util.c revision 8b99f2a316c5e2fa6ab208206fdd7fc2bfc4a921
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/* ====================================================================
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * The Apache Software License, Version 1.1
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *
9bcfc3697a91b5215893a7d0206865b13fc72148nd * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * reserved.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *
ce69065dfde08a756f3b52e0dbe2f4f8d56b13cfnd * Redistribution and use in source and binary forms, with or without
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * modification, are permitted provided that the following conditions
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * are met:
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * 1. Redistributions of source code must retain the above copyright
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * notice, this list of conditions and the following disclaimer.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * 2. Redistributions in binary form must reproduce the above copyright
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * notice, this list of conditions and the following disclaimer in
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * the documentation and/or other materials provided with the
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * distribution.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * 3. The end-user documentation included with the redistribution,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * if any, must include the following acknowledgment:
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * "This product includes software developed by the
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * Apache Software Foundation (http://www.apache.org/)."
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * Alternately, this acknowledgment may appear in the software itself,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * if and wherever such third-party acknowledgments normally appear.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * 4. The names "Apache" and "Apache Software Foundation" must
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * not be used to endorse or promote products derived from this
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * software without prior written permission. For written
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * permission, please contact apache@apache.org.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * 5. Products derived from this software may not be called "Apache",
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * nor may "Apache" appear in their name, without prior written
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * permission of the Apache Software Foundation.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * SUCH DAMAGE.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * ====================================================================
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * This software consists of voluntary contributions made by many
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * individuals on behalf of the Apache Software Foundation. For more
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * information on the Apache Software Foundation, please see
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * <http://www.apache.org/>.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/*
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd** DAV extension module for Apache 2.0.*
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd** - various utilities, repository-independent
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd*/
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd#include "apr_strings.h"
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd#include "apr_lib.h"
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd#define APR_WANT_STRFUNC
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd#include "apr_want.h"
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd#include "mod_dav.h"
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd#include "http_request.h"
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd#include "http_config.h"
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd#include "http_vhost.h"
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd#include "http_log.h"
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd#include "http_protocol.h"
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndDAV_DECLARE(dav_error*) dav_new_error(apr_pool_t *p, int status,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd int error_id, const char *desc)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd int save_errno = errno;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd dav_error *err = apr_pcalloc(p, sizeof(*err));
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* DBG3("dav_new_error: %d %d %s", status, error_id, desc ? desc : "(no desc)"); */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd err->status = status;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd err->error_id = error_id;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd err->desc = desc;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd err->save_errno = save_errno;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return err;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndDAV_DECLARE(dav_error*) dav_push_error(apr_pool_t *p, int status,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd int error_id, const char *desc,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd dav_error *prev)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd dav_error *err = apr_pcalloc(p, sizeof(*err));
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd err->status = status;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd err->error_id = error_id;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd err->desc = desc;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd err->prev = prev;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return err;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndDAV_DECLARE(void) dav_check_bufsize(apr_pool_t * p, dav_buffer *pbuf,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd apr_size_t extra_needed)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* grow the buffer if necessary */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (pbuf->cur_len + extra_needed > pbuf->alloc_len) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd char *newbuf;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd pbuf->alloc_len += extra_needed + DAV_BUFFER_PAD;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd newbuf = apr_palloc(p, pbuf->alloc_len);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd memcpy(newbuf, pbuf->buf, pbuf->cur_len);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd pbuf->buf = newbuf;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndDAV_DECLARE(void) dav_set_bufsize(apr_pool_t * p, dav_buffer *pbuf,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd apr_size_t size)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* NOTE: this does not retain prior contents */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* NOTE: this function is used to init the first pointer, too, since
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd the PAD will be larger than alloc_len (0) for zeroed structures */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* grow if we don't have enough for the requested size plus padding */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (size + DAV_BUFFER_PAD > pbuf->alloc_len) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* set the new length; min of MINSIZE */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd pbuf->alloc_len = size + DAV_BUFFER_PAD;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (pbuf->alloc_len < DAV_BUFFER_MINSIZE)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd pbuf->alloc_len = DAV_BUFFER_MINSIZE;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd pbuf->buf = apr_palloc(p, pbuf->alloc_len);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd pbuf->cur_len = size;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/* initialize a buffer and copy the specified (null-term'd) string into it */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndDAV_DECLARE(void) dav_buffer_init(apr_pool_t *p, dav_buffer *pbuf,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd const char *str)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd dav_set_bufsize(p, pbuf, strlen(str));
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd memcpy(pbuf->buf, str, pbuf->cur_len + 1);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/* append a string to the end of the buffer, adjust length */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndDAV_DECLARE(void) dav_buffer_append(apr_pool_t *p, dav_buffer *pbuf,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd const char *str)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd size_t len = strlen(str);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd dav_check_bufsize(p, pbuf, len + 1);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd memcpy(pbuf->buf + pbuf->cur_len, str, len + 1);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd pbuf->cur_len += len;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/* place a string on the end of the buffer, do NOT adjust length */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndDAV_DECLARE(void) dav_buffer_place(apr_pool_t *p, dav_buffer *pbuf,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd const char *str)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd size_t len = strlen(str);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd dav_check_bufsize(p, pbuf, len + 1);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd memcpy(pbuf->buf + pbuf->cur_len, str, len + 1);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/* place some memory on the end of a buffer; do NOT adjust length */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndDAV_DECLARE(void) dav_buffer_place_mem(apr_pool_t *p, dav_buffer *pbuf,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd const void *mem, apr_size_t amt,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd apr_size_t pad)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd dav_check_bufsize(p, pbuf, amt + pad);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd memcpy(pbuf->buf + pbuf->cur_len, mem, amt);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/*
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd** dav_lookup_uri()
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd**
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd** Extension for ap_sub_req_lookup_uri() which can't handle absolute
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd** URIs properly.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd**
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd** If NULL is returned, then an error occurred with parsing the URI or
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd** the URI does not match the current server.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd*/
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nddav_lookup_result dav_lookup_uri(const char *uri, request_rec * r,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd int must_be_absolute)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd dav_lookup_result result = { 0 };
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd const char *scheme;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd apr_port_t port;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd apr_uri_t comp;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd char *new_file;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd const char *domain;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* first thing to do is parse the URI into various components */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (apr_uri_parse(r->pool, uri, &comp) != APR_SUCCESS) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.err.status = HTTP_BAD_REQUEST;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.err.desc = "Invalid syntax in Destination URI.";
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return result;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* the URI must be an absoluteURI (WEBDAV S9.3) */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (comp.scheme == NULL && must_be_absolute) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.err.status = HTTP_BAD_REQUEST;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.err.desc = "Destination URI must be an absolute URI.";
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return result;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* the URI must not have a query (args) or a fragment */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (comp.query != NULL || comp.fragment != NULL) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.err.status = HTTP_BAD_REQUEST;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.err.desc =
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd "Destination URI contains invalid components "
b05b612c7dd1921c47081e9252ae61ef46b99924kess "(a query or a fragment).";
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return result;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* If the scheme or port was provided, then make sure that it matches
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd the scheme/port of this request. If the request must be absolute,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd then require the (explicit/implicit) scheme/port be matching.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ### hmm. if a port wasn't provided (does the parse return port==0?),
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ### but we're on a non-standard port, then we won't detect that the
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ### URI's port implies the wrong one.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (comp.scheme != NULL || comp.port != 0 || must_be_absolute)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* ### not sure this works if the current request came in via https: */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd scheme = r->parsed_uri.scheme;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (scheme == NULL)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd scheme = ap_http_method(r);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* insert a port if the URI did not contain one */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (comp.port == 0)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd comp.port = apr_uri_default_port_for_scheme(comp.scheme);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* now, verify that the URI uses the same scheme as the current.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd request. the port must match our port.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd apr_sockaddr_port_get(&port, r->connection->local_addr);
4d7a2e153c599946b6afbe7bf883f477fcab7e53kess if (strcasecmp(comp.scheme, scheme) != 0 ||
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd comp.port != port) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.err.status = HTTP_BAD_GATEWAY;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.err.desc = apr_psprintf(r->pool,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd "Destination URI refers to "
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd "different scheme or port "
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd "(%s://hostname:%d)" APR_EOL_STR
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd "(want: %s://hostname:%d)",
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd comp.scheme ? comp.scheme : scheme,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd comp.port ? comp.port : port,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd scheme, port);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return result;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* we have verified the scheme, port, and general structure */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /*
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ** Hrm. IE5 will pass unqualified hostnames for both the
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ** Host: and Destination: headers. This breaks the
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ** http_vhost.c::matches_aliases function.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd **
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ** For now, qualify unqualified comp.hostnames with
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ** r->server->server_hostname.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd **
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ** ### this is a big hack. Apache should provide a better way.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ** ### maybe the admin should list the unqualified hosts in a
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ** ### <ServerAlias> block?
