static void fill_out_finfo(apr_finfo_t *finfo, struct stat *info,
apr_int32_t wanted)
{
finfo->valid = APR_FINFO_MIN | APR_FINFO_IDENT | APR_FINFO_NLINK
| APR_FINFO_OWNER | APR_FINFO_PROT;
finfo->protection = apr_unix_mode2perms(info->st_mode);
finfo->filetype = filetype_from_mode(info->st_mode);
finfo->user = info->st_uid;
finfo->group = info->st_gid;
finfo->size = info->st_size;
finfo->inode = info->st_ino;
finfo->device = info->st_dev;
finfo->nlink = info->st_nlink;
apr_time_ansi_put(&finfo->atime, info->st_atime.tv_sec);
apr_time_ansi_put(&finfo->mtime, info->st_mtime.tv_sec);
apr_time_ansi_put(&finfo->ctime, info->st_ctime.tv_sec);
#ifdef HAVE_STRUCT_STAT_ST_BLOCKS
#ifdef DEV_BSIZE
finfo->csize = (apr_off_t)info->st_blocks * (apr_off_t)DEV_BSIZE;
#else
finfo->csize = (apr_off_t)info->st_blocks * (apr_off_t)512;
#endif
finfo->valid |= APR_FINFO_CSIZE;
#endif
}
static void fill_out_finfo(apr_finfo_t *finfo, struct_stat *info,
apr_int32_t wanted)
{
finfo->valid = APR_FINFO_MIN | APR_FINFO_IDENT | APR_FINFO_NLINK
| APR_FINFO_OWNER | APR_FINFO_PROT;
finfo->protection = apr_unix_mode2perms(info->st_mode);
finfo->filetype = filetype_from_mode(info->st_mode);
finfo->user = info->st_uid;
finfo->group = info->st_gid;
finfo->size = info->st_size;
finfo->device = info->st_dev;
finfo->nlink = info->st_nlink;
/* Check for overflow if storing a 64-bit st_ino in a 32-bit
* apr_ino_t for LFS builds: */
if (sizeof(apr_ino_t) >= sizeof(info->st_ino)
|| (apr_ino_t)info->st_ino == info->st_ino) {
finfo->inode = info->st_ino;
} else {
finfo->valid &= ~APR_FINFO_INODE;
}
apr_time_ansi_put(&finfo->atime, info->st_atime);
#ifdef HAVE_STRUCT_STAT_ST_ATIM_TV_NSEC
finfo->atime += info->st_atim.tv_nsec / APR_TIME_C(1000);
#elif defined(HAVE_STRUCT_STAT_ST_ATIMENSEC)
finfo->atime += info->st_atimensec / APR_TIME_C(1000);
#elif defined(HAVE_STRUCT_STAT_ST_ATIME_N)
finfo->ctime += info->st_atime_n / APR_TIME_C(1000);
#endif
apr_time_ansi_put(&finfo->mtime, info->st_mtime);
#ifdef HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
finfo->mtime += info->st_mtim.tv_nsec / APR_TIME_C(1000);
#elif defined(HAVE_STRUCT_STAT_ST_MTIMENSEC)
finfo->mtime += info->st_mtimensec / APR_TIME_C(1000);
#elif defined(HAVE_STRUCT_STAT_ST_MTIME_N)
finfo->ctime += info->st_mtime_n / APR_TIME_C(1000);
#endif
apr_time_ansi_put(&finfo->ctime, info->st_ctime);
#ifdef HAVE_STRUCT_STAT_ST_CTIM_TV_NSEC
finfo->ctime += info->st_ctim.tv_nsec / APR_TIME_C(1000);
#elif defined(HAVE_STRUCT_STAT_ST_CTIMENSEC)
finfo->ctime += info->st_ctimensec / APR_TIME_C(1000);
#elif defined(HAVE_STRUCT_STAT_ST_CTIME_N)
finfo->ctime += info->st_ctime_n / APR_TIME_C(1000);
#endif
#ifdef HAVE_STRUCT_STAT_ST_BLOCKS
#ifdef DEV_BSIZE
finfo->csize = (apr_off_t)info->st_blocks * (apr_off_t)DEV_BSIZE;
#else
finfo->csize = (apr_off_t)info->st_blocks * (apr_off_t)512;
#endif
finfo->valid |= APR_FINFO_CSIZE;
#endif
}
static int _mapcache_cache_sqlite_get(mapcache_context *ctx, mapcache_cache *pcache, mapcache_tile *tile)
{
