static char *php_apache_get_version()
{
#if MODULE_MAGIC_NUMBER_MAJOR >= 20060905
return (char *) ap_get_server_banner();
#else
return (char *) ap_get_server_version();
#endif
}
h2_response *h2_response_die(int stream_id, apr_status_t type,
const struct h2_request *req, apr_pool_t *pool)
{
apr_table_t *headers = apr_table_make(pool, 5);
char *date = NULL;
date = apr_palloc(pool, APR_RFC822_DATE_LEN);
ap_recent_rfc822_date(date, req->request_time);
apr_table_setn(headers, "Date", date);
apr_table_setn(headers, "Server", ap_get_server_banner());
return h2_response_create_int(stream_id, 0, 500, headers, pool);
}
/* CONNECT handler */
static int proxy_connect_handler(request_rec *r, proxy_worker *worker,
proxy_server_conf *conf,
char *url, const char *proxyname,
apr_port_t proxyport)
{
apr_pool_t *p = r->pool;
apr_socket_t *sock;
apr_status_t err, rv;
apr_size_t i, o, nbytes;
char buffer[HUGE_STRING_LEN];
apr_socket_t *client_socket = ap_get_module_config(r->connection->conn_config, &core_module);
int failed;
apr_pollset_t *pollset;
apr_pollfd_t pollfd;
const apr_pollfd_t *signalled;
apr_int32_t pollcnt, pi;
apr_int16_t pollevent;
apr_sockaddr_t *uri_addr, *connect_addr;
apr_uri_t uri;
const char *connectname;
int connectport = 0;
/* is this for us? */
if (r->method_number != M_CONNECT) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: declining URL %s", url);
return DECLINED;
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: serving URL %s", url);
/*
* Step One: Determine Who To Connect To
*
* Break up the URL to determine the host to connect to
*/
/* we break the URL into host, port, uri */
if (APR_SUCCESS != apr_uri_parse_hostinfo(p, url, &uri)) {
return ap_proxyerror(r, HTTP_BAD_REQUEST,
apr_pstrcat(p, "URI cannot be parsed: ", url, NULL));
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: connecting %s to %s:%d", url, uri.hostname, uri.port);
/* do a DNS lookup for the destination host */
err = apr_sockaddr_info_get(&uri_addr, uri.hostname, APR_UNSPEC, uri.port, 0, p);
/* are we connecting directly, or via a proxy? */
if (proxyname) {
connectname = proxyname;
connectport = proxyport;
err = apr_sockaddr_info_get(&connect_addr, proxyname, APR_UNSPEC, proxyport, 0, p);
}
else {
connectname = uri.hostname;
connectport = uri.port;
connect_addr = uri_addr;
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: connecting to remote proxy %s on port %d", connectname, connectport);
/* check if ProxyBlock directive on this host */
if (OK != ap_proxy_checkproxyblock(r, conf, uri_addr)) {
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
/* Check if it is an allowed port */
if (conf->allowed_connect_ports->nelts == 0) {
/* Default setting if not overridden by AllowCONNECT */
switch (uri.port) {
case APR_URI_HTTPS_DEFAULT_PORT:
case APR_URI_SNEWS_DEFAULT_PORT:
break;
default:
/* XXX can we call ap_proxyerror() here to get a nice log message? */
return HTTP_FORBIDDEN;
}
} else if(!allowed_port(conf, uri.port)) {
/* XXX can we call ap_proxyerror() here to get a nice log message? */
return HTTP_FORBIDDEN;
}
/*
* Step Two: Make the Connection
*
* We have determined who to connect to. Now make the connection.
*/
/* get all the possible IP addresses for the destname and loop through them
* until we get a successful connection
*/
if (APR_SUCCESS != err) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_pstrcat(p,
"DNS lookup failure for: ",
connectname, NULL));
}
/*
* At this point we have a list of one or more IP addresses of
* the machine to connect to. If configured, reorder this
* list so that the "best candidate" is first try. "best
* candidate" could mean the least loaded server, the fastest
* responding server, whatever.
*
* For now we do nothing, ie we get DNS round robin.
* XXX FIXME
*/
failed = ap_proxy_connect_to_backend(&sock, "CONNECT", connect_addr,
connectname, conf, r->server,
r->pool);
/* handle a permanent error from the above loop */
if (failed) {
if (proxyname) {
return DECLINED;
}
else {
return HTTP_BAD_GATEWAY;
}
}
/*
* Step Three: Send the Request
*
* Send the HTTP/1.1 CONNECT request to the remote server
*/
/* we are acting as a tunnel - the output filter stack should
* be completely empty, because when we are done here we are done completely.
* We add the NULL filter to the stack to do this...
*/
r->output_filters = NULL;
r->connection->output_filters = NULL;
/* If we are connecting through a remote proxy, we need to pass
* the CONNECT request on to it.
*/
if (proxyport) {
/* FIXME: Error checking ignored.
