static void *create_dir_mconfig(pool *p, char *dir)
{
/* So why -1, 0, and 1? You see, C lacks an arithmatic if. We need to
know three states at any point. We need to know if something is unset, off or
on. Hence we use these values. Apache already understands Off as 0 and 1 as
on.
*/
kewl_conf *cfg;
cfg = ap_pcalloc(p, sizeof(kewl_conf));
cfg->proxy = UNSET;
cfg->comment = UNSET;
cfg->glob = UNSET;
cfg->http_header_enabled = UNSET;
cfg->http_header = NULL;
cfg->header = NULL;
cfg->footer = NULL;
cfg->request_header = OFF;
cfg->time_format = NULL;
cfg->types = ap_make_table(p, 8);
cfg->uris_ignore = ap_make_table(p, 8);
ap_table_set(cfg->types, INCLUDES_MAGIC_TYPE, "1");
ap_table_set(cfg->types, INCLUDES_MAGIC_TYPE3, "1");
ap_table_set(cfg->types, "server-parsed", "1");
ap_table_set(cfg->types, "text/html", "1");
ap_table_set(cfg->types, "text/plain", "1");
ap_table_set(cfg->types, "perl-script", "1");
ap_table_set(cfg->types, "cgi-script", "1");
ap_table_set(cfg->types, "application/x-httpd-cgi", "1");
return (void *) cfg;
}
static void *create_userdir_config(pool *p, server_rec *s)
{
userdir_config *newcfg;
newcfg = (userdir_config *) ap_pcalloc(p, sizeof(userdir_config));
newcfg->globally_disabled = 0;
newcfg->userdir = DEFAULT_USER_DIR;
newcfg->enabled_users = ap_make_table(p, 4);
newcfg->disabled_users = ap_make_table(p, 4);
return (void *) newcfg;
}
static void *make_config_log_state(pool *p, server_rec *s)
{
multi_log_state *mls;
mls = (multi_log_state *) ap_palloc(p, sizeof(multi_log_state));
mls->config_logs = ap_make_array(p, 1, sizeof(config_log_state));
mls->default_format_string = NULL;
mls->default_format = NULL;
mls->server_config_logs = NULL;
mls->formats = ap_make_table(p, 4);
ap_table_setn(mls->formats, "CLF", DEFAULT_LOG_FORMAT);
return mls;
}
/*
* This routine sets up some module-wide cells if they haven't been already.
*/
static void setup_module_cells()
{
/*
* If we haven't already allocated our module-private pool, do so now.
*/
if (example_pool == NULL) {
example_pool = ap_make_sub_pool(NULL);
};
/*
* Likewise for the table of routine/environment pairs we visit outside of
* request context.
*/
if (static_calls_made == NULL) {
static_calls_made = ap_make_table(example_pool, 16);
};
}
static void *suphp_create_dir_config(pool *p, char *dir) {
suphp_conf *cfg = (suphp_conf *) ap_pcalloc(p, sizeof(suphp_conf));
cfg->php_config = NULL;
cfg->engine = SUPHP_ENGINE_UNDEFINED;
cfg->cmode = SUPHP_CONFIG_MODE_DIRECTORY;
#ifdef SUPHP_USE_USERGROUP
cfg->target_user = NULL;
cfg->target_group = NULL;
#endif
/* Create table with 0 initial elements */
/* This size may be increased for performance reasons */
cfg->handlers = ap_make_table(p, 0);
return (void *) cfg;
}
ApacheRequest *ApacheRequest_new(request_rec *r)
{
ApacheRequest *req = (ApacheRequest *)
ap_pcalloc(r->pool, sizeof(ApacheRequest));
req->status = OK;
req->parms = ap_make_table(r->pool, DEFAULT_TABLE_NELTS);
req->upload = NULL;
req->post_max = -1;
req->disable_uploads = 0;
req->upload_hook = NULL;
req->hook_data = NULL;
req->temp_dir = NULL;
req->parsed = 0;
req->r = r;
return req;
}
int suphp_source_child(void *rp, child_info *cinfo) {
request_rec *r = (request_rec *) rp;
suphp_conf *conf;
pool *p = r->main ? r->main->pool : r->pool;
char **argv, **env;
table *empty_table = ap_make_table(p, 0);
conf = ap_get_module_config(r->server->module_config, &suphp_module);
/* We want to log output written to stderr */
ap_error_log2stderr(r->server);
/* prepare argv for new process */
argv = ap_palloc(p, 4 * sizeof(char *));
argv[0] = ap_pstrdup(p, conf->php_path);
argv[1] = "-s";
argv[2] = ap_pstrdup(p, r->filename);
argv[3] = NULL;
/* prepare environment */
env = ap_create_environment(p, empty_table);
/* We cannot use ap_call_exec because of the interference with suExec */
/* So we do everything ourselves */
/* mandatory cleanup before execution */
ap_cleanup_for_exec();
execve(ap_pstrdup(p, conf->php_path), argv, env);
/* We are still here? Okay - exec failed */
ap_log_error(APLOG_MARK, APLOG_ERR, NULL, "exec of %s failed",
conf->php_path);
exit(0);
/* NOT REACHED */
return (0);
}
static table *groups_for_user(pool *p, char *user, char *grpfile)
{
configfile_t *f;
table *grps = ap_make_table(p, 15);
pool *sp;
char l[MAX_STRING_LEN];
const char *group_name, *ll, *w;
if (!(f = ap_pcfg_openfile(p, grpfile))) {
/*add? aplog_error(APLOG_MARK, APLOG_ERR, NULL,
"Could not open group file: %s", grpfile);*/
