static apr_status_t CaseFilterOutFilter(ap_filter_t *f,
apr_bucket_brigade *pbbIn)
{
request_rec *r = f->r;
conn_rec *c = r->connection;
apr_bucket *pbktIn;
apr_bucket_brigade *pbbOut;
pbbOut=apr_brigade_create(r->pool, c->bucket_alloc);
for (pbktIn = APR_BRIGADE_FIRST(pbbIn);
pbktIn != APR_BRIGADE_SENTINEL(pbbIn);
pbktIn = APR_BUCKET_NEXT(pbktIn))
{
const char *data;
apr_size_t len;
char *buf;
apr_size_t n;
apr_bucket *pbktOut;
if(APR_BUCKET_IS_EOS(pbktIn))
{
apr_bucket *pbktEOS=apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(pbbOut,pbktEOS);
continue;
}
/* read */
apr_bucket_read(pbktIn,&data,&len,APR_BLOCK_READ);
/* write */
buf = apr_bucket_alloc(len, c->bucket_alloc);
for(n=0 ; n < len ; ++n)
buf[n] = apr_toupper(data[n]);
pbktOut = apr_bucket_heap_create(buf, len, apr_bucket_free,
c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(pbbOut,pbktOut);
}
/* Q: is there any advantage to passing a brigade for each bucket?
* A: obviously, it can cut down server resource consumption, if this
* experimental module was fed a file of 4MB, it would be using 8MB for
* the 'read' buckets and the 'write' buckets.
*
* Note it is more efficient to consume (destroy) each bucket as it's
* processed above than to do a single cleanup down here. In any case,
* don't let our caller pass the same buckets to us, twice;
*/
apr_brigade_cleanup(pbbIn);
return ap_pass_brigade(f->next,pbbOut);
}
static apr_status_t h2_conn_io_bucket_read(h2_conn_io *io,
apr_read_type_e block,
h2_conn_io_on_read_cb on_read_cb,
void *puser, int *pdone)
{
apr_status_t status = APR_SUCCESS;
apr_size_t readlen = 0;
*pdone = 0;
while (status == APR_SUCCESS && !*pdone
&& !APR_BRIGADE_EMPTY(io->input)) {
apr_bucket* bucket = APR_BRIGADE_FIRST(io->input);
if (APR_BUCKET_IS_METADATA(bucket)) {
/* we do nothing regarding any meta here */
}
else {
const char *bucket_data = NULL;
apr_size_t bucket_length = 0;
status = apr_bucket_read(bucket, &bucket_data,
&bucket_length, block);
if (status == APR_SUCCESS && bucket_length > 0) {
if (APLOGctrace2(io->connection)) {
char buffer[32];
h2_util_hex_dump(buffer, sizeof(buffer)/sizeof(buffer[0]),
bucket_data, bucket_length);
ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, io->connection,
"h2_conn_io(%ld): read %d bytes: %s",
io->connection->id, (int)bucket_length, buffer);
}
if (bucket_length > 0) {
apr_size_t consumed = 0;
status = on_read_cb(bucket_data, bucket_length,
&consumed, pdone, puser);
if (status == APR_SUCCESS && bucket_length > consumed) {
/* We have data left in the bucket. Split it. */
status = apr_bucket_split(bucket, consumed);
}
readlen += consumed;
}
}
}
apr_bucket_delete(bucket);
}
if (readlen == 0 && status == APR_SUCCESS && block == APR_NONBLOCK_READ) {
return APR_EAGAIN;
}
return status;
}
apr_status_t jxr_append_brigade(request_rec *r, apr_bucket_brigade *dest, apr_bucket_brigade *bb, int *eos_seen)
{
apr_size_t max_msglen = MAX_PACKET_SIZE - sizeof(Jaxer_Header);
apr_status_t rv;
while (!APR_BRIGADE_EMPTY(bb))
{
apr_size_t readlen;
const char *buffer;
apr_bucket *e = APR_BRIGADE_FIRST(bb);
if (APR_BUCKET_IS_EOS(e) )
{
apr_bucket_delete(e);
if (eos_seen)
*eos_seen = 1;
continue;
}
if (APR_BUCKET_IS_METADATA(e)) {
apr_bucket_delete(e);
continue;
}
/* Read the bucket now */
if ((rv = apr_bucket_read(e, &buffer, &readlen, APR_BLOCK_READ)) != APR_SUCCESS)
{
ap_log_perror(APLOG_MARK, APLOG_INFO, rv, r->pool, "mod_jaxer: can't read data from handler");
return rv;
}
if (readlen > max_msglen)
{
apr_bucket_split(e, max_msglen);
}else
{
APR_BUCKET_REMOVE(e);
APR_BRIGADE_INSERT_TAIL(dest, e);
}
}
if ((rv=apr_brigade_destroy(bb)) != APR_SUCCESS)
{
ap_log_perror(APLOG_MARK, APLOG_INFO, rv, r->pool, "mod_jaxer: failed to destroy brigade.");
return rv;
}
return APR_SUCCESS;
}
apr_status_t jxr_send_brigade(jaxer_connection * ac, apr_bucket_brigade * bb)
{
apr_bucket *bucket;
apr_status_t rv;
compat_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, ac->request, "mod_jaxer: sending a brigade (sock=%d)", ac->sock);
for (bucket = APR_BRIGADE_FIRST(bb);
bucket != APR_BRIGADE_SENTINEL(bb);
bucket = APR_BUCKET_NEXT(bucket))
{
char *write_buf;
apr_size_t write_buf_len;
if (APR_BUCKET_IS_EOS(bucket))
break;
if (APR_BUCKET_IS_FLUSH(bucket))
continue;
if ((rv =
apr_bucket_read(bucket, (const char **)&write_buf, &write_buf_len,
APR_BLOCK_READ)) != APR_SUCCESS) {
compat_log_rerror(APLOG_MARK, APLOG_WARNING, rv, ac->request,
"mod_jaxer: can't read request from bucket");
return rv;
}
{
int type = jxr_msg_get_type(write_buf);
apr_size_t pos; // not used
apr_size_t len = jxr_msg_get_length(write_buf, &pos);
compat_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, ac->request, "mod_jaxer: sending a brigade (type=%s len=%d)", sBlockType[type], len);
}
/* Write the buffer to jaxer server */
if(0 > jxr_socket_sendfull(ac, write_buf, (int) write_buf_len))
{
compat_log_rerror(APLOG_MARK, APLOG_WARNING, APR_FROM_OS_ERROR(rv), ac->request,
"mod_jaxer: can't write to socket");
return apr_get_os_error();
}
}
compat_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, ac->request, "mod_jaxer: sent a brigade (sock=%d)", ac->sock);
return APR_SUCCESS;
}
static int cdn_html_filter(ap_filter_t * f, apr_bucket_brigade * bb)
{
apr_bucket *b;
const char *buf = 0;
apr_size_t bytes = 0;
/* now do HTML filtering if necessary, and pass the brigade onward */
saxctxt *ctxt = check_html_filter_init(f);
if (!ctxt)
return ap_pass_brigade(f->next, bb);
for(b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) {
if(APR_BUCKET_IS_EOS(b) || APR_BUCKET_IS_FLUSH(b)) {
consume_buffer(ctxt, buf, 0, 1);
APR_BUCKET_REMOVE(b);
APR_BRIGADE_INSERT_TAIL(ctxt->bb, b);
ap_pass_brigade(ctxt->f->next, ctxt->bb);
return APR_SUCCESS;
}
if(apr_bucket_read(b, &buf, &bytes, APR_BLOCK_READ) == APR_SUCCESS && buf) {
if(ctxt->parser == NULL) {
/*
* for now, always output utf-8; we could incorporate
* mod_proxy_html's output transcoding with little problem if
* necessary
*/
ap_set_content_type(f->r, "text/html;charset=utf-8");
if(!initialize_parser(f, ctxt, &buf, bytes)) {
apr_status_t rv = ap_pass_brigade(ctxt->f->next, bb);
ap_remove_output_filter(f);
return rv;
} else
ap_fputs(f->next, ctxt->bb, ctxt->cfg->doctype);
}
consume_buffer(ctxt, buf, bytes, 0);
}
}
/*ap_fflush(ctxt->f->next, ctxt->bb) ; */ /* uncomment for debug */
apr_brigade_cleanup(bb);
return APR_SUCCESS;
}
static int getsfunc_BRIGADE(char *buf, int len, void *arg)
{
apr_bucket_brigade *bb = (apr_bucket_brigade *)arg;
const char *dst_end = buf + len - 1; /* leave room for terminating null */
char *dst = buf;
apr_bucket *e = APR_BRIGADE_FIRST(bb);
apr_status_t rv;
int done = 0;
while ((dst < dst_end) && !done && e != APR_BRIGADE_SENTINEL(bb)
&& !APR_BUCKET_IS_EOS(e)) {
const char *bucket_data;
apr_size_t bucket_data_len;
const char *src;
const char *src_end;
apr_bucket * next;
rv = apr_bucket_read(e, &bucket_data, &bucket_data_len,
APR_BLOCK_READ);
if (rv != APR_SUCCESS || (bucket_data_len == 0)) {
*dst = '\0';
return APR_STATUS_IS_TIMEUP(rv) ? -1 : 0;
}
src = bucket_data;
src_end = bucket_data + bucket_data_len;
while ((src < src_end) && (dst < dst_end) && !done) {
if (*src == '\n') {
done = 1;
}
else if (*src != '\r') {
*dst++ = *src;
}
src++;
}
if (src < src_end) {
apr_bucket_split(e, src - bucket_data);
}
next = APR_BUCKET_NEXT(e);
apr_bucket_delete(e);
e = next;
}
*dst = 0;
return done;
}
AP_DECLARE(apr_status_t) ap_save_brigade(ap_filter_t *f,
apr_bucket_brigade **saveto,
apr_bucket_brigade **b, apr_pool_t *p)
{
apr_bucket *e;
apr_status_t rv, srv = APR_SUCCESS;
/* If have never stored any data in the filter, then we had better
* create an empty bucket brigade so that we can concat.
