mod_isapi.c revision 059f354a6b7b116e4469ff7fe99c1142affa0ad6
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
*
* Portions of this software are based upon public domain software
* originally written at the National Center for Supercomputing Applications,
* University of Illinois, Urbana-Champaign.
*/
/*
* mod_isapi.c - Internet Server Application (ISA) module for Apache
* by Alexei Kosut <akosut@apache.org>
*
* This module implements Microsoft's ISAPI, allowing Apache (when running
* under Windows) to load Internet Server Applications (ISAPI extensions).
* It implements all of the ISAPI 2.0 specification, except for the
* "Microsoft-only" extensions dealing with asynchronous I/O. All ISAPI
* extensions that use only synchronous I/O and are compatible with the
* ISAPI 2.0 specification should work (most ISAPI 1.0 extensions should
* function as well).
*
* To load, simply place the ISA in a location in the document tree.
* Then add an "AddHandler isapi-isa dll" into your config file.
* You should now be able to load ISAPI DLLs just be reffering to their
* URLs. Make sure the ExecCGI option is active in the directory
* the ISA is in.
*/
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_protocol.h"
#include "http_request.h"
#include "http_log.h"
#include "util_script.h"
/* We use the exact same header file as the original */
#include <HttpExt.h>
/* Seems IIS does not enforce the requirement for \r\n termination on HSE_REQ_SEND_RESPONSE_HEADER,
define this to conform */
#define RELAX_HEADER_RULE
/* Our "Connection ID" structure */
typedef struct {
request_rec *r;
int status;
} isapi_cid;
/* Declare the ISAPI functions */
/*
The optimiser blows it totally here. What happens is that autos are addressed relative to the
stack pointer, which, of course, moves around. The optimiser seems to lose track of it somewhere
between setting isapi_entry and calling through it. We work around the problem by forcing it to
use frame pointers.
*/
int isapi_handler (request_rec *r) {
ap_table_t *e = r->subprocess_env;
int retval;
/* Use similar restrictions as CGIs */
if (!(ap_allow_options(r) & OPT_EXECCGI))
return FORBIDDEN;
return NOT_FOUND;
return FORBIDDEN;
/* Load the module */
"Could not load DLL: %s", r->filename);
return SERVER_ERROR;
}
if (!(isapi_version =
"DLL could not load GetExtensionVersion(): %s", r->filename);
return SERVER_ERROR;
}
if (!(isapi_entry =
"DLL could not load HttpExtensionProc(): %s", r->filename);
return SERVER_ERROR;
}
/* Run GetExtensionVersion() */
if (!(*isapi_version)(pVer)) {
"ISAPI GetExtensionVersion() failed: %s", r->filename);
return SERVER_ERROR;
}
/* Set up variables */
ap_add_cgi_vars(r);
/* Set up connection ID */
cid->r = r;
ecb->dwHttpStatusCode = 0;
/* Set up client input */
return retval;
}
if (ap_should_client_block(r)) {
/* Unlike IIS, which limits this to 48k, we read the whole
* sucker in. I suppose this could be bad for memory if someone
* uploaded the complete works of Shakespeare. Well, WebSite
* does the same thing.
*/
long read;
/* Actually, let's cap it at 48k, until we figure out what
* to do with this... we don't want a Content-Length: 1000000000
* taking out the machine.
*/
if (to_read > 49152) {
return HTTP_REQUEST_ENTITY_TOO_LARGE;
}
return SERVER_ERROR;
}
/* Although its not to spec, IIS seems to null-terminate
* its lpdData string. So we will too. To make sure
* cbAvailable matches cbTotalBytes, we'll up the latter
* and equalize them.
*/
}
else {
ecb->cbTotalBytes = 0;
ecb->cbAvailable = 0;
}
/* Set up the callbacks */
/* All right... try and load the sucker */
/* Set the status (for logging) */
if (ecb->dwHttpStatusCode)
/* Check for a log message - and log it */
/* All done with the DLL... get rid of it */
switch(retval) {
case HSE_STATUS_SUCCESS:
/* Ignore the keepalive stuff; Apache handles it just fine without
* the ISA's "advice".