*/
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: sending the CONNECT request to the remote proxy");
nbytes = apr_snprintf(buffer, sizeof(buffer),
"CONNECT %s HTTP/1.0" CRLF, r->uri);
apr_socket_send(sock, buffer, &nbytes);
nbytes = apr_snprintf(buffer, sizeof(buffer),
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner());
apr_socket_send(sock, buffer, &nbytes);
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: Returning 200 OK Status");
nbytes = apr_snprintf(buffer, sizeof(buffer),
"HTTP/1.0 200 Connection Established" CRLF);
ap_xlate_proto_to_ascii(buffer, nbytes);
apr_socket_send(client_socket, buffer, &nbytes);
nbytes = apr_snprintf(buffer, sizeof(buffer),
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner());
ap_xlate_proto_to_ascii(buffer, nbytes);
apr_socket_send(client_socket, buffer, &nbytes);
#if 0
/* This is safer code, but it doesn't work yet. I'm leaving it
* here so that I can fix it later.
*/
r->status = HTTP_OK;
r->header_only = 1;
apr_table_set(r->headers_out, "Proxy-agent: %s", ap_get_server_banner());
ap_rflush(r);
#endif
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: setting up poll()");
/*
* Step Four: Handle Data Transfer
*
* Handle two way transfer of data over the socket (this is a tunnel).
*/
/* r->sent_bodyct = 1;*/
if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS)
{
apr_socket_close(sock);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: CONNECT: error apr_pollset_create()");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* Add client side to the poll */
pollfd.p = r->pool;
pollfd.desc_type = APR_POLL_SOCKET;
pollfd.reqevents = APR_POLLIN;
pollfd.desc.s = client_socket;
pollfd.client_data = NULL;
apr_pollset_add(pollset, &pollfd);
/* Add the server side to the poll */
pollfd.desc.s = sock;
apr_pollset_add(pollset, &pollfd);
while (1) { /* Infinite loop until error (one side closes the connection) */
if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) {
apr_socket_close(sock);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "proxy: CONNECT: error apr_poll()");
return HTTP_INTERNAL_SERVER_ERROR;
}
#ifdef DEBUGGING
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: woke from select(), i=%d", pollcnt);
#endif
for (pi = 0; pi < pollcnt; pi++) {
const apr_pollfd_t *cur = &signalled[pi];
if (cur->desc.s == sock) {
pollevent = cur->rtnevents;
if (pollevent & APR_POLLIN) {
#ifdef DEBUGGING
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: sock was set");
#endif
nbytes = sizeof(buffer);
rv = apr_socket_recv(sock, buffer, &nbytes);
if (rv == APR_SUCCESS) {
o = 0;
i = nbytes;
while(i > 0)
{
nbytes = i;
/* This is just plain wrong. No module should ever write directly
* to the client. For now, this works, but this is high on my list of
* things to fix. The correct line is:
* if ((nbytes = ap_rwrite(buffer + o, nbytes, r)) < 0)
* rbb
*/
rv = apr_socket_send(client_socket, buffer + o, &nbytes);
if (rv != APR_SUCCESS)
break;
o += nbytes;
i -= nbytes;
}
}
else
break;
}
else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP))
break;
}
else if (cur->desc.s == client_socket) {
pollevent = cur->rtnevents;
if (pollevent & APR_POLLIN) {
#ifdef DEBUGGING
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: client was set");
#endif
nbytes = sizeof(buffer);
rv = apr_socket_recv(client_socket, buffer, &nbytes);
if (rv == APR_SUCCESS) {
o = 0;
i = nbytes;
#ifdef DEBUGGING
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: read %d from client", i);
#endif
while(i > 0)
{
nbytes = i;
rv = apr_socket_send(sock, buffer + o, &nbytes);
if (rv != APR_SUCCESS)
break;
o += nbytes;
i -= nbytes;
}
}
else
break;
}
else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) {
rv = APR_EOF;
break;
}
}
else
break;
}
if (rv != APR_SUCCESS) {
break;
}
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: finished with poll() - cleaning up");
/*
* Step Five: Clean Up
*
* Close the socket and clean up
*/
apr_socket_close(sock);
return OK;
}
AP_DECLARE(void) ap_add_common_vars(request_rec *r)
{
apr_table_t *e;
server_rec *s = r->server;
conn_rec *c = r->connection;
const char *rem_logname;
char *env_path;
#if defined(WIN32) || defined(OS2) || defined(BEOS)
char *env_temp;
#endif
const char *host;
const apr_array_header_t *hdrs_arr = apr_table_elts(r->headers_in);
const apr_table_entry_t *hdrs = (const apr_table_entry_t *) hdrs_arr->elts;
int i;
apr_port_t rport;
/* use a temporary apr_table_t which we'll overlap onto
* r->subprocess_env later
* (exception: if r->subprocess_env is empty at the start,
* write directly into it)
*/
if (apr_is_empty_table(r->subprocess_env)) {
e = r->subprocess_env;
}
else {
e = apr_table_make(r->pool, 25 + hdrs_arr->nelts);
}
/* First, add environment vars from headers... this is as per
* CGI specs, though other sorts of scripting interfaces see
* the same vars...
*/
for (i = 0; i < hdrs_arr->nelts; ++i) {
if (!hdrs[i].key) {
continue;
}
/* A few headers are special cased --- Authorization to prevent
* rogue scripts from capturing passwords; content-type and -length
* for no particular reason.
*/
if (!strcasecmp(hdrs[i].key, "Content-type")) {
apr_table_addn(e, "CONTENT_TYPE", hdrs[i].val);
}
else if (!strcasecmp(hdrs[i].key, "Content-length")) {
apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
}
/*
* You really don't want to disable this check, since it leaves you
* wide open to CGIs stealing passwords and people viewing them
* in the environment with "ps -e". But, if you must...
