/* This does some initial checking, like if we're running on a SSL line or not */
static int checkInitial(request_rec *r)
{
return OK;
yubiauth_dir_cfg *cfg = ap_get_module_config(r->per_dir_config, &authn_yubikey_module);
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r,
LOG_PREFIX "requireSecure: %d", cfg->requireSecure);
/* If no securiy is wanted or scheme is already https */
if (!cfg->requireSecure || !strncmp(ap_http_scheme(r), "https", 5)) {
return OK;
}
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
LOG_PREFIX "The server is configured to use HTTPS on URI: %s", r->uri);
if(cfg->externalErrorPage == TRUE){
/* We explicitly want that to be overridable */
//return HTTP_BAD_REQUEST;
return HTTP_NOT_ACCEPTABLE;
}
/* Tell the user/admin what's going on instead of just showing BAD_REQUEST */
ap_rputs(DOCTYPE_HTML_4_0T, r);
ap_set_content_type(r, "text/html;");
ap_rputs(ERROR_TEXT, r);
ap_finalize_request_protocol(r);
return HTTP_BAD_REQUEST;
}
apr_status_t h2_request_rwrite(h2_request *req, request_rec *r)
{
apr_status_t status;
req->config = h2_config_rget(r);
req->method = r->method;
req->scheme = (r->parsed_uri.scheme? r->parsed_uri.scheme
: ap_http_scheme(r));
req->authority = r->hostname;
req->path = apr_uri_unparse(r->pool, &r->parsed_uri,
APR_URI_UNP_OMITSITEPART);
if (!ap_strchr_c(req->authority, ':') && r->server && r->server->port) {
apr_port_t defport = apr_uri_port_of_scheme(req->scheme);
if (defport != r->server->port) {
/* port info missing and port is not default for scheme: append */
req->authority = apr_psprintf(r->pool, "%s:%d", req->authority,
(int)r->server->port);
}
}
AP_DEBUG_ASSERT(req->scheme);
AP_DEBUG_ASSERT(req->authority);
AP_DEBUG_ASSERT(req->path);
AP_DEBUG_ASSERT(req->method);
status = add_all_h1_header(req, r->pool, r->headers_in);
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, status, r,
"h2_request(%d): rwrite %s host=%s://%s%s",
req->id, req->method, req->scheme, req->authority, req->path);
return status;
}
static mrb_value ap_mrb_get_request_scheme(mrb_state *mrb, mrb_value str)
{
request_rec *r = ap_mrb_get_request();
char *val = ap_http_scheme(r);
return mrb_str_new(mrb, val, strlen(val));
}
static apr_status_t cache_canonicalise_key(request_rec *r, apr_pool_t* p,
const char *uri, apr_uri_t *parsed_uri, const char **key)
{
cache_server_conf *conf;
char *port_str, *hn, *lcs;
const char *hostname, *scheme;
int i;
const char *path;
char *querystring;
if (*key) {
/*
* We have been here before during the processing of this request.
*/
return APR_SUCCESS;
}
/*
* Get the module configuration. We need this for the CacheIgnoreQueryString
* option below.
*/
conf = (cache_server_conf *) ap_get_module_config(r->server->module_config,
&cache_module);
/*
* Use the canonical name to improve cache hit rate, but only if this is
* not a proxy request or if this is a reverse proxy request.
* We need to handle both cases in the same manner as for the reverse proxy
* case we have the following situation:
*
* If a cached entry is looked up by mod_cache's quick handler r->proxyreq
* is still unset in the reverse proxy case as it only gets set in the
* translate name hook (either by ProxyPass or mod_rewrite) which is run
* after the quick handler hook. This is different to the forward proxy
* case where it gets set before the quick handler is run (in the
* post_read_request hook).
* If a cache entry is created by the CACHE_SAVE filter we always have
* r->proxyreq set correctly.
* So we must ensure that in the reverse proxy case we use the same code
* path and using the canonical name seems to be the right thing to do
* in the reverse proxy case.
