svn_error_t *
svn_mime_type_validate(const char *mime_type, apr_pool_t *pool)
{
/* Since svn:mime-type can actually contain a full content type
specification, e.g., "text/html; charset=UTF-8", make sure we're
only looking at the media type here. */
const apr_size_t len = strcspn(mime_type, "; ");
const char *const slash_pos = strchr(mime_type, '/');
if (len == 0)
return svn_error_createf
(SVN_ERR_BAD_MIME_TYPE, NULL,
_("MIME type '%s' has empty media type"), mime_type);
if (slash_pos == NULL || slash_pos >= &mime_type[len])
return svn_error_createf
(SVN_ERR_BAD_MIME_TYPE, NULL,
_("MIME type '%s' does not contain '/'"), mime_type);
if (! apr_isalnum(mime_type[len - 1]))
return svn_error_createf
(SVN_ERR_BAD_MIME_TYPE, NULL,
_("MIME type '%s' ends with non-alphanumeric character"), mime_type);
return SVN_NO_ERROR;
}
static char *http2env(request_rec *r, const char *w)
{
char *res = (char *)apr_palloc(r->pool, sizeof("HTTP_") + strlen(w));
char *cp = res;
char c;
*cp++ = 'H';
*cp++ = 'T';
*cp++ = 'T';
*cp++ = 'P';
*cp++ = '_';
while ((c = *w++) != 0) {
if (apr_isalnum(c)) {
*cp++ = apr_toupper(c);
}
else if (c == '-') {
*cp++ = '_';
}
else {
if (APLOGrtrace1(r))
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
"Not exporting header with invalid name as envvar: %s",
ap_escape_logitem(r->pool, w));
return NULL;
}
}
*cp = 0;
return res;
}
zktool_format_opt(const apr_getopt_option_t *opt, const char *metaval, apr_pool_t *pool)
{
const char *n = NULL;
const char *optfmt = NULL;
const char *optfmt_long_with_arg = ZKTOOL_OPT_INDENT_STR "-%c, %s\n" ZKTOOL_OPT_INDENT_STR ZKTOOL_OPT_DESC;
const char *optfmt_long = ZKTOOL_OPT_INDENT_STR "-%c, %s\n" ZKTOOL_OPT_INDENT_STR ZKTOOL_OPT_DESC;
const char *optfmt_no_short_with_arg = ZKTOOL_OPT_INDENT_STR ZKTOOL_OPT_FMTSTR_L "\n" ZKTOOL_OPT_INDENT_STR ZKTOOL_OPT_DESC;
const char *optfmt_no_short = ZKTOOL_OPT_INDENT_STR ZKTOOL_OPT_FMTSTR_R " %%s";
const char *optfmt_no_long = ZKTOOL_OPT_INDENT_STR "-%c " ZKTOOL_OPT_FMTSTR_L " %%s";
const char *optfmt_no_long_with_arg = ZKTOOL_OPT_INDENT_STR "-%c " ZKTOOL_OPT_FMTSTR_L " %%s";
if(opt->name && *opt->name) {
if(opt->has_arg) {
if(!metaval)
metaval = "VALUE";
}
if(opt->has_arg && metaval && *metaval)
n = apr_psprintf(pool,"--%s=%s",opt->name,metaval);
else
n = apr_psprintf(pool,"--%s",opt->name);
} else if(apr_isalnum(opt->optch)) {
if(opt->has_arg && !metaval)
metaval = "VALUE";
if(opt->has_arg && metaval && *metaval)
n = metaval;
else
n = "";
}
if(opt->name && *opt->name) {
if(opt->has_arg && !apr_isalnum(opt->optch))
optfmt = apr_psprintf(pool,optfmt_no_short_with_arg,n);
else if(!opt->has_arg && apr_isalnum(opt->optch))
optfmt = apr_psprintf(pool,optfmt_long,(char)opt->optch,n);
else if(!opt->has_arg && !apr_isalnum(opt->optch))
optfmt = apr_psprintf(pool,optfmt_no_short,n);
else
optfmt = apr_psprintf(pool,optfmt_long_with_arg,(char)opt->optch,n);
} else if(apr_isalnum(opt->optch)) {
if(opt->has_arg)
optfmt = apr_psprintf(pool,optfmt_no_long_with_arg,(char)opt->optch,n);
else
optfmt = apr_psprintf(pool,optfmt_no_long,(char)opt->optch,n);
}
assert(optfmt != NULL);
return optfmt;
}
static void set_and_comp_regexp(cookie_dir_rec *dcfg,
apr_pool_t *p,
const char *cookie_name)
{
int danger_chars = 0;
const char *sp = cookie_name;
