as suggested a while back (I've been a bit busy) by members of this list I changed the patch so that mod_proxy respects HostnameLookups when dealing reverse lookups.
I'm not happy with it tough, because I had to add an API funtcion to the apache core. Since i'm quite new to apache internals here's a question:
Is there an alternative path to follow? If not, what about an API function similar to ap_get_remote_logname() but that instead of returning a string, works with the same kind of parameters of *ap_proxy_host2addr()?
Notes:
- in proxy_util.c/proxy_match_ipaddr(): the call to ap_proxy_host2addr() has been forced to reverse lookups indipendently from configuration settings. Otherwhise when the parameter for NoProxy is an IP address, it wouldn't have the same matching it had previously. I think tough, it could be made configuration dependent.
- in proxy_util.c/ap_proxy_is_hostname(): the call to ap_proxy_host2addr() has been forced to NOT perform any reverse lookups. It simply doesn't make sense unless I'm missing something.
- in mod_proxy.c/set_proxy_exclude() and set_cache_exclude(): the calls to ap_proxy_host2addr() depend on configuration. Probably they could be forced to NO reverse lookups.
Regards.
-- Federico Mennite
diff -urN apache_1.3.27/src/ApacheCore.def apache_1.3.27.ite/src/ApacheCore.def
--- apache_1.3.27/src/ApacheCore.def 2002-06-18 06:19:46.000000000 +0200
+++ apache_1.3.27.ite/src/ApacheCore.def 2003-03-14 08:10:10.000000000 +0100
@@ -447,3 +447,4 @@
ap_getline @439
ap_get_chunk_size @440
ap_escape_logitem @441
+ ap_get_hostname_lookups @442
diff -urN apache_1.3.27/src/ApacheCoreOS2.def apache_1.3.27.ite/src/ApacheCoreOS2.def
--- apache_1.3.27/src/ApacheCoreOS2.def 2002-06-13 17:00:18.000000000 +0200
+++ apache_1.3.27.ite/src/ApacheCoreOS2.def 2003-03-14 08:10:51.000000000 +0100
@@ -428,3 +428,4 @@
ap_caret_escape_args @437
ap_double_quotes @438
ap_escape_logitem @441
+ ap_get_hostname_lookups @442
diff -urN apache_1.3.27/src/include/http_core.h
apache_1.3.27.ite/src/include/http_core.h
--- apache_1.3.27/src/include/http_core.h 2002-03-21 07:04:27.000000000 +0100
+++ apache_1.3.27.ite/src/include/http_core.h 2003-03-14 08:17:32.000000000 +0100
@@ -115,6 +115,11 @@
#define SATISFY_ANY 1
#define SATISFY_NOSPEC 2
+#define HOSTNAME_LOOKUP_OFF 0
+#define HOSTNAME_LOOKUP_ON 1
+#define HOSTNAME_LOOKUP_DOUBLE 2
+#define HOSTNAME_LOOKUP_UNSET 3
+
API_EXPORT(int) ap_allow_options (request_rec *);
API_EXPORT(int) ap_allow_overrides (request_rec *);
API_EXPORT(const char *) ap_default_type (request_rec *);
@@ -123,6 +128,7 @@
* that, it'll screw you. But it's
* back-compatible...
*/
+API_EXPORT(int) ap_get_hostname_lookups(void *dir_config);
API_EXPORT(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, int
type);
API_EXPORT(const char *) ap_get_remote_logname(request_rec *r);
@@ -242,12 +248,7 @@
char **response_code_strings;
- /* Hostname resolution etc */
-#define HOSTNAME_LOOKUP_OFF 0
-#define HOSTNAME_LOOKUP_ON 1
-#define HOSTNAME_LOOKUP_DOUBLE 2
-#define HOSTNAME_LOOKUP_UNSET 3
- unsigned int hostname_lookups : 4;
+ unsigned int hostname_lookups : 4; /* Hostname resolution etc */
signed int do_rfc1413 : 2; /* See if client is advertising a username? */
diff -urN apache_1.3.27/src/main/http_core.c apache_1.3.27.ite/src/main/http_core.c
--- apache_1.3.27/src/main/http_core.c 2002-09-30 18:35:21.000000000 +0200
+++ apache_1.3.27.ite/src/main/http_core.c 2003-03-22 17:10:15.000000000 +0100
@@ -667,15 +667,10 @@
conn->remote_host = "";
}
-API_EXPORT(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config,
- int type)
+API_EXPORT(int) ap_get_hostname_lookups(void *dir_config)
{
- struct in_addr *iaddr;
- struct hostent *hptr;
int hostname_lookups;
- int old_stat = SERVER_DEAD; /* we shouldn't ever be in this state */
- /* If we haven't checked the host name, and we want to */
