This is proxy_util.c in view mode; [Download] [Up]
/* ==================================================================== * Copyright (c) 1996,1997 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * 4. The names "Apache Server" and "Apache Group" must not be used to * endorse or promote products derived from this software without * prior written permission. * * 5. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Group and was originally based * on public domain software written at the National Center for * Supercomputing Applications, University of Illinois, Urbana-Champaign. * For more information on the Apache Group and the Apache HTTP server * project, please see <http://www.apache.org/>. * */ /* Utility routines for Apache proxy */ #include "mod_proxy.h" #include "http_main.h" #include "md5.h" #include "multithread.h" #include "http_log.h" static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r); static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r); static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r); static int proxy_match_word(struct dirconn_entry *This, request_rec *r); /* already called in the knowledge that the characters are hex digits */ int proxy_hex2c(const char *x) { int i, ch; ch = x[0]; if (isdigit(ch)) i = ch - '0'; else if (isupper(ch)) i = ch - ('A' - 10); else i = ch - ('a' - 10); i <<= 4; ch = x[1]; if (isdigit(ch)) i += ch - '0'; else if (isupper(ch)) i += ch - ('A' - 10); else i += ch - ('a' - 10); return i; } void proxy_c2hex(int ch, char *x) { int i; x[0] = '%'; i = (ch & 0xF0) >> 4; if (i >= 10) x[1] = ('A' - 10) + i; else x[1] = '0' + i; i = ch & 0x0F; if (i >= 10) x[2] = ('A' - 10) + i; else x[2] = '0' + i; } /* * canonicalise a URL-encoded string */ /* * Convert a URL-encoded string to canonical form. * It decodes characters which need not be encoded, * and encodes those which must be encoded, and does not touch * those which must not be touched. */ char * proxy_canonenc(pool *p, const char *x, int len, enum enctype t, int isenc) { int i, j, ispath, ch; char *y; const char *allowed; /* characters which should not be encoded */ const char *reserved; /* characters which much not be en/de-coded */ /* N.B. in addition to :@&=, this allows ';' in an http path * and '?' in an ftp path -- this may be revised * * Also, it makes a '+' character in a search string reserved, as * it may be form-encoded. (Although RFC 1738 doesn't allow this - * it only permits ; / ? : @ = & as reserved chars.) */ if (t == enc_path) allowed = "$-_.+!*'(),;:@&="; else if (t == enc_search) allowed = "$-_.!*'(),;:@&="; else if (t == enc_user) allowed = "$-_.+!*'(),;@&="; else if (t == enc_fpath) allowed = "$-_.+!*'(),?:@&="; else /* if (t == enc_parm) */ allowed = "$-_.+!*'(),?/:@&="; if (t == enc_path) reserved = "/"; else if (t == enc_search) reserved = "+"; else reserved = ""; y = palloc(p, 3*len+1); ispath = (t == enc_path); for (i=0, j=0; i < len; i++, j++) { /* always handle '/' first */ ch = x[i]; if (ind(reserved, ch) != -1) { y[j] = ch; continue; } /* decode it if not already done */ if (isenc && ch == '%') { if (!isxdigit(x[i+1]) || !isxdigit(x[i+2])) return NULL; ch = proxy_hex2c(&x[i+1]); i += 2; if (ch != 0 && ind(reserved, ch) != -1) { /* keep it encoded */ proxy_c2hex(ch, &y[j]); j += 2; continue; } } /* recode it, if necessary */ if (!isalnum(ch) && ind(allowed, ch) == -1) { proxy_c2hex(ch, &y[j]); j += 2; } else y[j] = ch; } y[j] = '\0'; return y; } /* * Parses network-location. * urlp on input the URL; on output the path, after the leading / * user NULL if no user/password permitted * password holder for password * host holder for host * port port number; only set if one is supplied. * * Returns an error