bool qEnvApache::SetHeader(const char *str, const char *val)
{
if (!IsFlushed()) {
ap_table_set(GetRequest()->headers_out, str, val);
if (!stricmp(str,"content-type")) {
myReq->content_type = ap_pstrdup(myReq->pool, val);
} else if (!stricmp(str,"set-cookie"))
ap_table_set(GetRequest()->err_headers_out, str, val);
return true;
}
return false;
}
static void *create_dir_mconfig(pool *p, char *dir)
{
/* So why -1, 0, and 1? You see, C lacks an arithmatic if. We need to
know three states at any point. We need to know if something is unset, off or
on. Hence we use these values. Apache already understands Off as 0 and 1 as
on.
*/
kewl_conf *cfg;
cfg = ap_pcalloc(p, sizeof(kewl_conf));
cfg->proxy = UNSET;
cfg->comment = UNSET;
cfg->glob = UNSET;
cfg->http_header_enabled = UNSET;
cfg->http_header = NULL;
cfg->header = NULL;
cfg->footer = NULL;
cfg->request_header = OFF;
cfg->time_format = NULL;
cfg->types = ap_make_table(p, 8);
cfg->uris_ignore = ap_make_table(p, 8);
ap_table_set(cfg->types, INCLUDES_MAGIC_TYPE, "1");
ap_table_set(cfg->types, INCLUDES_MAGIC_TYPE3, "1");
ap_table_set(cfg->types, "server-parsed", "1");
ap_table_set(cfg->types, "text/html", "1");
ap_table_set(cfg->types, "text/plain", "1");
ap_table_set(cfg->types, "perl-script", "1");
ap_table_set(cfg->types, "cgi-script", "1");
ap_table_set(cfg->types, "application/x-httpd-cgi", "1");
return (void *) cfg;
}
/**
* Nomalize charset in HTTP request line and HTTP header(s).
* Returns 0 on success, -1 (non-zero) on error.
*
* FIXME: Should handle/consider partial success?
*
* @param r Apache request object structure
* @param cd Conversion descriptor, made by iconv_open(3).
*/
static int
iconv_header(request_rec *r, iconv_t cd) {
char *buff;
char *keys[] = { "Destination", NULL };
int i;
/* Normalize encoding in HTTP request line */
ap_unescape_url(r->unparsed_uri);
if ((buff = iconv_string(r, cd, r->unparsed_uri,
strlen(r->unparsed_uri))) == NULL)
return -1;
ap_parse_uri(r, buff);
ap_getparents(r->uri); /* normalize given path for security */
/* Normalize encoding in HTTP request header(s) */
for (i = 0 ; keys[i] ; i++) {
if ((buff = (char *)ap_table_get(r->headers_in, keys[i])) != NULL) {
ap_unescape_url(buff);
if ((buff = iconv_string(r, cd, buff, strlen(buff))) == NULL)
return -1;
ap_table_set(r->headers_in, keys[i], buff);
}
}
return 0;
}
static PyObject * req_get_all_dirs(requestobject *self, PyObject *args)
{
table *all;
py_dir_config *conf =
(py_dir_config *) ap_get_module_config(self->request_rec->per_dir_config,
&python_module);
all = ap_copy_table(self->request_rec->pool, conf->dirs);
if (ap_table_get(self->request_rec->notes, "py_more_directives")) {
array_header *ah = ap_table_elts(self->request_rec->notes);
table_entry *elts = (table_entry *)ah->elts;
int i = ah->nelts;
while (i--) {
if (elts[i].key) {
/* chop off _dir */
char *s = ap_pstrdup(self->request_rec->pool, elts[i].key);
if (valid_handler(s)) {
s[strlen(s)-4] = 0;
ap_table_set(all, s, elts[i].val);
}
}
}
}
return MpTable_FromTable(all);
}
/**
redirect : string -> void
<doc>Redirect the client to another page (Location header)</doc>
**/
static value redirect( value s ) {
mcontext *c = CONTEXT();
val_check(s,string);
HEADERS_NOT_SENT("Redirection");
ap_table_set(c->r->headers_out,"Location",val_string(s));
c->r->status = REDIRECT;
return val_true;
}
static int wrap_putenv (void *data, const char *k, const char *v)
{
WRAPPER_DATA *wrap = (WRAPPER_DATA *)data;
ap_table_set (wrap->r->subprocess_env, k, v);
return 0;
}
static void do_set_header( void *_c, const char *key, const char *value, bool add ) {
mcontext *c = (mcontext*)_c;
if( add )
ap_table_add(c->r->headers_out,key,value);
else if( strcmpi(key,"Content-Type") == 0 ) {
int len = (int)strlen(value);
char *ct = (char*)ap_palloc(c->r->pool,len+1);
memcpy(ct,value,len+1);
c->r->content_type = ct;
} else
ap_table_set(c->r->headers_out,key,value);
}
/**
set_header : name:string -> val:string -> void
<doc>Set a HTTP header value</doc>
**/
static value set_header( value s, value k ) {
mcontext *c = CONTEXT();
val_check(s,string);
val_check(k,string);
HEADERS_NOT_SENT("Header");
if( strcmpi(val_string(s),"Content-Type") == 0 ) {
c->content_type = alloc_string(val_string(k));
c->r->content_type = val_string(c->content_type);
} else
ap_table_set(c->r->headers_out,val_string(s),val_string(k));
return val_true;
}
static const char *suphp_handle_cmd_add_handler(cmd_parms *cmd, void *mconfig,
const char *arg) {
suphp_conf *cfg;
if (mconfig)
cfg = (suphp_conf *) mconfig;
else
cfg = ap_get_module_config(cmd->server->module_config, &suphp_module);
// Mark active handlers with '1'
ap_table_set(cfg->handlers, arg, "1");
return NULL;
}
static PyObject * req_get_all_config(requestobject *self, PyObject *args)
{
table *all;
py_dir_config *conf =
(py_dir_config *) ap_get_module_config(self->request_rec->per_dir_config,
&python_module);
all = ap_copy_table(self->request_rec->pool, conf->directives);
if (ap_table_get(self->request_rec->notes, "py_more_directives")) {
array_header *ah = ap_table_elts(self->request_rec->notes);
table_entry *elts = (table_entry *)ah->elts;
int i = ah->nelts;
while (i--) {
if (elts[i].key) {
if (valid_handler(elts[i].key)) {
/* if exists - append, otherwise add */
const char *val = ap_table_get(all, elts[i].key);
if (val) {
ap_table_set(all, elts[i].key,
ap_pstrcat(self->request_rec->pool,
val, " ", elts[i].val,
NULL));
}
else {
ap_table_set(all, elts[i].key, elts[i].val);
}
}
}
}
}
return MpTable_FromTable(all);
}
/* XXX: Is there is still an O(n^2) attack possible here? Please detail. */
BOOL WINAPI ServerSupportFunction (HCONN hConn, DWORD dwHSERequest,
LPVOID lpvBuffer, LPDWORD lpdwSize,
LPDWORD lpdwDataType) {
isapi_cid *cid = (isapi_cid *)hConn;
request_rec *r = cid->r;
request_rec *subreq;
switch (dwHSERequest) {
case 1: /* HSE_REQ_SEND_URL_REDIRECT_RESP */
/* Set the status to be returned when the HttpExtensionProc()
* is done.
