1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17/* 18 * protocol.c --- routines which directly communicate with the client. 19 * 20 * Code originally by Rob McCool; much redone by Robert S. Thau 21 * and the Apache Software Foundation. 22 */ 23 24#include "apr.h" 25#include "apr_strings.h" 26#include "apr_buckets.h" 27#include "apr_lib.h" 28#include "apr_signal.h" 29#include "apr_strmatch.h" 30 31#define APR_WANT_STDIO /* for sscanf */ 32#define APR_WANT_STRFUNC 33#define APR_WANT_MEMFUNC 34#include "apr_want.h" 35 36#define CORE_PRIVATE 37#include "util_filter.h" 38#include "ap_config.h" 39#include "httpd.h" 40#include "http_config.h" 41#include "http_core.h" 42#include "http_protocol.h" 43#include "http_main.h" 44#include "http_request.h" 45#include "http_vhost.h" 46#include "http_log.h" /* For errors detected in basic auth common 47 * support code... */ 48#include "mod_core.h" 49#include "util_charset.h" 50#include "util_ebcdic.h" 51#include "scoreboard.h" 52 53#if APR_HAVE_STDARG_H 54#include <stdarg.h> 55#endif 56#if APR_HAVE_UNISTD_H 57#include <unistd.h> 58#endif 59 60 61APR_HOOK_STRUCT( 62 APR_HOOK_LINK(post_read_request) 63 APR_HOOK_LINK(log_transaction) 64 APR_HOOK_LINK(http_scheme) 65 APR_HOOK_LINK(default_port) 66) 67 68AP_DECLARE_DATA ap_filter_rec_t *ap_old_write_func = NULL; 69 70 71/* Patterns to match in ap_make_content_type() */ 72static const char *needcset[] = { 73 "text/plain", 74 "text/html", 75 NULL 76}; 77static const apr_strmatch_pattern **needcset_patterns; 78static const apr_strmatch_pattern *charset_pattern; 79 80AP_DECLARE(void) ap_setup_make_content_type(apr_pool_t *pool) 81{ 82 int i; 83 for (i = 0; needcset[i]; i++) { 84 continue; 85 } 86 needcset_patterns = (const apr_strmatch_pattern **) 87 apr_palloc(pool, (i + 1) * sizeof(apr_strmatch_pattern *)); 88 for (i = 0; needcset[i]; i++) { 89 needcset_patterns[i] = apr_strmatch_precompile(pool, needcset[i], 0); 90 } 91 needcset_patterns[i] = NULL; 92 charset_pattern = apr_strmatch_precompile(pool, "charset=", 0); 93} 94 95/* 96 * Builds the content-type that should be sent to the client from the 97 * content-type specified. The following rules are followed: 98 * - if type is NULL, type is set to ap_default_type(r) 99 * - if charset adding is disabled, stop processing and return type. 100 * - then, if there are no parameters on type, add the default charset 101 * - return type 102 */ 103AP_DECLARE(const char *)ap_make_content_type(request_rec *r, const char *type) 104{ 105 const apr_strmatch_pattern **pcset; 106 core_dir_config *conf = 107 (core_dir_config *)ap_get_module_config(r->per_dir_config, 108 &core_module); 109 core_request_config *request_conf; 110 apr_size_t type_len; 111 112 if (!type) { 113 type = ap_default_type(r); 114 } 115 116 if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) { 117 return type; 118 } 119 120 request_conf = 121 ap_get_module_config(r->request_config, &core_module); 122 if (request_conf->suppress_charset) { 123 return type; 124 } 125 126 type_len = strlen(type); 127 128 if (apr_strmatch(charset_pattern, type, type_len) != NULL) { 129 /* already has parameter, do nothing */ 130 /* XXX we don't check the validity */ 131 ; 132 } 133 else { 134 /* see if it makes sense to add the charset. At present, 135 * we only add it if the Content-type is one of needcset[] 136 */ 137 for (pcset = needcset_patterns; *pcset ; pcset++) { 138 if (apr_strmatch(*pcset, type, type_len) != NULL) { 139 struct iovec concat[3]; 140 concat[0].iov_base = (void *)type; 141 concat[0].iov_len = type_len; 142 concat[1].iov_base = (void *)"; charset="; 143 concat[1].iov_len = sizeof("; charset=") - 1; 144 concat[2].iov_base = (void *)(conf->add_default_charset_name); 145 concat[2].iov_len = strlen(conf->add_default_charset_name); 146 type = apr_pstrcatv(r->pool, concat, 3, NULL); 147 break; 148 } 149 } 150 } 151 152 return type; 153} 154 155AP_DECLARE(void) ap_set_content_length(request_rec *r, apr_off_t clength) 156{ 157 r->clength = clength; 158 apr_table_setn(r->headers_out, "Content-Length", 159 apr_off_t_toa(r->pool, clength)); 160} 161 162/* 163 * Return the latest rational time from a request/mtime (modification time) 164 * pair. We return the mtime unless it's in the future, in which case we 165 * return the current time. We use the request time as a reference in order 166 * to limit the number of calls to time(). We don't check for futurosity 167 * unless the mtime is at least as new as the reference. 168 */ 169AP_DECLARE(apr_time_t) ap_rationalize_mtime(request_rec *r, apr_time_t mtime) 170{ 171 apr_time_t now; 172 173 /* For all static responses, it's almost certain that the file was 174 * last modified before the beginning of the request. So there's 175 * no reason to call time(NULL) again. But if the response has been 176 * created on demand, then it might be newer than the time the request 177 * started. In this event we really have to call time(NULL) again 178 * so that we can give the clients the most accurate Last-Modified. If we 179 * were given a time in the future, we return the current time - the 180 * Last-Modified can't be in the future. 181 */ 182 now = (mtime < r->request_time) ? r->request_time : apr_time_now(); 183 return (mtime > now) ? now : mtime; 184} 185 186/* Min # of bytes to allocate when reading a request line */ 187#define MIN_LINE_ALLOC 80 188 189/* Get a line of protocol input, including any continuation lines 190 * caused by MIME folding (or broken clients) if fold != 0, and place it 191 * in the buffer s, of size n bytes, without the ending newline. 192 * 193 * If s is NULL, ap_rgetline_core will allocate necessary memory from r->pool. 194 * 195 * Returns APR_SUCCESS if there are no problems and sets *read to be 196 * the full length of s. 197 * 198 * APR_ENOSPC is returned if there is not enough buffer space. 199 * Other errors may be returned on other errors. 200 * 201 * The LF is *not* returned in the buffer. Therefore, a *read of 0 202 * indicates that an empty line was read. 203 * 204 * Notes: Because the buffer uses 1 char for NUL, the most we can return is 205 * (n - 1) actual characters. 206 * 207 * If no LF is detected on the last line due to a dropped connection 208 * or a full buffer, that's considered an error. 