Sybernet / Supplied Software
Release 3.00
Feb 20, 2006

Sybernet Utility

This utility allows you to configure, monitor and update your Sybernet application servers. With it you can determine the status of all application servers or inspect which users have connected to Oracle. You can also change environment variables, some of which require that Sybernet is restarted, others are updated in real-time without requiring a restart.

You will also use this utility to install Sybernet on your system. The utility automatically sends you to the Update Sybernet link when it detects that Sybernet has not been installed. From this link you are presented with a series of questions which will eventually install Sybernet on your system.

If you are installing Sybernet for the first time, unzip and untar Sybernet in any directory you desire. Then copy the Sybernet Utility to your CGI bin directory and run it from your browser. The utility will automatically enter update mode and configure Sybernet for your system.

The utility is a true CGI (Common Gateway Interface) which must be invoked from your web browser. There is no command line interface.

Summary of Commands

Command	Description
Server Status	Display status and statistics about all users connected to Sybernet.
User Status	Display status and statistics about all users connected to Sybernet.
Configuration	Configuration settings. Change options, monitors, and environment variables.
Log File	The last 30 entries in the Sybernet log file.
Unix	Command line interface to Unix. This link appears because you are running in unsafe mode.
Directory Services	Configure directory services to get usernames and passwords from user certificates.
Register	Come here to register your version of Sybernet.
Authorization	Use this link to password protect this utility from unauthorized access.
Home	Return to your home page at mis.sri.com.
Administration	Documentation for the Sybernet Utility is in this administration manual.

Server Status

Clicking the Server Status link allows you to interrogate the status (alive or not) of the Sybernet servers. This screen refreshes itself every two minutes using JavaScript so if JavaScript is turned off, the display will not change. JavaScript allows the utility to repaint just the information that has changed, saving time over redrawing the entire screen. There is an example in this screen shot.

The buttons at the bottom of the display allow you to stop, start and kill one or more servers. The REFRESH button allows you to manually refresh the display in case you can't wait for the next update.

The checkboxes next to the socket numbers must be checked if you want to stop, start or kill a server. If no boxes are checked, nothing happens.

Server Status Columns

Column	Description
Socket	The port number assigned to this server.
Status	The Status column indicates the status of each server. In normal operation, the only values displayed should be Alive The server is alive and well. Stopped The server has stopped. This is normal if AUTOSHUTDOWN was set or you stopped the server. If it stopped on its own because it faulted, then this is not normal. Since Sybernet will automatically start a stopped server, you should never see this value. Other possible values include the following: Busy If STACKLIMIT is 0, this is normal and simply indicates that the server is busy processing a request. If STACKLIMIT is greater than 0, click on Refresh and see if it goes away. If it does not, something might be wrong. Check the log file for any errors. Error An error has occurred. This normally occurs when attempting to start a stopped server and something has gone wrong. In either case, check the log file. Hung Something's wrong. A problem with network services usually causes this. You may have to kill and restart this server.
Current	The number of users now connected to this server.
Max	The maximum number of users that have connected to this server at one time.
Active	The number of users that are currently doing something.
Hits	The number of hits this server has seen.
Receive	The number of bytes this erver has read.
Transmit	The number of bytes this server has written.
Active	The total time this application server has been busy doing something in Oracle. When STACKLIMIT is greater than zero, it is possible that the total active time is greater than the elapsed time. The Active time includes only the time the main process or a spawned process is running in Sybase. It does not include the time a child process is waiting to run in Oracle.
Elapsed	The elapsed time since this server was started.

User Status

Clicking the User Status link shows whose connected through Sybernet to Sybase. While similar to an sp_who, this information is available without actually logging in to Sybase. Busy or waiting connections will even show the first 92 characters that they are executing (or waiting to execute). There is an example in this screen shot.

User Status Columns

Column	Description
Socket	The socket or port number that this server is listening to. It is shown here and is the same socket number that is displayed on the Server Status window.
Slot	The slot assigned to this user. Slot numbers are internal to Sybernet and are reused whenever a connection is termindated.
spid	In Sybase this is the system process ID. In Oracle this is the session ID.
Username	The database username that was used to connect to Oracle.
Hostname	The Oracle instance name.
Address	The IP address or hostname for this client.
Date	The date when this user connected to Oracle.
Time	The time when this user connected to Oracle.
Idle	The amount of time this connection has been idle. If this user is busy inside of Oracle, the entire line is drawm with a black background and the time here represents how long this command has been running as a negative value.
pid	This is the pid of the Sybernet server if they are idle or the pid of the process they are in if active or queued.
Status	Status will be one of the following: idle This session is not running anything in Oracle. busy This session is running something in Oracle. The entire line is drawn with a black background and the Idle column will represent how long this process has been running. You can click on the status link to see the first 255 characters of that command. You can click on the link to pid to terminate this command.

Log File

The log file is displayed in reverse chronological order. The last log entry is displayed at the top of the screen. Links at the bottom of the screen allow you to scroll forwards and backwards. The current screen is refreshed automatically every two minutes. New entries are denoted in blue text while old entries are denoted in black text.

