DLL (test.dll) . We are loading this DLL by LoadModule in
>"httpd.conf". I was able to start Apache and also my application works
>properly without any problems on windows.
> The same application we support it on Unix also without any code
>change. I had built the same module with Apche 2.0 and created shared
>library "test.so". I load this library by LoadModule from httpd.conf.
>LoadModule test_handle modules/test.so
> If I add this in httpd.conf, when I start Apache, simply it hangs,
>it does not come to the prompt and  does not spawn any hutted processes and
>also no error.
> If I don't load this shared library, Apache is starting no problems.
>If I load my shared library then only apache does not start. How Load module
>( my shared library) holds the apache from start. How LoadModule is related
>in spawning the httpd processes. I had tried many ways, nothing was working.
>what could be the problem. Same application is running on Windows, no
>problems at all, this problem I am facing it on Unix only, it does not give
>any error/log to locate the problem.
>Anybody has any clues or suggestions. any help is much appreciated.
>
>Thanks,
>GS
>
>


____________________________________________________________
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

* coar@... wrote:

>   Index: ap_mmn.h
>   ===================================================================
>   RCS file: /home/cvs/httpd-2.0/include/ap_mmn.h,v
>   retrieving revision 1.52.2.2
>   retrieving revision 1.52.2.3
>   diff -u -u -r1.52.2.2 -r1.52.2.3
>   --- ap_mmn.h 4 Apr 2003 01:07:33 -0000 1.52.2.2
>   +++ ap_mmn.h 8 May 2003 20:49:32 -0000 1.52.2.3
>   @@ -112,6 +112,7 @@
>     * 20020628 (2.0.40-dev) Added filter_init to filter registration functions
>     * 20020903 (2.0.41-dev) APR's error constants changed
>     * 20020903.2 (2.0.46-dev) add ap_escape_logitem (.1 is waiting for
backport)
>   + * 20020903.3 (2.0.46-dev) allow_encoded_slashes added to core_dir_config

Just a note: The .1 was reserved for your patch (since you've used it
already). No opinion here, whether to change or not...

nd
--
Flhacs wird im Usenet grundsätzlich alsfhc geschrieben. Schreibt man
lafhsc nicht slfach, so ist das schlichtweg hclafs. Hingegen darf man
rihctig ruhig rhitcgi schreiben, weil eine shcalfe Schreibweise bei
irhictg nicht als shflac angesehen wird.       -- Hajo Pflüger in dnq

1) Why does includes "virtual" sometimes fail with
      "unable to include potential exec \"%s\" in parsed file %s"
    when Options IncludesNoEXEC is used?  Why is this check performed?
    What is the reasoning behind it?

--- httpd-2.0.45/modules/filters/mod_include.c  2003-02-03 12:31:38.000000000
-0500
+++ httpd-2.0.45/modules/filters/mod_include.c.new      2003-05-07
15:38:58.000000000 -0400
@@ -1274,12 +1274,6 @@
                      error_fmt = "unable to include \"%s\" in parsed file %s";
                  }

-                if (!error_fmt && (ctx->flags & FLAG_NO_EXEC) &&
-                    rr->content_type &&
-                    (strncmp(rr->content_type, "text/", 5))) {
-                    error_fmt = "unable to include potential exec \"%s\" "
-                        "in parsed file %s";
-                }
                  if (error_fmt == NULL) {
                      /* try to avoid recursive includes.  We do this by walking
                       * up the r->main list of subrequests, and at each level


The documentation for IncludeNoEXEC (with the Options directive) states:
   IncludesNOEXEC
     Server-side includes are permitted, but the #exec command and
     #exec CGI are disabled. It is still possible to #include virtual
     CGI scripts from ScriptAliase'd directories.

When Options IncludesNoEXEC is used, the code for include virtual="..."
currently checks the initial content-type of the target for for text/*
(before running the subrequest) and therefore disallows, for example,
   <!--#include virtual="/cgi-bin/foo.php"-->
since the initial content-type can be application/x-httpd-php.  This
fails even when /cgi-bin/ is marked Options +ExecCGI.  (A workaround
may be to use AddHandler to set it to "cgi-script" and to use AddType
to set the type to text/html.)

What is the reason that the #include virtual="..." (and "file") are
peeking into the subrequest?  Shouldn't they just run the subrequest
and include the results.  After all, requesting the URI directly would
produce identical results, wouldn't it?  Maybe only "#include file"
should check for content-type text/*, but not "#include virtual".

Can this be backported to 2.0 and 1.3?


2) Should <!--#exec cgi="..."--> be officially deprecated?
    The following two statements are almost semantically equivalent AFAICT:
      <!--#exec cgi="/path/to/cgi"-->
      <!--#include virtual="/path/to/cgi${PATH_INFO}?${QUERY_STRING}"-->
    and #include virtual is more flexible, and allowed with IncludesNoEXEC.
    Besides, I really do not like the idea of the silent inheritance of
    path info and query string by #exec cgi because it is an inheritance of
    the path info and query string of the base document, which gets really
    messy if you have nested includes and have an #include virtual in the
    mix which uses its own path info and query string.

