static int
php_apache_sapi_read_post(char *buf, uint count_bytes)
{
apr_size_t len;
php_struct *ctx = SG(server_context);
apr_bucket_brigade *brigade;
apr_bucket *partition;
brigade = ctx->post_data;
len = count_bytes;
switch (apr_brigade_partition(ctx->post_data, count_bytes, &partition)) {
case APR_SUCCESS:
apr_brigade_flatten(ctx->post_data, buf, &len);
brigade = apr_brigade_split(ctx->post_data, partition);
apr_brigade_destroy(ctx->post_data);
ctx->post_data = brigade;
break;
case APR_INCOMPLETE:
apr_brigade_flatten(ctx->post_data, buf, &len);
apr_brigade_cleanup(ctx->post_data);
break;
}
return len;
}
APU_DECLARE(apr_status_t) apr_brigade_pflatten(apr_bucket_brigade *bb,
char **c,
apr_size_t *len,
apr_pool_t *pool)
{
apr_off_t actual;
apr_size_t total;
apr_status_t rv;
apr_brigade_length(bb, 1, &actual);
/* XXX: This is dangerous beyond belief. At least in the
* apr_brigade_flatten case, the user explicitly stated their
* buffer length - so we don't up and palloc 4GB for a single
* file bucket. This API must grow a useful max boundry,
* either compiled-in or preset via the *len value.
*
* Shouldn't both fn's grow an additional return value for
* the case that the brigade couldn't be flattened into the
* provided or allocated buffer (such as APR_EMOREDATA?)
* Not a failure, simply an advisory result.
*/
total = (apr_size_t)actual;
*c = apr_palloc(pool, total);
rv = apr_brigade_flatten(bb, *c, &total);
if (rv != APR_SUCCESS) {
return rv;
}
*len = total;
return APR_SUCCESS;
}
Params *getPostParms(request_rec *r, apr_off_t * postSize) {
apr_array_header_t *pairs = NULL;
apr_off_t len;
apr_size_t size;
int res;
int i = 0;
char *buffer;
Params *params = NULL;
res = ap_parse_form_data(r, NULL, &pairs, -1, HUGE_STRING_LEN);
if (res != OK || !pairs) return NULL;
params = apr_pcalloc(r->pool, sizeof(Params) * (pairs->nelts + 1));
while (pairs && !apr_is_empty_array(pairs)) {
ap_form_pair_t *pair = (ap_form_pair_t *) apr_array_pop(pairs);
apr_brigade_length(pair->value, 1, &len);
size = (apr_size_t) len;
buffer = apr_palloc(r->pool, size + 1);
apr_brigade_flatten(pair->value, buffer, &size);
buffer[len] = 0;
params[i].key = apr_pstrdup(r->pool, pair->name);
params[i].val = buffer;
params[i].length = strlen(buffer);
//ap_rprintf(r,"key : val : len: is %s : %s : %d ===", params[i].key, params[i].val, params[i].length);
i++;
}
*postSize = i;
return params;
}
static int brigade_flatten(lua_State*L)
{
apr_bucket_brigade *bb = (apr_bucket_brigade*)CHECK_BUCKETBRIGADE_OBJECT(1);
apr_off_t off = 0;
apr_status_t rc = apr_brigade_length(bb, 1, &off);
apr_size_t len = (apr_size_t)off;
if(rc==APR_SUCCESS)
{
char* buf = apr_bucket_alloc(len, bb->bucket_alloc);
rc = apr_brigade_flatten(bb, buf, &len);
if(rc==APR_SUCCESS)
{
lua_pushlstring(L,buf, len);
}else
{
lua_pushnil(L);
}
apr_bucket_free(buf);
}else
{
lua_pushnil(L);
}
lua_pushinteger(L,rc);
return 2;
}
static llzr_conn* get_post_data(request_rec* r)
{
GTable *request_post_data = g_hash_table_new(g_str_hash, g_str_equal);
apr_array_header_t *pairs = NULL;
apr_off_t len;
apr_size_t size;
int res;
char *buffer;
res = ap_parse_form_data(r, NULL, &pairs, -1, HUGE_STRING_LEN);
if (res != OK || !pairs) return NULL; /* Return NULL if we failed or if there are is no POST data */
while (pairs && !apr_is_empty_array(pairs)) {
ap_form_pair_t *pair = (ap_form_pair_t *) apr_array_pop(pairs);
apr_brigade_length(pair->value, 1, &len);
size = (apr_size_t) len;
buffer = apr_palloc(r->pool, size + 1);
apr_brigade_flatten(pair->value, buffer, &size);
buffer[len] = 0;
g_hash_table_insert( request_post_data, apr_pstrdup(r->pool, pair->name), buffer);
}
return request_post_data;
}
static apr_size_t
php_apache_sapi_read_post(char *buf, size_t count_bytes)
{
apr_size_t len, tlen=0;
php_struct *ctx = SG(server_context);
request_rec *r;
apr_bucket_brigade *brigade;
r = ctx->r;
brigade = ctx->brigade;
len = count_bytes;
/*
* This loop is needed because ap_get_brigade() can return us partial data
* which would cause premature termination of request read. Therefor we
* need to make sure that if data is available we fill the buffer completely.
*/
while (ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES, APR_BLOCK_READ, len) == APR_SUCCESS) {
apr_brigade_flatten(brigade, buf, &len);
apr_brigade_cleanup(brigade);
tlen += len;
if (tlen == count_bytes || !len) {
break;
}
buf += len;
len = count_bytes - tlen;
}
return tlen;
}
static void bind_post(int *count, lily_parse_state *parser, request_rec *r)
{
if (*count == -1)
return;
lily_var *post_var = bind_hash_str_str_var(parser->symtab, "post");
lily_hash_val *hash_val = post_var->value.hash;
apr_array_header_t *pairs;
apr_off_t len;
apr_size_t size;
char *buffer;
char *sipkey = parser->vm->sipkey;
lily_class *string_cls = lily_class_by_id(parser->symtab, SYM_CLASS_STRING);
lily_sig *string_sig = string_cls->sig;
/* Credit: I found out how to use this by reading httpd 2.4's mod_lua
(specifically req_parsebody of lua_request.c). */
int res = ap_parse_form_data(r, NULL, &pairs, -1, 1024 * 8);
if (res == OK) {
while (pairs && !apr_is_empty_array(pairs)) {
ap_form_pair_t *pair = (ap_form_pair_t *) apr_array_pop(pairs);
apr_brigade_length(pair->value, 1, &len);
size = (apr_size_t) len;
buffer = lily_malloc(size + 1);
if (buffer == NULL) {
*count = -1;
return;
}
apr_brigade_flatten(pair->value, buffer, &size);
buffer[len] = 0;
lily_value *elem_key = bind_string(string_sig, pair->name);
/* Give the buffer to the value to save memory. */
lily_value *elem_value = bind_string_and_buffer(string_sig, buffer);
lily_hash_elem *new_elem = bind_hash_elem_with_values(sipkey,
elem_key, elem_value);
if (elem_key == NULL || elem_value == NULL || new_elem == NULL) {
lily_free(new_elem);
deref_destroy_value(elem_key);
deref_destroy_value(elem_value);
*count = -1;
return;
}
new_elem->next = hash_val->elem_chain;
hash_val->elem_chain = new_elem;
}
}
(*count)++;
}
/**
var post: Hash[String, Tainted[String]]
This contains key+value pairs that were sent to the server as POST variables.
Any pair that has a key or a value that is not valid utf-8 will not be present.
