request.c revision cc9582e53aead2a044077c4a92f3dfc3605590b3
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
*
* Portions of this software are based upon public domain software
* originally written at the National Center for Supercomputing Applications,
* University of Illinois, Urbana-Champaign.
*/
/*
* http_request.c: functions to get and process requests
*
* Rob McCool 3/21/93
*
* Thoroughly revamped by rst for Apache. NB this file reads
* best from the bottom up.
*
*/
#include "apr_strings.h"
#include "apr_file_io.h"
#include "apr_fnmatch.h"
#define APR_WANT_STRFUNC
#include "apr_want.h"
#define CORE_PRIVATE
#include "ap_config.h"
#include "httpd.h"
#include "http_config.h"
#include "http_request.h"
#include "http_core.h"
#include "http_protocol.h"
#include "http_log.h"
#include "http_main.h"
#include "util_filter.h"
#include "util_charset.h"
#include "mod_core.h"
#include <stdarg.h>
#endif
)
(request_rec *r),(r),DECLINED)
(request_rec *r),(r),DECLINED)
(request_rec *r),(r),DECLINED)
(request_rec *r),(r),DECLINED)
(request_rec *r),(r),DECLINED)
{
return HTTP_INTERNAL_SERVER_ERROR;
}
else
return status;
}
/* This is the master logic for processing requests. Do NOT duplicate
* this logic elsewhere, or the security model will be broken by future
* API changes. Each phase must be individually optimized to pick up
*/
{
int access_status;
/* Ignore embedded %2F's in path for proxy requests */
if (access_status) {
return access_status;
}
}
/* File-specific requests with no 'true' URI are a huge pain... they
* cannot bubble through the next several steps. Only subrequests may
* have an empty uri, otherwise let translate_name kill the request.
*/
{
if ((access_status = ap_location_walk(r))) {
return access_status;
}
if ((access_status = ap_run_translate_name(r))) {
return access_status;
}
}
/* Reset to the server default config prior to running map_to_storage
*/
if ((access_status = ap_run_map_to_storage(r)))
{
/* This request wasn't in storage (e.g. TRACE) */
return access_status;
}
/* Excluding file-specific requests with no 'true' URI...
*/
{
/* Rerun the location walk, which overrides any map_to_storage config.
*/
if ((access_status = ap_location_walk(r))) {
return access_status;
}
}
/* Only on the main request! */
if ((access_status = ap_run_header_parser(r))) {
return access_status;
}
}
* and that configuration didn't change (this requires optimized _walk()
* functions in map_to_storage that use the same merge results given
* identical input.) If the config changes, we must re-auth.
*/
}
}
else
{
switch (ap_satisfies(r)) {
case SATISFY_ALL:
case SATISFY_NOSPEC:
if ((access_status = ap_run_access_checker(r)) != 0) {
}
if (ap_some_auth_required(r)) {
? "check user. No user file?"
: "perform authentication. AuthType not set!", r);
}
? "check access. No groups file?"
: "perform authentication. AuthType not set!", r);
}
}
break;
case SATISFY_ANY:
if (!ap_some_auth_required(r)) {
? "check access"
: "perform authentication. AuthType not set!", r);
}
? "check user. No user file?"
: "perform authentication. AuthType not set!", r);
}
? "check access. No groups file?"
: "perform authentication. AuthType not set!", r);
}
}
break;
}
}
/* XXX Must make certain the ap_run_type_checker short circuits mime
* in mod-proxy for r->proxyreq && r->parsed_uri.scheme
* && !strcmp(r->parsed_uri.scheme, "http")
*/
if ((access_status = ap_run_type_checker(r)) != 0) {
}
if ((access_status = ap_run_fixups(r)) != 0) {
return access_status;
}
/* The new insert_filter stage makes sense here IMHO. We are sure that
* we are going to run the request now, so we may as well insert filters
* if any are available. Since the goal of this phase is to allow all
* modules to insert a filter if they want to, this filter returns
* void. I just can't see any way that this filter can reasonably
* fail, either your modules inserts something or it doesn't. rbb
*/
return OK;
}
* when a subrequest or redirect reuses substantially the same config.
*
* Directive order in the httpd.conf file and its Includes significantly
* impact this optimization. Grouping common blocks at the front of the
* config that are less likely to change between a request and
* its subrequests, or between a request and its redirects reduced
* the work of these functions significantly.
