Пример #1
0
/*******************************************************************************
 * Find a FastCGI server with a matching fs_path, and if fcgi_wrapper is
 * enabled with matching uid and gid.
 */
fcgi_server *
fcgi_util_fs_get_by_id(const char *ePath, uid_t uid, gid_t gid)
{
    char path[FCGI_MAXPATH];
    fcgi_server *s;

    /* @@@ This should now be done in the loop below */
    ap_cpystrn(path, ePath, FCGI_MAXPATH);
    ap_no2slash(path);

    for (s = fcgi_servers; s != NULL; s = s->next) {
        int i;
        const char *fs_path = s->fs_path;
        for (i = 0; fs_path[i] && path[i]; ++i) {
            if (fs_path[i] != path[i]) {
                break;
            }
        }
        if (fs_path[i]) {
            continue;
        }
        if (path[i] == '\0' || path[i] == '/') {
        if (fcgi_wrapper == NULL || (uid == s->uid && gid == s->gid))
            return s;
        }
    }
    return NULL;
}
Пример #2
0
void *ssl_ds_table_push(ssl_ds_table *t, char *key)
{
    char *k;
    void *d;

    k = (char *)ap_push_array(t->aKey);
    d = (void *)ap_push_array(t->aData);
    ap_cpystrn(k, key, t->aKey->elt_size);
    return d;
}
Пример #3
0
static const char *set_default_order(cmd_parms *cmd, void *m, char *direction,
				     char *key)
{
    char temp[4];
    autoindex_config_rec *d_cfg = (autoindex_config_rec *) m;

    ap_cpystrn(temp, "k=d", sizeof(temp));
    if (!strcasecmp(direction, "Ascending")) {
	temp[2] = D_ASCENDING;
    }
    else if (!strcasecmp(direction, "Descending")) {
	temp[2] = D_DESCENDING;
    }
    else {
	return "First keyword must be 'Ascending' or 'Descending'";
    }

    if (!strcasecmp(key, "Name")) {
	temp[0] = K_NAME;
    }
    else if (!strcasecmp(key, "Date")) {
	temp[0] = K_LAST_MOD;
    }
    else if (!strcasecmp(key, "Size")) {
	temp[0] = K_SIZE;
    }
    else if (!strcasecmp(key, "Description")) {
	temp[0] = K_DESC;
    }
    else {
	return "Second keyword must be 'Name', 'Date', 'Size', or "
	    "'Description'";
    }

    if (d_cfg->default_order == NULL) {
	d_cfg->default_order = ap_palloc(cmd->pool, 4);
	d_cfg->default_order[3] = '\0';
    }
    ap_cpystrn(d_cfg->default_order, temp, sizeof(temp));
    return NULL;
}
Пример #4
0
API_EXPORT(int) ap_getpass(const char *prompt, char *pwbuf, size_t bufsiz)
{
    char *pw_got;
    int result = 0;

    pw_got = getpass(prompt);
    if (strlen(pw_got) > (bufsiz - 1)) {
	result = ERR_OVERFLOW;
    }
    ap_cpystrn(pwbuf, pw_got, bufsiz);
    return result;
}
Пример #5
0
static BOOL SendResponseHeaderEx(isapi_cid *cid, const char *stat,
                                 const char *head, DWORD statlen,
                                 DWORD headlen)
{
    int termarg;
    char *termch;

    if (!stat || statlen == 0 || !*stat) {
        stat = "Status: 200 OK";
    }
    else {
        char *newstat;
        newstat = ap_palloc(cid->r->pool, statlen + 9);
        strcpy(newstat, "Status: ");
        ap_cpystrn(newstat + 8, stat, statlen + 1);
        stat = newstat;
    }

    if (!head || headlen == 0 || !*head) {
        head = "\r\n";
    }
    else
    {
        if (head[headlen]) {
            /* Whoops... not NULL terminated */
            head = ap_pstrndup(cid->r->pool, head, headlen);
        }
    }

    /* Parse them out, or die trying */
    cid->status = ap_scan_script_header_err_strs(cid->r, NULL, &termch,
                                                 &termarg, stat, head, NULL);
    cid->ecb->dwHttpStatusCode = cid->r->status;

    /* All the headers should be set now */
    ap_send_http_header(cid->r);

    /* Any data left should now be sent directly,
     * it may be raw if headlen was provided.
     */
    if (termch && (termarg == 1)) {
        if (headlen == -1 && *termch)
            ap_rputs(termch, cid->r);
        else if (headlen > (size_t) (termch - head))
            ap_rwrite(termch, headlen - (termch - head), cid->r);
    }

    if (cid->status == HTTP_INTERNAL_SERVER_ERROR)
        return FALSE;
    return TRUE;
}
Пример #6
0
/*
 * Make a password record from the given information.  A zero return
 * indicates success; failure means that the output buffer contains an
 * error message instead.
 */
static int mkrecord(char *user, char *record, size_t rlen, char *passwd,
		    int alg)
{
    char *pw;
    char cpw[120];
    char pwin[MAX_STRING_LEN];
    char pwv[MAX_STRING_LEN];
    char salt[9];

    if (passwd != NULL) {
	pw = passwd;
    }
    switch (alg) {

    case ALG_CRYPT:
    default:
        (void) srand((int) time((time_t *) NULL));
        ap_to64(&salt[0], rand(), 8);
        salt[8] = '\0';

	ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
	break;
    }
    memset(pw, '\0', strlen(pw));