/* The goal is to end up with this regexp,
* ^cookie_name=([^;,]+)|[;,][ \t]+cookie_name=([^;,]+)
* with cookie_name obviously substituted either
* with the real cookie name set by the user in httpd.conf, or with the
* default COOKIE_NAME. */
/* Anyway, we need to escape the cookie_name before pasting it
* into the regex
*/
while (*sp) {
if (!apr_isalnum(*sp)) {
++danger_chars;
}
++sp;
}
if (danger_chars) {
char *cp;
cp = apr_palloc(p, sp - cookie_name + danger_chars + 1); /* 1 == \0 */
sp = cookie_name;
cookie_name = cp;
while (*sp) {
if (!apr_isalnum(*sp)) {
*cp++ = '\\';
}
*cp++ = *sp++;
}
*cp = '\0';
}
dcfg->regexp_string = apr_pstrcat(p, "^",
cookie_name,
"=([^;,]+)|[;,][ \t]*",
cookie_name,
"=([^;,]+)", NULL);
dcfg->regexp = ap_pregcomp(p, dcfg->regexp_string, AP_REG_EXTENDED);
ap_assert(dcfg->regexp != NULL);
}
static const char * ap_escape_urlencoded(apr_pool_t * pool, const char * buffer) {
char * copy = apr_palloc(pool, 3 * strlen(buffer) + 1);
char * p = copy;
while (*buffer) {
if (!apr_isalnum(*buffer) && !strchr(".-*_ ", *buffer)) {
*p++ = '%';
sprintf(p, "%02x", *p);
*p += 2;
} else if (*buffer == ' ') {
*p++ = '+';
} else {
*p++ = *buffer;
}
buffer++;
}
*p++ = '\0';
return copy;
}
AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t)
{
const apr_array_header_t *env_arr = apr_table_elts(t);
const apr_table_entry_t *elts = (const apr_table_entry_t *) env_arr->elts;
char **env = (char **) apr_palloc(p, (env_arr->nelts + 2) * sizeof(char *));
int i, j;
char *tz;
char *whack;
j = 0;
if (!apr_table_get(t, "TZ")) {
tz = getenv("TZ");
if (tz != NULL) {
env[j++] = apr_pstrcat(p, "TZ=", tz, NULL);
}
}
for (i = 0; i < env_arr->nelts; ++i) {
if (!elts[i].key) {
continue;
}
env[j] = apr_pstrcat(p, elts[i].key, "=", elts[i].val, NULL);
whack = env[j];
if (apr_isdigit(*whack)) {
*whack++ = '_';
}
while (*whack != '=') {
if (!apr_isalnum(*whack) && *whack != '_') {
*whack = '_';
}
++whack;
}
++j;
}
env[j] = NULL;
return env;
}
static char *http2env(apr_pool_t *a, const char *w)
{
char *res = (char *)apr_palloc(a, sizeof("HTTP_") + strlen(w));
char *cp = res;
char c;
*cp++ = 'H';
*cp++ = 'T';
*cp++ = 'T';
*cp++ = 'P';
*cp++ = '_';
while ((c = *w++) != 0) {
if (!apr_isalnum(c)) {
*cp++ = '_';
}
else {
*cp++ = apr_toupper(c);
}
}
*cp = 0;
return res;
}
int main(int argc, char *argv[])
{
unsigned c;
unsigned char flags;
printf("/* this file is automatically generated by gen_test_char, "
"do not edit */\n"
"#define T_ESCAPE_SHELL_CMD (%u)\n"
"#define T_ESCAPE_PATH_SEGMENT (%u)\n"
"#define T_OS_ESCAPE_PATH (%u)\n"
"#define T_HTTP_TOKEN_STOP (%u)\n"
"#define T_ESCAPE_LOGITEM (%u)\n"
"#define T_ESCAPE_FORENSIC (%u)\n"
"\n"
"static const unsigned char test_char_table[256] = {",
T_ESCAPE_SHELL_CMD,
T_ESCAPE_PATH_SEGMENT,
T_OS_ESCAPE_PATH,
T_HTTP_TOKEN_STOP,
T_ESCAPE_LOGITEM,
T_ESCAPE_FORENSIC);
for (c = 0; c < 256; ++c) {
flags = 0;
if (c % 20 == 0)
printf("\n ");
/* escape_shell_cmd */
#ifdef NEED_ENHANCED_ESCAPES
/* Win32/OS2 have many of the same vulnerable characters
* as Unix sh, plus the carriage return and percent char.
* The proper escaping of these characters varies from unix
* since Win32/OS2 use carets or doubled-double quotes,
* and neither lf nor cr can be escaped. We escape unix
* specific as well, to assure that cross-compiled unix