*/
if (!(*saveto)) {
*saveto = apr_brigade_create(p, f->c->bucket_alloc);
}
for (e = APR_BRIGADE_FIRST(*b);
e != APR_BRIGADE_SENTINEL(*b);
e = APR_BUCKET_NEXT(e))
{
rv = apr_bucket_setaside(e, p);
/* If the bucket type does not implement setaside, then
* (hopefully) morph it into a bucket type which does, and set
* *that* aside... */
if (rv == APR_ENOTIMPL) {
const char *s;
apr_size_t n;
rv = apr_bucket_read(e, &s, &n, APR_BLOCK_READ);
if (rv == APR_SUCCESS) {
rv = apr_bucket_setaside(e, p);
}
}
if (rv != APR_SUCCESS) {
srv = rv;
/* Return an error but still save the brigade if
* ->setaside() is really not implemented. */
if (rv != APR_ENOTIMPL) {
return rv;
}
}
}
APR_BRIGADE_CONCAT(*saveto, *b);
return srv;
}
int h2_util_bb_has_data_or_eos(apr_bucket_brigade *bb)
{
apr_bucket *b;
for (b = APR_BRIGADE_FIRST(bb);
b != APR_BRIGADE_SENTINEL(bb);
b = APR_BUCKET_NEXT(b))
{
if (APR_BUCKET_IS_METADATA(b)) {
if (APR_BUCKET_IS_EOS(b)) {
return 1;
}
}
else {
return 1;
}
}
return 0;
}
static void discard_script_output(apr_bucket_brigade *bb)
{
apr_bucket *e;
const char *buf;
apr_size_t len;
apr_status_t rv;
e = APR_BRIGADE_FIRST(bb);
while (e != APR_BRIGADE_SENTINEL(bb)) {
if (APR_BUCKET_IS_EOS(e)) {
break;
}
rv = apr_bucket_read(e, &buf, &len, APR_BLOCK_READ);
if (rv != APR_SUCCESS) {
break;
}
e = APR_BUCKET_NEXT(e);
}
}
APU_DECLARE(apr_status_t) apr_brigade_flatten(apr_bucket_brigade *bb,
char *c, apr_size_t *len)
{
apr_size_t actual = 0;
apr_bucket *b;
for (b = APR_BRIGADE_FIRST(bb);
b != APR_BRIGADE_SENTINEL(bb);
b = APR_BUCKET_NEXT(b))
{
const char *str;
apr_size_t str_len;
apr_status_t status;
status = apr_bucket_read(b, &str, &str_len, APR_BLOCK_READ);
if (status != APR_SUCCESS) {
return status;
}
/* If we would overflow. */
if (str_len + actual > *len) {
str_len = *len - actual;
}
/* XXX: It appears that overflow of the final bucket
* is DISCARDED without any warning to the caller.
*
* No, we only copy the data up to their requested size. -- jre
*/
memcpy(c, str, str_len);
c += str_len;
actual += str_len;
/* This could probably be actual == *len, but be safe from stray
* photons. */
if (actual >= *len) {
break;
}
}
*len = actual;
return APR_SUCCESS;
}
int h2_util_has_eos(apr_bucket_brigade *bb, apr_size_t len)
{
apr_bucket *b, *end;
apr_status_t status = last_not_included(bb, len, 0, 0, &end);
if (status != APR_SUCCESS) {
return status;
}
for (b = APR_BRIGADE_FIRST(bb);
b != APR_BRIGADE_SENTINEL(bb) && b != end;
b = APR_BUCKET_NEXT(b))
{
if (APR_BUCKET_IS_EOS(b)) {
return 1;
}
}
return 0;
}
/**
* @internal
*
* "Sniffs" the output (response) data from the connection stream.
*/
static int ironbee_output_filter (ap_filter_t *f, apr_bucket_brigade *bb)
{
apr_bucket *b;
#if 0
conn_rec *c = f->c;
ironbee_conn_context *ctx = f->ctx;
ib_conn_t *iconn = ctx->iconn;
ib_core_cfg_t *corecfg;
int buffering = 0;
/* Configure. */
ib_context_module_config(iconn->ctx, ib_core_module(), (void *)&corecfg);
if (corecfg != NULL) {
buffering = (int)corecfg->buffer_res;
}
#endif
for (b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) {
#if 0
/// @todo Should this be done? Maybe only for proxy?
if (APR_BUCKET_IS_EOS(b)) {
/// @todo Do we need to do this? Maybe only for proxy.
apr_bucket *flush = apr_bucket_flush_create(f->c->bucket_alloc);
APR_BUCKET_INSERT_BEFORE(b, flush);
}
if (buffering) {
/// @todo setaside into our own pool to destroy later???
apr_bucket_setaside(b, c->pool);
process_bucket(f, b);
APR_BUCKET_REMOVE(b);
}
else {
#endif
process_bucket(f, b);
#if 0
}
#endif
}
return ap_pass_brigade(f->next, bb);
}
static int dumpio_output_filter (ap_filter_t *f, apr_bucket_brigade *bb)
{
apr_bucket *b;
conn_rec *c = f->c;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, "mod_dumpio: %s", f->frec->name) ;
for (b = APR_BRIGADE_FIRST(bb); b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) {
/*
* If we ever see an EOS, make sure to FLUSH.