    /*
     * Check to see if the buffer is large enough to hold the username,
     * hash, and delimiters.
     */
    if ((strlen(user) + 1 + strlen(cpw)) > (rlen - 1)) {
	ap_cpystrn(record, "resultant record too long", (rlen - 1));
	return ERR_OVERFLOW;
    }
    strcpy(record, user);
    strcat(record, ":");
    strcat(record, cpw);
    return 0;
}
Пример #7
0
/* It stores the account name for later use */
const char *os_set_account(pool *p, const char *account)
{
    char account_temp[ACCT_LEN+1];

    ap_cpystrn(account_temp, account, sizeof account_temp);

    /* Make account all upper case */
    ap_str_toupper(account_temp);

    /* Pad to length 8 */
    ap_pad(account_temp, sizeof account_temp, ' ');

    bs2000_account = ap_pstrdup(p, account_temp);
    return NULL;
}
Пример #8
0
static void ssl_io_data_dump(server_rec *srvr, const char *s, long len)
{
    char buf[256];
    char tmp[64];
    int i, j, rows, trunc;
    unsigned char ch;

    trunc = 0;
    for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
        trunc++;
    rows = (len / DUMP_WIDTH);
    if ((rows * DUMP_WIDTH) < len)
        rows++;
    ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
            "+-------------------------------------------------------------------------+");
    for (i = 0 ; i< rows; i++) {
        ap_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH);
        ap_cpystrn(buf, tmp, sizeof(buf));
        for (j = 0; j < DUMP_WIDTH; j++) {
            if (((i * DUMP_WIDTH) + j) >= len)
                ap_cpystrn(buf+strlen(buf), "   ", sizeof(buf)-strlen(buf));
            else {
                ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
                ap_snprintf(tmp, sizeof(tmp), "%02x%c", ch , j==7 ? '-' : ' ');
                ap_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
            }
        }
        ap_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
        for (j = 0; j < DUMP_WIDTH; j++) {
            if (((i * DUMP_WIDTH) + j) >= len)
                ap_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
            else {
                ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
                ap_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.');
                ap_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
            }
        }
        ap_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
        ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID, "%s", buf);
    }
    if (trunc > 0)
        ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
                "| %04lx - <SPACES/NULS>", len + trunc);
    ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
            "+-------------------------------------------------------------------------+");
    return;
}
Пример #9
0
/* retrieve subject CommonName of certificate */
BOOL SSL_X509_getCN(pool *p, X509 *xs, char **cppCN)
{
    X509_NAME *xsn;
    X509_NAME_ENTRY *xsne;
    int i, nid;

    xsn = X509_get_subject_name(xs);
    for (i = 0; i < sk_X509_NAME_ENTRY_num(xsn->entries); i++) {
        xsne = sk_X509_NAME_ENTRY_value(xsn->entries, i);
        nid = OBJ_obj2nid(xsne->object);
        if (nid == NID_commonName) {
            *cppCN = ap_palloc(p, xsne->value->length+1);
            ap_cpystrn(*cppCN, (char *)xsne->value->data, xsne->value->length+1);
            (*cppCN)[xsne->value->length] = NUL;
#ifdef CHARSET_EBCDIC
            ascii2ebcdic(*cppCN, *cppCN, strlen(*cppCN));
#endif
            return TRUE;
        }
    }
    return FALSE;
}
Пример #10
0
/*******************************************************************************
 * Find a FastCGI server with a matching fs_path, and if fcgi_wrapper is
 * enabled with matching user and group.
 */
fcgi_server *
fcgi_util_fs_get(const char *ePath, const char *user, const char *group)
{
    char path[FCGI_MAXPATH];
    fcgi_server *s;

    ap_cpystrn(path, ePath, FCGI_MAXPATH);
    ap_no2slash(path);
    
    for (s = fcgi_servers; s != NULL; s = s->next) {
        if (strcmp(s->fs_path, path) == 0) {
            if (fcgi_wrapper == NULL)
                return s;

            if (strcmp(user, s->user) == 0 
                && (user[0] == '~' || strcmp(group, s->group) == 0))
            {
                return s;
            }
        }
    }
    return NULL;
}
Пример #11
0
/* BS2000 requires a "special" version of fork() before a setuid()/_rini() call */
pid_t os_fork(const char *user)
{
    pid_t pid;
    char  username[USER_LEN+1];

    switch (os_forktype()) {
      case bs2_FORK:
      case bs2_FORK_RINI:
	pid = fork();
	break;

      case bs2_RFORK_RINI:
	pid = _rfork();
	break;

      case bs2_UFORK:
	ap_cpystrn(username, user, sizeof username);

	/* Make user name all upper case - for some versions of ufork() */
	ap_str_toupper(username);

	pid = ufork(username);
	if (pid == -1 && errno == EPERM) {
	    ap_log_error(APLOG_MARK, APLOG_EMERG,
			 NULL, "ufork: Possible mis-configuration "
			 "for user %s - Aborting.", user);
	    exit(1);
	}
	break;

      default:
	pid = 0;
	break;
    }

    return pid;
}
Пример #12
0
char *get_tag(int tagbuf_len)
{
  char *tag_val, c, term;
  t = 0;
  --tagbuf_len;

  do {
    GET_CHAR(c, NULL);
  } while (ap_isspace(c));

  if (c == '-') {
    GET_CHAR(c, NULL);
    if (c == '-') {
      do {
        GET_CHAR(c, NULL);
      } while (ap_isspace(c));
      if (c == '>') {
        ap_cpystrn(tag, "done", tagbuf_len);
        return tag;
      }
    }

