From owner-freebsd-apache@FreeBSD.ORG Wed Jul 27 08:31:26 2011 Return-Path: Delivered-To: freebsd-apache@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E85C106564A for ; Wed, 27 Jul 2011 08:31:26 +0000 (UTC) (envelope-from jrhett@netconsonance.com) Received: from mail.netconsonance.com (mail.netconsonance.com [198.207.204.4]) by mx1.freebsd.org (Postfix) with ESMTP id 60D1A8FC15 for ; Wed, 27 Jul 2011 08:31:26 +0000 (UTC) Received: from megaraptor.home.netconsonance.com (99-124-207-89.uvs.sntcca.sbcglobal.net [99.124.207.89]) (authenticated bits=0) by mail.netconsonance.com (8.14.5/8.14.5) with ESMTP id p6R8VLVY049747; Wed, 27 Jul 2011 01:31:21 -0700 (PDT) (envelope-from jrhett@netconsonance.com) X-Virus-Scanned: amavisd-new at netconsonance.com X-Spam-Flag: NO X-Spam-Score: -11 X-Spam-Level: X-Spam-Status: No, score=-11 tagged_above=-999 required=3.5 tests=[ALL_TRUSTED=-1, LOCAL_AUTH_RCVD=-10] autolearn=disabled Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Jo Rhett In-Reply-To: Date: Wed, 27 Jul 2011 01:31:21 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4E2F3B16.7060204@p6m7g8.com> To: "Philip M. Gollucci" X-Mailer: Apple Mail (2.1084) Cc: freebsd-apache@freebsd.org Subject: Re: problems with db185 authentication for apr 1.4.5 and apache 2.2.19 ? X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jul 2011 08:31:26 -0000 More interesting. I explicitly set AuthDBMType to DB and that problem = disappeared, but the error remained. Looking at kdump this seems to be = the problem: 3928 httpd NAMI "/usr/local/lib/apr-util-1/apr_dbm_db-1.so" "[Wed Jul 27 01:06:25 2011] [error] [client 99.124.207.89] = (20019)DSO load failed: could not open dbm (type DB) auth file: = /path/to/passwd.dat # ls -la /usr/local/lib/apr* -rw-r--r-- 1 root wheel 7164 Jul 26 02:36 /usr/local/lib/apr.exp -rw-r--r-- 1 root wheel 4412 Jul 26 02:36 /usr/local/lib/aprutil.exp This doesn't seem to be a problem of reading the file so much as trying = to load a DS0 that doesn't exist? I've rebuilt apr1 a few times now, and those files simply aren't = installed. On Jul 27, 2011, at 12:31 AM, Jo Rhett wrote: > On Jul 26, 2011, at 3:09 PM, Philip M. Gollucci wrote: >> run httpd -X >> and then use ktrace -i / kdump >> then grep for NAMI and the name of your file >=20 > Okay, well this makes sense at least - it's looking for a .dir file = which of course doesn't exist. What I don't understand here is that I = don't have gdbm or sdbm enabled. In fact, I don't even have them = compiled on the platform. >=20 > # kdump |grep /passwd > 724 httpd NAMI "/path/to/passwd.dat.dir" >=20 > And more to the point, I explicitly told apache not to use anything = except BDB 185. You can see this in the configure line built by the = port: >=20 > $ head -10 /usr/ports/www/apache22/work/httpd-2.2.19/config.log > This file contains any messages produced by compilers while > running configure, to aid debugging if configure makes a mistake. >=20 > It was created by configure, which was > generated by GNU Autoconf 2.68. Invocation command line was >=20 > $ ./configure --prefix=3D/usr/local --enable-layout=3DFreeBSD = --with-perl=3D/usr/local/bin/perl5.14.1 --with-port=3D80 = --with-expat=3D/usr/local --with-iconv=3D/usr/local --enable-http = --with-pcre=3D/usr/local --with-apr=3D/usr/local/bin/apr-1-config = --with-apr-util=3D/usr/local/bin/apu-1-config --disable-authn-file = --disable-authn-default --disable-authz-host --disable-authz-groupfile = --disable-authz-user --disable-authz-default --disable-auth-basic = --disable-charset-lite --disable-include --disable-log-config = --disable-env --disable-setenvif --disable-mime --disable-status = --disable-autoindex --disable-asis --disable-cgid --disable-cgi = --disable-negotiation --disable-dir --disable-imagemap --disable-actions = --disable-userdir --disable-alias --disable-filter --disable-substitute = --disable-proxy --disable-proxy-connect --disable-proxy-ftp = --disable-proxy-http --disable-proxy-ajp --disable-proxy-balancer = --disable-proxy-scgi --disable-reqtimeout --enable-so = --enable-mods-shared=3Dauth_basic auth_digest authn_file authn_dbm = authn_anon authn_default authn_alias authz_host authz_groupfile = authz_user authz_dbm authz_owner authz_default cache disk_cache = file_cache dav dav_fs actions alias asis autoindex cern_meta cgi = charset_lite deflate dir dumpio env expires headers imagemap include = info log_config logio mime mime_magic negotiation rewrite setenvif = speling status unique_id userdir usertrack vhost_alias filter version = reqtimeout ssl --with-dbm=3Ddb185 --with-berkeley-db=3D/usr = --with-ssl=3D/usr --enable-v4-mapped --with-devrandom --with-mpm=3Dprefork= --prefix=3D/usr/local --mandir=3D/usr/local/man = --infodir=3D/usr/local/info/ --build=3Di386-portbld-freebsd8.2 >=20 >=20 >> On 07/26/11 09:35, Jo Rhett wrote: >>> I have a 6.3 system which I just upgraded to 8.2, and obviously = recompiled all ports from scratch. I cleared out the ports DB entirely, = cleared out /usr/local entirely except for etc/config files. Every = other port on the system recompiled fine, except for apache. It works = for everything except reading authentication files. I'd deeply = appreciate any assistance you can give to solving this. >>>=20 >>> For some reason I can't figure out, BDB authentication using the = built-in db 1.85 no longer works. >>>=20 >>> dbmmanage /path/to/file view/adduser/delete/etc works fine >>> file /path/to/file >>> /path/to/file: Berkeley DB 1.85 (Hash, version 2, native = byte-order) >>>=20 >>> Accessing from the web server always returns a 500 error with the = following in the error log: >>> (2)No such file or directory: could not open dbm (type default) = auth file: /path/to/passwd.dat >>>=20 >>> I've recompiled apr and apache with a variety of different options, = and nothing works. apr without any databases doesn't work. apr with BDB = doesn't work, etc. My options for apache have remained the same: >>> APACHE_PORT=3Dwww/apache22 >>> WITH_DBM=3Dbdb >>> WITH_BDB_BASE=3Dyes >>> =09 >>> apr1$ make showconfig >>> =3D=3D=3D> The following configuration options are available for = apr-ipv6-devrandom-db48-1.4.5.1.3.12: >>> THREADS=3Don "Enable Threads in apr" >>> IPV6=3Don "Enable IPV6 Support in apr" >>> BDB=3Doff "Enable Berkley BDB support in apr-util" >>> GDBM=3Doff "Enable GNU dbm support in apr-util" >>> LDAP=3Doff "Enable LDAP support in apr-util" >>> MYSQL=3Doff "Enable MySQL suport in apr-util" >>> NDBM=3Doff "Enable NDBM support in apr-util" >>> PGSQL=3Doff "Enable Postgresql suport in apr-util" >>> SQLITE=3Doff "Enable SQLite3 support in apr-util" >>> DEVRANDOM=3Don "Use /dev/random or compatible in apr" >>> =3D=3D=3D> Use 'make config' to modify these settings >>>=20 >>> apache22$ make showconfig >>> =3D=3D=3D> The following configuration options are available for = apache-2.2.19: >>> THREADS=3Doff "Enable threads support in APR" >>> MYSQL=3Doff "Enable MySQL support for apr-dbd" >>> PGSQL=3Doff "Enable PostgreSQL support for apr-dbd" >>> SQLITE=3Doff "Enable SQLite support for apr-dbd" >>> IPV6=3Don "Enable IPv6 support" >>> BDB=3Don "Enable BerkeleyDB dbm" >>> AUTH_BASIC=3Don "Enable mod_auth_basic" >>> AUTH_DIGEST=3Don "Enable mod_auth_digest" >>> AUTHN_FILE=3Don "Enable mod_authn_file" >>> AUTHN_DBD=3Doff "Enable mod_authn_dbd" >>> AUTHN_DBM=3Don "Enable mod_authn_dbm" >>> AUTHN_ANON=3Don "Enable mod_authn_anon" >>> AUTHN_DEFAULT=3Don "Enable mod_authn_default" >>> AUTHN_ALIAS=3Don "Enable