View | Details | Raw Unified | Return to bug 37355
Collapse All | Expand All

(-)mod_proxy.c.orig (-11 / +25 lines)
Lines 434-440 Link Here
434
                /* handle the scheme */
434
                /* handle the scheme */
435
                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
435
                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
436
                             "Trying to run scheme_handler against proxy");
436
                             "Trying to run scheme_handler against proxy");
437
                access_status = proxy_run_scheme_handler(r, conf, url, ents[i].hostname, ents[i].port);
437
                access_status = proxy_run_scheme_handler(r, conf, url, ents[i].hostname, ents[i].port, ents[i].auth);
438
438
439
                /* an error or success */
439
                /* an error or success */
440
                if (access_status != DECLINED && access_status != HTTP_BAD_GATEWAY) {
440
                if (access_status != DECLINED && access_status != HTTP_BAD_GATEWAY) {
Lines 453-459 Link Here
453
    /* handle the scheme */
453
    /* handle the scheme */
454
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
454
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
455
                 "Trying to run scheme_handler");
455
                 "Trying to run scheme_handler");
456
    access_status = proxy_run_scheme_handler(r, conf, url, NULL, 0);
456
    access_status = proxy_run_scheme_handler(r, conf, url, NULL, 0, NULL);
457
    if (DECLINED == access_status) {
457
    if (DECLINED == access_status) {
458
        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
458
        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
459
                    "proxy: No protocol handler was valid for the URL %s. "
459
                    "proxy: No protocol handler was valid for the URL %s. "
Lines 558-564 Link Here
558
    proxy_server_conf *conf =
558
    proxy_server_conf *conf =
559
    (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
559
    (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
560
    struct proxy_remote *new;
560
    struct proxy_remote *new;
561
    char *p, *q;
561
    char *p, *q, *a;
562
    char *r, *f, *scheme;
562
    char *r, *f, *scheme;
563
    regex_t *reg = NULL;
563
    regex_t *reg = NULL;
564
    int port;
564
    int port;
Lines 574-582 Link Here
574
            return "ProxyRemote: Bad syntax for a remote proxy server";
574
            return "ProxyRemote: Bad syntax for a remote proxy server";
575
    }
575
    }
576
    else {
576
    else {
577
        scheme[p-r] = 0;
577
        scheme[p-r] = '\0';
578
    }
578
    }
579
    q = strchr(p + 3, ':');
579
    *p = '\0';   /* terminate r (scheme) */
580
    p+=3;
581
    /* may extract authentication string */
582
    q = strchr(p, '@');
583
    if (q != NULL) {
584
        *q = '\0';
585
        a = ap_pbase64encode(cmd->pool, p);
586
        p = q;
587
        p+=1;
588
    }
589
    else
590
        a = NULL;
591
    /* may extract port */
592
    q = strchr(p, ':');
580
    if (q != NULL) {
593
    if (q != NULL) {
581
        if (sscanf(q + 1, "%u", &port) != 1 || port > 65535) {
594
        if (sscanf(q + 1, "%u", &port) != 1 || port > 65535) {
582
            if (regex)
595
            if (regex)
Lines 587-594 Link Here
587
        *q = '\0';
600
        *q = '\0';
588
    }
601
    }
589
    else
602
    else
590
        port = -1;
603
        port = -1;  /* use default port of scheme */
591
    *p = '\0';
592
    if (regex) {
604
    if (regex) {
593
        reg = ap_pregcomp(cmd->pool, f, REG_EXTENDED);
605
        reg = ap_pregcomp(cmd->pool, f, REG_EXTENDED);
594
        if (!reg)
606
        if (!reg)
Lines 597-603 Link Here
597
    else
609
    else
598
        if (strchr(f, ':') == NULL)
610
        if (strchr(f, ':') == NULL)
599
            ap_str_tolower(f);		/* lowercase scheme */
611
            ap_str_tolower(f);		/* lowercase scheme */
600
    ap_str_tolower(p + 3);		/* lowercase hostname */
612
    ap_str_tolower(p);		/* lowercase hostname */
601
613
602
    if (port == -1) {
614
    if (port == -1) {
603
        port = apr_uri_port_of_scheme(scheme);
615
        port = apr_uri_port_of_scheme(scheme);
Lines 606-613 Link Here