    Is there any reason "#exec cgi" should remain in Apache 2.1?  If people
    support removing it, I'll whip up a quick patch to mod_cgi/mod_cgid.
    Backwards compatibility is one thing, but this is cruft.  Current
    documentation says:
      "The include virtual element should be used in preference to exec cgi"
    but does not go so far as to deprecate it, indicating that it might be
    removed in the future.

    In addition to path info and query string inheritance, the only
    difference between #exec cgi and #include virtual is that if the target
    CGI returns a redirect, #exec cgi will turn it into a hyperlink.  I'm
    not sure how often this "feature" is used, but the simple workaround is
    to have the CGI script return the hyperlink as the body of its output:
      print "Content-type: text/plain\n\n",
            "<a href="link">link</a>\n";


3) Apache2 mod_include performs lazy evaluation of a few environment
    variables: DATE_GMT, DATE_LOCAL, LAST_MODIFIED, and USER_NAME
    These variables end up being empty strings ("") in a CGI environment
    unless they are used in the include document prior to the virtual or
    exec include, e.g. the no-op
      <!--#if expr="$DATE_LOCAL"--><!--#endif-->
    Can this be documented somewhere?  What pages should be updated?
    mod_include documentation, the SSI tutorial, others?


4) Minor nit.  Should USER_NAME be inherited from the base document, just
    as the LAST_MODIFIED time is done?  If USER_NAME was generated from the
    lazy value before a sub-include, then it is inherited.  If it was not
    generated before a sub-include, then it will be set with the value of
    the document when it is actually used, leading to inconsistencies.

--- httpd-2.0.45/modules/filters/mod_include.c  2003-02-03 12:31:38.000000000
-0500
+++ httpd-2.0.45/modules/filters/mod_include.c.new      2003-05-09
04:05:26.000000000 -0400
@@ -3386,10 +3386,12 @@
           * torquing our own last_modified date as well so that the
           * LAST_MODIFIED variable gets reset to the proper value if the
           * nested document resets <!--#config timefmt -->.
+         * Also torque info used to generate USER_NAME.
           */
          r->subprocess_env = r->main->subprocess_env;
          apr_pool_join(r->main->pool, r->pool);
          r->finfo.mtime = r->main->finfo.mtime;
+        r->finfo.user  = r->main->finfo.user;
      }
      else {
          /* we're not a nested include, so we create an initial



5) Can mod_include please export get_include_var() as an optional function?
    How about as ap_ssi_get_include_var()?

--- httpd-2.0.45/modules/filters/mod_include.c  2003-02-03 12:31:38.000000000
-0500
+++ httpd-2.0.45/modules/filters/mod_include.c.new      2003-05-07
15:46:05.000000000 -0400
@@ -206,8 +206,8 @@
      return val;
  }

-static const char *get_include_var(request_rec *r, include_ctx_t *ctx,
-                                   const char *var)
+static const char *ap_ssi_get_include_var(request_rec *r, include_ctx_t *ctx,
+                                          const char *var)
  {
      const char *val;
      if (apr_isdigit(*var) && !var[1]) {
@@ -1099,7 +1099,7 @@
                  if (l != 0) {
                      tmp_store        = *end_of_var_name;
                      *end_of_var_name = '\0';
-                    val = get_include_var(r, ctx, start_of_var_name);
+                    val = ap_ssi_get_include_var(r, ctx, start_of_var_name);
                      *end_of_var_name = tmp_store;

                      if (val) {
@@ -1387,9 +1387,9 @@
              if (!strcmp(tag, "var")) {
                  conn_rec *c = r->connection;
                  const char *val =
-                    get_include_var(r, ctx,
-                                    ap_ssi_parse_string(r, ctx, tag_val, NULL,
-                                                        MAX_STRING_LEN, 0));
+                    ap_ssi_get_include_var(
+                      r, ctx, ap_ssi_parse_string(r, ctx, tag_val, NULL
+                                                  MAX_STRING_LEN, 0));
                  if (val) {
                      switch(encode) {
                      case E_NONE:
@@ -3569,6 +3569,7 @@

  static void register_hooks(apr_pool_t *p)
  {
+    APR_REGISTER_OPTIONAL_FN(ap_ssi_get_include_var);
      APR_REGISTER_OPTIONAL_FN(ap_ssi_get_tag_and_value);
      APR_REGISTER_OPTIONAL_FN(ap_ssi_parse_string);
      APR_REGISTER_OPTIONAL_FN(ap_register_include_handler);


Thanks!
Glenn

Jeff Trawick wrote:
> Currently the signal mask blocks all synchronous signals.  That is
> bogus, and on (at least) AIX it can be seen to interfere with proper
> recovery if one of those signals, such as SIGSEGV, is generated during
> the time that it is blocked.  Here is text from the Solaris 8 manpage
> for pthread_sigmask:
>
>      Signals which are  generated  synchronously  should  not  be
>      masked.  If  such  a  signal  is  blocked and delivered, the
>      receiving process is killed.