12/19/2002 14:39:29 (6894) ORA-03113: end-of-file on communication channel
12/19/2002 14:39:29 (6894) OCIStmtExecute(OCI_COMMIT_ON_SUCCESS)
12/19/2002 14:39:29 (6894) E24403 at 128.18.28.220 is being disconnected from slot 0.
12/19/2002 14:39:29 (6894) E24403 at 128.18.28.220 has timed out in slot 0.
12/19/2002 14:39:29 (6894) pcs at 128.18.70.43 is being allocated to slot 1.
12/19/2002 14:29:34 (6890) ene598 at 128.18.37.114 is being disconnected from slot 2.
12/19/2002 14:10:30 (6890) ene598 at 128.18.37.114 is being allocated to slot 2.
12/19/2002 13:24:35 (6890) E17090 at 128.18.82.66 is being allocated to slot 1.
12/19/2002 13:21:10 (6895) E20396 at 128.18.82.74 is being allocated to slot 0.
12/19/2002 13:21:10 (6895) E20396 at 128.18.82.74 is being disconnected from slot 0.
12/19/2002 12:43:25 (6891) ENG484 at 128.18.37.142 is being allocated to slot 1.
12/19/2002 12:31:17 (6893) E22908 at 128.18.39.229 is being allocated to slot 0.
12/19/2002 12:31:16 (6893) E22908 at 128.18.39.229 is being disconnected from slot 0.
12/19/2002 12:08:11 (6890) E24063 at 128.18.24.28 is being disconnected from slot 1.
12/19/2002 12:08:11 (6890) E24063 at 128.18.24.28 has timed out in slot 1.
12/19/2002 11:31:47 (6893) E22908 at 128.18.39.229 is being allocated to slot 0.
12/19/2002 11:31:47 (6893) E22908 at 128.18.39.229 is being disconnected from slot 1.
12/19/2002 11:31:21 (6891) E12574 at 128.18.82.67 is being allocated to slot 0.
12/19/2002 11:31:20 (6891) E12574 at 128.18.82.67 is being disconnected from slot 0.
12/19/2002 10:06:47 (6890) E24063 at 128.18.24.28 is being allocated to slot 1.
12/18/2002 23:39:33 (6892) pcs at 128.18.28.86 is being disconnected from slot 1.
12/18/2002 23:39:33 (6892) pcs at 128.18.28.86 has timed out in slot 1.
12/18/2002 21:36:22 (6892) pcs at 128.18.28.86 is being allocated to slot 1.
12/18/2002 21:36:02 (6892) pcs at 128.18.28.86 is being disconnected from slot 1.
12/18/2002 21:05:54 (6890) E23884 at 128.18.24.28 is being disconnected from slot 2.
12/18/2002 21:05:54 (6890) E23884 at 128.18.24.28 has timed out in slot 2.
12/18/2002 21:05:03 (6892) pcs at 128.18.28.86 is being allocated to slot 1.
12/18/2002 21:05:03 (6892) E23424 at 128.18.28.86 is being disconnected from slot 1.
12/18/2002 21:04:57 (6892) E23424 at 128.18.28.86 is being allocated to slot 1.
12/18/2002 20:54:07 (6892) pcs at 128.18.28.86 is being disconnected from slot 1.

Forward Previous

Configuration

The configuration file consists of NAME=VALUE pairs. Entries are case-insensitive and free format, but are written in upper-case when Sybernet rewrites this file. Each entry occupies a single line.

Editing this file manually is not encouraged, but it is possible. Sybernet will validate entries in this when it is loaded, and those entries that it does not understand or agree with are ignored; for example, you could incorrectly set HTMLLIMIT as follows:

    HTMLLIMIT=24

Since HTMLLIMIT cannot be less than 32K when it is non-zero, Sybernet will ignore this entry.

When the configuration file was different between the Mac and Unix, changes or options to Sybernet were difficult to add. This common format now eliminates this problem. The change was so successful, in fact, a lot of internal "constants" have been removed from Sybernet and placed in this configuration file. These are constants you may never need to change, but now you have the ability to do so; for example, it is now possible to change the Guest username and password, or you may wish to change the default idle timelimit that disconnects users after they have been idle for too long.

Server Settings

This section discusses the various server settings. Settings are different from options because they impose limits on how Sybernet is going to work

