httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1530281 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS docs/manual/mod/mod_session_crypto.xml modules/session/mod_session_crypto.c
Date Tue, 08 Oct 2013 14:19:55 GMT
Author: jim
Date: Tue Oct  8 14:19:55 2013
New Revision: 1530281

URL: http://svn.apache.org/r1530281
Log:
Merge r1529014 from trunk:

core: Add missing Reason-Phrase in HTTP response headers.
PR 54946.

Submitted by: rjung
Reviewed/backported by: jim

Modified:
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.xml
    httpd/httpd/branches/2.4.x/modules/session/mod_session_crypto.c

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1530281&r1=1530280&r2=1530281&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue Oct  8 14:19:55 2013
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.7
 
+  *) mod_session_crypto: Allow using exec: calls to obtain session
+     encryption key.  [Daniel Ruggeri]
+
   *) core: Add missing Reason-Phrase in HTTP response headers.
      PR 54946. [Rainer Jung]
 

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1530281&r1=1530280&r2=1530281&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue Oct  8 14:19:55 2013
@@ -97,12 +97,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * mod_session_crypto: Add support for exec: calls to obtain key similar to
-    mod_ssl and mod_authnz_ldap. Essentially copypasta from mod_authnz_ldap...
-    trunk patch: http://people.apache.org/~druggeri/patches/SessionCryptoPassphrase-exec.trunk.patch
-    2.4.x patch: http://people.apache.org/~druggeri/patches/SessionCryptoPassphrase-exec.2.4.x.patch
-    +1: druggeri, rjung, jim
-
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.xml?rev=1530281&r1=1530280&r2=1530281&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.xml Tue Oct  8 14:19:55
2013
@@ -174,6 +174,19 @@ SessionCryptoPassphrase secret
     secret to the end of the list, and once rolled out completely to all servers, remove
     the first key from the start of the list.</p>
 
+    <p>If the value begins with exec: the resulting command will be executed and the
+    first line returned to standard output by the program will be used as the key.</p>
+<example><pre>
+#key used as-is
+SessionCryptoPassphrase secret
+
+#Run /path/to/program to get key
+SessionCryptoPassphrase exec:/path/to/program
+
+#Run /path/to/otherProgram and provide arguments
+SessionCryptoPassphrase "exec:/path/to/otherProgram argument1"
+</pre></example>
+
 </usage>
 </directivesynopsis>
 

Modified: httpd/httpd/branches/2.4.x/modules/session/mod_session_crypto.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/session/mod_session_crypto.c?rev=1530281&r1=1530280&r2=1530281&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/session/mod_session_crypto.c (original)
+++ httpd/httpd/branches/2.4.x/modules/session/mod_session_crypto.c Tue Oct  8 14:19:55 2013
@@ -534,11 +534,41 @@ static const char *set_crypto_driver(cmd
 
 static const char *set_crypto_passphrase(cmd_parms * cmd, void *config, const char *arg)
 {
+    int arglen = strlen(arg);
+    char **argv;
+    char *result;
     const char **passphrase;
     session_crypto_dir_conf *dconf = (session_crypto_dir_conf *) config;
 
     passphrase = apr_array_push(dconf->passphrases);
-    *passphrase = arg;
+
+    if ((arglen > 5) && strncmp(arg, "exec:", 5) == 0) {
+        if (apr_tokenize_to_argv(arg+5, &argv, cmd->temp_pool) != APR_SUCCESS) {
+            return apr_pstrcat(cmd->pool,
+                               "Unable to parse exec arguments from ",
+                               arg+5, NULL);
+        }
+        argv[0] = ap_server_root_relative(cmd->temp_pool, argv[0]);
+
+        if (!argv[0]) {
+            return apr_pstrcat(cmd->pool,
+                               "Invalid SessionCryptoPassphrase exec location:",
+                               arg+5, NULL);
+        }
+        result = ap_get_exec_line(cmd->pool,
+                                  (const char*)argv[0], (const char * const *)argv);
+
+        if(!result) {
+            return apr_pstrcat(cmd->pool,
+                               "Unable to get bind password from exec of ",
+                               arg+5, NULL);
+        }
+        *passphrase = result;
+    }
+    else {
+        *passphrase = arg;
+    }
+
     dconf->passphrases_set = 1;
 
     return NULL;



Mime
View raw message