Lines 1911-1916
Link Here
|
1911 |
} |
1911 |
} |
1912 |
|
1912 |
|
1913 |
/* |
1913 |
/* |
|
|
1914 |
* This is a hook to be registered with the client connection pool that should |
1915 |
* ensure the backend connection is closed as soon as the client connection is |
1916 |
* closed. As NTLM appears to authenticate TCP connections instead of HTTP |
1917 |
* requests (which is broken by design), we want to really close the backend |
1918 |
* connection and not let other clients re-use it. Otherwise the other clients |
1919 |
* may get authenticated with foreign auth credentials they don't own. |
1920 |
*/ |
1921 |
typedef struct { |
1922 |
const char *proxy_function; |
1923 |
proxy_conn_rec *backend; |
1924 |
server_rec *server; |
1925 |
} http_backend_cleanup_t; |
1926 |
static apr_status_t proxy_http_ntlm_disconnect_backend(void *data) { |
1927 |
http_backend_cleanup_t *d = (http_backend_cleanup_t *)data; |
1928 |
d->backend->close = 1; |
1929 |
ap_proxy_release_connection(d->proxy_function, d->backend, d->server); |
1930 |
return APR_SUCCESS; |
1931 |
}; |
1932 |
|
1933 |
/* |
1914 |
* This handles http:// URLs, and other URLs using a remote proxy over http |
1934 |
* This handles http:// URLs, and other URLs using a remote proxy over http |
1915 |
* If proxyhost is NULL, then contact the server directly, otherwise |
1935 |
* If proxyhost is NULL, then contact the server directly, otherwise |
1916 |
* go via the proxy. |
1936 |
* go via the proxy. |
Lines 1929-1934
Link Here
|
1929 |
char *scheme; |
1949 |
char *scheme; |
1930 |
const char *proxy_function; |
1950 |
const char *proxy_function; |
1931 |
const char *u; |
1951 |
const char *u; |
|
|
1952 |
const char *auth_hdr; |
1953 |
int is_ntlm_request = 0; |
1954 |
http_backend_cleanup_t *cleanup_data; |
1932 |
proxy_conn_rec *backend = NULL; |
1955 |
proxy_conn_rec *backend = NULL; |
1933 |
int is_ssl = 0; |
1956 |
int is_ssl = 0; |
1934 |
conn_rec *c = r->connection; |
1957 |
conn_rec *c = r->connection; |
Lines 1973-1978
Link Here
|
1973 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
1996 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
1974 |
"proxy: HTTP: serving URL %s", url); |
1997 |
"proxy: HTTP: serving URL %s", url); |
1975 |
|
1998 |
|
|
|
1999 |
/* check whether we need to re-use an already established backend connection */ |
2000 |
backend = (proxy_conn_rec *)ap_get_module_config(c->conn_config, &proxy_http_module); |
2001 |
if (backend) { |
2002 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
2003 |
"proxy: re-using already established connection to backend server"); |
2004 |
} else { |
1976 |
|
2005 |
|
1977 |
/* create space for state information */ |
2006 |
/* create space for state information */ |
1978 |
if ((status = ap_proxy_acquire_connection(proxy_function, &backend, |
2007 |
if ((status = ap_proxy_acquire_connection(proxy_function, &backend, |
Lines 2027-2032
Link Here
|
2027 |
} |
2056 |
} |
2028 |
} |
2057 |
} |
2029 |
|
2058 |
|
|
|
2059 |
/* |
2060 |
* check whether we have an NTLM request that requires |
2061 |
* client connections mapping to exactly one backend connection |
2062 |
* and no shared usage of backend connections by multiple clients. |
2063 |
*/ |
2064 |
auth_hdr = apr_table_get(r->headers_in, "WWW-Authenticate"); |
2065 |
if (auth_hdr && (!strcasecmp(auth_hdr, "NTLM") || |
2066 |
!strncasecmp(auth_hdr, "NTLM ", 5))) { |
2067 |
is_ntlm_request = 1; |
2068 |
|
2069 |
/* enforce that this backend connection is not shared with other |
2070 |
* clients. */ |
2071 |
backend->close = 1; |
2072 |
|
2073 |
/* Register backend connection with client connection. */ |
2074 |
cleanup_data = apr_pcalloc(c->pool, sizeof(cleanup_data)); |
2075 |
cleanup_data->proxy_function = proxy_function; |
2076 |
cleanup_data->backend = backend; |
2077 |
cleanup_data->server = r->server; |
2078 |
apr_pool_cleanup_register(c->pool, cleanup_data, |
2079 |
proxy_http_ntlm_disconnect_backend, |
2080 |
apr_pool_cleanup_null); |
2081 |
ap_set_module_config(c->conn_config, &proxy_http_module, backend); |
2082 |
} |
2083 |
} |
2084 |
|
2030 |
/* Step Four: Send the Request */ |
2085 |
/* Step Four: Send the Request */ |
2031 |
if ((status = ap_proxy_http_request(p, r, backend, backend->connection, |
2086 |
if ((status = ap_proxy_http_request(p, r, backend, backend->connection, |
2032 |
conf, uri, url, server_portstr)) != OK) |
2087 |
conf, uri, url, server_portstr)) != OK) |
Lines 2042-2047
Link Here
|
2042 |
|
2097 |
|
2043 |
cleanup: |
2098 |
cleanup: |
2044 |
if (backend) { |
2099 |
if (backend) { |
|
|
2100 |
if (is_ntlm_request) { |
2101 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
2102 |
"proxy: keeping backend connection open until client disconnects"); |
2103 |
return status; |
2104 |
} |
2105 |
|
2045 |
if (status != OK) |
2106 |
if (status != OK) |
2046 |
backend->close = 1; |
2107 |
backend->close = 1; |
2047 |
ap_proxy_http_cleanup(proxy_function, r, backend); |
2108 |
ap_proxy_http_cleanup(proxy_function, r, backend); |