/**
* Serialize in an AJP Message a CPING command
*
* +-----------------------+
* | CPING CMD (1 byte) |
* +-----------------------+
*
* @param smsg AJP message to put serialized message
* @return APR_SUCCESS or error
*/
apr_status_t ajp_msg_serialize_cping(ajp_msg_t *msg)
{
apr_status_t rc;
ajp_msg_reset(msg);
if ((rc = ajp_msg_append_uint8(msg, CMD_AJP13_CPING)) != APR_SUCCESS)
return rc;
return APR_SUCCESS;
}
/*
* Allocate a msg to send data
*/
apr_status_t ajp_alloc_data_msg(apr_pool_t *pool, char **ptr, apr_size_t *len,
ajp_msg_t **msg)
{
apr_status_t rc;
if ((rc = ajp_msg_create(pool, *len, msg)) != APR_SUCCESS)
return rc;
ajp_msg_reset(*msg);
*ptr = (char *)&((*msg)->buf[6]);
*len = *len - 6;
return APR_SUCCESS;
}
/* TODO: health check */
ngx_int_t
ajp_msg_serialize_cping(ajp_msg_t *msg)
{
ngx_int_t rc;
ajp_msg_reset(msg);
if ((rc = ajp_msg_append_uint8(msg, CMD_AJP13_CPING)) != NGX_OK) {
return rc;
}
return NGX_OK;
}
ngx_int_t
ajp_alloc_data_msg(ngx_pool_t *pool, ajp_msg_t *msg)
{
ngx_int_t rc;
if ((rc = ajp_msg_create_buffer(pool, AJP_HEADER_SZ + 1, msg)) != NGX_OK) {
return rc;
}
ajp_msg_reset(msg);
return NGX_OK;
}
/**
* Reuse an AJP Message
*
* @param msg AJP Message to reuse
* @return APR_SUCCESS or error
*/
apr_status_t ajp_msg_reuse(ajp_msg_t *msg)
{
apr_byte_t *buf;
apr_size_t max_size;
buf = msg->buf;
max_size = msg->max_size;
memset(msg, 0, sizeof(ajp_msg_t));
msg->buf = buf;
msg->max_size = max_size;
msg->header_len = AJP_HEADER_LEN;
ajp_msg_reset(msg);
return APR_SUCCESS;
}
/*
* Read the ajp message and return the type of the message.
*/
apr_status_t ajp_read_header(apr_socket_t *sock,
request_rec *r,
apr_size_t buffsize,
ajp_msg_t **msg)
{
apr_byte_t result;
apr_status_t rc;
if (*msg) {
rc = ajp_msg_reuse(*msg);
if (rc != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00990)
"ajp_read_header: ajp_msg_reuse failed");
return rc;
}
}
else {
rc = ajp_msg_create(r->pool, buffsize, msg);
if (rc != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00991)
"ajp_read_header: ajp_msg_create failed");
return rc;
}
}
ajp_msg_reset(*msg);
rc = ajp_ilink_receive(sock, *msg);
if (rc != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00992)
"ajp_read_header: ajp_ilink_receive failed");
return rc;
}
ajp_msg_log(r, *msg, "ajp_read_header: ajp_ilink_receive packet dump");
rc = ajp_msg_peek_uint8(*msg, &result);
if (rc != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00993)
"ajp_read_header: ajp_msg_peek_uint8 failed");
return rc;
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
"ajp_read_header: ajp_ilink_received %s (0x%02x)",
ajp_type_str(result), result);
return APR_SUCCESS;
}
static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
request_rec *r,
apr_uri_t *uri)
{
int method;
apr_uint32_t i, num_headers = 0;
apr_byte_t is_ssl;
char *remote_host;
const char *session_route, *envvar;
const apr_array_header_t *arr = apr_table_elts(r->subprocess_env);
const apr_table_entry_t *elts = (const apr_table_entry_t *)arr->elts;
ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, "Into ajp_marshal_into_msgb");
if ((method = sc_for_req_method_by_id(r)) == UNKNOWN_METHOD) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, APLOGNO(02437)
"ajp_marshal_into_msgb - Sending unknown method %s as request attribute",
r->method);
method = SC_M_JK_STORED;
}
is_ssl = (apr_byte_t) ap_proxy_conn_is_https(r->connection);
if (r->headers_in && apr_table_elts(r->headers_in)) {
const apr_array_header_t *t = apr_table_elts(r->headers_in);
