Params *getPostParms(request_rec *r, apr_off_t * postSize) {
apr_array_header_t *pairs = NULL;
apr_off_t len;
apr_size_t size;
int res;
int i = 0;
char *buffer;
Params *params = NULL;
res = ap_parse_form_data(r, NULL, &pairs, -1, HUGE_STRING_LEN);
if (res != OK || !pairs) return NULL;
params = apr_pcalloc(r->pool, sizeof(Params) * (pairs->nelts + 1));
while (pairs && !apr_is_empty_array(pairs)) {
ap_form_pair_t *pair = (ap_form_pair_t *) apr_array_pop(pairs);
apr_brigade_length(pair->value, 1, &len);
size = (apr_size_t) len;
buffer = apr_palloc(r->pool, size + 1);
apr_brigade_flatten(pair->value, buffer, &size);
buffer[len] = 0;
params[i].key = apr_pstrdup(r->pool, pair->name);
params[i].val = buffer;
params[i].length = strlen(buffer);
//ap_rprintf(r,"key : val : len: is %s : %s : %d ===", params[i].key, params[i].val, params[i].length);
i++;
}
*postSize = i;
return params;
}
static llzr_conn* get_post_data(request_rec* r)
{
GTable *request_post_data = g_hash_table_new(g_str_hash, g_str_equal);
apr_array_header_t *pairs = NULL;
apr_off_t len;
apr_size_t size;
int res;
char *buffer;
res = ap_parse_form_data(r, NULL, &pairs, -1, HUGE_STRING_LEN);
if (res != OK || !pairs) return NULL; /* Return NULL if we failed or if there are is no POST data */
while (pairs && !apr_is_empty_array(pairs)) {
ap_form_pair_t *pair = (ap_form_pair_t *) apr_array_pop(pairs);
apr_brigade_length(pair->value, 1, &len);
size = (apr_size_t) len;
buffer = apr_palloc(r->pool, size + 1);
apr_brigade_flatten(pair->value, buffer, &size);
buffer[len] = 0;
g_hash_table_insert( request_post_data, apr_pstrdup(r->pool, pair->name), buffer);
}
return request_post_data;
}
static void bind_post(int *count, lily_parse_state *parser, request_rec *r)
{
if (*count == -1)
return;
lily_var *post_var = bind_hash_str_str_var(parser->symtab, "post");
lily_hash_val *hash_val = post_var->value.hash;
apr_array_header_t *pairs;
apr_off_t len;
apr_size_t size;
char *buffer;
char *sipkey = parser->vm->sipkey;
lily_class *string_cls = lily_class_by_id(parser->symtab, SYM_CLASS_STRING);
lily_sig *string_sig = string_cls->sig;
/* Credit: I found out how to use this by reading httpd 2.4's mod_lua
(specifically req_parsebody of lua_request.c). */
int res = ap_parse_form_data(r, NULL, &pairs, -1, 1024 * 8);
if (res == OK) {
while (pairs && !apr_is_empty_array(pairs)) {
ap_form_pair_t *pair = (ap_form_pair_t *) apr_array_pop(pairs);
apr_brigade_length(pair->value, 1, &len);
size = (apr_size_t) len;
buffer = lily_malloc(size + 1);
if (buffer == NULL) {
*count = -1;
return;
}
apr_brigade_flatten(pair->value, buffer, &size);
buffer[len] = 0;
lily_value *elem_key = bind_string(string_sig, pair->name);
/* Give the buffer to the value to save memory. */
lily_value *elem_value = bind_string_and_buffer(string_sig, buffer);
lily_hash_elem *new_elem = bind_hash_elem_with_values(sipkey,
elem_key, elem_value);
if (elem_key == NULL || elem_value == NULL || new_elem == NULL) {
lily_free(new_elem);
deref_destroy_value(elem_key);
deref_destroy_value(elem_value);
*count = -1;
return;
}
new_elem->next = hash_val->elem_chain;
hash_val->elem_chain = new_elem;
}
}
(*count)++;
}
/**
var post: Hash[String, Tainted[String]]
This contains key+value pairs that were sent to the server as POST variables.