*/
if (!r->proxyreq || (r->proxyreq == PROXYREQ_REVERSE)) {
if (conf->base_uri && conf->base_uri->hostname) {
hostname = conf->base_uri->hostname;
}
else {
/* Use _default_ as the hostname if none present, as in mod_vhost */
hostname = ap_get_server_name(r);
if (!hostname) {
hostname = "_default_";
}
}
}
else if (parsed_uri->hostname) {
/* Copy the parsed uri hostname */
hn = apr_pstrdup(p, parsed_uri->hostname);
ap_str_tolower(hn);
/* const work-around */
hostname = hn;
}
else {
/* We are a proxied request, with no hostname. Unlikely
* to get very far - but just in case */
hostname = "_default_";
}
/*
* Copy the scheme, ensuring that it is lower case. If the parsed uri
* contains no string or if this is not a proxy request get the http
* scheme for this request. As r->parsed_uri.scheme is not set if this
* is a reverse proxy request, it is ensured that the cases
* "no proxy request" and "reverse proxy request" are handled in the same
* manner (see above why this is needed).
*/
if (r->proxyreq && parsed_uri->scheme) {
/* Copy the scheme and lower-case it */
lcs = apr_pstrdup(p, parsed_uri->scheme);
ap_str_tolower(lcs);
/* const work-around */
scheme = lcs;
}
else {
if (conf->base_uri && conf->base_uri->scheme) {
scheme = conf->base_uri->scheme;
}
else {
scheme = ap_http_scheme(r);
}
}
/*
* If this is a proxy request, but not a reverse proxy request (see comment
* above why these cases must be handled in the same manner), copy the
* URI's port-string (which may be a service name). If the URI contains
* no port-string, use apr-util's notion of the default port for that
* scheme - if available. Otherwise use the port-number of the current
* server.
*/
if (r->proxyreq && (r->proxyreq != PROXYREQ_REVERSE)) {
if (parsed_uri->port_str) {
port_str = apr_pcalloc(p, strlen(parsed_uri->port_str) + 2);
port_str[0] = ':';
for (i = 0; parsed_uri->port_str[i]; i++) {
port_str[i + 1] = apr_tolower(parsed_uri->port_str[i]);
}
}
else if (apr_uri_port_of_scheme(scheme)) {
port_str = apr_psprintf(p, ":%u", apr_uri_port_of_scheme(scheme));
}
else {
/* No port string given in the AbsoluteUri, and we have no
* idea what the default port for the scheme is. Leave it
* blank and live with the inefficiency of some extra cached
* entities.
*/
port_str = "";
}
}
else {
if (conf->base_uri && conf->base_uri->port_str) {
port_str = conf->base_uri->port_str;
}
else if (conf->base_uri && conf->base_uri->hostname) {
port_str = "";
}
else {
/* Use the server port */
port_str = apr_psprintf(p, ":%u", ap_get_server_port(r));
}
}
/*
* Check if we need to ignore session identifiers in the URL and do so
* if needed.
*/
path = uri;
querystring = parsed_uri->query;
if (conf->ignore_session_id->nelts) {
int i;
char **identifier;
identifier = (char **) conf->ignore_session_id->elts;
for (i = 0; i < conf->ignore_session_id->nelts; i++, identifier++) {
int len;
const char *param;
len = strlen(*identifier);
/*
* Check that we have a parameter separator in the last segment
* of the path and that the parameter matches our identifier
*/
if ((param = ap_strrchr_c(path, ';'))
&& !strncmp(param + 1, *identifier, len)
&& (*(param + len + 1) == '=')
&& !ap_strchr_c(param + len + 2, '/')) {
path = apr_pstrndup(p, path, param - path);
continue;
}
/*
* Check if the identifier is in the querystring and cut it out.
*/
if (querystring) {
/*
* First check if the identifier is at the beginning of the
* querystring and followed by a '='
*/
if (!strncmp(querystring, *identifier, len)
&& (*(querystring + len) == '=')) {
param = querystring;
}
else {
char *complete;
/*
* In order to avoid subkey matching (PR 48401) prepend
* identifier with a '&' and append a '='
*/
complete = apr_pstrcat(p, "&", *identifier, "=", NULL);
param = strstr(querystring, complete);
/* If we found something we are sitting on the '&' */
if (param) {
param++;
}
}
if (param) {
const char *amp;
if (querystring != param) {
querystring = apr_pstrndup(p, querystring,
param - querystring);
}
else {
querystring = "";
}
if ((amp = ap_strchr_c(param + len + 1, '&'))) {
querystring = apr_pstrcat(p, querystring, amp + 1,
NULL);
}
else {
/*
* If querystring is not "", then we have the case
* that the identifier parameter we removed was the
* last one in the original querystring. Hence we have
* a trailing '&' which needs to be removed.
