From owner-freebsd-apache@FreeBSD.ORG Fri Mar 29 22:07:29 2013 Return-Path: Delivered-To: freebsd-apache@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 83E9A4A1 for ; Fri, 29 Mar 2013 22:07:29 +0000 (UTC) (envelope-from spil.oss@gmail.com) Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) by mx1.freebsd.org (Postfix) with ESMTP id 5BFB7D4C for ; Fri, 29 Mar 2013 22:07:29 +0000 (UTC) Received: by mail-ie0-f170.google.com with SMTP id c11so974676ieb.15 for ; Fri, 29 Mar 2013 15:07:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:reply-to:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=kNPcJNoqmu2l8UYJSpgKhA+AMjTwRsmdB82fQRwa14A=; b=1E80k78tZYIkclYL0FbG8WDIZbR8RLkFTsn8F4GOjJreQscyNYRypCPF2EwDnAsLmQ /x2W3nc5a7LKdHjAmu+6QgZr6Kbo8MTmykRtsqF4OdNczyBfOQHYYMy8N7ys17QeScMz j50aogsAcyvAzYOCf/kVhxP9KMC+ZjyIiijkoxETaFwPb+j47PU1z2+WL7vtyCCY9awq Wsw84/6BvixI0tpwAZwxqEWvGtdJ0SO2whHJtF3l8EmDCeXLWWgAIxjVJ/xiZcKPp8Em y3C719SfXVtG/hwlcACWmeuw5yS4At8vLYEGgqMaWp3BVGfLlOcECMYyqNEzysf7GktE SFQA== MIME-Version: 1.0 X-Received: by 10.50.136.138 with SMTP id qa10mr165407igb.74.1364594849119; Fri, 29 Mar 2013 15:07:29 -0700 (PDT) Received: by 10.42.152.133 with HTTP; Fri, 29 Mar 2013 15:07:29 -0700 (PDT) In-Reply-To: <51560A74.6030007@gmx.de> References: <51560A74.6030007@gmx.de> Date: Fri, 29 Mar 2013 23:07:29 +0100 Message-ID: Subject: Re: Apache 2.4 in a jail with Digest auth From: Spil Oss To: olli hauer Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-apache@freebsd.org X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: spil.oss@gmail.com List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Mar 2013 22:07:29 -0000 On Fri, Mar 29, 2013 at 10:41 PM, olli hauer wrote: > On 2013-03-29 21:36, Spil Oss wrote: >> Hi, >> >> I'm trying to upgrade my apache configurarion to 2.4 and ran into >> trouble that I haven't solved yet. >> >> [Fri Mar 29 20:53:26.867199 2013] [auth_digest:notice] [pid 88563:tid >> 679494400] AH01757: generating secret for digest authentication ... >> [Fri Mar 29 20:53:26.867531 2013] [auth_digest:error] [pid 88563:tid >> 679494400] (78)Function not implemented: AH01762: Failed to create >> shared memory segment on file /var/run/authdigest_shm.88563 >> [Fri Mar 29 20:53:26.867556 2013] [auth_digest:error] [pid 88563:tid >> 679494400] (78)Function not implemented: AH01760: failed to initialize >> shm - all nonce-count checking, one-time nonces, and MD5-sess >> algorithm disabled >> [Fri Mar 29 20:53:26.867571 2013] [:emerg] [pid 88563:tid 679494400] >> AH00020: Configuration Failed, exiting >> >> Since setting sysvipc.allow = 1 makes the usage of a jail superfluous >> "If it were set to 1, it would defeat the whole purpose of having a >> jail;" [http://www.freebsd.org/doc/en/books/arch-handbook/jail-restrictions.html] >> >> I was searching for a way to get it to use any of the other available >> methods but haven't found any. >> 1. Documentation to change the socache provider I haven't found after >> ploughing through the docs from httpd.apache.org >> 2. Disable shm in apr -> no switch for shm found in configure >> >> Anyone have any bright ideas how to get Apache 2.4 to get to use a >> different store for the nonce? >> >> (This is basically a duplicate of >> http://lists.freebsd.org/pipermail/freebsd-ports/2013-February/081052.html >> item 6 but now for the official port. >> >> Kind regards, >> >> Spil. > > Hm, yes in apr/apu is no switch to disable shm but it shoud be possible > to disable this in apache24. > > In modules/aaa/mod_auth_digest.c there is the following construct which > can be interesting. > > #if APR_HAS_SHARED_MEMORY > static int initialize_tables(server_rec *s, apr_pool_t *ctx) > ... > > I haven't investigated what will happen if SHM will be disabled. > > Perhaps try the following parameter > AuthDigestShmemSize = 0 > > > -- > Regards, > olli Hi Olli, Just found that out :D Thanks for your reply though! There some more spots where this macro is used: ldap and scoreboard. Not sure if it's equally trivial to remove this just as easily. As it's a Macro it should work just as well for these modules. For reference I add my patch with now sits in the port's files directory and works for me(TM) # cat files/patch-mod_auth_digest.c --- ./modules/aaa/mod_auth_digest.c.orig 2013-03-29 22:38:31.000000000 +0100 +++ ./modules/aaa/mod_auth_digest.c 2013-03-29 22:39:06.000000000 +0100 @@ -81,6 +81,8 @@ #include "mod_auth.h" +#undef APR_HAS_SHARED_MEMORY + #if APR_HAVE_UNISTD_H #include #endif