proxy_util.c revision a652b68dea502131f70084ead7981d5fc754cd34
2d2eda71267231c2526be701fe655db125852c1ffielding/* Licensed to the Apache Software Foundation (ASF) under one or more
f062ed7bd262a37a909dd77ce5fc23b446818823fielding * contributor license agreements. See the NOTICE file distributed with
f062ed7bd262a37a909dd77ce5fc23b446818823fielding * this work for additional information regarding copyright ownership.
bc8fd1b0b1afdf89b8d28eefa8cd74e26ba97986fielding * The ASF licenses this file to You under the Apache License, Version 2.0
f062ed7bd262a37a909dd77ce5fc23b446818823fielding * (the "License"); you may not use this file except in compliance with
2d2eda71267231c2526be701fe655db125852c1ffielding * the License. You may obtain a copy of the License at
2d2eda71267231c2526be701fe655db125852c1ffielding *
2d2eda71267231c2526be701fe655db125852c1ffielding * http://www.apache.org/licenses/LICENSE-2.0
2d2eda71267231c2526be701fe655db125852c1ffielding *
2d2eda71267231c2526be701fe655db125852c1ffielding * Unless required by applicable law or agreed to in writing, software
2d2eda71267231c2526be701fe655db125852c1ffielding * distributed under the License is distributed on an "AS IS" BASIS,
2d2eda71267231c2526be701fe655db125852c1ffielding * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2d2eda71267231c2526be701fe655db125852c1ffielding * See the License for the specific language governing permissions and
2d2eda71267231c2526be701fe655db125852c1ffielding * limitations under the License.
2d2eda71267231c2526be701fe655db125852c1ffielding */
2d2eda71267231c2526be701fe655db125852c1ffielding
2d2eda71267231c2526be701fe655db125852c1ffielding/* Utility routines for Apache proxy */
2d2eda71267231c2526be701fe655db125852c1ffielding#include "mod_proxy.h"
f062ed7bd262a37a909dd77ce5fc23b446818823fielding#include "ap_mpm.h"
f062ed7bd262a37a909dd77ce5fc23b446818823fielding#include "scoreboard.h"
f062ed7bd262a37a909dd77ce5fc23b446818823fielding#include "apr_version.h"
f062ed7bd262a37a909dd77ce5fc23b446818823fielding#include "apr_hash.h"
f062ed7bd262a37a909dd77ce5fc23b446818823fielding
f062ed7bd262a37a909dd77ce5fc23b446818823fielding#if APR_HAVE_UNISTD_H
2d2eda71267231c2526be701fe655db125852c1ffielding#include <unistd.h> /* for getpid() */
f062ed7bd262a37a909dd77ce5fc23b446818823fielding#endif
f062ed7bd262a37a909dd77ce5fc23b446818823fielding
f062ed7bd262a37a909dd77ce5fc23b446818823fielding#if (APR_MAJOR_VERSION < 1)
f062ed7bd262a37a909dd77ce5fc23b446818823fielding#undef apr_socket_create
2d2eda71267231c2526be701fe655db125852c1ffielding#define apr_socket_create apr_socket_create_ex
f062ed7bd262a37a909dd77ce5fc23b446818823fielding#endif
f062ed7bd262a37a909dd77ce5fc23b446818823fielding
64185f9824e42f21ca7b9ae6c004484215c031a7rbbAPLOG_USE_MODULE(proxy);
2d2eda71267231c2526be701fe655db125852c1ffielding
f062ed7bd262a37a909dd77ce5fc23b446818823fielding/*
f062ed7bd262a37a909dd77ce5fc23b446818823fielding * Opaque structure containing target server info when
f062ed7bd262a37a909dd77ce5fc23b446818823fielding * using a forward proxy.
f062ed7bd262a37a909dd77ce5fc23b446818823fielding * Up to now only used in combination with HTTP CONNECT.
2d2eda71267231c2526be701fe655db125852c1ffielding */
f062ed7bd262a37a909dd77ce5fc23b446818823fieldingtypedef struct {
f062ed7bd262a37a909dd77ce5fc23b446818823fielding int use_http_connect; /* Use SSL Tunneling via HTTP CONNECT */
f062ed7bd262a37a909dd77ce5fc23b446818823fielding const char *target_host; /* Target hostname */
f062ed7bd262a37a909dd77ce5fc23b446818823fielding apr_port_t target_port; /* Target port */
f062ed7bd262a37a909dd77ce5fc23b446818823fielding const char *proxy_auth; /* Proxy authorization */
f062ed7bd262a37a909dd77ce5fc23b446818823fielding} forward_info;
f062ed7bd262a37a909dd77ce5fc23b446818823fielding
2d2eda71267231c2526be701fe655db125852c1ffielding/* Global balancer counter */
2d2eda71267231c2526be701fe655db125852c1ffieldingint PROXY_DECLARE_DATA proxy_lb_workers = 0;
2d2eda71267231c2526be701fe655db125852c1ffieldingstatic int lb_workers_limit = 0;
f062ed7bd262a37a909dd77ce5fc23b446818823fielding
f062ed7bd262a37a909dd77ce5fc23b446818823fieldingstatic int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r);
f062ed7bd262a37a909dd77ce5fc23b446818823fieldingstatic int proxy_match_domainname(struct dirconn_entry *This, request_rec *r);
2d2eda71267231c2526be701fe655db125852c1ffieldingstatic int proxy_match_hostname(struct dirconn_entry *This, request_rec *r);
f062ed7bd262a37a909dd77ce5fc23b446818823fieldingstatic int proxy_match_word(struct dirconn_entry *This, request_rec *r);
f062ed7bd262a37a909dd77ce5fc23b446818823fielding
f062ed7bd262a37a909dd77ce5fc23b446818823fieldingAPR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(proxy, PROXY, int, create_req,
2d2eda71267231c2526be701fe655db125852c1ffielding (request_rec *r, request_rec *pr), (r, pr),
2d2eda71267231c2526be701fe655db125852c1ffielding OK, DECLINED)
2d2eda71267231c2526be701fe655db125852c1ffielding
2d2eda71267231c2526be701fe655db125852c1ffielding/* already called in the knowledge that the characters are hex digits */
2d2eda71267231c2526be701fe655db125852c1ffieldingPROXY_DECLARE(int) ap_proxy_hex2c(const char *x)
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb{
b980ad7fdc218b4855cde9f75a747527f50c554dwrowe int i;
ab5581cc78e9d865b0a6ab1404c53347b3276968rbb
92f3af936ce61f25358a3ee4f28df2f6d62040dfdreid#if !APR_CHARSET_EBCDIC
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb int ch = x[0];
c9a95767fbf0f5fb0976a06b97a256033925e433rbb
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding if (apr_isdigit(ch)) {
2d2eda71267231c2526be701fe655db125852c1ffielding i = ch - '0';
2d2eda71267231c2526be701fe655db125852c1ffielding }
2d2eda71267231c2526be701fe655db125852c1ffielding else if (apr_isupper(ch)) {
2d2eda71267231c2526be701fe655db125852c1ffielding i = ch - ('A' - 10);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb i = ch - ('a' - 10);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
fd492f9543f14fb5bae78e04b135c3448eb9cc56rbb i <<= 4;
fd492f9543f14fb5bae78e04b135c3448eb9cc56rbb
fd492f9543f14fb5bae78e04b135c3448eb9cc56rbb ch = x[1];
fd492f9543f14fb5bae78e04b135c3448eb9cc56rbb if (apr_isdigit(ch)) {
fd492f9543f14fb5bae78e04b135c3448eb9cc56rbb i += ch - '0';
2d2eda71267231c2526be701fe655db125852c1ffielding }
2d2eda71267231c2526be701fe655db125852c1ffielding else if (apr_isupper(ch)) {
2d2eda71267231c2526be701fe655db125852c1ffielding i += ch - ('A' - 10);
2d2eda71267231c2526be701fe655db125852c1ffielding }
2d2eda71267231c2526be701fe655db125852c1ffielding else {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb i += ch - ('a' - 10);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return i;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb#else /*APR_CHARSET_EBCDIC*/
61fd0cab072a05b855cbef9c585702401ac5ae29rbb /*
2d2eda71267231c2526be701fe655db125852c1ffielding * we assume that the hex value refers to an ASCII character
2d2eda71267231c2526be701fe655db125852c1ffielding * so convert to EBCDIC so that it makes sense locally;
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz *
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz * example:
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz *
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz * client specifies %20 in URL to refer to a space char;
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz * at this point we're called with EBCDIC "20"; after turning
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz * EBCDIC "20" into binary 0x20, we then need to assume that 0x20
bfb62a96023822c56c9120e4ee627d4091cc59c2rbb * represents an ASCII char and convert 0x20 to EBCDIC, yielding
bfb62a96023822c56c9120e4ee627d4091cc59c2rbb * 0x40
61fd0cab072a05b855cbef9c585702401ac5ae29rbb */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb char buf[1];
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (1 == sscanf(x, "%2x", &i)) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb buf[0] = i & 0xFF;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb ap_xlate_proto_from_ascii(buf, 1);
3d96ee83babeec32482c9082c9426340cee8c44dwrowe return buf[0];
2d2eda71267231c2526be701fe655db125852c1ffielding }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return 0;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb#endif /*APR_CHARSET_EBCDIC*/
61fd0cab072a05b855cbef9c585702401ac5ae29rbb}
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbbPROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x)
61fd0cab072a05b855cbef9c585702401ac5ae29rbb{
61fd0cab072a05b855cbef9c585702401ac5ae29rbb#if !APR_CHARSET_EBCDIC
2d2eda71267231c2526be701fe655db125852c1ffielding int i;
3d96ee83babeec32482c9082c9426340cee8c44dwrowe
2d2eda71267231c2526be701fe655db125852c1ffielding x[0] = '%';
2d2eda71267231c2526be701fe655db125852c1ffielding i = (ch & 0xF0) >> 4;
2d2eda71267231c2526be701fe655db125852c1ffielding if (i >= 10) {
2d2eda71267231c2526be701fe655db125852c1ffielding x[1] = ('A' - 10) + i;
000b67449410515eac43e76ef6667915bfd4d2abgstein }
2d2eda71267231c2526be701fe655db125852c1ffielding else {
2d2eda71267231c2526be701fe655db125852c1ffielding x[1] = '0' + i;
2d2eda71267231c2526be701fe655db125852c1ffielding }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb i = ch & 0x0F;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (i >= 10) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb x[2] = ('A' - 10) + i;
7bdef86e15d47d16dcbe7a5611683191774bd5fbgstein }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else {
7bdef86e15d47d16dcbe7a5611683191774bd5fbgstein x[2] = '0' + i;
7bdef86e15d47d16dcbe7a5611683191774bd5fbgstein }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb#else /*APR_CHARSET_EBCDIC*/
61fd0cab072a05b855cbef9c585702401ac5ae29rbb static const char ntoa[] = { "0123456789ABCDEF" };
61fd0cab072a05b855cbef9c585702401ac5ae29rbb char buf[1];
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb ch &= 0xFF;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
3d96ee83babeec32482c9082c9426340cee8c44dwrowe buf[0] = ch;
7bdef86e15d47d16dcbe7a5611683191774bd5fbgstein ap_xlate_proto_to_ascii(buf, 1);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb x[0] = '%';
61fd0cab072a05b855cbef9c585702401ac5ae29rbb x[1] = ntoa[(buf[0] >> 4) & 0x0F];
61fd0cab072a05b855cbef9c585702401ac5ae29rbb x[2] = ntoa[buf[0] & 0x0F];
61fd0cab072a05b855cbef9c585702401ac5ae29rbb x[3] = '\0';
61fd0cab072a05b855cbef9c585702401ac5ae29rbb#endif /*APR_CHARSET_EBCDIC*/
61fd0cab072a05b855cbef9c585702401ac5ae29rbb}
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
3d96ee83babeec32482c9082c9426340cee8c44dwrowe/*
7bdef86e15d47d16dcbe7a5611683191774bd5fbgstein * canonicalise a URL-encoded string
c9a95767fbf0f5fb0976a06b97a256033925e433rbb */
c9a95767fbf0f5fb0976a06b97a256033925e433rbb
c9a95767fbf0f5fb0976a06b97a256033925e433rbb/*
c9a95767fbf0f5fb0976a06b97a256033925e433rbb * Convert a URL-encoded string to canonical form.
c9a95767fbf0f5fb0976a06b97a256033925e433rbb * It decodes characters which need not be encoded,
c9a95767fbf0f5fb0976a06b97a256033925e433rbb * and encodes those which must be encoded, and does not touch
c9a95767fbf0f5fb0976a06b97a256033925e433rbb * those which must not be touched.
c9a95767fbf0f5fb0976a06b97a256033925e433rbb */
c9a95767fbf0f5fb0976a06b97a256033925e433rbbPROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
c9a95767fbf0f5fb0976a06b97a256033925e433rbb enum enctype t, int forcedec,
c9a95767fbf0f5fb0976a06b97a256033925e433rbb int proxyreq)
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp{
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp int i, j, ch;
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp char *y;
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp char *allowed; /* characters which should not be encoded */
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp char *reserved; /* characters which much not be en/de-coded */
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp/*
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp * N.B. in addition to :@&=, this allows ';' in an http path
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp * and '?' in an ftp path -- this may be revised
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp *
d82d78a97558238d16c52ec5278fe921bb7d7ec3brianp * Also, it makes a '+' character in a search string reserved, as
c9a95767fbf0f5fb0976a06b97a256033925e433rbb * it may be form-encoded. (Although RFC 1738 doesn't allow this -
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * it only permits ; / ? : @ = & as reserved chars.)