num_headers = t->nelts;
}
remote_host = (char *)ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_HOST, NULL);
ajp_msg_reset(msg);
if (ajp_msg_append_uint8(msg, CMD_AJP13_FORWARD_REQUEST) ||
ajp_msg_append_uint8(msg, (apr_byte_t) method) ||
ajp_msg_append_string(msg, r->protocol) ||
ajp_msg_append_string(msg, uri->path) ||
ajp_msg_append_string(msg, r->useragent_ip) ||
ajp_msg_append_string(msg, remote_host) ||
ajp_msg_append_string(msg, ap_get_server_name(r)) ||
ajp_msg_append_uint16(msg, (apr_uint16_t)r->connection->local_addr->port) ||
ajp_msg_append_uint8(msg, is_ssl) ||
ajp_msg_append_uint16(msg, (apr_uint16_t) num_headers)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00968)
"ajp_marshal_into_msgb: "
"Error appending the message beginning");
return APR_EGENERAL;
}
for (i = 0 ; i < num_headers ; i++) {
int sc;
const apr_array_header_t *t = apr_table_elts(r->headers_in);
const apr_table_entry_t *elts = (apr_table_entry_t *)t->elts;
if ((sc = sc_for_req_header(elts[i].key)) != UNKNOWN_METHOD) {
if (ajp_msg_append_uint16(msg, (apr_uint16_t)sc)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00969)
"ajp_marshal_into_msgb: "
"Error appending the header name");
return AJP_EOVERFLOW;
}
}
else {
if (ajp_msg_append_string(msg, elts[i].key)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00970)
"ajp_marshal_into_msgb: "
"Error appending the header name");
return AJP_EOVERFLOW;
}
}
if (ajp_msg_append_string(msg, elts[i].val)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00971)
"ajp_marshal_into_msgb: "
"Error appending the header value");
return AJP_EOVERFLOW;
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r,
"ajp_marshal_into_msgb: Header[%d] [%s] = [%s]",
i, elts[i].key, elts[i].val);
}
/* XXXX need to figure out how to do this
if (s->secret) {
if (ajp_msg_append_uint8(msg, SC_A_SECRET) ||
ajp_msg_append_string(msg, s->secret)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Error ajp_marshal_into_msgb - "
"Error appending secret");
return APR_EGENERAL;
}
}
*/
if (r->user) {
if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
ajp_msg_append_string(msg, r->user)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00972)
"ajp_marshal_into_msgb: "
"Error appending the remote user");
return AJP_EOVERFLOW;
}
}
if (r->ap_auth_type) {
if (ajp_msg_append_uint8(msg, SC_A_AUTH_TYPE) ||
ajp_msg_append_string(msg, r->ap_auth_type)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00973)
"ajp_marshal_into_msgb: "
"Error appending the auth type");
return AJP_EOVERFLOW;
}
}
/* XXXX ebcdic (args converted?) */
if (uri->query) {
if (ajp_msg_append_uint8(msg, SC_A_QUERY_STRING) ||
ajp_msg_append_string(msg, uri->query)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00974)
"ajp_marshal_into_msgb: "
"Error appending the query string");
return AJP_EOVERFLOW;
}
}
if ((session_route = apr_table_get(r->notes, "session-route"))) {
if (ajp_msg_append_uint8(msg, SC_A_JVM_ROUTE) ||
ajp_msg_append_string(msg, session_route)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00975)
"ajp_marshal_into_msgb: "
"Error appending the jvm route");
return AJP_EOVERFLOW;
}
}
/* XXX: Is the subprocess_env a right place?
* <Location /examples>
* ProxyPass ajp://remote:8009/servlets-examples
* SetEnv SSL_SESSION_ID CUSTOM_SSL_SESSION_ID
* </Location>
*/
/*
* Only lookup SSL variables if we are currently running HTTPS.
* Furthermore ensure that only variables get set in the AJP message
* that are not NULL and not empty.