mod_authn_alias" >>> AUTHZ_HOST=3Don "Enable mod_authz_host" >>> AUTHZ_GROUPFILE=3Don "Enable mod_authz_groupfile" >>> AUTHZ_USER=3Don "Enable mod_authz_user" >>> AUTHZ_DBM=3Don "Enable mod_authz_dbm" >>> AUTHZ_OWNER=3Don "Enable mod_authz_owner" >>> AUTHZ_DEFAULT=3Don "Enable mod_authz_default" >>> CACHE=3Don "Enable mod_cache" >>> DISK_CACHE=3Don "Enable mod_disk_cache" >>> FILE_CACHE=3Don "Enable mod_file_cache" >>> MEM_CACHE=3Doff "Enable mod_mem_cache" >>> DAV=3Don "Enable mod_dav" >>> DAV_FS=3Don "Enable mod_dav_fs" >>> BUCKETEER=3Doff "Enable mod_bucketeer" >>> CASE_FILTER=3Doff "Enable mod_case_filter" >>> CASE_FILTER_IN=3Doff "Enable mod_case_filter_in" >>> EXT_FILTER=3Doff "Enable mod_ext_filter" >>> LOG_FORENSIC=3Doff "Enable mod_log_forensic" >>> OPTIONAL_HOOK_EXPORT=3Doff "Enable mod_optional_hook_export" >>> OPTIONAL_HOOK_IMPORT=3Doff "Enable mod_optional_hook_import" >>> OPTIONAL_FN_IMPORT=3Doff "Enable mod_optional_fn_import" >>> OPTIONAL_FN_EXPORT=3Doff "Enable mod_optional_fn_export" >>> LDAP=3Doff "Enable mod_ldap" >>> AUTHNZ_LDAP=3Doff "Enable mod_authnz_ldap" >>> ACTIONS=3Don "Enable mod_actions" >>> ALIAS=3Don "Enable mod_alias" >>> ASIS=3Don "Enable mod_asis" >>> AUTOINDEX=3Don "Enable mod_autoindex" >>> CERN_META=3Don "Enable mod_cern_meta" >>> CGI=3Don "Enable mod_cgi" >>> CHARSET_LITE=3Don "Enable mod_charset_lite" >>> DBD=3Doff "Enable mod_dbd" >>> DEFLATE=3Don "Enable mod_deflate" >>> DIR=3Don "Enable mod_dir" >>> DUMPIO=3Don "Enable mod_dumpio" >>> ENV=3Don "Enable mod_env" >>> EXPIRES=3Don "Enable mod_expires" >>> HEADERS=3Don "Enable mod_headers" >>> IMAGEMAP=3Don "Enable mod_imagemap" >>> INCLUDE=3Don "Enable mod_include" >>> INFO=3Don "Enable mod_info" >>> LOG_CONFIG=3Don "Enable mod_log_config" >>> LOGIO=3Don "Enable mod_logio" >>> MIME=3Don "Enable mod_mime" >>> MIME_MAGIC=3Don "Enable mod_mime_magic" >>> NEGOTIATION=3Don "Enable mod_negotiation" >>> REWRITE=3Don "Enable mod_rewrite" >>> SETENVIF=3Don "Enable mod_setenvif" >>> SPELING=3Don "Enable mod_speling" >>> STATUS=3Don "Enable mod_status" >>> UNIQUE_ID=3Don "Enable mod_unique_id" >>> USERDIR=3Don "Enable mod_userdir" >>> USERTRACK=3Don "Enable mod_usertrack" >>> VHOST_ALIAS=3Don "Enable mod_vhost_alias" >>> FILTER=3Don "Enable mod_filter" >>> SUBSTITUTE=3Doff "Enable mod_substitute" >>> VERSION=3Don "Enable mod_version" >>> PROXY=3Doff "Enable mod_proxy" >>> PROXY_CONNECT=3Doff "Enable mod_proxy_connect" >>> PATCH_PROXY_CONNECT=3Doff "Patch proxy_connect SSL support" >>> PROXY_FTP=3Doff "Enable mod_proxy_ftp" >>> PROXY_HTTP=3Doff "Enable mod_proxy_http" >>> PROXY_AJP=3Doff "Enable mod_proxy_ajp" >>> PROXY_BALANCER=3Doff "Enable mod_proxy_balancer" >>> PROXY_SCGI=3Doff "Enable mod_proxy_scgi" >>> SSL=3Don "Enable mod_ssl" >>> SUEXEC=3Doff "Enable mod_suexec" >>> SUEXEC_RSRCLIMIT=3Doff "SuEXEC rlimits based on login class" >>> REQTIMEOUT=3Don "Enable mod_reqtimeout" >>> CGID=3Doff "Enable mod_cgid" >>> =3D=3D=3D> Use 'make config' to modify these settings >>>=20 >>>=20 >>> As said above, I appreciate any assistance you can give. >>>=20 >>=20 >>=20 >> --=20 >> = ------------------------------------------------------------------------ >> 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C >> Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 >> VP Infrastructure, Apache Software Foundation >> Committer, FreeBSD Foundation >> Consultant, P6M7G8 Inc. >> Sr. System Admin, Ridecharge Inc. >>=20 >> Work like you don't need the money, >> love like you'll never get hurt, >> and dance like nobody's watching. >=20 > --=20 > Jo Rhett > Net Consonance : consonant endings by net philanthropy, open source = and other randomness >=20 --=20 Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and = other randomness