61fd0cab072a05b855cbef9c585702401ac5ae29rbb */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (t == enc_path) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb allowed = "~$-_.+!*'(),;:@&=";
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else if (t == enc_search) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb allowed = "$-_.!*'(),;:@&=";
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else if (t == enc_user) {
3d96ee83babeec32482c9082c9426340cee8c44dwrowe allowed = "$-_.+!*'(),;@&=";
7bdef86e15d47d16dcbe7a5611683191774bd5fbgstein }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else if (t == enc_fpath) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb allowed = "$-_.+!*'(),?:@&=";
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else { /* if (t == enc_parm) */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb allowed = "$-_.+!*'(),?/:@&=";
3d96ee83babeec32482c9082c9426340cee8c44dwrowe }
7bdef86e15d47d16dcbe7a5611683191774bd5fbgstein
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (t == enc_path) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb reserved = "/";
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else if (t == enc_search) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb reserved = "+";
3d96ee83babeec32482c9082c9426340cee8c44dwrowe }
7bdef86e15d47d16dcbe7a5611683191774bd5fbgstein else {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb reserved = "";
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb y = apr_palloc(p, 3 * len + 1);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb for (i = 0, j = 0; i < len; i++, j++) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb/* always handle '/' first */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb ch = x[i];
3d96ee83babeec32482c9082c9426340cee8c44dwrowe if (strchr(reserved, ch)) {
2d2eda71267231c2526be701fe655db125852c1ffielding y[j] = ch;
2d2eda71267231c2526be701fe655db125852c1ffielding continue;
2d2eda71267231c2526be701fe655db125852c1ffielding }
2d2eda71267231c2526be701fe655db125852c1ffielding/*
2d2eda71267231c2526be701fe655db125852c1ffielding * decode it if not already done. do not decode reverse proxied URLs
2d2eda71267231c2526be701fe655db125852c1ffielding * unless specifically forced
2d2eda71267231c2526be701fe655db125852c1ffielding */
2d2eda71267231c2526be701fe655db125852c1ffielding if ((forcedec || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
2d2eda71267231c2526be701fe655db125852c1ffielding if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2])) {
2d2eda71267231c2526be701fe655db125852c1ffielding return NULL;
2d2eda71267231c2526be701fe655db125852c1ffielding }
2d2eda71267231c2526be701fe655db125852c1ffielding ch = ap_proxy_hex2c(&x[i + 1]);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb i += 2;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (ch != 0 && strchr(reserved, ch)) { /* keep it encoded */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb ap_proxy_c2hex(ch, &y[j]);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb j += 2;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb continue;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb/* recode it, if necessary */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (!apr_isalnum(ch) && !strchr(allowed, ch)) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb ap_proxy_c2hex(ch, &y[j]);
3d96ee83babeec32482c9082c9426340cee8c44dwrowe j += 2;
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm }
7bdef86e15d47d16dcbe7a5611683191774bd5fbgstein else {
23ff73a56371e21f16744cb94d06399b877829f1rbb y[j] = ch;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb y[j] = '\0';
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return y;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb}
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb/*
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * Parses network-location.
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * urlp on input the URL; on output the path, after the leading /
3d96ee83babeec32482c9082c9426340cee8c44dwrowe * user NULL if no user/password permitted
2d2eda71267231c2526be701fe655db125852c1ffielding * password holder for password
23ff73a56371e21f16744cb94d06399b877829f1rbb * host holder for host
2d2eda71267231c2526be701fe655db125852c1ffielding * port port number; only set if one is supplied.
62db15de4c1f335a64d45821796ae197cff94ef8rbb *
62db15de4c1f335a64d45821796ae197cff94ef8rbb * Returns an error string.
62db15de4c1f335a64d45821796ae197cff94ef8rbb */
62db15de4c1f335a64d45821796ae197cff94ef8rbbPROXY_DECLARE(char *)
62db15de4c1f335a64d45821796ae197cff94ef8rbb ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp,
62db15de4c1f335a64d45821796ae197cff94ef8rbb char **passwordp, char **hostp, apr_port_t *port)
62db15de4c1f335a64d45821796ae197cff94ef8rbb{
62db15de4c1f335a64d45821796ae197cff94ef8rbb char *addr, *scope_id, *strp, *host, *url = *urlp;
62db15de4c1f335a64d45821796ae197cff94ef8rbb char *user = NULL, *password = NULL;
48d2edbfb84e5559b5da0f8d614ccab805cc67a8rbb apr_port_t tmp_port;
62db15de4c1f335a64d45821796ae197cff94ef8rbb apr_status_t rv;
62db15de4c1f335a64d45821796ae197cff94ef8rbb
62db15de4c1f335a64d45821796ae197cff94ef8rbb if (url[0] != '/' || url[1] != '/') {
62db15de4c1f335a64d45821796ae197cff94ef8rbb return "Malformed URL";
62db15de4c1f335a64d45821796ae197cff94ef8rbb }
62db15de4c1f335a64d45821796ae197cff94ef8rbb host = url + 2;
62db15de4c1f335a64d45821796ae197cff94ef8rbb url = strchr(host, '/');
62db15de4c1f335a64d45821796ae197cff94ef8rbb if (url == NULL) {
62db15de4c1f335a64d45821796ae197cff94ef8rbb url = "";
62db15de4c1f335a64d45821796ae197cff94ef8rbb }
62db15de4c1f335a64d45821796ae197cff94ef8rbb else {
62db15de4c1f335a64d45821796ae197cff94ef8rbb *(url++) = '\0'; /* skip seperating '/' */
48d2edbfb84e5559b5da0f8d614ccab805cc67a8rbb }
48d2edbfb84e5559b5da0f8d614ccab805cc67a8rbb
62db15de4c1f335a64d45821796ae197cff94ef8rbb /* find _last_ '@' since it might occur in user/password part */
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar strp = strrchr(host, '@');
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar if (strp != NULL) {
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar *strp = '\0';
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar user = host;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar host = strp + 1;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar/* find password */
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar strp = strchr(user, ':');
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar if (strp != NULL) {
3d96ee83babeec32482c9082c9426340cee8c44dwrowe *strp = '\0';
3d96ee83babeec32482c9082c9426340cee8c44dwrowe password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, 1, 0);
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar if (password == NULL) {
3d96ee83babeec32482c9082c9426340cee8c44dwrowe return "Bad %-escape in URL (password)";
a19698aebe10b9d41574e4a73794ba7d4cecd78btrawick }
a19698aebe10b9d41574e4a73794ba7d4cecd78btrawick }
a19698aebe10b9d41574e4a73794ba7d4cecd78btrawick
3d96ee83babeec32482c9082c9426340cee8c44dwrowe user = ap_proxy_canonenc(p, user, strlen(user), enc_user, 1, 0);
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar if (user == NULL) {
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar return "Bad %-escape in URL (username)";
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar }
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar }
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar if (userp != NULL) {
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar *userp = user;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar }
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar if (passwordp != NULL) {
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar *passwordp = password;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar }
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar /*
3d96ee83babeec32482c9082c9426340cee8c44dwrowe * Parse the host string to separate host portion from optional port.
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar * Perform range checking on port.
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar */
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar rv = apr_parse_addr_port(&addr, &scope_id, &tmp_port, host, p);
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar if (rv != APR_SUCCESS || addr == NULL || scope_id != NULL) {
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar return "Invalid host/port";
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar }
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar if (tmp_port != 0) { /* only update caller's port if port was specified */
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar *port = tmp_port;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar }
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar
3d96ee83babeec32482c9082c9426340cee8c44dwrowe ap_str_tolower(addr); /* DNS names are case-insensitive */
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar *urlp = url;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar *hostp = addr;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar return NULL;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar}
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar/*
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar * If the date is a valid RFC 850 date or asctime() date, then it
3d96ee83babeec32482c9082c9426340cee8c44dwrowe * is converted to the RFC 1123 format.
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar */
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coarPROXY_DECLARE(const char *)
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar ap_proxy_date_canon(apr_pool_t *p, const char *date)
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar{
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar apr_status_t rv;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar char* ndate;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar apr_time_t time = apr_date_parse_http(date);
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar if (!time) {
3d96ee83babeec32482c9082c9426340cee8c44dwrowe return date;
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar }
2864362ca8266097928e84f101010bdf814ffa08stoddard
db08da9ddcd65c31f9ea44b823898b72a1b24fbestoddard ndate = apr_palloc(p, APR_RFC822_DATE_LEN);
db08da9ddcd65c31f9ea44b823898b72a1b24fbestoddard rv = apr_rfc822_date(ndate, time);
db08da9ddcd65c31f9ea44b823898b72a1b24fbestoddard if (rv != APR_SUCCESS) {
db08da9ddcd65c31f9ea44b823898b72a1b24fbestoddard return date;
db08da9ddcd65c31f9ea44b823898b72a1b24fbestoddard }
db08da9ddcd65c31f9ea44b823898b72a1b24fbestoddard
db08da9ddcd65c31f9ea44b823898b72a1b24fbestoddard return ndate;
2864362ca8266097928e84f101010bdf814ffa08stoddard}
db08da9ddcd65c31f9ea44b823898b72a1b24fbestoddard
2864362ca8266097928e84f101010bdf814ffa08stoddardPROXY_DECLARE(request_rec *)ap_proxy_make_fake_req(conn_rec *c, request_rec *r)
2d2eda71267231c2526be701fe655db125852c1ffielding{
2d2eda71267231c2526be701fe655db125852c1ffielding apr_pool_t *pool;
2d2eda71267231c2526be701fe655db125852c1ffielding request_rec *rp;
2d2eda71267231c2526be701fe655db125852c1ffielding
61fd0cab072a05b855cbef9c585702401ac5ae29rbb apr_pool_create(&pool, c->pool);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp = apr_pcalloc(pool, sizeof(*r));
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->pool = pool;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->status = HTTP_OK;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
3d96ee83babeec32482c9082c9426340cee8c44dwrowe rp->headers_in = apr_table_make(pool, 50);
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein rp->subprocess_env = apr_table_make(pool, 50);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->headers_out = apr_table_make(pool, 12);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->err_headers_out = apr_table_make(pool, 5);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->notes = apr_table_make(pool, 5);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->server = r->server;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->proxyreq = r->proxyreq;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->request_time = r->request_time;
3d96ee83babeec32482c9082c9426340cee8c44dwrowe rp->connection = c;
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein rp->output_filters = c->output_filters;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->input_filters = c->input_filters;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->proto_output_filters = c->output_filters;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->proto_input_filters = c->input_filters;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb rp->request_config = ap_create_request_config(pool);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb proxy_run_create_req(r, rp);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return rp;
3d96ee83babeec32482c9082c9426340cee8c44dwrowe}
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb/*
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * list is a comma-separated list of case-insensitive tokens, with
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * optional whitespace around the tokens.
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * The return returns 1 if the token val is found in the list, or 0
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * otherwise.
61fd0cab072a05b855cbef9c585702401ac5ae29rbb */
3d96ee83babeec32482c9082c9426340cee8c44dwrowePROXY_DECLARE(int) ap_proxy_liststr(const char *list, const char *val)
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein{
61fd0cab072a05b855cbef9c585702401ac5ae29rbb int len, i;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb const char *p;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb len = strlen(val);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb while (list != NULL) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb p = ap_strchr_c(list, ',');
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (p != NULL) {
3d96ee83babeec32482c9082c9426340cee8c44dwrowe i = p - list;
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein do {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb p++;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb } while (apr_isspace(*p));
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb i = strlen(list);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb while (i > 0 && apr_isspace(list[i - 1])) {
3d96ee83babeec32482c9082c9426340cee8c44dwrowe i--;
2d2eda71267231c2526be701fe655db125852c1ffielding }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (i == len && strncasecmp(list, val, len) == 0) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return 1;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb list = p;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return 0;
3d96ee83babeec32482c9082c9426340cee8c44dwrowe}
2d2eda71267231c2526be701fe655db125852c1ffielding
61fd0cab072a05b855cbef9c585702401ac5ae29rbb/*
2d2eda71267231c2526be701fe655db125852c1ffielding * list is a comma-separated list of case-insensitive tokens, with
2d2eda71267231c2526be701fe655db125852c1ffielding * optional whitespace around the tokens.
