|
Lines 1911-1916
Link Here
|
| 1911 |
} |
1911 |
} |
| 1912 |
|
1912 |
|
| 1913 |
/* |
1913 |
/* |
|
|
1914 |
* This is a hook to be registered with the client connection pool that should |
| 1915 |
* ensure the backend connection is closed as soon as the client connection is |
| 1916 |
* closed. As NTLM appears to authenticate TCP connections instead of HTTP |
| 1917 |
* requests (which is broken by design), we want to really close the backend |
| 1918 |
* connection and not let other clients re-use it. Otherwise the other clients |
| 1919 |
* may get authenticated with foreign auth credentials they don't own. |
| 1920 |
*/ |
| 1921 |
typedef struct { |
| 1922 |
const char *proxy_function; |
| 1923 |
proxy_conn_rec *backend; |
| 1924 |
server_rec *server; |
| 1925 |
} http_backend_cleanup_t; |
| 1926 |
static apr_status_t proxy_http_ntlm_disconnect_backend(void *data) { |
| 1927 |
http_backend_cleanup_t *d = (http_backend_cleanup_t *)data; |
| 1928 |
d->backend->close = 1; |
| 1929 |
ap_proxy_release_connection(d->proxy_function, d->backend, d->server); |
| 1930 |
return APR_SUCCESS; |
| 1931 |
}; |
| 1932 |
|
| 1933 |
/* |
| 1914 |
* This handles http:// URLs, and other URLs using a remote proxy over http |
1934 |
* This handles http:// URLs, and other URLs using a remote proxy over http |
| 1915 |
* If proxyhost is NULL, then contact the server directly, otherwise |
1935 |
* If proxyhost is NULL, then contact the server directly, otherwise |
| 1916 |
* go via the proxy. |
1936 |
* go via the proxy. |
|
Lines 1929-1934
Link Here
|
| 1929 |
char *scheme; |
1949 |
char *scheme; |
| 1930 |
const char *proxy_function; |
1950 |
const char *proxy_function; |
| 1931 |
const char *u; |
1951 |
const char *u; |
|
|
1952 |
const char *auth_hdr; |
| 1953 |
int is_ntlm_request = 0; |
| 1954 |
http_backend_cleanup_t *cleanup_data; |
| 1932 |
proxy_conn_rec *backend = NULL; |
1955 |
proxy_conn_rec *backend = NULL; |
| 1933 |
int is_ssl = 0; |
1956 |
int is_ssl = 0; |
| 1934 |
conn_rec *c = r->connection; |
1957 |
conn_rec *c = r->connection; |
|
Lines 1973-1978
Link Here
|
| 1973 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
1996 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 1974 |
"proxy: HTTP: serving URL %s", url); |
1997 |
"proxy: HTTP: serving URL %s", url); |
| 1975 |
|
1998 |
|
|
|
1999 |
/* check whether we need to re-use an already established backend connection */ |
| 2000 |
backend = (proxy_conn_rec *)ap_get_module_config(c->conn_config, &proxy_http_module); |
| 2001 |
if (backend) { |
| 2002 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 2003 |
"proxy: re-using already established connection to backend server"); |
| 2004 |
} else { |
| 1976 |
|
2005 |
|
| 1977 |
/* create space for state information */ |
2006 |
/* create space for state information */ |
| 1978 |
if ((status = ap_proxy_acquire_connection(proxy_function, &backend, |
2007 |
if ((status = ap_proxy_acquire_connection(proxy_function, &backend, |
|
Lines 2027-2032
Link Here
|
| 2027 |
} |
2056 |
} |
| 2028 |
} |
2057 |
} |
| 2029 |
|
2058 |
|
|
|
2059 |
/* |
| 2060 |
* check whether we have an NTLM request that requires |
| 2061 |
* client connections mapping to exactly one backend connection |
| 2062 |
* and no shared usage of backend connections by multiple clients. |
| 2063 |
*/ |
| 2064 |
auth_hdr = apr_table_get(r->headers_in, "WWW-Authenticate"); |
| 2065 |
if (auth_hdr && (!strcasecmp(auth_hdr, "NTLM") || |
| 2066 |
!strncasecmp(auth_hdr, "NTLM ", 5))) { |
| 2067 |
is_ntlm_request = 1; |
| 2068 |
|
| 2069 |
/* enforce that this backend connection is not shared with other |
| 2070 |
* clients. */ |
| 2071 |
backend->close = 1; |
| 2072 |
|
| 2073 |
/* Register backend connection with client connection. */ |
| 2074 |
cleanup_data = apr_pcalloc(c->pool, sizeof(cleanup_data)); |
| 2075 |
cleanup_data->proxy_function = proxy_function; |
| 2076 |
cleanup_data->backend = backend; |
| 2077 |
cleanup_data->server = r->server; |
| 2078 |
apr_pool_cleanup_register(c->pool, cleanup_data, |
| 2079 |
proxy_http_ntlm_disconnect_backend, |
| 2080 |
apr_pool_cleanup_null); |
| 2081 |
ap_set_module_config(c->conn_config, &proxy_http_module, backend); |
| 2082 |
} |
| 2083 |
} |
| 2084 |
|
| 2030 |
/* Step Four: Send the Request */ |
2085 |
/* Step Four: Send the Request */ |
| 2031 |
if ((status = ap_proxy_http_request(p, r, backend, backend->connection, |
2086 |
if ((status = ap_proxy_http_request(p, r, backend, backend->connection, |
| 2032 |
conf, uri, url, server_portstr)) != OK) |
2087 |
conf, uri, url, server_portstr)) != OK) |
|
Lines 2042-2047
Link Here
|
| 2042 |
|
2097 |
|
| 2043 |
cleanup: |
2098 |
cleanup: |
| 2044 |
if (backend) { |
2099 |
if (backend) { |
|
|
2100 |
if (is_ntlm_request) { |
| 2101 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 2102 |
"proxy: keeping backend connection open until client disconnects"); |
| 2103 |
return status; |
| 2104 |
} |
| 2105 |
|
| 2045 |
if (status != OK) |
2106 |
if (status != OK) |
| 2046 |
backend->close = 1; |
2107 |
backend->close = 1; |
| 2047 |
ap_proxy_http_cleanup(proxy_function, r, backend); |
2108 |
ap_proxy_http_cleanup(proxy_function, r, backend); |