mapcache_cache_sqlite *cache = (mapcache_cache_sqlite*) pcache;
struct sqlite_conn *conn;
sqlite3_stmt *stmt;
int ret;
mapcache_pooled_connection *pc = mapcache_sqlite_get_conn(ctx,cache,tile,1);
if (GC_HAS_ERROR(ctx)) {
if(tile->tileset->read_only || !tile->tileset->source) {
mapcache_sqlite_release_conn(ctx, pc);
return MAPCACHE_FAILURE;
} else {
/* not an error in this case, as the db file may not have been created yet */
ctx->clear_errors(ctx);
mapcache_sqlite_release_conn(ctx, pc);
return MAPCACHE_CACHE_MISS;
}
}
conn = SQLITE_CONN(pc);
stmt = conn->prepared_statements[GET_TILE_STMT_IDX];
if(!stmt) {
sqlite3_prepare(conn->handle, cache->get_stmt.sql, -1, &conn->prepared_statements[GET_TILE_STMT_IDX], NULL);
stmt = conn->prepared_statements[GET_TILE_STMT_IDX];
}
cache->bind_stmt(ctx, stmt, cache, tile);
do {
ret = sqlite3_step(stmt);
if (ret != SQLITE_DONE && ret != SQLITE_ROW && ret != SQLITE_BUSY && ret != SQLITE_LOCKED) {
ctx->set_error(ctx, 500, "sqlite backend failed on get: %s", sqlite3_errmsg(conn->handle));
sqlite3_reset(stmt);
mapcache_sqlite_release_conn(ctx, pc);
return MAPCACHE_FAILURE;
}
} while (ret == SQLITE_BUSY || ret == SQLITE_LOCKED);
if (ret == SQLITE_DONE) {
sqlite3_reset(stmt);
mapcache_sqlite_release_conn(ctx, pc);
return MAPCACHE_CACHE_MISS;
} else {
const void *blob = sqlite3_column_blob(stmt, 0);
int size = sqlite3_column_bytes(stmt, 0);
if(size>0 && ((char*)blob)[0] == '#') {
tile->encoded_data = mapcache_empty_png_decode(ctx,tile->grid_link->grid->tile_sx, tile->grid_link->grid->tile_sy ,blob,&tile->nodata);
} else {
tile->encoded_data = mapcache_buffer_create(size, ctx->pool);
memcpy(tile->encoded_data->buf, blob, size);
tile->encoded_data->size = size;
}
if (sqlite3_column_count(stmt) > 1) {
time_t mtime = sqlite3_column_int64(stmt, 1);
apr_time_ansi_put(&(tile->mtime), mtime);
}
sqlite3_reset(stmt);
mapcache_sqlite_release_conn(ctx, pc);
return MAPCACHE_SUCCESS;
}
}
static int _mapcache_cache_sqlite_get(mapcache_context *ctx, mapcache_tile *tile) {
mapcache_cache_sqlite *cache = (mapcache_cache_sqlite*)tile->tileset->cache;
sqlite3 *handle;
sqlite3_stmt *stmt;
int ret;
if(cache->hitstats) {
handle = _get_conn(ctx,tile,0);
} else {
handle = _get_conn(ctx,tile,1);
}
if(GC_HAS_ERROR(ctx)) {
sqlite3_close(handle);
return MAPCACHE_FAILURE;
}
sqlite3_prepare(handle,cache->get_stmt.sql,-1,&stmt,NULL);
_bind_sqlite_params(ctx,stmt,tile);
do {
ret = sqlite3_step(stmt);
if(ret!=SQLITE_DONE && ret != SQLITE_ROW && ret!=SQLITE_BUSY && ret !=SQLITE_LOCKED) {
ctx->set_error(ctx,500,"sqlite backend failed on get: %s",sqlite3_errmsg(handle));
sqlite3_finalize(stmt);
sqlite3_close(handle);
return MAPCACHE_FAILURE;
}
} while (ret == SQLITE_BUSY || ret == SQLITE_LOCKED);
if(ret == SQLITE_DONE) {
sqlite3_finalize(stmt);
sqlite3_close(handle);
return MAPCACHE_CACHE_MISS;
} else {
const void *blob = sqlite3_column_blob(stmt,0);
int size = sqlite3_column_bytes(stmt, 0);
tile->encoded_data = mapcache_buffer_create(size,ctx->pool);