    return NULL;
  }

  while (1) {
    if (t == tagbuf_len) {
      tag[t] = EOS;
      return NULL;
    }
    if (c == '=' || ap_isspace(c)) {
      break;
    }
    tag[t] = ap_tolower(c);
    t++;
    GET_CHAR(c, NULL);
  }

  tag[t] = EOS;
  t++;
  tag_val = tag + t;

  while (ap_isspace(c)) {
    GET_CHAR(c, NULL);
  }
  if (c != '=') {
    return NULL;
  }

  do {
    GET_CHAR(c, NULL);
  } while (ap_isspace(c));

  if (c != '"' && c != '\'') {
    return NULL;
  }
  term = c;
  while (1) {
    GET_CHAR(c, NULL);
    if (t == tagbuf_len) { /* Suppose t == tagbuf_len - 1 */
      tag[t] = EOS;
      return NULL;
    }

    if (c == '\\') {
      GET_CHAR(c, NULL);
      if (c != term) {
        /* OK */
        tag[t] = '\\';
        t++;
        if (t == tagbuf_len) {
          /* OK */
__TESTCLAIM_1:
          tag[t] = EOS;
          return NULL;
        }
      }
    }
    else if (c == term) {
      break;
    }

    /* OK */
    tag[t] = c;    
    t++;                /* Now t == tagbuf_len + 1 
                         * So the bounds check (t == tagbuf_len) will fail */
  }
  /* OK */
  tag[t] = EOS;

  return tag;
}
Пример #13
0
/* This routine complements the setuid() call: it causes the BS2000 job
 * environment to be switched to the target user's user id.
 * That is important if CGI scripts try to execute native BS2000 commands.
 */
int os_init_job_environment(server_rec *server, const char *user_name, int one_process)
{
    _rini_struct            inittask; 
    char                    username[USER_LEN+1];
    bs2_ForkType            type = os_forktype();

    /* We can be sure that no change to uid==0 is possible because of
     * the checks in http_core.c:set_user()
     */

    /* The _rini() function works only after a prior _rfork().
     * In the case of one_process, it would fail.
     */
    if (one_process) {

	type = forktype = bs2_noFORK;

	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, server,
		     "The debug mode of Apache should only "
		     "be started by an unprivileged user!");
	return 0;
    }

    /* If no _rini() is required, then return quickly. */
    if (type != bs2_RFORK_RINI && type != bs2_FORK_RINI)
	return 0;

    /* An Account is required for _rini() */
    if (bs2000_account == NULL)
    {
	ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server,
		     "No BS2000Account configured - cannot switch to User %s",
		     user_name);
	exit(APEXIT_CHILDFATAL);
    }

    ap_cpystrn(username, user_name, sizeof username);

    /* Make user name all upper case */
    ap_str_toupper(username);

    /* Pad to length 8 */
    ap_pad(username, sizeof username, ' ');

    inittask.username       = username;
    inittask.account        = bs2000_account;
    inittask.processor_name = "        ";

    /* Switch to the new logon user (setuid() and setgid() are done later) */
    /* Only the super user can switch identities. */
    if (_rini(&inittask) != 0) {

	ap_log_error(APLOG_MARK, APLOG_ALERT, server,
		     "_rini: BS2000 auth failed for user \"%s\" acct \"%s\"",
		     inittask.username, inittask.account);

	exit(APEXIT_CHILDFATAL);
    }

    return 0;
}
Пример #14
0
int main(int argc, char *argv[])
{
    FILE *tfp, *f;
    char user[MAX_STRING_LEN];
    char realm[MAX_STRING_LEN];
    char line[MAX_STRING_LEN];
    char l[MAX_STRING_LEN];
    char w[MAX_STRING_LEN];
    char x[MAX_STRING_LEN];
    char command[MAX_STRING_LEN];
    int found;

    tn = NULL;
    signal(SIGINT, (void (*)(int)) interrupted);
    if (argc == 5) {
	if (strcmp(argv[1], "-c"))
	    usage();
#ifdef NETWARE
    UnAugmentAsterisk(TRUE);
    SetCurrentNameSpace(NW_NS_LONG);
    SetTargetNameSpace(NW_NS_LONG);
#endif
	if (!(tfp = fopen(argv[2], "w"))) {
	    fprintf(stderr, "Could not open passwd file %s for writing.\n",
		    argv[2]);
	    perror("fopen");
	    exit(1);
	}
	printf("Adding password for %s in realm %s.\n", argv[4], argv[3]);
	add_password(argv[4], argv[3], tfp);
	fclose(tfp);
	exit(0);
    }
    else if (argc != 4)
	usage();

    tn = tmpnam(NULL);
    if (!(tfp = fopen(tn, "w"))) {
	fprintf(stderr, "Could not open temp file.\n");
	exit(1);
    }

    if (!(f = fopen(argv[1], "r"))) {
	fprintf(stderr,
		"Could not open passwd file %s for reading.\n", argv[1]);
	fprintf(stderr, "Use -c option to create new one.\n");
	exit(1);
    }
    ap_cpystrn(user, argv[3], sizeof(user));
    ap_cpystrn(realm, argv[2], sizeof(realm));

    found = 0;
    while (!(getline(line, MAX_STRING_LEN, f))) {
	if (found || (line[0] == '#') || (!line[0])) {
	    putline(tfp, line);
	    continue;
	}
	strcpy(l, line);
	getword(w, l, ':');
	getword(x, l, ':');
	if (strcmp(user, w) || strcmp(realm, x)) {
	    putline(tfp, line);
	    continue;
	}
	else {
	    printf("Changing password for user %s in realm %s\n", user, realm);
	    add_password(user, realm, tfp);
	    found = 1;
	}
    }
    if (!found) {
	printf("Adding user %s in realm %s\n", user, realm);
	add_password(user, realm, tfp);
    }   
    fclose(f);
    fclose(tfp);
#ifndef NETWARE
#if defined(OS2) || defined(WIN32)
    sprintf(command, "copy \"%s\" \"%s\"", tn, argv[1]);
#else
    sprintf(command, "cp %s %s", tn, argv[1]);
#endif
    system(command);
#else
    if (!(tfp = fopen(tn, "r"))) {
    fprintf(stderr, "Could not open temp file.\n");
    exit(1);
    }
    