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * if val appears on the list of tokens, it is removed from the list,
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * and the new list is returned.
61fd0cab072a05b855cbef9c585702401ac5ae29rbb */
2d2eda71267231c2526be701fe655db125852c1ffieldingPROXY_DECLARE(char *)ap_proxy_removestr(apr_pool_t *pool, const char *list, const char *val)
3d96ee83babeec32482c9082c9426340cee8c44dwrowe{
2d2eda71267231c2526be701fe655db125852c1ffielding int len, i;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb const char *p;
d839a9822ee53ce00da24c15f2d9fe054233d342gstein char *new = NULL;
d839a9822ee53ce00da24c15f2d9fe054233d342gstein
d839a9822ee53ce00da24c15f2d9fe054233d342gstein len = strlen(val);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb while (list != NULL) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb p = ap_strchr_c(list, ',');
d839a9822ee53ce00da24c15f2d9fe054233d342gstein if (p != NULL) {
3d96ee83babeec32482c9082c9426340cee8c44dwrowe i = p - list;
d839a9822ee53ce00da24c15f2d9fe054233d342gstein do {
2d2eda71267231c2526be701fe655db125852c1ffielding p++;
2d2eda71267231c2526be701fe655db125852c1ffielding } while (apr_isspace(*p));
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb i = strlen(list);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
346029f34d03eb20d84fc35664426d3874b00f9ewrowe
61fd0cab072a05b855cbef9c585702401ac5ae29rbb while (i > 0 && apr_isspace(list[i - 1])) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb i--;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
346029f34d03eb20d84fc35664426d3874b00f9ewrowe if (i == len && strncasecmp(list, val, len) == 0) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb /* do nothing */
eda25307d712abd132e100e2b40ae1de5497d3e2trawick }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else {
3d96ee83babeec32482c9082c9426340cee8c44dwrowe if (new) {
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein new = apr_pstrcat(pool, new, ",", apr_pstrndup(pool, list, i), NULL);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else {
face099b681c052cb1f52176a5499661c44b2982trawick new = apr_pstrndup(pool, list, i);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb list = p;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return new;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb}
3d96ee83babeec32482c9082c9426340cee8c44dwrowe
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein/*
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * Converts 8 hex digits to a time integer
61fd0cab072a05b855cbef9c585702401ac5ae29rbb */
61fd0cab072a05b855cbef9c585702401ac5ae29rbbPROXY_DECLARE(int) ap_proxy_hex2sec(const char *x)
61fd0cab072a05b855cbef9c585702401ac5ae29rbb{
61fd0cab072a05b855cbef9c585702401ac5ae29rbb int i, ch;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb unsigned int j;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb for (i = 0, j = 0; i < 8; i++) {
11a7b0dff22d26770b532c174d1cf2e7b56ec244wrowe ch = x[i];
61fd0cab072a05b855cbef9c585702401ac5ae29rbb j <<= 4;
11a7b0dff22d26770b532c174d1cf2e7b56ec244wrowe if (apr_isdigit(ch)) {
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein j |= ch - '0';
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else if (apr_isupper(ch)) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb j |= ch - ('A' - 10);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb j |= ch - ('a' - 10);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (j == 0xffffffff) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return -1; /* so that it works with 8-byte ints */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
3d96ee83babeec32482c9082c9426340cee8c44dwrowe else {
2d2eda71267231c2526be701fe655db125852c1ffielding return j;
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb}
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb/*
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * Converts a time integer to 8 hex digits
61fd0cab072a05b855cbef9c585702401ac5ae29rbb */
61fd0cab072a05b855cbef9c585702401ac5ae29rbbPROXY_DECLARE(void) ap_proxy_sec2hex(int t, char *y)
61fd0cab072a05b855cbef9c585702401ac5ae29rbb{
3d96ee83babeec32482c9082c9426340cee8c44dwrowe int i, ch;
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein unsigned int j = t;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb for (i = 7; i >= 0; i--) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb ch = j & 0xF;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb j >>= 4;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (ch >= 10) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb y[i] = ch + ('A' - 10);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
3d96ee83babeec32482c9082c9426340cee8c44dwrowe else {
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein y[i] = ch + '0';
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb y[8] = '\0';
61fd0cab072a05b855cbef9c585702401ac5ae29rbb}
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbbPROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *message)
61fd0cab072a05b855cbef9c585702401ac5ae29rbb{
3d96ee83babeec32482c9082c9426340cee8c44dwrowe apr_table_setn(r->notes, "error-notes",
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein apr_pstrcat(r->pool,
61fd0cab072a05b855cbef9c585702401ac5ae29rbb "The proxy server could not handle the request "
61fd0cab072a05b855cbef9c585702401ac5ae29rbb "<em><a href=\"", ap_escape_html(r->pool, r->uri),
61fd0cab072a05b855cbef9c585702401ac5ae29rbb "\">", ap_escape_html(r->pool, r->method),
61fd0cab072a05b855cbef9c585702401ac5ae29rbb "&nbsp;",
61fd0cab072a05b855cbef9c585702401ac5ae29rbb ap_escape_html(r->pool, r->uri), "</a></em>.<p>\n"
61fd0cab072a05b855cbef9c585702401ac5ae29rbb "Reason: <strong>",
61fd0cab072a05b855cbef9c585702401ac5ae29rbb ap_escape_html(r->pool, message),
61fd0cab072a05b855cbef9c585702401ac5ae29rbb "</strong></p>", NULL));
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb /* Allow "error-notes" string to be printed by ap_send_error_response() */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb apr_table_setn(r->notes, "verbose-error-to", apr_pstrdup(r->pool, "*"));
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb r->status_line = apr_psprintf(r->pool, "%3.3u Proxy Error", statuscode);
3d96ee83babeec32482c9082c9426340cee8c44dwrowe ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
2d2eda71267231c2526be701fe655db125852c1ffielding "proxy: %s returned by %s", message, r->uri);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return statuscode;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb}
346029f34d03eb20d84fc35664426d3874b00f9ewrowe
61fd0cab072a05b855cbef9c585702401ac5ae29rbbstatic const char *
61fd0cab072a05b855cbef9c585702401ac5ae29rbb proxy_get_host_of_request(request_rec *r)
61fd0cab072a05b855cbef9c585702401ac5ae29rbb{
346029f34d03eb20d84fc35664426d3874b00f9ewrowe char *url, *user = NULL, *password = NULL, *err, *host;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb apr_port_t port;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (r->hostname != NULL) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return r->hostname;
3d96ee83babeec32482c9082c9426340cee8c44dwrowe }
2d2eda71267231c2526be701fe655db125852c1ffielding
fd8b91502bc200ed4cca3810560a2a570522b3debrianp /* Set url to the first char after "scheme://" */
fd8b91502bc200ed4cca3810560a2a570522b3debrianp if ((url = strchr(r->uri, ':')) == NULL || url[1] != '/' || url[2] != '/') {
fd8b91502bc200ed4cca3810560a2a570522b3debrianp return NULL;
fd8b91502bc200ed4cca3810560a2a570522b3debrianp }
fd8b91502bc200ed4cca3810560a2a570522b3debrianp
fd8b91502bc200ed4cca3810560a2a570522b3debrianp url = apr_pstrdup(r->pool, &url[1]); /* make it point to "//", which is what proxy_canon_netloc expects */
fd8b91502bc200ed4cca3810560a2a570522b3debrianp
fd8b91502bc200ed4cca3810560a2a570522b3debrianp err = ap_proxy_canon_netloc(r->pool, &url, &user, &password, &host, &port);
fd8b91502bc200ed4cca3810560a2a570522b3debrianp
fd8b91502bc200ed4cca3810560a2a570522b3debrianp if (err != NULL) {
fd8b91502bc200ed4cca3810560a2a570522b3debrianp ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", err);
aa4af3da5c68fe5dbd9d2c3fd7b2fe7103daa2b7dougm }
e351a4349a3dcc2e8d9c27bcdf72414bdde0942frbb
fd8b91502bc200ed4cca3810560a2a570522b3debrianp r->hostname = host;
fd8b91502bc200ed4cca3810560a2a570522b3debrianp
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames return host; /* ought to return the port, too */
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames}
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames/* Return TRUE if addr represents an IP address (or an IP network address) */
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregamesPROXY_DECLARE(int) ap_proxy_is_ipaddr(struct dirconn_entry *This, apr_pool_t *p)
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames{
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames const char *addr = This->name;
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames long ip_addr[4];
fd8b91502bc200ed4cca3810560a2a570522b3debrianp int i, quads;
fd8b91502bc200ed4cca3810560a2a570522b3debrianp long bits;
fd8b91502bc200ed4cca3810560a2a570522b3debrianp
fd8b91502bc200ed4cca3810560a2a570522b3debrianp /*
45613d36b9466a48def0498cffa07f48980720f8jerenkrantz * if the address is given with an explicit netmask, use that
fd8b91502bc200ed4cca3810560a2a570522b3debrianp * Due to a deficiency in apr_inet_addr(), it is impossible to parse
fd8b91502bc200ed4cca3810560a2a570522b3debrianp * "partial" addresses (with less than 4 quads) correctly, i.e.
45613d36b9466a48def0498cffa07f48980720f8jerenkrantz * 192.168.123 is parsed as 192.168.0.123, which is not what I want.
45613d36b9466a48def0498cffa07f48980720f8jerenkrantz * I therefore have to parse the IP address manually:
45613d36b9466a48def0498cffa07f48980720f8jerenkrantz * if (proxy_readmask(This->name, &This->addr.s_addr, &This->mask.s_addr) == 0)
fd8b91502bc200ed4cca3810560a2a570522b3debrianp * addr and mask were set by proxy_readmask()
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames * return 1;
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames */
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames
45613d36b9466a48def0498cffa07f48980720f8jerenkrantz /*
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames * Parse IP addr manually, optionally allowing
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames * abbreviated net addresses like 192.168.
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames */
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames /* Iterate over up to 4 (dotted) quads. */
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames for (quads = 0; quads < 4 && *addr != '\0'; ++quads) {
4111de96e9f75c58e77c2bdda23be83b8ebf81ccgregames char *tmp;
5a9667916c79d8c699b069068e5570aa1c331c80gstein
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (*addr == '/' && quads > 0) { /* netmask starts here. */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb break;
2d2eda71267231c2526be701fe655db125852c1ffielding }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (!apr_isdigit(*addr)) {
2d2eda71267231c2526be701fe655db125852c1ffielding return 0; /* no digit at start of quad */
3d96ee83babeec32482c9082c9426340cee8c44dwrowe }
2d2eda71267231c2526be701fe655db125852c1ffielding
344f3bc38dfccf6261d5bb8d689794cde113b3d6coar ip_addr[quads] = strtol(addr, &tmp, 0);
344f3bc38dfccf6261d5bb8d689794cde113b3d6coar
344f3bc38dfccf6261d5bb8d689794cde113b3d6coar if (tmp == addr) { /* expected a digit, found something else */
5a9667916c79d8c699b069068e5570aa1c331c80gstein return 0;
344f3bc38dfccf6261d5bb8d689794cde113b3d6coar }
344f3bc38dfccf6261d5bb8d689794cde113b3d6coar
344f3bc38dfccf6261d5bb8d689794cde113b3d6coar if (ip_addr[quads] < 0 || ip_addr[quads] > 255) {
5a9667916c79d8c699b069068e5570aa1c331c80gstein /* invalid octet */
344f3bc38dfccf6261d5bb8d689794cde113b3d6coar return 0;
d5df46b7972c0c4a5ca0ba5068e238f6053c2e6ftrawick }
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding addr = tmp;
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding if (*addr == '.' && quads != 3) {
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding ++addr; /* after the 4th quad, a dot would be illegal */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb for (This->addr.s_addr = 0, i = 0; i < quads; ++i) {
61fd0cab072a05b855cbef9c585702401ac5ae29rbb This->addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (addr[0] == '/' && apr_isdigit(addr[1])) { /* net mask follows: */
42ce672c516baf6e4eaed18ccc1647de2d456d8edougm char *tmp;
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein
61fd0cab072a05b855cbef9c585702401ac5ae29rbb ++addr;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb bits = strtol(addr, &tmp, 0);
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (tmp == addr) { /* expected a digit, found something else */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return 0;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
42ce672c516baf6e4eaed18ccc1647de2d456d8edougm
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein addr = tmp;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb if (bits < 0 || bits > 32) { /* netmask must be between 0 and 32 */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb return 0;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
61fd0cab072a05b855cbef9c585702401ac5ae29rbb else {
42ce672c516baf6e4eaed18ccc1647de2d456d8edougm /*
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein * Determine (i.e., "guess") netmask by counting the
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * number of trailing .0's; reduce #quads appropriately
61fd0cab072a05b855cbef9c585702401ac5ae29rbb * (so that 192.168.0.0 is equivalent to 192.168.)
