Attachment 21410 Details for Bug 19188 – Patch for Apache 2.2.8

[patch] Patch for Apache 2.2.8

patch_19188.txt (text/plain), 4.57 KB, created by Philippe Dutrueux on 2008-01-22 02:55:31 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Philippe Dutrueux

Created: 2008-01-22 02:55:31 UTC

Size: 4.57 KB

patch

obsolete

>diff -ru httpd-2.2.8/modules/proxy/mod_proxy.h httpd-2.2.8.new/modules/proxy/mod_proxy.h
>--- httpd-2.2.8/modules/proxy/mod_proxy.h	2008-01-02 20:25:08.000000000 +0100
>+++ httpd-2.2.8.new/modules/proxy/mod_proxy.h	2008-01-22 12:04:55.000000000 +0100
>@@ -231,6 +231,18 @@
> #if APR_HAS_THREADS
>     int          inreslist; /* connection in apr_reslist? */
> #endif
>+
>+    /* Does use the HTTP connect method to connect to the web server ? */
>+    int does_use_http_connect ;
>+    /*
>+     * When connecting to a HTTPS web server via a forward proxy, the previous
>+     * host name and port are for forward proxy.
>+     * The following fields are for web server
>+     */
>+    char *web_server_host_name ;
>+    apr_port_t web_server_port ;
>+    /* Proxy authorization used when using the HTTP CONNECT method */
>+    const char *proxy_authorization ;
> } proxy_conn_rec;
> 
> typedef struct {
>diff -ru httpd-2.2.8/modules/proxy/proxy_util.c httpd-2.2.8.new/modules/proxy/proxy_util.c
>--- httpd-2.2.8/modules/proxy/proxy_util.c	2007-10-07 14:29:36.000000000 +0200
>+++ httpd-2.2.8.new/modules/proxy/proxy_util.c	2008-01-22 12:05:10.000000000 +0100
>@@ -1945,6 +1945,21 @@
>         if (proxyname) {
>             conn->hostname = apr_pstrdup(conn->pool, proxyname);
>             conn->port = proxyport;
>+	    if (strcmp(uri->scheme, "https") == 0) {
>+	        const char *proxy_auth ;
>+
>+	        conn->does_use_http_connect = 1;
>+		conn->web_server_host_name = apr_pstrdup(conn->pool,
>+							 uri->hostname) ;
>+		conn->web_server_port = uri->port;
>+		/* Extract proxy authorization from the current request */
>+		proxy_auth = apr_table_get(r->headers_in,
>+					   "Proxy-Authorization") ;
>+		if (proxy_auth != NULL && proxy_auth[0] != '\0') {
>+		    conn->proxy_authorization = apr_pstrdup(conn->pool,
>+							    proxy_auth) ;
>+		}
>+	    }
>         }
>         else {
>             conn->hostname = apr_pstrdup(conn->pool, uri->hostname);
>@@ -2086,6 +2101,67 @@
> }
> #endif /* USE_ALTERNATE_IS_CONNECTED */
> 
>+
>+static
>+apr_status_t send_http_connect(proxy_conn_rec *backend, server_rec *s)
>+{
>+    int status ;
>+    apr_size_t nbytes ;
>+    char buffer[HUGE_STRING_LEN];
>+    int len = 0 ;
>+
>+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
>+		 "proxy: CONNECT: sending the CONNECT request to the remote proxy");
>+    nbytes = apr_snprintf(buffer, sizeof(buffer),
>+			  "CONNECT %s:%d HTTP/1.0" CRLF,
>+			  backend->web_server_host_name, backend->web_server_port);
>+    /* Add proxy authorization from the initial request if necessary */
>+    if (backend->proxy_authorization != NULL) {
>+      nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes,
>+			     "Proxy-Authorization: %s" CRLF, backend->proxy_authorization) ;
>+    }
>+    nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes,
>+			   "Proxy-agent: %s" CRLF CRLF, ap_get_server_version());
>+    apr_socket_send(backend->sock, buffer, &nbytes);
>+
>+    nbytes = sizeof(buffer) - 1 ;
>+    status = apr_socket_recv(backend->sock, buffer, &nbytes) ;
>+    while (status == APR_SUCCESS) {
>+        len += nbytes ;
>+	buffer[len] = '\0' ;
>+	if (strstr(buffer, "\r\n\r\n") != NULL) {
>+	    break ;
>+	}
>+	nbytes = sizeof(buffer) - 1 - len ;
>+	status = apr_socket_recv(backend->sock, buffer + len, &nbytes) ;
>+    }
>+
>+    if (status == APR_SUCCESS) {
>+        int major, minor;
>+	char code_str[10] ;
>+
>+	ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
>+		     "send_http_connect: response from the forward proxy: %s",
>+		     buffer) ;
>+
>+	/* Extract the returned code */
>+	if (sscanf(buffer, "HTTP/%u.%u %s", &major, &minor, code_str) == 3) {
>+	    status = atoi(code_str) ;
>+	    if (status == HTTP_OK) {
>+	        status = APR_SUCCESS ;
>+	    }
>+	    else {
>+	        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
>+			     "send_http_connect: the forward proxy returned code is %s",
>+			     code_str) ;
>+	    }
>+	}
>+    }
>+
>+    return(status) ;
>+}
>+
>+
> PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
>                                             proxy_conn_rec *conn,
>                                             proxy_worker *worker,
>@@ -2190,6 +2266,21 @@
>         }
> 
>         conn->sock   = newsock;
>+
>+	if (conn->does_use_http_connect) {
>+	    rv = send_http_connect(conn, s) ;
>+	    if (rv != APR_SUCCESS) {
>+	        conn->sock = NULL;
>+		apr_socket_close(newsock);
>+		loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
>+		ap_log_error(APLOG_MARK, loglevel, rv, s,
>+			     "proxy: %s: attempt to connect to %pI (%s) failed",
>+			     proxy_function, backend_addr, worker->hostname);
>+		backend_addr = backend_addr->next;
>+		continue;
>+	    }
>+	}
>+
>         connected    = 1;
>     }
>     /*

Actions: View | Diff

Attachments on bug 19188: 11552 | 21410 | 24975