proxy_util.c revision a792dc2db8e08bd65be6ac844a1fdb001a456b1a
842ae4bd224140319ae7feec1872b93dfd491143fielding/* Licensed to the Apache Software Foundation (ASF) under one or more
842ae4bd224140319ae7feec1872b93dfd491143fielding * contributor license agreements. See the NOTICE file distributed with
842ae4bd224140319ae7feec1872b93dfd491143fielding * this work for additional information regarding copyright ownership.
842ae4bd224140319ae7feec1872b93dfd491143fielding * The ASF licenses this file to You under the Apache License, Version 2.0
842ae4bd224140319ae7feec1872b93dfd491143fielding * (the "License"); you may not use this file except in compliance with
842ae4bd224140319ae7feec1872b93dfd491143fielding * the License. You may obtain a copy of the License at
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * http://www.apache.org/licenses/LICENSE-2.0
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * Unless required by applicable law or agreed to in writing, software
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * distributed under the License is distributed on an "AS IS" BASIS,
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * See the License for the specific language governing permissions and
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * limitations under the License.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding */
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding
3568de757bac0b47256647504c186d17ca272f85rbb/* Utility routines for Apache proxy */
3568de757bac0b47256647504c186d17ca272f85rbb#include "mod_proxy.h"
3568de757bac0b47256647504c186d17ca272f85rbb#include "ap_mpm.h"
3568de757bac0b47256647504c186d17ca272f85rbb#include "scoreboard.h"
3568de757bac0b47256647504c186d17ca272f85rbb#include "apr_version.h"
3568de757bac0b47256647504c186d17ca272f85rbb#include "apr_hash.h"
3568de757bac0b47256647504c186d17ca272f85rbb#include "proxy_util.h"
3568de757bac0b47256647504c186d17ca272f85rbb#include "ajp.h"
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb#if APR_HAVE_UNISTD_H
3568de757bac0b47256647504c186d17ca272f85rbb#include <unistd.h> /* for getpid() */
3568de757bac0b47256647504c186d17ca272f85rbb#endif
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb#if (APR_MAJOR_VERSION < 1)
3568de757bac0b47256647504c186d17ca272f85rbb#undef apr_socket_create
3568de757bac0b47256647504c186d17ca272f85rbb#define apr_socket_create apr_socket_create_ex
3568de757bac0b47256647504c186d17ca272f85rbb#endif
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb#if APR_HAVE_SYS_UN_H
3568de757bac0b47256647504c186d17ca272f85rbb#include <sys/un.h>
3568de757bac0b47256647504c186d17ca272f85rbb#endif
3568de757bac0b47256647504c186d17ca272f85rbb#if (APR_MAJOR_VERSION < 2)
3568de757bac0b47256647504c186d17ca272f85rbb#include "apr_support.h" /* for apr_wait_for_io_or_timeout() */
3568de757bac0b47256647504c186d17ca272f85rbb#endif
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbbAPLOG_USE_MODULE(proxy);
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb/*
3568de757bac0b47256647504c186d17ca272f85rbb * Opaque structure containing target server info when
3568de757bac0b47256647504c186d17ca272f85rbb * using a forward proxy.
3568de757bac0b47256647504c186d17ca272f85rbb * Up to now only used in combination with HTTP CONNECT.
3568de757bac0b47256647504c186d17ca272f85rbb */
3568de757bac0b47256647504c186d17ca272f85rbbtypedef struct {
3568de757bac0b47256647504c186d17ca272f85rbb int use_http_connect; /* Use SSL Tunneling via HTTP CONNECT */
3568de757bac0b47256647504c186d17ca272f85rbb const char *target_host; /* Target hostname */
3568de757bac0b47256647504c186d17ca272f85rbb apr_port_t target_port; /* Target port */
3568de757bac0b47256647504c186d17ca272f85rbb const char *proxy_auth; /* Proxy authorization */
3568de757bac0b47256647504c186d17ca272f85rbb} forward_info;
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb/* Keep synced with mod_proxy.h! */
0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic struct wstat {
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding unsigned int bit;
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding char flag;
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *name;
3568de757bac0b47256647504c186d17ca272f85rbb} wstat_tbl[] = {
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick {PROXY_WORKER_INITIALIZED, PROXY_WORKER_INITIALIZED_FLAG, "Init "},
3568de757bac0b47256647504c186d17ca272f85rbb {PROXY_WORKER_IGNORE_ERRORS, PROXY_WORKER_IGNORE_ERRORS_FLAG, "Ign "},
3568de757bac0b47256647504c186d17ca272f85rbb {PROXY_WORKER_DRAIN, PROXY_WORKER_DRAIN_FLAG, "Drn "},
3568de757bac0b47256647504c186d17ca272f85rbb {PROXY_WORKER_IN_SHUTDOWN, PROXY_WORKER_IN_SHUTDOWN_FLAG, "Shut "},
3568de757bac0b47256647504c186d17ca272f85rbb {PROXY_WORKER_DISABLED, PROXY_WORKER_DISABLED_FLAG, "Dis "},
98fb535f829e2a95aabd82420931f476661fa8e3jorton {PROXY_WORKER_STOPPED, PROXY_WORKER_STOPPED_FLAG, "Stop "},
db12cd62083041bf90945eeb90cc40fbd2340797trawick {PROXY_WORKER_IN_ERROR, PROXY_WORKER_IN_ERROR_FLAG, "Err "},
db12cd62083041bf90945eeb90cc40fbd2340797trawick {PROXY_WORKER_HOT_STANDBY, PROXY_WORKER_HOT_STANDBY_FLAG, "Stby "},
db12cd62083041bf90945eeb90cc40fbd2340797trawick {PROXY_WORKER_FREE, PROXY_WORKER_FREE_FLAG, "Free "},
333eac96e4fb7d6901cb75e6ca7bb22b2ccb84cetrawick {0x0, '\0', NULL}
333eac96e4fb7d6901cb75e6ca7bb22b2ccb84cetrawick};
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem
3568de757bac0b47256647504c186d17ca272f85rbb/* Global balancer counter */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzint PROXY_DECLARE_DATA proxy_lb_workers = 0;
3568de757bac0b47256647504c186d17ca272f85rbbstatic int lb_workers_limit = 0;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzconst apr_strmatch_pattern PROXY_DECLARE_DATA *ap_proxy_strmatch_path;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzconst apr_strmatch_pattern PROXY_DECLARE_DATA *ap_proxy_strmatch_domain;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingextern apr_global_mutex_t *proxy_mutex;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r);
0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic int proxy_match_domainname(struct dirconn_entry *This, request_rec *r);
0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic int proxy_match_hostname(struct dirconn_entry *This, request_rec *r);
8f3ec4772d2aeb347cf40e87c77627bb784dd018rbbstatic int proxy_match_word(struct dirconn_entry *This, request_rec *r);
8f3ec4772d2aeb347cf40e87c77627bb784dd018rbb
3d96ee83babeec32482c9082c9426340cee8c44dwroweAPR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(proxy, PROXY, int, create_req,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding (request_rec *r, request_rec *pr), (r, pr),
397df70abe0bdd78a84fb6c38c02641bcfeadceasf OK, DECLINED)
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick
98fb535f829e2a95aabd82420931f476661fa8e3jortonPROXY_DECLARE(apr_status_t) ap_proxy_strncpy(char *dst, const char *src,
f0e395a55abfcad3d2bd7c63470003b08a93d567nd apr_size_t dlen)
f0e395a55abfcad3d2bd7c63470003b08a93d567nd{
f0e395a55abfcad3d2bd7c63470003b08a93d567nd char *thenil;
f0e395a55abfcad3d2bd7c63470003b08a93d567nd apr_size_t thelen;
98fb535f829e2a95aabd82420931f476661fa8e3jorton
7cd5419264796cfeaf8215383cf0f89130a81fectrawick /* special case handling */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick if (!dlen) {
7cd5419264796cfeaf8215383cf0f89130a81fectrawick /* XXX: APR_ENOSPACE would be better */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return APR_EGENERAL;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick if (!src) {
7cd5419264796cfeaf8215383cf0f89130a81fectrawick *dst = '\0';
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return APR_SUCCESS;
3568de757bac0b47256647504c186d17ca272f85rbb }
41634f717c623556a16b27b25d7d909a66fe20f8wrowe thenil = apr_cpystrn(dst, src, dlen);
3568de757bac0b47256647504c186d17ca272f85rbb thelen = thenil - dst;
3568de757bac0b47256647504c186d17ca272f85rbb if (src[thelen] == '\0') {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return APR_SUCCESS;
3568de757bac0b47256647504c186d17ca272f85rbb }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return APR_EGENERAL;
3568de757bac0b47256647504c186d17ca272f85rbb}
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
3568de757bac0b47256647504c186d17ca272f85rbb/* already called in the knowledge that the characters are hex digits */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzPROXY_DECLARE(int) ap_proxy_hex2c(const char *x)
3568de757bac0b47256647504c186d17ca272f85rbb{
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding int i;
41634f717c623556a16b27b25d7d909a66fe20f8wrowe
3568de757bac0b47256647504c186d17ca272f85rbb#if !APR_CHARSET_EBCDIC
3568de757bac0b47256647504c186d17ca272f85rbb int ch = x[0];
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
3568de757bac0b47256647504c186d17ca272f85rbb if (apr_isdigit(ch)) {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz i = ch - '0';
3568de757bac0b47256647504c186d17ca272f85rbb }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz else if (apr_isupper(ch)) {
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding i = ch - ('A' - 10);
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz else {
3568de757bac0b47256647504c186d17ca272f85rbb i = ch - ('a' - 10);
fc1efab92032301e317f07e1b3a00082d9d71f3frbb }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz i <<= 4;
24b534291150023e6b68eca89ddd33e475ccddc0wrowe
3568de757bac0b47256647504c186d17ca272f85rbb ch = x[1];
24b534291150023e6b68eca89ddd33e475ccddc0wrowe if (apr_isdigit(ch)) {
3568de757bac0b47256647504c186d17ca272f85rbb i += ch - '0';
24b534291150023e6b68eca89ddd33e475ccddc0wrowe }
24b534291150023e6b68eca89ddd33e475ccddc0wrowe else if (apr_isupper(ch)) {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz i += ch - ('A' - 10);
3568de757bac0b47256647504c186d17ca272f85rbb }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz else {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz i += ch - ('a' - 10);
3568de757bac0b47256647504c186d17ca272f85rbb }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return i;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz#else /*APR_CHARSET_EBCDIC*/
3568de757bac0b47256647504c186d17ca272f85rbb /*
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * we assume that the hex value refers to an ASCII character
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * so convert to EBCDIC so that it makes sense locally;
3568de757bac0b47256647504c186d17ca272f85rbb *
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * example:
3568de757bac0b47256647504c186d17ca272f85rbb *
3568de757bac0b47256647504c186d17ca272f85rbb * client specifies %20 in URL to refer to a space char;
3568de757bac0b47256647504c186d17ca272f85rbb * at this point we're called with EBCDIC "20"; after turning
3568de757bac0b47256647504c186d17ca272f85rbb * EBCDIC "20" into binary 0x20, we then need to assume that 0x20
3568de757bac0b47256647504c186d17ca272f85rbb * represents an ASCII char and convert 0x20 to EBCDIC, yielding
3568de757bac0b47256647504c186d17ca272f85rbb * 0x40
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz char buf[1];
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (1 == sscanf(x, "%2x", &i)) {
3568de757bac0b47256647504c186d17ca272f85rbb buf[0] = i & 0xFF;
3568de757bac0b47256647504c186d17ca272f85rbb ap_xlate_proto_from_ascii(buf, 1);
3568de757bac0b47256647504c186d17ca272f85rbb return buf[0];
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb else {
3568de757bac0b47256647504c186d17ca272f85rbb return 0;
3568de757bac0b47256647504c186d17ca272f85rbb }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz#endif /*APR_CHARSET_EBCDIC*/
3568de757bac0b47256647504c186d17ca272f85rbb}
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbbPROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x)
3568de757bac0b47256647504c186d17ca272f85rbb{
3568de757bac0b47256647504c186d17ca272f85rbb#if !APR_CHARSET_EBCDIC
3568de757bac0b47256647504c186d17ca272f85rbb int i;
3568de757bac0b47256647504c186d17ca272f85rbb
397df70abe0bdd78a84fb6c38c02641bcfeadceasf x[0] = '%';
397df70abe0bdd78a84fb6c38c02641bcfeadceasf i = (ch & 0xF0) >> 4;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf if (i >= 10) {
397df70abe0bdd78a84fb6c38c02641bcfeadceasf x[1] = ('A' - 10) + i;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf }
3568de757bac0b47256647504c186d17ca272f85rbb else {
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding x[1] = '0' + i;
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }
3568de757bac0b47256647504c186d17ca272f85rbb
239f998fbee5ac5b114b965bb76e217cce0003edstoddard i = ch & 0x0F;
78ae889ffe0fdfab72f56c6993b0f302cb48da55rbb if (i >= 10) {
3568de757bac0b47256647504c186d17ca272f85rbb x[2] = ('A' - 10) + i;
6653a33e820463abd4f81915b7a1eba0f602e200brianp }
6653a33e820463abd4f81915b7a1eba0f602e200brianp else {
6653a33e820463abd4f81915b7a1eba0f602e200brianp x[2] = '0' + i;
41634f717c623556a16b27b25d7d909a66fe20f8wrowe }
41634f717c623556a16b27b25d7d909a66fe20f8wrowe#else /*APR_CHARSET_EBCDIC*/
6653a33e820463abd4f81915b7a1eba0f602e200brianp static const char ntoa[] = { "0123456789ABCDEF" };
3568de757bac0b47256647504c186d17ca272f85rbb char buf[1];
6653a33e820463abd4f81915b7a1eba0f602e200brianp
6653a33e820463abd4f81915b7a1eba0f602e200brianp ch &= 0xFF;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm buf[0] = ch;
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick ap_xlate_proto_to_ascii(buf, 1);
36c8049de63c446926139936c3d195330a0539cetrawick
3568de757bac0b47256647504c186d17ca272f85rbb x[0] = '%';
dd028aa8111afb6534fece555e8c2d408894671etrawick x[1] = ntoa[(buf[0] >> 4) & 0x0F];
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin x[2] = ntoa[buf[0] & 0x0F];
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin x[3] = '\0';
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin#endif /*APR_CHARSET_EBCDIC*/
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin}
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin/*
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin * canonicalise a URL-encoded string
ca53a74f4012a45cbad48e940eddf27d866981f9dougm */
ca53a74f4012a45cbad48e940eddf27d866981f9dougm
ca53a74f4012a45cbad48e940eddf27d866981f9dougm/*
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin * Convert a URL-encoded string to canonical form.
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin * It decodes characters which need not be encoded,
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin * and encodes those which must be encoded, and does not touch
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin * those which must not be touched.
dd028aa8111afb6534fece555e8c2d408894671etrawick */
dd028aa8111afb6534fece555e8c2d408894671etrawickPROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
6653a33e820463abd4f81915b7a1eba0f602e200brianp enum enctype t, int forcedec,
6653a33e820463abd4f81915b7a1eba0f602e200brianp int proxyreq)
6653a33e820463abd4f81915b7a1eba0f602e200brianp{
6653a33e820463abd4f81915b7a1eba0f602e200brianp int i, j, ch;
6653a33e820463abd4f81915b7a1eba0f602e200brianp char *y;
6653a33e820463abd4f81915b7a1eba0f602e200brianp char *allowed; /* characters which should not be encoded */
6653a33e820463abd4f81915b7a1eba0f602e200brianp char *reserved; /* characters which much not be en/de-coded */
6653a33e820463abd4f81915b7a1eba0f602e200brianp
6653a33e820463abd4f81915b7a1eba0f602e200brianp/*
6653a33e820463abd4f81915b7a1eba0f602e200brianp * N.B. in addition to :@&=, this allows ';' in an http path
6653a33e820463abd4f81915b7a1eba0f602e200brianp * and '?' in an ftp path -- this may be revised
6653a33e820463abd4f81915b7a1eba0f602e200brianp *
6653a33e820463abd4f81915b7a1eba0f602e200brianp * Also, it makes a '+' character in a search string reserved, as
6653a33e820463abd4f81915b7a1eba0f602e200brianp * it may be form-encoded. (Although RFC 1738 doesn't allow this -
6653a33e820463abd4f81915b7a1eba0f602e200brianp * it only permits ; / ? : @ = & as reserved chars.)
