mod_session_crypto: Add support for exec: calls to obtain key similar to
mod_ssl and mod_authnz_ldap. Essentially copypasta from mod_authnz_ldap...
Submitted by: druggeri
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1530281 13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.4.7
+ *) mod_session_crypto: Allow using exec: calls to obtain session
+ encryption key. [Daniel Ruggeri]
+
*) core: Add missing Reason-Phrase in HTTP response headers.
PR 54946. [Rainer Jung]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_session_crypto: Add support for exec: calls to obtain key similar to
- mod_ssl and mod_authnz_ldap. Essentially copypasta from mod_authnz_ldap...
- trunk patch: http://people.apache.org/~druggeri/patches/SessionCryptoPassphrase-exec.trunk.patch
- 2.4.x patch: http://people.apache.org/~druggeri/patches/SessionCryptoPassphrase-exec.2.4.x.patch
- +1: druggeri, rjung, jim
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
secret to the end of the list, and once rolled out completely to all servers, remove
the first key from the start of the list.</p>
+ <p>If the value begins with exec: the resulting command will be executed and the
+ first line returned to standard output by the program will be used as the key.</p>
+<example><pre>
+#key used as-is
+SessionCryptoPassphrase secret
+
+#Run /path/to/program to get key
+SessionCryptoPassphrase exec:/path/to/program
+
+#Run /path/to/otherProgram and provide arguments
+SessionCryptoPassphrase "exec:/path/to/otherProgram argument1"
+</pre></example>
+
</usage>
</directivesynopsis>
static const char *set_crypto_passphrase(cmd_parms * cmd, void *config, const char *arg)
{
+ int arglen = strlen(arg);
+ char **argv;
+ char *result;
const char **passphrase;
session_crypto_dir_conf *dconf = (session_crypto_dir_conf *) config;
passphrase = apr_array_push(dconf->passphrases);
- *passphrase = arg;
+
+ if ((arglen > 5) && strncmp(arg, "exec:", 5) == 0) {
+ if (apr_tokenize_to_argv(arg+5, &argv, cmd->temp_pool) != APR_SUCCESS) {
+ return apr_pstrcat(cmd->pool,
+ "Unable to parse exec arguments from ",
+ arg+5, NULL);
+ }
+ argv[0] = ap_server_root_relative(cmd->temp_pool, argv[0]);
+
+ if (!argv[0]) {
+ return apr_pstrcat(cmd->pool,
+ "Invalid SessionCryptoPassphrase exec location:",
+ arg+5, NULL);
+ }
+ result = ap_get_exec_line(cmd->pool,
+ (const char*)argv[0], (const char * const *)argv);
+
+ if(!result) {
+ return apr_pstrcat(cmd->pool,
+ "Unable to get bind password from exec of ",
+ arg+5, NULL);
+ }
+ *passphrase = result;
+ }
+ else {
+ *passphrase = arg;
+ }
+
dconf->passphrases_set = 1;
return NULL;
projects / apache / commitdiff