Date: Wed, 27 Jul 2011 01:50:35 -0700 From: Jo Rhett <jrhett@netconsonance.com> To: "Philip M. Gollucci" <pgollucci@p6m7g8.com> Cc: freebsd-apache@freebsd.org Subject: Re: problems with db185 authentication for apr 1.4.5 and apache 2.2.19 ? Message-ID: <BEA8B970-6C8F-4699-B857-910CAE2D60BF@netconsonance.com> In-Reply-To: <B4CA9D00-9EDD-4632-8A7F-3E0C45A89088@netconsonance.com> References: <B11948A9-A085-4D97-B8E8-700D7169E7C7@netconsonance.com> <4E2F3B16.7060204@p6m7g8.com> <FD27D76B-04E5-4D61-98D1-2B76BB02C50C@netconsonance.com> <B4CA9D00-9EDD-4632-8A7F-3E0C45A89088@netconsonance.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Okay, by compiling apr with BDB support (db48 since that's what I have =
installed) I got that .so file to exist, but apr can't read the file. =
It would appear that the root of this problem is that I can compile =
apache with db185 support, but there's no way I have found to compile =
apr with support for db185?
54579 initial thread NAMI "/path/to/passwd.dat"
54579 initial thread STRU struct stat {dev=3D94, ino=3D14790906, =
mode=3D-rw-r----- , nlink=3D1, uid=3D1001, gid=3D80, rdev=3D59123456, =
atime=3D1311756287, stime=3D117346
0427, ctime=3D1173460427, birthtime=3D1173460427, size=3D16384, =
blksize=3D16384, blocks=3D32, flags=3D0x0 }
54579 initial thread RET stat 0
54579 initial thread CALL open(0x884b1100,O_RDONLY,<unused>0)
54579 initial thread NAMI "/path/to/passwd.dat"
54579 initial thread RET open 13/0xd
54579 initial thread CALL fcntl(0xd,F_GETFD,0)
54579 initial thread RET fcntl 0
54579 initial thread CALL fcntl(0xd,F_SETFD,FD_CLOEXEC)
54579 initial thread RET fcntl 0
54579 initial thread CALL read(0xd,0xbfbfe484,0x200)
54579 initial thread GIO fd 13 read 512 bytes
54579 initial thread RET read 512/0x200
54579 initial thread CALL write(0x2,0xbfbfda50,0x5b)
54579 initial thread GIO fd 2 wrote 91 bytes
"__db_meta_setup: /path/to/passwd.dat: unexpected file type or =
format"
54579 initial thread RET write 91/0x5b
54579 initial thread CALL write(0x2,0x883847f3,0x1)
54579 initial thread GIO fd 2 wrote 1 byte
54579 initial thread RET write 1
54579 initial thread CALL close(0xd)
54579 initial thread RET close 0
54579 initial thread CALL gettimeofday(0xbfbfa7c4,0)
54579 initial thread RET gettimeofday 0
54579 initial thread CALL write(0x6,0xbfbfc81c,0xbe)
54579 initial thread GIO fd 6 wrote 190 bytes
"[Wed Jul 27 01:44:49 2011] [error] [client 99.124.207.89] =
(120022)APR does not understand this error code: could not open dbm =
(type DB) auth file: /path/to/passwd.dat
"
On Jul 27, 2011, at 1:31 AM, Jo Rhett wrote:
> More interesting. I explicitly set AuthDBMType to DB and that problem =
disappeared, but the error remained. Looking at kdump this seems to be =
the problem:
>=20
> 3928 httpd NAMI "/usr/local/lib/apr-util-1/apr_dbm_db-1.so"
> "[Wed Jul 27 01:06:25 2011] [error] [client 99.124.207.89] =
(20019)DSO load failed: could not open dbm (type DB) auth file: =
/path/to/passwd.dat
>=20
> # ls -la /usr/local/lib/apr*
> -rw-r--r-- 1 root wheel 7164 Jul 26 02:36 /usr/local/lib/apr.exp
> -rw-r--r-- 1 root wheel 4412 Jul 26 02:36 =
/usr/local/lib/aprutil.exp
>=20
> This doesn't seem to be a problem of reading the file so much as =
trying to load a DS0 that doesn't exist?
>=20
> I've rebuilt apr1 a few times now, and those files simply aren't =
installed.
