-const char urlmatch_rcs[] = "$Id: urlmatch.c JGF $";
+const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.58 2009/06/03 16:44:41 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/urlmatch.c,v $
* Purpose : Declares functions to match URLs against URL
* patterns.
*
- * Copyright : Written by and Copyright (C) 2001 the SourceForge
- * IJBSWA team. http://ijbswa.sourceforge.net
+ * Copyright : Written by and Copyright (C) 2001-2009
+ * the Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* or write to the Free Software Foundation, Inc., 59
* Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
- * Revisions :
- * $Log: urlmatch.c,v $
- *
*********************************************************************/
-\f
+
#include "config.h"
const char urlmatch_h_rcs[] = URLMATCH_H_VERSION;
-/* Fix a problem with Solaris. There should be no effect on other
- * platforms.
- * Solaris's isspace() is a macro which uses it's argument directly
- * as an array index. Therefore we need to make sure that high-bit
- * characters generate +ve values, and ideally we also want to make
- * the argument match the declared parameter type of "int".
- *
- * Why did they write a character function that can't take a simple
- * "char" argument? Doh!
- */
-#define ijb_isupper(__X) isupper((int)(unsigned char)(__X))
-#define ijb_tolower(__X) tolower((int)(unsigned char)(__X))
-
+enum regex_anchoring
+{
+ NO_ANCHORING,
+ LEFT_ANCHORED,
+ RIGHT_ANCHORED,
+ RIGHT_ANCHORED_HOST
+};
+static jb_err compile_host_pattern(struct url_spec *url, const char *host_pattern);
/*********************************************************************
*
assert(http);
freez(http->cmd);
+ freez(http->ocmd);
freez(http->gpc);
freez(http->host);
freez(http->url);
freez(http->path);
freez(http->ver);
freez(http->host_ip_addr_str);
+#ifndef FEATURE_EXTENDED_HOST_PATTERNS
freez(http->dbuffer);
freez(http->dvec);
http->dcount = 0;
+#endif
+}
+
+
+#ifndef FEATURE_EXTENDED_HOST_PATTERNS
+/*********************************************************************
+ *
+ * Function : init_domain_components
+ *
+ * Description : Splits the domain name so we can compare it
+ * against wildcards. It used to be part of
+ * parse_http_url, but was separated because the
+ * same code is required in chat in case of
+ * intercepted requests.
+ *
+ * Parameters :
+ * 1 : http = pointer to the http structure to hold elements.
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out of memory
+ * JB_ERR_PARSE on malformed command/URL
+ * or >100 domains deep.
+ *
+ *********************************************************************/
+jb_err init_domain_components(struct http_request *http)
+{
+ char *vec[BUFFER_SIZE];
+ size_t size;
+ char *p;
+
+ http->dbuffer = strdup(http->host);
+ if (NULL == http->dbuffer)
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ /* map to lower case */
+ for (p = http->dbuffer; *p ; p++)
+ {
+ *p = (char)tolower((int)(unsigned char)*p);
+ }
+
+ /* split the domain name into components */
+ http->dcount = ssplit(http->dbuffer, ".", vec, SZ(vec), 1, 1);
+
+ if (http->dcount <= 0)
+ {
+ /*
+ * Error: More than SZ(vec) components in domain
+ * or: no components in domain
+ */
+ log_error(LOG_LEVEL_ERROR, "More than SZ(vec) components in domain or none at all.");
+ return JB_ERR_PARSE;
+ }
+
+ /* save a copy of the pointers in dvec */
+ size = (size_t)http->dcount * sizeof(*http->dvec);
+
+ http->dvec = (char **)malloc(size);
+ if (NULL == http->dvec)
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ memcpy(http->dvec, vec, size);
+
+ return JB_ERR_OK;
}
+#endif /* ndef FEATURE_EXTENDED_HOST_PATTERNS */
/*********************************************************************
* Parameters :
* 1 : url = URL (or is it URI?) to break down
* 2 : http = pointer to the http structure to hold elements.
- * Will be zeroed before use. Note that this
- * function sets the http->gpc and http->ver
- * members to NULL.
- * 3 : csp = Current client state (buffers, headers, etc...)
+ * Must be initialized with valid values (like NULLs).
+ * 3 : require_protocol = Whether or not URLs without
+ * protocol are acceptable.
*
* Returns : JB_ERR_OK on success
* JB_ERR_MEMORY on out of memory
- * JB_ERR_CGI_PARAMS on malformed command/URL
- * or >100 domains deep.
+ * JB_ERR_PARSE on malformed command/URL
+ * or >100 domains deep.
*
*********************************************************************/
-jb_err parse_http_url(const char * url,
- struct http_request *http,
- struct client_state *csp)
+jb_err parse_http_url(const char *url, struct http_request *http, int require_protocol)
{
- /*
- * Zero out the results structure
- */
- memset(http, '\0', sizeof(*http));
-
+ int host_available = 1; /* A proxy can dream. */
/*
* Save our initial URL
}
+ /*
+ * Check for * URI. If found, we're done.
+ */
+ if (*http->url == '*')
+ {
+ if ( NULL == (http->path = strdup("*"))
+ || NULL == (http->hostport = strdup("")) )
+ {
+ return JB_ERR_MEMORY;
+ }
+ if (http->url[1] != '\0')
+ {
+ return JB_ERR_PARSE;
+ }
+ return JB_ERR_OK;
+ }
+
+
/*
* Split URL into protocol,hostport,path.