61fd0cab072a05b855cbef9c585702401ac5ae29rbb */
61fd0cab072a05b855cbef9c585702401ac5ae29rbb while (quads > 0 && ip_addr[quads - 1] == 0) {
dad234382d8424e1c5a30af2838e172aec9d6d1bdreid --quads;
61fd0cab072a05b855cbef9c585702401ac5ae29rbb }
42ce672c516baf6e4eaed18ccc1647de2d456d8edougm
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding /* "IP Address should be given in dotted-quad form, optionally followed by a netmask (e.g., 192.168.111.0/24)"; */
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb if (quads < 1) {
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein return 0;
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb }
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb /* every zero-byte counts as 8 zero-bits */
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb bits = 8 * quads;
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb if (bits != 32) { /* no warning for fully qualified IP address */
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb "Warning: NetMask not supplied with IP-Addr; guessing: %s/%ld",
8b7047e519340545e6807c9749576a40a76b6d3frbb inet_ntoa(This->addr), bits);
8b7047e519340545e6807c9749576a40a76b6d3frbb }
8b7047e519340545e6807c9749576a40a76b6d3frbb }
6d00a43be9ab145c89e8cc22bad59e3aa746f761jwoolley
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb This->mask.s_addr = htonl(APR_INADDR_NONE << (32 - bits));
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb
9484ae61c7cc5fa8d8d9a836efdbdb1e88d3036dwrowe if (*addr == '\0' && (This->addr.s_addr & ~This->mask.s_addr) != 0) {
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb "Warning: NetMask and IP-Addr disagree in %s/%ld",
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb inet_ntoa(This->addr), bits);
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb This->addr.s_addr &= This->mask.s_addr;
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb " Set to %s/%ld", inet_ntoa(This->addr), bits);
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb }
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb
561e5f16a2f9fb397aac4c283aaa87a752520a4ddougm if (*addr == '\0') {
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb This->matcher = proxy_match_ipaddr;
561e5f16a2f9fb397aac4c283aaa87a752520a4ddougm return 1;
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb }
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb else {
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb return (*addr == '\0'); /* okay iff we've parsed the whole string */
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb }
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb}
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley/* Return TRUE if addr represents an IP address (or an IP network address) */
2fc50921b88defeb7127985dfe4b4130175e069ejwoolleystatic int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r)
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb{
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley int i, ip_addr[4];
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb struct in_addr addr, *ip;
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley const char *host = proxy_get_host_of_request(r);
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley if (host == NULL) { /* oops! */
fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb return 0;
c9a95767fbf0f5fb0976a06b97a256033925e433rbb }
c9a95767fbf0f5fb0976a06b97a256033925e433rbb
c9a95767fbf0f5fb0976a06b97a256033925e433rbb memset(&addr, '\0', sizeof addr);
c9a95767fbf0f5fb0976a06b97a256033925e433rbb memset(ip_addr, '\0', sizeof ip_addr);
c9a95767fbf0f5fb0976a06b97a256033925e433rbb
c9a95767fbf0f5fb0976a06b97a256033925e433rbb if (4 == sscanf(host, "%d.%d.%d.%d", &ip_addr[0], &ip_addr[1], &ip_addr[2], &ip_addr[3])) {
c9a95767fbf0f5fb0976a06b97a256033925e433rbb for (addr.s_addr = 0, i = 0; i < 4; ++i) {
c9a95767fbf0f5fb0976a06b97a256033925e433rbb /* ap_proxy_is_ipaddr() already confirmed that we have
c9a95767fbf0f5fb0976a06b97a256033925e433rbb * a valid octet in ip_addr[i]
c9a95767fbf0f5fb0976a06b97a256033925e433rbb */
c9a95767fbf0f5fb0976a06b97a256033925e433rbb addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
c9a95767fbf0f5fb0976a06b97a256033925e433rbb }
c9a95767fbf0f5fb0976a06b97a256033925e433rbb
2d2eda71267231c2526be701fe655db125852c1ffielding if (This->addr.s_addr == (addr.s_addr & This->mask.s_addr)) {
2d2eda71267231c2526be701fe655db125852c1ffielding#if DEBUGGING
2d2eda71267231c2526be701fe655db125852c1ffielding ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
2d2eda71267231c2526be701fe655db125852c1ffielding "1)IP-Match: %s[%s] <-> ", host, inet_ntoa(addr));
2d2eda71267231c2526be701fe655db125852c1ffielding ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s/", inet_ntoa(This->addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s", inet_ntoa(This->mask));
#endif
return 1;
}
#if DEBUGGING
else {
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"1)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s/", inet_ntoa(This->addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s", inet_ntoa(This->mask));
}
#endif
}
else {
struct apr_sockaddr_t *reqaddr;
if (apr_sockaddr_info_get(&reqaddr, host, APR_UNSPEC, 0, 0, r->pool)
!= APR_SUCCESS) {
#if DEBUGGING
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"2)IP-NoMatch: hostname=%s msg=Host not found", host);
#endif
return 0;
}
/* Try to deal with multiple IP addr's for a host */
/* FIXME: This needs to be able to deal with IPv6 */
while (reqaddr) {
ip = (struct in_addr *) reqaddr->ipaddr_ptr;
if (This->addr.s_addr == (ip->s_addr & This->mask.s_addr)) {
#if DEBUGGING
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"3)IP-Match: %s[%s] <-> ", host, inet_ntoa(*ip));
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s/", inet_ntoa(This->addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s", inet_ntoa(This->mask));
#endif
return 1;
}
#if DEBUGGING
else {
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"3)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(*ip));
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s/", inet_ntoa(This->addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s", inet_ntoa(This->mask));
}
#endif
reqaddr = reqaddr->next;
}
}
return 0;
}
/* Return TRUE if addr represents a domain name */
PROXY_DECLARE(int) ap_proxy_is_domainname(struct dirconn_entry *This, apr_pool_t *p)
{
char *addr = This->name;
int i;
/* Domain name must start with a '.' */
if (addr[0] != '.') {
return 0;
}
/* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
for (i = 0; apr_isalnum(addr[i]) || addr[i] == '-' || addr[i] == '.'; ++i) {
continue;
}
#if 0
if (addr[i] == ':') {
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"@@@@ handle optional port in proxy_is_domainname()");
/* @@@@ handle optional port */
}
#endif
if (addr[i] != '\0') {
return 0;
}
/* Strip trailing dots */
for (i = strlen(addr) - 1; i > 0 && addr[i] == '.'; --i) {
addr[i] = '\0';
}
This->matcher = proxy_match_domainname;
return 1;
}
/* Return TRUE if host "host" is in domain "domain" */
static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r)
{
const char *host = proxy_get_host_of_request(r);
int d_len = strlen(This->name), h_len;
if (host == NULL) { /* some error was logged already */
return 0;
}
h_len = strlen(host);
/* @@@ do this within the setup? */
/* Ignore trailing dots in domain comparison: */
while (d_len > 0 && This->name[d_len - 1] == '.') {
--d_len;
}
while (h_len > 0 && host[h_len - 1] == '.') {
--h_len;
}
return h_len > d_len
&& strncasecmp(&host[h_len - d_len], This->name, d_len) == 0;
}
/* Return TRUE if host represents a host name */
PROXY_DECLARE(int) ap_proxy_is_hostname(struct dirconn_entry *This, apr_pool_t *p)
{
struct apr_sockaddr_t *addr;
char *host = This->name;
int i;
/* Host names must not start with a '.' */
if (host[0] == '.') {
return 0;
}
/* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
for (i = 0; apr_isalnum(host[i]) || host[i] == '-' || host[i] == '.'; ++i);
if (host[i] != '\0' || apr_sockaddr_info_get(&addr, host, APR_UNSPEC, 0, 0, p) != APR_SUCCESS) {
return 0;
}
This->hostaddr = addr;
/* Strip trailing dots */
for (i = strlen(host) - 1; i > 0 && host[i] == '.'; --i) {
host[i] = '\0';
}
This->matcher = proxy_match_hostname;
return 1;
}
/* Return TRUE if host "host" is equal to host2 "host2" */
static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r)
{
char *host = This->name;
const char *host2 = proxy_get_host_of_request(r);
int h2_len;
int h1_len;
if (host == NULL || host2 == NULL) {
return 0; /* oops! */
}
h2_len = strlen(host2);
h1_len = strlen(host);
#if 0
struct apr_sockaddr_t *addr = *This->hostaddr;
/* Try to deal with multiple IP addr's for a host */
while (addr) {
if (addr->ipaddr_ptr == ? ? ? ? ? ? ? ? ? ? ? ? ?)
return 1;
addr = addr->next;
}
#endif
/* Ignore trailing dots in host2 comparison: */
while (h2_len > 0 && host2[h2_len - 1] == '.') {
--h2_len;
}
while (h1_len > 0 && host[h1_len - 1] == '.') {
--h1_len;
}
return h1_len == h2_len
&& strncasecmp(host, host2, h1_len) == 0;
}
/* Return TRUE if addr is to be matched as a word */
PROXY_DECLARE(int) ap_proxy_is_word(struct dirconn_entry *This, apr_pool_t *p)
{
This->matcher = proxy_match_word;
return 1;
}
/* Return TRUE if string "str2" occurs literally in "str1" */
static int proxy_match_word(struct dirconn_entry *This, request_rec *r)
{
const char *host = proxy_get_host_of_request(r);
return host != NULL && ap_strstr_c(host, This->name) != NULL;
}
/* checks whether a host in uri_addr matches proxyblock */
PROXY_DECLARE(int) ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *conf,
apr_sockaddr_t *uri_addr)
{
int j;
apr_sockaddr_t * src_uri_addr = uri_addr;
/* XXX FIXME: conf->noproxies->elts is part of an opaque structure */
for (j = 0; j < conf->noproxies->nelts; j++) {
struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
struct apr_sockaddr_t *conf_addr = npent[j].addr;
uri_addr = src_uri_addr;
ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, r->server,
"proxy: checking remote machine [%s] against [%s]", uri_addr->hostname, npent[j].name);
if ((npent[j].name && ap_strstr_c(uri_addr->hostname, npent[j].name))
|| npent[j].name[0] == '*') {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
"proxy: connect to remote machine %s blocked: name %s matched", uri_addr->hostname, npent[j].name);
return HTTP_FORBIDDEN;
}
while (conf_addr) {
uri_addr = src_uri_addr;
while (uri_addr) {
char *conf_ip;
char *uri_ip;
apr_sockaddr_ip_get(&conf_ip, conf_addr);
apr_sockaddr_ip_get(&uri_ip, uri_addr);
ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, r->server,
"proxy: ProxyBlock comparing %s and %s", conf_ip, uri_ip);
if (!apr_strnatcasecmp(conf_ip, uri_ip)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
"proxy: connect to remote machine %s blocked: IP %s matched", uri_addr->hostname, conf_ip);
return HTTP_FORBIDDEN;
}
uri_addr = uri_addr->next;
}
conf_addr = conf_addr->next;
}
}
return OK;
}
/* set up the minimal filter set */
PROXY_DECLARE(int) ap_proxy_pre_http_request(conn_rec *c, request_rec *r)
{
ap_add_input_filter("HTTP_IN", NULL, r, c);
return OK;
}
/*
* converts a series of buckets into a string
* XXX: BillS says this function performs essentially the same function as
* ap_rgetline() in protocol.c. Deprecate this function and use ap_rgetline()
* instead? I think ap_proxy_string_read() will not work properly on non ASCII
* (EBCDIC) machines either.
*/
PROXY_DECLARE(apr_status_t) ap_proxy_string_read(conn_rec *c, apr_bucket_brigade *bb,
char *buff, apr_size_t bufflen, int *eos)
{
apr_bucket *e;
apr_status_t rv;
char *pos = buff;
char *response;
int found = 0;
apr_size_t len;
/* start with an empty string */
buff[0] = 0;
*eos = 0;
/* loop through each brigade */
while (!found) {
/* get brigade from network one line at a time */
if (APR_SUCCESS != (rv = ap_get_brigade(c->input_filters, bb,
AP_MODE_GETLINE,
APR_BLOCK_READ,
0))) {
return rv;
}
/* loop through each bucket */
while (!found) {
if (*eos || APR_BRIGADE_EMPTY(bb)) {
/* The connection aborted or timed out */
return APR_ECONNABORTED;
}
e = APR_BRIGADE_FIRST(bb);
if (APR_BUCKET_IS_EOS(e)) {
*eos = 1;
}
else {
if (APR_SUCCESS != (rv = apr_bucket_read(e,
(const char **)&response,
&len,
APR_BLOCK_READ))) {
return rv;
}
/*
* is string LF terminated?
* XXX: This check can be made more efficient by simply checking
* if the last character in the 'response' buffer is an ASCII_LF.
* See ap_rgetline() for an example.
