Making the ssl expr parser thread safe

[Stefan Fritsch <sf...@sfritsch.de>]

Hi,

while looking if it would be possible to make an authz provider out of 
SSLRequire, I noticed that the ssl expression parser isn't even thread 
safe.

After quite some fiddling, I think I have successfully converted the 
parser to be re-entrant. This requires bison instead of yacc (but the 
generated code does not fall under the GPL so this should not be a 
problem).

Most of the changes are rather mechanical, because the state needs to 
be passed as parameters instead of being stored in global variables.
The diffs are at

http://people.apache.org/~sf/ssl_expr_source.diff
http://people.apache.org/~sf/ssl_expr_generated.diff

Is there anyone with yacc/bison/flex know how who wants to look at it?
Or do I just commit it? It compiles and passes the test suite.

Cheers,
Stefan

Re: Making the ssl expr parser thread safe

["William A. Rowe Jr." <wr...@rowe-clan.net>]

On 9/29/2010 11:04 AM, Joe Orton wrote:
> On Wed, Sep 29, 2010 at 12:55:36PM +0200, Stefan Fritsch wrote:
>> Most of the changes are rather mechanical, because the state needs to 
>> be passed as parameters instead of being stored in global variables.
>> The diffs are at
>>
>> http://people.apache.org/~sf/ssl_expr_source.diff
>> http://people.apache.org/~sf/ssl_expr_generated.diff
>>
>> Is there anyone with yacc/bison/flex know how who wants to look at it?
>> Or do I just commit it? It compiles and passes the test suite.
> 
> That's awesome, commit away!

Amen - this is 10 years overdue :)  Nice work!

Re: Making the ssl expr parser thread safe

[Joe Orton <jo...@redhat.com>]

On Wed, Sep 29, 2010 at 12:55:36PM +0200, Stefan Fritsch wrote:
> Most of the changes are rather mechanical, because the state needs to 
> be passed as parameters instead of being stored in global variables.
> The diffs are at
> 
> http://people.apache.org/~sf/ssl_expr_source.diff
> http://people.apache.org/~sf/ssl_expr_generated.diff
> 
> Is there anyone with yacc/bison/flex know how who wants to look at it?
> Or do I just commit it? It compiles and passes the test suite.

That's awesome, commit away!

Regards, Joe

ap_expr (was: Making the ssl expr parser thread safe)

[Stefan Fritsch <sf...@sfritsch.de>]

On Friday 01 October 2010, Joe Orton wrote:
> The ap_expr API is still as fugly as when I reviewed it way back;
> lacks  namespace-safety, lacks docs, exposure of parser internals
> is awful, etc.  Is nobody planning to clean this up before 2.4?

I will look at it.

Re: Making the ssl expr parser thread safe

[Joe Orton <jo...@redhat.com>]

On Wed, Sep 29, 2010 at 11:07:14PM +0200, Stefan Fritsch wrote:
> On Wednesday 29 September 2010, Nick Kew wrote:
> > It's been sitting in my to-do list to review mod_ssl's expression
> > parser, and see if we can't substitute ap_expr - with updates to
> > the latter if necessary.
> > 
> > Any thoughts on whether that would work based on your look at it?
> 
> From a technical point of view I see no reason why it would not work. 
> But it would mean to either make the syntax of ap_expr match exactly 
> the syntax of ssl_expr or to break backward compatibility in 
> SSLRequire. I am not sure either makes sense.
> 
> Maybe it would be better to keep both in 2.4 and throw out ssl_expr in 
> 3.0?

"Require expr" is close enough to SSLRequire if ap_expr grew 
documentation and SSL variable lookup, by the looks of it.  The only 
thing missing then is PeerExtList() which would make sense to do via 
Lua, really; it's inflexible and awkward in SSLRequire already.  I'd be 
more than happy to see that done in 2.4.

The ap_expr API is still as fugly as when I reviewed it way back; lacks 
namespace-safety, lacks docs, exposure of parser internals is awful, 
etc.  Is nobody planning to clean this up before 2.4?

Regards, Joe

Re: Making the ssl expr parser thread safe

[Stefan Fritsch <sf...@sfritsch.de>]

On Wednesday 29 September 2010, Nick Kew wrote:
> It's been sitting in my to-do list to review mod_ssl's expression
> parser, and see if we can't substitute ap_expr - with updates to
> the latter if necessary.
> 
> Any thoughts on whether that would work based on your look at it?

From a technical point of view I see no reason why it would not work. 
But it would mean to either make the syntax of ap_expr match exactly 
the syntax of ssl_expr or to break backward compatibility in 
SSLRequire. I am not sure either makes sense.

Maybe it would be better to keep both in 2.4 and throw out ssl_expr in 
3.0?

Re: Making the ssl expr parser thread safe

[Nick Kew <ni...@webthing.com>]

On Wed, 29 Sep 2010 12:55:36 +0200
Stefan Fritsch <sf...@sfritsch.de> wrote:

> Hi,
> 
> while looking if it would be possible to make an authz provider out of 
> SSLRequire, I noticed that the ssl expression parser isn't even thread 
> safe.

It's been sitting in my to-do list to review mod_ssl's expression
parser, and see if we can't substitute ap_expr - with updates to
the latter if necessary.

Any thoughts on whether that would work based on your look at it?

> http://people.apache.org/~sf/ssl_expr_source.diff
> http://people.apache.org/~sf/ssl_expr_generated.diff
> 
> Is there anyone with yacc/bison/flex know how who wants to look at it?
> Or do I just commit it? It compiles and passes the test suite.

Not reviewed, but if you're happy with it, it should be fine for trunk
and presumably won't prejudice a possible switch to ap_expr one way or
another.

-- 
Nick Kew

Re: Making the ssl expr parser thread safe

[Igor Galić <i....@brainsware.org>]

----- "Stefan Fritsch" <sf...@sfritsch.de> wrote:

> Hi,
> 
> while looking if it would be possible to make an authz provider out of

a couple of weeks ago someone made such a request on #httpd, niq wanted
to take a look at it.. I wonder if this is it...

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/