*/
static lily_value *load_var_post(lily_options *options, uint16_t *unused)
{
lily_value *v = lily_new_empty_value();
lily_move_hash_f(MOVE_DEREF_NO_GC, v, lily_new_hash_val());
lily_hash_val *hash_val = v->value.hash;
request_rec *r = (request_rec *)options->data;
apr_array_header_t *pairs;
apr_off_t len;
apr_size_t size;
char *buffer;
/* Credit: I found out how to use this by reading httpd 2.4's mod_lua
(specifically req_parsebody of lua_request.c). */
int res = ap_parse_form_data(r, NULL, &pairs, -1, 1024 * 8);
if (res == OK) {
while (pairs && !apr_is_empty_array(pairs)) {
ap_form_pair_t *pair = (ap_form_pair_t *) apr_array_pop(pairs);
if (lily_is_valid_utf8(pair->name) == 0)
continue;
apr_brigade_length(pair->value, 1, &len);
size = (apr_size_t) len;
buffer = lily_malloc(size + 1);
if (lily_is_valid_utf8(buffer) == 0) {
lily_free(buffer);
continue;
}
apr_brigade_flatten(pair->value, buffer, &size);
buffer[len] = 0;
lily_value *elem_key = lily_new_string(pair->name);
/* Give the buffer to the value to save memory. */
lily_value *elem_raw_value = lily_new_string_take(buffer);
lily_value *elem_value = bind_tainted_of(elem_raw_value);
apache_add_unique_hash_entry(options->sipkey, hash_val, elem_key,
elem_value);
}
}
return v;
}
/* tests that 'bb' flattens to string 'expect'. */
static void flatten_match(abts_case *tc, const char *ctx,
apr_bucket_brigade *bb,
const char *expect)
{
apr_size_t elen = strlen(expect);
char *buf = malloc(elen);
apr_size_t len = elen;
char msg[200];
sprintf(msg, "%s: flatten brigade", ctx);
apr_assert_success(tc, msg, apr_brigade_flatten(bb, buf, &len));
sprintf(msg, "%s: length match (%ld not %ld)", ctx,
(long)len, (long)elen);
ABTS_ASSERT(tc, msg, len == elen);
sprintf(msg, "%s: result match", msg);
ABTS_STR_NEQUAL(tc, expect, buf, len);
free(buf);
}
static void
read_post_data(sl_vm_t* vm, sl_request_opts_t* opts, request_rec* r)
{
apr_bucket_brigade* brigade = apr_brigade_create(r->pool, r->connection->bucket_alloc);
size_t len = 1024;
opts->post_length = 0;
opts->post_data = NULL;
while(ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES, APR_BLOCK_READ, len) == APR_SUCCESS) {
opts->post_data = sl_realloc(vm->arena, opts->post_data, opts->post_length + len);
apr_brigade_flatten(brigade, opts->post_data + opts->post_length, &len);
apr_brigade_cleanup(brigade);
opts->post_length += len;
if(!len) {
break;
}
len = 1024;
}
}
static apr_size_t
php_apache_sapi_read_post(char *buf, size_t count_bytes)
{
apr_size_t len, tlen=0;
php_struct *ctx = SG(server_context);
request_rec *r;
apr_bucket_brigade *brigade;
apr_status_t ret;
r = ctx->r;
brigade = ctx->brigade;
len = count_bytes;
/*
* This loop is needed because ap_get_brigade() can return us partial data
* which would cause premature termination of request read. Therefor we
* need to make sure that if data is available we fill the buffer completely.
*/
while ((ret=ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES, APR_BLOCK_READ, len)) == APR_SUCCESS) {
apr_brigade_flatten(brigade, buf, &len);
apr_brigade_cleanup(brigade);
tlen += len;
if (tlen == count_bytes || !len) {
break;
}
buf += len;
len = count_bytes - tlen;
}
if (ret != APR_SUCCESS) {
if (APR_STATUS_IS_TIMEUP(ret)) {
SG(sapi_headers).http_response_code = php_ap_map_http_request_error(ret, HTTP_REQUEST_TIME_OUT);
} else {
SG(sapi_headers).http_response_code = php_ap_map_http_request_error(ret, HTTP_BAD_REQUEST);
}
}
return tlen;
}
h2_task_input *h2_task_input_create(h2_task_env *env, apr_pool_t *pool,
apr_bucket_alloc_t *bucket_alloc)
{
h2_task_input *input = apr_pcalloc(pool, sizeof(h2_task_input));
if (input) {
input->env = env;
input->bb = NULL;
if (env->serialize_headers) {
input->bb = apr_brigade_create(pool, bucket_alloc);
apr_brigade_printf(input->bb, NULL, NULL, "%s %s HTTP/1.1\r\n",
env->method, env->path);
apr_table_do(ser_header, input, env->headers, NULL);
apr_brigade_puts(input->bb, NULL, NULL, "\r\n");
if (input->env->input_eos) {
APR_BRIGADE_INSERT_TAIL(input->bb, apr_bucket_eos_create(bucket_alloc));
}
}
else if (!input->env->input_eos) {
input->bb = apr_brigade_create(pool, bucket_alloc);
}
else {
/* We do not serialize and have eos already, no need to
* create a bucket brigade. */
}
if (APLOGcdebug(&env->c)) {
char buffer[1024];
apr_size_t len = sizeof(buffer)-1;
if (input->bb) {
apr_brigade_flatten(input->bb, buffer, &len);
}
buffer[len] = 0;
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, &env->c,
"h2_task_input(%s): request is: %s",
env->id, buffer);
}
}
return input;
}
char* parse_form_from_POST(request_rec *r, int *in_size_) {
char *buf;
int in_size;
apr_status_t rv;
apr_bucket_brigade *bbin;
apr_size_t bbin_size;
const char *clen = apr_table_get(r->headers_in, "Content-Length");
if (clen != NULL) {
in_size = strtol(clen, NULL, 0);
if (in_size >= WEBGFFARM_MAX_POST_SIZE) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Content-Length too big. Content-Length: %d bytes; limit: %d", in_size, WEBGFFARM_MAX_POST_SIZE);
*in_size_ = 0;
return NULL;
}
} else {
in_size = WEBGFFARM_MAX_POST_SIZE;
}
bbin = apr_brigade_create(r->pool, r->connection->bucket_alloc);
rv = ap_get_brigade(r->input_filters, bbin, AP_MODE_READBYTES, APR_BLOCK_READ, in_size);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "[parse_form_from_POST] ap_get_brigade returns some error");
return NULL;
}
bbin_size = in_size;
buf = apr_palloc(r->pool, bbin_size);
rv = apr_brigade_flatten(bbin, buf, &bbin_size);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "[parse_form_from_POST] apr_brigade_flatten returns some error");
return NULL;
}
apr_brigade_destroy(bbin);
*in_size_ = bbin_size;
if (in_size != bbin_size) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "[parse_form_from_POST] in_size is incorrect(in: %d, out:%d)", in_size, (int) bbin_size);
}
return buf;
}
static ngx_inline ngx_int_t
ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
{
ngx_http_modsecurity_ctx_t *ctx;
apr_off_t content_length;
ngx_buf_t *buf;
ngx_http_core_srv_conf_t *cscf;
size_t size;
ngx_http_connection_t *hc;
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
apr_brigade_length(ctx->brigade, 0, &content_length);
if (r->header_in->end - r->header_in->last >= content_length) {
/* use r->header_in */
if (ngx_buf_size(r->header_in)) {
/* move to the end */
ngx_memmove(r->header_in->pos + content_length,
r->header_in->pos,
ngx_buf_size(r->header_in));
}
if (apr_brigade_flatten(ctx->brigade,
(char *)r->header_in->pos,
(apr_size_t *)&content_length) != APR_SUCCESS) {
return NGX_ERROR;
}
apr_brigade_cleanup(ctx->brigade);
r->header_in->last += content_length;
return NGX_OK;
}
if (ngx_buf_size(r->header_in)) {
/*
* ngx_http_set_keepalive will reuse r->header_in if
* (r->header_in != c->buffer && r->header_in.last != r->header_in.end),
* so we need this code block.
* see ngx_http_set_keepalive, ngx_http_alloc_large_header_buffer
*/
cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
size = ngx_max(cscf->large_client_header_buffers.size,
(size_t)content_length + ngx_buf_size(r->header_in));
hc = r->http_connection;
if (hc->nfree && size == cscf->large_client_header_buffers.size) {
buf = hc->free[--hc->nfree];
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSecurity: use http free large header buffer: %p %uz",
buf->pos, buf->end - buf->last);
} else if (hc->nbusy < cscf->large_client_header_buffers.num) {
if (hc->busy == NULL) {
hc->busy = ngx_palloc(r->connection->pool,
cscf->large_client_header_buffers.num * sizeof(ngx_buf_t *));
}
if (hc->busy == NULL) {
return NGX_ERROR;
} else {
buf = ngx_create_temp_buf(r->connection->pool, size);
}
} else {
/* TODO: how to deal this case ? */
return NGX_ERROR;
}
} else {
buf = ngx_create_temp_buf(r->pool, (size_t) content_length);
}
if (buf == NULL) {
return NGX_ERROR;
}
if (apr_brigade_flatten(ctx->brigade, (char *)buf->pos,
(apr_size_t *)&content_length) != APR_SUCCESS) {
return NGX_ERROR;
}
apr_brigade_cleanup(ctx->brigade);
buf->last += content_length;
ngx_memcpy(buf->last, r->header_in->pos, ngx_buf_size(r->header_in));
buf->last += ngx_buf_size(r->header_in);
r->header_in = buf;
return NGX_OK;
}
apr_status_t h2_task_input_read(h2_task_input *input,
ap_filter_t* f,
apr_bucket_brigade* bb,
ap_input_mode_t mode,
apr_read_type_e block,
apr_off_t readbytes)
{
apr_status_t status = APR_SUCCESS;
apr_off_t bblen = 0;
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c,
"h2_task_input(%s): read, block=%d, mode=%d, readbytes=%ld",
input->task->id, block, mode, (long)readbytes);
if (mode == AP_MODE_INIT) {
return ap_get_brigade(f->c->input_filters, bb, mode, block, readbytes);
}
if (is_aborted(f)) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c,
"h2_task_input(%s): is aborted", input->task->id);
return APR_ECONNABORTED;
}
if (input->bb) {
status = apr_brigade_length(input->bb, 1, &bblen);
if (status != APR_SUCCESS) {
ap_log_cerror(APLOG_MARK, APLOG_WARNING, status, f->c,
APLOGNO(02958) "h2_task_input(%s): brigade length fail",
input->task->id);
return status;
}
}
if ((bblen == 0) && input->task->input_eos) {
return APR_EOF;
}
while ((bblen == 0) || (mode == AP_MODE_READBYTES && bblen < readbytes)) {
/* Get more data for our stream from mplx.