>=20
> On Jul 27, 2011, at 12:31 AM, Jo Rhett wrote:
>> On Jul 26, 2011, at 3:09 PM, Philip M. Gollucci wrote:
>>> run httpd -X
>>> and then use ktrace -i / kdump
>>> then grep for NAMI and the name of your file
>>=20
>> Okay, well this makes sense at least - it's looking for a .dir file =
which of course doesn't exist. What I don't understand here is that I =
don't have gdbm or sdbm enabled. In fact, I don't even have them =
compiled on the platform.
>>=20
>> # kdump |grep /passwd
>> 724 httpd NAMI "/path/to/passwd.dat.dir"
>>=20
>> And more to the point, I explicitly told apache not to use anything =
except BDB 185. You can see this in the configure line built by the =
port:
>>=20
>> $ head -10 /usr/ports/www/apache22/work/httpd-2.2.19/config.log
>> This file contains any messages produced by compilers while
>> running configure, to aid debugging if configure makes a mistake.
>>=20
>> It was created by configure, which was
>> generated by GNU Autoconf 2.68. Invocation command line was
>>=20
>> $ ./configure --prefix=3D/usr/local --enable-layout=3DFreeBSD =
--with-perl=3D/usr/local/bin/perl5.14.1 --with-port=3D80 =
--with-expat=3D/usr/local --with-iconv=3D/usr/local --enable-http =
--with-pcre=3D/usr/local --with-apr=3D/usr/local/bin/apr-1-config =
--with-apr-util=3D/usr/local/bin/apu-1-config --disable-authn-file =
--disable-authn-default --disable-authz-host --disable-authz-groupfile =
--disable-authz-user --disable-authz-default --disable-auth-basic =
--disable-charset-lite --disable-include --disable-log-config =
--disable-env --disable-setenvif --disable-mime --disable-status =
--disable-autoindex --disable-asis --disable-cgid --disable-cgi =
--disable-negotiation --disable-dir --disable-imagemap --disable-actions =
--disable-userdir --disable-alias --disable-filter --disable-substitute =
--disable-proxy --disable-proxy-connect --disable-proxy-ftp =
--disable-proxy-http --disable-proxy-ajp --disable-proxy-balancer =
--disable-proxy-scgi --disable-reqtimeout --enable-so =
--enable-mods-shared=3Dauth_basic auth_digest authn_file authn_dbm =
authn_anon authn_default authn_alias authz_host authz_groupfile =
authz_user authz_dbm authz_owner authz_default cache disk_cache =
file_cache dav dav_fs actions alias asis autoindex cern_meta cgi =
charset_lite deflate dir dumpio env expires headers imagemap include =
info log_config logio mime mime_magic negotiation rewrite setenvif =
speling status unique_id userdir usertrack vhost_alias filter version =
reqtimeout ssl --with-dbm=3Ddb185 --with-berkeley-db=3D/usr =
--with-ssl=3D/usr --enable-v4-mapped --with-devrandom --with-mpm=3Dprefork=
--prefix=3D/usr/local --mandir=3D/usr/local/man =
--infodir=3D/usr/local/info/ --build=3Di386-portbld-freebsd8.2
>>=20
>>=20
>>> On 07/26/11 09:35, Jo Rhett wrote:
>>>> I have a 6.3 system which I just upgraded to 8.2, and obviously =
recompiled all ports from scratch. I cleared out the ports DB entirely, =
cleared out /usr/local entirely except for etc/config files. Every =
other port on the system recompiled fine, except for apache. It works =
for everything except reading authentication files. I'd deeply =
appreciate any assistance you can give to solving this.
>>>>=20
>>>> For some reason I can't figure out, BDB authentication using the =
built-in db 1.85 no longer works.
