mod_isapi.c revision 1ccd992d37d62c8cb2056126f2234f64ec189bfd
* if any, must include the following acknowledgment: * "This product includes software developed by the * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * 4. The names "Apache" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact apache@apache.org. * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * ==================================================================== * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * Portions of this software are based upon public domain software * originally written at the National Center for Supercomputing Applications, * University of Illinois, Urbana-Champaign. * mod_isapi.c - Internet Server Application (ISA) module for Apache * by Alexei Kosut <akosut@apache.org> * This module implements Microsoft's ISAPI, allowing Apache (when running * under Windows) to load Internet Server Applications (ISAPI extensions). * It implements all of the ISAPI 2.0 specification, except for the * "Microsoft-only" extensions dealing with asynchronous I/O. All ISAPI * extensions that use only synchronous I/O and are compatible with the * ISAPI 2.0 specification should work (most ISAPI 1.0 extensions should * To load, simply place the ISA in a location in the document tree. * Then add an "AddHandler isapi-isa dll" into your config file. * You should now be able to load ISAPI DLLs just be reffering to their * URLs. Make sure the ExecCGI option is active in the directory /* We use the exact same header file as the original */ /* TODO: Unknown errors that must be researched for correct codes */ /* Seems IIS does not enforce the requirement for \r\n termination on HSE_REQ_SEND_RESPONSE_HEADER, define this to conform */ /* Declare the ISAPI functions */ The optimiser blows it totally here. What happens is that autos are addressed relative to the stack pointer, which, of course, moves around. The optimiser seems to lose track of it somewhere between setting HttpExtensionProc's address and calling through it. We work around the problem by forcing it to use frame pointers. The revisions below may eliminate this artifact. /* Our loaded isapi module description structure */ /* Our "Connection ID" structure */ /* Use similar restrictions as CGIs * If this fails, it's pointless to load the isapi dll. * Warning: cid should not be allocated from pool if we * cache the isapi process in-memory. * This code could use cacheing... everything that follows * should only be performed on the first isapi dll invocation, * not with every HttpExtensionProc() /* TODO: These may need to become overrideable, so that we * assure a given isapi can be fooled into behaving well. "ISAPI %s failed to load", r->
filename);
"ISAPI %s is missing GetExtensionVersion()",
"ISAPI %s is missing HttpExtensionProc()",
/* TerminateExtension() is an optional interface */ /* Run GetExtensionVersion() */ /* ### euh... we're passing the wrong type of error code here */ "ISAPI %s call GetExtensionVersion() failed",
/* Load of this module completed, this is the point at which *isa * could be cached for later invocation. * on to invoking this request... /* Set up connection structure and ecb */ /* TODO: Critical section */ // TODO: are copies really needed here? /* Set up the callbacks */ /* Set up client input */ /* Unlike IIS, which limits this to 48k, we read the whole * sucker in. I suppose this could be bad for memory if someone * uploaded the complete works of Shakespeare. Well, WebSite * But we can be smarter and read up to our 48k and then allow * the ISAPI app to read further blocks as desired. /* Actually, let's cap it at 48k, until we figure out what * to do with this... we don't want a Content-Length: 1000000000 * taking out the machine. /* Although its not to spec, IIS seems to null-terminate * its lpdData string. So we will too. To make sure * cbAvailable matches cbTotalBytes, we'll up the latter /* All right... try and run the sucker */ /* Set the status (for logging) */ /* Check for a log message - and log it */ /* Ignore the keepalive stuff; Apache handles it just fine without * Per Microsoft: "In IIS versions 4.0 and later, the return * values HSE_STATUS_SUCCESS and HSE_STATUS_SUCCESS_AND_KEEP_CONN * are functionally identical: Keep-Alive connections are * maintained, if supported by the client." * ... so we were pat all this time /* emulating async behavior... * Create a cid->completed event and wait on it for some timeout * so that the app thinks is it running async. * All async ServerSupportFunction calls will be handled through * the registered IO_COMPLETION hook. "ISAPI %s asynch I/O request refused",
/* TODO: Now what... if this hung, then do we kill our own * thread to force it's death? For now leave timeout = -1 /* end response if we have yet to do so. /* TODO: log unrecognized retval for debugging /* All done with the DLL... get rid of it... * If optionally cached, pass HSE_TERM_ADVISORY_UNLOAD, * and if it returns TRUE, unload, otherwise, cache it. /* Mostly, we just grab it from the environment, but there are * a couple of special cases /* We don't support NT users, so this is always the same as /* Apache doesn't support secure requests inherently, so * we have no way of knowing. We'll be conservative, and say * all requests are insecure. int writ;
/* written, actually, but why shouldn't I make up words? */ /* We only support synchronous writing */ /* TODO: If the request was a huge transmit or chunked, continue piping the * request here, but if it's of a sane size, continue to ... /* We *should* break before this while loop ends */ if (!