*/
if (strncmpic(url_noproto, "http://", 7) == 0)
{
url_noproto += 7;
- http->ssl = 0;
}
else if (strncmpic(url_noproto, "https://", 8) == 0)
{
+ /*
+ * Should only happen when called from cgi_show_url_info().
+ */
url_noproto += 8;
http->ssl = 1;
}
- else
+ else if (*url_noproto == '/')
+ {
+ /*
+ * Short request line without protocol and host.
+ * Most likely because the client's request
+ * was intercepted and redirected into Privoxy.
+ */
+ http->host = NULL;
+ host_available = 0;
+ }
+ else if (require_protocol)
{
- http->ssl = 0;
+ freez(buf);
+ return JB_ERR_PARSE;
}
url_path = strchr(url_noproto, '/');
http->hostport = strdup(url_noproto);
}
- free(buf);
+ freez(buf);
if ( (http->path == NULL)
|| (http->hostport == NULL))
{
- free(buf);
- free_http_request(http);
return JB_ERR_MEMORY;
}
}
+ if (!host_available)
+ {
+ /* Without host, there is nothing left to do here */
+ return JB_ERR_OK;
+ }
/*
* Split hostport into user/password (ignored), host, port.
buf = strdup(http->hostport);
if (buf == NULL)
{
- free_http_request(http);
return JB_ERR_MEMORY;
}
host = buf;
}
+ /* Move after hostname before port number */
+ if (*host == '[')
+ {
+ /* Numeric IPv6 address delimited by brackets */
+ host++;
+ port = strchr(host, ']');
+
+ if (port == NULL)
+ {
+ /* Missing closing bracket */
+ freez(buf);
+ return JB_ERR_PARSE;
+ }
+
+ *port++ = '\0';
+
+ if (*port == '\0')
+ {
+ port = NULL;
+ }
+ else if (*port != ':')
+ {
+ /* Garbage after closing bracket */
+ freez(buf);
+ return JB_ERR_PARSE;
+ }
+ }
+ else
+ {
+ /* Plain non-escaped hostname */
+ port = strchr(host, ':');
+ }
+
/* check if url contains port */
- port = strchr(host, ':');
if (port != NULL)
{
/* Contains port */
else
{
/* No port specified. */
- http->port = (http->ssl ? 143 : 80);
+ http->port = (http->ssl ? 443 : 80);
}
http->host = strdup(host);
- free(buf);
+ freez(buf);
if (http->host == NULL)
{
- free_http_request(http);
return JB_ERR_MEMORY;
}
}
+#ifdef FEATURE_EXTENDED_HOST_PATTERNS
+ return JB_ERR_OK;
+#else
+ /* Split domain name so we can compare it against wildcards */
+ return init_domain_components(http);
+#endif /* def FEATURE_EXTENDED_HOST_PATTERNS */
- /*
- * Split domain name so we can compare it against wildcards
- */
- {
- char *vec[BUFFER_SIZE];
- int size;
- char *p;
-
- http->dbuffer = strdup(http->host);
- if (NULL == http->dbuffer)
- {
- free_http_request(http);
- return JB_ERR_MEMORY;
- }
-
- /* map to lower case */
- for (p = http->dbuffer; *p ; p++)
- {
- *p = tolower((int)(unsigned char)*p);
- }
-
- /* split the domain name into components */
- http->dcount = ssplit(http->dbuffer, ".", vec, SZ(vec), 1, 1);
+}
- if (http->dcount <= 0)
- {
- // Error: More than SZ(vec) components in domain
- // or: no components in domain
- free_http_request(http);
- return JB_ERR_PARSE;
- }
- /* save a copy of the pointers in dvec */
- size = http->dcount * sizeof(*http->dvec);
+/*********************************************************************
+ *
+ * Function : unknown_method
+ *
+ * Description : Checks whether a method is unknown.
+ *
+ * Parameters :
+ * 1 : method = points to a http method
+ *
+ * Returns : TRUE if it's unknown, FALSE otherwise.
+ *
+ *********************************************************************/
+static int unknown_method(const char *method)
+{
+ static const char *known_http_methods[] = {
+ /* Basic HTTP request type */
+ "GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS", "TRACE", "CONNECT",
+ /* webDAV extensions (RFC2518) */
+ "PROPFIND", "PROPPATCH", "MOVE", "COPY", "MKCOL", "LOCK", "UNLOCK",
+ /*
+ * Microsoft webDAV extension for Exchange 2000. See:
+ * http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html
+ * http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp
+ */
+ "BCOPY", "BMOVE", "BDELETE", "BPROPFIND", "BPROPPATCH",
+ /*
+ * Another Microsoft webDAV extension for Exchange 2000. See:
+ * http://systems.cs.colorado.edu/grunwald/MobileComputing/Papers/draft-cohen-gena-p-base-00.txt
+ * http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html
+ * http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp
+ */
+ "SUBSCRIBE", "UNSUBSCRIBE", "NOTIFY", "POLL",
+ /*
+ * Yet another WebDAV extension, this time for
+ * Web Distributed Authoring and Versioning (RFC3253)
+ */
+ "VERSION-CONTROL", "REPORT", "CHECKOUT", "CHECKIN", "UNCHECKOUT",
+ "MKWORKSPACE", "UPDATE", "LABEL", "MERGE", "BASELINE-CONTROL", "MKACTIVITY",
+ };
+ int i;
- http->dvec = (char **)malloc(size);
- if (NULL == http->dvec)
+ for (i = 0; i < SZ(known_http_methods); i++)
+ {
+ if (0 == strcmpic(method, known_http_methods[i]))
{
- free_http_request(http);
- return JB_ERR_MEMORY;
+ return FALSE;
}
-
- memcpy(http->dvec, vec, size);
}
+ return TRUE;
- return JB_ERR_OK;
}
* Parameters :
* 1 : req = HTTP request line to break down
* 2 : http = pointer to the http structure to hold elements
- * 3 : csp = Current client state (buffers, headers, etc...)
