proxy_connect.c revision 7708bd70088b64148d7d78fd84ede43ced63c713
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
*
* Portions of this software are based upon public domain software
* originally written at the National Center for Supercomputing Applications,
* University of Illinois, Urbana-Champaign.
*/
/* CONNECT method for Apache proxy */
#define CORE_PRIVATE
#include "mod_proxy.h"
#if 0
#ifdef HAVE_BSTRING_H
#include <bstring.h> /* for IRIX, FD_SET calls bzero() */
#endif
#endif
/*
* This handles Netscape CONNECT method secure proxy requests.
* A connection is opened to the specified host and data is
* passed through between the WWW site and the browser.
*
* This code is based on the INTERNET-DRAFT document
* "Tunneling SSL Through a WWW Proxy" currently at
*
* If proxyhost and proxyport are set, we send a CONNECT to
* the specified proxy..
*
* FIXME: this doesn't log the number of bytes sent, but
* that may be okay, since the data is supposed to
* be transparent. In fact, this doesn't log at all
* yet. 8^)
* FIXME: doesn't check any headers initally sent from the
* client.
* FIXME: should allow authentication, but hopefully the
* generic proxy authentication is good enough.
* FIXME: no check for r->assbackwards, whatever that is.
*/
static int
{
int i;
return 1;
}
return 0;
}
/* a NULL filter for the connect tunnel */
{
return APR_SUCCESS;
}
{
apr_pool_t *p = r->pool;
char buffer[HUGE_STRING_LEN];
#if 0
#endif
const char *connectname;
int connectport = 0;
/*
* Step One: Determine Who To Connect To
*
* Break up the URL to determine the host to connect to
*/
/* we break the URL into host, port, uri */
return ap_proxyerror(r, HTTP_BAD_REQUEST,
}
/* do a DNS lookup for the destination host */
/* are we connecting directly, or via a proxy? */
if (proxyname) {
}
else {
}
/* check if ProxyBlock directive on this host */
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
/* Check if it is an allowed port */
/* Default setting if not overridden by AllowCONNECT */
case DEFAULT_HTTPS_PORT:
case DEFAULT_SNEWS_PORT:
break;
default:
return HTTP_FORBIDDEN;
}
return HTTP_FORBIDDEN;
/*
* Step Two: Make the Connection
*
* We have determined who to connect to. Now make the connection.
*/
/* get all the possible IP addresses for the destname and loop through them
* until we get a successful connection
*/
if (APR_SUCCESS != err) {
"DNS lookup failure for: ",
connectname, NULL));
}
/* create a new socket */
"proxy: error creating socket");
return HTTP_INTERNAL_SERVER_ERROR;
}
/*
* At this point we have a list of one or more IP addresses of
* the machine to connect to. If configured, reorder this
* list so that the "best candidate" is first try. "best
* candidate" could mean the least loaded server, the fastest
* responding server, whatever.
*
* For now we do nothing, ie we get DNS round robin.
* XXX FIXME
*/
/* try each IP address until we connect successfully */
{
int failed = 1;
while (connect_addr) {
/* make the connection out of the socket */
/* if an error occurred, loop round and try again */
if (err != APR_SUCCESS) {
continue;
}
/* if we get here, all is well */
failed = 0;
break;
}
/* handle a permanent error from the above loop */
if (failed) {
if (proxyname) {
return DECLINED;
}
else {
return HTTP_BAD_GATEWAY;
}
}
}
/*
* Step Three: Send the Request
*
* Send the HTTP/1.1 CONNECT request to the remote server
*/
/* we are acting as a tunnel - the output filter stack should
* be completely empty, because when we are done here we are done completely.
* We add the NULL filter to the stack to do this...
*/
r->output_filters = NULL;
/* If we are connecting through a remote proxy, we need to pass
* the CONNECT request on to it.
*/
if (proxyport) {
/* FIXME: Error checking ignored.
*/
"proxy: CONNECT: sending the CONNECT request to the remote proxy");
}
else {
"proxy: CONNECT: Returning 200 OK Status");
"HTTP/1.0 200 Connection Established" CRLF);
}
"proxy: CONNECT: setting up poll()");
/*
* Step Four: Handle Data Transfer
*
* Handle two way transfer of data over the socket (this is a tunnel).
*/
/* r->sent_bodyct = 1;*/
{
"proxy: CONNECT: error apr_poll_setup()");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* Add client side to the poll */
#if 0
/* FIXME !!!! SDM !!! If someone can figure out how to turn a conn_rec into a ap_sock_t or something
this code might work. However if we must we can change r->connection->client to non-blocking and
just see if a recv gives us anything and do the same to sock (server) side, I'll leave this as TBD so
one can decide the best path to take
*/
r->pool) != APR_SUCCESS)
{
"proxy: CONNECT: error creating client apr_socket_t");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* apr_poll_socket_add(pollfd, client_sock, APR_POLLIN);*/
#endif
/* Add the server side to the poll */
while (1) { /* Infinite loop until error (one side closes the connection) */
/* ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, "proxy: CONNECT: going to sleep (poll)");*/
{
return HTTP_INTERNAL_SERVER_ERROR;
}
/* ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
"proxy: CONNECT: woke from select(), i=%d", pollcnt);*/
if (pollcnt) {
if (pollevent & APR_POLLIN) {
/* ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
"proxy: CONNECT: sock was set");*/
int o = 0;
while(nbytes)
{
i = nbytes;
break;
o += i;
nbytes -= i;
}
}
else
break;
}
break;
if (pollevent & APR_POLLIN) {
/* ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
"proxy: CONNECT: client was set");*/
int o = 0;
while(nbytes)
{
i = nbytes;
break;
o += i;
nbytes -= i;
}
}
else
break;
}
break;
}
else
break;
}
"proxy: CONNECT: finished with poll() - cleaning up");
/*
* Step Five: Clean Up
*
* Close the socket and clean up
*/
return OK;
}