*/
return OK;
case HSE_STATUS_PENDING: /* We don't support this */
"ISAPI asynchronous I/O not supported: %s", r->filename);
case HSE_STATUS_ERROR:
default:
return SERVER_ERROR;
}
}
ap_table_t *e = r->subprocess_env;
const char *result;
/* Mostly, we just grab it from the environment, but there are
* a couple of special cases
*/
/* We don't support NT users, so this is always the same as
* REMOTE_USER
*/
}
/* Apache doesn't support secure requests inherently, so
* we have no way of knowing. We'll be conservative, and say
* all requests are insecure.
*/
result = "0";
}
}
else {
}
if (result) {
return FALSE;
}
return TRUE;
}
/* Didn't find it */
return FALSE;
}
DWORD dwReserved) {
int writ; /* written, actually, but why shouldn't I make up words? */
/* We only support synchronous writing */
"ISAPI asynchronous I/O not supported: %s", r->filename);
return FALSE;
}
return FALSE;
}
*lpwdwBytes = writ;
return TRUE;
}
/* Doesn't need to do anything; we've read all the data already */
return TRUE;
}
/* XXX: There is an O(n^2) attack possible here. */
char *data;
switch (dwHSERequest) {
/* Set the status to be returned when the HttpExtensionProc()
* is done.
*/
return TRUE;
case HSE_REQ_SEND_URL:
/* Read any additional input */
if (r->remaining > 0) {
char argsbuffer[HUGE_STRING_LEN];
}
/* Reset the method to GET */
r->method_number = M_GET;
/* Don't let anyone think there's still data */
ap_internal_redirect((char *)lpvBuffer, r);
return TRUE;
/* Now fill in the HTTP headers, and the rest of it. Ick.
* lpdwDataType contains a string that has headers (in MIME
* format), a blank like, then (possibly) data. We need
* to parse it.
*
* Easy case first:
*/
if (!lpdwDataType) {
return TRUE;
}
/* Make a copy - don't disturb the original */
/* We *should* break before this while loop ends */
while (*data) {
int p;
#ifdef RELAX_HEADER_RULE
if (lf)
*lf = '\0';
#else
if (!lf) { /* Huh? Invalid data, I think */
"ISA sent invalid headers: %s", r->filename);
return FALSE;
}
/* Get rid of \n and \r */
*lf = '\0';
#endif
/* End of headers */
if (*data == '\0') {
#ifdef RELAX_HEADER_RULE
if (lf)
#endif
break;
}
"ISA sent invalid headers", r->filename);
return FALSE;
}
*value++ = '\0';
/* Check all the special-case headers. Similar to what
* ap_scan_script_header_err() does (see that function for
* more detail)
*/
char *tmp;
/* Nuke trailing whitespace */
r->content_type = tmp;
}
}
}
}
else {
}
/* Reset data */
#ifdef RELAX_HEADER_RULE
if (!lf) {
data += p;
break;
}
#endif
}
/* All the headers should be set now */
/* Any data left should now be sent directly */
return TRUE;
case HSE_REQ_MAP_URL_TO_PATH:
/* Map a URL to a filename */
*lpdwSize), r);
/* IIS puts a trailing slash on directories, Apache doesn't */
((char *)lpvBuffer)[l] = '\\';
}
return TRUE;
/* Do nothing... since we don't support async I/O, they'll
* return from HttpExtensionProc soon
*/
return TRUE;
/* We don't support all this async I/O, Microsoft-specific stuff */
case HSE_REQ_IO_COMPLETION:
case HSE_REQ_TRANSMIT_FILE:
"ISAPI asynchronous I/O not supported: %s", r->filename);
default:
return FALSE;
}
}
handler_rec isapi_handlers[] = {
{ "isapi-isa", isapi_handler },
{ NULL}
};
module isapi_module = {
NULL, /* initializer */
NULL, /* create per-dir config */
NULL, /* merge per-dir config */
NULL, /* server config */
NULL, /* merge server config */
NULL, /* command ap_table_t */
isapi_handlers, /* handlers */
NULL, /* filename translation */
NULL, /* check_user_id */
NULL, /* check auth */
NULL, /* check access */
NULL, /* type_checker */
NULL, /* logger */
NULL /* header parser */
};