* WARNING: Microsoft now advertises HSE_REQ_SEND_URL_REDIRECT_RESP
* and HSE_REQ_SEND_URL as equivalant per the Jan 2000 SDK.
* They most definately are not, even in their own samples.
*/
ap_table_set(r->headers_out, "Location", lpvBuffer);
cid->status = cid->r->status
= cid->ecb->dwHttpStatusCode = HTTP_MOVED_TEMPORARILY;
return TRUE;
case 2: /* HSE_REQ_SEND_URL */
/* Soak up remaining input (there should be none) */
if (r->remaining > 0) {
char argsbuffer[HUGE_STRING_LEN];
while (ap_get_client_block(r, argsbuffer, HUGE_STRING_LEN) > 0);
}
/* Reset the method to GET */
r->method = ap_pstrdup(r->pool, "GET");
r->method_number = M_GET;
/* Don't let anyone think there's still data */
ap_table_unset(r->headers_in, "Content-Length");
/* AV fault per PR3598 - redirected path is lost! */
(char*)lpvBuffer = ap_pstrdup(r->pool, (char*)lpvBuffer);
ap_internal_redirect((char*)lpvBuffer, r);
return TRUE;
case 3: /* HSE_REQ_SEND_RESPONSE_HEADER */
{
/* Parse them out, or die trying */
DWORD statlen = 0, headlen = 0;
if (lpvBuffer)
statlen = strlen((char*) lpvBuffer);
if (lpdwDataType)
headlen = strlen((char*) lpdwDataType);
return SendResponseHeaderEx(cid, (char*) lpvBuffer, (char*) lpdwDataType,
statlen, headlen);
}
case 4: /* HSE_REQ_DONE_WITH_SESSION */
/* Do nothing... since we don't support async I/O, they'll
* return from HttpExtensionProc soon
*/
return TRUE;
case 1001: /* HSE_REQ_MAP_URL_TO_PATH */
{
/* Map a URL to a filename */
char *file = (char *)lpvBuffer;
DWORD len;
subreq = ap_sub_req_lookup_uri(ap_pstrndup(r->pool, file, *lpdwSize), r);
len = ap_cpystrn(file, subreq->filename, *lpdwSize) - file;
/* IIS puts a trailing slash on directories, Apache doesn't */
if (S_ISDIR (subreq->finfo.st_mode)) {
if (len < *lpdwSize - 1) {
file[len++] = '\\';
file[len] = '\0';
}
}
*lpdwSize = len;
return TRUE;
}
case 1002: /* HSE_REQ_GET_SSPI_INFO */
if (LogNotSupported)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
"ISAPI ServerSupportFunction HSE_REQ_GET_SSPI_INFO "
"is not supported: %s", r->filename);
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
case 1003: /* HSE_APPEND_LOG_PARAMETER */
/* Log lpvBuffer, of lpdwSize bytes, in the URI Query (cs-uri-query) field
* This code will do for now...
*/
ap_table_set(r->notes, "isapi-parameter", (char*) lpvBuffer);
if (AppendLogToQuery) {
if (r->args)
r->args = ap_pstrcat(r->pool, r->args, (char*) lpvBuffer, NULL);
else
r->args = ap_pstrdup(r->pool, (char*) lpvBuffer);
}
if (AppendLogToErrors)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
"ISAPI %s: %s", cid->r->filename,
(char*) lpvBuffer);
return TRUE;
/* We don't support all this async I/O, Microsoft-specific stuff */
case 1005: /* HSE_REQ_IO_COMPLETION */
case 1006: /* HSE_REQ_TRANSMIT_FILE */
if (LogNotSupported)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
"ISAPI asynchronous I/O not supported: %s",
r->filename);
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
case 1007: /* HSE_REQ_REFRESH_ISAPI_ACL */
/* Since we don't override the user ID and access, we can't reset.
*/
if (LogNotSupported)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
"ISAPI ServerSupportFunction "
"HSE_REQ_REFRESH_ISAPI_ACL "
"is not supported: %s", r->filename);
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
case 1008: /* HSE_REQ_IS_KEEP_CONN */
*((LPBOOL) lpvBuffer) = (r->connection->keepalive == 1);
return TRUE;
case 1010: /* HSE_REQ_ASYNC_READ_CLIENT */
if (LogNotSupported)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
"ISAPI asynchronous I/O not supported: %s",
r->filename);
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
case 1011: /* HSE_REQ_GET_IMPERSONATION_TOKEN Added in ISAPI 4.0 */
if (LogNotSupported)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
"ISAPI ServerSupportFunction "
"HSE_REQ_GET_IMPERSONATION_TOKEN "
"is not supported: %s", r->filename);
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
#ifdef HSE_REQ_MAP_URL_TO_PATH_EX
case 1012: /* HSE_REQ_MAP_URL_TO_PATH_EX */
{
/* Map a URL to a filename */
LPHSE_URL_MAPEX_INFO info = (LPHSE_URL_MAPEX_INFO) lpdwDataType;
char* test_uri = ap_pstrndup(r->pool, (char *)lpvBuffer, *lpdwSize);
subreq = ap_sub_req_lookup_uri(test_uri, r);
info->cchMatchingURL = strlen(test_uri);
info->cchMatchingPath = ap_cpystrn(info->lpszPath, subreq->filename,
MAX_PATH) - info->lpszPath;
/* Mapping started with assuming both strings matched.
* Now roll on the path_info as a mismatch and handle
* terminating slashes for directory matches.
*/
if (subreq->path_info && *subreq->path_info) {
ap_cpystrn(info->lpszPath + info->cchMatchingPath,
subreq->path_info, MAX_PATH - info->cchMatchingPath);
info->cchMatchingURL -= strlen(subreq->path_info);
if (S_ISDIR(subreq->finfo.st_mode)
&& info->cchMatchingPath < MAX_PATH - 1) {
/* roll forward over path_info's first slash */
++info->cchMatchingPath;
++info->cchMatchingURL;
}
}
else if (S_ISDIR(subreq->finfo.st_mode)
&& info->cchMatchingPath < MAX_PATH - 1) {
/* Add a trailing slash for directory */
info->lpszPath[info->cchMatchingPath++] = '/';
info->lpszPath[info->cchMatchingPath] = '\0';
}
/* If the matched isn't a file, roll match back to the prior slash */
if (!subreq->finfo.st_mode) {
while (info->cchMatchingPath && info->cchMatchingURL) {
if (info->lpszPath[info->cchMatchingPath - 1] == '/')
break;
--info->cchMatchingPath;
--info->cchMatchingURL;
}
}
/* Paths returned with back slashes */
for (test_uri = info->lpszPath; *test_uri; ++test_uri)
if (*test_uri == '/')
*test_uri = '\\';
/* is a combination of:
* HSE_URL_FLAGS_READ 0x001 Allow read
* HSE_URL_FLAGS_WRITE 0x002 Allow write
* HSE_URL_FLAGS_EXECUTE 0x004 Allow execute
* HSE_URL_FLAGS_SSL 0x008 Require SSL
* HSE_URL_FLAGS_DONT_CACHE 0x010 Don't cache (VRoot only)
* HSE_URL_FLAGS_NEGO_CERT 0x020 Allow client SSL cert
* HSE_URL_FLAGS_REQUIRE_CERT 0x040 Require client SSL cert
* HSE_URL_FLAGS_MAP_CERT 0x080 Map client SSL cert to account
* HSE_URL_FLAGS_SSL128 0x100 Require 128-bit SSL cert
* HSE_URL_FLAGS_SCRIPT 0x200 Allow script execution
*
* XxX: As everywhere, EXEC flags could use some work...