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (comp.hostname != NULL
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd && strrchr(comp.hostname, '.') == NULL
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd && (domain = strchr(r->server->server_hostname, '.')) != NULL) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd comp.hostname = apr_pstrcat(r->pool, comp.hostname, domain, NULL);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* now, if a hostname was provided, then verify that it represents the
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd same server as the current connection. note that we just use our
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd port, since we've verified the URI matches ours */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (comp.hostname != NULL &&
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd !ap_matches_request_vhost(r, comp.hostname, port)) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.err.status = HTTP_BAD_GATEWAY;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.err.desc = "Destination URI refers to a different server.";
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return result;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* we have verified that the requested URI denotes the same server as
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd the current request. Therefore, we can use ap_sub_req_lookup_uri() */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* reconstruct a URI as just the path */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd new_file = apr_uri_unparse(r->pool, &comp, APR_URI_UNP_OMITSITEPART);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /*
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * Lookup the URI and return the sub-request. Note that we use the
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * same HTTP method on the destination. This allows the destination
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * to apply appropriate restrictions (e.g. readonly).
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd result.rnew = ap_sub_req_method_uri(r->method, new_file, r, NULL);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return result;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/* ---------------------------------------------------------------
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd**
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd** XML UTILITY FUNCTIONS
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd*/
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
4d7a2e153c599946b6afbe7bf883f477fcab7e53kess/* validate that the root element uses a given DAV: tagname (TRUE==valid) */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndint dav_validate_root(const ap_xml_doc *doc, const char *tagname)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return doc->root &&
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd doc->root->ns == AP_XML_NS_DAV_ID &&
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd strcmp(doc->root->name, tagname) == 0;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/* find and return the (unique) child with a given DAV: tagname */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndap_xml_elem *dav_find_child(const ap_xml_elem *elem, const char *tagname)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ap_xml_elem *child = elem->first_child;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd for (; child; child = child->next)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (child->ns == AP_XML_NS_DAV_ID && !strcmp(child->name, tagname))
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return child;
4d7a2e153c599946b6afbe7bf883f477fcab7e53kess return NULL;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/* gather up all the CDATA into a single string */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndconst char *dav_xml_get_cdata(const ap_xml_elem *elem, apr_pool_t *pool,
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd int strip_white)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd apr_size_t len = 0;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ap_text *scan;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd const ap_xml_elem *child;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd char *cdata;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd char *s;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd apr_size_t tlen;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd const char *found_text = NULL; /* initialize to avoid gcc warning */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd int found_count = 0;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd for (scan = elem->first_cdata.first; scan != NULL; scan = scan->next) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd found_text = scan->text;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ++found_count;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd len += strlen(found_text);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd for (child = elem->first_child; child != NULL; child = child->next) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd for (scan = child->following_cdata.first;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd scan != NULL;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd scan = scan->next) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd found_text = scan->text;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ++found_count;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd len += strlen(found_text);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* some fast-path cases:
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * 1) zero-length cdata
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * 2) a single piece of cdata with no whitespace to strip
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (len == 0)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return "";
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (found_count == 1) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (!strip_white
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd || (!apr_isspace(*found_text)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd && !apr_isspace(found_text[len - 1])))
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return found_text;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd cdata = s = apr_palloc(pool, len + 1);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd for (scan = elem->first_cdata.first; scan != NULL; scan = scan->next) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd tlen = strlen(scan->text);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd memcpy(s, scan->text, tlen);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd s += tlen;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd for (child = elem->first_child; child != NULL; child = child->next) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd for (scan = child->following_cdata.first;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd scan != NULL;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd scan = scan->next) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd tlen = strlen(scan->text);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd memcpy(s, scan->text, tlen);
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd s += tlen;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *s = '\0';
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (strip_white) {
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* trim leading whitespace */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd while (apr_isspace(*cdata)) /* assume: return false for '\0' */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd ++cdata;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* trim trailing whitespace */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd while (len-- > 0 && apr_isspace(cdata[len]))
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd continue;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd cdata[len + 1] = '\0';
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd }
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return cdata;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd}
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/* ---------------------------------------------------------------
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd**
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd** Timeout header processing
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd**
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd*/
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd/* dav_get_timeout: If the Timeout: header exists, return a time_t
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * when this lock is expected to expire. Otherwise, return
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * a time_t of DAV_TIMEOUT_INFINITE.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd *
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * It's unclear if DAV clients are required to understand
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * Seconds-xxx and Infinity time values. We assume that they do.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * In addition, for now, that's all we understand, too.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7ndtime_t dav_get_timeout(request_rec *r)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd{
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd time_t now, expires = DAV_TIMEOUT_INFINITE;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd const char *timeout_const = apr_table_get(r->headers_in, "Timeout");
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd const char *timeout = apr_pstrdup(r->pool, timeout_const), *val;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd if (timeout == NULL)
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd return DAV_TIMEOUT_INFINITE;
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd /* Use the first thing we understand, or infinity if
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd * we don't understand anything.
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd */
41e3d6b4e67a52c6570c0412c3e5526278cf07d7nd
while ((val = ap_getword_white(r->pool, &timeout)) && strlen(val)) {
if (!strncmp(val, "Infinite", 8)) {
return DAV_TIMEOUT_INFINITE;
}
if (!strncmp(val, "Second-", 7)) {
val += 7;
/* ### We need to handle overflow better:
* ### timeout will be <= 2^32 - 1
*/
expires = atol(val);
now = time(NULL);
return now + expires;
}
}
return DAV_TIMEOUT_INFINITE;
}
/* ---------------------------------------------------------------
**
** If Header processing
**
*/
/* add_if_resource returns a new if_header, linking it to next_ih.
