/**
* Writes headers to srun.
*/
static void
write_headers(stream_t *s, request_rec *r)
{
const apr_array_header_t *header = apr_table_elts(r->headers_in);
apr_table_entry_t *headers = (apr_table_entry_t *) header->elts;
int i;
for (i = 0; i < header->nelts; ++i) {
if (! headers[i].key || ! headers[i].val)
continue;
/*
* Content-type and Content-Length are special cased for a little
* added efficiency.
*/
if (! strcasecmp(headers[i].key, "Content-type"))
cse_write_string(s, CSE_CONTENT_TYPE, headers[i].val);
else if (! strcasecmp(headers[i].key, "Content-length"))
cse_write_string(s, CSE_CONTENT_LENGTH, headers[i].val);
else if (! strcasecmp(headers[i].key, "Expect")) {
/* expect=continue-100 shouldn't be passed to backend */
}
else {
cse_write_string(s, HMUX_HEADER, headers[i].key);
cse_write_string(s, HMUX_STRING, headers[i].val);
}
}
}
/**
* Writes headers to srun.
*/
static void
write_headers(stream_t *s, request_rec *r)
{
array_header *hdrs_arr = ap_table_elts(r->headers_in);
table_entry *hdrs = (table_entry *) hdrs_arr->elts;
int i;
for (i = 0; i < hdrs_arr->nelts; ++i) {
char *key = hdrs[i].key;
char *value = hdrs[i].val;
if (! key)
continue;
/*
* Content-type and Content-Length are special cased for a little
* added efficiency.
*/
if (! strcasecmp(key, "Content-type"))
cse_write_string(s, CSE_CONTENT_TYPE, value);
else if (! strcasecmp(key, "Content-length"))
cse_write_string(s, CSE_CONTENT_LENGTH, value);
else {
cse_write_string(s, HMUX_HEADER, key);
cse_write_string(s, HMUX_STRING, value);
}
}
}
/**
* Writes SSL data, including client certificates.
*/
static void
write_ssl(stream_t *s, EXTENSION_CONTROL_BLOCK *r)
{
char buf[BUF_LENGTH];
unsigned long size = sizeof(buf);
if (! r->GetServerVariable(r->ConnID, "SERVER_PORT_SECURE", buf, &size) ||
size <= 0 || buf[0] != '1')
return;
cse_write_string(s, CSE_IS_SECURE, "");
// Anh : Add SSL connection informations
cse_write_string(s, HMUX_HEADER, "HTTPS");
cse_write_string(s, HMUX_STRING, "on");
write_header(s, r, "HTTPS_KEYSIZE");
write_header(s, r, "HTTPS_SECRETKEYSIZE");
// Anh : Check client certificate existence
size = sizeof(buf);
buf[0] = 0;
if (! r->GetServerVariable(r->ConnID, "CERT_FLAGS", buf, &size) ||
size <= 0 || buf[0] != '1')
return;
// There is a client certificate
char cert_buf[BUF_LENGTH]={0};
CERT_CONTEXT_EX cert;
cert.cbAllocated = sizeof(cert_buf);
cert.CertContext.pbCertEncoded = (BYTE*) cert_buf;
cert.CertContext.cbCertEncoded = 0;
DWORD dwSize = sizeof(cert);
if (r->ServerSupportFunction(r->ConnID,
(DWORD)HSE_REQ_GET_CERT_INFO_EX,
(LPVOID)&cert, &dwSize,NULL) != FALSE)
{
// cert now contains valid client certificate information
LOG(("\ndwCertEncodingType = %d (%d) %ld\n",
cert.CertContext.dwCertEncodingType & X509_ASN_ENCODING ,
cert.CertContext.cbCertEncoded,
cert.dwCertificateFlags));
cse_write_packet(s, CSE_CLIENT_CERT,
(char *)cert.CertContext.pbCertEncoded,
cert.CertContext.cbCertEncoded);
write_header(s, r, "CERT_ISSUER");
write_header(s, r, "CERT_SERIALNUMBER");
write_header(s, r, "CERT_SUBJECT");
write_header(s, r, "CERT_SERVER_ISSUER");
write_header(s, r, "CERT_SERVER_SUBJECT");
}
}
static void
write_added_headers(stream_t *s, request_rec *r)
{
const apr_array_header_t *header = apr_table_elts(r->subprocess_env);
apr_table_entry_t *headers = (apr_table_entry_t *) header->elts;
int i;
for (i = 0; i < header->nelts; ++i) {
if (! headers[i].key || ! headers[i].val)
continue;
if (! strcmp(headers[i].key, "HTTPS") &&
! strcmp(headers[i].val, "on")) {