209 */ 210AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n, 211 apr_size_t *read, request_rec *r, 212 int fold, apr_bucket_brigade *bb) 213{ 214 apr_status_t rv; 215 apr_bucket *e; 216 apr_size_t bytes_handled = 0, current_alloc = 0; 217 char *pos, *last_char = *s; 218 int do_alloc = (*s == NULL), saw_eos = 0; 219 220 /* 221 * Initialize last_char as otherwise a random value will be compared 222 * against APR_ASCII_LF at the end of the loop if bb only contains 223 * zero-length buckets. 224 */ 225 if (last_char) { 226 *last_char = '\0'; 227 } 228 229 for (;;) { 230 apr_brigade_cleanup(bb); 231 rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE, 232 APR_BLOCK_READ, 0); 233 if (rv != APR_SUCCESS) { 234 return rv; 235 } 236 237 /* Something horribly wrong happened. Someone didn't block! */ 238 if (APR_BRIGADE_EMPTY(bb)) { 239 return APR_EGENERAL; 240 } 241 242 for (e = APR_BRIGADE_FIRST(bb); 243 e != APR_BRIGADE_SENTINEL(bb); 244 e = APR_BUCKET_NEXT(e)) 245 { 246 const char *str; 247 apr_size_t len; 248 249 /* If we see an EOS, don't bother doing anything more. */ 250 if (APR_BUCKET_IS_EOS(e)) { 251 saw_eos = 1; 252 break; 253 } 254 255 rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ); 256 if (rv != APR_SUCCESS) { 257 return rv; 258 } 259 260 if (len == 0) { 261 /* no use attempting a zero-byte alloc (hurts when 262 * using --with-efence --enable-pool-debug) or 263 * doing any of the other logic either 264 */ 265 continue; 266 } 267 268 /* Would this overrun our buffer? If so, we'll die. */ 269 if (n < bytes_handled + len) { 270 *read = bytes_handled; 271 if (*s) { 272 /* ensure this string is NUL terminated */ 273 if (bytes_handled > 0) { 274 (*s)[bytes_handled-1] = '\0'; 275 } 276 else { 277 (*s)[0] = '\0'; 278 } 279 } 280 return APR_ENOSPC; 281 } 282 283 /* Do we have to handle the allocation ourselves? */ 284 if (do_alloc) { 285 /* We'll assume the common case where one bucket is enough. */ 286 if (!*s) { 287 current_alloc = len; 288 if (current_alloc < MIN_LINE_ALLOC) { 289 current_alloc = MIN_LINE_ALLOC; 290 } 291 *s = apr_palloc(r->pool, current_alloc); 292 } 293 else if (bytes_handled + len > current_alloc) { 294 /* Increase the buffer size */ 295 apr_size_t new_size = current_alloc * 2; 296 char *new_buffer; 297 298 if (bytes_handled + len > new_size) { 299 new_size = (bytes_handled + len) * 2; 300 } 301 302 new_buffer = apr_palloc(r->pool, new_size); 303 304 /* Copy what we already had. */ 305 memcpy(new_buffer, *s, bytes_handled); 306 current_alloc = new_size; 307 *s = new_buffer; 308 } 309 } 310 311 /* Just copy the rest of the data to the end of the old buffer. */ 312 pos = *s + bytes_handled; 313 memcpy(pos, str, len); 314 last_char = pos + len - 1; 315 316 /* We've now processed that new data - update accordingly. */ 317 bytes_handled += len; 318 } 319 320 /* If we got a full line of input, stop reading */ 321 if (last_char && (*last_char == APR_ASCII_LF)) { 322 break; 323 } 324 } 325 326 /* Now NUL-terminate the string at the end of the line; 327 * if the last-but-one character is a CR, terminate there */ 328 if (last_char > *s && last_char[-1] == APR_ASCII_CR) { 329 last_char--; 330 } 331 *last_char = '\0'; 332 bytes_handled = last_char - *s; 333 334 /* If we're folding, we have more work to do. 335 * 336 * Note that if an EOS was seen, we know we can't have another line. 337 */ 338 if (fold && bytes_handled && !saw_eos) { 339 for (;;) { 340 const char *str; 341 apr_size_t len; 342 char c; 343 344 /* Clear the temp brigade for this filter read. */ 345 apr_brigade_cleanup(bb); 346 347 /* We only care about the first byte. */ 348 rv = ap_get_brigade(r->input_filters, bb, AP_MODE_SPECULATIVE, 349 APR_BLOCK_READ, 1); 350 if (rv != APR_SUCCESS) { 351 return rv; 352 } 353 354 if (APR_BRIGADE_EMPTY(bb)) { 355 break; 356 } 357 358 e = APR_BRIGADE_FIRST(bb); 359 360 /* If we see an EOS, don't bother doing anything more. */ 361 if (APR_BUCKET_IS_EOS(e)) { 362 break; 363 } 364 365 rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ); 366 if (rv != APR_SUCCESS) { 367 apr_brigade_cleanup(bb); 368 return rv; 369 } 370 371 /* Found one, so call ourselves again to get the next line. 372 * 373 * FIXME: If the folding line is completely blank, should we 374 * stop folding? Does that require also looking at the next 375 * char? 376 */ 377 /* When we call destroy, the buckets are deleted, so save that 378 * one character we need. This simplifies our execution paths 379 * at the cost of one character read. 380 */ 381 c = *str; 382 if (c == APR_ASCII_BLANK || c == APR_ASCII_TAB) { 383 /* Do we have enough space? We may be full now. */ 384 if (bytes_handled >= n) { 385 *read = n; 386 /* ensure this string is terminated */ 387 (*s)[n-1] = '\0'; 388 return APR_ENOSPC; 389 } 390 else { 391 apr_size_t next_size, next_len; 392 char *tmp; 393 394 /* If we're doing the allocations for them, we have to 395 * give ourselves a NULL and copy it on return. 396 */ 397 if (do_alloc) { 398 tmp = NULL; 399 } else { 400 /* We're null terminated. */ 401 tmp = last_char; 402 } 403 404 next_size = n - bytes_handled; 405 406 rv = ap_rgetline_core(&tmp, next_size, 407 &next_len, r, 0, bb); 408 if (rv != APR_SUCCESS) { 409 return rv; 410 } 411 412 if (do_alloc && next_len > 0) { 413 char *new_buffer; 414 apr_size_t new_size = bytes_handled + next_len + 1; 415 416 /* we need to alloc an extra byte for a null */ 417 new_buffer = apr_palloc(r->pool, new_size); 418 419 /* Copy what we already had. */ 420 memcpy(new_buffer, *s, bytes_handled); 421 422 /* copy the new line, including the trailing null */ 423 memcpy(new_buffer + bytes_handled, tmp, next_len + 1); 424 *s = new_buffer; 425 } 426 427 last_char += next_len; 428 bytes_handled += next_len; 429 } 430 } 431 else { /* next character is not tab or space */ 432 break; 433 } 434 } 435 } 436 437 *read = bytes_handled; 438 return APR_SUCCESS; 439} 440 441#if APR_CHARSET_EBCDIC 442AP_DECLARE(apr_status_t) ap_rgetline(char **s, apr_size_t n, 443 apr_size_t *read, request_rec *r, 444 int fold, apr_bucket_brigade *bb) 445{ 446 /* on ASCII boxes, ap_rgetline is a macro which simply invokes 447 * ap_rgetline_core with the same parms 448 * 449 * on EBCDIC boxes, each complete http protocol input line needs to be 450 * translated into the code page used by the compiler. Since 451 * ap_rgetline_core uses recursion, we do the translation in a wrapper 452 * function to insure that each input character gets translated only once. 453 */ 454 apr_status_t rv; 455 456 rv = ap_rgetline_core(s, n, read, r, fold, bb); 457 if (rv == APR_SUCCESS) { 458 ap_xlate_proto_from_ascii(*s, *read); 459 } 460 return rv; 461} 462#endif 463 464AP_DECLARE(int) ap_getline(char *s, int n, request_rec *r, int fold) 465{ 466 char *tmp_s = s; 467 apr_status_t rv; 468 apr_size_t len; 469 apr_bucket_brigade *tmp_bb; 470 471 tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc); 472 rv = ap_rgetline(&tmp_s, n, &len, r, fold, tmp_bb); 473 apr_brigade_destroy(tmp_bb); 474 475 /* Map the out-of-space condition to the old API. */ 476 if (rv == APR_ENOSPC) { 477 return n; 478 } 479 480 /* Anything else is just bad. */ 481 if (rv != APR_SUCCESS) { 482 return -1; 483 } 484 485 return (int)len; 486} 487 488/* parse_uri: break apart the uri 489 * Side Effects: 490 * - sets r->args to rest after '?' (or NULL if no '?') 