DEVEDGE CHAMPIONS FOR THE NSAPI NEWSGROUP

Philippe Le Berre, works for Hewlett-Packard in Grenoble (France) and specializes in e-commerce and Internet security.

Scott Leerssen, works for Hewlett-Packard in Atlanta (USA) and specializes in Internet and system security.

Section 1: Introduction to NSAPI

Section 2: Compilation & Debugging

Section 3: Cookies

Section 4: Threads

Section 5: PBLOCKs

Section 6: Redirection

Section 7: Authentication & SSL

Section 8: Query string, POST, Upload and CGIs

Section 9: Configuration and Errors

Section 10: Miscellaneous

Introduction to NSAPI

1. What is NSAPI?
2. Which Netscape servers support NSAPI?
3. How has the NSAPI changed from 1.x to 2.x?
4. How has the NSAPI changed from 2.x to 3.x?

NSAPI is the Netscape Server API, a mechanism for extending the functionality of the Netscape servers. Through the provided API, programmers can create loadable binary modules to add or replace elements such as authentication, authorization, error logging, or content generation. More information on the NSAPI can be found as part of the DevCon proceedings. A NSAPI sample code directory can be found on your server root directory (C:\netscape\server\nsapi\examples).

There are two instances where the NSAPI can be particularly useful:

1. You have something that needs to be executed for nearly every hit (like security)
2. You have a particularly code-intensive routine, in which case the NSAPI can provide a performance boost over CGI

The NSAPI is supported by all of Netscape's HTTP servers (Communications, Commerce, FastTrack and Enterprise), as well as versions 2.x and 3.0 of the Netscape Proxy Server. Although the Proxy and HTTP servers are somewhat different in terms of supported extensions, the core NSAPI is identical.

The main change is the switch from a multiprocess model to a multithread one. For more see Tech Note NSAPI conversion from 1.x servers to 2.x servers

Not much. The two immediately-noticeable changes are:

 

• The header files have been lumped together into one
nsapi.h. It is best to change all programs to include this header instead of all the base/* and frame/* headers; every effort was made to make the code backwards-compatible, but changing this is a good idea.
• The function
request_translate_uri() has been degraded and no longer exists. Under most circumstances, this function can be mimicked by the following code snippet:

char *base = pblock_findval("ntrans-base",rq->vars); char *uri = pblock_findval("uri",rq->reqpb); char *trans = (char *)CALLOC(sizeof(char) * (strlen(base) + strlen(uri) + 1)); strcpy(trans,base); strcat(trans,uri);

This assumes that your document lives in the directory path set by the NameTrans directive document-root (so it won't work for CGI scripts in cgi-bin, for example). Still, the framework should be enough to allow you to replace request_translate_uri() pretty generally.

Compilation & Debugging

1. How do I compile an NSAPI module?
2. How do I combine C++ code with NSAPI?
3. How do I debug my NSAPI module?
4. How can I Purify my NSAPI code?

Compiling an NSAPI module is a somewhat intricate task, and is made more difficult by the fact that the command-line switches and compiler settings vary from platform to platform. Below are sample command lines which start with a C file called module.c and result in an NSAPI module called module.so (module.dll on NT). These command lines assume that the module.c source file is in the current directory, and that the NSAPI include and examples are in nsapi/include and nsapi/examples, respectively. If your platform is not listed below, it may mean that there are requirements beyond a simple command line. See the Makefile in <server root>/nsapi/examples for more details about your specific platform.

Platform	Command lines
Solaris 2.x (SPARC)	gcc -DXP_Unix -DMCC_HTTPD -DNET_SSL -DSOLARIS -D_REENTRANT -Wall -c module.c  ld -G module.o -o module.so
IRIX	cc -DXP_Unix -DMCC_HTTPD -DNET_SSL -DIRIX -D_SGI_MP_SOURCE -fullwarn -c module.c  ld -32 -shared module.o -o module.so
Windows NT (VC++ 4.0)	cl -LD -MD -DMCC_HTTPD -DXP_WIN32 -DNET_SSL module.c -Insapi\include /link nsapi\examples\libhttpd.lib
HP -UX	cc -DXP_Unix -DMCC_HTTPD -DNET_SSL -DHPUX -D_HPUX_SOURCE -Aa +DA1.0 +z -c module.c  ld -b module.o -o module.so
SunOS 4.x	gcc -DXP_Unix -DMCC_HTTPD -DNET_SSL -DSUNOS4 -fpic -c module.c  ld -assert pure-text
OSF/1 or Digital Unix	cc -threads -DXP_Unix -DMCC_HTTPD -DNET_SSL -DOSF1 -c module.c  ld -shared -all -expect_unresolved "*" module.o -o module.so