Anybody else want to review this and comment?  (Thanks for looking at
this already, Jim!)

André Malo wrote:
>
> Just a note: The .1 was reserved for your patch (since you've used it
> already). No opinion here, whether to change or not...

if we've made a release with the .2 value, this needs to stay at .3.
of we haven't, that reservation can be accepted and this returned
down to .2..  right?
--
#ken P-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist      http://Apache-Server.Com/

"Millennium hand and shrimp!"

* Rodent of Unusual Size wrote:

> André Malo wrote:
>>
>> Just a note: The .1 was reserved for your patch (since you've used it
>> already). No opinion here, whether to change or not...
>
> if we've made a release with the .2 value,

nope. It's 2.0.46-dev, too.

> this needs to stay at .3.
> of we haven't, that reservation can be accepted and this returned
> down to .2..  right?

.1? :-)

Sounds reasonable for me. We need to be careful, however. Once we have
released a 2.1 version, the backport chain (2.1 -> 2.0) makes such changes
more or less impossible, resp. in order to be consistent we probably have to
maintain different mmns then.

nd
--
>I have tried using ErrorDocument 401, but doesn't work.
                                            ^^^^^^^^^^^^^
Oh dear.  What does it do - lounge around on the couch all day drinking
beer and watching TV?            -- "Kash" und Alan J. Flavell in ciwsu

two scenarios make it a bad idea to be able to hold the accept mutex
when exiting a child process for idle child cleanup:

1) a child exit hook or a pchild cleanup takes a while

This results in a brief server outage since other children can't accept
new connections.

(If a child exit hook or a pchild cleanup takes forever/deadlocks, we're
toast anyway, since the scoreboard slot is occupied and we won't be able
to keep creating new child processes.)

2) a child exit hook or a pchild cleanup segfaults and accept mutex
mechanism isn't automatically cleaned up by the OS

(mechanism = pthread, 3rd party module = XXX)

deadlock :(

If anybody wants a toy 1.3 module to sleep or segfault in child exit
hook, just let me know.  It is much easier to install than the
commercial version.

Index: src/main/http_main.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_main.c,v
retrieving revision 1.602
diff -u -r1.602 http_main.c
--- src/main/http_main.c 25 Apr 2003 13:50:23 -0000 1.602
+++ src/main/http_main.c 9 May 2003 14:35:32 -0000
@@ -372,6 +372,7 @@
  static pool *plog;  /* Pool for error-logging files */
  static pool *ptrans;  /* Pool for per-transaction stuff */
  static pool *pchild;  /* Pool for httpd child stuff */
+static pool *pmutex;            /* Pool for accept mutex in child */
  static pool *pcommands; /* Pool for -C and -c switches */

  #ifndef NETWARE
@@ -515,6 +516,14 @@
  static void clean_child_exit(int code)
  {
      if (pchild) {
+        /* make sure the accept mutex is released before calling child
+         * exit hooks and cleanups...  otherwise, modules can segfault
+         * in such code and, depending on the mutex mechanism, leave
+         * the server deadlocked...  even if the module doesn't segfault,
+         * if it performs extensive processing it can temporarily prevent
+         * the server from accepting new connections
+         */
+        ap_clear_pool(pmutex);
 	 ap_child_exit_modules(pchild, server_conf);
 	 ap_destroy_pool(pchild);
      }
@@ -4211,10 +4220,15 @@
       * we can have cleanups occur when the child exits.
       */
      pchild = ap_make_sub_pool(pconf);
+    /* associate accept mutex cleanup with a subpool of pchild so we can
+     * make sure the mutex is released before calling module code at
+     * termination
+     */
+    pmutex = ap_make_sub_pool(pchild);

      /* needs to be done before we switch UIDs so we have permissions */
      reopen_scoreboard(pchild);
-    SAFE_ACCEPT(accept_mutex_child_init(pchild));
+    SAFE_ACCEPT(accept_mutex_child_init(pmutex));

      set_group_privs();
  #ifdef MPE

I'm experiencing a should-not-happen condition in apache 1.3.27, and
wondered if anyone else could verify for me. In the case of a 403
error caused by incorrect directory permissions, there is no error
log entry. If the file is unreadable, the 403 goes in the error log.
But if the directory has bogus permissions, there's no entry.
This is on 1.3.27 I've tested this on 2 servers so far, and it seems
consistent.