*/
if (APR_BUCKET_IS_EOS(b)) {
apr_bucket *flush = apr_bucket_flush_create(f->c->bucket_alloc);
APR_BUCKET_INSERT_BEFORE(b, flush);
}
dumpit(f, b);
}
return ap_pass_brigade(f->next, bb) ;
}
static apr_status_t urlReplaceFilterOutFilter(ap_filter_t *f,
apr_bucket_brigade *pbbIn)
{
request_rec *r = f->r;
conn_rec *c = r->connection;
apr_bucket *pbktIn;
apr_bucket_brigade *pbbOut;
pbbOut=apr_brigade_create(r->pool, c->bucket_alloc);
for (pbktIn = APR_BRIGADE_FIRST(pbbIn);
pbktIn != APR_BRIGADE_SENTINEL(pbbIn);
pbktIn = APR_BUCKET_NEXT(pbktIn))
{
const char *data;
apr_size_t len;
char *buf;
apr_size_t n;
apr_bucket *pbktOut;
if (APR_BUCKET_IS_EOS(pbktIn))
{
apr_bucket *pbktEOS=apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(pbbOut,pbktEOS);
continue;
}
/* read */
apr_bucket_read(pbktIn,&data,&len,APR_BLOCK_READ);
/* write */
buf = apr_bucket_alloc(len, c->bucket_alloc);
for (n=0 ; n < len ; ++n)
buf[n] = apr_toupper(data[n]);
pbktOut = apr_bucket_heap_create(buf, len, apr_bucket_free,
c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(pbbOut,pbktOut);
}
apr_brigade_cleanup(pbbIn);
return ap_pass_brigade(f->next,pbbOut);
}
APU_DECLARE(apr_status_t) apr_brigade_split_line(apr_bucket_brigade *bbOut,
apr_bucket_brigade *bbIn,
apr_read_type_e block,
apr_off_t maxbytes)
{
apr_off_t readbytes = 0;
while (!APR_BRIGADE_EMPTY(bbIn)) {
const char *pos;
const char *str;
apr_size_t len;
apr_status_t rv;
apr_bucket *e;
e = APR_BRIGADE_FIRST(bbIn);
rv = apr_bucket_read(e, &str, &len, block);
if (rv != APR_SUCCESS) {
return rv;
}
pos = memchr(str, APR_ASCII_LF, len);
/* We found a match. */
if (pos != NULL) {
apr_bucket_split(e, pos - str + 1);
APR_BUCKET_REMOVE(e);
APR_BRIGADE_INSERT_TAIL(bbOut, e);
return APR_SUCCESS;
}
APR_BUCKET_REMOVE(e);
APR_BRIGADE_INSERT_TAIL(bbOut, e);
readbytes += len;
/* We didn't find an APR_ASCII_LF within the maximum line length. */
if (readbytes >= maxbytes) {
break;
}
}
return APR_SUCCESS;
}
static apr_status_t consume_brigade(h2_filter_cin *cin,
apr_bucket_brigade *bb,
apr_read_type_e block)
{
apr_status_t status = APR_SUCCESS;
apr_size_t readlen = 0;
while (status == APR_SUCCESS && !APR_BRIGADE_EMPTY(bb)) {
apr_bucket* bucket = APR_BRIGADE_FIRST(bb);
if (APR_BUCKET_IS_METADATA(bucket)) {
/* we do nothing regarding any meta here */
}
else {
const char *bucket_data = NULL;
apr_size_t bucket_length = 0;
status = apr_bucket_read(bucket, &bucket_data,
&bucket_length, block);
if (status == APR_SUCCESS && bucket_length > 0) {
apr_size_t consumed = 0;
status = cin->cb(cin->cb_ctx, bucket_data, bucket_length, &consumed);
if (status == APR_SUCCESS && bucket_length > consumed) {
/* We have data left in the bucket. Split it. */
status = apr_bucket_split(bucket, consumed);
}
readlen += consumed;
cin->start_read = apr_time_now();
}
}
apr_bucket_delete(bucket);
}
if (readlen == 0 && status == APR_SUCCESS && block == APR_NONBLOCK_READ) {
return APR_EAGAIN;
}
return status;
}
static void filter_trace(conn_rec *c, int debug, const char *fname,
apr_bucket_brigade *bb)
{
apr_bucket *b;
switch (debug) {
case 0: /* normal, operational use */
return;
case 1: /* mod_diagnostics level */
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(01375) "%s", fname);
for (b = APR_BRIGADE_FIRST(bb);
b != APR_BRIGADE_SENTINEL(bb);
b = APR_BUCKET_NEXT(b)) {
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(01376)
"%s: type: %s, length: %" APR_SIZE_T_FMT,
fname, b->type->name ? b->type->name : "(unknown)",
b->length);
}
break;
}
}
static apr_status_t brigade_peek(apr_bucket_brigade *bbIn,
char *buff, apr_size_t bufflen)
{
apr_bucket *b;
apr_size_t readbytes = 0;
if (bufflen--)
/* compensate for NULL */
*buff = '\0';
else
return APR_EGENERAL;
if (APR_BRIGADE_EMPTY(bbIn))
return APR_EGENERAL;
b = APR_BRIGADE_FIRST(bbIn);
while ((b != APR_BRIGADE_SENTINEL(bbIn)) && (readbytes < bufflen)) {
const char *pos;
const char *str;
apr_size_t len;
apr_status_t rv;
if ((rv = apr_bucket_read(b, &str, &len, APR_NONBLOCK_READ))
!= APR_SUCCESS)
return rv;
if ((pos = memchr(str, APR_ASCII_LF, len)) != NULL)
len = pos - str;
if (len > bufflen - readbytes)
len = bufflen - readbytes;
memcpy (buff + readbytes, str, len);
readbytes += len;
buff[readbytes] = '\0';
b = APR_BUCKET_NEXT(b);
}
return APR_SUCCESS;
}
/**
* Monitor outbound data and count buckets. This will help us determine
* if input data is fragmented (we see more than one inbound bucket before
* we see one outbound bucket).
*/
static apr_status_t mod_sslhaf_out_filter(ap_filter_t *f, apr_bucket_brigade *bb) {
sslhaf_cfg_t *cfg = ap_get_module_config(f->c->conn_config,
&sslhaf_module);
apr_status_t status;
apr_bucket *bucket;
// Return straight away if there's no configuration
if (cfg == NULL) {
return ap_pass_brigade(f->next, bb);
}
// Loop through the buckets
for (bucket = APR_BRIGADE_FIRST(bb);
bucket != APR_BRIGADE_SENTINEL(bb);
bucket = APR_BUCKET_NEXT(bucket))
{
const char *buf = NULL;
apr_size_t buflen = 0;
if (!(APR_BUCKET_IS_METADATA(bucket))) {
// Get bucket data
status = apr_bucket_read(bucket, &buf, &buflen, APR_BLOCK_READ);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, status, f->c->base_server,
"mod_sslhaf [%s]: Error while reading output bucket",
SSLHAF_AP_CONN_REMOTE_IP(f->c));
return status;
}
// Count output buckets
cfg->out_bucket_count++;
}
}
return ap_pass_brigade(f->next, bb);
}
/**
* @internal
*
* "Sniffs" the input (request) data from the connection stream and tries
* to determine who closed a connection and why.
*/
static int ironbee_input_filter(ap_filter_t *f, apr_bucket_brigade *bb,
ap_input_mode_t mode, apr_read_type_e block,
apr_off_t readbytes)
{
conn_rec *c = f->c;
ironbee_conn_context *ctx = f->ctx;
ib_conn_t *iconn = ctx->iconn;
ib_core_cfg_t *corecfg;
ib_stream_t *istream;
apr_bucket *b;
apr_status_t rc;
int buffering = 0;
/* Any mode not handled just gets passed through. */
if ((mode != AP_MODE_GETLINE) && (mode != AP_MODE_READBYTES)) {
return ap_get_brigade(f->next, bb, mode, block, readbytes);
}
/* Configure. */
ib_context_module_config(iconn->ctx, ib_core_module(), (void *)&corecfg);
if (corecfg != NULL) {
buffering = (int)corecfg->buffer_req;
}
/* When buffering, data is removed from the brigade and handed
* to IronBee. The filter must not return an empty brigade in this
* case and keeps reading until there is processed data that comes
* back from IronBee.
*/
do {
ib_tx_t *itx = iconn->tx;
/* If there is any processed data, then send it now. */
if (buffering && (itx != NULL)) {
ib_sdata_t *sdata;
/* Take any data from the drain (processed data) and
* inject it back into the filter brigade.
*/
ib_fctl_drain(itx->fctl, &istream);
if ((istream != NULL) && (istream->nelts > 0)) {
int done = 0;
while (!done) {
apr_bucket *ibucket = NULL;
/// @todo Handle multi-bucket lines
if (mode == AP_MODE_GETLINE) {
done = 1;
}
ib_stream_pull(istream, &sdata);
if (sdata == NULL) {
/* No more data left. */
break;
}
switch (sdata->type) {
case IB_STREAM_DATA:
#ifdef IB_DEBUG
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
IB_PRODUCT_NAME ": DATA[%d]: %.*s", (int)sdata->dlen, (int)sdata->dlen, (char *)sdata->data);
#endif
/// @todo Is this creating a copy? Just need a reference.
ibucket = apr_bucket_heap_create(sdata->data,
sdata->dlen,
NULL,
bb->bucket_alloc);
break;
case IB_STREAM_FLUSH:
#ifdef IB_DEBUG
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
IB_PRODUCT_NAME ": FLUSH");
#endif
ibucket = apr_bucket_flush_create(bb->bucket_alloc);
break;
case IB_STREAM_EOH:
#ifdef IB_DEBUG
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
IB_PRODUCT_NAME ": EOH");
#endif
/// @todo Do something here???
break;
case IB_STREAM_EOB:
#ifdef IB_DEBUG
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
IB_PRODUCT_NAME ": EOB");
#endif
/// @todo Do something here???
break;
case IB_STREAM_EOS:
#ifdef IB_DEBUG
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
IB_PRODUCT_NAME ": EOS");
#endif
ibucket = apr_bucket_eos_create(bb->bucket_alloc);
break;
default:
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
IB_PRODUCT_NAME ": UNKNOWN stream data type %d", sdata->type);
}
if (ibucket != NULL) {
APR_BRIGADE_INSERT_TAIL(bb, ibucket);
}
}
/* Need to send any processed data to avoid deadlock. */
if (!APR_BRIGADE_EMPTY(bb)) {
return APR_SUCCESS;
}
}
}
/* Fetch data from the next filter. */
if (buffering) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
"FETCH BRIGADE (buffering)");
/* Normally Apache will request the headers line-by-line, but
* IronBee does not require this. So, here the request is
* fetched with READBYTES and IronBee will then break
* it back up into lines when it is injected back into
* the brigade after the data is processed.