return NULL;
}
sp = ap_make_sub_pool(p);
while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
if ((l[0] == '#') || (!l[0]))
continue;
ll = l;
ap_clear_pool(sp);
group_name = ap_getword(sp, &ll, ':');
while (ll[0]) {
w = ap_getword_conf(sp, &ll);
if (!strcmp(w, user)) {
ap_table_setn(grps, ap_pstrdup(p, group_name), "in");
break;
}
}
}
ap_cfg_closefile(f);
ap_destroy_pool(sp);
return grps;
}
API_EXPORT(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
int (*getsfunc) (char *, int, void *),
void *getsfunc_data)
{
char x[MAX_STRING_LEN];
char *w, *l;
int p;
int cgi_status = HTTP_OK;
table *merge;
table *cookie_table;
if (buffer) {
*buffer = '\0';
}
w = buffer ? buffer : x;
ap_hard_timeout("read script header", r);
/* temporary place to hold headers to merge in later */
merge = ap_make_table(r->pool, 10);
/* The HTTP specification says that it is legal to merge duplicate
* headers into one. Some browsers that support Cookies don't like
* merged headers and prefer that each Set-Cookie header is sent
* separately. Lets humour those browsers by not merging.
* Oh what a pain it is.
*/
cookie_table = ap_make_table(r->pool, 2);
ap_table_do(set_cookie_doo_doo, cookie_table, r->err_headers_out, "Set-Cookie", NULL);
while (1) {
if ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data) == 0) {
ap_kill_timeout(r);
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"Premature end of script headers: %s", r->filename);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* Delete terminal (CR?)LF */
p = strlen(w);
/* Indeed, the host's '\n':
'\012' for UNIX; '\015' for MacOS; '\025' for OS/390
-- whatever the script generates.
*/
if (p > 0 && w[p - 1] == '\n') {
if (p > 1 && w[p - 2] == CR) {
w[p - 2] = '\0';
}
else {
w[p - 1] = '\0';
}
}
/*
* If we've finished reading the headers, check to make sure any
* HTTP/1.1 conditions are met. If so, we're done; normal processing
* will handle the script's output. If not, just return the error.
* The appropriate thing to do would be to send the script process a
* SIGPIPE to let it know we're ignoring it, close the channel to the
* script process, and *then* return the failed-to-meet-condition
* error. Otherwise we'd be waiting for the script to finish
* blithering before telling the client the output was no good.
* However, we don't have the information to do that, so we have to
* leave it to an upper layer.
*/
if (w[0] == '\0') {
int cond_status = OK;
ap_kill_timeout(r);
if ((cgi_status == HTTP_OK) && (r->method_number == M_GET)) {
cond_status = ap_meets_conditions(r);
}
ap_overlap_tables(r->err_headers_out, merge,
AP_OVERLAP_TABLES_MERGE);
if (!ap_is_empty_table(cookie_table)) {
/* the cookies have already been copied to the cookie_table */
ap_table_unset(r->err_headers_out, "Set-Cookie");
r->err_headers_out = ap_overlay_tables(r->pool,
r->err_headers_out, cookie_table);
}
return cond_status;
}
/* if we see a bogus header don't ignore it. Shout and scream */
#ifdef CHARSET_EBCDIC
/* Chances are that we received an ASCII header text instead of
* the expected EBCDIC header lines. Try to auto-detect:
*/
if (!(l = strchr(w, ':'))) {
int maybeASCII = 0, maybeEBCDIC = 0;
char *cp;
for (cp = w; *cp != '\0'; ++cp) {
if (isprint(*cp) && !isprint(os_toebcdic[*cp]))
++maybeEBCDIC;
if (!isprint(*cp) && isprint(os_toebcdic[*cp]))
++maybeASCII;
}
if (maybeASCII > maybeEBCDIC) {
ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
"CGI Interface Error: Script headers apparently ASCII: (CGI = %s)", r->filename);
ascii2ebcdic(w, w, cp - w);
}
}
#endif
if (!(l = strchr(w, ':'))) {
char malformed[(sizeof MALFORMED_MESSAGE) + 1
+ MALFORMED_HEADER_LENGTH_TO_SHOW];
strcpy(malformed, MALFORMED_MESSAGE);
strncat(malformed, w, MALFORMED_HEADER_LENGTH_TO_SHOW);
if (!buffer) {
/* Soak up all the script output - may save an outright kill */
while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) {
continue;
}
}
ap_kill_timeout(r);
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"%s: %s", malformed, r->filename);
return HTTP_INTERNAL_SERVER_ERROR;
}
*l++ = '\0';
while (*l && ap_isspace(*l)) {
++l;
}
if (!strcasecmp(w, "Content-type")) {
char *tmp;
/* Nuke trailing whitespace */
char *endp = l + strlen(l) - 1;
while (endp > l && ap_isspace(*endp)) {
*endp-- = '\0';
}
tmp = ap_pstrdup(r->pool, l);
ap_content_type_tolower(tmp);
r->content_type = tmp;
}
/*
* If the script returned a specific status, that's what
* we'll use - otherwise we assume 200 OK.