*
* Returns : JB_ERR_OK on success
* JB_ERR_MEMORY on out of memory
* or >100 domains deep.
*
*********************************************************************/
-jb_err parse_http_request(const char *req,
- struct http_request *http,
- struct client_state *csp)
+jb_err parse_http_request(const char *req, struct http_request *http)
{
char *buf;
- char *v[10];
+ char *v[10]; /* XXX: Why 10? We should only need three. */
int n;
jb_err err;
- int is_connect = 0;
memset(http, '\0', sizeof(*http));
n = ssplit(buf, " \r\n", v, SZ(v), 1, 1);
if (n != 3)
{
- free(buf);
+ freez(buf);
return JB_ERR_PARSE;
}
- /* this could be a CONNECT request */
- if (strcmpic(v[0], "connect") == 0)
- {
- /* Secure */
- is_connect = 1;
- }
- /* or it could be any other basic HTTP request type */
- else if ((0 == strcmpic(v[0], "get"))
- || (0 == strcmpic(v[0], "head"))
- || (0 == strcmpic(v[0], "post"))
- || (0 == strcmpic(v[0], "put"))
- || (0 == strcmpic(v[0], "delete"))
-
- /* or a webDAV extension (RFC2518) */
- || (0 == strcmpic(v[0], "propfind"))
- || (0 == strcmpic(v[0], "proppatch"))
- || (0 == strcmpic(v[0], "move"))
- || (0 == strcmpic(v[0], "copy"))
- || (0 == strcmpic(v[0], "mkcol"))
- || (0 == strcmpic(v[0], "lock"))
- || (0 == strcmpic(v[0], "unlock"))
- )
- {
- /* Normal */
- is_connect = 0;
+ /*
+ * Fail in case of unknown methods
+ * which we might not handle correctly.
+ *
+ * XXX: There should be a config option
+ * to forward requests with unknown methods
+ * anyway. Most of them don't need special
+ * steps.
+ */
+ if (unknown_method(v[0]))
+ {
+ log_error(LOG_LEVEL_ERROR, "Unknown HTTP method detected: %s", v[0]);
+ freez(buf);
+ return JB_ERR_PARSE;
}
- else
+
+ if (strcmpic(v[2], "HTTP/1.1") && strcmpic(v[2], "HTTP/1.0"))
{
- /* Unknown HTTP method */
- free(buf);
+ log_error(LOG_LEVEL_ERROR, "The only supported HTTP "
+ "versions are 1.0 and 1.1. This rules out: %s", v[2]);
+ freez(buf);
return JB_ERR_PARSE;
}
- err = parse_http_url(v[1], http, csp);
+ http->ssl = !strcmpic(v[0], "CONNECT");
+
+ err = parse_http_url(v[1], http, !http->ssl);
if (err)
{
- free(buf);
+ freez(buf);
return err;
}
/*
* Copy the details into the structure
*/
- http->ssl = is_connect;
http->cmd = strdup(req);
http->gpc = strdup(v[0]);
http->ver = strdup(v[2]);
+ freez(buf);
+
if ( (http->cmd == NULL)
|| (http->gpc == NULL)
|| (http->ver == NULL) )
{
- free(buf);
- free_http_request(http);
return JB_ERR_MEMORY;
}
return JB_ERR_OK;
+
}
/*********************************************************************
*
- * Function : simple_domaincmp
+ * Function : compile_pattern
*
- * Description : Domain-wise Compare fqdn's. The comparison is
- * both left- and right-anchored. The individual
- * domain names are compared with simplematch().
- * This is only used by domain_match.
+ * Description : Compiles a host, domain or TAG pattern.
*
* Parameters :
- * 1 : pv = array of patterns to compare
- * 2 : fv = array of domain components to compare
- * 3 : len = length of the arrays (both arrays are the
- * same length - if they weren't, it couldn't
- * possibly be a match).
+ * 1 : pattern = The pattern to compile.
+ * 2 : anchoring = How the regex should be modified
+ * before compilation. Can be either
+ * one of NO_ANCHORING, LEFT_ANCHORED,
+ * RIGHT_ANCHORED or RIGHT_ANCHORED_HOST.
+ * 3 : url = In case of failures, the spec member is
+ * logged and the structure freed.
+ * 4 : regex = Where the compiled regex should be stored.
*
- * Returns : 0 => domains are equivalent, else no match.
