You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2020/02/24 15:18:33 UTC
svn commit: r1874456 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
docs/manual/mod/mod_proxy.xml modules/proxy/ajp.h
modules/proxy/ajp_header.c modules/proxy/mod_proxy.c
modules/proxy/mod_proxy.h modules/proxy/mod_proxy_ajp.c
Author: rjung
Date: Mon Feb 24 15:18:33 2020
New Revision: 1874456
URL: http://svn.apache.org/viewvc?rev=1874456&view=rev
Log:
mod_proxy_ajp: Add "secret" parameter to proxy workers
to implement legacy AJP13 authentication. PR 53098.
The attribute is now suggested/required by tomcat.
Backport of r1738878 from trunk.
Backported by: covener
Reviewed by: covener, jorton, rjung
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml
httpd/httpd/branches/2.4.x/modules/proxy/ajp.h
httpd/httpd/branches/2.4.x/modules/proxy/ajp_header.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.h
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1738878
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1874456&r1=1874455&r2=1874456&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon Feb 24 15:18:33 2020
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.42
+ *) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy
+ AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
+
*) mpm_event: avoid possible KeepAlveTimeout off by -100 ms.
[Eric Covener, Yann Ylavic]
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml?rev=1874456&r1=1874455&r2=1874456&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy.xml Mon Feb 24 15:18:33 2020
@@ -1232,8 +1232,10 @@ ProxyPass "/mirror/foo/i" "!"
</td></tr>
<tr><td>secret</td>
<td>-</td>
- <td><p>Value of secret used by <module>mod_proxy_ajp</module>.
- See the documentation of this module for more details.</p>
+ <td>Value of secret used by <module>mod_proxy_ajp</module>.
+ It must be identical to the secret configured on the server side of the
+ AJP connection.<br />
+ Available in Apache HTTP Server 2.4.42 and later.
</td></tr>
<tr><td>upgrade</td>
<td>WebSocket</td>
Modified: httpd/httpd/branches/2.4.x/modules/proxy/ajp.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/ajp.h?rev=1874456&r1=1874455&r2=1874456&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/ajp.h (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/ajp.h Mon Feb 24 15:18:33 2020
@@ -414,11 +414,13 @@ apr_status_t ajp_ilink_receive(apr_socke
* @param r current request
* @param buffsize max size of the AJP packet.
* @param uri requested uri
+ * @param secret authentication secret
* @return APR_SUCCESS or error
*/
apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
apr_size_t buffsize,
- apr_uri_t *uri);
+ apr_uri_t *uri,
+ const char *secret);
/**
* Read the ajp message and return the type of the message.
Modified: httpd/httpd/branches/2.4.x/modules/proxy/ajp_header.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/ajp_header.c?rev=1874456&r1=1874455&r2=1874456&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/ajp_header.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/ajp_header.c Mon Feb 24 15:18:33 2020
@@ -214,7 +214,8 @@ AJPV13_REQUEST/AJPV14_REQUEST=
static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
request_rec *r,
- apr_uri_t *uri)
+ apr_uri_t *uri,
+ const char *secret)
{
int method;
apr_uint32_t i, num_headers = 0;
@@ -294,17 +295,15 @@ static apr_status_t ajp_marshal_into_msg
i, elts[i].key, elts[i].val);
}
-/* XXXX need to figure out how to do this
- if (s->secret) {
+ if (secret) {
if (ajp_msg_append_uint8(msg, SC_A_SECRET) ||
- ajp_msg_append_string(msg, s->secret)) {
+ ajp_msg_append_string(msg, secret)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(03228)
- "Error ajp_marshal_into_msgb - "
+ "ajp_marshal_into_msgb: "
"Error appending secret");
return APR_EGENERAL;
}
}
- */
if (r->user) {
if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
@@ -672,7 +671,8 @@ static apr_status_t ajp_unmarshal_respon
apr_status_t ajp_send_header(apr_socket_t *sock,
request_rec *r,
apr_size_t buffsize,
- apr_uri_t *uri)
+ apr_uri_t *uri,
+ const char *secret)
{
ajp_msg_t *msg;
apr_status_t rc;
@@ -684,7 +684,7 @@ apr_status_t ajp_send_header(apr_socket_
return rc;
}
- rc = ajp_marshal_into_msgb(msg, r, uri);
+ rc = ajp_marshal_into_msgb(msg, r, uri, secret);
if (rc != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
"ajp_send_header: ajp_marshal_into_msgb failed");
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c?rev=1874456&r1=1874455&r2=1874456&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c Mon Feb 24 15:18:33 2020
@@ -327,6 +327,12 @@ static const char *set_worker_param(apr_
worker->s->response_field_size = (s ? s : HUGE_STRING_LEN);
worker->s->response_field_size_set = 1;
}
+ else if (!strcasecmp(key, "secret")) {
+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
+ return apr_psprintf(p, "Secret length must be < %d characters",
+ (int)sizeof(worker->s->secret));
+ }
+ }
else {
if (set_worker_hc_param_f) {
return set_worker_hc_param_f(p, s, worker, key, val, NULL);
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.h?rev=1874456&r1=1874455&r2=1874456&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.h (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.h Mon Feb 24 15:18:33 2020
@@ -362,6 +362,7 @@ PROXY_WORKER_HC_FAIL )
#define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
#define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
#define PROXY_BALANCER_MAX_STICKY_SIZE 64
+#define PROXY_WORKER_MAX_SECRET_SIZE 64
#define PROXY_RFC1035_HOSTNAME_SIZE 256
@@ -464,6 +465,7 @@ typedef struct {
char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */
apr_size_t response_field_size; /* Size of proxy response buffer in bytes. */
unsigned int response_field_size_set:1;
+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
} proxy_worker_shared;
#define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c?rev=1874456&r1=1874455&r2=1874456&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c Mon Feb 24 15:18:33 2020
@@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool
apr_off_t content_length = 0;
int original_status = r->status;
const char *original_status_line = r->status_line;
+ const char *secret = NULL;
if (psf->io_buffer_size_set)
maxsize = psf->io_buffer_size;
@@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool
maxsize = AJP_MSG_BUFFER_SZ;
maxsize = APR_ALIGN(maxsize, 1024);
+ if (*conn->worker->s->secret)
+ secret = conn->worker->s->secret;
+
/*
* Send the AJP request to the remote server
*/
/* send request headers */
- status = ajp_send_header(conn->sock, r, maxsize, uri);
+ status = ajp_send_header(conn->sock, r, maxsize, uri, secret);
if (status != APR_SUCCESS) {
conn->close = 1;
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)