*/
else if (!strcasecmp(w, "Status")) {
r->status = cgi_status = atoi(l);
r->status_line = ap_pstrdup(r->pool, l);
}
else if (!strcasecmp(w, "Location")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Content-Length")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Transfer-Encoding")) {
ap_table_set(r->headers_out, w, l);
}
/*
* If the script gave us a Last-Modified header, we can't just
* pass it on blindly because of restrictions on future values.
*/
else if (!strcasecmp(w, "Last-Modified")) {
time_t mtime = ap_parseHTTPdate(l);
ap_update_mtime(r, mtime);
ap_set_last_modified(r);
}
else if (!strcasecmp(w, "Set-Cookie")) {
ap_table_add(cookie_table, w, l);
}
else {
ap_table_add(merge, w, l);
}
}
}
API_EXPORT(void) ap_add_common_vars(request_rec *r)
{
table *e;
server_rec *s = r->server;
conn_rec *c = r->connection;
const char *rem_logname;
char *env_path;
#if defined(WIN32) || defined(OS2)
char *env_temp;
#endif
const char *host;
array_header *hdrs_arr = ap_table_elts(r->headers_in);
table_entry *hdrs = (table_entry *) hdrs_arr->elts;
int i;
char servbuf[NI_MAXSERV];
/* use a temporary table which we'll overlap onto
* r->subprocess_env later
*/
e = ap_make_table(r->pool, 25 + hdrs_arr->nelts);
/* First, add environment vars from headers... this is as per
* CGI specs, though other sorts of scripting interfaces see
* the same vars...
*/
for (i = 0; i < hdrs_arr->nelts; ++i) {
if (!hdrs[i].key) {
continue;
}
/* A few headers are special cased --- Authorization to prevent
* rogue scripts from capturing passwords; content-type and -length
* for no particular reason.
*/
if (!strcasecmp(hdrs[i].key, "Content-type")) {
ap_table_addn(e, "CONTENT_TYPE", hdrs[i].val);
}
else if (!strcasecmp(hdrs[i].key, "Content-length")) {
ap_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
}
/*
* You really don't want to disable this check, since it leaves you
* wide open to CGIs stealing passwords and people viewing them
* in the environment with "ps -e". But, if you must...
