modules/proxy/mod_proxy_connect.c

	mod_proxy_connect.c revision 9bec939825399ac2816ea0d912d2e3c3b2ed91f4
842ae4bd224140319ae7feec1872b93dfd491143fielding/* Licensed to the Apache Software Foundation (ASF) under one or more
842ae4bd224140319ae7feec1872b93dfd491143fielding * contributor license agreements.  See the NOTICE file distributed with
842ae4bd224140319ae7feec1872b93dfd491143fielding * this work for additional information regarding copyright ownership.
842ae4bd224140319ae7feec1872b93dfd491143fielding * The ASF licenses this file to You under the Apache License, Version 2.0
842ae4bd224140319ae7feec1872b93dfd491143fielding * (the "License"); you may not use this file except in compliance with
842ae4bd224140319ae7feec1872b93dfd491143fielding * the License.  You may obtain a copy of the License at
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes *
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes *     http://www.apache.org/licenses/LICENSE-2.0
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes *
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * Unless required by applicable law or agreed to in writing, software
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * distributed under the License is distributed on an "AS IS" BASIS,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * See the License for the specific language governing permissions and
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * limitations under the License.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes */
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes/* CONNECT method for Apache proxy */
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
e8f95a682820a599fe41b22977010636be5c2717jim#include "mod_proxy.h"
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes#include "apr_poll.h"
e8f95a682820a599fe41b22977010636be5c2717jim
1747d30b98aa1bdbc43994c02cd46ab4cb9319e4fielding#define CONN_BLKSZ AP_IOBUFSIZE
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholesmodule AP_MODULE_DECLARE_DATA proxy_connect_module;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes/*
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * This handles Netscape CONNECT method secure proxy requests.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * A connection is opened to the specified host and data is
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * passed through between the WWW site and the browser.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes *
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick * This code is based on the INTERNET-DRAFT document
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * "Tunneling SSL Through a WWW Proxy" currently at
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * http://www.mcom.com/newsref/std/tunneling_ssl.html.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes *
5c0419d51818eb02045cf923a9fe456127a44c60wrowe * If proxyhost and proxyport are set, we send a CONNECT to
5c0419d51818eb02045cf923a9fe456127a44c60wrowe * the specified proxy..
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes *
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * FIXME: this doesn't log the number of bytes sent, but
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes *        that may be okay, since the data is supposed to
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes *        be transparent. In fact, this doesn't log at all
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf *        yet. 8^)
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf * FIXME: doesn't check any headers initally sent from the
cd3bbd6d2df78d6c75e5d159a81ef8bdd5f70df9trawick *        client.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes * FIXME: should allow authentication, but hopefully the
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf *        generic proxy authentication is good enough.
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf * FIXME: no check for r->assbackwards, whatever that is.
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim */
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sftypedef struct {
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf    apr_array_header_t *allowed_connect_ports;
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf} connect_conf;
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
bede2929837dfd23863ad4b39199c63126566d61jortontypedef struct {
0f60998368b493f90120180a93fc2e1e74490872covener    int first;
0f60998368b493f90120180a93fc2e1e74490872covener    int last;
0f60998368b493f90120180a93fc2e1e74490872covener} port_range;
0f60998368b493f90120180a93fc2e1e74490872covener
0f60998368b493f90120180a93fc2e1e74490872covenerstatic void *create_config(apr_pool_t *p, server_rec *s)
0f60998368b493f90120180a93fc2e1e74490872covener{
0f60998368b493f90120180a93fc2e1e74490872covener    connect_conf *c = apr_pcalloc(p, sizeof(connect_conf));
0f60998368b493f90120180a93fc2e1e74490872covener    c->allowed_connect_ports = apr_array_make(p, 10, sizeof(port_range));
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim    return c;
60284a9f9158baa60cc8ab4a69066404b1dcae7acovener}
87587593f1a53030e840acc0dec6cc881022ea40covener
87587593f1a53030e840acc0dec6cc881022ea40covenerstatic void *merge_config(apr_pool_t *p, void *basev, void *overridesv)
87587593f1a53030e840acc0dec6cc881022ea40covener{
a81c0c1ae464b2063a21b45f80c9da8d89bb840ecovener    connect_conf *c = apr_pcalloc(p, sizeof(connect_conf));
a81c0c1ae464b2063a21b45f80c9da8d89bb840ecovener    connect_conf *base = (connect_conf *) basev;
a81c0c1ae464b2063a21b45f80c9da8d89bb840ecovener    connect_conf *overrides = (connect_conf *) overridesv;
97cd2f98ad4abe68aaaba96b5bfc9ebf7109a2c1covener
97cd2f98ad4abe68aaaba96b5bfc9ebf7109a2c1covener    c->allowed_connect_ports = apr_array_append(p,
97cd2f98ad4abe68aaaba96b5bfc9ebf7109a2c1covener                                                base->allowed_connect_ports,
97cd2f98ad4abe68aaaba96b5bfc9ebf7109a2c1covener                                                overrides->allowed_connect_ports);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
43997561b2302d13dee973998e77743a3ddd2374trawick    return c;
fa123db15501821e36e513afa78e839775ad2800covener}
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
0568280364eb026393be492ebc732795c4934643jorton
0568280364eb026393be492ebc732795c4934643jorton/*
0568280364eb026393be492ebc732795c4934643jorton * Set the ports CONNECT can use
0568280364eb026393be492ebc732795c4934643jorton */
0568280364eb026393be492ebc732795c4934643jortonstatic const char *
0568280364eb026393be492ebc732795c4934643jorton    set_allowed_ports(cmd_parms *parms, void *dummy, const char *arg)
0568280364eb026393be492ebc732795c4934643jorton{
0568280364eb026393be492ebc732795c4934643jorton    server_rec *s = parms->server;
0568280364eb026393be492ebc732795c4934643jorton    int first, last;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    connect_conf *conf =
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        ap_get_module_config(s->module_config, &proxy_connect_module);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    port_range *New;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    char *endptr;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    const char *p = arg;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    if (!apr_isdigit(arg[0]))
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        return "AllowCONNECT: port numbers must be numeric";
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
796e4a7141265d8ed7036e4628161c6eafb2a789jorton    first = strtol(p, &endptr, 10);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    if (*endptr == '-') {
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        p = endptr + 1;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        last = strtol(p, &endptr, 10);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    }
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    else {
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        last = first;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    }
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    if (endptr == p || *endptr != '\0')  {
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        return apr_psprintf(parms->temp_pool,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                            "Cannot parse '%s' as port number", p);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    }
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    New = apr_array_push(conf->allowed_connect_ports);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    New->first = first;
8113dac419143273351446c3ad653f3fe5ba5cfdwrowe    New->last  = last;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    return NULL;
95b6fe1346805e1731e6e97c15d569c73be22cf7minfrin}
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
95b6fe1346805e1731e6e97c15d569c73be22cf7minfrinstatic int allowed_port(connect_conf *conf, int port)
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes{
95b6fe1346805e1731e6e97c15d569c73be22cf7minfrin    int i;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    port_range *list = (port_range *) conf->allowed_connect_ports->elts;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    if (apr_is_empty_array(conf->allowed_connect_ports)){
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        return port == APR_URI_HTTPS_DEFAULT_PORT
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes               || port == APR_URI_SNEWS_DEFAULT_PORT;
95b6fe1346805e1731e6e97c15d569c73be22cf7minfrin    }
95b6fe1346805e1731e6e97c15d569c73be22cf7minfrin
95b6fe1346805e1731e6e97c15d569c73be22cf7minfrin    for (i = 0; i < conf->allowed_connect_ports->nelts; i++) {
a1790fb35c4b352dab721370985c623a9f8f5062rpluem        if (port >= list[i].first && port <= list[i].last)
713a2b68bac4aeb1e9c48785006c0732451039depquerna            return 1;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    }
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    return 0;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes}
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes/* canonicalise CONNECT URLs. */
482f676c6c19b1c5bb5cca04dad11509c1da3a4cwrowestatic int proxy_connect_canon(request_rec *r, char *url)
482f676c6c19b1c5bb5cca04dad11509c1da3a4cwrowe{
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    if (r->method_number != M_CONNECT) {
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    return DECLINED;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    }
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, r->server,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                 "proxy: CONNECT: canonicalising URL %s", url);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    return OK;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener}
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes/* read available data (in blocks of CONN_BLKSZ) from c_i and copy to c_o */
f43b67c5a9d29b572eac916f8335cedc80c908bebnicholesstatic int proxy_connect_transfer(request_rec *r, conn_rec *c_i, conn_rec *c_o,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                                  apr_bucket_brigade *bb, char *name)
