From 90f9939cee61b46a74e9827ad68ddbf13fe6a704 Mon Sep 17 00:00:00 2001
From: Daniel Ruggeri <druggeri@apache.org>
Date: Tue, 17 Sep 2013 14:53:21 +0000
Subject: [PATCH] Add exec: callout support for mod_session_crypto

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1524079 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/mod_session_crypto.xml | 13 +++++++++++
 modules/session/mod_session_crypto.c   | 32 +++++++++++++++++++++++++-
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/docs/manual/mod/mod_session_crypto.xml b/docs/manual/mod/mod_session_crypto.xml
index 1277dc7554..5d873df2a0 100644
--- a/docs/manual/mod/mod_session_crypto.xml
+++ b/docs/manual/mod/mod_session_crypto.xml
@@ -174,6 +174,19 @@ SessionCryptoPassphrase secret
     secret to the end of the list, and once rolled out completely to all servers, remove
     the first key from the start of the list.</p>
 
+    <p>If the value begins with exec: the resulting command will be executed and the
+    first line returned to standard output by the program will be used as the key.</p>
+<example><pre>
+#key used as-is
+SessionCryptoPassphrase secret
+
+#Run /path/to/program to get key
+SessionCryptoPassphrase exec:/path/to/program
+
+#Run /path/to/otherProgram and provide arguments
+SessionCryptoPassphrase "exec:/path/to/otherProgram argument1"
+</pre></example>
+
 </usage>
 </directivesynopsis>
 
diff --git a/modules/session/mod_session_crypto.c b/modules/session/mod_session_crypto.c
index 03dbba61d6..984a048762 100644
--- a/modules/session/mod_session_crypto.c
+++ b/modules/session/mod_session_crypto.c
@@ -534,11 +534,41 @@ static const char *set_crypto_driver(cmd_parms * cmd, void *config, const char *
 
 static const char *set_crypto_passphrase(cmd_parms * cmd, void *config, const char *arg)
 {
+    int arglen = strlen(arg);
+    char **argv;
+    char *result;
     const char **passphrase;
     session_crypto_dir_conf *dconf = (session_crypto_dir_conf *) config;
 
     passphrase = apr_array_push(dconf->passphrases);
-    *passphrase = arg;
+
+    if ((arglen > 5) && strncmp(arg, "exec:", 5) == 0) {
+        if (apr_tokenize_to_argv(arg+5, &argv, cmd->temp_pool) != APR_SUCCESS) {
+            return apr_pstrcat(cmd->pool,
+                               "Unable to parse exec arguments from ",
+                               arg+5, NULL);
+        }
+        argv[0] = ap_server_root_relative(cmd->temp_pool, argv[0]);
+
+        if (!argv[0]) {
+            return apr_pstrcat(cmd->pool,
+                               "Invalid SessionCryptoPassphrase exec location:",
+                               arg+5, NULL);
+        }
+        result = ap_get_exec_line(cmd->pool,
+                                  (const char*)argv[0], (const char * const *)argv);
+
+        if(!result) {
+            return apr_pstrcat(cmd->pool,
+                               "Unable to get bind password from exec of ",
+                               arg+5, NULL);
+        }
+        *passphrase = result;
+    }
+    else {
+        *passphrase = arg;
+    }
+
     dconf->passphrases_set = 1;
 
     return NULL;
-- 
2.50.0