string. */ char * proxy_canon_netloc(pool *pool, char **const urlp, char **userp, char **passwordp, char **hostp, int *port) { int i; char *p, *host, *url=*urlp; if (url[0] != '/' || url[1] != '/') return "Malformed URL"; host = url + 2; url = strchr(host, '/'); if (url == NULL) url = ""; else *(url++) = '\0'; /* skip seperating '/' */ if (userp != NULL) { char *user=NULL, *password = NULL; p = strchr(host, '@'); if (p != NULL) { *p = '\0'; user = host; host = p + 1; /* find password */ p = strchr(user, ':'); if (p != NULL) { *p = '\0'; password = proxy_canonenc(pool, p+1, strlen(p+1), enc_user, 1); if (password == NULL) return "Bad %-escape in URL (password)"; } user = proxy_canonenc(pool, user, strlen(user), enc_user, 1); if (user == NULL) return "Bad %-escape in URL (username)"; } *userp = user; *passwordp = password; } p = strchr(host, ':'); if (p != NULL) { *(p++) = '\0'; for (i=0; p[i] != '\0'; i++) if (!isdigit(p[i])) break; if (i == 0 || p[i] != '\0') return "Bad port number in URL"; *port = atoi(p); if (*port > 65535) return "Port number in URL > 65535"; } str_tolower(host); /* DNS names are case-insensitive */ if (*host == '\0') return "Missing host in URL"; /* check hostname syntax */ for (i=0; host[i] != '\0'; i++) if (!isdigit(host[i]) && host[i] != '.') break; /* must be an IP address */ #ifdef WIN32 if (host[i] == '\0' && (inet_addr(host) == -1)) #else if (host[i] == '\0' && (inet_addr(host) == -1 || inet_network(host) == -1)) #endif { return "Bad IP address in URL"; } /* if (strchr(host,'.') == NULL && domain != NULL) host = pstrcat(pool, host, domain, NULL); */ *urlp = url; *hostp = host; return NULL; } static const char *lwday[7]= {"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"}; static const char *wday[7]= {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"}; static const char *months[12]= {"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"}; /* * If the date is a valid RFC 850 date or asctime() date, then it * is converted to the RFC 1123 format, otherwise it is not modified. * This routine is not very fast at doing conversions, as it uses * sscanf and sprintf. However, if the date is already correctly * formatted, then it exits very quickly. */ char * proxy_date_canon(pool *p, char *x) { int wk, mday, year, hour, min, sec, mon; char *q, month[4], zone[4], week[4]; q = strchr(x, ','); /* check for RFC 850 date */ if (q != NULL && q - x > 3 && q[1] == ' ') { *q = '\0'; for (wk=0; wk < 7; wk++) if (strcmp(x, lwday[wk]) == 0) break; *q = ','; if (wk == 7) return x; /* not a valid date */ if (q[4] != '-' || q[8] != '-' || q[11] != ' ' || q[14] != ':' || q[17] != ':' || strcmp(&q[20], " GMT") != 0) return x; if (sscanf(q+2, "%u-%3s-%u %u:%u:%u %3s", &mday, month, &year, &hour, &min, &sec, zone) != 7) return x; if (year < 70) year += 2000; else year += 1900; } else { /* check for acstime() date */ if (x[3] != ' ' || x[7] != ' ' || x[10] != ' ' || x[13] != ':' || x[16] != ':' || x[19] != ' ' || x[24] != '\0') return x; if (sscanf(x, "%3s %3s %u %u:%u:%u %u", week, month, &mday, &hour, &min, &sec, &year) != 7) return x; for (wk=0; wk < 7; wk++) if (strcmp(week, wday[wk]) == 0) break; if (wk == 7) return x; } /* check date */ for (mon=0; mon < 12; mon++) if (strcmp(month, months[mon]) == 0) break; if (mon == 12) return x; if (strlen(x) < 31) x = palloc(p, 31); ap_snprintf(x, strlen(x)+1, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", wday[wk], mday, months[mon], year, hour, min, sec); return x; } /* * Reads headers from a buffer and returns an array of headers. * Returns NULL on file error */ array_header * proxy_read_headers(pool *pool, char *buffer, int size, BUFF *f) { int gotcr, len, i, j; array_header *resp_hdrs; struct