Column	Description
SERVERS	Specifies the number of Sybernet Servers that are available to the Sybernet CGI. It is not possible to tell you how many servers you will need. This is dependent on how much traffic you expect as well as how efficient your stored procedures are. As of version 2.05, now that neither Solaris nor Linux are single threaded, one server may be sufficient. You'll appreciate that at one time this was not the case and having multiple servers was a convenient way to distribute the load. The minimum is 1; the maximum is 32; the default is 4.
SOCKETS	Specifies the starting socket or port number. Socket numbers are contiguous. If you specify the default HTTP socket at port 80, you will need to be root to start Sybernet. You will also want to specify a user and group name that Sybernet runs from so that Sybernet does not run as root. The minimum is 1; the maximum is 65536-SERVERS; the default is 6666.
MEMORY	Specifies the maximum kilobytes of memory that a server can allocate. Linux ignores this setting and it's probably my fault, but the exact same code works fine under Solaris. Go figure! There is a real difference in memory requirements in Client-Library between a select on a tera-byte table and a while loop that does a select. The former is very efficient because it results in one result set; the latter is not because it results in several result sets. Each result set requires more memory. This is Client-Library's doing, not mine. Surprisingly enough, the Linux libraries return this memory after all result sets have been processed so the MEMORY limit is not as critical. On Solaris, however, this memory is not relinquished. My suspicion is that this was designed this way and not a memory leak because Client-Library will reuse this memory. Personally, I prefer the way it's done on Linux. Still, a stored procedure can generate so many result sets as to cause your system to hang. And that is the purpose of this option. My experience is that the procedure is at fault and any procedure that returned that much data would have crashed the browser way before it ever ate up all your memory. MEMORY is specified in kilobytes. If non-zero, the minimum value allowed is 3,000 kilobytes. A value of zero means there is no limit.
RESPONSE	RESPONSE size is essentially the amount of data that is buffered by Sybernet before it is sent to the web server. The default is 32K which has worked well. Lower values would cause Sybernet to stream output results to the browser sooner giving the illusion of faster response times. RESPONSE is specified in kilobytes. The default is 32K.
POST	POST size if the maximum size of any single post request. Post requests occur when an HTML form page is submitted with an action value of Post. POST is specified in kilobytes. A value of zero means there is no limit to the size of your post request. The default is 32K.
STACKLIMIT	STACKLIMIT represents the maximum number of simultaneous forked processes a server can initiate. When this limit is reached, future request are denied (not queued), so you'll want to specify a value that makes sense. 1 or 2 does not make sense; something like 30 does. Each child process spawned by Sybernet will show up in a Unix `ps` request. The one with the lowest process ID is actually running in Sybase. Those with higher process ID's are waiting to run. Killing any one of these children will cause Sybernet to terminate all children belonging to that user and disconnect that user from Sybase. It is not possible to tell from ps, however, which children belong to whom. ps -elf \| grep 8888 8 S www 21169 20267 0 41 20 f64f6018 610 f64f61e8 12:59:26 ? 0:00 Sybernet 8888 8 S www 21171 20267 0 41 20 f62ea320 610 f62ea4f0 12:59:35 ? 0:00 Sybernet 8888 8 S www 21175 20267 0 41 20 f6583680 610 f6583850 12:59:41 ? 0:00 Sybernet 8888 8 S www 21177 20267 0 41 20 f5967cd0 610 f5967ea0 12:59:43 ? 0:00 Sybernet 8888 8 S www 20267 1 0 39 20 f62b4cd8 610 f6588066 07:05:17 ? 0:03 Sybernet 8888 8 S www 21173 20267 0 41 20 f63a49a0 610 f63a4b70 12:59:38 ? 0:00 Sybernet 8888 In this example, the main Sybernet server is 20267 and 21169 is a child process running in Sybase. The remaining processes may be waiting for 21169 to complete, or they might be separate user connections with no children waiting. It's impossible to tell. Sybernet may be safely killed from the Unix command line using kill -QUIT pid, where pid is the process ID of the main process. The QUIT signal will be caught by Sybernet, and Sybernet will kill all of its children, disconnect every user, and then terminate itself; for example, kill -QUIT 20267 will safely kill the Sybernet server listening at socket 8888 from the above example. If you kill the main Sybernet process without -QUIT, spawned processes are not terminated and they will have to be terminated individually. Specifying a value of 0 for this option essentially turns off the ability to fork requests and requests will be single-threaded in each server. That is, everyone waits their turn while someone else is executing a stored procedure. It is possible for the Sybernet utility to report that the total active time of a server is greater than the total elapsed time of that server. Hardly likely, but is possible. Active time, however, still only reports the active time while doing something in Sybase. Child processes waiting their turn are not included in this calculation. NOTE: Setting STACKLIMIT to the same value as CLIENTLIMIT means Sybernet will not attempt to impose any limits. This doesn't mean Unix won't, however. The default is 10 (0 means requests are single-threaded).
FRAMELIMIT	waitfor delay "1:01" select 'done' In about an hour this waitfor statement will complete. By that time, your browser will have timed out. Previously, this benign statement would hang you and all connections attached to this server until it completed. Now, only you are affected by this statement. Subsequent requests submitted by other users will continue normally. Subsequent requests submitted by you are queued (up to a maximum of FRAMELIMIT) while this statement runs. FRAMELIMIT is a configurable value that can be changed with the Sybernet utility. This value determines the maximum number of queued requests that may be submitted to Sybernet. It's called FRAMELIMIT because a stored procedure that creates frames will cause your browser to submit each frame source asynchronously. Previously, this was not a problem because the server would only do one request at a time. Now it is a problem because Sybernet only allocates one handle per user connection and must therefore queue any requests for the same connection. The question then arises how many simultaneous requests for the same handle represents a problem? The answer is that this can't be conveniently determined. FRAMELIMIT is currently set to 6. This means your stored procedure can generate as many as 6 frames before connections are denied. In reality, you could actually create more frames if Sybernet and Sybase are fast enough to keep up with these requests. In the tests I've done (generating 4 frames at once), I've only seen 1 or 2 frame requests become queued. When FRAMELIMIT is exceeded, a very unfriendly message is generated by Sybernet. This message indicates that system resources have temporarily become unavailable. This is the same message that is generated when Sybernet is forbidden by Unix when it attempts to spawn another process. At the bottom of that message is hyper-text link that will allow you to disconnect in case you are the culprit that caused the problem. Clicking this link will terminate all active and queued requests that you may have submitted and disconnect you from Sybase. You don't have to wait to exceed FRAMELIMIT. If you submitted the above example and wish to disconnect, simply click the Log Out button on the menu bar or (if that is not available) submit a "quit" to Sybernet using a URL; for example, http://Sybernet.sri.com/cgi-bin/Sybernet.cgi$quit will also terminate all pending and active processes and disconnect you from Sybase. The default is 6.
CLIENTLIMIT	This value defines the maximum number of simultaneously open connections. The total number of connections allowed is this value times the number of servers. Changing this value in any server is ignored if there are already open connections. To be absolutely sure the change takes effect, make sure no connections are active or stop the servers before submitting this change. If you are running with AUTOSHUTDOWN set to TRUE, the change will take effect the next time a server is initialized. The default is 25 connections.
TIMELIMIT	TIMELIMIT determines the number of minutes a connection may remain idle before it is disconnected. TIMELIMIT is specified in minutes. The default is 120 minutes. A value of zero means there is no limit.
TEXTLIMIT	This option determines the number of kilobytes that can be retrieved from a Text or Image column. Sybase's default is 32K. TEXTLIMIT is specified in kilobytes. Sybernet's default is 100K.
HTMLLIMIT	HTMLLIMIT determines the maximum number of bytes Sybernet can send to a client browser in any single request. If this limit is exceeded, output to the client is stopped and a "gratuitous" message is displayed indicating that this limit has been exceeded. Sybernet does NOT terminate the result set, however. Instead, the result set is completely processed and the total number of bytes is also displayed. Some browsers are better than others at handling large amounts of data. The worst case is it dies--sometimes you even get a message--and takes your PC with it. Setting a value here can prevent this problem. HTMLLIMIT is specified in kilobytes. A value of zero means unlimited output. A non-zero value must be greater than or equal to 32K.
READTIMEOUT	READTIMEOUT determines the maximum number of seconds Sybernet will wait while reading from the browser. READTIMEOUT is specified in seconds. The default is 60 seconds.
WRITETIMEOUT	WRITETIMEOUT determines the maximum number of seconds Sybernet will wait while writing to the browser. If you're running with CTCANCEL turned on, this value is critical in determining what Sybernet does when the user clicks the STOP button or when they submit any request to Sybase while a stored procedure is running. When CTCANCEL is TRUE, Sybernet will cancel all result sets after this time out has expired and proceed to the next request, if any. It's really a question of how long do you want to wait after clicking the STOP button, but it isn't quite that easy. You'll also want to specify a value that makes sense for your system and for your users. If the value is too small, requests might be terminated when you don't want them to be. It is important to point out that just because you specify a small value for this option, doesn't mean Sybernet is going to respond in that many seconds every time you click the STOP button. This time out applies only to writes to the browser. If your stored procedure is looping or otherwise taking a long time and not creating any result sets for Sybernet to send, the time out will not occur. Using the <SEND_PARTIAL> tag will help with the latter, but probably won't help with the former, however. WRITETIMEOUT is specified in seconds. The default is 10 seconds.
BACKLOG	BACKLOG determines the maximum number of clients that can concurrently wait for a connection to Sybernet. Do not confuse this with the maximum number of simultaneous open connections that are specified with CLIENTLIMIT. Instead, this parameter defines the maximum length the queue of pending connections may grow to when requests are made to the Sybernet application server. The default is 16. Although a value of 0 is allowed, this is probably a bad idea.
HACKLIMIT	The maximum number of invalid URL requests before this client is denied acccess to this server. If this limit is reached, their IP address is added to the list of disallowed clients. You can edit the DISALLOW environment variable (below) manually to add or subtract IP addresses. HACKLIMIT applies only to documents or scripts and not stored procedures. Sybernet relies on Oracle and Sybase to handle the request for invalid procedures.
YAWN	YAWM determines the number of seconds that Sybernet holds this connection open if you specified a bad URL.

