/** * Serialize in an AJP Message a CPING command * * +-----------------------+ * | CPING CMD (1 byte) | * +-----------------------+ * * @param smsg AJP message to put serialized message * @return APR_SUCCESS or error */ apr_status_t ajp_msg_serialize_cping(ajp_msg_t *msg) { apr_status_t rc; ajp_msg_reset(msg); if ((rc = ajp_msg_append_uint8(msg, CMD_AJP13_CPING)) != APR_SUCCESS) return rc; return APR_SUCCESS; }
/* * Allocate a msg to send data */ apr_status_t ajp_alloc_data_msg(apr_pool_t *pool, char **ptr, apr_size_t *len, ajp_msg_t **msg) { apr_status_t rc; if ((rc = ajp_msg_create(pool, *len, msg)) != APR_SUCCESS) return rc; ajp_msg_reset(*msg); *ptr = (char *)&((*msg)->buf[6]); *len = *len - 6; return APR_SUCCESS; }
/* TODO: health check */ ngx_int_t ajp_msg_serialize_cping(ajp_msg_t *msg) { ngx_int_t rc; ajp_msg_reset(msg); if ((rc = ajp_msg_append_uint8(msg, CMD_AJP13_CPING)) != NGX_OK) { return rc; } return NGX_OK; }
ngx_int_t ajp_alloc_data_msg(ngx_pool_t *pool, ajp_msg_t *msg) { ngx_int_t rc; if ((rc = ajp_msg_create_buffer(pool, AJP_HEADER_SZ + 1, msg)) != NGX_OK) { return rc; } ajp_msg_reset(msg); return NGX_OK; }
/** * Reuse an AJP Message * * @param msg AJP Message to reuse * @return APR_SUCCESS or error */ apr_status_t ajp_msg_reuse(ajp_msg_t *msg) { apr_byte_t *buf; apr_size_t max_size; buf = msg->buf; max_size = msg->max_size; memset(msg, 0, sizeof(ajp_msg_t)); msg->buf = buf; msg->max_size = max_size; msg->header_len = AJP_HEADER_LEN; ajp_msg_reset(msg); return APR_SUCCESS; }
/* * Read the ajp message and return the type of the message. */ apr_status_t ajp_read_header(apr_socket_t *sock, request_rec *r, apr_size_t buffsize, ajp_msg_t **msg) { apr_byte_t result; apr_status_t rc; if (*msg) { rc = ajp_msg_reuse(*msg); if (rc != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00990) "ajp_read_header: ajp_msg_reuse failed"); return rc; } } else { rc = ajp_msg_create(r->pool, buffsize, msg); if (rc != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00991) "ajp_read_header: ajp_msg_create failed"); return rc; } } ajp_msg_reset(*msg); rc = ajp_ilink_receive(sock, *msg); if (rc != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00992) "ajp_read_header: ajp_ilink_receive failed"); return rc; } ajp_msg_log(r, *msg, "ajp_read_header: ajp_ilink_receive packet dump"); rc = ajp_msg_peek_uint8(*msg, &result); if (rc != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00993) "ajp_read_header: ajp_msg_peek_uint8 failed"); return rc; } ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "ajp_read_header: ajp_ilink_received %s (0x%02x)", ajp_type_str(result), result); return APR_SUCCESS; }
static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, request_rec *r, apr_uri_t *uri) { int method; apr_uint32_t i, num_headers = 0; apr_byte_t is_ssl; char *remote_host; const char *session_route, *envvar; const apr_array_header_t *arr = apr_table_elts(r->subprocess_env); const apr_table_entry_t *elts = (const apr_table_entry_t *)arr->elts; ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, "Into ajp_marshal_into_msgb"); if ((method = sc_for_req_method_by_id(r)) == UNKNOWN_METHOD) { ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, APLOGNO(02437) "ajp_marshal_into_msgb - Sending unknown method %s as request attribute", r->method); method = SC_M_JK_STORED; } is_ssl = (apr_byte_t) ap_proxy_conn_is_https(r->connection); if (r->headers_in && apr_table_elts(r->headers_in)) { const apr_array_header_t *t = apr_table_elts(r->headers_in); num_headers = t->nelts; } remote_host = (char *)ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_HOST, NULL); ajp_msg_reset(msg); if (ajp_msg_append_uint8(msg, CMD_AJP13_FORWARD_REQUEST) || ajp_msg_append_uint8(msg, (apr_byte_t) method) || ajp_msg_append_string(msg, r->protocol) || ajp_msg_append_string(msg, uri->path) || ajp_msg_append_string(msg, r->useragent_ip) || ajp_msg_append_string(msg, remote_host) || ajp_msg_append_string(msg, ap_get_server_name(r)) || ajp_msg_append_uint16(msg, (apr_uint16_t)r->connection->local_addr->port) || ajp_msg_append_uint8(msg, is_ssl) || ajp_msg_append_uint16(msg, (apr_uint16_t) num_headers)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00968) "ajp_marshal_into_msgb: " "Error appending the message beginning"); return APR_EGENERAL; } for (i = 0 ; i < num_headers ; i++) { int sc; const apr_array_header_t *t = apr_table_elts(r->headers_in); const apr_table_entry_t *elts = (apr_table_entry_t *)t->elts; if ((sc = sc_for_req_header(elts[i].key)) != UNKNOWN_METHOD) { if (ajp_msg_append_uint16(msg, (apr_uint16_t)sc)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00969) "ajp_marshal_into_msgb: " "Error appending the header name"); return AJP_EOVERFLOW; } } else { if (ajp_msg_append_string(msg, elts[i].key)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00970) "ajp_marshal_into_msgb: " "Error appending the header name"); return AJP_EOVERFLOW; } } if (ajp_msg_append_string(msg, elts[i].val)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00971) "ajp_marshal_into_msgb: " "Error appending the header value"); return AJP_EOVERFLOW; } ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, "ajp_marshal_into_msgb: Header[%d] [%s] = [%s]", i, elts[i].key, elts[i].val); } /* XXXX need to figure out how to do this if (s->secret) { if (ajp_msg_append_uint8(msg, SC_A_SECRET) || ajp_msg_append_string(msg, s->secret)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Error ajp_marshal_into_msgb - " "Error appending secret"); return APR_EGENERAL; } } */ if (r->user) { if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) || ajp_msg_append_string(msg, r->user)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00972) "ajp_marshal_into_msgb: " "Error appending the remote user"); return AJP_EOVERFLOW; } } if (r->ap_auth_type) { if (ajp_msg_append_uint8(msg, SC_A_AUTH_TYPE) || ajp_msg_append_string(msg, r->ap_auth_type)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00973) "ajp_marshal_into_msgb: " "Error appending the auth type"); return AJP_EOVERFLOW; } } /* XXXX ebcdic (args converted?) */ if (uri->query) { if (ajp_msg_append_uint8(msg, SC_A_QUERY_STRING) || ajp_msg_append_string(msg, uri->query)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00974) "ajp_marshal_into_msgb: " "Error appending the query string"); return AJP_EOVERFLOW; } } if ((session_route = apr_table_get(r->notes, "session-route"))) { if (ajp_msg_append_uint8(msg, SC_A_JVM_ROUTE) || ajp_msg_append_string(msg, session_route)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00975) "ajp_marshal_into_msgb: " "Error appending the jvm route"); return AJP_EOVERFLOW; } } /* XXX: Is the subprocess_env a right place? * <Location /examples> * ProxyPass ajp://remote:8009/servlets-examples * SetEnv SSL_SESSION_ID CUSTOM_SSL_SESSION_ID * </Location> */ /* * Only lookup SSL variables if we are currently running HTTPS. * Furthermore ensure that only variables get set in the AJP message * that are not NULL and not empty. */ if (is_ssl) { if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r, AJP13_SSL_CLIENT_CERT_INDICATOR)) && envvar[0]) { if (ajp_msg_append_uint8(msg, SC_A_SSL_CERT) || ajp_msg_append_string(msg, envvar)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00976) "ajp_marshal_into_msgb: " "Error appending the SSL certificates"); return AJP_EOVERFLOW; } } if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r, AJP13_SSL_CIPHER_INDICATOR)) && envvar[0]) { if (ajp_msg_append_uint8(msg, SC_A_SSL_CIPHER) || ajp_msg_append_string(msg, envvar)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00977) "ajp_marshal_into_msgb: " "Error appending the SSL ciphers"); return AJP_EOVERFLOW; } } if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r, AJP13_SSL_SESSION_INDICATOR)) && envvar[0]) { if (ajp_msg_append_uint8(msg, SC_A_SSL_SESSION) || ajp_msg_append_string(msg, envvar)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00978) "ajp_marshal_into_msgb: " "Error appending the