static mbox_req_cfg_t *get_req_conf(request_rec *r)
{
mbox_req_cfg_t *conf = ap_get_module_config(r->request_config, &mbox_module);
const char *temp;
if (conf)
return conf;
conf = apr_pcalloc(r->pool, sizeof(*conf));
temp = ap_strstr_c(r->uri, r->path_info);
if (temp)
conf->base_uri = apr_pstrmemdup(r->pool, r->uri, temp - r->uri);
else
conf->base_uri = r->uri;
temp = ap_strstr_c(conf->base_uri, ".mbox");
/* 7 is length of "/yyyymm" */
if (temp && temp >= conf->base_uri + 7) {
conf->base_path = apr_pstrmemdup(r->pool, conf->base_uri,
temp - 7 - conf->base_uri);
conf->base_name = ap_strrchr_c(conf->base_path, '/') + 1;
}
ap_set_module_config(r->request_config, &mbox_module, conf);
return conf;
}
static char *get_cookie_param(request_rec *r, const char *name)
{
const char *cookies;
const char *start_cookie;
if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
for (start_cookie = ap_strstr_c(cookies, name); start_cookie;
start_cookie = ap_strstr_c(start_cookie + 1, name)) {
if (start_cookie == cookies ||
start_cookie[-1] == ';' ||
start_cookie[-1] == ',' ||
isspace(start_cookie[-1])) {
start_cookie += strlen(name);
while(*start_cookie && isspace(*start_cookie))
++start_cookie;
if (*start_cookie == '=' && start_cookie[1]) {
/*
* Session cookie was found, get it's value
*/
char *end_cookie, *cookie;
++start_cookie;
cookie = apr_pstrdup(r->pool, start_cookie);
if ((end_cookie = strchr(cookie, ';')) != NULL)
*end_cookie = '\0';
if((end_cookie = strchr(cookie, ',')) != NULL)
*end_cookie = '\0';
return cookie;
}
}
}
}
return NULL;
}
int dav_svn__proxy_request_fixup(request_rec *r)
{
const char *root_dir, *master_uri, *special_uri;
root_dir = dav_svn__get_root_dir(r);
master_uri = dav_svn__get_master_uri(r);
special_uri = dav_svn__get_special_uri(r);
if (root_dir && master_uri) {
const char *seg;
/* We know we can always safely handle these. */
if (r->method_number == M_REPORT ||
r->method_number == M_OPTIONS) {
return OK;
}
/* These are read-only requests -- the kind we like to handle
ourselves -- but we need to make sure they aren't aimed at
resources that only exist on the master server such as
working resource URIs or the HTTPv2 transaction root and
transaction tree resouces. */
if (r->method_number == M_PROPFIND ||
r->method_number == M_GET) {
if ((seg = ap_strstr(r->uri, root_dir))) {
if (ap_strstr_c(seg, apr_pstrcat(r->pool, special_uri,
"/wrk/", SVN_VA_NULL))
|| ap_strstr_c(seg, apr_pstrcat(r->pool, special_uri,
"/txn/", SVN_VA_NULL))
|| ap_strstr_c(seg, apr_pstrcat(r->pool, special_uri,
"/txr/", SVN_VA_NULL))) {
int rv;
seg += strlen(root_dir);
rv = proxy_request_fixup(r, master_uri, seg);
if (rv) return rv;
}
}
return OK;
}
/* If this is a write request aimed at a public URI (such as
MERGE, LOCK, UNLOCK, etc.) or any as-yet-unhandled request
using a "special URI", we have to doctor it a bit for proxying. */
seg = ap_strstr(r->uri, root_dir);
if (seg && (r->method_number == M_MERGE ||
r->method_number == M_LOCK ||
r->method_number == M_UNLOCK ||
ap_strstr_c(seg, special_uri))) {
int rv;
seg += strlen(root_dir);
rv = proxy_request_fixup(r, master_uri, seg);
if (rv) return rv;
return OK;
}
}
return OK;
}
/*
* Here we try to be compatible with clients that want multipart/x-byteranges
* instead of multipart/byteranges (also see above), as per HTTP/1.1. We
* look for the Request-Range header (e.g. Netscape 2 and 3) as an indication
* that the browser supports an older protocol. We also check User-Agent
* for Microsoft Internet Explorer 3, which needs this as well.
*/
static int use_range_x(request_rec *r)
{
const char *ua;
return (apr_table_get(r->headers_in, "Request-Range")
|| ((ua = apr_table_get(r->headers_in, "User-Agent"))
&& ap_strstr_c(ua, "MSIE 3")));
}
/*--------------------------------------------------------------------------*/
static const char *cmd_advertise_m(cmd_parms *cmd, void *dummy,
const char *arg, const char *opt)
{
mod_advertise_config *mconf = ap_get_module_config(cmd->server->module_config, &advertise_module);
if (mconf->ma_advertise_srvs)
return "Duplicate ServerAdvertise directives are not allowed";
if (strcasecmp(arg, "Off") == 0)
mconf->ma_advertise_mode = ma_advertise_off;
else if (strcasecmp(arg, "On") == 0)
mconf->ma_advertise_mode = ma_advertise_on;
else
return "ServerAdvertise must be Off or On";
if (opt) {
const char *p = ap_strstr_c(opt, "://");
if (p) {
mconf->ma_advertise_srvm = apr_pstrndup(cmd->pool, opt, p - opt);
opt = p + 3;
}
if (apr_parse_addr_port(&mconf->ma_advertise_srvs,
&mconf->ma_advertise_srvi,
&mconf->ma_advertise_srvp,
opt, cmd->pool) != APR_SUCCESS ||
!mconf->ma_advertise_srvs ||
!mconf->ma_advertise_srvp)
return "Invalid ServerAdvertise Address";
}
mconf->ma_advertise_server = cmd->server;
return NULL;
}
// If 'redirect' is foo/bar, then redirect to it. If it is
// foo/bar/%s, then replace the %s with r->uri.
