summaryrefslogtreecommitdiff
path: root/www-apache/mod_rpaf/files
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
committerV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
commit4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
treeba5f07bf3f9d22d82e54a462313f5d244036c768 /www-apache/mod_rpaf/files
reinit the tree, so we can have metadata
Diffstat (limited to 'www-apache/mod_rpaf/files')
-rw-r--r--www-apache/mod_rpaf/files/003_ipv6.patch31
-rw-r--r--www-apache/mod_rpaf/files/010_multiple_proxies.patch37
-rw-r--r--www-apache/mod_rpaf/files/011_apache2.4.patch51
-rw-r--r--www-apache/mod_rpaf/files/012_Add-missing-header-for-inet_addr.patch17
-rw-r--r--www-apache/mod_rpaf/files/10_mod_rpaf.conf6
5 files changed, 142 insertions, 0 deletions
diff --git a/www-apache/mod_rpaf/files/003_ipv6.patch b/www-apache/mod_rpaf/files/003_ipv6.patch
new file mode 100644
index 000000000000..49554efe459a
--- /dev/null
+++ b/www-apache/mod_rpaf/files/003_ipv6.patch
@@ -0,0 +1,31 @@
+Description: ipv6 fixes
+Author: Piotr Roszatycki <dexter@debian.org>
+Reviewed-by: Sergey B Kirpichev <skirpichev@gmail.com>
+Bug-Debian: http://bugs.debian.org/726529
+
+---
+ mod_rpaf-2.0.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/mod_rpaf-2.0.c
++++ b/mod_rpaf-2.0.c
+@@ -72,6 +72,8 @@
+ #include "http_vhost.h"
+ #include "apr_strings.h"
+
++#include <arpa/inet.h>
++
+ module AP_MODULE_DECLARE_DATA rpaf_module;
+
+ typedef struct {
+@@ -185,6 +187,10 @@
+ apr_pool_cleanup_register(r->pool, (void *)rcr, rpaf_cleanup, apr_pool_cleanup_null);
+ r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]);
+ r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip);
++ apr_sockaddr_t *tmpsa;
++ int ret = apr_sockaddr_info_get(&tmpsa, r->connection->remote_ip, APR_UNSPEC, r->connection->remote_addr->port, 0, r->connection->remote_addr->pool);
++ if (ret == APR_SUCCESS)
++ memcpy(r->connection->remote_addr, tmpsa, sizeof(apr_sockaddr_t));
+ if (cfg->sethostname) {
+ const char *hostvalue;
+ if (hostvalue = apr_table_get(r->headers_in, "X-Forwarded-Host")) {
diff --git a/www-apache/mod_rpaf/files/010_multiple_proxies.patch b/www-apache/mod_rpaf/files/010_multiple_proxies.patch
new file mode 100644
index 000000000000..2c9fae01bbe3
--- /dev/null
+++ b/www-apache/mod_rpaf/files/010_multiple_proxies.patch
@@ -0,0 +1,37 @@
+Description: Use the last value from the X-Forwarded-For header, which
+ is not in RPAFproxy_ips as the client IP, falling back to the first one
+ if they are all known proxies.
+Author: Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>
+
+---
+ mod_rpaf-2.0.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/mod_rpaf-2.0.c
++++ b/mod_rpaf-2.0.c
+@@ -154,6 +154,16 @@
+ return APR_SUCCESS;
+ }
+
++static char* last_not_in_array(apr_array_header_t *forwarded_for,
++ apr_array_header_t *proxy_ips) {
++ int i;
++ for (i = (forwarded_for->nelts)-1; i > 0; i--) {
++ if (!is_in_array(((char **)forwarded_for->elts)[i], proxy_ips))
++ break;
++ }
++ return ((char **)forwarded_for->elts)[i];
++}
++
+ static int change_remote_ip(request_rec *r) {
+ const char *fwdvalue;
+ char *val;
+@@ -185,7 +195,7 @@
+ rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->remote_ip);
+ rcr->r = r;
+ apr_pool_cleanup_register(r->pool, (void *)rcr, rpaf_cleanup, apr_pool_cleanup_null);
+- r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]);
++ r->connection->remote_ip = apr_pstrdup(r->connection->pool, last_not_in_array(arr, cfg->proxy_ips));
+ r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip);
+ apr_sockaddr_t *tmpsa;
+ int ret = apr_sockaddr_info_get(&tmpsa, r->connection->remote_ip, APR_UNSPEC, r->connection->remote_addr->port, 0, r->connection->remote_addr->pool);
