| blob | 1fd4bb3d4daf69377d7d24b5ef45c6aa34043982 |
1 /*
2 * mod_dontdothat.c: an Apache filter that allows you to return arbitrary
3 * errors for various types of Subversion requests.
4 *
5 * ====================================================================
6 * Copyright (c) 2006 CollabNet. All rights reserved.
7 *
8 * This software is licensed as described in the file COPYING, which
9 * you should have received as part of this distribution. The terms
10 * are also available at http://subversion.tigris.org/license-1.html.
11 * If newer versions of this license are posted there, you may use a
12 * newer version instead, at your option.
13 *
14 * This software consists of voluntary contributions made by many
15 * individuals. For exact contribution history, see the revision
16 * history and logs, available at http://subversion.tigris.org/.
17 * ====================================================================
18 */
20 #include <httpd.h>
21 #include <http_config.h>
22 #include <http_protocol.h>
23 #include <http_request.h>
24 #include <http_log.h>
25 #include <util_filter.h>
26 #include <ap_config.h>
27 #include <apr_strings.h>
29 #include <expat.h>
35 module AP_MODULE_DECLARE_DATA dontdothat_module;
43 {
49 }
52 {
55 OR_ALL,
58 };
61 STATE_BEGINNING,
62 STATE_IN_UPDATE,
63 STATE_IN_SRC_PATH,
64 STATE_IN_DST_PATH,
65 STATE_IN_RECURSIVE
69 /* Set to TRUE when we determine that the request is safe and should be
70 * allowed to continue. */
71 svn_boolean_t let_it_go;
73 /* Set to TRUE when we determine that the request is unsafe and should be
74 * stopped in its tracks. */
75 svn_boolean_t no_soup_for_you;
77 XML_Parser xmlp;
79 /* The current location in the REPORT body. */
80 parse_state_t state;
82 /* A buffer to hold CDATA we encounter. */
87 /* An array of wildcards that are special cased to be allowed. */
90 /* An array of wildcards where recursive operations are not allowed. */
93 /* TRUE if a path has failed a test already. */
94 svn_boolean_t path_failed;
96 /* An error for when we're using this as a baton while parsing config
97 * files. */
100 /* The current request. */
104 /* Return TRUE if wildcard WC matches path P, FALSE otherwise. */
105 static svn_boolean_t
107 {
109 {
111 {
116 /* It's a wild card, so eat up until the next / in p. */
120 /* If we ran out of p and we're out of wc then it matched. */
122 {
125 else
127 }
132 /* This means we hit the end of wc without running out of p. */
134 else
135 /* Or they were exactly the same length, so it's not lower. */
141 * case. */
142 else
144 }
151 }
152 }
154 static svn_boolean_t
156 {
163 /* Ok, so we need to skip past the scheme, host, etc. */
169 {
173 uri,
181 {
189 /* First check the special cases that are always legal... */
191 {
193 idx,
197 {
202 }
203 }
205 /* Then look for stuff we explicitly don't allow. */
207 {
209 idx,
213 {
218 }
219 }
220 }
221 }
224 }
226 static apr_status_t
229 ap_input_mode_t mode,
230 apr_read_type_e block,
231 apr_off_t readbytes)
232 {
234 apr_status_t rv;
247 {
250 apr_size_t len;
253 {
256 }
257 else
258 {
262 }
265 {
266 /* let_it_go so we clean up our parser, no_soup_for_you so that we
267 * bail out before bothering to parse this stuff a second time. */
270 }
272 /* If we found something that isn't allowed, set the correct status
273 * and return an error so it'll bail out before it gets anywhere it
274 * can do real damage. */
276 {
277 /* XXX maybe set up the SVN-ACTION env var so that it'll show up
278 * in the Subversion operational logs? */
281 "mod_dontdothat: client broke the rules, "
284 /* Ok, pass an error bucket and an eos bucket back to the client.
285 *
286 * NOTE: The custom error string passed here doesn't seem to be
287 * used anywhere by httpd. This is quite possibly a bug.
288 *
289 * TODO: Try and pass back a custom document body containing a
290 * serialized svn_error_t so the client displays a better
291 * error message. */
299 /* Don't forget to remove us, otherwise recursion blows the stack. */
303 }
305 {
312 }
313 }
316 }
318 static void
320 {
327 {
329 /* FALLTHROUGH */
332 /* FALLTHROUGH */
337 else
343 }
344 }
346 static void
348 {
355 /* XXX Hack. We should be doing real namespace support, but for now we
356 * just skip ahead of any namespace prefix. If someone's sending us
357 * an update-report element outside of the SVN namespace they'll get
358 * what they deserve... */
364 {
369 {
370 /* XXX it would be useful if there was a way to override this
371 * on a per-user basis... */
374 else
376 }
377 else
383 {
387 }
389 {
393 }
395 {
399 }
400 else
402 * has that link-path thing we probably need to look out
403 * for... */
408 }
409 }
411 static void
413 {
420 /* XXX Hack. We should be doing real namespace support, but for now we
421 * just skip ahead of any namespace prefix. If someone's sending us
422 * an update-report element outside of the SVN namespace they'll get
423 * what they deserve... */
429 {
453 /* If this isn't recursive we let it go. */
455 {
459 }
464 {
465 /* If we made it here without figuring out that this is
466 * nonrecursive, then the path check is our final word
467 * on the subject. */
471 else
473 }
474 else
480 }
481 }
483 static svn_boolean_t
485 {
487 {
489 {
492 }
495 }
498 }
500 static svn_boolean_t
505 {
509 {
512 else
514 NULL,
516 wildcard);
517 }
519 {
522 else
524 NULL,
526 wildcard);
527 }
528 else
529 {
531 NULL,
533 action);
534 }
538 else
540 }
542 static apr_status_t
544 {
550 }
552 static void
554 {
562 {
575 /* XXX is there a way to error out from this point? Would be nice... */
579 {
592 }
596 config_enumerator,
597 ctx,
600 {
613 }
620 clean_up_parser,
621 apr_pool_cleanup_null);
628 }
629 }
631 static void
633 {
637 dontdothat_filter,
638 NULL,
639 AP_FTYPE_RESOURCE);
640 }
642 module AP_MODULE_DECLARE_DATA dontdothat_module =
643 {
644 STANDARD20_MODULE_STUFF,
645 create_dontdothat_dir_config,
646 NULL,
647 NULL,
648 NULL,
649 dontdothat_cmds,
650 dontdothat_register_hooks
651 };