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes{
8113dac419143273351446c3ad653f3fe5ba5cfdwrowe    int rv;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes#ifdef DEBUGGING
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    apr_off_t len;
fa123db15501821e36e513afa78e839775ad2800covener#endif
fa123db15501821e36e513afa78e839775ad2800covener
fa123db15501821e36e513afa78e839775ad2800covener    do {
fa123db15501821e36e513afa78e839775ad2800covener        apr_brigade_cleanup(bb);
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim        rv = ap_get_brigade(c_i->input_filters, bb, AP_MODE_READBYTES,
fa123db15501821e36e513afa78e839775ad2800covener                            APR_NONBLOCK_READ, CONN_BLKSZ);
307219eca940aa30b873bfd68a44484dd3d3fa88covener        if (rv == APR_SUCCESS) {
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener            if (c_o->aborted)
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim                return APR_EPIPE;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener            if (APR_BRIGADE_EMPTY(bb))
a81c0c1ae464b2063a21b45f80c9da8d89bb840ecovener                break;
307219eca940aa30b873bfd68a44484dd3d3fa88covener#ifdef DEBUGGING
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes            len = -1;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener            apr_brigade_length(bb, 0, &len);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener                          "proxy: CONNECT: read %" APR_OFF_T_FMT
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                          " bytes from %s", len, name);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes#endif
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes            rv = ap_pass_brigade(c_o->output_filters, bb);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes            if (rv == APR_SUCCESS) {
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                ap_fflush(c_o->output_filters, bb);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes            }
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener            else {
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
8113dac419143273351446c3ad653f3fe5ba5cfdwrowe                              "proxy: CONNECT: error on %s - ap_pass_brigade",
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                              name);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes            }
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        } else if (!APR_STATUS_IS_EAGAIN(rv)) {
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                          "proxy: CONNECT: error on %s - ap_get_brigade",
307219eca940aa30b873bfd68a44484dd3d3fa88covener                          name);
307219eca940aa30b873bfd68a44484dd3d3fa88covener        }
307219eca940aa30b873bfd68a44484dd3d3fa88covener    } while (rv == APR_SUCCESS);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    if (APR_STATUS_IS_EAGAIN(rv)) {
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        rv = APR_SUCCESS;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    }
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    return rv;
fa123db15501821e36e513afa78e839775ad2800covener}
cceddc0b6c0fdaed0c73abda39975bb1d388243acovener
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf/* CONNECT handler */
fa123db15501821e36e513afa78e839775ad2800covenerstatic int proxy_connect_handler(request_rec *r, proxy_worker *worker,
cceddc0b6c0fdaed0c73abda39975bb1d388243acovener                                 proxy_server_conf *conf,
f2be127030aa4190033084f0a6add531c9bc41desf                                 char *url, const char *proxyname,
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener                                 apr_port_t proxyport)
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener{
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    connect_conf *c_conf =
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener        ap_get_module_config(r->server->module_config, &proxy_connect_module);
60215f303c7e1ce8b6d272acb5bfa5b3d99dfd34covener
60215f303c7e1ce8b6d272acb5bfa5b3d99dfd34covener    apr_pool_t *p = r->pool;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    apr_socket_t *sock;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    conn_rec *c = r->connection;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    conn_rec *backconn;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc);
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    apr_status_t err, rv;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    apr_size_t nbytes;
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim    char buffer[HUGE_STRING_LEN];
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    apr_socket_t *client_socket = ap_get_conn_socket(c);
6683642c1e0032eeeed5f99e8c14880692ef84c5sf    int failed, rc;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    int client_error = 0;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    apr_pollset_t *pollset;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    apr_pollfd_t pollfd;
6683642c1e0032eeeed5f99e8c14880692ef84c5sf    const apr_pollfd_t *signalled;
6683642c1e0032eeeed5f99e8c14880692ef84c5sf    apr_int32_t pollcnt, pi;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    apr_int16_t pollevent;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    apr_sockaddr_t *uri_addr, *connect_addr;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    apr_uri_t uri;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    const char *connectname;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    int connectport = 0;