    if (!(f = fopen(argv[1], "w"))) {
    fprintf(stderr, "Could not open %s.\n", argv[1]);    
    exit(1);    
    }
    
    copy_file(f, tfp);
#endif
    unlink(tn);
    return 0;
}
char *get_tag(char *tag , int tagbuf_len ) 
{ char *tag_val ;
  char c ;
  char term ;
  int t ;
  int tmp ;
  int tmp___0 ;
  int tmp___1 ;
  int tmp___2 ;
  int tmp___3 ;
  int tmp___4 ;
  int tmp___5 ;
  int tmp___6 ;
  int tmp___7 ;
  int tmp___8 ;
  int tmp___9 ;
  int tmp___10 ;
  int tmp___11 ;
  int tmp___12 ;
  int __cil_tmp21 ;
  int __cil_tmp22 ;
  int __cil_tmp23 ;
  void *__cil_tmp24 ;
  char *__cil_tmp25 ;
  void *__cil_tmp26 ;
  int __cil_tmp27 ;
  char *__cil_tmp28 ;
  char *__cil_tmp29 ;
  int __cil_tmp30 ;
  void *__cil_tmp31 ;
  int __cil_tmp32 ;
  int __cil_tmp33 ;
  void *__cil_tmp34 ;
  char *__cil_tmp35 ;
  void *__cil_tmp36 ;
  int __cil_tmp37 ;
  int __cil_tmp38 ;
  int __cil_tmp39 ;
  int __cil_tmp40 ;
  char *__cil_tmp41 ;
  char *__cil_tmp42 ;
  void *__cil_tmp43 ;
  int __cil_tmp44 ;
  int __cil_tmp45 ;
  int __cil_tmp46 ;
  char *__cil_tmp47 ;
  char *__cil_tmp48 ;

  {
#line 9
  t = 0;
#line 11
  tagbuf_len = tagbuf_len - 1;
  {
#line 13
  while (1) {
    while_0_continue: /* CIL Label */ ;
    {
#line 14
    tmp = __VERIFIER_nondet_char();
#line 14
    c = (char )tmp;
#line 13
    tmp___0 = ap_isspace(c);
    }
#line 13
    if (tmp___0) {

    } else {
      goto while_0_break;
    }
  }
  while_0_break: /* CIL Label */ ;
  }
  {
#line 17
  __cil_tmp21 = (int )c;
#line 17
  if (__cil_tmp21 == 45) {
    {
#line 18
    tmp___1 = __VERIFIER_nondet_char();
#line 18
    c = (char )tmp___1;
    }
    {
#line 19
    __cil_tmp22 = (int )c;
#line 19
    if (__cil_tmp22 == 45) {
      {
#line 20
      while (1) {
        while_1_continue: /* CIL Label */ ;
        {
#line 21
        tmp___2 = __VERIFIER_nondet_char();
#line 21
        c = (char )tmp___2;
#line 20
        tmp___3 = ap_isspace(c);
        }
#line 20
        if (tmp___3) {

        } else {
          goto while_1_break;
        }
      }
      while_1_break: /* CIL Label */ ;
      }
      {
#line 23
      __cil_tmp23 = (int )c;
#line 23
      if (__cil_tmp23 == 62) {
        {
#line 24
        ap_cpystrn(tag, "done", tagbuf_len);
        }
#line 25
        return (tag);
      } else {

      }
      }
    } else {

    }
    }
    {
#line 28
    __cil_tmp24 = (void *)0;
#line 28
    return ((char *)__cil_tmp24);
    }
  } else {

  }
  }
  {
#line 31
  while (1) {
    while_2_continue: /* CIL Label */ ;
#line 32
    if (t == tagbuf_len) {
#line 33
      __cil_tmp25 = tag + t;
#line 33
      *__cil_tmp25 = (char)0;
      {
#line 34
      __cil_tmp26 = (void *)0;
#line 34
      return ((char *)__cil_tmp26);
      }
    } else {

    }
    {
#line 36
    __cil_tmp27 = (int )c;
#line 36
    if (__cil_tmp27 == 61) {
      goto while_2_break;
    } else {
      {
#line 36
      tmp___4 = ap_isspace(c);
      }
#line 36
      if (tmp___4) {
        goto while_2_break;
      } else {

      }
    }
    }
    {
#line 39
    tmp___5 = ap_tolower(c);
#line 39
    __cil_tmp28 = tag + t;
#line 39
    *__cil_tmp28 = (char )tmp___5;
#line 40
    t = t + 1;
#line 41
    tmp___6 = __VERIFIER_nondet_char();
#line 41
    c = (char )tmp___6;
    }
  }
  while_2_break: /* CIL Label */ ;
  }
#line 44
  __cil_tmp29 = tag + t;
#line 44
  *__cil_tmp29 = (char)0;
#line 45
  t = t + 1;
#line 46
  tag_val = tag + t;
  {
#line 48
  while (1) {
    while_3_continue: /* CIL Label */ ;
    {
#line 48
    tmp___8 = ap_isspace(c);
    }
#line 48
    if (tmp___8) {