*/
if (memchr(response, APR_ASCII_LF, len)) {
found = 1;
}
/* concat strings until buff is full - then throw the data away */
if (len > ((bufflen-1)-(pos-buff))) {
len = (bufflen-1)-(pos-buff);
}
if (len > 0) {
memcpy(pos, response, len);
pos += len;
}
}
APR_BUCKET_REMOVE(e);
apr_bucket_destroy(e);
}
*pos = '\0';
}
return APR_SUCCESS;
}
/* unmerge an element in the table */
PROXY_DECLARE(void) ap_proxy_table_unmerge(apr_pool_t *p, apr_table_t *t, char *key)
{
apr_off_t offset = 0;
apr_off_t count = 0;
char *value = NULL;
/* get the value to unmerge */
const char *initial = apr_table_get(t, key);
if (!initial) {
return;
}
value = apr_pstrdup(p, initial);
/* remove the value from the headers */
apr_table_unset(t, key);
/* find each comma */
while (value[count]) {
if (value[count] == ',') {
value[count] = 0;
apr_table_add(t, key, value + offset);
offset = count + 1;
}
count++;
}
apr_table_add(t, key, value + offset);
}
PROXY_DECLARE(const char *) ap_proxy_location_reverse_map(request_rec *r,
proxy_dir_conf *conf, const char *url)
{
proxy_req_conf *rconf;
struct proxy_alias *ent;
int i, l1, l2;
char *u;
/*
* XXX FIXME: Make sure this handled the ambiguous case of the :<PORT>
* after the hostname
* XXX FIXME: Ensure the /uri component is a case sensitive match
*/
if (r->proxyreq != PROXYREQ_REVERSE) {
return url;
}
l1 = strlen(url);
if (conf->interpolate_env == 1) {
rconf = ap_get_module_config(r->request_config, &proxy_module);
ent = (struct proxy_alias *)rconf->raliases->elts;
}
else {
ent = (struct proxy_alias *)conf->raliases->elts;
}
for (i = 0; i < conf->raliases->nelts; i++) {
proxy_server_conf *sconf = (proxy_server_conf *)
ap_get_module_config(r->server->module_config, &proxy_module);
proxy_balancer *balancer;
const char *real = ent[i].real;
/*
* First check if mapping against a balancer and see
* if we have such a entity. If so, then we need to
* find the particulars of the actual worker which may
* or may not be the right one... basically, we need
* to find which member actually handled this request.
*/
if (ap_proxy_valid_balancer_name((char *)real, 0) &&
(balancer = ap_proxy_get_balancer(r->pool, sconf, real))) {
int n, l3 = 0;
proxy_worker **worker = (proxy_worker **)balancer->workers->elts;
const char *urlpart = ap_strchr_c(real, '/');
if (urlpart) {
if (!urlpart[1])
urlpart = NULL;
else
l3 = strlen(urlpart);
}
/* The balancer comparison is a bit trickier. Given the context
* BalancerMember balancer://alias http://example.com/foo
* ProxyPassReverse /bash balancer://alias/bar
* translate url http://example.com/foo/bar/that to /bash/that
*/
for (n = 0; n < balancer->workers->nelts; n++) {
l2 = strlen((*worker)->s->name);
if (urlpart) {
/* urlpart (l3) assuredly starts with its own '/' */
if ((*worker)->s->name[l2 - 1] == '/')
--l2;
if (l1 >= l2 + l3
&& strncasecmp((*worker)->s->name, url, l2) == 0
&& strncmp(urlpart, url + l2, l3) == 0) {
u = apr_pstrcat(r->pool, ent[i].fake, &url[l2 + l3],
NULL);
return ap_construct_url(r->pool, u, r);
}
}
else if (l1 >= l2 && strncasecmp((*worker)->s->name, url, l2) == 0) {
u = apr_pstrcat(r->pool, ent[i].fake, &url[l2], NULL);
return ap_construct_url(r->pool, u, r);
}
worker++;
}
}
else {
const char *part = url;
l2 = strlen(real);
if (real[0] == '/') {
part = ap_strstr_c(url, "://");
if (part) {
part = ap_strchr_c(part+3, '/');
if (part) {
l1 = strlen(part);
}
else {
part = url;
}
}
else {
part = url;
}
}
if (l1 >= l2 && strncasecmp(real, part, l2) == 0) {
u = apr_pstrcat(r->pool, ent[i].fake, &part[l2], NULL);
return ap_construct_url(r->pool, u, r);
}
}
}
return url;
}
/*
* Cookies are a bit trickier to match: we've got two substrings to worry
* about, and we can't just find them with strstr 'cos of case. Regexp
* matching would be an easy fix, but for better consistency with all the
* other matches we'll refrain and use apr_strmatch to find path=/domain=
* and stick to plain strings for the config values.
*/
PROXY_DECLARE(const char *) ap_proxy_cookie_reverse_map(request_rec *r,
proxy_dir_conf *conf, const char *str)
{
proxy_req_conf *rconf = ap_get_module_config(r->request_config,
&proxy_module);
struct proxy_alias *ent;
size_t len = strlen(str);
const char *newpath = NULL;
const char *newdomain = NULL;
const char *pathp;
const char *domainp;
const char *pathe = NULL;
const char *domaine = NULL;
size_t l1, l2, poffs = 0, doffs = 0;
int i;
int ddiff = 0;
int pdiff = 0;
char *ret;
if (r->proxyreq != PROXYREQ_REVERSE) {
return str;
}
/*
* Find the match and replacement, but save replacing until we've done
* both path and domain so we know the new strlen
*/
if ((pathp = apr_strmatch(conf->cookie_path_str, str, len)) != NULL) {
pathp += 5;
poffs = pathp - str;
pathe = ap_strchr_c(pathp, ';');
l1 = pathe ? (pathe - pathp) : strlen(pathp);
pathe = pathp + l1 ;
if (conf->interpolate_env == 1) {
ent = (struct proxy_alias *)rconf->cookie_paths->elts;
}
else {
ent = (struct proxy_alias *)conf->cookie_paths->elts;
}
for (i = 0; i < conf->cookie_paths->nelts; i++) {
l2 = strlen(ent[i].fake);
if (l1 >= l2 && strncmp(ent[i].fake, pathp, l2) == 0) {
newpath = ent[i].real;
pdiff = strlen(newpath) - l1;
break;
}
}
}
if ((domainp = apr_strmatch(conf->cookie_domain_str, str, len)) != NULL) {
domainp += 7;
doffs = domainp - str;
domaine = ap_strchr_c(domainp, ';');
l1 = domaine ? (domaine - domainp) : strlen(domainp);
domaine = domainp + l1;
if (conf->interpolate_env == 1) {
ent = (struct proxy_alias *)rconf->cookie_domains->elts;
}
else {
ent = (struct proxy_alias *)conf->cookie_domains->elts;
}
for (i = 0; i < conf->cookie_domains->nelts; i++) {
l2 = strlen(ent[i].fake);
if (l1 >= l2 && strncasecmp(ent[i].fake, domainp, l2) == 0) {
newdomain = ent[i].real;
ddiff = strlen(newdomain) - l1;
break;
}
}
}
if (newpath) {
ret = apr_palloc(r->pool, len + pdiff + ddiff + 1);
l1 = strlen(newpath);
if (newdomain) {
l2 = strlen(newdomain);
if (doffs > poffs) {
memcpy(ret, str, poffs);
memcpy(ret + poffs, newpath, l1);
memcpy(ret + poffs + l1, pathe, domainp - pathe);
memcpy(ret + doffs + pdiff, newdomain, l2);
strcpy(ret + doffs + pdiff + l2, domaine);
}
else {
memcpy(ret, str, doffs) ;
memcpy(ret + doffs, newdomain, l2);
memcpy(ret + doffs + l2, domaine, pathp - domaine);
memcpy(ret + poffs + ddiff, newpath, l1);
strcpy(ret + poffs + ddiff + l1, pathe);
}
}
else {
memcpy(ret, str, poffs);
memcpy(ret + poffs, newpath, l1);
strcpy(ret + poffs + l1, pathe);
}
}
else {
if (newdomain) {
ret = apr_palloc(r->pool, len + pdiff + ddiff + 1);
l2 = strlen(newdomain);
memcpy(ret, str, doffs);
memcpy(ret + doffs, newdomain, l2);
strcpy(ret + doffs+l2, domaine);
}
else {
ret = (char *)str; /* no change */
}
}
return ret;
}
/*
* BALANCER related...
*/
/*
* verifies that the balancer name conforms to standards.
*/
PROXY_DECLARE(int) ap_proxy_valid_balancer_name(char *name, int i)
{
if (!i)
i = sizeof(BALANCER_PREFIX)-1;
return (!strncasecmp(name, BALANCER_PREFIX, i));
}
PROXY_DECLARE(proxy_balancer *) ap_proxy_get_balancer(apr_pool_t *p,
proxy_server_conf *conf,
const char *url)
{
proxy_balancer *balancer;
char *c, *uri = apr_pstrdup(p, url);
int i;
c = strchr(uri, ':');
if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {
return NULL;
}
/* remove path from uri */
if ((c = strchr(c + 3, '/'))) {
*c = '\0';
}
balancer = (proxy_balancer *)conf->balancers->elts;
for (i = 0; i < conf->balancers->nelts; i++) {
if (strcasecmp(balancer->name, uri) == 0) {
return balancer;
}
balancer++;
}
return NULL;
}
PROXY_DECLARE(char *) ap_proxy_define_balancer(apr_pool_t *p,
proxy_balancer **balancer,
proxy_server_conf *conf,
const char *url)
{
char *c, *q, *uri = apr_pstrdup(p, url);
proxy_balancer_method *lbmethod;
apr_uuid_t uuid;
/* We should never get here without a valid BALANCER_PREFIX... */
c = strchr(uri, ':');
if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0')
return "Bad syntax for a balancer name";
/* remove path from uri */
if ((q = strchr(c + 3, '/')))
*q = '\0';
ap_str_tolower(uri);
*balancer = apr_array_push(conf->balancers);
memset(*balancer, 0, sizeof(proxy_balancer));
/*
* NOTE: The default method is byrequests, which we assume
* exists!
*/
lbmethod = ap_lookup_provider(PROXY_LBMETHOD, "byrequests", "0");
if (!lbmethod) {
return "Can't find 'byrequests' lb method";
}
(*balancer)->name = uri;
(*balancer)->lbmethod = lbmethod;
(*balancer)->workers = apr_array_make(p, 5, sizeof(proxy_worker *));
(*balancer)->updated = apr_time_now();
(*balancer)->mutex = NULL;
/* Retrieve a UUID and store the nonce for the lifetime of
* the process. */
apr_uuid_get(&uuid);
apr_uuid_format((*balancer)->nonce, &uuid);
return NULL;
}
#if 0
/*
* Create an already defined balancer and free up memory.
* Placeholder for when we make +/- of balancers runtime as well
*/
PROXY_DECLARE(void) ap_proxy_share_balancer(TODO)
{
}
PROXY_DECLARE(void) ap_proxy_initialize_balancer(TODO)
{
}
#endif
/*
* CONNECTION related...
*/
static apr_status_t conn_pool_cleanup(void *theworker)
{
proxy_worker *worker = (proxy_worker *)theworker;
if (worker->cp->res) {
worker->cp->pool = NULL;
}
return APR_SUCCESS;
}
static void init_conn_pool(apr_pool_t *p, proxy_worker *worker)
{
apr_pool_t *pool;
proxy_conn_pool *cp;
/*
* Create a connection pool's subpool.
* This pool is used for connection recycling.
* Once the worker is added it is never removed but
* it can be disabled.
*/
apr_pool_create(&pool, p);
apr_pool_tag(pool, "proxy_worker_cp");
/*
* Alloc from the same pool as worker.
* proxy_conn_pool is permanently attached to the worker.
*/
cp = (proxy_conn_pool *)apr_pcalloc(p, sizeof(proxy_conn_pool));
cp->pool = pool;
worker->cp = cp;
}
static apr_status_t connection_cleanup(void *theconn)
{
proxy_conn_rec *conn = (proxy_conn_rec *)theconn;
proxy_worker *worker = conn->worker;
/*
* If the connection pool is NULL the worker
* cleanup has been run. Just return.
*/
if (!worker->cp) {
return APR_SUCCESS;
}
if (conn->r) {
apr_pool_destroy(conn->r->pool);
conn->r = NULL;
}
/* Sanity check: Did we already return the pooled connection? */
if (conn->inreslist) {
ap_log_perror(APLOG_MARK, APLOG_ERR, 0, conn->pool,
"proxy: Pooled connection 0x%pp for worker %s has been"
" already returned to the connection pool.", conn,
worker->s->name);
return APR_SUCCESS;
}
/* determine if the connection need to be closed */
if (conn->close || !worker->s->is_address_reusable || worker->s->disablereuse) {
apr_pool_t *p = conn->pool;
apr_pool_clear(p);
conn = apr_pcalloc(p, sizeof(proxy_conn_rec));
conn->pool = p;
conn->worker = worker;
apr_pool_create(&(conn->scpool), p);
apr_pool_tag(conn->scpool, "proxy_conn_scpool");
}
if (worker->s->hmax && worker->cp->res) {
conn->inreslist = 1;
apr_reslist_release(worker->cp->res, (void *)conn);
}
else
{
worker->cp->conn = conn;
}
/* Always return the SUCCESS */
return APR_SUCCESS;
}
static void socket_cleanup(proxy_conn_rec *conn)
{
conn->sock = NULL;
conn->connection = NULL;
apr_pool_clear(conn->scpool);
}
PROXY_DECLARE(apr_status_t) ap_proxy_ssl_connection_cleanup(proxy_conn_rec *conn,
request_rec *r)
{
apr_bucket_brigade *bb;
apr_status_t rv;
/*
* If we have an existing SSL connection it might be possible that the
* server sent some SSL message we have not read so far (e.g. an SSL
* shutdown message if the server closed the keepalive connection while
* the connection was held unused in our pool).