*/
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
"h2_task_input(%s): get more data from mplx, block=%d, "
"readbytes=%ld, queued=%ld",
input->task->id, block,
(long)readbytes, (long)bblen);
/* Although we sometimes get called with APR_NONBLOCK_READs,
we seem to fill our buffer blocking. Otherwise we get EAGAIN,
return that to our caller and everyone throws up their hands,
never calling us again. */
status = h2_mplx_in_read(input->task->mplx, APR_BLOCK_READ,
input->task->stream_id, input->bb,
input->task->io);
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
"h2_task_input(%s): mplx in read returned",
input->task->id);
if (status != APR_SUCCESS) {
return status;
}
status = apr_brigade_length(input->bb, 1, &bblen);
if (status != APR_SUCCESS) {
return status;
}
if ((bblen == 0) && (block == APR_NONBLOCK_READ)) {
return h2_util_has_eos(input->bb, -1)? APR_EOF : APR_EAGAIN;
}
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
"h2_task_input(%s): mplx in read, %ld bytes in brigade",
input->task->id, (long)bblen);
}
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
"h2_task_input(%s): read, mode=%d, block=%d, "
"readbytes=%ld, queued=%ld",
input->task->id, mode, block,
(long)readbytes, (long)bblen);
if (!APR_BRIGADE_EMPTY(input->bb)) {
if (mode == AP_MODE_EXHAUSTIVE) {
/* return all we have */
return h2_util_move(bb, input->bb, readbytes, NULL,
"task_input_read(exhaustive)");
}
else if (mode == AP_MODE_READBYTES) {
return h2_util_move(bb, input->bb, readbytes, NULL,
"task_input_read(readbytes)");
}
else if (mode == AP_MODE_SPECULATIVE) {
/* return not more than was asked for */
return h2_util_copy(bb, input->bb, readbytes,
"task_input_read(speculative)");
}
else if (mode == AP_MODE_GETLINE) {
/* we are reading a single LF line, e.g. the HTTP headers */
status = apr_brigade_split_line(bb, input->bb, block,
HUGE_STRING_LEN);
if (APLOGctrace1(f->c)) {
char buffer[1024];
apr_size_t len = sizeof(buffer)-1;
apr_brigade_flatten(bb, buffer, &len);
buffer[len] = 0;
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
"h2_task_input(%s): getline: %s",
input->task->id, buffer);
}
return status;
}
else {
/* Hmm, well. There is mode AP_MODE_EATCRLF, but we chose not
* to support it. Seems to work. */
ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_ENOTIMPL, f->c,
APLOGNO(02942)
"h2_task_input, unsupported READ mode %d", mode);
return APR_ENOTIMPL;
}
}
if (is_aborted(f)) {
return APR_ECONNABORTED;
}
return (block == APR_NONBLOCK_READ)? APR_EAGAIN : APR_EOF;
}
static int pgasp_handler (request_rec * r)
{
char cursor_string[256];
pgasp_config* config = (pgasp_config*) ap_get_module_config(r->server->module_config, &pgasp_module ) ;
pgasp_dir_config* dir_config = (pgasp_dir_config*) ap_get_module_config(r->per_dir_config, &pgasp_module ) ;
apr_table_t * GET = NULL, *GETargs = NULL;
apr_array_header_t * POST;
PGconn * pgc;
PGresult * pgr;
int i, j, allowed_to_serve, filename_length = 0;
int field_count, tuple_count;
char * requested_file;
char *basename;
params_t params;
/* PQexecParams doesn't seem to like zero-length strings, so we feed it a dummy */
const char * dummy_get = "nothing";
const char * dummy_user = "******";
const char * cursor_values[2] = { r -> args ? apr_pstrdup(r->pool, r -> args) : dummy_get, r->user ? r->user : dummy_user };
int cursor_value_lengths[2] = { strlen(cursor_values[0]), strlen(cursor_values[1]) };
int cursor_value_formats[2] = { 0, 0 };
if (!r -> handler || strcmp (r -> handler, "pgasp-handler") ) return DECLINED;
if (!r -> method || (strcmp (r -> method, "GET") && strcmp (r -> method, "POST")) ) return DECLINED;
if (config->is_enabled != true) return OK; /* pretending we have responded, may return DECLINED in the future */
requested_file = apr_pstrdup (r -> pool, r -> path_info /*filename*/);
i = strlen(requested_file) - 1;
while (i > 0)
{
if (requested_file[i] == '.') filename_length = i;
if (requested_file[i] == '/') break;
i--;
}
if (i >= 0) {
requested_file += i+1; /* now pointing to foo.pgasp instead of /var/www/.../foo.pgasp */
if (filename_length > i) filename_length -= i+1;
}
allowed_to_serve = false;
for (i = 0; i < config->allowed_count; i++)
{
if (!strcmp(config->allowed[i], requested_file))
{
allowed_to_serve = true;
break;
}
}
if (config->allowed_count == 0) allowed_to_serve = true;
if (!allowed_to_serve)
{
ap_set_content_type(r, "text/plain");
ap_rprintf(r, "Hello there\nThis is PGASP\nEnabled: %s\n", config->is_enabled ? "On" : "Off");
ap_rprintf(r, "Requested: %s\n", requested_file);
ap_rprintf(r, "Allowed: %s\n", allowed_to_serve ? "Yes" : "No");
return OK; /* pretending we have served the file, may return HTTP_FORDIDDEN in the future */
}
if (filename_length == 0) {
basename = requested_file;
} else {
basename = apr_pstrndup(r->pool, requested_file, filename_length);
}
ap_args_to_table(r, &GETargs);
if (OK != ap_parse_form_data(r, NULL, &POST, -1, (~((apr_size_t)0)))) {
__(r->server, " ** ap_parse_form_data is NOT OK");
}
GET = (NULL == GET) ? GETargs : apr_table_overlay(r->pool, GETargs, GET);
// move all POST parameters into GET table
{
ap_form_pair_t *pair;
char *buffer;
apr_off_t len;
apr_size_t size;
while (NULL != (pair = apr_array_pop(POST))) {
apr_brigade_length(pair->value, 1, &len);
size = (apr_size_t) len;
buffer = apr_palloc(r->pool, size + 1);
apr_brigade_flatten(pair->value, buffer, &size);
buffer[len] = 0;
apr_table_setn(GET, apr_pstrdup(r->pool, pair->name), buffer); //should name and value be ap_unescape_url() -ed?