+ * Returns : JB_ERR_OK - Success
+ * JB_ERR_MEMORY - Out of memory
+ * JB_ERR_PARSE - Cannot parse regex
*
*********************************************************************/
-static int simple_domaincmp(char **pv, char **fv, int len)
+static jb_err compile_pattern(const char *pattern, enum regex_anchoring anchoring,
+ struct url_spec *url, regex_t **regex)
{
- int n;
+ int errcode;
+ char rebuf[BUFFER_SIZE];
+ const char *fmt = NULL;
- for (n = 0; n < len; n++)
+ assert(pattern);
+ assert(strlen(pattern) < sizeof(rebuf) - 2);
+
+ if (pattern[0] == '\0')
{
- if (simplematch(pv[n], fv[n]))
+ *regex = NULL;
+ return JB_ERR_OK;
+ }
+
+ switch (anchoring)
+ {
+ case NO_ANCHORING:
+ fmt = "%s";
+ break;
+ case RIGHT_ANCHORED:
+ fmt = "%s$";
+ break;
+ case RIGHT_ANCHORED_HOST:
+ fmt = "%s\\.?$";
+ break;
+ case LEFT_ANCHORED:
+ fmt = "^%s";
+ break;
+ default:
+ log_error(LOG_LEVEL_FATAL,
+ "Invalid anchoring in compile_pattern %d", anchoring);
+ }
+
+ *regex = zalloc(sizeof(**regex));
+ if (NULL == *regex)
+ {
+ free_url_spec(url);
+ return JB_ERR_MEMORY;
+ }
+
+ snprintf(rebuf, sizeof(rebuf), fmt, pattern);
+
+ errcode = regcomp(*regex, rebuf, (REG_EXTENDED|REG_NOSUB|REG_ICASE));
+
+ if (errcode)
+ {
+ size_t errlen = regerror(errcode, *regex, rebuf, sizeof(rebuf));
+ if (errlen > (sizeof(rebuf) - (size_t)1))
{
- return 1;
+ errlen = sizeof(rebuf) - (size_t)1;
}
+ rebuf[errlen] = '\0';
+ log_error(LOG_LEVEL_ERROR, "error compiling %s from %s: %s",
+ pattern, url->spec, rebuf);
+ free_url_spec(url);
+
+ return JB_ERR_PARSE;
}
- return 0;
+ return JB_ERR_OK;
}
/*********************************************************************
*
- * Function : domain_match
+ * Function : compile_url_pattern
*
- * Description : Domain-wise Compare fqdn's. Governed by the bimap in
- * pattern->unachored, the comparison is un-, left-,
- * right-anchored, or both.
- * The individual domain names are compared with
- * simplematch().
+ * Description : Compiles the three parts of an URL pattern.
*
* Parameters :
- * 1 : pattern = a domain that may contain a '*' as a wildcard.
- * 2 : fqdn = domain name against which the patterns are compared.
+ * 1 : url = Target url_spec to be filled in.
+ * 2 : buf = The url pattern to compile. Will be messed up.
*
- * Returns : 0 => domains are equivalent, else no match.
+ * Returns : JB_ERR_OK - Success
+ * JB_ERR_MEMORY - Out of memory
+ * JB_ERR_PARSE - Cannot parse regex
*
*********************************************************************/
-static int domain_match(const struct url_spec *pattern, const struct http_request *fqdn)
+static jb_err compile_url_pattern(struct url_spec *url, char *buf)
{
- char **pv, **fv; /* vectors */
- int plen, flen;
- int unanchored = pattern->unanchored & (ANCHOR_RIGHT | ANCHOR_LEFT);
-
- plen = pattern->dcount;
- flen = fqdn->dcount;
-
- if (flen < plen)
- {
- /* fqdn is too short to match this pattern */
- return 1;
- }
-
- pv = pattern->dvec;
- fv = fqdn->dvec;
+ char *p;
- if (unanchored == ANCHOR_LEFT)
+ p = strchr(buf, '/');
+ if (NULL != p)
{
/*
- * Right anchored.
- *
- * Convert this into a fully anchored pattern with
- * the fqdn and pattern the same length
+ * Only compile the regex if it consists of more than
+ * a single slash, otherwise it wouldn't affect the result.
*/
- fv += (flen - plen); /* flen - plen >= 0 due to check above */
- return simple_domaincmp(pv, fv, plen);
+ if (p[1] != '\0')
+ {
+ /*
+ * XXX: does it make sense to compile the slash at the beginning?
+ */
+ jb_err err = compile_pattern(p, LEFT_ANCHORED, url, &url->preg);
+
+ if (JB_ERR_OK != err)
+ {
+ return err;
+ }
+ }
+ *p = '\0';
}
- else if (unanchored == 0)
+
+ /*
+ * IPv6 numeric hostnames can contain colons, thus we need
+ * to delimit the hostname before the real port separator.
+ * As brackets are already used in the hostname pattern,
+ * we use angle brackets ('<', '>') instead.
+ */
+ if ((buf[0] == '<') && (NULL != (p = strchr(buf + 1, '>'))))
{
- /* Fully anchored, check length */
- if (flen != plen)
+ *p++ = '\0';
+ buf++;
+
+ if (*p == '\0')
{
- return 1;
+ /* IPv6 address without port number */
+ p = NULL;
+ }
+ else if (*p != ':')
+ {
+ /* Garbage after address delimiter */
+ return JB_ERR_PARSE;
}
- return simple_domaincmp(pv, fv, plen);
}
- else if (unanchored == ANCHOR_RIGHT)
+ else
{
- /* Left anchored, ignore all extra in fqdn */
- return simple_domaincmp(pv, fv, plen);
+ p = strchr(buf, ':');
}
- else
+
+ if (NULL != p)
{
- /* Unanchored */
- int n;
- int maxn = flen - plen;
- for (n = 0; n <= maxn; n++)
+ *p++ = '\0';
+ url->port_list = strdup(p);
+ if (NULL == url->port_list)
{
- if (!simple_domaincmp(pv, fv, plen))
- {
- return 0;
- }
- /*
- * Doesn't match from start of fqdn
- * Try skipping first part of fqdn
- */
- fv++;
+ return JB_ERR_MEMORY;
}
- return 1;
+ }
+ else
+ {
+ url->port_list = NULL;
+ }
+
+ if (buf[0] != '\0')
+ {
+ return compile_host_pattern(url, buf);
}
+ return JB_ERR_OK;
+
}
+#ifdef FEATURE_EXTENDED_HOST_PATTERNS
/*********************************************************************
*
- * Function : create_url_spec
+ * Function : compile_host_pattern
*
- * Description : Creates a "url_spec" structure from a string.