Option Settings

This section discusses the various options that can be set in Sybernet. The normal defaults are the recommended values for these options.

Column	Description
SENDPARTIAL	Send Partial determines if Sybernet will use the Send Partial facility of WebSTAR. This option must be set if Sybernet is an asynchronous CGI and reset if Sybernet is a synchronous CGI. Forcing Sybernet to run as a synchronous CGI has its limitations. Any context-type other than text/html greater than 32K will not be delivered correctly. And the temporary file that is created when output exceeds 32K (and is unique for each client) is not removed! Running Sybernet as a synchronous CGI is NOT recommended.
AUTOSHUTDOWN	This option causes Sybernet to terminate after all users have disconnected from Sybase. On the Mac, TIMELIMIT is enforced and Sybernet terminates automatically after all connections (idle or otherwise) are closed. On Unix, TIMELIMIT is not enforced unless the server is pinged (with the utility) or it receives a request from the Sybernet.cgi.
COOKIES	This option should be checked if connections will occur from behind a fire-wall. When checked, this option will append a unique string to the end of all remote host addresses. This is necessary to uniquely identify users having the same address. It uses NetScape cookies to do this so you are limited to non-cookie challenged browsers if you want to use this option.
CTCANCEL	CTCANCEL allows Sybernet to issue a ct_cancel to Sybase when the user clicks the STOP button on their browser. This option is now set by default. Prior to version 2.05 it was reset. If you are running Sybernet through an Open Server, CTCANCEL must not be set. When reset, Sybernet does not issue ct_cancel and instead throws the result sets away itself. Depending upon your stored procedure, this can take a long time. Also, the value for WRITETIMEOUT (although not ignored) is meaningless because the result sets are manually discarded. If you are not using Open Server, you will want to set this option so that result sets can be discarded immediately. In conjunction with the value for WRITETIMEOUT, this option determines how Sybernet is going to respond when the user clicks the STOP button.
DNS	Set this option to convert IP addresses to their Internet domain name-space equivalent.
DNS_REQUIRED	If checked and DNS is true, Sybernet will reject requests from an IP address that can't be resolved to an internet domain name-space.
SENDPARTIAL	Send Partial determines if Sybernet will use the Send Partial facility of WebSTAR. This option must be set if Sybernet is an asynchronous CGI and reset if Sybernet is a synchronous CGI. Forcing Sybernet to run as a synchronous CGI has its limitations. Any context-type other than text/html greater than 32K will not be delivered correctly. And the temporary file that is created when output exceeds 32K (and is unique for each client) is not removed! Running Sybernet as a synchronous CGI is NOT recommended.
UNSAFE	When TRUE, this option will enable a command line interface to Unix from the utility. It's a very dangerous option and should never be set, but if you do, make sure the utility is protected by your web server with a username and password. Commands are entered in the lower window. Output is sent to the upper window. You can change directories in this mode (using cd) and it will be remembered. Text in the output window (perhaps from a cat on a file) can be saved by clicking the Save as... button. UNSAFE mode may not be set from the utility. The default value is FALSE.

Monitor Settings

This section discusses the various monitor options that can be set and written to the Sybernet sumlog file. This is information passed from the Web server to Sybernet. Note too that everything after CSLIBERROR are also Sybernet reserved words.