*/
typedef struct walk_walked_t {
typedef struct walk_cache_t {
const char *cached; /* The identifier we matched */
} walk_cache_t;
{
/* Find the most relevant, recent entry to work from. That would be
* this request (on the second call), or the parent request of a
* subrequest, or the prior request of an internal redirect. Provide
* this _walk()er with a copy it is allowed to munge. If there is no
* parent or prior cached request, then create a new walk cache.
*/
if ((apr_pool_userdata_get((void **)&cache,
cache_name, r->pool)
!= APR_SUCCESS) || !cache)
{
== APR_SUCCESS) && cache)
== APR_SUCCESS) && cache)) {
}
else {
}
apr_pool_cleanup_null, r->pool);
}
return cache;
}
/*****************************************************************
*
* Getting and checking directory configuration. Also checks the
* FollowSymlinks and FollowSymOwner stuff, since this is really the
* only place that can happen (barring a new mid_dir_walk callout).
*
* We can't do it as an access_checker module function which gets
* called with the final per_dir_config, since we could have a directory
* with FollowSymLinks disabled, which contains a symlink to another
* with a .htaccess file which turns FollowSymLinks back on --- and
* access in such a case must be denied. So, whatever it is that
* checks FollowSymLinks needs to know the state of the options as
* they change, all the way down.
*/
/*
* We don't want people able to serve up pipes, or unix sockets, or other
* scary things. Note that symlink tests are performed later.
*/
static int check_safe_file(request_rec *r)
{
return OK;
}
"object is not a file, directory or symlink: %s",
r->filename);
return HTTP_FORBIDDEN;
}
#ifdef REPLACE_PATH_INFO_METHOD
/*
* resolve_symlink must _always_ be called on an APR_LNK file type!
* It will resolve the actual target file type, modification date, etc,
* and provide any processing required for symlink evaluation.
* Path must already be cleaned, no trailing slash, no multi-slashes,
* and don't call this on the root!
*
* Simply, the number of times we deref a symlink are minimal compared
* to the number of times we had an extra lstat() since we 'weren't sure'.
*
* To optimize, we stat() anything when given (opts & OPT_SYM_LINKS), otherwise
* we start off with an lstat(). Every lstat() must be dereferenced in case
* it points at a 'nasty' - we must always rerun check_safe_file (or similar.)
*/
{
int res;
return HTTP_FORBIDDEN;
if (opts & OPT_SYM_LINKS) {
return HTTP_FORBIDDEN;
return OK;
}
/* OPT_SYM_OWNER only works if we can get the owner of
* both the file and symlink. First fill in a missing
* owner of the symlink, then get the info of the target.
*/
!= APR_SUCCESS)
return HTTP_FORBIDDEN;
return HTTP_FORBIDDEN;
return HTTP_FORBIDDEN;
/* Give back the target */
return OK;
}
#endif /* REPLACE_PATH_INFO_METHOD */
#ifndef REPLACE_PATH_INFO_METHOD
{
#if defined(OS2)
/* OS/2 doesn't have symlinks */
return OK;
#else
char *lastp;
int res;
if (opts & OPT_SYM_LINKS)
return OK;
/*
* Strip trailing '/', if any, off what we're checking; trailing slashes
* make some systems follow symlinks to directories even in lstat().
* After we've done the lstat, put it back. Also, don't bother checking
* '/' at all...
*
* Note that we don't have to worry about multiple slashes here because of
* no2slash() below...
*/
if (lastp == d)
return OK; /* Root directory, '/' */
if (*lastp == '/')
*lastp = '\0';
else
if (lastp)
*lastp = '/';
/*
* Note that we don't reject accesses to nonexistent files (multiviews or
* the like may cons up a way to run the transaction anyway)...