Specifically:
Directory is 755, file is 644, everything happy

Directory is 755, file is 600, 403 entry in access log, and a
"permission denied" error in error log.

Directory is 700, file is 644, 403 entry in access log, no entry made in
error log.

--
Rich Bowen - rbowen@...
... and another brother out of his mind, and another brother out at New
York (not the same, though it might appear so)
	 Somebody's Luggage (Charles Dickens)

On Fri, 9 May 2003, Rich Bowen wrote:

> I'm experiencing a should-not-happen condition in apache 1.3.27, and
> wondered if anyone else could verify for me. In the case of a 403
> error caused by incorrect directory permissions, there is no error
> log entry. If the file is unreadable, the 403 goes in the error log.
> But if the directory has bogus permissions, there's no entry.
> This is on 1.3.27 I've tested this on 2 servers so far, and it seems
> consistent.

Yes, this is a very longstanding and very irritating omission.  I don't
think I would be exagerating if I said this was the source of hundreds of
confused queries to the users mailing list and newsgroup.

I browsed through the default handler a while back trying to figure out
where this error was getting dropped, but I ran out of time and never got
back to it.  Someone who knows the code better could probably find it
faster.

Joshua.

Joshua Slive wrote:
> On Fri, 9 May 2003, Rich Bowen wrote:
>
>
>>I'm experiencing a should-not-happen condition in apache 1.3.27, and
>>wondered if anyone else could verify for me. In the case of a 403
>>error caused by incorrect directory permissions, there is no error
>>log entry. If the file is unreadable, the 403 goes in the error log.
>>But if the directory has bogus permissions, there's no entry.
>>This is on 1.3.27 I've tested this on 2 servers so far, and it seems
>>consistent.
>
>
> Yes, this is a very longstanding and very irritating omission.  I don't
> think I would be exagerating if I said this was the source of hundreds of
> confused queries to the users mailing list and newsgroup.
>
> I browsed through the default handler a while back trying to figure out
> where this error was getting dropped, but I ran out of time and never got
> back to it.  Someone who knows the code better could probably find it
> faster.

hurray for truss!

/1:                   -> directory_walk(0x15a170, 0x0, 0x0, 0x0)
/1:                     -> ap_os_is_path_absolute(0x15a938, 0x0, 0x0, 0x0)
/1:                     <- ap_os_is_path_absolute() = 1
/1:                     -> get_path_info(0x15a170, 0x0, 0x0, 0x0)
stat("/export/home/trawick/apache13inst/htdocs/test/gobble.html",
0x0015A238) Err#13 EACCES
/1:                     <- get_path_info() = 403
/1:                   <- directory_walk() = 403
/1:                   -> ap_die(0x193, 0x15a170, 0x0, 0x0)

A check was added for eaccess with r1.40 of src/main/http_request.c:

The below patch makes the error message a bit more standard and doesn't
print it if the reason for stat failing was EACCES.  Should go in before
the beta goes out.
Reviewed by: Randy Terbush
Submitted by: Marc Slemko

Here is how to back it out:

diff -u -r1.168 http_request.c
--- src/main/http_request.c     3 Feb 2003 17:13:23 -0000       1.168
+++ src/main/http_request.c     9 May 2003 18:01:06 -0000
@@ -288,7 +288,7 @@
           }
           else {
   #if defined(EACCES)
-            if (errno != EACCES)
+/*            if (errno != EACCES) */
   #endif
                   ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
                               "access to %s failed", r->uri);

Here is some text from dev@httpd around that time, showing justification
for that change:

On Wed, 15 Jan 1997 willday@... wrote:

  > Submitter: willday@...
  > Operating system: Solaris 2.x, version:
  > Version of Apache Used: 1.1.3
  > Extra Modules used:
  > URL exhibiting problem: agent_log_module referer_log_module
config_log_module status_module
  >
  > Symptoms:
  > --
  > If a directory has insufficient perms (700), apache will report in
the error_log that "stat() returned u\
nexpected error[13]" for _each_ possible index file in
srm.con:DirectoryIndex.  Errno 13, according to /us\
r/include/sys/errno.h, is EACCES "Permissio
n denied".  This tends to fill up the error_log unnecessarily, and more
important error messages get lost \
in the noise.  I would imagine the code should check to see if the
errno=EACCES, and just return FORBIDDEN\
, without logging an error.

Anybody want to see if backing out the change still results in multiple
error log entries for a directory listing?

Rich Bowen wrote:
>
> I'm experiencing a should-not-happen condition in apache 1.3.27, and
> wondered if anyone else could verify for me. In the case of a 403
> error caused by incorrect directory permissions, there is no error
> log entry. If the file is unreadable, the 403 goes in the error log.
> But if the directory has bogus permissions, there's no entry.
> This is on 1.3.27 I've tested this on 2 servers so far, and it seems
> consistent.
>

That's as designed, IIRC, though I cannot recall *why* we did it
that way...
--
===========================================================================
    Jim Jagielski   [|]   jim@...   [|]   http://www.jaguNET.com/
       "A society that will trade a little liberty for a little order
              will lose both and deserve neither" - T.Jefferson

On Fri, 9 May 2003, Jeff Trawick wrote:
> hurray for truss!

