ASF Bugzilla – Attachment 30887 Details for
Bug 39673
mod_proxy opens connections that disturb NTLM
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
mod_proxy_http one for one connection
httpd-2.4.x_mod_proxy_1for1.patch (text/plain), 8.79 KB, created by
Yann Ylavic
on 2013-09-26 18:39:26 UTC
(
hide
)
Description:
mod_proxy_http one for one connection
Filename:
MIME Type:
Creator:
Yann Ylavic
Created:
2013-09-26 18:39:26 UTC
Size:
8.79 KB
patch
obsolete
>Index: modules/proxy/proxy_util.c >=================================================================== >--- modules/proxy/proxy_util.c (revision 1526505) >+++ modules/proxy/proxy_util.c (working copy) >@@ -1351,15 +1351,6 @@ static apr_status_t connection_cleanup(void *theco > conn->r = NULL; > } > >- /* Sanity check: Did we already return the pooled connection? */ >- if (conn->inreslist) { >- ap_log_perror(APLOG_MARK, APLOG_ERR, 0, conn->pool, APLOGNO(00923) >- "Pooled connection 0x%pp for worker %s has been" >- " already returned to the connection pool.", conn, >- worker->s->name); >- return APR_SUCCESS; >- } >- > /* determine if the connection need to be closed */ > if (conn->close || !worker->s->is_address_reusable || worker->s->disablereuse) { > apr_pool_t *p = conn->pool; >@@ -1371,6 +1362,15 @@ static apr_status_t connection_cleanup(void *theco > apr_pool_tag(conn->scpool, "proxy_conn_scpool"); > } > >+ /* >+ * If the connection was not acquired from the reslist, >+ * that's an aside one and it's up to the owner to >+ * release it (or let it die with its pool). >+ */ >+ if (conn->inreslist) { >+ return APR_SUCCESS; >+ } >+ > if (worker->s->hmax && worker->cp->res) { > conn->inreslist = 1; > apr_reslist_release(worker->cp->res, (void *)conn); >@@ -1426,14 +1426,13 @@ PROXY_DECLARE(apr_status_t) ap_proxy_ssl_connectio > return APR_SUCCESS; > } > >-/* reslist constructor */ >-static apr_status_t connection_constructor(void **resource, void *params, >- apr_pool_t *pool) >+static apr_status_t ap_proxy_conn_create(proxy_conn_rec **pconn, >+ proxy_worker *worker, >+ apr_pool_t *pool) > { > apr_pool_t *ctx; > apr_pool_t *scpool; > proxy_conn_rec *conn; >- proxy_worker *worker = (proxy_worker *)params; > > /* > * Create the subpool for each connection >@@ -1452,16 +1451,26 @@ PROXY_DECLARE(apr_status_t) ap_proxy_ssl_connectio > apr_pool_create(&scpool, ctx); > apr_pool_tag(scpool, "proxy_conn_scpool"); > conn = apr_pcalloc(ctx, sizeof(proxy_conn_rec)); >- >+ > conn->pool = ctx; > conn->scpool = scpool; > conn->worker = worker; > conn->inreslist = 1; >- *resource = conn; > >+ *pconn = conn; > return APR_SUCCESS; > } > >+/* reslist constructor */ >+static apr_status_t connection_constructor(void **resource, void *params, >+ apr_pool_t *pool) >+{ >+ proxy_conn_rec *conn = NULL; >+ apr_status_t rv = ap_proxy_conn_create(&conn, params, pool); >+ *resource = conn; >+ return rv; >+} >+ > /* reslist destructor */ > static apr_status_t connection_destructor(void *resource, void *params, > apr_pool_t *pool) >@@ -2031,8 +2040,9 @@ PROXY_DECLARE(int) ap_proxy_release_connection(con > server_rec *s) > { > ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00943) >- "%s: has released connection for (%s)", >- proxy_function, conn->worker->s->hostname); >+ "%s: has released %sconnection for (%s)", >+ proxy_function, conn->inreslist ? "aside " : "", >+ conn->worker->s->hostname); > connection_cleanup(conn); > > return OK; >@@ -3217,4 +3227,5 @@ void proxy_util_register_hooks(apr_pool_t *p) > { > APR_REGISTER_OPTIONAL_FN(ap_proxy_retry_worker); > APR_REGISTER_OPTIONAL_FN(ap_proxy_clear_connection); >+ APR_REGISTER_OPTIONAL_FN(ap_proxy_conn_create); > } >Index: modules/proxy/mod_proxy_http.c >=================================================================== >--- modules/proxy/mod_proxy_http.c (revision 1526505) >+++ modules/proxy/mod_proxy_http.c (working copy) >@@ -17,6 +17,7 @@ > /* HTTP routines for Apache proxy */ > > #include "mod_proxy.h" >+#include "proxy_util.h" /* ap_proxy_conn_create() */ > #include "ap_regex.h" > > module AP_MODULE_DECLARE_DATA