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    /* is this for us? */
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    if (r->method_number != M_CONNECT) {
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener        ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, r->server,
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim                     "proxy: CONNECT: declining URL %s", url);
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener        return DECLINED;
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim    }
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, r->server,
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener                 "proxy: CONNECT: serving URL %s", url);
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    /*
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes     * Step One: Determine Who To Connect To
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes     *
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener     * Break up the URL to determine the host to connect to
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener     */
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    /* we break the URL into host, port, uri */
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    if (APR_SUCCESS != apr_uri_parse_hostinfo(p, url, &uri)) {
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener        return ap_proxyerror(r, HTTP_BAD_REQUEST,
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener                             apr_pstrcat(p, "URI cannot be parsed: ", url,
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener                                         NULL));
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    }
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener                 "proxy: CONNECT: connecting %s to %s:%d", url, uri.hostname,
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener                 uri.port);
4e9c24785b525d2956e6e381015c0f2bd0a72f4bcovener
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim    /* do a DNS lookup for the destination host */
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim    err = apr_sockaddr_info_get(&uri_addr, uri.hostname, APR_UNSPEC, uri.port,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                                0, p);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    if (APR_SUCCESS != err) {
60215f303c7e1ce8b6d272acb5bfa5b3d99dfd34covener        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                             apr_pstrcat(p, "DNS lookup failure for: ",
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes                                         uri.hostname, NULL));
0e05808dc59a321566303084c84b9826a4353cefrederpj    }
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes
b08925593f214f621161742925dcf074a8047e0acovener    /* are we connecting directly, or via a proxy? */
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    if (proxyname) {
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf        connectname = proxyname;
465bb68501690d7a47bfd2a6129580047d76d8f1rederpj        connectport = proxyport;
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim        err = apr_sockaddr_info_get(&connect_addr, proxyname, APR_UNSPEC,
465bb68501690d7a47bfd2a6129580047d76d8f1rederpj                                    proxyport, 0, p);
e8f95a682820a599fe41b22977010636be5c2717jim    }
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholes    else {
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholes        connectname = uri.hostname;
55e2e59e5910072e51c870afc68b0907f41a28e0sf        connectport = uri.port;
55e2e59e5910072e51c870afc68b0907f41a28e0sf        connect_addr = uri_addr;
55e2e59e5910072e51c870afc68b0907f41a28e0sf    }
55e2e59e5910072e51c870afc68b0907f41a28e0sf    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, r->server,
55e2e59e5910072e51c870afc68b0907f41a28e0sf                 "proxy: CONNECT: connecting to remote proxy %s on port %d",
55e2e59e5910072e51c870afc68b0907f41a28e0sf                 connectname, connectport);
55e2e59e5910072e51c870afc68b0907f41a28e0sf
55e2e59e5910072e51c870afc68b0907f41a28e0sf    /* check if ProxyBlock directive on this host */
55e2e59e5910072e51c870afc68b0907f41a28e0sf    if (OK != ap_proxy_checkproxyblock(r, conf, uri_addr)) {
55e2e59e5910072e51c870afc68b0907f41a28e0sf        return ap_proxyerror(r, HTTP_FORBIDDEN,
55e2e59e5910072e51c870afc68b0907f41a28e0sf                             "Connect to remote machine blocked");
55e2e59e5910072e51c870afc68b0907f41a28e0sf    }
55e2e59e5910072e51c870afc68b0907f41a28e0sf
55e2e59e5910072e51c870afc68b0907f41a28e0sf    /* Check if it is an allowed port */
55e2e59e5910072e51c870afc68b0907f41a28e0sf    if(!allowed_port(c_conf, uri.port)) {
55e2e59e5910072e51c870afc68b0907f41a28e0sf              return ap_proxyerror(r, HTTP_FORBIDDEN,
55e2e59e5910072e51c870afc68b0907f41a28e0sf                                   "Connect to remote machine blocked");
54d22ed1c429b903b029bbd62621f11a9e286137minfrin    }
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    /*
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes     * Step Two: Make the Connection
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes     *
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes     * We have determined who to connect to. Now make the connection.