*/
#ifndef SECURITY_HOLE_PASS_AUTHORIZATION
else if (!strcasecmp(hdrs[i].key, "Authorization")
|| !strcasecmp(hdrs[i].key, "Proxy-Authorization")) {
continue;
}
#endif
else {
ap_table_addn(e, http2env(r->pool, hdrs[i].key), hdrs[i].val);
}
}
if (!(env_path = ap_pstrdup(r->pool, getenv("PATH")))) {
env_path = DEFAULT_PATH;
}
#ifdef WIN32
if (env_temp = getenv("SystemRoot")) {
ap_table_addn(e, "SystemRoot", env_temp);
}
if (env_temp = getenv("COMSPEC")) {
ap_table_addn(e, "COMSPEC", env_temp);
}
if (env_temp = getenv("WINDIR")) {
ap_table_addn(e, "WINDIR", env_temp);
}
#endif
#ifdef OS2
if ((env_temp = getenv("COMSPEC")) != NULL) {
ap_table_addn(e, "COMSPEC", env_temp);
}
if ((env_temp = getenv("ETC")) != NULL) {
ap_table_addn(e, "ETC", env_temp);
}
if ((env_temp = getenv("DPATH")) != NULL) {
ap_table_addn(e, "DPATH", env_temp);
}
if ((env_temp = getenv("PERLLIB_PREFIX")) != NULL) {
ap_table_addn(e, "PERLLIB_PREFIX", env_temp);
}
#endif
ap_table_addn(e, "PATH", env_path);
ap_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
ap_table_addn(e, "SERVER_SOFTWARE", ap_get_server_version());
ap_table_addn(e, "SERVER_NAME",
ap_escape_html(r->pool,ap_get_server_name(r)));
ap_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */
ap_table_addn(e, "SERVER_PORT",
ap_psprintf(r->pool, "%u", ap_get_server_port(r)));
host = ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST);
if (host) {
ap_table_addn(e, "REMOTE_HOST", host);
}
ap_table_addn(e, "REMOTE_ADDR", c->remote_ip);
ap_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r)); /* Apache */
ap_table_addn(e, "SERVER_ADMIN", s->server_admin); /* Apache */
ap_table_addn(e, "SCRIPT_FILENAME", r->filename); /* Apache */
servbuf[0] = '\0';
if (!getnameinfo((struct sockaddr *)&c->remote_addr,
#ifndef HAVE_SOCKADDR_LEN
SA_LEN((struct sockaddr *)&c->remote_addr),
#else
c->remote_addr.ss_len,
#endif
NULL, 0, servbuf, sizeof(servbuf), NI_NUMERICSERV)){
ap_table_addn(e, "REMOTE_PORT", ap_pstrdup(r->pool, servbuf));
}
if (c->user) {
ap_table_addn(e, "REMOTE_USER", c->user);
}
if (c->ap_auth_type) {
ap_table_addn(e, "AUTH_TYPE", c->ap_auth_type);
}
rem_logname = ap_get_remote_logname(r);
if (rem_logname) {
ap_table_addn(e, "REMOTE_IDENT", ap_pstrdup(r->pool, rem_logname));
}
/* Apache custom error responses. If we have redirected set two new vars */
if (r->prev) {
if (r->prev->args) {
ap_table_addn(e, "REDIRECT_QUERY_STRING", r->prev->args);
}
if (r->prev->uri) {
ap_table_addn(e, "REDIRECT_URL", r->prev->uri);
}
}
ap_overlap_tables(r->subprocess_env, e, AP_OVERLAP_TABLES_SET);
}
/*
* This handles http:// URLs, and other URLs using a remote proxy over http
* If proxyhost is NULL, then contact the server directly, otherwise
* go via the proxy.
* Note that if a proxy is used, then URLs other than http: can be accessed,
* also, if we have trouble which is clearly specific to the proxy, then
* we return DECLINED so that we can try another proxy. (Or the direct
* route.)
*/
int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
const char *proxyhost, int proxyport)
{
const char *strp;
char *strp2;
const char *err, *desthost;
int i, j, sock,/* len,*/ backasswards;
table *req_hdrs, *resp_hdrs;
array_header *reqhdrs_arr;
table_entry *reqhdrs_elts;
BUFF *f;
char buffer[HUGE_STRING_LEN];
char portstr[32];
pool *p = r->pool;
int chunked = 0, destport = 0;
char *destportstr = NULL;
const char *urlptr = NULL;
const char *datestr, *urlstr;
struct addrinfo hints, *res, *res0;
int error;
int result, major, minor;
const char *content_length;
const char *peer;
int destportstrtonum;
const char *errstr;
void *sconf = r->server->module_config;
proxy_server_conf *conf =
(proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
struct nocache_entry *ncent = (struct nocache_entry *) conf->nocaches->elts;
int nocache = 0;
if (conf->cache.root == NULL)
nocache = 1;
/* We break the URL into host, port, path-search */
urlptr = strstr(url, "://");
if (urlptr == NULL)
return HTTP_BAD_REQUEST;
destport = DEFAULT_HTTP_PORT;
urlptr += 3;
ap_hook_use("ap::mod_proxy::http::handler::set_destport",
AP_HOOK_SIG2(int,ptr),
AP_HOOK_TOPMOST,
&destport, r);
ap_snprintf(portstr, sizeof(portstr), "%d", destport);
destportstr = portstr;
strp = strchr(urlptr, '/');
if (strp == NULL) {
desthost = ap_pstrdup(p, urlptr);
urlptr = "/";
}
else {
char *q = ap_palloc(p, strp - urlptr + 1);
memcpy(q, urlptr, strp - urlptr);
q[strp - urlptr] = '\0';
urlptr = strp;
desthost = q;
}
if (*desthost == '['){
char *u = strrchr(desthost+1, ']');
if (u){
desthost++;
*u = '\0';
if (*(u+1) == ':'){ /* [host]:xx */
strp2 = u+1;
}
else if (*(u+1) == '\0'){ /* [host] */
strp2 = NULL;
}
else