 

Because C++ compilers generate "mangled" names including argument types, special steps must be taken to ensure that the server can find the correct symbol names at load time. While it's possible to manually determine the name of the mangled symbol and use that directly within the load-modules directive, it's much easier to declare your NSAPI entry point with an extern "C" declaration. Example:

extern "C" NSAPI_PUBLIC int myNSAPIFunc(Session *sn, Request *rq, pblock *pb)         {         [...]         }

This will ensure that the symbol name myNSAPIFunc is not mangled and can be used in the load-module directive.

You will also need to wrap NSAPI header files under the extern "C" brackets like:

extern "C" { #include <base/...> #include <frame/...> }

Another problem that occurs when combining C++ with NSAPI is related to the handling of exceptions. In order to successfully load a C++-based library, you may need to disable the compiler-generated default exceptions. Try adding the command-line switch -noex to the compilation command line, or try to find the appropriate switch in your IDE.

If you are running under Windows NT, you have three options:

 

1. Hard-coded int 3
• Insert a hard-coded _asm int 3 into your code where you wish to begin debugging.
• Recreate your DLL.
• Ensure that Just-In-Time Debugging is enabled (Tools/Options/Debug).
2. Run server as a program through Visual C++, not as a service.
• The HTTP server binary can be found in <server-root>/bin/http[s|d]/httpd.exe, and it should be run with the path to the configuration file as an argument for 2.x servers and with http[s|d]<server name> as an argument for 3.x servers (s in case of Enterprise server, d in case of FastTrack server).
3. Remote debugging
• Run httpd as normal program as above.
• Run remote debug monitor on httpd machine.
• Run target DLL through Visual C++'s remote debugging mode on other machine.
For Unix, Alex Pilosov writes:

gcc -g, and dbx ns-httpd -d/your conf directory/Then set breakpoints where you need them, and run. You MAY have to copy some .so libs to your current dir, dbx crashes if it can't open .so's which are loaded into current executable

This didn't work for Zasha Weinberg, who suggests:

Someone in another thread [...] suggested dbx ns-httpd -d/config dir/This didn't work for me. What seems to happen is that NES arranges for the process with pid=1 to run it, then exits. Then when it gets run by #1, it forks a child. For debugging an NSAPI, you have to attach to the child. Look for the ns-httpd process with the highest PID.

You can't on Unix, but it work on Windows NT. Unix Veterans have been asking Netscape this for over two years. However, the intrepid Bill Guckel has written the Next Best Thing: an httpd simulator. It has limitations, but also promise. Grab a copy from here, or email Bill for the latest sources.

Cookies

1. How do I set a cookie with NSAPI?
2. How do I find the value of a cookie from NSAPI?
3. Can I implement a cookie-based security scheme with NSAPI?
4. How can I set a cookie and redirect at the same time with NSAPI?

3.1: How do I set a cookie with NSAPI?

The following line of code will set a cookie called "myCookie" with the value "Mozilla_Chip":

pblock_nvinsert("set-cookie", "myCookie=Mozilla_Chip", rq->srvhdrs);

 

The cookie header passed by the browser is available through a call to request_header, such as the following:

char * value; request_header("cookie", &value, sn, rq);

Since the value is in the headers, you may also get it directly:

char * value; value = pblock_findval("cookie", rq->headers);

 

Yes, in fact it is a popular use of the NSAPI. An example from V. Satishkumar posted by Hitesh Bosamiya can be seen here.

Hitesh Bosamiya offers this code fragment as a demonstration:

pblock_nvinsert("set-cookie", "AuthUser=Yes; path=/", rq->srvhdrs); pblock_nvinsert("Location", diversion, rq->srvhdrs); protocol_status(sn, rq, PROTOCOL_REDIRECT, NULL); protocol_start_response(sn, rq); // Here this is needed return REQ_ABORTED;

 

Threads

1. What's the deal with NSAPI and threads?
2. What does the message "select thread miss" mean, and what can I do about it?
3. How do I use NSAPI semaphores, critical sections and condition variables (condvars)?
4. How do I set the thread stack size?