606
    new = apr_array_push(conf->proxies);
618
    new = apr_array_push(conf->proxies);
607
    new->scheme = f;
619
    new->scheme = f;
608
    new->protocol = r;
620
    new->protocol = r;
609
    new->hostname = p + 3;
621
    new->hostname = p;
610
    new->port = port;
622
    new->port = port;
623
    new->auth = a;
611
    new->regexp = reg;
624
    new->regexp = reg;
612
    new->use_regex = regex;
625
    new->use_regex = regex;
613
    return NULL;
626
    return NULL;
Lines 1148-1155 Link Here
1148
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(proxy, PROXY, int, scheme_handler, 
1161
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(proxy, PROXY, int, scheme_handler, 
1149
                                     (request_rec *r, proxy_server_conf *conf, 
1162
                                     (request_rec *r, proxy_server_conf *conf, 
1150
                                     char *url, const char *proxyhost, 
1163
                                     char *url, const char *proxyhost, 
1151
                                     apr_port_t proxyport),(r,conf,url,
1164
                                     apr_port_t proxyport, const char *proxyauth),
1152
                                     proxyhost,proxyport),DECLINED)
1165
                                     (r,conf,url, proxyhost,proxyport,proxyauth),
1166
                                     DECLINED)
1153
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(proxy, PROXY, int, canon_handler, 
1167
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(proxy, PROXY, int, canon_handler, 
1154
                                     (request_rec *r, char *url),(r,
1168
                                     (request_rec *r, char *url),(r,
1155
                                     url),DECLINED)
1169
                                     url),DECLINED)
(-)mod_proxy.h.orig (-1 / +3 lines)
Lines 92-97 Link Here
92
struct proxy_remote {
92
struct proxy_remote {
93
    const char *scheme;		/* the schemes handled by this proxy, or '*' */
93
    const char *scheme;		/* the schemes handled by this proxy, or '*' */
94
    const char *protocol;	/* the scheme used to talk to this proxy */
94
    const char *protocol;	/* the scheme used to talk to this proxy */
95
    const char *auth;           /* base64encode(<proxyuser>:<proxypasswd>) */
95
    const char *hostname;	/* the hostname of this proxy */
96
    const char *hostname;	/* the hostname of this proxy */
96
    apr_port_t  port;		/* the port for this proxy */
97
    apr_port_t  port;		/* the port for this proxy */
97
    regex_t *regexp;		/* compiled regex (if any) for the remote */
98
    regex_t *regexp;		/* compiled regex (if any) for the remote */
Lines 213-219 Link Here
213
214
214
APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, scheme_handler, (request_rec *r, 
215
APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, scheme_handler, (request_rec *r, 
215
                          proxy_server_conf *conf, char *url, 
216
                          proxy_server_conf *conf, char *url, 
216
                          const char *proxyhost, apr_port_t proxyport))
217
                          const char *proxyhost, apr_port_t proxyport, 
218
                          const char *proxyauth))
217
APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, canon_handler, (request_rec *r, 
219
APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, canon_handler, (request_rec *r, 
218
                          char *url))
220
                          char *url))
219
221
(-)proxy_connect.c.orig (-2 / +2 lines)
Lines 26-32 Link Here
26
int ap_proxy_connect_canon(request_rec *r, char *url);
26
int ap_proxy_connect_canon(request_rec *r, char *url);
27
int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf, 
27
int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf, 
28
                             char *url, const char *proxyname, 
28
                             char *url, const char *proxyname, 
29
                             apr_port_t proxyport);
29
                             apr_port_t proxyport, const char *proxyauth);
30
30
31
/*  
31
/*  
32
 * This handles Netscape CONNECT method secure proxy requests.
32
 * This handles Netscape CONNECT method secure proxy requests.