* and this could go further with more flags, as desired.
*/
info->dwFlags = (subreq->finfo.st_mode & _S_IREAD ? 0x001 : 0)
| (subreq->finfo.st_mode & _S_IWRITE ? 0x002 : 0)
| (subreq->finfo.st_mode & _S_IEXEC ? 0x204 : 0);
return TRUE;
}
#endif
case 1014: /* HSE_REQ_ABORTIVE_CLOSE */
if (LogNotSupported)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
"ISAPI ServerSupportFunction HSE_REQ_ABORTIVE_CLOSE"
" is not supported: %s", r->filename);
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
case 1015: /* HSE_REQ_GET_CERT_INFO_EX Added in ISAPI 4.0 */
if (LogNotSupported)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
"ISAPI ServerSupportFunction "
"HSE_REQ_GET_CERT_INFO_EX "
"is not supported: %s", r->filename);
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
#ifdef HSE_REQ_SEND_RESPONSE_HEADER_EX
case 1016: /* HSE_REQ_SEND_RESPONSE_HEADER_EX Added in ISAPI 4.0 */
{
LPHSE_SEND_HEADER_EX_INFO shi
= (LPHSE_SEND_HEADER_EX_INFO) lpvBuffer;
/* XXX: ignore shi->fKeepConn? We shouldn't need the advise */
/* r->connection->keepalive = shi->fKeepConn; */
return SendResponseHeaderEx(cid, shi->pszStatus, shi->pszHeader,
shi->cchStatus, shi->cchHeader);
}
#endif
case 1017: /* HSE_REQ_CLOSE_CONNECTION Added after ISAPI 4.0 */
if (LogNotSupported)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
"ISAPI ServerSupportFunction "
"HSE_REQ_CLOSE_CONNECTION "
"is not supported: %s", r->filename);
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
case 1018: /* HSE_REQ_IS_CONNECTED Added after ISAPI 4.0 */
/* Returns True if client is connected c.f. MSKB Q188346
* XXX: That statement is very ambigious... assuming the
* identical return mechanism as HSE_REQ_IS_KEEP_CONN.
*/
*((LPBOOL) lpvBuffer) = (r->connection->aborted == 0);
return TRUE;
case 1020: /* HSE_REQ_EXTENSION_TRIGGER Added after ISAPI 4.0 */
/* Undocumented - defined by the Microsoft Jan '00 Platform SDK
*/
if (LogNotSupported)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
"ISAPI ServerSupportFunction "
"HSE_REQ_EXTENSION_TRIGGER "
"is not supported: %s", r->filename);
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
default:
if (LogNotSupported)
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
"ISAPI ServerSupportFunction (%d) not supported: "
"%s", dwHSERequest, r->filename);
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
}
static int suphp_handler(request_rec *r) {
suphp_conf *sconf;
suphp_conf *dconf;
#ifdef SUPHP_USE_USERGROUP
char *ud_user = NULL;
char *ud_group = NULL;
int ud_success = 0;
#endif
struct stat finfo;
int rv;
char *auth_user = NULL;
char *auth_pass = NULL;
pool *p;
BUFF *script_in, *script_out, *script_err;
const char *handler;
sconf = ap_get_module_config(r->server->module_config, &suphp_module);
dconf = ap_get_module_config(r->per_dir_config, &suphp_module);
p = r->main ? r->main->pool : r->pool;
/* only handle request if mod_suphp is active for this handler */
/* check only first byte of value (second has to be \0) */
if (r->handler != NULL) {
handler = r->handler;
} else {
handler = r->content_type;
}
if ((ap_table_get(dconf->handlers, handler) == NULL)) {
if ((ap_table_get(sconf->handlers, handler) == NULL)
|| (*(ap_table_get(sconf->handlers, handler)) == '0')) {
return DECLINED;
}
} else if (*(ap_table_get(dconf->handlers, handler)) == '0') {
return DECLINED;
}
/* check if suPHP is enabled for this request */
if (((sconf->engine != SUPHP_ENGINE_ON)
&& (dconf->engine != SUPHP_ENGINE_ON))
|| ((sconf->engine == SUPHP_ENGINE_ON)
&& (dconf->engine == SUPHP_ENGINE_OFF)))
return DECLINED;
/* check if file is existing and accessible */
rv = stat(ap_pstrdup(p, r->filename), &finfo);
if (rv == 0) {
; /* do nothing */
} else if (errno == EACCES) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "access to %s denied",
r->filename);
return HTTP_FORBIDDEN;
} else if (errno == ENOENT || errno == ENOTDIR) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "File does not exist: %s",
r->filename);
return HTTP_NOT_FOUND;
} else {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "could not get fileinfo: %s",
r->filename);
return HTTP_NOT_FOUND;
}
#ifdef SUPHP_USE_USERGROUP
if ((sconf->target_user == NULL || sconf->target_group == NULL)
&& (dconf->target_user == NULL || dconf->target_group == NULL)) {
/* Identify mod_userdir request
As Apache 1.3 does not yet provide a clean way to see
whether a request was handled by mod_userdir, we assume
this is true for any request beginning with ~ */
int ud_success = 0; /* set to 1 on success */
if (!strncmp("/~", r->uri, 2)) {
char *username = ap_pstrdup(r->pool, r->uri + 2);
char *pos = strchr(username, '/');
if (pos) {
*pos = 0;
if (strlen(username)) {
struct passwd *pw;
struct group *gr;
gid_t gid;
char *grpname;
if ((pw = getpwnam(username)) != NULL) {
gid = pw->pw_gid;
if ((gr = getgrgid(gid)) != NULL) {
grpname = gr->gr_name;
} else {
if ((grpname = ap_palloc(r->pool, 16)) == NULL) {
return HTTP_INTERNAL_SERVER_ERROR;
}
ap_snprintf(grpname, 16, "#%ld", (long) gid);
}
ud_user = username;
ud_group = grpname;
ud_success = 1;
}
}
}
}
if (!ud_success) {
/* This is not a userdir request and user/group are not
set, so log the error and return */
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"No user or group set - set suPHP_UserGroup");
return HTTP_INTERNAL_SERVER_ERROR;
}
}
#endif /* SUPHP_USE_USERGROUP */
/* prepare environment for new process */
ap_add_common_vars(r);
ap_add_cgi_vars(r);
ap_table_unset(r->subprocess_env, "SUPHP_PHP_CONFIG");
ap_table_unset(r->subprocess_env, "SUPHP_AUTH_USER");
ap_table_unset(r->subprocess_env, "SUPHP_AUTH_PW");
#ifdef SUPHP_USE_USERGROUP
ap_table_unset(r->subprocess_env, "SUPHP_USER");
ap_table_unset(r->subprocess_env, "SUPHP_GROUP");