Column	Description
CONNECTIONS	Information about users connecting to and disconnecting from your Sybase data server. By default, this is the only option that is set for monitoring.
CTLIBERROR	Open Client Errors. Open Client errors are always sent to the browser, but this option allows you to send them to the log file.
OSLIBERROR	Error messages and print statements from the Sybase server. Server messages are always sent to the browser, but this option allows you to send them to the log file.
CSLIBERROR	Client Server messages. Client Server messages are always sent to the browser, but this option allows you to send them to the log file.
RESPONSE	Result set sent to client. This can generate a tremendous amount of output!
POST	Post Request received from client. Actually, Sybernet will create two entries in the sumlog file for this option. The first entry will be the entire post request in its URI Encoded form. The second (and possibly subsequent) entries are the post request after URI decoding. Subsequent POST requests are possible when the original post request is separated by GO's or you are using FILTER=CGI and result sets are separated by <GO>'s.
DIRECT	The direct argument or extra path information.
SEARCH	Arguments to URL after the (?). In a URL request (method="get"), these are the parameters to your stored procedure and/or Sybernet reserved words.
SCRIPTNAME	This used to represent the URL name of script that invoked the stored procedure. This value (if specified) is now the name of the disk file where the results of your stored procedure are written. Setting this option tracks the Script Name sent to Sybernet and the Script Name that is set in a URL or POST request. For documents and scripts, you will see script name change as Sybernet attempts to locate this file.
HTTP_HEADER	This option displays the entire HTTP header sent to Sybernet. This can generate a tremendous amount of output.

Environmental Settings

This section discusses the various environment variables that can be defined for your system. Sybernet uses these to override the environment variables that started Sybernet. The one exception is LD_LIBRARY_PATH which is required when Sybernet is invoked, but even LD_LIBRARY_PATH is overridden when specified in the configuration file.

SYBERNET, SYBASE, and ORACLE must be absolute or relative path names to these directories. You cannot reference other environment variables when they are declared. They can, however, be used to define other environment variables in this section when that makes sense; for example, your HTDOCS environment variable can be defined as $SYBERNET/htdocs and your Oracle LIB directory can be defined as $ORACLE/lib. You can also reference environment variables that are declared in your start script, but this use is discouraged; for example, your Oracle LIB directory could also be defined as $ORACLE_HOME/lib.

Column

Description

SYBERNET

This is Sybernet's home directory. If Sybernet is your web server, you can place Sybernet anywhere you want. If Sybernet is not your web server, you probably want to place Sybernet underneath your web server (somewhere in its CGI-BIN folder), but this is not required.

SYBASE

SYBASE is the full path and directory name of your Sybase directory.

ORACLE

ORACLE is the full path and directory name of your Oracle directory. This is the same thing as ORACLE_HOME.

DSQUERY

DSQUERY represents the default host name of your Sybase SQL server. On Unix, this value was used to set the DSQUERY environment variable. On the Mac, an entry called DSQUERY needed to exist in your interfaces file. This value is now used instead.

If this option is not changed, Sybernet will continue to work as before.

LD_LIBRARY_PATH

LD_LIBRARY_PATH specifies your library search directories. This is a colon separated list. Although Sybernet sets this environment variable internally, LD_LIBRARY_PATH must be armed before you actually start Sybernet.

PATH

PATH specifies your binary search directories. This is a colon separated list.

NLS_DATE_FORMAT

This is the default date format used in Oracle. Any good Oracle programmer will tell you to never rely on this value; however, when used correctly, this option makes it possible to pass date values in your form screens as date parameters to your procedures.

HTDOCS

This is the path to your documents directory.

The default is ../htdocs.

CGIBIN

This is the path to your cgi-bin directory. Since version 2.05, Sybernet is now a true HTTP web server and can execute C programs in your cgi-bin directory. If you are familiar with Script Alias, this is essentially the same thing except the implementation is completely different.

Whereas Script Alias might define X to be Y, the usual convention would be to define cgi-bin as /usr/home/http/cgi-bin. CGIBIN can be either a relative or absolute path name. Your CGI's (including Sybernet.cgi) may refer to all or any part of this name; for example, if CGIBIN was defined as /usr/home/http/cgi-bin, your stored procedure could refer to Sybernet as /Sybernet.cgi, /cgi-bin/Sybernet.cgi, or /http/cgi-bin/Sybernet.cgi.

Like HTDOCS, no CGI's will be executed outside of this scope, even though the naming rules are different from what you might be used to.

The default is NULL, which means it defaults to the current working directory of Sybernet.

PROCNAME

PROCNAME is the name of the stored procedure Sybernet will use when signing a user on to Sybase. Normally, this is not needed since the form request specifies the name of the procedure; however, a URL request that points to Sybernet and does not specify a procedure name will be directed to the procedure indicated by this value.

If you've written your own default home page (and well you should), don't call it sp_html_login. Instead, use this attribute to point it to the name of your stored procedure. The purpose here is so that you don't lose your procedure when you install the latest scripts (my latest scripts).

The default is "sp_html_login."

PREFERENCES

PREFERENCES is the name of the stored procedure that retrieves user preferences. This procedure is called only when in the Interactive SQL procedure, or more specifically when FORMAT is ISQL, TEXTAREA, or TABLE. These are undocumented formats by the way, which is why only the Interactive SQL procedure uses this option.

The default is "http.sp_html_preferences."

GUESTUSERNAME

GUESTUSERNAME represents the username that Sybernet will use when it detects a username of "guest" or "anonymous."

The default is "anonymous."

GUESTPASSWORD

GUESTPASSWORD is the password for the GUESTUSERNAME, of course.

The default is anonymous.

NOTE: The guest password is displayed and stored in clear text. That is its purpose: to allow anonymous access to your server, should you desire.