static void compose_and_set_redirect(request_rec *r, const char* redirect) {
char* composed_redirect = NULL;
if (ap_strstr_c(redirect, "%s")) {
composed_redirect = apr_psprintf(r->pool, redirect, r->uri);
}
apr_table_setn(r->headers_out, "Location", composed_redirect ? composed_redirect : redirect);
}
static char* find_cookie(request_rec *r, const char* cookie_name)
{
const char* cookies;
char *cookie = NULL;
/* todo: protect against xxxCookieNamexxx, regex? */
/* todo: make case insensitive? */
/* Get the cookie (code from mod_log_config). */
if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
char *start_cookie, *end_cookie;
if ((start_cookie = ap_strstr_c(cookies, cookie_name))) {
start_cookie += strlen(cookie_name) + 1;
cookie = apr_pstrdup(r->pool, start_cookie);
/* kill everything in cookie after ';' */
end_cookie = strchr(cookie, ';');
if (end_cookie) {
*end_cookie = '\0';
}
}
}
if (!cookie) {
return NULL;
}
return apr_pstrdup(r->pool,cookie);
}
/*
** dav_fs_parse_locktoken
**
** Parse an opaquelocktoken URI into a locktoken.
*/
static dav_error * dav_fs_parse_locktoken(
apr_pool_t *p,
const char *char_token,
dav_locktoken **locktoken_p)
{
dav_locktoken *locktoken;
if (ap_strstr_c(char_token, "opaquelocktoken:") != char_token) {
return dav_new_error(p,
HTTP_BAD_REQUEST, DAV_ERR_LOCK_UNK_STATE_TOKEN, 0,
"The lock token uses an unknown State-token "
"format and could not be parsed.");
}
char_token += 16;
locktoken = apr_pcalloc(p, sizeof(*locktoken));
if (apr_uuid_parse(&locktoken->uuid, char_token)) {
return dav_new_error(p, HTTP_BAD_REQUEST, DAV_ERR_LOCK_PARSE_TOKEN, 0,
"The opaquelocktoken has an incorrect format "
"and could not be parsed.");
}
*locktoken_p = locktoken;
return NULL;
}
apr_status_t dav_svn__location_header_filter(ap_filter_t *f,
apr_bucket_brigade *bb)
{
request_rec *r = f->r;
const char *master_uri;
const char *location, *start_foo = NULL;
/* Don't filter if we're in a subrequest or we aren't setup to
proxy anything. */
master_uri = dav_svn__get_master_uri(r);
master_uri = svn_path_uri_encode(master_uri, r->pool);
if (r->main || !master_uri) {
ap_remove_output_filter(f);
return ap_pass_brigade(f->next, bb);
}
location = apr_table_get(r->headers_out, "Location");
if (location) {
start_foo = ap_strstr_c(location, master_uri);
}
if (start_foo) {
const char *new_uri;
start_foo += strlen(master_uri);
new_uri = ap_construct_url(r->pool,
apr_pstrcat(r->pool,
dav_svn__get_root_dir(r), "/",
start_foo, SVN_VA_NULL),
r);
apr_table_set(r->headers_out, "Location", new_uri);
}
return ap_pass_brigade(f->next, bb);
}
// If 'redirect' is foo/bar, then redirect to it. If it is
// foo/bar/%s, then replace the %s with r->uri.
static void compose_and_set_redirect(request_rec *r, const char* redirect) {
char* composed_redirect = NULL;
char* encoded_uri = NULL;
if (ap_strstr_c(redirect, "%s")) {
encoded_uri = apreq_escape(r->pool, r->unparsed_uri, strlen(r->unparsed_uri));
composed_redirect = apr_psprintf(r->pool, redirect, r->unparsed_uri);
}
apr_table_setn(r->headers_out, "Location", composed_redirect ? composed_redirect : redirect);
}
/* Open the provider's lock database.
*
* The provider may or may not use a "real" database for locks
* (a lock could be an attribute on a resource, for example).
*
* The provider may choose to use the value of the DAVLockDB directive
* (as returned by dav_get_lockdb_path()) to decide where to place
* any storage it may need.
*
* The request storage pool should be associated with the lockdb,
* so it can be used in subsequent operations.
*
* If ro != 0, only readonly operations will be performed.
* If force == 0, the open can be "lazy"; no subsequent locking operations
* may occur.
* If force != 0, locking operations will definitely occur.