Lines 80-86 Link Here
80
/* CONNECT handler */
80
/* CONNECT handler */
81
int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf, 
81
int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf, 
82
                             char *url, const char *proxyname, 
82
                             char *url, const char *proxyname, 
83
                             apr_port_t proxyport)
83
                             apr_port_t proxyport, const char *proxyauth)
84
{
84
{
85
    apr_pool_t *p = r->pool;
85
    apr_pool_t *p = r->pool;
86
    apr_socket_t *sock;
86
    apr_socket_t *sock;
(-)proxy_ftp.c.orig (-2 / +2 lines)
Lines 34-40 Link Here
34
int ap_proxy_ftp_canon(request_rec *r, char *url);
34
int ap_proxy_ftp_canon(request_rec *r, char *url);
35
int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
35
int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
36
                             char *url, const char *proxyhost,
36
                             char *url, const char *proxyhost,
37
                             apr_port_t proxyport);
37
                             apr_port_t proxyport, const char *proxyauth);
38
apr_status_t ap_proxy_send_dir_filter(ap_filter_t * f,
38
apr_status_t ap_proxy_send_dir_filter(ap_filter_t * f,
39
                                                   apr_bucket_brigade *bb);
39
                                                   apr_bucket_brigade *bb);
40
40
Lines 739-745 Link Here
739
 */
739
 */
740
int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
740
int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
741
                             char *url, const char *proxyhost,
741
                             char *url, const char *proxyhost,
742
                             apr_port_t proxyport)
742
                             apr_port_t proxyport, const char *proxyauth)
743
{
743
{
744
    apr_pool_t *p = r->pool;
744
    apr_pool_t *p = r->pool;
745
    conn_rec *c = r->connection;
745
    conn_rec *c = r->connection;
(-)proxy_http.c.orig (-9 / +111 lines)
Lines 23-29 Link Here
23
int ap_proxy_http_canon(request_rec *r, char *url);
23
int ap_proxy_http_canon(request_rec *r, char *url);
24
int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf,
24
int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf,
25
                          char *url, const char *proxyname, 
25
                          char *url, const char *proxyname, 
26
                          apr_port_t proxyport);
26
                          apr_port_t proxyport, const char *proxyauth);
27
27
28
typedef struct {
28
typedef struct {
29
    const char     *name;
29
    const char     *name;
Lines 155-160 Link Here
155
    apr_table_unset(headers, "Connection");
155
    apr_table_unset(headers, "Connection");
156
}
156
}
157
157
158
159
static
160
apr_status_t ap_proxy_http_connect(apr_pool_t *p, request_rec *r, 
161
                                   apr_socket_t *sock,
162
                                   const apr_uri_t *uri,
163
                                   const char *proxyauth)
164
{
165
    apr_status_t status = OK;
166
    apr_size_t nbytes;
167
    char buffer[HUGE_STRING_LEN];
168
    char version[HUGE_STRING_LEN];
169
    char desc[HUGE_STRING_LEN];
170
    int  code;
171
172
    nbytes = apr_snprintf(buffer, sizeof(buffer),
173
                          "CONNECT %s:%d HTTP/1.0" CRLF, uri->hostname, uri->port);
174
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
175
                 "proxy(%d): send %s", getpid(), buffer);
176
    apr_send(sock, buffer, &nbytes);
177
    if (proxyauth) {
178
    /*
179
       apr_snprintf(desc, sizeof(desc), 
180
                             "%s:%s", proxyuser, proxypasswd);
181
       nbytes = apr_snprintf(buffer, sizeof(buffer),
182
                             "Proxy-Authorization: Basic %s" CRLF,
183
                             ap_pbase64encode(p, desc));
184
    */
185
       nbytes = apr_snprintf(buffer, sizeof(buffer),
186
                             "Proxy-Authorization: Basic %s" CRLF,
187
                             proxyauth);
188
       ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
189
                    "proxy(%d): send %s", getpid(), buffer);
190
       apr_send(sock, buffer, &nbytes);
191
    }
192
    nbytes = apr_snprintf(buffer, sizeof(buffer),
193
                          "Proxy-agent: %s" CRLF CRLF, ap_get_server_version());
194
    apr_send(sock, buffer, &nbytes);
195
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
196
                 "proxy: send %s", buffer);
197
198
    status = HTTP_BAD_REQUEST;
199
    memset(buffer, '\0', sizeof(buffer));
200
    while (apr_recv(sock, buffer, &nbytes) == OK) {
201
       if (nbytes <= 0) break;
202
       sscanf(buffer, "%s%d%[^\n]",version,&code,desc);
203
       if (strncmp(version, "HTTP/", 5) == 0) {
204
           if ((code >= 200) && (code < 300)) {