SSL session"); return AJP_EOVERFLOW; } } /* ssl_key_size is required by Servlet 2.3 API */ if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r, AJP13_SSL_KEY_SIZE_INDICATOR)) && envvar[0]) { if (ajp_msg_append_uint8(msg, SC_A_SSL_KEY_SIZE) || ajp_msg_append_uint16(msg, (unsigned short) atoi(envvar))) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00979) "ajp_marshal_into_msgb: " "Error appending the SSL key size"); return APR_EGENERAL; } } } /* If the method was unrecognized, encode it as an attribute */ if (method == SC_M_JK_STORED) { if (ajp_msg_append_uint8(msg, SC_A_STORED_METHOD) || ajp_msg_append_string(msg, r->method)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02438) "ajp_marshal_into_msgb: " "Error appending the method '%s' as request attribute", r->method); return AJP_EOVERFLOW; } } /* Forward the remote port information, which was forgotten * from the builtin data of the AJP 13 protocol. * Since the servlet spec allows to retrieve it via getRemotePort(), * we provide the port to the Tomcat connector as a request * attribute. Modern Tomcat versions know how to retrieve * the remote port from this attribute. */ { const char *key = SC_A_REQ_REMOTE_PORT; char *val = apr_itoa(r->pool, r->useragent_addr->port); if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) || ajp_msg_append_string(msg, key) || ajp_msg_append_string(msg, val)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00980) "ajp_marshal_into_msgb: " "Error appending attribute %s=%s", key, val); return AJP_EOVERFLOW; } } /* Forward the local ip address information, which was forgotten * from the builtin data of the AJP 13 protocol. * Since the servlet spec allows to retrieve it via getLocalAddr(), * we provide the address to the Tomcat connector as a request * attribute. Modern Tomcat versions know how to retrieve * the local address from this attribute. */ { const char *key = SC_A_REQ_LOCAL_ADDR; char *val = r->connection->local_ip; if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) || ajp_msg_append_string(msg, key) || ajp_msg_append_string(msg, val)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02646) "ajp_marshal_into_msgb: " "Error appending attribute %s=%s", key, val); return AJP_EOVERFLOW; } } /* Use the environment vars prefixed with AJP_ * and pass it to the header striping that prefix. */ for (i = 0; i < (apr_uint32_t)arr->nelts; i++) { if (!strncmp(elts[i].key, "AJP_", 4)) { if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) || ajp_msg_append_string(msg, elts[i].key + 4) || ajp_msg_append_string(msg, elts[i].val)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00981) "ajp_marshal_into_msgb: " "Error appending attribute %s=%s", elts[i].key, elts[i].val); return AJP_EOVERFLOW; } } } if (ajp_msg_append_uint8(msg, SC_A_ARE_DONE)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00982) "ajp_marshal_into_msgb: " "Error appending the message end"); return AJP_EOVERFLOW; } ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, "ajp_marshal_into_msgb: Done"); return APR_SUCCESS; }
/* * Message structure * * AJPV13_REQUEST/AJPV14_REQUEST= request_prefix (1) (byte) method (byte) protocol (string) req_uri (string) remote_addr (string) remote_host (string) server_name (string) server_port (short) is_ssl (boolean) num_headers (short) num_headers*(req_header_name header_value) ?context (byte)(string) ?servlet_path (byte)(string) ?remote_user (byte)(string) ?auth_type (byte)(string) ?query_string (byte)(string) ?jvm_route (byte)(string) ?ssl_cert (byte)(string) ?ssl_cipher (byte)(string) ?ssl_session (byte)(string) ?ssl_key_size (byte)(int) request_terminator (byte) ?body content_length*(var binary) */ ngx_int_t ajp_marshal_into_msgb(ajp_msg_t *msg, ngx_http_request_t *r, ngx_http_ajp_loc_conf_t *alcf) { int sc; int method; u_char is_ssl = 0; uint16_t port; ngx_uint_t i, num_headers = 0; ngx_str_t uri, *remote_host, *remote_addr; ngx_str_t temp_str, *jvm_route, port_str; ngx_log_t *log; ngx_list_part_t *part; ngx_table_elt_t *header; struct sockaddr_in *addr; log = r->connection->log; if ((method = sc_for_req_method_by_id(r)) == UNKNOWN_METHOD) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb - No such method %ui", r->method); return NGX_ERROR; } /* TODO: is_ssl = ?