*/
static dav_error *
open_lockdb(request_rec *r, int ro, int force, dav_lockdb **lockdb)
{
const char *svn_client_options, *version_name;
dav_lockdb *db = apr_pcalloc(r->pool, sizeof(*db));
dav_lockdb_private *info = apr_pcalloc(r->pool, sizeof(*info));
info->r = r;
/* Is this an svn client? */
/* Check to see if an svn client sent any custom X-SVN-* headers in
the request. */
svn_client_options = apr_table_get(r->headers_in, SVN_DAV_OPTIONS_HEADER);
if (svn_client_options)
{
/* 'svn [lock | unlock] --force' */
if (ap_strstr_c(svn_client_options, SVN_DAV_OPTION_LOCK_BREAK))
info->lock_break = TRUE;
if (ap_strstr_c(svn_client_options, SVN_DAV_OPTION_LOCK_STEAL))
info->lock_steal = TRUE;
if (ap_strstr_c(svn_client_options, SVN_DAV_OPTION_KEEP_LOCKS))
info->keep_locks = TRUE;
}
/* 'svn lock' wants to make svn_fs_lock() do an out-of-dateness check. */
version_name = apr_table_get(r->headers_in, SVN_DAV_VERSION_NAME_HEADER);
info->working_revnum = version_name ?
SVN_STR_TO_REV(version_name): SVN_INVALID_REVNUM;
/* The generic lockdb structure. */
db->hooks = &dav_svn__hooks_locks;
db->ro = ro;
db->info = info;
*lockdb = db;
return 0;
}
static const char *log_cookie(request_rec *r, char *a)
{
const char *cookies;
const char *start_cookie;
if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
if ((start_cookie = ap_strstr_c(cookies,a))) {
char *cookie, *end_cookie;
start_cookie += strlen(a) + 1; /* cookie_name + '=' */
cookie = apr_pstrdup(r->pool, start_cookie);
/* kill everything in cookie after ';' */
end_cookie = strchr(cookie, ';');
if (end_cookie) {
*end_cookie = '\0';
}
return ap_escape_logitem(r->pool, cookie);
}
}
return NULL;
}
int cache_check_freshness(cache_handle_t *h, cache_request_rec *cache,
request_rec *r)
{
apr_status_t status;
apr_int64_t age, maxage_req, maxage_cresp, maxage, smaxage, maxstale;
apr_int64_t minfresh;
const char *cc_req;
const char *pragma;
const char *agestr = NULL;
apr_time_t age_c = 0;
cache_info *info = &(h->cache_obj->info);
const char *warn_head;
cache_server_conf *conf =
(cache_server_conf *)ap_get_module_config(r->server->module_config,
&cache_module);
/*
* We now want to check if our cached data is still fresh. This depends
* on a few things, in this order:
*
* - RFC2616 14.9.4 End to end reload, Cache-Control: no-cache. no-cache
* in either the request or the cached response means that we must
* perform the request unconditionally, and ignore cached content. We
* should never reach here, but if we do, mark the content as stale,
* as this is the best we can do.
*
* - RFC2616 14.32 Pragma: no-cache This is treated the same as
* Cache-Control: no-cache.
*
* - RFC2616 14.9.3 Cache-Control: max-stale, must-revalidate,
* proxy-revalidate if the max-stale request header exists, modify the
* stale calculations below so that an object can be at most <max-stale>
* seconds stale before we request a revalidation, _UNLESS_ a
* must-revalidate or proxy-revalidate cached response header exists to
* stop us doing this.
*
* - RFC2616 14.9.3 Cache-Control: s-maxage the origin server specifies the
* maximum age an object can be before it is considered stale. This
* directive has the effect of proxy|must revalidate, which in turn means
* simple ignore any max-stale setting.
*
* - RFC2616 14.9.4 Cache-Control: max-age this header can appear in both
* requests and responses. If both are specified, the smaller of the two
* takes priority.
*
* - RFC2616 14.21 Expires: if this request header exists in the cached
* entity, and it's value is in the past, it has expired.
*
*/
/* This value comes from the client's initial request. */
cc_req = apr_table_get(r->headers_in, "Cache-Control");
pragma = apr_table_get(r->headers_in, "Pragma");
ap_cache_control(r, &cache->control_in, cc_req, pragma, r->headers_in);
if (cache->control_in.no_cache) {
if (!conf->ignorecachecontrol) {
/* Treat as stale, causing revalidation */
return 0;
}
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00781)
"Incoming request is asking for a uncached version of "
"%s, but we have been configured to ignore it and "
"serve a cached response anyway",
r->unparsed_uri);
}
/* These come from the cached entity. */
if (h->cache_obj->info.control.no_cache
|| h->cache_obj->info.control.invalidated) {
/*
* The cached entity contained Cache-Control: no-cache, or a
* no-cache with a header present, or a private with a header
* present, or the cached entity has been invalidated in the
* past, so treat as stale causing revalidation.
