/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* AJP routines for Apache proxy */
#include "mod_proxy.h"
#include "ajp.h"
/*
* Canonicalise http-like URLs.
* scheme is the scheme for the URL
* url is the URL starting with the first '/'
* def_port is the default port for this scheme.
*/
{
const char *err;
/* ap_port_of_scheme() */
url += 4;
}
else {
return DECLINED;
}
/*
* do syntactic check.
* We break the URL into host, port, path, search
*/
if (err) {
return HTTP_BAD_REQUEST;
}
/*
* process the path. With proxy-nocanon set (by
* mod_proxy) we use the raw, unparsed uri
*/
}
else {
r->proxyreq);
}
return HTTP_BAD_REQUEST;
else
sport[0] = '\0';
/* if literal IPv6 address */
}
return OK;
}
#define METHOD_NON_IDEMPOTENT 0
{
/*
* RFC2616 (9.1.2): GET, HEAD, PUT, DELETE, OPTIONS, TRACE are considered
* idempotent. Hint: HEAD requests use M_GET as method number as well.
*/
switch (r->method_number) {
case M_GET:
case M_DELETE:
case M_PUT:
case M_OPTIONS:
case M_TRACE:
/*
* If the request has arguments it might have side-effects and thus
* it might be undesirable to resend it to a backend again
* automatically.
*/
if (r->args) {
return METHOD_IDEMPOTENT_WITH_ARGS;
}
return METHOD_IDEMPOTENT;
/* Everything else is not considered idempotent. */
default:
return METHOD_NON_IDEMPOTENT;
}
}
{
if (clp) {
char *errp;
len = 0; /* parse error */
}
}
}
return len;
}
/*
* XXX: AJP Auto Flushing
*
* When processing CMD_AJP13_SEND_BODY_CHUNK AJP messages we will do a poll
* with FLUSH_WAIT miliseconds timeout to determine if more data is currently
* available at the backend. If there is no more data available, we flush
* the data to the client by adding a flush bucket to the brigade we pass
* up the filter chain.
* This is only a bandaid to fix the AJP/1.3 protocol shortcoming of not
* sending (actually not having defined) a flush message, when the data
* should be flushed to the client. As soon as this protocol shortcoming is
* fixed this code should be removed.
*
* For further discussion see PR37100.
*/
/*
* process the request and write the response.
*/
char *url, char *server_portstr)
{
int result;
apr_bucket *e;
char *buff;
char *send_body_chunk_buff;
const char *tenc;
int client_failed = 0;
int backend_failed = 0;
int data_sent = 0;
int request_ended = 0;
int headers_sent = 0;
int send_body = 0;
if (psf->io_buffer_size_set)
if (maxsize > AJP_MAX_BUFFER_SZ)
else if (maxsize < AJP_MSG_BUFFER_SZ)
/*
* Send the AJP request to the remote server
*/
/* send request headers */
if (status != APR_SUCCESS) {
"request failed to %pI (%s)",
if (status == AJP_EOVERFLOW)
return HTTP_BAD_REQUEST;
else {
/*
* This is only non fatal when the method is idempotent. In this
* case we can dare to retry it with a different worker if we are
* a balancer member.
*/
if (is_idempotent(r) == METHOD_IDEMPOTENT) {
return HTTP_SERVICE_UNAVAILABLE;
}
return HTTP_INTERNAL_SERVER_ERROR;
}
}
/* allocate an AJP message to store the data of the buckets */
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
"ajp_alloc_data_msg failed");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* read the first bloc of data */
/* The AJP protocol does not want body data yet */
} else {
/* Get client provided Content-Length header */
maxsize - AJP_HEADER_SZ);
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
"ap_get_brigade failed");
}
/* have something */
}
/* Try to send something */
"data to read (max %" APR_SIZE_T_FMT
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
"apr_brigade_flatten");
return HTTP_INTERNAL_SERVER_ERROR;
}
if (bufsiz > 0) {
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
"send failed to %pI (%s)",
/*
* It is fatal when we failed to send a (part) of the request
* body.
*/
return HTTP_INTERNAL_SERVER_ERROR;
}
send_body = 1;
}
else if (content_length > 0) {
"read zero bytes, expecting"
/*
* We can only get here if the client closed the connection
* to us without sending the body.