>>>>=20
>>>> dbmmanage /path/to/file view/adduser/delete/etc works fine
>>>> file /path/to/file
>>>> /path/to/file: Berkeley DB 1.85 (Hash, version 2, native =
byte-order)
>>>>=20
>>>> Accessing from the web server always returns a 500 error with the =
following in the error log:
>>>> (2)No such file or directory: could not open dbm (type default) =
auth file: /path/to/passwd.dat
>>>>=20
>>>> I've recompiled apr and apache with a variety of different options, =
and nothing works. apr without any databases doesn't work. apr with BDB =
doesn't work, etc. My options for apache have remained the same:
>>>> APACHE_PORT=3Dwww/apache22
>>>> WITH_DBM=3Dbdb
>>>> WITH_BDB_BASE=3Dyes
>>>> =09
>>>> apr1$ make showconfig
>>>> =3D=3D=3D> The following configuration options are available for =
apr-ipv6-devrandom-db48-1.4.5.1.3.12:
>>>> THREADS=3Don "Enable Threads in apr"
>>>> IPV6=3Don "Enable IPV6 Support in apr"
>>>> BDB=3Doff "Enable Berkley BDB support in apr-util"
>>>> GDBM=3Doff "Enable GNU dbm support in apr-util"
>>>> LDAP=3Doff "Enable LDAP support in apr-util"
>>>> MYSQL=3Doff "Enable MySQL suport in apr-util"
>>>> NDBM=3Doff "Enable NDBM support in apr-util"
>>>> PGSQL=3Doff "Enable Postgresql suport in apr-util"
>>>> SQLITE=3Doff "Enable SQLite3 support in apr-util"
>>>> DEVRANDOM=3Don "Use /dev/random or compatible in apr"
>>>> =3D=3D=3D> Use 'make config' to modify these settings
>>>>=20
>>>> apache22$ make showconfig
>>>> =3D=3D=3D> The following configuration options are available for =
apache-2.2.19:
>>>> THREADS=3Doff "Enable threads support in APR"
>>>> MYSQL=3Doff "Enable MySQL support for apr-dbd"
>>>> PGSQL=3Doff "Enable PostgreSQL support for apr-dbd"
>>>> SQLITE=3Doff "Enable SQLite support for apr-dbd"
>>>> IPV6=3Don "Enable IPv6 support"
>>>> BDB=3Don "Enable BerkeleyDB dbm"
>>>> AUTH_BASIC=3Don "Enable mod_auth_basic"
>>>> AUTH_DIGEST=3Don "Enable mod_auth_digest"
>>>> AUTHN_FILE=3Don "Enable mod_authn_file"
>>>> AUTHN_DBD=3Doff "Enable mod_authn_dbd"
>>>> AUTHN_DBM=3Don "Enable mod_authn_dbm"
>>>> AUTHN_ANON=3Don "Enable mod_authn_anon"
>>>> AUTHN_DEFAULT=3Don "Enable mod_authn_default"
>>>> AUTHN_ALIAS=3Don "Enable mod_authn_alias"
>>>> AUTHZ_HOST=3Don "Enable mod_authz_host"
>>>> AUTHZ_GROUPFILE=3Don "Enable mod_authz_groupfile"
>>>> AUTHZ_USER=3Don "Enable mod_authz_user"
>>>> AUTHZ_DBM=3Don "Enable mod_authz_dbm"
>>>> AUTHZ_OWNER=3Don "Enable mod_authz_owner"
>>>> AUTHZ_DEFAULT=3Don "Enable mod_authz_default"
>>>> CACHE=3Don "Enable mod_cache"
>>>> DISK_CACHE=3Don "Enable mod_disk_cache"
>>>> FILE_CACHE=3Don "Enable mod_file_cache"
>>>> MEM_CACHE=3Doff "Enable mod_mem_cache"
>>>> DAV=3Don "Enable mod_dav"
>>>> DAV_FS=3Don "Enable mod_dav_fs"
>>>> BUCKETEER=3Doff "Enable mod_bucketeer"
>>>> CASE_FILTER=3Doff "Enable mod_case_filter"
>>>> CASE_FILTER_IN=3Doff "Enable mod_case_filter_in"
>>>> EXT_FILTER=3Doff "Enable mod_ext_filter"
>>>> LOG_FORENSIC=3Doff "Enable mod_log_forensic"
>>>> OPTIONAL_HOOK_EXPORT=3Doff "Enable mod_optional_hook_export"
>>>> OPTIONAL_HOOK_IMPORT=3Doff "Enable mod_optional_hook_import"
>>>> OPTIONAL_FN_IMPORT=3Doff "Enable mod_optional_fn_import"
>>>> OPTIONAL_FN_EXPORT=3Doff "Enable mod_optional_fn_export"
