You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by co...@apache.org on 2002/02/06 20:11:23 UTC
cvs commit: jakarta-tomcat-connectors/jk/native/common jk_ajp_common.c jk_ajp_common.h jk_service.h jk_util.c jk_util.h
costin 02/02/06 11:11:23
Modified: jk/native/common jk_ajp_common.c jk_ajp_common.h
jk_service.h jk_util.c jk_util.h
Log:
Implementation of the 'secret' attribute in the request, used to
pass a key used to authenticate the sender.
This shouldn't affect in any way the current code - as long as the
secret attribute is not set on the worker, the code will behave
exactly as before and work with any tomcat from 3.2 to 4.1.
If the attribute is set, the attribute will be sent - the
receiving side should know how to deal with it, that means
it should use a recent version of jk.
On the java side, the new versions of jk will allow setting the
key - that will require any web server to send the password
in order to allow forwarding the request. The check will happen
once per tcp connection.
Revision Changes Path
1.23 +13 -3 jakarta-tomcat-connectors/jk/native/common/jk_ajp_common.c
Index: jk_ajp_common.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_ajp_common.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- jk_ajp_common.c 17 Dec 2001 15:29:38 -0000 1.22
+++ jk_ajp_common.c 6 Feb 2002 19:11:23 -0000 1.23
@@ -59,7 +59,7 @@
* Description: common stuff for bi-directional protocols ajp13/ajp14. *
* Author: Gal Shachor <sh...@il.ibm.com> *
* Author: Henri Gomez <hg...@slib.fr> *
- * Version: $Revision: 1.22 $ *
+ * Version: $Revision: 1.23 $ *
***************************************************************************/
@@ -272,7 +272,7 @@
static int ajp_marshal_into_msgb(jk_msg_buf_t *msg,
jk_ws_service_t *s,
jk_logger_t *l,
- ajp_endpoint_t *ae)
+ ajp_endpoint_t *ae)
{
unsigned char method;
unsigned i;
@@ -320,6 +320,15 @@
}
}
+ if (s->secret) {
+ if (jk_b_append_byte(msg, SC_A_SECRET) ||
+ jk_b_append_string(msg, s->secret)) {
+ jk_log(l, JK_LOG_ERROR,
+ "Error ajp_marshal_into_msgb - Error appending secret\n");
+ return JK_FALSE;
+ }
+ }
+
if (s->remote_user) {
if (jk_b_append_byte(msg, SC_A_REMOTE_USER) ||
jk_b_append_string(msg, s->remote_user)) {
@@ -384,7 +393,6 @@
}
}
-
if (s->num_attributes > 0) {
for (i = 0 ; i < s->num_attributes ; i++) {
if (jk_b_append_byte(msg, SC_A_REQ_ATTRIBUTE) ||
@@ -1087,6 +1095,7 @@
p->reuse = JK_FALSE;
*is_recoverable_error = JK_TRUE;
+ s->secret = p->worker->secret;
/*
* We get here initial request (in reqmsg)
*/
@@ -1240,6 +1249,7 @@
}
}
}
+ p->secret = jk_get_worker_secret(props, p->name );
} else {
jk_log(l, JK_LOG_ERROR, "In jk_worker_t::init, NULL parameters\n");
}
1.14 +8 -4 jakarta-tomcat-connectors/jk/native/common/jk_ajp_common.h
Index: jk_ajp_common.h
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_ajp_common.h,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- jk_ajp_common.h 4 Dec 2001 19:44:23 -0000 1.13
+++ jk_ajp_common.h 6 Feb 2002 19:11:23 -0000 1.14
@@ -59,7 +59,7 @@
* Description: common stuff for bi-directional protocol ajp13/ajp14. *
* Author: Gal Shachor <sh...@il.ibm.com> *
* Author: Henri Gomez <hg...@slib.fr> *
- * Version: $Revision: 1.13 $ *
+ * Version: $Revision: 1.14 $ *
***************************************************************************/
#ifndef JK_AJP_COMMON_H
@@ -88,6 +88,7 @@
#define SC_A_SSL_SESSION (unsigned char)9
#define SC_A_REQ_ATTRIBUTE (unsigned char)10
#define SC_A_SSL_KEY_SIZE (unsigned char)11 /* only in if JkOptions +ForwardKeySize */
+#define SC_A_SECRET (unsigned char)12
#define SC_A_ARE_DONE (unsigned char)0xFF
/*
@@ -253,9 +254,12 @@