Any pair that has a key or a value that is not valid utf-8 will not be present.
*/
static lily_value *load_var_post(lily_options *options, uint16_t *unused)
{
lily_value *v = lily_new_empty_value();
lily_move_hash_f(MOVE_DEREF_NO_GC, v, lily_new_hash_val());
lily_hash_val *hash_val = v->value.hash;
request_rec *r = (request_rec *)options->data;
apr_array_header_t *pairs;
apr_off_t len;
apr_size_t size;
char *buffer;
/* Credit: I found out how to use this by reading httpd 2.4's mod_lua
(specifically req_parsebody of lua_request.c). */
int res = ap_parse_form_data(r, NULL, &pairs, -1, 1024 * 8);
if (res == OK) {
while (pairs && !apr_is_empty_array(pairs)) {
ap_form_pair_t *pair = (ap_form_pair_t *) apr_array_pop(pairs);
if (lily_is_valid_utf8(pair->name) == 0)
continue;
apr_brigade_length(pair->value, 1, &len);
size = (apr_size_t) len;
buffer = lily_malloc(size + 1);
if (lily_is_valid_utf8(buffer) == 0) {
lily_free(buffer);
continue;
}
apr_brigade_flatten(pair->value, buffer, &size);
buffer[len] = 0;
lily_value *elem_key = lily_new_string(pair->name);
/* Give the buffer to the value to save memory. */
lily_value *elem_raw_value = lily_new_string_take(buffer);
lily_value *elem_value = bind_tainted_of(elem_raw_value);
apache_add_unique_hash_entry(options->sipkey, hash_val, elem_key,
elem_value);
}
}
return v;
}
static int mod_handler_debug(request_rec *r) {
// The first thing we will do is write a simple "Hello, world!" back to the client.
ap_set_content_type(r, "text/html"); /* force a raw text output */
ap_rputs("Hello, world!<br/>\n", r);
if (config.secretKey) {
ap_rprintf(r, "SecretKey is: %s<br/>\n", config.secretKey);
}
if (config.iv) {
ap_rprintf(r, "IV is: %s<br/>\n", config.iv);
}
if (config.tokenParam) {
ap_rprintf(r, "TokenParam is: %s<br/>\n", config.tokenParam);
}
if (config.algorithm) {
ap_rprintf(r, "Algorithm is: %s<br/>\n", config.algorithm);
}
ap_rprintf(r, "parsed_uri.path: %s<br/>\n", r->parsed_uri.path);
ap_rprintf(r, "parsed_uri.fragment: %s<br/>\n", r->parsed_uri.fragment);
ap_rprintf(r, "parsed_uri.hostinfo: %s<br/>\n", r->parsed_uri.hostinfo);
ap_rprintf(r, "parsed_uri.query: %s<br/>\n", r->parsed_uri.query);
ap_rprintf(r, "parsed_uri.hostname: %s<br/>\n", r->parsed_uri.hostname);
ap_rprintf(r, "parsed_uri.user: %s<br/>\n", r->parsed_uri.user);
ap_rprintf(r, "parsed_uri.scheme: %s<br/>\n", r->parsed_uri.scheme);
ap_rprintf(r, "request: %s<br/>\n", r->path_info);
ap_rprintf(r, "filename: %s<br/>\n", r->filename);
apr_table_t*GET;
ap_args_to_table(r, &GET);
apr_array_header_t*POST;
ap_parse_form_data(r, NULL, &POST, -1, 8192);
if (!config.secretKey) {
ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r->server, "No such secretKey set");
return DECLINED;
}
if (!config.iv) {
ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r->server, "No such IV set");
return DECLINED;
}
if (!config.algorithm) {
ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r->server, "No such algorithm set");
return DECLINED;
}
/* Get the "digest" key from the query string, if any. */
// use const
unsigned char *plain = (unsigned char*) getParam(GET, "plain", "The fox jumped over the lazy dog");
/* Get the "digest" key from the query string, if any. */
// use const
unsigned char *cipherparam = (unsigned char*) getParam(GET, "cipher", "");
// use const
const unsigned char *iv = (unsigned char*) "aefpojaefojaepfojaepaoejfapeojfaeopjaej";