- * When finished, free with unload_url().
+ * Description : Parses and compiles a host pattern..
*
* Parameters :
- * 1 : url = Target url_spec to be filled in. Must be
- * zeroed out before the call (e.g. using zalloc).
- * 2 : buf = Source pattern, null terminated. NOTE: The
- * contents of this buffer are destroyed by this
- * function. If this function succeeds, the
- * buffer is copied to url->spec. If this
- * function fails, the contents of the buffer
- * are lost forever.
+ * 1 : url = Target url_spec to be filled in.
+ * 2 : host_pattern = Host pattern to compile.
*
* Returns : JB_ERR_OK - Success
* JB_ERR_MEMORY - Out of memory
- * JB_ERR_PARSE - Cannot parse regex (Detailed message
- * written to system log)
+ * JB_ERR_PARSE - Cannot parse regex
+ *
+ *********************************************************************/
+static jb_err compile_host_pattern(struct url_spec *url, const char *host_pattern)
+{
+ return compile_pattern(host_pattern, RIGHT_ANCHORED_HOST, url, &url->host_regex);
+}
+
+#else
+
+/*********************************************************************
+ *
+ * Function : compile_host_pattern
+ *
+ * Description : Parses and "compiles" an old-school host pattern.
+ *
+ * Parameters :
+ * 1 : url = Target url_spec to be filled in.
+ * 2 : host_pattern = Host pattern to parse.
+ *
+ * Returns : JB_ERR_OK - Success
+ * JB_ERR_MEMORY - Out of memory
+ * JB_ERR_PARSE - Cannot parse regex
*
*********************************************************************/
-jb_err create_url_spec(struct url_spec * url, const char * buf)
+static jb_err compile_host_pattern(struct url_spec *url, const char *host_pattern)
{
+ char *v[150];
+ size_t size;
char *p;
- assert(url);
- assert(buf);
+ /*
+ * Parse domain part
+ */
+ if (host_pattern[strlen(host_pattern) - 1] == '.')
+ {
+ url->unanchored |= ANCHOR_RIGHT;
+ }
+ if (host_pattern[0] == '.')
+ {
+ url->unanchored |= ANCHOR_LEFT;
+ }
- /* save a copy of the orignal specification */
- if ((url->spec = strdup(buf)) == NULL)
+ /*
+ * Split domain into components
+ */
+ url->dbuffer = strdup(host_pattern);
+ if (NULL == url->dbuffer)
{
+ free_url_spec(url);
return JB_ERR_MEMORY;
}
- if ((p = strchr(buf, '/')))
+ /*
+ * Map to lower case
+ */
+ for (p = url->dbuffer; *p ; p++)
{
- if (NULL == (url->path = strdup(p)))
- {
- freez(url->spec);
- return JB_ERR_MEMORY;
- }
- url->pathlen = strlen(url->path);
- *p = '\0';
+ *p = (char)tolower((int)(unsigned char)*p);
}
- else
+
+ /*
+ * Split the domain name into components
+ */
+ url->dcount = ssplit(url->dbuffer, ".", v, SZ(v), 1, 1);
+
+ if (url->dcount < 0)
{
- url->path = NULL;
- url->pathlen = 0;
+ free_url_spec(url);
+ return JB_ERR_MEMORY;
}
-#ifdef REGEX
- if (url->path)
+ else if (url->dcount != 0)
{
- int errcode;
- char rebuf[BUFFER_SIZE];
-
- if (NULL == (url->preg = zalloc(sizeof(*url->preg))))
+ /*
+ * Save a copy of the pointers in dvec
+ */
+ size = (size_t)url->dcount * sizeof(*url->dvec);
+
+ url->dvec = (char **)malloc(size);
+ if (NULL == url->dvec)
{
- freez(url->spec);
- freez(url->path);
+ free_url_spec(url);
return JB_ERR_MEMORY;
}
- sprintf(rebuf, "^(%s)", url->path);
+ memcpy(url->dvec, v, size);
+ }
+ /*
+ * else dcount == 0 in which case we needn't do anything,
+ * since dvec will never be accessed and the pattern will
+ * match all domains.
+ */
+ return JB_ERR_OK;
+}
- errcode = regcomp(url->preg, rebuf,
- (REG_EXTENDED|REG_NOSUB|REG_ICASE));
- if (errcode)
- {
- size_t errlen = regerror(errcode,
- url->preg, rebuf, sizeof(rebuf));
- if (errlen > (sizeof(rebuf) - (size_t)1))
+/*********************************************************************
+ *
+ * Function : simplematch
+ *
+ * Description : String matching, with a (greedy) '*' wildcard that
+ * stands for zero or more arbitrary characters and
+ * character classes in [], which take both enumerations
+ * and ranges.
