ASF Bugzilla – Attachment 32948 Details for
Bug 37355
Allow to specify Proxy-Authorization in ProxyRemote
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
patch for modules/proxy of httpd-2.4.16
httpd-2.4.16.patch (text/plain), 19.17 KB, created by
Hendrik Harms
on 2015-07-31 10:42:57 UTC
(
hide
)
Description:
patch for modules/proxy of httpd-2.4.16
Filename:
MIME Type:
Creator:
Hendrik Harms
Created:
2015-07-31 10:42:57 UTC
Size:
19.17 KB
patch
obsolete
># ># This patch base on the source code downloaded from ># http://httpd.apache.org/download.cgi (Version: 2.4.16) ># ># HOWTO apply this patch: ># after extracting the source from tar.gz or zip go into the base dir: ># > cd httpd-2.4.16 ># > patch -p0 -b -i httpd-2.4.16.patch ># ># >--- modules/proxy/mod_proxy.h.orig 2015-04-15 19:50:46.000000000 +0200 >+++ modules/proxy/mod_proxy.h 2015-07-20 14:45:53.000000000 +0200 >@@ -99,6 +99,7 @@ > const char *scheme; /* the schemes handled by this proxy, or '*' */ > const char *protocol; /* the scheme used to talk to this proxy */ > const char *hostname; /* the hostname of this proxy */ >+ const char *auth; /* base64encode(<proxyuser>:<proxypasswd>) */ > ap_regex_t *regexp; /* compiled regex (if any) for the remote */ > int use_regex; /* simple boolean. True if we have a regex pattern */ > apr_port_t port; /* the port for this proxy */ >@@ -505,7 +506,9 @@ > > APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, scheme_handler, (request_rec *r, > proxy_worker *worker, proxy_server_conf *conf, char *url, >- const char *proxyhost, apr_port_t proxyport)) >+ const char *proxyhost, apr_port_t proxyport, >+ const char *proxyauth)) >+ > APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, canon_handler, (request_rec *r, > char *url)) > >@@ -797,6 +800,7 @@ > * @param url request url > * @param proxyname are we connecting directly or via a proxy > * @param proxyport proxy host port >+ * @param proxyauth proxy authentication > * @param server_portstr Via headers server port, must be non-NULL > * @param server_portstr_size size of the server_portstr buffer; must > * be at least one, even if the protocol doesn't use this >@@ -810,6 +814,7 @@ > char **url, > const char *proxyname, > apr_port_t proxyport, >+ const char *proxyauth, > char *server_portstr, > int server_portstr_size); > >--- modules/proxy/mod_proxy_ajp.c.orig 2015-06-02 15:39:26.000000000 +0200 >+++ modules/proxy/mod_proxy_ajp.c 2015-07-20 14:45:53.000000000 +0200 >@@ -721,7 +721,8 @@ > static int proxy_ajp_handler(request_rec *r, proxy_worker *worker, > proxy_server_conf *conf, > char *url, const char *proxyname, >- apr_port_t proxyport) >+ apr_port_t proxyport, >+ const char *proxyauth) > { > int status; > char server_portstr[32]; >@@ -761,7 +762,8 @@ > char *locurl = url; > /* Step One: Determine Who To Connect To */ > status = ap_proxy_determine_connection(p, r, conf, worker, backend, >- uri, &locurl, proxyname, proxyport, >+ uri, &locurl, >+ proxyname, proxyport, proxyauth, > server_portstr, > sizeof(server_portstr)); > >--- modules/proxy/mod_proxy_connect.c.orig 2015-03-31 14:53:00.000000000 +0200 >+++ modules/proxy/mod_proxy_connect.c 2015-07-20 14:45:53.000000000 +0200 >@@ -194,7 +194,8 @@ > static int proxy_connect_handler(request_rec *r, proxy_worker *worker, > proxy_server_conf *conf, > char *url, const char *proxyname, >- apr_port_t proxyport) >+ apr_port_t proxyport, >+ const char *proxyauth) > { > connect_conf *c_conf = > ap_get_module_config(r->server->module_config, &proxy_connect_module); >@@ -370,6 +371,15 @@ > "sending the CONNECT request to the remote proxy"); > ap_fprintf(backconn->output_filters, bb, > "CONNECT %s HTTP/1.0" CRLF, r->uri); >+ >+ /* add Proxyauth Header if configured >+ */ >+ if (proxyauth) { >+ ap_fprintf(backconn->output_filters, bb, >+ "Proxy-Authorization: Basic %s" CRLF, >+ proxyauth); >+ } >+ > ap_fprintf(backconn->output_filters, bb, > "Proxy-agent: %s" CRLF CRLF, ap_get_server_banner()); > ap_fflush(backconn->output_filters, bb); >--- modules/proxy/mod_proxy.c.orig 2015-06-02 15:39:26.000000000 +0200 >+++ modules/proxy/mod_proxy.c 2015-07-20 15:12:27.000000000 +0200 >@@ -1107,7 +1107,8 @@ > access_status = proxy_run_scheme_handler(r, worker, > conf, url, > ents[i].hostname, >- ents[i].port); >+ ents[i].port, >+ ents[i].auth); > > /* Did the scheme handler process the request? */ > if (access_status != DECLINED) { >@@ -1159,7 +1160,7 @@ > scheme, attempts); > AP_PROXY_RUN(r, worker, conf, url, attempts); > access_status = proxy_run_scheme_handler(r, worker, conf, >- url, NULL, 0); >+ url, NULL, 0, NULL); > if (access_status == OK > || apr_table_get(r->notes, "proxy-error-override")) > break; >@@ -1399,7 +1400,7 @@ > proxy_server_conf *conf = > (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module); > struct proxy_remote *new; >- char *p, *q; >+ char *p, *q, *a; > char *r, *f, *scheme; > ap_regex_t *reg = NULL; > int port; >@@ -1407,6 +1408,10 @@ > r = apr_pstrdup(cmd->pool, r1); > scheme = apr_pstrdup(cmd->pool, r1); > f = apr_pstrdup(cmd->pool, f1); >+ /* separate different items from remote proxy server configuration >+ * r = <scheme>://[<auth>@]<host>[:<port>] >+ */ >+ /* separate scheme (must) */ > p = strchr(r, ':'); > if (p == NULL || p[1] != '/' || p[2] != '/' || p[3] == '\0') { > if (regex) >@@ -1415,9 +1420,26 @@ > return "ProxyRemote: Bad syntax for a remote proxy server"; > } > else { >- scheme[p-r] = 0; >+ scheme[p-r] = '\0'; >+ } >+ *p = '\0'; /* terminate r (scheme) */ >+ p+=3; >+ /* separate authentication string (optional, default = NULL) */ >+ q = strchr(p, '@'); >+ if (q != NULL) { >+ *q = '\0'; >+ /* missing: syntax check of the auth string >+ * but do we really need this? >+ */ >+ a = ap_pbase64encode(cmd->pool, p); >+ p = q; >+ p+=1; >+ } >+ else { >+ a = NULL; > } >- q = strchr(p + 3, ':'); >+ /* separate port (optional, default = default port of scheme) */ >+ q = strchr(p, ':'); > if (q != NULL) { > if (sscanf(q + 1, "%u", &port) != 1 || port > 65535) { > if (regex) >@@ -1427,18 +1449,20 @@ > } > *q = '\0'; > } >- else >+ else { > port = -1; >- *p = '\0'; >+ } >+ > if (regex) { > reg = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED); > if (!reg) > return "Regular expression for ProxyRemoteMatch could not be compiled."; > } >- else >- if (strchr(f, ':') == NULL) >- ap_str_tolower(f); /* lowercase scheme */ >- ap_str_tolower(p + 3); /* lowercase hostname */ >+ else >+ if (strchr(f, ':') == NULL) { >+ ap_str_tolower(f); /* lowercase scheme */ >+ } >+ ap_str_tolower(p); /* lowercase hostname */ > > if (port == -1) { > port = apr_uri_port_of_scheme(scheme); >@@ -1447,8 +1471,9 @@ > new = apr_array_push(conf->proxies); > new->scheme = f; > new->protocol = r; >- new->hostname = p + 3; >+ new->hostname = p; > new->port = port; >+ new->auth = a; > new->regexp = reg; > new->use_regex = regex; > return NULL; >@@ -2392,7 +2417,7 @@ > AP_INIT_FLAG("ProxyRequests", set_proxy_req, NULL, RSRC_CONF, > "on if the true proxy requests should be accepted"), > AP_INIT_TAKE2("ProxyRemote", add_proxy_noregex, NULL, RSRC_CONF, >- "a scheme, partial URL or '*' and a proxy server"), >+ "a scheme, partial URL or '*' and a proxy server optional with auth"), > AP_INIT_TAKE2("ProxyRemoteMatch", add_proxy_regex, NULL, RSRC_CONF, > "a regex pattern and a proxy server"), > AP_INIT_FLAG("ProxyPassInterpolateEnv", ap_set_flag_slot_char, >@@ -2785,8 +2810,10 @@ > (request_rec *r, proxy_worker *worker, > proxy_server_conf *conf, > char *url, const char *proxyhost, >- apr_port_t proxyport),(r,worker,conf, >- url,proxyhost,proxyport),DECLINED) >+ apr_port_t proxyport, >+ const char *proxyauth), >+ (r,worker,conf, >+ url,proxyhost,proxyport, proxyauth),DECLINED) > APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(proxy, PROXY, int, canon_handler, > (request_rec *r, char *url),(r, > url),DECLINED) >--- modules/proxy/mod_proxy_fcgi.c.orig 2015-05-29 22:07:15.000000000 +0200 >+++ modules/proxy/mod_proxy_fcgi.c 2015-07-20 14:45:53.000000000 +0200 >@@ -860,7 +860,8 @@ > static int proxy_fcgi_handler(request_rec *r, proxy_worker *worker, > proxy_server_conf *conf, > char *url, const char *proxyname, >- apr_port_t proxyport) >+ apr_port_t proxyport, >+ const char *proxyauth) > { > int status; > char server_portstr[32]; >@@ -900,7 +901,8 @@ > > /* Step One: Determine Who To Connect To */ > status = ap_proxy_determine_connection(p, r, conf, worker, backend, >- uri, &url, proxyname, proxyport, >+ uri, &url, >+ proxyname, proxyport, proxyauth, > server_portstr, > sizeof(server_portstr)); > if (status != OK) { >--- modules/proxy/mod_proxy_fdpass.c.orig 2015-01-12 14:36:17.000000000 +0100 >+++ modules/proxy/mod_proxy_fdpass.c 2015-07-20 14:45:53.000000000 +0200 >@@ -126,7 +126,8 @@ > static int proxy_fdpass_handler(request_rec *r, proxy_worker *worker, > proxy_server_conf *conf, > char *url, const char *proxyname, >- apr_port_t proxyport) >+ apr_port_t proxyport, >+ const char *proxyauth) > { > apr_status_t rv; > apr_socket_t *sock; >--- modules/proxy/mod_proxy_ftp.c.orig 2014-11-01 16:21:33.000000000 +0100 >+++ modules/proxy/mod_proxy_ftp.c 2015-07-20 14:45:53.000000000 +0200 >@@ -959,7 +959,8 @@ > */ > static int proxy_ftp_handler(request_rec *r, proxy_worker *worker, > proxy_server_conf *conf, char *url, >- const char *proxyhost, apr_port_t proxyport) >+ const char *proxyhost, apr_port_t proxyport, >+ const char *proxyauth) > { > apr_pool_t *p = r->pool; > conn_rec *c = r->connection; >--- modules/proxy/mod_proxy_http.c.orig 2015-06-02 15:39:26.000000000 +0200 >+++ modules/proxy/mod_proxy_http.c 2015-07-20 14:45:53.000000000 +0200 >@@ -698,7 +698,8 @@ > proxy_conn_rec *p_conn, proxy_worker *worker, > proxy_server_conf *conf, > apr_uri_t *uri, >- char *url, char *server_portstr) >+ char *url, char *server_portstr, >+ const char *proxyauth) > { > conn_rec *c = r->connection; > apr_bucket_alloc_t *bucket_alloc = c->bucket_alloc; >@@ -734,6 +735,14 @@ > return rv; > } > >+ if (proxyauth) { >+ buf = apr_pstrcat(p, "Proxy-Authorization: Basic ", >+ proxyauth, CRLF, NULL); >+ ap_xlate_proto_to_ascii(buf, strlen(buf)); >+ e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc); >+ APR_BRIGADE_INSERT_TAIL(header_brigade, e); >+ } >+ > /* We have headers, let's figure out our request body... */ > input_brigade = apr_brigade_create(p, bucket_alloc); > >@@ -1901,7 +1910,7 @@ > static int proxy_http_handler(request_rec *r, proxy_worker *worker, > proxy_server_conf *conf, > char *url, const char *proxyname, >- apr_port_t proxyport) >+ apr_port_t proxyport, const char *proxyauth) > { > int status; > char server_portstr[32]; >@@ -1984,7 +1993,7 @@ > /* Step One: Determine Who To Connect To */ > if ((status = ap_proxy_determine_connection(p, r, conf, worker, backend, > uri, &locurl, proxyname, >- proxyport, server_portstr, >+ proxyport, proxyauth, server_portstr, > sizeof(server_portstr))) != OK) > break; > >@@ -2014,12 +2023,14 @@ > } > } > >+ > /* Step Four: Send the Request > * On the off-chance that we forced a 100-Continue as a > * kinda HTTP ping test, allow for retries > */ > if ((status = ap_proxy_http_request(p, r, backend, worker, >- conf, uri, locurl, server_portstr)) != OK) { >+ conf, uri, locurl, server_portstr, >+ (is_ssl ? NULL : proxyauth))) != OK) { > if ((status == HTTP_SERVICE_UNAVAILABLE) && worker->s->ping_timeout_set) { > backend->close = 1; > ap_log_rerror(APLOG_MARK, APLOG_INFO, status, r, APLOGNO(01115) >--- modules/proxy/mod_proxy_scgi.c.orig 2015-05-29 22:07:15.000000000 +0200 >+++ modules/proxy/mod_proxy_scgi.c 2015-07-20 14:45:53.000000000 +0200 >@@ -525,7 +525,8 @@ > */ > static int scgi_handler(request_rec *r, proxy_worker *worker, > proxy_server_conf *conf, char *url, >- const char *proxyname, apr_port_t proxyport) >+ const char *proxyname, apr_port_t proxyport, >+ const char *proxyauth) > { > int status; > proxy_conn_rec *backend = NULL; >@@ -549,7 +550,8 @@ > > /* Step One: Determine Who To Connect To */ > status = ap_proxy_determine_connection(p, r, conf, worker, backend, >- uri, &url, proxyname, proxyport, >+ uri, &url, >+ proxyname, proxyport, proxyauth, > &dummy, 1); > if (status != OK) { > goto cleanup; >--- modules/proxy/mod_proxy_wstunnel.c.orig 2015-06-02 15:40:41.000000000 +0200 >+++ modules/proxy/mod_proxy_wstunnel.c 2015-07-20 14:45:53.000000000 +0200 >@@ -310,7 +310,8 @@ > static int proxy_wstunnel_handler(request_rec *r, proxy_worker *worker, > proxy_server_conf *conf, > char *url, const char *proxyname, >- apr_port_t proxyport) >+ apr_port_t proxyport, >+ const char *proxyauth) > { > int status; > char server_portstr[32]; >@@ -364,7 +365,8 @@ > char *locurl = url; > /* Step One: Determine Who To Connect To */ > status = ap_proxy_determine_connection(p, r, conf, worker, backend, >- uri, &locurl, proxyname, proxyport, >+ uri, &locurl, >+ proxyname, proxyport, proxyauth, > server_portstr, > sizeof(server_portstr)); > >--- modules/proxy/proxy_util.c.orig 2015-06-02 15:40:41.000000000 +0200 >+++ modules/proxy/proxy_util.c 2015-07-20 15:56:55.000000000 +0200 >@@ -2174,6 +2174,7 @@ > char **url, > const char *proxyname, > apr_port_t proxyport, >+ const char *proxyauth, > char *server_portstr, > int server_portstr_size) > { >@@ -2286,7 +2287,11 @@ > proxy_auth[0] != '\0' && > r->user == NULL && /* we haven't yet authenticated */ > apr_table_get(r->subprocess_env, "Proxy-Chain-Auth")) { >+ /* take ProxyAuth from Request */ > forward->proxy_auth = apr_pstrdup(conn->pool, proxy_auth); >+ } else if ( proxyauth ) { >+ /* take ProxyAuth from ProxyRemote */ >+ forward->proxy_auth = apr_pstrcat(conn->pool, "Basic ", proxyauth, NULL); > } > } > } >@@ -2498,11 +2503,6 @@ > forward_info *forward = (forward_info *)backend->forward; > int len = 0; > >- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00948) >- "CONNECT: sending the CONNECT request for %s:%d " >- "to the remote proxy %pI (%s)", >- forward->target_host, forward->target_port, >- backend->addr, backend->hostname); > /* Create the CONNECT request */ > nbytes = apr_snprintf(buffer, sizeof(buffer), > "CONNECT %s:%d HTTP/1.0" CRLF, >@@ -2512,6 +2512,17 @@ > nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes, > "Proxy-Authorization: %s" CRLF, > forward->proxy_auth); >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00948) >+ "CONNECT: sending the CONNECT request for %s:%d " >+ "to the remote proxy %pI (%s) with forward auth \"%s\"", >+ forward->target_host, forward->target_port, >+ backend->addr, backend->hostname, forward->proxy_auth); >+ } else { >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00948) >+ "CONNECT: sending the CONNECT request for %s:%d " >+ "to the remote proxy %pI (%s) without auth", >+ forward->target_host, forward->target_port, >+ backend->addr, backend->hostname); > } > /* Set a reasonable agent and send everything */ > nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=32948">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 37355
:
17448
|
27977
|
28815
|
31121
|
32361
|
32670
| 32948 |
34271
|
35893
|
37397