You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2005/09/01 20:12:15 UTC
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap:
apr_ldap_init.c apr_ldap_option.c
FYI this totally borked any 2.1.7 candidate (built on Win32
with the psdk layered atop the vc98, using zlib 1.2.3, final
OpenSSL 0.9.8, apr and apr-util 1.2.1 and apr-iconv 1.0.2).
If you are familiar with linking on Win32, you are probably
aware that some modules are linked by name (e.g. our httpd
application in 2.0) and some are linked by ordinal (including
older 1.3 builds).
An MS .lib file to bind to a .dll is simply a bunch of stubs
and .dll index information. It turns out the lib that shipped
with Visual C was horribly corrupt with respect to the version
of c:\windows\system32\wldap32.dll shipped with Windows 2000.
Have a look at the bindings that are created, when comparing
our modules to what they map to in wldap32.dll on W2k (note
that I used depends.exe, a utility shipped with every version
of visual studio)... the numbers below are the 'ordinals'...
apr-util.so:
022 ldap_err2string
136 ldap_get_option ** PSDK binding
138 ldap_get_paged_count ** VC98 binding
143 ldap_init ** PSDK binding
145 ldap_initW ** VC98 binding
211 ldap_set_option ** PSDK binding
213 ldap_simple_bindA ** VC98 binding
330 ldap_start_tls_s ** PSDK binding (VC98 .lib build fails)
<< not found in wldap32.dll(!)
331 ldap_stop_tls_s ** PSDK binding (VC98 .lib build fails)
<< not found in wldap32.dll(!)
It turns out that we defined APR_HAS_LDAP_START_TLS_S as 0
by default for the win32 build. But we never tested this
flag in apr_ldap_option.c - and that entry point is present
in the platform sdk. But this ordinal doesn't exist, nor
does the function exist, apparently, in wldap32.dll on this
Windows 2000 box. The user will immediately hit the error
'httpd.exe - can't load module'
when trying to start - because httpd.exe is bound to aprutil-1.dll,
which is bound to this non-existant entry point in wldap32.dll.
And it gets worse in mod_ldap.so ....
mod_ldap.so:
22 ldap_err2string
26 ldap_first_entry
30 ldap_get_dn
34 ldap_get_values
36 ldap_count_entries
38 ldap_value_free
41 ldap_msgfree
46 ldap_unbind_s
52 ldap_compare_s
60 ldap_simple_bind_s
136 ldap_get_option ** PSDK binding
138 ldap_get_paged_count ** VC98 binding
143 ldap_init ** PSDK binding
145 ldap_initW ** VC98 binding
195 ldap_search_ext_s ** PSDK binding
200 ldap_memfree
203 ldap_search_ext_sW ** VC98 binding
211 ldap_set_option ** PSDK binding
213 ldap_simple_bindA ** VC98 binding
You can see that the VC98 bindings are totally borked, the
wldap32.lib shipped in Visual C 98 just didn't correspond
to any modern wldap32.dll file.
So... we have to
* respect APR_HAS_LDAP_START_TLS_S. If the user wants to
toggle it, because they have an unusually modern wldap32.dll
with those start_tls/stop_tls functions, jolly for them.
But by default for our distro; no.
* respect APR_HAS_LDAP_SSLINIT, which is already defined to 1
on Windows. We made the exception for APR_HAS_LDAPSSL_INIT
based on the Netware SDK (ick) so even that init path now
respects APR_HAS_LDAPSSL_INIT as well.
* Test how portable (win98? nt?) the ldap_sslinit() is across
the wldap32.dll files. Also find out if older flavors of
wldap32.dll actually use those 'bogus' ldap entry points.
All of this boils down to libaprutil-1.dll. In the previous
0.9 generation, we never actually *linked* to the ldap dll
until we build mod_ldap/mod_auth_ldap. If the symbols were
borked, there was no harm until the user tried to use ldap.
It is possible to use our dynamic function mapping logic,
the way we bind to the Unicode functions in APR, to actually
bring in the wldap32.dll symbols by name, and even test the
features on the fly. That's another project, perhaps for
someone else eager to continue the fight ... Bookmark this
post for reference before you go into battle :)
In the meantime, this should probably get most users running
on Win32, and after 2.1.8 (beta, perhaps :) we can find out
how many Win32 users are still impacted by the wldap32.dll
issues and inconsistencies.
Bill
At 12:01 PM 9/1/2005, wrowe@apache.org wrote:
>Author: wrowe
>Date: Thu Sep 1 10:01:49 2005
>New Revision: 265755
>
>URL: http://svn.apache.org/viewcvs?rev=265755&view=rev
>Log:
>
> Correct the use-case checking to determine our ldap[ssl]_[ssl]init()
> choice. This isn't platform specific, it must be based on our
> apu_ldap.h configuration choices, APR_HAS_LDAP_SSLINIT and
> APR_HAS_LDAPSSL_INIT are already flagged correctly on Netware, Win32.