PROXY

PROXY identifies the name of your proxy server. You can use this option instead of the COOKIES option to uniquely identify client addresses that originate from behind a firewall. This is necessary because Sybernet needs to differentiate between each user connection.

ERRORFILE

Sybernet now lets you define your own error file which is invoked automatically when a user fails to connect to Sybase. In addition, this file can contain special strings embedded anywhere in this file that are replaced with real text before this file is displayed; for example, the special string ^1 causes Sybernet to insert the user's login name. Consider the following example:

    <HTML>
    <BODY>
    <H3 ALIGN=CENTER>Sorry ^1, please try again</H3>
    </BODY>
    </HTML>

causes the following text to be displayed when user Charlie enters the wrong password:

Sorry Charlie, pleae try again

The standard error file can be defined from the preferences dialog box on the Mac or with the utility program under Unix. Although relative path names are allowed, you may not use Sybernet's environment variables to specify a path; for example, $HTDOCS/errorfile.html is not allowed. The proper way to specify this name would be ../htdocs/errorfile.html.

The following special strings are permitted in your standard error file:

^0
This pattern is replaced either by the message generated by Sybase or a message generated by Sybernet when the former is not present.
^1
This pattern is replaced by their username.
^2
This pattern is replaced by their password.
^3
This pattern is replaced by the name of the server (HOSTNAME) that they are attempting to connect to. If none was specified, this will be the value for DSQUERY.
^4
This pattern is replaced by their IP address or hostname.
^#
This pattern is replaced by the ordinal number from the list below:

As mentioned, the special string ^0 is normally the message generated by Sybase, but if no message is available or the message was created entirely by Sybernet, then that is the message you will see. The following are the messages Sybernet could produce:

There are too many user connections!
DSQUERY environment variable is not defined!
A username and password is required to access database!
Error allocating memory for this connection!
Unable to initialize context!
Unable to connect to Sybase!
Unable to allocate a command pointer!

The message "Unable to connect to Sybase" will almost always be replaced by a message created by Sybase.

Currently, we use this feature to display the exact same page back to the user with the username and password fields already filled in. In addition, a JavaScript alert is sent when the form is loaded using the onLoad event handler.

I was unable to actually use the exact same HTML page because JavaScript didn't permit me to assign the value for password. Instead, I copied the standard signon screen and made the following changes:

In the <BODY> tag I added the following onLoad command:

    <BODY onload="alert('^0');">

And for the two input fields (usercode and password) I added the following VALUE statements:

    <INPUT TYPE="TEXT" NAME="USERCODE" VALUE="^1">
    <INPUT TYPE="PASSWORD" NAME="PASSWORD" VALUE="^2">

I definitely prefer this over what I used to do, and if you don't, you can now create your own page that is more suitable to your environment. That is the purpose.

If no error file is defined, Sybernet will continue to create the error messages as it used to.

COMMONERRORFILE

The COMMONERRORFILE definition can be used to specify a default HTML file that is displayed when the Sybernet CGI detects an error while communicating with the Sybernet Server. These are errors you never want to see and possibly indicate something is seriously wrong. To cushion the user from such errors, you may wish to define your own HTML screen.

Do not confuse this definition with the ERRORFILE variable described above. That file is the HTML file that is displayed when a user fails to connect to Sybase while this file is displayed when a CGI error is detected.

Special characters may be embedded in the COMMONERRORFILE; for example, the special string ^# is replaced by the error number corresponding to one of the errors below, and ^1 is the actual text corresponding to that error number. Here's an example:

    <HTML>
    <BODY>
    <H1>Don't Panic!</H1>
    Sybernet detected the following error: ^1<P>
    Please attempt to resubmit your request.  If this message appears again,
    you should call the help desk at x1234.<P>
    </BODY>
    </HTML>

If you include JavaScript to parse the error number or error string, make sure you account for new values that might be added in a future release. The following errors are currently defined:

WRITING TO STREAM SOCKET FAILED
READING OK FROM STREAM SOCKET FAILED
UNABLE TO OPEN INTERNET STREAM SOCKET
UNABLE TO GET HOSTNAME CALLING GETHOSTNAME
INVALID SERVER NAME WHILE OPENING SOCKET
COULD NOT PROCURE SOCKET
SERVER NOT RUNNING. THE ATTEMPT TO START IT FAILED!
CONNECTION TO STREAM SOCKET FAILED
UNABLE TO READ CONTENTS OF CONFIGURATION FILE
REMOTE_HOST ENVIRONMENT VARIABLE IS UNDEFINED
CONNECTION TO SYBERNET SERVER TIMED OUT
MEMORY RESOURCES ARE RUNNING LOW
POST DATA IS TOO LARGE (MAKE IT SMALLER)
READING FROM WEB CLIENT FAILED
WRITING TO WEB CLIENT FAILED
ERROR READING RETURN RESULTS FROM SOCKET

NOTE: 14, 15, and 16 are never sent to the client's browser, but they are written to the log file.

The default COMMONERRORFILE name is undefined, and Sybernet will generate its own HTML page.

DEFAULTFORMAT

This setting allows you change the default value for FORMAT when no value is specified. Prior to version 1.78, the default was NONE. Now the default value may be explicitly specified as either NONE or SUPPRESSED.

SUMLOGFILENAME

This value is the name of the log file. Prior versions of Sybernet required that the log file be in the same directory as the binaries. You now may wish to place this file in your web servers logs directory, for example.

The servers must be cycled for the change to take place.

The default log file name is "Sybernet.sumlog."

SERVERFILENAME

This value is the name of the Sybernet server. Prior versions of Sybernet required that the servers reside in the same directory as the Sybernet cgi. This is no longer true. Changing its name is safe; changing its location is a bit more tricky because the configuration file is, by default, suppose to reside in the same directory as all Sybernet software.

If you change its name, make sure Sybernet is not running. Ideally, you should disable access to Sybase while this occurs.

