diff options
Diffstat (limited to 'rubbos/app/httpd-2.0.64/modules/proxy/proxy_connect.c')
-rw-r--r-- | rubbos/app/httpd-2.0.64/modules/proxy/proxy_connect.c | 377 |
1 files changed, 377 insertions, 0 deletions
diff --git a/rubbos/app/httpd-2.0.64/modules/proxy/proxy_connect.c b/rubbos/app/httpd-2.0.64/modules/proxy/proxy_connect.c new file mode 100644 index 00000000..20e40ebb --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/proxy/proxy_connect.c @@ -0,0 +1,377 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* CONNECT method for Apache proxy */ + +#define CORE_PRIVATE + +#include "mod_proxy.h" +#include "apr_poll.h" + +module AP_MODULE_DECLARE_DATA proxy_connect_module; + +int ap_proxy_connect_canon(request_rec *r, char *url); +int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf, + char *url, const char *proxyname, + apr_port_t proxyport); + +/* + * This handles Netscape CONNECT method secure proxy requests. + * A connection is opened to the specified host and data is + * passed through between the WWW site and the browser. + * + * This code is based on the INTERNET-DRAFT document + * "Tunneling SSL Through a WWW Proxy" currently at + * http://www.mcom.com/newsref/std/tunneling_ssl.html. + * + * If proxyhost and proxyport are set, we send a CONNECT to + * the specified proxy.. + * + * FIXME: this doesn't log the number of bytes sent, but + * that may be okay, since the data is supposed to + * be transparent. In fact, this doesn't log at all + * yet. 8^) + * FIXME: doesn't check any headers initally sent from the + * client. + * FIXME: should allow authentication, but hopefully the + * generic proxy authentication is good enough. + * FIXME: no check for r->assbackwards, whatever that is. + */ + +static int +allowed_port(proxy_server_conf *conf, int port) +{ + int i; + int *list = (int *) conf->allowed_connect_ports->elts; + + for(i = 0; i < conf->allowed_connect_ports->nelts; i++) { + if(port == list[i]) + return 1; + } + return 0; +} + +/* canonicalise CONNECT URLs. */ +int ap_proxy_connect_canon(request_rec *r, char *url) +{ + + if (r->method_number != M_CONNECT) { + return DECLINED; + } + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: canonicalising URL %s", url); + + return OK; +} + +/* CONNECT handler */ +int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf, + char *url, const char *proxyname, + apr_port_t proxyport) +{ + apr_pool_t *p = r->pool; + apr_socket_t *sock; + apr_status_t err, rv; + apr_size_t i, o, nbytes; + char buffer[HUGE_STRING_LEN]; + apr_socket_t *client_socket = ap_get_module_config(r->connection->conn_config, &core_module); + int failed; + apr_pollfd_t *pollfd; + apr_int32_t pollcnt; + apr_int16_t pollevent; + apr_sockaddr_t *uri_addr, *connect_addr; + + apr_uri_t uri; + const char *connectname; + int connectport = 0; + + /* is this for us? */ + if (r->method_number != M_CONNECT) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: declining URL %s", url); + return DECLINED; + } + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: serving URL %s", url); + + + /* + * Step One: Determine Who To Connect To + * + * Break up the URL to determine the host to connect to + */ + + /* we break the URL into host, port, uri */ + if (APR_SUCCESS != apr_uri_parse_hostinfo(p, url, &uri)) { + return ap_proxyerror(r, HTTP_BAD_REQUEST, + apr_pstrcat(p, "URI cannot be parsed: ", url, NULL)); + } + + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: connecting %s to %s:%d", url, uri.hostname, uri.port); + + /* do a DNS lookup for the destination host */ + err = apr_sockaddr_info_get(&uri_addr, uri.hostname, APR_UNSPEC, uri.port, 0, p); + + /* are we connecting directly, or via a proxy? */ + if (proxyname) { + connectname = proxyname; + connectport = proxyport; + err = apr_sockaddr_info_get(&connect_addr, proxyname, APR_UNSPEC, proxyport, 0, p); + } + else { + connectname = uri.hostname; + connectport = uri.port; + connect_addr = uri_addr; + } + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: connecting to remote proxy %s on port %d", connectname, connectport); + + /* check if ProxyBlock directive on this host */ + if (OK != ap_proxy_checkproxyblock(r, conf, uri_addr)) { + return ap_proxyerror(r, HTTP_FORBIDDEN, + "Connect to remote machine blocked"); + } + + /* Check if it is an allowed port */ + if (conf->allowed_connect_ports->nelts == 0) { + /* Default setting if not overridden by AllowCONNECT */ + switch (uri.port) { + case APR_URI_HTTPS_DEFAULT_PORT: + case APR_URI_SNEWS_DEFAULT_PORT: + break; + default: + /* XXX can we call ap_proxyerror() here to get a nice log message? */ + return HTTP_FORBIDDEN; + } + } else if(!allowed_port(conf, uri.port)) { + /* XXX can we call ap_proxyerror() here to get a nice log message? */ + return HTTP_FORBIDDEN; + } + + /* + * Step Two: Make the Connection + * + * We have determined who to connect to. Now make the connection. + */ + + /* get all the possible IP addresses for the destname and loop through them + * until we get a successful connection + */ + if (APR_SUCCESS != err) { + return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_pstrcat(p, + "DNS lookup failure for: ", + connectname, NULL)); + } + + /* + * At this point we have a list of one or more IP addresses of + * the machine to connect to. If configured, reorder this + * list so that the "best candidate" is first try. "best + * candidate" could mean the least loaded server, the fastest + * responding server, whatever. + * + * For now we do nothing, ie we get DNS round robin. + * XXX FIXME + */ + failed = ap_proxy_connect_to_backend(&sock, "CONNECT", connect_addr, + connectname, conf, r->server, + r->pool); + + /* handle a permanent error from the above loop */ + if (failed) { + if (proxyname) { + return DECLINED; + } + else { + return HTTP_BAD_GATEWAY; + } + } + + /* + * Step Three: Send the Request + * + * Send the HTTP/1.1 CONNECT request to the remote server + */ + + /* we are acting as a tunnel - the output filter stack should + * be completely empty, because when we are done here we are done completely. + * We add the NULL filter to the stack to do this... + */ + r->output_filters = NULL; + r->connection->output_filters = NULL; + + + /* If we are connecting through a remote proxy, we need to pass + * the CONNECT request on to it. + */ + if (proxyport) { + /* FIXME: Error checking ignored. + */ + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: sending the CONNECT request to the remote proxy"); + nbytes = apr_snprintf(buffer, sizeof(buffer), + "CONNECT %s HTTP/1.0" CRLF, r->uri); + apr_send(sock, buffer, &nbytes); + nbytes = apr_snprintf(buffer, sizeof(buffer), + "Proxy-agent: %s" CRLF CRLF, ap_get_server_version()); + apr_send(sock, buffer, &nbytes); + } + else { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: Returning 200 OK Status"); + nbytes = apr_snprintf(buffer, sizeof(buffer), + "HTTP/1.0 200 Connection Established" CRLF); + ap_xlate_proto_to_ascii(buffer, nbytes); + apr_send(client_socket, buffer, &nbytes); + nbytes = apr_snprintf(buffer, sizeof(buffer), + "Proxy-agent: %s" CRLF CRLF, ap_get_server_version()); + ap_xlate_proto_to_ascii(buffer, nbytes); + apr_send(client_socket, buffer, &nbytes); +#if 0 + /* This is safer code, but it doesn't work yet. I'm leaving it + * here so that I can fix it later. + */ + r->status = HTTP_OK; + r->header_only = 1; + apr_table_set(r->headers_out, "Proxy-agent: %s", ap_get_server_version()); + ap_rflush(r); +#endif + } + + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: setting up poll()"); + + /* + * Step Four: Handle Data Transfer + * + * Handle two way transfer of data over the socket (this is a tunnel). + */ + +/* r->sent_bodyct = 1;*/ + + if((rv = apr_poll_setup(&pollfd, 2, r->pool)) != APR_SUCCESS) + { + apr_socket_close(sock); + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, + "proxy: CONNECT: error apr_poll_setup()"); + return HTTP_INTERNAL_SERVER_ERROR; + } + + /* Add client side to the poll */ + apr_poll_socket_add(pollfd, client_socket, APR_POLLIN); + + /* Add the server side to the poll */ + apr_poll_socket_add(pollfd, sock, APR_POLLIN); + + while (1) { /* Infinite loop until error (one side closes the connection) */ +/* ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: CONNECT: going to sleep (poll)");*/ + if ((rv = apr_poll(pollfd, 2, &pollcnt, -1)) != APR_SUCCESS) + { + apr_socket_close(sock); + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "proxy: CONNECT: error apr_poll()"); + return HTTP_INTERNAL_SERVER_ERROR; + } +/* ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: woke from select(), i=%d", pollcnt);*/ + + if (pollcnt) { + apr_poll_revents_get(&pollevent, sock, pollfd); + if (pollevent & APR_POLLIN) { +/* ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: sock was set");*/ + nbytes = sizeof(buffer); + if (apr_recv(sock, buffer, &nbytes) == APR_SUCCESS) { + o = 0; + i = nbytes; + while(i > 0) + { + nbytes = i; + /* This is just plain wrong. No module should ever write directly + * to the client. For now, this works, but this is high on my list of + * things to fix. The correct line is: + * if ((nbytes = ap_rwrite(buffer + o, nbytes, r)) < 0) + * rbb + */ + if (apr_send(client_socket, buffer + o, &nbytes) != APR_SUCCESS) + break; + o += nbytes; + i -= nbytes; + } + } + else + break; + } + else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) + break; + + + apr_poll_revents_get(&pollevent, client_socket, pollfd); + if (pollevent & APR_POLLIN) { +/* ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: client was set");*/ + nbytes = sizeof(buffer); + if (apr_recv(client_socket, buffer, &nbytes) == APR_SUCCESS) { + o = 0; + i = nbytes; + while(i > 0) + { + nbytes = i; + if (apr_send(sock, buffer + o, &nbytes) != APR_SUCCESS) + break; + o += nbytes; + i -= nbytes; + } + } + else + break; + } + else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) + break; + } + else + break; + } + + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: CONNECT: finished with poll() - cleaning up"); + + /* + * Step Five: Clean Up + * + * Close the socket and clean up + */ + + apr_socket_close(sock); + + return OK; +} + +static void ap_proxy_connect_register_hook(apr_pool_t *p) +{ + proxy_hook_scheme_handler(ap_proxy_connect_handler, NULL, NULL, APR_HOOK_MIDDLE); + proxy_hook_canon_handler(ap_proxy_connect_canon, NULL, NULL, APR_HOOK_MIDDLE); +} + +module AP_MODULE_DECLARE_DATA proxy_connect_module = { + STANDARD20_MODULE_STUFF, + NULL, /* create per-directory config structure */ + NULL, /* merge per-directory config structures */ + NULL, /* create per-server config structure */ + NULL, /* merge per-server config structures */ + NULL, /* command apr_table_t */ + ap_proxy_connect_register_hook /* register hooks */ +}; |