hdr_entry *hdr; char *p; resp_hdrs = make_array(pool, 10, sizeof(struct hdr_entry)); hdr = NULL; gotcr = 1; for (;;) { len = bgets(buffer, size, f); if (len == -1) return NULL; if (len == 0) break; if (buffer[len-1] == '\n') { buffer[--len] = '\0'; i = 1; } else i = 0; if (!gotcr || buffer[0] == ' ' || buffer[0] == '\t') { /* a continuation header */ if (hdr == NULL) { /* error!! */ if (!i) { i = bskiplf(f); if (i == -1) return NULL; } gotcr = 1; continue; } hdr->value = pstrcat(pool, hdr->value, buffer, NULL); } else if (gotcr && len == 0) break; else { p = strchr(buffer, ':'); if (p == NULL) { /* error!! */ if (!gotcr) { i = bskiplf(f); if (i == -1) return NULL; } gotcr = 1; hdr = NULL; continue; } hdr = push_array(resp_hdrs); *(p++) = '\0'; hdr->field = pstrdup(pool, buffer); while (*p == ' ' || *p == '\t') p++; hdr->value = pstrdup(pool, p); gotcr = i; } } hdr = (struct hdr_entry *)resp_hdrs->elts; for (i=0; i < resp_hdrs->nelts; i++) { p = hdr[i].value; j = strlen(p); while (j > 0 && (p[j-1] == ' ' || p[j-1] == '\t')) j--; p[j] = '\0'; } return resp_hdrs; } long int proxy_send_fb(BUFF *f, request_rec *r, BUFF *f2, struct cache_req *c) { char buf[IOBUFSIZE]; long total_bytes_sent; register int n,o,w; conn_rec *con = r->connection; total_bytes_sent = 0; /* Since we are reading from one buffer and writing to another, * it is unsafe to do a soft_timeout here, at least until the proxy * has its own timeout handler which can set both buffers to EOUT. */ hard_timeout("proxy send body", r); while (!con->aborted && f != NULL) { n = bread(f, buf, IOBUFSIZE); if (n == -1) /* input error */ { if (f2 != NULL) f2 = proxy_cache_error(c); break; } if (n == 0) break; /* EOF */ o=0; total_bytes_sent += n; if (f2 != NULL) if (bwrite(f2, buf, n) != n) f2 = proxy_cache_error(c); while(n && !con->aborted) { w = bwrite(con->client, &buf[o], n); if (w <= 0) { if (f2 != NULL) { pclosef(c->req->pool, c->fp->fd); c->fp = NULL; f2 = NULL; con->aborted = 1; unlink(c->tempfile); } break; } reset_timeout(r); /* reset timeout after successful write */ n-=w; o+=w; } } if (!con->aborted) bflush(con->client); kill_timeout(r); return total_bytes_sent; } /* * Read a header from the array, returning the first entry */ struct hdr_entry * proxy_get_header(array_header *hdrs_arr, const char *name) { struct hdr_entry *hdrs; int i; hdrs = (struct hdr_entry *)hdrs_arr->elts; for (i = 0; i < hdrs_arr->nelts; i++) if (hdrs[i].field != NULL && strcasecmp(name, hdrs[i].field) == 0) return &hdrs[i]; return NULL; } /* * Add to the header reply, either concatenating, or replacing existin * headers. It stores the pointers provided, so make sure the data * is not subsequently overwritten */ struct hdr_entry * proxy_add_header(array_header *hdrs_arr, char *field, char *value, int rep) { int i; struct hdr_entry *hdrs; hdrs = (struct hdr_entry *)hdrs_arr->elts; if (rep) for (i = 0; i < hdrs_arr->nelts; i++) if (hdrs[i].field != NULL && strcasecmp(field, hdrs[i].field) == 0) { hdrs[i].value = value; return hdrs; } hdrs = push_array(hdrs_arr); hdrs->field = field; hdrs->value = value; return hdrs; } void proxy_del_header(array_header *hdrs_arr, const char *field) { int i; struct hdr_entry *hdrs; hdrs = (struct hdr_entry *)hdrs_arr->elts; for (i = 0; i < hdrs_arr->nelts; i++) if (hdrs[i].field != NULL && strcasecmp(field, hdrs[i].field) == 0) hdrs[i].value = NULL; } /* * Sends response line and headers * A timeout should be set before calling this routine. */ void proxy_send_headers(BUFF *fp, const char *respline, array_header *hdrs_arr) { struct hdr_entry *hdrs; int i; hdrs = (struct hdr_entry *)hdrs_arr->elts; bputs(respline, fp); bputs("\015\012", fp); for (i = 0; i < hdrs_arr->nelts; i++) { if (hdrs[i].field == NULL) continue; bvputs(fp, hdrs[i].field, ": ", hdrs[i].value, "\015\012", NULL); } bputs("\015\012", fp); } /* * list is a comma-separated list of case-insensitive tokens, with * optional whitespace around the tokens. * The return returns 1 if the token val is found in the list, or 0 * otherwise. */ int proxy_liststr(const char *list, const char *val) { int len, i; const char *p; len = strlen(val); while (list != NULL) { p = strchr(list, ','); if (p != NULL) { i = p - list; do p++; while (isspace(*p)); } else i = strlen(list); while (i > 0 && isspace(list[i-1])) i--; if (i == len && strncasecmp(list, val, len) == 0) return 1; list = p; } return 0; } #ifdef WIN32 /* * On NT, the file system is NOT case sensitive. So, a == A * need to map to smaller set of characters */ void proxy_hash(const char *it, char *val,int ndepth,int nlength) { MD5_CTX context; unsigned char digest[16]; char tmp[26]; int i, k, d; unsigned int x; static const char table[32]= "abcdefghijklmnopqrstuvwxyz012345"; MD5Init(&context); MD5Update(&context, (const unsigned char *)it, strlen(it)); MD5Final(digest, &context); /* encode 128 bits as 26 characters, using a modified uuencoding */ /* the encoding is 5 bytes -> 8 characters * i.e. 128 bits is 3 x 5 bytes + 1 byte -> 3 * 8 characters + 2 characters */ for (i=0, k=0; i < 15; i += 5) { x = (digest[i] << 24) | (digest[i+1] << 16) | (digest[i+2] << 8) | digest[i+3]; tmp[k++] = table[x >> 27]; tmp[k++] = table[(x >> 22) & 0x1f]; tmp[k++] = table[(x >> 17) & 0x1f]; tmp[k++] = table[(x >> 12) & 0x1f]; tmp[k++] = table[(x >> 7) & 0x1f]; tmp[k++] = table[(x >> 2) & 0x1f]; x = ((x & 0x3) << 8) | digest[i+4]; tmp[k++] = table[x >> 5]; tmp[k++] = table[x & 0x1f]; } /* one byte left */ x = digest[15]; tmp[k++] = table[x >> 3]; /* use up 5 bits */ tmp[k++] = table[x & 0x7]; /* now split into directory levels */ for(i=k=d=0 ; d < ndepth ; ++d) { strncpy(&val[i],&tmp[k],nlength); k+=nlength; val[i+nlength]='/'; i+=nlength+1; } memcpy(&val[i],&tmp[k],22-k); val[i+22-k]='\0'; } #else void proxy_hash(const char *it, char *val,int ndepth,int nlength) { MD5_CTX context; unsigned char digest[16]; char tmp[22]; int i, k, d; unsigned int x; static const char table[64]= "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_@"; MD5Init(&context); MD5Update(&context, (const unsigned char *)it, strlen(it)); MD5Final(digest, &context); /* encode 128 bits as 22 characters, using a modified uuencoding */ /* the encoding is 3 bytes -> 4 characters * i.e. 128 bits is 5 x 3 bytes + 1 byte -> 5 * 4 characters + 2 characters */ for (i=0, k=0; i < 15; i += 3) { x = (digest[i] << 16) | (digest[i+1] << 8) | digest[i+2]; tmp[k++] = table[x >> 18]; tmp[k++] = table[(x >> 12) & 0x3f]; tmp[k++] = table[(x >> 6) & 0x3f]; tmp[k++] = table[x & 0x3f]; } /* one byte left */ x = digest[15]; tmp[k++] = table[x >> 2]; /* use up 6 bits */ tmp[k++] = table[(x << 4) & 0x3f]; /* now split into directory levels */ for(i=k=d=0 ; d < ndepth ; ++d) { strncpy(&val[i],&tmp[k],nlength); k+=nlength; val[i+nlength]='/'; i+=nlength+1; } memcpy(&val[i],&tmp[k],22-k); val[i+22-k]='\0'; } #endif /* WIN32 */ /* * Converts 8 hex digits to a time integer */ int proxy_hex2sec(const char *x) { int i, ch; unsigned int j; for (i=0, j=0; i < 8; i++) { ch = x[i]; j <<= 4; if (isdigit(ch)) j |= ch - '0'; else if (isupper(ch)) j |= ch - ('A' - 10); else j |= ch - ('a' - 10); } if (j == 0xffffffff) return -1; /* so that it works with 8-byte ints */ else return j; } /* * Converts a time integer to 8 hex digits */ void proxy_sec2hex(int t, char *y) { int i, ch; unsigned int j=t; for (i=7; i >= 0; i--) { ch = j & 0xF; j >>= 4; if (ch >= 10) y[i] = ch + ('A' - 10); else y[i] = ch + '0'; } y[8] = '\0'; } void