* applications behave similiarly when invoked on win32/os2.
*
* Rem please keep in-sync with apr's list in win32/filesys.c
*/
if (c && strchr("&;`'\"|*?~<>^()[]{}$\\\n\r%", c)) {
flags |= T_ESCAPE_SHELL_CMD;
}
#else
if (c && strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) {
flags |= T_ESCAPE_SHELL_CMD;
}
#endif
if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=~", c)) {
flags |= T_ESCAPE_PATH_SEGMENT;
}
if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=/~", c)) {
flags |= T_OS_ESCAPE_PATH;
}
/* these are the "tspecials" (RFC2068) or "separators" (RFC2616) */
if (c && (apr_iscntrl(c) || strchr(" \t()<>@,;:\\\"/[]?={}", c))) {
flags |= T_HTTP_TOKEN_STOP;
}
/* For logging, escape all control characters,
* double quotes (because they delimit the request in the log file)
* backslashes (because we use backslash for escaping)
* and 8-bit chars with the high bit set
*/
if (c && (!apr_isprint(c) || c == '"' || c == '\\' || apr_iscntrl(c))) {
flags |= T_ESCAPE_LOGITEM;
}
/* For forensic logging, escape all control characters, top bit set,
* :, | (used as delimiters) and % (used for escaping).
*/
if (!apr_isprint(c) || c == ':' || c == '|' || c == '%'
|| apr_iscntrl(c) || !c) {
flags |= T_ESCAPE_FORENSIC;
}
printf("%u%c", flags, (c < 255) ? ',' : ' ');
}
printf("\n};\n");
return 0;
}
static authn_status authn_dbd_password(request_rec *r, const char *user,
const char *password)
{
apr_status_t rv;
const char *dbd_password = NULL;
apr_dbd_prepared_t *statement;
apr_dbd_results_t *res = NULL;
apr_dbd_row_t *row = NULL;
authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
&authn_dbd_module);
ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
char *digest_colon = NULL;
if (dbd == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Failed to acquire database connection to look up "
"user '%s'", user);
return AUTH_GENERAL_ERROR;
}
if (conf->user == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"No AuthDBDUserPWQuery has been specified");
return AUTH_GENERAL_ERROR;
}
statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
if (statement == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"A prepared statement could not be found for "
"AuthDBDUserPWQuery with the key '%s'", conf->user);
return AUTH_GENERAL_ERROR;
}
if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
0, user, NULL) != 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Query execution error looking up '%s' "
"in database", user);
return AUTH_GENERAL_ERROR;
}
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
rv != -1;
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
if (rv != 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"Error retrieving results while looking up '%s' "
"in database", user);
return AUTH_GENERAL_ERROR;
}
if (dbd_password == NULL) {
#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
/* add the rest of the columns to the environment */
int i = 1;
const char *name;
for (name = apr_dbd_get_name(dbd->driver, res, i);
name != NULL;
name = apr_dbd_get_name(dbd->driver, res, i)) {
char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
name,
NULL);
int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
while (str[j]) {
if (!apr_isalnum(str[j])) {
str[j] = '_';
}
else {
str[j] = apr_toupper(str[j]);
}
j++;
}