*/
if (is_ssl) {
if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
AJP13_SSL_CLIENT_CERT_INDICATOR))
&& envvar[0]) {
if (ajp_msg_append_uint8(msg, SC_A_SSL_CERT)
|| ajp_msg_append_string(msg, envvar)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00976)
"ajp_marshal_into_msgb: "
"Error appending the SSL certificates");
return AJP_EOVERFLOW;
}
}
if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
AJP13_SSL_CIPHER_INDICATOR))
&& envvar[0]) {
if (ajp_msg_append_uint8(msg, SC_A_SSL_CIPHER)
|| ajp_msg_append_string(msg, envvar)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00977)
"ajp_marshal_into_msgb: "
"Error appending the SSL ciphers");
return AJP_EOVERFLOW;
}
}
if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
AJP13_SSL_SESSION_INDICATOR))
&& envvar[0]) {
if (ajp_msg_append_uint8(msg, SC_A_SSL_SESSION)
|| ajp_msg_append_string(msg, envvar)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00978)
"ajp_marshal_into_msgb: "
"Error appending the SSL session");
return AJP_EOVERFLOW;
}
}
/* ssl_key_size is required by Servlet 2.3 API */
if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
AJP13_SSL_KEY_SIZE_INDICATOR))
&& envvar[0]) {
if (ajp_msg_append_uint8(msg, SC_A_SSL_KEY_SIZE)
|| ajp_msg_append_uint16(msg, (unsigned short) atoi(envvar))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00979)
"ajp_marshal_into_msgb: "
"Error appending the SSL key size");
return APR_EGENERAL;
}
}
}
/* If the method was unrecognized, encode it as an attribute */
if (method == SC_M_JK_STORED) {
if (ajp_msg_append_uint8(msg, SC_A_STORED_METHOD)
|| ajp_msg_append_string(msg, r->method)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02438)
"ajp_marshal_into_msgb: "
"Error appending the method '%s' as request attribute",
r->method);
return AJP_EOVERFLOW;
}
}
/* Forward the remote port information, which was forgotten
* from the builtin data of the AJP 13 protocol.
* Since the servlet spec allows to retrieve it via getRemotePort(),
* we provide the port to the Tomcat connector as a request
* attribute. Modern Tomcat versions know how to retrieve
* the remote port from this attribute.
*/
{
const char *key = SC_A_REQ_REMOTE_PORT;
char *val = apr_itoa(r->pool, r->useragent_addr->port);
if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
ajp_msg_append_string(msg, key) ||
ajp_msg_append_string(msg, val)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00980)
"ajp_marshal_into_msgb: "
"Error appending attribute %s=%s",
key, val);
return AJP_EOVERFLOW;
}
}
/* Forward the local ip address information, which was forgotten
* from the builtin data of the AJP 13 protocol.
* Since the servlet spec allows to retrieve it via getLocalAddr(),
* we provide the address to the Tomcat connector as a request
* attribute. Modern Tomcat versions know how to retrieve
* the local address from this attribute.
*/
{
const char *key = SC_A_REQ_LOCAL_ADDR;
char *val = r->connection->local_ip;
if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
ajp_msg_append_string(msg, key) ||
ajp_msg_append_string(msg, val)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02646)
"ajp_marshal_into_msgb: "
"Error appending attribute %s=%s",
key, val);
return AJP_EOVERFLOW;
}
}
/* Use the environment vars prefixed with AJP_
* and pass it to the header striping that prefix.