*/
static dav_if_header *dav_add_if_resource(apr_pool_t *p, dav_if_header *next_ih,
const char *uri, size_t uri_len)
{
dav_if_header *ih;
if ((ih = apr_pcalloc(p, sizeof(*ih))) == NULL)
return NULL;
ih->uri = uri;
ih->uri_len = uri_len;
ih->next = next_ih;
return ih;
}
/* add_if_state adds a condition to an if_header.
*/
static dav_error * dav_add_if_state(apr_pool_t *p, dav_if_header *ih,
const char *state_token,
dav_if_state_type t, int condition,
const dav_hooks_locks *locks_hooks)
{
dav_if_state_list *new_sl;
new_sl = apr_pcalloc(p, sizeof(*new_sl));
new_sl->condition = condition;
new_sl->type = t;
if (t == dav_if_opaquelock) {
dav_error *err;
if ((err = (*locks_hooks->parse_locktoken)(p, state_token,
&new_sl->locktoken)) != NULL) {
/* ### maybe add a higher-level description */
return err;
}
}
else
new_sl->etag = state_token;
new_sl->next = ih->state;
ih->state = new_sl;
return NULL;
}
/* fetch_next_token returns the substring from str+1
* to the next occurence of char term, or \0, whichever
* occurs first. Leading whitespace is ignored.
*/
static char *dav_fetch_next_token(char **str, char term)
{
char *sp;
char *token;
token = *str + 1;
while (*token && (*token == ' ' || *token == '\t'))
token++;
if ((sp = strchr(token, term)) == NULL)
return NULL;
*sp = '\0';
*str = sp;
return token;
}
/* dav_process_if_header:
*
* If NULL (no error) is returned, then **if_header points to the
* "If" productions structure (or NULL if "If" is not present).
*
* ### this part is bogus:
* If an error is encountered, the error is logged. Parent should
* return err->status.
*/
static dav_error * dav_process_if_header(request_rec *r, dav_if_header **p_ih)
{
dav_error *err;
char *str;
char *list;
const char *state_token;
const char *uri = NULL; /* scope of current production; NULL=no-tag */
size_t uri_len = 0;
dav_if_header *ih = NULL;
apr_uri_t parsed_uri;
const dav_hooks_locks *locks_hooks = DAV_GET_HOOKS_LOCKS(r);
enum {no_tagged, tagged, unknown} list_type = unknown;
int condition;
*p_ih = NULL;
if ((str = apr_pstrdup(r->pool, apr_table_get(r->headers_in, "If"))) == NULL)
return NULL;
while (*str) {
switch(*str) {
case '<':
/* Tagged-list production - following states apply to this uri */
if (list_type == no_tagged
|| ((uri = dav_fetch_next_token(&str, '>')) == NULL)) {
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_TAGGED,
"Invalid If-header: unclosed \"<\" or "
"unexpected tagged-list production.");
}
/* 2518 specifies this must be an absolute URI; just take the
* relative part for later comparison against r->uri */
if (apr_uri_parse(r->pool, uri, &parsed_uri) != APR_SUCCESS) {
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_TAGGED,
"Invalid URI in tagged If-header.");
}
/* note that parsed_uri.path is allocated; we can trash it */
/* clean up the URI a bit */
ap_getparents(parsed_uri.path);
uri_len = strlen(parsed_uri.path);
if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/')
parsed_uri.path[--uri_len] = '\0';
uri = parsed_uri.path;
list_type = tagged;
break;
case '(':
/* List production */
/* If a uri has not been encountered, this is a No-Tagged-List */
if (list_type == unknown)
list_type = no_tagged;
if ((list = dav_fetch_next_token(&str, ')')) == NULL) {
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_UNCLOSED_PAREN,
"Invalid If-header: unclosed \"(\".");
}
if ((ih = dav_add_if_resource(r->pool, ih, uri, uri_len)) == NULL) {
/* ### dav_add_if_resource() should return an error for us! */
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_PARSE,
"Internal server error parsing \"If:\" "
"header.");
}
condition = DAV_IF_COND_NORMAL;
while (*list) {
/* List is the entire production (in a uri scope) */
switch (*list) {
case '<':
if ((state_token = dav_fetch_next_token(&list, '>')) == NULL) {
/* ### add a description to this error */
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_PARSE, NULL);
}
if ((err = dav_add_if_state(r->pool, ih, state_token, dav_if_opaquelock,
condition, locks_hooks)) != NULL) {
/* ### maybe add a higher level description */
return err;
}
condition = DAV_IF_COND_NORMAL;
break;
case '[':
if ((state_token = dav_fetch_next_token(&list, ']')) == NULL) {
/* ### add a description to this error */
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_PARSE, NULL);
}
if ((err = dav_add_if_state(r->pool, ih, state_token, dav_if_etag,
condition, locks_hooks)) != NULL) {
/* ### maybe add a higher level description */
return err;
}
condition = DAV_IF_COND_NORMAL;
break;
case 'N':
if (list[1] == 'o' && list[2] == 't') {
if (condition != DAV_IF_COND_NORMAL) {
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_MULTIPLE_NOT,
"Invalid \"If:\" header: "
"Multiple \"not\" entries "
"for the same state.");
}
condition = DAV_IF_COND_NOT;
}
list += 2;
break;
case ' ':
case '\t':
break;
default:
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_UNK_CHAR,
apr_psprintf(r->pool,
"Invalid \"If:\" "
"header: Unexpected "
"character encountered "
"(0x%02x, '%c').",
*list, *list));
}
list++;
}
break;
case ' ':
case '\t':
break;
default:
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_UNK_CHAR,
apr_psprintf(r->pool,
"Invalid \"If:\" header: "
"Unexpected character "
"encountered (0x%02x, '%c').",
*str, *str));
}
str++;
}
*p_ih = ih;
return NULL;
}
static int dav_find_submitted_locktoken(const dav_if_header *if_header,
const dav_lock *lock_list,
const dav_hooks_locks *locks_hooks)
{
for (; if_header != NULL; if_header = if_header->next) {
const dav_if_state_list *state_list;
for (state_list = if_header->state;
state_list != NULL;
state_list = state_list->next) {
if (state_list->type == dav_if_opaquelock) {
const dav_lock *lock;