diff --git a/www-apache/mod_rpaf/files/011_apache2.4.patch b/www-apache/mod_rpaf/files/011_apache2.4.patch
new file mode 100644
index 000000000000..1757e9f30a5a
--- /dev/null
+++ b/www-apache/mod_rpaf/files/011_apache2.4.patch
@@ -0,0 +1,51 @@
+Description: Apache 2.4 compatibility patch
+Author: Sergey B Kirpichev <skirpichev@gmail.com>
+Bug-Debian: http://bugs.debian.org/666792
+
+---
+ mod_rpaf-2.0.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+--- a/mod_rpaf-2.0.c
++++ b/mod_rpaf-2.0.c
+@@ -149,8 +149,8 @@
+
+ static apr_status_t rpaf_cleanup(void *data) {
+ rpaf_cleanup_rec *rcr = (rpaf_cleanup_rec *)data;
+- rcr->r->connection->remote_ip = apr_pstrdup(rcr->r->connection->pool, rcr->old_ip);
+- rcr->r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(rcr->r->connection->remote_ip);
++ rcr->r->connection->client_ip = apr_pstrdup(rcr->r->connection->pool, rcr->old_ip);
++ rcr->r->connection->client_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(rcr->r->connection->client_ip);
+ return APR_SUCCESS;
+ }
+
+@@ -173,7 +173,7 @@
+ if (!cfg->enable)
+ return DECLINED;
+
+- if (is_in_array(r->connection->remote_ip, cfg->proxy_ips) == 1) {
++ if (is_in_array(r->connection->client_ip, cfg->proxy_ips) == 1) {
+ /* check if cfg->headername is set and if it is use
+ that instead of X-Forwarded-For by default */
+ if (cfg->headername && (fwdvalue = apr_table_get(r->headers_in, cfg->headername))) {
+@@ -192,15 +192,15 @@
+ if (*fwdvalue != '\0')
+ ++fwdvalue;
+ }
+- rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->remote_ip);
++ rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->client_ip);
+ rcr->r = r;
+ apr_pool_cleanup_register(r->pool, (void *)rcr, rpaf_cleanup, apr_pool_cleanup_null);
+- r->connection->remote_ip = apr_pstrdup(r->connection->pool, last_not_in_array(arr, cfg->proxy_ips));
+- r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip);
++ r->connection->client_ip = apr_pstrdup(r->connection->pool, last_not_in_array(arr, cfg->proxy_ips));
++ r->connection->client_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->client_ip);
+ apr_sockaddr_t *tmpsa;
+- int ret = apr_sockaddr_info_get(&tmpsa, r->connection->remote_ip, APR_UNSPEC, r->connection->remote_addr->port, 0, r->connection->remote_addr->pool);
++ int ret = apr_sockaddr_info_get(&tmpsa, r->connection->client_ip, APR_UNSPEC, r->connection->client_addr->port, 0, r->connection->client_addr->pool);
+ if (ret == APR_SUCCESS)
+- memcpy(r->connection->remote_addr, tmpsa, sizeof(apr_sockaddr_t));
++ memcpy(r->connection->client_addr, tmpsa, sizeof(apr_sockaddr_t));
+ if (cfg->sethostname) {
+ const char *hostvalue;
+ if (hostvalue = apr_table_get(r->headers_in, "X-Forwarded-Host")) {
diff --git a/www-apache/mod_rpaf/files/012_Add-missing-header-for-inet_addr.patch b/www-apache/mod_rpaf/files/012_Add-missing-header-for-inet_addr.patch
new file mode 100644
index 000000000000..b31f91db29af
--- /dev/null
+++ b/www-apache/mod_rpaf/files/012_Add-missing-header-for-inet_addr.patch
@@ -0,0 +1,17 @@
+Description: Add missing header for inet_addr
+Author: Sergey B Kirpichev <skirpichev@gmail.com>
+
+---
+ mod_rpaf-2.0.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/mod_rpaf-2.0.c
++++ b/mod_rpaf-2.0.c
+@@ -64,6 +64,7 @@
+ *
+ */
+
++#include <arpa/inet.h>
+ #include "httpd.h"
+ #include "http_config.h"
+ #include "http_core.h"
diff --git a/www-apache/mod_rpaf/files/10_mod_rpaf.conf b/www-apache/mod_rpaf/files/10_mod_rpaf.conf
new file mode 100644
index 000000000000..56c952ffaeb6
--- /dev/null
+++ b/www-apache/mod_rpaf/files/10_mod_rpaf.conf
@@ -0,0 +1,6 @@
+<IfDefine RPAF>
+LoadModule rpaf_module modules/mod_rpaf.so
+RPAFenable on
+</IfDefine>
+
+# vim: ts=4 filetype=apache
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 07:52:45 +0000