ap_table_unset(r->subprocess_env, "SUPHP_USERDIR_USER");
ap_table_unset(r->subprocess_env, "SUPHP_USERDIR_GROUP");
#endif /* SUPHP_USE_USERGROUP */
if (dconf->php_config) {
ap_table_set(r->subprocess_env, "SUPHP_PHP_CONFIG", dconf->php_config);
}
ap_table_set(r->subprocess_env, "SUPHP_HANDLER", handler);
if (r->headers_in) {
const char *auth;
auth = ap_table_get(r->headers_in, "Authorization");
if (auth && auth[0] != 0 && strncmp(auth, "Basic ", 6) == 0) {
char *user;
char *pass;
user = ap_pbase64decode(p, auth + 6);
if (user) {
pass = strchr(user, ':');
if (pass) {
*pass++ = '\0';
auth_user = ap_pstrdup(p, user);
auth_pass = ap_pstrdup(p, pass);
}
}
}
}
if (auth_user && auth_pass) {
ap_table_setn(r->subprocess_env, "SUPHP_AUTH_USER", auth_user);
ap_table_setn(r->subprocess_env, "SUPHP_AUTH_PW", auth_pass);
}
#ifdef SUPHP_USE_USERGROUP
if (dconf->target_user) {
ap_table_set(r->subprocess_env, "SUPHP_USER", dconf->target_user);
} else if (sconf->target_user) {
ap_table_set(r->subprocess_env, "SUPHP_USER", sconf->target_user);
} else {
ap_table_set(r->subprocess_env, "SUPHP_USER", ud_user);
}
if (dconf->target_group) {
ap_table_set(r->subprocess_env, "SUPHP_GROUP", dconf->target_group);
} else if (sconf->target_group) {
ap_table_set(r->subprocess_env, "SUPHP_GROUP", sconf->target_group);
} else {
ap_table_set(r->subprocess_env, "SUPHP_GROUP", ud_group);
}
if (ud_success) {
ap_table_set(r->subprocess_env, "SUPHP_USERDIR_USER", ud_user);
ap_table_set(r->subprocess_env, "SUPHP_USERDIR_GROUP", ud_group);
}
#endif /* SUPHP_USE_USERGROUP */
/* Fork child process */
if (!ap_bspawn_child(p, suphp_child, (void *) r, kill_after_timeout,
&script_in, &script_out, &script_err)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"couldn't spawn child process for: %s", r->filename);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* Transfer request body to script */
if ((rv = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)) != OK) {
/* Call failed, return status */
return rv;
}
if (ap_should_client_block(r)) {
char buffer[HUGE_STRING_LEN];
int len_read;
ap_hard_timeout("reading request body", r);
while ((len_read = ap_get_client_block(r, buffer, HUGE_STRING_LEN))
> 0) {
ap_reset_timeout(r);
if (ap_bwrite(script_in, buffer, len_read) < len_read) {
/* silly script stopped reading, soak up remaining message */
while (ap_get_client_block(r, buffer, HUGE_STRING_LEN) > 0) {
/* dump it */
}
break;
}
}
ap_bflush(script_in);
ap_kill_timeout(r);
}
ap_bclose(script_in);
/* Transfer output from script to client */
if (script_out) {
const char *location;
char hbuffer[MAX_STRING_LEN];
char buffer[HUGE_STRING_LEN];
rv = ap_scan_script_header_err_buff(r, script_out, hbuffer);
if (rv == HTTP_NOT_MODIFIED) {
return rv;
} else if (rv) {
return HTTP_INTERNAL_SERVER_ERROR;
}
location = ap_table_get(r->headers_out, "Location");
if (location && r->status == 200) {
/* Soak up all the script output */
ap_hard_timeout("reading from script", r);
while (ap_bgets(buffer, HUGE_STRING_LEN, script_out) > 0) {
continue;
}
ap_kill_timeout(r);
ap_bclose(script_out);
ap_bclose(script_err);
if (location[0] == '/') {
/* Redirect has always GET method */
r->method = ap_pstrdup(p, "GET");
r->method_number = M_GET;
/* Remove Content-Length - redirect should not read *
* request body */
ap_table_unset(r->headers_in, "Content-Length");
/* Do the redirect */
ap_internal_redirect_handler(location, r);
return OK;
} else {
/* Script did not set status 302 - so it does not want *
* to send its own body. Simply set redirect status */
return REDIRECT;
}
}
/* Output headers and body */
ap_send_http_header(r);
if (!r->header_only) {
ap_send_fb(script_out, r);
}
ap_bclose(script_out);
/* Errors have already been logged by child */
ap_bclose(script_err);
}
return OK;
}
API_EXPORT(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
int (*getsfunc) (char *, int, void *),
void *getsfunc_data)
{
char x[MAX_STRING_LEN];
char *w, *l;
int p;
int cgi_status = HTTP_OK;
table *merge;
table *cookie_table;
if (buffer) {
*buffer = '\0';
}
w = buffer ? buffer : x;
ap_hard_timeout("read script header", r);
/* temporary place to hold headers to merge in later */
merge = ap_make_table(r->pool, 10);
/* The HTTP specification says that it is legal to merge duplicate
* headers into one. Some browsers that support Cookies don't like
* merged headers and prefer that each Set-Cookie header is sent
* separately. Lets humour those browsers by not merging.
* Oh what a pain it is.
*/
cookie_table = ap_make_table(r->pool, 2);
ap_table_do(set_cookie_doo_doo, cookie_table, r->err_headers_out, "Set-Cookie", NULL);
while (1) {
if ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data) == 0) {
ap_kill_timeout(r);
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"Premature end of script headers: %s", r->filename);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* Delete terminal (CR?)LF */
p = strlen(w);
/* Indeed, the host's '\n':
'\012' for UNIX; '\015' for MacOS; '\025' for OS/390
-- whatever the script generates.
*/
if (p > 0 && w[p - 1] == '\n') {
if (p > 1 && w[p - 2] == CR) {
w[p - 2] = '\0';
}
else {
w[p - 1] = '\0';
}
}
/*
* If we've finished reading the headers, check to make sure any
* HTTP/1.1 conditions are met. If so, we're done; normal processing
* will handle the script's output. If not, just return the error.
* The appropriate thing to do would be to send the script process a
* SIGPIPE to let it know we're ignoring it, close the channel to the
* script process, and *then* return the failed-to-meet-condition
* error. Otherwise we'd be waiting for the script to finish
* blithering before telling the client the output was no good.
* However, we don't have the information to do that, so we have to
* leave it to an upper layer.