*/
#ifndef SECURITY_HOLE_PASS_AUTHORIZATION
else if (!strcasecmp(hdrs[i].key, "Authorization")
|| !strcasecmp(hdrs[i].key, "Proxy-Authorization")) {
continue;
}
#endif
else {
apr_table_addn(e, http2env(r->pool, hdrs[i].key), hdrs[i].val);
}
}
if (!(env_path = getenv("PATH"))) {
env_path = DEFAULT_PATH;
}
apr_table_addn(e, "PATH", apr_pstrdup(r->pool, env_path));
#ifdef WIN32
if ((env_temp = getenv("SystemRoot")) != NULL) {
apr_table_addn(e, "SystemRoot", env_temp);
}
if ((env_temp = getenv("COMSPEC")) != NULL) {
apr_table_addn(e, "COMSPEC", env_temp);
}
if ((env_temp = getenv("PATHEXT")) != NULL) {
apr_table_addn(e, "PATHEXT", env_temp);
}
if ((env_temp = getenv("WINDIR")) != NULL) {
apr_table_addn(e, "WINDIR", env_temp);
}
#endif
#ifdef OS2
if ((env_temp = getenv("COMSPEC")) != NULL) {
apr_table_addn(e, "COMSPEC", env_temp);
}
if ((env_temp = getenv("ETC")) != NULL) {
apr_table_addn(e, "ETC", env_temp);
}
if ((env_temp = getenv("DPATH")) != NULL) {
apr_table_addn(e, "DPATH", env_temp);
}
if ((env_temp = getenv("PERLLIB_PREFIX")) != NULL) {
apr_table_addn(e, "PERLLIB_PREFIX", env_temp);
}
#endif
#ifdef BEOS
if ((env_temp = getenv("LIBRARY_PATH")) != NULL) {
apr_table_addn(e, "LIBRARY_PATH", env_temp);
}
#endif
apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
apr_table_addn(e, "SERVER_SOFTWARE", ap_get_server_banner());
apr_table_addn(e, "SERVER_NAME",
ap_escape_html(r->pool, ap_get_server_name(r)));
apr_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */
apr_table_addn(e, "SERVER_PORT",
apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
host = ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST, NULL);
if (host) {
apr_table_addn(e, "REMOTE_HOST", host);
}
apr_table_addn(e, "REMOTE_ADDR", c->remote_ip);
apr_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r)); /* Apache */
apr_table_addn(e, "SERVER_ADMIN", s->server_admin); /* Apache */
apr_table_addn(e, "SCRIPT_FILENAME", r->filename); /* Apache */
rport = c->remote_addr->port;
apr_table_addn(e, "REMOTE_PORT", apr_itoa(r->pool, rport));
if (r->user) {
apr_table_addn(e, "REMOTE_USER", r->user);
}
else if (r->prev) {
request_rec *back = r->prev;
while (back) {
if (back->user) {
apr_table_addn(e, "REDIRECT_REMOTE_USER", back->user);
break;
}
back = back->prev;
}
}
if (r->ap_auth_type) {
apr_table_addn(e, "AUTH_TYPE", r->ap_auth_type);
}
rem_logname = ap_get_remote_logname(r);
if (rem_logname) {
apr_table_addn(e, "REMOTE_IDENT", apr_pstrdup(r->pool, rem_logname));
}
/* Apache custom error responses. If we have redirected set two new vars */
if (r->prev) {
if (r->prev->args) {
apr_table_addn(e, "REDIRECT_QUERY_STRING", r->prev->args);
}
if (r->prev->uri) {
apr_table_addn(e, "REDIRECT_URL", r->prev->uri);
}
}
if (e != r->subprocess_env) {
apr_table_overlap(r->subprocess_env, e, APR_OVERLAP_TABLES_SET);
}
}
/* CONNECT handler */
static int proxy_connect_handler(request_rec *r, proxy_worker *worker,
proxy_server_conf *conf,
char *url, const char *proxyname,
apr_port_t proxyport)
{
connect_conf *c_conf =
ap_get_module_config(r->server->module_config, &proxy_connect_module);
apr_pool_t *p = r->pool;
apr_socket_t *sock;
conn_rec *c = r->connection;
conn_rec *backconn;
apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc);
apr_status_t rv;
apr_size_t nbytes;
char buffer[HUGE_STRING_LEN];
apr_socket_t *client_socket = ap_get_conn_socket(c);
int failed, rc;
int client_error = 0;
apr_pollset_t *pollset;
apr_pollfd_t pollfd;
const apr_pollfd_t *signalled;
apr_int32_t pollcnt, pi;
apr_int16_t pollevent;
apr_sockaddr_t *nexthop;
apr_uri_t uri;
const char *connectname;
int connectport = 0;
/* is this for us? */
if (r->method_number != M_CONNECT) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "declining URL %s", url);
return DECLINED;
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "serving URL %s", url);
/*
* Step One: Determine Who To Connect To
*
* Break up the URL to determine the host to connect to
*/
/* we break the URL into host, port, uri */
if (APR_SUCCESS != apr_uri_parse_hostinfo(p, url, &uri)) {
return ap_proxyerror(r, HTTP_BAD_REQUEST,
apr_pstrcat(p, "URI cannot be parsed: ", url,
NULL));
}
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01019)
"connecting %s to %s:%d", url, uri.hostname, uri.port);
/* Determine host/port of next hop; from request URI or of a proxy. */
connectname = proxyname ? proxyname : uri.hostname;
connectport = proxyname ? proxyport : uri.port;
/* Do a DNS lookup for the next hop */
rv = apr_sockaddr_info_get(&nexthop, connectname, APR_UNSPEC,
connectport, 0, p);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02327)
"failed to resolve hostname '%s'", connectname);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
apr_pstrcat(p, "DNS lookup failure for: ",
connectname, NULL));
}
/* Check ProxyBlock directive on the hostname/address. */
if (ap_proxy_checkproxyblock2(r, conf, uri.hostname,
proxyname ? NULL : nexthop) != OK) {
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
"connecting to remote proxy %s on port %d",
connectname, connectport);
/* Check if it is an allowed port */
if(!allowed_port(c_conf, uri.port)) {
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
/*
* Step Two: Make the Connection
*
* We have determined who to connect to. Now make the connection.