491 * - sets r->uri to request uri (without r->args part) 492 * - sets r->hostname (if not set already) from request (scheme://host:port) 493 */ 494AP_CORE_DECLARE(void) ap_parse_uri(request_rec *r, const char *uri) 495{ 496 int status = HTTP_OK; 497 498 r->unparsed_uri = apr_pstrdup(r->pool, uri); 499 500 /* http://issues.apache.org/bugzilla/show_bug.cgi?id=31875 501 * http://issues.apache.org/bugzilla/show_bug.cgi?id=28450 502 * 503 * This is not in fact a URI, it's a path. That matters in the 504 * case of a leading double-slash. We need to resolve the issue 505 * by normalising that out before treating it as a URI. 506 */ 507 while ((uri[0] == '/') && (uri[1] == '/')) { 508 ++uri ; 509 } 510 if (r->method_number == M_CONNECT) { 511 status = apr_uri_parse_hostinfo(r->pool, uri, &r->parsed_uri); 512 } 513 else { 514 /* Simple syntax Errors in URLs are trapped by 515 * parse_uri_components(). 516 */ 517 status = apr_uri_parse(r->pool, uri, &r->parsed_uri); 518 } 519 520 if (status == APR_SUCCESS) { 521 /* if it has a scheme we may need to do absoluteURI vhost stuff */ 522 if (r->parsed_uri.scheme 523 && !strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r))) { 524 r->hostname = r->parsed_uri.hostname; 525 } 526 else if (r->method_number == M_CONNECT) { 527 r->hostname = r->parsed_uri.hostname; 528 } 529 530 r->args = r->parsed_uri.query; 531 r->uri = r->parsed_uri.path ? r->parsed_uri.path 532 : apr_pstrdup(r->pool, "/"); 533 534#if defined(OS2) || defined(WIN32) 535 /* Handle path translations for OS/2 and plug security hole. 536 * This will prevent "http://www.wherever.com/..\..\/" from 537 * returning a directory for the root drive. 538 */ 539 { 540 char *x; 541 542 for (x = r->uri; (x = strchr(x, '\\')) != NULL; ) 543 *x = '/'; 544 } 545#endif /* OS2 || WIN32 */ 546 } 547 else { 548 r->args = NULL; 549 r->hostname = NULL; 550 r->status = HTTP_BAD_REQUEST; /* set error status */ 551 r->uri = apr_pstrdup(r->pool, uri); 552 } 553} 554 555static int read_request_line(request_rec *r, apr_bucket_brigade *bb) 556{ 557 const char *ll; 558 const char *uri; 559 const char *pro; 560 561#if 0 562 conn_rec *conn = r->connection; 563#endif 564 int major = 1, minor = 0; /* Assume HTTP/1.0 if non-"HTTP" protocol */ 565 char http[5]; 566 apr_size_t len; 567 int num_blank_lines = 0; 568 int max_blank_lines = r->server->limit_req_fields; 569 570 if (max_blank_lines <= 0) { 571 max_blank_lines = DEFAULT_LIMIT_REQUEST_FIELDS; 572 } 573 574 /* Read past empty lines until we get a real request line, 575 * a read error, the connection closes (EOF), or we timeout. 576 * 577 * We skip empty lines because browsers have to tack a CRLF on to the end 578 * of POSTs to support old CERN webservers. But note that we may not 579 * have flushed any previous response completely to the client yet. 580 * We delay the flush as long as possible so that we can improve 581 * performance for clients that are pipelining requests. If a request 582 * is pipelined then we won't block during the (implicit) read() below. 583 * If the requests aren't pipelined, then the client is still waiting 584 * for the final buffer flush from us, and we will block in the implicit 585 * read(). B_SAFEREAD ensures that the BUFF layer flushes if it will 586 * have to block during a read. 587 */ 588 589 do { 590 apr_status_t rv; 591 592 /* insure ap_rgetline allocates memory each time thru the loop 593 * if there are empty lines 594 */ 595 r->the_request = NULL; 596 rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2), 597 &len, r, 0, bb); 598 599 if (rv != APR_SUCCESS) { 600 r->request_time = apr_time_now(); 601 602 /* ap_rgetline returns APR_ENOSPC if it fills up the 603 * buffer before finding the end-of-line. This is only going to 604 * happen if it exceeds the configured limit for a request-line. 605 */ 606 if (rv == APR_ENOSPC) { 607 r->status = HTTP_REQUEST_URI_TOO_LARGE; 608 r->proto_num = HTTP_VERSION(1,0); 609 r->protocol = apr_pstrdup(r->pool, "HTTP/1.0"); 610 } 611 else if (APR_STATUS_IS_TIMEUP(rv)) { 612 r->status = HTTP_REQUEST_TIME_OUT; 613 } 614 return 0; 615 } 616 } while ((len <= 0) && (++num_blank_lines < max_blank_lines)); 617 618 /* we've probably got something to do, ignore graceful restart requests */ 619 620 r->request_time = apr_time_now(); 621 ll = r->the_request; 622 r->method = ap_getword_white(r->pool, &ll); 623 624#if 0 625/* XXX If we want to keep track of the Method, the protocol module should do 626 * it. That support isn't in the scoreboard yet. Hopefully next week 627 * sometime. rbb */ 628 ap_update_connection_status(AP_CHILD_THREAD_FROM_ID(conn->id), "Method", 629 r->method); 630#endif 631 632 uri = ap_getword_white(r->pool, &ll); 633 634 /* Provide quick information about the request method as soon as known */ 635 636 r->method_number = ap_method_number_of(r->method); 637 if (r->method_number == M_GET && r->method[0] == 'H') { 638 r->header_only = 1; 639 } 640 641 ap_parse_uri(r, uri); 642 643 if (ll[0]) { 644 r->assbackwards = 0; 645 pro = ll; 646 len = strlen(ll); 647 } else { 648 r->assbackwards = 1; 649 pro = "HTTP/0.9"; 650 len = 8; 651 } 652 r->protocol = apr_pstrmemdup(r->pool, pro, len); 653 654 /* XXX ap_update_connection_status(conn->id, "Protocol", r->protocol); */ 655 656 /* Avoid sscanf in the common case */ 657 if (len == 8 658 && pro[0] == 'H' && pro[1] == 'T' && pro[2] == 'T' && pro[3] == 'P' 659 && pro[4] == '/' && apr_isdigit(pro[5]) && pro[6] == '.' 660 && apr_isdigit(pro[7])) { 661 r->proto_num = HTTP_VERSION(pro[5] - '0', pro[7] - '0'); 662 } 663 else if (3 == sscanf(r->protocol, "%4s/%u.