/* This is the special environment used for running the "exec cmd="
* variety of SSI directives.
*/
static void add_ssi_vars(request_rec *r)
{
apr_table_t *e = r->subprocess_env;
if (r->path_info && r->path_info[0] != '\0') {
request_rec *pa_req;
apr_table_setn(e, "PATH_INFO", ap_escape_shell_cmd(r->pool,
r->path_info));
pa_req = ap_sub_req_lookup_uri(ap_escape_uri(r->pool, r->path_info),
r, NULL);
if (pa_req->filename) {
apr_table_setn(e, "PATH_TRANSLATED",
apr_pstrcat(r->pool, pa_req->filename,
pa_req->path_info, NULL));
}
ap_destroy_sub_req(pa_req);
}
if (r->args) {
char *arg_copy = apr_pstrdup(r->pool, r->args);
apr_table_setn(e, "QUERY_STRING", r->args);
ap_unescape_url(arg_copy);
apr_table_setn(e, "QUERY_STRING_UNESCAPED",
ap_escape_shell_cmd(r->pool, arg_copy));
}
}
static void
s_send_request_to_google_analytics(request_rec *r, const char *utm_url)
{
apr_pool_t *ppool;
apr_size_t response_len;
char *data;
int ii;
request_rec *get_r;
mod_chxj_config *conf;
DBG(r, "REQ[%X] start %s()", TO_ADDR(r),__func__);
apr_pool_create(&ppool, r->pool);
get_r = apr_palloc(ppool, sizeof(request_rec));
memset(get_r, 0, sizeof(request_rec));
get_r->pool = ppool;
get_r->headers_in = apr_table_make(ppool, 4);
get_r->headers_out = apr_table_make(ppool, 4);
apr_table_setn(get_r->headers_in, "User-Agent",apr_table_get(r->headers_in, "User-Agent"));
apr_table_setn(get_r->headers_in, "Host", DL_GOOGLE_HOST);
// ichiou data ni totte oku. tsukawanai kedo.
data = chxj_serf_get(get_r, ppool, utm_url, 0, &response_len);
DBG(r, "REQ[%X] response from google:[%s]", TO_ADDR(r), data);
conf = chxj_get_module_config(r->per_dir_config, &chxj_module);
if (conf->google_analytics_debug && *conf->google_analytics_debug) {
FILE *fp;
if ((fp = fopen(conf->google_analytics_debug, "w")) != NULL) {
fwrite(data, response_len, 1, fp);
fclose(fp);
}
}
DBG(r, "REQ[%X] end %s()", TO_ADDR(r),__func__);
}
static dav_error *
dav_rawx_set_headers(request_rec *r, const dav_resource *resource)
{
if (!resource->exists)
return NULL;
DAV_DEBUG_REQ(r, 0, "%s(%s)", __FUNCTION__, resource_get_pathname(resource));
/* make sure the proper mtime is in the request record */
ap_update_mtime(r, resource->info->finfo.mtime);
ap_set_last_modified(r);
ap_set_etag(r);
/* we accept byte-ranges */
apr_table_setn(r->headers_out, apr_pstrdup(r->pool, "Accept-Ranges"),
apr_pstrdup(r->pool, "bytes"));
/* set up the Content-Length header */
ap_set_content_length(r, resource->info->finfo.size);
request_fill_headers(r, &(resource->info->chunk));
/* compute metadata_compress if compressed content */
if (resource->info->compression) {
char *buf = apr_pstrcat(r->pool, "compression=on;compression_algorithm=", resource->info->compress_algo,
";compression_blocksize=", apr_psprintf(r->pool, "%d", resource->info->cp_chunk.block_size), ";", NULL);
apr_table_setn(r->headers_out, apr_pstrdup(r->pool, "metadatacompress"), buf);
}
return NULL;
}
static void modperl_cmd_setvar_func(apr_table_t *configvars,
apr_table_t *setvars,
const char * key, const char *val)
{
apr_table_setn(setvars, key, val);
apr_table_setn(configvars, key, val);
}
static int wurfl_match_headers(request_rec *r)
{
WurflConfig *sconf;
const char *user_agent;
DeviceInfo *device_info;
sconf = ap_get_module_config(r->server->module_config, &wurfl_module);