*/
return OK;
/* OK, it's a symlink. May still be OK with OPT_SYM_OWNER */
if (!(opts & OPT_SYM_OWNER))
return HTTP_FORBIDDEN;
/* OPT_SYM_OWNER only works if we can get the owner from the file */
if (res != APR_SUCCESS)
return HTTP_FORBIDDEN;
return HTTP_FORBIDDEN;
/* TODO: replace with an apr_compare_users() fn */
#endif
}
/* Dealing with the file system to get PATH_INFO
*/
static int get_path_info(request_rec *r)
{
char *cp;
int rv;
#if defined(HAVE_DRIVE_LETTERS) || defined(HAVE_UNC_PATHS)
char bStripSlash=1;
#endif
/* assume path_info already set */
return OK;
}
#ifdef HAVE_DRIVE_LETTERS
/* If the directory is x:\, then we don't want to strip
* the trailing slash since x: is not a valid directory.
*/
bStripSlash = 0;
#endif
#ifdef HAVE_UNC_PATHS
* advance over the trailing slash. Any other
* UNC name is OK to strip the slash.
*/
char *p;
int iCount=0;
p = path;
p++;
iCount++;
}
if (iCount == 4)
bStripSlash = 0;
}
#endif
#if defined(HAVE_DRIVE_LETTERS) || defined(HAVE_UNC_PATHS)
if (bStripSlash)
#endif
/* Advance over trailing slashes ... NOT part of filename
* if file is not a UNC name (Win32 only).
*/
continue;
/* See if the pathname ending here exists... */
*cp = '\0';
/* ### We no longer need the test ap_os_is_filename_valid() here
* since apr_stat isn't a posix thing - it's apr_stat's responsibility
* to handle whatever path string arrives at its door - by platform
* and volume restrictions as applicable...
* TODO: This code becomes even simpler if apr_stat grows
* an APR_PATHINCOMPLETE result to indicate that we are staring at
*/
*cp = '/';
/*
* Aha! Found something. If it was a directory, we will search
* contents of that directory for a multi_match, so the PATH_INFO
* argument starts with the component after that.
*/
}
*cp = '\0';
return OK;
}
continue;
--cp;
}
else {
if (APR_STATUS_IS_EACCES(rv))
"access to %s denied", r->uri);
else
"access to %s failed", r->uri);
return HTTP_FORBIDDEN;
}
}
return OK;
}
{
&core_module);
char *test_filename;
char *test_dirname;
int res;
unsigned i, num_dirs;
int j, test_filename_len;
unsigned iStart = 1;
/* "OK" as a response to a real problem is not _OK_, but to allow broken
* modules to proceed, we will permit the not-a-path filename to pass here.
* We must catch it later if it's heading for the core handler. Leave an
* INFO note here for module debugging.
*/
"Module bug? Request filename path %s is missing or "
"or not absolute for uri %s",
return OK;
}
/*
* Go down the directory hierarchy. Where we have to check for symlinks,
* do so. Where a .htaccess file has permission to override anything,
* try to find one. If either of these things fails, we could poke
* around, see why, and adjust the lookup_rec accordingly --- this might
* save us a call to get_path_info (with the attendant stat()s); however,
* for the moment, that's not worth the trouble.
*/
res = get_path_info(r);
return res;
}
/* XXX Momentary period of extreme danger, Will Robinson.
* Removed ap_os_canonical_filename. Anybody munging the
* r->filename better have pre-canonicalized the name that
* they just changed. Since the two most key functions
* in the entire server, ap_server_root_relative() and
* ap_make_full_path now canonicalize as they go.
*
* To be very safe, the server is in hyper-paranoid mode.
* That means that non-canonical paths will be captured and
* auditing, and remove the paranoia trigger.
*/
if (r->filename == r->canonical_filename)
#ifdef NO_LONGER_PARANOID
#else
{
r->pool) != APR_SUCCESS
"Module bug? Filepath: %s is not the canonical %s",
r->filename, test_filename);
return HTTP_FORBIDDEN;
}
}
#endif
else {
/* Apparently, somebody didn't know to update r->canonical_filename
* which is lucky, since they didn't canonicalize r->filename either.
*/
r->pool) != APR_SUCCESS) {
"Module bug? Filepath: %s is not an absolute path",
r->filename);
return HTTP_FORBIDDEN;
}
r->canonical_filename = r->filename;
}
if ((res = check_safe_file(r))) {
return res;
}
--num_dirs;
++num_dirs;
/*
* We will use test_dirname as scratch space while we build directory
* names during the walk. Profiling shows directory_walk to be a busy
* function so we try to avoid allocating lots of extra memory here.
* We need 2 extra bytes, one for trailing \0 and one because
* make_dirstr_prefix will add potentially one extra /.
