Tree - rpms/httpd - CentOS Git server

rpms / httpd

Files

Commit: fd6452a0f2d4aa85e5f8e757be7f0b89511cdf0e

Blob Blame History Raw

 diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
index c119a7e..267150a 100644
--- a/modules/proxy/ajp.h
+++ b/modules/proxy/ajp.h
@@ -413,12 +413,14 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg);
  * @param sock      backend socket
  * @param r         current request
  * @param buffsize  max size of the AJP packet.
+ * @param secret    authentication secret
  * @param uri       requested uri
  * @return          APR_SUCCESS or error
  */
 apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
                              apr_size_t buffsize,
-                             apr_uri_t *uri);
+                             apr_uri_t *uri,
+                             const char *secret);
 
 /**
  * Read the ajp message and return the type of the message.
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
index 67353a7..680a8f3 100644
--- a/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp_header.c
@@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST=
 
 static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
                                           request_rec *r,
-                                          apr_uri_t *uri)
+                                          apr_uri_t *uri,
+                                          const char *secret)
 {
     int method;
     apr_uint32_t i, num_headers = 0;
@@ -293,17 +294,15 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
                    i, elts[i].key, elts[i].val);
     }
 
-/* XXXX need to figure out how to do this
-    if (s->secret) {
+    if (secret) {
         if (ajp_msg_append_uint8(msg, SC_A_SECRET) ||
-            ajp_msg_append_string(msg, s->secret)) {
+            ajp_msg_append_string(msg, secret)) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(03228)
-                   "Error ajp_marshal_into_msgb - "
+                   "ajp_marshal_into_msgb: "
                    "Error appending secret");
             return APR_EGENERAL;
         }
     }
- */
 
     if (r->user) {
         if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
@@ -671,7 +670,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
 apr_status_t ajp_send_header(apr_socket_t *sock,
                              request_rec *r,
                              apr_size_t buffsize,
-                             apr_uri_t *uri)
+                             apr_uri_t *uri,
+                             const char *secret)
 {
     ajp_msg_t *msg;
     apr_status_t rc;
@@ -683,7 +683,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock,
         return rc;
     }
 
-    rc = ajp_marshal_into_msgb(msg, r, uri);
+    rc = ajp_marshal_into_msgb(msg, r, uri, secret);
     if (rc != APR_SUCCESS) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
                "ajp_send_header: ajp_marshal_into_msgb failed");
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index f6fb473..f693f63 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -314,6 +314,12 @@ static const char *set_worker_param(apr_pool_t *p,
                                 (int)sizeof(worker->s->upgrade));
         }
     }
+    else if (!strcasecmp(key, "secret")) {
+        if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
+            return apr_psprintf(p, "Secret length must be < %d characters",
+                                (int)sizeof(worker->s->secret));
+        }
+    }
     else {
         if (set_worker_hc_param_f) {
             return set_worker_hc_param_f(p, s, worker, key, val, NULL);
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
index 8a0ad10..f92c185 100644
--- a/modules/proxy/mod_proxy.h
+++ b/modules/proxy/mod_proxy.h
@@ -352,6 +352,7 @@ PROXY_WORKER_HC_FAIL )
 #define PROXY_WORKER_MAX_HOSTNAME_SIZE  64
 #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
 #define PROXY_BALANCER_MAX_STICKY_SIZE  64
+#define PROXY_WORKER_MAX_SECRET_SIZE    64
 
 /* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,
  * dotted together(?) this would fit the below size (+ trailing NUL).
@@ -443,6 +444,7 @@ typedef struct {
     hcmethod_t      method;     /* method to use for health check */
     apr_interval_time_t interval;
     char      upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */
+    char      secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
 } proxy_worker_shared;
 
 #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index 051724e..e706518 100644
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
     apr_off_t content_length = 0;
     int original_status = r->status;
     const char *original_status_line = r->status_line;
+    const char *secret = NULL;
 
     if (psf->io_buffer_size_set)
        maxsize = psf->io_buffer_size;
@@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
        maxsize = AJP_MSG_BUFFER_SZ;
     maxsize = APR_ALIGN(maxsize, 1024);
 
+    if (*conn->worker->s->secret)
+        secret = conn->worker->s->secret;
+
     /*
      * Send the AJP request to the remote server
      */
 