*/
for (i = 0; i < (apr_uint32_t)arr->nelts; i++) {
if (!strncmp(elts[i].key, "AJP_", 4)) {
if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
ajp_msg_append_string(msg, elts[i].key + 4) ||
ajp_msg_append_string(msg, elts[i].val)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00981)
"ajp_marshal_into_msgb: "
"Error appending attribute %s=%s",
elts[i].key, elts[i].val);
return AJP_EOVERFLOW;
}
}
}
if (ajp_msg_append_uint8(msg, SC_A_ARE_DONE)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00982)
"ajp_marshal_into_msgb: "
"Error appending the message end");
return AJP_EOVERFLOW;
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r,
"ajp_marshal_into_msgb: Done");
return APR_SUCCESS;
}
/*
* Message structure
*
*
AJPV13_REQUEST/AJPV14_REQUEST=
request_prefix (1) (byte)
method (byte)
protocol (string)
req_uri (string)
remote_addr (string)
remote_host (string)
server_name (string)
server_port (short)
is_ssl (boolean)
num_headers (short)
num_headers*(req_header_name header_value)
?context (byte)(string)
?servlet_path (byte)(string)
?remote_user (byte)(string)
?auth_type (byte)(string)
?query_string (byte)(string)
?jvm_route (byte)(string)
?ssl_cert (byte)(string)
?ssl_cipher (byte)(string)
?ssl_session (byte)(string)
?ssl_key_size (byte)(int)
request_terminator (byte)
?body content_length*(var binary)
*/
ngx_int_t
ajp_marshal_into_msgb(ajp_msg_t *msg,
ngx_http_request_t *r, ngx_http_ajp_loc_conf_t *alcf)
{
int sc;
int method;
u_char is_ssl = 0;
uint16_t port;
ngx_uint_t i, num_headers = 0;
ngx_str_t uri, *remote_host, *remote_addr;
ngx_str_t temp_str, *jvm_route, port_str;
ngx_log_t *log;
ngx_list_part_t *part;
ngx_table_elt_t *header;
struct sockaddr_in *addr;
log = r->connection->log;
if ((method = sc_for_req_method_by_id(r)) == UNKNOWN_METHOD) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb - No such method %ui", r->method);
return NGX_ERROR;
}
/* TODO: is_ssl = ?*/
part = &r->headers_in.headers.part;
if (alcf->upstream.pass_request_headers) {
num_headers = sc_for_req_get_headers_num(part);
}
remote_host = remote_addr = &r->connection->addr_text;
addr = (struct sockaddr_in *) r->connection->local_sockaddr;
/*'struct sockaddr_in' and 'struct sockaddr_in6' has the same offset of port*/
port = ntohs(addr->sin_port);
if (sc_for_req_get_uri(r, &uri) != 0) {
return NGX_ERROR;
}
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0,
"Into ajp_marshal_into_msgb, uri: \"%V\", version: \"%V\"",
&uri, &r->http_protocol);
ajp_msg_reset(msg);
if (ajp_msg_append_uint8(msg, CMD_AJP13_FORWARD_REQUEST) ||
ajp_msg_append_uint8(msg, method) ||
ajp_msg_append_string(msg, &r->http_protocol) ||
ajp_msg_append_string(msg, &uri) ||
ajp_msg_append_string(msg, remote_addr) ||
ajp_msg_append_string(msg, remote_host) ||
ajp_msg_append_string(msg, &r->headers_in.server) ||
ajp_msg_append_uint16(msg, port) ||
ajp_msg_append_uint8(msg, is_ssl) ||
ajp_msg_append_uint16(msg, (uint16_t) num_headers)) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb: "
"Error appending the message begining");
return AJP_EOVERFLOW;
}
header = part->elts;
if (alcf->upstream.pass_request_headers) {
for (i = 0; /* void */; i++) {
if (i >= part->nelts) {
if (part->next == NULL) {
break;
}
part = part->next;
header = part->elts;
i = 0;
}
if ((sc = sc_for_req_header(&header[i])) != UNKNOWN_METHOD) {
if (ajp_msg_append_uint16(msg, (uint16_t)sc)) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb: "
"Error appending the header name");
return AJP_EOVERFLOW;
}
}
else {
if (ajp_msg_append_string(msg, &header[i].key)) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb: "
"Error appending the header name");
return AJP_EOVERFLOW;
}
}
if (sc == SC_REQ_CONNECTION) {
if (alcf->keep_conn) {
header[i].value.data = (u_char *)"keep-alive";
header[i].value.len = sizeof("keep-alive") - 1;
}
else {
header[i].value.data = (u_char *)"close";
header[i].value.len = sizeof("close") - 1;
}
}
if (ajp_msg_append_string(msg, &header[i].value)) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb: "
"Error appending the header value");
return AJP_EOVERFLOW;
}
ngx_log_debug4(NGX_LOG_DEBUG_HTTP, log, 0,
"ajp_marshal_into_msgb: Header[%d] [%V] = [%V], size:%z",
i, &header[i].key, &header[i].value, ngx_buf_size(msg->buf));
}
}
if (r->headers_in.user.len != 0) {
if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
ajp_msg_append_string(msg, &r->headers_in.user)) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb: "
"Error appending the remote user");
return AJP_EOVERFLOW;
}
}
sc_for_req_auth_type(r, &temp_str);
if (temp_str.len > 0) {
if (ajp_msg_append_uint8(msg, SC_A_AUTH_TYPE) ||
ajp_msg_append_string(msg, &temp_str))
{
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb: "
"Error appending the auth type");
return AJP_EOVERFLOW;
}
}
if (r->args.len > 0) {
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0,
"ajp_marshal_into_msgb: append_args=\"%V\"", &r->args);
if (ajp_msg_append_uint8(msg, SC_A_QUERY_STRING) ||
ajp_msg_append_string(msg, &r->args)) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb: "
"Error appending the query string");
return AJP_EOVERFLOW;
}
}
jvm_route = sc_for_req_get_header_vaule_by_hash(&r->headers_in.headers.part,
(u_char *)"session-route", sizeof("session-route") - 1);
if (jvm_route != NULL) {
if (ajp_msg_append_uint8(msg, SC_A_JVM_ROUTE) ||
ajp_msg_append_string(msg, jvm_route)) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb: "
"Error appending the jvm route");
return AJP_EOVERFLOW;
}
}
/*TODO SSL*/
/* Forward the remote port information, which was forgotten
* from the builtin data of the AJP 13 protocol.