// __(r->server, "POST[%s]: %s", pair->name, buffer);
}
}
params.r = r;
params.args = NULL;
apr_table_do(tab_args, ¶ms, GET, NULL);
params.args = apr_pstrcat(r->pool, "&", params.args, "&", NULL);
cursor_values[0] = params.args;
cursor_value_lengths[0] = strlen(cursor_values[0]);
/* set response content type according to configuration or to default value */
ap_set_content_type(r, dir_config->content_type_set ? dir_config->content_type : "text/html");
/* now connecting to Postgres, getting function output, and printing it */
pgc = pgasp_pool_open (r->server);
if (PQstatus(pgc) != CONNECTION_OK)
{
spit_pg_error ("connect");
pgasp_pool_close(r->server, pgc);
return OK;
}
/* removing extention (.pgasp or other) from file name, and adding "f_" for function name, i.e. foo.pgasp becomes psp_foo() */
snprintf(cursor_string,
sizeof(cursor_string),
"select * from f_%s($1::varchar)",
basename);
/* passing GET as first (and only) parameter */
if (0 == PQsendQueryParams (pgc, cursor_string, 1, NULL, cursor_values, cursor_value_lengths, cursor_value_formats, 0)) {
spit_pg_error ("sending async query with params");
return clean_up_connection(r->server);
}
if (0 == PQsetSingleRowMode(pgc)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server, "can not fall into single raw mode to fetch data");
}
while (NULL != (pgr = PQgetResult(pgc))) {
if (PQresultStatus(pgr) != PGRES_TUPLES_OK && PQresultStatus(pgr) != PGRES_SINGLE_TUPLE) {
spit_pg_error ("fetch data");
return clean_up_connection(r->server);
}
/* the following counts and for-loop may seem excessive as it's just 1 row/1 field, but might need it in the future */
field_count = PQnfields(pgr);
tuple_count = PQntuples(pgr);
for (i = 0; i < tuple_count; i++)
{
for (j = 0; j < field_count; j++) ap_rprintf(r, "%s", PQgetvalue(pgr, i, j));
ap_rprintf(r, "\n");
}
PQclear (pgr);
}
pgasp_pool_close(r->server, pgc);
return OK;
}
static ngx_inline ngx_int_t
ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
{
ngx_http_modsecurity_ctx_t *ctx;
apr_off_t content_length;
ngx_buf_t *buf;
ngx_http_core_srv_conf_t *cscf;
size_t size;
ngx_http_connection_t *hc;
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
apr_brigade_length(ctx->brigade, 0, &content_length);
if (r->header_in->end - r->header_in->last >= content_length) {
/* use r->header_in */
if (ngx_buf_size(r->header_in)) {
/* move to the end */
ngx_memmove(r->header_in->pos + content_length,
r->header_in->pos,
ngx_buf_size(r->header_in));
}
if (apr_brigade_flatten(ctx->brigade,
(char *)r->header_in->pos,
(apr_size_t *)&content_length) != APR_SUCCESS) {
return NGX_ERROR;
}
apr_brigade_cleanup(ctx->brigade);
r->header_in->last += content_length;
return NGX_OK;
}
if (ngx_buf_size(r->header_in)) {
/*
* ngx_http_set_keepalive will reuse r->header_in if
* (r->header_in != c->buffer && r->header_in.last != r->header_in.end),
* so we need this code block.
* see ngx_http_set_keepalive, ngx_http_alloc_large_header_buffer
*/
cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
size = ngx_max(cscf->large_client_header_buffers.size,
(size_t)content_length + ngx_buf_size(r->header_in));
hc = r->http_connection;
#if defined(nginx_version) && nginx_version >= 1011011
if (hc->free && size == cscf->large_client_header_buffers.size) {
buf = hc->free->buf;
#else
if (hc->nfree && size == cscf->large_client_header_buffers.size) {
buf = hc->free[--hc->nfree];
#endif
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSecurity: use http free large header buffer: %p %uz",
buf->pos, buf->end - buf->last);
} else if (hc->nbusy < cscf->large_client_header_buffers.num) {
if (hc->busy == NULL) {
hc->busy = ngx_palloc(r->connection->pool,
cscf->large_client_header_buffers.num * sizeof(ngx_buf_t *));
}
if (hc->busy == NULL) {
return NGX_ERROR;
} else {
buf = ngx_create_temp_buf(r->connection->pool, size);
}
} else {
/* TODO: how to deal this case ? */
return NGX_ERROR;
}
} else {
buf = ngx_create_temp_buf(r->pool, (size_t) content_length);
}
if (buf == NULL) {
return NGX_ERROR;
}
if (apr_brigade_flatten(ctx->brigade, (char *)buf->pos,
(apr_size_t *)&content_length) != APR_SUCCESS) {
return NGX_ERROR;
}
apr_brigade_cleanup(ctx->brigade);
buf->last += content_length;
ngx_memcpy(buf->last, r->header_in->pos, ngx_buf_size(r->header_in));
buf->last += ngx_buf_size(r->header_in);
r->header_in = buf;
return NGX_OK;
}
static ngx_inline ngx_int_t
ngx_http_modsecurity_load_headers_out(ngx_http_request_t *r)
{
ngx_http_modsecurity_ctx_t *ctx;
char *data;
request_rec *req;
ngx_http_variable_value_t *vv;
ngx_list_part_t *part;
ngx_table_elt_t *h;
ngx_uint_t i;
char *key, *value;
u_char *buf = NULL;
size_t size = 0;
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
req = ctx->req;
req->status = r->headers_out.status;
req->status_line = (char *)ngx_pstrdup0(r->pool, &r->headers_out.status_line);
/* deep copy */
part = &r->headers_out.headers.part;
h = part->elts;
for (i = 0; ; i++) {
if (i >= part->nelts) {
if (part->next == NULL)
break;
part = part->next;
h = part->elts;
i = 0;
}
size += h[i].key.len + h[i].value.len + 2;
buf = ngx_palloc(r->pool, size);
if (buf == NULL) {
return NGX_ERROR;
}
key = (char *)buf;
buf = ngx_cpymem(buf, h[i].key.data, h[i].key.len);
*buf++ = '\0';
value = (char *)buf;
buf = ngx_cpymem(buf, h[i].value.data, h[i].value.len);
*buf++ = '\0';
apr_table_addn(req->headers_out, key, value);
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSecurity: load headers out: \"%V: %V\"",
&h[i].key, &h[i].value);
}
for (i = 0; special_headers_out[i].name; i++) {
vv = ngx_http_get_variable(r, &special_headers_out[i].variable_name,
ngx_hash_key(special_headers_out[i].variable_name.data,
special_headers_out[i].variable_name.len));
if (vv && !vv->not_found) {
data = ngx_palloc(r->pool, vv->len + 1);
if (data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(data,vv->data, vv->len);
data[vv->len] = '\0';
apr_table_setn(req->headers_out, special_headers_out[i].name, data);
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSecurity: load headers out: \"%s: %s\"",
special_headers_out[i].name, data);
}
}
req->content_type = apr_table_get(ctx->req->headers_out, "Content-Type");
req->content_encoding = apr_table_get(ctx->req->headers_out, "Content-Encoding");
data = (char *)apr_table_get(ctx->req->headers_out, "Content-Languages");
if(data != NULL)
{
ctx->req->content_languages = apr_array_make(ctx->req->pool, 1, sizeof(const char *));
*(const char **)apr_array_push(ctx->req->content_languages) = data;
}
/* req->chunked = r->chunked; may be useless */
req->clength = r->headers_out.content_length_n;
req->mtime = apr_time_make(r->headers_out.last_modified_time, 0);
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSecurity: load headers out done");
return NGX_OK;
}
static apr_status_t readfile_heartbeats(const char *path, apr_hash_t *servers,
apr_pool_t *pool)
{
apr_finfo_t fi;
apr_status_t rv;
apr_file_t *fp;
if (!path) {
return APR_SUCCESS;
}
rv = apr_file_open(&fp, path, APR_READ|APR_BINARY|APR_BUFFERED,
APR_OS_DEFAULT, pool);
if (rv) {
return rv;
}
rv = apr_file_info_get(&fi, APR_FINFO_SIZE, fp);
if (rv) {
return rv;
}
{
char *t;
int lineno = 0;
apr_bucket_alloc_t *ba = apr_bucket_alloc_create(pool);
apr_bucket_brigade *bb = apr_brigade_create(pool, ba);
apr_bucket_brigade *tmpbb = apr_brigade_create(pool, ba);
apr_table_t *hbt = apr_table_make(pool, 10);
apr_brigade_insert_file(bb, fp, 0, fi.size, pool);
do {
hb_server_t *server;
char buf[4096];
apr_size_t bsize = sizeof(buf);
const char *ip;
apr_brigade_cleanup(tmpbb);
if (APR_BRIGADE_EMPTY(bb)) {
break;
}
rv = apr_brigade_split_line(tmpbb, bb,
APR_BLOCK_READ, sizeof(buf));
lineno++;
if (rv) {
return rv;
}
apr_brigade_flatten(tmpbb, buf, &bsize);
if (bsize == 0) {
break;
}
buf[bsize - 1] = 0;
/* comment */
if (buf[0] == '#') {
continue;
}
/* line format: <IP> <query_string>\n */
t = strchr(buf, ' ');
if (!t) {
continue;
}
ip = apr_pstrmemdup(pool, buf, t - buf);
t++;
server = apr_hash_get(servers, ip, APR_HASH_KEY_STRING);
if (server == NULL) {
server = apr_pcalloc(pool, sizeof(hb_server_t));
server->ip = ip;
server->port = 80;
server->seen = -1;
apr_hash_set(servers, server->ip, APR_HASH_KEY_STRING, server);
}
apr_table_clear(hbt);
argstr_to_table(pool, apr_pstrdup(pool, t), hbt);
if (apr_table_get(hbt, "busy")) {
server->busy = atoi(apr_table_get(hbt, "busy"));
}
if (apr_table_get(hbt, "ready")) {
server->ready = atoi(apr_table_get(hbt, "ready"));
}
if (apr_table_get(hbt, "lastseen")) {
server->seen = atoi(apr_table_get(hbt, "lastseen"));
}
if (apr_table_get(hbt, "port")) {
server->port = atoi(apr_table_get(hbt, "port"));
}
if (server->busy == 0 && server->ready != 0) {
/* Server has zero threads active, but lots of them ready,
* it likely just started up, so lets /4 the number ready,
* to prevent us from completely flooding it with all new
* requests.
*/
server->ready = server->ready / 4;
}
} while (1);
}
return APR_SUCCESS;
}
static int parse_form_from_POST(request_rec* r, apr_hash_t** form) {
int bytes, eos;
apr_size_t count;
apr_status_t rv;
apr_bucket_brigade *bb;
apr_bucket_brigade *bbin;
char *buf;
apr_bucket *b;
apr_bucket *nextb;
const char *clen = apr_table_get(r->headers_in, "Content-Length");
if(clen != NULL) {
bytes = strtol(clen, NULL, 0);
if(bytes >= MAX_SIZE) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Request too big (%d bytes; limit %d)",
bytes, MAX_SIZE);
return HTTP_REQUEST_ENTITY_TOO_LARGE;
}
} else {
bytes = MAX_SIZE;
}
bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
bbin = apr_brigade_create(r->pool, r->connection->bucket_alloc);
count = 0;
do {
rv = ap_get_brigade(r->input_filters, bbin, AP_MODE_READBYTES,
APR_BLOCK_READ, bytes);
if(rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"failed to read from input");
return HTTP_INTERNAL_SERVER_ERROR;
}
for (b = APR_BRIGADE_FIRST(bbin);
b != APR_BRIGADE_SENTINEL(bbin);
b = nextb ) {
nextb = APR_BUCKET_NEXT(b);
if(APR_BUCKET_IS_EOS(b) ) {
eos = 1;
}
if (!APR_BUCKET_IS_METADATA(b)) {
if(b->length != (apr_size_t)(-1)) {
count += b->length;
if(count > MAX_SIZE) {
/* This is more data than we accept, so we're
* going to kill the request. But we have to
* mop it up first.
*/
apr_bucket_delete(b);
}
}
}
if(count <= MAX_SIZE) {
APR_BUCKET_REMOVE(b);
APR_BRIGADE_INSERT_TAIL(bb, b);
}
}
} while(!eos);
/* OK, done with the data. Kill the request if we got too much data. */
if(count > MAX_SIZE) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"Request too big (%d bytes; limit %d)",
bytes, MAX_SIZE);
return HTTP_REQUEST_ENTITY_TOO_LARGE;
}
/* We've got all the data. Now put it in a buffer and parse it. */
buf = apr_palloc(r->pool, count+1);
rv = apr_brigade_flatten(bb, buf, &count);
if(rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"Error (flatten) reading from data");
return HTTP_INTERNAL_SERVER_ERROR;
}
buf[count] = '\0';
*form = parse_form_from_string(r, buf);
return OK;
}
static apr_status_t dispatch(proxy_conn_rec *conn, proxy_dir_conf *conf,
request_rec *r, apr_pool_t *setaside_pool,
apr_uint16_t request_id, const char **err,
int *bad_request, int *has_responded)
{
apr_bucket_brigade *ib, *ob;
int seen_end_of_headers = 0, done = 0, ignore_body = 0;
apr_status_t rv = APR_SUCCESS;
int script_error_status = HTTP_OK;
conn_rec *c = r->connection;
struct iovec vec[2];
ap_fcgi_header header;
unsigned char farray[AP_FCGI_HEADER_LEN];
apr_pollfd_t pfd;
int header_state = HDR_STATE_READING_HEADERS;
char stack_iobuf[AP_IOBUFSIZE];
apr_size_t iobuf_size = AP_IOBUFSIZE;
char *iobuf = stack_iobuf;
*err = NULL;
if (conn->worker->s->io_buffer_size_set) {
iobuf_size = conn->worker->s->io_buffer_size;
iobuf = apr_palloc(r->pool, iobuf_size);
}
pfd.desc_type = APR_POLL_SOCKET;
pfd.desc.s = conn->sock;
pfd.p = r->pool;
pfd.reqevents = APR_POLLIN | APR_POLLOUT;
ib = apr_brigade_create(r->pool, c->bucket_alloc);
ob = apr_brigade_create(r->pool, c->bucket_alloc);
while (! done) {
apr_interval_time_t timeout;
apr_size_t len;
int n;
/* We need SOME kind of timeout here, or virtually anything will
* cause timeout errors. */
apr_socket_timeout_get(conn->sock, &timeout);
rv = apr_poll(&pfd, 1, &n, timeout);
if (rv != APR_SUCCESS) {
if (APR_STATUS_IS_EINTR(rv)) {
continue;
}
*err = "polling";
break;
}
if (pfd.rtnevents & APR_POLLOUT) {
apr_size_t to_send, writebuflen;
int last_stdin = 0;
char *iobuf_cursor;
rv = ap_get_brigade(r->input_filters, ib,
AP_MODE_READBYTES, APR_BLOCK_READ,
iobuf_size);
if (rv != APR_SUCCESS) {
*err = "reading input brigade";
*bad_request = 1;
break;
}
if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(ib))) {
last_stdin = 1;
}
writebuflen = iobuf_size;
rv = apr_brigade_flatten(ib, iobuf, &writebuflen);
apr_brigade_cleanup(ib);
if (rv != APR_SUCCESS) {
*err = "flattening brigade";
break;
}
to_send = writebuflen;
iobuf_cursor = iobuf;
while (to_send > 0) {
int nvec = 0;
apr_size_t write_this_time;
write_this_time =
to_send < AP_FCGI_MAX_CONTENT_LEN ? to_send : AP_FCGI_MAX_CONTENT_LEN;
ap_fcgi_fill_in_header(&header, AP_FCGI_STDIN, request_id,
(apr_uint16_t)write_this_time, 0);
ap_fcgi_header_to_array(&header, farray);
vec[nvec].iov_base = (void *)farray;
vec[nvec].iov_len = sizeof(farray);
++nvec;
if (writebuflen) {
vec[nvec].iov_base = iobuf_cursor;
vec[nvec].iov_len = write_this_time;
++nvec;
}
rv = send_data(conn, vec, nvec, &len);
if (rv != APR_SUCCESS) {
*err = "sending stdin";
break;
}
to_send -= write_this_time;
iobuf_cursor += write_this_time;
}
if (rv != APR_SUCCESS) {
break;
}
if (last_stdin) {
pfd.reqevents = APR_POLLIN; /* Done with input data */
/* signal EOF (empty FCGI_STDIN) */
ap_fcgi_fill_in_header(&header, AP_FCGI_STDIN, request_id,
0, 0);
ap_fcgi_header_to_array(&header, farray);
vec[0].iov_base = (void *)farray;
vec[0].iov_len = sizeof(farray);
rv = send_data(conn, vec, 1, &len);
if (rv != APR_SUCCESS) {
*err = "sending empty stdin";
break;
}
}
}
if (pfd.rtnevents & APR_POLLIN) {
apr_size_t readbuflen;
apr_uint16_t clen, rid;
apr_bucket *b;
unsigned char plen;
unsigned char type, version;
/* First, we grab the header... */
rv = get_data_full(conn, (char *) farray, AP_FCGI_HEADER_LEN);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01067)
"Failed to read FastCGI header");
break;
}
ap_log_rdata(APLOG_MARK, APLOG_TRACE8, r, "FastCGI header",
farray, AP_FCGI_HEADER_LEN, 0);
ap_fcgi_header_fields_from_array(&version, &type, &rid,
&clen, &plen, farray);
if (version != AP_FCGI_VERSION_1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01068)
"Got bogus version %d", (int)version);
rv = APR_EINVAL;
break;
}
if (rid != request_id) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01069)
"Got bogus rid %d, expected %d",
rid, request_id);
rv = APR_EINVAL;
break;
}
recv_again:
if (clen > iobuf_size) {
readbuflen = iobuf_size;
} else {
readbuflen = clen;
}
/* Now get the actual data. Yes it sucks to do this in a second
* recv call, this will eventually change when we move to real
* nonblocking recv calls. */
if (readbuflen != 0) {
rv = get_data(conn, iobuf, &readbuflen);
if (rv != APR_SUCCESS) {
*err = "reading response body";
break;
}
}
switch (type) {
case AP_FCGI_STDOUT:
if (clen != 0) {
b = apr_bucket_transient_create(iobuf,
readbuflen,
c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(ob, b);
if (! seen_end_of_headers) {
int st = handle_headers(r, &header_state,
iobuf, readbuflen);
if (st == 1) {
int status;
seen_end_of_headers = 1;
status = ap_scan_script_header_err_brigade_ex(r, ob,
NULL, APLOG_MODULE_INDEX);
/* suck in all the rest */
if (status != OK) {
apr_bucket *tmp_b;
apr_brigade_cleanup(ob);
tmp_b = apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(ob, tmp_b);
*has_responded = 1;
r->status = status;
rv = ap_pass_brigade(r->output_filters, ob);
if (rv != APR_SUCCESS) {
*err = "passing headers brigade to output filters";
}
else if (status == HTTP_NOT_MODIFIED) {
/* The 304 response MUST NOT contain
* a message-body, ignore it. */
ignore_body = 1;
}
else {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01070)
"Error parsing script headers");
rv = APR_EINVAL;
}
break;
}
if (conf->error_override &&
ap_is_HTTP_ERROR(r->status)) {
/*
* set script_error_status to discard
* everything after the headers
*/
script_error_status = r->status;
/*
* prevent ap_die() from treating this as a
* recursive error, initially:
*/
r->status = HTTP_OK;
}
if (script_error_status == HTTP_OK
&& !APR_BRIGADE_EMPTY(ob) && !ignore_body) {
/* Send the part of the body that we read while
* reading the headers.