// WurflEnable is off
if (!sconf->state) {
return DECLINED;
}
user_agent = apr_table_get(r->headers_in, "User-Agent");
// ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server , "User-Agent is %s", user_agent);
if (user_agent!=NULL) {
device_info = apr_hash_get(sconf->device_hash, user_agent, APR_HASH_KEY_STRING);
if ( device_info != NULL) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server , "Found hash entry for %s MOBILE: %d TABLET: %d", user_agent, device_info->is_mobile, device_info->is_tablet);
apr_table_setn(r->subprocess_env, sconf->mobile_env, "true");
if ( device_info->is_tablet ) {
apr_table_setn(r->subprocess_env, sconf->mobile_env, "true");
}
}
} else {
// ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server , "No entry found for UA: %s", user_agent);
}
return DECLINED;
}
apr_status_t h2_request_end_headers(h2_request *req, apr_pool_t *pool,
int eos, int push)
{
const char *s;
if (req->eoh) {
return APR_EINVAL;
}
/* Always set the "Host" header from :authority, see rfc7540, ch. 8.1.2.3 */
if (!req->authority) {
return APR_BADARG;
}
apr_table_setn(req->headers, "Host", req->authority);
s = apr_table_get(req->headers, "Content-Length");
if (s) {
if (inspect_clen(req, s) != APR_SUCCESS) {
ap_log_perror(APLOG_MARK, APLOG_WARNING, APR_EINVAL, pool,
APLOGNO(02959)
"h2_request(%d): content-length value not parsed: %s",
req->id, s);
return APR_EINVAL;
}
}
else {
/* no content-length given */
req->content_length = -1;
if (!eos) {
/* We have not seen a content-length and have no eos,
* simulate a chunked encoding for our HTTP/1.1 infrastructure,
* in case we have "H2SerializeHeaders on" here
*/
req->chunked = 1;
apr_table_mergen(req->headers, "Transfer-Encoding", "chunked");
}
else if (apr_table_get(req->headers, "Content-Type")) {
/* If we have a content-type, but already see eos, no more
* data will come. Signal a zero content length explicitly.
*/
apr_table_setn(req->headers, "Content-Length", "0");
}
}
req->eoh = 1;
h2_push_policy_determine(req, pool, push);
/* In the presence of trailers, force behaviour of chunked encoding */
s = apr_table_get(req->headers, "Trailer");
if (s && s[0]) {
req->trailers = apr_table_make(pool, 5);
if (!req->chunked) {
req->chunked = 1;
apr_table_mergen(req->headers, "Transfer-Encoding", "chunked");
}
}
return APR_SUCCESS;
}
static int
access_checker(request_rec *r)
{
/*
* We decline when we are in a subrequest. The Authorization header
* would already be present if it was added in the main request.
*/
if (!ap_is_initial_req(r))
return DECLINED;
ap_module_trace_rcall(r);
//r_info(r, "uri: %s", r->uri);
/* checking for tls authentification for this reqeust */
if (!ap_auth_type(r) || strcasecmp(ap_auth_type(r), "TLS-AAA"))
return DECLINED;
struct req *req = ap_req_config_get(r);
struct srv *srv = ap_srv_config_get(r);
struct aaa *aaa = srv->aaa;
struct user *user = &req->user;
user->name = aaa_attr_get(aaa, "user.name");
user->uuid = aaa_attr_get(aaa, "user.uuid");
http_authentication_signal(r);
/*
* We return HTTP_UNAUTHORIZED (401) because the client may wish
* to authenticate using a different scheme, or a different
* user. If this works, they can be granted access. If we
* returned HTTP_FORBIDDEN (403) then they don't get a second
* chance.