*/
return 0;
}
if ((agestr = apr_table_get(h->resp_hdrs, "Age"))) {
char *endp;
apr_off_t offt;
if (!apr_strtoff(&offt, agestr, &endp, 10)
&& endp > agestr && !*endp) {
age_c = offt;
}
}
/* calculate age of object */
age = ap_cache_current_age(info, age_c, r->request_time);
/* extract s-maxage */
smaxage = h->cache_obj->info.control.s_maxage_value;
/* extract max-age from request */
maxage_req = -1;
if (!conf->ignorecachecontrol) {
maxage_req = cache->control_in.max_age_value;
}
/*
* extract max-age from response, if both s-maxage and max-age, s-maxage
* takes priority
*/
if (smaxage != -1) {
maxage_cresp = smaxage;
}
else {
maxage_cresp = h->cache_obj->info.control.max_age_value;
}
/*
* if both maxage request and response, the smaller one takes priority
*/
if (maxage_req == -1) {
maxage = maxage_cresp;
}
else if (maxage_cresp == -1) {
maxage = maxage_req;
}
else {
maxage = MIN(maxage_req, maxage_cresp);
}
/* extract max-stale */
if (cache->control_in.max_stale) {
if(cache->control_in.max_stale_value != -1) {
maxstale = cache->control_in.max_stale_value;
}
else {
/*
* If no value is assigned to max-stale, then the client is willing
* to accept a stale response of any age (RFC2616 14.9.3). We will
* set it to one year in this case as this situation is somewhat
* similar to a "never expires" Expires header (RFC2616 14.21)
* which is set to a date one year from the time the response is
* sent in this case.
*/
maxstale = APR_INT64_C(86400*365);
}
}
else {
maxstale = 0;
}
/* extract min-fresh */
if (!conf->ignorecachecontrol && cache->control_in.min_fresh) {
minfresh = cache->control_in.min_fresh_value;
}
else {
minfresh = 0;
}
/* override maxstale if must-revalidate, proxy-revalidate or s-maxage */
if (maxstale && (h->cache_obj->info.control.must_revalidate
|| h->cache_obj->info.control.proxy_revalidate || smaxage != -1)) {
maxstale = 0;
}
/* handle expiration */
if (((maxage != -1) && (age < (maxage + maxstale - minfresh))) ||
((smaxage == -1) && (maxage == -1) &&
(info->expire != APR_DATE_BAD) &&
(age < (apr_time_sec(info->expire - info->date) + maxstale - minfresh)))) {
warn_head = apr_table_get(h->resp_hdrs, "Warning");
/* it's fresh darlings... */
/* set age header on response */
apr_table_set(h->resp_hdrs, "Age",
apr_psprintf(r->pool, "%lu", (unsigned long)age));
/* add warning if maxstale overrode freshness calculation */
if (!(((maxage != -1) && age < maxage) ||
(info->expire != APR_DATE_BAD &&
(apr_time_sec(info->expire - info->date)) > age))) {
/* make sure we don't stomp on a previous warning */
if ((warn_head == NULL) ||
((warn_head != NULL) && (ap_strstr_c(warn_head, "110") == NULL))) {
apr_table_mergen(h->resp_hdrs, "Warning",
"110 Response is stale");
}
}
/*
* If none of Expires, Cache-Control: max-age, or Cache-Control:
* s-maxage appears in the response, and the response header age
* calculated is more than 24 hours add the warning 113
*/
if ((maxage_cresp == -1) && (smaxage == -1) && (apr_table_get(
h->resp_hdrs, "Expires") == NULL) && (age > 86400)) {
/* Make sure we don't stomp on a previous warning, and don't dup
* a 113 marning that is already present. Also, make sure to add
* the new warning to the correct *headers_out location.
*/
if ((warn_head == NULL) ||
((warn_head != NULL) && (ap_strstr_c(warn_head, "113") == NULL))) {
apr_table_mergen(h->resp_hdrs, "Warning",
"113 Heuristic expiration");
}
}
return 1; /* Cache object is fresh (enough) */
}
/*
* At this point we are stale, but: if we are under load, we may let
* a significant number of stale requests through before the first
* stale request successfully revalidates itself, causing a sudden
* unexpected thundering herd which in turn brings angst and drama.
*
* So.
*
* We want the first stale request to go through as normal. But the
* second and subsequent request, we must pretend to be fresh until
* the first request comes back with either new content or confirmation
* that the stale content is still fresh.
*
* To achieve this, we create a very simple file based lock based on
* the key of the cached object. We attempt to open the lock file with
* exclusive write access. If we succeed, woohoo! we're first, and we
* follow the stale path to the backend server. If we fail, oh well,
* we follow the fresh path, and avoid being a thundering herd.
*
* The lock lives only as long as the stale request that went on ahead.
* If the request succeeds, the lock is deleted. If the request fails,
* the lock is deleted, and another request gets to make a new lock
* and try again.
*
* At any time, a request marked "no-cache" will force a refresh,
* ignoring the lock, ensuring an extended lockout is impossible.
*
* A lock that exceeds a maximum age will be deleted, and another
* request gets to make a new lock and try again.