* Now the connection is in the wrong state on the backend.
* Sending an empty data msg doesn't help either as it does
* not move this connection to the correct state on the backend
* for later resusage by the next request again.
* Close it to clean things up.
*/
return HTTP_BAD_REQUEST;
}
}
/* read the response */
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
"read response failed from %pI (%s)",
* we assume it is a request that cause a back-end timeout,
* but doesn't affect the whole worker.
*/
if (APR_STATUS_IS_TIMEUP(status) &&
return HTTP_GATEWAY_TIME_OUT;
}
/*
* This is only non fatal when we have not sent (parts) of a possible
* request body so far (we do not store it and thus cannot send it
* again) and the method is idempotent. In this case we can dare to
* retry it with a different worker if we are a balancer member.
*/
return HTTP_SERVICE_UNAVAILABLE;
}
return HTTP_INTERNAL_SERVER_ERROR;
}
/* parse the reponse */
/*
* Prepare apr_pollfd_t struct for possible later check if there is currently
* data available from the backend (do not flush response to client)
* or not (flush response to client)
*/
for (;;) {
switch (result) {
case CMD_AJP13_GET_BODY_CHUNK:
if (havebody) {
/* This is the end */
bufsiz = 0;
havebody = 0;
"APR_BUCKET_IS_EOS");
} else {
maxsize - AJP_HEADER_SZ);
if (status != APR_SUCCESS) {
"ap_get_brigade failed");
if (APR_STATUS_IS_TIMEUP(status)) {
}
else if (status == AP_FILTER_ERROR) {
}
client_failed = 1;
break;
}
&bufsiz);
if (status != APR_SUCCESS) {
"apr_brigade_flatten failed");
client_failed = 1;
break;
}
}
/* will go in ajp_send_data_msg */
ajp_msg_log(r, msg, "ajp_send_data_msg after CMD_AJP13_GET_BODY_CHUNK: ajp_ilink_send packet dump");
if (status != APR_SUCCESS) {
"ajp_send_data_msg failed");
backend_failed = 1;
break;
}
} else {
/*
* something is wrong TC asks for more body but we are
* already at the end of the body data
*/
"ap_proxy_ajp_request error read after end");
backend_failed = 1;
}
break;
case CMD_AJP13_SEND_HEADERS:
if (headers_sent) {
/* Do not send anything to the client.
* Backend already send us the headers.
*/
backend_failed = 1;
"Backend sent headers twice.");
break;
}
/* AJP13_SEND_HEADERS: process them */
if (status != APR_SUCCESS) {
backend_failed = 1;
}
const char *buf;
} else {
"ap_proxy_ajp_request: origin server "
"sent 401 without WWW-Authenticate header");
}
}
headers_sent = 1;
break;
/* AJP13_SEND_BODY_CHUNK: piece of data */
if (status == APR_SUCCESS) {
/* If we are overriding the errors, we can't put the content
* of the page into the brigade.
*/
/* AJP13_SEND_BODY_CHUNK with zero length
* is explicit flush message
*/
if (size == 0) {
if (headers_sent) {
}
else {
"Ignoring flush message "
"received before headers");
}
}
else {
/* Handle the case where the error document is itself reverse
* proxied and was successful. We must maintain any previous
* error status so that an underlying error (eg HTTP_NOT_FOUND)
* doesn't become an HTTP_OK.
*/
&& ap_is_HTTP_ERROR(original_status)) {
r->status = original_status;
}
r->connection->bucket_alloc);
!= APR_SUCCESS) &&
APR_STATUS_IS_TIMEUP(rv))) {
}
if (bb_len != -1)
}
if (headers_sent) {
if (ap_pass_brigade(r->output_filters,
output_brigade) != APR_SUCCESS) {
"error processing body.%s",
r->connection->aborted ?
" Client aborted connection." : "");
client_failed = 1;
}
data_sent = 1;
}
}
}
else {
backend_failed = 1;
}
break;
case CMD_AJP13_END_RESPONSE:
/* If we are overriding the errors, we must not send anything to
* the client, especially as the brigade already contains headers.
* So do nothing here, and it will be cleaned up below.
