From ee11bdee065daa0a38d25366b4d5991a60177014 Mon Sep 17 00:00:00 2001
From: Luboš Uhliarik <luhliari@redhat.com>
Date: Mar 30 2017 14:20:00 +0000
Subject: Resolves: #1397243 - Backport Apache Bug 53098 - mod_proxy_ajp:

  patch to set worker secret passed to tomcat

---

diff --git a/httpd-2.4.25-r1738878.patch b/httpd-2.4.25-r1738878.patch
index a6a1b50..c8c18f9 100644
--- a/httpd-2.4.25-r1738878.patch
+++ b/httpd-2.4.25-r1738878.patch
@@ -1,10 +1,13 @@
---- a/modules/proxy/ajp.h 2016/04/12 22:47:36 1738877
-+++ b/modules/proxy/ajp.h 2016/04/12 23:09:07 1738878
-@@ -412,11 +412,13 @@
+diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
+index c119a7e..267150a 100644
+--- a/modules/proxy/ajp.h
++++ b/modules/proxy/ajp.h
+@@ -413,12 +413,14 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg);
+  * @param sock      backend socket
   * @param r         current request
   * @param buffsize  max size of the AJP packet.
-  * @param uri       requested uri
 + * @param secret    authentication secret
+  * @param uri       requested uri
   * @return          APR_SUCCESS or error
   */
  apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
@@ -15,9 +18,11 @@
  
  /**
   * Read the ajp message and return the type of the message.
---- a/modules/proxy/ajp_header.c  2016/04/12 22:47:36 1738877
-+++ b/modules/proxy/ajp_header.c  2016/04/12 23:09:07 1738878
-@@ -213,7 +213,8 @@
+diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
+index 67353a7..680a8f3 100644
+--- a/modules/proxy/ajp_header.c
++++ b/modules/proxy/ajp_header.c
+@@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST=
  
  static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
                                            request_rec *r,
@@ -27,7 +32,7 @@
  {
      int method;
      apr_uint32_t i, num_headers = 0;
-@@ -293,17 +294,15 @@
+@@ -293,17 +294,15 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
                     i, elts[i].key, elts[i].val);
      }
  
@@ -48,7 +53,7 @@
  
      if (r->user) {
          if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
-@@ -671,7 +670,8 @@
+@@ -671,7 +670,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
  apr_status_t ajp_send_header(apr_socket_t *sock,
                               request_rec *r,
                               apr_size_t buffsize,
@@ -58,7 +63,7 @@
  {
      ajp_msg_t *msg;
      apr_status_t rc;
-@@ -683,7 +683,7 @@
+@@ -683,7 +683,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock,
          return rc;
      }
  
@@ -67,11 +72,13 @@
      if (rc != APR_SUCCESS) {
          ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
                 "ajp_send_header: ajp_marshal_into_msgb failed");
---- a/modules/proxy/mod_proxy.c 2016/04/12 22:47:36 1738877
-+++ b/modules/proxy/mod_proxy.c 2016/04/12 23:09:07 1738878
-@@ -308,6 +308,12 @@
-                                 (int)sizeof(worker->s->flusher));
-         }
+diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
+index d6e6500..2fe71b9 100644
+--- a/modules/proxy/mod_proxy.c
++++ b/modules/proxy/mod_proxy.c
+@@ -308,6 +308,12 @@ static const char *set_worker_param(apr_pool_t *p,
+                     (int)sizeof(worker->s->flusher));
+         PROXY_STRNCPY(worker->s->flusher, val);
      }
 +    else if (!strcasecmp(key, "secret")) {
 +        if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
@@ -82,27 +89,31 @@
      else {
          if (set_worker_hc_param_f) {
              return set_worker_hc_param_f(p, s, worker, key, val, NULL);
---- a/modules/proxy/mod_proxy.h 2016/04/12 22:47:36 1738877
-+++ b/modules/proxy/mod_proxy.h 2016/04/12 23:09:07 1738878
-@@ -348,6 +348,7 @@
- #define PROXY_WORKER_MAX_HOSTNAME_SIZE   96
- #define PROXY_BALANCER_MAX_HOSTNAME_SIZE 64
- #define PROXY_BALANCER_MAX_STICKY_SIZE   64
-+#define PROXY_WORKER_MAX_SECRET_SIZE     64
+diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
+index 281a776..b416db4 100644
+--- a/modules/proxy/mod_proxy.h
++++ b/modules/proxy/mod_proxy.h
+@@ -352,6 +352,7 @@ PROXY_WORKER_HC_FAIL )
+ #define PROXY_WORKER_MAX_HOSTNAME_SIZE  64
+ #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
+ #define PROXY_BALANCER_MAX_STICKY_SIZE  64
++#define PROXY_WORKER_MAX_SECRET_SIZE    64
  
  /* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,
   * dotted together(?) this would fit the below size (+ trailing NUL).
-@@ -444,6 +445,7 @@
-     unsigned int     disablereuse_set:1;
-     unsigned int     was_malloced:1;
-     unsigned int     is_name_matchable:1;
+@@ -442,6 +443,7 @@ typedef struct {
+     int             fcount;     /* current count of failures */
+     hcmethod_t      method;     /* method to use for health check */
+     apr_interval_time_t interval;
 +    char      secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
  } proxy_worker_shared;
  
  #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
---- a/modules/proxy/mod_proxy_ajp.c 2016/04/12 22:47:36 1738877
-+++ b/modules/proxy/mod_proxy_ajp.c 2016/04/12 23:09:07 1738878
-@@ -193,6 +193,7 @@
+diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
+index 051724e..e706518 100644
+--- a/modules/proxy/mod_proxy_ajp.c
++++ b/modules/proxy/mod_proxy_ajp.c
+@@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
      apr_off_t content_length = 0;
      int original_status = r->status;
      const char *original_status_line = r->status_line;
@@ -110,7 +121,7 @@
  
      if (psf->io_buffer_size_set)
         maxsize = psf->io_buffer_size;
-@@ -202,12 +203,15 @@
+@@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
         maxsize = AJP_MSG_BUFFER_SZ;
      maxsize = APR_ALIGN(maxsize, 1024);