proxy_log_uerror(const char *routine, const char *file, const char *err, server_rec *s) { char *p, *q; q = get_time(); p = strerror(errno); if (err != NULL) { fprintf(s->error_log, "[%s] %s\n", q, err); if (file != NULL) fprintf(s->error_log, "- %s: %s: %s\n", routine, file, p); else fprintf(s->error_log, "- %s: %s\n", routine, p); } else { if (file != NULL) fprintf(s->error_log, "[%s] %s: %s: %s\n", q, routine, file, p); else fprintf(s->error_log, "[%s] %s: %s\n", q, routine, p); } fflush(s->error_log); } BUFF * proxy_cache_error(struct cache_req *c) { proxy_log_uerror("write", c->tempfile, "proxy: error writing to cache file", c->req->server); pclosef(c->req->pool, c->fp->fd); c->fp = NULL; unlink(c->tempfile); return NULL; } int proxyerror(request_rec *r, const char *message) { r->status = SERVER_ERROR; r->status_line = "500 Proxy Error"; r->content_type = "text/html"; send_http_header(r); soft_timeout("proxy error", r); rvputs(r, "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\015\012\ <html><head><title>Proxy Error</title><head>\015\012<body><h1>Proxy Error\ </h1>\015\012The proxy server could not handle this request.\ \015\012<p>\015\012Reason: <b>", message, "</b>\015\012</body><html>\015\012", NULL); kill_timeout(r); return OK; } /* * This routine returns its own error message */ const char * proxy_host2addr(const char *host, struct hostent *reqhp) { int i; struct hostent *hp; static APACHE_TLS struct hostent hpbuf; static APACHE_TLS u_long ipaddr; static APACHE_TLS char* charpbuf[2]; for (i=0; host[i] != '\0'; i++) if (!isdigit(host[i]) && host[i] != '.') break; if (host[i] != '\0') { hp = gethostbyname(host); if (hp == NULL) return "Host not found"; } else { ipaddr = inet_addr(host); hp = gethostbyaddr((char *)&ipaddr, sizeof(u_long), AF_INET); if (hp == NULL) { memset(&hpbuf, 0, sizeof(hpbuf)); hpbuf.h_name = 0; hpbuf.h_addrtype = AF_INET; hpbuf.h_length = sizeof(u_long); hpbuf.h_addr_list = charpbuf; hpbuf.h_addr_list[0] = (char*)&ipaddr; hpbuf.h_addr_list[1] = 0; hp = &hpbuf; } } memcpy(reqhp, hp, sizeof(struct hostent)); return NULL; } char * proxy_get_host_of_request(request_rec *r) { char *url, *user = NULL, *password = NULL, *err, *host; int port = -1; if (r->hostname != NULL) return r->hostname; /* Set url to the first char after "scheme://" */ if ((url = strchr(r->uri,':')) == NULL || url[1] != '/' || url[2] != '/') return NULL; url = pstrdup(r->pool, &url[1]); /* make it point to "//", which is what proxy_canon_netloc expects */ err = proxy_canon_netloc(r->pool, &url, &user, &password, &host, &port); if (err != NULL) log_error(err, r->server); r->hostname = host; return host; /* ought to return the port, too */ } /* Return TRUE if addr represents an IP address (or an IP network address)*/ int proxy_is_ipaddr(struct dirconn_entry *This) { const char *addr = This->name; unsigned long ip_addr[4]; int i,quads; unsigned long bits; /* if the address is given with an explicit netmask, use that */ /* Due to a deficiency in inet_addr(), it is impossible to parse */ /* "partial" addresses (with less than 4 quads) correctly, i.e. */ /* 192.168.123 is parsed as 192.168.0.123, which is not what I want. */ /* I therefore have to parse the IP address manually: */ /*if (proxy_readmask(This->name, &This->addr.s_addr, &This->mask.s_addr) == 0)*/ /* addr and mask were set by proxy_readmask() */ /*return 1;*/ /* Parse IP addr manually, optionally allowing */ /* abbreviated net addresses like 192.168. */ /* quads = sscanf(what, "%d.%d.%d.