*/
if (r->method_number == M_POST) {
apr_table_setn(r->err_headers_out, "X-AAA-ID",
"http://aaa.rtfm.cz/auth");
apr_table_setn(r->err_headers_out, "X-AAA-HANDLER", "qrcode");
r_info(r, "AAA-NEGOTIATE");
//return HTTP_UNAUTHORIZED;
}
if (user->name)
apr_table_add(r->subprocess_env, "REMOTE_USER", user->name);
const char *sec = aaa_attr_get(aaa, "sess.sec");
//r_info(r, "sess.id: %s", aaa_attr_get(aaa, "sess.id"));
if (sec)
r_info(r, "sess.sec: %s", sec);
//r_info(r, "user.uuid: %s", user->uuid);
if (user->name)
r_info(r, "user.name: %s", user->name);
return DECLINED;
}
static int node_handler(request_rec *r)
{
if (name == NULL) {
return DECLINED;
}
apr_table_setn(r->headers_in, "Node", name);
apr_table_setn(r->err_headers_out, "Node", name);
return DECLINED;
}
static int
fixups(request_rec *r)
{
ap_module_trace_rcall(r);
//r_info(r, "uri: %s", r->uri);
struct srv *srv = ap_srv_config_get(r);
struct aaa *a = srv->aaa;
apr_table_t *t = r->subprocess_env;
apr_table_setn(t, "AAA_SESS_ID", aaa_attr_get(a, "sess.id"));
apr_table_setn(t, "AAA_SESS_CREATED", aaa_attr_get(a, "sess.created"));
apr_table_setn(t, "AAA_SESS_MODIFIED",aaa_attr_get(a, "sess.modified"));
apr_table_setn(t, "AAA_SESS_ACCESS", aaa_attr_get(a, "sess.access"));
apr_table_setn(t, "AAA_SESS_EXPIRES", aaa_attr_get(a, "sess.expires"));
apr_table_setn(t, "AAA_SESS_KEY", aaa_attr_get(a, "sess.key"));
apr_table_setn(t, "AAA_SESS_SEC", aaa_attr_get(a, "sess.sec"));
apr_table_setn(t, "AAA_USER_ID", aaa_attr_get(a, "user.id"));
apr_table_setn(t, "AAA_USER_NAME", aaa_attr_get(a, "user.name"));
const char *user = aaa_attr_get(a, "user.name");
if (user)
r_info(r, "user.name: %s", user);
return DECLINED;
}
// This is the method which does all the work handling the uploads. It's only
// triggered by the fixup filter if +porter_should_rewrite_body+ returns true.
apr_status_t porter_process_upload(request_rec *r)
{
porter_server_conf *config = (porter_server_conf *) ap_get_module_config(r->server->module_config, &porter_module);
// Prepare the apreq objects.
apreq_handle_t *req = apreq_handle_apache2(r);
const apr_table_t *request_body = apreq_params(req, r->pool);
// Create our upload request object, this is fleshed out by the rest of this method
porter_upload_request_t *upload_request = porter_create_request(req, r, config);
// This happens with malformed requests. apreq_params should never return null
// when the content-length is > 0 and it's a multipart request. So just assume
// it's broken and return bad request. Otherwise subsequent method calls will
// cause a segfault
if (request_body == NULL)
{
PORTER_LOG_REQUEST_ERROR("Invalid request body");
return HTTP_BAD_REQUEST;
}
// loop over each parameter provided by the user (see porter_each_parameter)
apr_table_do(porter_each_parameter, upload_request, request_body, NULL);
// If any of the parameter handlers return an error, they save the error code
// in the upload_request. So return that same error code.
if (upload_request->status != APR_SUCCESS)
{
return upload_request->status;
}
// Just because the content type is multipart and the content-length was > 0 doesn't
// mean that the user actually uploaded any files. If they didn't, just return success
// and let the original body be passed upstream.
if (!apr_is_empty_array(upload_request->param_names))
{
// Write the parameter names to the X-Uploads header (comma seperated)
const char *upload_parameters = apr_array_pstrcat(r->pool, upload_request->param_names, ',');
apr_off_t len;
apr_table_setn(r->headers_in, HTTP_X_UPLOADS, upload_parameters);
// figure out the length of the newly rewritten body and set it in the request
// along with the right content type.
apr_brigade_length(upload_request->bucket_brigade, 0, &len);
apr_table_setn(r->headers_in, "Content-Length", apr_itoa(r->pool, len));
apr_table_setn(r->headers_in, "Content-Type", "application/x-www-form-urlencoded");
// Add our input filter to the filter chain, this allows
// us to replace the request body with our own one, and ensure that
// gets passed down to the handler.