%u", http, &major, &minor) 664 && (strcasecmp("http", http) == 0) 665 && (minor < HTTP_VERSION(1, 0)) ) /* don't allow HTTP/0.1000 */ 666 r->proto_num = HTTP_VERSION(major, minor); 667 else 668 r->proto_num = HTTP_VERSION(1, 0); 669 670 return 1; 671} 672 673/* get the length of the field name for logging, but no more than 80 bytes */ 674#define LOG_NAME_MAX_LEN 80 675static int field_name_len(const char *field) 676{ 677 const char *end = ap_strchr_c(field, ':'); 678 if (end == NULL || end - field > LOG_NAME_MAX_LEN) 679 return LOG_NAME_MAX_LEN; 680 return end - field; 681} 682 683AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb) 684{ 685 char *last_field = NULL; 686 apr_size_t last_len = 0; 687 apr_size_t alloc_len = 0; 688 char *field; 689 char *value; 690 apr_size_t len; 691 int fields_read = 0; 692 char *tmp_field; 693 694 /* 695 * Read header lines until we get the empty separator line, a read error, 696 * the connection closes (EOF), reach the server limit, or we timeout. 697 */ 698 while(1) { 699 apr_status_t rv; 700 int folded = 0; 701 702 field = NULL; 703 rv = ap_rgetline(&field, r->server->limit_req_fieldsize + 2, 704 &len, r, 0, bb); 705 706 if (rv != APR_SUCCESS) { 707 if (APR_STATUS_IS_TIMEUP(rv)) { 708 r->status = HTTP_REQUEST_TIME_OUT; 709 } 710 else { 711 r->status = HTTP_BAD_REQUEST; 712 } 713 714 /* ap_rgetline returns APR_ENOSPC if it fills up the buffer before 715 * finding the end-of-line. This is only going to happen if it 716 * exceeds the configured limit for a field size. 717 */ 718 if (rv == APR_ENOSPC && field) { 719 /* insure ap_escape_html will terminate correctly */ 720 field[len - 1] = '\0'; 721 apr_table_setn(r->notes, "error-notes", 722 apr_psprintf(r->pool, 723 "Size of a request header field " 724 "exceeds server limit.<br />\n" 725 "<pre>\n%.*s\n</pre>/n", 726 field_name_len(field), 727 ap_escape_html(r->pool, field))); 728 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 729 "Request header exceeds LimitRequestFieldSize: " 730 "%.*s", field_name_len(field), field); 731 } 732 return; 733 } 734 735 if (last_field != NULL) { 736 if ((len > 0) && ((*field == '\t') || *field == ' ')) { 737 /* This line is a continuation of the preceding line(s), 738 * so append it to the line that we've set aside. 739 * Note: this uses a power-of-two allocator to avoid 740 * doing O(n) allocs and using O(n^2) space for 741 * continuations that span many many lines. 742 */ 743 apr_size_t fold_len = last_len + len + 1; /* trailing null */ 744 745 if (fold_len >= (apr_size_t)(r->server->limit_req_fieldsize)) { 746 r->status = HTTP_BAD_REQUEST; 747 /* report what we have accumulated so far before the 748 * overflow (last_field) as the field with the problem 749 */ 750 apr_table_setn(r->notes, "error-notes", 751 apr_psprintf(r->pool, 752 "Size of a request header field " 753 "after folding " 754 "exceeds server limit.<br />\n" 755 "<pre>\n%.*s\n</pre>\n", 756 field_name_len(last_field), 757 ap_escape_html(r->pool, last_field))); 758 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 759 "Request header exceeds LimitRequestFieldSize " 760 "after folding: %.*s", 761 field_name_len(last_field), last_field); 762 return; 763 } 764 765 if (fold_len > alloc_len) { 766 char *fold_buf; 767 alloc_len += alloc_len; 768 if (fold_len > alloc_len) { 769 alloc_len = fold_len; 770 } 771 fold_buf = (char *)apr_palloc(r->pool, alloc_len); 772 memcpy(fold_buf, last_field, last_len); 773 last_field = fold_buf; 774 } 775 memcpy(last_field + last_len, field, len +1); /* +1 for nul */ 776 last_len += len; 777 folded = 1; 778 } 779 else /* not a continuation line */ { 780 781 if (r->server->limit_req_fields 782 && (++fields_read > r->server->limit_req_fields)) { 783 r->status = HTTP_BAD_REQUEST; 784 apr_table_setn(r->notes, "error-notes", 785 "The number of request header fields " 786 "exceeds this server's limit."); 787 return; 788 } 789 790 if (!(value = strchr(last_field, ':'))) { /* Find ':' or */ 791 r->status = HTTP_BAD_REQUEST; /* abort bad request */ 792 apr_table_setn(r->notes, "error-notes", 793 apr_psprintf(r->pool, 794 "Request header field is " 795 "missing ':' separator.<br />\n" 796 "<pre>\n%.*s</pre>\n", 797 (int)LOG_NAME_MAX_LEN, 798 ap_escape_html(r->pool, 799 last_field))); 800 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, 801 "Request header field is missing ':' " 802 "separator: %.*s", (int)LOG_NAME_MAX_LEN, 803 last_field); 804 805 return; 806 } 807 808 tmp_field = value - 1; /* last character of field-name */ 809 810 *value++ = '\0'; /* NUL-terminate at colon */ 811 812 while (*value == ' ' || *value == '\t') { 813 ++value; /* Skip to start of value */ 814 } 815 816 /* Strip LWS after field-name: */ 817 while (tmp_field > last_field 818 && (*tmp_field == ' ' || *tmp_field == '\t')) { 819 *tmp_field-- = '\0'; 820 } 821 822 /* Strip LWS after field-value: */ 823 tmp_field = last_field + last_len - 1; 824 while (tmp_field > value 825 && (*tmp_field == ' ' || *tmp_field == '\t')) { 826 *tmp_field-- = '\0'; 827 } 828 829 apr_table_addn(r->headers_in, last_field, value); 830 831 /* reset the alloc_len so that we'll allocate a new 832 * buffer if we have to do any more folding: we can't 833 * use the previous buffer because its contents are 834 * now part of r->headers_in 835 */ 836 alloc_len = 0; 837 838 } /* end if current line is not a continuation starting with tab */ 839 } 840 841 /* Found a blank line, stop. */ 842 if (len == 0) { 843 break; 844 } 845 846 /* Keep track of this line so that we can parse it on 847 * the next loop iteration. (In the folded case, last_field 848 * has been updated already.) 849 */ 850 if (!folded) { 851 last_field = field; 852 last_len = len; 853 } 854 } 855 856 apr_table_compress(r->headers_in, APR_OVERLAP_TABLES_MERGE); 857} 858 859AP_DECLARE(void) ap_get_mime_headers(request_rec *r) 860{ 861 apr_bucket_brigade *tmp_bb; 862 tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc); 863 ap_get_mime_headers_core(r, tmp_bb); 864 apr_brigade_destroy(tmp_bb); 865} 866 867request_rec *ap_read_request(conn_rec *conn) 868{ 869 request_rec *r; 870 apr_pool_t *p; 871 const char *expect; 872 int access_status; 873 apr_bucket_brigade *tmp_bb; 874 apr_socket_t *csd; 875 apr_interval_time_t cur_timeout; 876 877 apr_pool_create(&p, conn->pool); 878 apr_pool_tag(p, "request"); 879 r = apr_pcalloc(p, sizeof(request_rec)); 880 r->pool = p; 881 r->connection = conn; 882 r->server = conn->base_server; 883 884 r->user = NULL; 885 r->ap_auth_type = NULL; 886 887 r->allowed_methods = ap_make_method_list(p, 2); 888 889 r->headers_in = apr_table_make(r->pool, 25); 890 r->subprocess_env = apr_table_make(r->pool, 25); 891 r->headers_out = apr_table_make(r->pool, 12); 892 r->err_headers_out = apr_table_make(r->pool, 5); 893 r->notes = apr_table_make(r->pool, 5); 894 895 r->request_config = ap_create_request_config(r->pool); 896 /* Must be set before we run create request hook */ 897 898 r->proto_output_filters = conn->output_filters; 899 r->output_filters = r->proto_output_filters; 900 r->proto_input_filters = conn->input_filters; 901 r->input_filters = r->proto_input_filters; 902 ap_run_create_request(r); 903 r->per_dir_config = r->server->lookup_defaults; 904 905 r->sent_bodyct = 0; /* bytect isn't for body */ 906 907 r->read_length = 0; 908 r->read_body = REQUEST_NO_BODY; 909 910 r->status = HTTP_OK; /* Until further notice */ 911 r->the_request = NULL; 912 913 /* Begin by presuming any module can make its own path_info assumptions, 914 * until some module interjects and changes the value. 