>>>> LDAP=3Doff "Enable mod_ldap"
>>>> AUTHNZ_LDAP=3Doff "Enable mod_authnz_ldap"
>>>> ACTIONS=3Don "Enable mod_actions"
>>>> ALIAS=3Don "Enable mod_alias"
>>>> ASIS=3Don "Enable mod_asis"
>>>> AUTOINDEX=3Don "Enable mod_autoindex"
>>>> CERN_META=3Don "Enable mod_cern_meta"
>>>> CGI=3Don "Enable mod_cgi"
>>>> CHARSET_LITE=3Don "Enable mod_charset_lite"
>>>> DBD=3Doff "Enable mod_dbd"
>>>> DEFLATE=3Don "Enable mod_deflate"
>>>> DIR=3Don "Enable mod_dir"
>>>> DUMPIO=3Don "Enable mod_dumpio"
>>>> ENV=3Don "Enable mod_env"
>>>> EXPIRES=3Don "Enable mod_expires"
>>>> HEADERS=3Don "Enable mod_headers"
>>>> IMAGEMAP=3Don "Enable mod_imagemap"
>>>> INCLUDE=3Don "Enable mod_include"
>>>> INFO=3Don "Enable mod_info"
>>>> LOG_CONFIG=3Don "Enable mod_log_config"
>>>> LOGIO=3Don "Enable mod_logio"
>>>> MIME=3Don "Enable mod_mime"
>>>> MIME_MAGIC=3Don "Enable mod_mime_magic"
>>>> NEGOTIATION=3Don "Enable mod_negotiation"
>>>> REWRITE=3Don "Enable mod_rewrite"
>>>> SETENVIF=3Don "Enable mod_setenvif"
>>>> SPELING=3Don "Enable mod_speling"
>>>> STATUS=3Don "Enable mod_status"
>>>> UNIQUE_ID=3Don "Enable mod_unique_id"
>>>> USERDIR=3Don "Enable mod_userdir"
>>>> USERTRACK=3Don "Enable mod_usertrack"
>>>> VHOST_ALIAS=3Don "Enable mod_vhost_alias"
>>>> FILTER=3Don "Enable mod_filter"
>>>> SUBSTITUTE=3Doff "Enable mod_substitute"
>>>> VERSION=3Don "Enable mod_version"
>>>> PROXY=3Doff "Enable mod_proxy"
>>>> PROXY_CONNECT=3Doff "Enable mod_proxy_connect"
>>>> PATCH_PROXY_CONNECT=3Doff "Patch proxy_connect SSL support"
>>>> PROXY_FTP=3Doff "Enable mod_proxy_ftp"
>>>> PROXY_HTTP=3Doff "Enable mod_proxy_http"
>>>> PROXY_AJP=3Doff "Enable mod_proxy_ajp"
>>>> PROXY_BALANCER=3Doff "Enable mod_proxy_balancer"
>>>> PROXY_SCGI=3Doff "Enable mod_proxy_scgi"
>>>> SSL=3Don "Enable mod_ssl"
>>>> SUEXEC=3Doff "Enable mod_suexec"
>>>> SUEXEC_RSRCLIMIT=3Doff "SuEXEC rlimits based on login class"
>>>> REQTIMEOUT=3Don "Enable mod_reqtimeout"
>>>> CGID=3Doff "Enable mod_cgid"
>>>> =3D=3D=3D> Use 'make config' to modify these settings
>>>>=20
>>>>=20
>>>> As said above, I appreciate any assistance you can give.
>>>>=20
>>>=20
>>>=20
>>> --=20
>>> =
------------------------------------------------------------------------
>>> 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
>>> Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354
>>> VP Infrastructure, Apache Software Foundation
>>> Committer, FreeBSD Foundation
>>> Consultant, P6M7G8 Inc.
>>> Sr. System Admin, Ridecharge Inc.
>>>=20
>>> Work like you don't need the money,
>>> love like you'll never get hurt,
>>> and dance like nobody's watching.
>>=20
>> --=20
>> Jo Rhett
>> Net Consonance : consonant endings by net philanthropy, open source =
and other randomness
>>=20
>=20
> --=20
> Jo Rhett
> Net Consonance : consonant endings by net philanthropy, open source =
and other randomness
>=20
> _______________________________________________
> freebsd-apache@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-apache
> To unsubscribe, send any mail to =
"freebsd-apache-unsubscribe@freebsd.org"
--=20
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and =
other randomness
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BEA8B970-6C8F-4699-B857-910CAE2D60BF>