6653a33e820463abd4f81915b7a1eba0f602e200brianp */
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick if (t == enc_path) {
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick allowed = "~$-_.+!*'(),;:@&=";
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick }
239f998fbee5ac5b114b965bb76e217cce0003edstoddard else if (t == enc_search) {
3568de757bac0b47256647504c186d17ca272f85rbb allowed = "$-_.!*'(),;:@&=";
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb else if (t == enc_user) {
12901074f5d6b36d08be84d8637b6f2c21e0da26trawick allowed = "$-_.+!*'(),;@&=";
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard else if (t == enc_fpath) {
3568de757bac0b47256647504c186d17ca272f85rbb allowed = "$-_.+!*'(),?:@&=";
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
48d2edbfb84e5559b5da0f8d614ccab805cc67a8rbb else { /* if (t == enc_parm) */
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding allowed = "$-_.+!*'(),?/:@&=";
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton if (t == enc_path) {
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding reserved = "/";
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb else if (t == enc_search) {
3568de757bac0b47256647504c186d17ca272f85rbb reserved = "+";
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb else {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard reserved = "";
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz y = apr_palloc(p, 3 * len + 1);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem for (i = 0, j = 0; i < len; i++, j++) {
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem/* always handle '/' first */
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem ch = x[i];
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem if (strchr(reserved, ch)) {
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem y[j] = ch;
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem continue;
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem }
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem/*
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem * decode it if not already done. do not decode reverse proxied URLs
83a5021aef5ebb67395b93f75df4fd0f0b4fc8c8fuankg * unless specifically forced
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard */
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem if ((forcedec || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2])) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return NULL;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ch = ap_proxy_hex2c(&x[i + 1]);
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton i += 2;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (ch != 0 && strchr(reserved, ch)) { /* keep it encoded */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ap_proxy_c2hex(ch, &y[j]);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard j += 2;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard continue;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard/* recode it, if necessary */
3568de757bac0b47256647504c186d17ca272f85rbb if (!apr_isalnum(ch) && !strchr(allowed, ch)) {
3568de757bac0b47256647504c186d17ca272f85rbb ap_proxy_c2hex(ch, &y[j]);
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick j += 2;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick else {
7cd5419264796cfeaf8215383cf0f89130a81fectrawick y[j] = ch;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
e8f95a682820a599fe41b22977010636be5c2717jim }
98cd3186185bb28ae6c95a3f159899fcf56a663ftrawick y[j] = '\0';
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick return y;
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick}
3568de757bac0b47256647504c186d17ca272f85rbb
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe/*
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm * Parses network-location.
397df70abe0bdd78a84fb6c38c02641bcfeadceasf * urlp on input the URL; on output the path, after the leading /
397df70abe0bdd78a84fb6c38c02641bcfeadceasf * user NULL if no user/password permitted
397df70abe0bdd78a84fb6c38c02641bcfeadceasf * password holder for password
397df70abe0bdd78a84fb6c38c02641bcfeadceasf * host holder for host
397df70abe0bdd78a84fb6c38c02641bcfeadceasf * port port number; only set if one is supplied.
397df70abe0bdd78a84fb6c38c02641bcfeadceasf *
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * Returns an error string.
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm */
64c351fd973428b5bb4c28e983fa86875ea4e60fdougmPROXY_DECLARE(char *)
3cbd177a6c885562f9ad0cf11695f044489c881dgregames ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp,
dd028aa8111afb6534fece555e8c2d408894671etrawick char **passwordp, char **hostp, apr_port_t *port)
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard{
3cbd177a6c885562f9ad0cf11695f044489c881dgregames char *addr, *scope_id, *strp, *host, *url = *urlp;
3cbd177a6c885562f9ad0cf11695f044489c881dgregames char *user = NULL, *password = NULL;
3cbd177a6c885562f9ad0cf11695f044489c881dgregames apr_port_t tmp_port;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard apr_status_t rv;
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (url[0] != '/' || url[1] != '/') {
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames return "Malformed URL";
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames }
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames host = url + 2;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard url = strchr(host, '/');
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm if (url == NULL) {
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm url = "";
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard else {
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard *(url++) = '\0'; /* skip separating '/' */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick /* find _last_ '@' since it might occur in user/password part */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick strp = strrchr(host, '@');
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick if (strp != NULL) {
7cd5419264796cfeaf8215383cf0f89130a81fectrawick *strp = '\0';
7cd5419264796cfeaf8215383cf0f89130a81fectrawick user = host;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick host = strp + 1;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick/* find password */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick strp = strchr(user, ':');
7cd5419264796cfeaf8215383cf0f89130a81fectrawick if (strp != NULL) {
7cd5419264796cfeaf8215383cf0f89130a81fectrawick *strp = '\0';
7cd5419264796cfeaf8215383cf0f89130a81fectrawick password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, 1, 0);
7cd5419264796cfeaf8215383cf0f89130a81fectrawick if (password == NULL) {
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return "Bad %-escape in URL (password)";
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick user = ap_proxy_canonenc(p, user, strlen(user), enc_user, 1, 0);
7cd5419264796cfeaf8215383cf0f89130a81fectrawick if (user == NULL) {
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard return "Bad %-escape in URL (username)";
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (userp != NULL) {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz *userp = user;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (passwordp != NULL) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard *passwordp = password;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /*
3568de757bac0b47256647504c186d17ca272f85rbb * Parse the host string to separate host portion from optional port.
7cd5419264796cfeaf8215383cf0f89130a81fectrawick * Perform range checking on port.
7cd5419264796cfeaf8215383cf0f89130a81fectrawick */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick rv = apr_parse_addr_port(&addr, &scope_id, &tmp_port, host, p);
7cd5419264796cfeaf8215383cf0f89130a81fectrawick if (rv != APR_SUCCESS || addr == NULL || scope_id != NULL) {
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return "Invalid host/port";
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm if (tmp_port != 0) { /* only update caller's port if port was specified */
3568de757bac0b47256647504c186d17ca272f85rbb *port = tmp_port;
3568de757bac0b47256647504c186d17ca272f85rbb }
74fd6d9aeadb9022086259c5c1ae00bc0dda9c9astoddard
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp ap_str_tolower(addr); /* DNS names are case-insensitive */
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp
3568de757bac0b47256647504c186d17ca272f85rbb *urlp = url;
3568de757bac0b47256647504c186d17ca272f85rbb *hostp = addr;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return NULL;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard}
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
b5ffe4f30780fb159db08bd9f628980d2a092711sfPROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *message)
b5ffe4f30780fb159db08bd9f628980d2a092711sf{
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard const char *uri = ap_escape_html(r->pool, r->uri);
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick apr_table_setn(r->notes, "error-notes",
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard apr_pstrcat(r->pool,
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard "The proxy server could not handle the request <em><a href=\"",
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard uri, "\">", ap_escape_html(r->pool, r->method), "&nbsp;", uri,
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "</a></em>.<p>\n"
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "Reason: <strong>", ap_escape_html(r->pool, message),
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard "</strong></p>",
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz NULL));
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* Allow "error-notes" string to be printed by ap_send_error_response() */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard apr_table_setn(r->notes, "verbose-error-to", "*");
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
dd028aa8111afb6534fece555e8c2d408894671etrawick r->status_line = apr_psprintf(r->pool, "%3.3u Proxy Error", statuscode);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00898) "%s returned by %s", message,
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard r->uri);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return statuscode;
3568de757bac0b47256647504c186d17ca272f85rbb}
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbbstatic const char *
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard proxy_get_host_of_request(request_rec *r)
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz{
f714f1a7002928d785e53e70349700a7f595fee3trawick char *url, *user = NULL, *password = NULL, *err, *host = NULL;
f714f1a7002928d785e53e70349700a7f595fee3trawick apr_port_t port;
3568de757bac0b47256647504c186d17ca272f85rbb
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard if (r->hostname != NULL) {
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh return r->hostname;
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh }
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh /* Set url to the first char after "scheme://" */
3568de757bac0b47256647504c186d17ca272f85rbb if ((url = strchr(r->uri, ':')) == NULL || url[1] != '/' || url[2] != '/') {
3568de757bac0b47256647504c186d17ca272f85rbb return NULL;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
663237d6bcc59ac0997d71d48a1baa55fa29a3d8jim
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard url = apr_pstrdup(r->pool, &url[1]); /* make it point to "//", which is what proxy_canon_netloc expects */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
3568de757bac0b47256647504c186d17ca272f85rbb err = ap_proxy_canon_netloc(r->pool, &url, &user, &password, &host, &port);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (err != NULL) {
663237d6bcc59ac0997d71d48a1baa55fa29a3d8jim ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00899) "%s", err);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard r->hostname = host;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return host; /* ought to return the port, too */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard}
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard/* Return TRUE if addr represents an IP address (or an IP network address) */
3568de757bac0b47256647504c186d17ca272f85rbbPROXY_DECLARE(int) ap_proxy_is_ipaddr(struct dirconn_entry *This, apr_pool_t *p)
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard{
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh const char *addr = This->name;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard long ip_addr[4];
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard int i, quads;
3568de757bac0b47256647504c186d17ca272f85rbb long bits;
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh /*
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh * if the address is given with an explicit netmask, use that
3568de757bac0b47256647504c186d17ca272f85rbb * Due to a deficiency in apr_inet_addr(), it is impossible to parse
3568de757bac0b47256647504c186d17ca272f85rbb * "partial" addresses (with less than 4 quads) correctly, i.e.
663237d6bcc59ac0997d71d48a1baa55fa29a3d8jim * 192.168.123 is parsed as 192.168.0.123, which is not what I want.
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * I therefore have to parse the IP address manually:
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * if (proxy_readmask(This->name, &This->addr.s_addr, &This->mask.s_addr) == 0)
3568de757bac0b47256647504c186d17ca272f85rbb * addr and mask were set by proxy_readmask()
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * return 1;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /*
3568de757bac0b47256647504c186d17ca272f85rbb * Parse IP addr manually, optionally allowing
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * abbreviated net addresses like 192.168.
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* Iterate over up to 4 (dotted) quads. */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard for (quads = 0; quads < 4 && *addr != '\0'; ++quads) {
3568de757bac0b47256647504c186d17ca272f85rbb char *tmp;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (*addr == '/' && quads > 0) { /* netmask starts here. */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz break;
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (!apr_isdigit(*addr)) {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return 0; /* no digit at start of quad */
3568de757bac0b47256647504c186d17ca272f85rbb }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
3568de757bac0b47256647504c186d17ca272f85rbb ip_addr[quads] = strtol(addr, &tmp, 0);
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb if (tmp == addr) { /* expected a digit, found something else */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return 0;
3568de757bac0b47256647504c186d17ca272f85rbb }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
3568de757bac0b47256647504c186d17ca272f85rbb if (ip_addr[quads] < 0 || ip_addr[quads] > 255) {
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick /* invalid octet */
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick return 0;
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz addr = tmp;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (*addr == '.' && quads != 3) {
beb70d51e435dc36c56a72b6cd83556c04db9283wrowe ++addr; /* after the 4th quad, a dot would be illegal */
fe6baec9bbcd36f932b71a355120cd7b5a685d6cfielding }
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard for (This->addr.s_addr = 0, i = 0; i < quads; ++i) {
3568de757bac0b47256647504c186d17ca272f85rbb This->addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (addr[0] == '/' && apr_isdigit(addr[1])) { /* net mask follows: */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard char *tmp;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ++addr;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard bits = strtol(addr, &tmp, 0);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (tmp == addr) { /* expected a digit, found something else */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return 0;
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe }
397df70abe0bdd78a84fb6c38c02641bcfeadceasf
397df70abe0bdd78a84fb6c38c02641bcfeadceasf addr = tmp;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (bits < 0 || bits > 32) { /* netmask must be between 0 and 32 */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return 0;
8e9734d1a4af74c141e2a0f880bb51bb061fa03atrawick }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard else {
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick /*
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick * Determine (i.e., "guess") netmask by counting the
3568de757bac0b47256647504c186d17ca272f85rbb * number of trailing .0's; reduce #quads appropriately
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * (so that 192.168.0.0 is equivalent to 192.168.)