long ivlength = strlen((char*)iv);
/* Get the "digest" key from the query string, if any. */
// use const
unsigned char *key = (unsigned char*) getParam(GET, "key", "The fox jumped over the lazy dog");
long keylength = strlen((char*)key);
if (strlen((char*)key) > 0) {
if (strlen((char*)plain) > 0) {
cryptoc_data ciphereddata = cryptoc_encrypt_iv(CRYPTOC_AES_192_CBC, key, keylength, iv, ivlength, plain, strlen((char*)plain));
if (!ciphereddata.error) {
ap_rprintf(r, "Ciphered data: %s \n<br />", ciphereddata.data);
ap_rputs("Ciphered HEX data: ", r);
ap_rprintf_hex(r, ciphereddata.data, ciphereddata.length);
ap_rputs("\n<br />", r);
cryptoc_data deciphereddata = cryptoc_decrypt_iv(CRYPTOC_AES_192_CBC, key, keylength, iv, ivlength, ciphereddata.data, ciphereddata.length);
if (!deciphereddata.error) {
deciphereddata.data[deciphereddata.length] = '\0';
ap_rprintf(r, "DECiphered data: %s <br />", deciphereddata.data);
} else {
ap_rprintf(r, "Error!! %s", deciphereddata.errorMessage);
}
} else {
ap_rprintf(r, "Error!! %s", ciphereddata.errorMessage);
}
}
if (strlen((char*)cipherparam) > 0) {
unsigned char* cipher = ap_hex_to_char(r, cipherparam, strlen((char*)cipherparam));
/* The following line just prints a message to the errorlog */
//ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, 0, r->server, "Cipher is %s / %s / %d", cipher, (cipherparam), strlen((char*)cipherparam));
cryptoc_data deciphereddata = cryptoc_decrypt_iv(CRYPTOC_AES_192_CBC, key, keylength, iv, ivlength, cipher, strlen((char*)cipher));
if (!deciphereddata.error) {
deciphereddata.data[deciphereddata.length] = '\0';
ap_rprintf(r, "DECiphered data: %s <br />", deciphereddata.data);
} else {
ap_rprintf(r, "Error!! %s", deciphereddata.errorMessage);
}
}
} else {
/* The following line just prints a message to the errorlog */
//ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, 0, r->server, "mod_token_auth: key is empty. %s %s", plain, cipherparam);
}
return OK;
}
static int pgasp_handler (request_rec * r)
{
char cursor_string[256];
pgasp_config* config = (pgasp_config*) ap_get_module_config(r->server->module_config, &pgasp_module ) ;
pgasp_dir_config* dir_config = (pgasp_dir_config*) ap_get_module_config(r->per_dir_config, &pgasp_module ) ;
apr_table_t * GET = NULL, *GETargs = NULL;
apr_array_header_t * POST;
PGconn * pgc;
PGresult * pgr;
int i, j, allowed_to_serve, filename_length = 0;
int field_count, tuple_count;
char * requested_file;
char *basename;
params_t params;
/* PQexecParams doesn't seem to like zero-length strings, so we feed it a dummy */
const char * dummy_get = "nothing";
const char * dummy_user = "******";
const char * cursor_values[2] = { r -> args ? apr_pstrdup(r->pool, r -> args) : dummy_get, r->user ? r->user : dummy_user };
int cursor_value_lengths[2] = { strlen(cursor_values[0]), strlen(cursor_values[1]) };
int cursor_value_formats[2] = { 0, 0 };
if (!r -> handler || strcmp (r -> handler, "pgasp-handler") ) return DECLINED;
if (!r -> method || (strcmp (r -> method, "GET") && strcmp (r -> method, "POST")) ) return DECLINED;
if (config->is_enabled != true) return OK; /* pretending we have responded, may return DECLINED in the future */
requested_file = apr_pstrdup (r -> pool, r -> path_info /*filename*/);
i = strlen(requested_file) - 1;
while (i > 0)
{
if (requested_file[i] == '.') filename_length = i;
if (requested_file[i] == '/') break;
i--;
}
if (i >= 0) {