* Since the servlet spec allows to retrieve it via getRemotePort(),
* we provide the port to the Tomcat connector as a request
* attribute. Modern Tomcat versions know how to retrieve
* the remote port from this attribute.
*/
{
u_char buf[6] = {0};
temp_str.data = (u_char *)SC_A_REQ_REMOTE_PORT;
temp_str.len = sizeof(SC_A_REQ_REMOTE_PORT) - 1;
addr = (struct sockaddr_in *) r->connection->sockaddr;
/*'struct sockaddr_in' and 'struct sockaddr_in6' has the same offset of port*/
port = ntohs(addr->sin_port);
/*port < 65536*/
ngx_snprintf(buf, 6, "%d", port);
port_str.data = buf;
port_str.len = ngx_strlen(buf);
if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
ajp_msg_append_string(msg, &temp_str) ||
ajp_msg_append_string(msg, &port_str)) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb: "
"Error appending attribute %V=%V",
&temp_str, &port_str);
return AJP_EOVERFLOW;
}
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0,
"ajp_marshal_into_msgb: attribute %V %V", &temp_str, &port_str);
}
if (ajp_msg_append_uint8(msg, SC_A_ARE_DONE)) {
ngx_log_error(NGX_LOG_ERR, log, 0,
"ajp_marshal_into_msgb: "
"Error appending the message end");
return AJP_EOVERFLOW;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0,
"ajp_marshal_into_msgb: Done, buff_size:%z", ngx_buf_size(msg->buf));
return NGX_OK;
}
/*
* process the request and write the response.
*/
static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
proxy_conn_rec *conn,
conn_rec *origin,
proxy_dir_conf *conf,
apr_uri_t *uri,
char *url, char *server_portstr)
{
apr_status_t status;
int result;
apr_bucket *e;
apr_bucket_brigade *input_brigade;
apr_bucket_brigade *output_brigade;
ajp_msg_t *msg;
apr_size_t bufsiz = 0;
char *buff;
char *send_body_chunk_buff;
apr_uint16_t size;
apr_byte_t conn_reuse = 0;
const char *tenc;
int havebody = 1;
int output_failed = 0;
int backend_failed = 0;
apr_off_t bb_len;
int data_sent = 0;
int request_ended = 0;
int headers_sent = 0;
int rv = 0;
apr_int32_t conn_poll_fd;
apr_pollfd_t *conn_poll;
proxy_server_conf *psf =
ap_get_module_config(r->server->module_config, &proxy_module);
apr_size_t maxsize = AJP_MSG_BUFFER_SZ;
int send_body = 0;
apr_off_t content_length = 0;
int original_status = r->status;
const char *original_status_line = r->status_line;
if (psf->io_buffer_size_set)
maxsize = psf->io_buffer_size;
if (maxsize > AJP_MAX_BUFFER_SZ)
maxsize = AJP_MAX_BUFFER_SZ;
else if (maxsize < AJP_MSG_BUFFER_SZ)
maxsize = AJP_MSG_BUFFER_SZ;
maxsize = APR_ALIGN(maxsize, 1024);
/*
* Send the AJP request to the remote server
*/
/* send request headers */
status = ajp_send_header(conn->sock, r, maxsize, uri);
if (status != APR_SUCCESS) {
conn->close++;
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: AJP: request failed to %pI (%s)",
conn->worker->cp->addr,
conn->worker->hostname);
if (status == AJP_EOVERFLOW)
return HTTP_BAD_REQUEST;
else if (status == AJP_EBAD_METHOD) {
return HTTP_NOT_IMPLEMENTED;
} else {
/*
* This is only non fatal when the method is idempotent. In this
* case we can dare to retry it with a different worker if we are
* a balancer member.