cse_write_string(s, CSE_IS_SECURE, "");
}
else if (! r->user && ! strcmp(headers[i].key, "SSL_CLIENT_DN"))
cse_write_string(s, CSE_REMOTE_USER, headers[i].val);
cse_write_string(s, HMUX_HEADER, headers[i].key);
cse_write_string(s, HMUX_STRING, headers[i].val);
}
if (r->prev) {
if (r->prev->args) {
cse_write_string(s, HMUX_HEADER, "REDIRECT_QUERY_STRING");
cse_write_string(s, HMUX_STRING, r->prev->args);
}
if (r->prev->uri) {
cse_write_string(s, HMUX_HEADER, "REDIRECT_URL");
cse_write_string(s, HMUX_STRING, r->prev->uri);
}
}
}
static void
write_header(stream_t *s, EXTENSION_CONTROL_BLOCK *r, char *name)
{
char buf[BUF_LENGTH];
unsigned long size = sizeof(buf);
char *ptr = buf;
buf[0] = 0;
if (r->GetServerVariable(r->ConnID, name, buf, &size) && size > 0 && buf[0]) {
for (; size > 0 && isspace(buf[size - 1]); size--) {
}
buf[size] = 0;
cse_write_string(s, HMUX_HEADER, name);
for (ptr = buf; isspace(*ptr); ptr++) {
}
cse_write_string(s, HMUX_STRING, ptr);
}
}
static void
write_added_headers(stream_t *s, request_rec *r)
{
array_header *hdrs_arr = ap_table_elts(r->subprocess_env);
table_entry *hdrs = (table_entry *) hdrs_arr->elts;
int i;
int has_ssl = 0;
for (i = 0; i < hdrs_arr->nelts; ++i) {
char *key = hdrs[i].key;
char *value = hdrs[i].val;
if (! key)
continue;
/* skip leading whitespace */
for (; isspace(*value); value++) {
}
if (! strcmp(key, "HTTPS") &&
! strcasecmp(value, "on")) {
has_ssl = 1;
cse_write_string(s, CSE_IS_SECURE, "");
}
else if (*key == 'S' && ! r->connection->user &&
! strcmp(key, "SSL_CLIENT_DN"))
cse_write_string(s, CSE_REMOTE_USER, value);
cse_write_string(s, HMUX_HEADER, key);
cse_write_string(s, HMUX_STRING, value);
}
if (has_ssl)
write_ssl_env(s, r);
if (r->prev) {
if (r->prev->args) {
cse_write_string(s, HMUX_HEADER, "REDIRECT_QUERY_STRING");
cse_write_string(s, HMUX_STRING, r->prev->args);
}
if (r->prev->uri) {
cse_write_string(s, HMUX_HEADER, "REDIRECT_URL");
cse_write_string(s, HMUX_STRING, r->prev->uri);
}
}
}
static void
write_ssl_env(stream_t *s, request_rec *r)
{
/* mod_ssl */
#ifdef EAPI
{
static char *vars[] = { "SSL_CLIENT_S_DN",
"SSL_CIPHER",
"SSL_CIPHER_EXPORT",
"SSL_PROTOCOL",
"SSL_CIPHER_USEKEYSIZE",
"SSL_CIPHER_ALGKEYSIZE",
0};
char *var;
int i;
int v;
if ((v = ap_hook_call("ap::mod_ssl::var_lookup", &var, r->pool, r->server,
r->connection, r, "SSL_CLIENT_CERT"))) {
cse_write_string(s, CSE_CLIENT_CERT, var);
}
else if ((v = ap_hook_call("ap::mod_ssl::var_lookup", &var, r->pool, r->server,
r->connection, r, "SSL_CLIENT_CERTIFICATE"))) {
cse_write_string(s, CSE_CLIENT_CERT, var);
}
for (i = 0; vars[i]; i++) {
if ((v = ap_hook_call("ap::mod_ssl::var_lookup", &var,
r->pool, r->server, r->connection, r, vars[i]))) {
cse_write_string(s, HMUX_HEADER, vars[i]);
cse_write_string(s, HMUX_STRING, var);
}
}
}
#endif
}
static void
write_var(stream_t *s, EXTENSION_CONTROL_BLOCK *r, char *name, int code)
{
char buf[BUF_LENGTH];
char *ptr;
unsigned long size = sizeof(buf);
buf[0] = 0;
if (r->GetServerVariable(r->ConnID, name, buf, &size) && size > 0 && buf[0]) {
buf[size] = 0;
for (ptr = buf; isspace(*ptr); ptr++) {
}
cse_write_string(s, code, ptr);
}
}
/**
* Writes request parameters to srun.
*/
static void
write_env(stream_t *s, request_rec *r)
{
char buf[4096];
int ch;
int i, j;
conn_rec *c = r->connection;
const char *host;
const char *uri;
int port;
int is_sub_request = 1; /* for mod_rewrite */
/*
* is_sub_request is always true, since we can't detect mod_rewrite
* and mod_rewrite doesn't change the unparsed_uri.
