www-modproxy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maurizio Marini <mau...@ns.datalogica.com>
Subject Re:
Date Fri, 04 Oct 2002 14:27:44 GMT
On Friday 04 October 2002 12:26 pm, i.t wrote:

  >it would be helpful, if you could provide some more actual details



Hi sir,

It would be nice in general to have a module that allows to modify parameters 
passed in a post, precisely like mod_rewrite allows the change of parameters 
passed by get. Is this feasible ?

leave general case and come to my problem.


I'm developing in redhat 7.3 httpd 1.3.23-14; it's a very complex infrastructure with mod_pubcookie,
mod_proxy and mod_rewrite
it's not easy to describe it; it's easier for me to show you the piece of code that in  http
allowed  me to change parameter in post stuff, but not any more  in https



int change_out_post(request_rec *r, char *username) {
   char argsbuffer[HUGE_STRING_LEN];
   int retval;


   /* checkout http_protocols.c for reading the body info */
   if ((retval = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)))
        return retval;


   if (ap_should_client_block(r)) {
        char *p=r->connection->client->inptr;
        int len_read;
        ap_hard_timeout("copy script args", r);


                ;
                if ((p=strstr(r->connection->client->inptr, "username")) != NULL)
{
                        memcpy( p+strlen("username="), foo, 10);
                        p=r->connection->client->inptr;
                }
                libpbc_debug("change_out_post[%d]: inptr: %s\n", __LINE__, p);
                ap_kill_timeout(r);
    }
    return(1);


}


i try to explain it:


Premise.
suppose that u want authenticate a user and after authentication u want to add the username
to hidden parameter
beacause application on backend (we are in rev-proxy architecture) needs it as post parameters.


The misfact.
before autheticating using mod_pubcookie i add some hidden parameter initialized to null
e.g. 'username=                                                                   '
u can see sufficient blanks after username=, to accomodate for username value
it's a low tricky, don't blame to me!


after authetication i try to valorize username...how?!?
with strstr i search the parameter name in post area pointed (if we are in http!!!) by r->connection->client->inptr
i add 9 bytes to this pointer (strlen("username="))
i write the username in place of blanks
done!
this horrible trick worked until i pass to https...


Conclusion.
i fear that it's not portable (sure it doesn't work in apache 2.0!) and after apache
rewriting for chunked exploit all my stuff is outdated, even i've not tested it;
i write this piece of code the days before 21 June!!!


My prayer.
now, i know well that this piece of sw cannot be a solution and i seraching for some help
to do something more robust and reliable.


thnx in advance!



--
Maurizio Marini

Mime
View raw message