* So ensure that if present (=> APR_NONBLOCK_READ) it is read and
* processed. We don't expect any data to be in the returned brigade.
*/
if (conn->sock && conn->connection) {
bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
rv = ap_get_brigade(conn->connection->input_filters, bb,
AP_MODE_READBYTES, APR_NONBLOCK_READ,
HUGE_STRING_LEN);
if ((rv != APR_SUCCESS) && !APR_STATUS_IS_EAGAIN(rv)) {
socket_cleanup(conn);
}
if (!APR_BRIGADE_EMPTY(bb)) {
apr_off_t len;
rv = apr_brigade_length(bb, 0, &len);
ap_log_rerror(APLOG_MARK, APLOG_TRACE3, rv, r,
"proxy: SSL cleanup brigade contained %"
APR_OFF_T_FMT " bytes of data.", len);
}
apr_brigade_destroy(bb);
}
return APR_SUCCESS;
}
/* reslist constructor */
static apr_status_t connection_constructor(void **resource, void *params,
apr_pool_t *pool)
{
apr_pool_t *ctx;
apr_pool_t *scpool;
proxy_conn_rec *conn;
proxy_worker *worker = (proxy_worker *)params;
/*
* Create the subpool for each connection
* This keeps the memory consumption constant
* when disconnecting from backend.
*/
apr_pool_create(&ctx, pool);
apr_pool_tag(ctx, "proxy_conn_pool");
/*
* Create another subpool that manages the data for the
* socket and the connection member of the proxy_conn_rec struct as we
* destroy this data more frequently than other data in the proxy_conn_rec
* struct like hostname and addr (at least in the case where we have
* keepalive connections that timed out).
*/
apr_pool_create(&scpool, ctx);
apr_pool_tag(scpool, "proxy_conn_scpool");
conn = apr_pcalloc(ctx, sizeof(proxy_conn_rec));
conn->pool = ctx;
conn->scpool = scpool;
conn->worker = worker;
conn->inreslist = 1;
*resource = conn;
return APR_SUCCESS;
}
/* reslist destructor */
static apr_status_t connection_destructor(void *resource, void *params,
apr_pool_t *pool)
{
proxy_conn_rec *conn = (proxy_conn_rec *)resource;
/* Destroy the pool only if not called from reslist_destroy */
if (conn->worker->cp->pool) {
apr_pool_destroy(conn->pool);
}
return APR_SUCCESS;
}
/*
* WORKER related...
*/
PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker(apr_pool_t *p,
proxy_balancer *balancer,
proxy_server_conf *conf,
const char *url)
{
proxy_worker *worker;
proxy_worker *max_worker = NULL;
int max_match = 0;
int url_length;
int min_match;
int worker_name_length;
const char *c;
char *url_copy;
int i;
c = ap_strchr_c(url, ':');
if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {
return NULL;
}
url_copy = apr_pstrdup(p, url);
url_length = strlen(url);
/*
* We need to find the start of the path and
* therefore we know the length of the scheme://hostname/
* part to we can force-lowercase everything up to
* the start of the path.
*/
c = ap_strchr_c(c+3, '/');
if (c) {
char *pathstart;
pathstart = url_copy + (c - url);
*pathstart = '\0';
ap_str_tolower(url_copy);
min_match = strlen(url_copy);
*pathstart = '/';
}
else {
ap_str_tolower(url_copy);
min_match = strlen(url_copy);
}
/*
* Do a "longest match" on the worker name to find the worker that
* fits best to the URL, but keep in mind that we must have at least
* a minimum matching of length min_match such that
* scheme://hostname[:port] matches between worker and url.
*/
if (balancer) {
proxy_worker **workers = (proxy_worker **)balancer->workers->elts;
for (i = 0; i < balancer->workers->nelts; i++, workers++) {
worker = *workers;
if ( ((worker_name_length = strlen(worker->s->name)) <= url_length)
&& (worker_name_length >= min_match)
&& (worker_name_length > max_match)
&& (strncmp(url_copy, worker->s->name, worker_name_length) == 0) ) {
max_worker = worker;
max_match = worker_name_length;
}
}
} else {
worker = (proxy_worker *)conf->workers->elts;
for (i = 0; i < conf->workers->nelts; i++, worker++) {
if ( ((worker_name_length = strlen(worker->s->name)) <= url_length)
&& (worker_name_length >= min_match)
&& (worker_name_length > max_match)
&& (strncmp(url_copy, worker->s->name, worker_name_length) == 0) ) {
max_worker = worker;
max_match = worker_name_length;
}
}
}
return max_worker;
}
/*
* To create a worker from scratch first we define the
* specifics of the worker; this is all local data.
* We then allocate space for it if data needs to be
* shared. This allows for dynamic addition during
* config and runtime.
*/
PROXY_DECLARE(char *) ap_proxy_define_worker(apr_pool_t *p,
proxy_worker **worker,
proxy_balancer *balancer,
proxy_server_conf *conf,
const char *url)
{
int rv;
apr_uri_t uri;
proxy_worker_shared *wstatus;
rv = apr_uri_parse(p, url, &uri);
if (rv != APR_SUCCESS) {
return "Unable to parse URL";
}
if (!uri.hostname || !uri.scheme) {
return "URL must be absolute!";
}
ap_str_tolower(uri.hostname);
ap_str_tolower(uri.scheme);
/*
* Workers can be associated w/ balancers or on their
* own; ie: the generic reverse-proxy or a worker
* in a simple ProxyPass statement. eg:
*
* ProxyPass / http://www.example.com
*
* in which case the worker goes in the conf slot.
*/
if (balancer) {
proxy_worker **runtime;
/* recall that we get a ptr to the ptr here */
runtime = apr_array_push(balancer->workers);
*worker = *runtime = apr_palloc(p, sizeof(proxy_worker)); /* right to left baby */
} else if (conf) {
*worker = apr_array_push(conf->workers);
} else {
/* we need to allocate space here */
*worker = apr_palloc(p, sizeof(proxy_worker));
}
memset(*worker, 0, sizeof(proxy_worker));
/* right here we just want to tuck away the worker info.
* if called during config, we don't have shm setup yet,
* so just note the info for later. */
#if 0
wstatus = malloc(sizeof(proxy_worker_shared)); /* will be freed ap_proxy_share_worker */
#else
wstatus = apr_palloc(p, sizeof(proxy_worker_shared));
#endif
memset(wstatus, 0, sizeof(proxy_worker_shared));
PROXY_STRNCPY(wstatus->name, apr_uri_unparse(p, &uri, APR_URI_UNP_REVEALPASSWORD));
PROXY_STRNCPY(wstatus->scheme, uri.scheme);
PROXY_STRNCPY(wstatus->hostname, uri.hostname);
wstatus->port = uri.port;
wstatus->flush_packets = flush_off;
wstatus->flush_wait = PROXY_FLUSH_WAIT;
wstatus->is_address_reusable = 1;
wstatus->lbfactor = 1;
wstatus->smax = -1;
wstatus->hash = ap_proxy_hashfunc(wstatus->name, PROXY_HASHFUNC_DEFAULT);
(*worker)->hash = wstatus->hash;
(*worker)->context = NULL;
(*worker)->cp = NULL;
(*worker)->mutex = NULL;
(*worker)->balancer = balancer;
(*worker)->s = wstatus;
return NULL;
}
/*
* Create an already defined worker and free up memory
*/
PROXY_DECLARE(apr_status_t) ap_proxy_share_worker(proxy_worker *worker, proxy_worker_shared *shm, int i)
{
if (!shm || !worker->s)
return APR_EINVAL;
memcpy(shm, worker->s, sizeof(proxy_worker_shared));
#if 0
free(worker->s); /* was malloced in ap_proxy_define_worker */
#endif
worker->s = shm;
worker->s->index = i;
return APR_SUCCESS;
}
PROXY_DECLARE(apr_status_t) ap_proxy_initialize_worker(proxy_worker *worker, server_rec *s, apr_pool_t *p)
{
apr_status_t rv = APR_SUCCESS;
int mpm_threads;
if (worker->s->status & PROXY_WORKER_INITIALIZED) {
/* The worker is already initialized */
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"worker %s shared already initialized", worker->s->name);
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"initializing worker %s shared", worker->s->name);
/* Set default parameters */
if (!worker->s->retry_set) {
worker->s->retry = apr_time_from_sec(PROXY_WORKER_DEFAULT_RETRY);
}
/* By default address is reusable unless DisableReuse is set */
if (worker->s->disablereuse) {
worker->s->is_address_reusable = 0;
}
else {
worker->s->is_address_reusable = 1;
}
ap_mpm_query(AP_MPMQ_MAX_THREADS, &mpm_threads);
if (mpm_threads > 1) {
/* Set hard max to no more then mpm_threads */
if (worker->s->hmax == 0 || worker->s->hmax > mpm_threads) {
worker->s->hmax = mpm_threads;
}
if (worker->s->smax == -1 || worker->s->smax > worker->s->hmax) {
worker->s->smax = worker->s->hmax;
}
/* Set min to be lower then smax */
if (worker->s->min > worker->s->smax) {
worker->s->min = worker->s->smax;
}
}
else {
/* This will supress the apr_reslist creation */
worker->s->min = worker->s->smax = worker->s->hmax = 0;
}
}
/* What if local is init'ed and shm isn't?? Even possible? */
if (worker->local_status & PROXY_WORKER_INITIALIZED) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"worker %s local already initialized", worker->s->name);
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"initializing worker %s local", worker->s->name);
/* Now init local worker data */
if (worker->cp == NULL)
init_conn_pool(p, worker);
if (worker->cp == NULL) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"can not create connection pool");
return APR_EGENERAL;
}
if (worker->mutex == NULL) {
rv = apr_thread_mutex_create(&(worker->mutex), APR_THREAD_MUTEX_DEFAULT, p);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"can not create thread mutex");
return rv;
}
}
if (worker->s->hmax) {
rv = apr_reslist_create(&(worker->cp->res),
worker->s->min, worker->s->smax,
worker->s->hmax, worker->s->ttl,
connection_constructor, connection_destructor,
worker, worker->cp->pool);
apr_pool_cleanup_register(worker->cp->pool, (void *)worker,
conn_pool_cleanup,
apr_pool_cleanup_null);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: initialized pool in child %" APR_PID_T_FMT " for (%s) min=%d max=%d smax=%d",
getpid(), worker->s->hostname, worker->s->min,
worker->s->hmax, worker->s->smax);
/* Set the acquire timeout */
if (rv == APR_SUCCESS && worker->s->acquire_set) {
apr_reslist_timeout_set(worker->cp->res, worker->s->acquire);
}
}
else {
void *conn;
rv = connection_constructor(&conn, worker, worker->cp->pool);
worker->cp->conn = conn;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: initialized single connection worker in child %" APR_PID_T_FMT " for (%s)",
getpid(), worker->s->hostname);
}
}
if (rv == APR_SUCCESS) {
worker->s->status |= (PROXY_WORKER_INITIALIZED);
worker->local_status |= (PROXY_WORKER_INITIALIZED);
}
return rv;
}
PROXY_DECLARE(int) ap_proxy_retry_worker(const char *proxy_function,
proxy_worker *worker,
server_rec *s)
{
if (worker->s->status & PROXY_WORKER_IN_ERROR) {
if (apr_time_now() > worker->s->error_time + worker->s->retry) {
++worker->s->retries;
worker->s->status &= ~PROXY_WORKER_IN_ERROR;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: %s: worker for (%s) has been marked for retry",
proxy_function, worker->s->hostname);
return OK;
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: %s: too soon to retry worker for (%s)",
proxy_function, worker->s->hostname);
return DECLINED;
}
}
else {
return OK;
}
}
PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
proxy_balancer **balancer,
request_rec *r,
proxy_server_conf *conf, char **url)
{
int access_status;
access_status = proxy_run_pre_request(worker, balancer, r, conf, url);
if (access_status == DECLINED && *balancer == NULL) {
*worker = ap_proxy_get_worker(r->pool, NULL, conf, *url);
if (*worker) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"proxy: %s: found worker %s for %s",
(*worker)->s->scheme, (*worker)->s->name, *url);
*balancer = NULL;
access_status = OK;
}
else if (r->proxyreq == PROXYREQ_PROXY) {
if (conf->forward) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"proxy: *: found forward proxy worker for %s",
*url);
*balancer = NULL;
*worker = conf->forward;
access_status = OK;
/*
* The forward worker does not keep connections alive, so
* ensure that mod_proxy_http does the correct thing
* regarding the Connection header in the request.