if (dir_config) {
hostname_lookups =
((core_dir_config *)ap_get_module_config(dir_config, &core_module))
@@ -689,6 +684,20 @@
hostname_lookups = HOSTNAME_LOOKUP_OFF;
}
+ return hostname_lookups;
+}
+
+
+API_EXPORT(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config,
+ int type)
+{
+ struct in_addr *iaddr;
+ struct hostent *hptr;
+ int hostname_lookups;
+ int old_stat = SERVER_DEAD; /* we shouldn't ever be in this state */
+
+ hostname_lookups = ap_get_hostname_lookups(dir_config);
+
if (type != REMOTE_NOLOOKUP
&& conn->remote_host == NULL
&& (type == REMOTE_DOUBLE_REV
diff -urN apache_1.3.27/src/modules/proxy/mod_proxy.c
apache_1.3.27.ite/src/modules/proxy/mod_proxy.c
--- apache_1.3.27/src/modules/proxy/mod_proxy.c 2002-06-18 02:59:59.000000000 +0200
+++ apache_1.3.27.ite/src/modules/proxy/mod_proxy.c 2003-03-14 22:10:56.000000000
+0100
@@ -63,6 +63,7 @@
#include "http_log.h"
#include "http_vhost.h"
#include "http_request.h"
+#include "http_core.h"
/* Some WWW schemes and their default ports; this is basically /etc/services */
/* This will become global when the protocol abstraction comes */
@@ -582,7 +583,8 @@
struct hostent hp;
int found = 0;
int i;
-
+ int reverse;
+
/* Don't duplicate entries */
for (i = 0; i < conf->noproxies->nelts; i++) {
if (strcasecmp(arg, list[i].name) == 0) /* ignore case for host names */
@@ -590,10 +592,11 @@
}
if (!found) {
+ reverse = ap_get_hostname_lookups(s->module_config) != HOSTNAME_LOOKUP_OFF;
new = ap_push_array(conf->noproxies);
new->name = arg;
/* Don't do name lookups on things that aren't dotted */
- if (strchr(arg, '.') != NULL && ap_proxy_host2addr(new->name, &hp) == NULL)
+ if (strchr(arg, '.') != NULL && ap_proxy_host2addr(new->name, &hp, reverse)
== NULL)
/*
* @@@FIXME: This copies only the first of (possibly many) IP
* addrs
@@ -829,6 +832,7 @@
struct hostent hp;
int found = 0;
int i;
+ int reverse;
/* Don't duplicate entries */
for (i = 0; i < conf->nocaches->nelts; i++) {
@@ -837,10 +841,11 @@
}
if (!found) {
+ reverse = ap_get_hostname_lookups(s->module_config) != HOSTNAME_LOOKUP_OFF;
new = ap_push_array(conf->nocaches);
new->name = arg;
/* Don't do name lookups on things that aren't dotted */
- if (strchr(arg, '.') != NULL && ap_proxy_host2addr(new->name, &hp) == NULL)
+ if (strchr(arg, '.') != NULL && ap_proxy_host2addr(new->name, &hp, reverse)
== NULL)
/*
* @@@FIXME: This copies only the first of (possibly many) IP
* addrs
diff -urN apache_1.3.27/src/modules/proxy/mod_proxy.h
apache_1.3.27.ite/src/modules/proxy/mod_proxy.h
--- apache_1.3.27/src/modules/proxy/mod_proxy.h 2002-04-21 13:35:07.000000000 +0200
+++ apache_1.3.27.ite/src/modules/proxy/mod_proxy.h 2003-02-26 00:18:27.000000000
+0100
@@ -305,7 +305,7 @@
void ap_proxy_sec2hex(int t, char *y);
cache_req *ap_proxy_cache_error(cache_req *r);
int ap_proxyerror(request_rec *r, int statuscode, const char *message);
-const char *ap_proxy_host2addr(const char *host, struct hostent *reqhp);
+const char *ap_proxy_host2addr(const char *host, struct hostent *reqhp, int reverse);
int ap_proxy_is_ipaddr(struct dirconn_entry *This, pool *p);
int ap_proxy_is_domainname(struct dirconn_entry *This, pool *p);
int ap_proxy_is_hostname(struct dirconn_entry *This, pool *p);
diff -urN apache_1.3.27/src/modules/proxy/proxy_connect.c
apache_1.3.27.ite/src/modules/proxy/proxy_connect.c
--- apache_1.3.27/src/modules/proxy/proxy_connect.c 2002-03-25 10:21:58.000000000
+0100
+++ apache_1.3.27.ite/src/modules/proxy/proxy_connect.c 2003-03-14 22:12:25.000000000
+0100
@@ -61,6 +61,7 @@
#include "mod_proxy.h"
#include "http_log.h"
#include "http_main.h"
+#include "http_core.h"
#ifdef HAVE_BSTRING_H
#include <bstring.h> /* for IRIX, FD_SET calls bzero() */
@@ -126,6 +127,7 @@
proxy_server_conf *conf =
(proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
+ int reverse = ap_get_hostname_lookups(sconf) != HOSTNAME_LOOKUP_OFF;