*/
/* XXX The garbage below disappears in the new directory_walk;
*/
#if defined(HAVE_UNC_PATHS)
/* If the name is a UNC name, then do not perform any true file test
* This is optimized to use the normal walk (skips the redundant '/' root)
*/
iStart = 4;
#endif
#if defined(NETWARE)
/* If the name is a fully qualified volume name, then do not perform any
* XXX: The implementation eludes me at this moment...
* Does this make sense? Please test!
*/
iStart = 2;
#endif
/* i keeps track of how many segments we are testing
* j keeps track of which section we're on, see core_reorder_directories
*/
j = 0;
for (i = 1; i <= num_dirs; ++i) {
int overrides_here;
&core_module);
/*
* XXX: this could be made faster by only copying the next component
* rather than copying the entire thing all over.
*/
/*
* Do symlink checks first, because they are done with the
* permissions appropriate to the *parent* directory...
*/
/* Test only real names (after the root) against the real filesystem */
"Symbolic link not allowed: %s", test_dirname);
return res;
}
/*
* Begin *this* level by looking for matching <Directory> sections
* from access.conf.
*/
for (; j < num_sec; ++j) {
char *entry_dir;
entry_config = sec_dir[j];
entry_dir = entry_core->d;
break;
/* We will always add in '0' element components, e.g. plain old
* <Directory >, and <Directory "/"> is classified as zero
*/
if (!entry_core->d_components) {
}
else if (entry_core->d_is_fnmatch) {
}
}
if (this_conf) {
&core_module);
}
}
/* If .htaccess files are enabled, check for one. */
/* Test only legal names against the real filesystem */
if ((i >= iStart) && overrides_here) {
sconf->access_name);
if (res)
return res;
if (htaccess_conf) {
}
}
}
/*
* Now we'll deal with the regexes.
*/
for (; j < num_sec; ++j) {
entry_config = sec_dir[j];
if (!entry_core->r) {
continue;
}
}
}
/*
* Symlink permissions are determined by the parent. If the request is
* for a directory then applying the symlink test here would use the
* permissions of the directory as opposed to its parent. Consider a
* symlink pointing to a dir with a .htaccess disallowing symlinks. If
* you access /symlink (or /symlink/) you would get a 403 without this
* APR_DIR test. But if you accessed /symlink/index.html, for example,
* you would *not* get the 403.
*/
"Symbolic link not allowed: %s", r->filename);
return res;
}
/* Save a dummy userdata element till we optimize this function.
* If this userdata is set, directory_walk has run.
*/
apr_pool_cleanup_null, r->pool);
return OK; /* Can only "fail" if access denied by the
* symlink goop. */
}
#else /* defined REPLACE_PATH_INFO_METHOD */
/*****************************************************************
*
* Getting and checking directory configuration. Also checks the
* FollowSymlinks and FollowSymOwner stuff, since this is really the
* only place that can happen (barring a new mid_dir_walk callout).
*
* We can't do it as an access_checker module function which gets
* called with the final per_dir_config, since we could have a directory
* with FollowSymLinks disabled, which contains a symlink to another
* with a .htaccess file which turns FollowSymLinks back on --- and
* access in such a case must be denied. So, whatever it is that
* checks FollowSymLinks needs to know the state of the options as
* they change, all the way down.
*/
{
&core_module);
int sec_idx;
int res;
char *seg_name;
char *delim;
/* XXX: Better (faster) tests needed!!!
*
* "OK" as a response to a real problem is not _OK_, but to allow broken
* modules to proceed, we will permit the not-a-path filename to pass here.
* We must catch it later if it's heading for the core handler. Leave an
* INFO note here for module debugging.
*/
"Module bug? Request filename path %s is missing or "
"or not absolute for uri %s",
return OK;
}
/*
* Go down the directory hierarchy. Where we have to check for symlinks,
* do so. Where a .htaccess file has permission to override anything,
* try to find one. If either of these things fails, we could poke
* around, see why, and adjust the lookup_rec accordingly --- this might
* save us a call to get_path_info (with the attendant stat()s); however,
* for the moment, that's not worth the trouble.
*
* r->path_info tracks the remaining source path.
* r->filename tracks the path as we build it.
* we begin our adventure at the root...
