rpms / httpd24-httpd

Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.34-r1738878.patch

c7
  1.   c7
  2.   SOURCES
  3.   httpd-2.4.34-r1738878.patch
Blob History Raw
9364d6 
diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
9364d6 
index c119a7e..a950ee9 100644
9364d6 
--- a/modules/proxy/ajp.h
9364d6 
+++ b/modules/proxy/ajp.h
9364d6 
@@ -414,11 +414,13 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg);
9364d6 
  * @param r         current request
9364d6 
  * @param buffsize  max size of the AJP packet.
9364d6 
  * @param uri       requested uri
9364d6 
+ * @param secret    authentication secret
9364d6 
  * @return          APR_SUCCESS or error
9364d6 
  */
9364d6 
 apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
9364d6 
                              apr_size_t buffsize,
9364d6 
-                             apr_uri_t *uri);
9364d6 
+                             apr_uri_t *uri,
9364d6 
+                             const char *secret);
9364d6
9364d6 
 /**
9364d6 
  * Read the ajp message and return the type of the message.
9364d6 
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
9364d6 
index 67353a7..951f9ea 100644
9364d6 
--- a/modules/proxy/ajp_header.c
9364d6 
+++ b/modules/proxy/ajp_header.c
9364d6 
@@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST=
9364d6
9364d6 
 static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
9364d6 
                                           request_rec *r,
9364d6 
-                                          apr_uri_t *uri)
9364d6 
+                                          apr_uri_t *uri,
9364d6 
+                                          const char *secret)
9364d6 
 {
9364d6 
     int method;
9364d6 
     apr_uint32_t i, num_headers = 0;
9364d6 
@@ -293,17 +294,17 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
9364d6 
                    i, elts[i].key, elts[i].val);
9364d6 
     }
9364d6
9364d6 
-/* XXXX need to figure out how to do this
9364d6 
-    if (s->secret) {
9364d6 
+
9364d6 
+    if (secret) {
9364d6 
         if (ajp_msg_append_uint8(msg, SC_A_SECRET) ||
9364d6 
-            ajp_msg_append_string(msg, s->secret)) {
9364d6 
+            ajp_msg_append_string(msg, secret)) {
9364d6 
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(03228)
9364d6 
-                   "Error ajp_marshal_into_msgb - "
9364d6 
+                   "ajp_marshal_into_msgb: - "
9364d6 
                    "Error appending secret");
9364d6 
             return APR_EGENERAL;
9364d6 
         }
9364d6 
     }
9364d6 
- */
9364d6 
+
9364d6
9364d6 
     if (r->user) {
9364d6 
         if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
9364d6 
@@ -671,7 +672,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
9364d6 
 apr_status_t ajp_send_header(apr_socket_t *sock,
9364d6 
                              request_rec *r,
9364d6 
                              apr_size_t buffsize,
9364d6 
-                             apr_uri_t *uri)
9364d6 
+                             apr_uri_t *uri,
9364d6 
+                             const char *secret)
9364d6 
 {
9364d6 
     ajp_msg_t *msg;
9364d6 
     apr_status_t rc;
9364d6 
@@ -683,7 +685,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock,
9364d6 
         return rc;
9364d6 
     }
9364d6
9364d6 
-    rc = ajp_marshal_into_msgb(msg, r, uri);
9364d6 
+    rc = ajp_marshal_into_msgb(msg, r, uri, secret);
9364d6 
     if (rc != APR_SUCCESS) {
9364d6 
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
9364d6 
                "ajp_send_header: ajp_marshal_into_msgb failed");
9364d6 
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
9364d6 
index e6120d2..34ed5ab 100644
9364d6 
--- a/modules/proxy/mod_proxy.c
9364d6 
+++ b/modules/proxy/mod_proxy.c
9364d6 
@@ -327,6 +327,12 @@ static const char *set_worker_param(apr_pool_t *p,
9364d6 
         worker->s->response_field_size = (s ? s : HUGE_STRING_LEN);
9364d6 
         worker->s->response_field_size_set = 1;
9364d6 
     }
9364d6 
+    else if (!strcasecmp(key, "secret")) {
9364d6 
+        if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
9364d6 
+             return apr_psprintf(p, "Secret length must be < %d characters",
9364d6 
+                                 (int)sizeof(worker->s->secret));
9364d6 
+        }
9364d6 
+    }
9364d6 
     else {
9364d6 
         if (set_worker_hc_param_f) {
9364d6 
             return set_worker_hc_param_f(p, s, worker, key, val, NULL);
9364d6 
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
9364d6 
index f74b7bc..e137b11 100644
9364d6 
--- a/modules/proxy/mod_proxy.h
9364d6 
+++ b/modules/proxy/mod_proxy.h
9364d6 
@@ -357,6 +357,7 @@ PROXY_WORKER_HC_FAIL )
9364d6 
 #define PROXY_WORKER_MAX_HOSTNAME_SIZE  64
9364d6 
 #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
9364d6 
 #define PROXY_BALANCER_MAX_STICKY_SIZE  64
9364d6 
+#define PROXY_WORKER_MAX_SECRET_SIZE    64
9364d6
9364d6 
 #define PROXY_RFC1035_HOSTNAME_SIZE	256
9364d6
9364d6 
@@ -453,6 +454,7 @@ typedef struct {
9364d6 
     char      hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE];  /* RFC1035 compliant version of the remote backend address */
9364d6 
     apr_size_t   response_field_size; /* Size of proxy response buffer in bytes. */
9364d6 
     unsigned int response_field_size_set:1;
9364d6 
+    char      secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
9364d6 
 } proxy_worker_shared;
9364d6
9364d6 
 #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
9364d6 
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
9364d6 
index 8669db6..c3f5e5c 100644
9364d6 
--- a/modules/proxy/mod_proxy_ajp.c
9364d6 
+++ b/modules/proxy/mod_proxy_ajp.c
9364d6 
@@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
9364d6 
     apr_off_t content_length = 0;
9364d6 
     int original_status = r->status;
9364d6 
     const char *original_status_line = r->status_line;
9364d6 
+    const char *secret = NULL;
9364d6
9364d6 
     if (psf->io_buffer_size_set)
9364d6 
        maxsize = psf->io_buffer_size;
9364d6 
@@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
9364d6 
        maxsize = AJP_MSG_BUFFER_SZ;
9364d6 
     maxsize = APR_ALIGN(maxsize, 1024);
9364d6
9364d6 
+    if (*conn->worker->s->secret)
9364d6 
+        secret = conn->worker->s->secret;
9364d6 
+
9364d6 
     /*
9364d6 
      * Send the AJP request to the remote server
9364d6 
      */
9364d6
9364d6 
     /* send request headers */
9364d6 
-    status = ajp_send_header(conn->sock, r, maxsize, uri);
9364d6 
+    status = ajp_send_header(conn->sock, r, maxsize, uri, secret);
9364d6 
     if (status != APR_SUCCESS) {
9364d6 
         conn->close = 1;
9364d6 
         ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation