httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51020] New: [PATCH] Apache/mod_fcgid.so does not start in complex Active Directory forest
Date Tue, 05 Apr 2011 02:19:55 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51020

           Summary: [PATCH] Apache/mod_fcgid.so does not start in complex
                    Active Directory forest
           Product: Apache httpd-2
           Version: 2.2.17
          Platform: PC
        OS/Version: Windows Server 2003
            Status: NEW
          Keywords: PatchAvailable
          Severity: normal
          Priority: P2
         Component: mod_fcgid
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: thangaraj@gmail.com


Created an attachment (id=26854)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=26854)
Patch for Apache/mod_Fcgid.so startup issue in complex Active Directory Domain
environment

Problem:

mod_fcgid.so tries to gather CGI process filestat during startup using apr_stat
() call and fails to fetch all ACLs from Active Directory Domain environment
(having complex groups spanning across multiple domains)

Root Cause:
apr_stat() using APR_FINFO_NORM ends up calling GetEffectiveRightsFromACL
Win32API to proble ACLs for cgi process file object's owner and group trustee
accounts, and per MS this GetEffectiveRightsFromACL API is likely to fail in
complex AD environment. MS KB: http://support.microsoft.com/kb/2018746


Solution:
mod_fcgid.so apr_stat() call is made to use APR_FINFO_IDENT and thereby
avoiding the unnecessary ACL lookup during Apache startup, however if there is
a real ACL issue, mod_fcgid.so will return error during runtime.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message