You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
296 lines
9.7 KiB
296 lines
9.7 KiB
/* Copyright (C) 2001 by Eric Kidd. All rights reserved.
|
|
**
|
|
** Redistribution and use in source and binary forms, with or without
|
|
** modification, are permitted provided that the following conditions
|
|
** are met:
|
|
** 1. Redistributions of source code must retain the above copyright
|
|
** notice, this list of conditions and the following disclaimer.
|
|
** 2. Redistributions in binary form must reproduce the above copyright
|
|
** notice, this list of conditions and the following disclaimer in the
|
|
** documentation and/or other materials provided with the distribution.
|
|
** 3. The name of the author may not be used to endorse or promote products
|
|
** derived from this software without specific prior written permission.
|
|
**
|
|
** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
** ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
** FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
** DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
** OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
** HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
** OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
** SUCH DAMAGE. */
|
|
|
|
|
|
#include "xmlrpc_config.h"
|
|
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
/* Windows NT stdout binary mode fix. */
|
|
#ifdef _WIN32
|
|
#include <io.h>
|
|
#include <fcntl.h>
|
|
#endif
|
|
|
|
#include "xmlrpc.h"
|
|
#include "xmlrpc_server.h"
|
|
#include "xmlrpc_cgi.h"
|
|
|
|
|
|
/*=========================================================================
|
|
** Output Routines
|
|
**=========================================================================
|
|
** These routines send various kinds of responses to the server.
|
|
*/
|
|
|
|
static void send_xml (char *xml_data, size_t xml_len)
|
|
{
|
|
/* Send our CGI headers back to the server.
|
|
** XXX - Coercing 'size_t' to 'unsigned long' might be unsafe under
|
|
** really weird circumstances. */
|
|
fprintf(stdout, "Status: 200 OK\n");
|
|
/* Handle authentication cookie being sent back. */
|
|
if (getenv("HTTP_COOKIE_AUTH") != NULL)
|
|
fprintf(stdout, "Set-Cookie: auth=%s\n", getenv("HTTP_COOKIE_AUTH"));
|
|
fprintf(stdout, "Content-type: text/xml; charset=\"utf-8\"\n");
|
|
fprintf(stdout, "Content-length: %ld\n\n", (unsigned long) xml_len);
|
|
|
|
/* Blast out our data. */
|
|
fwrite(xml_data, sizeof(char), xml_len, stdout);
|
|
}
|
|
|
|
static void send_error (int code, char *message, xmlrpc_env *env)
|
|
{
|
|
/* Send an error header. */
|
|
fprintf(stdout, "Status: %d %s\n", code, message);
|
|
fprintf(stdout, "Content-type: text/html\n\n");
|
|
|
|
/* Send an error message. */
|
|
fprintf(stdout, "<title>%d %s</title>\n", code, message);
|
|
fprintf(stdout, "<h1>%d %s</h1>\n", code, message);
|
|
fprintf(stdout, "<p>An error occurred processing your request.</p>\n");
|
|
|
|
/* Print out the XML-RPC fault, if present. */
|
|
if (env && env->fault_occurred)
|
|
fprintf(stdout, "<p>XML-RPC Fault #%d: %s</p>\n",
|
|
env->fault_code, env->fault_string);
|
|
}
|
|
|
|
|
|
/*=========================================================================
|
|
** die_if_fault_occurred
|
|
**=========================================================================
|
|
** Certain kinds of errors aren't worth the trouble of generating
|
|
** an XML-RPC fault. For these, we just send status 500 to our web server
|
|
** and log the fault to our server log.
|
|
*/
|
|
|
|
static void die_if_fault_occurred (xmlrpc_env *env)
|
|
{
|
|
if (env->fault_occurred) {
|
|
fprintf(stderr, "Unexpected XML-RPC fault: %s (%d)\n",
|
|
env->fault_string, env->fault_code);
|
|
send_error(500, "Internal Server Error", env);
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
|
|
/*=========================================================================
|
|
** Initialization, Cleanup & Method Registry
|
|
**=========================================================================
|
|
** These are all related, so we group them together.
|
|
*/
|
|
|
|
static xmlrpc_registry *registry;
|
|
|
|
void xmlrpc_cgi_init (int flags ATTR_UNUSED)
|
|
{
|
|
xmlrpc_env env;
|
|
|
|
xmlrpc_env_init(&env);
|
|
registry = xmlrpc_registry_new(&env);
|
|
die_if_fault_occurred(&env);
|
|
xmlrpc_env_clean(&env);
|
|
|
|
#ifdef _WIN32
|
|
/* Fix from Jeff Stewart: NT opens stdin and stdout in text mode
|
|
** by default, badly confusing our length calculations. So we need
|
|
** to set these file handles to binary. */
|
|
_setmode(_fileno(stdout), _O_BINARY);
|
|
_setmode(_fileno(stdin), _O_BINARY);
|
|
#endif
|
|
}
|
|
|
|
void xmlrpc_cgi_cleanup (void)
|
|
{
|
|
xmlrpc_registry_free(registry);
|
|
}
|
|
|
|
xmlrpc_registry *xmlrpc_cgi_registry (void)
|
|
{
|
|
return registry;
|
|
}
|
|
|
|
void xmlrpc_cgi_add_method (char *method_name,
|
|
xmlrpc_method method,
|
|
void *user_data)
|
|
{
|
|
xmlrpc_env env;
|
|
xmlrpc_env_init(&env);
|
|
xmlrpc_registry_add_method(&env, registry, NULL, method_name,
|
|
method, user_data);
|
|
die_if_fault_occurred(&env);
|
|
xmlrpc_env_clean(&env);
|
|
}
|
|
|
|
extern void
|
|
xmlrpc_cgi_add_method_w_doc (char *method_name,
|
|
xmlrpc_method method,
|
|
void *user_data,
|
|
char *signature,
|
|
char *help)
|
|
{
|
|
xmlrpc_env env;
|
|
xmlrpc_env_init(&env);
|
|
xmlrpc_registry_add_method_w_doc(&env, registry, NULL, method_name,
|
|
method, user_data, signature, help);
|
|
die_if_fault_occurred(&env);
|
|
xmlrpc_env_clean(&env);