ap_add_input_filter_handle(porter_input_filter_handle, upload_request, r, r->connection);
}
return APR_SUCCESS;
}
void _mapcache_source_wms_query(mapcache_context *ctx, mapcache_feature_info *fi)
{
mapcache_map *map = (mapcache_map*)fi;
mapcache_source_wms *wms = (mapcache_source_wms*)map->tileset->source;
apr_table_t *params = apr_table_clone(ctx->pool,wms->wms_default_params);
apr_table_overlap(params,wms->getmap_params,0);
apr_table_setn(params,"BBOX",apr_psprintf(ctx->pool,"%f,%f,%f,%f",
map->extent.minx,map->extent.miny,map->extent.maxx,map->extent.maxy));
apr_table_setn(params,"REQUEST","GetFeatureInfo");
apr_table_setn(params,"WIDTH",apr_psprintf(ctx->pool,"%d",map->width));
apr_table_setn(params,"HEIGHT",apr_psprintf(ctx->pool,"%d",map->height));
apr_table_setn(params,"SRS",map->grid_link->grid->srs);
apr_table_setn(params,"X",apr_psprintf(ctx->pool,"%d",fi->i));
apr_table_setn(params,"Y",apr_psprintf(ctx->pool,"%d",fi->j));
apr_table_setn(params,"INFO_FORMAT",fi->format);
apr_table_overlap(params,wms->getfeatureinfo_params,0);
if(map->dimensions && !apr_is_empty_table(map->dimensions)) {
const apr_array_header_t *elts = apr_table_elts(map->dimensions);
int i;
for(i=0; i<elts->nelts; i++) {
apr_table_entry_t entry = APR_ARRAY_IDX(elts,i,apr_table_entry_t);
apr_table_setn(params,entry.key,entry.val);
}
}
fi->data = mapcache_buffer_create(30000,ctx->pool);
mapcache_http_do_request_with_params(ctx,wms->http,params,fi->data,NULL,NULL);
GC_CHECK_ERROR(ctx);
}
/*
** Find a particular lock on a resource (specified by its locktoken).
**
** *lock will be set to NULL if the lock is not found.
**
** Note that the provider can optimize the unmarshalling -- only one
** lock (or none) must be constructed and returned.
**
** If partial_ok is true (non-zero), then an indirect lock can be
** partially filled in. Otherwise, another lookup is done and the
** lock structure will be filled out as a DAV_LOCKREC_INDIRECT.
*/
static dav_error *
find_lock(dav_lockdb *lockdb,
const dav_resource *resource,
const dav_locktoken *locktoken,
int partial_ok,
dav_lock **lock)
{
dav_lockdb_private *info = lockdb->info;
svn_error_t *serr;
svn_lock_t *slock;
dav_lock *dlock = NULL;
/* If the resource's fs path is unreadable, we don't want to say
anything about locks attached to it.*/
if (! dav_svn__allow_read_resource(resource, SVN_INVALID_REVNUM,
resource->pool))
return dav_svn__new_error(resource->pool, HTTP_FORBIDDEN,
DAV_ERR_LOCK_SAVE_LOCK,
"Path is not accessible.");
serr = svn_fs_get_lock(&slock,
resource->info->repos->fs,
resource->info->repos_path,
resource->pool);
if (serr)
return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
"Failed to look up lock by path.",
resource->pool);
if (slock != NULL)
{
/* Sanity check. */
if (strcmp(locktoken->uuid_str, slock->token) != 0)
return dav_svn__new_error(resource->pool, HTTP_BAD_REQUEST,
DAV_ERR_LOCK_SAVE_LOCK,
"Incoming token doesn't match existing "
"lock.");
svn_lock_to_dav_lock(&dlock, slock, FALSE,
resource->exists, resource->pool);
/* Let svn clients know the creationdate of the slock. */
apr_table_setn(info->r->headers_out, SVN_DAV_CREATIONDATE_HEADER,
svn_time_to_cstring(slock->creation_date,
resource->pool));
/* Let svn clients know the 'owner' of the slock. */
apr_table_setn(info->r->headers_out, SVN_DAV_LOCK_OWNER_HEADER,
slock->owner);
}
*lock = dlock;
return 0;
}
static void setn_geoip_output(geoip_server_config_rec * cfg, request_rec * r,
const char *key, const char *value)
{
if (value) {
if (cfg->GeoIPOutput & GEOIP_NOTES) {
apr_table_setn(r->notes, key, value);
}
if (cfg->GeoIPOutput & GEOIP_ENV) {
apr_table_setn(r->subprocess_env, key, value);
}
}
}
static void
s_write_gif_data(request_rec *r)
{
DBG(r, "REQ[%X] start %s()", TO_ADDR(r),__func__);
apr_table_setn(r->headers_out, "Content-Type", "image/gif");