%d", &ip_addr[0], &ip_addr[1], &ip_addr[2], &ip_addr[3]); commented out: use of strtok() allows arbitrary base, like in: 139.25.113.10 == 0x8b.0x19.0x71.0x0a (yes, inet_addr() can parse that, too!) */ /* Iterate over up to 4 (dotted) quads. */ for (quads=0; quads<4 && *addr != '\0'; ++quads) { char *tmp; if (*addr == '/' && quads > 0) /* netmask starts here. */ break; if (!isdigit(*addr)) return 0; /* no digit at start of quad */ ip_addr[quads] = strtoul(addr, &tmp, 0); if (tmp == addr) /* expected a digit, found something else */ return 0; addr = tmp; if (*addr == '.' && quads != 3) ++addr; /* after the 4th quad, a dot would be illegal */ } for (This->addr.s_addr = 0, i=0; i<quads; ++i) This->addr.s_addr |= htonl(ip_addr[i] << (24 - 8*i)); if (addr[0] == '/' && isdigit(addr[1])) /* net mask follows: */ { char *tmp; ++addr; bits = strtoul(addr, &tmp, 0); if (tmp == addr) /* expected a digit, found something else */ return 0; addr = tmp; if (bits > 32) /* netmask must be between 0 and 32 */ return 0; } else { /* Determine (i.e., "guess") netmask by counting the */ /* number of trailing .0's; reduce #quads appropriately */ /* (so that 192.168.0.0 is equivalent to 192.168.) */ while (quads > 0 && ip_addr[quads-1] == 0) --quads; /* "IP Address should be given in dotted-quad form, optionally followed by a netmask (e.g., 192.168.111.0/24)"; */ if (quads < 1) return 0; /* every zero-byte counts as 8 zero-bits */ bits = 8*quads; if (bits != 32) /* no warning for fully qualified IP address */ fprintf(stderr,"Warning: NetMask not supplied with IP-Addr; guessing: %s/%ld\n", inet_ntoa(This->addr), bits); } This->mask.s_addr = htonl(INADDR_NONE << (32 - bits)); if (*addr == '\0' && (This->addr.s_addr & ~This->mask.s_addr) != 0) { fprintf(stderr,"Warning: NetMask and IP-Addr disagree in %s/%ld\n", inet_ntoa(This->addr), bits); This->addr.s_addr &= This->mask.s_addr; fprintf(stderr," Set to %s/%ld\n", inet_ntoa(This->addr), bits); } if (*addr == '\0') { This->matcher = proxy_match_ipaddr; return 1; } else return (*addr == '\0'); /* okay iff we've parsed the whole string */ } /* Return TRUE if addr represents an IP address (or an IP network address)*/ static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r) { int i; int ip_addr[4]; struct in_addr addr; struct in_addr *ip_list; const char *found; const char *host = proxy_get_host_of_request(r); memset (&addr, '\0', sizeof addr); memset (ip_addr, '\0', sizeof ip_addr); if ( 4 == sscanf(host, "%d.%d.%d.%d", &ip_addr[0], &ip_addr[1], &ip_addr[2], &ip_addr[3])) { for (addr.s_addr = 0, i=0; i<4; ++i) addr.s_addr |= htonl(ip_addr[i] << (24 - 8*i)); if (This->addr.s_addr == (addr.s_addr & This->mask.s_addr)) { #if DEBUGGING fprintf(stderr,"1)IP-Match: %s[%s] <-> ", host, inet_ntoa(addr)); fprintf(stderr,"%s/", inet_ntoa(This->addr)); fprintf(stderr,"%s\n", inet_ntoa(This->mask)); #endif return 1; } #if DEBUGGING else { fprintf(stderr,"1)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(addr)); fprintf(stderr,"%s/", inet_ntoa(This->addr)); fprintf(stderr,"%s\n", inet_ntoa(This->mask)); } #endif } else { struct hostent the_host; memset (&the_host, '\0', sizeof the_host); found = proxy_host2addr(host, &the_host); if ( found != NULL ) { #if DEBUGGING fprintf(stderr,"2)IP-NoMatch: hostname=%s msg=%s\n", host, found); #endif return 0; } if (the_host.h_name != NULL) found = the_host.h_name; else found = host; /* Try to deal with multiple IP addr's for a host */ for (ip_list = (struct in_addr *) *the_host.h_addr_list; ip_list->s_addr != 0UL; ++ip_list) if (This->addr.s_addr == (ip_list->s_addr & This->mask.s_addr)) { #if DEBUGGING fprintf(stderr,"3)IP-Match: %s[%s] <-> ", found, inet_ntoa(*ip_list)); fprintf(stderr,"%s/", inet_ntoa(This->addr)); fprintf(stderr,"%s\n", inet_ntoa(This->mask)); #endif return 1; } #if DEBUGGING else { fprintf(stderr,"3)IP-NoMatch: %s[%s] <-> ", found, inet_ntoa(*ip_list)); fprintf(stderr,"%s/", inet_ntoa(This->addr)); fprintf(stderr,"%s\n", inet_ntoa(This->mask)); } #endif } /* Use net math to determine if a host lies in a subnet */ /*return This->addr.s_addr == (r->connection->remote_addr.sin_addr.s_addr & This->mask.s_addr);*/ return 0; } /* Return TRUE if addr represents a domain name */ int proxy_is_domainname(struct dirconn_entry *This) { char *addr = This->name; int i; /* Domain name must start with a '.' */ if (addr[0] != '.') return 0; /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */ for (i=0; isalnum(addr[i]) || addr[i]=='-' || addr[i]=='.'; ++i) ; if (addr[i] == ':') { fprintf(stderr,"@@@@ handle optional port in proxy_is_domainname()\n"); /* @@@@ handle optional port */ } if (addr[i] != '\0') return 0; /* Strip trailing dots */ for (i=strlen(addr)-1; i>0 && addr[i] == '.'; --i) addr[i] = '\0'; This->matcher = proxy_match_domainname; return 1; } /* Return TRUE if host "host" is in domain "domain" */ static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r) { const char *host = proxy_get_host_of_request(r); int d_len=strlen(This->name), h_len; if (host == NULL) /* some error was logged already */ return 0; h_len = strlen(host); /* @@@ do this within the setup? */ /* Ignore trailing dots in domain comparison: */ while (d_len > 0 && This->name[d_len-1] == '.') --d_len; while (h_len > 0 && host[h_len-1] == '.') --h_len; return h_len > d_len && strncasecmp(&host[h_len-d_len], This->name, d_len) == 0; } /* Return TRUE if addr represents a host name */ int proxy_is_hostname(struct dirconn_entry *This) { char *addr = This->name; int i; /* Host names must not start with a '.' */ if (addr[0] == '.') return 0; /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */ for (i=0; isalnum(addr[i]) || addr[i]=='-' || addr[i]=='.'; ++i) ; if (addr[i] == ':') { fprintf(stderr,"@@@@ handle optional port in proxy_is_hostname()\n"); /* @@@@ handle optional port */ } if (addr[i] != '\0' || proxy_host2addr(addr, &This->hostlist) != NULL) return 0; /* Strip trailing dots */ for (i=strlen(addr)-1; i>0 && addr[i] == '.'; --i) addr[i] = '\0'; This->matcher = proxy_match_hostname; return 1; } /* Return TRUE if host "host" is equal to host2 "host2" */ static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r) { char *host = This->name; char *host2 = proxy_get_host_of_request(r); int h2_len=strlen(host2); int h1_len=strlen(host); #if 0 unsigned long *ip_list; /* Try to deal with multiple IP addr's for a host */ for (ip_list = *This->hostlist.h_addr_list; *ip_list != 0UL; ++ip_list) if (*ip_list == ?????????????) return 1; #endif /* Ignore trailing dots in host2 comparison: */ while (h2_len > 0 && host2[h2_len-1] == '.') --h2_len; while (h1_len > 0 && host[h1_len-1] == '.') --h1_len; return h1_len == h2_len && strncasecmp(host, host2, h1_len) == 0; } /* Return TRUE if addr is to be matched as a word */ int proxy_is_word(struct dirconn_entry *This) { This->matcher = proxy_match_word; return 1; } /* Return TRUE if string "str2" occurs literally in "str1" */ static int proxy_match_word(struct dirconn_entry *This, request_rec *r) { char *host = proxy_get_host_of_request(r); return host != NULL && strstr(host, This->name) != NULL; } int proxy_doconnect(int sock, struct sockaddr_in *addr, request_rec *r) { int i; hard_timeout("proxy connect", r); do { i = connect(sock, (struct sockaddr *)addr, sizeof(struct sockaddr_in)); #ifdef WIN32 if(i == SOCKET_ERROR) errno = WSAGetLastError() - WSABASEERR; #endif /* WIN32 */ } while (i == -1 && errno == EINTR); if (i == -1) proxy_log_uerror("connect", NULL, NULL, r->server); kill_timeout(r); return i; }
These are the contents of the former NiCE NeXT User Group NeXTSTEP/OpenStep software archive, currently hosted by Netfuture.ch.