    } else {
      goto while_3_break;
    }
    {
#line 49
    tmp___7 = __VERIFIER_nondet_char();
#line 49
    c = (char )tmp___7;
    }
  }
  while_3_break: /* CIL Label */ ;
  }
  {
#line 51
  __cil_tmp30 = (int )c;
#line 51
  if (__cil_tmp30 != 61) {
    {
#line 52
    __cil_tmp31 = (void *)0;
#line 52
    return ((char *)__cil_tmp31);
    }
  } else {

  }
  }
  {
#line 55
  while (1) {
    while_4_continue: /* CIL Label */ ;
    {
#line 56
    tmp___9 = __VERIFIER_nondet_char();
#line 56
    c = (char )tmp___9;
#line 55
    tmp___10 = ap_isspace(c);
    }
#line 55
    if (tmp___10) {

    } else {
      goto while_4_break;
    }
  }
  while_4_break: /* CIL Label */ ;
  }
  {
#line 59
  __cil_tmp32 = (int )c;
#line 59
  if (__cil_tmp32 != 34) {
    {
#line 59
    __cil_tmp33 = (int )c;
#line 59
    if (__cil_tmp33 != 39) {
      {
#line 60
      __cil_tmp34 = (void *)0;
#line 60
      return ((char *)__cil_tmp34);
      }
    } else {

    }
    }
  } else {

  }
  }
#line 62
  term = c;
  {
#line 63
  while (1) {
    while_5_continue: /* CIL Label */ ;
    {
#line 64
    tmp___11 = __VERIFIER_nondet_char();
#line 64
    c = (char )tmp___11;
    }
#line 65
    if (t == tagbuf_len) {
#line 66
      __cil_tmp35 = tag + t;
#line 66
      *__cil_tmp35 = (char)0;
      {
#line 67
      __cil_tmp36 = (void *)0;
#line 67
      return ((char *)__cil_tmp36);
      }
    } else {

    }
    {
#line 70
    __cil_tmp37 = (int )c;
#line 70
    if (__cil_tmp37 == 92) {
      {
#line 71
      tmp___12 = __VERIFIER_nondet_char();
#line 71
      c = (char )tmp___12;
      }
      {
#line 72
      __cil_tmp38 = (int )term;
#line 72
      __cil_tmp39 = (int )c;
#line 72
      if (__cil_tmp39 != __cil_tmp38) {
        {
#line 74
        __cil_tmp40 = t + 1;
#line 74
        if (__cil_tmp40 < tagbuf_len) {

        } else {
          {
#line 74
          __assert_fail("t + 1 < tagbuf_len", "../versisec/apache/progs/apacheCVE-2004-0940get_tag_iter1_prefixLong_arr_ok.c",
                        74U, "get_tag");
          }
        }
        }
#line 77
        __cil_tmp41 = tag + t;
#line 77
        *__cil_tmp41 = (char )'\\';
#line 78
        t = t + 1;
#line 79
        if (t == tagbuf_len) {
#line 81
          __cil_tmp42 = tag + t;
#line 81
          *__cil_tmp42 = (char)0;
          {
#line 82
          __cil_tmp43 = (void *)0;
#line 82
          return ((char *)__cil_tmp43);
          }
        } else {

        }
      } else {

      }
      }
    } else {
      {
#line 86
      __cil_tmp44 = (int )term;
#line 86
      __cil_tmp45 = (int )c;
#line 86
      if (__cil_tmp45 == __cil_tmp44) {
        goto while_5_break;
      } else {

      }
      }
    }
    }
    {
#line 91
    __cil_tmp46 = t + 2;
#line 91
    if (__cil_tmp46 < tagbuf_len) {

    } else {
      {
#line 91
      __assert_fail("t + 2 < tagbuf_len", "../versisec/apache/progs/apacheCVE-2004-0940get_tag_iter1_prefixLong_arr_ok.c",
                    91U, "get_tag");
      }
    }
    }
#line 94
    __cil_tmp47 = tag + t;
#line 94
    *__cil_tmp47 = c;
#line 95
    t = t + 1;
  }
  while_5_break: /* CIL Label */ ;
  }
#line 99
  __cil_tmp48 = tag + t;
#line 99
  *__cil_tmp48 = (char)0;
#line 101
  return (tag);
}
}
Пример #16
0
/*
 *	ic_server_setup()
 *	-----------------
 *	Do the actual primary/backup server setup on behalf of the
 *	ic_server_cmd() and ic_serverbackup_cmd() functions.
 */
static const char *ic_server_setup(cmd_parms *parms,void *mconfig,int server,const char *arg)
{
	static char errmsg[100];

	ic_conf_rec *conf_rec = (ic_conf_rec *)mconfig;
	ic_socket_rec *sock_rec = conf_rec->server[server];

	sock_rec->address = ap_pstrdup(parms->pool,arg);
	if (sock_rec->address == NULL)
		return "not enough memory for the socket address";