*/ part = &r->headers_in.headers.part; if (alcf->upstream.pass_request_headers) { num_headers = sc_for_req_get_headers_num(part); } remote_host = remote_addr = &r->connection->addr_text; addr = (struct sockaddr_in *) r->connection->local_sockaddr; /*'struct sockaddr_in' and 'struct sockaddr_in6' has the same offset of port*/ port = ntohs(addr->sin_port); if (sc_for_req_get_uri(r, &uri) != 0) { return NGX_ERROR; } ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0, "Into ajp_marshal_into_msgb, uri: \"%V\", version: \"%V\"", &uri, &r->http_protocol); ajp_msg_reset(msg); if (ajp_msg_append_uint8(msg, CMD_AJP13_FORWARD_REQUEST) || ajp_msg_append_uint8(msg, method) || ajp_msg_append_string(msg, &r->http_protocol) || ajp_msg_append_string(msg, &uri) || ajp_msg_append_string(msg, remote_addr) || ajp_msg_append_string(msg, remote_host) || ajp_msg_append_string(msg, &r->headers_in.server) || ajp_msg_append_uint16(msg, port) || ajp_msg_append_uint8(msg, is_ssl) || ajp_msg_append_uint16(msg, (uint16_t) num_headers)) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb: " "Error appending the message begining"); return AJP_EOVERFLOW; } header = part->elts; if (alcf->upstream.pass_request_headers) { for (i = 0; /* void */; i++) { if (i >= part->nelts) { if (part->next == NULL) { break; } part = part->next; header = part->elts; i = 0; } if ((sc = sc_for_req_header(&header[i])) != UNKNOWN_METHOD) { if (ajp_msg_append_uint16(msg, (uint16_t)sc)) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb: " "Error appending the header name"); return AJP_EOVERFLOW; } } else { if (ajp_msg_append_string(msg, &header[i].key)) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb: " "Error appending the header name"); return AJP_EOVERFLOW; } } if (sc == SC_REQ_CONNECTION) { if (alcf->keep_conn) { header[i].value.data = (u_char *)"keep-alive"; header[i].value.len = sizeof("keep-alive") - 1; } else { header[i].value.data = (u_char *)"close"; header[i].value.len = sizeof("close") - 1; } } if (ajp_msg_append_string(msg, &header[i].value)) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb: " "Error appending the header value"); return AJP_EOVERFLOW; } ngx_log_debug4(NGX_LOG_DEBUG_HTTP, log, 0, "ajp_marshal_into_msgb: Header[%d] [%V] = [%V], size:%z", i, &header[i].key, &header[i].value, ngx_buf_size(msg->buf)); } } if (r->headers_in.user.len != 0) { if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) || ajp_msg_append_string(msg, &r->headers_in.user)) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb: " "Error appending the remote user"); return AJP_EOVERFLOW; } } sc_for_req_auth_type(r, &temp_str); if (temp_str.len > 0) { if (ajp_msg_append_uint8(msg, SC_A_AUTH_TYPE) || ajp_msg_append_string(msg, &temp_str)) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb: " "Error appending the auth type"); return AJP_EOVERFLOW; } } if (r->args.len > 0) { ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0, "ajp_marshal_into_msgb: append_args=\"%V\"", &r->args); if (ajp_msg_append_uint8(msg, SC_A_QUERY_STRING) || ajp_msg_append_string(msg, &r->args)) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb: " "Error appending the query string"); return AJP_EOVERFLOW; } } jvm_route = sc_for_req_get_header_vaule_by_hash(&r->headers_in.headers.part, (u_char *)"session-route", sizeof("session-route") - 1); if (jvm_route != NULL) { if (ajp_msg_append_uint8(msg, SC_A_JVM_ROUTE) || ajp_msg_append_string(msg, jvm_route)) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb: " "Error appending the jvm route"); return AJP_EOVERFLOW; } } /*TODO SSL*/ /* Forward the remote port information, which was forgotten * from the builtin data of the AJP 13 protocol. * Since the servlet spec allows to