cb97ae2ff6969c2789b8e03f1bc4187fa73b6bafwrowe */
0f113d7123e8bd3e3e2e9b6373461a1a773bfccatrawick while (quads > 0 && ip_addr[quads - 1] == 0) {
0f113d7123e8bd3e3e2e9b6373461a1a773bfccatrawick --quads;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* "IP Address should be given in dotted-quad form, optionally followed by a netmask (e.g., 192.168.111.0/24)"; */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (quads < 1) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return 0;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
3568de757bac0b47256647504c186d17ca272f85rbb /* every zero-byte counts as 8 zero-bits */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard bits = 8 * quads;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (bits != 32) { /* no warning for fully qualified IP address */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00900)
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard "Warning: NetMask not supplied with IP-Addr; guessing: %s/%ld",
3568de757bac0b47256647504c186d17ca272f85rbb inet_ntoa(This->addr), bits);
3568de757bac0b47256647504c186d17ca272f85rbb }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick This->mask.s_addr = htonl(APR_INADDR_NONE << (32 - bits));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (*addr == '\0' && (This->addr.s_addr & ~This->mask.s_addr) != 0) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00901)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "Warning: NetMask and IP-Addr disagree in %s/%ld",
f886987cd0bd4220c14043c4d9be77ec22902e73trawick inet_ntoa(This->addr), bits);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick This->addr.s_addr &= This->mask.s_addr;
f886987cd0bd4220c14043c4d9be77ec22902e73trawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00902)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick " Set to %s/%ld", inet_ntoa(This->addr), bits);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (*addr == '\0') {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz This->matcher = proxy_match_ipaddr;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return 1;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe else {
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick return (*addr == '\0'); /* okay iff we've parsed the whole string */
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm }
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm}
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick/* Return TRUE if addr represents an IP address (or an IP network address) */
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawickstatic int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r)
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick{
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm int i, ip_addr[4];
3568de757bac0b47256647504c186d17ca272f85rbb struct in_addr addr, *ip;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm const char *host = proxy_get_host_of_request(r);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (host == NULL) { /* oops! */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return 0;
e8f95a682820a599fe41b22977010636be5c2717jim }
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz memset(&addr, '\0', sizeof addr);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz memset(ip_addr, '\0', sizeof ip_addr);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm if (4 == sscanf(host, "%d.%d.%d.%d", &ip_addr[0], &ip_addr[1], &ip_addr[2], &ip_addr[3])) {
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm for (addr.s_addr = 0, i = 0; i < 4; ++i) {
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /* ap_proxy_is_ipaddr() already confirmed that we have
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm * a valid octet in ip_addr[i]
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm */
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
36c8049de63c446926139936c3d195330a0539cetrawick }
36c8049de63c446926139936c3d195330a0539cetrawick
36c8049de63c446926139936c3d195330a0539cetrawick if (This->addr.s_addr == (addr.s_addr & This->mask.s_addr)) {
36c8049de63c446926139936c3d195330a0539cetrawick#if DEBUGGING
36c8049de63c446926139936c3d195330a0539cetrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00903)
36c8049de63c446926139936c3d195330a0539cetrawick "1)IP-Match: %s[%s] <-> ", host, inet_ntoa(addr));
36c8049de63c446926139936c3d195330a0539cetrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00904)
36c8049de63c446926139936c3d195330a0539cetrawick "%s/", inet_ntoa(This->addr));
e8f95a682820a599fe41b22977010636be5c2717jim ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00905)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "%s", inet_ntoa(This->mask));
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm#endif
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return 1;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
36c8049de63c446926139936c3d195330a0539cetrawick#if DEBUGGING
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick else {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00906)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "1)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(addr));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00907)
cb97ae2ff6969c2789b8e03f1bc4187fa73b6bafwrowe "%s/", inet_ntoa(This->addr));
36c8049de63c446926139936c3d195330a0539cetrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00908)
36c8049de63c446926139936c3d195330a0539cetrawick "%s", inet_ntoa(This->mask));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
e8f95a682820a599fe41b22977010636be5c2717jim#endif
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick else {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick struct apr_sockaddr_t *reqaddr;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (apr_sockaddr_info_get(&reqaddr, host, APR_UNSPEC, 0, 0, r->pool)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick != APR_SUCCESS) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick#if DEBUGGING
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00909)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "2)IP-NoMatch: hostname=%s msg=Host not found", host);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick#endif
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return 0;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* Try to deal with multiple IP addr's for a host */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* FIXME: This needs to be able to deal with IPv6 */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick while (reqaddr) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ip = (struct in_addr *) reqaddr->ipaddr_ptr;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (This->addr.s_addr == (ip->s_addr & This->mask.s_addr)) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick#if DEBUGGING
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00910)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "3)IP-Match: %s[%s] <-> ", host, inet_ntoa(*ip));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00911)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "%s/", inet_ntoa(This->addr));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00912)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "%s", inet_ntoa(This->mask));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick#endif
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return 1;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick#if DEBUGGING
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick else {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00913)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "3)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(*ip));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00914)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "%s/", inet_ntoa(This->addr));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, APLOGNO(00915)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "%s", inet_ntoa(This->mask));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick#endif
e8f95a682820a599fe41b22977010636be5c2717jim reqaddr = reqaddr->next;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
f886987cd0bd4220c14043c4d9be77ec22902e73trawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
f886987cd0bd4220c14043c4d9be77ec22902e73trawick return 0;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick}
f886987cd0bd4220c14043c4d9be77ec22902e73trawick
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm/* Return TRUE if addr represents a domain name */
64c351fd973428b5bb4c28e983fa86875ea4e60fdougmPROXY_DECLARE(int) ap_proxy_is_domainname(struct dirconn_entry *This, apr_pool_t *p)
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm{
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm char *addr = This->name;
3568de757bac0b47256647504c186d17ca272f85rbb int i;
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp /* Domain name must start with a '.' */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (addr[0] != '.') {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return 0;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick for (i = 0; apr_isalnum(addr[i]) || addr[i] == '-' || addr[i] == '.'; ++i) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick continue;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick#if 0
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (addr[i] == ':') {
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "@@@@ handle optional port in proxy_is_domainname()");
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton /* @@@@ handle optional port */
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick#endif
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (addr[i] != '\0') {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return 0;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm }
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* Strip trailing dots */
36c8049de63c446926139936c3d195330a0539cetrawick for (i = strlen(addr) - 1; i > 0 && addr[i] == '.'; --i) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick addr[i] = '\0';
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
f886987cd0bd4220c14043c4d9be77ec22902e73trawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick This->matcher = proxy_match_domainname;
cb97ae2ff6969c2789b8e03f1bc4187fa73b6bafwrowe return 1;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick}
36c8049de63c446926139936c3d195330a0539cetrawick
36c8049de63c446926139936c3d195330a0539cetrawick/* Return TRUE if host "host" is in domain "domain" */
36c8049de63c446926139936c3d195330a0539cetrawickstatic int proxy_match_domainname(struct dirconn_entry *This, request_rec *r)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick{
e8f95a682820a599fe41b22977010636be5c2717jim const char *host = proxy_get_host_of_request(r);
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm int d_len = strlen(This->name), h_len;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (host == NULL) { /* some error was logged already */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return 0;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick h_len = strlen(host);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* @@@ do this within the setup? */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* Ignore trailing dots in domain comparison: */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick while (d_len > 0 && This->name[d_len - 1] == '.') {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick --d_len;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick while (h_len > 0 && host[h_len - 1] == '.') {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick --h_len;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return h_len > d_len
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick && strncasecmp(&host[h_len - d_len], This->name, d_len) == 0;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick}
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick/* Return TRUE if host represents a host name */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawickPROXY_DECLARE(int) ap_proxy_is_hostname(struct dirconn_entry *This, apr_pool_t *p)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick{
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick struct apr_sockaddr_t *addr;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick char *host = This->name;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick int i;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* Host names must not start with a '.' */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (host[0] == '.') {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return 0;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick for (i = 0; apr_isalnum(host[i]) || host[i] == '-' || host[i] == '.'; ++i);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (host[i] != '\0' || apr_sockaddr_info_get(&addr, host, APR_UNSPEC, 0, 0, p) != APR_SUCCESS) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return 0;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
e8f95a682820a599fe41b22977010636be5c2717jim This->hostaddr = addr;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* Strip trailing dots */
f886987cd0bd4220c14043c4d9be77ec22902e73trawick for (i = strlen(host) - 1; i > 0 && host[i] == '.'; --i) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick host[i] = '\0';
f886987cd0bd4220c14043c4d9be77ec22902e73trawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
f886987cd0bd4220c14043c4d9be77ec22902e73trawick This->matcher = proxy_match_hostname;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm return 1;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm}
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm/* Return TRUE if host "host" is equal to host2 "host2" */
3568de757bac0b47256647504c186d17ca272f85rbbstatic int proxy_match_hostname(struct dirconn_entry *This, request_rec *r)
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp{
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp char *host = This->name;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick const char *host2 = proxy_get_host_of_request(r);
e8f95a682820a599fe41b22977010636be5c2717jim int h2_len;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick int h1_len;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (host == NULL || host2 == NULL) {
e8f95a682820a599fe41b22977010636be5c2717jim return 0; /* oops! */
44d2e75323651320b480d8bc2f098448a08de4fcwrowe }
44d2e75323651320b480d8bc2f098448a08de4fcwrowe
44d2e75323651320b480d8bc2f098448a08de4fcwrowe h2_len = strlen(host2);
44d2e75323651320b480d8bc2f098448a08de4fcwrowe h1_len = strlen(host);
44d2e75323651320b480d8bc2f098448a08de4fcwrowe
44d2e75323651320b480d8bc2f098448a08de4fcwrowe#if 0
44d2e75323651320b480d8bc2f098448a08de4fcwrowe struct apr_sockaddr_t *addr = *This->hostaddr;
44d2e75323651320b480d8bc2f098448a08de4fcwrowe
44d2e75323651320b480d8bc2f098448a08de4fcwrowe /* Try to deal with multiple IP addr's for a host */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick while (addr) {
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick if (addr->ipaddr_ptr == ? ? ? ? ? ? ? ? ? ? ? ? ?)
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick return 1;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz addr = addr->next;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz#endif
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe
3568de757bac0b47256647504c186d17ca272f85rbb /* Ignore trailing dots in host2 comparison: */
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe while (h2_len > 0 && host2[h2_len - 1] == '.') {
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe --h2_len;
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe }
f886987cd0bd4220c14043c4d9be77ec22902e73trawick while (h1_len > 0 && host[h1_len - 1] == '.') {
f886987cd0bd4220c14043c4d9be77ec22902e73trawick --h1_len;
f886987cd0bd4220c14043c4d9be77ec22902e73trawick }
f886987cd0bd4220c14043c4d9be77ec22902e73trawick return h1_len == h2_len
f886987cd0bd4220c14043c4d9be77ec22902e73trawick && strncasecmp(host, host2, h1_len) == 0;
f886987cd0bd4220c14043c4d9be77ec22902e73trawick}
f886987cd0bd4220c14043c4d9be77ec22902e73trawick
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe/* Return TRUE if addr is to be matched as a word */
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowePROXY_DECLARE(int) ap_proxy_is_word(struct dirconn_entry *This, apr_pool_t *p)
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe{
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe This->matcher = proxy_match_word;
3568de757bac0b47256647504c186d17ca272f85rbb return 1;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz}
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz/* Return TRUE if string "str2" occurs literally in "str1" */
3568de757bac0b47256647504c186d17ca272f85rbbstatic int proxy_match_word(struct dirconn_entry *This, request_rec *r)
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz{
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz const char *host = proxy_get_host_of_request(r);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return host != NULL && ap_strstr_c(host, This->name) != NULL;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz}
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
3568de757bac0b47256647504c186d17ca272f85rbb#define MAX_IP_STR_LEN (46)
3568de757bac0b47256647504c186d17ca272f85rbb
98fb535f829e2a95aabd82420931f476661fa8e3jortonPROXY_DECLARE(int) ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *conf,
98fb535f829e2a95aabd82420931f476661fa8e3jorton const char *hostname, apr_sockaddr_t *addr)
e8f95a682820a599fe41b22977010636be5c2717jim{
e8f95a682820a599fe41b22977010636be5c2717jim int j;
98fb535f829e2a95aabd82420931f476661fa8e3jorton
98fb535f829e2a95aabd82420931f476661fa8e3jorton /* XXX FIXME: conf->noproxies->elts is part of an opaque structure */
e8f95a682820a599fe41b22977010636be5c2717jim for (j = 0; j < conf->noproxies->nelts; j++) {
98fb535f829e2a95aabd82420931f476661fa8e3jorton struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
98fb535f829e2a95aabd82420931f476661fa8e3jorton struct apr_sockaddr_t *conf_addr;
98fb535f829e2a95aabd82420931f476661fa8e3jorton
3568de757bac0b47256647504c186d17ca272f85rbb ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "checking remote machine [%s] against [%s]",
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz hostname, npent[j].name);
3568de757bac0b47256647504c186d17ca272f85rbb if (ap_strstr_c(hostname, npent[j].name) || npent[j].name[0] == '*') {
3568de757bac0b47256647504c186d17ca272f85rbb ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(00916)
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding "connect to remote machine %s blocked: name %s "
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding "matched", hostname, npent[j].name);
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return HTTP_FORBIDDEN;
85c5af648e9f414bd4f157490766d2fd5515a9f5rpluem }
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe /* No IP address checks if no IP address was passed in,
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe * i.e. the forward address proxy case, where this server does
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe * not resolve the hostname. */
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe if (!addr)
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe continue;
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe
85c5af648e9f414bd4f157490766d2fd5515a9f5rpluem for (conf_addr = npent[j].addr; conf_addr; conf_addr = conf_addr->next) {
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe char caddr[MAX_IP_STR_LEN], uaddr[MAX_IP_STR_LEN];
3568de757bac0b47256647504c186d17ca272f85rbb apr_sockaddr_t *uri_addr;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (apr_sockaddr_ip_getbuf(caddr, sizeof caddr, conf_addr))
3568de757bac0b47256647504c186d17ca272f85rbb continue;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz for (uri_addr = addr; uri_addr; uri_addr = uri_addr->next) {
3568de757bac0b47256647504c186d17ca272f85rbb if (apr_sockaddr_ip_getbuf(uaddr, sizeof uaddr, uri_addr))
3568de757bac0b47256647504c186d17ca272f85rbb continue;
3568de757bac0b47256647504c186d17ca272f85rbb ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
3568de757bac0b47256647504c186d17ca272f85rbb "ProxyBlock comparing %s and %s", caddr, uaddr);
3568de757bac0b47256647504c186d17ca272f85rbb if (!strcmp(caddr, uaddr)) {
3568de757bac0b47256647504c186d17ca272f85rbb ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(00917)
ec020ca384efb30d501a5af796ddc3bb237d7b8fgregames "connect to remote machine %s blocked: "
3568de757bac0b47256647504c186d17ca272f85rbb "IP %s matched", hostname, caddr);
ce03576b2434cec77f2921db9d5b6a0510581c23rederpj return HTTP_FORBIDDEN;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf }
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick }
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick }
397df70abe0bdd78a84fb6c38c02641bcfeadceasf }
397df70abe0bdd78a84fb6c38c02641bcfeadceasf
397df70abe0bdd78a84fb6c38c02641bcfeadceasf return OK;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf}
397df70abe0bdd78a84fb6c38c02641bcfeadceasf
9d0665da83d1e22c0ea0e5f6f940f70f75bf5237ianh/* set up the minimal filter set */
3568de757bac0b47256647504c186d17ca272f85rbbPROXY_DECLARE(int) ap_proxy_pre_http_request(conn_rec *c, request_rec *r)
3568de757bac0b47256647504c186d17ca272f85rbb{
7cd5419264796cfeaf8215383cf0f89130a81fectrawick ap_add_input_filter("HTTP_IN", NULL, r, c);
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return OK;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick}
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawickPROXY_DECLARE(const char *) ap_proxy_location_reverse_map(request_rec *r,
7cd5419264796cfeaf8215383cf0f89130a81fectrawick proxy_dir_conf *conf, const char *url)
7cd5419264796cfeaf8215383cf0f89130a81fectrawick{
73e8b26287de5c06fa470d36162e103dbac9c7e5wrowe proxy_req_conf *rconf;
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding struct proxy_alias *ent;
b980ad7fdc218b4855cde9f75a747527f50c554dwrowe int i, l1, l2;
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe char *u;
3568de757bac0b47256647504c186d17ca272f85rbb
7cd5419264796cfeaf8215383cf0f89130a81fectrawick /*
7cd5419264796cfeaf8215383cf0f89130a81fectrawick * XXX FIXME: Make sure this handled the ambiguous case of the :<PORT>
7cd5419264796cfeaf8215383cf0f89130a81fectrawick * after the hostname
ca53a74f4012a45cbad48e940eddf27d866981f9dougm * XXX FIXME: Ensure the /uri component is a case sensitive match
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding */
36ef8f77bffe75d1aa327882be1b5bdbe2ff567asf if (r->proxyreq != PROXYREQ_REVERSE) {
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return url;
302dc1f7b3feee23a91ad8f3cf3cb2edd95a557bmanoj }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz l1 = strlen(url);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (conf->interpolate_env == 1) {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz rconf = ap_get_module_config(r->request_config, &proxy_module);
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe ent = (struct proxy_alias *)rconf->raliases->elts;
3568de757bac0b47256647504c186d17ca272f85rbb }
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding else {
3568de757bac0b47256647504c186d17ca272f85rbb ent = (struct proxy_alias *)conf->raliases->elts;
}
for (i = 0; i < conf->raliases->nelts; i++) {
proxy_server_conf *sconf = (proxy_server_conf *)
ap_get_module_config(r->server->module_config, &proxy_module);
proxy_balancer *balancer;
const char *real = ent[i].real;
/*
* First check if mapping against a balancer and see
* if we have such a entity. If so, then we need to
* find the particulars of the actual worker which may
* or may not be the right one... basically, we need
* to find which member actually handled this request.
*/
if (ap_proxy_valid_balancer_name((char *)real, 0) &&
(balancer = ap_proxy_get_balancer(r->pool, sconf, real, 1))) {
int n, l3 = 0;
proxy_worker **worker = (proxy_worker **)balancer->workers->elts;
const char *urlpart = ap_strchr_c(real + sizeof(BALANCER_PREFIX) - 1, '/');
if (urlpart) {
if (!urlpart[1])
urlpart = NULL;
else
l3 = strlen(urlpart);
}
/* The balancer comparison is a bit trickier. Given the context
* BalancerMember balancer://alias http://example.com/foo
* ProxyPassReverse /bash balancer://alias/bar
* translate url http://example.com/foo/bar/that to /bash/that
*/
for (n = 0; n < balancer->workers->nelts; n++) {
l2 = strlen((*worker)->s->name);
if (urlpart) {
/* urlpart (l3) assuredly starts with its own '/' */
if ((*worker)->s->name[l2 - 1] == '/')
--l2;
if (l1 >= l2 + l3
&& strncasecmp((*worker)->s->name, url, l2) == 0
&& strncmp(urlpart, url + l2, l3) == 0) {
u = apr_pstrcat(r->pool, ent[i].fake, &url[l2 + l3],
NULL);
return ap_is_url(u) ? u : ap_construct_url(r->pool, u, r);
}
}
else if (l1 >= l2 && strncasecmp((*worker)->s->name, url, l2) == 0) {
/* edge case where fake is just "/"... avoid double slash */
if ((ent[i].fake[0] == '/') && (ent[i].fake[1] == 0) && (url[l2] == '/')) {
u = apr_pstrdup(r->pool, &url[l2]);
} else {
u = apr_pstrcat(r->pool, ent[i].fake, &url[l2], NULL);
}
return ap_is_url(u) ? u : ap_construct_url(r->pool, u, r);
}
worker++;
}
}
else {
const char *part = url;
l2 = strlen(real);
if (real[0] == '/') {
part = ap_strstr_c(url, "://");
if (part) {
part = ap_strchr_c(part+3, '/');
if (part) {
l1 = strlen(part);
}
else {
part = url;
}
}
else {
part = url;
}
}
if (l1 >= l2 && strncasecmp(real, part, l2) == 0) {
u = apr_pstrcat(r->pool, ent[i].fake, &part[l2], NULL);
return ap_is_url(u) ? u : ap_construct_url(r->pool, u, r);
}
}
}
return url;
}
/*
* Cookies are a bit trickier to match: we've got two substrings to worry
* about, and we can't just find them with strstr 'cos of case. Regexp
* matching would be an easy fix, but for better consistency with all the
* other matches we'll refrain and use apr_strmatch to find path=/domain=
* and stick to plain strings for the config values.