	/*
	 *	verify type of the argument, which will indicate
	 *	whether we should be using a UNIX or Inet socket
	 *	to connect to the Interchange server
	 */
	if (*arg == '/'){
		/*
		 *	this is to be a UNIX socket
		 */
		struct sockaddr_un *unix_sock;

		unix_sock = (struct sockaddr_un *)ap_pcalloc(parms->pool,sizeof(struct sockaddr_un));
		if (unix_sock == NULL){
			sprintf(errmsg,"not enough memory for %s UNIX socket structure",server ? "primary" : "backup");
			return errmsg;
		}

		unix_sock->sun_family = AF_LOCAL;
		ap_cpystrn(unix_sock->sun_path,sock_rec->address,sizeof(unix_sock->sun_path));
		sock_rec->sockaddr = (struct sockaddr *)unix_sock;
		sock_rec->size = SUN_LEN(unix_sock);
		sock_rec->family = PF_LOCAL;
	}else{
		/*
		 *	this is to be an INET socket
		 *
		 *	the argument is an IP address or hostname followed by
		 *	an optional port specification
		 */
		struct sockaddr_in *inet_sock;
		char **hostaddress;
		char *hostname;

		inet_sock = (struct sockaddr_in *)ap_pcalloc(parms->pool,sizeof(struct sockaddr_in));
		if (inet_sock == NULL){
			sprintf(errmsg,"not enough memory for %s INET socket structure",server ? "primary" : "backup");
			return errmsg;
		}

		inet_sock->sin_family = AF_INET;
		hostaddress = &(sock_rec->address);
		hostname = ap_getword_nc(parms->temp_pool,hostaddress,':');

		if (!inet_aton(hostname,&inet_sock->sin_addr)){
			/*
			 *	address must point to a hostname
			 */
			struct hostent *host = ap_pgethostbyname(parms->temp_pool,hostname);
			if (!host)
				return "invalid hostname specification";

			memcpy(&inet_sock->sin_addr,host->h_addr,sizeof(inet_sock->sin_addr));
		}

		/*
		 *	check if a port number has been specified
		 */
		if (**hostaddress){
			int port = atoi(*hostaddress);

			if (port <= 100 || port > 65535)
				return "invalid port specification";

			inet_sock->sin_port = htons(port);
		}else{
			inet_sock->sin_port = htons(IC_DEFAULT_PORT);
		}

		sock_rec->sockaddr = (struct sockaddr *)inet_sock;
		sock_rec->family = PF_INET;
		sock_rec->size = sizeof(struct sockaddr_in);
	}
	return NULL;
}
Пример #17
0
/* XXX: Is there is still an O(n^2) attack possible here?  Please detail. */
BOOL WINAPI ServerSupportFunction (HCONN hConn, DWORD dwHSERequest,
                                   LPVOID lpvBuffer, LPDWORD lpdwSize,
                                   LPDWORD lpdwDataType) {
    isapi_cid *cid = (isapi_cid *)hConn;
    request_rec *r = cid->r;
    request_rec *subreq;

    switch (dwHSERequest) {
    case 1: /* HSE_REQ_SEND_URL_REDIRECT_RESP */
        /* Set the status to be returned when the HttpExtensionProc()
         * is done.
         * WARNING: Microsoft now advertises HSE_REQ_SEND_URL_REDIRECT_RESP
         *          and HSE_REQ_SEND_URL as equivalant per the Jan 2000 SDK.
         *          They most definately are not, even in their own samples.
         */
        ap_table_set(r->headers_out, "Location", lpvBuffer);
        cid->status = cid->r->status
                    = cid->ecb->dwHttpStatusCode = HTTP_MOVED_TEMPORARILY;
        return TRUE;

    case 2: /* HSE_REQ_SEND_URL */
        /* Soak up remaining input (there should be none) */
        if (r->remaining > 0) {
            char argsbuffer[HUGE_STRING_LEN];
            while (ap_get_client_block(r, argsbuffer, HUGE_STRING_LEN) > 0);
        }

        /* Reset the method to GET */
        r->method = ap_pstrdup(r->pool, "GET");
        r->method_number = M_GET;

        /* Don't let anyone think there's still data */
        ap_table_unset(r->headers_in, "Content-Length");

        /* AV fault per PR3598 - redirected path is lost! */
        (char*)lpvBuffer = ap_pstrdup(r->pool, (char*)lpvBuffer);
        ap_internal_redirect((char*)lpvBuffer, r);
        return TRUE;

    case 3: /* HSE_REQ_SEND_RESPONSE_HEADER */
    {
        /* Parse them out, or die trying */
        DWORD statlen = 0, headlen = 0;
	if (lpvBuffer)
	    statlen = strlen((char*) lpvBuffer);
	if (lpdwDataType)
	    headlen = strlen((char*) lpdwDataType);
        return SendResponseHeaderEx(cid, (char*) lpvBuffer, (char*) lpdwDataType, 
                                    statlen, headlen);
    }

    case 4: /* HSE_REQ_DONE_WITH_SESSION */
        /* Do nothing... since we don't support async I/O, they'll
         * return from HttpExtensionProc soon
         */
        return TRUE;

    case 1001: /* HSE_REQ_MAP_URL_TO_PATH */
    {
        /* Map a URL to a filename */
        char *file = (char *)lpvBuffer;
	DWORD len;
        subreq = ap_sub_req_lookup_uri(ap_pstrndup(r->pool, file, *lpdwSize), r);

        len = ap_cpystrn(file, subreq->filename, *lpdwSize) - file;
	
        /* IIS puts a trailing slash on directories, Apache doesn't */
        if (S_ISDIR (subreq->finfo.st_mode)) {
            if (len < *lpdwSize - 1) {
                file[len++] = '\\';
                file[len] = '\0';
            }
        }
        *lpdwSize = len;
        return TRUE;
    }

    case 1002: /* HSE_REQ_GET_SSPI_INFO */
        if (LogNotSupported)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
                          "ISAPI ServerSupportFunction HSE_REQ_GET_SSPI_INFO "
                          "is not supported: %s", r->filename);
        SetLastError(ERROR_INVALID_PARAMETER);
        return FALSE;

    case 1003: /* HSE_APPEND_LOG_PARAMETER */
        /* Log lpvBuffer, of lpdwSize bytes, in the URI Query (cs-uri-query) field
         * This code will do for now...
         */
        ap_table_set(r->notes, "isapi-parameter", (char*) lpvBuffer);
        if (AppendLogToQuery) {
            if (r->args)
                r->args = ap_pstrcat(r->pool, r->args, (char*) lpvBuffer, NULL);
            else
                r->args = ap_pstrdup(r->pool, (char*) lpvBuffer);
        }
        if (AppendLogToErrors)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
                          "ISAPI %s: %s", cid->r->filename,
                          (char*) lpvBuffer);
        return TRUE;