unsigned ep_cache_sz;
ajp_endpoint_t **ep_cache;
- int proto; /* PROTOCOL USED AJP13/AJP14 */
-
- jk_login_service_t *login;
+ int proto; /* PROTOCOL USED AJP13/AJP14 */
+
+ jk_login_service_t *login;
+
+ /* Weak secret similar with ajp12, used in ajp13 */
+ char *secret;
jk_worker_t worker;
1.13 +8 -1 jakarta-tomcat-connectors/jk/native/common/jk_service.h
Index: jk_service.h
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_service.h,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- jk_service.h 4 Dec 2001 19:44:23 -0000 1.12
+++ jk_service.h 6 Feb 2002 19:11:23 -0000 1.13
@@ -63,7 +63,7 @@
* Author: Gal Shachor <sh...@il.ibm.com> *
* Author: Dan Milstein <da...@shore.net> *
* Author: Henri Gomez <hg...@slib.fr> *
- * Version: $Revision: 1.12 $ *
+ * Version: $Revision: 1.13 $ *
***************************************************************************/
#ifndef JK_SERVICE_H
@@ -229,6 +229,13 @@
*/
char *jvm_route;
+ /* Temp solution for auth. For native1 it'll be sent on each request,
+ if an option is present. For native2 it'll be sent with the first
+ request. On java side, both cases will work. For tomcat3.2 or
+ a version that doesn't support secret - don't set the secret,
+ and it'll work.
+ */
+ char *secret;
/*
* Callbacks into the web server. For each, the first argument is
* essentially a 'this' pointer. All return JK_TRUE on success
1.12 +21 -1 jakarta-tomcat-connectors/jk/native/common/jk_util.c
Index: jk_util.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_util.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- jk_util.c 4 Dec 2001 19:44:23 -0000 1.11
+++ jk_util.c 6 Feb 2002 19:11:23 -0000 1.12
@@ -59,7 +59,7 @@
* Description: Utility functions (mainly configuration) *
* Author: Gal Shachor <sh...@il.ibm.com> *
* Author: Henri Gomez <hg...@slib.fr> *
- * Version: $Revision: 1.11 $ *
+ * Version: $Revision: 1.12 $ *
***************************************************************************/
@@ -69,6 +69,8 @@
#define SYSPROPS_OF_WORKER ("sysprops")
#define STDERR_OF_WORKER ("stderr")
#define STDOUT_OF_WORKER ("stdout")
+#define SECRET_OF_WORKER ("secret")
+#define CONF_OF_WORKER ("conf")
#define MX_OF_WORKER ("mx")
#define MS_OF_WORKER ("ms")
#define CP_OF_WORKER ("class_path")
@@ -282,6 +284,24 @@
sprintf(buf, "%s.%s.%s", PREFIX_OF_WORKER, wname, TYPE_OF_WORKER);
return map_get_string(m, buf, DEFAULT_WORKER_TYPE);
+}
+
+char *jk_get_worker_secret(jk_map_t *m,
+ const char *wname)
+{
+ char buf[1024];
+ char *secret;
+ char *secret_file;
+
+ if(!m || !wname) {
+ return NULL;
+ }
+
+ sprintf(buf, "%s.%s.%s", PREFIX_OF_WORKER, wname, SECRET_OF_WORKER);
+
+ secret=map_get_string(m, buf, NULL);
+
+ return secret;
}
/* [V] I suggest that the following general purpose functions be used. */
1.5 +4 -1 jakarta-tomcat-connectors/jk/native/common/jk_util.h
Index: jk_util.h
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_util.h,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- jk_util.h 5 Sep 2001 17:05:23 -0000 1.4
+++ jk_util.h 6 Feb 2002 19:11:23 -0000 1.5
@@ -59,7 +59,7 @@
* Description: Various utility functions *
* Author: Gal Shachor <sh...@il.ibm.com> *
* Author: Henri Gomez <hg...@slib.fr> *
- * Version: $Revision: 1.4 $ *
+ * Version: $Revision: 1.5 $ *
***************************************************************************/
#ifndef _JK_UTIL_H
#define _JK_UTIL_H
@@ -126,6 +126,9 @@
const char *lb_wname,
char ***list,
unsigned *num_of_wokers);
+
+char *jk_get_worker_secret(jk_map_t *m,
+ const char *wname);
int jk_get_worker_mx(jk_map_t *m,
const char *wname,
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>