*/
/*
* At this point we have a list of one or more IP addresses of
* the machine to connect to. If configured, reorder this
* list so that the "best candidate" is first try. "best
* candidate" could mean the least loaded server, the fastest
* responding server, whatever.
*
* For now we do nothing, ie we get DNS round robin.
* XXX FIXME
*/
failed = ap_proxy_connect_to_backend(&sock, "CONNECT", nexthop,
connectname, conf, r);
/* handle a permanent error from the above loop */
if (failed) {
if (proxyname) {
return DECLINED;
}
else {
return HTTP_SERVICE_UNAVAILABLE;
}
}
/* setup polling for connection */
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "setting up poll()");
if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) {
apr_socket_close(sock);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01020)
"error apr_pollset_create()");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* Add client side to the poll */
pollfd.p = r->pool;
pollfd.desc_type = APR_POLL_SOCKET;
pollfd.reqevents = APR_POLLIN;
pollfd.desc.s = client_socket;
pollfd.client_data = NULL;
apr_pollset_add(pollset, &pollfd);
/* Add the server side to the poll */
pollfd.desc.s = sock;
apr_pollset_add(pollset, &pollfd);
/*
* Step Three: Send the Request
*
* Send the HTTP/1.1 CONNECT request to the remote server
*/
backconn = ap_run_create_connection(c->pool, r->server, sock,
c->id, c->sbh, c->bucket_alloc);
if (!backconn) {
/* peer reset */
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01021)
"an error occurred creating a new connection "
"to %pI (%s)", nexthop, connectname);
apr_socket_close(sock);
return HTTP_INTERNAL_SERVER_ERROR;
}
ap_proxy_ssl_disable(backconn);
rc = ap_run_pre_connection(backconn, sock);
if (rc != OK && rc != DONE) {
backconn->aborted = 1;
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01022)
"pre_connection setup failed (%d)", rc);
return HTTP_INTERNAL_SERVER_ERROR;
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
"connection complete to %pI (%s)",
nexthop, connectname);
apr_table_setn(r->notes, "proxy-source-port", apr_psprintf(r->pool, "%hu",
backconn->local_addr->port));
/* If we are connecting through a remote proxy, we need to pass
* the CONNECT request on to it.
*/
if (proxyport) {
/* FIXME: Error checking ignored.
*/
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"sending the CONNECT request to the remote proxy");
ap_fprintf(backconn->output_filters, bb,
"CONNECT %s HTTP/1.0" CRLF, r->uri);
ap_fprintf(backconn->output_filters, bb,
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner());
ap_fflush(backconn->output_filters, bb);
}
else {
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Returning 200 OK");
nbytes = apr_snprintf(buffer, sizeof(buffer),
"HTTP/1.0 200 Connection Established" CRLF);
ap_xlate_proto_to_ascii(buffer, nbytes);
ap_fwrite(c->output_filters, bb, buffer, nbytes);
nbytes = apr_snprintf(buffer, sizeof(buffer),
"Proxy-agent: %s" CRLF CRLF,
ap_get_server_banner());
ap_xlate_proto_to_ascii(buffer, nbytes);
ap_fwrite(c->output_filters, bb, buffer, nbytes);
ap_fflush(c->output_filters, bb);
#if 0
/* This is safer code, but it doesn't work yet. I'm leaving it
* here so that I can fix it later.
*/
r->status = HTTP_OK;
r->header_only = 1;
apr_table_set(r->headers_out, "Proxy-agent: %s", ap_get_server_banner());
ap_rflush(r);
#endif
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "setting up poll()");
/*
* Step Four: Handle Data Transfer
*
* Handle two way transfer of data over the socket (this is a tunnel).
*/
/* we are now acting as a tunnel - the input/output filter stacks should
* not contain any non-connection filters.