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes     */
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    /* get all the possible IP addresses for the destname and loop through them
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf     * until we get a successful connection
55e2e59e5910072e51c870afc68b0907f41a28e0sf     */
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    if (APR_SUCCESS != err) {
513b324e774c559b579896df131fd7c8471ed529rederpj        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
513b324e774c559b579896df131fd7c8471ed529rederpj                             apr_pstrcat(p, "DNS lookup failure for: ",
513b324e774c559b579896df131fd7c8471ed529rederpj                                         connectname, NULL));
513b324e774c559b579896df131fd7c8471ed529rederpj    }
513b324e774c559b579896df131fd7c8471ed529rederpj
513b324e774c559b579896df131fd7c8471ed529rederpj    /*
513b324e774c559b579896df131fd7c8471ed529rederpj     * At this point we have a list of one or more IP addresses of
513b324e774c559b579896df131fd7c8471ed529rederpj     * the machine to connect to. If configured, reorder this
513b324e774c559b579896df131fd7c8471ed529rederpj     * list so that the "best candidate" is first try. "best
513b324e774c559b579896df131fd7c8471ed529rederpj     * candidate" could mean the least loaded server, the fastest
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes     * responding server, whatever.
02fd88c85a9850109753b87612955ad372de1575sf     *
02fd88c85a9850109753b87612955ad372de1575sf     * For now we do nothing, ie we get DNS round robin.
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes     * XXX FIXME
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes     */
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    failed = ap_proxy_connect_to_backend(&sock, "CONNECT", connect_addr,
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes                                         connectname, conf, r);
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    /* handle a permanent error from the above loop */
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    if (failed) {
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes        if (proxyname) {
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes            return DECLINED;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        }
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        else {
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes            return HTTP_SERVICE_UNAVAILABLE;
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes        }
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    }
307219eca940aa30b873bfd68a44484dd3d3fa88covener
307219eca940aa30b873bfd68a44484dd3d3fa88covener    /* setup polling for connection */
707f6d077f73cc948deead8df5b40ea42c1eaa78covener    ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
707f6d077f73cc948deead8df5b40ea42c1eaa78covener                  "proxy: CONNECT: setting up poll()");
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
707f6d077f73cc948deead8df5b40ea42c1eaa78covener    if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) {
185aa71728867671e105178b4c66fbc22b65ae26sf        apr_socket_close(sock);
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
707f6d077f73cc948deead8df5b40ea42c1eaa78covener                      "proxy: CONNECT: error apr_pollset_create()");
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        return HTTP_INTERNAL_SERVER_ERROR;
707f6d077f73cc948deead8df5b40ea42c1eaa78covener    }
707f6d077f73cc948deead8df5b40ea42c1eaa78covener
9ad7b260be233be7d7b5576979825cac72e15498rederpj    /* Add client side to the poll */
9ad7b260be233be7d7b5576979825cac72e15498rederpj    pollfd.p = r->pool;
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    pollfd.desc_type = APR_POLL_SOCKET;
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    pollfd.reqevents = APR_POLLIN;
54d22ed1c429b903b029bbd62621f11a9e286137minfrin    pollfd.desc.s = client_socket;
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    pollfd.client_data = NULL;
55e2e59e5910072e51c870afc68b0907f41a28e0sf    apr_pollset_add(pollset, &pollfd);
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    /* Add the server side to the poll */
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    pollfd.desc.s = sock;
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    apr_pollset_add(pollset, &pollfd);
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    /*
54d22ed1c429b903b029bbd62621f11a9e286137minfrin     * Step Three: Send the Request
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes     *
54d22ed1c429b903b029bbd62621f11a9e286137minfrin     * Send the HTTP/1.1 CONNECT request to the remote server
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes     */
55e2e59e5910072e51c870afc68b0907f41a28e0sf