memcpy(tile->encoded_data->buf, blob,size);
tile->encoded_data->size = size;
if(sqlite3_column_count(stmt) > 1) {
time_t mtime = sqlite3_column_int64(stmt, 1);
apr_time_ansi_put(&(tile->mtime),mtime);
}
sqlite3_finalize(stmt);
/* update the hitstats if we're configured for that */
if(cache->hitstats) {
sqlite3_stmt *hitstmt;
sqlite3_prepare(handle,cache->hitstat_stmt.sql,-1,&hitstmt,NULL);
_bind_sqlite_params(ctx,stmt,tile);
sqlite3_step(hitstmt); /* we ignore the return value , TODO?*/
sqlite3_finalize(hitstmt);
}
sqlite3_close(handle);
return MAPCACHE_SUCCESS;
}
}
static void fill_out_finfo(apr_finfo_t *finfo, struct stat *info,
apr_int32_t wanted)
{
finfo->valid = APR_FINFO_MIN | APR_FINFO_IDENT | APR_FINFO_NLINK
| APR_FINFO_OWNER | APR_FINFO_PROT;
finfo->protection = apr_unix_mode2perms(info->st_mode);
finfo->filetype = filetype_from_mode(info->st_mode);
finfo->user = info->st_uid;
finfo->group = info->st_gid;
finfo->size = info->st_size;
finfo->inode = info->st_ino;
finfo->device = info->st_dev;
finfo->nlink = info->st_nlink;
apr_time_ansi_put(&finfo->atime, info->st_atime.tv_sec);
apr_time_ansi_put(&finfo->mtime, info->st_mtime.tv_sec);
apr_time_ansi_put(&finfo->ctime, info->st_ctime.tv_sec);
/* ### needs to be revisited
* if (wanted & APR_FINFO_CSIZE) {
* finfo->csize = info->st_blocks * 512;
* finfo->valid |= APR_FINFO_CSIZE;
* }
*/
}
bool
TransferRevisionFromWindow(int no, bool enabled, svn::Revision & revision)
{
struct RevisionControls * revCtrls = &revCtrlsArray[no];
// first we enable/disable controls according to settings
revCtrls->radioUseRevision->Enable(enabled);
bool useRevision = enabled && revCtrls->radioUseRevision->GetValue();
revCtrls->checkUseLatest->Enable(useRevision);
bool useLatest = useRevision && revCtrls->checkUseLatest->GetValue();
revCtrls->textRevision->Enable(enabled && !useLatest);
revCtrls->radioUseDate->Enable(enabled);
bool useDate = enabled && revCtrls->radioUseDate->GetValue();
revCtrls->datePicker->Enable(useDate);
bool enablePath = enabled && enableUrl;
revCtrls->checkUsePath->Enable(enablePath);
bool usePath = enablePath && revCtrls->checkUsePath->GetValue();
revCtrls->comboPath->Enable(usePath);
// now transfer values
bool isValid = true;
if (revCtrls->radioUseRevision->GetValue())
{
if (revCtrls->checkUseLatest->GetValue())
revision = svn::Revision(svn::Revision::HEAD);
else
{
svn_revnum_t revnum;
bool isValidRevision = ParseRevision(
revCtrls->textRevision->GetValue(), revnum);
revision = svn::Revision(revnum);
if (enabled && !isValidRevision)
isValid = false;
}
}
else
{
apr_time_t time=0;
apr_time_ansi_put(
&time, revCtrls->datePicker->GetValue().GetTicks());
svn::DateTime datetime(time);
revision = svn::Revision(datetime);
}
return isValid;
}
static void
badge_emit_timestamp(request_rec * r, const char * fromto, time_t value,
int rdonly, badge_timestamp * ts, int errflags, int yearerr,
int montherr, int dayerr, int hourerr, int minerr, int secerr)
{
apr_time_exp_t exptime;
apr_time_t aprtime;
apr_size_t len;
char buf[100];