*/
r->output_filters = c->output_filters;
r->proto_output_filters = c->output_filters;
r->input_filters = c->input_filters;
r->proto_input_filters = c->input_filters;
/* r->sent_bodyct = 1;*/
while (1) { /* Infinite loop until error (one side closes the connection) */
if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled))
!= APR_SUCCESS) {
if (APR_STATUS_IS_EINTR(rv)) {
continue;
}
apr_socket_close(sock);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01023) "error apr_poll()");
return HTTP_INTERNAL_SERVER_ERROR;
}
#ifdef DEBUGGING
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01024)
"woke from poll(), i=%d", pollcnt);
#endif
for (pi = 0; pi < pollcnt; pi++) {
const apr_pollfd_t *cur = &signalled[pi];
if (cur->desc.s == sock) {
pollevent = cur->rtnevents;
if (pollevent & APR_POLLIN) {
#ifdef DEBUGGING
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01025)
"sock was readable");
#endif
rv = proxy_connect_transfer(r, backconn, c, bb, "sock");
}
else if ((pollevent & APR_POLLERR)
|| (pollevent & APR_POLLHUP)) {
rv = APR_EPIPE;
ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, APLOGNO(01026)
"err/hup on backconn");
}
if (rv != APR_SUCCESS)
client_error = 1;
}
else if (cur->desc.s == client_socket) {
pollevent = cur->rtnevents;
if (pollevent & APR_POLLIN) {
#ifdef DEBUGGING
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01027)
"client was readable");
#endif
rv = proxy_connect_transfer(r, c, backconn, bb, "client");
}
}
else {
rv = APR_EBADF;
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01028)
"unknown socket in pollset");
}
}
if (rv != APR_SUCCESS) {
break;
}
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"finished with poll() - cleaning up");
/*
* Step Five: Clean Up
*
* Close the socket and clean up
*/
if (client_error)
apr_socket_close(sock);
else
ap_lingering_close(backconn);
c->aborted = 1;
c->keepalive = AP_CONN_CLOSE;
return OK;
}
AP_DECLARE(void) ap_add_common_vars(request_rec *r)
{
apr_table_t *e;
server_rec *s = r->server;
conn_rec *c = r->connection;
core_dir_config *conf =
(core_dir_config *)ap_get_core_module_config(r->per_dir_config);
const char *env_temp;
const apr_array_header_t *hdrs_arr = apr_table_elts(r->headers_in);
const apr_table_entry_t *hdrs = (const apr_table_entry_t *) hdrs_arr->elts;
int i;
apr_port_t rport;
char *q;
/* use a temporary apr_table_t which we'll overlap onto
* r->subprocess_env later
* (exception: if r->subprocess_env is empty at the start,
* write directly into it)
*/
if (apr_is_empty_table(r->subprocess_env)) {
e = r->subprocess_env;
}
else {
e = apr_table_make(r->pool, 25 + hdrs_arr->nelts);
}
/* First, add environment vars from headers... this is as per
* CGI specs, though other sorts of scripting interfaces see
* the same vars...
*/
for (i = 0; i < hdrs_arr->nelts; ++i) {
if (!hdrs[i].key) {
continue;
}
/* A few headers are special cased --- Authorization to prevent
* rogue scripts from capturing passwords; content-type and -length
* for no particular reason.
*/
if (!strcasecmp(hdrs[i].key, "Content-type")) {
apr_table_addn(e, "CONTENT_TYPE", hdrs[i].val);
}
else if (!strcasecmp(hdrs[i].key, "Content-length")) {
apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
}
/*
* You really don't want to disable this check, since it leaves you
* wide open to CGIs stealing passwords and people viewing them
* in the environment with "ps -e". But, if you must...
*/
#ifndef SECURITY_HOLE_PASS_AUTHORIZATION
else if (!strcasecmp(hdrs[i].key, "Authorization")
|| !strcasecmp(hdrs[i].key, "Proxy-Authorization")) {
if (conf->cgi_pass_auth == AP_CGI_PASS_AUTH_ON) {
add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
}
}
#endif
else
add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
}
env_temp = apr_table_get(r->subprocess_env, "PATH");
if (env_temp == NULL) {
env_temp = getenv("PATH");
}
if (env_temp == NULL) {
env_temp = DEFAULT_PATH;
}
apr_table_addn(e, "PATH", apr_pstrdup(r->pool, env_temp));
#if defined(WIN32)
env2env(e, "SystemRoot");
env2env(e, "COMSPEC");
env2env(e, "PATHEXT");
env2env(e, "WINDIR");
#elif defined(OS2)
env2env(e, "COMSPEC");
env2env(e, "ETC");
env2env(e, "DPATH");
env2env(e, "PERLLIB_PREFIX");
#elif defined(BEOS)
env2env(e, "LIBRARY_PATH");
#elif defined(DARWIN)
env2env(e, "DYLD_LIBRARY_PATH");
#elif defined(_AIX)
env2env(e, "LIBPATH");
#elif defined(__HPUX__)