*/
if (w[0] == '\0') {
int cond_status = OK;
ap_kill_timeout(r);
if ((cgi_status == HTTP_OK) && (r->method_number == M_GET)) {
cond_status = ap_meets_conditions(r);
}
ap_overlap_tables(r->err_headers_out, merge,
AP_OVERLAP_TABLES_MERGE);
if (!ap_is_empty_table(cookie_table)) {
/* the cookies have already been copied to the cookie_table */
ap_table_unset(r->err_headers_out, "Set-Cookie");
r->err_headers_out = ap_overlay_tables(r->pool,
r->err_headers_out, cookie_table);
}
return cond_status;
}
/* if we see a bogus header don't ignore it. Shout and scream */
#ifdef CHARSET_EBCDIC
/* Chances are that we received an ASCII header text instead of
* the expected EBCDIC header lines. Try to auto-detect:
*/
if (!(l = strchr(w, ':'))) {
int maybeASCII = 0, maybeEBCDIC = 0;
char *cp;
for (cp = w; *cp != '\0'; ++cp) {
if (isprint(*cp) && !isprint(os_toebcdic[*cp]))
++maybeEBCDIC;
if (!isprint(*cp) && isprint(os_toebcdic[*cp]))
++maybeASCII;
}
if (maybeASCII > maybeEBCDIC) {
ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
"CGI Interface Error: Script headers apparently ASCII: (CGI = %s)", r->filename);
ascii2ebcdic(w, w, cp - w);
}
}
#endif
if (!(l = strchr(w, ':'))) {
char malformed[(sizeof MALFORMED_MESSAGE) + 1
+ MALFORMED_HEADER_LENGTH_TO_SHOW];
strcpy(malformed, MALFORMED_MESSAGE);
strncat(malformed, w, MALFORMED_HEADER_LENGTH_TO_SHOW);
if (!buffer) {
/* Soak up all the script output - may save an outright kill */
while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) {
continue;
}
}
ap_kill_timeout(r);
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"%s: %s", malformed, r->filename);
return HTTP_INTERNAL_SERVER_ERROR;
}
*l++ = '\0';
while (*l && ap_isspace(*l)) {
++l;
}
if (!strcasecmp(w, "Content-type")) {
char *tmp;
/* Nuke trailing whitespace */
char *endp = l + strlen(l) - 1;
while (endp > l && ap_isspace(*endp)) {
*endp-- = '\0';
}
tmp = ap_pstrdup(r->pool, l);
ap_content_type_tolower(tmp);
r->content_type = tmp;
}
/*
* If the script returned a specific status, that's what
* we'll use - otherwise we assume 200 OK.
*/
else if (!strcasecmp(w, "Status")) {
r->status = cgi_status = atoi(l);
r->status_line = ap_pstrdup(r->pool, l);
}
else if (!strcasecmp(w, "Location")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Content-Length")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Transfer-Encoding")) {
ap_table_set(r->headers_out, w, l);
}
/*
* If the script gave us a Last-Modified header, we can't just
* pass it on blindly because of restrictions on future values.
*/
else if (!strcasecmp(w, "Last-Modified")) {
time_t mtime = ap_parseHTTPdate(l);
ap_update_mtime(r, mtime);
ap_set_last_modified(r);
}
else if (!strcasecmp(w, "Set-Cookie")) {
ap_table_add(cookie_table, w, l);
}
else {
ap_table_add(merge, w, l);
}
}
}
apr_status_t jxr_process_response_headers(request_rec *r, char *buf)
{
apr_status_t rv = APR_SUCCESS;
apr_size_t pos;
apr_size_t len;
char type;
int nHeaders;
int i;
char name[MAX_STRING_LEN];
char value[MAX_STRING_LEN];
apr_size_t nlen, vlen;
table *merge;
table *cookie_table;
char *w, *l;
type = jxr_msg_get_type(buf);
len = jxr_msg_get_length(buf, &pos);
if (type != BLOCKTYPE_HTTP_HEADER)
{
// Invalid data
compat_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r, "mod_jaxer: invalid data type (%c) received, while expecting a header (%d)", type, BLOCKTYPE_HTTP_HEADER);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* temporary place to hold headers to merge in later */
merge = ap_make_table(r->pool, 10);
cookie_table = ap_make_table(r->pool, 2);
ap_table_do(set_cookie_doo_doo, cookie_table, r->err_headers_out, "Set-Cookie", NULL);
nHeaders = jxr_msg_get_int16(buf, &pos);
for (i=0; i<nHeaders; i++)
{
// Process one header -- name -- val
nlen = jxr_msg_get_string(buf, &pos, name);
vlen = jxr_msg_get_string(buf, &pos, value);
w = name;
l = value;
if (!strcasecmp(w, "Content-type")) {
char *tmp;
/* Nuke trailing whitespace */
char *endp = l + strlen(l) - 1;
while (endp > l && apr_isspace(*endp)) {
*endp-- = '\0';
}
tmp = ap_pstrdup(r->pool, l);
ap_content_type_tolower(tmp);
ap_set_content_type(r, tmp);
}
else if (!strcasecmp(w, "Status")) {
/*
* If the server returned a specific status, that's what
* we'll use - otherwise we assume 200 OK.
*/
r->status = atoi(l);
r->status_line = ap_pstrdup(r->pool, l);
}
else if (!strcasecmp(w, "Location")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Content-Length")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Content-Range")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Transfer-Encoding")) {
ap_table_set(r->headers_out, w, l);
}
else if (!strcasecmp(w, "Last-Modified")) {
/*
* If the script gave us a Last-Modified header, we can't just
* pass it on blindly because of restrictions on future values.
*/
ap_update_mtime(r, apr_date_parse_http(l));
ap_set_last_modified(r);
}
else if (!strcasecmp(w, "Set-Cookie")) {
ap_table_add(cookie_table, w, l);
}
else {
ap_table_add(merge, w, l);
}
}
// now merge stuff
ap_overlap_tables(r->err_headers_out, merge,
AP_OVERLAP_TABLES_MERGE);
if (!ap_is_empty_table(cookie_table)) {
/* the cookies have already been copied to the cookie_table */
ap_table_unset(r->err_headers_out, "Set-Cookie");
r->err_headers_out = ap_overlay_tables(r->pool,
r->err_headers_out, cookie_table);
}
return rv;
}
static PyObject *req_add_handler(requestobject *self, PyObject *args)
{
char *handler;
char *function;
const char *dir = NULL;
const char *currhand;
if (! PyArg_ParseTuple(args, "ss|s", &handler, &function, &dir))
return NULL;
if (! valid_handler(handler)) {
PyErr_SetString(PyExc_IndexError,
ap_psprintf(self->request_rec->pool,
"Invalid handler: %s", handler));
return NULL;
}
/* which handler are we processing? */
currhand = ap_table_get(self->request_rec->notes, "python_handler");
if (strcmp(currhand, handler) == 0) {
/* if it's the same as what's being added, then just append to hstack */
self->hstack = ap_pstrcat(self->request_rec->pool, self->hstack,
function, NULL);
if (dir)
ap_table_set(self->request_rec->notes,
ap_pstrcat(self->request_rec->pool, handler, "_dir", NULL),
dir);
}
else {
const char *existing;
/* is there a handler like this in the notes already? */
existing = ap_table_get(self->request_rec->notes, handler);
if (existing) {
/* append the function to the list using the request pool */
ap_table_set(self->request_rec->notes, handler,
ap_pstrcat(self->request_rec->pool, existing, " ",
function, NULL));
if (dir) {
char *s = ap_pstrcat(self->request_rec->pool, handler, "_dir", NULL);
ap_table_set(self->request_rec->notes, s, dir);
}
}
else {
char *s;
/* a completely new handler */
ap_table_set(self->request_rec->notes, handler, function);
if (! dir) {
/*
* If no directory was explicitely specified, the new handler will
* have the same directory associated with it as the handler
* currently being processed.
*/
py_dir_config *conf;
/* get config */
conf = (py_dir_config *) ap_get_module_config(
self->request_rec->per_dir_config, &python_module);
/* what's the directory for this handler? */
dir = ap_table_get(conf->dirs, currhand);
/*
* make a note that the handler's been added.