/**
*** Emit a timestamp in an html table row, either as normal text
*** from `value' or as input fields with values from `*ts'
*** according to the `rdonly' flag.
**/
ap_rvputs(r, "<tr><td>Valid ", fromto, "</td><td>", NULL);
if (rdonly) {
apr_time_ansi_put(&aprtime, value);
apr_time_exp_tz(&exptime, aprtime, 0);
apr_strftime(buf, &len, sizeof buf - 1, "%c", &exptime);
buf[len] = '\0';
ap_rvputs(r, ap_escape_html(r->pool, buf), NULL);
}
else {
ap_rvputs(r, "Y<input type=\"text\" name=\"", fromto,
"-year\" value=\"",
ts->year? ap_escape_html(r->pool, ts->year): "",
"\"", badge_arg_err(errflags & yearerr), " />", NULL);
badge_emit_range_select(r, "M", fromto,
"month", 1, 12, ts->month, errflags & montherr);
badge_emit_range_select(r, "D", fromto,
"day", 1, 31, ts->day, errflags & dayerr);
badge_emit_range_select(r, "H", fromto,
"hour", 0, 23, ts->hour, errflags & hourerr);
badge_emit_range_select(r, "M", fromto,
"min", 0, 59, ts->min, errflags & minerr);
badge_emit_range_select(r, "S", fromto,
"sec", 0, 59, ts->sec, errflags & secerr);
}
ap_rvputs(r, "</td></tr>\n", NULL);
}
static void ngx_http_mapcache_write_response(mapcache_context *ctx, ngx_http_request_t *r,
mapcache_http_response *response) {
if(response->mtime) {
time_t if_modified_since;
if(r->headers_in.if_modified_since) {
if_modified_since = ngx_http_parse_time(r->headers_in.if_modified_since->value.data,
r->headers_in.if_modified_since->value.len);
if (if_modified_since != NGX_ERROR) {
apr_time_t apr_if_m_s;
apr_time_ansi_put ( &apr_if_m_s, if_modified_since);
if(apr_if_m_s<response->mtime) {
r->headers_out.status = NGX_HTTP_NOT_MODIFIED;
ngx_http_send_header(r);
return;
}
}
}
char *datestr;
datestr = apr_palloc(ctx->pool, APR_RFC822_DATE_LEN);
apr_rfc822_date(datestr, response->mtime);
apr_table_setn(response->headers,"Last-Modified",datestr);
}
if(response->headers && !apr_is_empty_table(response->headers)) {
const apr_array_header_t *elts = apr_table_elts(response->headers);
int i;
for(i=0;i<elts->nelts;i++) {
apr_table_entry_t entry = APR_ARRAY_IDX(elts,i,apr_table_entry_t);
if(!strcasecmp(entry.key,"Content-Type")) {
r->headers_out.content_type.len = strlen(entry.val);
r->headers_out.content_type.data = (u_char*)entry.val;
} else {
ngx_table_elt_t *h;
h = ngx_list_push(&r->headers_out.headers);
if (h == NULL) {
return;
}
h->key.len = strlen(entry.key) ;
h->key.data = (u_char*)entry.key ;
h->value.len = strlen(entry.val) ;
h->value.data = (u_char*)entry.val ;
h->hash = 1;
}
}
}
if(response->data) {
r->headers_out.content_length_n = response->data->size;
}
int rc;
r->headers_out.status = response->code;
rc = ngx_http_send_header(r);
if (rc == NGX_ERROR || rc > NGX_OK || r->header_only) {
return;
}
if(response->data) {
ngx_buf_t *b;
ngx_chain_t out;
b = ngx_pcalloc(r->pool, sizeof(ngx_buf_t));
if (b == NULL) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"Failed to allocate response buffer.");
return;
}
b->pos = ngx_pcalloc(r->pool,response->data->size);
memcpy(b->pos,response->data->buf,response->data->size);
b->last = b->pos + response->data->size;
b->memory = 1;
b->last_buf = 1;
b->flush = 1;
out.buf = b;
out.next = NULL;
ngx_http_output_filter(r, &out);
}
}
/*
* process an assertion using the hosted verifier.