Good quick sluthing.

>  > If a directory has insufficient perms (700), apache will report in
> the error_log that "stat() returned u\
> nexpected error[13]" for _each_ possible index file in
> srm.con:DirectoryIndex.  Errno 13, according to /us\
> r/include/sys/errno.h, is EACCES "Permissio
> n denied".  This tends to fill up the error_log unnecessarily, and more
> important error messages get lost \
> in the noise.  I would imagine the code should check to see if the
> errno=EACCES, and just return FORBIDDEN\
> , without logging an error.

Having one error for each item in the DirectoryIndex (ie, one for
index.html, index.htm, and index.php) seems like a small penalty for
deobfiscating this error.  I hope, however, that the OS returns a useful
error like (from the freebsd stat() manpage) "Search permission is denied
for a component of the path prefix."

Anyway, +1 on concept for reversing that change, but I don't have a 1.3
install to test.

Joshua.

On Fri, 9 May 2003, Jim Jagielski wrote:

> Rich Bowen wrote:
> >
> > I'm experiencing a should-not-happen condition in apache 1.3.27, and
> > wondered if anyone else could verify for me. In the case of a 403
> > error caused by incorrect directory permissions, there is no error
> > log entry. If the file is unreadable, the 403 goes in the error log.
> > But if the directory has bogus permissions, there's no entry.
> > This is on 1.3.27 I've tested this on 2 servers so far, and it seems
> > consistent.
> >
>
> That's as designed, IIRC, though I cannot recall *why* we did it
> that way...

Then I would suggest that it is a bad design, and leads to a lot of
user confusion. Unless there's a really good reason for this, it would
be nice to have an error message.

--
Rich Bowen - rbowen@...
http://kenya.rcbowen.com/

Jeff Trawick wrote:

> Currently the signal mask blocks all synchronous signals.  That is
> bogus, and on (at least) AIX it can be seen to interfere with proper
> recovery if one of those signals, such as SIGSEGV, is generated during
> the time that it is blocked.  Here is text from the Solaris 8 manpage
> for pthread_sigmask:
>
>      Signals which are  generated  synchronously  should  not  be
>      masked.  If  such  a  signal  is  blocked and delivered, the
>      receiving process is killed.
>
> An idle child process being terminated can hold the pthread mutex and
> have these signals blocked while running a 3rd-party module's child
> exit hook or pool cleanups.  (I hope to address that with a future
> patch, but this patch is appropriate independently.)  If such code
> segfaults, having the corresponding synchronous signal blocked
> (SIGSEGV) is bad news.


Reviewed. +1

Bill

On Fri, 9 May 2003, Joshua Slive wrote:

>
> On Fri, 9 May 2003, Jeff Trawick wrote:
> > hurray for truss!
>
> Good quick sluthing.
>
> >  > If a directory has insufficient perms (700), apache will report in
> > the error_log that "stat() returned u\
> > nexpected error[13]" for _each_ possible index file in
> > srm.con:DirectoryIndex.  Errno 13, according to /us\
> > r/include/sys/errno.h, is EACCES "Permissio
> > n denied".  This tends to fill up the error_log unnecessarily, and more
> > important error messages get lost \
> > in the noise.  I would imagine the code should check to see if the
> > errno=EACCES, and just return FORBIDDEN\
> > , without logging an error.
>
> Having one error for each item in the DirectoryIndex (ie, one for
> index.html, index.htm, and index.php) seems like a small penalty for
> deobfiscating this error.  I hope, however, that the OS returns a useful
> error like (from the freebsd stat() manpage) "Search permission is denied
> for a component of the path prefix."
>
> Anyway, +1 on concept for reversing that change, but I don't have a 1.3
> install to test.

Yes. I am also +1 on this, and have numerous 1.3 installations on which
I can test it.

--
Rich Bowen
Apache - mod_perl - Perl - CGI
http://www.ApacheAdmin.com/

On Fri, 9 May 2003, Jeff Trawick wrote:

> Anybody want to see if backing out the change still results in multiple
> error log entries for a directory listing?

With LogLevel set at debug, I'm just getting:

[Fri May  9 15:33:11 2003] [error] [client 127.0.0.1] (13)Permission
denied: access to /index.html failed

No multiple log entries.

Now, it might be nice if it was more explicit, but at least this error
message give a clue where to look.