apr_table_setn(r->headers_out, "Cache-Control","private, no-cache, no-cache=Set-Cookie, proxy-revalidate");
apr_table_setn(r->headers_out, "Pragma", "no-cache");
apr_table_setn(r->headers_out, "Expires", "Wed, 17 Sep 1975 21:32:10 GMT");
apr_table_setn(r->headers_out, "Content-Length", "35");
ap_rwrite(v_GIF_DATA, 35, r);
DBG(r, "REQ[%X] end %s()", TO_ADDR(r),__func__);
}
h2_response *h2_response_die(int stream_id, apr_status_t type,
const struct h2_request *req, apr_pool_t *pool)
{
apr_table_t *headers = apr_table_make(pool, 5);
char *date = NULL;
date = apr_palloc(pool, APR_RFC822_DATE_LEN);
ap_recent_rfc822_date(date, req->request_time);
apr_table_setn(headers, "Date", date);
apr_table_setn(headers, "Server", ap_get_server_banner());
return h2_response_create_int(stream_id, 0, 500, headers, pool);
}
static authn_status pam_authenticate_with_login_password(request_rec * r, const char * pam_service,
const char * login, const char * password, int steps) {
pam_handle_t * pamh = NULL;
struct pam_conv pam_conversation = { &pam_authenticate_conv, (void *) password };
const char * stage = "PAM transaction failed for service";
const char * param = pam_service;
int ret;
ret = pam_start(pam_service, login, &pam_conversation, &pamh);
if (ret == PAM_SUCCESS) {
const char * remote_host_or_ip = ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME, NULL);
if (remote_host_or_ip) {
stage = "PAM pam_set_item PAM_RHOST failed for service";
ret = pam_set_item(pamh, PAM_RHOST, remote_host_or_ip);
}
}
if (ret == PAM_SUCCESS) {
if (steps & _PAM_STEP_AUTH) {
param = login;
stage = "PAM authentication failed for user";
ret = pam_authenticate(pamh, PAM_SILENT | PAM_DISALLOW_NULL_AUTHTOK);
}
if ((ret == PAM_SUCCESS) && (steps & _PAM_STEP_ACCOUNT)) {
param = login;
stage = "PAM account validation failed for user";
ret = pam_acct_mgmt(pamh, PAM_SILENT | PAM_DISALLOW_NULL_AUTHTOK);
if (ret == PAM_NEW_AUTHTOK_REQD) {
authnz_pam_config_rec * conf = ap_get_module_config(r->per_dir_config, &authnz_pam_module);
if (conf && conf->expired_redirect_url) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"mod_authnz_pam: PAM_NEW_AUTHTOK_REQD: redirect to [%s]",
conf->expired_redirect_url);
apr_table_addn(r->headers_out, "Location", format_location(r, conf->expired_redirect_url, login));
return HTTP_TEMPORARY_REDIRECT;
}
}
}
}
if (ret != PAM_SUCCESS) {
const char * strerr = pam_strerror(pamh, ret);
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server, "mod_authnz_pam: %s %s: %s", stage, param, strerr);
apr_table_setn(r->subprocess_env, _EXTERNAL_AUTH_ERROR_ENV_NAME, apr_pstrdup(r->pool, strerr));
pam_end(pamh, ret);
return AUTH_DENIED;
}
apr_table_setn(r->subprocess_env, _REMOTE_USER_ENV_NAME, login);
r->user = apr_pstrdup(r->pool, login);
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, r->server, "mod_authnz_pam: PAM authentication passed for user %s", login);
pam_end(pamh, ret);
return AUTH_GRANTED;
}
/**
* Strip the ;jsessionid
*/
static int
cse_strip(request_rec *r)
{
config_t *config = cse_get_module_config(r);
const char *uri = r->uri;
if (config == NULL || ! uri)
return DECLINED;
if (config->session_url_prefix) {
char buffer[8192];
char *new_uri;
new_uri = strstr(uri, config->session_url_prefix);
if (new_uri) {
*new_uri = 0;
/* Strip session encoding from static files. */
if (r->filename) {
char *url_rewrite = strstr(r->filename, config->session_url_prefix);
if (url_rewrite) {
*url_rewrite = 0;
/*
if (stat(r->filename, &r->finfo) < 0)
r->finfo.st_mode = 0;
*/
}
}
if (r->args) {
sprintf(buffer, "%s?%s", r->uri, r->args);
apr_table_setn(r->headers_out, "Location",
ap_construct_url(r->pool, buffer, r));
}
else {
apr_table_setn(r->headers_out, "Location",
ap_construct_url(r->pool, r->uri, r));
}
return HTTP_MOVED_PERMANENTLY;
}
}
return DECLINED;
}
void jaxer_add_env_vars(request_rec * r)
{
/*
* Add additonal vars that are needed by jaxer.