*/
if (*querystring) {
querystring[strlen(querystring) - 1] = '\0';
}
}
}
}
}
}
/* Key format is a URI, optionally without the query-string */
if (conf->ignorequerystring) {
*key = apr_pstrcat(p, scheme, "://", hostname, port_str, path, "?",
NULL);
}
else {
*key = apr_pstrcat(p, scheme, "://", hostname, port_str, path, "?",
querystring, NULL);
}
/*
* Store the key in the request_config for the cache as r->parsed_uri
* might have changed in the time from our first visit here triggered by the
* quick handler and our possible second visit triggered by the CACHE_SAVE
* filter (e.g. r->parsed_uri got unescaped). In this case we would save the
* resource in the cache under a key where it is never found by the quick
* handler during following requests.
*/
ap_log_rerror(
APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r, APLOGNO(00698) "cache: Key for entity %s?%s is %s", uri, parsed_uri->query, *key);
return APR_SUCCESS;
}
AP_DECLARE(void) ap_add_common_vars(request_rec *r)
{
apr_table_t *e;
server_rec *s = r->server;
conn_rec *c = r->connection;
core_dir_config *conf =
(core_dir_config *)ap_get_core_module_config(r->per_dir_config);
const char *env_temp;
const apr_array_header_t *hdrs_arr = apr_table_elts(r->headers_in);
const apr_table_entry_t *hdrs = (const apr_table_entry_t *) hdrs_arr->elts;
int i;
apr_port_t rport;
char *q;
/* use a temporary apr_table_t which we'll overlap onto
* r->subprocess_env later
* (exception: if r->subprocess_env is empty at the start,
* write directly into it)
*/
if (apr_is_empty_table(r->subprocess_env)) {
e = r->subprocess_env;
}
else {
e = apr_table_make(r->pool, 25 + hdrs_arr->nelts);
}
/* First, add environment vars from headers... this is as per
* CGI specs, though other sorts of scripting interfaces see
* the same vars...
*/
for (i = 0; i < hdrs_arr->nelts; ++i) {
if (!hdrs[i].key) {
continue;
}
/* A few headers are special cased --- Authorization to prevent
* rogue scripts from capturing passwords; content-type and -length
* for no particular reason.
*/
if (!strcasecmp(hdrs[i].key, "Content-type")) {
apr_table_addn(e, "CONTENT_TYPE", hdrs[i].val);
}
else if (!strcasecmp(hdrs[i].key, "Content-length")) {
apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
}
/*
* You really don't want to disable this check, since it leaves you
* wide open to CGIs stealing passwords and people viewing them
* in the environment with "ps -e". But, if you must...
*/
#ifndef SECURITY_HOLE_PASS_AUTHORIZATION
else if (!strcasecmp(hdrs[i].key, "Authorization")
|| !strcasecmp(hdrs[i].key, "Proxy-Authorization")) {
if (conf->cgi_pass_auth == AP_CGI_PASS_AUTH_ON) {
add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
}
}
#endif
else
add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
}
env_temp = apr_table_get(r->subprocess_env, "PATH");
if (env_temp == NULL) {
env_temp = getenv("PATH");
}
if (env_temp == NULL) {
env_temp = DEFAULT_PATH;
}
apr_table_addn(e, "PATH", apr_pstrdup(r->pool, env_temp));
#if defined(WIN32)
env2env(e, "SystemRoot");
env2env(e, "COMSPEC");
env2env(e, "PATHEXT");
env2env(e, "WINDIR");
#elif defined(OS2)
env2env(e, "COMSPEC");
env2env(e, "ETC");
env2env(e, "DPATH");
env2env(e, "PERLLIB_PREFIX");
#elif defined(BEOS)
env2env(e, "LIBRARY_PATH");
#elif defined(DARWIN)
env2env(e, "DYLD_LIBRARY_PATH");
#elif defined(_AIX)
env2env(e, "LIBPATH");
#elif defined(__HPUX__)
/* HPUX PARISC 2.0W knows both, otherwise redundancy is harmless */
env2env(e, "SHLIB_PATH");