--
Rich Bowen - rbowen@...
Author - Apache Administrator's Guide
http://www.ApacheAdmin.com/

On Fri, 9 May 2003, Rich Bowen wrote:

> On Fri, 9 May 2003, Jeff Trawick wrote:
>
> > Anybody want to see if backing out the change still results in multiple
> > error log entries for a directory listing?
>
> With LogLevel set at debug, I'm just getting:
>
> [Fri May  9 15:33:11 2003] [error] [client 127.0.0.1] (13)Permission
> denied: access to /index.html failed
>
> No multiple log entries.

What does your DirectoryIndex directive look like?  Try something like
DirectoryIndex a b c d e

> Now, it might be nice if it was more explicit, but at least this error
> message give a clue where to look.

As long as we are taking all this trouble, we might as well special case
the EACCES error and return something more specific.

Joshua.

Bill Stoddard wrote:
> Jeff Trawick wrote:
>
>> two scenarios make it a bad idea to be able to hold the accept mutex
>> when exiting a child process for idle child cleanup:
>>
>> 1) a child exit hook or a pchild cleanup takes a while
>>
>> This results in a brief server outage since other children can't
>> accept new connections.
>>
>> (If a child exit hook or a pchild cleanup takes forever/deadlocks,
>> we're toast anyway, since the scoreboard slot is occupied and we won't
>> be able to keep creating new child processes.)
>>
>> 2) a child exit hook or a pchild cleanup segfaults and accept mutex
>> mechanism isn't automatically cleaned up by the OS
>>
>> (mechanism = pthread, 3rd party module = XXX)
>>
>> deadlock :(
>>
>> If anybody wants a toy 1.3 module to sleep or segfault in child exit
>> hook, just let me know.  It is much easier to install than the
>> commercial version.
>
>
>
> In 1.3 (on Unix), I would expect that the thread that does the accept
> would be the same thread that runs the child exit hook and pchild
> cleanups. When would that not be the case?  So how can case 2) ever occur?

Yes, we're always talking about single-threaded processes here (we're
agnostic about other threads).

The base level of understanding required is this:

When a child process exits due to graceful restart or due to the parent
cleaning up an idle child, the child process does not explicitly release
the accept mutex prior to calling a child exit hook or a cleanup
registered against pchild.  So maybe the accept mutex is held, maybe it
is not.  (For pthread mutex, it is guaranteed to be held for this type
of exit, since SIGUSR1 will not result in a child process going away if
the child process is waiting on the accept mutex.)

Given that this is how the server works, condition 1 or condition 2 can
occur if a child exit hook or pchild cleanup can take a while or segfault.

The purpose of the patch is to ensure that the accept mutex is never
held when calling a child exit hook or pchild cleanup, thus making the
server more reliable in the presence of 3rd-party code which may not be
as robust as desired.

Rich Bowen wrote:
>
> On Fri, 9 May 2003, Jeff Trawick wrote:
>
> > Anybody want to see if backing out the change still results in multiple
> > error log entries for a directory listing?
>
> With LogLevel set at debug, I'm just getting:
>
> [Fri May  9 15:33:11 2003] [error] [client 127.0.0.1] (13)Permission
> denied: access to /index.html failed
>
> No multiple log entries.
>

The # of entries would equal the # of values for DirectoryIndex.
At least, that's what the original bug handled.
--
===========================================================================
    Jim Jagielski   [|]   jim@...   [|]   http://www.jaguNET.com/
       "A society that will trade a little liberty for a little order
              will lose both and deserve neither" - T.Jefferson

On Fri, 9 May 2003, Joshua Slive wrote:

>
> On Fri, 9 May 2003, Rich Bowen wrote:
>
> > On Fri, 9 May 2003, Jeff Trawick wrote:
> >
> > > Anybody want to see if backing out the change still results in multiple
> > > error log entries for a directory listing?
> >
> > With LogLevel set at debug, I'm just getting:
> >
> > [Fri May  9 15:33:11 2003] [error] [client 127.0.0.1] (13)Permission
> > denied: access to /index.html failed
> >
> > No multiple log entries.
>
> What does your DirectoryIndex directive look like?  Try something like
> DirectoryIndex a b c d e

Ah, yes, I get:

[Fri May  9 16:10:43 2003] [error] [client 127.0.0.1] (13)Permission
denied: access to /index.html failed
[Fri May  9 16:10:43 2003] [error] [client 127.0.0.1] (13)Permission
denied: access to /a failed
[Fri May  9 16:10:43 2003] [error] [client 127.0.0.1] (13)Permission
denied: access to /b failed
[Fri May  9 16:10:43 2003] [error] [client 127.0.0.1] (13)Permission
denied: access to /d failed
[Fri May  9 16:10:43 2003] [error] [client 127.0.0.1] (13)Permission
denied: access to /c failed

> > Now, it might be nice if it was more explicit, but at least this error
> > message give a clue where to look.
>
> As long as we are taking all this trouble, we might as well special case
> the EACCES error and return something more specific.

