proxy_util.c revision 64185f9824e42f21ca7b9ae6c004484215c031a7
/* ====================================================================
* Copyright (c) 1996-2000 The Apache Software Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the Apache Software Foundation
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* 4. The names "Apache Server" and "Apache Software Foundation" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Software Foundation.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the Apache Software Foundation
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* THIS SOFTWARE IS PROVIDED BY THE Apache Software Foundation ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE Apache Software Foundation OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was originally based
* on public domain software written at the National Center for
* Supercomputing Applications, University of Illinois, Urbana-Champaign.
* For more information on the Apache Software Foundation and the Apache HTTP server
* project, please see <http://www.apache.org/>.
*
*/
/* Utility routines for Apache proxy */
#include "mod_proxy.h"
#include "http_main.h"
#include "ap_md5.h"
#include "http_log.h"
#include "util_uri.h"
#include "util_date.h" /* get ap_checkmask() decl. */
#include <pthread.h>
/* already called in the knowledge that the characters are hex digits */
int ap_proxy_hex2c(const char *x)
{
int i, ch;
#ifndef CHARSET_EBCDIC
ch = x[0];
if (ap_isdigit(ch))
i = ch - '0';
else if (ap_isupper(ch))
else
i <<= 4;
ch = x[1];
if (ap_isdigit(ch))
i += ch - '0';
else if (ap_isupper(ch))
else
return i;
#else /*CHARSET_EBCDIC*/
#endif /*CHARSET_EBCDIC*/
}
void ap_proxy_c2hex(int ch, char *x)
{
#ifndef CHARSET_EBCDIC
int i;
x[0] = '%';
if (i >= 10)
x[1] = ('A' - 10) + i;
else
x[1] = '0' + i;
i = ch & 0x0F;
if (i >= 10)
x[2] = ('A' - 10) + i;
else
x[2] = '0' + i;
#else /*CHARSET_EBCDIC*/
static const char ntoa[] = { "0123456789ABCDEF" };
ch &= 0xFF;
x[0] = '%';
x[3] = '\0';
#endif /*CHARSET_EBCDIC*/
}
/*
* canonicalise a URL-encoded string
*/
/*
* Convert a URL-encoded string to canonical form.
* It decodes characters which need not be encoded,
* and encodes those which must be encoded, and does not touch
* those which must not be touched.
*/
char *
{
int i, j, ch;
char *y;
const char *allowed; /* characters which should not be encoded */
/* N.B. in addition to :@&=, this allows ';' in an http path
* and '?' in an ftp path -- this may be revised
*
* Also, it makes a '+' character in a search string reserved, as
* it may be form-encoded. (Although RFC 1738 doesn't allow this -
* it only permits ; / ? : @ = & as reserved chars.)
*/
if (t == enc_path)
allowed = "$-_.+!*'(),;:@&=";
else if (t == enc_search)
allowed = "$-_.!*'(),;:@&=";
else if (t == enc_user)
allowed = "$-_.+!*'(),;@&=";
else if (t == enc_fpath)
allowed = "$-_.+!*'(),?:@&=";
else /* if (t == enc_parm) */
allowed = "$-_.+!*'(),?/:@&=";
if (t == enc_path)
reserved = "/";
else if (t == enc_search)
reserved = "+";
else
reserved = "";
for (i = 0, j = 0; i < len; i++, j++) {
/* always handle '/' first */
ch = x[i];
y[j] = ch;
continue;
}
/* decode it if not already done */
return NULL;
i += 2;
ap_proxy_c2hex(ch, &y[j]);
j += 2;
continue;
}
}
/* recode it, if necessary */
ap_proxy_c2hex(ch, &y[j]);
j += 2;
}
else
y[j] = ch;
}
y[j] = '\0';
return y;
}
/*
* Parses network-location.
* urlp on input the URL; on output the path, after the leading /
* password holder for password
* host holder for host
* port port number; only set if one is supplied.
*
* Returns an error string.
*/
char *
{
int i;
return "Malformed URL";
url = "";
else
*strp = '\0';
/* find password */
*strp = '\0';
return "Bad %-escape in URL (password)";
}
return "Bad %-escape in URL (username)";
}
}
}
*(strp++) = '\0';
for (i = 0; strp[i] != '\0'; i++)
if (!ap_isdigit(strp[i]))
break;
/* if (i == 0) the no port was given; keep default */
if (strp[i] != '\0') {
return "Bad port number in URL";
} else if (i > 0) {
if (*port > 65535)
return "Port number in URL > 65535";
}
}
if (*host == '\0')
return "Missing host in URL";
/* check hostname syntax */
for (i = 0; host[i] != '\0'; i++)
break;
/* must be an IP address */
#ifdef WIN32
#else
#endif
{
return "Bad IP address in URL";
}
/* if (strchr(host,'.') == NULL && domain != NULL)
host = pstrcat(p, host, domain, NULL);
*/
return NULL;
}
static const char * const lwday[7] =
{"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"};
/*
* If the date is a valid RFC 850 date or asctime() date, then it
* is converted to the RFC 1123 format, otherwise it is not modified.