     /* send request headers */
-    status = ajp_send_header(conn->sock, r, maxsize, uri);
+    status = ajp_send_header(conn->sock, r, maxsize, uri, secret);
     if (status != APR_SUCCESS) {
         conn->close = 1;
         ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)

	diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
	index c119a7e..267150a 100644
	--- a/modules/proxy/ajp.h
	+++ b/modules/proxy/ajp.h
	@@ -413,12 +413,14 @@ apr_status_t ajp_ilink_receive(apr_socket_t sock, ajp_msg_t msg);
	* @param sock backend socket
	* @param r current request
	* @param buffsize max size of the AJP packet.
	+ * @param secret authentication secret
	* @param uri requested uri
	* @return APR_SUCCESS or error
	*/
	apr_status_t ajp_send_header(apr_socket_t sock, request_rec r,
	apr_size_t buffsize,
	- apr_uri_t *uri);
	+ apr_uri_t *uri,
	+ const char *secret);

	/**
	* Read the ajp message and return the type of the message.
	diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
	index 67353a7..680a8f3 100644
	--- a/modules/proxy/ajp_header.c
	+++ b/modules/proxy/ajp_header.c
	@@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST=

	static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
	request_rec *r,
	- apr_uri_t *uri)
	+ apr_uri_t *uri,
	+ const char *secret)
	{
	int method;
	apr_uint32_t i, num_headers = 0;
	@@ -293,17 +294,15 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
	i, elts[i].key, elts[i].val);
	}

	-/* XXXX need to figure out how to do this
	- if (s->secret) {
	+ if (secret) {
	if (ajp_msg_append_uint8(msg, SC_A_SECRET) \|\|
	- ajp_msg_append_string(msg, s->secret)) {
	+ ajp_msg_append_string(msg, secret)) {
	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(03228)
	- "Error ajp_marshal_into_msgb - "
	+ "ajp_marshal_into_msgb: "
	"Error appending secret");
	return APR_EGENERAL;
	}
	}
	- */

	if (r->user) {
	if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) \|\|
	@@ -671,7 +670,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
	apr_status_t ajp_send_header(apr_socket_t *sock,
	request_rec *r,
	apr_size_t buffsize,
	- apr_uri_t *uri)
	+ apr_uri_t *uri,
	+ const char *secret)
	{
	ajp_msg_t *msg;
	apr_status_t rc;
	@@ -683,7 +683,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock,
	return rc;
	}

	- rc = ajp_marshal_into_msgb(msg, r, uri);
	+ rc = ajp_marshal_into_msgb(msg, r, uri, secret);
	if (rc != APR_SUCCESS) {
	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
	"ajp_send_header: ajp_marshal_into_msgb failed");
	diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
	index f6fb473..f693f63 100644
	--- a/modules/proxy/mod_proxy.c
	+++ b/modules/proxy/mod_proxy.c
	@@ -314,6 +314,12 @@ static const char set_worker_param(apr_pool_t p,
	(int)sizeof(worker->s->upgrade));
	}
	}
	+ else if (!strcasecmp(key, "secret")) {
	+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
	+ return apr_psprintf(p, "Secret length must be < %d characters",
	+ (int)sizeof(worker->s->secret));
	+ }
	+ }
	else {
	if (set_worker_hc_param_f) {
	return set_worker_hc_param_f(p, s, worker, key, val, NULL);
	diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
	index 8a0ad10..f92c185 100644
	--- a/modules/proxy/mod_proxy.h
	+++ b/modules/proxy/mod_proxy.h
	@@ -352,6 +352,7 @@ PROXY_WORKER_HC_FAIL )
	#define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
	#define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
	#define PROXY_BALANCER_MAX_STICKY_SIZE 64
	+#define PROXY_WORKER_MAX_SECRET_SIZE 64

	/* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,
	* dotted together(?) this would fit the below size (+ trailing NUL).
	@@ -443,6 +444,7 @@ typedef struct {
	hcmethod_t method; /* method to use for health check */
	apr_interval_time_t interval;
	char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */
	+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
	} proxy_worker_shared;

	#define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
	diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
	index 051724e..e706518 100644
	--- a/modules/proxy/mod_proxy_ajp.c
	+++ b/modules/proxy/mod_proxy_ajp.c
	@@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool_t p, request_rec r,
	apr_off_t content_length = 0;
	int original_status = r->status;
	const char *original_status_line = r->status_line;
	+ const char *secret = NULL;

	if (psf->io_buffer_size_set)
	maxsize = psf->io_buffer_size;
	@@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool_t p, request_rec r,
	maxsize = AJP_MSG_BUFFER_SZ;
	maxsize = APR_ALIGN(maxsize, 1024);

	+ if (*conn->worker->s->secret)
	+ secret = conn->worker->s->secret;
	+
	/*
	* Send the AJP request to the remote server
	*/

	/* send request headers */
	- status = ajp_send_header(conn->sock, r, maxsize, uri);
	+ status = ajp_send_header(conn->sock, r, maxsize, uri, secret);
	if (status != APR_SUCCESS) {
	conn->close = 1;
	ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)

rpms / httpd

Source Code

Files