*/
rc = ap_get_brigade(f->next,
bb,
AP_MODE_READBYTES,
block,
HUGE_STRING_LEN);
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
"FETCH BRIGADE (non-buffering)");
rc = ap_get_brigade(f->next, bb, mode, block, readbytes);
}
/* Check for any timeouts/disconnects/errors. */
if (APR_STATUS_IS_TIMEUP(rc)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
IB_PRODUCT_NAME ": %s server closed connection (%d)",
f->frec->name, rc);
ap_remove_input_filter(f);
return rc;
}
else if (APR_STATUS_IS_EOF(rc) || apr_get_os_error() == ECONNRESET) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
IB_PRODUCT_NAME ": %s client closed connection (%d)",
f->frec->name, rc);
ap_remove_input_filter(f);
return rc;
}
else if (rc != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
IB_PRODUCT_NAME ": %s returned %d (0x%08x) - %s",
f->frec->name, rc, rc, strerror(apr_get_os_error()));
return rc;
}
/* Process data. */
for (b = APR_BRIGADE_FIRST(bb);
b != APR_BRIGADE_SENTINEL(bb);
b = APR_BUCKET_NEXT(b))
{
if (buffering) {
/// @todo setaside into our own pool to destroy later???
apr_bucket_setaside(b, c->pool);
process_bucket(f, b);
APR_BUCKET_REMOVE(b);
}
else {
process_bucket(f, b);
}
}
} while (buffering);
return APR_SUCCESS;
}
AP_DECLARE(int) ap_xml_parse_input(request_rec * r, apr_xml_doc **pdoc)
{
apr_xml_parser *parser;
apr_bucket_brigade *brigade;
int seen_eos;
apr_status_t status;
char errbuf[200];
apr_size_t total_read = 0;
apr_size_t limit_xml_body = ap_get_limit_xml_body(r);
int result = HTTP_BAD_REQUEST;
parser = apr_xml_parser_create(r->pool);
brigade = apr_brigade_create(r->pool, r->connection->bucket_alloc);
seen_eos = 0;
total_read = 0;
do {
apr_bucket *bucket;
/* read the body, stuffing it into the parser */
status = ap_get_brigade(r->input_filters, brigade,
AP_MODE_READBYTES, APR_BLOCK_READ,
READ_BLOCKSIZE);
if (status != APR_SUCCESS) {
goto read_error;
}
for (bucket = APR_BRIGADE_FIRST(brigade);
bucket != APR_BRIGADE_SENTINEL(brigade);
bucket = APR_BUCKET_NEXT(bucket))
{
const char *data;
apr_size_t len;
if (APR_BUCKET_IS_EOS(bucket)) {
seen_eos = 1;
break;
}
if (APR_BUCKET_IS_METADATA(bucket)) {
continue;
}
status = apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ);
if (status != APR_SUCCESS) {
goto read_error;
}
total_read += len;
if (limit_xml_body && total_read > limit_xml_body) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00539)
"XML request body is larger than the configured "
"limit of %lu", (unsigned long)limit_xml_body);
result = HTTP_REQUEST_ENTITY_TOO_LARGE;
goto read_error;
}
status = apr_xml_parser_feed(parser, data, len);
if (status) {
goto parser_error;
}
}
apr_brigade_cleanup(brigade);
} while (!seen_eos);
apr_brigade_destroy(brigade);
/* tell the parser that we're done */
status = apr_xml_parser_done(parser, pdoc);
if (status) {
/* Some parsers are stupid and return an error on blank documents. */
if (!total_read) {
*pdoc = NULL;
return OK;
}
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00540)
"XML parser error (at end). status=%d", status);
return HTTP_BAD_REQUEST;
}
#if APR_CHARSET_EBCDIC
apr_xml_parser_convert_doc(r->pool, *pdoc, ap_hdrs_from_ascii);
#endif
return OK;
parser_error:
(void) apr_xml_parser_geterror(parser, errbuf, sizeof(errbuf));
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00541)
"XML Parser Error: %s", errbuf);
/* FALLTHRU */
read_error:
/* make sure the parser is terminated */
(void) apr_xml_parser_done(parser, NULL);
apr_brigade_destroy(brigade);
/* Apache will supply a default error, plus the error log above. */
return result;
}
static apr_status_t substitute_filter(ap_filter_t *f, apr_bucket_brigade *bb)
{
apr_size_t bytes;
apr_size_t len;
apr_size_t fbytes;
const char *buff;
const char *nl = NULL;
char *bflat;
apr_bucket *b;
apr_bucket *tmp_b;
apr_bucket_brigade *tmp_bb = NULL;
apr_status_t rv;
subst_dir_conf *cfg =
(subst_dir_conf *) ap_get_module_config(f->r->per_dir_config,
&substitute_module);
substitute_module_ctx *ctx = f->ctx;
/*
* First time around? Create the saved bb that we used for each pass
* through. Note that we can also get here when we explicitly clear ctx,
* for error handling
*/
if (!ctx) {
f->ctx = ctx = apr_pcalloc(f->r->pool, sizeof(*ctx));
/*
* Create all the temporary brigades we need and reuse them to avoid
* creating them over and over again from r->pool which would cost a
* lot of memory in some cases.
*/
ctx->linebb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
ctx->linesbb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
ctx->pattbb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
/*
* Everything to be passed to the next filter goes in
* here, our pass brigade.
*/
ctx->passbb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
/* Create our temporary pool only once */
apr_pool_create(&(ctx->tpool), f->r->pool);
apr_table_unset(f->r->headers_out, "Content-Length");
}
/*
* Shortcircuit processing
*/
if (APR_BRIGADE_EMPTY(bb))
return APR_SUCCESS;
/*
* Here's the concept:
* Read in the data and look for newlines. Once we
* find a full "line", add it to our working brigade.
* If we've finished reading the brigade and we have
* any left over data (not a "full" line), store that
* for the next pass.
*
* Note: anything stored in ctx->linebb for sure does not have
* a newline char, so we don't concat that bb with the
* new bb, since we would spending time searching for the newline
* in data we know it doesn't exist. So instead, we simply scan
* our current bb and, if we see a newline, prepend ctx->linebb
* to the front of it. This makes the code much less straight-
* forward (otherwise we could APR_BRIGADE_CONCAT(ctx->linebb, bb)
* and just scan for newlines and not bother with needing to know
* when ctx->linebb needs to be reset) but also faster. We'll take
* the speed.
*
* Note: apr_brigade_split_line would be nice here, but we
* really can't use it since we need more control and we want
* to re-use already read bucket data.
*
* See mod_include if still confused :)
*/
while ((b = APR_BRIGADE_FIRST(bb)) && (b != APR_BRIGADE_SENTINEL(bb))) {
if (APR_BUCKET_IS_EOS(b)) {
/*
* if we see the EOS, then we need to pass along everything we
* have. But if the ctx->linebb isn't empty, then we need to add
* that to the end of what we'll be passing.
*/
if (!APR_BRIGADE_EMPTY(ctx->linebb)) {
rv = apr_brigade_pflatten(ctx->linebb, &bflat,
&fbytes, ctx->tpool);
if (rv != APR_SUCCESS)
goto err;
if (fbytes > cfg->max_line_length) {
rv = APR_ENOMEM;
goto err;
}
tmp_b = apr_bucket_transient_create(bflat, fbytes,
f->r->connection->bucket_alloc);
rv = do_pattmatch(f, tmp_b, ctx->pattbb, ctx->tpool);
if (rv != APR_SUCCESS)
goto err;
APR_BRIGADE_CONCAT(ctx->passbb, ctx->pattbb);
apr_brigade_cleanup(ctx->linebb);
}
APR_BUCKET_REMOVE(b);
APR_BRIGADE_INSERT_TAIL(ctx->passbb, b);
}
/*
* No need to handle FLUSH buckets separately as we call
* ap_pass_brigade anyway at the end of the loop.