55e2e59e5910072e51c870afc68b0907f41a28e0sf    backconn = ap_run_create_connection(c->pool, r->server, sock,
55e2e59e5910072e51c870afc68b0907f41a28e0sf                                        c->id, c->sbh, c->bucket_alloc);
55e2e59e5910072e51c870afc68b0907f41a28e0sf    if (!backconn) {
55e2e59e5910072e51c870afc68b0907f41a28e0sf        /* peer reset */
55e2e59e5910072e51c870afc68b0907f41a28e0sf        ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf                      "proxy: an error occurred creating a new connection "
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf                      "to %pI (%s)", connect_addr, connectname);
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes        apr_socket_close(sock);
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes        return HTTP_INTERNAL_SERVER_ERROR;
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    }
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    ap_proxy_ssl_disable(backconn);
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    rc = ap_run_pre_connection(backconn, sock);
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    if (rc != OK && rc != DONE) {
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes        backconn->aborted = 1;
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
b08925593f214f621161742925dcf074a8047e0acovener                      "proxy: CONNECT: pre_connection setup failed (%d)", rc);
b08925593f214f621161742925dcf074a8047e0acovener        return HTTP_INTERNAL_SERVER_ERROR;
d5b12fe8ae917e654a33247fd4e59dc9e75170aebnicholes    }
60284a9f9158baa60cc8ab4a69066404b1dcae7acovener
707f6d077f73cc948deead8df5b40ea42c1eaa78covener    ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
5f3e4e06f8e23597d2f95e2c2cff1116c522488fcovener                  "proxy: CONNECT: connection complete to %pI (%s)",
707f6d077f73cc948deead8df5b40ea42c1eaa78covener                  connect_addr, connectname);
707f6d077f73cc948deead8df5b40ea42c1eaa78covener
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf    /* If we are connecting through a remote proxy, we need to pass
707f6d077f73cc948deead8df5b40ea42c1eaa78covener     * the CONNECT request on to it.
707f6d077f73cc948deead8df5b40ea42c1eaa78covener     */
707f6d077f73cc948deead8df5b40ea42c1eaa78covener    if (proxyport) {
9ad7b260be233be7d7b5576979825cac72e15498rederpj    /* FIXME: Error checking ignored.
185aa71728867671e105178b4c66fbc22b65ae26sf     */
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, r->server,
707f6d077f73cc948deead8df5b40ea42c1eaa78covener                     "proxy: CONNECT: sending the CONNECT request"
707f6d077f73cc948deead8df5b40ea42c1eaa78covener                     " to the remote proxy");
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        ap_fprintf(backconn->output_filters, bb,
707f6d077f73cc948deead8df5b40ea42c1eaa78covener                   "CONNECT %s HTTP/1.0" CRLF, r->uri);
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        ap_fprintf(backconn->output_filters, bb,
707f6d077f73cc948deead8df5b40ea42c1eaa78covener                   "Proxy-agent: %s" CRLF CRLF, ap_get_server_banner());
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        ap_fflush(backconn->output_filters, bb);
60284a9f9158baa60cc8ab4a69066404b1dcae7acovener    }
707f6d077f73cc948deead8df5b40ea42c1eaa78covener    else {
60284a9f9158baa60cc8ab4a69066404b1dcae7acovener        ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, r->server,
707f6d077f73cc948deead8df5b40ea42c1eaa78covener                     "proxy: CONNECT: Returning 200 OK Status");
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        nbytes = apr_snprintf(buffer, sizeof(buffer),
185aa71728867671e105178b4c66fbc22b65ae26sf                              "HTTP/1.0 200 Connection Established" CRLF);
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        ap_xlate_proto_to_ascii(buffer, nbytes);
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        ap_fwrite(c->output_filters, bb, buffer, nbytes);
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf        nbytes = apr_snprintf(buffer, sizeof(buffer),
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf                              "Proxy-agent: %s" CRLF CRLF,
707f6d077f73cc948deead8df5b40ea42c1eaa78covener                              ap_get_server_banner());
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        ap_xlate_proto_to_ascii(buffer, nbytes);
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        ap_fwrite(c->output_filters, bb, buffer, nbytes);
185aa71728867671e105178b4c66fbc22b65ae26sf        ap_fflush(c->output_filters, bb);
707f6d077f73cc948deead8df5b40ea42c1eaa78covener#if 0
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        /* This is safer code, but it doesn't work yet.  I'm leaving it
707f6d077f73cc948deead8df5b40ea42c1eaa78covener         * here so that I can fix it later.