915 */ 916 r->used_path_info = AP_REQ_DEFAULT_PATH_INFO; 917 918 tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc); 919 920 /* Get the request... */ 921 if (!read_request_line(r, tmp_bb)) { 922 if (r->status == HTTP_REQUEST_URI_TOO_LARGE) { 923 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 924 "request failed: URI too long (longer than %d)", r->server->limit_req_line); 925 ap_send_error_response(r, 0); 926 ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); 927 ap_run_log_transaction(r); 928 apr_brigade_destroy(tmp_bb); 929 return r; 930 } 931 else if (r->status == HTTP_REQUEST_TIME_OUT) { 932 ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); 933 if (!r->connection->keepalives) { 934 ap_run_log_transaction(r); 935 } 936 apr_brigade_destroy(tmp_bb); 937 return r; 938 } 939 940 apr_brigade_destroy(tmp_bb); 941 return NULL; 942 } 943 944 /* We may have been in keep_alive_timeout mode, so toggle back 945 * to the normal timeout mode as we fetch the header lines, 946 * as necessary. 947 */ 948 csd = ap_get_module_config(conn->conn_config, &core_module); 949 apr_socket_timeout_get(csd, &cur_timeout); 950 if (cur_timeout != conn->base_server->timeout) { 951 apr_socket_timeout_set(csd, conn->base_server->timeout); 952 cur_timeout = conn->base_server->timeout; 953 } 954 955 if (!r->assbackwards) { 956 ap_get_mime_headers_core(r, tmp_bb); 957 if (r->status != HTTP_OK) { 958 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 959 "request failed: error reading the headers"); 960 ap_send_error_response(r, 0); 961 ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); 962 ap_run_log_transaction(r); 963 apr_brigade_destroy(tmp_bb); 964 return r; 965 } 966 967 if (apr_table_get(r->headers_in, "Transfer-Encoding") 968 && apr_table_get(r->headers_in, "Content-Length")) { 969 /* 2616 section 4.4, point 3: "if both Transfer-Encoding 970 * and Content-Length are received, the latter MUST be 971 * ignored"; so unset it here to prevent any confusion 972 * later. */ 973 apr_table_unset(r->headers_in, "Content-Length"); 974 } 975 } 976 else { 977 if (r->header_only) { 978 /* 979 * Client asked for headers only with HTTP/0.9, which doesn't send 980 * headers! Have to dink things just to make sure the error message 981 * comes through... 982 */ 983 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 984 "client sent invalid HTTP/0.9 request: HEAD %s", 985 r->uri); 986 r->header_only = 0; 987 r->status = HTTP_BAD_REQUEST; 988 ap_send_error_response(r, 0); 989 ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); 990 ap_run_log_transaction(r); 991 apr_brigade_destroy(tmp_bb); 992 return r; 993 } 994 } 995 996 apr_brigade_destroy(tmp_bb); 997 998 /* update what we think the virtual host is based on the headers we've 999 * now read. may update status. 1000 */ 1001 ap_update_vhost_from_headers(r); 1002 1003 /* Toggle to the Host:-based vhost's timeout mode to fetch the 1004 * request body and send the response body, if needed. 1005 */ 1006 if (cur_timeout != r->server->timeout) { 1007 apr_socket_timeout_set(csd, r->server->timeout); 1008 cur_timeout = r->server->timeout; 1009 } 1010 1011 /* we may have switched to another server */ 1012 r->per_dir_config = r->server->lookup_defaults; 1013 1014 if ((!r->hostname && (r->proto_num >= HTTP_VERSION(1, 1))) 1015 || ((r->proto_num == HTTP_VERSION(1, 1)) 1016 && !apr_table_get(r->headers_in, "Host"))) { 1017 /* 1018 * Client sent us an HTTP/1.1 or later request without telling us the 1019 * hostname, either with a full URL or a Host: header. We therefore 1020 * need to (as per the 1.1 spec) send an error. As a special case, 1021 * HTTP/1.1 mentions twice (S9, S14.23) that a request MUST contain 1022 * a Host: header, and the server MUST respond with 400 if it doesn't. 1023 */ 1024 r->status = HTTP_BAD_REQUEST; 1025 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 1026 "client sent HTTP/1.1 request without hostname " 1027 "(see RFC2616 section 14.23): %s", r->uri); 1028 } 1029 1030 /* 1031 * Add the HTTP_IN filter here to ensure that ap_discard_request_body 1032 * called by ap_die and by ap_send_error_response works correctly on 1033 * status codes that do not cause the connection to be dropped and 1034 * in situations where the connection should be kept alive. 1035 */ 1036 1037 ap_add_input_filter_handle(ap_http_input_filter_handle, 1038 NULL, r, r->connection); 1039 1040 if (r->status != HTTP_OK) { 1041 ap_send_error_response(r, 0); 1042 ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); 1043 ap_run_log_transaction(r); 1044 return r; 1045 } 1046 1047 if ((access_status = ap_run_post_read_request(r))) { 1048 ap_die(access_status, r); 1049 ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); 1050 ap_run_log_transaction(r); 1051 return NULL; 1052 } 1053 1054 if (((expect = apr_table_get(r->headers_in, "Expect")) != NULL) 1055 && (expect[0] != '\0')) { 1056 /* 1057 * The Expect header field was added to HTTP/1.1 after RFC 2068 1058 * as a means to signal when a 100 response is desired and, 1059 * unfortunately, to signal a poor man's mandatory extension that 1060 * the server must understand or return 417 Expectation Failed. 