/* given state_list->locktoken, match it */
/*
** The resource will have one or more lock tokens. We only
** need to match one of them against any token in the
** If: header.
**
** One token case: It is an exclusive or shared lock. Either
** way, we must find it.
**
** N token case: They are shared locks. By policy, we need
** to match only one. The resource's other
** tokens may belong to somebody else (so we
** shouldn't see them in the If: header anyway)
*/
for (lock = lock_list; lock != NULL; lock = lock->next) {
if (!(*locks_hooks->compare_locktoken)(state_list->locktoken, lock->locktoken)) {
return 1;
}
}
}
}
}
return 0;
}
/* dav_validate_resource_state:
* Returns NULL if path/uri meets if-header and lock requirements
*/
static dav_error * dav_validate_resource_state(apr_pool_t *p,
const dav_resource *resource,
dav_lockdb *lockdb,
const dav_if_header *if_header,
int flags,
dav_buffer *pbuf,
request_rec *r)
{
dav_error *err;
const char *uri;
const char *etag;
const dav_hooks_locks *locks_hooks = (lockdb ? lockdb->hooks : NULL);
const dav_if_header *ifhdr_scan;
dav_if_state_list *state_list;
dav_lock *lock_list;
dav_lock *lock;
int num_matched;
int num_that_apply;
int seen_locktoken;
apr_size_t uri_len;
const char *reason = NULL;
/* DBG1("validate: <%s>", resource->uri); */
/*
** The resource will have one of three states:
**
** 1) No locks. We have no special requirements that the user supply
** specific locktokens. One of the state lists must match, and
** we're done.
**
** 2) One exclusive lock. The locktoken must appear *anywhere* in the
** If: header. Of course, asserting the token in a "Not" term will
** quickly fail that state list :-). If the locktoken appears in
** one of the state lists *and* one state list matches, then we're
** done.
**
** 3) One or more shared locks. One of the locktokens must appear
** *anywhere* in the If: header. If one of the locktokens appears,
** and we match one state list, then we are done.
**
** The <seen_locktoken> variable determines whether we have seen one
** of this resource's locktokens in the If: header.
*/
/*
** If this is a new lock request, <flags> will contain the requested
** lock scope. Three rules apply:
**
** 1) Do not require a (shared) locktoken to be seen (when we are
** applying another shared lock)
** 2) If the scope is exclusive and we see any locks, fail.
** 3) If the scope is shared and we see an exclusive lock, fail.
*/
if (lockdb == NULL) {
/* we're in State 1. no locks. */
lock_list = NULL;
}
else {
/*
** ### hrm... we don't need to have these fully
** ### resolved since we're only looking at the
** ### locktokens...
**
** ### use get_locks w/ calltype=PARTIAL
*/
if ((err = dav_lock_query(lockdb, resource, &lock_list)) != NULL) {
return dav_push_error(p,
HTTP_INTERNAL_SERVER_ERROR, 0,
"The locks could not be queried for "
"verification against a possible \"If:\" "
"header.",
err);
}
/* lock_list now determines whether we're in State 1, 2, or 3. */
}
/*
** For a new, exclusive lock: if any locks exist, fail.
** For a new, shared lock: if an exclusive lock exists, fail.
** else, do not require a token to be seen.
*/
if (flags & DAV_LOCKSCOPE_EXCLUSIVE) {
if (lock_list != NULL) {
return dav_new_error(p, HTTP_LOCKED, 0,
"Existing lock(s) on the requested resource "
"prevent an exclusive lock.");
}
/*
** There are no locks, so we can pretend that we've already met
** any requirement to find the resource's locks in an If: header.
*/
seen_locktoken = 1;
}
else if (flags & DAV_LOCKSCOPE_SHARED) {
/*
** Strictly speaking, we don't need this loop. Either the first
** (and only) lock will be EXCLUSIVE, or none of them will be.
*/
for (lock = lock_list; lock != NULL; lock = lock->next) {
if (lock->scope == DAV_LOCKSCOPE_EXCLUSIVE) {
return dav_new_error(p, HTTP_LOCKED, 0,
"The requested resource is already "
"locked exclusively.");
}
}
/*
** The locks on the resource (if any) are all shared. Set the
** <seen_locktoken> flag to indicate that we do not need to find
** the locks in an If: header.
*/
seen_locktoken = 1;
}
else {
/*
** For methods other than LOCK:
**
** If we have no locks, then <seen_locktoken> can be set to true --
** pretending that we've already met the requirement of seeing one
** of the resource's locks in the If: header.
**
** Otherwise, it must be cleared and we'll look for one.
*/
seen_locktoken = (lock_list == NULL);
}
/*
** If there is no If: header, then we can shortcut some logic:
**
** 1) if we do not need to find a locktoken in the (non-existent) If:
** header, then we are successful.
**
** 2) if we must find a locktoken in the (non-existent) If: header, then
** we fail.
*/
if (if_header == NULL) {
if (seen_locktoken)
return NULL;
return dav_new_error(p, HTTP_LOCKED, 0,
"This resource is locked and an \"If:\" header "
"was not supplied to allow access to the "
"resource.");
}
/* the If: header is present */
/*
** If a dummy header is present (because of a Lock-Token: header), then
** we are required to find that token in this resource's set of locks.
** If we have no locks, then we immediately fail.
**
** This is a 400 (Bad Request) since they should only submit a locktoken
** that actually exists.
**
** Don't issue this response if we're talking about the parent resource.
** It is okay for that resource to NOT have this locktoken.
** (in fact, it certainly will not: a dummy_header only occurs for the
** UNLOCK method, the parent is checked only for locknull resources,
** and the parent certainly does not have the (locknull's) locktoken)
*/
if (lock_list == NULL && if_header->dummy_header) {
if (flags & DAV_VALIDATE_IS_PARENT)
return NULL;
return dav_new_error(p, HTTP_BAD_REQUEST, 0,
"The locktoken specified in the \"Lock-Token:\" "
"header is invalid because this resource has no "
"outstanding locks.");
}
/*
** Prepare the input URI. We want the URI to never have a trailing slash.
**
** When URIs are placed into the dav_if_header structure, they are
** guaranteed to never have a trailing slash. If the URIs are equivalent,
** then it doesn't matter if they both lack a trailing slash -- they're
** still equivalent.
**
** Note: we could also ensure that a trailing slash is present on both
** URIs, but the majority of URIs provided to us via a resource walk
** will not contain that trailing slash.
*/
uri = resource->uri;
uri_len = strlen(uri);
if (uri[uri_len - 1] == '/') {
dav_set_bufsize(p, pbuf, uri_len);
memcpy(pbuf->buf, uri, uri_len);
pbuf->buf[--uri_len] = '\0';
uri = pbuf->buf;
}
/* get the resource's etag; we may need it during the checks */
etag = (*resource->hooks->getetag)(resource);
/* how many state_lists apply to this URI? */
num_that_apply = 0;
/* If there are if-headers, fail if this resource
* does not match at least one state_list.
*/
for (ifhdr_scan = if_header;
ifhdr_scan != NULL;
ifhdr_scan = ifhdr_scan->next) {
/* DBG2("uri=<%s> if_uri=<%s>", uri, ifhdr_scan->uri ? ifhdr_scan->uri : "(no uri)"); */
if (ifhdr_scan->uri != NULL
&& (uri_len != ifhdr_scan->uri_len
|| memcmp(uri, ifhdr_scan->uri, uri_len) != 0)) {
/*
** A tagged-list's URI doesn't match this resource's URI.
** Skip to the next state_list to see if it will match.
*/
continue;
}
/* this state_list applies to this resource */
/*
** ### only one state_list should ever apply! a no-tag, or a tagged
** ### where S9.4.2 states only one can match.
**
** ### revamp this code to loop thru ifhdr_scan until we find the
** ### matching state_list. process it. stop.
*/
++num_that_apply;
/* To succeed, resource must match *all* of the states
* specified in the state_list.