4.1: What's the deal with NSAPI and threads?

The use of NSAPI and threads has historically been somewhat confusing. Here's a breakdown of the native versus user-space threading for Netscape's HTTP servers:

Server	Version	Unix	NT
Commerce/Communications	1.*	User	Native
Enterprise	2.0	User	Native
Enterprise	2.01	Solaris and Irix are Native HP-UX see Tech Note 980304-6 All others User	Native

When programming with threads on natively-threaded servers, it's safe to use the native thread libraries (and typically link with -lpthread or -lthread). On user-level-threaded servers, you should only use the NSAPI-provided threads.

Mixing natively-threaded libraries with user-level-threaded servers or non-threadsafe code with natively-threaded servers requires extreme care to ensure that all static or global data access are protected by some locking system.

4.2: What does the message "select thread miss" mean, and what can I do about it?

Some NSAPI functions which call non-thread-safe databases (such as Oracle) get this message. Hitesh Bosamiya writes: It is happening because of some race condition, and it is a bug. The workaround to avoid this race condition is to add to your magnus.conf: KeepAliveTimeout 0

4.3: How do I use NSAPI semaphores, critical sections and condition variables (condvars)?

Rob McCool offers the following outlines of the semaphore, critical section and condition variable support within NSAPI:
Semaphores

The sem_* routines in NSAPI are not really semaphores in the traditional sense, they're really inter-process locks. Sem_init function takes as parameter a name. When sem_init is called, the server tries to create a file in /tmp for the lock, so if there's no /tmp on your machine or if the parameters you're passing for name and id are causing it to try to create a file in /tmp that already exists (with no-write permissions) then this might cause a failure. When you want to use shared memory to communicate between processes, you would create a shared memory arena and a lock (such as a sem) in an Init function, and have that inherited by each child. Each child can then grab the sem, modify its portion of the data, and release the sem.

Critical sections

The crit_* functions are used for controlling access to thread-specific resources. I've used the crit_* functions many times, typically to prevent multiple server threads from attempting to use a library function that isn't thread-safe, or to control write access to static variables.Basically you'll need to write 3 NSAPI functions: an Init directive, a daemon_atrestart() hook function, and of course the NSAPI directive that needs to lock a thread-specific resource. I've only addressed the specific calls, not complete NSAPI functions - the normal examples cover creating functions. You'll need to include from the NSAPI include tree.

Condition variables (condvars)

Condvars are merely another form of thread synchronization. They provide a way for you to have a thread wait for another thread to notify it that a certain condition has been met.Suppose you have a variable, count, and you want to know when it reaches 5. To initialize things at server startup, you could do:

CRITICAL count_crit = crit_init(); CONDVAR count_condvar = condvar_init(count_crit);

Now, the thread that wants to know when the count reaches five would do:

crit_enter(count_crit); condvar_wait(cound_condvar);

That thread will now wait until someone notifies it that the condition has been met. Note that before going to sleep, it releases count_crit, so other threads can use it.

The other threads would then do:

crit_enter(count_crit); if (count == 5) condvar_notify(count_condvar); crit_exit(count_crit);

The waiting thread would then be woken up, and it would be inside the count_crit critical section. When it was finished, it would release that critical section using crit_exit(count_crit);

Note that contrary to a vague comment in the crit.h header file, if multiple threads have called condvar_wait on the same condition, only one will be awakened by condvar_notify.

4.4: How do I set the thread stack size?

You can increase the thread stack size by setting it in magnus.conf,
e.g.:


StackSize 65536

The default setting is 65536.

PBLOCKs

1. How do I store non-text values in a pblock?
2. How do I access multiple values in a pblock with the same name?
3. How can I tell when values are available in parameter blocks?
4. How can I traverse pblock's entries?

Rob McCool offers the following advice:

 There are a couple of different things you can do, none of them will sound very appealing I'm sure. One way to do it is to simply cast the structure pointer to a char *. This will work as long as the pblock is not rq->headers, and as long as the structure can be freed with a call to FREE(). The reason this should work is that the server does not actually look at the values which the server did not produce for the entries in the vars pblock.