205
               status = OK;
206
               ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
207
                            "proxy(%d): CONNECT successful: \"%s\"", getpid(), buffer);
208
           } else if (code == 407) { 
209
               status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
210
               ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
211
                            "proxy(%d): authentication required", getpid());
212
           } else {
213
               status = HTTP_BAD_REQUEST;
214
               ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
215
                            "proxy(%d): unsupported response code: \"%s\"", getpid(), buffer);
216
           }
217
       } else {
218
           /* status = HTTP_BAD_REQUEST; */
219
           ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
220
                        "proxy(%d): ignored response: \"%s\"", getpid(), buffer);
221
       }
222
       if (strstr(buffer, "\r\n\r\n")) break;
223
       memset(buffer, '\0', sizeof(buffer));
224
    } 
225
/*
226
else {
227
       ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
228
                    "proxy(%d): missing response", getpid(), buffer);
229
    }
230
*/
231
    return status;
232
}
233
234
158
static
235
static
159
apr_status_t ap_proxy_http_determine_connection(apr_pool_t *p, request_rec *r,
236
apr_status_t ap_proxy_http_determine_connection(apr_pool_t *p, request_rec *r,
160
                                                proxy_http_conn_t *p_conn,
237
                                                proxy_http_conn_t *p_conn,
Lines 240-249 Link Here
240
static
317
static
241
apr_status_t ap_proxy_http_create_connection(apr_pool_t *p, request_rec *r,
318
apr_status_t ap_proxy_http_create_connection(apr_pool_t *p, request_rec *r,
242
                                             proxy_http_conn_t *p_conn,
319
                                             proxy_http_conn_t *p_conn,
243
                                             conn_rec *c, conn_rec **origin,
320
                                             conn_rec *c, 
321
                                             const apr_uri_t *uri,
322
                                             conn_rec **origin,
244
                                             proxy_conn_rec *backend,
323
                                             proxy_conn_rec *backend,
245
                                             proxy_server_conf *conf,
324
                                             proxy_server_conf *conf,
246
                                             const char *proxyname) {
325
                                             const char *proxyname,
326
                                             const char *proxyauth) {
247
    int failed=0, new=0;
327
    int failed=0, new=0;
248
    apr_socket_t *client_socket = NULL;
328
    apr_socket_t *client_socket = NULL;
249
329
Lines 380-385 Link Here
380
                         rc);
460
                         rc);
381
            return rc;
461
            return rc;
382
        }
462
        }
463
        /*  May send CONNECT
464
         *   If a proxy is configured and the backend scheme is https,
465
         *   I have to send a CONNECT to open the proxy tunnel */
466
        if (backend->is_ssl && proxyname) {
467
            rc = ap_proxy_http_connect(p, r, p_conn->sock, uri, proxyauth);
468
            if ( rc != OK ) {
469
                return rc;
470
            }
471
        }
383
    }
472
    }
384
    return OK;
473
    return OK;
385
}
474
}
Lines 787-792 Link Here
787
    return status;
876
    return status;
788
}
877
}
789
878
879
880
790
static
881
static
791
apr_status_t ap_proxy_http_request(apr_pool_t *p, request_rec *r,
882
apr_status_t ap_proxy_http_request(apr_pool_t *p, request_rec *r,
792
                                   proxy_http_conn_t *p_conn, conn_rec *origin, 
883
                                   proxy_http_conn_t *p_conn, conn_rec *origin, 
Lines 794-800 Link Here
794
                                   apr_uri_t *uri,
885
                                   apr_uri_t *uri,
795
                                   char *url, 
886
                                   char *url, 
796
                                   apr_bucket_brigade *header_brigade,
887
                                   apr_bucket_brigade *header_brigade,
797
                                   char *server_portstr) 
888
                                   char *server_portstr,
889
                                   const char *proxyauth) 
798
{
890
{
799
    conn_rec *c = r->connection;
891
    conn_rec *c = r->connection;
800
    apr_bucket_alloc_t *bucket_alloc = c->bucket_alloc;
892
    apr_bucket_alloc_t *bucket_alloc = c->bucket_alloc;
Lines 973-979 Link Here
973
             * somehow whether this request was authenticated or not.