*/
APR_FILEPATH_NOTRELATIVE, r->pool))
== APR_SUCCESS) {
char *buf;
APR_FILEPATH_TRUENAME, r->pool);
} else {
"Config bug? Request filename path %s is invalid or "
"or not absolute for uri %s",
return HTTP_INTERNAL_SERVER_ERROR;
}
/*
* seg keeps track of which segment we've copied.
* sec_idx keeps track of which section we're on, since sections are
* ordered by number of segments. See core_reorder_directories
*/
sec_idx = 0;
do {
int overrides_here;
&core_module);
/* We have no trailing slash, but we sure would appreciate one...
*/
/* Begin *this* level by looking for matching <Directory> sections
* from the server config.
*/
const char *entry_dir;
entry_dir = entry_core->d;
/* No more possible matches for this many segments?
*/
break;
/* We will never skip '0' element components, e.g. plain old
* <Directory >, and <Directory "/"> are classified as zero
* Otherwise, skip over the mismatches.
*/
if (entry_core->d_components
&& (entry_core->d_is_fnmatch
continue;
}
&core_module);
}
/* If .htaccess files are enabled, check for one. */
if (overrides_here) {
sconf->access_name);
if (res)
return res;
if (htaccess_conf) {
}
}
/* That temporary trailing slash was useful, now drop it.
*/
/* Time for all good things to come to an end?
*/
break;
/* Now it's time for the next segment...
* We will assume the next element is an end node, and fix it up
* below as necessary...
*/
if (delim) {
*delim = '\0';
*delim = '/';
}
else {
}
if (*seg_name == '/')
++seg_name;
/* If nothing remained but a '/' string, we are finished
*/
if (!*seg_name)
break;
/* XXX: Optimization required:
* If...we have allowed symlinks, and
* if...we find the segment exists in the directory list
* skip the lstat and dummy up an APR_DIR value for r->finfo
* this means case sensitive platforms go quite quickly.
* Case insensitive platforms might be given the wrong path,
* but if it's not found in the cache, then we know we have
* something to test (the misspelling is never cached.)
*/
/* We choose apr_lstat here, rather that apr_stat, so that we
* capture this path object rather than its target. We will
* replace the info with our target's info below. We especially
* want the name of this 'link' object, not the name of its
* target, if we are fixing case.
*/
if (APR_STATUS_IS_ENOENT(rv)) {
/* Nothing? That could be nice. But our directory walk is done.
*/
break;
}
else if (APR_STATUS_IS_EACCES(rv)) {
"access to %s denied", r->uri);
return r->status = HTTP_FORBIDDEN;
}
/* If we hit ENOTDIR, we must have over-optimized, deny
* rather than assume not found.
*/
"access to %s failed", r->uri);
return r->status = HTTP_FORBIDDEN;
}
else if ((res = check_safe_file(r))) {
return res;
}
/* Fix up the path now if we have a name, and they don't agree
*/
* redirect is required here?
*/
}
{
/* Is this an possibly acceptable symlink?
*/
"Symbolic link not allowed: %s", r->filename);
}
/* Ok, we are done with the link's info, test the real target
*/
/* That was fun, nothing left for us here
*/
break;
}
"symlink doesn't point to a file or directory: %s",
r->filename);
return r->status = HTTP_FORBIDDEN;
}
}
++seg;
/*
* Now we'll deal with the regexes.
*/
if (!entry_core->r) {
continue;
}
}
}
/* It seems this shouldn't be needed anymore. We translated the symlink above
x into a real resource, and should have died up there. Even if we keep this,
x it needs more thought (maybe an r->file_is_symlink) perhaps it should actually
x happen in file_walk, so we catch more obscure cases in autoindex sub requests, etc.
x
x * Symlink permissions are determined by the parent. If the request is
x * for a directory then applying the symlink test here would use the
x * permissions of the directory as opposed to its parent. Consider a
x * symlink pointing to a dir with a .htaccess disallowing symlinks. If
x * you access /symlink (or /symlink/) you would get a 403 without this
x * APR_DIR test. But if you accessed /symlink/index.html, for example,
x * you would *not* get the 403.
x
x if (r->finfo.filetype != APR_DIR
x && (res = resolve_symlink(r->filename, r->info, ap_allow_options(r), r->pool))) {
x ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
x "Symbolic link not allowed: %s", r->filename);
x return res;
x }
*/
/* Save a dummy userdata element till we optimize this function.