*/
else if (APR_BUCKET_IS_METADATA(b)) {
APR_BUCKET_REMOVE(b);
APR_BRIGADE_INSERT_TAIL(ctx->passbb, b);
}
else {
/*
* We have actual "data" so read in as much as we can and start
* scanning and splitting from our read buffer
*/
rv = apr_bucket_read(b, &buff, &bytes, APR_BLOCK_READ);
if (rv != APR_SUCCESS || bytes == 0) {
apr_bucket_delete(b);
}
else {
int num = 0;
while (bytes > 0) {
nl = memchr(buff, APR_ASCII_LF, bytes);
if (nl) {
len = (apr_size_t) (nl - buff) + 1;
/* split *after* the newline */
apr_bucket_split(b, len);
/*
* We've likely read more data, so bypass rereading
* bucket data and continue scanning through this
* buffer
*/
bytes -= len;
buff += len;
/*
* we need b to be updated for future potential
* splitting
*/
tmp_b = APR_BUCKET_NEXT(b);
APR_BUCKET_REMOVE(b);
/*
* Hey, we found a newline! Don't forget the old
* stuff that needs to be added to the front. So we
* add the split bucket to the end, flatten the whole
* bb, morph the whole shebang into a bucket which is
* then added to the tail of the newline bb.
*/
if (!APR_BRIGADE_EMPTY(ctx->linebb)) {
APR_BRIGADE_INSERT_TAIL(ctx->linebb, b);
rv = apr_brigade_pflatten(ctx->linebb, &bflat,
&fbytes, ctx->tpool);
if (rv != APR_SUCCESS)
goto err;
if (fbytes > cfg->max_line_length) {
/* Avoid pflattening further lines, we will
* abort later on anyway.
*/
rv = APR_ENOMEM;
goto err;
}
b = apr_bucket_transient_create(bflat, fbytes,
f->r->connection->bucket_alloc);
apr_brigade_cleanup(ctx->linebb);
}
rv = do_pattmatch(f, b, ctx->pattbb, ctx->tpool);
if (rv != APR_SUCCESS)
goto err;
/*
* Count how many buckets we have in ctx->passbb
* so far. Yes, this is correct we count ctx->passbb
* and not ctx->pattbb as we do not reset num on every
* iteration.
*/
for (b = APR_BRIGADE_FIRST(ctx->pattbb);
b != APR_BRIGADE_SENTINEL(ctx->pattbb);
b = APR_BUCKET_NEXT(b)) {
num++;
}
APR_BRIGADE_CONCAT(ctx->passbb, ctx->pattbb);
/*
* If the number of buckets in ctx->passbb reaches an
* "insane" level, we consume much memory for all the
* buckets as such. So lets flush them down the chain
* in this case and thus clear ctx->passbb. This frees
* the buckets memory for further processing.
* Usually this condition should not become true, but
* it is a safety measure for edge cases.
*/
if (num > AP_MAX_BUCKETS) {
b = apr_bucket_flush_create(
f->r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(ctx->passbb, b);
rv = ap_pass_brigade(f->next, ctx->passbb);
apr_brigade_cleanup(ctx->passbb);
num = 0;
apr_pool_clear(ctx->tpool);
if (rv != APR_SUCCESS)
goto err;
}
b = tmp_b;
}
else {
/*
* no newline in whatever is left of this buffer so
* tuck data away and get next bucket
*/
APR_BUCKET_REMOVE(b);
APR_BRIGADE_INSERT_TAIL(ctx->linebb, b);
bytes = 0;
}
}
}
}
if (!APR_BRIGADE_EMPTY(ctx->passbb)) {
rv = ap_pass_brigade(f->next, ctx->passbb);
apr_brigade_cleanup(ctx->passbb);
if (rv != APR_SUCCESS)
goto err;
}
apr_pool_clear(ctx->tpool);
}
/* Anything left we want to save/setaside for the next go-around */
if (!APR_BRIGADE_EMPTY(ctx->linebb)) {
/*
* Provide ap_save_brigade with an existing empty brigade
* (ctx->linesbb) to avoid creating a new one.
*/
ap_save_brigade(f, &(ctx->linesbb), &(ctx->linebb), f->r->pool);
tmp_bb = ctx->linebb;
ctx->linebb = ctx->linesbb;
ctx->linesbb = tmp_bb;
}
return APR_SUCCESS;
err:
if (rv == APR_ENOMEM)
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r, APLOGNO(01328) "Line too long, URI %s",
f->r->uri);
apr_pool_clear(ctx->tpool);
return rv;
}
static apr_status_t store_body(cache_handle_t *h, request_rec *r,
apr_bucket_brigade *bb)
{
apr_bucket *e;
apr_status_t rv;
disk_cache_object_t *dobj = (disk_cache_object_t *) h->cache_obj->vobj;
disk_cache_conf *conf = ap_get_module_config(r->server->module_config,
&disk_cache_module);
/* We write to a temp file and then atomically rename the file over
* in file_cache_el_final().
*/
if (!dobj->tfd) {
rv = apr_file_mktemp(&dobj->tfd, dobj->tempfile,
APR_CREATE | APR_WRITE | APR_BINARY |
APR_BUFFERED | APR_EXCL, r->pool);
if (rv != APR_SUCCESS) {
return rv;
}
dobj->file_size = 0;
}
for (e = APR_BRIGADE_FIRST(bb);
e != APR_BRIGADE_SENTINEL(bb);
e = APR_BUCKET_NEXT(e))
{
const char *str;
apr_size_t length, written;
rv = apr_bucket_read(e, &str, &length, APR_BLOCK_READ);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"cache_disk: Error when reading bucket for URL %s",
h->cache_obj->key);
/* Remove the intermediate cache file and return non-APR_SUCCESS */
file_cache_errorcleanup(dobj, r);
return rv;
}
rv = apr_file_write_full(dobj->tfd, str, length, &written);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"cache_disk: Error when writing cache file for URL %s",
h->cache_obj->key);
/* Remove the intermediate cache file and return non-APR_SUCCESS */
file_cache_errorcleanup(dobj, r);
return rv;
}
dobj->file_size += written;
if (dobj->file_size > conf->maxfs) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"cache_disk: URL %s failed the size check "
"(%" APR_OFF_T_FMT " > %" APR_OFF_T_FMT ")",
h->cache_obj->key, dobj->file_size, conf->maxfs);
/* Remove the intermediate cache file and return non-APR_SUCCESS */
file_cache_errorcleanup(dobj, r);
return APR_EGENERAL;
}
}
/* Was this the final bucket? If yes, close the temp file and perform
* sanity checks.