Another way to do it is to sprintf the pointer into a string, and then sscanf it back. This is ugly and will not automatically free the structure when the request is finished, but is safe.

This problem is due to the fact that pblocks do not allow arbitrary types, a limitation which is being looked at and may be addressed in 3.0.

If multiple entries are inserted into a pblock (via pblock_nvinsert or pblock_nninsert), they are handled in LIFO (Last In First Out) order. pblock_find will always return the most-recently-added entry, so you'll need to pblock_remove that entry to get to the one "underneath" it. Hitesh A. Bosamiya offers the following excellent example:If you insert three values for "Name" as

pblock_nvinsert("Name", "Value1", rq->vars); pblock_nvinsert("Name", "Value2", rq->vars); pblock_nvinsert("Name", "Value3", rq->vars);

when you retrieve:

value=pblock_pblock2str(rq->vars, NULL); /* You will get the string as * Name="Value3" Name="Value2" Name="Value1" * see the string formed is also in LIFO order */ value = pblock_findval("Name", rq->vars); // You will get "Value3" param_free(pblock_remove("Name", rq->vars)); value = pblock_findval("Name", rq->vars); // You will get "Value2" param_free(pblock_remove("Name", rq->vars)); value = pblock_findval("Name", rq->vars); // You will get "Value1"

 

The following utility is a good function to insert into obj.conf as any kind of directive, and if nothing else, helps you figure out how a request is processed:

#include "nsapi.h" NSAPI_PUBLIC int print_pblocks(pblock *pb, Session *sn, Request *rq) {  char *directive;  char *block;  directive = pblock_findval("directive", pb);  if ( directive == NULL )  {  directive = "print-pblocks";  }  log_error(LOG_INFORM, directive, sn, rq, "--- start ---", block);  block = pblock_pblock2str(pb, NULL);  log_error(LOG_INFORM, directive, sn, rq, "pb: %s", block);  FREE(block);  block = pblock_pblock2str(rq->srvhdrs, NULL);  log_error(LOG_INFORM, directive, sn, rq, "rq->srvhdrs: %s", block);  FREE(block);  block = pblock_pblock2str(rq->reqpb, NULL);  log_error(LOG_INFORM, directive, sn, rq, "rq->reqpb: %s", block);  FREE(block);  block = pblock_pblock2str(rq->vars,NULL);  log_error(LOG_INFORM, directive, sn, rq, "rq->vars: %s", block);  FREE(block);  block = pblock_pblock2str(rq->headers,NULL);  log_error(LOG_INFORM, directive, sn, rq, "rq->headers: %s", block);  FREE(block);  block = pblock_pblock2str(sn->client,NULL);  log_error(LOG_INFORM, directive, sn, rq, "rq->client: %s", block);  FREE(block);  log_error(LOG_INFORM, directive, sn, rq, "--- end ---", block);  return REQ_NOACTION; }

In obj.conf, you would have:

<Object name=default> AuthTrans print-pblocks directive=AuthTrans  .  .  . NameTrans print-pblocks directive=NameTrans  .  .  . PathCheck print-pblocks directive=PathCheck  .  .  . ObjectType print-pblocks directive=ObjectType  .  .  . Service print-pblocks directive=Service  .  .  . AddLog print-pblocks directive=AddLog  .  .  . </Object>

You can use this code to determine when certain pblock values are filled in: for example, "When do I have access to ntrans-base?"

A pblock is a kind of linked list, the following code does it for rq->headers:

for (i=0; i<rq->headers->hsize; i++) {         for (p=rq->headers->ht[i]; p; p = p->next) {                 /*                 do what you want here                 p->param->name is the value name                 p->param->value is the value                 */         } }

 

Redirection

1. How do I dynamically redirect a request using NSAPI?
2. My NSAPI SAF is handling a POST or PUT. How can I keep the server from "hanging" when I try to redirect?
3. Why is my redirect not working when SSL is turned on?

There are a number of ways to do this:

Simple document redirect

To simply send the client to another document, wait until the PathCheck directive find-pathinfo has run and change the path value in the parameter block:

char *newpath = "/my/new/document"; ... param_free(pblock_remove("path",rq->vars)); pblock_nvinsert("path",newpath,rq->vars); return REQ_NOACTION;

Here, return REQ_NOACTION in case this is a Service directive so that the built-in SAFs will handle the request. Note that if you are changing the kind of document, you'll need to remove/insert the content-type header as well. (Returning REQ_NOACTION from a PathCheck directive isn't necessary but is perfectly functional).