* If this userdata is set, directory_walk has run.
*/
apr_pool_cleanup_null, r->pool);
return OK; /* 'no excuses' */
}
#endif /* defined REPLACE_PATH_INFO_METHOD */
{
&core_module);
const char *entry_uri;
int len, j;
/* No tricks here, there are no <Locations > to parse in this vhost.
* We won't destroy the cache, just in case _this_ redirect is later
* redirected again to a vhost with <Location > blocks to optimize.
*/
if (!num_loc) {
return OK;
}
/* Location and LocationMatch differ on their behaviour w.r.t. multiple
* slashes. Location matches multiple slashes with a single slash,
* LocationMatch doesn't. An exception, for backwards brokenness is
* absoluteURIs... in which case neither match multiple slashes.
*/
if (r->uri[0] != '/') {
}
else {
}
/* If we have an cache->cached location that matches r->uri,
* and the vhost's list of locations hasn't changed, we can skip
* rewalking the location_walk entries.
*/
/* Well this looks really familiar! If our end-result (per_dir_result)
* didn't change, we have absolutely nothing to do :)
* Otherwise (as is the case with most dir_merged/file_merged requests)
* we must merge our dir_conf_merged onto this new r->per_dir_config.
*/
return OK;
}
else {
/* We start now_merged from NULL since we want to build
* a locations list that can be merged to any vhost.
*/
/* Go through the location entries, and check for matches.
* We apply the directive sections in given order, we should
* really try them with the most general first.
*/
for (j = 0; j < num_loc; ++j) {
entry_uri = entry_core->d;
/* Test the regex, fnmatch or string as appropriate.
* If it's a strcmp, and the <Location > pattern was
* not slash terminated, then this uri must be slash
* terminated (or at the end of the string) to match.
*/
if (entry_core->r
continue;
}
/* If we merged this same section last time, reuse it
*/
if (matches) {
++last_walk;
--matches;
continue;
}
/* We fell out of sync. This is our own copy of walked,
* so truncate the remaining matches and reset remaining.
*/
matches = 0;
}
if (now_merged)
locations[j]);
else
now_merged = locations[j];
}
/* Whoops - everything matched in sequence, but the original walk
* found some additional matches. Truncate them.
*/
if (matches)
}
/* Merge our cache->dir_conf_merged construct with the r->per_dir_configs,
* and note the end result to (potentially) skip this step next time.
*/
if (now_merged)
r->per_dir_config,
return OK;
}
{
&core_module);
char *test_file;
/* To allow broken modules to proceed, we allow missing filenames to pass.
* We will catch it later if it's heading for the core handler.
* directory_walk already posted an INFO note for module debugging.
*/
return OK;
}
/* get the basename */
}
else {
++test_file;
}
/* Go through the file entries, and check for matches. */
if (num_files) {
char *entry_file;
int j;
/* we apply the directive sections in some order;
* should really try them with the most general first.
*/
for (j = 0; j < num_files; ++j) {
entry_config = file[j];
entry_file = entry_core->d;
if (entry_core->r) {
}
else if (entry_core->d_is_fnmatch) {
}
}
}
if (this_conf)
}
}
/* Save a dummy userdata element till we optimize this function.
* If this userdata is set, file_walk has run.
*/
apr_pool_cleanup_null, r->pool);
return OK;
}
/*****************************************************************
*
* The sub_request mechanism.
*
* Fns to look up a relative URI from, e.g., a map file or SSI document.
* These do all access checks, etc., but don't actually run the transaction
* ... use run_sub_req below for that. Also, be sure to use destroy_sub_req
* as appropriate if you're likely to be creating more than a few of these.
* (An early Apache version didn't destroy the sub_reqs used in directory
* indexing. The result, when indexing a directory with 800-odd files in
* it, was massively excessive storage allocation).
*
* Note more manipulation of protocol-specific vars in the request
* structure...
*/
{
return rr;
}
{
/* Start a clean config from this subrequest's vhost. Optimization in
* config blocks of the subrequest match the parent request, no merges
* will actually occur (and generally a minimal number of merges are
* required, even if the parent and subrequest aren't quite identical.)
