diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h index c119a7e..267150a 100644 --- a/modules/proxy/ajp.h +++ b/modules/proxy/ajp.h @@ -413,12 +413,14 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg); * @param sock backend socket * @param r current request * @param buffsize max size of the AJP packet. + * @param secret authentication secret * @param uri requested uri * @return APR_SUCCESS or error */ apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, apr_size_t buffsize, - apr_uri_t *uri); + apr_uri_t *uri, + const char *secret); /** * Read the ajp message and return the type of the message. diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c index 67353a7..680a8f3 100644 --- a/modules/proxy/ajp_header.c +++ b/modules/proxy/ajp_header.c @@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST= static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, request_rec *r, - apr_uri_t *uri) + apr_uri_t *uri, + const char *secret) { int method; apr_uint32_t i, num_headers = 0; @@ -293,17 +294,15 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, i, elts[i].key, elts[i].val); } -/* XXXX need to figure out how to do this - if (s->secret) { + if (secret) { if (ajp_msg_append_uint8(msg, SC_A_SECRET) || - ajp_msg_append_string(msg, s->secret)) { + ajp_msg_append_string(msg, secret)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(03228) - "Error ajp_marshal_into_msgb - " + "ajp_marshal_into_msgb: " "Error appending secret"); return APR_EGENERAL; } } - */ if (r->user) { if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) || @@ -671,7 +670,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg, apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, apr_size_t buffsize, - apr_uri_t *uri) + apr_uri_t *uri, + const char *secret) { ajp_msg_t *msg; apr_status_t rc; @@ -683,7 +683,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock, return rc; } - rc = ajp_marshal_into_msgb(msg, r, uri); + rc = ajp_marshal_into_msgb(msg, r, uri, secret); if (rc != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988) "ajp_send_header: ajp_marshal_into_msgb failed"); diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index d6e6500..2fe71b9 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -308,6 +308,12 @@ static const char *set_worker_param(apr_pool_t *p, (int)sizeof(worker->s->flusher)); PROXY_STRNCPY(worker->s->flusher, val); } + else if (!strcasecmp(key, "secret")) { + if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) { + return apr_psprintf(p, "Secret length must be < %d characters", + (int)sizeof(worker->s->secret)); + } + } else { if (set_worker_hc_param_f) { return set_worker_hc_param_f(p, s, worker, key, val, NULL); diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h index 281a776..b416db4 100644 --- a/modules/proxy/mod_proxy.h +++ b/modules/proxy/mod_proxy.h @@ -352,6 +352,7 @@ PROXY_WORKER_HC_FAIL ) #define PROXY_WORKER_MAX_HOSTNAME_SIZE 64 #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE #define PROXY_BALANCER_MAX_STICKY_SIZE 64 +#define PROXY_WORKER_MAX_SECRET_SIZE 64 /* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names, * dotted together(?) this would fit the below size (+ trailing NUL). @@ -442,6 +443,7 @@ typedef struct { int fcount; /* current count of failures */ hcmethod_t method; /* method to use for health check */ apr_interval_time_t interval; + char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */ } proxy_worker_shared; #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared))) diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c index 051724e..e706518 100644 --- a/modules/proxy/mod_proxy_ajp.c +++ b/modules/proxy/mod_proxy_ajp.c @@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, apr_off_t content_length = 0; int original_status = r->status; const char *original_status_line = r->status_line; + const char *secret = NULL; if (psf->io_buffer_size_set) maxsize = psf->io_buffer_size; @@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, maxsize = AJP_MSG_BUFFER_SZ; maxsize = APR_ALIGN(maxsize, 1024); + if (*conn->worker->s->secret) + secret = conn->worker->s->secret; + /* * Send the AJP request to the remote server */ /* send request headers */ - status = ajp_send_header(conn->sock, r, maxsize, uri); + status = ajp_send_header(conn->sock, r, maxsize, uri, secret); if (status != APR_SUCCESS) { conn->close = 1; ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)