Redirect with new Location

To send the client to a new document, but warn them in the Location field of their browser, simulate a PROTOCOL_REDIRECT:

char *newpath = "/my/new/document"; ... pblock_nvinsert("Location", newpath, rq->srvhdrs); protocol_status(sn, rq, PROTOCOL_REDIRECT, NULL); protocol_start_response(sn, rq); return REQ_ABORTED;

You need to return REQ_ABORTED because you are really giving the client an HTTP response code that forces the client to make what is in essence a new request.

CGI Redirect with GET/POST method

You could turn POST into a GET if you are confident that the query string is short enough to be supported by GET

#include "nsapi.h" NSAPI_PUBLIC int cgi_redirect(pblock *pb,Session *sn,Request *rq) {  /* This redirects a POST to a script named "spam.cgi" to the "real" CGI script "echo.cgi" */  char *old = pblock_findval("uri",rq->reqpb);  char *find;  find = strstr(old, "spam.cgi");  if ( find != NULL )  {  param_free(pblock_remove("path", rq->vars));  pblock_nvinsert("path", "/serverpath/netscape/cgi-bin/echo.cgi", rq->vars);  }  return REQ_NOACTION; }

In obj.conf, you would have:

<Object name=cgi> ObjectType fn=force-type type=magnus-internal/cgi Service fn="cgi_redirect" method="POST" Service fn=send-cgi </Object>

 

According to Rob McCool, you need to add a new entry called data-removed to Request->vars in order to keep the server from trying to read data that's no longer on the socket. (The entry can contain anything you want.)

Try adding the content-length header.

Authentication & SSL

1. How does basic authentication happen?
2. Where is the Authentication header stored?
3. How do I find the the supplied username and password through NSAPI?
4. How do I process a client certificate with the NSAPI?
5. Why does my NSAPI module fail with Enterprise 3.0/3.01 when SSL is turned on?
6. How do I use the new ACL mechanism for custom authentication?
7. How do I access SSL and cryptographics functions?

Scott Leerssen provides this explanation:

The "normal" processing of user authentication uses a combination of the AuthTrans and PathCheck functions, where AuthTrans simply gathers all the information necessary to identify a potential user and PathCheck says yea or nay based on the user and what he's trying to get to. If you simply want to allow/deny access, you could do all your processing in an AuthCheck function or userfn hung off of basic-auth.

Here is a little description of how it works since it confuses a lot of people when the first user access blows right past their basic-auth userfn:

1. First user request comes in with no authentication info.
2. The AuthTrans basic-auth function looks for an Authorization header, doesn't find one, and skips the request.
3. The request filters on down to the PathCheck require-auth function, which looks for auth-type and auth-user in rq->vars, which it won't find since basic-auth was supposed to set it. This results in a WWW-Authenticate header being placed in a response, and immediately sent back to the client.
4. Client browser pops up a window asking for username and password.
5. Assuming the user entered said info, the request is resent to the Web server, this time containing an Authorization header.
6. Now, basic-auth wakes up and yanks username:password, splits into two variables and places them in user and pw and calls the userfn (your function) in the AuthTrans directive. Now, your function takes over and, if the user looks kosher, you set auth-type to basic and auth-user to whats in the user param and let the rest of the directives do their work.

In an request headers. You can get it either by request_header()

request_header("authorization", &authstr, sn, rq);

or by pblock_findval():

authstr = pblock_findval("authorization", rq->headers);

 

Assuming the basic-auth directive has invoked your NSAPI routine, the username and password are available in the user and pw entries in the pblock passed as an argument:

NSAPI_PUBLIC int myUserPass(Session *sn, Request *rq, pblock *pb) { char *username, *password; username = pblock_findval("user", pb); password = pblock_findval("pw", pb); [...] }

If you're not being called from the basic-auth directive, but some form of authentication (username/password or client certificate) has been performed, then you can access the username (not the password) via:

char * username = pblock_findval("auth-user", rq->vars);

 

Scott Leerssen has compiled a nice list of certificate processing utilities, which can be seen here

This is a bug in the function net_write() introduced in Enterprise 3.0/3.01. Recompile/Relink your function with the ES 3.0/3.01 headers/docs instead of using your 2.x binary directly.

