--- a/modules/proxy/ajp.h 2016/04/12 22:47:36 1738877 +++ b/modules/proxy/ajp.h 2016/04/12 23:09:07 1738878 @@ -412,11 +412,13 @@ * @param r current request * @param buffsize max size of the AJP packet. * @param uri requested uri + * @param secret authentication secret * @return APR_SUCCESS or error */ apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, apr_size_t buffsize, - apr_uri_t *uri); + apr_uri_t *uri, + const char *secret); /** * Read the ajp message and return the type of the message. --- a/modules/proxy/ajp_header.c 2016/04/12 22:47:36 1738877 +++ b/modules/proxy/ajp_header.c 2016/04/12 23:09:07 1738878 @@ -213,7 +213,8 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, request_rec *r, - apr_uri_t *uri) + apr_uri_t *uri, + const char *secret) { int method; apr_uint32_t i, num_headers = 0; @@ -293,17 +294,15 @@ i, elts[i].key, elts[i].val); } -/* XXXX need to figure out how to do this - if (s->secret) { + if (secret) { if (ajp_msg_append_uint8(msg, SC_A_SECRET) || - ajp_msg_append_string(msg, s->secret)) { + ajp_msg_append_string(msg, secret)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(03228) - "Error ajp_marshal_into_msgb - " + "ajp_marshal_into_msgb: " "Error appending secret"); return APR_EGENERAL; } } - */ if (r->user) { if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) || @@ -671,7 +670,8 @@ apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r, apr_size_t buffsize, - apr_uri_t *uri) + apr_uri_t *uri, + const char *secret) { ajp_msg_t *msg; apr_status_t rc; @@ -683,7 +683,7 @@ return rc; } - rc = ajp_marshal_into_msgb(msg, r, uri); + rc = ajp_marshal_into_msgb(msg, r, uri, secret); if (rc != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988) "ajp_send_header: ajp_marshal_into_msgb failed"); --- a/modules/proxy/mod_proxy.c 2016/04/12 22:47:36 1738877 +++ b/modules/proxy/mod_proxy.c 2016/04/12 23:09:07 1738878 @@ -308,6 +308,12 @@ (int)sizeof(worker->s->flusher)); } } + else if (!strcasecmp(key, "secret")) { + if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) { + return apr_psprintf(p, "Secret length must be < %d characters", + (int)sizeof(worker->s->secret)); + } + } else { if (set_worker_hc_param_f) { return set_worker_hc_param_f(p, s, worker, key, val, NULL); --- a/modules/proxy/mod_proxy.h 2016/04/12 22:47:36 1738877 +++ b/modules/proxy/mod_proxy.h 2016/04/12 23:09:07 1738878 @@ -348,6 +348,7 @@ #define PROXY_WORKER_MAX_HOSTNAME_SIZE 96 #define PROXY_BALANCER_MAX_HOSTNAME_SIZE 64 #define PROXY_BALANCER_MAX_STICKY_SIZE 64 +#define PROXY_WORKER_MAX_SECRET_SIZE 64 /* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names, * dotted together(?) this would fit the below size (+ trailing NUL). @@ -444,6 +445,7 @@ unsigned int disablereuse_set:1; unsigned int was_malloced:1; unsigned int is_name_matchable:1; + char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */ } proxy_worker_shared; #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared))) --- a/modules/proxy/mod_proxy_ajp.c 2016/04/12 22:47:36 1738877 +++ b/modules/proxy/mod_proxy_ajp.c 2016/04/12 23:09:07 1738878 @@ -193,6 +193,7 @@ apr_off_t content_length = 0; int original_status = r->status; const char *original_status_line = r->status_line; + const char *secret = NULL; if (psf->io_buffer_size_set) maxsize = psf->io_buffer_size; @@ -202,12 +203,15 @@ maxsize = AJP_MSG_BUFFER_SZ; maxsize = APR_ALIGN(maxsize, 1024); + if (*conn->worker->s->secret) + secret = conn->worker->s->secret; + /* * Send the AJP request to the remote server */ /* send request headers */ - status = ajp_send_header(conn->sock, r, maxsize, uri); + status = ajp_send_header(conn->sock, r, maxsize, uri, secret); if (status != APR_SUCCESS) { conn->close = 1; ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)