/* HPUX PARISC 2.0W knows both, otherwise redundancy is harmless */
env2env(e, "SHLIB_PATH");
env2env(e, "LD_LIBRARY_PATH");
#else /* Some Unix */
env2env(e, "LD_LIBRARY_PATH");
#endif
apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
apr_table_addn(e, "SERVER_SOFTWARE", ap_get_server_banner());
apr_table_addn(e, "SERVER_NAME",
ap_escape_html(r->pool, ap_get_server_name_for_url(r)));
apr_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */
apr_table_addn(e, "SERVER_PORT",
apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
add_unless_null(e, "REMOTE_HOST",
ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST, NULL));
apr_table_addn(e, "REMOTE_ADDR", r->useragent_ip);
apr_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r)); /* Apache */
apr_table_setn(e, "REQUEST_SCHEME", ap_http_scheme(r));
apr_table_addn(e, "CONTEXT_PREFIX", ap_context_prefix(r));
apr_table_addn(e, "CONTEXT_DOCUMENT_ROOT", ap_context_document_root(r));
apr_table_addn(e, "SERVER_ADMIN", s->server_admin); /* Apache */
if (apr_table_get(r->notes, "proxy-noquery") && (q = ap_strchr(r->filename, '?'))) {
*q = '\0';
apr_table_addn(e, "SCRIPT_FILENAME", apr_pstrdup(r->pool, r->filename));
*q = '?';
}
else {
apr_table_addn(e, "SCRIPT_FILENAME", r->filename); /* Apache */
}
rport = c->client_addr->port;
apr_table_addn(e, "REMOTE_PORT", apr_itoa(r->pool, rport));
if (r->user) {
apr_table_addn(e, "REMOTE_USER", r->user);
}
else if (r->prev) {
request_rec *back = r->prev;
while (back) {
if (back->user) {
apr_table_addn(e, "REDIRECT_REMOTE_USER", back->user);
break;
}
back = back->prev;
}
}
add_unless_null(e, "AUTH_TYPE", r->ap_auth_type);
env_temp = ap_get_remote_logname(r);
if (env_temp) {
apr_table_addn(e, "REMOTE_IDENT", apr_pstrdup(r->pool, env_temp));
}
/* Apache custom error responses. If we have redirected set two new vars */
if (r->prev) {
/* PR#57785: reconstruct full URL here */
apr_uri_t *uri = &r->prev->parsed_uri;
if (!uri->scheme) {
uri->scheme = (char*)ap_http_scheme(r->prev);
}
if (!uri->port) {
uri->port = ap_get_server_port(r->prev);
uri->port_str = apr_psprintf(r->pool, "%u", uri->port);
}
if (!uri->hostname) {
uri->hostname = (char*)ap_get_server_name_for_url(r->prev);
}
add_unless_null(e, "REDIRECT_QUERY_STRING", r->prev->args);
add_unless_null(e, "REDIRECT_URL",
apr_uri_unparse(r->pool, uri, 0));
}
if (e != r->subprocess_env) {
apr_table_overlap(r->subprocess_env, e, APR_OVERLAP_TABLES_SET);
}
}
void ap_lua_load_apache2_lmodule(lua_State *L)
{
lua_getglobal(L, "package");
lua_getfield(L, -1, "loaded");
lua_newtable(L);
lua_setfield(L, -2, "apache2");
lua_setglobal(L, "apache2");
lua_pop(L, 1); /* empty stack */
lua_getglobal(L, "apache2");
lua_pushstring(L, ap_get_server_banner());
lua_setfield(L, -2, "version");
makeintegerfield(L, OK);
makeintegerfield(L, DECLINED);
makeintegerfield(L, DONE);
makeintegerfield(L, HTTP_MOVED_TEMPORARILY);
makeintegerfield(L, PROXYREQ_NONE);
makeintegerfield(L, PROXYREQ_PROXY);
makeintegerfield(L, PROXYREQ_REVERSE);
makeintegerfield(L, PROXYREQ_RESPONSE);
makeintegerfield(L, PROXYREQ_RESPONSE);
makeintegerfield(L, AUTHZ_DENIED);
makeintegerfield(L, AUTHZ_GRANTED);
makeintegerfield(L, AUTHZ_NEUTRAL);
makeintegerfield(L, AUTHZ_GENERAL_ERROR);
makeintegerfield(L, AUTHZ_DENIED_NO_USER);
/*
makeintegerfield(L, HTTP_CONTINUE);
makeintegerfield(L, HTTP_SWITCHING_PROTOCOLS);
makeintegerfield(L, HTTP_PROCESSING);
makeintegerfield(L, HTTP_OK);
makeintegerfield(L, HTTP_CREATED);
makeintegerfield(L, HTTP_ACCEPTED);
makeintegerfield(L, HTTP_NON_AUTHORITATIVE);
makeintegerfield(L, HTTP_NO_CONTENT);
makeintegerfield(L, HTTP_RESET_CONTENT);
makeintegerfield(L, HTTP_PARTIAL_CONTENT);
makeintegerfield(L, HTTP_MULTI_STATUS);
makeintegerfield(L, HTTP_ALREADY_REPORTED);
makeintegerfield(L, HTTP_IM_USED);
makeintegerfield(L, HTTP_MULTIPLE_CHOICES);
makeintegerfield(L, HTTP_MOVED_PERMANENTLY);
makeintegerfield(L, HTTP_MOVED_TEMPORARILY);
makeintegerfield(L, HTTP_SEE_OTHER);
makeintegerfield(L, HTTP_NOT_MODIFIED);
makeintegerfield(L, HTTP_USE_PROXY);
makeintegerfield(L, HTTP_TEMPORARY_REDIRECT);
makeintegerfield(L, HTTP_PERMANENT_REDIRECT);
makeintegerfield(L, HTTP_BAD_REQUEST);
makeintegerfield(L, HTTP_UNAUTHORIZED);
makeintegerfield(L, HTTP_PAYMENT_REQUIRED);
makeintegerfield(L, HTTP_FORBIDDEN);
makeintegerfield(L, HTTP_NOT_FOUND);