apr_table_set(r->subprocess_env, str,
apr_dbd_get_entry(dbd->driver, row, i));
i++;
}
#endif
dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
}
/* we can't break out here or row won't get cleaned up */
}
if (!dbd_password) {
return AUTH_USER_NOT_FOUND;
}
if ((digest_colon = ap_strchr(dbd_password, ':'))) {
const char *realm = NULL, *exp_hash = NULL;
const char *act_hash = NULL;
realm = apr_pstrndup(r->pool, dbd_password, digest_colon - dbd_password);
exp_hash = digest_colon + 1;
act_hash = ap_md5(r->pool,
(unsigned char*) apr_pstrcat(r->pool, user, ":",
realm, ":", password, NULL));
if (strcmp(act_hash, exp_hash)) {
return AUTH_DENIED;
}
else {
return AUTH_GRANTED;
}
}
rv = apr_password_validate(password, dbd_password);
if (rv != APR_SUCCESS) {
return AUTH_DENIED;
}
return AUTH_GRANTED;
}
static authn_status authn_dbd_realm(request_rec *r, const char *user,
const char *realm, char **rethash)
{
apr_status_t rv;
const char *dbd_hash = NULL;
apr_dbd_prepared_t *statement;
apr_dbd_results_t *res = NULL;
apr_dbd_row_t *row = NULL;
int ret;
authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
&authn_dbd_module);
ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
if (dbd == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01658)
"Failed to acquire database connection to look up "
"user '%s:%s'", user, realm);
return AUTH_GENERAL_ERROR;
}
if (conf->realm == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01659)
"No AuthDBDUserRealmQuery has been specified");
return AUTH_GENERAL_ERROR;
}
statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
if (statement == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01660)
"A prepared statement could not be found for "
"AuthDBDUserRealmQuery with the key '%s'", conf->realm);
return AUTH_GENERAL_ERROR;
}
if ((ret = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res,
statement, 0, user, realm, NULL) != 0)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01661)
"Query execution error looking up '%s:%s' "
"in database [%s]",
user, realm,
apr_dbd_error(dbd->driver, dbd->handle, ret));
return AUTH_GENERAL_ERROR;
}
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
rv != -1;
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
if (rv != 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01662)
"Error retrieving results while looking up '%s:%s' "
"in database", user, realm);
return AUTH_GENERAL_ERROR;
}
if (dbd_hash == NULL) {
#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
/* add the rest of the columns to the environment */
int i = 1;
const char *name;
for (name = apr_dbd_get_name(dbd->driver, res, i);
name != NULL;
name = apr_dbd_get_name(dbd->driver, res, i)) {
char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
name,
NULL);
int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
while (str[j]) {
if (!apr_isalnum(str[j])) {
str[j] = '_';
}
else {
str[j] = apr_toupper(str[j]);
}
j++;
}
apr_table_set(r->subprocess_env, str,
apr_dbd_get_entry(dbd->driver, row, i));
i++;
}
#endif
dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
}
/* we can't break out here or row won't get cleaned up */
}
if (!dbd_hash) {
return AUTH_USER_NOT_FOUND;
}
AUTHN_CACHE_STORE(r, user, realm, dbd_hash);
*rethash = apr_pstrdup(r->pool, dbd_hash);
return AUTH_USER_FOUND;
}