memset(&server, '\0', sizeof(server));
server.sin_family = AF_INET;
@@ -176,7 +178,7 @@
/* Nasty cast to work around broken terniary expressions on MSVC */
server.sin_port = htons((unsigned short)(proxyport ? proxyport : port));
- err = ap_proxy_host2addr(proxyhost ? proxyhost : host, &server_hp);
+ err = ap_proxy_host2addr(proxyhost ? proxyhost : host, &server_hp, reverse);
if (err != NULL)
return ap_proxyerror(r,
diff -urN apache_1.3.27/src/modules/proxy/proxy_ftp.c
apache_1.3.27.ite/src/modules/proxy/proxy_ftp.c
--- apache_1.3.27/src/modules/proxy/proxy_ftp.c 2002-04-07 20:57:36.000000000 +0200
+++ apache_1.3.27.ite/src/modules/proxy/proxy_ftp.c 2003-03-14 21:31:16.000000000
+0100
@@ -572,6 +572,7 @@
(proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
struct nocache_entry *ncent = (struct nocache_entry *) conf->nocaches->elts;
+ int reverse = ap_get_hostname_lookups(sconf) != HOSTNAME_LOOKUP_OFF;
/* stuff for PASV mode */
unsigned int presult, h0, h1, h2, h3, p0, p1;
@@ -661,7 +662,7 @@
memset(&server, 0, sizeof(struct sockaddr_in));
server.sin_family = AF_INET;
server.sin_port = htons((unsigned short)port);
- err = ap_proxy_host2addr(host, &server_hp);
+ err = ap_proxy_host2addr(host, &server_hp, reverse);
if (err != NULL)
return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, err);
diff -urN apache_1.3.27/src/modules/proxy/proxy_http.c
apache_1.3.27.ite/src/modules/proxy/proxy_http.c
--- apache_1.3.27/src/modules/proxy/proxy_http.c 2002-09-03 09:12:46.000000000
+0200
+++ apache_1.3.27.ite/src/modules/proxy/proxy_http.c 2003-03-14 22:09:28.000000000
+0100
@@ -177,7 +177,8 @@
struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
struct nocache_entry *ncent = (struct nocache_entry *) conf->nocaches->elts;
int nocache = 0;
-
+ int reverse = ap_get_hostname_lookups(sconf) != HOSTNAME_LOOKUP_OFF;
+
if (conf->cache.root == NULL)
nocache = 1;
@@ -225,13 +226,13 @@
if (proxyhost != NULL) {
server.sin_port = htons((unsigned short)proxyport);
- err = ap_proxy_host2addr(proxyhost, &server_hp);
+ err = ap_proxy_host2addr(proxyhost, &server_hp, reverse);
if (err != NULL)
return DECLINED; /* try another */
}
else {
server.sin_port = htons((unsigned short)destport);
- err = ap_proxy_host2addr(desthost, &server_hp);
+ err = ap_proxy_host2addr(desthost, &server_hp, reverse);
if (err != NULL)
return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, err);
}
diff -urN apache_1.3.27/src/modules/proxy/proxy_util.c
apache_1.3.27.ite/src/modules/proxy/proxy_util.c
--- apache_1.3.27/src/modules/proxy/proxy_util.c 2002-07-22 18:26:03.000000000
+0200
+++ apache_1.3.27.ite/src/modules/proxy/proxy_util.c 2003-03-22 21:26:22.000000000
+0100
@@ -978,11 +978,12 @@
* This routine returns its own error message
*/
const char *
- ap_proxy_host2addr(const char *host, struct hostent * reqhp)
+ ap_proxy_host2addr(const char *host, struct hostent * reqhp, int reverse)
{
int i;
- struct hostent *hp;
+ struct hostent *hp = NULL;
struct per_thread_data *ptd = get_per_thread_data();
+
for (i = 0; host[i] != '\0'; i++)
if (!ap_isdigit(host[i]) && host[i] != '.')
@@ -995,7 +996,8 @@
}
else {
ptd->ipaddr = ap_inet_addr(host);
- hp = gethostbyaddr((char *)&ptd->ipaddr, sizeof(ptd->ipaddr), AF_INET);
+ if (reverse)
+ hp = gethostbyaddr((char *)&ptd->ipaddr, sizeof(ptd->ipaddr), AF_INET);
if (hp == NULL) {
memset(&ptd->hpbuf, 0, sizeof(ptd->hpbuf));
ptd->hpbuf.h_name = 0;
@@ -1188,7 +1190,7 @@
struct hostent the_host;
memset(&the_host, '\0', sizeof the_host);
- found = ap_proxy_host2addr(host, &the_host);
+ found = ap_proxy_host2addr(host, &the_host, 1);
if (found != NULL) {
#if DEBUGGING
@@ -1300,7 +1302,7 @@
}
#endif
- if (addr[i] != '\0' || ap_proxy_host2addr(addr, &host) != NULL)
+ if (addr[i] != '\0' || ap_proxy_host2addr(addr, &host, 0) != NULL)
return 0;
This->hostentry = ap_pduphostent(p, &host);