*/
for (state_list = ifhdr_scan->state;
state_list != NULL;
state_list = state_list->next) {
switch(state_list->type) {
case dav_if_etag:
{
int mismatch = strcmp(state_list->etag, etag);
if (state_list->condition == DAV_IF_COND_NORMAL && mismatch) {
/*
** The specified entity-tag does not match the
** entity-tag on the resource. This state_list is
** not going to match. Bust outta here.
*/
reason =
"an entity-tag was specified, but the resource's "
"actual ETag does not match.";
goto state_list_failed;
}
else if (state_list->condition == DAV_IF_COND_NOT
&& !mismatch) {
/*
** The specified entity-tag DOES match the
** entity-tag on the resource. This state_list is
** not going to match. Bust outta here.
*/
reason =
"an entity-tag was specified using the \"Not\" form, "
"but the resource's actual ETag matches the provided "
"entity-tag.";
goto state_list_failed;
}
break;
}
case dav_if_opaquelock:
if (lockdb == NULL) {
if (state_list->condition == DAV_IF_COND_NOT) {
/* the locktoken is definitely not there! (success) */
continue;
}
/* condition == DAV_IF_COND_NORMAL */
/*
** If no lockdb is provided, then validation fails for
** this state_list (NORMAL means we were supposed to
** find the token, which we obviously cannot do without
** a lock database).
**
** Go and try the next state list.
*/
reason =
"a State-token was supplied, but a lock database "
"is not available for to provide the required lock.";
goto state_list_failed;
}
/* Resource validation 'fails' if:
* ANY of the lock->locktokens match
* a NOT state_list->locktoken,
* OR
* NONE of the lock->locktokens match
* a NORMAL state_list->locktoken.
*/
num_matched = 0;
for (lock = lock_list; lock != NULL; lock = lock->next) {
/*
DBG2("compare: rsrc=%s ifhdr=%s",
(*locks_hooks->format_locktoken)(p, lock->locktoken),
(*locks_hooks->format_locktoken)(p, state_list->locktoken));
*/
/* nothing to do if the locktokens do not match. */
if ((*locks_hooks->compare_locktoken)(state_list->locktoken, lock->locktoken)) {
continue;
}
/*
** We have now matched up one of the resource's locktokens
** to a locktoken in a State-token in the If: header.
** Note this fact, so that we can pass the overall
** requirement of seeing at least one of the resource's
** locktokens.
*/
seen_locktoken = 1;
if (state_list->condition == DAV_IF_COND_NOT) {
/*
** This state requires that the specified locktoken
** is NOT present on the resource. But we just found
** it. There is no way this state-list can now
** succeed, so go try another one.
*/
reason =
"a State-token was supplied, which used a "
"\"Not\" condition. The State-token was found "
"in the locks on this resource";
goto state_list_failed;
}
/* condition == DAV_IF_COND_NORMAL */
/* Validate auth_user: If an authenticated user created
** the lock, only the same user may submit that locktoken
** to manipulate a resource.
*/
if (lock->auth_user &&
(!r->user ||
strcmp(lock->auth_user, r->user))) {
const char *errmsg;
errmsg = apr_pstrcat(p, "User \"",
r->user,
"\" submitted a locktoken created "
"by user \"",
lock->auth_user, "\".", NULL);
return dav_new_error(p, HTTP_UNAUTHORIZED, 0, errmsg);
}
/*
** We just matched a specified State-Token to one of the
** resource's locktokens.
**
** Break out of the lock scan -- we only needed to find
** one match (actually, there shouldn't be any other
** matches in the lock list).
*/
num_matched = 1;
break;
}
if (num_matched == 0
&& state_list->condition == DAV_IF_COND_NORMAL) {
/*
** We had a NORMAL state, meaning that we should have
** found the State-Token within the locks on this
** resource. We didn't, so this state_list must fail.
*/
reason =
"a State-token was supplied, but it was not found "
"in the locks on this resource.";
goto state_list_failed;
}
break;
} /* switch */
} /* foreach ( state_list ) */
/*
** We've checked every state in this state_list and none of them
** have failed. Since all of them succeeded, then we have a matching
** state list and we may be done.
**
** The next requirement is that we have seen one of the resource's
** locktokens (if any). If we have, then we can just exit. If we
** haven't, then we need to keep looking.
*/
if (seen_locktoken) {
/* woo hoo! */
return NULL;
}
/*
** Haven't seen one. Let's break out of the search and just look
** for a matching locktoken.
*/
break;
/*
** This label is used when we detect that a state_list is not
** going to match this resource. We bust out and try the next
** state_list.
*/
state_list_failed:
;
} /* foreach ( ifhdr_scan ) */
/*
** The above loop exits for one of two reasons:
** 1) a state_list matched and seen_locktoken is false.
** 2) all if_header structures were scanned, without (1) occurring
*/
if (ifhdr_scan == NULL) {
/*
** We finished the loop without finding any matching state lists.
*/
/*
** If none of the state_lists apply to this resource, then we
** may have succeeded. Note that this scenario implies a
** tagged-list with no matching state_lists. If the If: header
** was a no-tag-list, then it would have applied to this resource.
**
** S9.4.2 states that when no state_lists apply, then the header
** should be ignored.
**
** If we saw one of the resource's locktokens, then we're done.
** If we did not see a locktoken, then we fail.
*/
if (num_that_apply == 0) {
if (seen_locktoken)
return NULL;
/*
** We may have aborted the scan before seeing the locktoken.
** Rescan the If: header to see if we can find the locktoken
** somewhere.
**
** Note that seen_locktoken == 0 implies lock_list != NULL
** which implies locks_hooks != NULL.
*/
if (dav_find_submitted_locktoken(if_header, lock_list,
locks_hooks)) {
/*
** We found a match! We're set... none of the If: header
** assertions apply (implicit success), and the If: header
** specified the locktoken somewhere. We're done.
*/
return NULL;
}
return dav_new_error(p, HTTP_LOCKED, 0 /* error_id */,
"This resource is locked and the \"If:\" "
"header did not specify one of the "
"locktokens for this resource's lock(s).");
}
/* else: one or more state_lists were applicable, but failed. */
/*
** If the dummy_header did not match, then they specified an
** incorrect token in the Lock-Token header. Forget whether the
** If: statement matched or not... we'll tell them about the
** bad Lock-Token first. That is considered a 400 (Bad Request).
*/
if (if_header->dummy_header) {
return dav_new_error(p, HTTP_BAD_REQUEST, 0,
"The locktoken specified in the "
"\"Lock-Token:\" header did not specify one "
"of this resource's locktoken(s).");
}
if (reason == NULL) {
return dav_new_error(p, HTTP_PRECONDITION_FAILED, 0,
"The preconditions specified by the \"If:\" "
"header did not match this resource.");
}
return dav_new_error(p, HTTP_PRECONDITION_FAILED, 0,
apr_psprintf(p,
"The precondition(s) specified by "
"the \"If:\" header did not match "
"this resource. At least one "
"failure is because: %s", reason));