+ *
+ * Parameters :
+ * 1 : pattern = pattern for matching
+ * 2 : text = text to be matched
+ *
+ * Returns : 0 if match, else nonzero
+ *
+ *********************************************************************/
+static int simplematch(const char *pattern, const char *text)
+{
+ const unsigned char *pat = (const unsigned char *)pattern;
+ const unsigned char *txt = (const unsigned char *)text;
+ const unsigned char *fallback = pat;
+ int wildcard = 0;
+
+ unsigned char lastchar = 'a';
+ unsigned i;
+ unsigned char charmap[32];
+
+ while (*txt)
+ {
+
+ /* EOF pattern but !EOF text? */
+ if (*pat == '\0')
+ {
+ if (wildcard)
+ {
+ pat = fallback;
+ }
+ else
{
- errlen = sizeof(rebuf) - (size_t)1;
+ return 1;
}
- rebuf[errlen] = '\0';
+ }
- log_error(LOG_LEVEL_ERROR, "error compiling %s: %s",
- url->spec, rebuf);
+ /* '*' in the pattern? */
+ if (*pat == '*')
+ {
+
+ /* The pattern ends afterwards? Speed up the return. */
+ if (*++pat == '\0')
+ {
+ return 0;
+ }
+
+ /* Else, set wildcard mode and remember position after '*' */
+ wildcard = 1;
+ fallback = pat;
+ }
- freez(url->spec);
- freez(url->path);
- freez(url->preg);
+ /* Character range specification? */
+ if (*pat == '[')
+ {
+ memset(charmap, '\0', sizeof(charmap));
- return JB_ERR_PARSE;
- }
- }
-#endif
- if ((p = strchr(buf, ':')) == NULL)
- {
- url->port = 0;
- }
- else
- {
- *p++ = '\0';
- url->port = atoi(p);
- }
+ while (*++pat != ']')
+ {
+ if (!*pat)
+ {
+ return 1;
+ }
+ else if (*pat == '-')
+ {
+ if ((*++pat == ']') || *pat == '\0')
+ {
+ return(1);
+ }
+ for (i = lastchar; i <= *pat; i++)
+ {
+ charmap[i / 8] |= (unsigned char)(1 << (i % 8));
+ }
+ }
+ else
+ {
+ charmap[*pat / 8] |= (unsigned char)(1 << (*pat % 8));
+ lastchar = *pat;
+ }
+ }
+ } /* -END- if Character range specification */
- if (buf[0] != '\0')
- {
- char *v[150];
- int size;
- /* Parse domain part */
- if (buf[strlen(buf) - 1] == '.')
+ /*
+ * Char match, or char range match?
+ */
+ if ( (*pat == *txt)
+ || (*pat == '?')
+ || ((*pat == ']') && (charmap[*txt / 8] & (1 << (*txt % 8)))) )
{
- url->unanchored |= ANCHOR_RIGHT;
+ /*
+ * Sucess: Go ahead
+ */
+ pat++;
}
- if (buf[0] == '.')
+ else if (!wildcard)
{
- url->unanchored |= ANCHOR_LEFT;
+ /*
+ * No match && no wildcard: No luck
+ */
+ return 1;
}
-
- /* split domain into components */
-
- url->dbuffer = strdup(buf);
- if (NULL == url->dbuffer)
+ else if (pat != fallback)
{
- freez(url->spec);
- freez(url->path);
-#ifdef REGEX
- freez(url->preg);
-#endif /* def REGEX */
- return JB_ERR_MEMORY;
+ /*
+ * Increment text pointer if in char range matching
+ */
+ if (*pat == ']')
+ {
+ txt++;
+ }
+ /*
+ * Wildcard mode && nonmatch beyond fallback: Rewind pattern
+ */
+ pat = fallback;
+ /*
+ * Restart matching from current text pointer
+ */
+ continue;
}
+ txt++;
+ }
+
+ /* Cut off extra '*'s */
+ if(*pat == '*') pat++;
+
+ /* If this is the pattern's end, fine! */
+ return(*pat);
+
+}
+
- /* map to lower case */
- for (p = url->dbuffer; *p ; p++)
+/*********************************************************************
+ *
+ * Function : simple_domaincmp
+ *
+ * Description : Domain-wise Compare fqdn's. The comparison is
+ * both left- and right-anchored. The individual
+ * domain names are compared with simplematch().
+ * This is only used by domain_match.
+ *
+ * Parameters :
+ * 1 : pv = array of patterns to compare
+ * 2 : fv = array of domain components to compare
+ * 3 : len = length of the arrays (both arrays are the
+ * same length - if they weren't, it couldn't
+ * possibly be a match).
+ *
+ * Returns : 0 => domains are equivalent, else no match.
+ *
+ *********************************************************************/
+static int simple_domaincmp(char **pv, char **fv, int len)
+{
+ int n;
+
+ for (n = 0; n < len; n++)
+ {
+ if (simplematch(pv[n], fv[n]))
{
- *p = tolower((int)(unsigned char)*p);
+ return 1;
}
+ }
- /* split the domain name into components */
- url->dcount = ssplit(url->dbuffer, ".", v, SZ(v), 1, 1);
+ return 0;
+
+}
- if (url->dcount < 0)
+
+/*********************************************************************
+ *
+ * Function : domain_match
+ *
+ * Description : Domain-wise Compare fqdn's. Governed by the bimap in
+ * pattern->unachored, the comparison is un-, left-,
+ * right-anchored, or both.
+ * The individual domain names are compared with
+ * simplematch().
+ *
+ * Parameters :
+ * 1 : pattern = a domain that may contain a '*' as a wildcard.
+ * 2 : fqdn = domain name against which the patterns are compared.