*/
PROXY_DECLARE(const char *) ap_proxy_cookie_reverse_map(request_rec *r,
proxy_dir_conf *conf, const char *str)
{
proxy_req_conf *rconf = ap_get_module_config(r->request_config,
&proxy_module);
struct proxy_alias *ent;
apr_size_t len = strlen(str);
const char *newpath = NULL;
const char *newdomain = NULL;
const char *pathp;
const char *domainp;
const char *pathe = NULL;
const char *domaine = NULL;
apr_size_t l1, l2, poffs = 0, doffs = 0;
int i;
int ddiff = 0;
int pdiff = 0;
char *ret;
if (r->proxyreq != PROXYREQ_REVERSE) {
return str;
}
/*
* Find the match and replacement, but save replacing until we've done
* both path and domain so we know the new strlen
*/
if ((pathp = apr_strmatch(ap_proxy_strmatch_path, str, len)) != NULL) {
pathp += 5;
poffs = pathp - str;
pathe = ap_strchr_c(pathp, ';');
l1 = pathe ? (pathe - pathp) : strlen(pathp);
pathe = pathp + l1 ;
if (conf->interpolate_env == 1) {
ent = (struct proxy_alias *)rconf->cookie_paths->elts;
}
else {
ent = (struct proxy_alias *)conf->cookie_paths->elts;
}
for (i = 0; i < conf->cookie_paths->nelts; i++) {
l2 = strlen(ent[i].fake);
if (l1 >= l2 && strncmp(ent[i].fake, pathp, l2) == 0) {
newpath = ent[i].real;
pdiff = strlen(newpath) - l1;
break;
}
}
}
if ((domainp = apr_strmatch(ap_proxy_strmatch_domain, str, len)) != NULL) {
domainp += 7;
doffs = domainp - str;
domaine = ap_strchr_c(domainp, ';');
l1 = domaine ? (domaine - domainp) : strlen(domainp);
domaine = domainp + l1;
if (conf->interpolate_env == 1) {
ent = (struct proxy_alias *)rconf->cookie_domains->elts;
}
else {
ent = (struct proxy_alias *)conf->cookie_domains->elts;
}
for (i = 0; i < conf->cookie_domains->nelts; i++) {
l2 = strlen(ent[i].fake);
if (l1 >= l2 && strncasecmp(ent[i].fake, domainp, l2) == 0) {
newdomain = ent[i].real;
ddiff = strlen(newdomain) - l1;
break;
}
}
}
if (newpath) {
ret = apr_palloc(r->pool, len + pdiff + ddiff + 1);
l1 = strlen(newpath);
if (newdomain) {
l2 = strlen(newdomain);
if (doffs > poffs) {
memcpy(ret, str, poffs);
memcpy(ret + poffs, newpath, l1);
memcpy(ret + poffs + l1, pathe, domainp - pathe);
memcpy(ret + doffs + pdiff, newdomain, l2);
strcpy(ret + doffs + pdiff + l2, domaine);
}
else {
memcpy(ret, str, doffs) ;
memcpy(ret + doffs, newdomain, l2);
memcpy(ret + doffs + l2, domaine, pathp - domaine);
memcpy(ret + poffs + ddiff, newpath, l1);
strcpy(ret + poffs + ddiff + l1, pathe);
}
}
else {
memcpy(ret, str, poffs);
memcpy(ret + poffs, newpath, l1);
strcpy(ret + poffs + l1, pathe);
}
}
else {
if (newdomain) {
ret = apr_palloc(r->pool, len + pdiff + ddiff + 1);
l2 = strlen(newdomain);
memcpy(ret, str, doffs);
memcpy(ret + doffs, newdomain, l2);
strcpy(ret + doffs+l2, domaine);
}
else {
ret = (char *)str; /* no change */
}
}
return ret;
}
/*
* BALANCER related...
*/
/*
* verifies that the balancer name conforms to standards.
*/
PROXY_DECLARE(int) ap_proxy_valid_balancer_name(char *name, int i)
{
if (!i)
i = sizeof(BALANCER_PREFIX)-1;
return (!strncasecmp(name, BALANCER_PREFIX, i));
}
PROXY_DECLARE(proxy_balancer *) ap_proxy_get_balancer(apr_pool_t *p,
proxy_server_conf *conf,
const char *url,
int care)
{
proxy_balancer *balancer;
char *c, *uri = apr_pstrdup(p, url);
int i;
proxy_hashes hash;
c = strchr(uri, ':');
if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {
return NULL;
}
/* remove path from uri */
if ((c = strchr(c + 3, '/'))) {
*c = '\0';
}
ap_str_tolower(uri);
hash.def = ap_proxy_hashfunc(uri, PROXY_HASHFUNC_DEFAULT);
hash.fnv = ap_proxy_hashfunc(uri, PROXY_HASHFUNC_FNV);
balancer = (proxy_balancer *)conf->balancers->elts;
for (i = 0; i < conf->balancers->nelts; i++) {
if (balancer->hash.def == hash.def && balancer->hash.fnv == hash.fnv) {
if (!care || !balancer->s->inactive) {
return balancer;
}
}
balancer++;
}
return NULL;
}
PROXY_DECLARE(char *) ap_proxy_update_balancer(apr_pool_t *p,
proxy_balancer *balancer,
const char *url)
{
apr_uri_t puri;
if (!url) {
return NULL;
}
if (apr_uri_parse(p, url, &puri) != APR_SUCCESS) {
return apr_psprintf(p, "unable to parse: %s", url);
}
if (puri.path && PROXY_STRNCPY(balancer->s->vpath, puri.path) != APR_SUCCESS) {
return apr_psprintf(p, "balancer %s front-end virtual-path (%s) too long",
balancer->s->name, puri.path);
}
if (puri.hostname && PROXY_STRNCPY(balancer->s->vhost, puri.hostname) != APR_SUCCESS) {
return apr_psprintf(p, "balancer %s front-end vhost name (%s) too long",
balancer->s->name, puri.hostname);
}
return NULL;
}
#define PROXY_UNSET_NONCE '\n'
PROXY_DECLARE(char *) ap_proxy_define_balancer(apr_pool_t *p,
proxy_balancer **balancer,
proxy_server_conf *conf,
const char *url,
const char *alias,
int do_malloc)
{
proxy_balancer_method *lbmethod;
proxy_balancer_shared *bshared;
char *c, *q, *uri = apr_pstrdup(p, url);
const char *sname;
/* We should never get here without a valid BALANCER_PREFIX... */
c = strchr(uri, ':');
if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0')
return "Bad syntax for a balancer name";
/* remove path from uri */
if ((q = strchr(c + 3, '/')))
*q = '\0';
ap_str_tolower(uri);
*balancer = apr_array_push(conf->balancers);
memset(*balancer, 0, sizeof(proxy_balancer));
/*
* NOTE: The default method is byrequests - if it doesn't
* exist, that's OK at this time. We check when we share and sync
*/
lbmethod = ap_lookup_provider(PROXY_LBMETHOD, "byrequests", "0");
(*balancer)->workers = apr_array_make(p, 5, sizeof(proxy_worker *));
(*balancer)->gmutex = NULL;
(*balancer)->tmutex = NULL;
(*balancer)->lbmethod = lbmethod;
if (do_malloc)
bshared = ap_malloc(sizeof(proxy_balancer_shared));
else
bshared = apr_palloc(p, sizeof(proxy_balancer_shared));
memset(bshared, 0, sizeof(proxy_balancer_shared));
bshared->was_malloced = (do_malloc != 0);
PROXY_STRNCPY(bshared->lbpname, "byrequests");
if (PROXY_STRNCPY(bshared->name, uri) != APR_SUCCESS) {
return apr_psprintf(p, "balancer name (%s) too long", uri);
}
/*
* We do the below for verification. The real sname will be
* done post_config
*/
ap_pstr2_alnum(p, bshared->name + sizeof(BALANCER_PREFIX) - 1,
&sname);
sname = apr_pstrcat(p, conf->id, "_", sname, NULL);
if (PROXY_STRNCPY(bshared->sname, sname) != APR_SUCCESS) {
return apr_psprintf(p, "balancer safe-name (%s) too long", sname);
}
bshared->hash.def = ap_proxy_hashfunc(bshared->name, PROXY_HASHFUNC_DEFAULT);
bshared->hash.fnv = ap_proxy_hashfunc(bshared->name, PROXY_HASHFUNC_FNV);
(*balancer)->hash = bshared->hash;
bshared->forcerecovery = 1;
bshared->sticky_separator = '.';
*bshared->nonce = PROXY_UNSET_NONCE; /* impossible valid input */
(*balancer)->s = bshared;
(*balancer)->sconf = conf;
return ap_proxy_update_balancer(p, *balancer, alias);
}
/*
* Create an already defined balancer and free up memory.
*/
PROXY_DECLARE(apr_status_t) ap_proxy_share_balancer(proxy_balancer *balancer,
proxy_balancer_shared *shm,
int i)
{
apr_status_t rv = APR_SUCCESS;
proxy_balancer_method *lbmethod;
char *action = "copying";
if (!shm || !balancer->s)
return APR_EINVAL;
if ((balancer->s->hash.def != shm->hash.def) ||
(balancer->s->hash.fnv != shm->hash.fnv)) {
memcpy(shm, balancer->s, sizeof(proxy_balancer_shared));
if (balancer->s->was_malloced)
free(balancer->s);
} else {
action = "re-using";
}
balancer->s = shm;
balancer->s->index = i;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, APLOGNO(02337)
"%s shm[%d] (0x%pp) for %s", action, i, (void *)shm,
balancer->s->name);
/* the below should always succeed */
lbmethod = ap_lookup_provider(PROXY_LBMETHOD, balancer->s->lbpname, "0");
if (lbmethod) {
balancer->lbmethod = lbmethod;
} else {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, ap_server_conf, APLOGNO(02432)
"Cannot find LB Method: %s", balancer->s->lbpname);
return APR_EINVAL;
}
if (*balancer->s->nonce == PROXY_UNSET_NONCE) {
char nonce[APR_UUID_FORMATTED_LENGTH + 1];
apr_uuid_t uuid;
/* Retrieve a UUID and store the nonce for the lifetime of
* the process.
*/
apr_uuid_get(&uuid);
apr_uuid_format(nonce, &uuid);
rv = PROXY_STRNCPY(balancer->s->nonce, nonce);
}
return rv;
}
PROXY_DECLARE(apr_status_t) ap_proxy_initialize_balancer(proxy_balancer *balancer, server_rec *s, apr_pool_t *p)
{
apr_status_t rv = APR_SUCCESS;
ap_slotmem_provider_t *storage = balancer->storage;
apr_size_t size;
unsigned int num;
if (!storage) {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, APLOGNO(00918)
"no provider for %s", balancer->s->name);
return APR_EGENERAL;
}
/*
* for each balancer we need to init the global
* mutex and then attach to the shared worker shm
*/
if (!balancer->gmutex) {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, APLOGNO(00919)
"no mutex %s", balancer->s->name);
return APR_EGENERAL;
}
/* Re-open the mutex for the child. */
rv = apr_global_mutex_child_init(&(balancer->gmutex),
apr_global_mutex_lockfile(balancer->gmutex),
p);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s, APLOGNO(00920)
"Failed to reopen mutex %s in child",
balancer->s->name);
return rv;
}
/* now attach */
storage->attach(&(balancer->wslot), balancer->s->sname, &size, &num, p);
if (!balancer->wslot) {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, APLOGNO(00921) "slotmem_attach failed");
return APR_EGENERAL;
}
if (balancer->lbmethod && balancer->lbmethod->reset)
balancer->lbmethod->reset(balancer, s);
if (balancer->tmutex == NULL) {
rv = apr_thread_mutex_create(&(balancer->tmutex), APR_THREAD_MUTEX_DEFAULT, p);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, APLOGNO(00922)
"can not create balancer thread mutex");
return rv;
}
}
return APR_SUCCESS;
}
/*
* CONNECTION related...
*/
static apr_status_t conn_pool_cleanup(void *theworker)
{
proxy_worker *worker = (proxy_worker *)theworker;
if (worker->cp->res) {
worker->cp->pool = NULL;
}
return APR_SUCCESS;
}
static void init_conn_pool(apr_pool_t *p, proxy_worker *worker)
{
apr_pool_t *pool;
proxy_conn_pool *cp;
/*
* Create a connection pool's subpool.
* This pool is used for connection recycling.
* Once the worker is added it is never removed but
* it can be disabled.
*/
apr_pool_create(&pool, p);
apr_pool_tag(pool, "proxy_worker_cp");
/*
* Alloc from the same pool as worker.
* proxy_conn_pool is permanently attached to the worker.
*/
cp = (proxy_conn_pool *)apr_pcalloc(p, sizeof(proxy_conn_pool));
cp->pool = pool;
worker->cp = cp;
}
PROXY_DECLARE(int) ap_proxy_connection_reusable(proxy_conn_rec *conn)
{
proxy_worker *worker = conn->worker;
return ! (conn->close || !worker->s->is_address_reusable || worker->s->disablereuse);
}
static apr_status_t connection_cleanup(void *theconn)
{
proxy_conn_rec *conn = (proxy_conn_rec *)theconn;
proxy_worker *worker = conn->worker;
/*
* If the connection pool is NULL the worker
* cleanup has been run. Just return.
*/
if (!worker->cp) {
return APR_SUCCESS;
}
if (conn->r) {
apr_pool_destroy(conn->r->pool);
conn->r = NULL;
}
/* Sanity check: Did we already return the pooled connection? */
if (conn->inreslist) {
ap_log_perror(APLOG_MARK, APLOG_ERR, 0, conn->pool, APLOGNO(00923)
"Pooled connection 0x%pp for worker %s has been"
" already returned to the connection pool.", conn,
ap_proxy_worker_name(conn->pool, worker));
return APR_SUCCESS;
}
/* determine if the connection need to be closed */
if (!ap_proxy_connection_reusable(conn)) {
apr_pool_t *p = conn->pool;
apr_pool_clear(p);
conn = apr_pcalloc(p, sizeof(proxy_conn_rec));
conn->pool = p;
conn->worker = worker;
apr_pool_create(&(conn->scpool), p);
apr_pool_tag(conn->scpool, "proxy_conn_scpool");
}
if (worker->s->hmax && worker->cp->res) {
conn->inreslist = 1;
apr_reslist_release(worker->cp->res, (void *)conn);
}
else
{
worker->cp->conn = conn;
}
/* Always return the SUCCESS */
return APR_SUCCESS;
}
static void socket_cleanup(proxy_conn_rec *conn)
{
conn->sock = NULL;
conn->connection = NULL;
conn->ssl_hostname = NULL;
apr_pool_clear(conn->scpool);
}
PROXY_DECLARE(apr_status_t) ap_proxy_ssl_connection_cleanup(proxy_conn_rec *conn,
request_rec *r)
{
apr_bucket_brigade *bb;
apr_status_t rv;
/*
* If we have an existing SSL connection it might be possible that the
* server sent some SSL message we have not read so far (e.g. an SSL
* shutdown message if the server closed the keepalive connection while
* the connection was held unused in our pool).