}
/* assert seen_locktoken == 0 */
/*
** ifhdr_scan != NULL implies we found a matching state_list.
**
** Since we're still here, it also means that we have not yet found
** one the resource's locktokens in the If: header.
**
** Scan all the if_headers and states looking for one of this
** resource's locktokens. Note that we need to go back and scan them
** all -- we may have aborted a scan with a failure before we saw a
** matching token.
**
** Note that seen_locktoken == 0 implies lock_list != NULL which implies
** locks_hooks != NULL.
*/
if (dav_find_submitted_locktoken(if_header, lock_list, locks_hooks)) {
/*
** We found a match! We're set... we have a matching state list,
** and the If: header specified the locktoken somewhere. We're done.
*/
return NULL;
}
/*
** We had a matching state list, but the user agent did not specify one
** of this resource's locktokens. Tell them so.
**
** Note that we need to special-case the message on whether a "dummy"
** header exists. If it exists, yet we didn't see a needed locktoken,
** then that implies the dummy header (Lock-Token header) did NOT
** specify one of this resource's locktokens. (this implies something
** in the real If: header matched)
**
** We want to note the 400 (Bad Request) in favor of a 423 (Locked).
*/
if (if_header->dummy_header) {
return dav_new_error(p, HTTP_BAD_REQUEST, 0,
"The locktoken specified in the "
"\"Lock-Token:\" header did not specify one "
"of this resource's locktoken(s).");
}
return dav_new_error(p, HTTP_LOCKED, 1 /* error_id */,
"This resource is locked and the \"If:\" header "
"did not specify one of the "
"locktokens for this resource's lock(s).");
}
/* dav_validate_walker: Walker callback function to validate resource state */
static dav_error * dav_validate_walker(dav_walk_resource *wres, int calltype)
{
dav_walker_ctx *ctx = wres->walk_ctx;
dav_error *err;
if ((err = dav_validate_resource_state(ctx->w.pool, wres->resource,
ctx->w.lockdb,
ctx->if_header, ctx->flags,
&ctx->work_buf, ctx->r)) == NULL) {
/* There was no error, so just bug out. */
return NULL;
}
/*
** If we have a serious server error, or if the request itself failed,
** then just return error (not a multistatus).
*/
if (ap_is_HTTP_SERVER_ERROR(err->status)
|| (*wres->resource->hooks->is_same_resource)(wres->resource,
ctx->w.root)) {
/* ### maybe push a higher-level description? */
return err;
}
/* associate the error with the current URI */
dav_add_response(wres, err->status, NULL);
return NULL;
}
/*
** dav_validate_request: Validate if-headers (and check for locks) on:
** (1) r->filename @ depth;
** (2) Parent of r->filename if check_parent == 1
**
** The check of parent should be done when it is necessary to verify that
** the parent collection will accept a new member (ie current resource
** state is null).
**
** Return OK on successful validation.
** On error, return appropriate HTTP_* code, and log error. If a multi-stat
** error is necessary, response will point to it, else NULL.
*/
dav_error * dav_validate_request(request_rec *r, dav_resource *resource,
int depth, dav_locktoken *locktoken,
dav_response **response, int flags,
dav_lockdb *lockdb)
{
dav_error *err;
int result;
dav_if_header *if_header;
int lock_db_opened_locally = 0;
const dav_hooks_locks *locks_hooks = DAV_GET_HOOKS_LOCKS(r);
const dav_hooks_repository *repos_hooks = resource->hooks;
dav_buffer work_buf = { 0 };
dav_response *new_response;
#if DAV_DEBUG
if (depth && response == NULL) {
/*
** ### bleck. we can't return errors for other URIs unless we have
** ### a "response" ptr.
*/
return dav_new_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
"DESIGN ERROR: dav_validate_request called "
"with depth>0, but no response ptr.");
}
#endif
if (response != NULL)
*response = NULL;
/* Do the standard checks for conditional requests using
* If-..-Since, If-Match etc */
if ((result = ap_meets_conditions(r)) != OK) {
/* ### fix this up... how? */
return dav_new_error(r->pool, result, 0, NULL);
}
/* always parse (and later process) the If: header */
if ((err = dav_process_if_header(r, &if_header)) != NULL) {
/* ### maybe add higher-level description */
return err;
}
/* If a locktoken was specified, create a dummy if_header with which
* to validate resources. In the interim, figure out why DAV uses
* locktokens in an if-header without a Lock-Token header to refresh
* locks, but a Lock-Token header without an if-header to remove them.
*/
if (locktoken != NULL) {
dav_if_header *ifhdr_new;
ifhdr_new = apr_pcalloc(r->pool, sizeof(*ifhdr_new));
ifhdr_new->uri = resource->uri;
ifhdr_new->uri_len = strlen(resource->uri);
ifhdr_new->dummy_header = 1;
ifhdr_new->state = apr_pcalloc(r->pool, sizeof(*ifhdr_new->state));
ifhdr_new->state->type = dav_if_opaquelock;
ifhdr_new->state->condition = DAV_IF_COND_NORMAL;
ifhdr_new->state->locktoken = locktoken;
ifhdr_new->next = if_header;
if_header = ifhdr_new;
}
/*
** If necessary, open the lock database (read-only, lazily);
** the validation process may need to retrieve or update lock info.
** Otherwise, assume provided lockdb is valid and opened rw.
*/
if (lockdb == NULL) {
if (locks_hooks != NULL) {
if ((err = (*locks_hooks->open_lockdb)(r, 0, 0, &lockdb)) != NULL) {
/* ### maybe insert higher-level comment */
return err;
}
lock_db_opened_locally = 1;
}
}
/* (1) Validate the specified resource, at the specified depth */
if (resource->exists && depth > 0) {
dav_walker_ctx ctx = { { 0 } };
dav_response *multi_status;
ctx.w.walk_type = DAV_WALKTYPE_NORMAL;
ctx.w.func = dav_validate_walker;
ctx.w.walk_ctx = &ctx;
ctx.w.pool = r->pool;
ctx.w.root = resource;
ctx.if_header = if_header;
ctx.r = r;
ctx.flags = flags;
if (lockdb != NULL) {
ctx.w.lockdb = lockdb;
ctx.w.walk_type |= DAV_WALKTYPE_LOCKNULL;
}
err = (*repos_hooks->walk)(&ctx.w, DAV_INFINITY, &multi_status);
if (err == NULL) {
*response = multi_status;;
}
/* else: implies a 5xx status code occurred. */
}
else {
err = dav_validate_resource_state(r->pool, resource, lockdb,
if_header, flags, &work_buf, r);
}
/* (2) Validate the parent resource if requested */
if (err == NULL && (flags & DAV_VALIDATE_PARENT)) {
dav_resource *parent_resource;
err = (*repos_hooks->get_parent_resource)(resource, &parent_resource);
if (err == NULL && parent_resource == NULL) {
err = dav_new_error(r->pool, HTTP_FORBIDDEN, 0,
"Cannot access parent of repository root.");
}
else if (err == NULL) {
err = dav_validate_resource_state(r->pool, parent_resource, lockdb,
if_header,
flags | DAV_VALIDATE_IS_PARENT,
&work_buf, r);