+ *
+ * Returns : 0 => domains are equivalent, else no match.
+ *
+ *********************************************************************/
+static int domain_match(const struct url_spec *pattern, const struct http_request *fqdn)
+{
+ char **pv, **fv; /* vectors */
+ int plen, flen;
+ int unanchored = pattern->unanchored & (ANCHOR_RIGHT | ANCHOR_LEFT);
+
+ plen = pattern->dcount;
+ flen = fqdn->dcount;
+
+ if (flen < plen)
+ {
+ /* fqdn is too short to match this pattern */
+ return 1;
+ }
+
+ pv = pattern->dvec;
+ fv = fqdn->dvec;
+
+ if (unanchored == ANCHOR_LEFT)
+ {
+ /*
+ * Right anchored.
+ *
+ * Convert this into a fully anchored pattern with
+ * the fqdn and pattern the same length
+ */
+ fv += (flen - plen); /* flen - plen >= 0 due to check above */
+ return simple_domaincmp(pv, fv, plen);
+ }
+ else if (unanchored == 0)
+ {
+ /* Fully anchored, check length */
+ if (flen != plen)
{
- freez(url->spec);
- freez(url->path);
-#ifdef REGEX
- freez(url->preg);
-#endif /* def REGEX */
- freez(url->dbuffer);
- url->dcount = 0;
- return JB_ERR_MEMORY;
+ return 1;
}
- else if (url->dcount != 0)
+ return simple_domaincmp(pv, fv, plen);
+ }
+ else if (unanchored == ANCHOR_RIGHT)
+ {
+ /* Left anchored, ignore all extra in fqdn */
+ return simple_domaincmp(pv, fv, plen);
+ }
+ else
+ {
+ /* Unanchored */
+ int n;
+ int maxn = flen - plen;
+ for (n = 0; n <= maxn; n++)
{
-
- /* save a copy of the pointers in dvec */
- size = url->dcount * sizeof(*url->dvec);
-
- url->dvec = (char **)malloc(size);
- if (NULL == url->dvec)
+ if (!simple_domaincmp(pv, fv, plen))
{
- freez(url->spec);
- freez(url->path);
-#ifdef REGEX
- freez(url->preg);
-#endif /* def REGEX */
- freez(url->dbuffer);
- url->dcount = 0;
- return JB_ERR_MEMORY;
+ return 0;
}
-
- memcpy(url->dvec, v, size);
+ /*
+ * Doesn't match from start of fqdn
+ * Try skipping first part of fqdn
+ */
+ fv++;
}
+ return 1;
}
- return JB_ERR_OK;
+}
+#endif /* def FEATURE_EXTENDED_HOST_PATTERNS */
+
+/*********************************************************************
+ *
+ * Function : create_url_spec
+ *
+ * Description : Creates a "url_spec" structure from a string.
+ * When finished, free with free_url_spec().
+ *
+ * Parameters :
+ * 1 : url = Target url_spec to be filled in. Will be
+ * zeroed before use.
+ * 2 : buf = Source pattern, null terminated. NOTE: The
+ * contents of this buffer are destroyed by this
+ * function. If this function succeeds, the
+ * buffer is copied to url->spec. If this
+ * function fails, the contents of the buffer
+ * are lost forever.
+ *
+ * Returns : JB_ERR_OK - Success
+ * JB_ERR_MEMORY - Out of memory
+ * JB_ERR_PARSE - Cannot parse regex (Detailed message
+ * written to system log)
+ *
+ *********************************************************************/
+jb_err create_url_spec(struct url_spec *url, char *buf)
+{
+ assert(url);
+ assert(buf);
+
+ memset(url, '\0', sizeof(*url));
+
+ /* Remember the original specification for the CGI pages. */
+ url->spec = strdup(buf);
+ if (NULL == url->spec)
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ /* Is it a tag pattern? */
+ if (0 == strncmpic("TAG:", url->spec, 4))
+ {
+ /* The pattern starts with the first character after "TAG:" */
+ const char *tag_pattern = buf + 4;
+ return compile_pattern(tag_pattern, NO_ANCHORING, url, &url->tag_regex);
+ }
+
+ /* If it isn't a tag pattern it must be an URL pattern. */
+ return compile_url_pattern(url, buf);
}
if (url == NULL) return;
freez(url->spec);
+#ifdef FEATURE_EXTENDED_HOST_PATTERNS
+ if (url->host_regex)
+ {
+ regfree(url->host_regex);
+ freez(url->host_regex);
+ }
+#else
freez(url->dbuffer);
freez(url->dvec);
- freez(url->path);
-#ifdef REGEX
+ url->dcount = 0;
+#endif /* ndef FEATURE_EXTENDED_HOST_PATTERNS */
+ freez(url->port_list);
if (url->preg)
{
regfree(url->preg);
freez(url->preg);
}
+ if (url->tag_regex)
+ {
+ regfree(url->tag_regex);
+ freez(url->tag_regex);
+ }
+}
+
+
+/*********************************************************************
+ *
+ * Function : port_matches
+ *
+ * Description : Compares a port against a port list.
+ *
+ * Parameters :
+ * 1 : port = The port to check.
+ * 2 : port_list = The list of port to compare with.
+ *
+ * Returns : TRUE for yes, FALSE otherwise.
+ *
+ *********************************************************************/
+static int port_matches(const int port, const char *port_list)
+{
+ return ((NULL == port_list) || match_portlist(port_list, port));
+}
+
+
+/*********************************************************************
+ *
+ * Function : host_matches
+ *
+ * Description : Compares a host against a host pattern.