    /* We don't support all this async I/O, Microsoft-specific stuff */
    case 1005: /* HSE_REQ_IO_COMPLETION */
    case 1006: /* HSE_REQ_TRANSMIT_FILE */
        if (LogNotSupported)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
                          "ISAPI asynchronous I/O not supported: %s", 
                          r->filename);
        SetLastError(ERROR_INVALID_PARAMETER);
        return FALSE;

    case 1007: /* HSE_REQ_REFRESH_ISAPI_ACL */
        /* Since we don't override the user ID and access, we can't reset.
         */
        if (LogNotSupported)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
                          "ISAPI ServerSupportFunction "
                          "HSE_REQ_REFRESH_ISAPI_ACL "
                          "is not supported: %s", r->filename);
        SetLastError(ERROR_INVALID_PARAMETER);
        return FALSE;

    case 1008: /* HSE_REQ_IS_KEEP_CONN */
        *((LPBOOL) lpvBuffer) = (r->connection->keepalive == 1);
        return TRUE;

    case 1010: /* HSE_REQ_ASYNC_READ_CLIENT */
        if (LogNotSupported)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
                          "ISAPI asynchronous I/O not supported: %s", 
                          r->filename);
        SetLastError(ERROR_INVALID_PARAMETER);
        return FALSE;

    case 1011: /* HSE_REQ_GET_IMPERSONATION_TOKEN  Added in ISAPI 4.0 */
        if (LogNotSupported)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
                          "ISAPI ServerSupportFunction "
                          "HSE_REQ_GET_IMPERSONATION_TOKEN "
                          "is not supported: %s", r->filename);
        SetLastError(ERROR_INVALID_PARAMETER);
        return FALSE;

#ifdef HSE_REQ_MAP_URL_TO_PATH_EX
    case 1012: /* HSE_REQ_MAP_URL_TO_PATH_EX */
    {
        /* Map a URL to a filename */
        LPHSE_URL_MAPEX_INFO info = (LPHSE_URL_MAPEX_INFO) lpdwDataType;
        char* test_uri = ap_pstrndup(r->pool, (char *)lpvBuffer, *lpdwSize);

        subreq = ap_sub_req_lookup_uri(test_uri, r);
        info->cchMatchingURL = strlen(test_uri);        
        info->cchMatchingPath = ap_cpystrn(info->lpszPath, subreq->filename, 
                                           MAX_PATH) - info->lpszPath;
        
        /* Mapping started with assuming both strings matched.
         * Now roll on the path_info as a mismatch and handle
         * terminating slashes for directory matches.
         */
        if (subreq->path_info && *subreq->path_info) {
            ap_cpystrn(info->lpszPath + info->cchMatchingPath, 
                       subreq->path_info, MAX_PATH - info->cchMatchingPath);
            info->cchMatchingURL -= strlen(subreq->path_info);
            if (S_ISDIR(subreq->finfo.st_mode)
                 && info->cchMatchingPath < MAX_PATH - 1) {
                /* roll forward over path_info's first slash */
                ++info->cchMatchingPath;
                ++info->cchMatchingURL;
            }
        }
        else if (S_ISDIR(subreq->finfo.st_mode)
                 && info->cchMatchingPath < MAX_PATH - 1) {
            /* Add a trailing slash for directory */
            info->lpszPath[info->cchMatchingPath++] = '/';
            info->lpszPath[info->cchMatchingPath] = '\0';
        }

        /* If the matched isn't a file, roll match back to the prior slash */
        if (!subreq->finfo.st_mode) {
            while (info->cchMatchingPath && info->cchMatchingURL) {
                if (info->lpszPath[info->cchMatchingPath - 1] == '/') 
                    break;
                --info->cchMatchingPath;
                --info->cchMatchingURL;
            }
        }
        
        /* Paths returned with back slashes */
        for (test_uri = info->lpszPath; *test_uri; ++test_uri)
            if (*test_uri == '/')
                *test_uri = '\\';
        
        /* is a combination of:
         * HSE_URL_FLAGS_READ         0x001 Allow read
         * HSE_URL_FLAGS_WRITE        0x002 Allow write
         * HSE_URL_FLAGS_EXECUTE      0x004 Allow execute
         * HSE_URL_FLAGS_SSL          0x008 Require SSL
         * HSE_URL_FLAGS_DONT_CACHE   0x010 Don't cache (VRoot only)
         * HSE_URL_FLAGS_NEGO_CERT    0x020 Allow client SSL cert
         * HSE_URL_FLAGS_REQUIRE_CERT 0x040 Require client SSL cert
         * HSE_URL_FLAGS_MAP_CERT     0x080 Map client SSL cert to account
         * HSE_URL_FLAGS_SSL128       0x100 Require 128-bit SSL cert
         * HSE_URL_FLAGS_SCRIPT       0x200 Allow script execution
         *
         * XxX: As everywhere, EXEC flags could use some work...
         *      and this could go further with more flags, as desired.
         */ 
        info->dwFlags = (subreq->finfo.st_mode & _S_IREAD  ? 0x001 : 0)
                      | (subreq->finfo.st_mode & _S_IWRITE ? 0x002 : 0)
                      | (subreq->finfo.st_mode & _S_IEXEC  ? 0x204 : 0);
        return TRUE;
    }
#endif