requested_file += i+1; /* now pointing to foo.pgasp instead of /var/www/.../foo.pgasp */
if (filename_length > i) filename_length -= i+1;
}
allowed_to_serve = false;
for (i = 0; i < config->allowed_count; i++)
{
if (!strcmp(config->allowed[i], requested_file))
{
allowed_to_serve = true;
break;
}
}
if (config->allowed_count == 0) allowed_to_serve = true;
if (!allowed_to_serve)
{
ap_set_content_type(r, "text/plain");
ap_rprintf(r, "Hello there\nThis is PGASP\nEnabled: %s\n", config->is_enabled ? "On" : "Off");
ap_rprintf(r, "Requested: %s\n", requested_file);
ap_rprintf(r, "Allowed: %s\n", allowed_to_serve ? "Yes" : "No");
return OK; /* pretending we have served the file, may return HTTP_FORDIDDEN in the future */
}
if (filename_length == 0) {
basename = requested_file;
} else {
basename = apr_pstrndup(r->pool, requested_file, filename_length);
}
ap_args_to_table(r, &GETargs);
if (OK != ap_parse_form_data(r, NULL, &POST, -1, (~((apr_size_t)0)))) {
__(r->server, " ** ap_parse_form_data is NOT OK");
}
GET = (NULL == GET) ? GETargs : apr_table_overlay(r->pool, GETargs, GET);
// move all POST parameters into GET table
{
ap_form_pair_t *pair;
char *buffer;
apr_off_t len;
apr_size_t size;
while (NULL != (pair = apr_array_pop(POST))) {
apr_brigade_length(pair->value, 1, &len);
size = (apr_size_t) len;
buffer = apr_palloc(r->pool, size + 1);
apr_brigade_flatten(pair->value, buffer, &size);
buffer[len] = 0;
apr_table_setn(GET, apr_pstrdup(r->pool, pair->name), buffer); //should name and value be ap_unescape_url() -ed?
// __(r->server, "POST[%s]: %s", pair->name, buffer);
}
}
params.r = r;
params.args = NULL;
apr_table_do(tab_args, ¶ms, GET, NULL);
params.args = apr_pstrcat(r->pool, "&", params.args, "&", NULL);
cursor_values[0] = params.args;
cursor_value_lengths[0] = strlen(cursor_values[0]);
/* set response content type according to configuration or to default value */
ap_set_content_type(r, dir_config->content_type_set ? dir_config->content_type : "text/html");
/* now connecting to Postgres, getting function output, and printing it */
pgc = pgasp_pool_open (r->server);
if (PQstatus(pgc) != CONNECTION_OK)
{
spit_pg_error ("connect");
pgasp_pool_close(r->server, pgc);
return OK;
}
/* removing extention (.pgasp or other) from file name, and adding "f_" for function name, i.e. foo.pgasp becomes psp_foo() */
snprintf(cursor_string,
sizeof(cursor_string),
"select * from f_%s($1::varchar)",
basename);
/* passing GET as first (and only) parameter */
if (0 == PQsendQueryParams (pgc, cursor_string, 1, NULL, cursor_values, cursor_value_lengths, cursor_value_formats, 0)) {
spit_pg_error ("sending async query with params");
return clean_up_connection(r->server);
}
if (0 == PQsetSingleRowMode(pgc)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server, "can not fall into single raw mode to fetch data");
}
while (NULL != (pgr = PQgetResult(pgc))) {
if (PQresultStatus(pgr) != PGRES_TUPLES_OK && PQresultStatus(pgr) != PGRES_SINGLE_TUPLE) {
spit_pg_error ("fetch data");
return clean_up_connection(r->server);
}
/* the following counts and for-loop may seem excessive as it's just 1 row/1 field, but might need it in the future */
field_count = PQnfields(pgr);
tuple_count = PQntuples(pgr);
for (i = 0; i < tuple_count; i++)
{
for (j = 0; j < field_count; j++) ap_rprintf(r, "%s", PQgetvalue(pgr, i, j));
ap_rprintf(r, "\n");
}
PQclear (pgr);
}
pgasp_pool_close(r->server, pgc);
return OK;
}