*/
*has_responded = 1;
rv = ap_pass_brigade(r->output_filters, ob);
if (rv != APR_SUCCESS) {
*err = "passing brigade to output filters";
break;
}
}
apr_brigade_cleanup(ob);
apr_pool_clear(setaside_pool);
}
else {
/* We're still looking for the end of the
* headers, so this part of the data will need
* to persist. */
apr_bucket_setaside(b, setaside_pool);
}
} else {
/* we've already passed along the headers, so now pass
* through the content. we could simply continue to
* setaside the content and not pass until we see the
* 0 content-length (below, where we append the EOS),
* but that could be a huge amount of data; so we pass
* along smaller chunks
*/
if (script_error_status == HTTP_OK && !ignore_body) {
*has_responded = 1;
rv = ap_pass_brigade(r->output_filters, ob);
if (rv != APR_SUCCESS) {
*err = "passing brigade to output filters";
break;
}
}
apr_brigade_cleanup(ob);
}
/* If we didn't read all the data, go back and get the
* rest of it. */
if (clen > readbuflen) {
clen -= readbuflen;
goto recv_again;
}
} else {
/* XXX what if we haven't seen end of the headers yet? */
if (script_error_status == HTTP_OK) {
b = apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(ob, b);
*has_responded = 1;
rv = ap_pass_brigade(r->output_filters, ob);
if (rv != APR_SUCCESS) {
*err = "passing brigade to output filters";
break;
}
}
/* XXX Why don't we cleanup here? (logic from AJP) */
}
break;
case AP_FCGI_STDERR:
/* TODO: Should probably clean up this logging a bit... */
if (clen) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01071)
"Got error '%.*s'", (int)readbuflen, iobuf);
}
if (clen > readbuflen) {
clen -= readbuflen;
goto recv_again;
}
break;
case AP_FCGI_END_REQUEST:
done = 1;
break;
default:
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01072)
"Got bogus record %d", type);
break;
}
/* Leave on above switch's inner error. */
if (rv != APR_SUCCESS) {
break;
}
if (plen) {
rv = get_data_full(conn, iobuf, plen);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02537)
"Error occurred reading padding");
break;
}
}
}
}
apr_brigade_destroy(ib);
apr_brigade_destroy(ob);
if (script_error_status != HTTP_OK) {
ap_die(script_error_status, r); /* send ErrorDocument */
*has_responded = 1;
}
return rv;
}
/* read post body. code taken from "The apache modules book, Nick Kew" */
static void read_post_body(mapcache_context_apache_request *ctx, mapcache_request_proxy *p) {
request_rec *r = ctx->request;
mapcache_context *mctx = (mapcache_context*)ctx;
int bytes,eos;
apr_bucket_brigade *bb, *bbin;
apr_bucket *b;
apr_status_t rv;
const char *clen = apr_table_get(r->headers_in, "Content-Length");
if(clen) {
bytes = strtol(clen, NULL, 0);
if(bytes >= p->rule->max_post_len) {
mctx->set_error(mctx, HTTP_REQUEST_ENTITY_TOO_LARGE, "post request too big");
return;
}
} else {
bytes = p->rule->max_post_len;
}
bb = apr_brigade_create(mctx->pool, r->connection->bucket_alloc);
bbin = apr_brigade_create(mctx->pool, r->connection->bucket_alloc);
p->post_len = 0;
do {
rv = ap_get_brigade(r->input_filters, bbin, AP_MODE_READBYTES, APR_BLOCK_READ, bytes);
if(rv != APR_SUCCESS) {
mctx->set_error(mctx, 500, "failed to read form input");
return;
}
for(b = APR_BRIGADE_FIRST(bbin); b != APR_BRIGADE_SENTINEL(bbin); b = APR_BUCKET_NEXT(b)) {
if(APR_BUCKET_IS_EOS(b)) {
eos = 1;
}
}
if(!APR_BUCKET_IS_METADATA(b)) {
if(b->length != (apr_size_t)(-1)) {
p->post_len += b->length;
if(p->post_len > p->rule->max_post_len) {
apr_bucket_delete(b);
}
}
}
if(p->post_len <= p->rule->max_post_len) {
APR_BUCKET_REMOVE(b);
APR_BRIGADE_INSERT_TAIL(bb, b);
}
} while (!eos);
if(p->post_len > p->rule->max_post_len) {
mctx->set_error(mctx, HTTP_REQUEST_ENTITY_TOO_LARGE, "request too big");
return;
}
p->post_buf = apr_palloc(mctx->pool, p->post_len+1);
rv = apr_brigade_flatten(bb, p->post_buf, &(p->post_len));
if(rv != APR_SUCCESS) {
mctx->set_error(mctx, 500, "error (flatten) reading form data");
return;
}
p->post_buf[p->post_len] = 0;
}
static apr_status_t h2_filter_slave_in(ap_filter_t* f,
apr_bucket_brigade* bb,
ap_input_mode_t mode,
apr_read_type_e block,
apr_off_t readbytes)
{
h2_task *task;
apr_status_t status = APR_SUCCESS;
apr_bucket *b, *next;
apr_off_t bblen;
const int trace1 = APLOGctrace1(f->c);
apr_size_t rmax = ((readbytes <= APR_SIZE_MAX)?
(apr_size_t)readbytes : APR_SIZE_MAX);
task = h2_ctx_cget_task(f->c);
ap_assert(task);
if (trace1) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c,
"h2_slave_in(%s): read, mode=%d, block=%d, readbytes=%ld",
task->id, mode, block, (long)readbytes);
}
if (mode == AP_MODE_INIT) {
return ap_get_brigade(f->c->input_filters, bb, mode, block, readbytes);
}
if (f->c->aborted) {
return APR_ECONNABORTED;
}
if (!task->input.bb) {
return APR_EOF;
}
/* Cleanup brigades from those nasty 0 length non-meta buckets
* that apr_brigade_split_line() sometimes produces. */
for (b = APR_BRIGADE_FIRST(task->input.bb);
b != APR_BRIGADE_SENTINEL(task->input.bb); b = next) {
next = APR_BUCKET_NEXT(b);
if (b->length == 0 && !APR_BUCKET_IS_METADATA(b)) {
apr_bucket_delete(b);
}
}
while (APR_BRIGADE_EMPTY(task->input.bb)) {
/* Get more input data for our request. */
if (trace1) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
"h2_slave_in(%s): get more data from mplx, block=%d, "
"readbytes=%ld", task->id, block, (long)readbytes);
}
if (task->input.beam) {
status = h2_beam_receive(task->input.beam, task->input.bb, block,
128*1024);
}
else {
status = APR_EOF;
}
if (trace1) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE2, status, f->c,
"h2_slave_in(%s): read returned", task->id);
}
if (APR_STATUS_IS_EAGAIN(status)
&& (mode == AP_MODE_GETLINE || block == APR_BLOCK_READ)) {
/* chunked input handling does not seem to like it if we
* return with APR_EAGAIN from a GETLINE read...
