| blob | b478e15782709cda6814ab3a0e5b8f0b1181fbe1 |
1 /*
2 * mod_dontdothat.c: an Apache filter that allows you to return arbitrary
3 * errors for various types of Subversion requests.
4 *
5 * ====================================================================
6 * Copyright (c) 2006 CollabNet. All rights reserved.
7 *
8 * This software is licensed as described in the file COPYING, which
9 * you should have received as part of this distribution. The terms
10 * are also available at http://subversion.tigris.org/license-1.html.
11 * If newer versions of this license are posted there, you may use a
12 * newer version instead, at your option.
13 *
14 * This software consists of voluntary contributions made by many
15 * individuals. For exact contribution history, see the revision
16 * history and logs, available at http://subversion.tigris.org/.
17 * ====================================================================
18 */
20 #include <httpd.h>
21 #include <http_config.h>
22 #include <http_protocol.h>
23 #include <http_request.h>
24 #include <http_log.h>
25 #include <util_filter.h>
26 #include <ap_config.h>
27 #include <apr_strings.h>
29 #include <expat.h>
35 module AP_MODULE_DECLARE_DATA dontdothat_module;
44 {
51 }
54 {
57 OR_ALL,
63 };
66 STATE_BEGINNING,
67 STATE_IN_UPDATE,
68 STATE_IN_SRC_PATH,
69 STATE_IN_DST_PATH,
70 STATE_IN_RECURSIVE
74 /* Set to TRUE when we determine that the request is safe and should be
75 * allowed to continue. */
76 svn_boolean_t let_it_go;
78 /* Set to TRUE when we determine that the request is unsafe and should be
79 * stopped in its tracks. */
80 svn_boolean_t no_soup_for_you;
82 XML_Parser xmlp;
84 /* The current location in the REPORT body. */
85 parse_state_t state;
87 /* A buffer to hold CDATA we encounter. */
92 /* An array of wildcards that are special cased to be allowed. */
95 /* An array of wildcards where recursive operations are not allowed. */
98 /* TRUE if a path has failed a test already. */
99 svn_boolean_t path_failed;
101 /* An error for when we're using this as a baton while parsing config
102 * files. */
105 /* The current request. */
109 /* Return TRUE if wildcard WC matches path P, FALSE otherwise. */
110 static svn_boolean_t
112 {
114 {
116 {
121 /* It's a wild card, so eat up until the next / in p. */
125 /* If we ran out of p and we're out of wc then it matched. */
127 {
130 else
132 }
137 /* This means we hit the end of wc without running out of p. */
139 else
140 /* Or they were exactly the same length, so it's not lower. */
146 * case. */
147 else
149 }
156 }
157 }
159 static svn_boolean_t
161 {
168 /* Ok, so we need to skip past the scheme, host, etc. */
174 {
178 uri,
186 {
194 /* First check the special cases that are always legal... */
196 {
198 idx,
202 {
207 }
208 }
210 /* Then look for stuff we explicitly don't allow. */
212 {
214 idx,
218 {
223 }
224 }
225 }
226 }
229 }
231 static apr_status_t
234 ap_input_mode_t mode,
235 apr_read_type_e block,
236 apr_off_t readbytes)
237 {
239 apr_status_t rv;
252 {
255 apr_size_t len;
258 {
261 }
262 else
263 {
267 }
270 {
271 /* let_it_go so we clean up our parser, no_soup_for_you so that we
272 * bail out before bothering to parse this stuff a second time. */
275 }
277 /* If we found something that isn't allowed, set the correct status
278 * and return an error so it'll bail out before it gets anywhere it
279 * can do real damage. */
281 {
282 /* XXX maybe set up the SVN-ACTION env var so that it'll show up
283 * in the Subversion operational logs? */
286 "mod_dontdothat: client broke the rules, "
289 /* Ok, pass an error bucket and an eos bucket back to the client.
290 *
291 * NOTE: The custom error string passed here doesn't seem to be
292 * used anywhere by httpd. This is quite possibly a bug.
293 *
294 * TODO: Try and pass back a custom document body containing a
295 * serialized svn_error_t so the client displays a better
296 * error message. */
304 /* Don't forget to remove us, otherwise recursion blows the stack. */
308 }
310 {
317 }
318 }
321 }
323 static void
325 {
332 {
334 /* FALLTHROUGH */
337 /* FALLTHROUGH */
342 else
348 }
349 }
351 static void
353 {
360 /* XXX Hack. We should be doing real namespace support, but for now we
361 * just skip ahead of any namespace prefix. If someone's sending us
362 * an update-report element outside of the SVN namespace they'll get
363 * what they deserve... */
369 {
374 {
375 /* XXX it would be useful if there was a way to override this
376 * on a per-user basis... */
379 else
381 }
382 else
388 {
392 }
394 {
398 }
400 {
404 }
405 else
407 * has that link-path thing we probably need to look out
408 * for... */
413 }
414 }
416 static void
418 {
425 /* XXX Hack. We should be doing real namespace support, but for now we
426 * just skip ahead of any namespace prefix. If someone's sending us
427 * an update-report element outside of the SVN namespace they'll get
428 * what they deserve... */
434 {
458 /* If this isn't recursive we let it go. */
460 {
464 }
469 {
470 /* If we made it here without figuring out that this is
471 * nonrecursive, then the path check is our final word
472 * on the subject. */
476 else
478 }
479 else
485 }
486 }
488 static svn_boolean_t
490 {
492 {
494 {
497 }
500 }
503 }
505 static svn_boolean_t
510 {
514 {
517 else
519 NULL,
521 wildcard);
522 }
524 {
527 else
529 NULL,
531 wildcard);
532 }
533 else
534 {
536 NULL,
538 action);
539 }
543 else
545 }
547 static apr_status_t
549 {
555 }
557 static void
559 {
567 {
580 /* XXX is there a way to error out from this point? Would be nice... */
584 {
597 }
601 config_enumerator,
602 ctx,
605 {
618 }
625 clean_up_parser,
626 apr_pool_cleanup_null);
633 }
634 }
636 static void
638 {
642 dontdothat_filter,
643 NULL,
644 AP_FTYPE_RESOURCE);
645 }
647 module AP_MODULE_DECLARE_DATA dontdothat_module =
648 {
649 STANDARD20_MODULE_STUFF,
650 create_dontdothat_dir_config,
651 NULL,
652 NULL,
653 NULL,
654 dontdothat_cmds,
655 dontdothat_register_hooks
656 };