*
* TODO: local verification
*/
VerifyResult processAssertion(request_rec *r, const char *verifier_url,
const char *assertion)
{
VerifyResult res = apr_pcalloc(r->pool, sizeof(struct _VerifyResult));
json_tokener *tok = json_tokener_new();
json_object *jobj = NULL;
enum json_tokener_error jerr;
char *assertionResult =
verifyAssertionRemote(r, verifier_url, (char *) assertion);
if (assertionResult) {
jobj =
json_tokener_parse_ex(tok, assertionResult, strlen(assertionResult));
jerr = json_tokener_get_error(tok);
if (json_tokener_success != jerr) {
res->errorResponse = apr_psprintf(r->pool, jsonErrorResponse,
"malformed payload",
json_tokener_error_desc(jerr));
json_tokener_free(tok);
return res;
}
ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,
ERRTAG
"Assertion (parsed) recieved is : %s",
json_object_to_json_string(jobj));
}
else {
// XXX: verifyAssertionRemote should return specific error message.
res->errorResponse = apr_psprintf(r->pool, jsonErrorResponse,
"communication error",
"can't contact verification server");
return res;
}
struct json_object_iterator it = json_object_iter_begin(jobj);
struct json_object_iterator itEnd = json_object_iter_end(jobj);
const char *reason = NULL;
const char *status = "unknown";
int success = 0;
while (!json_object_iter_equal(&it, &itEnd)) {
const char *key = json_object_iter_peek_name(&it);
json_object *val = json_object_iter_peek_value(&it);
if (strncmp("email", key, 6) == 0) {
res->verifiedEmail = apr_pstrdup(r->pool, json_object_get_string(val));
}
else if (strncmp("issuer", key, 7) == 0) {
res->identityIssuer = apr_pstrdup(r->pool, json_object_get_string(val));
}
else if (strncmp("audience", key, 9) == 0) {
res->audience = apr_pstrdup(r->pool, json_object_get_string(val));
}
else if (strncmp("expires", key, 8) == 0) {
apr_time_ansi_put(&res->expires, json_object_get_int64(val) / 1000);
}
else if (strncmp("reason", key, 7) == 0) {
reason = json_object_get_string(val);
}
else if (strncmp("status", key, 7) == 0) {
status = json_object_get_string(val);
if (strncmp("okay", status, 5) == 0) {
success = 1;
}
}
json_object_iter_next(&it);
}
json_tokener_free(tok);
// XXX: This is bad, doesn't catch multiple missing bits
if (!res->verifiedEmail) {
res->errorResponse = apr_pstrdup(r->pool, "Missing e-mail in assertion");
}
if (!res->identityIssuer) {
res->errorResponse = apr_pstrdup(r->pool, "Missing issuer in assertion");
}
if (res->audience
&& strncmp(res->audience, r->server->server_hostname,
strlen(r->server->server_hostname)) != 0) {
res->errorResponse =
apr_psprintf(r->pool, "Audience %s doesn't match %s", res->audience,
r->server->server_hostname);
}
apr_time_t now = apr_time_now();
if (res->expires && res->expires <= now) {
char exp_time[APR_RFC822_DATE_LEN];
apr_rfc822_date(exp_time, res->expires);
res->errorResponse =
apr_psprintf(r->pool, "Assertion expired on %s", exp_time);
}
if (!success) {
if (reason) {
res->errorResponse = apr_pstrdup(r->pool, reason);
}
else {
res->errorResponse =
apr_psprintf(r->pool, "Assertion failed with status '%s'", status);
}
}
return res;
}
static int verify_auth_token(cdn_conf *cfg, request_rec *r)
{
char *last, *uri_base, *query_string, *vox_timestamp_decoded, *forwarded_list;
const char *token, *vox_sig, *vox_timestamp, *ip;