* req_get_all_* rely on this to be faster
*/
ap_table_set(self->request_rec->notes, "py_more_directives", "1");
}
s = ap_pstrcat(self->request_rec->pool, handler, "_dir", NULL);
ap_table_set(self->request_rec->notes, s, dir);
}
}
Py_INCREF(Py_None);
return Py_None;
}
static void trace_add(server_rec *s, request_rec *r, excfg *mconfig,
const char *note)
{
const char *sofar;
char *addon;
char *where;
pool *p;
const char *trace_copy;
/*
* Make sure our pools and tables are set up - we need 'em.
*/
setup_module_cells();
/*
* Now, if we're in request-context, we use the request pool.
*/
if (r != NULL) {
p = r->pool;
if ((trace_copy = ap_table_get(r->notes, TRACE_NOTE)) == NULL) {
trace_copy = "";
}
}
else {
/*
* We're not in request context, so the trace gets attached to our
* module-wide pool. We do the create/destroy every time we're called
* in non-request context; this avoids leaking memory in some of
* the subsequent calls that allocate memory only once (such as the
* key formation below).
*
* Make a new sub-pool and copy any existing trace to it. Point the
* trace cell at the copied value.
*/
p = ap_make_sub_pool(example_pool);
if (trace != NULL) {
trace = ap_pstrdup(p, trace);
}
/*
* Now, if we have a sub-pool from before, nuke it and replace with
* the one we just allocated.
*/
if (example_subpool != NULL) {
ap_destroy_pool(example_subpool);
}
example_subpool = p;
trace_copy = trace;
}
/*
* If we weren't passed a configuration record, we can't figure out to
* what location this call applies. This only happens for co-routines
* that don't operate in a particular directory or server context. If we
* got a valid record, extract the location (directory or server) to which
* it applies.
*/
where = (mconfig != NULL) ? mconfig->loc : "nowhere";
where = (where != NULL) ? where : "";
/*
* Now, if we're not in request context, see if we've been called with
* this particular combination before. The table is allocated in the
* module's private pool, which doesn't get destroyed.
*/
if (r == NULL) {
char *key;
key = ap_pstrcat(p, note, ":", where, NULL);
if (ap_table_get(static_calls_made, key) != NULL) {
/*
* Been here, done this.
*/
return;
}
else {
/*
* First time for this combination of routine and environment -
* log it so we don't do it again.
*/
ap_table_set(static_calls_made, key, "been here");
}
}
addon = ap_pstrcat(p, " <LI>\n", " <DL>\n", " <DT><SAMP>",
note, "</SAMP>\n", " </DT>\n", " <DD><SAMP>[",
where, "]</SAMP>\n", " </DD>\n", " </DL>\n",
" </LI>\n", NULL);
sofar = (trace_copy == NULL) ? "" : trace_copy;
trace_copy = ap_pstrcat(p, sofar, addon, NULL);
if (r != NULL) {
ap_table_set(r->notes, TRACE_NOTE, trace_copy);
}
else {
trace = trace_copy;
}
/*
* You *could* change the following if you wanted to see the calling
* sequence reported in the server's error_log, but beware - almost all of
* these co-routines are called for every single request, and the impact
* on the size (and readability) of the error_log is considerable.
*/
#define EXAMPLE_LOG_EACH 0
#if EXAMPLE_LOG_EACH
if (s != NULL) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, s, "mod_example: %s", note);
}
#endif
}
/*
* This handles http:// URLs, and other URLs using a remote proxy over http
* If proxyhost is NULL, then contact the server directly, otherwise
* go via the proxy.
* Note that if a proxy is used, then URLs other than http: can be accessed,
* also, if we have trouble which is clearly specific to the proxy, then
* we return DECLINED so that we can try another proxy. (Or the direct
* route.)
*/
int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
const char *proxyhost, int proxyport)
{
const char *strp;
char *strp2;
const char *err, *desthost;
int i, j, sock,/* len,*/ backasswards;
table *req_hdrs, *resp_hdrs;
array_header *reqhdrs_arr;
table_entry *reqhdrs_elts;
BUFF *f;
char buffer[HUGE_STRING_LEN];
char portstr[32];
pool *p = r->pool;
int chunked = 0, destport = 0;
char *destportstr = NULL;
const char *urlptr = NULL;
const char *datestr, *urlstr;
struct addrinfo hints, *res, *res0;
int error;
int result, major, minor;
const char *content_length;
const char *peer;
int destportstrtonum;
const char *errstr;
void *sconf = r->server->module_config;
proxy_server_conf *conf =
(proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
struct nocache_entry *ncent = (struct nocache_entry *) conf->nocaches->elts;
int nocache = 0;
if (conf->cache.root == NULL)
nocache = 1;
/* We break the URL into host, port, path-search */
urlptr = strstr(url, "://");
if (urlptr == NULL)
return HTTP_BAD_REQUEST;
destport = DEFAULT_HTTP_PORT;
urlptr += 3;
ap_hook_use("ap::mod_proxy::http::handler::set_destport",
AP_HOOK_SIG2(int,ptr),
AP_HOOK_TOPMOST,
&destport, r);
ap_snprintf(portstr, sizeof(portstr), "%d", destport);
destportstr = portstr;
strp = strchr(urlptr, '/');
if (strp == NULL) {
desthost = ap_pstrdup(p, urlptr);
urlptr = "/";
}
else {
char *q = ap_palloc(p, strp - urlptr + 1);
memcpy(q, urlptr, strp - urlptr);
q[strp - urlptr] = '\0';
urlptr = strp;
desthost = q;
}
if (*desthost == '['){
char *u = strrchr(desthost+1, ']');
if (u){
desthost++;
*u = '\0';
if (*(u+1) == ':'){ /* [host]:xx */
strp2 = u+1;
}
else if (*(u+1) == '\0'){ /* [host] */
strp2 = NULL;
}
else
return HTTP_BAD_REQUEST;
}
else
return HTTP_BAD_REQUEST;
}
else
strp2 = strrchr(desthost, ':');
if (strp2 != NULL) {
*(strp2++) = '\0';
if (ap_isdigit(*strp2))
destportstr = strp2;
}
/* Make sure peer is always set to prevent a segfault in the SSL handler */
peer = desthost;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
error = getaddrinfo(desthost, destportstr, &hints, &res0);
if (error && proxyhost == NULL) {
return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
gai_strerror(error)); /* give up */
}
/* check if ProxyBlock directive on this host */
for (i = 0; i < conf->noproxies->nelts; i++) {
int fail;
struct sockaddr_in *sin;
fail = 0;
if (npent[i].name != NULL && strstr(desthost, npent[i].name))
fail++;
if (npent[i].name != NULL && strcmp(npent[i].name, "*") == 0)
fail++;
for (res = res0; res; res = res->ai_next) {
switch (res->ai_family) {
case AF_INET:
sin = (struct sockaddr_in *)res->ai_addr;
if (sin->sin_addr.s_addr == npent[i].addr.s_addr)
fail++;
break;
}
}
if (fail) {
if (res0 != NULL)
freeaddrinfo(res0);
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
}
if (proxyhost != NULL) {
char pbuf[10];
if (res0 != NULL)
freeaddrinfo(res0);
ap_snprintf(pbuf, sizeof(pbuf), "%d", proxyport);
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
error = getaddrinfo(proxyhost, pbuf, &hints, &res0);
if (error)
return DECLINED; /* try another */
}
/* check if ProxyBlock directive on this host */
for (i = 0; i < conf->noproxies->nelts; i++) {
peer = ap_psprintf(p, "%s:%s", desthost, destportstr);
}
/*
* we have worked out who exactly we are going to connect to, now make
* that connection...