>
> And follow the APR_HAS_LDAP_START_TLS_S election on Win32, because
> the platform SDK exports a binding to ordinals 330/331 for start/stop
> TLS, but these entry points are missing on Windows 2000 Pro SP4, and
> likely many other flavors of WLDAP32.DLL.
>
> Note that the WLDAP32.DLL is bound by ordinals, not by fn names, so
> VC98 for example provides an invalid wldap32.lib with the wrong
> ordinal numbers. Only use the platform SDK, and use depends.exe to
> ensure that the elected functions are correct. One good thing; the
> VC98 flavor is an LDAPv2 toolkit, while the PSDK is an LDAPv3 which
> passes the #ifndef/#error backstop. So it's unlikely a user will
> bind to the wrong wldap32.lib if the LIB and INCLUDES paths on their
> configuration keeps the VC and PSDK paths in the same order relative
> to the other envvar.
>
>Modified:
> apr/apr-util/trunk/ldap/apr_ldap_init.c
> apr/apr-util/trunk/ldap/apr_ldap_option.c
>
>Modified: apr/apr-util/trunk/ldap/apr_ldap_init.c
>URL: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_init.c?rev=265755&r1=265754&r2=265755&view=diff
>==============================================================================
>--- apr/apr-util/trunk/ldap/apr_ldap_init.c (original)
>+++ apr/apr-util/trunk/ldap/apr_ldap_init.c Thu Sep 1 10:01:49 2005
>@@ -145,8 +145,10 @@
> apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
> *result_err = result;
>
>-#if APR_HAS_NOVELL_LDAPSDK
>+#if APR_HAS_LDAPSSL_INIT
> *ldap = ldapssl_init(hostname, portno, 0);
>+#elif APR_HAS_LDAP_SSLINIT
>+ *ldap = ldap_sslinit((char *)hostname, portno, 0);
> #else
> *ldap = ldap_init((char *)hostname, portno);
> #endif
>
>Modified: apr/apr-util/trunk/ldap/apr_ldap_option.c
>URL: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_option.c?rev=265755&r1=265754&r2=265755&view=diff
>==============================================================================
>--- apr/apr-util/trunk/ldap/apr_ldap_option.c (original)
>+++ apr/apr-util/trunk/ldap/apr_ldap_option.c Thu Sep 1 10:01:49 2005
>@@ -304,6 +304,7 @@
> result->msg = ldap_err2string(result->rc);
> }
> }
>+#if APR_HAS_LDAP_START_TLS_S
> else if (tls == APR_LDAP_STARTTLS) {
> result->rc = ldap_start_tls_s(ldap, NULL, NULL, NULL, NULL);
> if (result->rc != LDAP_SUCCESS) {
>@@ -318,6 +319,7 @@
> result->msg = ldap_err2string(result->rc);
> }
> }
>+#endif
> #endif
>
> #if APR_HAS_OTHER_LDAPSDK
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap:
apr_ldap_init.c apr_ldap_option.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 01:39 PM 9/1/2005, Roy T. Fielding wrote:
>We have no need to support anything other than the latest updates
>of Win2k and WinXP. Anything other than that should not be running
>a server and can continue using our old builds if needed.
+1 (I think we agreed Win9x is dead). It will be worthwhile
to note what the results are, so we can advise users of specific
builds and operating systems, to avoid the new version.
However, I'd no more suggest we ditch WinNT SP6, than to ditch
Solaris 2.6 or Linux 2.2 kernels. If they work, or someone
wants to keep them working, more power to those contributors.
Bill
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap:
apr_ldap_init.c apr_ldap_option.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 01:39 PM 9/1/2005, Roy T. Fielding wrote:
>We have no need to support anything other than the latest updates
>of Win2k and WinXP. Anything other than that should not be running
>a server and can continue using our old builds if needed.
+1 (I think we agreed Win9x is dead). It will be worthwhile
to note what the results are, so we can advise users of specific
builds and operating systems, to avoid the new version.
However, I'd no more suggest we ditch WinNT SP6, than to ditch
Solaris 2.6 or Linux 2.2 kernels. If they work, or someone
wants to keep them working, more power to those contributors.
Bill
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c
apr_ldap_option.c
Posted by Branko Čibej <br...@xbc.nu>.
William A. Rowe, Jr. wrote:
> Brane,
>
> actually I'm thinking that the pre-NT, post-NT split is a perfect
> justification for two different builds, and was working on that for
> the Apache 2.2 installer. Running 9x/NT detection throughout APR just
> seems silly, when you consider that it's one or the other.