* upload 100k test on test-ser.example.org hangs */
status = APR_SUCCESS;
}
else if (APR_STATUS_IS_EOF(status)) {
break;
}
else if (status != APR_SUCCESS) {
return status;
}
if (trace1) {
h2_util_bb_log(f->c, task->stream_id, APLOG_TRACE2,
"input.beam recv raw", task->input.bb);
}
if (h2_task_logio_add_bytes_in) {
apr_brigade_length(bb, 0, &bblen);
h2_task_logio_add_bytes_in(f->c, bblen);
}
}
/* Nothing there, no more data to get. Return APR_EAGAIN on
* speculative reads, this is ap_check_pipeline()'s trick to
* see if the connection needs closing. */
if (status == APR_EOF && APR_BRIGADE_EMPTY(task->input.bb)) {
return (mode == AP_MODE_SPECULATIVE)? APR_EAGAIN : APR_EOF;
}
if (trace1) {
h2_util_bb_log(f->c, task->stream_id, APLOG_TRACE2,
"task_input.bb", task->input.bb);
}
if (APR_BRIGADE_EMPTY(task->input.bb)) {
if (trace1) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c,
"h2_slave_in(%s): no data", task->id);
}
return (block == APR_NONBLOCK_READ)? APR_EAGAIN : APR_EOF;
}
if (mode == AP_MODE_EXHAUSTIVE) {
/* return all we have */
APR_BRIGADE_CONCAT(bb, task->input.bb);
}
else if (mode == AP_MODE_READBYTES) {
status = h2_brigade_concat_length(bb, task->input.bb, rmax);
}
else if (mode == AP_MODE_SPECULATIVE) {
status = h2_brigade_copy_length(bb, task->input.bb, rmax);
}
else if (mode == AP_MODE_GETLINE) {
/* we are reading a single LF line, e.g. the HTTP headers.
* this has the nasty side effect to split the bucket, even
* though it ends with CRLF and creates a 0 length bucket */
status = apr_brigade_split_line(bb, task->input.bb, block,
HUGE_STRING_LEN);
if (APLOGctrace1(f->c)) {
char buffer[1024];
apr_size_t len = sizeof(buffer)-1;
apr_brigade_flatten(bb, buffer, &len);
buffer[len] = 0;
if (trace1) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
"h2_slave_in(%s): getline: %s",
task->id, buffer);
}
}
}
else {
/* Hmm, well. There is mode AP_MODE_EATCRLF, but we chose not
* to support it. Seems to work. */
ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_ENOTIMPL, f->c,
APLOGNO(03472)
"h2_slave_in(%s), unsupported READ mode %d",
task->id, mode);
status = APR_ENOTIMPL;
}
if (trace1) {
apr_brigade_length(bb, 0, &bblen);
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c,
"h2_slave_in(%s): %ld data bytes", task->id, (long)bblen);
}
return status;
}
/*
* process the request and write the response.
*/
static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
proxy_conn_rec *conn,
conn_rec *origin,
proxy_dir_conf *conf,
apr_uri_t *uri,
char *url, char *server_portstr)
{
apr_status_t status;
int result;
apr_bucket *e;
apr_bucket_brigade *input_brigade;
apr_bucket_brigade *output_brigade;
ajp_msg_t *msg;
apr_size_t bufsiz = 0;
char *buff;
char *send_body_chunk_buff;
apr_uint16_t size;
apr_byte_t conn_reuse = 0;
const char *tenc;
int havebody = 1;
int output_failed = 0;
int backend_failed = 0;
apr_off_t bb_len;
int data_sent = 0;
int request_ended = 0;
int headers_sent = 0;
int rv = 0;
apr_int32_t conn_poll_fd;
apr_pollfd_t *conn_poll;
proxy_server_conf *psf =
ap_get_module_config(r->server->module_config, &proxy_module);
apr_size_t maxsize = AJP_MSG_BUFFER_SZ;
int send_body = 0;
apr_off_t content_length = 0;
int original_status = r->status;
const char *original_status_line = r->status_line;
if (psf->io_buffer_size_set)
maxsize = psf->io_buffer_size;
if (maxsize > AJP_MAX_BUFFER_SZ)
maxsize = AJP_MAX_BUFFER_SZ;
else if (maxsize < AJP_MSG_BUFFER_SZ)
maxsize = AJP_MSG_BUFFER_SZ;
maxsize = APR_ALIGN(maxsize, 1024);
/*
* Send the AJP request to the remote server
*/
/* send request headers */
status = ajp_send_header(conn->sock, r, maxsize, uri);
if (status != APR_SUCCESS) {
conn->close++;
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: AJP: request failed to %pI (%s)",
conn->worker->cp->addr,
conn->worker->hostname);
if (status == AJP_EOVERFLOW)
return HTTP_BAD_REQUEST;
else if (status == AJP_EBAD_METHOD) {
return HTTP_NOT_IMPLEMENTED;
} else {
/*
* This is only non fatal when the method is idempotent. In this
* case we can dare to retry it with a different worker if we are
* a balancer member.
*/
if (is_idempotent(r) == METHOD_IDEMPOTENT) {
return HTTP_SERVICE_UNAVAILABLE;
}
return HTTP_INTERNAL_SERVER_ERROR;
}
}
/* allocate an AJP message to store the data of the buckets */
bufsiz = maxsize;
status = ajp_alloc_data_msg(r->pool, &buff, &bufsiz, &msg);
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
conn->close++;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: ajp_alloc_data_msg failed");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* read the first bloc of data */
input_brigade = apr_brigade_create(p, r->connection->bucket_alloc);
tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
if (tenc && (strcasecmp(tenc, "chunked") == 0)) {
/* The AJP protocol does not want body data yet */
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: request is chunked");
} else {
/* Get client provided Content-Length header */
content_length = get_content_length(r);
status = ap_get_brigade(r->input_filters, input_brigade,
AP_MODE_READBYTES, APR_BLOCK_READ,
maxsize - AJP_HEADER_SZ);
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
conn->close++;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: ap_get_brigade failed");
apr_brigade_destroy(input_brigade);
return HTTP_BAD_REQUEST;
}
/* have something */
if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: APR_BUCKET_IS_EOS");
}
/* Try to send something */
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: data to read (max %" APR_SIZE_T_FMT
" at %" APR_SIZE_T_FMT ")", bufsiz, msg->pos);
status = apr_brigade_flatten(input_brigade, buff, &bufsiz);
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
conn->close++;
apr_brigade_destroy(input_brigade);
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: apr_brigade_flatten");
return HTTP_INTERNAL_SERVER_ERROR;
}
apr_brigade_cleanup(input_brigade);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: got %" APR_SIZE_T_FMT " bytes of data", bufsiz);
if (bufsiz > 0) {
status = ajp_send_data_msg(conn->sock, msg, bufsiz);
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
conn->close++;
apr_brigade_destroy(input_brigade);
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: send failed to %pI (%s)",
conn->worker->cp->addr,
conn->worker->hostname);
/*
* It is fatal when we failed to send a (part) of the request
* body.
*/
return HTTP_INTERNAL_SERVER_ERROR;
}
conn->worker->s->transferred += bufsiz;
send_body = 1;
}
else if (content_length > 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: read zero bytes, expecting"
" %" APR_OFF_T_FMT " bytes",
content_length);
/*
* We can only get here if the client closed the connection
* to us without sending the body.
* Now the connection is in the wrong state on the backend.
* Sending an empty data msg doesn't help either as it does
* not move this connection to the correct state on the backend
* for later resusage by the next request again.
* Close it to clean things up.
*/
conn->close++;
return HTTP_BAD_REQUEST;
}
}
/* read the response */
conn->data = NULL;
status = ajp_read_header(conn->sock, r, maxsize,
(ajp_msg_t **)&(conn->data));
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
conn->close++;
apr_brigade_destroy(input_brigade);
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: read response failed from %pI (%s)",
conn->worker->cp->addr,
conn->worker->hostname);
/* If we had a successful cping/cpong and then a timeout
* we assume it is a request that cause a back-end timeout,
* but doesn't affect the whole worker.
*/
if (APR_STATUS_IS_TIMEUP(status) && conn->worker->ping_timeout_set) {
return HTTP_GATEWAY_TIME_OUT;
}
/*
* This is only non fatal when we have not sent (parts) of a possible
* request body so far (we do not store it and thus cannot sent it
* again) and the method is idempotent. In this case we can dare to
* retry it with a different worker if we are a balancer member.