*/
if (is_idempotent(r) == METHOD_IDEMPOTENT) {
return HTTP_SERVICE_UNAVAILABLE;
}
return HTTP_INTERNAL_SERVER_ERROR;
}
}
/* allocate an AJP message to store the data of the buckets */
bufsiz = maxsize;
status = ajp_alloc_data_msg(r->pool, &buff, &bufsiz, &msg);
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
conn->close++;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: ajp_alloc_data_msg failed");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* read the first bloc of data */
input_brigade = apr_brigade_create(p, r->connection->bucket_alloc);
tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
if (tenc && (strcasecmp(tenc, "chunked") == 0)) {
/* The AJP protocol does not want body data yet */
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: request is chunked");
} else {
/* Get client provided Content-Length header */
content_length = get_content_length(r);
status = ap_get_brigade(r->input_filters, input_brigade,
AP_MODE_READBYTES, APR_BLOCK_READ,
maxsize - AJP_HEADER_SZ);
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
conn->close++;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: ap_get_brigade failed");
apr_brigade_destroy(input_brigade);
return HTTP_BAD_REQUEST;
}
/* have something */
if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: APR_BUCKET_IS_EOS");
}
/* Try to send something */
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: data to read (max %" APR_SIZE_T_FMT
" at %" APR_SIZE_T_FMT ")", bufsiz, msg->pos);
status = apr_brigade_flatten(input_brigade, buff, &bufsiz);
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
conn->close++;
apr_brigade_destroy(input_brigade);
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: apr_brigade_flatten");
return HTTP_INTERNAL_SERVER_ERROR;
}
apr_brigade_cleanup(input_brigade);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: got %" APR_SIZE_T_FMT " bytes of data", bufsiz);
if (bufsiz > 0) {
status = ajp_send_data_msg(conn->sock, msg, bufsiz);
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
conn->close++;
apr_brigade_destroy(input_brigade);
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: send failed to %pI (%s)",
conn->worker->cp->addr,
conn->worker->hostname);
/*
* It is fatal when we failed to send a (part) of the request
* body.
*/
return HTTP_INTERNAL_SERVER_ERROR;
}
conn->worker->s->transferred += bufsiz;
send_body = 1;
}
else if (content_length > 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: read zero bytes, expecting"
" %" APR_OFF_T_FMT " bytes",
content_length);
/*
* We can only get here if the client closed the connection
* to us without sending the body.
* Now the connection is in the wrong state on the backend.
* Sending an empty data msg doesn't help either as it does
* not move this connection to the correct state on the backend
* for later resusage by the next request again.
* Close it to clean things up.
*/
conn->close++;
return HTTP_BAD_REQUEST;
}
}
/* read the response */
conn->data = NULL;
status = ajp_read_header(conn->sock, r, maxsize,
(ajp_msg_t **)&(conn->data));
if (status != APR_SUCCESS) {
/* We had a failure: Close connection to backend */
conn->close++;
apr_brigade_destroy(input_brigade);
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: read response failed from %pI (%s)",
conn->worker->cp->addr,
conn->worker->hostname);
/* If we had a successful cping/cpong and then a timeout
* we assume it is a request that cause a back-end timeout,
* but doesn't affect the whole worker.
*/
if (APR_STATUS_IS_TIMEUP(status) && conn->worker->ping_timeout_set) {
return HTTP_GATEWAY_TIME_OUT;
}
/*
* This is only non fatal when we have not sent (parts) of a possible
* request body so far (we do not store it and thus cannot sent it
* again) and the method is idempotent. In this case we can dare to
* retry it with a different worker if we are a balancer member.