+ *
+ * Parameters :
+ * 1 : url = The URL to match
+ * 2 : pattern = The URL pattern
+ *
+ * Returns : TRUE for yes, FALSE otherwise.
+ *
+ *********************************************************************/
+static int host_matches(const struct http_request *http,
+ const struct url_spec *pattern)
+{
+#ifdef FEATURE_EXTENDED_HOST_PATTERNS
+ return ((NULL == pattern->host_regex)
+ || (0 == regexec(pattern->host_regex, http->host, 0, NULL, 0)));
+#else
+ return ((NULL == pattern->dbuffer) || (0 == domain_match(pattern, http)));
#endif
+}
+
+/*********************************************************************
+ *
+ * Function : path_matches
+ *
+ * Description : Compares a path against a path pattern.
+ *
+ * Parameters :
+ * 1 : path = The path to match
+ * 2 : pattern = The URL pattern
+ *
+ * Returns : TRUE for yes, FALSE otherwise.
+ *
+ *********************************************************************/
+static int path_matches(const char *path, const struct url_spec *pattern)
+{
+ return ((NULL == pattern->preg)
+ || (0 == regexec(pattern->preg, path, 0, NULL, 0)));
}
* 1 : pattern = a URL pattern
* 2 : url = URL to match
*
- * Returns : 0 iff the URL matches the pattern, else nonzero.
+ * Returns : Nonzero if the URL matches the pattern, else 0.
*
*********************************************************************/
int url_match(const struct url_spec *pattern,
- const struct http_request *url)
+ const struct http_request *http)
{
- return ((pattern->port == 0) || (pattern->port == url->port))
- && ((pattern->dbuffer == NULL) || (domain_match(pattern, url) == 0))
- && ((pattern->path == NULL) ||
-#ifdef REGEX
- (regexec(pattern->preg, url->path, 0, NULL, 0) == 0)
-#else
- (strncmp(pattern->path, url->path, pattern->pathlen) == 0)
-#endif
- );
+ if (pattern->tag_regex != NULL)
+ {
+ /* It's a tag pattern and shouldn't be matched against URLs */
+ return 0;
+ }
+
+ return (port_matches(http->port, pattern->port_list)
+ && host_matches(http, pattern) && path_matches(http->path, pattern));
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : match_portlist
+ *
+ * Description : Check if a given number is covered by a comma
+ * separated list of numbers and ranges (a,b-c,d,..)
+ *
+ * Parameters :
+ * 1 : portlist = String with list
+ * 2 : port = port to check
+ *
+ * Returns : 0 => no match
+ * 1 => match
+ *
+ *********************************************************************/
+int match_portlist(const char *portlist, int port)
+{
+ char *min, *max, *next, *portlist_copy;
+
+ min = portlist_copy = strdup(portlist);
+
+ /*
+ * Zero-terminate first item and remember offset for next
+ */
+ if (NULL != (next = strchr(portlist_copy, (int) ',')))
+ {
+ *next++ = '\0';
+ }
+
+ /*
+ * Loop through all items, checking for match
+ */
+ while (NULL != min)
+ {
+ if (NULL == (max = strchr(min, (int) '-')))
+ {
+ /*
+ * No dash, check for equality
+ */
+ if (port == atoi(min))
+ {
+ freez(portlist_copy);
+ return(1);
+ }
+ }
+ else
+ {
+ /*
+ * This is a range, so check if between min and max,
+ * or, if max was omitted, between min and 65K
+ */
+ *max++ = '\0';
+ if(port >= atoi(min) && port <= (atoi(max) ? atoi(max) : 65535))
+ {
+ freez(portlist_copy);
+ return(1);
+ }
+
+ }
+
+ /*
+ * Jump to next item
+ */
+ min = next;
+
+ /*
+ * Zero-terminate next item and remember offset for n+1
+ */
+ if ((NULL != next) && (NULL != (next = strchr(next, (int) ','))))
+ {
+ *next++ = '\0';
+ }
+ }
+
+ freez(portlist_copy);
+ return 0;
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : parse_forwarder_address
+ *
+ * Description : Parse out the host and port from a forwarder address.
+ *
+ * Parameters :
+ * 1 : address = The forwarder address to parse.
+ * 2 : hostname = Used to return the hostname. NULL on error.
+ * 3 : port = Used to return the port. Untouched if no port
+ * is specified.
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out of memory
+ * JB_ERR_PARSE on malformed address.
+ *
+ *********************************************************************/
+jb_err parse_forwarder_address(char *address, char **hostname, int *port)
+{
+ char *p = address;
+
+ if ((*address == '[') && (NULL == strchr(address, ']')))
+ {
+ /* XXX: Should do some more validity checks here. */
+ return JB_ERR_PARSE;
+ }
+
+ *hostname = strdup(address);
+ if (NULL == *hostname)
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ if ((**hostname == '[') && (NULL != (p = strchr(*hostname, ']'))))
+ {
+ *p++ = '\0';
+ memmove(*hostname, (*hostname + 1), (size_t)(p - *hostname));
+ if (*p == ':')
+ {
+ *port = (int)strtol(++p, NULL, 0);
+ }
+ }
+ else if (NULL != (p = strchr(*hostname, ':')))
+ {
+ *p++ = '\0';
+ *port = (int)strtol(p, NULL, 0);
+ }
+
+ return JB_ERR_OK;
+
}