1065
             * somehow whether this request was authenticated or not.
974
             */
1066
             */
975
             || !strcasecmp(headers_in[counter].key,"Proxy-Authorization")
1067
             || !strcasecmp(headers_in[counter].key,"Proxy-Authorization")
976
             || !strcasecmp(headers_in[counter].key,"Proxy-Authenticate")) {
1068
             || !strcasecmp(headers_in[counter].key,"Proxy-Authenticate")
1069
             ) {
1070
            
977
            continue;
1071
            continue;
978
        }
1072
        }
979
1073
Lines 1006-1011 Link Here
1006
        e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc);
1100
        e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc);
1007
        APR_BRIGADE_INSERT_TAIL(header_brigade, e);
1101
        APR_BRIGADE_INSERT_TAIL(header_brigade, e);
1008
    }
1102
    }
1103
    if (proxyauth) {
1104
        buf = apr_pstrcat(p, "Proxy-Authorization: Basic ", 
1105
                          proxyauth, CRLF, NULL);
1106
        ap_xlate_proto_to_ascii(buf, strlen(buf));
1107
        e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc);
1108
        APR_BRIGADE_INSERT_TAIL(header_brigade, e);
1109
    }
1009
1110
1010
    /* We have headers, let's figure out our request body... */
1111
    /* We have headers, let's figure out our request body... */
1011
    input_brigade = apr_brigade_create(p, bucket_alloc);
1112
    input_brigade = apr_brigade_create(p, bucket_alloc);
Lines 1574-1580 Link Here
1574
 */
1675
 */
1575
int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf,
1676
int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf,
1576
                          char *url, const char *proxyname, 
1677
                          char *url, const char *proxyname, 
1577
                          apr_port_t proxyport)
1678
                          apr_port_t proxyport, const char *proxyauth)
1578
{
1679
{
1579
    int status;
1680
    int status;
1580
    char server_portstr[32];
1681
    char server_portstr[32];
Lines 1651-1665 Link Here
1651
    }
1752
    }
1652
1753
1653
    /* Step Two: Make the Connection */
1754
    /* Step Two: Make the Connection */
1654
    status = ap_proxy_http_create_connection(p, r, p_conn, c, &origin, backend,
1755
    status = ap_proxy_http_create_connection(p, r, p_conn, c, uri, &origin, backend,
1655
                                             conf, proxyname);
1756
                                             conf, proxyname, proxyauth);
1656
    if ( status != OK ) {
1757
    if ( status != OK ) {
1657
        return status;
1758
        return status;
1658
    }
1759
    }
1760
1659
   
1761
   
1660
    /* Step Three: Send the Request */
1762
    /* Step Three: Send the Request */
1661
    status = ap_proxy_http_request(p, r, p_conn, origin, conf, uri, url, bb,
1763
    status = ap_proxy_http_request(p, r, p_conn, origin, conf, uri, url, bb,
1662
                                   server_portstr);
1764
                                   server_portstr, (is_ssl ? NULL : proxyauth));
1663
    if ( status != OK ) {
1765
    if ( status != OK ) {
1664
        return status;
1766
        return status;
1665
    }
1767
    }

Return to bug 37355