*/
status = cache_try_lock(conf, cache, r);
if (APR_SUCCESS == status) {
/* we obtained a lock, follow the stale path */
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00782)
"Cache lock obtained for stale cached URL, "
"revalidating entry: %s",
r->unparsed_uri);
return 0;
}
else if (APR_STATUS_IS_EEXIST(status)) {
/* lock already exists, return stale data anyway, with a warning */
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, status, r, APLOGNO(00783)
"Cache already locked for stale cached URL, "
"pretend it is fresh: %s",
r->unparsed_uri);
/* make sure we don't stomp on a previous warning */
warn_head = apr_table_get(h->resp_hdrs, "Warning");
if ((warn_head == NULL) ||
((warn_head != NULL) && (ap_strstr_c(warn_head, "110") == NULL))) {
apr_table_mergen(h->resp_hdrs, "Warning",
"110 Response is stale");
}
return 1;
}
else {
/* some other error occurred, just treat the object as stale */
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, status, r, APLOGNO(00784)
"Attempt to obtain a cache lock for stale "
"cached URL failed, revalidating entry anyway: %s",
r->unparsed_uri);
return 0;
}
}
CACHE_DECLARE(int) ap_cache_check_freshness(cache_handle_t *h,
request_rec *r)
{
apr_int64_t age, maxage_req, maxage_cresp, maxage, smaxage, maxstale;
apr_int64_t minfresh;
const char *cc_cresp, *cc_req;
const char *pragma;
const char *agestr = NULL;
const char *expstr = NULL;
char *val;
apr_time_t age_c = 0;
cache_info *info = &(h->cache_obj->info);
cache_server_conf *conf =
(cache_server_conf *)ap_get_module_config(r->server->module_config,
&cache_module);
/*
* We now want to check if our cached data is still fresh. This depends
* on a few things, in this order:
*
* - RFC2616 14.9.4 End to end reload, Cache-Control: no-cache. no-cache in
* either the request or the cached response means that we must
* revalidate the request unconditionally, overriding any expiration
* mechanism. It's equivalent to max-age=0,must-revalidate.
*
* - RFC2616 14.32 Pragma: no-cache This is treated the same as
* Cache-Control: no-cache.
*
* - RFC2616 14.9.3 Cache-Control: max-stale, must-revalidate,
* proxy-revalidate if the max-stale request header exists, modify the
* stale calculations below so that an object can be at most <max-stale>
* seconds stale before we request a revalidation, _UNLESS_ a
* must-revalidate or proxy-revalidate cached response header exists to
* stop us doing this.
*
* - RFC2616 14.9.3 Cache-Control: s-maxage the origin server specifies the
* maximum age an object can be before it is considered stale. This
* directive has the effect of proxy|must revalidate, which in turn means
* simple ignore any max-stale setting.
*
* - RFC2616 14.9.4 Cache-Control: max-age this header can appear in both
* requests and responses. If both are specified, the smaller of the two
* takes priority.
*
* - RFC2616 14.21 Expires: if this request header exists in the cached
* entity, and it's value is in the past, it has expired.
*
*/
/* This value comes from the client's initial request. */
cc_req = apr_table_get(r->headers_in, "Cache-Control");
pragma = apr_table_get(r->headers_in, "Pragma");
if (ap_cache_liststr(NULL, pragma, "no-cache", NULL)
|| ap_cache_liststr(NULL, cc_req, "no-cache", NULL)) {
if (!conf->ignorecachecontrol) {
/* Treat as stale, causing revalidation */
return 0;
}
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"Incoming request is asking for a uncached version of "
"%s, but we know better and are ignoring it",
r->unparsed_uri);
}
/* These come from the cached entity. */
cc_cresp = apr_table_get(h->resp_hdrs, "Cache-Control");
expstr = apr_table_get(h->resp_hdrs, "Expires");
if (ap_cache_liststr(NULL, cc_cresp, "no-cache", NULL)) {
/*
* The cached entity contained Cache-Control: no-cache, so treat as
* stale causing revalidation
*/
return 0;
}
if ((agestr = apr_table_get(h->resp_hdrs, "Age"))) {
age_c = apr_atoi64(agestr);
}
/* calculate age of object */
age = ap_cache_current_age(info, age_c, r->request_time);
/* extract s-maxage */
if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
&& val != NULL) {
smaxage = apr_atoi64(val);
}
else {
smaxage = -1;
}
/* extract max-age from request */
if (!conf->ignorecachecontrol
&& cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
&& val != NULL) {
maxage_req = apr_atoi64(val);
}
else {
maxage_req = -1;
}
/* extract max-age from response */
if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
&& val != NULL) {
maxage_cresp = apr_atoi64(val);
}
else {
maxage_cresp = -1;
}
/*
* if both maxage request and response, the smaller one takes priority
*/
if (maxage_req == -1) {
maxage = maxage_cresp;
}
else if (maxage_cresp == -1) {
maxage = maxage_req;
}
else {
maxage = MIN(maxage_req, maxage_cresp);
}
/* extract max-stale */
if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
if(val != NULL) {
maxstale = apr_atoi64(val);
}
else {
/*
* If no value is assigned to max-stale, then the client is willing
* to accept a stale response of any age (RFC2616 14.9.3). We will
* set it to one year in this case as this situation is somewhat
* similar to a "never expires" Expires header (RFC2616 14.21)
* which is set to a date one year from the time the response is
* sent in this case.