retrieve it via getRemotePort(), * we provide the port to the Tomcat connector as a request * attribute. Modern Tomcat versions know how to retrieve * the remote port from this attribute. */ { u_char buf[6] = {0}; temp_str.data = (u_char *)SC_A_REQ_REMOTE_PORT; temp_str.len = sizeof(SC_A_REQ_REMOTE_PORT) - 1; addr = (struct sockaddr_in *) r->connection->sockaddr; /*'struct sockaddr_in' and 'struct sockaddr_in6' has the same offset of port*/ port = ntohs(addr->sin_port); /*port < 65536*/ ngx_snprintf(buf, 6, "%d", port); port_str.data = buf; port_str.len = ngx_strlen(buf); if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) || ajp_msg_append_string(msg, &temp_str) || ajp_msg_append_string(msg, &port_str)) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb: " "Error appending attribute %V=%V", &temp_str, &port_str); return AJP_EOVERFLOW; } ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0, "ajp_marshal_into_msgb: attribute %V %V", &temp_str, &port_str); } if (ajp_msg_append_uint8(msg, SC_A_ARE_DONE)) { ngx_log_error(NGX_LOG_ERR, log, 0, "ajp_marshal_into_msgb: " "Error appending the message end"); return AJP_EOVERFLOW; } ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0, "ajp_marshal_into_msgb: Done, buff_size:%z", ngx_buf_size(msg->buf)); return NGX_OK; }
/* * process the request and write the response. */ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, proxy_conn_rec *conn, conn_rec *origin, proxy_dir_conf *conf, apr_uri_t *uri, char *url, char *server_portstr) { apr_status_t status; int result; apr_bucket *e; apr_bucket_brigade *input_brigade; apr_bucket_brigade *output_brigade; ajp_msg_t *msg; apr_size_t bufsiz = 0; char *buff; char *send_body_chunk_buff; apr_uint16_t size; apr_byte_t conn_reuse = 0; const char *tenc; int havebody = 1; int output_failed = 0; int backend_failed = 0; apr_off_t bb_len; int data_sent = 0; int request_ended = 0; int headers_sent = 0; int rv = 0; apr_int32_t conn_poll_fd; apr_pollfd_t *conn_poll; proxy_server_conf *psf = ap_get_module_config(r->server->module_config, &proxy_module); apr_size_t maxsize = AJP_MSG_BUFFER_SZ; int send_body = 0; apr_off_t content_length = 0; int original_status = r->status; const char *original_status_line = r->status_line; if (psf->io_buffer_size_set) maxsize = psf->io_buffer_size; if (maxsize > AJP_MAX_BUFFER_SZ) maxsize = AJP_MAX_BUFFER_SZ; else if (maxsize < AJP_MSG_BUFFER_SZ) maxsize = AJP_MSG_BUFFER_SZ; maxsize = APR_ALIGN(maxsize, 1024); /* * Send the AJP request to the remote server */ /* send request headers */ status = ajp_send_header(conn->sock, r, maxsize, uri); if (status != APR_SUCCESS) { conn->close++; ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, "proxy: AJP: request failed to %pI (%s)", conn->worker->cp->addr, conn->worker->hostname); if (status == AJP_EOVERFLOW) return HTTP_BAD_REQUEST; else if (status == AJP_EBAD_METHOD) { return HTTP_NOT_IMPLEMENTED; } else { /* * This is only non fatal when the method is idempotent. In this * case we can dare to retry it with a different worker if we are * a balancer member. */ if (is_idempotent(r) == METHOD_IDEMPOTENT) { return HTTP_SERVICE_UNAVAILABLE; } return HTTP_INTERNAL_SERVER_ERROR; } } /* allocate an AJP message to store the data of the buckets */ bufsiz = maxsize; status = ajp_alloc_data_msg(r->pool, &buff, &bufsiz, &msg); if (status != APR_SUCCESS) { /* We had a failure: Close connection to backend */ conn->close++; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: ajp_alloc_data_msg failed"); return HTTP_INTERNAL_SERVER_ERROR; } /* read the first bloc of data */ input_brigade = apr_brigade_create(p, r->connection->bucket_alloc); tenc = apr_table_get(r->headers_in, "Transfer-Encoding"); if (tenc && (strcasecmp(tenc, "chunked") == 0)) { /* The AJP protocol does not want body data yet */ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: request is chunked"); } else { /* Get client provided Content-Length header */ content_length = get_content_length(r); status = ap_get_brigade(r->input_filters, input_brigade, AP_MODE_READBYTES, APR_BLOCK_READ, maxsize - AJP_HEADER_SZ); if (status != APR_SUCCESS) { /* We had a failure: Close connection to backend */ conn->close++; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: ap_get_brigade failed"); apr_brigade_destroy(input_brigade); return HTTP_BAD_REQUEST; } /* have something */ if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: APR_BUCKET_IS_EOS"); } /* Try to send something */ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: data to read (max %" APR_SIZE_T_FMT " at %" APR_SIZE_T_FMT ")", bufsiz, msg->pos); status = apr_brigade_flatten(input_brigade, buff, &bufsiz); if (status != APR_SUCCESS) { /* We had a failure: Close connection to backend */ conn->close++; apr_brigade_destroy(input_brigade); ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, "proxy: apr_brigade_flatten"); return HTTP_INTERNAL_SERVER_ERROR; } apr_brigade_cleanup(input_brigade); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: got %" APR_SIZE_T_FMT " bytes of data", bufsiz); if (bufsiz > 0) { status = ajp_send_data_msg(conn->sock, msg, bufsiz); if (status != APR_SUCCESS) { /* We had a failure: Close connection to backend */ conn->close++; apr_brigade_destroy(input_brigade); ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, "proxy: send failed to %pI (%s)", conn->worker->cp->addr, conn->worker->hostname); /* * It is fatal when we failed to send a (part) of the request * body. */ return HTTP_INTERNAL_SERVER_ERROR; } conn->worker->s->transferred += bufsiz; send_body = 1; } else if (content_length > 0) { ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, "proxy: read zero bytes, expecting" " %" APR_OFF_T_FMT " bytes", content_length); /* * We can only get here if the client closed the connection * to us without sending the body. * Now the connection is in the wrong state on the backend. * Sending an empty data msg doesn't help either as it does * not move this connection to the correct state on the backend * for later resusage by the next request again. * Close it to clean things up. */ conn->close++; return HTTP_BAD_REQUEST; } } /* read the response */ conn->data = NULL; status = ajp_read_header(conn->sock, r, maxsize, (ajp_msg_t **)&(conn->data)); if (status != APR_SUCCESS) { /* We had a failure: Close connection to backend */ conn->close++; apr_brigade_destroy(input_brigade); ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, "proxy: read response failed from %pI (%s)", conn->worker->cp->addr, conn->worker->hostname); /* If we had a successful cping/cpong and then a timeout * we assume it is a request that cause a back-end timeout, * but doesn't affect the whole worker. */ if (APR_STATUS_IS_TIMEUP(status) && conn->worker->ping_timeout_set) { return HTTP_GATEWAY_TIME_OUT; } /* * This is only non fatal when we have not sent (parts) of a possible * request body so far (we do not store it and thus cannot sent it * again) and the method is idempotent. In this case we can dare to * retry it with a different worker if we are a balancer member. */ if (!send_body && (is_idempotent(r) == METHOD_IDEMPOTENT)) { return HTTP_SERVICE_UNAVAILABLE; } return HTTP_INTERNAL_SERVER_ERROR; } /* parse the reponse */ result = ajp_parse_type(r, conn->data); output_brigade = apr_brigade_create(p, r->connection->bucket_alloc); /* * Prepare apr_pollfd_t struct for possible later check if there is currently * data available from the backend (do not flush response to client) * or not (flush response to client) */ conn_poll = apr_pcalloc(p, sizeof(apr_pollfd_t)); conn_poll->reqevents = APR_POLLIN; conn_poll->desc_type = APR_POLL_SOCKET; conn_poll->desc.s = conn->sock; bufsiz = maxsize; for (;;) { switch (result) { case CMD_AJP13_GET_BODY_CHUNK: if (havebody) { if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) { /* This is the end */ bufsiz = 0; havebody = 0; ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server, "proxy: APR_BUCKET_IS_EOS"); } else { status = ap_get_brigade(r->input_filters, input_brigade, AP_MODE_READBYTES, APR_BLOCK_READ, maxsize - AJP_HEADER_SZ); if (status != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server, "ap_get_brigade failed"); output_failed = 1; break; } bufsiz = maxsize; status = apr_brigade_flatten(input_brigade, buff, &bufsiz); apr_brigade_cleanup(input_brigade); if (status != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server, "apr_brigade_flatten failed"); output_failed = 1; break; } } ajp_msg_reset(msg); /* will go in ajp_send_data_msg */ status = ajp_send_data_msg(conn->sock, msg, bufsiz); if (status != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server, "ajp_send_data_msg failed"); backend_failed = 1; break; } conn->worker->s->transferred += bufsiz; } else { /* * something is wrong TC asks for more body but we are * already at the end of the body data */ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "ap_proxy_ajp_request error read after end"); backend_failed = 1; } break; case CMD_AJP13_SEND_HEADERS: if (headers_sent) { /* Do not send anything to the client. * Backend already send us the headers. */ backend_failed = 1; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: Backend sent headers twice."); break; } /* AJP13_SEND_HEADERS: process them */ status = ajp_parse_header(r, conf, conn->data); if (status != APR_SUCCESS) { backend_failed = 1; } else if ((r->status == 401) && psf->error_override) { const char *buf; const char *wa = "WWW-Authenticate"; if ((buf = apr_table_get(r->headers_out, wa))) { apr_table_set(r->err_headers_out, wa, buf); } else { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "ap_proxy_ajp_request: origin server " "sent 401 without WWW-Authenticate header"); } } headers_sent = 1; break; case CMD_AJP13_SEND_BODY_CHUNK: /* AJP13_SEND_BODY_CHUNK: piece of data */ status = ajp_parse_data(r, conn->data, &size, &send_body_chunk_buff); if (status == APR_SUCCESS) { /* If we are overriding the errors, we can't put the content * of the page into the brigade. */ if (!psf->error_override || !ap_is_HTTP_ERROR(r->status)) { /* AJP13_SEND_BODY_CHUNK with zero length * is explicit flush message */ if (size == 0) { if (headers_sent) { e = apr_bucket_flush_create(r->connection->bucket_alloc); APR_BRIGADE_INSERT_TAIL(output_brigade, e); } else { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "Ignoring flush message received before headers"); } } else { apr_status_t rv; /* Handle the case where the error document is itself reverse * proxied and was successful. We must maintain any previous * error status so that an underlying error (eg HTTP_NOT_FOUND) * doesn't become an HTTP_OK. */ if (psf->error_override && !ap_is_HTTP_ERROR(r->status) && ap_is_HTTP_ERROR(original_status)) { r->status = original_status; r->status_line = original_status_line; } e = apr_bucket_transient_create(send_body_chunk_buff, size, r->connection->bucket_alloc); APR_BRIGADE_INSERT_TAIL(output_brigade, e); if ((conn->worker->flush_packets == flush_on) || ((conn->worker->flush_packets == flush_auto) && ((rv = apr_poll(conn_poll, 1, &conn_poll_fd, conn->worker->flush_wait)) != APR_SUCCESS) && APR_STATUS_IS_TIMEUP(rv))) { e = apr_bucket_flush_create(r->connection->bucket_alloc); APR_BRIGADE_INSERT_TAIL(output_brigade, e); } apr_brigade_length(output_brigade, 0, &bb_len); if (bb_len != -1) conn->worker->s->read += bb_len; } if (headers_sent) { if (ap_pass_brigade(r->output_filters, output_brigade) != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "proxy: error processing body.%s", r->connection->aborted ? " Client aborted connection." : ""); output_failed = 1; } data_sent = 1; apr_brigade_cleanup(output_brigade); } } } else { backend_failed = 1; } break; case CMD_AJP13_END_RESPONSE: status = ajp_parse_reuse(r, conn->data, &conn_reuse); if (status != APR_SUCCESS) { backend_failed = 1; } /* If we are overriding the errors, we must not send anything to * the client, especially as the brigade already contains headers. * So do nothing here, and it will be cleaned up below. */ if (!psf->error_override || !ap_is_HTTP_ERROR(r->status)) { e = apr_bucket_eos_create(r->connection->bucket_alloc); APR_BRIGADE_INSERT_TAIL(output_brigade, e); if (ap_pass_brigade(r->output_filters, output_brigade) != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "proxy: error processing end"); output_failed = 1; } /* XXX: what about flush here? See mod_jk */ data_sent = 1; } request_ended = 1; break; default: backend_failed = 1; break; } /* * If connection has been aborted by client: Stop working. * Nevertheless, we regard our operation so far as a success: * So reset output_failed to 0 and set result to CMD_AJP13_END_RESPONSE * But: Close this connection to the backend. */ if (r->connection->aborted) { conn->close++; output_failed = 0; result = CMD_AJP13_END_RESPONSE; request_ended = 1; } /* * We either have finished successfully or we failed. * So bail out */ if ((result == CMD_AJP13_END_RESPONSE) || backend_failed || output_failed) break; /* read the response */ status = ajp_read_header(conn->sock, r, maxsize, (ajp_msg_t **)&(conn->data)); if (status != APR_SUCCESS) { backend_failed = 1; ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server, "ajp_read_header failed"); break; } result = ajp_parse_type(r, conn->data); } apr_brigade_destroy(input_brigade); /* * Clear output_brigade to remove possible buckets that remained there * after an error. */ apr_brigade_cleanup(output_brigade); if (backend_failed || output_failed) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: Processing of request failed backend: %i, " "output: %i", backend_failed, output_failed); /* We had a failure: Close connection to backend */ conn->close++; /* Return DONE to avoid error messages being added to the stream */ if (data_sent) { rv = DONE; } } else if (!request_ended) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: Processing of request didn't terminate cleanly"); /* We had a failure: Close connection to backend */ conn->close++; backend_failed = 1; /* Return DONE to avoid error messages being added to the stream */ if (data_sent) { rv = DONE; } } else if (!conn_reuse) { /* Our backend signalled connection close */ conn->close++; } else { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: got response from %pI (%s)", conn->worker->cp->addr, conn->worker->hostname); if (psf->error_override && ap_is_HTTP_ERROR(r->status)) { /* clear r->status for override error, otherwise ErrorDocument * thinks that this is a recursive error, and doesn't find the * custom error page */ rv = r->status; r->status = HTTP_OK; } else { rv = OK; } } if (backend_failed) { ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, "proxy: dialog to %pI (%s) failed", conn->worker->cp->addr, conn->worker->hostname); /* * If we already send data, signal a broken backend connection * upwards in the chain. */ if (data_sent) { ap_proxy_backend_broke(r, output_brigade); } else if (!send_body && (is_idempotent(r) == METHOD_IDEMPOTENT)) { /* * This is only non fatal when we have not sent (parts) of a possible * request body so far (we do not store it and thus cannot sent it * again) and the method is idempotent. In this case we can dare to * retry it with a different worker if we are a balancer member. */ rv = HTTP_SERVICE_UNAVAILABLE; } else { rv = HTTP_INTERNAL_SERVER_ERROR; } } /* * Ensure that we sent an EOS bucket thru the filter chain, if we already * have sent some data. Maybe ap_proxy_backend_broke was called and added * one to the brigade already (no longer making it empty). So we should * not do this in this case. */ if (data_sent && !r->eos_sent && APR_BRIGADE_EMPTY(output_brigade)) { e = apr_bucket_eos_create(r->connection->bucket_alloc); APR_BRIGADE_INSERT_TAIL(output_brigade, e); } /* If we have added something to the brigade above, sent it */ if (!APR_BRIGADE_EMPTY(output_brigade)) ap_pass_brigade(r->output_filters, output_brigade); apr_brigade_destroy(output_brigade); return rv; }