+1

--
Rich Bowen - rbowen@...
http://kenya.rcbowen.com/

On Fri, 9 May 2003, Rich Bowen wrote:
> > > Now, it might be nice if it was more explicit, but at least this error
> > > message give a clue where to look.
> >
> > As long as we are taking all this trouble, we might as well special case
> > the EACCES error and return something more specific.
>
> +1

OK.  Here is a tested patch, but I'll wait for a couple explicit +1s
before committing.

I'm not sure if perhaps the message should say "... because search
permissions (chmod +x) are missing ..."  to help newbies.

Index: http_request.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_request.c,v
retrieving revision 1.168
diff -u -d -b -u -r1.168 http_request.c
--- http_request.c      3 Feb 2003 17:13:23 -0000       1.168
+++ http_request.c      9 May 2003 20:27:32 -0000
@@ -288,7 +288,12 @@
          }
          else {
  #if defined(EACCES)
-            if (errno != EACCES)
+            if (errno == EACCES)
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+                            "access to %s failed because search "
+                            "permissions are missing on a component "
+                            "of the path", r->uri);
+            else
  #endif
                  ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
                              "access to %s failed", r->uri);

Howdy. I'm new to the list as of this morning.

Yesterday I met Brian Behlendorf here in Ottawa/Canada. I told him I did some
work on suexec.c
to make it work with the Solaris 9 resource manager. He suggested that this may
be worth
sending in as a patch. So here it is. It is worth emphasizing again that this
code is only
valid for Solaris 9 and will work on the newer Solaris releases as well
according to our local
Sun SE.  The code in suexec.c is heavy in logging. Obviously this should be
removed.

To make it work, I changed the log entry in http_main.c, the makefile in
src/support and
suexec.c. Below is my patch created from a Solaris 9 system, using a context
diff.

Cheers

> *** src/main/http_main.c.orig   Thu Feb 20 16:08:51 2003
> --- src/main/http_main.c        Fri May  9 11:01:07 2003
> ***************
> *** 5112,5118 ****
>         if (ap_suexec_enabled) {
>             ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
>                          "suEXEC mechanism enabled (wrapper: %s)",
SUEXEC_BIN);
> !       }
>         ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, server_conf,
>                     "Server built: %s", ap_get_server_built());
>         ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
> --- 5112,5123 ----
>         if (ap_suexec_enabled) {
>             ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
>                          "suEXEC mechanism enabled (wrapper: %s)",
SUEXEC_BIN);
> !
> !           ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
> !                       "%s starting with SRM functionality",
> !                       ap_get_server_version());
> !         }
> !
>         ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, server_conf,
>                     "Server built: %s", ap_get_server_built());
>         ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
> *** Makefile.orig       Fri May  9 10:51:58 2003
> --- Makefile    Fri May  9 09:49:05 2003
> ***************
> *** 59,64 ****
> --- 59,65 ----
>   LIBS=-lm -lap -los $(EXTRA_LIBS) $(LIBS1)
>   INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
>   LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS) -L$(OSDIR) -L$(SRCDIR)/ap
> + LDFLAGS_SUEXEC=$(LDFLAGS1) $(EXTRA_LDFLAGS) -L$(OSDIR) -L$(SRCDIR)/ap
-lproject
>
>   TARGETS=htpasswd htdigest rotatelogs logresolve ab apxs checkgid
>
> ***************
> *** 98,104 ****
>             -e 's%@LIBS_SHLIB@%$(LIBS_SHLIB)%g' && chmod a+x apxs
>
>   suexec: suexec.o
> !       $(CC) $(CFLAGS) -o suexec $(LDFLAGS) suexec.o $(LIBS)
>
>   clean:
>         rm -f $(TARGETS) *.o
> --- 99,105 ----
>             -e 's%@LIBS_SHLIB@%$(LIBS_SHLIB)%g' && chmod a+x apxs
>
>   suexec: suexec.o
> !       $(CC) $(CFLAGS) -o suexec $(LDFLAGS_SUEXEC) suexec.o $(LIBS)
>
>   clean:
>         rm -f $(TARGETS) *.o
> *** suexec.c.orig       Thu Feb 20 12:01:08 2003
> --- suexec.c    Fri May  9 10:38:13 2003
> ***************
> *** 93,98 ****
> --- 93,100 ----
>
>   #include "suexec.h"
>
> + #include <project.h>
> +
>   /*
>    ***********************************************************************
>    * There is no initgroups() in QNX, so I believe this is safe :-)
> ***************
> *** 263,268 ****
> --- 265,274 ----
>       char *cmd;                        /* command to be executed    */
>       char cwd[AP_MAXPATH];     /* current working directory */
>       char dwd[AP_MAXPATH];     /* docroot working directory */
> +     char buf[500];            /* buffer                    */
> +     char projbuf[PROJNAME_MAX]; /* maximum project name size */
> +     char cgi[256];            /* name of cgi               */
> +     struct project pj_ptr;    /* project entry holder      */
>       struct passwd *pw;                /* password entry holder     */
>       struct group *gr;         /* group entry holder        */
>       struct stat dir_info;     /* directory info holder     */
> ***************
> *** 617,633 ****
>         ap_execve(cmd, &argv[3], environ);
>       }
>   #else /*NEED_HASHBANG_EMUL*/
> -     execv(cmd, &argv[3]);
> - #endif /*NEED_HASHBANG_EMUL*/
>
> !     /*
> !      * (I can't help myself...sorry.)
> !      *
> !      * Uh oh.  Still here.  Where's the kaboom?  There was supposed to be an
> !      * EARTH-shattering kaboom!
> !      *
> !      * Oh well, log the failure and error out.
> !      */
> !     log_err("emerg: (%d)%s: exec failed (%s)\n", errno, strerror(errno),
cmd);
> !     exit(255);
>   }
> --- 623,671 ----
>         ap_execve(cmd, &argv[3], environ);
>       }
>   #else /*NEED_HASHBANG_EMUL*/
>
> !  /* use target_uname to setup the project */
> !
> !  sprintf(projbuf,"user.%s",target_uname);
> !  snprintf(cgi,sizeof(cmd),"./%s",cmd);
> !
> !  /* Have to make SURE the project exists. If user.username doesn't exist
> !   * then set the project to the default project name. If that doesn't exist
> !   * either, then execute the SSI or CGI with no SRM functionality and log
it.
> !   */
> !
> !  if (getprojbyname(projbuf,&pj_ptr,buf,sizeof(buf)) == NULL ) {
> !
> !     log_err("emerg: project (%s) doesn't exist. Correct httpd.conf
entry!\n",projbuf);
> !     sprintf(projbuf,"default");
> !
> !     if (getprojbyname(projbuf,&pj_ptr,buf,sizeof(buf)) == NULL ) {
> !
> !         log_err("emerg: default project missing, executing without SRM
functionality\n");
> !         if (execl(cgi,cgi,(char *) 0) < 0) {
> !            log_err("crit: execl failed\n");
> !            exit(255);
> !         }
> !     }
> !     else {              /* If default project exists, log it and run cgi */
> !
> !        log_err("emerg: using default project\n");
> !        log_err("notice: execing (%s) uid %d project %s\n",cgi,uid,projbuf);
> !        if (execl("/bin/newtask","newtask","-l","-p",projbuf,cgi,(char *) 0)
< 0) {
> !           log_err("crit: execl failed\n");
> !           exit(255);
> !        }
> !     }
> !  }
> !  else {
> !       /* user.default project exists, execute it! */
> !
> !    log_err("notice: execing (%s) uid %d project %s\n",cgi,uid,projbuf);
> !    if (execl("/bin/newtask","newtask","-l","-p",projbuf,cgi,(char *) 0) < 0)
{
> !       log_err("crit: execl failed\n");
> !       exit(255);
> !    }
> !  }
> !
> ! #endif /*NEED_HASHBANG_EMUL*/
>   }