lf) {
/* Huh? Invalid data, I think */ "ISAPI %s sent invalid headers", r->
filename);
/* Get rid of \n and \r */ if (p > 0 &&
data[p-
1] ==
'\r')
data[p-
1] =
'\0';
data =
lf +
1;
/* Reset data */ /* ### euh... we're passing the wrong type of error "ISAPI %s sent invalid headers", r->
filename);
/* Check all the special-case headers. Similar to what * ap_scan_script_header_err() does (see that function for /* Nuke trailing whitespace */ /* XXX: There is an O(n^2) attack possible here. */ /* Set the status to be returned when the HttpExtensionProc() /* Read any additional input */ /* Reset the method to GET */ /* Don't let anyone think there's still data */ /* Now fill in the HTTP headers, and the rest of it. Ick. * lpdwDataType contains a string that has headers (in MIME * format), a blank like, then (possibly) data. We need /* Make a copy - don't disturb the original */ /* Parse them out, or die trying */ /* All the headers should be set now */ /* Any data left should now be sent directly */ /* Signal to resume the thread completing this request /* Map a URL to a filename */ /* IIS puts a trailing slash on directories, Apache doesn't */ /* Log lpvBuffer, of lpdwSize bytes, in the URI Query (cs-uri-query) field * This code will do for now... /* TODO: Emulate a completion port, if we can... * Record the callback address and user defined argument... * we will call this after any async request (e.g. transmitfile) * as if the request had completed async execution. * Per MS docs... HSE_REQ_IO_COMPLETION replaces any prior call * to HSE_REQ_IO_COMPLETION, and lpvBuffer may be set to NULL. /* Use TransmitFile... nothing wrong with that :) /* ### euh... we're passing the wrong type of error code here */ "ISAPI asynchronous I/O not supported: %s",
/* TODO: Not quite ready for prime time yet */ /* Map a URL to a filename */ /* IIS puts a trailing slash on directories, Apache doesn't */ * HSE_URL_FLAGS_READ Allow for read. * HSE_URL_FLAGS_WRITE Allow for write. * HSE_URL_FLAGS_EXECUTE Allow for execute. * HSE_URL_FLAGS_SSL Require SSL. * HSE_URL_FLAGS_DONT_CACHE Don't cache (virtual root only). * HSE_URL_FLAGS_NEGO_CERT Allow client SSL certifications. * HSE_URL_FLAGS_REQUIRE_CERT Require client SSL certifications. * HSE_URL_FLAGS_MAP_CERT Map SSL certification to a Windows account. * HSE_URL_FLAGS_SSL128 Requires a 128-bit SSL. * HSE_URL_FLAGS_SCRIPT Allows for script execution. /* (LPHSE_URL_MAPEX_INFO)lpdwDataType)->cchMatchingPath * (LPHSE_URL_MAPEX_INFO)lpdwDataType)->cchMatchingURL /* TODO: Not quite ready for prime time */ /* Make a copy - don't disturb the original */ /* Parse them out, or die trying */ /* ((LPHSE_SEND_HEADER_EX_INFO)lpvBuffer)->fKeepConn; * Now how are we about to start listening to an ISAPI's * idea of keeping or closing a connection? Seriously :) /* All the headers should be set now */ /* Any data left should now be sent directly */ /* Returns True if client is connected c.f. Q188346*/ /* case HSE_REQ_EXTENSION_TRIGGER: * Undocumented - from the Microsoft Jan '00 Platform SDK /* TODO: log unrecognized ServerSupportCommand for debugging NULL,
/* create per-dir config */ NULL,
/* merge per-dir config */ NULL,
/* server config */ NULL,
/* merge server config */ NULL,
/* command apr_table_t */ NULL /* register hooks */