env2env(e, "LD_LIBRARY_PATH");
#else /* Some Unix */
env2env(e, "LD_LIBRARY_PATH");
#endif
apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
apr_table_addn(e, "SERVER_SOFTWARE", ap_get_server_banner());
apr_table_addn(e, "SERVER_NAME",
ap_escape_html(r->pool, ap_get_server_name_for_url(r)));
apr_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */
apr_table_addn(e, "SERVER_PORT",
apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
add_unless_null(e, "REMOTE_HOST",
ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST, NULL));
apr_table_addn(e, "REMOTE_ADDR", r->useragent_ip);
apr_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r)); /* Apache */
apr_table_setn(e, "REQUEST_SCHEME", ap_http_scheme(r));
apr_table_addn(e, "CONTEXT_PREFIX", ap_context_prefix(r));
apr_table_addn(e, "CONTEXT_DOCUMENT_ROOT", ap_context_document_root(r));
apr_table_addn(e, "SERVER_ADMIN", s->server_admin); /* Apache */
if (apr_table_get(r->notes, "proxy-noquery") && (q = ap_strchr(r->filename, '?'))) {
*q = '\0';
apr_table_addn(e, "SCRIPT_FILENAME", apr_pstrdup(r->pool, r->filename));
*q = '?';
}
else {
apr_table_addn(e, "SCRIPT_FILENAME", r->filename); /* Apache */
}
rport = c->client_addr->port;
apr_table_addn(e, "REMOTE_PORT", apr_itoa(r->pool, rport));
if (r->user) {
apr_table_addn(e, "REMOTE_USER", r->user);
}
else if (r->prev) {
request_rec *back = r->prev;
while (back) {
if (back->user) {
apr_table_addn(e, "REDIRECT_REMOTE_USER", back->user);
break;
}
back = back->prev;
}
}
add_unless_null(e, "AUTH_TYPE", r->ap_auth_type);
env_temp = ap_get_remote_logname(r);
if (env_temp) {
apr_table_addn(e, "REMOTE_IDENT", apr_pstrdup(r->pool, env_temp));
}
/* Apache custom error responses. If we have redirected set two new vars */
if (r->prev) {
/* PR#57785: reconstruct full URL here */
apr_uri_t *uri = &r->prev->parsed_uri;
if (!uri->scheme) {
uri->scheme = (char*)ap_http_scheme(r->prev);
}
if (!uri->port) {
uri->port = ap_get_server_port(r->prev);
uri->port_str = apr_psprintf(r->pool, "%u", uri->port);
}
if (!uri->hostname) {
uri->hostname = (char*)ap_get_server_name_for_url(r->prev);
}
add_unless_null(e, "REDIRECT_QUERY_STRING", r->prev->args);
add_unless_null(e, "REDIRECT_URL",
apr_uri_unparse(r->pool, uri, 0));
}
if (e != r->subprocess_env) {
apr_table_overlap(r->subprocess_env, e, APR_OVERLAP_TABLES_SET);
}
}
static int
webid_auth_checker(request_rec *r) {
int is_initial_req, req_access, req_method, ret;
const char *req_dest;
request_rec *r_dest;
apr_uri_t apr_uri;
if (r->filename == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Module bug? Request filename is missing for URI %s", r->uri);
return http_status_code(r, OK);
}
if (r->user == NULL || strlen(r->user) == 0) {
return http_status_code(r, HTTP_FORBIDDEN);
}
// req_access: Read, Write, or Control
is_initial_req = ap_is_initial_req(r);
req_access = WEBID_ACCESS_INVALID;
req_method = (AP_METHOD_BIT << r->method_number);
if (is_initial_req && r->method_number == M_COPY) {
// allow COPY of a readonly source URI
// - target URI check happens by subrequest
req_access = WEBID_ACCESS_READ;
} else if (req_method == (req_method & WEBID_M_READ)) {
// check the acl:Read method bitmask
req_access = WEBID_ACCESS_READ;
} else if (req_method == (req_method & WEBID_M_WRITE)) {
// check the acl:Write method bitmask
// - writes to ACL URIs are acl:Control (handled internally)
req_access = WEBID_ACCESS_WRITE;
} else {
// unhandled methods require acl:Control
req_access = WEBID_ACCESS_CONTROL;