I wish there was a simple way to make this choice on the fly, so that I
could, e.g., build _one_ Subversion package with both APR versions and
not worry about which OS it's used on. Oh, well.
> Folks upgrading from borked Win9x OS's to NT feel no pain. Folks that
> downgrade to 9x should be shot on site :)
Or, failing that, on sight. I agree. :)
-- Brane
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c
apr_ldap_option.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Brane,
actually I'm thinking that the pre-NT, post-NT split is a perfect
justification for two different builds, and was working on that for
the Apache 2.2 installer. Running 9x/NT detection throughout APR just
seems silly, when you consider that it's one or the other.
Folks upgrading from borked Win9x OS's to NT feel no pain. Folks that
downgrade to 9x should be shot on site :)
Bill
Branko Čibej wrote:
> Roy T. Fielding wrote:
>
>> We have no need to support anything other than the latest updates
>> of Win2k and WinXP. Anything other than that should not be running
>> a server and can continue using our old builds if needed.
>
>
> *Sigh*, yes, fine, but APR is used by stuff other than httpd, some of
> which aren't servers. Subversion's one of them. It doesn't use ldap, but
> does use apr_util.
>
> If the goal of this project is to produce a portable runtime, then it
> has to run on less-than-bleeding-edge machines (even if some features
> aren't available). If, OTOH, the goal is a portable runtime for httpd,
> then perhaps Subversion should reconsider its use of APR...
>
> (No, I don't think having different flavours of the APR DLLs for
> different versions of Windows is acceptable.)
>
> -- Brane
>
>
> .
>
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c
apr_ldap_option.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Roy T.Fielding wrote:
>
> The goal of this project is to release software that works on as
> many platforms as possible. The impossible platforms can go to hell.
> If you can produce a build that works on older platforms, great,
> but the other projects cannot wait just because we can't maintain
> ABI across the last 10 years of third-party DLLs. Find something
> we can maintain across the next 10 years and stick with that instead.
AFA Apache httpd is concerned, +1.
AFA Apache APR is concerned, -0. Hell, MS can't even keep code building
for three years, never mind 10, with their major tool changes. I'm now
struggling with mod_aspdotnet for 2003+ VC compilers, which cracked
everything (.NET-C++-wise).
That isn't to say all of APR should 'just work' when building to borked
platforms, but if a dev wants to restrict themselves to some subset,
then their app should 'sorta' work.
We are a portability runtime. I never expected that we will be able to
support every BBF (backwards broken platform), but should probably be
able to offer some subset, and at least build "It Worked" apps.
Bill
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c
apr_ldap_option.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Roy T.Fielding wrote:
> On Sep 5, 2005, at 6:59 PM, Branko Čibej wrote:
>
>> That would push an IMHO unacceptable packaging burden on dependent
>> projects. There's a perfectly good alternative that's used elswhere in
>> APR, that is, dynamic binding to OS APIs.
>
>
> Patches are good. Nobody is saying you can't fix it -- I am just
> not willing to wait until it is fixed by divine intervention.
++1!!! (sorry for multiple posts, should set up a queue time on this
new emailer).
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c
apr_ldap_option.c
Posted by Branko Čibej <br...@xbc.nu>.
Roy T. Fielding wrote:
> On Sep 5, 2005, at 6:59 PM, Branko Čibej wrote:
>
>> That would push an IMHO unacceptable packaging burden on dependent
>> projects. There's a perfectly good alternative that's used elswhere
>> in APR, that is, dynamic binding to OS APIs.
>
>
> Patches are good. Nobody is saying you can't fix it -- I am just
> not willing to wait until it is fixed by divine intervention.
Fair enough.
-- Brane
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c apr_ldap_option.c
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Sep 5, 2005, at 6:59 PM, Branko Čibej wrote:
> That would push an IMHO unacceptable packaging burden on dependent
> projects. There's a perfectly good alternative that's used elswhere in
> APR, that is, dynamic binding to OS APIs.
Patches are good. Nobody is saying you can't fix it -- I am just
not willing to wait until it is fixed by divine intervention.
....Roy
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c
apr_ldap_option.c
Posted by Branko Čibej <br...@xbc.nu>.
Graham Leggett wrote:
> Branko Čibej wrote:
>
>> I wish that were true. People use Subversion (client-only, of course)
>> on Win98. I could hardly believe it myself, but it's a fact.
>
>
> Enough people to make it worth worrying about?
IMHO, yes. at least, up to now, we've done our best to make the
Subversion client do a reasonable job on those systems. APR's been a
great help here.
Besides, AIUI this is not even about Win9x; NT and Win2k are affected, too.
> I don't think we should be releasing crippled software to work around
> Microsoft bugs that have Microsoft supported fixes, people should
> rather apply the fix.