/*
** This error occurred on the parent resource. This implies that
** we have to create a multistatus response (to report the error
** against a URI other than the Request-URI). "Convert" this error
** into a multistatus response.
*/
if (err != NULL) {
new_response = apr_pcalloc(r->pool, sizeof(*new_response));
new_response->href = parent_resource->uri;
new_response->status = err->status;
new_response->desc =
"A validation error has occurred on the parent resource, "
"preventing the operation on the resource specified by "
"the Request-URI.";
if (err->desc != NULL) {
new_response->desc = apr_pstrcat(r->pool,
new_response->desc,
" The error was: ",
err->desc, NULL);
}
/* assert: DAV_VALIDATE_PARENT implies response != NULL */
new_response->next = *response;
*response = new_response;
err = NULL;
}
}
}
if (lock_db_opened_locally)
(*locks_hooks->close_lockdb)(lockdb);
/*
** If we don't have a (serious) error, and we have multistatus responses,
** then we need to construct an "error". This error will be the overall
** status returned, and the multistatus responses will go into its body.
**
** For certain methods, the overall error will be a 424. The default is
** to construct a standard 207 response.
*/
if (err == NULL && response != NULL && *response != NULL) {
ap_text *propstat = NULL;
if ((flags & DAV_VALIDATE_USE_424) != 0) {
/* manufacture a 424 error to hold the multistatus response(s) */
return dav_new_error(r->pool, HTTP_FAILED_DEPENDENCY, 0,
"An error occurred on another resource, "
"preventing the requested operation on "
"this resource.");
}
/*
** Whatever caused the error, the Request-URI should have a 424
** associated with it since we cannot complete the method.
**
** For a LOCK operation, insert an empty DAV:lockdiscovery property.
** For other methods, return a simple 424.
*/
if ((flags & DAV_VALIDATE_ADD_LD) != 0) {
propstat = apr_pcalloc(r->pool, sizeof(*propstat));
propstat->text =
"<D:propstat>" DEBUG_CR
"<D:prop><D:lockdiscovery/></D:prop>" DEBUG_CR
"<D:status>HTTP/1.1 424 Failed Dependency</D:status>" DEBUG_CR
"</D:propstat>" DEBUG_CR;
}
/* create the 424 response */
new_response = apr_pcalloc(r->pool, sizeof(*new_response));
new_response->href = resource->uri;
new_response->status = HTTP_FAILED_DEPENDENCY;
new_response->propresult.propstats = propstat;
new_response->desc =
"An error occurred on another resource, preventing the "
"requested operation on this resource.";
new_response->next = *response;
*response = new_response;
/* manufacture a 207 error for the multistatus response(s) */
return dav_new_error(r->pool, HTTP_MULTI_STATUS, 0,
"Error(s) occurred on resources during the "
"validation process.");
}
return err;
}
/* dav_get_locktoken_list:
*
* Sets ltl to a locktoken_list of all positive locktokens in header,
* else NULL if no If-header, or no positive locktokens.
*/
dav_error * dav_get_locktoken_list(request_rec *r, dav_locktoken_list **ltl)
{
dav_error *err;
dav_if_header *if_header;
dav_if_state_list *if_state;
dav_locktoken_list *lock_token = NULL;
*ltl = NULL;
if ((err = dav_process_if_header(r, &if_header)) != NULL) {
/* ### add a higher-level description? */
return err;
}
while (if_header != NULL) {
if_state = if_header->state; /* Begining of the if_state linked list */
while (if_state != NULL) {
if (if_state->condition == DAV_IF_COND_NORMAL
&& if_state->type == dav_if_opaquelock) {
lock_token = apr_pcalloc(r->pool, sizeof(dav_locktoken_list));
lock_token->locktoken = if_state->locktoken;
lock_token->next = *ltl;
*ltl = lock_token;
}
if_state = if_state->next;
}
if_header = if_header->next;
}
if (*ltl == NULL) {
/* No nodes added */
return dav_new_error(r->pool, HTTP_BAD_REQUEST, DAV_ERR_IF_ABSENT,
"No locktokens were specified in the \"If:\" "
"header, so the refresh could not be performed.");
}
return NULL;
}
#if 0 /* not needed right now... */
static const char *strip_white(const char *s, apr_pool_t *pool)
{
apr_size_t idx;
/* trim leading whitespace */
while (apr_isspace(*s)) /* assume: return false for '\0' */
++s;
/* trim trailing whitespace */
idx = strlen(s) - 1;
if (apr_isspace(s[idx])) {
char *s2 = apr_pstrdup(pool, s);
while (apr_isspace(s2[idx]) && idx > 0)
--idx;
s2[idx + 1] = '\0';
return s2;
}
return s;
}
#endif
#define DAV_LABEL_HDR "Label"
/* dav_add_vary_header
*
* If there were any headers in the request which require a Vary header
* in the response, add it.
*/
void dav_add_vary_header(request_rec *in_req,
request_rec *out_req,
const dav_resource *resource)
{
const dav_hooks_vsn *vsn_hooks = DAV_GET_HOOKS_VSN(in_req);
/* ### this is probably all wrong... I think there is a function in
### the Apache API to add things to the Vary header. need to check */
/* Only versioning headers require a Vary response header,
* so only do this check if there is a versioning provider */
if (vsn_hooks != NULL) {
const char *target = apr_table_get(in_req->headers_in, DAV_LABEL_HDR);
const char *vary = apr_table_get(out_req->headers_out, "Vary");
/* If Target-Selector specified, add it to the Vary header */
if (target != NULL) {
if (vary == NULL)
vary = DAV_LABEL_HDR;
else
vary = apr_pstrcat(out_req->pool, vary, "," DAV_LABEL_HDR,
NULL);
apr_table_setn(out_req->headers_out, "Vary", vary);
}
}
}
/* dav_can_auto_checkout
*
* Determine whether auto-checkout is enabled for a resource.
* r - the request_rec
* resource - the resource
* auto_version - the value of the auto_versionable hook for the resource
* lockdb - pointer to lock database (opened if necessary)
* auto_checkout - set to 1 if auto-checkout enabled
*/
static dav_error * dav_can_auto_checkout(
request_rec *r,
dav_resource *resource,
dav_auto_version auto_version,
dav_lockdb **lockdb,
int *auto_checkout)
{
dav_error *err;
dav_lock *lock_list;
*auto_checkout = 0;
if (auto_version == DAV_AUTO_VERSION_ALWAYS) {
*auto_checkout = 1;
}
else if (auto_version == DAV_AUTO_VERSION_LOCKED) {
if (*lockdb == NULL) {
const dav_hooks_locks *locks_hooks = DAV_GET_HOOKS_LOCKS(r);
if (locks_hooks == NULL) {
return dav_new_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
"Auto-checkout is only enabled for locked resources, "
"but there is no lock provider.");
}
if ((err = (*locks_hooks->open_lockdb)(r, 0, 0, lockdb)) != NULL) {
return dav_push_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
"Cannot open lock database to determine "
"auto-versioning behavior.",
err);
}
}
if ((err = dav_lock_query(*lockdb, resource, &lock_list)) != NULL) {
return dav_push_error(r->pool,
HTTP_INTERNAL_SERVER_ERROR, 0,
"The locks could not be queried for "
"determining auto-versioning behavior.",
err);
}
if (lock_list != NULL)
*auto_checkout = 1;
}
return NULL;
}
/* see mod_dav.h for docco */
dav_error *dav_auto_checkout(
request_rec *r,
dav_resource *resource,
int parent_only,
dav_auto_version_info *av_info)
{
const dav_hooks_vsn *vsn_hooks = DAV_GET_HOOKS_VSN(r);
dav_lockdb *lockdb = NULL;
dav_error *err = NULL;
/* Initialize results */
memset(av_info, 0, sizeof(*av_info));
/* if no versioning provider, just return */
if (vsn_hooks == NULL)
return NULL;
/* check parent resource if requested or if resource must be created */
if (!resource->exists || parent_only) {
dav_resource *parent;
if ((err = (*resource->hooks->get_parent_resource)(resource,
&parent)) != NULL)
goto done;
if (parent == NULL || !parent->exists) {
err = dav_new_error(r->pool, HTTP_CONFLICT, 0,
apr_psprintf(r->pool,
"Missing one or more intermediate "
"collections. Cannot create resource %s.",
ap_escape_html(r->pool, resource->uri)));
goto done;
}
av_info->parent_resource = parent;
/* if parent versioned and not checked out, see if it can be */
if (parent->versioned && !parent->working) {
int checkout_parent;
if ((err = dav_can_auto_checkout(r, parent,
(*vsn_hooks->auto_versionable)(parent),
&lockdb, &checkout_parent))
!= NULL) {
goto done;
}
if (!checkout_parent) {
err = dav_new_error(r->pool, HTTP_CONFLICT, 0,
"<DAV:cannot-modify-checked-in-parent>");
goto done;
}
/* Try to checkout the parent collection.