707f6d077f73cc948deead8df5b40ea42c1eaa78covener         */
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        r->status = HTTP_OK;
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        r->header_only = 1;
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        apr_table_set(r->headers_out, "Proxy-agent: %s", ap_get_server_banner());
707f6d077f73cc948deead8df5b40ea42c1eaa78covener        ap_rflush(r);
9ad7b260be233be7d7b5576979825cac72e15498rederpj#endif
9ad7b260be233be7d7b5576979825cac72e15498rederpj    }
9ad7b260be233be7d7b5576979825cac72e15498rederpj
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf    ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, r->server,
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf                 "proxy: CONNECT: setting up poll()");
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
8445dae5cc606ba8ba04efc341cc1e081d95920drpluem    /*
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf     * Step Four: Handle Data Transfer
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf     *
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf     * Handle two way transfer of data over the socket (this is a tunnel).
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf     */
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf    /* we are now acting as a tunnel - the input/output filter stacks should
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf     * not contain any non-connection filters.
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf     */
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf    r->output_filters = c->output_filters;
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf    r->proto_output_filters = c->output_filters;
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf    r->input_filters = c->input_filters;
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf    r->proto_input_filters = c->input_filters;
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf/*    r->sent_bodyct = 1;*/
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf    while (1) { /* Infinite loop until error (one side closes the connection) */
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf        if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled))
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf            != APR_SUCCESS) {
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf            if (APR_STATUS_IS_EINTR(rv)) {
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf                continue;
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf            }
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf            apr_socket_close(sock);
141e1368614dc7564e1627671361b01b4869b491bnicholes            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "proxy: CONNECT: error apr_poll()");
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholes            return HTTP_INTERNAL_SERVER_ERROR;
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes        }
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf#ifdef DEBUGGING
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
e8f95a682820a599fe41b22977010636be5c2717jim                     "proxy: CONNECT: woke from poll(), i=%d", pollcnt);
1ae7a5fbce5d4f65f3da355792258fe5dbc4ef55covener#endif
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf        for (pi = 0; pi < pollcnt; pi++) {
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes            const apr_pollfd_t *cur = &signalled[pi];
185aa71728867671e105178b4c66fbc22b65ae26sf
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes            if (cur->desc.s == sock) {
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholes                pollevent = cur->rtnevents;
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes                if (pollevent & APR_POLLIN) {
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholes#ifdef DEBUGGING
3dfeb02cfb853d8717ca0cc259b59fea610173f5bnicholes                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                                  "proxy: CONNECT: sock was readable");
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf#endif
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                    rv = proxy_connect_transfer(r, backconn, c, bb, "sock");
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                    }
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                else if ((pollevent & APR_POLLERR)
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                         || (pollevent & APR_POLLHUP)) {
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                         rv = APR_EPIPE;
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                         ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                                       "proxy: CONNECT: err/hup on backconn");
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                }