1061 */ 1062 if (strcasecmp(expect, "100-continue") == 0) { 1063 r->expecting_100 = 1; 1064 } 1065 else { 1066 r->status = HTTP_EXPECTATION_FAILED; 1067 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 1068 "client sent an unrecognized expectation value of " 1069 "Expect: %s", expect); 1070 ap_send_error_response(r, 0); 1071 ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); 1072 ap_run_log_transaction(r); 1073 return r; 1074 } 1075 } 1076 1077 return r; 1078} 1079 1080/* if a request with a body creates a subrequest, remove original request's 1081 * input headers which pertain to the body which has already been read. 1082 * out-of-line helper function for ap_set_sub_req_protocol. 1083 */ 1084 1085static void strip_headers_request_body(request_rec *rnew) 1086{ 1087 apr_table_unset(rnew->headers_in, "Content-Encoding"); 1088 apr_table_unset(rnew->headers_in, "Content-Language"); 1089 apr_table_unset(rnew->headers_in, "Content-Length"); 1090 apr_table_unset(rnew->headers_in, "Content-Location"); 1091 apr_table_unset(rnew->headers_in, "Content-MD5"); 1092 apr_table_unset(rnew->headers_in, "Content-Range"); 1093 apr_table_unset(rnew->headers_in, "Content-Type"); 1094 apr_table_unset(rnew->headers_in, "Expires"); 1095 apr_table_unset(rnew->headers_in, "Last-Modified"); 1096 apr_table_unset(rnew->headers_in, "Transfer-Encoding"); 1097} 1098 1099/* 1100 * A couple of other functions which initialize some of the fields of 1101 * a request structure, as appropriate for adjuncts of one kind or another 1102 * to a request in progress. Best here, rather than elsewhere, since 1103 * *someone* has to set the protocol-specific fields... 1104 */ 1105 1106AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew, 1107 const request_rec *r) 1108{ 1109 rnew->the_request = r->the_request; /* Keep original request-line */ 1110 1111 rnew->assbackwards = 1; /* Don't send headers from this. */ 1112 rnew->no_local_copy = 1; /* Don't try to send HTTP_NOT_MODIFIED for a 1113 * fragment. */ 1114 rnew->method = "GET"; 1115 rnew->method_number = M_GET; 1116 rnew->protocol = "INCLUDED"; 1117 1118 rnew->status = HTTP_OK; 1119 1120 rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); 1121 1122 /* did the original request have a body? (e.g. POST w/SSI tags) 1123 * if so, make sure the subrequest doesn't inherit body headers 1124 */ 1125 if (apr_table_get(r->headers_in, "Content-Length") 1126 || apr_table_get(r->headers_in, "Transfer-Encoding")) { 1127 strip_headers_request_body(rnew); 1128 } 1129 rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env); 1130 rnew->headers_out = apr_table_make(rnew->pool, 5); 1131 rnew->err_headers_out = apr_table_make(rnew->pool, 5); 1132 rnew->notes = apr_table_make(rnew->pool, 5); 1133 1134 rnew->expecting_100 = r->expecting_100; 1135 rnew->read_length = r->read_length; 1136 rnew->read_body = REQUEST_NO_BODY; 1137 1138 rnew->main = (request_rec *) r; 1139} 1140 1141static void end_output_stream(request_rec *r) 1142{ 1143 conn_rec *c = r->connection; 1144 apr_bucket_brigade *bb; 1145 apr_bucket *b; 1146 1147 bb = apr_brigade_create(r->pool, c->bucket_alloc); 1148 b = apr_bucket_eos_create(c->bucket_alloc); 1149 APR_BRIGADE_INSERT_TAIL(bb, b); 1150 ap_pass_brigade(r->output_filters, bb); 1151} 1152 1153AP_DECLARE(void) ap_finalize_sub_req_protocol(request_rec *sub) 1154{ 1155 /* tell the filter chain there is no more content coming */ 1156 if (!sub->eos_sent) { 1157 end_output_stream(sub); 1158 } 1159} 1160 1161/* finalize_request_protocol is called at completion of sending the 1162 * response. Its sole purpose is to send the terminating protocol 1163 * information for any wrappers around the response message body 1164 * (i.e., transfer encodings). It should have been named finalize_response. 1165 */ 1166AP_DECLARE(void) ap_finalize_request_protocol(request_rec *r) 1167{ 1168 (void) ap_discard_request_body(r); 1169 1170 /* tell the filter chain there is no more content coming */ 1171 if (!r->eos_sent) { 1172 end_output_stream(r); 1173 } 1174} 1175 1176/* 1177 * Support for the Basic authentication protocol, and a bit for Digest. 1178 */ 1179AP_DECLARE(void) ap_note_auth_failure(request_rec *r) 1180{ 1181 const char *type = ap_auth_type(r); 1182 if (type) { 1183 if (!strcasecmp(type, "Basic")) 1184 ap_note_basic_auth_failure(r); 1185 else if (!strcasecmp(type, "Digest")) 1186 ap_note_digest_auth_failure(r); 1187 } 1188 else { 1189 ap_log_rerror(APLOG_MARK, APLOG_ERR, 1190 0, r, "need AuthType to note auth failure: %s", r->uri); 1191 } 1192} 1193 1194AP_DECLARE(void) ap_note_basic_auth_failure(request_rec *r) 1195{ 1196 const char *type = ap_auth_type(r); 1197 1198 /* if there is no AuthType configure or it is something other than 1199 * Basic, let ap_note_auth_failure() deal with it 1200 */ 1201 if (!type || strcasecmp(type, "Basic")) 1202 ap_note_auth_failure(r); 1203 else 1204 apr_table_setn(r->err_headers_out, 1205 (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" 1206 : "WWW-Authenticate", 1207 apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r), 1208 "\"", NULL)); 1209} 1210 1211AP_DECLARE(void) ap_note_digest_auth_failure(request_rec *r) 1212{ 1213 apr_table_setn(r->err_headers_out, 1214 (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" 1215 : "WWW-Authenticate", 1216 apr_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"" 1217 "%" APR_UINT64_T_HEX_FMT "\"", 1218 ap_auth_name(r), (apr_uint64_t)r->request_time)); 1219} 1220 1221AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw) 1222{ 1223 const char *auth_line = apr_table_get(r->headers_in, 1224 (PROXYREQ_PROXY == r->proxyreq) 1225 ? "Proxy-Authorization" 1226 : "Authorization"); 1227 const char *t; 1228 1229 if (!(t = ap_auth_type(r)) || strcasecmp(t, "Basic")) 1230 return DECLINED; 1231 1232 if (!ap_auth_name(r)) { 1233 ap_log_rerror(APLOG_MARK, APLOG_ERR, 1234 0, r, "need AuthName: %s", r->uri); 1235 return HTTP_INTERNAL_SERVER_ERROR; 1236 } 1237 1238 if (!auth_line) { 1239 ap_note_basic_auth_failure(r); 1240 return HTTP_UNAUTHORIZED; 1241 } 1242 1243 if (strcasecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) { 1244 /* Client tried to authenticate using wrong auth scheme */ 1245 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 1246 "client used wrong authentication scheme: %s", r->uri); 1247 ap_note_basic_auth_failure(r); 1248 return HTTP_UNAUTHORIZED; 1249 } 1250 1251 while (*auth_line == ' ' || *auth_line == '\t') { 1252 auth_line++; 1253 } 1254 1255 t = ap_pbase64decode(r->pool, auth_line); 1256 r->user = ap_getword_nulls (r->pool, &t, ':'); 1257 r->ap_auth_type = "Basic"; 1258 1259 *pw = t; 1260 1261 return OK; 1262} 1263 1264struct content_length_ctx { 1265 int data_sent; /* true if the C-L filter has already sent at 1266 * least one bucket on to the next