|
 |
5072c65 |
--- httpd-2.4.34/modules/proxy/ajp_header.c.r1738878
|
|
|
5072c65 |
+++ httpd-2.4.34/modules/proxy/ajp_header.c
|
|
|
c7d07f3 |
@@ -213,7 +213,8 @@
|
|
 |
c58fda3 |
|
|
|
c58fda3 |
static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
|
|
|
c58fda3 |
request_rec *r,
|
|
|
c58fda3 |
- apr_uri_t *uri)
|
|
|
c58fda3 |
+ apr_uri_t *uri,
|
|
|
c58fda3 |
+ const char *secret)
|
|
|
c58fda3 |
{
|
|
|
c58fda3 |
int method;
|
|
|
c58fda3 |
apr_uint32_t i, num_headers = 0;
|
|
|
c7d07f3 |
@@ -293,17 +294,15 @@
|
|
|
c58fda3 |
i, elts[i].key, elts[i].val);
|
|
|
c58fda3 |
}
|
|
|
c58fda3 |
|
|
|
c58fda3 |
-/* XXXX need to figure out how to do this
|
|
|
c58fda3 |
- if (s->secret) {
|
|
|
c58fda3 |
+ if (secret) {
|
|
|
c58fda3 |
if (ajp_msg_append_uint8(msg, SC_A_SECRET) ||
|
|
|
c58fda3 |
- ajp_msg_append_string(msg, s->secret)) {
|
|
|
c58fda3 |
+ ajp_msg_append_string(msg, secret)) {
|
|
|
c58fda3 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(03228)
|
|
|
c58fda3 |
- "Error ajp_marshal_into_msgb - "
|
|
|
c58fda3 |
+ "ajp_marshal_into_msgb: "
|
|
|
c58fda3 |
"Error appending secret");
|
|
|
c58fda3 |
return APR_EGENERAL;
|
|
|
c58fda3 |
}
|
|
|
c58fda3 |
}
|
|
|
c58fda3 |
- */
|
|
|
c58fda3 |
|
|
|
c58fda3 |
if (r->user) {
|
|
|
c58fda3 |
if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
|
|
|
c7d07f3 |
@@ -671,7 +670,8 @@
|
|
|
c58fda3 |
apr_status_t ajp_send_header(apr_socket_t *sock,
|
|
|
c58fda3 |
request_rec *r,
|
|
|
c58fda3 |
apr_size_t buffsize,
|
|
|
c58fda3 |
- apr_uri_t *uri)
|
|
|
c58fda3 |
+ apr_uri_t *uri,
|
|
|
c58fda3 |
+ const char *secret)
|
|
|
c58fda3 |
{
|
|
|
c58fda3 |
ajp_msg_t *msg;
|
|
|
c58fda3 |
apr_status_t rc;
|
|
|
c7d07f3 |
@@ -683,7 +683,7 @@
|
|
|
c58fda3 |
return rc;
|
|
|
c58fda3 |
}
|
|
|
c58fda3 |
|
|
|
c58fda3 |
- rc = ajp_marshal_into_msgb(msg, r, uri);
|
|
|
c58fda3 |
+ rc = ajp_marshal_into_msgb(msg, r, uri, secret);
|
|
|
c58fda3 |
if (rc != APR_SUCCESS) {
|
|
|
c58fda3 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
|
|
|
c58fda3 |
"ajp_send_header: ajp_marshal_into_msgb failed");
|
|
|
5072c65 |
--- httpd-2.4.34/modules/proxy/ajp.h.r1738878
|
|
|
5072c65 |
+++ httpd-2.4.34/modules/proxy/ajp.h
|
|
|
c7d07f3 |
@@ -413,12 +413,14 @@
|
|
|
c7d07f3 |
* @param sock backend socket
|
|
|
c7d07f3 |
* @param r current request
|
|
|
c7d07f3 |
* @param buffsize max size of the AJP packet.
|
|
|
c7d07f3 |
+ * @param secret authentication secret
|
|
|
c7d07f3 |
* @param uri requested uri
|
|
|
c7d07f3 |
* @return APR_SUCCESS or error
|
|
|
c7d07f3 |
*/
|
|
|
c7d07f3 |
apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
|
|
|
c7d07f3 |
apr_size_t buffsize,
|
|
|
c7d07f3 |
- apr_uri_t *uri);
|
|
|
c7d07f3 |
+ apr_uri_t *uri,
|
|
|
c7d07f3 |
+ const char *secret);
|
|
|
c58fda3 |
|
|
|
c7d07f3 |
/**
|
|
|
c7d07f3 |
* Read the ajp message and return the type of the message.