* So ensure that if present (=> APR_NONBLOCK_READ) it is read and
* processed. We don't expect any data to be in the returned brigade.
*/
if (conn->sock && conn->connection) {
bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
rv = ap_get_brigade(conn->connection->input_filters, bb,
AP_MODE_READBYTES, APR_NONBLOCK_READ,
HUGE_STRING_LEN);
if ((rv != APR_SUCCESS) && !APR_STATUS_IS_EAGAIN(rv)) {
socket_cleanup(conn);
}
if (!APR_BRIGADE_EMPTY(bb)) {
apr_off_t len;
rv = apr_brigade_length(bb, 0, &len);
ap_log_rerror(APLOG_MARK, APLOG_TRACE3, rv, r,
"SSL cleanup brigade contained %"
APR_OFF_T_FMT " bytes of data.", len);
}
apr_brigade_destroy(bb);
}
return APR_SUCCESS;
}
/* reslist constructor */
static apr_status_t connection_constructor(void **resource, void *params,
apr_pool_t *pool)
{
apr_pool_t *ctx;
apr_pool_t *scpool;
proxy_conn_rec *conn;
proxy_worker *worker = (proxy_worker *)params;
/*
* Create the subpool for each connection
* This keeps the memory consumption constant
* when disconnecting from backend.
*/
apr_pool_create(&ctx, pool);
apr_pool_tag(ctx, "proxy_conn_pool");
/*
* Create another subpool that manages the data for the
* socket and the connection member of the proxy_conn_rec struct as we
* destroy this data more frequently than other data in the proxy_conn_rec
* struct like hostname and addr (at least in the case where we have
* keepalive connections that timed out).
*/
apr_pool_create(&scpool, ctx);
apr_pool_tag(scpool, "proxy_conn_scpool");
conn = apr_pcalloc(ctx, sizeof(proxy_conn_rec));
conn->pool = ctx;
conn->scpool = scpool;
conn->worker = worker;
conn->inreslist = 1;
*resource = conn;
return APR_SUCCESS;
}
/* reslist destructor */
static apr_status_t connection_destructor(void *resource, void *params,
apr_pool_t *pool)
{
proxy_conn_rec *conn = (proxy_conn_rec *)resource;
/* Destroy the pool only if not called from reslist_destroy */
if (conn->worker->cp->pool) {
apr_pool_destroy(conn->pool);
}
return APR_SUCCESS;
}
/*
* WORKER related...
*/
PROXY_DECLARE(char *) ap_proxy_worker_name(apr_pool_t *p,
proxy_worker *worker)
{
if (!(*worker->s->uds_path) || !p) {
/* just in case */
return worker->s->name;
}
return apr_pstrcat(p, "unix:", worker->s->uds_path, "|", worker->s->name, NULL);
}
PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker(apr_pool_t *p,
proxy_balancer *balancer,
proxy_server_conf *conf,
const char *url)
{
proxy_worker *worker;
proxy_worker *max_worker = NULL;
int max_match = 0;
int url_length;
int min_match;
int worker_name_length;
const char *c;
char *url_copy;
int i;
if (!url) {
return NULL;
}
c = ap_strchr_c(url, ':');
if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {
return NULL;
}
url_length = strlen(url);
url_copy = apr_pstrmemdup(p, url, url_length);
/*
* We need to find the start of the path and
* therefore we know the length of the scheme://hostname/
* part to we can force-lowercase everything up to
* the start of the path.
*/
c = ap_strchr_c(c+3, '/');
if (c) {
char *pathstart;
pathstart = url_copy + (c - url);
*pathstart = '\0';
ap_str_tolower(url_copy);
min_match = strlen(url_copy);
*pathstart = '/';
}
else {
ap_str_tolower(url_copy);
min_match = strlen(url_copy);
}
/*
* Do a "longest match" on the worker name to find the worker that
* fits best to the URL, but keep in mind that we must have at least
* a minimum matching of length min_match such that
* scheme://hostname[:port] matches between worker and url.
*/
if (balancer) {
proxy_worker **workers = (proxy_worker **)balancer->workers->elts;
for (i = 0; i < balancer->workers->nelts; i++, workers++) {
worker = *workers;
if ( ((worker_name_length = strlen(worker->s->name)) <= url_length)
&& (worker_name_length >= min_match)
&& (worker_name_length > max_match)
&& (strncmp(url_copy, worker->s->name, worker_name_length) == 0) ) {
max_worker = worker;
max_match = worker_name_length;
}
}
} else {
worker = (proxy_worker *)conf->workers->elts;
for (i = 0; i < conf->workers->nelts; i++, worker++) {
if ( ((worker_name_length = strlen(worker->s->name)) <= url_length)
&& (worker_name_length >= min_match)
&& (worker_name_length > max_match)
&& (strncmp(url_copy, worker->s->name, worker_name_length) == 0) ) {
max_worker = worker;
max_match = worker_name_length;
}
}
}
return max_worker;
}
/*
* To create a worker from scratch first we define the
* specifics of the worker; this is all local data.
* We then allocate space for it if data needs to be
* shared. This allows for dynamic addition during
* config and runtime.
*/
PROXY_DECLARE(char *) ap_proxy_define_worker(apr_pool_t *p,
proxy_worker **worker,
proxy_balancer *balancer,
proxy_server_conf *conf,
const char *url,
int do_malloc)
{
int rv;
apr_uri_t uri, urisock;
proxy_worker_shared *wshared;
char *ptr, *sockpath = NULL;
/*
* Look to see if we are using UDS:
* require format: unix:/path/foo/bar.sock|http://ignored/path2/
* This results in talking http to the socket at /path/foo/bar.sock
*/
ptr = ap_strchr((char *)url, '|');
if (ptr) {
*ptr = '\0';
rv = apr_uri_parse(p, url, &urisock);
if (rv == APR_SUCCESS && !strcasecmp(urisock.scheme, "unix")) {
sockpath = ap_runtime_dir_relative(p, urisock.path);;
url = ptr+1; /* so we get the scheme for the uds */
}
else {
*ptr = '|';
}
}
rv = apr_uri_parse(p, url, &uri);
if (rv != APR_SUCCESS) {
return apr_pstrcat(p, "Unable to parse URL: ", url, NULL);
}
if (!uri.scheme) {
return apr_pstrcat(p, "URL must be absolute!: ", url, NULL);
}
/* allow for unix:/path|http: */
if (!uri.hostname) {
if (sockpath) {
uri.hostname = "localhost";
}
else {
return apr_pstrcat(p, "URL must be absolute!: ", url, NULL);
}
}
else {
ap_str_tolower(uri.hostname);
}
ap_str_tolower(uri.scheme);
/*
* Workers can be associated w/ balancers or on their
* own; ie: the generic reverse-proxy or a worker
* in a simple ProxyPass statement. eg:
*
* ProxyPass / http://www.example.com
*
* in which case the worker goes in the conf slot.
*/
if (balancer) {
proxy_worker **runtime;
/* recall that we get a ptr to the ptr here */
runtime = apr_array_push(balancer->workers);
*worker = *runtime = apr_palloc(p, sizeof(proxy_worker)); /* right to left baby */
/* we've updated the list of workers associated with
* this balancer *locally* */
balancer->wupdated = apr_time_now();
} else if (conf) {
*worker = apr_array_push(conf->workers);
} else {
/* we need to allocate space here */
*worker = apr_palloc(p, sizeof(proxy_worker));
}
memset(*worker, 0, sizeof(proxy_worker));
/* right here we just want to tuck away the worker info.
* if called during config, we don't have shm setup yet,
* so just note the info for later. */
if (do_malloc)
wshared = ap_malloc(sizeof(proxy_worker_shared)); /* will be freed ap_proxy_share_worker */
else
wshared = apr_palloc(p, sizeof(proxy_worker_shared));
memset(wshared, 0, sizeof(proxy_worker_shared));
ptr = apr_uri_unparse(p, &uri, APR_URI_UNP_REVEALPASSWORD);
if (PROXY_STRNCPY(wshared->name, ptr) != APR_SUCCESS) {
return apr_psprintf(p, "worker name (%s) too long", ptr);
}
if (PROXY_STRNCPY(wshared->scheme, uri.scheme) != APR_SUCCESS) {
return apr_psprintf(p, "worker scheme (%s) too long", uri.scheme);
}
if (PROXY_STRNCPY(wshared->hostname, uri.hostname) != APR_SUCCESS) {
return apr_psprintf(p, "worker hostname (%s) too long", uri.hostname);
}
wshared->port = uri.port;
wshared->flush_packets = flush_off;
wshared->flush_wait = PROXY_FLUSH_WAIT;
wshared->is_address_reusable = 1;
wshared->lbfactor = 1;
wshared->smax = -1;
wshared->hash.def = ap_proxy_hashfunc(wshared->name, PROXY_HASHFUNC_DEFAULT);
wshared->hash.fnv = ap_proxy_hashfunc(wshared->name, PROXY_HASHFUNC_FNV);
wshared->was_malloced = (do_malloc != 0);
if (sockpath) {
if (PROXY_STRNCPY(wshared->uds_path, sockpath) != APR_SUCCESS) {
return apr_psprintf(p, "worker uds path (%s) too long", sockpath);
}
}
else {
*wshared->uds_path = '\0';
}
(*worker)->hash = wshared->hash;
(*worker)->context = NULL;
(*worker)->cp = NULL;
(*worker)->balancer = balancer;
(*worker)->s = wshared;
return NULL;
}
/*
* Create an already defined worker and free up memory
*/
PROXY_DECLARE(apr_status_t) ap_proxy_share_worker(proxy_worker *worker, proxy_worker_shared *shm,
int i)
{
char *action = "copying";
if (!shm || !worker->s)
return APR_EINVAL;
if ((worker->s->hash.def != shm->hash.def) ||
(worker->s->hash.fnv != shm->hash.fnv)) {
memcpy(shm, worker->s, sizeof(proxy_worker_shared));
if (worker->s->was_malloced)
free(worker->s); /* was malloced in ap_proxy_define_worker */
} else {
action = "re-using";
}
worker->s = shm;
worker->s->index = i;
{
apr_pool_t *pool;
apr_pool_create(&pool, ap_server_conf->process->pool);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, APLOGNO(02338)
"%s shm[%d] (0x%pp) for worker: %s", action, i, (void *)shm,
ap_proxy_worker_name(pool, worker));
if (pool) {
apr_pool_destroy(pool);
}
}
return APR_SUCCESS;
}
PROXY_DECLARE(apr_status_t) ap_proxy_initialize_worker(proxy_worker *worker, server_rec *s, apr_pool_t *p)
{
apr_status_t rv = APR_SUCCESS;
int mpm_threads;
if (worker->s->status & PROXY_WORKER_INITIALIZED) {
/* The worker is already initialized */
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00924)
"worker %s shared already initialized",
ap_proxy_worker_name(p, worker));
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00925)
"initializing worker %s shared",
ap_proxy_worker_name(p, worker));
/* Set default parameters */
if (!worker->s->retry_set) {
worker->s->retry = apr_time_from_sec(PROXY_WORKER_DEFAULT_RETRY);
}
/* By default address is reusable unless DisableReuse is set */
if (worker->s->disablereuse) {
worker->s->is_address_reusable = 0;
}
else {
worker->s->is_address_reusable = 1;
}
ap_mpm_query(AP_MPMQ_MAX_THREADS, &mpm_threads);
if (mpm_threads > 1) {
/* Set hard max to no more then mpm_threads */
if (worker->s->hmax == 0 || worker->s->hmax > mpm_threads) {
worker->s->hmax = mpm_threads;
}
if (worker->s->smax == -1 || worker->s->smax > worker->s->hmax) {
worker->s->smax = worker->s->hmax;
}
/* Set min to be lower then smax */
if (worker->s->min > worker->s->smax) {
worker->s->min = worker->s->smax;
}
}
else {
/* This will supress the apr_reslist creation */
worker->s->min = worker->s->smax = worker->s->hmax = 0;
}
}
/* What if local is init'ed and shm isn't?? Even possible? */
if (worker->local_status & PROXY_WORKER_INITIALIZED) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00926)
"worker %s local already initialized",
ap_proxy_worker_name(p, worker));
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00927)
"initializing worker %s local",
ap_proxy_worker_name(p, worker));
apr_global_mutex_lock(proxy_mutex);
/* Now init local worker data */
if (worker->tmutex == NULL) {
rv = apr_thread_mutex_create(&(worker->tmutex), APR_THREAD_MUTEX_DEFAULT, p);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00928)
"can not create worker thread mutex");
apr_global_mutex_unlock(proxy_mutex);
return rv;
}
}
if (worker->cp == NULL)
init_conn_pool(p, worker);
if (worker->cp == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00929)
"can not create connection pool");
apr_global_mutex_unlock(proxy_mutex);
return APR_EGENERAL;
}
if (worker->s->hmax) {
rv = apr_reslist_create(&(worker->cp->res),
worker->s->min, worker->s->smax,
worker->s->hmax, worker->s->ttl,
connection_constructor, connection_destructor,
worker, worker->cp->pool);
apr_pool_cleanup_register(worker->cp->pool, (void *)worker,
conn_pool_cleanup,
apr_pool_cleanup_null);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00930)
"initialized pool in child %" APR_PID_T_FMT " for (%s) min=%d max=%d smax=%d",
getpid(), worker->s->hostname, worker->s->min,
worker->s->hmax, worker->s->smax);
/* Set the acquire timeout */
if (rv == APR_SUCCESS && worker->s->acquire_set) {
apr_reslist_timeout_set(worker->cp->res, worker->s->acquire);
}
}
else {
void *conn;
rv = connection_constructor(&conn, worker, worker->cp->pool);
worker->cp->conn = conn;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00931)
"initialized single connection worker in child %" APR_PID_T_FMT " for (%s)",
getpid(), worker->s->hostname);
}
apr_global_mutex_unlock(proxy_mutex);
}
if (rv == APR_SUCCESS) {
worker->s->status |= (PROXY_WORKER_INITIALIZED);
worker->local_status |= (PROXY_WORKER_INITIALIZED);
}
return rv;
}
static int ap_proxy_retry_worker(const char *proxy_function, proxy_worker *worker,
server_rec *s)
{
if (worker->s->status & PROXY_WORKER_IN_ERROR) {
if (apr_time_now() > worker->s->error_time + worker->s->retry) {
++worker->s->retries;
worker->s->status &= ~PROXY_WORKER_IN_ERROR;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00932)
"%s: worker for (%s) has been marked for retry",
proxy_function, worker->s->hostname);
return OK;
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00933)
"%s: too soon to retry worker for (%s)",
proxy_function, worker->s->hostname);
return DECLINED;
}
}
else {
return OK;
}
}
PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
proxy_balancer **balancer,
request_rec *r,
proxy_server_conf *conf, char **url)
{
int access_status;
access_status = proxy_run_pre_request(worker, balancer, r, conf, url);
if (access_status == DECLINED && *balancer == NULL) {
*worker = ap_proxy_get_worker(r->pool, NULL, conf, *url);
if (*worker) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"%s: found worker %s for %s",
(*worker)->s->scheme, (*worker)->s->name, *url);
*balancer = NULL;
access_status = OK;
}
else if (r->proxyreq == PROXYREQ_PROXY) {
if (conf->forward) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"*: found forward proxy worker for %s", *url);
*balancer = NULL;
*worker = conf->forward;
access_status = OK;
/*
* The forward worker does not keep connections alive, so
* ensure that mod_proxy_http does the correct thing
* regarding the Connection header in the request.
*/
apr_table_setn(r->subprocess_env, "proxy-nokeepalive", "1");
}
}
else if (r->proxyreq == PROXYREQ_REVERSE) {
if (conf->reverse) {
char *ptr;
char *ptr2;
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"*: found reverse proxy worker for %s", *url);
*balancer = NULL;
*worker = conf->reverse;
access_status = OK;
/*
* The reverse worker does not keep connections alive, so
* ensure that mod_proxy_http does the correct thing
* regarding the Connection header in the request.