makeintegerfield(L, HTTP_METHOD_NOT_ALLOWED);
makeintegerfield(L, HTTP_NOT_ACCEPTABLE);
makeintegerfield(L, HTTP_PROXY_AUTHENTICATION_REQUIRED);
makeintegerfield(L, HTTP_REQUEST_TIME_OUT);
makeintegerfield(L, HTTP_CONFLICT);
makeintegerfield(L, HTTP_GONE);
makeintegerfield(L, HTTP_LENGTH_REQUIRED);
makeintegerfield(L, HTTP_PRECONDITION_FAILED);
makeintegerfield(L, HTTP_REQUEST_ENTITY_TOO_LARGE);
makeintegerfield(L, HTTP_REQUEST_URI_TOO_LARGE);
makeintegerfield(L, HTTP_UNSUPPORTED_MEDIA_TYPE);
makeintegerfield(L, HTTP_RANGE_NOT_SATISFIABLE);
makeintegerfield(L, HTTP_EXPECTATION_FAILED);
makeintegerfield(L, HTTP_UNPROCESSABLE_ENTITY);
makeintegerfield(L, HTTP_LOCKED);
makeintegerfield(L, HTTP_FAILED_DEPENDENCY);
makeintegerfield(L, HTTP_UPGRADE_REQUIRED);
makeintegerfield(L, HTTP_PRECONDITION_REQUIRED);
makeintegerfield(L, HTTP_TOO_MANY_REQUESTS);
makeintegerfield(L, HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
makeintegerfield(L, HTTP_INTERNAL_SERVER_ERROR);
makeintegerfield(L, HTTP_NOT_IMPLEMENTED);
makeintegerfield(L, HTTP_BAD_GATEWAY);
makeintegerfield(L, HTTP_SERVICE_UNAVAILABLE);
makeintegerfield(L, HTTP_GATEWAY_TIME_OUT);
makeintegerfield(L, HTTP_VERSION_NOT_SUPPORTED);
makeintegerfield(L, HTTP_VARIANT_ALSO_VARIES);
makeintegerfield(L, HTTP_INSUFFICIENT_STORAGE);
makeintegerfield(L, HTTP_LOOP_DETECTED);
makeintegerfield(L, HTTP_NOT_EXTENDED);
makeintegerfield(L, HTTP_NETWORK_AUTHENTICATION_REQUIRED);
*/
}
/* This function must remain safe to use for a non-SSL connection. */
char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
{
SSLModConfigRec *mc = myModConfig(s);
const char *result;
BOOL resdup;
apr_time_exp_t tm;
result = NULL;
resdup = TRUE;
/*
* When no pool is given try to find one
*/
if (p == NULL) {
if (r != NULL)
p = r->pool;
else if (c != NULL)
p = c->pool;
else
p = mc->pPool;
}
/*
* Request dependent stuff
*/
if (r != NULL) {
switch (var[0]) {
case 'H':
case 'h':
if (strcEQ(var, "HTTP_USER_AGENT"))
result = apr_table_get(r->headers_in, "User-Agent");
else if (strcEQ(var, "HTTP_REFERER"))
result = apr_table_get(r->headers_in, "Referer");
else if (strcEQ(var, "HTTP_COOKIE"))
result = apr_table_get(r->headers_in, "Cookie");
else if (strcEQ(var, "HTTP_FORWARDED"))
result = apr_table_get(r->headers_in, "Forwarded");
else if (strcEQ(var, "HTTP_HOST"))
result = apr_table_get(r->headers_in, "Host");
else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
result = apr_table_get(r->headers_in, "Proxy-Connection");
else if (strcEQ(var, "HTTP_ACCEPT"))
result = apr_table_get(r->headers_in, "Accept");
else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
/* all other headers from which we are still not know about */
result = apr_table_get(r->headers_in, var+5);
break;
case 'R':
case 'r':
if (strcEQ(var, "REQUEST_METHOD"))
result = r->method;
else if (strcEQ(var, "REQUEST_SCHEME"))
result = ap_http_scheme(r);
else if (strcEQ(var, "REQUEST_URI"))
result = r->uri;
else if (strcEQ(var, "REQUEST_FILENAME"))
result = r->filename;
else if (strcEQ(var, "REMOTE_ADDR"))
result = r->useragent_ip;
else if (strcEQ(var, "REMOTE_HOST"))
result = ap_get_useragent_host(r, REMOTE_NAME, NULL);
else if (strcEQ(var, "REMOTE_IDENT"))
result = ap_get_remote_logname(r);
else if (strcEQ(var, "REMOTE_USER"))
result = r->user;
break;
case 'S':
case 's':
if (strcEQn(var, "SSL", 3)) break; /* shortcut common case */
if (strcEQ(var, "SERVER_ADMIN"))
result = r->server->server_admin;
else if (strcEQ(var, "SERVER_NAME"))
result = ap_get_server_name_for_url(r);
else if (strcEQ(var, "SERVER_PORT"))
result = apr_psprintf(p, "%u", ap_get_server_port(r));
else if (strcEQ(var, "SERVER_PROTOCOL"))
result = r->protocol;
else if (strcEQ(var, "SCRIPT_FILENAME"))
result = r->filename;
break;
default:
if (strcEQ(var, "PATH_INFO"))
result = r->path_info;
else if (strcEQ(var, "QUERY_STRING"))
result = r->args;
else if (strcEQ(var, "IS_SUBREQ"))
result = (r->main != NULL ? "true" : "false");
else if (strcEQ(var, "DOCUMENT_ROOT"))
result = ap_document_root(r);
else if (strcEQ(var, "AUTH_TYPE"))
result = r->ap_auth_type;
else if (strcEQ(var, "THE_REQUEST"))
result = r->the_request;
else if (strlen(var) > 4 && strcEQn(var, "ENV:", 4)) {
result = apr_table_get(r->notes, var+4);
if (result == NULL)
result = apr_table_get(r->subprocess_env, var+4);
}
break;
}
}
/*
* Connection stuff
*/