*/
sock = i = -1;
for (res = res0; res; res = res->ai_next) {
sock = ap_psocket(p, res->ai_family, res->ai_socktype,
res->ai_protocol);
if (sock < 0)
continue;
if (conf->recv_buffer_size) {
if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
(const char *)&conf->recv_buffer_size, sizeof(int))
== -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
}
}
i = ap_proxy_doconnect(sock, res->ai_addr, r);
if (i == 0)
break;
ap_pclosesocket(p, sock);
}
freeaddrinfo(res0);
if (i == -1) {
if (proxyhost != NULL)
return DECLINED; /* try again another way */
else
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
"Could not connect to remote machine: ",
strerror(errno), NULL));
}
/* record request_time for HTTP/1.1 age calculation */
c->req_time = time(NULL);
/*
* build upstream-request headers by stripping r->headers_in from
* connection specific headers. We must not remove the Connection: header
* from r->headers_in, we still have to react to Connection: close
*/
req_hdrs = ap_copy_table(r->pool, r->headers_in);
ap_proxy_clear_connection(r->pool, req_hdrs);
/*
* At this point, we start sending the HTTP/1.1 request to the remote
* server (proxy or otherwise).
*/
f = ap_bcreate(p, B_RDWR | B_SOCKET);
ap_bpushfd(f, sock, sock);
{
char *errmsg = NULL;
ap_hook_use("ap::mod_proxy::http::handler::new_connection",
AP_HOOK_SIG4(ptr,ptr,ptr,ptr),
AP_HOOK_DECLINE(NULL),
&errmsg, r, f, peer);
if (errmsg != NULL)
return ap_proxyerror(r, HTTP_BAD_GATEWAY, errmsg);
}
ap_hard_timeout("proxy send", r);
ap_bvputs(f, r->method, " ", proxyhost ? url : urlptr, " HTTP/1.1" CRLF,
NULL);
{
int rc = DECLINED;
ap_hook_use("ap::mod_proxy::http::handler::write_host_header",
AP_HOOK_SIG6(int,ptr,ptr,ptr,ptr,ptr),
AP_HOOK_DECLINE(DECLINED),
&rc, r, f, desthost, destportstr, destportstr);
if (rc == DECLINED) {
destportstrtonum = strtonum(destportstr, 0, 65535, &errstr);
if (errstr)
errx(1, "The destination port is %s: %s", errstr, destportstr);
if (destportstr != NULL && destportstrtonum != destport)
ap_bvputs(f, "Host: ", desthost, ":", destportstr, CRLF, NULL);
else
ap_bvputs(f, "Host: ", desthost, CRLF, NULL);
}
}
if (conf->viaopt == via_block) {
/* Block all outgoing Via: headers */
ap_table_unset(req_hdrs, "Via");
}
else if (conf->viaopt != via_off) {
/* Create a "Via:" request header entry and merge it */
i = ap_get_server_port(r);
if (ap_is_default_port(i, r)) {
strlcpy(portstr, "", sizeof(portstr));
}
else {
ap_snprintf(portstr, sizeof portstr, ":%d", i);
}
/* Generate outgoing Via: header with/without server comment: */
ap_table_mergen(req_hdrs, "Via",
(conf->viaopt == via_full)
? ap_psprintf(p, "%d.%d %s%s (%s)",
HTTP_VERSION_MAJOR(r->proto_num),
HTTP_VERSION_MINOR(r->proto_num),
ap_get_server_name(r), portstr,
SERVER_BASEVERSION)
: ap_psprintf(p, "%d.%d %s%s",
HTTP_VERSION_MAJOR(r->proto_num),
HTTP_VERSION_MINOR(r->proto_num),
ap_get_server_name(r), portstr)
);
}
/* the X-* headers are only added if we are a reverse
* proxy, otherwise we would be giving away private information.
*/
if (r->proxyreq == PROXY_PASS) {
const char *buf;
/*
* Add X-Forwarded-For: so that the upstream has a chance to determine,
* where the original request came from.
*/
ap_table_mergen(req_hdrs, "X-Forwarded-For", r->connection->remote_ip);
/* Add X-Forwarded-Host: so that upstream knows what the
* original request hostname was.
*/
if ((buf = ap_table_get(r->headers_in, "Host"))) {
ap_table_mergen(req_hdrs, "X-Forwarded-Host", buf);
}
/* Add X-Forwarded-Server: so that upstream knows what the
* name of this proxy server is (if there are more than one)
* XXX: This duplicates Via: - do we strictly need it?
*/
ap_table_mergen(req_hdrs, "X-Forwarded-Server", r->server->server_hostname);
}
/* we don't yet support keepalives - but we will soon, I promise! */
ap_table_set(req_hdrs, "Connection", "close");
reqhdrs_arr = ap_table_elts(req_hdrs);
reqhdrs_elts = (table_entry *)reqhdrs_arr->elts;
for (i = 0; i < reqhdrs_arr->nelts; i++) {
if (reqhdrs_elts[i].key == NULL || reqhdrs_elts[i].val == NULL
/*
* Clear out hop-by-hop request headers not to send: RFC2616 13.5.1
* says we should strip these headers:
*/
|| !strcasecmp(reqhdrs_elts[i].key, "Host") /* Already sent */
|| !strcasecmp(reqhdrs_elts[i].key, "Keep-Alive")
|| !strcasecmp(reqhdrs_elts[i].key, "TE")
|| !strcasecmp(reqhdrs_elts[i].key, "Trailer")
|| !strcasecmp(reqhdrs_elts[i].key, "Transfer-Encoding")
|| !strcasecmp(reqhdrs_elts[i].key, "Upgrade")
/*
* XXX: @@@ FIXME: "Proxy-Authorization" should *only* be suppressed
* if THIS server requested the authentication, not when a frontend
* proxy requested it!
*
* The solution to this problem is probably to strip out the
* Proxy-Authorisation header in the authorisation code itself, not
* here. This saves us having to signal somehow whether this request
* was authenticated or not.
*/
|| !strcasecmp(reqhdrs_elts[i].key, "Proxy-Authorization"))
continue;
ap_bvputs(f, reqhdrs_elts[i].key, ": ", reqhdrs_elts[i].val, CRLF, NULL);
}
/* the obligatory empty line to mark the end of the headers */
ap_bputs(CRLF, f);
/* and flush the above away */
ap_bflush(f);
/* and kill the send timeout */
ap_kill_timeout(r);
/* read the request data, and pass it to the backend.
* we might encounter a stray 100-continue reponse from a PUT or POST,
* if this happens we ignore the 100 continue status line and read the
* response again.
*/
{
/* send the request data, if any. */
ap_hard_timeout("proxy receive request data", r);
if (ap_should_client_block(r)) {
while ((i = ap_get_client_block(r, buffer, sizeof buffer)) > 0) {
ap_reset_timeout(r);
ap_bwrite(f, buffer, i);
}
}
ap_bflush(f);
ap_kill_timeout(r);
/* then, read a response line */
ap_hard_timeout("proxy receive response status line", r);
result = ap_proxy_read_response_line(f, r, buffer, sizeof(buffer)-1, &backasswards, &major, &minor);
ap_kill_timeout(r);
/* trap any errors */
if (result != OK) {
ap_bclose(f);
return result;
}
/* if this response was 100-continue, a stray response has been caught.