*/
if (!send_body && (is_idempotent(r) == METHOD_IDEMPOTENT)) {
return HTTP_SERVICE_UNAVAILABLE;
}
return HTTP_INTERNAL_SERVER_ERROR;
}
/* parse the reponse */
result = ajp_parse_type(r, conn->data);
output_brigade = apr_brigade_create(p, r->connection->bucket_alloc);
/*
* Prepare apr_pollfd_t struct for possible later check if there is currently
* data available from the backend (do not flush response to client)
* or not (flush response to client)
*/
conn_poll = apr_pcalloc(p, sizeof(apr_pollfd_t));
conn_poll->reqevents = APR_POLLIN;
conn_poll->desc_type = APR_POLL_SOCKET;
conn_poll->desc.s = conn->sock;
bufsiz = maxsize;
for (;;) {
switch (result) {
case CMD_AJP13_GET_BODY_CHUNK:
if (havebody) {
if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) {
/* This is the end */
bufsiz = 0;
havebody = 0;
ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server,
"proxy: APR_BUCKET_IS_EOS");
} else {
status = ap_get_brigade(r->input_filters, input_brigade,
AP_MODE_READBYTES,
APR_BLOCK_READ,
maxsize - AJP_HEADER_SZ);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, status,
r->server,
"ap_get_brigade failed");
output_failed = 1;
break;
}
bufsiz = maxsize;
status = apr_brigade_flatten(input_brigade, buff,
&bufsiz);
apr_brigade_cleanup(input_brigade);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, status,
r->server,
"apr_brigade_flatten failed");
output_failed = 1;
break;
}
}
ajp_msg_reset(msg);
/* will go in ajp_send_data_msg */
status = ajp_send_data_msg(conn->sock, msg, bufsiz);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server,
"ajp_send_data_msg failed");
backend_failed = 1;
break;
}
conn->worker->s->transferred += bufsiz;
} else {
/*
* something is wrong TC asks for more body but we are
* already at the end of the body data
*/
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"ap_proxy_ajp_request error read after end");
backend_failed = 1;
}
break;
case CMD_AJP13_SEND_HEADERS:
if (headers_sent) {
/* Do not send anything to the client.
* Backend already send us the headers.
*/
backend_failed = 1;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: Backend sent headers twice.");
break;
}
/* AJP13_SEND_HEADERS: process them */
status = ajp_parse_header(r, conf, conn->data);
if (status != APR_SUCCESS) {
backend_failed = 1;
}
else if ((r->status == 401) && psf->error_override) {
const char *buf;
const char *wa = "WWW-Authenticate";
if ((buf = apr_table_get(r->headers_out, wa))) {
apr_table_set(r->err_headers_out, wa, buf);
} else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"ap_proxy_ajp_request: origin server "
"sent 401 without WWW-Authenticate header");
}
}
headers_sent = 1;
break;
case CMD_AJP13_SEND_BODY_CHUNK:
/* AJP13_SEND_BODY_CHUNK: piece of data */
status = ajp_parse_data(r, conn->data, &size, &send_body_chunk_buff);
if (status == APR_SUCCESS) {
/* If we are overriding the errors, we can't put the content
* of the page into the brigade.
*/
if (!psf->error_override || !ap_is_HTTP_ERROR(r->status)) {
/* AJP13_SEND_BODY_CHUNK with zero length
* is explicit flush message
*/
if (size == 0) {
if (headers_sent) {
e = apr_bucket_flush_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(output_brigade, e);
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Ignoring flush message received before headers");
}
}
else {
apr_status_t rv;
/* Handle the case where the error document is itself reverse
* proxied and was successful. We must maintain any previous
* error status so that an underlying error (eg HTTP_NOT_FOUND)
* doesn't become an HTTP_OK.
*/
if (psf->error_override && !ap_is_HTTP_ERROR(r->status)
&& ap_is_HTTP_ERROR(original_status)) {
r->status = original_status;
r->status_line = original_status_line;
}
e = apr_bucket_transient_create(send_body_chunk_buff, size,
r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(output_brigade, e);
if ((conn->worker->flush_packets == flush_on) ||
((conn->worker->flush_packets == flush_auto) &&
((rv = apr_poll(conn_poll, 1, &conn_poll_fd,
conn->worker->flush_wait))
!= APR_SUCCESS) &&
APR_STATUS_IS_TIMEUP(rv))) {
e = apr_bucket_flush_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(output_brigade, e);
}
apr_brigade_length(output_brigade, 0, &bb_len);
if (bb_len != -1)
conn->worker->s->read += bb_len;
}
if (headers_sent) {
if (ap_pass_brigade(r->output_filters,
output_brigade) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"proxy: error processing body.%s",
r->connection->aborted ?
" Client aborted connection." : "");
output_failed = 1;
}
data_sent = 1;
apr_brigade_cleanup(output_brigade);
}
}
}
else {
backend_failed = 1;
}
break;
case CMD_AJP13_END_RESPONSE:
status = ajp_parse_reuse(r, conn->data, &conn_reuse);
if (status != APR_SUCCESS) {
backend_failed = 1;
}
/* If we are overriding the errors, we must not send anything to
* the client, especially as the brigade already contains headers.
* So do nothing here, and it will be cleaned up below.
*/
if (!psf->error_override || !ap_is_HTTP_ERROR(r->status)) {
e = apr_bucket_eos_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(output_brigade, e);
if (ap_pass_brigade(r->output_filters,
output_brigade) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"proxy: error processing end");
output_failed = 1;
}
/* XXX: what about flush here? See mod_jk */
data_sent = 1;
}
request_ended = 1;
break;
default:
backend_failed = 1;
break;
}
/*
* If connection has been aborted by client: Stop working.
* Nevertheless, we regard our operation so far as a success:
* So reset output_failed to 0 and set result to CMD_AJP13_END_RESPONSE
* But: Close this connection to the backend.
*/
if (r->connection->aborted) {
conn->close++;
output_failed = 0;
result = CMD_AJP13_END_RESPONSE;
request_ended = 1;
}
/*
* We either have finished successfully or we failed.
* So bail out
*/
if ((result == CMD_AJP13_END_RESPONSE) || backend_failed
|| output_failed)
break;
/* read the response */
status = ajp_read_header(conn->sock, r, maxsize,
(ajp_msg_t **)&(conn->data));
if (status != APR_SUCCESS) {
backend_failed = 1;
ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server,
"ajp_read_header failed");
break;
}
result = ajp_parse_type(r, conn->data);
}
apr_brigade_destroy(input_brigade);
/*
* Clear output_brigade to remove possible buckets that remained there
* after an error.
*/
apr_brigade_cleanup(output_brigade);
if (backend_failed || output_failed) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: Processing of request failed backend: %i, "
"output: %i", backend_failed, output_failed);
/* We had a failure: Close connection to backend */
conn->close++;
/* Return DONE to avoid error messages being added to the stream */
if (data_sent) {
rv = DONE;
}
}
else if (!request_ended) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: Processing of request didn't terminate cleanly");
/* We had a failure: Close connection to backend */
conn->close++;
backend_failed = 1;
/* Return DONE to avoid error messages being added to the stream */
if (data_sent) {
rv = DONE;
}
}
else if (!conn_reuse) {
/* Our backend signalled connection close */
conn->close++;
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: got response from %pI (%s)",
conn->worker->cp->addr,
conn->worker->hostname);
if (psf->error_override && ap_is_HTTP_ERROR(r->status)) {
/* clear r->status for override error, otherwise ErrorDocument
* thinks that this is a recursive error, and doesn't find the
* custom error page
*/
rv = r->status;
r->status = HTTP_OK;
} else {
rv = OK;
}
}
if (backend_failed) {
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: dialog to %pI (%s) failed",
conn->worker->cp->addr,
conn->worker->hostname);
/*
* If we already send data, signal a broken backend connection
* upwards in the chain.
*/
if (data_sent) {
ap_proxy_backend_broke(r, output_brigade);
} else if (!send_body && (is_idempotent(r) == METHOD_IDEMPOTENT)) {
/*
* This is only non fatal when we have not sent (parts) of a possible
* request body so far (we do not store it and thus cannot sent it
* again) and the method is idempotent. In this case we can dare to
* retry it with a different worker if we are a balancer member.
*/
rv = HTTP_SERVICE_UNAVAILABLE;
} else {
rv = HTTP_INTERNAL_SERVER_ERROR;
}
}
/*
* Ensure that we sent an EOS bucket thru the filter chain, if we already
* have sent some data. Maybe ap_proxy_backend_broke was called and added
* one to the brigade already (no longer making it empty). So we should
* not do this in this case.
*/
if (data_sent && !r->eos_sent && APR_BRIGADE_EMPTY(output_brigade)) {
e = apr_bucket_eos_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(output_brigade, e);
}
/* If we have added something to the brigade above, sent it */
if (!APR_BRIGADE_EMPTY(output_brigade))
ap_pass_brigade(r->output_filters, output_brigade);
apr_brigade_destroy(output_brigade);
return rv;
}