return HTTP_BAD_REQUEST;
}
else
return HTTP_BAD_REQUEST;
}
else
strp2 = strrchr(desthost, ':');
if (strp2 != NULL) {
*(strp2++) = '\0';
if (ap_isdigit(*strp2))
destportstr = strp2;
}
/* Make sure peer is always set to prevent a segfault in the SSL handler */
peer = desthost;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
error = getaddrinfo(desthost, destportstr, &hints, &res0);
if (error && proxyhost == NULL) {
return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
gai_strerror(error)); /* give up */
}
/* check if ProxyBlock directive on this host */
for (i = 0; i < conf->noproxies->nelts; i++) {
int fail;
struct sockaddr_in *sin;
fail = 0;
if (npent[i].name != NULL && strstr(desthost, npent[i].name))
fail++;
if (npent[i].name != NULL && strcmp(npent[i].name, "*") == 0)
fail++;
for (res = res0; res; res = res->ai_next) {
switch (res->ai_family) {
case AF_INET:
sin = (struct sockaddr_in *)res->ai_addr;
if (sin->sin_addr.s_addr == npent[i].addr.s_addr)
fail++;
break;
}
}
if (fail) {
if (res0 != NULL)
freeaddrinfo(res0);
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
}
if (proxyhost != NULL) {
char pbuf[10];
if (res0 != NULL)
freeaddrinfo(res0);
ap_snprintf(pbuf, sizeof(pbuf), "%d", proxyport);
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
error = getaddrinfo(proxyhost, pbuf, &hints, &res0);
if (error)
return DECLINED; /* try another */
}
/* check if ProxyBlock directive on this host */
for (i = 0; i < conf->noproxies->nelts; i++) {
peer = ap_psprintf(p, "%s:%s", desthost, destportstr);
}
/*
* we have worked out who exactly we are going to connect to, now make
* that connection...
*/
sock = i = -1;
for (res = res0; res; res = res->ai_next) {
sock = ap_psocket(p, res->ai_family, res->ai_socktype,
res->ai_protocol);
if (sock < 0)
continue;
if (conf->recv_buffer_size) {
if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
(const char *)&conf->recv_buffer_size, sizeof(int))
== -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
}
}
i = ap_proxy_doconnect(sock, res->ai_addr, r);
if (i == 0)
break;
ap_pclosesocket(p, sock);
}
freeaddrinfo(res0);
if (i == -1) {
if (proxyhost != NULL)
return DECLINED; /* try again another way */
else
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
"Could not connect to remote machine: ",
strerror(errno), NULL));
}
/* record request_time for HTTP/1.1 age calculation */
c->req_time = time(NULL);
/*
* build upstream-request headers by stripping r->headers_in from
* connection specific headers. We must not remove the Connection: header
* from r->headers_in, we still have to react to Connection: close
*/
req_hdrs = ap_copy_table(r->pool, r->headers_in);
ap_proxy_clear_connection(r->pool, req_hdrs);
/*
* At this point, we start sending the HTTP/1.1 request to the remote
* server (proxy or otherwise).
*/
f = ap_bcreate(p, B_RDWR | B_SOCKET);
ap_bpushfd(f, sock, sock);
{
char *errmsg = NULL;
ap_hook_use("ap::mod_proxy::http::handler::new_connection",
AP_HOOK_SIG4(ptr,ptr,ptr,ptr),
AP_HOOK_DECLINE(NULL),
&errmsg, r, f, peer);
if (errmsg != NULL)
return ap_proxyerror(r, HTTP_BAD_GATEWAY, errmsg);
}
ap_hard_timeout("proxy send", r);
ap_bvputs(f, r->method, " ", proxyhost ? url : urlptr, " HTTP/1.1" CRLF,
NULL);
{
int rc = DECLINED;
ap_hook_use("ap::mod_proxy::http::handler::write_host_header",
AP_HOOK_SIG6(int,ptr,ptr,ptr,ptr,ptr),
AP_HOOK_DECLINE(DECLINED),
&rc, r, f, desthost, destportstr, destportstr);
if (rc == DECLINED) {
destportstrtonum = strtonum(destportstr, 0, 65535, &errstr);
if (errstr)
errx(1, "The destination port is %s: %s", errstr, destportstr);
if (destportstr != NULL && destportstrtonum != destport)
ap_bvputs(f, "Host: ", desthost, ":", destportstr, CRLF, NULL);
else
ap_bvputs(f, "Host: ", desthost, CRLF, NULL);
}
}
if (conf->viaopt == via_block) {
/* Block all outgoing Via: headers */
ap_table_unset(req_hdrs, "Via");
}
else if (conf->viaopt != via_off) {
/* Create a "Via:" request header entry and merge it */
i = ap_get_server_port(r);
if (ap_is_default_port(i, r)) {
strlcpy(portstr, "", sizeof(portstr));
}
else {
ap_snprintf(portstr, sizeof portstr, ":%d", i);
}
/* Generate outgoing Via: header with/without server comment: */
ap_table_mergen(req_hdrs, "Via",
(conf->viaopt == via_full)
? ap_psprintf(p, "%d.%d %s%s (%s)",
HTTP_VERSION_MAJOR(r->proto_num),
HTTP_VERSION_MINOR(r->proto_num),
ap_get_server_name(r), portstr,
SERVER_BASEVERSION)
: ap_psprintf(p, "%d.%d %s%s",
HTTP_VERSION_MAJOR(r->proto_num),
HTTP_VERSION_MINOR(r->proto_num),
ap_get_server_name(r), portstr)
);
}
/* the X-* headers are only added if we are a reverse
* proxy, otherwise we would be giving away private information.