*/
maxstale = APR_INT64_C(86400*365);
}
}
else {
maxstale = 0;
}
/* extract min-fresh */
if (!conf->ignorecachecontrol
&& cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
&& val != NULL) {
minfresh = apr_atoi64(val);
}
else {
minfresh = 0;
}
/* override maxstale if must-revalidate or proxy-revalidate */
if (maxstale && ((cc_cresp &&
ap_cache_liststr(NULL, cc_cresp,
"must-revalidate", NULL)) ||
(cc_cresp &&
ap_cache_liststr(NULL, cc_cresp,
"proxy-revalidate", NULL)))) {
maxstale = 0;
}
/* handle expiration */
if (((smaxage != -1) && (age < (smaxage - minfresh))) ||
((maxage != -1) && (age < (maxage + maxstale - minfresh))) ||
((smaxage == -1) && (maxage == -1) &&
(info->expire != APR_DATE_BAD) &&
(age < (apr_time_sec(info->expire - info->date) + maxstale - minfresh)))) {
const char *warn_head;
warn_head = apr_table_get(h->resp_hdrs, "Warning");
/* it's fresh darlings... */
/* set age header on response */
apr_table_set(h->resp_hdrs, "Age",
apr_psprintf(r->pool, "%lu", (unsigned long)age));
/* add warning if maxstale overrode freshness calculation */
if (!(((smaxage != -1) && age < smaxage) ||
((maxage != -1) && age < maxage) ||
(info->expire != APR_DATE_BAD &&
(apr_time_sec(info->expire - info->date)) > age))) {
/* make sure we don't stomp on a previous warning */
if ((warn_head == NULL) ||
((warn_head != NULL) && (ap_strstr_c(warn_head, "110") == NULL))) {
apr_table_merge(h->resp_hdrs, "Warning",
"110 Response is stale");
}
}
/*
* If none of Expires, Cache-Control: max-age, or Cache-Control:
* s-maxage appears in the response, and the respose header age
* calculated is more than 24 hours add the warning 113
*/
if ((maxage_cresp == -1) && (smaxage == -1) &&
(expstr == NULL) && (age > 86400)) {
/* Make sure we don't stomp on a previous warning, and don't dup
* a 113 marning that is already present. Also, make sure to add
* the new warning to the correct *headers_out location.
*/
if ((warn_head == NULL) ||
((warn_head != NULL) && (ap_strstr_c(warn_head, "113") == NULL))) {
apr_table_merge(h->resp_hdrs, "Warning",
"113 Heuristic expiration");
}
}
return 1; /* Cache object is fresh (enough) */
}
return 0; /* Cache object is stale */
}
static int check_auth_cookie(request_rec *r)
{
const char *cookies = NULL, *auth_line = NULL;
char *cookie = NULL;
/* Debug. */
/*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"check_auth_cookie called");*/
/* Get config for this directory. */
cookie_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
&auth_cookie_module);
/* Check we have been configured. */
if (!conf->cookie_auth_cookie) {
return DECLINED;
}
/* Do not override real auth header, unless config instructs us to. */
if (!conf->cookie_auth_override &&
apr_table_get(r->headers_in, "Authorization")) {
if (conf->cookie_auth_env) {
unsetenv(conf->cookie_auth_env);
}
return DECLINED;
}
/* todo: protect against xxxCookieNamexxx, regex? */
/* todo: make case insensitive? */
/* Get the cookie (code from mod_log_config). */
if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
char *start_cookie, *end_cookie;
if ((start_cookie = ap_strstr_c(cookies, conf->cookie_auth_cookie))) {
start_cookie += strlen(conf->cookie_auth_cookie) + 1;
cookie = apr_pstrdup(r->pool, start_cookie);
/* kill everything in cookie after ';' */
end_cookie = strchr(cookie, ';');
if (end_cookie) {
*end_cookie = '\0';
}
ap_unescape_url(cookie);
}
}
/* No cookie? Nothing for us to do. */
if (!cookie) {
if (conf->cookie_auth_unauth_redirect) {
const char* redirect = conf->cookie_auth_unauth_redirect;
compose_and_set_redirect(r, redirect);
return HTTP_MOVED_TEMPORARILY;
}
else {
return DECLINED;
}
}
/* Debug. */
/*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"%s=%s", conf->cookie_auth_cookie, cookie);*/
char* aux_auth_info = "";
/* Construct the fake auth_line. */
if (conf->cookie_auth_base64) {
char* decoded_cookie = apr_palloc(r->pool, apr_base64_decode_len(cookie));
int decoded_cookie_length = apr_base64_decode(decoded_cookie, cookie);
int valid = 1;
/* if the cookie is encrypted, decrypt it in place */
if (conf->cookie_auth_encrypt) {
MCRYPT td = mcrypt_module_open("rijndael-128", NULL, "cbc", NULL);
int keysize = strlen(conf->cookie_auth_encrypt);
int blocksize = mcrypt_enc_get_block_size(td);
// We will copy the iv from the beginning of the cookie.
// The iv does not need to be null-terminated, but we will
// null-terminate it for convenience.
int iv_length = mcrypt_enc_get_iv_size(td);
char* iv = (char*) apr_palloc(r->pool, iv_length + 1);
memcpy(iv, decoded_cookie, iv_length);
iv[iv_length] = '\0';
// Take the iv off the beginning of the cookie
decoded_cookie += iv_length;
decoded_cookie_length -= iv_length;
mcrypt_generic_init( td, conf->cookie_auth_encrypt, keysize, iv);
// Encryption in CBC is performed in blocks, so our
// decryption string will always be an integral number
// of full blocks.