apr_table_t *params;
struct tm ctime;
long remote_east_of_utc, local_east_of_utc;
time_t raw;
apr_time_t vox_ts;
/* URI must have '?' in it */
if (!strchr(r->unparsed_uri, '?')) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"verify_auth_token: URI %s missing '?'",
r->unparsed_uri);
return DECLINED;
}
/* The base URL of the request, without the query arguments. */
uri_base = apr_strtok(r->unparsed_uri, "?", &last);
uri_base = apr_pstrcat(r->pool, cfg->to_server, uri_base, NULL);
/* All of the query string parameters */
query_string = apr_strtok(NULL, "", &last);
/* Convert the query string to a table */
params = apr_table_make(r->pool, 1);
qs_to_table(query_string, params, r->pool);
/* Get vox_sig from the parameters */
vox_sig = apr_table_get(params, "vox_sig");
if (!vox_sig) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"verify_auth_token: vox_sig missing");
return DECLINED;
}
/* Remove vox_sig from params so it can be regenerated */
apr_table_unset(params, "vox_sig");
/* Get vox_timestamp from the parameters */
vox_timestamp = apr_table_get(params, "vox_timestamp");
if (!vox_timestamp) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"verify_auth_token: vox_timestamp missing");
return DECLINED;
}
/* Parse vox_timestamp, which must be in ISO 8601 format */
memset(&ctime, 0, sizeof(struct tm));
vox_timestamp_decoded = apr_pstrdup(r->pool, vox_timestamp);
ap_unescape_url(vox_timestamp_decoded);
strptime(vox_timestamp_decoded, "%FT%T%z", &ctime);
remote_east_of_utc = ctime.tm_gmtoff; /* have to save because mktime overwrites */
ctime.tm_isdst = -1; /* mktime needs to auto-determine DST */
raw = mktime(&ctime);
local_east_of_utc = ctime.tm_gmtoff;
apr_time_ansi_put(&vox_ts, raw - remote_east_of_utc + local_east_of_utc);
/* verify vox_timestamp is in the future; if not, authentication has failed */
if (vox_ts < apr_time_now()) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Authenticated URL %s is expired (expired %ld, now %ld, raw %ld, "
"remote_east_of_utc %ld, local_east_of_utc %ld)",
r->uri,
apr_time_sec(vox_ts),
apr_time_sec(apr_time_now()),
raw, remote_east_of_utc, local_east_of_utc);
return DECLINED;
}
/* compute the correct auth token using the connection's remote IP */
token = make_auth_token(r, r->connection->remote_ip, uri_base, params,
cfg->auth_key);
ap_log_error(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r->server,
"verify_auth_token: comparing vox_sig %s with token %s "
"using remote_ip %s", vox_sig, token, r->connection->remote_ip);
if (!strncasecmp(token, vox_sig, SHA1_STR_SIZE))
return OK;
/* if that IP didn't work, try every IP in the X-Forwarded-For header in order */
forwarded_list = (char *)apr_table_get(r->headers_in, "X-Forwarded-For");
if (forwarded_list && (forwarded_list = apr_pstrdup(r->pool, forwarded_list))) {
last = NULL;
if (!(ip = apr_strtok(forwarded_list, ", \t", &last)))
return DECLINED;
do {
token = make_auth_token(r, ip, uri_base, params, cfg->auth_key);
ap_log_error(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r->server,
"verify_auth_token: comparing vox_sig %s with token %s "
"using X-Forwarded-For ip %s", vox_sig, token, ip);
if (!strncasecmp(token, vox_sig, SHA1_STR_SIZE))
return OK;
} while ((ip = apr_strtok(NULL, ", \t", &last)));
}
return DECLINED;
}