*/
if (!send_body && (is_idempotent(r) == METHOD_IDEMPOTENT)) {
return HTTP_SERVICE_UNAVAILABLE;
}
return HTTP_INTERNAL_SERVER_ERROR;
}
/* parse the reponse */
result = ajp_parse_type(r, conn->data);
output_brigade = apr_brigade_create(p, r->connection->bucket_alloc);
/*
* Prepare apr_pollfd_t struct for possible later check if there is currently
* data available from the backend (do not flush response to client)
* or not (flush response to client)
*/
conn_poll = apr_pcalloc(p, sizeof(apr_pollfd_t));
conn_poll->reqevents = APR_POLLIN;
conn_poll->desc_type = APR_POLL_SOCKET;
conn_poll->desc.s = conn->sock;
bufsiz = maxsize;
for (;;) {
switch (result) {
case CMD_AJP13_GET_BODY_CHUNK:
if (havebody) {
if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) {
/* This is the end */
bufsiz = 0;
havebody = 0;
ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server,
"proxy: APR_BUCKET_IS_EOS");
} else {
status = ap_get_brigade(r->input_filters, input_brigade,
AP_MODE_READBYTES,
APR_BLOCK_READ,
maxsize - AJP_HEADER_SZ);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, status,
r->server,
"ap_get_brigade failed");
output_failed = 1;
break;
}
bufsiz = maxsize;
status = apr_brigade_flatten(input_brigade, buff,
&bufsiz);
apr_brigade_cleanup(input_brigade);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, status,
r->server,
"apr_brigade_flatten failed");
output_failed = 1;
break;
}
}
ajp_msg_reset(msg);
/* will go in ajp_send_data_msg */
status = ajp_send_data_msg(conn->sock, msg, bufsiz);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server,
"ajp_send_data_msg failed");
backend_failed = 1;
break;
}
conn->worker->s->transferred += bufsiz;
} else {
/*
* something is wrong TC asks for more body but we are
* already at the end of the body data
*/
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"ap_proxy_ajp_request error read after end");
backend_failed = 1;
}
break;
case CMD_AJP13_SEND_HEADERS:
if (headers_sent) {
/* Do not send anything to the client.
* Backend already send us the headers.
*/
backend_failed = 1;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: Backend sent headers twice.");
break;
}
/* AJP13_SEND_HEADERS: process them */
status = ajp_parse_header(r, conf, conn->data);
if (status != APR_SUCCESS) {
backend_failed = 1;
}
else if ((r->status == 401) && psf->error_override) {
const char *buf;
const char *wa = "WWW-Authenticate";
if ((buf = apr_table_get(r->headers_out, wa))) {
apr_table_set(r->err_headers_out, wa, buf);
} else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"ap_proxy_ajp_request: origin server "
"sent 401 without WWW-Authenticate header");
}
}
headers_sent = 1;
break;
case CMD_AJP13_SEND_BODY_CHUNK:
/* AJP13_SEND_BODY_CHUNK: piece of data */
status = ajp_parse_data(r, conn->data, &size, &send_body_chunk_buff);
if (status == APR_SUCCESS) {
/* If we are overriding the errors, we can't put the content
* of the page into the brigade.
*/
if (!psf->error_override || !ap_is_HTTP_ERROR(r->status)) {
/* AJP13_SEND_BODY_CHUNK with zero length
* is explicit flush message
*/
if (size == 0) {
if (headers_sent) {
e = apr_bucket_flush_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(output_brigade, e);
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Ignoring flush message received before headers");
}
}
else {
apr_status_t rv;
/* Handle the case where the error document is itself reverse
* proxied and was successful. We must maintain any previous
* error status so that an underlying error (eg HTTP_NOT_FOUND)
* doesn't become an HTTP_OK.
*/
if (psf->error_override && !ap_is_HTTP_ERROR(r->status)
&& ap_is_HTTP_ERROR(original_status)) {
r->status = original_status;
r->status_line = original_status_line;
}
e = apr_bucket_transient_create(send_body_chunk_buff, size,
r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(output_brigade, e);
if ((conn->worker->flush_packets == flush_on) ||
((conn->worker->flush_packets == flush_auto) &&
((rv = apr_poll(conn_poll, 1, &conn_poll_fd,
conn->worker->flush_wait))
!= APR_SUCCESS) &&
APR_STATUS_IS_TIMEUP(rv))) {
e = apr_bucket_flush_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(output_brigade, e);
}
apr_brigade_length(output_brigade, 0, &bb_len);
if (bb_len != -1)
conn->worker->s->read += bb_len;
}
if (headers_sent) {
if (ap_pass_brigade(r->output_filters,
output_brigade) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"proxy: error processing body.%s",
r->connection->aborted ?