output filter 1267 * for this request 1268 */ 1269}; 1270 1271/* This filter computes the content length, but it also computes the number 1272 * of bytes sent to the client. This means that this filter will always run 1273 * through all of the buckets in all brigades 1274 */ 1275AP_CORE_DECLARE_NONSTD(apr_status_t) ap_content_length_filter( 1276 ap_filter_t *f, 1277 apr_bucket_brigade *b) 1278{ 1279 request_rec *r = f->r; 1280 struct content_length_ctx *ctx; 1281 apr_bucket *e; 1282 int eos = 0; 1283 apr_read_type_e eblock = APR_NONBLOCK_READ; 1284 1285 ctx = f->ctx; 1286 if (!ctx) { 1287 f->ctx = ctx = apr_palloc(r->pool, sizeof(*ctx)); 1288 ctx->data_sent = 0; 1289 } 1290 1291 /* Loop through this set of buckets to compute their length 1292 */ 1293 e = APR_BRIGADE_FIRST(b); 1294 while (e != APR_BRIGADE_SENTINEL(b)) { 1295 if (APR_BUCKET_IS_EOS(e)) { 1296 eos = 1; 1297 break; 1298 } 1299 if (e->length == (apr_size_t)-1) { 1300 apr_size_t len; 1301 const char *ignored; 1302 apr_status_t rv; 1303 1304 /* This is probably a pipe bucket. Send everything 1305 * prior to this, and then read the data for this bucket. 1306 */ 1307 rv = apr_bucket_read(e, &ignored, &len, eblock); 1308 if (rv == APR_SUCCESS) { 1309 /* Attempt a nonblocking read next time through */ 1310 eblock = APR_NONBLOCK_READ; 1311 r->bytes_sent += len; 1312 } 1313 else if (APR_STATUS_IS_EAGAIN(rv)) { 1314 /* Output everything prior to this bucket, and then 1315 * do a blocking read on the next batch. 1316 */ 1317 if (e != APR_BRIGADE_FIRST(b)) { 1318 apr_bucket_brigade *split = apr_brigade_split(b, e); 1319 apr_bucket *flush = apr_bucket_flush_create(r->connection->bucket_alloc); 1320 1321 APR_BRIGADE_INSERT_TAIL(b, flush); 1322 rv = ap_pass_brigade(f->next, b); 1323 if (rv != APR_SUCCESS || f->c->aborted) { 1324 apr_brigade_destroy(split); 1325 return rv; 1326 } 1327 b = split; 1328 e = APR_BRIGADE_FIRST(b); 1329 1330 ctx->data_sent = 1; 1331 } 1332 eblock = APR_BLOCK_READ; 1333 continue; 1334 } 1335 else { 1336 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, 1337 "ap_content_length_filter: " 1338 "apr_bucket_read() failed"); 1339 return rv; 1340 } 1341 } 1342 else { 1343 r->bytes_sent += e->length; 1344 } 1345 e = APR_BUCKET_NEXT(e); 1346 } 1347 1348 /* If we've now seen the entire response and it's otherwise 1349 * okay to set the C-L in the response header, then do so now. 1350 * 1351 * We can only set a C-L in the response header if we haven't already 1352 * sent any buckets on to the next output filter for this request. 1353 */ 1354 if (ctx->data_sent == 0 && eos && 1355 /* don't whack the C-L if it has already been set for a HEAD 1356 * by something like proxy. the brigade only has an EOS bucket 1357 * in this case, making r->bytes_sent zero. 1358 * 1359 * if r->bytes_sent > 0 we have a (temporary) body whose length may 1360 * have been changed by a filter. the C-L header might not have been 1361 * updated so we do it here. long term it would be cleaner to have 1362 * such filters update or remove the C-L header, and just use it 1363 * if present. 1364 */ 1365 !(r->header_only && r->bytes_sent == 0 && 1366 apr_table_get(r->headers_out, "Content-Length"))) { 1367 ap_set_content_length(r, r->bytes_sent); 1368 } 1369 1370 ctx->data_sent = 1; 1371 return ap_pass_brigade(f->next, b); 1372} 1373 1374/* 1375 * Send the body of a response to the client. 1376 */ 1377AP_DECLARE(apr_status_t) ap_send_fd(apr_file_t *fd, request_rec *r, 1378 apr_off_t offset, apr_size_t len, 1379 apr_size_t *nbytes) 1380{ 1381 conn_rec *c = r->connection; 1382 apr_bucket_brigade *bb = NULL; 1383 apr_bucket *b; 1384 apr_status_t rv; 1385 1386 bb = apr_brigade_create(r->pool, c->bucket_alloc); 1387 b = apr_bucket_file_create(fd, offset, len, r->pool, c->bucket_alloc); 1388 APR_BRIGADE_INSERT_TAIL(bb, b); 1389 1390 rv = ap_pass_brigade(r->output_filters, bb); 1391 if (rv != APR_SUCCESS) { 1392 *nbytes = 0; /* no way to tell how many were actually sent */ 1393 } 1394 else { 1395 *nbytes = len; 1396 } 1397 1398 return rv; 1399} 1400 1401#if APR_HAS_MMAP 1402/* send data from an in-memory buffer */ 1403AP_DECLARE(size_t) ap_send_mmap(apr_mmap_t *mm, request_rec *r, size_t offset, 1404 size_t length) 1405{ 1406 conn_rec *c = r->connection; 1407 apr_bucket_brigade *bb = NULL; 1408 apr_bucket *b; 1409 1410 bb = apr_brigade_create(r->pool, c->bucket_alloc); 1411 b = apr_bucket_mmap_create(mm, offset, length, c->bucket_alloc); 1412 APR_BRIGADE_INSERT_TAIL(bb, b); 1413 ap_pass_brigade(r->output_filters, bb); 1414 1415 return mm->size; /* XXX - change API to report apr_status_t? */ 1416} 1417#endif /* APR_HAS_MMAP */ 1418 1419typedef struct { 1420 apr_bucket_brigade *bb; 1421} old_write_filter_ctx; 1422 1423AP_CORE_DECLARE_NONSTD(apr_status_t) ap_old_write_filter( 1424 ap_filter_t *f, apr_bucket_brigade *bb) 1425{ 1426 old_write_filter_ctx *ctx = f->ctx; 1427 1428 AP_DEBUG_ASSERT(ctx); 1429 1430 if (ctx->bb != 0) { 1431 /* whatever is coming down the pipe (we don't care), we 1432 * can simply insert our buffered data at the front and 1433 * pass the whole bundle down the chain. 1434 */ 1435 APR_BRIGADE_PREPEND(bb, ctx->bb); 1436 } 1437 1438 return ap_pass_brigade(f->next, bb); 1439} 1440 1441static apr_status_t buffer_output(request_rec *r, 1442 const char *str, apr_size_t len) 1443{ 1444 conn_rec *c = r->connection; 1445 ap_filter_t *f; 1446 old_write_filter_ctx *ctx; 1447 1448 if (len == 0) 1449 return APR_SUCCESS; 1450 1451 /* future optimization: record some flags in the request_rec to 1452 * say whether we've added our filter, and whether it is first. 