    case 1014: /* HSE_REQ_ABORTIVE_CLOSE */
        if (LogNotSupported)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
                          "ISAPI ServerSupportFunction HSE_REQ_ABORTIVE_CLOSE"
                          " is not supported: %s", r->filename);
        SetLastError(ERROR_INVALID_PARAMETER);
        return FALSE;

    case 1015: /* HSE_REQ_GET_CERT_INFO_EX  Added in ISAPI 4.0 */
        if (LogNotSupported)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
                          "ISAPI ServerSupportFunction "
                          "HSE_REQ_GET_CERT_INFO_EX "
                          "is not supported: %s", r->filename);
        SetLastError(ERROR_INVALID_PARAMETER);
        return FALSE;

#ifdef HSE_REQ_SEND_RESPONSE_HEADER_EX
    case 1016: /* HSE_REQ_SEND_RESPONSE_HEADER_EX  Added in ISAPI 4.0 */
    {
        LPHSE_SEND_HEADER_EX_INFO shi
                                  = (LPHSE_SEND_HEADER_EX_INFO) lpvBuffer;
        /* XXX: ignore shi->fKeepConn?  We shouldn't need the advise */
        /* r->connection->keepalive = shi->fKeepConn; */
        return SendResponseHeaderEx(cid, shi->pszStatus, shi->pszHeader,
                                         shi->cchStatus, shi->cchHeader);
    }
#endif

    case 1017: /* HSE_REQ_CLOSE_CONNECTION  Added after ISAPI 4.0 */
        if (LogNotSupported)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
                          "ISAPI ServerSupportFunction "
                          "HSE_REQ_CLOSE_CONNECTION "
                          "is not supported: %s", r->filename);
        SetLastError(ERROR_INVALID_PARAMETER);
        return FALSE;

    case 1018: /* HSE_REQ_IS_CONNECTED  Added after ISAPI 4.0 */
        /* Returns True if client is connected c.f. MSKB Q188346
         * XXX: That statement is very ambigious... assuming the 
         * identical return mechanism as HSE_REQ_IS_KEEP_CONN.
         */
        *((LPBOOL) lpvBuffer) = (r->connection->aborted == 0);
        return TRUE;

    case 1020: /* HSE_REQ_EXTENSION_TRIGGER  Added after ISAPI 4.0 */
        /*  Undocumented - defined by the Microsoft Jan '00 Platform SDK
         */
        if (LogNotSupported)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
                          "ISAPI ServerSupportFunction "
                          "HSE_REQ_EXTENSION_TRIGGER "
                          "is not supported: %s", r->filename);
        SetLastError(ERROR_INVALID_PARAMETER);
        return FALSE;


    default:
        if (LogNotSupported)
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
                          "ISAPI ServerSupportFunction (%d) not supported: "
                          "%s", dwHSERequest, r->filename);
        SetLastError(ERROR_INVALID_PARAMETER);
        return FALSE;
    }
}
Пример #18
0
/*
 * Make a password record from the given information.  A zero return
 * indicates success; failure means that the output buffer contains an
 * error message instead.
 */
static int mkrecord(char *user, char *record, size_t rlen, char *passwd,
		    int alg)
{
    char *pw;
    char cpw[120];
    char pwin[MAX_STRING_LEN];
    char pwv[MAX_STRING_LEN];
    char salt[9];

    if (passwd != NULL) {
	pw = passwd;
    }
    else {
#ifdef TPF
        fprintf(stderr, "Invalid entry. The -b option is required on TPF.\n");
        return usage();
#else
	if (ap_getpass("New password: "******"password too long (>%lu)",
			(unsigned long) (sizeof(pwin) - 1));
	    return ERR_OVERFLOW;
	}
	ap_getpass("Re-type new password: "******"password verification error", (rlen - 1));
	    return ERR_PWMISMATCH;
	}
	pw = pwin;
        memset(pwv, '\0', sizeof(pwin));
#endif /* TPF */
    }
    switch (alg) {

    case ALG_APSHA:
	/* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */
 	ap_sha1_base64(pw,strlen(pw),cpw);
	break;

    case ALG_APMD5: 
        (void) srand((int) time((time_t *) NULL));
        ap_to64(&salt[0], rand(), 8);
        salt[8] = '\0';

	ap_MD5Encode((const unsigned char *)pw, (const unsigned char *)salt,
		     cpw, sizeof(cpw));
	break;

    case ALG_PLAIN:
	/* XXX this len limitation is not in sync with any HTTPd len. */
	ap_cpystrn(cpw,pw,sizeof(cpw));
	break;

    case ALG_CRYPT:
    default:
        (void) srand((int) time((time_t *) NULL));
        ap_to64(&salt[0], rand(), 8);
        salt[8] = '\0';

	ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
	break;
    }
    memset(pw, '\0', strlen(pw));

    /*
     * Check to see if the buffer is large enough to hold the username,
     * hash, and delimiters.
     */
    if ((strlen(user) + 1 + strlen(cpw)) > (rlen - 1)) {
	ap_cpystrn(record, "resultant record too long", (rlen - 1));
	return ERR_OVERFLOW;
    }
    strcpy(record, user);
    strcat(record, ":");
    strcat(record, cpw);
    return 0;
}