* This routine is not very fast at doing conversions, as it uses
* sscanf and sprintf. However, if the date is already correctly
* formatted, then it exits very quickly.
*/
const char *
ap_proxy_date_canon(ap_context_t *p, const char *x)
{
q = strchr(x, ',');
/* check for RFC 850 date */
*q = '\0';
break;
*q = ',';
if (wk == 7)
return x; /* not a valid date */
if (q[4] != '-' || q[8] != '-' || q[11] != ' ' || q[14] != ':' ||
return x;
return x;
if (year < 70)
year += 2000;
else
year += 1900;
}
else {
/* check for acstime() date */
if (x[3] != ' ' || x[7] != ' ' || x[10] != ' ' || x[13] != ':' ||
x[16] != ':' || x[19] != ' ' || x[24] != '\0')
return x;
return x;
break;
if (wk == 7)
return x;
}
/* check date */
break;
if (mon == 12)
return x;
q = ap_palloc(p, 30);
return q;
}
/* NOTE: This routine is taken from http_protocol::getline()
* because the old code found in the proxy module was too
* difficult to understand and maintain.
*/
/* Get a line of protocol input, including any continuation lines
* caused by MIME folding (or broken clients) if fold != 0, and place it
* in the buffer s, of size n bytes, without the ending newline.
*
* Returns -1 on error, or the length of s.
*
* Note: Because bgets uses 1 char for newline and 1 char for NUL,
* the most we can get is (n - 2) actual characters if it
* was ended by a newline, or (n - 1) characters if the line
* length exceeded (n - 1). So, if the result == (n - 1),
* then the actual input line exceeded the buffer length,
* and it would be a good idea for the caller to puke 400 or 414.
*/
{
int retval;
int total = 0;
pos = s;
do {
if (retval <= 0)
/* retval is the number of characters read, not including NUL */
n -= retval; /* Keep track of how much of s is full */
*pos = '\0';
--total;
++n;
}
else
return total; /* if not, input line exceeded buffer size */
/* Continue appending if line folding is desired and
* the last line was not empty and we have room in the buffer and
* the next line begins with a continuation character.
*/
return total;
}
/*
* Reads headers from a buffer and returns an array of headers.
* Returns NULL on file error
* This routine tries to deal with too long lines and continuation lines.
* @@@: XXX: FIXME: currently the headers are passed thru un-merged.
* Is that okay, or should they be collapsed where possible?
*/
{
int len;
char field[MAX_STRING_LEN];
/*
* Read header lines until we get the empty separator line, a read error,
* the connection closes (EOF), or we timeout.
*/
/* Buggy MS IIS servers sometimes return invalid headers
* (an extra "HTTP/1.0 200, OK" line sprinkled in between
* the usual MIME headers). Try to deal with it in a sensible
* way, but log the fact.
* XXX: The mask check is buggy if we ever see an HTTP/1.10 */
/* Nope, it wasn't even an extra HTTP header. Give up. */
return NULL;
}
"proxy: Ignoring duplicate HTTP header "
continue;
}
*value = '\0';
++value;
/* XXX: RFC2068 defines only SP and HT as whitespace, this test is
* wrong... and so are many others probably.
*/
while (ap_isspace(*value))
++value; /* Skip to start of value */
/* should strip trailing whitespace as well */
*end = '\0';
/* the header was too long; at the least we should skip extra data */
>= MAX_STRING_LEN - 1) {
/* soak up the extra data */
}
if (len == 0) /* time to exit the larger loop as well */
break;
}
}
return resp_hdrs;
}
{
int ok;
long total_bytes_rcvd;
register int n, o, w;
total_bytes_rcvd = 0;
if (c != NULL)
c->written = 0;
#ifdef CHARSET_EBCDIC
#endif
/* Since we are reading from one buffer and writing to another,
* it is unsafe to do a soft_timeout here, at least until the proxy
* has its own timeout handler which can set both buffers to EOUT.
*/
#ifdef WIN32
/* works fine under win32, so leave it */
#else
/* CHECKME! Since hard_timeout won't work in unix on sends with partial
* cache completion, we have to alternate between hard_timeout
* for reads, and soft_timeout for send. This is because we need
* to get a return from ap_bwrite to be able to continue caching.
* BUT, if we *can't* continue anyway, just use hard_timeout.
*/
alternate_timeouts = 0;
}
#endif
/* Loop and ap_bread() while we can successfully read and write,
* or (after the client aborted) while we can successfully
* read and finish the configured cache_completion.