}
ret = HTTP_FORBIDDEN;
if (is_initial_req && (r->method_number == M_COPY || r->method_number == M_MOVE)) {
req_dest = apr_table_get(r->headers_in, "Destination");
if (req_dest == NULL) {
const char *nscp_host = apr_table_get(r->headers_in, "Host");
const char *nscp_path = apr_table_get(r->headers_in, "New-uri");
if (nscp_host != NULL && nscp_path != NULL)
req_dest = apr_psprintf(r->pool, "http://%s%s", nscp_host, nscp_path);
}
if (req_dest != NULL) {
if ((apr_uri_parse(r->pool, req_dest, &apr_uri) == APR_SUCCESS) &&
(apr_uri.scheme != NULL && strcmp(apr_uri.scheme, ap_http_scheme(r)) == 0) &&
(apr_uri.hostname != NULL && strcmp(apr_uri.hostname, ap_get_server_name(r)) == 0)) {
req_dest = apr_uri_unparse(r->pool, &apr_uri, APR_URI_UNP_OMITSITEPART);
r_dest = ap_sub_req_method_uri(r->method, req_dest, r, NULL);
if ((ret = check_request_acl(r, req_access)) == OK)
ret = check_request_acl(r_dest, WEBID_ACCESS_WRITE);
} else {
ret = HTTP_BAD_GATEWAY;
}
}
} else {
ret = check_request_acl(r, req_access);
}
return http_status_code(r, ret);
}
static int
check_request_acl(request_rec *r, int req_access) {
char *dir_path, *acl_path;
apr_finfo_t acl_finfo;
const char *req_uri, *dir_uri, *acl_uri, *access;
const char *port, *par_uri, *req_file;
librdf_world *rdf_world = NULL;
librdf_storage *rdf_storage = NULL;
librdf_model *rdf_model = NULL;
librdf_parser *rdf_parser = NULL;
librdf_uri *rdf_uri_acl = NULL,
*rdf_uri_base = NULL;
int ret = HTTP_FORBIDDEN;
// dir_path: parent directory of request filename
// acl_path: absolute path to request ACL
dir_path = ap_make_dirstr_parent(r->pool, r->filename);
acl_path = ap_make_full_path(r->pool, dir_path, WEBID_ACL_FNAME);
if (apr_filepath_merge(&acl_path, NULL, acl_path, APR_FILEPATH_NOTRELATIVE, r->pool) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Module bug? Request filename path %s is invalid or "
"or not absolute for uri %s",
r->filename, r->uri);
return HTTP_FORBIDDEN;
}
// acl_path: 403 if missing
if ((apr_stat(&acl_finfo, acl_path, APR_FINFO_TYPE, r->pool) != APR_SUCCESS) ||
(acl_finfo.filetype != APR_REG)) {
return HTTP_FORBIDDEN;
}
// req_uri: fully qualified URI of request filename
// dir_uri: fully qualified URI of request filename parent
// acl_uri: fully qualified URI of request filename ACL
// access: ACL URI of requested access
port = ap_is_default_port(ap_get_server_port(r), r)
? "" : apr_psprintf(r->pool, ":%u", ap_get_server_port(r));
req_uri = apr_psprintf(r->pool, "%s://%s%s%s%s",
ap_http_scheme(r), ap_get_server_name(r), port,
(*r->uri == '/') ? "" : "/",
r->uri);
par_uri = ap_make_dirstr_parent(r->pool, r->uri);
dir_uri = apr_psprintf(r->pool, "%s://%s%s%s%s",
ap_http_scheme(r), ap_get_server_name(r), port,
(*par_uri == '/') ? "" : "/",
par_uri);
acl_uri = ap_make_full_path(r->pool, dir_uri, WEBID_ACL_FNAME);
if (req_access == WEBID_ACCESS_READ) {
access = "Read";
} else if (req_access == WEBID_ACCESS_WRITE) {
if ((req_file = strrchr(r->filename, '/')) != NULL &&
strcmp(++req_file, WEBID_ACL_FNAME) == 0)
access = "Control";
else
access = "Write";
} else {
access = "Control";
}
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"[ACL] %s (%s) %s | URI: %s | DIR: %s (%s) | ACL: %s (%s) | status: %d",
r->method, access, r->uri, req_uri, dir_uri, dir_path, acl_uri, acl_path, r->status);
if ((rdf_world = librdf_new_world()) != NULL) {
librdf_world_open(rdf_world);
if ((rdf_storage = librdf_new_storage(rdf_world, "memory", NULL, NULL)) != NULL) {