Chris Rose has been nice enough to provide his version of doing such a thing. You can find his explanation and sources here.

Rob McCool says that "Netscape do not currently expose the necessary hooks to the security library that the server uses, and the API is not the SSLref API. In future versions of the server, a new cryptographic API will be provided for you to use, but until then you'll need to link in the SSL reference implementation and use that."

Note that MD5 and randoms functions are available (since 3.0), see nsapi.h.

Query string, POST, Upload and CGIs

1. How do I process a query string with NSAPI?
2. How can I use NSAPI to post-process the output of a CGI script?
3. How does the NSAPI handle environment variables?
4. How do I upload a file?
5. How do I use Content-length and If-Modified-Since from my Service directive?
6. Why does Microsoft's Internet Explorer "spin" on CGI and NSAPI output that works with Navigator and early versions of IE?

Excellent utility functions have been posted and collected at http://help.netscape.com/kb/server/960513-118.html.

 Two warnings:

 

• If you use
post2qstr() to get the query string, a subsequent call to a CGI script will fail. This is because the struct sn->inbuf contains a "pointer" to the start of the query string, so if you've used post2qstr(), you've moved this "pointer". You'll need to save the location of the data if you want a CGI script to get the string:

int save_pos = sn->inbuf->pos; post2qstr(); sn->inbuf->pos = save_pos;

• Sometimes an NSAPI directive can cause a "hang" while processing a POST or PUT request and redirecting. According to Rob McCool, you need to add a new entry called
data-removed to Request->vars in order to keep the server from trying to read data that's no longer on the socket. (The entry can contain anything you want.)

The built-in SAF send-cgi is written to write the results of running a CGI script directly to the client's socket. If you want to do something with the output of the script before it gets sent to the client, you can't use send-cgi.

Steve Buffum wrote an NSAPI proxy to do this, although he stresses that he would, "stop short of globally recommending its approach." The idea behind the code is:

• Set up another Web server on a different port (or machine) to handle CGI requests
• Grab incoming requests for type magnus-internal/cgi
• Open a raw socket to the CGI server
• Blast the server with a raw HTTP CGI call and capture the output
• Process the output and net_write() it to the client
This is not very elegant and has not been thoroughly tested, but the intrepid may make a request to Steve Buffum for the sources.

Another proxy, a CGI proxy written by Scott Leerssen provides a way to pre and post process CGI output if you so desire. Again, not really an elegant approach, and certainly not speedy.

There are a number of ways the NSAPI can interact with the environment:

 

1. If a value is inserted into rq->headers, it is accessible through CGI scripts as HTTP_varname. Thus:

pblock_nvinsert("my_var",rq->headers);

will result in a new environment variable called HTTP_MY_VAR. Note both the prefix and the translation to upper case.
2. For a list of common environment variables and their NSAPI equivalents, see cgivars.html in the library examples on the developer site.
3. Other manipulation of the environment can be done through the
util_env functions (see nsapi.h for the list, their desciptions, and prototypes)

In order to determine the content-length and last modification time for a file, you will want to use the stat() system call to retrieve a struct stat. Consult your platform's system documentation for more information regarding the use of stat(). The length of a file is typically found in the st_size portion of the struct stat, while the last modification time is typically st_mtime.

By comparing the time provided by the stat() call with the time of the request, you can determine whether the content has been modified. If not, you can signal this to the browser by the appropriate setting of the return status:

protocol_status(sn, rq, PROTOCOL_NOT_MODIFIED, NULL); return REQ_PROCEED;

 

A "feature" of IE4 is that it uses HTTP/1.1 to keep the connection with the server "open". Believe it or not, it does eventually time out, but it takes a long time (on the order of 30 seconds). Netscape is working on a patch for Enterprise 3.0 to handle this; in the meantime, the answer comes from Klavs Riisager on devs-server-technical:

The way to fix the problem with MSIE4, is to set the 'HTTP Persistent Connection Timeout:' value to 0 in our NS3 server (it's under Server Preferences, Performance Tuning, Advanced Settings).