*/
/* Read block from server */
if (n == -1) { /* input error */
if (c != NULL) {
"proxy: error reading from %s", c->url);
c = ap_proxy_cache_error(c);
}
break;
}
if (n == 0)
break; /* EOF */
o = 0;
total_bytes_rcvd += n;
/* Write to cache first. */
/*@@@ XXX FIXME: Assuming that writing the cache file won't time out?!!? */
"proxy: error writing to %s", c->tempfile);
c = ap_proxy_cache_error(c);
} else {
c->written += n;
}
}
/* Write the block to the client, detect aborted transfers */
if (w <= 0) {
/* when a send failure occurs, we need to decide
* whether to continue loading and caching the
* document, or to abort the whole thing
*/
(c->cache_completion > 0) &&
if (! ok) {
c = NULL;
}
}
break;
}
n -= w;
o += w;
} /* while client alive and more data to send */
} /* loop and ap_bread while "ok" */
return total_bytes_rcvd;
}
/*
* Sends response line and headers. Uses the client fd and the
* headers_out array from the passed request_rec to talk to the client
* and to properly set the headers it sends for things such as logging.
*
* A timeout should be set before calling this routine.
*/
{
int i;
for (i = 0; i < ap_table_elts(t)->nelts; ++i) {
}
}
}
/*
* list is a comma-separated list of case insensitive tokens, with
* optional whitespace around the tokens.
* The return returns 1 if the token val is found in the list, or 0
* otherwise.
*/
{
int len, i;
const char *p;
if (p != NULL) {
i = p - list;
do
p++;
while (ap_isspace(*p));
}
else
i--;
return 1;
list = p;
}
return 0;
}
#ifdef CASE_BLIND_FILESYSTEM
/*
* On some platforms, the file system is NOT case sensitive. So, a == A
* need to map to smaller set of characters
*/
{
unsigned char digest[16];
char tmp[26];
int i, k, d;
unsigned int x;
/* encode 128 bits as 26 characters, using a modified uuencoding */
/* the encoding is 5 bytes -> 8 characters
* i.e. 128 bits is 3 x 5 bytes + 1 byte -> 3 * 8 characters + 2 characters
*/
for (i = 0, k = 0; i < 15; i += 5) {
}
/* one byte left */
x = digest[15];
/* now split into directory levels */
for (i = k = d = 0; d < ndepth; ++d) {
k += nlength;
i += nlength + 1;
}
}
#else
{
unsigned char digest[16];
char tmp[22];
int i, k, d;
unsigned int x;
/* Believe it or not, AIX 1.x does not allow you to name a file '@',
* so hack around it in the encoding. */
static const char enc_table[64] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_%";
#else
static const char enc_table[64] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_@";
#endif
/* encode 128 bits as 22 characters, using a modified uuencoding */
/* the encoding is 3 bytes -> 4 characters
* i.e. 128 bits is 5 x 3 bytes + 1 byte -> 5 * 4 characters + 2 characters
*/
for (i = 0, k = 0; i < 15; i += 3) {
}
/* one byte left */
x = digest[15];
/* now split into directory levels */
for (i = k = d = 0; d < ndepth; ++d) {
k += nlength;
i += nlength + 1;
}
}
#endif /* CASE_BLIND_FILESYSTEM */
/*
* Converts 8 hex digits to a time integer
*/
int ap_proxy_hex2sec(const char *x)
{
int i, ch;
unsigned int j;
for (i = 0, j = 0; i < 8; i++) {
ch = x[i];
j <<= 4;
if (ap_isdigit(ch))
j |= ch - '0';
else if (ap_isupper(ch))
else
}
if (j == 0xffffffff)
return -1; /* so that it works with 8-byte ints */
else
return j;
}
/*
* Converts a time integer to 8 hex digits
*/
void ap_proxy_sec2hex(int t, char *y)
{
int i, ch;
unsigned int j = t;
for (i = 7; i >= 0; i--) {
ch = j & 0xF;
j >>= 4;
if (ch >= 10)
else
y[i] = ch + '0';
}
y[8] = '\0';
}
{
if (c != NULL) {
}
}
return NULL;
}
{
ap_pstrcat(r->pool,
"The proxy server could not handle the request "
/* Allow the "error-notes" string to be printed by ap_send_error_response() */
return statuscode;
}
/*
* This routine returns its own error message
*/
const char *
{
int i;
#define APACHE_TLS
for (i = 0; host[i] != '\0'; i++)
break;
if (host[i] != '\0') {
return "Host not found";
}
else {
}
}
return NULL;
}
static const char *
{
int port = -1;
return r->hostname;
/* Set url to the first char after "scheme://" */
return NULL;
url = ap_pstrdup(r->pool, &url[1]); /* make it point to "//", which is what proxy_canon_netloc expects */