*/
if (r->proxyreq == PROXY_PASS) {
const char *buf;
/*
* Add X-Forwarded-For: so that the upstream has a chance to determine,
* where the original request came from.
*/
ap_table_mergen(req_hdrs, "X-Forwarded-For", r->connection->remote_ip);
/* Add X-Forwarded-Host: so that upstream knows what the
* original request hostname was.
*/
if ((buf = ap_table_get(r->headers_in, "Host"))) {
ap_table_mergen(req_hdrs, "X-Forwarded-Host", buf);
}
/* Add X-Forwarded-Server: so that upstream knows what the
* name of this proxy server is (if there are more than one)
* XXX: This duplicates Via: - do we strictly need it?
*/
ap_table_mergen(req_hdrs, "X-Forwarded-Server", r->server->server_hostname);
}
/* we don't yet support keepalives - but we will soon, I promise! */
ap_table_set(req_hdrs, "Connection", "close");
reqhdrs_arr = ap_table_elts(req_hdrs);
reqhdrs_elts = (table_entry *)reqhdrs_arr->elts;
for (i = 0; i < reqhdrs_arr->nelts; i++) {
if (reqhdrs_elts[i].key == NULL || reqhdrs_elts[i].val == NULL
/*
* Clear out hop-by-hop request headers not to send: RFC2616 13.5.1
* says we should strip these headers:
*/
|| !strcasecmp(reqhdrs_elts[i].key, "Host") /* Already sent */
|| !strcasecmp(reqhdrs_elts[i].key, "Keep-Alive")
|| !strcasecmp(reqhdrs_elts[i].key, "TE")
|| !strcasecmp(reqhdrs_elts[i].key, "Trailer")
|| !strcasecmp(reqhdrs_elts[i].key, "Transfer-Encoding")
|| !strcasecmp(reqhdrs_elts[i].key, "Upgrade")
/*
* XXX: @@@ FIXME: "Proxy-Authorization" should *only* be suppressed
* if THIS server requested the authentication, not when a frontend
* proxy requested it!
*
* The solution to this problem is probably to strip out the
* Proxy-Authorisation header in the authorisation code itself, not
* here. This saves us having to signal somehow whether this request
* was authenticated or not.
*/
|| !strcasecmp(reqhdrs_elts[i].key, "Proxy-Authorization"))
continue;
ap_bvputs(f, reqhdrs_elts[i].key, ": ", reqhdrs_elts[i].val, CRLF, NULL);
}
/* the obligatory empty line to mark the end of the headers */
ap_bputs(CRLF, f);
/* and flush the above away */
ap_bflush(f);
/* and kill the send timeout */
ap_kill_timeout(r);
/* read the request data, and pass it to the backend.
* we might encounter a stray 100-continue reponse from a PUT or POST,
* if this happens we ignore the 100 continue status line and read the
* response again.
*/
{
/* send the request data, if any. */
ap_hard_timeout("proxy receive request data", r);
if (ap_should_client_block(r)) {
while ((i = ap_get_client_block(r, buffer, sizeof buffer)) > 0) {
ap_reset_timeout(r);
ap_bwrite(f, buffer, i);
}
}
ap_bflush(f);
ap_kill_timeout(r);
/* then, read a response line */
ap_hard_timeout("proxy receive response status line", r);
result = ap_proxy_read_response_line(f, r, buffer, sizeof(buffer)-1, &backasswards, &major, &minor);
ap_kill_timeout(r);
/* trap any errors */
if (result != OK) {
ap_bclose(f);
return result;
}
/* if this response was 100-continue, a stray response has been caught.
* read the line again for the real response
*/
if (r->status == 100) {
ap_hard_timeout("proxy receive response status line", r);
result = ap_proxy_read_response_line(f, r, buffer, sizeof(buffer)-1, &backasswards, &major, &minor);
ap_kill_timeout(r);
/* trap any errors */
if (result != OK) {
ap_bclose(f);
return result;
}
}
}
/*
* We have our response status line from the convoluted code above,
* now we read the headers to continue.