*/
apr_table_setn(r->subprocess_env, "proxy-nokeepalive", "1");
/*
* In the case of the generic reverse proxy, we need to see if we
* were passed a UDS url (eg: from mod_proxy) and adjust uds_path
* as required.
*/
if (!strncmp(r->filename, "proxy:", 6) &&
(ptr2 = ap_strcasestr(r->filename, "unix:")) &&
(ptr = ap_strchr(ptr2, '|'))) {
apr_uri_t urisock;
apr_status_t rv;
*ptr = '\0';
rv = apr_uri_parse(r->pool, ptr2, &urisock);
if (rv == APR_SUCCESS) {
char *rurl = ptr+1;
char *sockpath = ap_runtime_dir_relative(r->pool, urisock.path);
apr_table_setn(r->notes, "uds_path", sockpath);
*url = apr_pstrdup(r->pool, rurl); /* so we get the scheme for the uds */
/* r->filename starts w/ "proxy:", so add after that */
memmove(r->filename+6, rurl, strlen(rurl)+1);
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"*: rewrite of url due to UDS(%s): %s (%s)",
sockpath, *url, r->filename);
}
else {
*ptr = '|';
}
}
}
}
}
else if (access_status == DECLINED && *balancer != NULL) {
/* All the workers are busy */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00934)
"all workers are busy. Unable to serve %s", *url);
access_status = HTTP_SERVICE_UNAVAILABLE;
}
return access_status;
}
PROXY_DECLARE(int) ap_proxy_post_request(proxy_worker *worker,
proxy_balancer *balancer,
request_rec *r,
proxy_server_conf *conf)
{
int access_status = OK;
if (balancer) {
access_status = proxy_run_post_request(worker, balancer, r, conf);
if (access_status == DECLINED) {
access_status = OK; /* no post_request handler available */
/* TODO: recycle direct worker */
}
}
return access_status;
}
/* DEPRECATED */
PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **newsock,
const char *proxy_function,
apr_sockaddr_t *backend_addr,
const char *backend_name,
proxy_server_conf *conf,
request_rec *r)
{
apr_status_t rv;
int connected = 0;
int loglevel;
while (backend_addr && !connected) {
if ((rv = apr_socket_create(newsock, backend_addr->family,
SOCK_STREAM, 0, r->pool)) != APR_SUCCESS) {
loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
ap_log_rerror(APLOG_MARK, loglevel, rv, r, APLOGNO(00935)
"%s: error creating fam %d socket for target %s",
proxy_function, backend_addr->family, backend_name);
/*
* this could be an IPv6 address from the DNS but the
* local machine won't give us an IPv6 socket; hopefully the
* DNS returned an additional address to try
*/
backend_addr = backend_addr->next;
continue;
}
if (conf->recv_buffer_size > 0 &&
(rv = apr_socket_opt_set(*newsock, APR_SO_RCVBUF,
conf->recv_buffer_size))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00936)
"apr_socket_opt_set(SO_RCVBUF): Failed to set "
"ProxyReceiveBufferSize, using default");
}
rv = apr_socket_opt_set(*newsock, APR_TCP_NODELAY, 1);
if (rv != APR_SUCCESS && rv != APR_ENOTIMPL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00937)
"apr_socket_opt_set(APR_TCP_NODELAY): "
"Failed to set");
}
/* Set a timeout on the socket */
if (conf->timeout_set) {
apr_socket_timeout_set(*newsock, conf->timeout);
}
else {
apr_socket_timeout_set(*newsock, r->server->timeout);
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"%s: fam %d socket created to connect to %s",
proxy_function, backend_addr->family, backend_name);
if (conf->source_address) {
rv = apr_socket_bind(*newsock, conf->source_address);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00938)
"%s: failed to bind socket to local address",
proxy_function);
}
}
/* make the connection out of the socket */
rv = apr_socket_connect(*newsock, backend_addr);
/* if an error occurred, loop round and try again */
if (rv != APR_SUCCESS) {
apr_socket_close(*newsock);
loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
ap_log_rerror(APLOG_MARK, loglevel, rv, r, APLOGNO(00939)
"%s: attempt to connect to %pI (%s) failed",
proxy_function, backend_addr, backend_name);
backend_addr = backend_addr->next;
continue;
}
connected = 1;
}
return connected ? 0 : 1;
}
PROXY_DECLARE(int) ap_proxy_acquire_connection(const char *proxy_function,
proxy_conn_rec **conn,
proxy_worker *worker,
server_rec *s)
{
apr_status_t rv;
if (!PROXY_WORKER_IS_USABLE(worker)) {
/* Retry the worker */
ap_proxy_retry_worker(proxy_function, worker, s);
if (!PROXY_WORKER_IS_USABLE(worker)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00940)
"%s: disabled connection for (%s)",
proxy_function, worker->s->hostname);
return HTTP_SERVICE_UNAVAILABLE;
}
}
if (worker->s->hmax && worker->cp->res) {
rv = apr_reslist_acquire(worker->cp->res, (void **)conn);
}
else {
/* create the new connection if the previous was destroyed */
if (!worker->cp->conn) {
connection_constructor((void **)conn, worker, worker->cp->pool);
}
else {
*conn = worker->cp->conn;
worker->cp->conn = NULL;
}
rv = APR_SUCCESS;
}
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00941)
"%s: failed to acquire connection for (%s)",
proxy_function, worker->s->hostname);
return HTTP_SERVICE_UNAVAILABLE;
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00942)
"%s: has acquired connection for (%s)",
proxy_function, worker->s->hostname);
(*conn)->worker = worker;
(*conn)->close = 0;
(*conn)->inreslist = 0;
return OK;
}
PROXY_DECLARE(int) ap_proxy_release_connection(const char *proxy_function,
proxy_conn_rec *conn,
server_rec *s)
{
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00943)
"%s: has released connection for (%s)",
proxy_function, conn->worker->s->hostname);
connection_cleanup(conn);
return OK;
}
PROXY_DECLARE(int)
ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
proxy_server_conf *conf,
proxy_worker *worker,
proxy_conn_rec *conn,
apr_uri_t *uri,
char **url,
const char *proxyname,
apr_port_t proxyport,
char *server_portstr,
int server_portstr_size)
{
int server_port;
apr_status_t err = APR_SUCCESS;
apr_status_t uerr = APR_SUCCESS;
const char *uds_path;
/*
* Break up the URL to determine the host to connect to
*/
/* we break the URL into host, port, uri */
if (APR_SUCCESS != apr_uri_parse(p, *url, uri)) {
return ap_proxyerror(r, HTTP_BAD_REQUEST,
apr_pstrcat(p,"URI cannot be parsed: ", *url,
NULL));
}
if (!uri->port) {
uri->port = ap_proxy_port_of_scheme(uri->scheme);
}
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00944)
"connecting %s to %s:%d", *url, uri->hostname, uri->port);
/*
* allocate these out of the specified connection pool
* The scheme handler decides if this is permanent or
* short living pool.
*/
/* are we connecting directly, or via a proxy? */
if (!proxyname) {
*url = apr_pstrcat(p, uri->path, uri->query ? "?" : "",
uri->query ? uri->query : "",
uri->fragment ? "#" : "",
uri->fragment ? uri->fragment : "", NULL);
}
/*
* Figure out if our passed in proxy_conn_rec has a usable
* address cached.
*
* TODO: Handle this much better...
*
* XXX: If generic workers are ever address-reusable, we need
* to check host and port on the conn and be careful about
* spilling the cached addr from the worker.
*/
uds_path = (*worker->s->uds_path ? worker->s->uds_path : apr_table_get(r->notes, "uds_path"));
if (uds_path) {
if (conn->uds_path == NULL) {
/* use (*conn)->pool instead of worker->cp->pool to match lifetime */
conn->uds_path = apr_pstrdup(conn->pool, uds_path);
}
if (conn->uds_path) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02545)
"%s: has determined UDS as %s",
uri->scheme, conn->uds_path);
}
else {
/* should never happen */
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02546)
"%s: cannot determine UDS (%s)",
uri->scheme, uds_path);
}
/*
* In UDS cases, some structs are NULL. Protect from de-refs
* and provide info for logging at the same time.
*/
if (!conn->addr) {
apr_sockaddr_t *sa;
apr_sockaddr_info_get(&sa, NULL, APR_UNSPEC, 0, 0, conn->pool);
conn->addr = sa;
}
conn->hostname = "httpd-UDS";
conn->port = 0;
}
else {
int will_reuse = worker->s->is_address_reusable && !worker->s->disablereuse;
if (!conn->hostname || !will_reuse) {
if (proxyname) {
conn->hostname = apr_pstrdup(conn->pool, proxyname);
conn->port = proxyport;
/*
* If we have a forward proxy and the protocol is HTTPS,
* then we need to prepend a HTTP CONNECT request before
* sending our actual HTTPS requests.
* Save our real backend data for using it later during HTTP CONNECT.
*/
if (conn->is_ssl) {
const char *proxy_auth;
forward_info *forward = apr_pcalloc(conn->pool, sizeof(forward_info));
conn->forward = forward;
forward->use_http_connect = 1;
forward->target_host = apr_pstrdup(conn->pool, uri->hostname);
forward->target_port = uri->port;
/* Do we want to pass Proxy-Authorization along?
* If we haven't used it, then YES
* If we have used it then MAYBE: RFC2616 says we MAY propagate it.
* So let's make it configurable by env.
* The logic here is the same used in mod_proxy_http.
*/
proxy_auth = apr_table_get(r->headers_in, "Proxy-Authorization");
if (proxy_auth != NULL &&
proxy_auth[0] != '\0' &&
r->user == NULL && /* we haven't yet authenticated */
apr_table_get(r->subprocess_env, "Proxy-Chain-Auth")) {
forward->proxy_auth = apr_pstrdup(conn->pool, proxy_auth);
}
}
}
else {
conn->hostname = apr_pstrdup(conn->pool, uri->hostname);
conn->port = uri->port;
}
if (!will_reuse) {
/*
* Only do a lookup if we should not reuse the backend address.
* Otherwise we will look it up once for the worker.
*/
err = apr_sockaddr_info_get(&(conn->addr),
conn->hostname, APR_UNSPEC,
conn->port, 0,
conn->pool);
}
socket_cleanup(conn);
conn->close = 0;
}
if (will_reuse) {
/*
* Looking up the backend address for the worker only makes sense if
* we can reuse the address.
*/
if (!worker->cp->addr) {
if ((err = PROXY_THREAD_LOCK(worker)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, err, r, APLOGNO(00945) "lock");
return HTTP_INTERNAL_SERVER_ERROR;
}
/*
* Worker can have the single constant backend adress.
* The single DNS lookup is used once per worker.
* If dynamic change is needed then set the addr to NULL
* inside dynamic config to force the lookup.
*/
err = apr_sockaddr_info_get(&(worker->cp->addr),
conn->hostname, APR_UNSPEC,
conn->port, 0,
worker->cp->pool);
conn->addr = worker->cp->addr;
if ((uerr = PROXY_THREAD_UNLOCK(worker)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, uerr, r, APLOGNO(00946) "unlock");
}
}
else {
conn->addr = worker->cp->addr;
}
}
}
/* Close a possible existing socket if we are told to do so */
if (conn->close) {
socket_cleanup(conn);
conn->close = 0;
}
if (err != APR_SUCCESS) {
return ap_proxyerror(r, HTTP_GATEWAY_TIME_OUT,
apr_pstrcat(p, "DNS lookup failure for: ",
conn->hostname, NULL));
}
/* Get the server port for the Via headers */
{
server_port = ap_get_server_port(r);
if (ap_is_default_port(server_port, r)) {
strcpy(server_portstr,"");
}
else {
apr_snprintf(server_portstr, server_portstr_size, ":%d",
server_port);
}
}
/* check if ProxyBlock directive on this host */
if (OK != ap_proxy_checkproxyblock(r, conf, uri->hostname,
proxyname ? NULL : conn->addr)) {
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
/*
* When SSL is configured, determine the hostname (SNI) for the request
* and save it in conn->ssl_hostname. Close any reused connection whose
* SNI differs.
*/
if (conn->is_ssl) {
proxy_dir_conf *dconf;
const char *ssl_hostname;
/*
* In the case of ProxyPreserveHost on use the hostname of
* the request if present otherwise use the one from the
* backend request URI.
*/
dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
if (dconf->preserve_host) {
ssl_hostname = r->hostname;
}
else {
ssl_hostname = conn->hostname;
}
/*
* Close if a SNI is in use but this request requires no or
* a different one, or no SNI is in use but one is required.
*/
if ((conn->ssl_hostname && (!ssl_hostname ||
strcasecmp(conn->ssl_hostname,
ssl_hostname) != 0)) ||
(!conn->ssl_hostname && ssl_hostname && conn->sock)) {
socket_cleanup(conn);
}
if (conn->ssl_hostname == NULL) {
conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname);
}
}
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00947)
"connected %s to %s:%d", *url, conn->hostname, conn->port);
return OK;
}
#define USE_ALTERNATE_IS_CONNECTED 1
#if !defined(APR_MSG_PEEK) && defined(MSG_PEEK)
#define APR_MSG_PEEK MSG_PEEK
#endif
#if USE_ALTERNATE_IS_CONNECTED && defined(APR_MSG_PEEK)
PROXY_DECLARE(int) ap_proxy_is_socket_connected(apr_socket_t *socket)
{
apr_pollfd_t pfds[1];
apr_status_t status;
apr_int32_t nfds;
pfds[0].reqevents = APR_POLLIN;
pfds[0].desc_type = APR_POLL_SOCKET;
pfds[0].desc.s = socket;
do {
status = apr_poll(&pfds[0], 1, &nfds, 0);
} while (APR_STATUS_IS_EINTR(status));
if (status == APR_SUCCESS && nfds == 1 &&
pfds[0].rtnevents == APR_POLLIN) {
apr_sockaddr_t unused;
apr_size_t len = 1;
char buf[1];
/* The socket might be closed in which case
* the poll will return POLLIN.
* If there is no data available the socket
* is closed.
*/
status = apr_socket_recvfrom(&unused, socket, APR_MSG_PEEK,
&buf[0], &len);
if (status == APR_SUCCESS && len)
return 1;
else
return 0;
}
else if (APR_STATUS_IS_EAGAIN(status) || APR_STATUS_IS_TIMEUP(status)) {
return 1;
}
return 0;
}
#else
PROXY_DECLARE(int) ap_proxy_is_socket_connected(apr_socket_t *socket)
{
apr_size_t buffer_len = 1;
char test_buffer[1];
apr_status_t socket_status;
apr_interval_time_t current_timeout;
/* save timeout */
apr_socket_timeout_get(sock, &current_timeout);
/* set no timeout */
apr_socket_timeout_set(sock, 0);
socket_status = apr_socket_recv(sock, test_buffer, &buffer_len);
/* put back old timeout */
apr_socket_timeout_set(sock, current_timeout);
if (APR_STATUS_IS_EOF(socket_status)
|| APR_STATUS_IS_ECONNRESET(socket_status)) {
return 0;
}
else {
return 1;
}
}
#endif /* USE_ALTERNATE_IS_CONNECTED */
/*
* Send a HTTP CONNECT request to a forward proxy.
* The proxy is given by "backend", the target server
* is contained in the "forward" member of "backend".