*/
apr_table_set(r->subprocess_env, "proxy-nokeepalive", "1");
}
}
else if (r->proxyreq == PROXYREQ_REVERSE) {
if (conf->reverse) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"proxy: *: found reverse proxy worker for %s",
*url);
*balancer = NULL;
*worker = conf->reverse;
access_status = OK;
/*
* The reverse worker does not keep connections alive, so
* ensure that mod_proxy_http does the correct thing
* regarding the Connection header in the request.
*/
apr_table_set(r->subprocess_env, "proxy-nokeepalive", "1");
}
}
}
else if (access_status == DECLINED && *balancer != NULL) {
/* All the workers are busy */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"proxy: all workers are busy. Unable to serve %s",
*url);
access_status = HTTP_SERVICE_UNAVAILABLE;
}
return access_status;
}
PROXY_DECLARE(int) ap_proxy_post_request(proxy_worker *worker,
proxy_balancer *balancer,
request_rec *r,
proxy_server_conf *conf)
{
int access_status = OK;
if (balancer) {
access_status = proxy_run_post_request(worker, balancer, r, conf);
if (access_status == DECLINED) {
access_status = OK; /* no post_request handler available */
/* TODO: recycle direct worker */
}
}
return access_status;
}
/* DEPRECATED */
PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **newsock,
const char *proxy_function,
apr_sockaddr_t *backend_addr,
const char *backend_name,
proxy_server_conf *conf,
request_rec *r)
{
apr_status_t rv;
int connected = 0;
int loglevel;
while (backend_addr && !connected) {
if ((rv = apr_socket_create(newsock, backend_addr->family,
SOCK_STREAM, 0, r->pool)) != APR_SUCCESS) {
loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
ap_log_rerror(APLOG_MARK, loglevel, rv, r,
"proxy: %s: error creating fam %d socket for target %s",
proxy_function,
backend_addr->family,
backend_name);
/*
* this could be an IPv6 address from the DNS but the
* local machine won't give us an IPv6 socket; hopefully the
* DNS returned an additional address to try
*/
backend_addr = backend_addr->next;
continue;
}
if (conf->recv_buffer_size > 0 &&
(rv = apr_socket_opt_set(*newsock, APR_SO_RCVBUF,
conf->recv_buffer_size))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"apr_socket_opt_set(SO_RCVBUF): Failed to set "
"ProxyReceiveBufferSize, using default");
}
rv = apr_socket_opt_set(*newsock, APR_TCP_NODELAY, 1);
if (rv != APR_SUCCESS && rv != APR_ENOTIMPL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"apr_socket_opt_set(APR_TCP_NODELAY): "
"Failed to set");
}
/* Set a timeout on the socket */
if (conf->timeout_set) {
apr_socket_timeout_set(*newsock, conf->timeout);
}
else {
apr_socket_timeout_set(*newsock, r->server->timeout);
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"proxy: %s: fam %d socket created to connect to %s",
proxy_function, backend_addr->family, backend_name);
if (conf->source_address) {
rv = apr_socket_bind(*newsock, conf->source_address);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: %s: failed to bind socket to local address",
proxy_function);
}
}
/* make the connection out of the socket */
rv = apr_socket_connect(*newsock, backend_addr);
/* if an error occurred, loop round and try again */
if (rv != APR_SUCCESS) {
apr_socket_close(*newsock);
loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
ap_log_rerror(APLOG_MARK, loglevel, rv, r,
"proxy: %s: attempt to connect to %pI (%s) failed",
proxy_function,
backend_addr,
backend_name);
backend_addr = backend_addr->next;
continue;
}
connected = 1;
}
return connected ? 0 : 1;
}
PROXY_DECLARE(int) ap_proxy_acquire_connection(const char *proxy_function,
proxy_conn_rec **conn,
proxy_worker *worker,
server_rec *s)
{
apr_status_t rv;
if (!PROXY_WORKER_IS_USABLE(worker)) {
/* Retry the worker */
ap_proxy_retry_worker(proxy_function, worker, s);
if (!PROXY_WORKER_IS_USABLE(worker)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"proxy: %s: disabled connection for (%s)",
proxy_function, worker->s->hostname);
return HTTP_SERVICE_UNAVAILABLE;
}
}
if (worker->s->hmax && worker->cp->res) {
rv = apr_reslist_acquire(worker->cp->res, (void **)conn);
}
else {
/* create the new connection if the previous was destroyed */
if (!worker->cp->conn) {
connection_constructor((void **)conn, worker, worker->cp->pool);
}
else {
*conn = worker->cp->conn;
worker->cp->conn = NULL;
}
rv = APR_SUCCESS;
}
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"proxy: %s: failed to acquire connection for (%s)",
proxy_function, worker->s->hostname);
return HTTP_SERVICE_UNAVAILABLE;
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: %s: has acquired connection for (%s)",
proxy_function, worker->s->hostname);
(*conn)->worker = worker;
(*conn)->close = 0;
(*conn)->inreslist = 0;
return OK;
}
PROXY_DECLARE(int) ap_proxy_release_connection(const char *proxy_function,
proxy_conn_rec *conn,
server_rec *s)
{
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: %s: has released connection for (%s)",
proxy_function, conn->worker->s->hostname);
connection_cleanup(conn);
return OK;
}
PROXY_DECLARE(int)
ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
proxy_server_conf *conf,
proxy_worker *worker,
proxy_conn_rec *conn,
apr_uri_t *uri,
char **url,
const char *proxyname,
apr_port_t proxyport,
char *server_portstr,
int server_portstr_size)
{
int server_port;
apr_status_t err = APR_SUCCESS;
apr_status_t uerr = APR_SUCCESS;
/*
* Break up the URL to determine the host to connect to
*/
/* we break the URL into host, port, uri */
if (APR_SUCCESS != apr_uri_parse(p, *url, uri)) {
return ap_proxyerror(r, HTTP_BAD_REQUEST,
apr_pstrcat(p,"URI cannot be parsed: ", *url,
NULL));
}
if (!uri->port) {
uri->port = apr_uri_port_of_scheme(uri->scheme);
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: connecting %s to %s:%d", *url, uri->hostname,
uri->port);
/*
* allocate these out of the specified connection pool
* The scheme handler decides if this is permanent or
* short living pool.
*/
/* are we connecting directly, or via a proxy? */
if (!proxyname) {
*url = apr_pstrcat(p, uri->path, uri->query ? "?" : "",
uri->query ? uri->query : "",
uri->fragment ? "#" : "",
uri->fragment ? uri->fragment : "", NULL);
}
/*
* Make sure that we pick the the correct and valid worker.
* If a single keepalive connection triggers different workers,
* then we have a problem (we don't select the correct one).
* Do an expensive check in this case, where we compare the
* the hostnames associated between the two.
*
* TODO: Handle this much better...
*/
if (!conn->hostname || !worker->s->is_address_reusable ||
worker->s->disablereuse ||
(r->connection->keepalives &&
(r->proxyreq == PROXYREQ_PROXY || r->proxyreq == PROXYREQ_REVERSE) &&
(strcasecmp(conn->hostname, uri->hostname) != 0) ) ) {
if (proxyname) {
conn->hostname = apr_pstrdup(conn->pool, proxyname);
conn->port = proxyport;
/*
* If we have a forward proxy and the protocol is HTTPS,
* then we need to prepend a HTTP CONNECT request before
* sending our actual HTTPS requests.
* Save our real backend data for using it later during HTTP CONNECT.
*/
if (conn->is_ssl) {
const char *proxy_auth;
forward_info *forward = apr_pcalloc(conn->pool, sizeof(forward_info));
conn->forward = forward;
forward->use_http_connect = 1;
forward->target_host = apr_pstrdup(conn->pool, uri->hostname);
forward->target_port = uri->port;
/* Do we want to pass Proxy-Authorization along?
* If we haven't used it, then YES
* If we have used it then MAYBE: RFC2616 says we MAY propagate it.
* So let's make it configurable by env.
* The logic here is the same used in mod_proxy_http.
*/
proxy_auth = apr_table_get(r->headers_in, "Proxy-Authorization");
if (proxy_auth != NULL &&
proxy_auth[0] != '\0' &&
r->user == NULL && /* we haven't yet authenticated */
apr_table_get(r->subprocess_env, "Proxy-Chain-Auth")) {
forward->proxy_auth = apr_pstrdup(conn->pool, proxy_auth);
}
}
}
else {
conn->hostname = apr_pstrdup(conn->pool, uri->hostname);
conn->port = uri->port;
}
socket_cleanup(conn);
err = apr_sockaddr_info_get(&(conn->addr),
conn->hostname, APR_UNSPEC,
conn->port, 0,
conn->pool);
}
else if (!worker->cp->addr) {
if ((err = PROXY_THREAD_LOCK(worker)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, err, r->server,
"proxy: lock");
return HTTP_INTERNAL_SERVER_ERROR;
}
/*
* Worker can have the single constant backend adress.
* The single DNS lookup is used once per worker.
* If dynamic change is needed then set the addr to NULL
* inside dynamic config to force the lookup.
*/
err = apr_sockaddr_info_get(&(worker->cp->addr),
conn->hostname, APR_UNSPEC,
conn->port, 0,
worker->cp->pool);
conn->addr = worker->cp->addr;
if ((uerr = PROXY_THREAD_UNLOCK(worker)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, uerr, r->server,
"proxy: unlock");
}
}
else {
conn->addr = worker->cp->addr;
}
/* Close a possible existing socket if we are told to do so */
if (conn->close) {
socket_cleanup(conn);
conn->close = 0;
}
if (err != APR_SUCCESS) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
apr_pstrcat(p, "DNS lookup failure for: ",
conn->hostname, NULL));
}
/* Get the server port for the Via headers */
{
server_port = ap_get_server_port(r);
if (ap_is_default_port(server_port, r)) {
strcpy(server_portstr,"");
}
else {
apr_snprintf(server_portstr, server_portstr_size, ":%d",
server_port);
}
}
/* check if ProxyBlock directive on this host */
if (OK != ap_proxy_checkproxyblock(r, conf, conn->addr)) {
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: connected %s to %s:%d", *url, conn->hostname,
conn->port);
return OK;
}
#define USE_ALTERNATE_IS_CONNECTED 1
#if !defined(APR_MSG_PEEK) && defined(MSG_PEEK)
#define APR_MSG_PEEK MSG_PEEK
#endif
#if USE_ALTERNATE_IS_CONNECTED && defined(APR_MSG_PEEK)
static int is_socket_connected(apr_socket_t *socket)
{
apr_pollfd_t pfds[1];
apr_status_t status;
apr_int32_t nfds;
pfds[0].reqevents = APR_POLLIN;
pfds[0].desc_type = APR_POLL_SOCKET;
pfds[0].desc.s = socket;
do {
status = apr_poll(&pfds[0], 1, &nfds, 0);
} while (APR_STATUS_IS_EINTR(status));
if (status == APR_SUCCESS && nfds == 1 &&
pfds[0].rtnevents == APR_POLLIN) {
apr_sockaddr_t unused;
apr_size_t len = 1;
char buf[1];
/* The socket might be closed in which case
* the poll will return POLLIN.
* If there is no data available the socket
* is closed.
*/
status = apr_socket_recvfrom(&unused, socket, APR_MSG_PEEK,
&buf[0], &len);
if (status == APR_SUCCESS && len)
return 1;
else
return 0;
}
else if (APR_STATUS_IS_EAGAIN(status) || APR_STATUS_IS_TIMEUP(status)) {
return 1;
}
return 0;
}
#else
static int is_socket_connected(apr_socket_t *sock)
{
apr_size_t buffer_len = 1;
char test_buffer[1];
apr_status_t socket_status;
apr_interval_time_t current_timeout;
/* save timeout */
apr_socket_timeout_get(sock, &current_timeout);
/* set no timeout */
apr_socket_timeout_set(sock, 0);
socket_status = apr_socket_recv(sock, test_buffer, &buffer_len);
/* put back old timeout */
apr_socket_timeout_set(sock, current_timeout);
if (APR_STATUS_IS_EOF(socket_status)
|| APR_STATUS_IS_ECONNRESET(socket_status)) {
return 0;
}
else {
return 1;
}
}
#endif /* USE_ALTERNATE_IS_CONNECTED */
/*
* Send a HTTP CONNECT request to a forward proxy.
* The proxy is given by "backend", the target server
* is contained in the "forward" member of "backend".
