httpd-2.0 nightly build log
am 13.03.2002 10:06:28 von Chuck
Build started Wed Mar 13 01:00:01 PST 2002 on FreeBSD 4.5-STABLE
Checking out httpd-2.0 apr apr-util
Building httpd-2.0-nightly
Merging package apr
Merging package apr-util
Building config in httpd-2.0-nightly
Configuring in httpd-2.0-nightly w/options --enable-maintainer-mode --enable-auth-anon --enable-auth-dbm --enable-auth-db --enable-auth-digest --enable-file-cache --enable-echo --enable-cache --enable-example --enable-ext-filter --enable-case-filter --enable-case-filter-in --enable-optional-hook-export --enable-optional-hook-import --enable-optional-fn-import --enable-optional-fn-export --enable-mime-magic --enable-cern-meta --enable-expires --enable-headers --enable-usertrack --enable-unique-id --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --enable-dav --enable-info --enable-suexec --enable-cgi --enable-cgid --enable-dav-fs --enable-vhost-alias --enable-speling --enable-rewrite --enable-ssl --with-ssl=/usr --enable-rule=SSL_EXPERIMENTAL
Not configured: --enable-charset-lite --enable-disk-cache --enable-tls --with-tls=/usr
Making in httpd-2.0-nightly
ssl_engine_config.c: In function `ssl_cmd_check_aidx_max':
ssl_engine_config.c:569: warning: `desc' might be used uninitialized in this function
ssl_engine_config.c:569: warning: `files' might be used uninitialized in this function
ssl_engine_kernel.c: In function `ssl_hook_Access':
ssl_engine_kernel.c:334: warning: `cipher_list_old' might be used uninitialized in this function
ssl_engine_kernel.c: In function `ssl_hook_Fixup':
ssl_engine_kernel.c:1124: warning: `ssl' might be used uninitialized in this function
ssl_engine_vars.c: In function `ssl_var_lookup_ssl':
ssl_engine_vars.c:288: too few arguments to function `SSL_SESSION_id2sz'
htpasswd.o: In function `main':
/x1/home/chuck/httpd-2.0-nightly/support/htpasswd.c(.text+0x a90): warning: tmpnam() possibly used unsafely; consider using mkstemp()
Build finished Wed Mar 13 01:06:28 PST 2002
http://cvs.apache.org/builds/httpd-proxy/logs/
Re:
am 04.10.2002 16:27:44 von Maurizio Marini
On Friday 04 October 2002 12:26 pm, i.t wrote:
>it would be helpful, if you could provide some more actual details
Hi sir,
It would be nice in general to have a module that allows to modify parameters
passed in a post, precisely like mod_rewrite allows the change of parameters
passed by get. Is this feasible ?
leave general case and come to my problem.
I'm developing in redhat 7.3 httpd 1.3.23-14; it's a very complex infrastructure with mod_pubcookie, mod_proxy and mod_rewrite
it's not easy to describe it; it's easier for me to show you the piece of code that in http allowed me to change parameter in post stuff, but not any more in https
int change_out_post(request_rec *r, char *username) {
char argsbuffer[HUGE_STRING_LEN];
int retval;
/* checkout http_protocols.c for reading the body info */
if ((retval = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)))
return retval;
if (ap_should_client_block(r)) {
char *p=r->connection->client->inptr;
int len_read;
ap_hard_timeout("copy script args", r);
;
if ((p=strstr(r->connection->client->inptr, "username")) != NULL) {
memcpy( p+strlen("username="), foo, 10);
p=r->connection->client->inptr;
}
libpbc_debug("change_out_post[%d]: inptr: %s\n", __LINE__, p);
ap_kill_timeout(r);
}
return(1);
}
i try to explain it:
Premise.
suppose that u want authenticate a user and after authentication u want to add the username to hidden parameter
beacause application on backend (we are in rev-proxy architecture) needs it as post parameters.
The misfact.
before autheticating using mod_pubcookie i add some hidden parameter initialized to null
e.g. 'username= '
u can see sufficient blanks after username=, to accomodate for username value
it's a low tricky, don't blame to me!
after authetication i try to valorize username...how?!?
with strstr i search the parameter name in post area pointed (if we are in http!!!) by r->connection->client->inptr
i add 9 bytes to this pointer (strlen("username="))
i write the username in place of blanks
done!
this horrible trick worked until i pass to https...
Conclusion.
i fear that it's not portable (sure it doesn't work in apache 2.0!) and after apache
rewriting for chunked exploit all my stuff is outdated, even i've not tested it;
i write this piece of code the days before 21 June!!!
My prayer.
now, i know well that this piece of sw cannot be a solution and i seraching for some help to do something more robust and reliable.
thnx in advance!
--
Maurizio Marini