|
|
|
5072c65 |
--- httpd-2.4.34/modules/proxy/mod_proxy_ajp.c.r1738878
|
|
|
5072c65 |
+++ httpd-2.4.34/modules/proxy/mod_proxy_ajp.c
|
|
|
c7d07f3 |
@@ -193,6 +193,7 @@
|
|
|
c58fda3 |
apr_off_t content_length = 0;
|
|
|
c58fda3 |
int original_status = r->status;
|
|
|
c58fda3 |
const char *original_status_line = r->status_line;
|
|
|
c58fda3 |
+ const char *secret = NULL;
|
|
|
c58fda3 |
|
|
|
c58fda3 |
if (psf->io_buffer_size_set)
|
|
|
c58fda3 |
maxsize = psf->io_buffer_size;
|
|
|
c7d07f3 |
@@ -202,12 +203,15 @@
|
|
|
c58fda3 |
maxsize = AJP_MSG_BUFFER_SZ;
|
|
|
c58fda3 |
maxsize = APR_ALIGN(maxsize, 1024);
|
|
|
c58fda3 |
|
|
|
c58fda3 |
+ if (*conn->worker->s->secret)
|
|
|
c58fda3 |
+ secret = conn->worker->s->secret;
|
|
|
c58fda3 |
+
|
|
|
c58fda3 |
/*
|
|
|
c58fda3 |
* Send the AJP request to the remote server
|
|
|
c58fda3 |
*/
|
|
|
c58fda3 |
|
|
|
c58fda3 |
/* send request headers */
|
|
|
c58fda3 |
- status = ajp_send_header(conn->sock, r, maxsize, uri);
|
|
|
c58fda3 |
+ status = ajp_send_header(conn->sock, r, maxsize, uri, secret);
|
|
|
c58fda3 |
if (status != APR_SUCCESS) {
|
|
|
c58fda3 |
conn->close = 1;
|
|
|
c58fda3 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)
|
|
|
5072c65 |
--- httpd-2.4.34/modules/proxy/mod_proxy.c.r1738878
|
|
|
5072c65 |
+++ httpd-2.4.34/modules/proxy/mod_proxy.c
|
|
|
5072c65 |
@@ -319,6 +319,12 @@
|
|
|
c7d07f3 |
(int)sizeof(worker->s->upgrade));
|
|
|
c7d07f3 |
}
|
|
|
c7d07f3 |
}
|
|
|
c7d07f3 |
+ else if (!strcasecmp(key, "secret")) {
|
|
|
c7d07f3 |
+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
|
|
|
c7d07f3 |
+ return apr_psprintf(p, "Secret length must be < %d characters",
|
|
|
c7d07f3 |
+ (int)sizeof(worker->s->secret));
|
|
|
c7d07f3 |
+ }
|
|
|
c7d07f3 |
+ }
|
|
|
5072c65 |
else if (!strcasecmp(key, "responsefieldsize")) {
|
|
|
5072c65 |
long s = atol(val);
|
|
|
5072c65 |
if (s < 0) {
|
|
|
5072c65 |
--- httpd-2.4.34/modules/proxy/mod_proxy.h.r1738878
|
|
|
5072c65 |
+++ httpd-2.4.34/modules/proxy/mod_proxy.h
|
|
|
5072c65 |
@@ -357,6 +357,7 @@
|
|
|
c7d07f3 |
#define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
|
|
|
c7d07f3 |
#define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
|
|
|
c7d07f3 |
#define PROXY_BALANCER_MAX_STICKY_SIZE 64
|
|
|
c7d07f3 |
+#define PROXY_WORKER_MAX_SECRET_SIZE 64
|
|
|
c7d07f3 |
|
|
|
c7d07f3 |
#define PROXY_RFC1035_HOSTNAME_SIZE 256
|
|
|
c7d07f3 |
|
|
|
5072c65 |
@@ -453,6 +454,7 @@
|
|
|
c7d07f3 |
char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */
|
|
|
5072c65 |
apr_size_t response_field_size; /* Size of proxy response buffer in bytes. */
|
|
|
5072c65 |
unsigned int response_field_size_set:1;
|
|
|
c7d07f3 |
+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
|
|
|
c7d07f3 |
} proxy_worker_shared;
|
|
|
c7d07f3 |
|
|
|
c7d07f3 |
#define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
|