* read the line again for the real response
*/
if (r->status == 100) {
ap_hard_timeout("proxy receive response status line", r);
result = ap_proxy_read_response_line(f, r, buffer, sizeof(buffer)-1, &backasswards, &major, &minor);
ap_kill_timeout(r);
/* trap any errors */
if (result != OK) {
ap_bclose(f);
return result;
}
}
}
/*
* We have our response status line from the convoluted code above,
* now we read the headers to continue.
*/
ap_hard_timeout("proxy receive response headers", r);
/*
* Is it an HTTP/1 response? Do some sanity checks on the response. (This
* is buggy if we ever see an HTTP/1.10)
*/
if (backasswards == 0) {
/* read the response headers. */
/* N.B. for HTTP/1.0 clients, we have to fold line-wrapped headers */
/* Also, take care with headers with multiple occurences. */
resp_hdrs = ap_proxy_read_headers(r, buffer, sizeof(buffer), f);
if (resp_hdrs == NULL) {
ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r->server,
"proxy: Bad HTTP/%d.%d header returned by %s (%s)",
major, minor, r->uri, r->method);
resp_hdrs = ap_make_table(p, 20);
nocache = 1; /* do not cache this broken file */
}
/* handle Via header in the response */
if (conf->viaopt != via_off && conf->viaopt != via_block) {
/* Create a "Via:" response header entry and merge it */
i = ap_get_server_port(r);
if (ap_is_default_port(i, r)) {
strlcpy(portstr, "", sizeof(portstr));
}
else {
ap_snprintf(portstr, sizeof portstr, ":%d", i);
}
ap_table_mergen((table *)resp_hdrs, "Via",
(conf->viaopt == via_full)
? ap_psprintf(p, "%d.%d %s%s (%s)",
major, minor,
ap_get_server_name(r), portstr,
SERVER_BASEVERSION)
: ap_psprintf(p, "%d.%d %s%s",
major, minor,
ap_get_server_name(r), portstr)
);
}
/* is this content chunked? */
chunked = ap_find_last_token(r->pool,
ap_table_get(resp_hdrs, "Transfer-Encoding"),
"chunked");
/* strip hop-by-hop headers defined by Connection and RFC2616 */
ap_proxy_clear_connection(p, resp_hdrs);
content_length = ap_table_get(resp_hdrs, "Content-Length");
if (content_length != NULL) {
c->len = ap_strtol(content_length, NULL, 10);
if (c->len < 0) {
ap_kill_timeout(r);
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
"Invalid Content-Length from remote server",
NULL));
}
}
}
else {
/* an http/0.9 response */
/* no headers */
resp_hdrs = ap_make_table(p, 20);
}
ap_kill_timeout(r);
/*
* HTTP/1.1 requires us to accept 3 types of dates, but only generate one
* type
*/
/*
* we SET the dates here, obliterating possible multiple dates, as only
* one of each date makes sense in each response.
*/
if ((datestr = ap_table_get(resp_hdrs, "Date")) != NULL)
ap_table_set(resp_hdrs, "Date", ap_proxy_date_canon(p, datestr));
if ((datestr = ap_table_get(resp_hdrs, "Last-Modified")) != NULL)
ap_table_set(resp_hdrs, "Last-Modified", ap_proxy_date_canon(p, datestr));
if ((datestr = ap_table_get(resp_hdrs, "Expires")) != NULL)
ap_table_set(resp_hdrs, "Expires", ap_proxy_date_canon(p, datestr));
/* handle the ProxyPassReverse mappings */
if ((urlstr = ap_table_get(resp_hdrs, "Location")) != NULL)
ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, urlstr));
if ((urlstr = ap_table_get(resp_hdrs, "URI")) != NULL)
ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr));
if ((urlstr = ap_table_get(resp_hdrs, "Content-Location")) != NULL)
ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_map(r, urlstr));
/* check if NoCache directive on this host */
{
struct sockaddr_in *sin;
struct sockaddr_in6 *sin6;
if (nocache == 0) {
for (i = 0; i < conf->nocaches->nelts; i++) {
if (ncent[i].name != NULL &&
(ncent[i].name[0] == '*' ||
strstr(desthost, ncent[i].name) != NULL)) {
nocache = 1;
break;
}
switch (res->ai_addr->sa_family) {
case AF_INET:
sin = (struct sockaddr_in *)res->ai_addr;
if (sin->sin_addr.s_addr == ncent[i].addr.s_addr) {
nocache = 1;
break;
}
}
}
/* update the cache file, possibly even fulfilling the request if
* it turns out a conditional allowed us to serve the object from the
* cache...
*/
i = ap_proxy_cache_update(c, resp_hdrs, !backasswards, nocache);
if (i != DECLINED) {
ap_bclose(f);
return i;
}
/* write status line and headers to the cache file */
ap_proxy_write_headers(c, ap_pstrcat(p, "HTTP/1.1 ", r->status_line, NULL), resp_hdrs);
}
}
/* Setup the headers for our client from upstreams response-headers */
ap_proxy_table_replace(r->headers_out, resp_hdrs);
/* Add X-Cache header - be careful not to obliterate any upstream headers */
ap_table_mergen(r->headers_out, "X-Cache",
ap_pstrcat(r->pool, "MISS from ",
ap_get_server_name(r), NULL));
/* The Content-Type of this response is the upstream one. */
r->content_type = ap_table_get(r->headers_out, "Content-Type");
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Content-Type: %s", r->content_type);
/* finally output the headers to the client */
ap_send_http_header(r);
/*
* Is it an HTTP/0.9 respose? If so, send the extra data we read from
* upstream as the start of the reponse to client
*/
/* FIXME: This code is broken: we try and write a buffer and length that
* were never intelligently initialised. Rather have a bit of broken protocol
* handling for now than broken code.
*/
/*
if (backasswards) {
ap_hard_timeout("proxy send assbackward", r);
ap_bwrite(r->connection->client, buffer, len);
if (c != NULL && c->fp != NULL && ap_bwrite(c->fp, buffer, len) != len) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
"proxy: error writing extra data to %s", c->tempfile);
c = ap_proxy_cache_error(c);
}
ap_kill_timeout(r);
}
*/
/* send body */
/* if header only, then cache will be NULL */
/* HTTP/1.0 tells us to read to EOF, rather than content-length bytes */
/* XXX CHANGEME: We want to eventually support keepalives, which means
* we must read content-length bytes... */
if (!r->header_only) {
/* we need to set this for ap_proxy_send_fb()... */
c->cache_completion = conf->cache.cache_completion;
/* XXX CHECKME: c->len should be the expected content length, or -1 if the
* content length is not known. We need to make 100% sure c->len is always
* set correctly before we get here to correctly do keepalive.
*/
ap_proxy_send_fb(f, r, c, c->len, 0, chunked, conf->io_buffer_size);
}
/* ap_proxy_send_fb() closes the socket f for us */
ap_proxy_cache_tidy(c);
ap_proxy_garbage_coll(r);
return OK;
}