if (result == NULL && c != NULL) {
SSLConnRec *sslconn = ssl_get_effective_config(c);
if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
&& sslconn && sslconn->ssl)
result = ssl_var_lookup_ssl(p, sslconn, r, var+4);
else if (strcEQ(var, "HTTPS")) {
if (sslconn && sslconn->ssl)
result = "on";
else
result = "off";
}
}
/*
* Totally independent stuff
*/
if (result == NULL) {
if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12))
result = ssl_var_lookup_ssl_version(p, var+12);
else if (strcEQ(var, "SERVER_SOFTWARE"))
result = ap_get_server_banner();
else if (strcEQ(var, "API_VERSION")) {
result = apr_itoa(p, MODULE_MAGIC_NUMBER_MAJOR);
resdup = FALSE;
}
else if (strcEQ(var, "TIME_YEAR")) {
apr_time_exp_lt(&tm, apr_time_now());
result = apr_psprintf(p, "%02d%02d",
(tm.tm_year / 100) + 19, tm.tm_year % 100);
resdup = FALSE;
}
#define MKTIMESTR(format, tmfield) \
apr_time_exp_lt(&tm, apr_time_now()); \
result = apr_psprintf(p, format, tm.tmfield); \
resdup = FALSE;
else if (strcEQ(var, "TIME_MON")) {
MKTIMESTR("%02d", tm_mon+1)
}
else if (strcEQ(var, "TIME_DAY")) {
MKTIMESTR("%02d", tm_mday)
}
else if (strcEQ(var, "TIME_HOUR")) {
MKTIMESTR("%02d", tm_hour)
}
else if (strcEQ(var, "TIME_MIN")) {
MKTIMESTR("%02d", tm_min)
}
else if (strcEQ(var, "TIME_SEC")) {
MKTIMESTR("%02d", tm_sec)
}
else if (strcEQ(var, "TIME_WDAY")) {
MKTIMESTR("%d", tm_wday)
}
else if (strcEQ(var, "TIME")) {
apr_time_exp_lt(&tm, apr_time_now());
result = apr_psprintf(p,
"%02d%02d%02d%02d%02d%02d%02d", (tm.tm_year / 100) + 19,
(tm.tm_year % 100), tm.tm_mon+1, tm.tm_mday,
tm.tm_hour, tm.tm_min, tm.tm_sec);
resdup = FALSE;
}
/* all other env-variables from the parent Apache process */
else if (strlen(var) > 4 && strcEQn(var, "ENV:", 4)) {
result = getenv(var+4);
}
}
if (result != NULL && resdup)
result = apr_pstrdup(p, result);
if (result == NULL)
result = "";
return (char *)result;
}
/* This function connects to the server, then immediately closes the connection.
* This permits the MPM to skip the poll when there is only one listening
* socket, because it provides a alternate way to unblock an accept() when
* the pod is used.
*/
static apr_status_t dummy_connection(ap_pod_t *pod)
{
char *srequest;
apr_status_t rv;
apr_socket_t *sock;
apr_pool_t *p;
apr_size_t len;
/* create a temporary pool for the socket. pconf stays around too long */
rv = apr_pool_create(&p, pod->p);
if (rv != APR_SUCCESS) {
return rv;
}
rv = apr_socket_create(&sock, ap_listeners->bind_addr->family,
SOCK_STREAM, 0, p);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
"get socket to connect to listener");
apr_pool_destroy(p);
return rv;
}
/* on some platforms (e.g., FreeBSD), the kernel won't accept many
* queued connections before it starts blocking local connects...
* we need to keep from blocking too long and instead return an error,
* because the MPM won't want to hold up a graceful restart for a
* long time
*/
rv = apr_socket_timeout_set(sock, apr_time_from_sec(3));
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
"set timeout on socket to connect to listener");
apr_socket_close(sock);
apr_pool_destroy(p);
return rv;
}
rv = apr_socket_connect(sock, ap_listeners->bind_addr);
if (rv != APR_SUCCESS) {
int log_level = APLOG_WARNING;
if (APR_STATUS_IS_TIMEUP(rv)) {
/* probably some server processes bailed out already and there
* is nobody around to call accept and clear out the kernel
* connection queue; usually this is not worth logging
*/
log_level = APLOG_DEBUG;
}
ap_log_error(APLOG_MARK, log_level, rv, ap_server_conf,
"connect to listener on %pI", ap_listeners->bind_addr);
}
/* Create the request string. We include a User-Agent so that
* adminstrators can track down the cause of the odd-looking
* requests in their logs.
*/
srequest = apr_pstrcat(p, "GET / HTTP/1.0\r\nUser-Agent: ",
ap_get_server_banner(),
" (internal dummy connection)\r\n\r\n", NULL);
/* Since some operating systems support buffering of data or entire
* requests in the kernel, we send a simple request, to make sure
* the server pops out of a blocking accept().
*/
/* XXX: This is HTTP specific. We should look at the Protocol for each
* listener, and send the correct type of request to trigger any Accept
* Filters.
*/
len = strlen(srequest);
apr_socket_send(sock, srequest, &len);
apr_socket_close(sock);
apr_pool_destroy(p);
return rv;
}