if ((rdf_model = librdf_new_model(rdf_world, rdf_storage, NULL)) != NULL) {
if ((rdf_parser = librdf_new_parser(rdf_world, "turtle", NULL, NULL)) != NULL) {
if ((rdf_uri_base = librdf_new_uri(rdf_world, (unsigned char*)acl_uri)) != NULL) {
if ((rdf_uri_acl = librdf_new_uri_from_filename(rdf_world, acl_path)) != NULL) {
if (!librdf_parser_parse_into_model(rdf_parser, rdf_uri_acl, rdf_uri_base, rdf_model)) {
//log_stream_prefix(r, librdf_model_as_stream(rdf_model), "[ACL] [model]");
if (query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_AGENT, "accessTo", req_uri, access, r->user)) > 0 || \
query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_AGENTCLASS, "accessTo", req_uri, access, r->user)) > 0 || \
query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_WORLD, "accessTo", req_uri, access)) > 0 || \
( ( query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_ACL_EXISTS, "accessTo", req_uri )) == 0 ) &&
( query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_AGENT, "defaultForNew", dir_uri, access, r->user)) > 0 || \
query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_AGENTCLASS, "defaultForNew", dir_uri, access, r->user)) > 0 || \
query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_WORLD, "defaultForNew", dir_uri, access)) > 0 ) ) ) {
apr_table_set(r->headers_out, "Link", apr_psprintf(r->pool, "%s; rel=meta", acl_uri));
ret = OK;
}
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_parser_parse_into_model failed");
librdf_free_uri(rdf_uri_acl);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_uri_from_filename returned NULL");
librdf_free_uri(rdf_uri_base);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_uri returned NULL");
librdf_free_parser(rdf_parser);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_parser returned NULL");
librdf_free_model(rdf_model);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_model returned NULL");
librdf_free_storage(rdf_storage);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_storage returned NULL");
librdf_free_world(rdf_world);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_world returned NULL");
return ret;
}
/* This function must remain safe to use for a non-SSL connection. */
char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
{
SSLModConfigRec *mc = myModConfig(s);
const char *result;
BOOL resdup;
apr_time_exp_t tm;
result = NULL;
resdup = TRUE;
/*
* When no pool is given try to find one
*/
if (p == NULL) {
if (r != NULL)
p = r->pool;
else if (c != NULL)
p = c->pool;
else
p = mc->pPool;
}
/*
* Request dependent stuff
*/
if (r != NULL) {
switch (var[0]) {
case 'H':
case 'h':
if (strcEQ(var, "HTTP_USER_AGENT"))
result = apr_table_get(r->headers_in, "User-Agent");
else if (strcEQ(var, "HTTP_REFERER"))
result = apr_table_get(r->headers_in, "Referer");
else if (strcEQ(var, "HTTP_COOKIE"))
result = apr_table_get(r->headers_in, "Cookie");
else if (strcEQ(var, "HTTP_FORWARDED"))
result = apr_table_get(r->headers_in, "Forwarded");
else if (strcEQ(var, "HTTP_HOST"))
result = apr_table_get(r->headers_in, "Host");
else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
result = apr_table_get(r->headers_in, "Proxy-Connection");
else if (strcEQ(var, "HTTP_ACCEPT"))
result = apr_table_get(r->headers_in, "Accept");
else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
/* all other headers from which we are still not know about */
result = apr_table_get(r->headers_in, var+5);
break;
case 'R':