* Note that auto-versioning can only be applied to a version selector,
* so no separate working resource will be created.
*/
if ((err = (*vsn_hooks->checkout)(parent, 1 /*auto_checkout*/,
0, 0, 0, NULL, NULL))
!= NULL)
{
err = dav_push_error(r->pool, HTTP_CONFLICT, 0,
apr_psprintf(r->pool,
"Unable to auto-checkout parent collection. "
"Cannot create resource %s.",
ap_escape_html(r->pool, resource->uri)),
err);
goto done;
}
/* remember that parent was checked out */
av_info->parent_checkedout = 1;
}
}
/* if only checking parent, we're done */
if (parent_only)
goto done;
/* if creating a new resource, see if it should be version-controlled */
if (!resource->exists
&& (*vsn_hooks->auto_versionable)(resource) == DAV_AUTO_VERSION_ALWAYS) {
if ((err = (*vsn_hooks->vsn_control)(resource, NULL)) != NULL) {
err = dav_push_error(r->pool, HTTP_CONFLICT, 0,
apr_psprintf(r->pool,
"Unable to create versioned resource %s.",
ap_escape_html(r->pool, resource->uri)),
err);
goto done;
}
/* remember that resource was created */
av_info->resource_versioned = 1;
}
/* if resource is versioned, make sure it is checked out */
if (resource->versioned && !resource->working) {
int checkout_resource;
if ((err = dav_can_auto_checkout(r, resource,
(*vsn_hooks->auto_versionable)(resource),
&lockdb, &checkout_resource)) != NULL) {
goto done;
}
if (!checkout_resource) {
err = dav_new_error(r->pool, HTTP_CONFLICT, 0,
"<DAV:cannot-modify-version-controlled-content>");
goto done;
}
/* Auto-versioning can only be applied to version selectors, so
* no separate working resource will be created. */
if ((err = (*vsn_hooks->checkout)(resource, 1 /*auto_checkout*/,
0, 0, 0, NULL, NULL))
!= NULL)
{
err = dav_push_error(r->pool, HTTP_CONFLICT, 0,
apr_psprintf(r->pool,
"Unable to checkout resource %s.",
ap_escape_html(r->pool, resource->uri)),
err);
goto done;
}
/* remember that resource was checked out */
av_info->resource_checkedout = 1;
}
done:
/* make sure lock database is closed */
if (lockdb != NULL)
(*lockdb->hooks->close_lockdb)(lockdb);
/* if an error occurred, undo any auto-versioning operations already done */
if (err != NULL) {
dav_auto_checkin(r, resource, 1 /*undo*/, 0 /*unlock*/, av_info);
return err;
}
return NULL;
}
/* see mod_dav.h for docco */
dav_error *dav_auto_checkin(
request_rec *r,
dav_resource *resource,
int undo,
int unlock,
dav_auto_version_info *av_info)
{
const dav_hooks_vsn *vsn_hooks = DAV_GET_HOOKS_VSN(r);
dav_error *err = NULL;
dav_auto_version auto_version;
/* If no versioning provider, this is a no-op */
if (vsn_hooks == NULL)
return NULL;
/* If undoing auto-checkouts, then do uncheckouts */
if (undo) {
if (resource != NULL) {
if (av_info->resource_checkedout) {
if ((err = (*vsn_hooks->uncheckout)(resource)) != NULL) {
return dav_push_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
apr_psprintf(r->pool,
"Unable to undo auto-checkout "
"of resource %s.",
ap_escape_html(r->pool, resource->uri)),
err);
}
}
if (av_info->resource_versioned) {
dav_response *response;
/* ### should we do anything with the response? */
if ((err = (*resource->hooks->remove_resource)(resource,
&response)) != NULL) {
return dav_push_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
apr_psprintf(r->pool,
"Unable to undo auto-version-control "
"of resource %s.",
ap_escape_html(r->pool, resource->uri)),
err);
}
}
}
if (av_info->parent_resource != NULL && av_info->parent_checkedout) {
if ((err = (*vsn_hooks->uncheckout)(av_info->parent_resource)) != NULL) {
return dav_push_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
apr_psprintf(r->pool,
"Unable to undo auto-checkout "
"of parent collection %s.",
ap_escape_html(r->pool, av_info->parent_resource->uri)),
err);
}
}
return NULL;
}
/* If the resource was checked out, and auto-checkin is enabled,
* then check it in.
*/
if (resource != NULL && resource->working
&& (unlock || av_info->resource_checkedout)) {
auto_version = (*vsn_hooks->auto_versionable)(resource);
if (auto_version == DAV_AUTO_VERSION_ALWAYS ||
(unlock && (auto_version == DAV_AUTO_VERSION_LOCKED))) {
if ((err = (*vsn_hooks->checkin)(resource,
0 /*keep_checked_out*/, NULL))
!= NULL) {
return dav_push_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
apr_psprintf(r->pool,
"Unable to auto-checkin resource %s.",
ap_escape_html(r->pool, resource->uri)),
err);
}
}
}
/* If parent resource was checked out, and auto-checkin is enabled,
* then check it in.
*/
if (av_info->parent_resource != NULL && av_info->parent_resource->working
&& (unlock || av_info->parent_checkedout)) {
auto_version = (*vsn_hooks->auto_versionable)(av_info->parent_resource);
if (auto_version == DAV_AUTO_VERSION_ALWAYS ||
(unlock && (auto_version == DAV_AUTO_VERSION_LOCKED))) {
if ((err = (*vsn_hooks->checkin)(av_info->parent_resource,
0 /*keep_checked_out*/, NULL))
!= NULL) {
return dav_push_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0,
apr_psprintf(r->pool,
"Unable to auto-checkin parent collection %s.",
ap_escape_html(r->pool, av_info->parent_resource->uri)),
err);
}
}
}
return NULL;
}