--
Rocke Robertson
NCS/GTIS/PWGSC
700 Montreal Rd.
Rocker@...
(613) 748-4604

Jeff Trawick wrote:

> two scenarios make it a bad idea to be able to hold the accept mutex
> when exiting a child process for idle child cleanup:
>
> 1) a child exit hook or a pchild cleanup takes a while
>
> This results in a brief server outage since other children can't
> accept new connections.
>
> (If a child exit hook or a pchild cleanup takes forever/deadlocks,
> we're toast anyway, since the scoreboard slot is occupied and we won't
> be able to keep creating new child processes.)
>
> 2) a child exit hook or a pchild cleanup segfaults and accept mutex
> mechanism isn't automatically cleaned up by the OS
>
> (mechanism = pthread, 3rd party module = XXX)
>
> deadlock :(
>
> If anybody wants a toy 1.3 module to sleep or segfault in child exit
> hook, just let me know.  It is much easier to install than the
> commercial version.


In 1.3 (on Unix), I would expect that the thread that does the accept
would be the same thread that runs the child exit hook and pchild
cleanups. When would that not be the case?  So how can case 2) ever occur?

Bill

Joshua Slive wrote:
> OK.  Here is a tested patch, but I'll wait for a couple explicit +1s
> before committing.

+1 from me (tested)

> I'm not sure if perhaps the message should say "... because search
> permissions (chmod +x) are missing ..."  to help newbies.

the message is plenty long already

--On Friday, May 09, 2003 13:30:57 -0400 Rocke Robertson
<rocker@...> wrote:

> To make it work, I changed the log entry in http_main.c, the makefile in
> src/support and suexec.c. Below is my patch created from a Solaris 9
> system, using a context diff.

Can you please send it as a unified diff instead?  Thanks!  -- justin