*/
static apr_status_t send_http_connect(proxy_conn_rec *backend,
server_rec *s)
{
int status;
apr_size_t nbytes;
apr_size_t left;
int complete = 0;
char buffer[HUGE_STRING_LEN];
char drain_buffer[HUGE_STRING_LEN];
forward_info *forward = (forward_info *)backend->forward;
int len = 0;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00948)
"CONNECT: sending the CONNECT request for %s:%d "
"to the remote proxy %pI (%s)",
forward->target_host, forward->target_port,
backend->addr, backend->hostname);
/* Create the CONNECT request */
nbytes = apr_snprintf(buffer, sizeof(buffer),
"CONNECT %s:%d HTTP/1.0" CRLF,
forward->target_host, forward->target_port);
/* Add proxy authorization from the initial request if necessary */
if (forward->proxy_auth != NULL) {
nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes,
"Proxy-Authorization: %s" CRLF,
forward->proxy_auth);
}
/* Set a reasonable agent and send everything */
nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes,
"Proxy-agent: %s" CRLF CRLF,
ap_get_server_banner());
apr_socket_send(backend->sock, buffer, &nbytes);
/* Receive the whole CONNECT response */
left = sizeof(buffer) - 1;
/* Read until we find the end of the headers or run out of buffer */
do {
nbytes = left;
status = apr_socket_recv(backend->sock, buffer + len, &nbytes);
len += nbytes;
left -= nbytes;
buffer[len] = '\0';
if (strstr(buffer + len - nbytes, "\r\n\r\n") != NULL) {
complete = 1;
break;
}
} while (status == APR_SUCCESS && left > 0);
/* Drain what's left */
if (!complete) {
nbytes = sizeof(drain_buffer) - 1;
while (status == APR_SUCCESS && nbytes) {
status = apr_socket_recv(backend->sock, drain_buffer, &nbytes);
drain_buffer[nbytes] = '\0';
nbytes = sizeof(drain_buffer) - 1;
if (strstr(drain_buffer, "\r\n\r\n") != NULL) {
break;
}
}
}
/* Check for HTTP_OK response status */
if (status == APR_SUCCESS) {
int major, minor;
/* Only scan for three character status code */
char code_str[4];
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00949)
"send_http_connect: response from the forward proxy: %s",
buffer);
/* Extract the returned code */
if (sscanf(buffer, "HTTP/%u.%u %3s", &major, &minor, code_str) == 3) {
status = atoi(code_str);
if (status == HTTP_OK) {
status = APR_SUCCESS;
}
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00950)
"send_http_connect: the forward proxy returned code is '%s'",
code_str);
status = APR_INCOMPLETE;
}
}
}
return(status);
}
#if APR_HAVE_SYS_UN_H
/* lifted from mod_proxy_fdpass.c; tweaked addrlen in connect() call */
static apr_status_t socket_connect_un(apr_socket_t *sock,
struct sockaddr_un *sa)
{
apr_status_t rv;
apr_os_sock_t rawsock;
apr_interval_time_t t;
rv = apr_os_sock_get(&rawsock, sock);
if (rv != APR_SUCCESS) {
return rv;
}
rv = apr_socket_timeout_get(sock, &t);
if (rv != APR_SUCCESS) {
return rv;
}
do {
const socklen_t addrlen = APR_OFFSETOF(struct sockaddr_un, sun_path)
+ strlen(sa->sun_path) + 1;
rv = connect(rawsock, (struct sockaddr*)sa, addrlen);
} while (rv == -1 && errno == EINTR);
if ((rv == -1) && (errno == EINPROGRESS || errno == EALREADY)
&& (t > 0)) {
#if APR_MAJOR_VERSION < 2
rv = apr_wait_for_io_or_timeout(NULL, sock, 0);
#else
rv = apr_socket_wait(sock, APR_WAIT_WRITE);
#endif
if (rv != APR_SUCCESS) {
return rv;
}
}
if (rv == -1 && errno != EISCONN) {
return errno;
}
return APR_SUCCESS;
}
#endif
PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
proxy_conn_rec *conn,
proxy_worker *worker,
server_rec *s)
{
apr_status_t rv;
int connected = 0;
int loglevel;
apr_sockaddr_t *backend_addr = conn->addr;
/* the local address to use for the outgoing connection */
apr_sockaddr_t *local_addr;
apr_socket_t *newsock;
void *sconf = s->module_config;
proxy_server_conf *conf =
(proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
if (conn->sock) {
if (!(connected = ap_proxy_is_socket_connected(conn->sock))) {
socket_cleanup(conn);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00951)
"%s: backend socket is disconnected.",
proxy_function);
}
}
while ((backend_addr || conn->uds_path) && !connected) {
#if APR_HAVE_SYS_UN_H
if (conn->uds_path)
{
struct sockaddr_un sa;
rv = apr_socket_create(&newsock, AF_UNIX, SOCK_STREAM, 0,
conn->scpool);
if (rv != APR_SUCCESS) {
loglevel = APLOG_ERR;
ap_log_error(APLOG_MARK, loglevel, rv, s, APLOGNO(02453)
"%s: error creating Unix domain socket for "
"target %s",
proxy_function,
worker->s->hostname);
break;
}
conn->connection = NULL;
sa.sun_family = AF_UNIX;
apr_cpystrn(sa.sun_path, conn->uds_path, sizeof(sa.sun_path));
rv = socket_connect_un(newsock, &sa);
if (rv != APR_SUCCESS) {
apr_socket_close(newsock);
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(02454)
"%s: attempt to connect to Unix domain socket "
"%s (%s) failed",
proxy_function,
conn->uds_path,
worker->s->hostname);
break;
}
}
else
#endif
{
if ((rv = apr_socket_create(&newsock, backend_addr->family,
SOCK_STREAM, APR_PROTO_TCP,
conn->scpool)) != APR_SUCCESS) {
loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
ap_log_error(APLOG_MARK, loglevel, rv, s, APLOGNO(00952)
"%s: error creating fam %d socket for "
"target %s",
proxy_function,
backend_addr->family,
worker->s->hostname);
/*
* this could be an IPv6 address from the DNS but the
* local machine won't give us an IPv6 socket; hopefully the
* DNS returned an additional address to try
*/
backend_addr = backend_addr->next;
continue;
}
conn->connection = NULL;
if (worker->s->recv_buffer_size > 0 &&
(rv = apr_socket_opt_set(newsock, APR_SO_RCVBUF,
worker->s->recv_buffer_size))) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00953)
"apr_socket_opt_set(SO_RCVBUF): Failed to set "
"ProxyReceiveBufferSize, using default");
}
rv = apr_socket_opt_set(newsock, APR_TCP_NODELAY, 1);
if (rv != APR_SUCCESS && rv != APR_ENOTIMPL) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00954)
"apr_socket_opt_set(APR_TCP_NODELAY): "
"Failed to set");
}
/* Set a timeout for connecting to the backend on the socket */
if (worker->s->conn_timeout_set) {
apr_socket_timeout_set(newsock, worker->s->conn_timeout);
}
else if (worker->s->timeout_set) {
apr_socket_timeout_set(newsock, worker->s->timeout);
}
else if (conf->timeout_set) {
apr_socket_timeout_set(newsock, conf->timeout);
}
else {
apr_socket_timeout_set(newsock, s->timeout);
}
/* Set a keepalive option */
if (worker->s->keepalive) {
if ((rv = apr_socket_opt_set(newsock,
APR_SO_KEEPALIVE, 1)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00955)
"apr_socket_opt_set(SO_KEEPALIVE): Failed to set"
" Keepalive");
}
}
ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, s,
"%s: fam %d socket created to connect to %s",
proxy_function, backend_addr->family, worker->s->hostname);
if (conf->source_address_set) {
local_addr = apr_pmemdup(conn->pool, conf->source_address,
sizeof(apr_sockaddr_t));
local_addr->pool = conn->pool;
rv = apr_socket_bind(newsock, local_addr);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00956)
"%s: failed to bind socket to local address",
proxy_function);
}
}
/* make the connection out of the socket */
rv = apr_socket_connect(newsock, backend_addr);
/* if an error occurred, loop round and try again */
if (rv != APR_SUCCESS) {
apr_socket_close(newsock);
loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
ap_log_error(APLOG_MARK, loglevel, rv, s, APLOGNO(00957)
"%s: attempt to connect to %pI (%s) failed",
proxy_function,
backend_addr,
worker->s->hostname);
backend_addr = backend_addr->next;
continue;
}
}
/* Set a timeout on the socket */
if (worker->s->timeout_set) {
apr_socket_timeout_set(newsock, worker->s->timeout);
}
else if (conf->timeout_set) {
apr_socket_timeout_set(newsock, conf->timeout);
}
else {
apr_socket_timeout_set(newsock, s->timeout);
}
conn->sock = newsock;
if (!conn->uds_path && conn->forward) {
forward_info *forward = (forward_info *)conn->forward;
/*
* For HTTP CONNECT we need to prepend CONNECT request before
* sending our actual HTTPS requests.
*/
if (forward->use_http_connect) {
rv = send_http_connect(conn, s);
/* If an error occurred, loop round and try again */
if (rv != APR_SUCCESS) {
conn->sock = NULL;
apr_socket_close(newsock);
loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
ap_log_error(APLOG_MARK, loglevel, rv, s, APLOGNO(00958)
"%s: attempt to connect to %s:%d "
"via http CONNECT through %pI (%s) failed",
proxy_function,
forward->target_host, forward->target_port,
backend_addr, worker->s->hostname);
backend_addr = backend_addr->next;
continue;
}
}
}
connected = 1;
}
/*
* Put the entire worker to error state if
* the PROXY_WORKER_IGNORE_ERRORS flag is not set.
* Altrough some connections may be alive
* no further connections to the worker could be made
*/
if (!connected && PROXY_WORKER_IS_USABLE(worker) &&
!(worker->s->status & PROXY_WORKER_IGNORE_ERRORS)) {
worker->s->error_time = apr_time_now();
worker->s->status |= PROXY_WORKER_IN_ERROR;
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00959)
"ap_proxy_connect_backend disabling worker for (%s) for %"
APR_TIME_T_FMT "s",
worker->s->hostname, apr_time_sec(worker->s->retry));
}
else {
if (worker->s->retries) {
/*
* A worker came back. So here is where we need to
* either reset all params to initial conditions or
* apply some sort of aging
*/
}
worker->s->error_time = 0;
worker->s->retries = 0;
}
return connected ? OK : DECLINED;
}
PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function,
proxy_conn_rec *conn,
conn_rec *c,
server_rec *s)
{
apr_sockaddr_t *backend_addr = conn->addr;
int rc;
apr_interval_time_t current_timeout;
apr_bucket_alloc_t *bucket_alloc;
if (conn->connection) {
return OK;
}
bucket_alloc = apr_bucket_alloc_create(conn->scpool);
/*
* The socket is now open, create a new backend server connection
*/
conn->connection = ap_run_create_connection(conn->scpool, s, conn->sock,
0, NULL,
bucket_alloc);
if (!conn->connection) {
/*
* the peer reset the connection already; ap_run_create_connection()
* closed the socket
*/
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
s, APLOGNO(00960) "%s: an error occurred creating a "
"new connection to %pI (%s)", proxy_function,
backend_addr, conn->hostname);
/* XXX: Will be closed when proxy_conn is closed */
socket_cleanup(conn);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* For ssl connection to backend */
if (conn->is_ssl) {
if (!ap_proxy_ssl_enable(conn->connection)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0,
s, APLOGNO(00961) "%s: failed to enable ssl support "
"for %pI (%s)", proxy_function,
backend_addr, conn->hostname);
return HTTP_INTERNAL_SERVER_ERROR;
}
}
else {
/* TODO: See if this will break FTP */
ap_proxy_ssl_disable(conn->connection);
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00962)
"%s: connection complete to %pI (%s)",
proxy_function, backend_addr, conn->hostname);
/*
* save the timeout of the socket because core_pre_connection
* will set it to base_server->timeout
* (core TimeOut directive).
*/
apr_socket_timeout_get(conn->sock, &current_timeout);
/* set up the connection filters */
rc = ap_run_pre_connection(conn->connection, conn->sock);
if (rc != OK && rc != DONE) {
conn->connection->aborted = 1;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00963)
"%s: pre_connection setup failed (%d)",
proxy_function, rc);
return rc;
}
apr_socket_timeout_set(conn->sock, current_timeout);
return OK;
}
int ap_proxy_lb_workers(void)
{
/*
* Since we can't resize the scoreboard when reconfiguring, we
* have to impose a limit on the number of workers, we are
* able to reconfigure to.
*/
if (!lb_workers_limit)
lb_workers_limit = proxy_lb_workers + PROXY_DYNAMIC_BALANCER_LIMIT;
return lb_workers_limit;
}
/* deprecated - to be removed in v2.6 */
PROXY_DECLARE(void) ap_proxy_backend_broke(request_rec *r,
apr_bucket_brigade *brigade)
{
apr_bucket *e;
conn_rec *c = r->connection;
r->no_cache = 1;
/*
* If this is a subrequest, then prevent also caching of the main
* request.
*/
if (r->main)
r->main->no_cache = 1;
e = ap_bucket_error_create(HTTP_GATEWAY_TIME_OUT, NULL, c->pool,
c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(brigade, e);
e = apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(brigade, e);
}
/*
* Provide a string hashing function for the proxy.
* We offer 2 methods: one is the APR model but we
* also provide our own, based on either FNV or SDBM.
* The reason is in case we want to use both to ensure no
* collisions.
*/
PROXY_DECLARE(unsigned int)
ap_proxy_hashfunc(const char *str, proxy_hash_t method)
{
if (method == PROXY_HASHFUNC_APR) {
apr_ssize_t slen = strlen(str);
return apr_hashfunc_default(str, &slen);
}
else if (method == PROXY_HASHFUNC_FNV) {
/* FNV model */
unsigned int hash;
const unsigned int fnv_prime = 0x811C9DC5;
for (hash = 0; *str; str++) {
hash *= fnv_prime;
hash ^= (*str);
}
return hash;
}
else { /* method == PROXY_HASHFUNC_DEFAULT */
/* SDBM model */
unsigned int hash;
for (hash = 0; *str; str++) {
hash = (*str) + (hash << 6) + (hash << 16) - hash;
}
return hash;
}
}
PROXY_DECLARE(apr_status_t) ap_proxy_set_wstatus(char c, int set, proxy_worker *w)
{
unsigned int *status = &w->s->status;
char flag = toupper(c);
struct wstat *pwt = wstat_tbl;
while (pwt->bit) {
if (flag == pwt->flag) {
if (set)
*status |= pwt->bit;
else
*status &= ~(pwt->bit);
return APR_SUCCESS;
}
pwt++;
}
return APR_EINVAL;
}
PROXY_DECLARE(char *) ap_proxy_parse_wstatus(apr_pool_t *p, proxy_worker *w)
{
char *ret = "";
unsigned int status = w->s->status;
struct wstat *pwt = wstat_tbl;
while (pwt->bit) {
if (status & pwt->bit)
ret = apr_pstrcat(p, ret, pwt->name, NULL);
pwt++;
}
if (PROXY_WORKER_IS_USABLE(w))
ret = apr_pstrcat(p, ret, "Ok ", NULL);
return ret;
}
PROXY_DECLARE(apr_status_t) ap_proxy_sync_balancer(proxy_balancer *b, server_rec *s,
proxy_server_conf *conf)
{
proxy_worker **workers;
int i;
int index;
proxy_worker_shared *shm;
proxy_balancer_method *lbmethod;
ap_slotmem_provider_t *storage = b->storage;
if (b->s->wupdated <= b->wupdated)
return APR_SUCCESS;
/* balancer sync */
lbmethod = ap_lookup_provider(PROXY_LBMETHOD, b->s->lbpname, "0");
if (lbmethod) {
b->lbmethod = lbmethod;
} else {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, APLOGNO(02433)
"Cannot find LB Method: %s", b->s->lbpname);
return APR_EINVAL;
}
/* worker sync */
/*
* Look thru the list of workers in shm
* and see which one(s) we are lacking...
* again, the cast to unsigned int is safe
* since our upper limit is always max_workers
* which is int.