*/
if (status != APR_SUCCESS) {
backend_failed = 1;
}
if (ap_pass_brigade(r->output_filters,
output_brigade) != APR_SUCCESS) {
"error processing end");
client_failed = 1;
}
/* XXX: what about flush here? See mod_jk */
data_sent = 1;
}
request_ended = 1;
break;
default:
backend_failed = 1;
break;
}
/*
* If connection has been aborted by client: Stop working.
* Pretend we are done (data_sent) to avoid further processing.
*/
if (r->connection->aborted) {
"client connection aborted");
/* no response yet (or ever), set status for access log */
if (!headers_sent) {
r->status = HTTP_BAD_REQUEST;
}
client_failed = 1;
/* return DONE */
data_sent = 1;
break;
}
/*
* We either have finished successfully or we failed.
* So bail out
*/
if ((result == CMD_AJP13_END_RESPONSE)
|| backend_failed || client_failed)
break;
/* read the response */
if (status != APR_SUCCESS) {
backend_failed = 1;
"ajp_read_header failed");
break;
}
}
/*
* Clear output_brigade to remove possible buckets that remained there
* after an error.
*/
if (backend_failed || client_failed) {
"Processing of request failed backend: %i, client: %i",
/* We had a failure: Close connection to backend */
if (data_sent) {
/* Return DONE to avoid error messages being added to the stream */
}
}
else if (!request_ended) {
"Processing of request didn't terminate cleanly");
/* We had a failure: Close connection to backend */
backend_failed = 1;
if (data_sent) {
/* Return DONE to avoid error messages being added to the stream */
}
}
else if (!conn_reuse) {
/* Our backend signalled connection close */
}
else {
"got response from %pI (%s)",
/* clear r->status for override error, otherwise ErrorDocument
* thinks that this is a recursive error, and doesn't find the
* custom error page
*/
}
else {
}
}
if (backend_failed) {
"dialog to %pI (%s) failed",
/*
* If we already send data, signal a broken backend connection
* upwards in the chain.
*/
if (data_sent) {
/*
* This is only non fatal when we have not send (parts) of a possible
* request body so far (we do not store it and thus cannot send it
* again) and the method is idempotent. In this case we can dare to
* retry it with a different worker if we are a balancer member.
*/
} else {
* we assume it is a request that cause a back-end timeout,
* but doesn't affect the whole worker.
*/
if (APR_STATUS_IS_TIMEUP(status) &&
}
else {
}
}
}
else if (client_failed) {
"dialog with client %pI failed",
r->connection->client_addr);
}
}
/*
* Ensure that we sent an EOS bucket thru the filter chain, if we already
* have sent some data. Maybe ap_proxy_backend_broke was called and added
* one to the brigade already (no longer making it empty). So we should
* not do this in this case.
*/
&& APR_BRIGADE_EMPTY(output_brigade)) {
}
/* If we have added something to the brigade above, send it */
}
}
return rv;
}
/*
* This handles ajp:// URLs
*/
{
int status;
int retry;
&proxy_module);
apr_pool_t *p = r->pool;
return DECLINED;
}
/* create space for state information */
r->server);
if (backend) {
}
return status;
}
retry = 0;
while (retry < 2) {
/* Step One: Determine Who To Connect To */
sizeof(server_portstr));
break;
/* Step Two: Make the Connection */
"failed to make connection to backend: %s",
break;
}
if (worker->s->ping_timeout_set) {
if (worker->s->ping_timeout < 0) {
"socket check failed to %pI (%s)",
retry++;
continue;
}
}
else {
worker->s->ping_timeout);
/*
* In case the CPING / CPONG failed for the first time we might be
* just out of luck and got a faulty backend connection, but the
* backend might be healthy nevertheless. So ensure that the backend
* TCP connection gets closed and try it once again.
*/
if (status != APR_SUCCESS) {
retry++;
continue;
}
}
}
/* Step Three: Process the Request */
break;
}
/* Do not close the socket */
return status;
}
{
}
NULL, /* create per-directory config structure */
NULL, /* merge per-directory config structures */
NULL, /* create per-server config structure */
NULL, /* merge per-server config structures */
NULL, /* command apr_table_t */
ap_proxy_http_register_hook /* register hooks */
};