* REMOTE_USER
* REMOTE_HOST
* STATUS_CODE
* HTTPS
*/
apr_table_t *env = r->subprocess_env;
jaxer_dir_conf *config =
ap_get_module_config(r->per_dir_config, &jaxer_module);
int is_ip;
int ssl_on;
const char * ru = ap_get_remote_logname(r);
#ifndef APACHE1_3
const char * rh = ap_get_remote_host(r->connection, config, REMOTE_NAME, &is_ip);
#else
const char * rh = ap_get_remote_host(r->connection, config, REMOTE_NAME);
#endif
if (ru)
apr_table_setn(env, "REMOTE_USER", ru);
// else
// apr_table_setn(env, "REMOTE_USER", "");
if (rh && !is_ip)
ap_table_setn(env, "REMOTE_HOST", rh);
ap_table_setn(env, "STATUS_CODE", ap_psprintf(r->pool, "%d", r->status));
ssl_on = jaxer_conn_is_https(r->connection);
ap_table_setn(env, "HTTPS", ap_psprintf(r->pool, "%s", (ssl_on != 0)? "on" : "off" ));
}
static int parse_request_cookie(modsec_rec *msr)
{
const apr_array_header_t *arr;
apr_table_entry_t *te;
apr_table_t *cookies_tb;
char cookies_key[20];
char *key;
int cookies_count;
int i, j;
arr = apr_table_elts(msr->request_headers);
te = (apr_table_entry_t *)arr->elts;
for (i = 0, j = 0; i < arr->nelts; i++) {
if (strcasecmp(te[i].key, "Cookie") == 0) {
cookies_tb = apr_table_make(msr->mp, 8);
if (cookies_tb == NULL) {
return -1;
}
if (msr->txcfg->cookie_format == COOKIES_V0) {
cookies_count = parse_cookies_v0(msr, te[i].val, cookies_tb);
} else {
cookies_count = parse_cookies_v1(msr, te[i].val, cookies_tb);
}
if (cookies_count <= 0) {
continue;
}
snprintf(cookies_key, 20, "cookies%d", ++j);
key = apr_pstrdup(msr->mp, cookies_key);
apr_table_setn(msr->request_cookies, key, (void *)cookies_tb);
}
}
return 0;
}
size_t _mapcache_curl_header_callback( void *ptr, size_t size, size_t nmemb, void *userdata)
{
char *colonptr;
struct _header_struct *h = (struct _header_struct*)userdata;
char *header = apr_pstrndup(h->ctx->pool,ptr,size*nmemb);
char *endptr = strstr(header,"\r\n");
if(!endptr) {
endptr = strstr(header,"\n");
if(!endptr) {
/* skip invalid header */
#ifdef DEBUG
h->ctx->log(h->ctx,MAPCACHE_DEBUG,"received header %s with no trailing \\r\\n",header);
#endif
return size*nmemb;
}
}
colonptr = strchr(header,':');
if(colonptr) {
*colonptr = '\0';
*endptr = '\0';
apr_table_setn(h->headers,header,colonptr+2);
}
return size*nmemb;
}
/**
* Check if client_ip is trusted
*/
static int check_trusted( conn_rec *c, my_config *conf )
{
const char *trusted;
trusted = apr_table_get( c->notes, NOTE_CLIENT_TRUST);
if (trusted) return (trusted[0] == 'Y');
// Find Access List & Permit/Deny rewrite IP of Client
if (find_accesslist(conf->allows, _CLIENT_ADDR)) {
apr_table_setn(c->notes, NOTE_CLIENT_TRUST, "Y");
return 1;
}
apr_table_setn(c->notes, NOTE_CLIENT_TRUST, "N");
return 0;
}
// The fixup filter's job is to determine if the content body needs to be rewritten,
// and if it does need to be rewritten, it triggers the work