*/
if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) {
if (r->connection->aborted || r->no_cache) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"disk_cache: Discarding body for URL %s "
"because connection has been aborted.",
h->cache_obj->key);
/* Remove the intermediate cache file and return non-APR_SUCCESS */
file_cache_errorcleanup(dobj, r);
return APR_EGENERAL;
}
if (dobj->file_size < conf->minfs) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"cache_disk: URL %s failed the size check "
"(%" APR_OFF_T_FMT " < %" APR_OFF_T_FMT ")",
h->cache_obj->key, dobj->file_size, conf->minfs);
/* Remove the intermediate cache file and return non-APR_SUCCESS */
file_cache_errorcleanup(dobj, r);
return APR_EGENERAL;
}
/* All checks were fine. Move tempfile to final destination */
/* Link to the perm file, and close the descriptor */
file_cache_el_final(dobj, r);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"disk_cache: Body for URL %s cached.", dobj->name);
}
return APR_SUCCESS;
}
static am_status_t get_request_body(am_request_t *rq) {
const char *thisfunc = "get_request_body():";
request_rec *r = (request_rec *) (rq != NULL ? rq->ctx : NULL);
apr_bucket_brigade *bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
int eos_found = 0, read_bytes = 0;
apr_status_t read_status = 0;
am_status_t status = AM_ERROR;
char *out = NULL;
if (r == NULL || rq == NULL) {
return AM_EINVAL;
}
do {
apr_bucket *ob;
read_status = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
APR_BLOCK_READ, HUGE_STRING_LEN);
if (read_status != APR_SUCCESS) {
if (out != NULL) free(out);
return AM_ERROR;
}
ob = APR_BRIGADE_FIRST(bb);
while (ob != APR_BRIGADE_SENTINEL(bb)) {
const char *data;
apr_size_t data_size;
if (APR_BUCKET_IS_EOS(ob)) {
eos_found = 1;
break;
}
if (APR_BUCKET_IS_FLUSH(ob)) {
continue;
}
/* read data */
apr_bucket_read(ob, &data, &data_size, APR_BLOCK_READ);
/* process data */
out = realloc(out, read_bytes + data_size + 1);
if (out == NULL) {
status = AM_ENOMEM;
eos_found = 1;
break;
}
memcpy(out + read_bytes, data, data_size);
read_bytes += (int) data_size;
out[read_bytes] = 0;
ob = APR_BUCKET_NEXT(ob);
status = AM_SUCCESS;
}
apr_brigade_destroy(bb);
} while (eos_found == 0);
apr_brigade_destroy(bb);
rq->post_data = out;
rq->post_data_sz = read_bytes;
if (status == AM_SUCCESS) {
am_log_debug(rq->instance_id, "%s read %d bytes \n%s", thisfunc,
read_bytes, LOGEMPTY(out));
/* remove the content length since the body has been read */
r->clength = 0;
apr_table_unset(r->headers_in, "Content-Length");
}
return status;
}
static apr_status_t do_pattmatch(ap_filter_t *f, apr_bucket *inb,
apr_bucket_brigade *mybb,
apr_pool_t *pool)
{
int i;
int force_quick = 0;
ap_regmatch_t regm[AP_MAX_REG_MATCH];
apr_size_t bytes;
apr_size_t len;
const char *buff;
struct ap_varbuf vb;
apr_bucket *b;
apr_bucket *tmp_b;
subst_dir_conf *cfg =
(subst_dir_conf *) ap_get_module_config(f->r->per_dir_config,
&substitute_module);
subst_pattern_t *script;
APR_BRIGADE_INSERT_TAIL(mybb, inb);
ap_varbuf_init(pool, &vb, 0);
script = (subst_pattern_t *) cfg->patterns->elts;
/*
* Simple optimization. If we only have one pattern, then
* we can safely avoid the overhead of flattening
*/
if (cfg->patterns->nelts == 1) {
force_quick = 1;
}
for (i = 0; i < cfg->patterns->nelts; i++) {
for (b = APR_BRIGADE_FIRST(mybb);
b != APR_BRIGADE_SENTINEL(mybb);
b = APR_BUCKET_NEXT(b)) {
if (APR_BUCKET_IS_METADATA(b)) {
/*
* we should NEVER see this, because we should never
* be passed any, but "handle" it just in case.
*/
continue;
}
if (apr_bucket_read(b, &buff, &bytes, APR_BLOCK_READ)
== APR_SUCCESS) {
int have_match = 0;
vb.strlen = 0;
if (script->pattern) {
const char *repl;
/*
* space_left counts how many bytes we have left until the
* line length reaches max_line_length.
*/
apr_size_t space_left = cfg->max_line_length;
apr_size_t repl_len = strlen(script->replacement);
while ((repl = apr_strmatch(script->pattern, buff, bytes)))
{
have_match = 1;
/* get offset into buff for pattern */
len = (apr_size_t) (repl - buff);
if (script->flatten && !force_quick) {
/*
* We are flattening the buckets here, meaning
* that we don't do the fast bucket splits.
* Instead we copy over what the buckets would
* contain and use them. This is slow, since we
* are constanting allocing space and copying
* strings.
*/
if (vb.strlen + len + repl_len > cfg->max_line_length)
return APR_ENOMEM;
ap_varbuf_strmemcat(&vb, buff, len);
ap_varbuf_strmemcat(&vb, script->replacement, repl_len);
}
else {
/*
* The string before the match but after the
* previous match (if any) has length 'len'.
* Check if we still have space for this string and
* the replacement string.
*/
if (space_left < len + repl_len)
return APR_ENOMEM;
space_left -= len + repl_len;
/*
* We now split off the string before the match
* as its own bucket, then isolate the matched
* string and delete it.
*/
SEDRMPATBCKT(b, len, tmp_b, script->patlen);
/*
* Finally, we create a bucket that contains the
* replacement...
*/
tmp_b = apr_bucket_transient_create(script->replacement,
script->replen,
f->r->connection->bucket_alloc);
/* ... and insert it */
APR_BUCKET_INSERT_BEFORE(b, tmp_b);
}
/* now we need to adjust buff for all these changes */
len += script->patlen;
bytes -= len;
buff += len;
}
if (have_match) {
if (script->flatten && !force_quick) {
/* XXX: we should check for AP_MAX_BUCKETS here and
* XXX: call ap_pass_brigade accordingly
*/
char *copy = ap_varbuf_pdup(pool, &vb, NULL, 0,
buff, bytes, &len);
tmp_b = apr_bucket_pool_create(copy, len, pool,
f->r->connection->bucket_alloc);
APR_BUCKET_INSERT_BEFORE(b, tmp_b);
apr_bucket_delete(b);
b = tmp_b;
}
else {
/*
* We want the behaviour to be predictable.
* Therefore we try to always error out if the
* line length is larger than the limit,
* regardless of the content of the line. So,
* let's check if the remaining non-matching
* string does not exceed the limit.
*/
if (space_left < b->length)
return APR_ENOMEM;
}
}
}
else if (script->regexp) {
int left = bytes;
const char *pos = buff;
char *repl;
apr_size_t space_left = cfg->max_line_length;
while (!ap_regexec_len(script->regexp, pos, left,
AP_MAX_REG_MATCH, regm, 0)) {
apr_status_t rv;
have_match = 1;
if (script->flatten && !force_quick) {
/* check remaining buffer size */
/* Note that the last param in ap_varbuf_regsub below
* must stay positive. If it gets 0, it would mean
* unlimited space available. */
if (vb.strlen + regm[0].rm_so >= cfg->max_line_length)
return APR_ENOMEM;
/* copy bytes before the match */
if (regm[0].rm_so > 0)
ap_varbuf_strmemcat(&vb, pos, regm[0].rm_so);
/* add replacement string, last argument is unsigned! */
rv = ap_varbuf_regsub(&vb, script->replacement, pos,
AP_MAX_REG_MATCH, regm,
cfg->max_line_length - vb.strlen);
if (rv != APR_SUCCESS)
return rv;
}
else {
apr_size_t repl_len;
/* acount for string before the match */
if (space_left <= regm[0].rm_so)
return APR_ENOMEM;
space_left -= regm[0].rm_so;
rv = ap_pregsub_ex(pool, &repl,
script->replacement, pos,
AP_MAX_REG_MATCH, regm,
space_left);
if (rv != APR_SUCCESS)
return rv;
repl_len = strlen(repl);
space_left -= repl_len;
len = (apr_size_t) (regm[0].rm_eo - regm[0].rm_so);
SEDRMPATBCKT(b, regm[0].rm_so, tmp_b, len);
tmp_b = apr_bucket_transient_create(repl, repl_len,
f->r->connection->bucket_alloc);
APR_BUCKET_INSERT_BEFORE(b, tmp_b);
}
/*
* reset to past what we just did. pos now maps to b
* again
*/
pos += regm[0].rm_eo;
left -= regm[0].rm_eo;
}
if (have_match && script->flatten && !force_quick) {
char *copy;
/* Copy result plus the part after the last match into
* a bucket.