If you change its location, then you must set the SYBERNET_CONFIG environment variable for your web server's username to point to the configuration file. A relative path name is not going to work. The complete path is required because once you set this environment variable, all software will use that name.

The default name is "Sybernet."

STATISTICS

This binary file is used by Sybernet and its child processes to accumulate statistics about each connection. This is the information (sans the number of hits) that is displayed when you click the Server Status link in the utility. The information is reset each time the server is started.

    struct statistics
    {
        int             fd;                 // Self Reference.
        unsigned long   version;            // myVersion.
        off_t           offset;             // Offset in statistics file for this row.
        unsigned long   hits;               // Total hits.
        unsigned long   bytesReceived;      // Total bytes read.
        unsigned long   bytesTransmitted;   // Total bytes written.
        unsigned long   minConnections;     // Number of current connections.
        unsigned long   maxConnections;     // Max connections at one time.
        unsigned long   activeTime;         // Total time server was active (in seconds).
        unsigned long   elapsedTime;        // Total time server was running (in seconds).
    }   ;

The default name is "Sybernet.statistics."

CONFIGFILENAME

The name of the configuration file is not stored in the configuration file; however, its name may be specified with a real Unix environment variable that is set for your web server. The name of this environment variable is called SYBERNET_CONFIG.

In a shell script, for example, you might define it this way:

    setenv SYBERNET_CONFIG $cwd"/config/Sybernet.config"

The default name is "Sybernet.config."

SENDMAIL

This is the name of your Unix sendmail program. It is called by Sybernet Sendmail.

The default name is "/usr/bin/sendmail."

ORGANIZATION

This value is included as the Organization name when sending mail.

COOKIE

This defines the actual name of the cookie that is set when IP addresses are not unique because you are using a proxy server or because the COOKIES option is set.

Do not change this name if you are currently using cookies and there are open connections.

The default is "CUSTOMER."

QUIT

This option defines the URL that a user is directed to when they disconnect from Sybase. The QUIT command is the one URL path name that Sybernet recognizes as a request to disconnect. All other path names represent Sybase stored procedures.

Prior to version 1.97 this option was not configurable and QUIT requests were redirected to the URL of your home page. As of version 1.97 this option may be any valid (or invalid) URL.

Be sure to append a slash (/) if the URL represents a folder or directory; be sure to omit the slash if the URL represents a static HTML page.

The default is "http://" + ServerName + "/" where ServerName is the name of your web server.<

USER

If you start Sybernet as root, this attribute determines the username that you want Sybernet to run as. You have to start Sybernet as root if you specify a port number less than 1024. This is the SOCKETS option.

The default is NULL.

GROUP

If you start Sybernet as root and USER is not NULL, this option specifies the group name to run Sybernet from.

The default is NULL.

DISALLOW

This variable contains a comma separated list of host names or IP addresses that are disallowed access to Sybernet. Sybernet will add entries to this list automatically whenever a client attempts to access too many invalid documents. This usually indicates someone attempting to compromise your site. Addresses can contain the usual wild-card character (*) to specify an entire node.

HELPDESK

You can use this option to display text whenever Sybernet generates a NOT FOUND or FORBIDDEN message. As its name implies, this might be contact information for your users when they are having problems.

EPILOGUE

This variable defines the name of a stored procedure that is automatically called whenever an idle connection has timed out. Its purpose is to allow your epilogue procedure to perform whatever cleanup is needed when a user is disconnected.

If defined, you want to make sure that execute permission has been granted to public and that the procedure either resides in sybsystemprocs or its name is fully qualified.

DOMAIN

This option allows you to run Sybernet in AF_INET or AF_UNIX domains.

SEPARATOR

This is also known as the explicit-path separator. It is used to separate the path to sybernet (or Sybernet.cgi) with the name of your stored procedure. The default is a dollar-sign ($) which must agree with the separator used by your web server if Sybernet is not your web server.

Scout Settings

This section is required if your site uses client certificates to connect to your Oracle database. Sybercron will also use these definitions when no username and password is specified in its start script.

Column	Description
USERNAME	The username to connect to Oracle. This user must have the ability to alter a user's password if you use client certificates. If used as the username for Sybercron, this user must be able to do about just anything.
PASSWORD	The password to connect to Oracle. Password is stored encrypted in the configuration file, but is never displayed in the utility. You can, however, define or change this password with the utility.

Invisible Settings

This section contains a description of information contained in the configuration file that is normally not shown to anyone. It is documented here for completeness.

Column	Description
VERSION	This string value corresponds to the current version of Sybernet running on your system. This value will be used to help you update to newer versions of Sybernet.
VIRGIN	This Boolean value (set to true) is present only if Sybernet is being installed for the first time. Its name and value is removed after a successful installation.
REGISTER	This is your Sybernet registration number. Registration numbers are decrypted and matched to the host name of your Web Server. As of version 1.65, this value can be either the name of your Web Server (single user license) or a site name (site license).
REGISTERED	This Boolean value (true or false) indicates whether or not Sybernet is registered for your system.
REGISTEREDNAME	This string value represents the decrypted host name or site name from your registration number. If Sybernet is saying your version is still unregistered, then the problem is the name submitted for registration is not the same name sent by your server to Sybernet.
AUTHORIZATION	This uuencoded string is the username and password you submitted to password protect the utility when using Sybernet as your web server. Only basic authorization is supported. If Sybernet is not used as your web server, authorization is accomplished with Netscape cookies.
LDAP	This node exists for each directory server you have defined. This is the only entry in the configuration file that is URI encoded.

Memory Status

Clicking the Memory Status link displays the total memory used by all servers (and their children) in a bar chart. There is an example in this screen shot.