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf                if (rv != APR_SUCCESS)
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                    client_error = 1;
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf            }
185aa71728867671e105178b4c66fbc22b65ae26sf            else if (cur->desc.s == client_socket) {
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                pollevent = cur->rtnevents;
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                if (pollevent & APR_POLLIN) {
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf#ifdef DEBUGGING
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf                                  "proxy: CONNECT: client was readable");
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes#endif
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes                    rv = proxy_connect_transfer(r, c, backconn, bb, "client");
e8f95a682820a599fe41b22977010636be5c2717jim                }
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim            }
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim            else {
96ebb616bbf4ac2a422cc5d9770c9ad07ccecdc0covener                rv = APR_EBADF;
96ebb616bbf4ac2a422cc5d9770c9ad07ccecdc0covener                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
96ebb616bbf4ac2a422cc5d9770c9ad07ccecdc0covener                              "proxy: CONNECT: unknown socket in pollset");
96ebb616bbf4ac2a422cc5d9770c9ad07ccecdc0covener            }
96ebb616bbf4ac2a422cc5d9770c9ad07ccecdc0covener
96ebb616bbf4ac2a422cc5d9770c9ad07ccecdc0covener        }
96ebb616bbf4ac2a422cc5d9770c9ad07ccecdc0covener        if (rv != APR_SUCCESS) {
96ebb616bbf4ac2a422cc5d9770c9ad07ccecdc0covener            break;
96ebb616bbf4ac2a422cc5d9770c9ad07ccecdc0covener        }
783874b86bfe13d7a4fe0922f344a3779cdccea3covener    }
7dbf29be626018bc389ef94c1846aeac4b72633bsf
7dbf29be626018bc389ef94c1846aeac4b72633bsf    ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, r->server,
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim                 "proxy: CONNECT: finished with poll() - cleaning up");
7dbf29be626018bc389ef94c1846aeac4b72633bsf
7dbf29be626018bc389ef94c1846aeac4b72633bsf    /*
7dbf29be626018bc389ef94c1846aeac4b72633bsf     * Step Five: Clean Up
7dbf29be626018bc389ef94c1846aeac4b72633bsf     *
7dbf29be626018bc389ef94c1846aeac4b72633bsf     * Close the socket and clean up
7dbf29be626018bc389ef94c1846aeac4b72633bsf     */
7dbf29be626018bc389ef94c1846aeac4b72633bsf
7dbf29be626018bc389ef94c1846aeac4b72633bsf    if (client_error)
7dbf29be626018bc389ef94c1846aeac4b72633bsf        apr_socket_close(sock);
7dbf29be626018bc389ef94c1846aeac4b72633bsf    else
7dbf29be626018bc389ef94c1846aeac4b72633bsf        ap_lingering_close(backconn);
7dbf29be626018bc389ef94c1846aeac4b72633bsf
783874b86bfe13d7a4fe0922f344a3779cdccea3covener    c->aborted = 1;
7dbf29be626018bc389ef94c1846aeac4b72633bsf
7dbf29be626018bc389ef94c1846aeac4b72633bsf    return OK;
7dbf29be626018bc389ef94c1846aeac4b72633bsf}
7dbf29be626018bc389ef94c1846aeac4b72633bsf
7dbf29be626018bc389ef94c1846aeac4b72633bsfstatic void ap_proxy_connect_register_hook(apr_pool_t *p)
783874b86bfe13d7a4fe0922f344a3779cdccea3covener{
7dbf29be626018bc389ef94c1846aeac4b72633bsf    proxy_hook_scheme_handler(proxy_connect_handler, NULL, NULL, APR_HOOK_MIDDLE);
7dbf29be626018bc389ef94c1846aeac4b72633bsf    proxy_hook_canon_handler(proxy_connect_canon, NULL, NULL, APR_HOOK_MIDDLE);
7dbf29be626018bc389ef94c1846aeac4b72633bsf}
7dbf29be626018bc389ef94c1846aeac4b72633bsf
7dbf29be626018bc389ef94c1846aeac4b72633bsfstatic const command_rec cmds[] =
7dbf29be626018bc389ef94c1846aeac4b72633bsf{
7dbf29be626018bc389ef94c1846aeac4b72633bsf    AP_INIT_ITERATE("AllowCONNECT", set_allowed_ports, NULL, RSRC_CONF,
783874b86bfe13d7a4fe0922f344a3779cdccea3covener     "A list of ports or port ranges which CONNECT may connect to"),
7dbf29be626018bc389ef94c1846aeac4b72633bsf    {NULL}
307219eca940aa30b873bfd68a44484dd3d3fa88covener};
307219eca940aa30b873bfd68a44484dd3d3fa88covener
307219eca940aa30b873bfd68a44484dd3d3fa88covenerAP_DECLARE_MODULE(proxy_connect) = {
7dbf29be626018bc389ef94c1846aeac4b72633bsf    STANDARD20_MODULE_STUFF,
7dbf29be626018bc389ef94c1846aeac4b72633bsf    NULL,       /* create per-directory config structure */
7dbf29be626018bc389ef94c1846aeac4b72633bsf    NULL,       /* merge per-directory config structures */
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    create_config,       /* create per-server config structure */
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    merge_config,       /* merge per-server config structures */
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    cmds,       /* command apr_table_t */
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes    ap_proxy_connect_register_hook  /* register hooks */
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes};
d330a801b1e5d63a4b8b4fd431542ad0903fd71bbnicholes