*/
copy = ap_varbuf_pdup(pool, &vb, NULL, 0, pos, left,
&len);
tmp_b = apr_bucket_pool_create(copy, len, pool,
f->r->connection->bucket_alloc);
APR_BUCKET_INSERT_BEFORE(b, tmp_b);
apr_bucket_delete(b);
b = tmp_b;
}
}
else {
ap_assert(0);
continue;
}
}
}
script++;
}
ap_varbuf_free(&vb);
return APR_SUCCESS;
}
static int aikido_handler(request_rec *r)
{
apr_bucket_brigade *bb;
apr_bucket *b;
int seen_eos, child_stopped_reading;
apr_pool_t *p;
apr_status_t rv;
conn_rec *c = r->connection;
void *aikidoreq;
int inpipes[2];
int outpipes[2];
apr_file_t *infile;
apr_file_t *outfile;
int e;
pthread_t tid;
pthread_attr_t attrs;
ThreadData tdata;
void *tresult;
if (aikido == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"mod_aikido failed to initalize");
return HTTP_INTERNAL_SERVER_ERROR;
}
p = r->main ? r->main->pool : r->pool;
if (r->method_number == M_OPTIONS) {
r->allowed |= (AP_METHOD_BIT << M_GET);
r->allowed |= (AP_METHOD_BIT << M_POST);
return DECLINED;
}
// create the request object
aikidoreq = aikido_new_request (r);
if (!aikido_check_uri(aikido, aikidoreq)) {
aikido_delete_request (aikidoreq);
return DECLINED;
}
e = socketpair (AF_UNIX, SOCK_STREAM, 0, inpipes);
e |= socketpair (AF_UNIX, SOCK_STREAM, 0, outpipes);
if (e != 0) {
perror ("socketpair");
aikido_delete_request (aikidoreq);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"Failed to create pipes");
return HTTP_INTERNAL_SERVER_ERROR;
}
// redirect the output from the webapp to our outfile
apr_os_file_put (&outfile, &outpipes[0], O_RDONLY, r->pool); // open for reading from outpipes pipe
// redirect the input to the webapp from out infile
apr_os_file_put (&infile, &inpipes[1], O_CREAT | O_WRONLY, r->pool); // open for writing to inpipes pipe
ap_add_common_vars(r);
ap_add_cgi_vars(r);
bb = apr_brigade_create(r->pool, c->bucket_alloc);
seen_eos = 0;
child_stopped_reading = 0;
do {
apr_bucket *bucket;
rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
APR_BLOCK_READ, HUGE_STRING_LEN);
if (rv != APR_SUCCESS) {
close (inpipes[0]);
close (inpipes[1]);
close (outpipes[0]);
close (outpipes[1]);
aikido_delete_request (aikidoreq);
return rv;
}
bucket = APR_BRIGADE_FIRST(bb);
while (bucket != APR_BRIGADE_SENTINEL(bb)) {
const char *data;
apr_size_t len;
if (APR_BUCKET_IS_EOS(bucket)) {
seen_eos = 1;
break;
}
/* We can't do much with this. */
if (APR_BUCKET_IS_FLUSH(bucket)) {
continue;
}
/* If the child stopped, we still must read to EOS. */
if (child_stopped_reading) {
continue;
}
/* read */
apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ);
/* Keep writing data to the child until done or too much time
* elapses with no progress or an error occurs.
*/
rv = apr_file_write_full(infile, data, len, NULL);
if (rv != APR_SUCCESS) {
/* silly script stopped reading, soak up remaining message */
child_stopped_reading = 1;
}
bucket = APR_BUCKET_NEXT(bucket);
}
apr_brigade_cleanup(bb);
}
while (!seen_eos);
/* Is this flush really needed? */
apr_file_flush(infile);
apr_file_close(infile);
apr_brigade_cleanup(bb);
/* start the reader thread */
e = pthread_attr_init (&attrs);
if (e != 0) {
close (inpipes[0]);
close (inpipes[1]);
close (outpipes[0]);
close (outpipes[1]);
aikido_delete_request (aikidoreq);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"Failed to allocate script thread attributes");
return HTTP_INTERNAL_SERVER_ERROR;
}
e = pthread_attr_setdetachstate (&attrs, PTHREAD_CREATE_JOINABLE) ;
if (e != 0) {
close (inpipes[0]);
close (inpipes[1]);
close (outpipes[0]);
close (outpipes[1]);
aikido_delete_request (aikidoreq);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"Failed to set script thread attributes");
return HTTP_INTERNAL_SERVER_ERROR;
}
tdata.req = aikidoreq;
tdata.in = inpipes[0];
tdata.out = outpipes[1];
e = pthread_create (&tid, NULL, script_thread, &tdata) ;
if (e != 0) {
close (inpipes[0]);
close (inpipes[1]);
close (outpipes[0]);
close (outpipes[1]);
aikido_delete_request (aikidoreq);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"Failed to run script thread");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* script thread is now executing script with i/o redirected to the pipes */
/* read the script output from the pipe*/
apr_file_pipe_timeout_set(outfile, 0);
b = aikido_bucket_create(r, outfile, c->bucket_alloc);
if (b == NULL) {
pthread_join (tid, &tresult); /* wait for script to complete */
close (inpipes[0]);
close (inpipes[1]);
close (outpipes[0]);
close (outpipes[1]);
aikido_delete_request (aikidoreq);
return HTTP_INTERNAL_SERVER_ERROR;
}
APR_BRIGADE_INSERT_TAIL(bb, b);
b = apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, b);
ap_pass_brigade(r->output_filters, bb);
/* wait for the script thread to complete */
pthread_join (tid, &tresult);
/* terminate script output */
close (inpipes[0]);
close (inpipes[1]);
close (outpipes[0]);
close (outpipes[1]);
/* delete the aikido request objects */
aikido_delete_request (aikidoreq);
return OK;
}
apr_status_t proc_write_ipc(fcgid_ipc * ipc_handle,
apr_bucket_brigade * birgade_send)
{
fcgid_namedpipe_handle *handle_info;
apr_bucket *bucket_request;
apr_status_t rv;
DWORD transferred;
handle_info = (fcgid_namedpipe_handle *) ipc_handle->ipc_handle_info;
for (bucket_request = APR_BRIGADE_FIRST(birgade_send);
bucket_request != APR_BRIGADE_SENTINEL(birgade_send);
bucket_request = APR_BUCKET_NEXT(bucket_request))
{
const char *write_buf;
apr_size_t write_buf_len;
apr_size_t has_write;
if (APR_BUCKET_IS_METADATA(bucket_request))
continue;
if ((rv = apr_bucket_read(bucket_request, &write_buf, &write_buf_len,
APR_BLOCK_READ)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_WARNING, rv, ipc_handle->request,
"mod_fcgid: can't read request from bucket");
return rv;
}
/* Write the buffer to fastcgi server */
has_write = 0;
while (has_write < write_buf_len) {
DWORD byteswrite;
if (WriteFile(handle_info->handle_pipe,
write_buf + has_write,
write_buf_len - has_write,
&byteswrite, &handle_info->overlap_write)) {
has_write += byteswrite;
continue;
} else if ((rv = GetLastError()) != ERROR_IO_PENDING) {
ap_log_rerror(APLOG_MARK, APLOG_WARNING,
APR_FROM_OS_ERROR(rv), ipc_handle->request,
"mod_fcgid: can't write to pipe");
return rv;
} else {
/*
it's ERROR_IO_PENDING on write
*/
DWORD dwWaitResult =
WaitForSingleObject(handle_info->overlap_write.hEvent,
ipc_handle->communation_timeout * 1000);
if (dwWaitResult == WAIT_OBJECT_0) {
if (!GetOverlappedResult(handle_info->handle_pipe,
&handle_info->overlap_write,
&transferred,
FALSE /* don't wait */ )
|| transferred == 0)
{
ap_log_rerror(APLOG_MARK, APLOG_WARNING,
apr_get_os_error(), ipc_handle->request,
"mod_fcgid: get overlap result error");
return APR_ESPIPE;
}
has_write += transferred;
continue;
} else {
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0,
ipc_handle->request,
"mod_fcgid: write timeout to pipe");
return APR_ESPIPE;
}
}
}
}
return APR_SUCCESS;
}
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb,