*/
static apr_status_t send_http_connect(proxy_conn_rec *backend,
server_rec *s)
{
int status;
apr_size_t nbytes;
apr_size_t left;
int complete = 0;
char buffer[HUGE_STRING_LEN];
char drain_buffer[HUGE_STRING_LEN];
forward_info *forward = (forward_info *)backend->forward;
int len = 0;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: CONNECT: sending the CONNECT request for %s:%d "
"to the remote proxy %pI (%s)",
forward->target_host, forward->target_port,
backend->addr, backend->hostname);
/* Create the CONNECT request */
nbytes = apr_snprintf(buffer, sizeof(buffer),
"CONNECT %s:%d HTTP/1.0" CRLF,
forward->target_host, forward->target_port);
/* Add proxy authorization from the initial request if necessary */
if (forward->proxy_auth != NULL) {
nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes,
"Proxy-Authorization: %s" CRLF,
forward->proxy_auth);
}
/* Set a reasonable agent and send everything */
nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes,
"Proxy-agent: %s" CRLF CRLF,
ap_get_server_banner());
apr_socket_send(backend->sock, buffer, &nbytes);
/* Receive the whole CONNECT response */
left = sizeof(buffer) - 1;
/* Read until we find the end of the headers or run out of buffer */
do {
nbytes = left;
status = apr_socket_recv(backend->sock, buffer + len, &nbytes);
len += nbytes;
left -= nbytes;
buffer[len] = '\0';
if (strstr(buffer + len - nbytes, "\r\n\r\n") != NULL) {
complete = 1;
break;
}
} while (status == APR_SUCCESS && left > 0);
/* Drain what's left */
if (!complete) {
nbytes = sizeof(drain_buffer) - 1;
while (status == APR_SUCCESS && nbytes) {
status = apr_socket_recv(backend->sock, drain_buffer, &nbytes);
buffer[nbytes] = '\0';
nbytes = sizeof(drain_buffer) - 1;
if (strstr(drain_buffer, "\r\n\r\n") != NULL) {
complete = 1;
break;
}
}
}
/* Check for HTTP_OK response status */
if (status == APR_SUCCESS) {
int major, minor;
/* Only scan for three character status code */
char code_str[4];
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"send_http_connect: response from the forward proxy: %s",
buffer);
/* Extract the returned code */
if (sscanf(buffer, "HTTP/%u.%u %3s", &major, &minor, code_str) == 3) {
status = atoi(code_str);
if (status == HTTP_OK) {
status = APR_SUCCESS;
}
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"send_http_connect: the forward proxy returned code is '%s'",
code_str);
status = APR_INCOMPLETE;
}
}
}
return(status);
}
PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
proxy_conn_rec *conn,
proxy_worker *worker,
server_rec *s)
{
apr_status_t rv;
int connected = 0;
int loglevel;
apr_sockaddr_t *backend_addr = conn->addr;
/* the local address to use for the outgoing connection */
apr_sockaddr_t *local_addr;
apr_socket_t *newsock;
void *sconf = s->module_config;
proxy_server_conf *conf =
(proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
if (conn->sock) {
if (!(connected = is_socket_connected(conn->sock))) {
socket_cleanup(conn);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: %s: backend socket is disconnected.",
proxy_function);
}
}
while (backend_addr && !connected) {
if ((rv = apr_socket_create(&newsock, backend_addr->family,
SOCK_STREAM, APR_PROTO_TCP,
conn->scpool)) != APR_SUCCESS) {
loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
ap_log_error(APLOG_MARK, loglevel, rv, s,
"proxy: %s: error creating fam %d socket for target %s",
proxy_function,
backend_addr->family,
worker->s->hostname);
/*
* this could be an IPv6 address from the DNS but the
* local machine won't give us an IPv6 socket; hopefully the
* DNS returned an additional address to try
*/
backend_addr = backend_addr->next;
continue;
}
conn->connection = NULL;
if (worker->s->recv_buffer_size > 0 &&
(rv = apr_socket_opt_set(newsock, APR_SO_RCVBUF,
worker->s->recv_buffer_size))) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"apr_socket_opt_set(SO_RCVBUF): Failed to set "
"ProxyReceiveBufferSize, using default");
}
rv = apr_socket_opt_set(newsock, APR_TCP_NODELAY, 1);
if (rv != APR_SUCCESS && rv != APR_ENOTIMPL) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"apr_socket_opt_set(APR_TCP_NODELAY): "
"Failed to set");
}
/* Set a timeout for connecting to the backend on the socket */
if (worker->s->conn_timeout_set) {
apr_socket_timeout_set(newsock, worker->s->conn_timeout);
}
else if (worker->s->timeout_set) {
apr_socket_timeout_set(newsock, worker->s->timeout);
}
else if (conf->timeout_set) {
apr_socket_timeout_set(newsock, conf->timeout);
}
else {
apr_socket_timeout_set(newsock, s->timeout);
}
/* Set a keepalive option */
if (worker->s->keepalive) {
if ((rv = apr_socket_opt_set(newsock,
APR_SO_KEEPALIVE, 1)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"apr_socket_opt_set(SO_KEEPALIVE): Failed to set"
" Keepalive");
}
}
ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, s,
"proxy: %s: fam %d socket created to connect to %s",
proxy_function, backend_addr->family, worker->s->hostname);
if (conf->source_address_set) {
local_addr = apr_pcalloc(conn->pool, sizeof(apr_sockaddr_t));
memcpy(local_addr, conf->source_address, sizeof(apr_sockaddr_t));
local_addr->pool = conn->pool;
rv = apr_socket_bind(newsock, local_addr);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"proxy: %s: failed to bind socket to local address",
proxy_function);
}
}
/* make the connection out of the socket */
rv = apr_socket_connect(newsock, backend_addr);
/* if an error occurred, loop round and try again */
if (rv != APR_SUCCESS) {
apr_socket_close(newsock);
loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
ap_log_error(APLOG_MARK, loglevel, rv, s,
"proxy: %s: attempt to connect to %pI (%s) failed",
proxy_function,
backend_addr,
worker->s->hostname);
backend_addr = backend_addr->next;
continue;
}
/* Set a timeout on the socket */
if (worker->s->timeout_set) {
apr_socket_timeout_set(newsock, worker->s->timeout);
}
else if (conf->timeout_set) {
apr_socket_timeout_set(newsock, conf->timeout);
}
else {
apr_socket_timeout_set(newsock, s->timeout);
}
conn->sock = newsock;
if (conn->forward) {
forward_info *forward = (forward_info *)conn->forward;
/*
* For HTTP CONNECT we need to prepend CONNECT request before
* sending our actual HTTPS requests.
*/
if (forward->use_http_connect) {
rv = send_http_connect(conn, s);
/* If an error occurred, loop round and try again */
if (rv != APR_SUCCESS) {
conn->sock = NULL;
apr_socket_close(newsock);
loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
ap_log_error(APLOG_MARK, loglevel, rv, s,
"proxy: %s: attempt to connect to %s:%d "
"via http CONNECT through %pI (%s) failed",
proxy_function,
forward->target_host, forward->target_port,
backend_addr, worker->s->hostname);
backend_addr = backend_addr->next;
continue;
}
}
}
connected = 1;
}
/*
* Put the entire worker to error state if
* the PROXY_WORKER_IGNORE_ERRORS flag is not set.
* Altrough some connections may be alive
* no further connections to the worker could be made
*/
if (!connected && PROXY_WORKER_IS_USABLE(worker) &&
!(worker->s->status & PROXY_WORKER_IGNORE_ERRORS)) {
worker->s->error_time = apr_time_now();
worker->s->status |= PROXY_WORKER_IN_ERROR;
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"ap_proxy_connect_backend disabling worker for (%s) for %"
APR_TIME_T_FMT "s",
worker->s->hostname, apr_time_sec(worker->s->retry));
}
else {
if (worker->s->retries) {
/*
* A worker came back. So here is where we need to
* either reset all params to initial conditions or
* apply some sort of aging
*/
}
worker->s->error_time = 0;
worker->s->retries = 0;
}
return connected ? OK : DECLINED;
}
PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function,
proxy_conn_rec *conn,
conn_rec *c,
server_rec *s)
{
apr_sockaddr_t *backend_addr = conn->addr;
int rc;
apr_interval_time_t current_timeout;
apr_bucket_alloc_t *bucket_alloc;
if (conn->connection) {
return OK;
}
bucket_alloc = apr_bucket_alloc_create(conn->scpool);
/*
* The socket is now open, create a new backend server connection
*/
conn->connection = ap_run_create_connection(conn->scpool, s, conn->sock,
0, NULL,
bucket_alloc);
if (!conn->connection) {
/*
* the peer reset the connection already; ap_run_create_connection()
* closed the socket
*/
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
s, "proxy: %s: an error occurred creating a "
"new connection to %pI (%s)", proxy_function,
backend_addr, conn->hostname);
/* XXX: Will be closed when proxy_conn is closed */
socket_cleanup(conn);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* For ssl connection to backend */
if (conn->is_ssl) {
if (!ap_proxy_ssl_enable(conn->connection)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0,
s, "proxy: %s: failed to enable ssl support "
"for %pI (%s)", proxy_function,
backend_addr, conn->hostname);
return HTTP_INTERNAL_SERVER_ERROR;
}
}
else {
/* TODO: See if this will break FTP */
ap_proxy_ssl_disable(conn->connection);
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: %s: connection complete to %pI (%s)",
proxy_function, backend_addr, conn->hostname);
/*
* save the timeout of the socket because core_pre_connection
* will set it to base_server->timeout
* (core TimeOut directive).
*/
apr_socket_timeout_get(conn->sock, &current_timeout);
/* set up the connection filters */
rc = ap_run_pre_connection(conn->connection, conn->sock);
if (rc != OK && rc != DONE) {
conn->connection->aborted = 1;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: %s: pre_connection setup failed (%d)",
proxy_function, rc);
return rc;
}
apr_socket_timeout_set(conn->sock, current_timeout);
return OK;
}
int ap_proxy_lb_workers(void)
{
/*
* Since we can't resize the scoreboard when reconfiguring, we
* have to impose a limit on the number of workers, we are
* able to reconfigure to.
*/
if (!lb_workers_limit)
lb_workers_limit = proxy_lb_workers + PROXY_DYNAMIC_BALANCER_LIMIT;
return lb_workers_limit;
}
PROXY_DECLARE(void) ap_proxy_backend_broke(request_rec *r,
apr_bucket_brigade *brigade)
{
apr_bucket *e;
conn_rec *c = r->connection;
r->no_cache = 1;
/*
* If this is a subrequest, then prevent also caching of the main
* request.
*/
if (r->main)
r->main->no_cache = 1;
e = ap_bucket_error_create(HTTP_BAD_GATEWAY, NULL, c->pool,
c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(brigade, e);
e = apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(brigade, e);
}
/*
* Transform buckets from one bucket allocator to another one by creating a
* transient bucket for each data bucket and let it use the data read from
* the old bucket. Metabuckets are transformed by just recreating them.
* Attention: Currently only the following bucket types are handled:
*
* All data buckets
* FLUSH
* EOS
*
* If an other bucket type is found its type is logged as a debug message
* and APR_EGENERAL is returned.
*/
PROXY_DECLARE(apr_status_t)
ap_proxy_buckets_lifetime_transform(request_rec *r, apr_bucket_brigade *from,
apr_bucket_brigade *to)
{
apr_bucket *e;
apr_bucket *new;
const char *data;
apr_size_t bytes;
apr_status_t rv = APR_SUCCESS;
apr_brigade_cleanup(to);
for (e = APR_BRIGADE_FIRST(from);
e != APR_BRIGADE_SENTINEL(from);
e = APR_BUCKET_NEXT(e)) {
if (!APR_BUCKET_IS_METADATA(e)) {
apr_bucket_read(e, &data, &bytes, APR_BLOCK_READ);
new = apr_bucket_transient_create(data, bytes, r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(to, new);
}
else if (APR_BUCKET_IS_FLUSH(e)) {
new = apr_bucket_flush_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(to, new);
}
else if (APR_BUCKET_IS_EOS(e)) {
new = apr_bucket_eos_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(to, new);
}
else {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"proxy: Unhandled bucket type of type %s in"
" ap_proxy_buckets_lifetime_transform", e->type->name);
apr_bucket_delete(e);
rv = APR_EGENERAL;
}
}
return rv;
}
/*
* Provide a string hashing function for the proxy.
* We offer 2 methods: one is the APR model but we
* also provide our own, based on either FNV or SDBM.
* The reason is in case we want to use both to ensure no
* collisions.
*/
PROXY_DECLARE(unsigned int)
ap_proxy_hashfunc(const char *str, proxy_hash_t method)
{
if (method == PROXY_HASHFUNC_APR) {
apr_ssize_t slen = strlen(str);
return apr_hashfunc_default(str, &slen);
}
else if (method == PROXY_HASHFUNC_FNV) {
/* FNV model */
unsigned int hash;
const unsigned int fnv_prime = 0x811C9DC5;
for (hash = 0; *str; str++) {
hash *= fnv_prime;
hash ^= (*str);
}
return hash;
}
else { /* method == PROXY_HASHFUNC_DEFAULT */
/* SDBM model */
unsigned int hash;
for (hash = 0; *str; str++) {
hash = (*str) + (hash << 6) + (hash << 16) - hash;
}
return hash;
}
}