static int porter_fixup(request_rec *r)
{
apr_status_t rv;
apr_table_setn(r->headers_in, HTTP_X_UPLOADS, NULL);
porter_server_conf *config = (porter_server_conf *)ap_get_module_config(r->server->module_config, &porter_module);
if(!config->enabled)
{
PORTER_LOG("Sadly you don't want your uploads to scale !! Good bye");
return DECLINED;
}
int http_status = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR);
if (http_status != OK) {
return http_status;
}
if (porter_should_rewrite_body(r, config))
{
PORTER_HANDLE_ERROR(porter_process_upload(r));
}
return DECLINED;
}
AP_DECLARE(void) ap_log_rerror(const char *file, int line, int level,
apr_status_t status, const request_rec *r,
const char *fmt, ...)
{
va_list args;
va_start(args, fmt);
log_error_core(file, line, level, status, r->server, NULL, r, NULL, fmt,
args);
/*
* IF APLOG_TOCLIENT is set,
* AND the error level is 'warning' or more severe,
* AND there isn't already error text associated with this request,
* THEN make the message text available to ErrorDocument and
* other error processors.
*/
va_end(args);
va_start(args,fmt);
if ((level & APLOG_TOCLIENT)
&& ((level & APLOG_LEVELMASK) <= APLOG_WARNING)
&& (apr_table_get(r->notes, "error-notes") == NULL)) {
apr_table_setn(r->notes, "error-notes",
ap_escape_html(r->pool, apr_pvsprintf(r->pool, fmt,
args)));
}
va_end(args);
}
static int write_http_response(mapcache_context_apache_request *ctx, mapcache_http_response *response) {
request_rec *r = ctx->request;
int rc;
if(response->mtime) {
ap_update_mtime(r, response->mtime);
if((rc = ap_meets_conditions(r)) != OK) {
return rc;
}
char *timestr = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
apr_rfc822_date(timestr, response->mtime);
apr_table_setn(r->headers_out, "Last-Modified", timestr);
}
if(response->headers && !apr_is_empty_table(response->headers)) {
const apr_array_header_t *elts = apr_table_elts(response->headers);
int i;
for(i=0;i<elts->nelts;i++) {
apr_table_entry_t entry = APR_ARRAY_IDX(elts,i,apr_table_entry_t);
if(!strcasecmp(entry.key,"Content-Type")) {
ap_set_content_type(r,entry.val);
} else {
apr_table_set(r->headers_out, entry.key, entry.val);
}
}
}
if(response->data) {
ap_set_content_length(r,response->data->size);
ap_rwrite((void*)response->data->buf, response->data->size, r);
}
r->status = response->code;
return OK;
}
// If 'redirect' is foo/bar, then redirect to it. If it is
// foo/bar/%s, then replace the %s with r->uri.
static void compose_and_set_redirect(request_rec *r, const char* redirect) {
char* composed_redirect = NULL;
if (ap_strstr_c(redirect, "%s")) {
composed_redirect = apr_psprintf(r->pool, redirect, r->uri);
}
apr_table_setn(r->headers_out, "Location", composed_redirect ? composed_redirect : redirect);
}
void msIO_setHeader (const char *header, const char* value, ...)