ngx_chain_t **ll, ngx_pool_t *pool)
{
apr_bucket *e;
ngx_buf_t *buf;
ngx_chain_t *cl;
cl = NULL;
if (APR_BRIGADE_EMPTY(bb)) {
*ll = NULL;
return NGX_OK;
}
for (e = APR_BRIGADE_FIRST(bb);
e != APR_BRIGADE_SENTINEL(bb);
e = APR_BUCKET_NEXT(e)) {
if (APR_BUCKET_IS_EOS(e)) {
if (cl == NULL) {
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) {
break;
}
cl->buf = ngx_calloc_buf(pool);
if (cl->buf == NULL) {
break;
}
cl->buf->last_buf = 1;
cl->next = NULL;
*ll = cl;
} else {
cl->next = NULL;
cl->buf->last_buf = 1;
}
apr_brigade_cleanup(bb);
return NGX_OK;
}
if (APR_BUCKET_IS_METADATA(e)) {
continue;
}
buf = apr_bucket_to_ngx_buf(e, pool);
if (buf == NULL) {
break;
}
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) {
break;
}
cl->buf = buf;
cl->next = NULL;
*ll = cl;
ll = &cl->next;
}
apr_brigade_cleanup(bb);
/* no eos or error */
return NGX_ERROR;
}
static apr_status_t
rate_limit_filter(ap_filter_t *f, apr_bucket_brigade *input_bb)
{
apr_status_t rv = APR_SUCCESS;
rl_ctx_t *ctx = f->ctx;
apr_bucket *fb;
int do_sleep = 0;
apr_bucket_alloc_t *ba = f->r->connection->bucket_alloc;
apr_bucket_brigade *bb = input_bb;
if (f->c->aborted) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r, APLOGNO(01454) "rl: conn aborted");
apr_brigade_cleanup(bb);
return APR_ECONNABORTED;
}
if (ctx == NULL) {
const char *rl = NULL;
int ratelimit;
/* no subrequests. */
if (f->r->main != NULL) {
ap_remove_output_filter(f);
return ap_pass_brigade(f->next, bb);
}
rl = apr_table_get(f->r->subprocess_env, "rate-limit");
if (rl == NULL) {
ap_remove_output_filter(f);
return ap_pass_brigade(f->next, bb);
}
/* rl is in kilo bytes / second */
ratelimit = atoi(rl) * 1024;
if (ratelimit <= 0) {
/* remove ourselves */
ap_remove_output_filter(f);
return ap_pass_brigade(f->next, bb);
}
/* first run, init stuff */
ctx = apr_palloc(f->r->pool, sizeof(rl_ctx_t));
f->ctx = ctx;
ctx->state = RATE_LIMIT;
ctx->speed = ratelimit;
/* calculate how many bytes / interval we want to send */
/* speed is bytes / second, so, how many (speed / 1000 % interval) */
ctx->chunk_size = (ctx->speed / (1000 / RATE_INTERVAL_MS));
ctx->tmpbb = apr_brigade_create(f->r->pool, ba);
ctx->holdingbb = apr_brigade_create(f->r->pool, ba);
}
while (ctx->state != RATE_ERROR &&
(!APR_BRIGADE_EMPTY(bb) || !APR_BRIGADE_EMPTY(ctx->holdingbb))) {
apr_bucket *e;
if (!APR_BRIGADE_EMPTY(ctx->holdingbb)) {
APR_BRIGADE_CONCAT(bb, ctx->holdingbb);
}
while (ctx->state == RATE_FULLSPEED && !APR_BRIGADE_EMPTY(bb)) {
/* Find where we 'stop' going full speed. */
for (e = APR_BRIGADE_FIRST(bb);
e != APR_BRIGADE_SENTINEL(bb); e = APR_BUCKET_NEXT(e)) {
if (AP_RL_BUCKET_IS_END(e)) {
apr_bucket *f;
f = APR_RING_LAST(&bb->list);
APR_RING_UNSPLICE(e, f, link);
APR_RING_SPLICE_TAIL(&ctx->holdingbb->list, e, f,
apr_bucket, link);
ctx->state = RATE_LIMIT;
break;
}
}
if (f->c->aborted) {
apr_brigade_cleanup(bb);
ctx->state = RATE_ERROR;
break;
}
fb = apr_bucket_flush_create(ba);
APR_BRIGADE_INSERT_TAIL(bb, fb);
rv = ap_pass_brigade(f->next, bb);
if (rv != APR_SUCCESS) {
ctx->state = RATE_ERROR;
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, f->r, APLOGNO(01455)
"rl: full speed brigade pass failed.");
}
}
while (ctx->state == RATE_LIMIT && !APR_BRIGADE_EMPTY(bb)) {
for (e = APR_BRIGADE_FIRST(bb);
e != APR_BRIGADE_SENTINEL(bb); e = APR_BUCKET_NEXT(e)) {
if (AP_RL_BUCKET_IS_START(e)) {
apr_bucket *f;
f = APR_RING_LAST(&bb->list);
APR_RING_UNSPLICE(e, f, link);
APR_RING_SPLICE_TAIL(&ctx->holdingbb->list, e, f,
apr_bucket, link);
ctx->state = RATE_FULLSPEED;
break;
}
}
while (!APR_BRIGADE_EMPTY(bb)) {
apr_bucket *stop_point;
apr_off_t len = 0;
if (f->c->aborted) {
apr_brigade_cleanup(bb);
ctx->state = RATE_ERROR;
break;
}
if (do_sleep) {
apr_sleep(RATE_INTERVAL_MS * 1000);
}
else {
do_sleep = 1;
}
apr_brigade_length(bb, 1, &len);
rv = apr_brigade_partition(bb, ctx->chunk_size, &stop_point);
if (rv != APR_SUCCESS && rv != APR_INCOMPLETE) {
ctx->state = RATE_ERROR;
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, f->r, APLOGNO(01456)
"rl: partition failed.");
break;
}
if (stop_point != APR_BRIGADE_SENTINEL(bb)) {
apr_bucket *f;
apr_bucket *e = APR_BUCKET_PREV(stop_point);
f = APR_RING_FIRST(&bb->list);
APR_RING_UNSPLICE(f, e, link);
APR_RING_SPLICE_HEAD(&ctx->tmpbb->list, f, e, apr_bucket,
link);
}
else {
APR_BRIGADE_CONCAT(ctx->tmpbb, bb);
}
fb = apr_bucket_flush_create(ba);
APR_BRIGADE_INSERT_TAIL(ctx->tmpbb, fb);
#if 0
brigade_dump(f->r, ctx->tmpbb);
brigade_dump(f->r, bb);
#endif
rv = ap_pass_brigade(f->next, ctx->tmpbb);
apr_brigade_cleanup(ctx->tmpbb);
if (rv != APR_SUCCESS) {
ctx->state = RATE_ERROR;
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, f->r, APLOGNO(01457)
"rl: brigade pass failed.");
break;
}
}
}
}
return rv;
}
static apr_status_t fauth_output_filter(ap_filter_t *f, apr_bucket_brigade *pbbIn) {
request_rec *r = f->r;
conn_rec *c = r->connection;
apr_bucket *pbktOut, *pbktIn;
apr_bucket_brigade *pbbOut;
char *uri, *buf, *hash, *req;
int ig=0;
int ie=0;
req = malloc(sizeof(char)*(strlen(r->the_request)+1));
strncpy(req,r->the_request,strlen(r->the_request));
req[strlen(r->the_request)]='\0';
uri = strtok(req, " ");
if(uri) uri = strtok(NULL, " ");
if(!uri) {
free(req);
return ap_pass_brigade(f->next,pbbIn);
}
uri[strlen(uri)]='\0';
ig = is_gs_req(uri);
ie = is_ee_req(uri);
if( !(r->status==HTTP_NOT_FOUND||r->status==HTTP_FORBIDDEN) ||
r->method_number!=M_GET || ( !is_sym_req(uri) && !ig && !ie ) ) {
free(req);
return ap_pass_brigade(f->next,pbbIn);
}
if(ig||ie) {
uri = malloc(sizeof(char)*(strlen(r->hostname)+1));
sprintf(uri,"/%s",r->hostname);
}
hash=malloc(sizeof(char)*(HASH_MAXLENGTH+1));
strncpy(hash,dbapi_lookup(uri),HASH_MAXLENGTH);
hash[HASH_MAXLENGTH]='\0';
if(strncmp(hash,"404 Not Found",13)==0||hash[0]=='{') {
free(hash); free(req);
return ap_pass_brigade(f->next,pbbIn);
}
pbbOut=apr_brigade_create(r->pool, c->bucket_alloc);
for (pbktIn = APR_BRIGADE_FIRST(pbbIn);
pbktIn != APR_BRIGADE_SENTINEL(pbbIn);
pbktIn = APR_BUCKET_NEXT(pbktIn)) {
APR_BUCKET_REMOVE(pbktIn);
}
if(ig) {
char *hasho=malloc(sizeof(char)*(HASH_MAXLENGTH+1));
memcpy(hasho,hash,strlen(hash)+1);
snprintf(hash,HASH_MAXLENGTH,"<html><head><meta name=\"_globalsign-domain-verification\" content=\"%s\" /></head></html>",hasho);
hash[HASH_MAXLENGTH]='\0';
free(hasho);
} else if (ie) {
char *hasho=malloc(sizeof(char)*(HASH_MAXLENGTH+1));
memcpy(hasho,hash,strlen(hash)+1);
snprintf(hash,HASH_MAXLENGTH,"%s",hasho);
hash[HASH_MAXLENGTH]='\0';
free(hasho);
}
buf = apr_bucket_alloc(strlen(hash), c->bucket_alloc);
strcpy(buf,hash);
buf[strlen(hash)]='\0';
free(hash);
free(req);
pbktOut = apr_bucket_heap_create(buf, strlen(buf), apr_bucket_free, c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(pbbOut,pbktOut);
apr_brigade_cleanup(pbbIn);
f->r->status=200;
apr_bucket *pbktEOS=apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(pbbOut,pbktEOS);
return ap_pass_brigade(f->next,pbbOut);
}
