diff options
| -rw-r--r-- | docs/manual/mod/mod_session_crypto.xml | 13 | ||||
| -rw-r--r-- | modules/session/mod_session_crypto.c | 32 |
2 files changed, 44 insertions, 1 deletions
diff --git a/docs/manual/mod/mod_session_crypto.xml b/docs/manual/mod/mod_session_crypto.xml index 1277dc7554..5d873df2a0 100644 --- a/docs/manual/mod/mod_session_crypto.xml +++ b/docs/manual/mod/mod_session_crypto.xml @@ -174,6 +174,19 @@ SessionCryptoPassphrase secret secret to the end of the list, and once rolled out completely to all servers, remove the first key from the start of the list.</p> + <p>If the value begins with exec: the resulting command will be executed and the + first line returned to standard output by the program will be used as the key.</p> +<example><pre> +#key used as-is +SessionCryptoPassphrase secret + +#Run /path/to/program to get key +SessionCryptoPassphrase exec:/path/to/program + +#Run /path/to/otherProgram and provide arguments +SessionCryptoPassphrase "exec:/path/to/otherProgram argument1" +</pre></example> + </usage> </directivesynopsis> diff --git a/modules/session/mod_session_crypto.c b/modules/session/mod_session_crypto.c index 03dbba61d6..984a048762 100644 --- a/modules/session/mod_session_crypto.c +++ b/modules/session/mod_session_crypto.c @@ -534,11 +534,41 @@ static const char *set_crypto_driver(cmd_parms * cmd, void *config, const char * static const char *set_crypto_passphrase(cmd_parms * cmd, void *config, const char *arg) { + int arglen = strlen(arg); + char **argv; + char *result; const char **passphrase; session_crypto_dir_conf *dconf = (session_crypto_dir_conf *) config; passphrase = apr_array_push(dconf->passphrases); - *passphrase = arg; + + if ((arglen > 5) && strncmp(arg, "exec:", 5) == 0) { + if (apr_tokenize_to_argv(arg+5, &argv, cmd->temp_pool) != APR_SUCCESS) { + return apr_pstrcat(cmd->pool, + "Unable to parse exec arguments from ", + arg+5, NULL); + } + argv[0] = ap_server_root_relative(cmd->temp_pool, argv[0]); + + if (!argv[0]) { + return apr_pstrcat(cmd->pool, + "Invalid SessionCryptoPassphrase exec location:", + arg+5, NULL); + } + result = ap_get_exec_line(cmd->pool, + (const char*)argv[0], (const char * const *)argv); + + if(!result) { + return apr_pstrcat(cmd->pool, + "Unable to get bind password from exec of ", + arg+5, NULL); + } + *passphrase = result; + } + else { + *passphrase = arg; + } + dconf->passphrases_set = 1; return NULL; |