case 'r':
if (strcEQ(var, "REQUEST_METHOD"))
result = r->method;
else if (strcEQ(var, "REQUEST_SCHEME"))
result = ap_http_scheme(r);
else if (strcEQ(var, "REQUEST_URI"))
result = r->uri;
else if (strcEQ(var, "REQUEST_FILENAME"))
result = r->filename;
else if (strcEQ(var, "REMOTE_ADDR"))
result = r->useragent_ip;
else if (strcEQ(var, "REMOTE_HOST"))
result = ap_get_useragent_host(r, REMOTE_NAME, NULL);
else if (strcEQ(var, "REMOTE_IDENT"))
result = ap_get_remote_logname(r);
else if (strcEQ(var, "REMOTE_USER"))
result = r->user;
break;
case 'S':
case 's':
if (strcEQn(var, "SSL", 3)) break; /* shortcut common case */
if (strcEQ(var, "SERVER_ADMIN"))
result = r->server->server_admin;
else if (strcEQ(var, "SERVER_NAME"))
result = ap_get_server_name_for_url(r);
else if (strcEQ(var, "SERVER_PORT"))
result = apr_psprintf(p, "%u", ap_get_server_port(r));
else if (strcEQ(var, "SERVER_PROTOCOL"))
result = r->protocol;
else if (strcEQ(var, "SCRIPT_FILENAME"))
result = r->filename;
break;
default:
if (strcEQ(var, "PATH_INFO"))
result = r->path_info;
else if (strcEQ(var, "QUERY_STRING"))
result = r->args;
else if (strcEQ(var, "IS_SUBREQ"))
result = (r->main != NULL ? "true" : "false");
else if (strcEQ(var, "DOCUMENT_ROOT"))
result = ap_document_root(r);
else if (strcEQ(var, "AUTH_TYPE"))
result = r->ap_auth_type;
else if (strcEQ(var, "THE_REQUEST"))
result = r->the_request;
else if (strlen(var) > 4 && strcEQn(var, "ENV:", 4)) {
result = apr_table_get(r->notes, var+4);
if (result == NULL)
result = apr_table_get(r->subprocess_env, var+4);
}
break;
}
}
/*
* Connection stuff
*/
if (result == NULL && c != NULL) {
SSLConnRec *sslconn = ssl_get_effective_config(c);
if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
&& sslconn && sslconn->ssl)
result = ssl_var_lookup_ssl(p, sslconn, r, var+4);
else if (strcEQ(var, "HTTPS")) {
if (sslconn && sslconn->ssl)
result = "on";
else
result = "off";
}
}
/*
* Totally independent stuff
*/
if (result == NULL) {
if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12))
result = ssl_var_lookup_ssl_version(p, var+12);
else if (strcEQ(var, "SERVER_SOFTWARE"))
result = ap_get_server_banner();
else if (strcEQ(var, "API_VERSION")) {
result = apr_itoa(p, MODULE_MAGIC_NUMBER_MAJOR);
resdup = FALSE;
}
else if (strcEQ(var, "TIME_YEAR")) {
apr_time_exp_lt(&tm, apr_time_now());
result = apr_psprintf(p, "%02d%02d",
(tm.tm_year / 100) + 19, tm.tm_year % 100);
resdup = FALSE;
}
#define MKTIMESTR(format, tmfield) \
apr_time_exp_lt(&tm, apr_time_now()); \
result = apr_psprintf(p, format, tm.tmfield); \
resdup = FALSE;
else if (strcEQ(var, "TIME_MON")) {
MKTIMESTR("%02d", tm_mon+1)
}
else if (strcEQ(var, "TIME_DAY")) {
MKTIMESTR("%02d", tm_mday)
}
else if (strcEQ(var, "TIME_HOUR")) {
MKTIMESTR("%02d", tm_hour)
}
else if (strcEQ(var, "TIME_MIN")) {
MKTIMESTR("%02d", tm_min)
}
else if (strcEQ(var, "TIME_SEC")) {
MKTIMESTR("%02d", tm_sec)
}
else if (strcEQ(var, "TIME_WDAY")) {
MKTIMESTR("%d", tm_wday)
}
else if (strcEQ(var, "TIME")) {
apr_time_exp_lt(&tm, apr_time_now());
result = apr_psprintf(p,
"%02d%02d%02d%02d%02d%02d%02d", (tm.tm_year / 100) + 19,
(tm.tm_year % 100), tm.tm_mon+1, tm.tm_mday,
tm.tm_hour, tm.tm_min, tm.tm_sec);
resdup = FALSE;
}
/* all other env-variables from the parent Apache process */
else if (strlen(var) > 4 && strcEQn(var, "ENV:", 4)) {
result = getenv(var+4);
}
}
if (result != NULL && resdup)
result = apr_pstrdup(p, result);
if (result == NULL)
result = "";
return (char *)result;
}