Within an NSAPI directive, you can manually close the client socket with net_close() or protocol_finish_request(sn, rq), although this may have unintended side-effects. The patch from Netscape is sure to be a cleaner solution.

Configuration and Errors

1. What causes mmap() problems?
2. What means the LateInit=yes function?
3. What is the maximum URL length?
4. How to use the admin server to configure a plug-in?
5. What does uxwdog do?

If you see the following message in the server error log:

[20/Nov/1997:15:22:11] failure: file-cache-create: Error mmap()ing /some/path/foo.gif (Not enough space)

For whatever reason, this seems to crop up on HP-UX more than other platforms, but it is the result of the image cache filling up. You can adjust the size of the cache in obj.conf with:

Init fn=cache-init cache-size=512 mmap-max=10000

cache-size is the number of entries, and should be greater than the number of URLs on your server; the default is 512. mmap-max is the number of 1024 bytes chunks to set aside; the default is 10000 (or 10MB).

Basically, the line "LateInit=yes" means the server will delay loading of the .dll or .so until the ns-httpd process has completed loading (Cf. Tech Note 980522-11).

Any single line in the header has a limit of 4096 chars; it is not configurable (Cf. Tech Note 971110-3).
Note that, on the contrary there is no limit on the lenght of the URL string in Navigator (Cf. Tech Note 971015-8).

According to Rob McCool, Netscape doesn't provide much documentation or APIs in this area, but something to get started is that there is a file which controls what the tabs in the server manager say and which forms are listed under them. It resides in ead() and systhread_sleep() for 10 ms to avoid hanging threads: note that on non-native-thread versions of Enterprise, systhread_yield() causes excessive thrashing:

In my humble opinion, the non-blocking read and systhread_sleep() is the best choice, and you can use the NSAPI_PUBLIC int net_makenonblocking(SYS_NETFD sd) function to set your socket to non-blocking for a somewhat system-independent implementation.

I use this method in my own send-cgi() implementation for POSTs, and it works nicely with a 10ms sleep-time.

1. How do I use Sybase's ctlib with NSAPI?
2. How do I get the servername and port number?
3. But I tried that, and it came back NULL. What's wrong?
4. How can I trick the file save as dialog box in the browser to show a different file name?
5. How to prevent the server to generate standard HTTP headers?
6. Does REQ_ABORTED really abort the request?

Many developers have experienced difficulties with integrating Sybase's ctlib library with NSAPI code. Mark A. Israel describes the problem as follows:

The problem seems to be caused when calling ct_init. The Sybase libraries never return. It must call assert and kill the thread. As Dave Orwant writes below, this is a known bug with the Sybase software:

I just got off the phone with Sybase tech support about this problem. The support person, Heidi, told me that they have three open cases concerning this problem, and are submitting it to engineering with a high priority. She told me when engineering delivers a fix they will issue an immediate EBF to ctlib 11.1.

These are accessible through the conf_getglobals() structure: looking in nsapi.h, we find:

#define server_portnum conf_getglobals()->Vport #define server_hostname conf_getglobals()->Vserver_hostname

There are a number of other useful pieces of information accessible in this manner.

To properly initialize the conf_getglobals() structure, you must ensure that you have included the -DNET_SSL compiling flag. Without this flag, the structure does not get built properly and the pointers are not set to look at the right data.

According to Chris Cooper: You can control the SaveAs box default filename using the Content-disposition: header. Details in RFC2183.

param_free( pblock_remove("Content-type", rq->srvhdrs)); pblock_nvinsert( "Content-type", application/mine ); pblock_nvinsert( "Content-disposition", "filename=file.mine", rq->srvhdrs );

 

In the 2.x servers one way to do this is to set rq->senthdrs to 1 before calling any protocol_* routines. Once you do that the server will not try to send headers at all.

Returning REQ_ABORTED doesn't drop the connection, it invokes error handling code which construct an HTML response, sets the status, and returns to the browser an error response.
Returning REQ_EXIT closes the connection immediately, any response whatsoever must already have been sent.

Content contributed voluntarily by our awesome DevEdge Champions based on peer-to-peer discussion in the DevEdge newsgroups. While Netscape hosts them, it does not offer any direct developer support via the newsgroups.

This FAQ is intended as a developer resource. Any reference to third parties or third-party products should not be construed as an endorsement by Netscape Communications Corporation.