*/
for (index = 0; index < b->max_workers; index++) {
int found;
apr_status_t rv;
if ((rv = storage->dptr(b->wslot, (unsigned int)index, (void *)&shm)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(00965) "worker slotmem_dptr failed");
return APR_EGENERAL;
}
/* account for possible "holes" in the slotmem
* (eg: slots 0-2 are used, but 3 isn't, but 4-5 is)
*/
if (!shm->hash.def || !shm->hash.fnv)
continue;
found = 0;
workers = (proxy_worker **)b->workers->elts;
for (i = 0; i < b->workers->nelts; i++, workers++) {
proxy_worker *worker = *workers;
if (worker->hash.def == shm->hash.def && worker->hash.fnv == shm->hash.fnv) {
found = 1;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02402)
"re-grabbing shm[%d] (0x%pp) for worker: %s", i, (void *)shm,
ap_proxy_worker_name(conf->pool, worker));
break;
}
}
if (!found) {
proxy_worker **runtime;
apr_global_mutex_lock(proxy_mutex);
runtime = apr_array_push(b->workers);
*runtime = apr_palloc(conf->pool, sizeof(proxy_worker));
apr_global_mutex_unlock(proxy_mutex);
(*runtime)->hash = shm->hash;
(*runtime)->context = NULL;
(*runtime)->cp = NULL;
(*runtime)->balancer = b;
(*runtime)->s = shm;
(*runtime)->tmutex = NULL;
rv = ap_proxy_initialize_worker(*runtime, s, conf->pool);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(00966) "Cannot init worker");
return rv;
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02403)
"grabbing shm[%d] (0x%pp) for worker: %s", i, (void *)shm,
(*runtime)->s->name);
}
}
if (b->s->need_reset) {
if (b->lbmethod && b->lbmethod->reset)
b->lbmethod->reset(b, s);
b->s->need_reset = 0;
}
b->wupdated = b->s->wupdated;
return APR_SUCCESS;
}
PROXY_DECLARE(proxy_worker_shared *) ap_proxy_find_workershm(ap_slotmem_provider_t *storage,
ap_slotmem_instance_t *slot,
proxy_worker *worker,
unsigned int *index)
{
proxy_worker_shared *shm;
unsigned int i, limit;
limit = storage->num_slots(slot);
for (i = 0; i < limit; i++) {
if (storage->dptr(slot, i, (void *)&shm) != APR_SUCCESS) {
return NULL;
}
if ((worker->s->hash.def == shm->hash.def) &&
(worker->s->hash.fnv == shm->hash.fnv)) {
*index = i;
return shm;
}
}
return NULL;
}
PROXY_DECLARE(proxy_balancer_shared *) ap_proxy_find_balancershm(ap_slotmem_provider_t *storage,
ap_slotmem_instance_t *slot,
proxy_balancer *balancer,
unsigned int *index)
{
proxy_balancer_shared *shm;
unsigned int i, limit;
limit = storage->num_slots(slot);
for (i = 0; i < limit; i++) {
if (storage->dptr(slot, i, (void *)&shm) != APR_SUCCESS) {
return NULL;
}
if ((balancer->s->hash.def == shm->hash.def) &&
(balancer->s->hash.fnv == shm->hash.fnv)) {
*index = i;
return shm;
}
}
return NULL;
}
typedef struct header_connection {
apr_pool_t *pool;
apr_array_header_t *array;
const char *first;
unsigned int closed:1;
} header_connection;
static int find_conn_headers(void *data, const char *key, const char *val)
{
header_connection *x = data;
const char *name;
do {
while (*val == ',') {
val++;
}
name = ap_get_token(x->pool, &val, 0);
if (!strcasecmp(name, "close")) {
x->closed = 1;
}
if (!x->first) {
x->first = name;
}
else {
const char **elt;
if (!x->array) {
x->array = apr_array_make(x->pool, 4, sizeof(char *));
}
elt = apr_array_push(x->array);
*elt = name;
}
} while (*val);
return 1;
}
/**
* Remove all headers referred to by the Connection header.
*/
static int ap_proxy_clear_connection(request_rec *r, apr_table_t *headers)
{
const char **name;
header_connection x;
x.pool = r->pool;
x.array = NULL;
x.first = NULL;
x.closed = 0;
apr_table_unset(headers, "Proxy-Connection");
apr_table_do(find_conn_headers, &x, headers, "Connection", NULL);
if (x.first) {
/* fast path - no memory allocated for one header */
apr_table_unset(headers, "Connection");
apr_table_unset(headers, x.first);
}
if (x.array) {
/* two or more headers */
while ((name = apr_array_pop(x.array))) {
apr_table_unset(headers, *name);
}
}
return x.closed;
}
PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p,
apr_bucket_brigade *header_brigade,
request_rec *r,
proxy_conn_rec *p_conn,
proxy_worker *worker,
proxy_server_conf *conf,
apr_uri_t *uri,
char *url, char *server_portstr,
char **old_cl_val,
char **old_te_val)
{
conn_rec *c = r->connection;
int counter;
char *buf;
const apr_array_header_t *headers_in_array;
const apr_table_entry_t *headers_in;
apr_table_t *saved_headers_in;
apr_bucket *e;
int do_100_continue;
conn_rec *origin = p_conn->connection;
const char *fpr1;
proxy_dir_conf *dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
/*
* HTTP "Ping" test? Easiest is 100-Continue. However:
* To be compliant, we only use 100-Continue for requests with bodies.
* We also make sure we won't be talking HTTP/1.0 as well.
*/
fpr1 = apr_table_get(r->subprocess_env, "force-proxy-request-1.0");
do_100_continue = (worker->s->ping_timeout_set
&& (worker->s->ping_timeout >= 0)
&& (PROXYREQ_REVERSE == r->proxyreq)
&& !(fpr1)
&& ap_request_has_body(r));
if (fpr1) {
/*
* According to RFC 2616 8.2.3 we are not allowed to forward an
* Expect: 100-continue to an HTTP/1.0 server. Instead we MUST return
* a HTTP_EXPECTATION_FAILED
*/
if (r->expecting_100) {
return HTTP_EXPECTATION_FAILED;
}
buf = apr_pstrcat(p, r->method, " ", url, " HTTP/1.0" CRLF, NULL);
p_conn->close = 1;
} else {
buf = apr_pstrcat(p, r->method, " ", url, " HTTP/1.1" CRLF, NULL);
}
if (apr_table_get(r->subprocess_env, "proxy-nokeepalive")) {
origin->keepalive = AP_CONN_CLOSE;
p_conn->close = 1;
}
ap_xlate_proto_to_ascii(buf, strlen(buf));
e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(header_brigade, e);
if (dconf->preserve_host == 0) {
if (ap_strchr_c(uri->hostname, ':')) { /* if literal IPv6 address */
if (uri->port_str && uri->port != DEFAULT_HTTP_PORT) {
buf = apr_pstrcat(p, "Host: [", uri->hostname, "]:",
uri->port_str, CRLF, NULL);
} else {
buf = apr_pstrcat(p, "Host: [", uri->hostname, "]", CRLF, NULL);
}
} else {
if (uri->port_str && uri->port != DEFAULT_HTTP_PORT) {
buf = apr_pstrcat(p, "Host: ", uri->hostname, ":",
uri->port_str, CRLF, NULL);
} else {
buf = apr_pstrcat(p, "Host: ", uri->hostname, CRLF, NULL);
}
}
}
else {
/* don't want to use r->hostname, as the incoming header might have a
* port attached
*/
const char* hostname = apr_table_get(r->headers_in,"Host");
if (!hostname) {
hostname = r->server->server_hostname;
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01092)
"no HTTP 0.9 request (with no host line) "
"on incoming request and preserve host set "
"forcing hostname to be %s for uri %s",
hostname, r->uri);
}
buf = apr_pstrcat(p, "Host: ", hostname, CRLF, NULL);
}
ap_xlate_proto_to_ascii(buf, strlen(buf));
e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(header_brigade, e);
/*
* Save the original headers in here and restore them when leaving, since
* we will apply proxy purpose only modifications (eg. clearing hop-by-hop
* headers, add Via or X-Forwarded-* or Expect...), whereas the originals
* will be needed later to prepare the correct response and logging.
*
* Note: We need to take r->pool for apr_table_copy as the key / value
* pairs in r->headers_in have been created out of r->pool and
* p might be (and actually is) a longer living pool.
* This would trigger the bad pool ancestry abort in apr_table_copy if
* apr is compiled with APR_POOL_DEBUG.
*/
saved_headers_in = r->headers_in;
r->headers_in = apr_table_copy(r->pool, saved_headers_in);
/* handle Via */
if (conf->viaopt == via_block) {
/* Block all outgoing Via: headers */
apr_table_unset(r->headers_in, "Via");
} else if (conf->viaopt != via_off) {
const char *server_name = ap_get_server_name(r);
/* If USE_CANONICAL_NAME_OFF was configured for the proxy virtual host,
* then the server name returned by ap_get_server_name() is the
* origin server name (which does make too much sense with Via: headers)
* so we use the proxy vhost's name instead.
*/
if (server_name == r->hostname)
server_name = r->server->server_hostname;
/* Create a "Via:" request header entry and merge it */
/* Generate outgoing Via: header with/without server comment: */
apr_table_mergen(r->headers_in, "Via",
(conf->viaopt == via_full)
? apr_psprintf(p, "%d.%d %s%s (%s)",
HTTP_VERSION_MAJOR(r->proto_num),
HTTP_VERSION_MINOR(r->proto_num),
server_name, server_portstr,
AP_SERVER_BASEVERSION)
: apr_psprintf(p, "%d.%d %s%s",
HTTP_VERSION_MAJOR(r->proto_num),
HTTP_VERSION_MINOR(r->proto_num),
server_name, server_portstr)
);
}
/* Use HTTP/1.1 100-Continue as quick "HTTP ping" test
* to backend
*/
if (do_100_continue) {
const char *val;
if (!r->expecting_100) {
/* Don't forward any "100 Continue" response if the client is
* not expecting it.
*/
apr_table_setn(r->subprocess_env, "proxy-interim-response",
"Suppress");
}
/* Add the Expect header if not already there. */
if (((val = apr_table_get(r->headers_in, "Expect")) == NULL)
|| (strcasecmp(val, "100-Continue") != 0 // fast path
&& !ap_find_token(r->pool, val, "100-Continue"))) {
apr_table_mergen(r->headers_in, "Expect", "100-Continue");
}
}
/* X-Forwarded-*: handling
*
* XXX Privacy Note:
* -----------------
*
* These request headers are only really useful when the mod_proxy
* is used in a reverse proxy configuration, so that useful info
* about the client can be passed through the reverse proxy and on
* to the backend server, which may require the information to
* function properly.
*
* In a forward proxy situation, these options are a potential
* privacy violation, as information about clients behind the proxy
* are revealed to arbitrary servers out there on the internet.
*
* The HTTP/1.1 Via: header is designed for passing client
* information through proxies to a server, and should be used in
* a forward proxy configuation instead of X-Forwarded-*. See the
* ProxyVia option for details.
*/
if (dconf->add_forwarded_headers) {
if (PROXYREQ_REVERSE == r->proxyreq) {
const char *buf;
/* Add X-Forwarded-For: so that the upstream has a chance to
* determine, where the original request came from.
*/
apr_table_mergen(r->headers_in, "X-Forwarded-For",
r->useragent_ip);
/* Add X-Forwarded-Host: so that upstream knows what the
* original request hostname was.
*/
if ((buf = apr_table_get(r->headers_in, "Host"))) {
apr_table_mergen(r->headers_in, "X-Forwarded-Host", buf);
}
/* Add X-Forwarded-Server: so that upstream knows what the
* name of this proxy server is (if there are more than one)
* XXX: This duplicates Via: - do we strictly need it?
*/
apr_table_mergen(r->headers_in, "X-Forwarded-Server",
r->server->server_hostname);
}
}
proxy_run_fixups(r);
ap_proxy_clear_connection(r, r->headers_in);
/* send request headers */
headers_in_array = apr_table_elts(r->headers_in);
headers_in = (const apr_table_entry_t *) headers_in_array->elts;
for (counter = 0; counter < headers_in_array->nelts; counter++) {
if (headers_in[counter].key == NULL
|| headers_in[counter].val == NULL
/* Already sent */
|| !strcasecmp(headers_in[counter].key, "Host")
/* Clear out hop-by-hop request headers not to send
* RFC2616 13.5.1 says we should strip these headers
*/
|| !strcasecmp(headers_in[counter].key, "Keep-Alive")
|| !strcasecmp(headers_in[counter].key, "TE")
|| !strcasecmp(headers_in[counter].key, "Trailer")
|| !strcasecmp(headers_in[counter].key, "Upgrade")
) {
continue;
}
/* Do we want to strip Proxy-Authorization ?
* If we haven't used it, then NO
* If we have used it then MAYBE: RFC2616 says we MAY propagate it.
* So let's make it configurable by env.
*/
if (!strcasecmp(headers_in[counter].key,"Proxy-Authorization")) {
if (r->user != NULL) { /* we've authenticated */
if (!apr_table_get(r->subprocess_env, "Proxy-Chain-Auth")) {
continue;
}
}
}
/* Skip Transfer-Encoding and Content-Length for now.
*/
if (!strcasecmp(headers_in[counter].key, "Transfer-Encoding")) {
*old_te_val = headers_in[counter].val;
continue;
}
if (!strcasecmp(headers_in[counter].key, "Content-Length")) {
*old_cl_val = headers_in[counter].val;
continue;
}
/* for sub-requests, ignore freshness/expiry headers */
if (r->main) {
if ( !strcasecmp(headers_in[counter].key, "If-Match")
|| !strcasecmp(headers_in[counter].key, "If-Modified-Since")
|| !strcasecmp(headers_in[counter].key, "If-Range")
|| !strcasecmp(headers_in[counter].key, "If-Unmodified-Since")
|| !strcasecmp(headers_in[counter].key, "If-None-Match")) {
continue;
}
}
buf = apr_pstrcat(p, headers_in[counter].key, ": ",
headers_in[counter].val, CRLF,
NULL);
ap_xlate_proto_to_ascii(buf, strlen(buf));
e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(header_brigade, e);
}
/* Restore the original headers in (see comment above),
* we won't modify them anymore.
*/
r->headers_in = saved_headers_in;
return OK;
}
PROXY_DECLARE(int) ap_proxy_pass_brigade(apr_bucket_alloc_t *bucket_alloc,
request_rec *r, proxy_conn_rec *p_conn,
conn_rec *origin, apr_bucket_brigade *bb,
int flush)
{
apr_status_t status;
apr_off_t transferred;
if (flush) {
apr_bucket *e = apr_bucket_flush_create(bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
}
apr_brigade_length(bb, 0, &transferred);
if (transferred != -1)
p_conn->worker->s->transferred += transferred;
status = ap_pass_brigade(origin->output_filters, bb);
/* Cleanup the brigade now to avoid buckets lifetime
* issues in case of error returned below. */
apr_brigade_cleanup(bb);
if (status != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01084)
"pass request body failed to %pI (%s)",
p_conn->addr, p_conn->hostname);
if (origin->aborted) {
const char *ssl_note;
if (((ssl_note = apr_table_get(origin->notes, "SSL_connect_rv"))
!= NULL) && (strcmp(ssl_note, "err") == 0)) {
return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
"Error during SSL Handshake with"
" remote server");
}
return HTTP_GATEWAY_TIME_OUT;
}
else {
return HTTP_BAD_REQUEST;
}
}
return OK;
}
/* Fill in unknown schemes from apr_uri_port_of_scheme() */
typedef struct proxy_schemes_t {
const char *name;
apr_port_t default_port;
} proxy_schemes_t ;
static proxy_schemes_t pschemes[] =
{
{"fcgi", 8000},
{"ajp", AJP13_DEF_PORT},
{ NULL, 0xFFFF } /* unknown port */
};
PROXY_DECLARE(apr_port_t) ap_proxy_port_of_scheme(const char *scheme)
{
if (scheme) {
apr_port_t port;
if ((port = apr_uri_port_of_scheme(scheme)) != 0) {
return port;
} else {
proxy_schemes_t *pscheme;
for (pscheme = pschemes; pscheme->name != NULL; ++pscheme) {
if (strcasecmp(scheme, pscheme->name) == 0) {
return pscheme->default_port;
}
}
}
}
return 0;
}
void proxy_util_register_hooks(apr_pool_t *p)
{
APR_REGISTER_OPTIONAL_FN(ap_proxy_retry_worker);
APR_REGISTER_OPTIONAL_FN(ap_proxy_clear_connection);
}