By default, this link does not appear unless you have created a Java directory in your htdocs directory and copied the applet barChart.class to this folder. The applet and a read-me file are in the htdocs directory. The utility does not install this.

Unix

Clicking the Unix link (if it exists) brings up two edit windows that allow you to submit commands to your Unix system. The bottom window is for entering commands and the upper window is where the result of that command is displayed. The output window can also be saved to a Unix file by clicking the Save as... button. There is an example in this screen shot.

By default this link does not appear and enabling it is not recommended. If you do enable it, you'll want to make sure the utility is password protected by your web server.

The Unix link can be enabled by manually editing the Sybernet configuration file and setting the variable UNSAFE to TRUE. You can neither set nor reset this option with the utility.

Entering the Unix command CD to change your working directory is safe to use. The utility program captures your working directory and sets it appropriately each time you submit the bottom window.

To edit a file, simply CAT it to the upper window, make the desired change, and click the Save as... button. This brings up a JavaScript prompt dialog where you can enter the name of the file to create.

Clicking the Unix link resets everything including your current working directory and the last name you specified when you clicked on Save as...

Directory Services

Version 2.04 introduced the ability to search an LDAP database. This facility has been available at SRI International for some time, but not until the ability to search multiple directory servers was added has then been available in the share-ware version. There is an example in this screen shot.

At SRI International we use this facility to look up usernames based on a user's certificate. When found, a time-based password is generated by Sybernet and passed to an Open Server that validates this password and connects users to the Sybase SQL Server. This Open Server code, however, is proprietary to SRI International and is not included as part of Sybernet.

The share-ware version of Sybernet will let you use this facility to retrieve usernames and passwords from an LDAP database. Passwords must be retrieved in clear-text because that is how they are passed to Sybase. It is up to you to lock this attribute from anonymous users.

A user is validated against a directory server anytime they connect with a certificate. To do this, USERCODE and PASSWORD must be NULL and HOSTNAME must be set to the host name of your SQL server. This can be accomplished with a form screen or URL. The latter might resemble this:

    http://Sybernet.sri.com/cgi-bin/Sybernet.cgi$sp_html_login?@hostname=%22Marnier%22

Connecting with a certificate can be as fast as connecting with a static password. After Sybernet has initialized all directory services (which occurs anytime a user certificate is not found), a single call to the directory server is usually all that is required to validate a certificate.

A user can have more than one certificate in an LDAP database. A user can also exist in more than one LDAP database. The only thing you might want to avoid is a user with the same certificate in multiple LDAP databases that map to different usernames. That's going to confuse you as much as it confuses Sybernet.

Certificates may be added to your directory server at anytime. Sybernet does not need to be restarted when this happens because it always reinitializes all directory services whenever a certificate is not found. Certificates may also be deleted at anytime. This works because Sybernet always validates certificates against the directory server whenever a user connects with one.

Changing the information on this screen, however, usually means you need to restart Sybernet to have these changes applied.

Directory Server Configuration Options

Column	Description
LDAPSEARCH	Specifies the path and filename to ldapsearch. For Netscape servers you will find this utility in your servers bin/slapd/server directory.
BASEDN	Specifies the base location in the directory from which the search will start. The value specified here must be a distinguished name that currently exists in the database. This parameter is optional if the LDAP_BASEDN environment variable has been set to a base DN.
HOSTNAME	Specifies the name of the host on which the LDAP server is running. If you do not specify this option, localhost is used.
PORT	Specifies the port on which the LDAP server is running. If you do not specify this option, either 389 (if the LDAP server is not using SSL), or 636 (if the LDAP server is using SSL and if you specify SSL) are used.
SSL	Specifies that Sybernet connects to the LDAP server using SSL. Use this option if you are connecting to a secure LDAP server
PATHNAME	Specifies the path to the certificate database (for example, ~/.netscape /cert5.db). Use this option if you are connecting to an LDAP server over SSL and if you have checked the SSL option.
BINDDN	Specifies the distinguished name that you want to authenticate as. This DN must have access privileges to add entries to the directory. If you do not specify this option, anonymous authentication is used.
PASSWD	Specifies the password for the DN that you want to authenticate as. If you do not specify this option, anonymous authentication is used.
USERCODE	Specifies the name of the attribute that is to be returned from your database that corresponds to their username in Sybase; for example, if uid is used as their username, you will want to enter uid in this field.
PASSWORD	Specifies the name of the attribute that is to be returned from your database that corresponds to their password in Sybase; for example, if userpassword is used as their password, you will want to enter userpassword in this field. Sybase passwords must be available in clear text. For this reason you may wish to lock this attribute from the casual user and give Sybernet the appropriate permission to extract this value. Time-based passwords are generated automatically by Sybernet if you leave this field blank; however, use of this option requires an Open Server to validate and connect users to your Sybase SQL server.
USERCERTIFICATE	Specifies the name of the attribute that is to be returned when validating user certificates. User certificates are usually denoted as usercertificate;binary or usersmimecertificate;binary. In either case, this is the attribute name that is used to validate user certificates in your database.

The buttons on the bottom of this screen allow you to save or drop information about a directory server. You can scroll forward or backward with the NEXT and PREV buttons, or create a new entry with the NEW button.

Each time you retrieve a page from this screen, the utility will also execute LDAPSEARCH with the information you provided and return a count of the number of things it found. This feed-back lets you know whether or not the information you provided is valid, of course.

Authorization

Since version 2.05, Sybernet is now a true HTTP server. This link allows you password protect the Sybernet Utility from unauthorized access. Note that only basic authorization is supported.

The Authorization screen prompts you for both a username and password. This username and password is encoded and then prompted for whenever a request to access the utility is made.

If Sybernet is not used as your web server, you can still use this screen to password protect the utility. The authorization is exactly the same except that it uses cookies to pass this information to the utility.