{
va_list args;
va_start( args, value );
#ifdef MOD_WMS_ENABLED
msIOContext *ioctx = msIO_getHandler (stdout);
if(ioctx && !strcmp(ioctx->label,"apache")) {
request_rec *r = (request_rec*) (ioctx->cbData);
char *fullvalue = apr_pvsprintf(r->pool, value,args);
if (strcasecmp (header, "Content-Type") == 0) {
r->content_type = fullvalue;
} else if (strcasecmp (header, "Status") == 0) {
r->status = atoi (fullvalue);
} else {
apr_table_setn (r->headers_out,
apr_pstrdup (r->pool, header),
fullvalue
);
}
} else {
#endif // MOD_WMS_ENABLED
msIO_fprintf(stdout,"%s: ",header);
msIO_vfprintf(stdout,value,args);
msIO_fprintf(stdout,"\r\n");
#ifdef MOD_WMS_ENABLED
}
#endif
}
apr_status_t pro_filter(ap_filter_t *f, apr_bucket_brigade *bb)
{
printf("enter %s %d\n",__FUNCTION__,__LINE__);
const char *res;
if((res = apr_table_get(f->r->headers_out,"X-Frame-Options"))!=NULL)
printf("x-frame-options is %s\n", res);
apr_table_setn(f->r->headers_out, "pro","i am pro");
apr_table_setn(f->r->headers_out, "X-Frame-Options","ALL ALLOW");
printf("url %s header %s\n", f->r->uri, f->r->handler);
/* if(1)
{
const char *data;
char *buf;
char *p;
int i=0;
apr_size_t len;
apr_bucket *e = APR_BRIGADE_FIRST(bb);
while( e != APR_BRIGADE_SENTINEL(bb) )
{
printf("bucket name %s \n",e->type->name);
if( APR_BUCKET_IS_EOS(e) )
{
e = APR_BUCKET_NEXT(e);
continue;
}
//read
apr_bucket_read(e, &data, &len, APR_BLOCK_READ);
if( (buf=strstr(data,"X-Frame-Option")) != NULL)
{
int l1 = buf-data;
apr_bucket_split(e,l1);
e = APR_BUCKET_NEXT(e);
if( (p=strstr(buf,"\n")) != NULL )
{
int l = p-buf+1;
apr_bucket_split(e,l);
APR_BUCKET_REMOVE(e);
break;
}
}
e = APR_BUCKET_NEXT(e);
}
}*/
ap_remove_output_filter(f);
printf("leave function %s\n", __FUNCTION__);
return ap_pass_brigade(f->next,bb);
}
static ngx_inline ngx_int_t
ngx_http_modsecurity_load_headers_in(ngx_http_request_t *r)
{
ngx_http_modsecurity_ctx_t *ctx;
const char *lang;
request_rec *req;
ngx_list_part_t *part;
ngx_table_elt_t *h;
ngx_uint_t i;
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
req = ctx->req;
part = &r->headers_in.headers.part;
h = part->elts;
for (i = 0; ; i++) {
if (i >= part->nelts) {
if (part->next == NULL)
break;
part = part->next;
h = part->elts;
i = 0;
}
apr_table_setn(req->headers_in, (char *)h[i].key.data, (char *)h[i].value.data);
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSecurity: load headers in: \"%V: %V\"",
&h[i].key, &h[i].value);
}
req->clength = r->headers_in.content_length_n;
req->range = apr_table_get(req->headers_in, "Range");
req->content_type = apr_table_get(req->headers_in, "Content-Type");
req->content_encoding = apr_table_get(req->headers_in, "Content-Encoding");
lang = apr_table_get(ctx->req->headers_in, "Content-Languages");
if(lang != NULL)
{
ctx->req->content_languages = apr_array_make(ctx->req->pool, 1, sizeof(const char *));
*(const char **)apr_array_push(ctx->req->content_languages) = lang;
}
req->ap_auth_type = (char *)apr_table_get(req->headers_in, "Authorization");
req->user = (char *)ngx_pstrdup0(r->pool, &r->headers_in.user);
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSecurity: load headers in done");
return NGX_OK;
}
/* user apr_table_do to set session information in child environment variable */
static int Auth_memCookie_DoSetEnv(void *rec, const char *szKey, const char *szValue)
{
request_rec *r = (request_rec*)rec;
char *szEnvName = apr_pstrcat(r->pool,"X_",szKey,NULL);
/* set env var X_USER to the user session value */
apr_table_setn(r->subprocess_env, szEnvName, szValue);
return 1;
}
static void note_basic_auth_failure(request_rec *r)
{
apr_table_setn(r->err_headers_out,
(PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate"
: "WWW-Authenticate",
apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r),
"\"", NULL));
}