"%s", err);
return host; /* ought to return the port, too */
}
/* Return TRUE if addr represents an IP address (or an IP network address) */
{
long ip_addr[4];
int i, quads;
long bits;
/* if the address is given with an explicit netmask, use that */
/* Due to a deficiency in ap_inet_addr(), it is impossible to parse */
/* "partial" addresses (with less than 4 quads) correctly, i.e. */
/* 192.168.123 is parsed as 192.168.0.123, which is not what I want. */
/* I therefore have to parse the IP address manually: */
/* addr and mask were set by proxy_readmask() */
/*return 1; */
/* Parse IP addr manually, optionally allowing */
/* abbreviated net addresses like 192.168. */
/* Iterate over up to 4 (dotted) quads. */
char *tmp;
break;
if (!ap_isdigit(*addr))
return 0; /* no digit at start of quad */
return 0;
/* invalid octet */
return 0;
}
++addr; /* after the 4th quad, a dot would be illegal */
}
char *tmp;
++addr;
return 0;
return 0;
}
else {
/* Determine (i.e., "guess") netmask by counting the */
/* number of trailing .0's; reduce #quads appropriately */
/* (so that 192.168.0.0 is equivalent to 192.168.) */
--quads;
/* "IP Address should be given in dotted-quad form, optionally followed by a netmask (e.g., 192.168.111.0/24)"; */
if (quads < 1)
return 0;
/* every zero-byte counts as 8 zero-bits */
"Warning: NetMask not supplied with IP-Addr; guessing: %s/%ld",
}
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, "Warning: NetMask and IP-Addr disagree in %s/%ld\n",
" Set to %s/%ld",
}
if (*addr == '\0') {
return 1;
}
else
}
/* Return TRUE if addr represents an IP address (or an IP network address) */
{
int i;
int ip_addr[4];
char **ip_listptr;
const char *found;
const char *host = proxy_get_host_of_request(r);
return 0;
#if DEBUGGING
#endif
return 1;
}
#if DEBUGGING
else {
}
#endif
}
else {
#if DEBUGGING
#endif
return 0;
}
else
/* Try to deal with multiple IP addr's for a host */
#if DEBUGGING
#endif
return 1;
}
#if DEBUGGING
else {
}
#endif
}
}
return 0;
}
/* Return TRUE if addr represents a domain name */
{
int i;
/* Domain name must start with a '.' */
if (addr[0] != '.')
return 0;
/* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
continue;
#if 0
if (addr[i] == ':') {
"@@@@ handle optional port in proxy_is_domainname()");
/* @@@@ handle optional port */
}
#endif
if (addr[i] != '\0')
return 0;
/* Strip trailing dots */
addr[i] = '\0';
return 1;
}
/* Return TRUE if host "host" is in domain "domain" */
{
const char *host = proxy_get_host_of_request(r);
return 0;
/* @@@ do this within the setup? */
/* Ignore trailing dots in domain comparison: */
--d_len;
--h_len;
}
/* Return TRUE if addr represents a host name */
{
int i;
/* Host names must not start with a '.' */
if (addr[0] == '.')
return 0;
/* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
#if 0
if (addr[i] == ':') {
"@@@@ handle optional port in proxy_is_hostname()");
/* @@@@ handle optional port */
}
#endif
return 0;
/* Strip trailing dots */
addr[i] = '\0';
return 1;
}
/* Return TRUE if host "host" is equal to host2 "host2" */
{
const char *host2 = proxy_get_host_of_request(r);
int h2_len;
int h1_len;
return 0; /* oops! */
#if 0
unsigned long *ip_list;
/* Try to deal with multiple IP addr's for a host */
if (*ip_list == ? ? ? ? ? ? ? ? ? ? ? ? ?)
return 1;
#endif
/* Ignore trailing dots in host2 comparison: */
--h2_len;
--h1_len;
}
/* Return TRUE if addr is to be matched as a word */
{
return 1;
}
/* Return TRUE if string "str2" occurs literally in "str1" */
{
const char *host = proxy_get_host_of_request(r);
}
{
int i;
do {
#ifdef WIN32
if (i == SOCKET_ERROR)
errno = WSAGetLastError();
#endif /* WIN32 */
if (i == -1) {
"proxy connect to %s port %d failed",
}
return i;
}
/* This function is called by ap_table_do() for all header lines */
/* (from proxy_http.c and proxy_ftp.c) */
/* It is passed a table_do_args struct pointer and a MIME field and value pair */
{
return 1;
}
return 1; /* tell ap_table_do() to continue calling us for more headers */
}
/* send a text line to one or two BUFF's; return line length */
{
return len;
}