*/
if (is_sub_request)
uri = r->uri;
else
uri = r->unparsed_uri; /* #937 */
j = 0;
for (i = 0; (ch = uri[i]) && ch != '?' && j + 2 < sizeof(buf); i++) {
if (ch == '%') { /* #1661 */
buf[j++] = '%';
buf[j++] = '2';
buf[j++] = '5';
}
else
buf[j++] = ch;
}
buf[j] = 0;
cse_write_string(s, HMUX_URL, buf);
cse_write_string(s, HMUX_METHOD, r->method);
cse_write_string(s, CSE_PROTOCOL, r->protocol);
if (r->args)
cse_write_string(s, CSE_QUERY_STRING, r->args);
/* Gets the server name */
host = ap_get_server_name(r);
port = ap_get_server_port(r);
cse_write_string(s, HMUX_SERVER_NAME, host);
sprintf(buf, "%u", port);
cse_write_string(s, CSE_SERVER_PORT, buf);
if (c->remote_host)
cse_write_string(s, CSE_REMOTE_HOST, c->remote_host);
else
cse_write_string(s, CSE_REMOTE_HOST, c->REMOTE_IP);
cse_write_string(s, CSE_REMOTE_ADDR, c->REMOTE_IP);
sprintf(buf, "%u", ntohs(c->REMOTE_ADDR->port));
cse_write_string(s, CSE_REMOTE_PORT, buf);
if (r->user)
cse_write_string(s, CSE_REMOTE_USER, r->user);
if (r->ap_auth_type)
cse_write_string(s, CSE_AUTH_TYPE, r->ap_auth_type);
/* mod_ssl */
if (g_ssl_lookup) {
static char *vars[] = { "SSL_CLIENT_S_DN",
"SSL_CIPHER",
"SSL_CIPHER_EXPORT",
"SSL_PROTOCOL",
"SSL_CIPHER_USEKEYSIZE",
"SSL_CIPHER_ALGKEYSIZE",
0};
char *var;
int i;
if ((var = g_ssl_lookup(r->pool, r->server, r->connection, r,
"SSL_CLIENT_CERT"))) {
cse_write_string(s, CSE_CLIENT_CERT, var);
}
for (i = 0; vars[i]; i++) {
if ((var = g_ssl_lookup(r->pool, r->server, r->connection, r,
vars[i]))) {
cse_write_string(s, HMUX_HEADER, vars[i]);
cse_write_string(s, HMUX_STRING, var);
}
}
}
}
/**
* Writes request parameters to srun.
*/
static void
write_env(stream_t *s, request_rec *r, char *session_id)
{
char buf[4096];
int ch;
int i;
conn_rec *c = r->connection;
const char *host;
int port;
int is_sub_request = 1;
char *uri;
/*
* is_sub_request is always true, since we can't detect mod_rewrite
* and mod_rewrite doesn't change the unparsed_uri.
*/
if (is_sub_request)
uri = r->uri; /* for mod_rewrite */
else
uri = r->unparsed_uri; /* #937 */
for (i = 0; (ch = uri[i]) && ch != '?' && i + 1 < sizeof(buf); i++)
buf[i] = ch;
if (session_id) {
buf[i++] = *s->config->session_url_prefix;
for (session_id++; *session_id && i + 1 < sizeof(buf); i++)
buf[i] = *session_id++;
}
buf[i] = 0;
cse_write_string(s, HMUX_URL, buf);
cse_write_string(s, HMUX_METHOD, r->method);
if (*s->config->alt_session_url_prefix && r->request_config) {
char *suburi = ap_get_module_config(r->request_config, &caucho_module);
if (suburi)
uri = suburi;
}
cse_write_string(s, CSE_PROTOCOL, r->protocol);
if (r->args)
cse_write_string(s, CSE_QUERY_STRING, r->args);
/* Gets the server name */
host = ap_get_server_name(r);
port = ap_get_server_port(r);
cse_write_string(s, HMUX_SERVER_NAME, host);
cse_write_string(s, CSE_SERVER_PORT, ap_psprintf(r->pool, "%u", port));
host = ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST);
if (host)
cse_write_string(s, CSE_REMOTE_HOST, host);
else
cse_write_string(s, CSE_REMOTE_HOST, c->remote_ip);
cse_write_string(s, CSE_REMOTE_ADDR, c->remote_ip);
cse_write_string(s, CSE_REMOTE_PORT,
ap_psprintf(r->pool, "%d", ntohs(c->remote_addr.sin_port)));
if (c->user)
cse_write_string(s, CSE_REMOTE_USER, c->user);
if (c->ap_auth_type)
cse_write_string(s, CSE_AUTH_TYPE, c->ap_auth_type);
}