1453 */ 1454 1455 /* this will typically exit on the first test */ 1456 for (f = r->output_filters; f != NULL; f = f->next) { 1457 if (ap_old_write_func == f->frec) 1458 break; 1459 } 1460 1461 if (f == NULL) { 1462 /* our filter hasn't been added yet */ 1463 ctx = apr_pcalloc(r->pool, sizeof(*ctx)); 1464 ap_add_output_filter("OLD_WRITE", ctx, r, r->connection); 1465 f = r->output_filters; 1466 } 1467 1468 /* if the first filter is not our buffering filter, then we have to 1469 * deliver the content through the normal filter chain 1470 */ 1471 if (f != r->output_filters) { 1472 apr_bucket_brigade *bb = apr_brigade_create(r->pool, c->bucket_alloc); 1473 apr_bucket *b = apr_bucket_transient_create(str, len, c->bucket_alloc); 1474 APR_BRIGADE_INSERT_TAIL(bb, b); 1475 1476 return ap_pass_brigade(r->output_filters, bb); 1477 } 1478 1479 /* grab the context from our filter */ 1480 ctx = r->output_filters->ctx; 1481 1482 if (ctx->bb == NULL) { 1483 ctx->bb = apr_brigade_create(r->pool, c->bucket_alloc); 1484 } 1485 1486 return ap_fwrite(f->next, ctx->bb, str, len); 1487} 1488 1489AP_DECLARE(int) ap_rputc(int c, request_rec *r) 1490{ 1491 char c2 = (char)c; 1492 1493 if (r->connection->aborted) { 1494 return -1; 1495 } 1496 1497 if (buffer_output(r, &c2, 1) != APR_SUCCESS) 1498 return -1; 1499 1500 return c; 1501} 1502 1503AP_DECLARE(int) ap_rputs(const char *str, request_rec *r) 1504{ 1505 apr_size_t len; 1506 1507 if (r->connection->aborted) 1508 return -1; 1509 1510 if (buffer_output(r, str, len = strlen(str)) != APR_SUCCESS) 1511 return -1; 1512 1513 return len; 1514} 1515 1516AP_DECLARE(int) ap_rwrite(const void *buf, int nbyte, request_rec *r) 1517{ 1518 if (r->connection->aborted) 1519 return -1; 1520 1521 if (buffer_output(r, buf, nbyte) != APR_SUCCESS) 1522 return -1; 1523 1524 return nbyte; 1525} 1526 1527struct ap_vrprintf_data { 1528 apr_vformatter_buff_t vbuff; 1529 request_rec *r; 1530 char *buff; 1531}; 1532 1533static apr_status_t r_flush(apr_vformatter_buff_t *buff) 1534{ 1535 /* callback function passed to ap_vformatter to be called when 1536 * vformatter needs to write into buff and buff.curpos > buff.endpos */ 1537 1538 /* ap_vrprintf_data passed as a apr_vformatter_buff_t, which is then 1539 * "downcast" to an ap_vrprintf_data */ 1540 struct ap_vrprintf_data *vd = (struct ap_vrprintf_data*)buff; 1541 1542 if (vd->r->connection->aborted) 1543 return -1; 1544 1545 /* r_flush is called when vbuff is completely full */ 1546 if (buffer_output(vd->r, vd->buff, AP_IOBUFSIZE)) { 1547 return -1; 1548 } 1549 1550 /* reset the buffer position */ 1551 vd->vbuff.curpos = vd->buff; 1552 vd->vbuff.endpos = vd->buff + AP_IOBUFSIZE; 1553 1554 return APR_SUCCESS; 1555} 1556 1557AP_DECLARE(int) ap_vrprintf(request_rec *r, const char *fmt, va_list va) 1558{ 1559 apr_size_t written; 1560 struct ap_vrprintf_data vd; 1561 char vrprintf_buf[AP_IOBUFSIZE]; 1562 1563 vd.vbuff.curpos = vrprintf_buf; 1564 vd.vbuff.endpos = vrprintf_buf + AP_IOBUFSIZE; 1565 vd.r = r; 1566 vd.buff = vrprintf_buf; 1567 1568 if (r->connection->aborted) 1569 return -1; 1570 1571 written = apr_vformatter(r_flush, &vd.vbuff, fmt, va); 1572 1573 if (written != -1) { 1574 int n = vd.vbuff.curpos - vrprintf_buf; 1575 1576 /* last call to buffer_output, to finish clearing the buffer */ 1577 if (buffer_output(r, vrprintf_buf,n) != APR_SUCCESS) 1578 return -1; 1579 1580 written += n; 1581 } 1582 1583 return written; 1584} 1585 1586AP_DECLARE_NONSTD(int) ap_rprintf(request_rec *r, const char *fmt, ...) 1587{ 1588 va_list va; 1589 int n; 1590 1591 if (r->connection->aborted) 1592 return -1; 1593 1594 va_start(va, fmt); 1595 n = ap_vrprintf(r, fmt, va); 1596 va_end(va); 1597 1598 return n; 1599} 1600 1601AP_DECLARE_NONSTD(int) ap_rvputs(request_rec *r, ...) 1602{ 1603 va_list va; 1604 const char *s; 1605 apr_size_t len; 1606 apr_size_t written = 0; 1607 1608 if (r->connection->aborted) 1609 return -1; 1610 1611 /* ### TODO: if the total output is large, put all the strings 1612 * ### into a single brigade, rather than flushing each time we 1613 * ### fill the buffer 1614 */ 1615 va_start(va, r); 1616 while (1) { 1617 s = va_arg(va, const char *); 1618 if (s == NULL) 1619 break; 1620 1621 len = strlen(s); 1622 if (buffer_output(r, s, len) != APR_SUCCESS) { 1623 return -1; 1624 } 1625 1626 written += len; 1627 } 1628 va_end(va); 1629 1630 return written; 1631} 1632 1633AP_DECLARE(int) ap_rflush(request_rec *r) 1634{ 1635 conn_rec *c = r->connection; 1636 apr_bucket_brigade *bb; 1637 apr_bucket *b; 1638 1639 bb = apr_brigade_create(r->pool, c->bucket_alloc); 1640 b = apr_bucket_flush_create(c->bucket_alloc); 1641 APR_BRIGADE_INSERT_TAIL(bb, b); 1642 if (ap_pass_brigade(r->output_filters, bb) != APR_SUCCESS) 1643 return -1; 1644 1645 return 0; 1646} 1647 1648/* 1649 * This function sets the Last-Modified output header field to the value 1650 * of the mtime field in the request structure - rationalized to keep it from 1651 * being in the future. 1652 */ 1653AP_DECLARE(void) ap_set_last_modified(request_rec *r) 1654{ 1655 if (!r->assbackwards) { 1656 apr_time_t mod_time = ap_rationalize_mtime(r, r->mtime); 1657 char *datestr = apr_palloc(r->pool, APR_RFC822_DATE_LEN); 1658 1659 apr_rfc822_date(datestr, mod_time); 1660 apr_table_setn(r->headers_out, "Last-Modified", datestr); 1661 } 1662} 1663 1664typedef struct hdr_ptr { 1665 ap_filter_t *f; 1666 apr_bucket_brigade *bb; 1667} hdr_ptr; 1668 1669static int send_header(void *data, const char *key, const char *val) 1670{ 1671 ap_fputstrs(((hdr_ptr*)data)->f, ((hdr_ptr*)data)->bb, 1672 key, ": ", val, CRLF, NULL); 1673 return 1; 1674} 1675 1676AP_DECLARE(void) ap_send_interim_response(request_rec *r, int send_headers) 1677{ 1678 hdr_ptr x; 1679 char *status_line = NULL; 1680 request_rec *rr; 1681 1682 if (r->proto_num < 1001) { 1683 /* don't send interim response to HTTP/1.0 Client */ 1684 return; 1685 } 1686 if (!ap_is_HTTP_INFO(r->status)) { 1687 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, 1688 "Status is %d - not sending interim response", r->status); 1689 return; 1690 } 1691 1692 /* if we send an interim response, we're no longer in a state of 1693 * expecting one. Also, this could feasibly be in a subrequest, 1694 * so we need to propagate the fact that we responded. 1695 */ 1696 for (rr = r; rr != NULL; rr = rr->main) { 1697 rr->expecting_100 = 0; 1698 } 1699 1700 status_line = apr_pstrcat(r->pool, AP_SERVER_PROTOCOL, " ", r->status_line, CRLF, NULL); 1701 ap_xlate_proto_to_ascii(status_line, strlen(status_line)); 1702 1703 x.f = r->connection->output_filters; 1704 x.bb = apr_brigade_create(r->pool, r->connection->bucket_alloc); 1705 1706 ap_fputs(x.f, x.bb, status_line); 1707 if (send_headers) { 1708 apr_table_do(send_header, &x, r->headers_out, NULL); 1709 apr_table_clear(r->headers_out); 1710 } 1711 ap_fputs(x.f, x.bb, CRLF); 1712 ap_fflush(x.f, x.bb); 1713 apr_brigade_destroy(x.bb); 1714} 1715 1716AP_IMPLEMENT_HOOK_RUN_ALL(int,post_read_request, 1717 (request_rec *r), (r), OK, DECLINED) 1718AP_IMPLEMENT_HOOK_RUN_ALL(int,log_transaction, 1719 (request_rec *r), (r), OK, DECLINED) 1720AP_IMPLEMENT_HOOK_RUN_FIRST(const char *,http_scheme, 1721 (const request_rec *r), (r), NULL) 1722AP_IMPLEMENT_HOOK_RUN_FIRST(unsigned short,default_port, 1723 (const request_rec *r), (r), 0) 1724