" Client aborted connection." : "");
output_failed = 1;
}
data_sent = 1;
apr_brigade_cleanup(output_brigade);
}
}
}
else {
backend_failed = 1;
}
break;
case CMD_AJP13_END_RESPONSE:
status = ajp_parse_reuse(r, conn->data, &conn_reuse);
if (status != APR_SUCCESS) {
backend_failed = 1;
}
/* If we are overriding the errors, we must not send anything to
* the client, especially as the brigade already contains headers.
* So do nothing here, and it will be cleaned up below.
*/
if (!psf->error_override || !ap_is_HTTP_ERROR(r->status)) {
e = apr_bucket_eos_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(output_brigade, e);
if (ap_pass_brigade(r->output_filters,
output_brigade) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"proxy: error processing end");
output_failed = 1;
}
/* XXX: what about flush here? See mod_jk */
data_sent = 1;
}
request_ended = 1;
break;
default:
backend_failed = 1;
break;
}
/*
* If connection has been aborted by client: Stop working.
* Nevertheless, we regard our operation so far as a success:
* So reset output_failed to 0 and set result to CMD_AJP13_END_RESPONSE
* But: Close this connection to the backend.
*/
if (r->connection->aborted) {
conn->close++;
output_failed = 0;
result = CMD_AJP13_END_RESPONSE;
request_ended = 1;
}
/*
* We either have finished successfully or we failed.
* So bail out
*/
if ((result == CMD_AJP13_END_RESPONSE) || backend_failed
|| output_failed)
break;
/* read the response */
status = ajp_read_header(conn->sock, r, maxsize,
(ajp_msg_t **)&(conn->data));
if (status != APR_SUCCESS) {
backend_failed = 1;
ap_log_error(APLOG_MARK, APLOG_DEBUG, status, r->server,
"ajp_read_header failed");
break;
}
result = ajp_parse_type(r, conn->data);
}
apr_brigade_destroy(input_brigade);
/*
* Clear output_brigade to remove possible buckets that remained there
* after an error.
*/
apr_brigade_cleanup(output_brigade);
if (backend_failed || output_failed) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: Processing of request failed backend: %i, "
"output: %i", backend_failed, output_failed);
/* We had a failure: Close connection to backend */
conn->close++;
/* Return DONE to avoid error messages being added to the stream */
if (data_sent) {
rv = DONE;
}
}
else if (!request_ended) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: Processing of request didn't terminate cleanly");
/* We had a failure: Close connection to backend */
conn->close++;
backend_failed = 1;
/* Return DONE to avoid error messages being added to the stream */
if (data_sent) {
rv = DONE;
}
}
else if (!conn_reuse) {
/* Our backend signalled connection close */
conn->close++;
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: got response from %pI (%s)",
conn->worker->cp->addr,
conn->worker->hostname);
if (psf->error_override && ap_is_HTTP_ERROR(r->status)) {
/* clear r->status for override error, otherwise ErrorDocument
* thinks that this is a recursive error, and doesn't find the
* custom error page
*/
rv = r->status;
r->status = HTTP_OK;
} else {
rv = OK;
}
}
if (backend_failed) {
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: dialog to %pI (%s) failed",
conn->worker->cp->addr,
conn->worker->hostname);
/*
* If we already send data, signal a broken backend connection
* upwards in the chain.
*/
if (data_sent) {
ap_proxy_backend_broke(r, output_brigade);
} else if (!send_body && (is_idempotent(r) == METHOD_IDEMPOTENT)) {
/*
* This is only non fatal when we have not sent (parts) of a possible
* request body so far (we do not store it and thus cannot sent it
* again) and the method is idempotent. In this case we can dare to
* retry it with a different worker if we are a balancer member.
*/
rv = HTTP_SERVICE_UNAVAILABLE;
} else {
rv = HTTP_INTERNAL_SERVER_ERROR;
}
}
/*
* Ensure that we sent an EOS bucket thru the filter chain, if we already
* have sent some data. Maybe ap_proxy_backend_broke was called and added
* one to the brigade already (no longer making it empty). So we should
* not do this in this case.
*/
if (data_sent && !r->eos_sent && APR_BRIGADE_EMPTY(output_brigade)) {
e = apr_bucket_eos_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(output_brigade, e);
}
/* If we have added something to the brigade above, sent it */
if (!APR_BRIGADE_EMPTY(output_brigade))
ap_pass_brigade(r->output_filters, output_brigade);
apr_brigade_destroy(output_brigade);
return rv;
}