As I said, I don't care if a particular feature of APR (in this case,
LDAP support) isn't available on older systems. But I find it
unacceptable that apps linked with APR won't even start on those
systems, even if they don't use the unsupported features.
> If it's impractical, we can always release a "cut down" version of APR
> for the benefit of older platforms, marking it clearly as a version
> supporting the older platforms only.
That would push an IMHO unacceptable packaging burden on dependent
projects. There's a perfectly good alternative that's used elswhere in
APR, that is, dynamic binding to OS APIs.
If people feel this is too marginal an issue, then I'd like to see a
note on apr.apache.org about which versions of which OS APR actually
supports.
-- Brane
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c
apr_ldap_option.c
Posted by Graham Leggett <mi...@sharp.fm>.
Branko Čibej wrote:
> I wish that were true. People use Subversion (client-only, of course) on
> Win98. I could hardly believe it myself, but it's a fact.
Enough people to make it worth worrying about?
I don't think we should be releasing crippled software to work around
Microsoft bugs that have Microsoft supported fixes, people should rather
apply the fix.
If it's impractical, we can always release a "cut down" version of APR
for the benefit of older platforms, marking it clearly as a version
supporting the older platforms only.
Regards,
Graham
--
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c
apr_ldap_option.c
Posted by Branko Čibej <br...@xbc.nu>.
Roy T. Fielding wrote:
> On Sep 2, 2005, at 8:30 PM, Branko Čibej wrote:
>
>> Roy T. Fielding wrote:
>>
>>> We have no need to support anything other than the latest updates
>>> of Win2k and WinXP. Anything other than that should not be running
>>> a server and can continue using our old builds if needed.
>>
>>
>> *Sigh*, yes, fine, but APR is used by stuff other than httpd, some of
>> which aren't servers. Subversion's one of them. It doesn't use ldap,
>> but does use apr_util.
>
> Subversion doesn't need to support anything other than the latest
> updates of Win2k and WinXP for the Microsoft platform. Masochistic
> developers don't use subversion.
I wish that were true. People use Subversion (client-only, of course) on
Win98. I could hardly believe it myself, but it's a fact.
-- Brane
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c apr_ldap_option.c
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Sep 2, 2005, at 8:30 PM, Branko Čibej wrote:
> Roy T. Fielding wrote:
>
>> We have no need to support anything other than the latest updates
>> of Win2k and WinXP. Anything other than that should not be running
>> a server and can continue using our old builds if needed.
>
> *Sigh*, yes, fine, but APR is used by stuff other than httpd, some of
> which aren't servers. Subversion's one of them. It doesn't use ldap,
> but does use apr_util.
Subversion doesn't need to support anything other than the latest
updates of Win2k and WinXP for the Microsoft platform. Masochistic
developers don't use subversion.
> If the goal of this project is to produce a portable runtime, then it
> has to run on less-than-bleeding-edge machines (even if some features
> aren't available). If, OTOH, the goal is a portable runtime for httpd,
> then perhaps Subversion should reconsider its use of APR...
>
> (No, I don't think having different flavours of the APR DLLs for
> different versions of Windows is acceptable.)
The goal of this project is to release software that works on as
many platforms as possible. The impossible platforms can go to hell.
If you can produce a build that works on older platforms, great,
but the other projects cannot wait just because we can't maintain
ABI across the last 10 years of third-party DLLs. Find something
we can maintain across the next 10 years and stick with that instead.
....Roy
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c
apr_ldap_option.c
Posted by Branko Čibej <br...@xbc.nu>.
Roy T. Fielding wrote:
> We have no need to support anything other than the latest updates
> of Win2k and WinXP. Anything other than that should not be running
> a server and can continue using our old builds if needed.
*Sigh*, yes, fine, but APR is used by stuff other than httpd, some of
which aren't servers. Subversion's one of them. It doesn't use ldap, but
does use apr_util.
If the goal of this project is to produce a portable runtime, then it
has to run on less-than-bleeding-edge machines (even if some features
aren't available). If, OTOH, the goal is a portable runtime for httpd,
then perhaps Subversion should reconsider its use of APR...
(No, I don't think having different flavours of the APR DLLs for
different versions of Windows is acceptable.)
-- Brane
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c apr_ldap_option.c
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
We have no need to support anything other than the latest updates
of Win2k and WinXP. Anything other than that should not be running
a server and can continue using our old builds if needed.
....Roy
Re: svn commit: r265755 - in /apr/apr-util/trunk/ldap: apr_ldap_init.c apr_ldap_option.c
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
We have no need to support anything other than the latest updates
of Win2k and WinXP. Anything other than that should not be running
a server and can continue using our old builds if needed.
....Roy