*/
ap_hard_timeout("proxy receive response headers", r);
/*
* Is it an HTTP/1 response? Do some sanity checks on the response. (This
* is buggy if we ever see an HTTP/1.10)
*/
if (backasswards == 0) {
/* read the response headers. */
/* N.B. for HTTP/1.0 clients, we have to fold line-wrapped headers */
/* Also, take care with headers with multiple occurences. */
resp_hdrs = ap_proxy_read_headers(r, buffer, sizeof(buffer), f);
if (resp_hdrs == NULL) {
ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r->server,
"proxy: Bad HTTP/%d.%d header returned by %s (%s)",
major, minor, r->uri, r->method);
resp_hdrs = ap_make_table(p, 20);
nocache = 1; /* do not cache this broken file */
}
/* handle Via header in the response */
if (conf->viaopt != via_off && conf->viaopt != via_block) {
/* Create a "Via:" response header entry and merge it */
i = ap_get_server_port(r);
if (ap_is_default_port(i, r)) {
strlcpy(portstr, "", sizeof(portstr));
}
else {
ap_snprintf(portstr, sizeof portstr, ":%d", i);
}
ap_table_mergen((table *)resp_hdrs, "Via",
(conf->viaopt == via_full)
? ap_psprintf(p, "%d.%d %s%s (%s)",
major, minor,
ap_get_server_name(r), portstr,
SERVER_BASEVERSION)
: ap_psprintf(p, "%d.%d %s%s",
major, minor,
ap_get_server_name(r), portstr)
);
}
/* is this content chunked? */
chunked = ap_find_last_token(r->pool,
ap_table_get(resp_hdrs, "Transfer-Encoding"),
"chunked");
/* strip hop-by-hop headers defined by Connection and RFC2616 */
ap_proxy_clear_connection(p, resp_hdrs);
content_length = ap_table_get(resp_hdrs, "Content-Length");
if (content_length != NULL) {
c->len = ap_strtol(content_length, NULL, 10);
if (c->len < 0) {
ap_kill_timeout(r);
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
"Invalid Content-Length from remote server",
NULL));
}
}
}
else {
/* an http/0.9 response */
/* no headers */
resp_hdrs = ap_make_table(p, 20);
}
ap_kill_timeout(r);
/*
* HTTP/1.1 requires us to accept 3 types of dates, but only generate one
* type
*/
/*
* we SET the dates here, obliterating possible multiple dates, as only
* one of each date makes sense in each response.
*/
if ((datestr = ap_table_get(resp_hdrs, "Date")) != NULL)
ap_table_set(resp_hdrs, "Date", ap_proxy_date_canon(p, datestr));
if ((datestr = ap_table_get(resp_hdrs, "Last-Modified")) != NULL)
ap_table_set(resp_hdrs, "Last-Modified", ap_proxy_date_canon(p, datestr));
if ((datestr = ap_table_get(resp_hdrs, "Expires")) != NULL)
ap_table_set(resp_hdrs, "Expires", ap_proxy_date_canon(p, datestr));
/* handle the ProxyPassReverse mappings */
if ((urlstr = ap_table_get(resp_hdrs, "Location")) != NULL)
ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, urlstr));
if ((urlstr = ap_table_get(resp_hdrs, "URI")) != NULL)
ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr));
if ((urlstr = ap_table_get(resp_hdrs, "Content-Location")) != NULL)
ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_map(r, urlstr));
/* check if NoCache directive on this host */
{
struct sockaddr_in *sin;
struct sockaddr_in6 *sin6;
if (nocache == 0) {
for (i = 0; i < conf->nocaches->nelts; i++) {
if (ncent[i].name != NULL &&
(ncent[i].name[0] == '*' ||
strstr(desthost, ncent[i].name) != NULL)) {
nocache = 1;
break;
}
switch (res->ai_addr->sa_family) {
case AF_INET:
sin = (struct sockaddr_in *)res->ai_addr;
if (sin->sin_addr.s_addr == ncent[i].addr.s_addr) {
nocache = 1;
break;
}
}
}
/* update the cache file, possibly even fulfilling the request if
* it turns out a conditional allowed us to serve the object from the
* cache...