proxy_http_module; >@@ -24,6 +25,14 @@ module AP_MODULE_DECLARE_DATA proxy_http_module; > static int (*ap_proxy_clear_connection_fn)(request_rec *r, apr_table_t *headers) = > NULL; > >+static int (*ap_proxy_conn_create_fn)(proxy_conn_rec **pconn, >+ proxy_worker *worker, >+ apr_pool_t *pool) = NULL; >+ >+static int (*ap_proxy_retry_worker_fn)(const char *proxy_function, >+ proxy_worker *worker, >+ server_rec *s) = NULL; >+ > static apr_status_t ap_proxy_http_cleanup(const char *scheme, > request_rec *r, > proxy_conn_rec *backend); >@@ -1837,6 +1846,52 @@ apr_status_t ap_proxy_http_cleanup(const char *sch > return OK; > } > >+static int proxy_http_acquire_1for1_connection(const char *proxy_function, >+ proxy_conn_rec **pconn, >+ proxy_worker *worker, >+ request_rec *r) >+{ >+ conn_rec *c = r->connection; >+ server_rec *s = r->server; >+ proxy_conn_rec *conn; >+ apr_status_t rv; >+ >+ *pconn = NULL; >+ >+ if (!PROXY_WORKER_IS_USABLE(worker)) { >+ /* Retry the worker */ >+ ap_proxy_retry_worker_fn(proxy_function, worker, s); >+ >+ if (!PROXY_WORKER_IS_USABLE(worker)) { >+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO() >+ "%s: disabled 1for1 connection for (%s)", >+ proxy_function, worker->s->hostname); >+ return HTTP_SERVICE_UNAVAILABLE; >+ } >+ } >+ >+ conn = (proxy_conn_rec *)ap_get_module_config(c->conn_config, >+ &proxy_http_module); >+ if (!conn) { >+ rv = ap_proxy_conn_create_fn(&conn, worker, c->pool); >+ if (rv != APR_SUCCESS) { >+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO() >+ "%s: failed to acquire 1for1 connection for (%s)", >+ proxy_function, worker->s->hostname); >+ return HTTP_INTERNAL_SERVER_ERROR; >+ } >+ >+ ap_set_module_config(c->conn_config, &proxy_http_module, conn); >+ } >+ >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO() >+ "%s: has acquired 1for1 connection for (%s)", >+ proxy_function, worker->s->hostname); >+ *pconn = conn; >+ >+ return OK; >+} >+ > /* > * This handles http:// URLs, and other URLs using a remote proxy over http > * If proxyhost is NULL, then contact the server directly, otherwise >@@ -1902,9 +1957,17 @@ static int proxy_http_handler(request_rec *r, prox > > > /* create space for state information */ >- if ((status = ap_proxy_acquire_connection(proxy_function, &backend, >- worker, r->server)) != OK) >+ if (apr_table_get(r->subprocess_env, "proxy-1for1-connection")) { >+ status = proxy_http_acquire_1for1_connection(proxy_function, &backend, >+ worker, r); >+ } >+ else { >+ status = ap_proxy_acquire_connection(proxy_function, &backend, worker, >+ r->server); >+ } >+ if (status != OK) { > goto cleanup; >+ } > > > backend->is_ssl = is_ssl; >@@ -2034,6 +2097,26 @@ static int proxy_http_post_config(apr_pool_t *pcon > } > } > >+ if (!ap_proxy_conn_create_fn) { >+ ap_proxy_conn_create_fn = >+ APR_RETRIEVE_OPTIONAL_FN(ap_proxy_conn_create); >+ if (!ap_proxy_conn_create_fn) { >+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO() >+ "mod_proxy must be loaded for mod_proxy_http"); >+ return !OK; >+ } >+ } >+ >+ if (!ap_proxy_retry_worker_fn) { >+ ap_proxy_retry_worker_fn = >+ APR_RETRIEVE_OPTIONAL_FN(ap_proxy_retry_worker); >+ if (!ap_proxy_retry_worker_fn) { >+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO() >+ "mod_proxy must be loaded for mod_proxy_http"); >+ return !OK; >+ } >+ } >+ > return OK; > } > >Index: modules/proxy/proxy_util.h >=================================================================== >--- modules/proxy/proxy_util.h (revision 1526505) >+++ modules/proxy/proxy_util.h (working copy) >@@ -40,6 +40,12 @@ PROXY_DECLARE_DATA extern const apr_strmatch_patte > */ > void proxy_util_register_hooks(apr_pool_t *p); > >+/** >+ * Optional function to create a proxy connection (aside from the reslist). >+ */ >+APR_DECLARE_OPTIONAL_FN(apr_status_t, ap_proxy_conn_create, >+ (proxy_conn_rec **pconn, proxy_worker *worker, apr_pool_t *pool)); >+ > /** @} */ > > #endif /* PROXY_UTIL_H_ */
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 39673
:
29994
|
30887
|
30888
|
30889
|
31751
|
31752
|
31753
|
31754
|
32040