|
|
}
|
|
|
|
|
|
/*=========================================================================
|
|
** get_body
|
|
**=========================================================================
|
|
** Slurp the body of the request into an xmlrpc_mem_block.
|
|
*/
|
|
|
|
static xmlrpc_mem_block *get_body (xmlrpc_env *env, size_t length)
|
|
{
|
|
xmlrpc_mem_block *result;
|
|
char *contents;
|
|
size_t count;
|
|
|
|
XMLRPC_ASSERT_ENV_OK(env);
|
|
|
|
/* Error-handling preconditions. */
|
|
result = NULL;
|
|
|
|
/* XXX - Puke if length is too big. */
|
|
|
|
/* Allocate our memory block. */
|
|
result = xmlrpc_mem_block_new(env, length);
|
|
XMLRPC_FAIL_IF_FAULT(env);
|
|
contents = XMLRPC_TYPED_MEM_BLOCK_CONTENTS(char, result);
|
|
|
|
/* Get our data off the network.
|
|
** XXX - Coercing 'size_t' to 'unsigned long' might be unsafe under
|
|
** really weird circumstances. */
|
|
count = fread(contents, sizeof(char), length, stdin);
|
|
if (count < length)
|
|
XMLRPC_FAIL2(env, XMLRPC_INTERNAL_ERROR,
|
|
"Expected %ld bytes, received %ld",
|
|
(unsigned long) length, (unsigned long) count);
|
|
|
|
cleanup:
|
|
if (env->fault_occurred) {
|
|
if (result)
|
|
xmlrpc_mem_block_free(result);
|
|
return NULL;
|
|
}
|
|
return result;
|
|
}
|
|
|
|
|
|
/*=========================================================================
|
|
** xmlrpc_cgi_process_call
|
|
**=========================================================================
|
|
** Parse the incoming XML-RPC call, find the right method, call it, and
|
|
** serialize our response.
|
|
*/
|
|
|
|
void xmlrpc_cgi_process_call (void)
|
|
{
|
|
xmlrpc_env env;
|
|
char *method, *type, *length_str;
|
|
int length;
|
|
xmlrpc_mem_block *input, *output;
|
|
char *input_data, *output_data;
|
|
size_t input_size, output_size;
|
|
int code;
|
|
char *message;
|
|
|
|
/* Error-handling preconditions. */
|
|
xmlrpc_env_init(&env);
|
|
input = output = NULL;
|
|
|
|
/* Set up a default error message. */
|
|
code = 500; message = "Internal Server Error";
|
|
|
|
/* Get our HTTP information from the environment. */
|
|
method = getenv("REQUEST_METHOD");
|
|
type = getenv("CONTENT_TYPE");
|
|
length_str = getenv("CONTENT_LENGTH");
|
|
|
|
/* Perform some sanity checks. */
|
|
if (!method || 0 != strcmp(method, "POST")) {
|
|
code = 405; message = "Method Not Allowed";
|
|
XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Expected HTTP method POST");
|
|
}
|
|
if (!type || 0 != strcmp(type, "text/xml")) {
|
|
code = 400; message = "Bad Request";
|
|
XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Expected text/xml content");
|
|
}
|
|
if (!length_str) {
|
|
code = 411; message = "Length Required";
|
|
XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Content-length required");
|
|
}
|
|
|
|
/* Get our content length. */
|
|
length = atoi(length_str);
|
|
if (length <= 0) {
|
|
code = 400; message = "Bad Request";
|
|
XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Content-length must be > 0");
|
|
}
|
|
|
|
/* SECURITY: Make sure our content length is legal.
|
|
** XXX - We can cast 'input_len' because we know it's >= 0, yes? */
|
|
if ((size_t) length > xmlrpc_limit_get(XMLRPC_XML_SIZE_LIMIT_ID)) {
|
|
code = 400; message = "Bad Request";
|
|
XMLRPC_FAIL(&env, XMLRPC_LIMIT_EXCEEDED_ERROR,
|
|
"XML-RPC request too large");
|
|
}
|
|
|
|
/* Get our body. */
|
|
input = get_body(&env, length);
|
|
XMLRPC_FAIL_IF_FAULT(&env);
|
|
input_data = XMLRPC_TYPED_MEM_BLOCK_CONTENTS(char, input);
|
|
input_size = XMLRPC_TYPED_MEM_BLOCK_SIZE(char, input);
|
|
|
|
/* Process our call. */
|
|
output = xmlrpc_registry_process_call(&env, registry, NULL,
|
|
input_data, input_size);
|
|
XMLRPC_FAIL_IF_FAULT(&env);
|
|
output_data = XMLRPC_TYPED_MEM_BLOCK_CONTENTS(char, output);
|
|
output_size = XMLRPC_TYPED_MEM_BLOCK_SIZE(char, output);
|
|
|
|
/* Send our data. */
|
|
send_xml(output_data, output_size);
|
|
|
|
cleanup:
|
|
if (input)
|
|
xmlrpc_mem_block_free(input);
|
|
if (output)
|
|
xmlrpc_mem_block_free(output);
|
|
|
|
if (env.fault_occurred)
|
|
send_error(code, message, &env);
|
|
|
|
xmlrpc_env_clean(&env);
|
|
}
|