char* decrypt_ptr = decoded_cookie;
while (decoded_cookie_length >= blocksize) {
mdecrypt_generic(td, decrypt_ptr, blocksize);
decrypt_ptr += blocksize;
decoded_cookie_length -= blocksize;
}
if (decoded_cookie_length != 0) {
valid = 0;
}
mcrypt_generic_deinit (td);
mcrypt_module_close(td);
/*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"mdecrypt(%s)=%s", conf->cookie_auth_cookie, decoded_cookie);*/
}
/* if the cookie did not decrypt, then do nothing */
if (valid) {
char* end_auth_info = strchr(decoded_cookie, '\t');
if (end_auth_info) {
aux_auth_info = decoded_cookie;
char* unencoded_cookie = end_auth_info + 1;
*end_auth_info = 0;
auth_line = apr_pstrcat(r->pool, "Basic ", ap_pbase64encode(r->pool, unencoded_cookie), NULL);
}
else {
auth_line = apr_pstrcat(r->pool, "Basic ", ap_pbase64encode(r->pool, decoded_cookie), NULL);
}
}
} else {
// Aux auth info and cookie encrypt features only available in base64 mode
ap_unescape_url(cookie);
auth_line = apr_pstrcat(r->pool, "Basic ",
ap_pbase64encode(r->pool, cookie), NULL);
}
/* If there is aux auth info, then set the env variable */
if (conf->cookie_auth_env) {
apr_table_set(r->subprocess_env, conf->cookie_auth_env, aux_auth_info);
}
/* Debug. */
/*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Authorization: %s", auth_line);*/
/* If there is no aux auth info, then force a redirect if our conf directives say that we should */
if (conf->cookie_auth_env_redirect && !strlen(aux_auth_info)) {
const char* redirect = conf->cookie_auth_env_redirect;
compose_and_set_redirect(r, redirect);
return HTTP_MOVED_TEMPORARILY;
}
else {
/* Set fake auth_line. */
if (auth_line) {
apr_table_set(r->headers_in, "Authorization", auth_line);
}
}
/* Always return DECLINED because we don't authorize, */
/* we just set things up for the next auth module to. */
return DECLINED;
}
CACHE_DECLARE(int) ap_cache_check_freshness(cache_handle_t *h,
request_rec *r)
{
apr_int64_t age, maxage_req, maxage_cresp, maxage, smaxage, maxstale;
apr_int64_t minfresh;
int age_in_errhdr = 0;
const char *cc_cresp, *cc_ceresp, *cc_req;
const char *agestr = NULL;
const char *expstr = NULL;
char *val;
apr_time_t age_c = 0;
cache_info *info = &(h->cache_obj->info);
/*
* We now want to check if our cached data is still fresh. This depends
* on a few things, in this order:
*
* - RFC2616 14.9.4 End to end reload, Cache-Control: no-cache. no-cache in
* either the request or the cached response means that we must
* revalidate the request unconditionally, overriding any expiration
* mechanism. It's equivalent to max-age=0,must-revalidate.
*
* - RFC2616 14.32 Pragma: no-cache This is treated the same as
* Cache-Control: no-cache.
*
* - RFC2616 14.9.3 Cache-Control: max-stale, must-revalidate,
* proxy-revalidate if the max-stale request header exists, modify the
* stale calculations below so that an object can be at most <max-stale>
* seconds stale before we request a revalidation, _UNLESS_ a
* must-revalidate or proxy-revalidate cached response header exists to
* stop us doing this.
*
* - RFC2616 14.9.3 Cache-Control: s-maxage the origin server specifies the
* maximum age an object can be before it is considered stale. This
* directive has the effect of proxy|must revalidate, which in turn means
* simple ignore any max-stale setting.
*
* - RFC2616 14.9.4 Cache-Control: max-age this header can appear in both
* requests and responses. If both are specified, the smaller of the two
* takes priority.
*
* - RFC2616 14.21 Expires: if this request header exists in the cached
* entity, and it's value is in the past, it has expired.
*
*/
cc_cresp = apr_table_get(h->resp_hdrs, "Cache-Control");
cc_ceresp = apr_table_get(h->resp_err_hdrs, "Cache-Control");
cc_req = apr_table_get(h->req_hdrs, "Cache-Control");
if ((agestr = apr_table_get(h->resp_hdrs, "Age"))) {
age_c = apr_atoi64(agestr);
}
else if ((agestr = apr_table_get(h->resp_err_hdrs, "Age"))) {
age_c = apr_atoi64(agestr);
age_in_errhdr = 1;
}
if (!(expstr = apr_table_get(h->resp_err_hdrs, "Expires"))) {
expstr = apr_table_get(h->resp_hdrs, "Expires");
}
/* calculate age of object */
age = ap_cache_current_age(info, age_c, r->request_time);
/* extract s-maxage */
if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
smaxage = apr_atoi64(val);
}
else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)) {
smaxage = apr_atoi64(val);
}
else {
smaxage = -1;
}
/* extract max-age from request */
if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
maxage_req = apr_atoi64(val);
}
else {
maxage_req = -1;
}
/* extract max-age from response */
if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
maxage_cresp = apr_atoi64(val);
}
else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)) {
maxage_cresp = apr_atoi64(val);
}
else
{
maxage_cresp = -1;
}
/*
* if both maxage request and response, the smaller one takes priority