*/
i = ap_proxy_cache_update(c, resp_hdrs, !backasswards, nocache);
if (i != DECLINED) {
ap_bclose(f);
return i;
}
/* write status line and headers to the cache file */
ap_proxy_write_headers(c, ap_pstrcat(p, "HTTP/1.1 ", r->status_line, NULL), resp_hdrs);
}
}
/* Setup the headers for our client from upstreams response-headers */
ap_proxy_table_replace(r->headers_out, resp_hdrs);
/* Add X-Cache header - be careful not to obliterate any upstream headers */
ap_table_mergen(r->headers_out, "X-Cache",
ap_pstrcat(r->pool, "MISS from ",
ap_get_server_name(r), NULL));
/* The Content-Type of this response is the upstream one. */
r->content_type = ap_table_get(r->headers_out, "Content-Type");
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Content-Type: %s", r->content_type);
/* finally output the headers to the client */
ap_send_http_header(r);
/*
* Is it an HTTP/0.9 respose? If so, send the extra data we read from
* upstream as the start of the reponse to client
*/
/* FIXME: This code is broken: we try and write a buffer and length that
* were never intelligently initialised. Rather have a bit of broken protocol
* handling for now than broken code.
*/
/*
if (backasswards) {
ap_hard_timeout("proxy send assbackward", r);
ap_bwrite(r->connection->client, buffer, len);
if (c != NULL && c->fp != NULL && ap_bwrite(c->fp, buffer, len) != len) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
"proxy: error writing extra data to %s", c->tempfile);
c = ap_proxy_cache_error(c);
}
ap_kill_timeout(r);
}
*/
/* send body */
/* if header only, then cache will be NULL */
/* HTTP/1.0 tells us to read to EOF, rather than content-length bytes */
/* XXX CHANGEME: We want to eventually support keepalives, which means
* we must read content-length bytes... */
if (!r->header_only) {
/* we need to set this for ap_proxy_send_fb()... */
c->cache_completion = conf->cache.cache_completion;
/* XXX CHECKME: c->len should be the expected content length, or -1 if the
* content length is not known. We need to make 100% sure c->len is always
* set correctly before we get here to correctly do keepalive.
*/
ap_proxy_send_fb(f, r, c, c->len, 0, chunked, conf->io_buffer_size);
}
/* ap_proxy_send_fb() closes the socket f for us */
ap_proxy_cache_tidy(c);
ap_proxy_garbage_coll(r);
return OK;
}
apr_status_t jxr_process_response_headers(request_rec *r, char *buf)
{
apr_status_t rv = APR_SUCCESS;
apr_size_t pos;
apr_size_t len;
char type;
int nHeaders;
int i;
char name[MAX_STRING_LEN];
char value[MAX_STRING_LEN];
apr_size_t nlen, vlen;
table *merge;
table *cookie_table;
char *w, *l;
type = jxr_msg_get_type(buf);
len = jxr_msg_get_length(buf, &pos);
if (type != BLOCKTYPE_HTTP_HEADER)
{
// Invalid data
compat_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r, "mod_jaxer: invalid data type (%c) received, while expecting a header (%d)", type, BLOCKTYPE_HTTP_HEADER);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* temporary place to hold headers to merge in later */
merge = ap_make_table(r->pool, 10);
cookie_table = ap_make_table(r->pool, 2);
ap_table_do(set_cookie_doo_doo, cookie_table, r->err_headers_out, "Set-Cookie", NULL);
nHeaders = jxr_msg_get_int16(buf, &pos);
for (i=0; i<nHeaders; i++)
{
// Process one header -- name -- val
nlen = jxr_msg_get_string(buf, &pos, name);
vlen = jxr_msg_get_string(buf, &pos, value);
w = name;
l = value;
if (!strcasecmp(w, "Content-type")) {
char *tmp;
/* Nuke trailing whitespace */
char *endp = l + strlen(l) - 1;
while (endp > l && apr_isspace(*endp)) {
*endp-- = '\0';
}
tmp = ap_pstrdup(r->pool, l);
ap_content_type_tolower(tmp);
ap_set_content_type(r, tmp);
}
else if (!strcasecmp(w, "Status")) {
/*
* If the server returned a specific status, that's what
* we'll use - otherwise we assume 200 OK.
*/
r->status = atoi(l);
r->status_line = ap_pstrdup(r->pool, l);
}
else if (!strcasecmp(w, "Location")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Content-Length")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Content-Range")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Transfer-Encoding")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Last-Modified")) {
/*
* If the script gave us a Last-Modified header, we can't just
* pass it on blindly because of restrictions on future values.
*/
ap_update_mtime(r, apr_date_parse_http(l));
ap_set_last_modified(r);
}
else if (!strcasecmp(w, "Set-Cookie")) {
ap_table_add(cookie_table, w, l);
}
else {
ap_table_add(merge, w, l);
}
}
// now merge stuff
ap_overlap_tables(r->err_headers_out, merge,
AP_OVERLAP_TABLES_MERGE);
if (!ap_is_empty_table(cookie_table)) {
/* the cookies have already been copied to the cookie_table */
ap_table_unset(r->err_headers_out, "Set-Cookie");
r->err_headers_out = ap_overlay_tables(r->pool,
r->err_headers_out, cookie_table);
}
return rv;
}