*/
/* make a copy of the allowed-methods list */
/* start with the same set of output filters */
if (next_filter) {
}
else {
}
/* no input filters for a subrequest */
}
{
if (APR_BUCKET_IS_EOS(e)) {
}
}
{
/* Is there a require line configured for the type of *this* req? */
int i;
if (!reqs_arr)
return 0;
return 1;
return 0;
}
const char *new_file,
const request_rec *r,
{
int res;
char *udir;
rnew = make_sub_request(r);
/* We have to run this after fill_in_sub_req_vars, or the r->main
* pointer won't be setup
*/
/* would be nicer to pass "method" to ap_set_sub_req_protocol */
if (new_file[0] == '/')
else {
}
}
return rnew;
}
const request_rec *r,
{
}
const request_rec *r,
{
int res;
char *fdir;
char *udir;
rnew = make_sub_request(r);
/* We have to run this after fill_in_sub_req_vars, or the r->main
* pointer won't be setup
*/
/*
* Special case: we are looking at a relative lookup in the same directory.
* That means we won't have to redo directory_walk, and we may
* not even have to redo access checks.
*/
/* This is 100% safe, since dirent->name just came from the filesystem */
if (r->canonical_filename == r->filename)
#if 0 /* XXX When this is reenabled, the cache triggers need to be set to faux
* results into the new parser, which can't happen until the new dir_walk
* is taught to recognize the condition, and perhaps we also tag that
*/
/*
* apr_dir_read isn't very complete on this platform, so
* we need another apr_lstat (or simply apr_stat if we allow
* all symlinks here.) If this is an APR_LNK that resolves
* to an APR_DIR, then we will rerun everything anyways...
* this should be safe.
*/
&& (rv != APR_INCOMPLETE))
}
else
&& (rv != APR_INCOMPLETE))
}
else {
}
return rnew;
}
return rnew;
}
/*
* no matter what, if it's a subdirectory, we need to re-run
* directory_walk
*/
}
/*
* do a file_walk, if it doesn't change the per_dir_config then
* we know that we don't have to redo all the access checks
*/
{
}
return rnew;
}
}
#endif
}
return rnew;
}
const request_rec *r,
{
int res;
char *fdir;
rnew = make_sub_request(r);
/* We have to run this after fill_in_sub_req_vars, or the r->main
* pointer won't be setup
*/
/* Translate r->filename, if it was canonical, it stays canonical
*/
if (r->canonical_filename == r->filename)
return rnew;
}
if (rnew->canonical_filename)
/*
* Check for a special case... if there are no '/' characters in new_file
* at all, and the path was the same, then we are looking at a relative
* lookup in the same directory. That means we won't have to redo
* directory_walk, and we may not even have to redo access checks.
* ### Someday we don't even have to redo the entire directory walk,
* either, if the base paths match, we can pick up where we leave off.
*/
{
#if 0 /* XXX When this is reenabled, the cache triggers need to be set to faux
*/
/*
* If this is an APR_LNK that resolves to an APR_DIR, then
* we will rerun everything anyways... this should be safe.
*/
&& (rv != APR_INCOMPLETE))
}
else {
&& (rv != APR_INCOMPLETE))
}
return rnew;
}
return rnew;
}
/*
* no matter what, if it's a subdirectory, we need to re-run
* directory_walk
*/
}
/*
* do a file_walk, if it doesn't change the per_dir_config then
* we know that we don't have to redo all the access checks
*/
{
}
return rnew;
}
}
else {
"symlink doesn't point to a file or directory: %s",
r->filename);
}
#endif
}
else {
/* XXX: @@@: What should be done with the parsed_uri values? */
/*
* XXX: this should be set properly like it is in the same-dir case
* but it's actually sometimes to impossible to do it... because the
* file may not have a uri associated with it -djg
*/
}
}
return rnew;
}
{
int retval;
retval = ap_invoke_handler(r);
return retval;
}
{
/* Reclaim the space */
apr_pool_destroy(r->pool);
}
/*
* Function to set the r->mtime field to the specified value if it's later
* than what's already there.
*/
{
if (r->mtime < dependency_mtime) {
r->mtime = dependency_mtime;
}
}
/*
* Is it the initial main request, which we only get *once* per HTTP request?
*/
{
return
&&
}