*/
if (-1 == maxage_req) {
maxage = maxage_cresp;
}
else if (-1 == maxage_cresp) {
maxage = maxage_req;
}
else {
maxage = MIN(maxage_req, maxage_cresp);
}
/* extract max-stale */
if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
maxstale = apr_atoi64(val);
}
else {
maxstale = 0;
}
/* extract min-fresh */
if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
minfresh = apr_atoi64(val);
}
else {
minfresh = 0;
}
/* override maxstale if must-revalidate or proxy-revalidate */
if (maxstale && ((cc_cresp &&
ap_cache_liststr(NULL, cc_cresp,
"must-revalidate", NULL)) ||
(cc_cresp &&
ap_cache_liststr(NULL, cc_cresp,
"proxy-revalidate", NULL)) ||
(cc_ceresp &&
ap_cache_liststr(NULL, cc_ceresp,
"must-revalidate", NULL)) ||
(cc_ceresp &&
ap_cache_liststr(NULL, cc_ceresp,
"proxy-revalidate", NULL)))) {
maxstale = 0;
}
/* handle expiration */
if (((smaxage != -1) && (age < (smaxage - minfresh))) ||
((maxage != -1) && (age < (maxage + maxstale - minfresh))) ||
((smaxage == -1) && (maxage == -1) &&
(info->expire != APR_DATE_BAD) &&
(age < (apr_time_sec(info->expire - info->date) + maxstale - minfresh)))) {
const char *warn_head;
apr_table_t *head_ptr;
warn_head = apr_table_get(h->resp_hdrs, "Warning");
if (warn_head != NULL) {
head_ptr = h->resp_hdrs;
}
else {
warn_head = apr_table_get(h->resp_err_hdrs, "Warning");
head_ptr = h->resp_err_hdrs;
}
/* it's fresh darlings... */
/* set age header on response */
if (age_in_errhdr) {
apr_table_set(h->resp_err_hdrs, "Age",
apr_psprintf(r->pool, "%lu", (unsigned long)age));
}
else {
apr_table_set(h->resp_hdrs, "Age",
apr_psprintf(r->pool, "%lu", (unsigned long)age));
}
/* add warning if maxstale overrode freshness calculation */
if (!(((smaxage != -1) && age < smaxage) ||
((maxage != -1) && age < maxage) ||
(info->expire != APR_DATE_BAD &&
(info->expire - info->date) > age))) {
/* make sure we don't stomp on a previous warning */
if ((warn_head == NULL) ||
((warn_head != NULL) && (ap_strstr_c(warn_head, "110") == NULL))) {
apr_table_merge(head_ptr, "Warning", "110 Response is stale");
}
}
/*
* If none of Expires, Cache-Control: max-age, or Cache-Control:
* s-maxage appears in the response, and the respose header age
* calculated is more than 24 hours add the warning 113
*/
if ((maxage_cresp == -1) && (smaxage == -1) &&
(expstr == NULL) && (age > 86400)) {
/* Make sure we don't stomp on a previous warning, and don't dup
* a 113 marning that is already present. Also, make sure to add
* the new warning to the correct *headers_out location.
*/
if ((warn_head == NULL) ||
((warn_head != NULL) && (ap_strstr_c(warn_head, "113") == NULL))) {
apr_table_merge(head_ptr, "Warning", "113 Heuristic expiration");
}
}
return 1; /* Cache object is fresh (enough) */
}
return 0; /* Cache object is stale */
}
/* This functions finds the value of our cookie.
*
* Parameters:
* request_rec *r The request we should find the cookie in.
*
* Returns:
* The value of the cookie, or NULL if we don't find the cookie.
*/
const char *am_cookie_get(request_rec *r)
{
am_req_cfg_rec *req_cfg;
const char *name;
const char *value;
const char *cookie;
char *buffer, *end;
/* don't run for subrequests */
if (r->main) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"cookie_get: Subrequest, so return NULL");
return NULL;
}
/* Check if we have added a note on the current request. */
req_cfg = am_get_req_cfg(r);
value = req_cfg->cookie_value;
if(value != NULL) {
return value;
}
name = am_cookie_name(r);
cookie = apr_table_get(r->headers_in, "Cookie");
if(cookie == NULL) {
return NULL;
}
for(value = ap_strstr_c(cookie, name); value != NULL;
value = ap_strstr_c(value + 1, name)) {
if(value != cookie) {
/* value isn't pointing to the start of the string. */
switch(value[-1]) {
/* We allow the name in the cookie-string to be
* preceeded by [\t; ]. Note that only ' ' should be used
* by browsers. We test against the others just to be sure.
*/
case '\t':
case ';':
case ' ':
break;
default:
/* value isn't preceeded by one of the listed characters, and
* therefore we assume that it is part of another cookie.
*/
continue; /* Search for the next instance of the name. */
}
}
if(value[strlen(name)] != '=') {
/* We don't have an equal-sign right after the name. Therefore we
* assume that what we have matched is only part of a longer name.
* We continue searching.
*/
continue;
}
/* Now we have something that matches /[^ ,\t]<name>=/. The value
* (following the equal-sign) can be found at value + strlen(name) + 1.
*/
value += strlen(name) + 1;
/* The cookie value may be double-quoted. */
if(*value == '"') {
value += 1;
}
buffer = apr_pstrdup(r->pool, value);
end = strchr(buffer, '"');
if(end) {
/* Double-quoted string. */
*end = '\0';
}
end = strchr(buffer, ';');
if(end) {
*end = '\0';
}
return buffer;
}
/* We didn't find the cookie. */
return NULL;
}
