[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[myserver-commit] [2870] HTTP TRACE command allowed using the new securi
|
From: |
Giuseppe Scrivano |
|
Subject: |
[myserver-commit] [2870] HTTP TRACE command allowed using the new security APIs. |
|
Date: |
Sun, 05 Oct 2008 18:19:42 +0000 |
Revision: 2870
http://svn.sv.gnu.org/viewvc/?view=rev&root=myserver&revision=2870
Author: gscrivano
Date: 2008-10-05 18:19:41 +0000 (Sun, 05 Oct 2008)
Log Message:
-----------
HTTP TRACE command allowed using the new security APIs.
Modified Paths:
--------------
trunk/myserver/include/protocol/http/http.h
trunk/myserver/src/protocol/http/http.cpp
Modified: trunk/myserver/include/protocol/http/http.h
===================================================================
--- trunk/myserver/include/protocol/http/http.h 2008-10-05 10:33:11 UTC (rev
2869)
+++ trunk/myserver/include/protocol/http/http.h 2008-10-05 18:19:41 UTC (rev
2870)
@@ -113,7 +113,7 @@
int onlyHeader = 0,
int yetMapped = 0);
- int allowHTTPTRACE();
+ bool allowHTTPTRACE();
int optionsHTTPRESOURCE(string &filename,
Modified: trunk/myserver/src/protocol/http/http.cpp
===================================================================
--- trunk/myserver/src/protocol/http/http.cpp 2008-10-05 10:33:11 UTC (rev
2869)
+++ trunk/myserver/src/protocol/http/http.cpp 2008-10-05 18:19:41 UTC (rev
2870)
@@ -75,10 +75,12 @@
/*!
*Build a response for an OPTIONS request.
*/
-int Http::optionsHTTPRESOURCE(string& /*filename*/, int /*yetmapped*/)
+int Http::optionsHTTPRESOURCE(string& filename, int yetmapped)
{
int ret;
string time;
+ int permissions;
+
try
{
HttpRequestHeader::Entry *connection = td->request.other.get("Connection");
@@ -91,7 +93,12 @@
methods.append((*it)->getName(0, 0));
it++;
}
-
+
+ ret = Http::preprocessHttpRequest(filename, yetmapped, &permissions);
+
+ if (ret != 200)
+ return raiseHTTPError (ret);
+
getRFC822GMTTime(time, HTTP_RESPONSE_DATE_DIM);
td->buffer2->setLength(0);
*td->buffer2 << "HTTP/1.1 200 OK\r\n";
@@ -105,7 +112,7 @@
/*!
*Check if the TRACE command is allowed on the virtual host.
*/
- if(allowHTTPTRACE())
+ if (allowHTTPTRACE ())
*td->buffer2 << ", TRACE\r\n";
*td->buffer2 << "r\n";
@@ -128,21 +135,29 @@
/*!
*Handle the HTTP TRACE command.
*/
-int Http::traceHTTPRESOURCE(string& /*filename*/, int /*yetmapped*/)
+int Http::traceHTTPRESOURCE(string& filename, int yetmapped)
{
int ret;
char tmpStr[12];
int contentLength = (int)td->nHeaderChars;
string time;
+ int permissions;
try
{
MemBuf tmp;
HttpRequestHeader::Entry *connection;
+ ret = Http::preprocessHttpRequest(filename, yetmapped, &permissions);
+
+ if(ret != 200)
+ return raiseHTTPError(ret);
+
tmp.intToStr(contentLength, tmpStr, 12);
getRFC822GMTTime(time, HTTP_RESPONSE_DATE_DIM);
- if(!allowHTTPTRACE())
- return raiseHTTPError(401);
+
+ if (!allowHTTPTRACE ())
+ return raiseHTTPError (401);
+
td->buffer2->setLength(0);
*td->buffer2 << "HTTP/1.1 200 OK\r\n";
*td->buffer2 << "Date: " << time << "\r\n";
@@ -178,34 +193,17 @@
}
/*!
- *Check if the host allows the HTTP TRACE command
+ *Check if the host allows the HTTP TRACE command.
*/
-int Http::allowHTTPTRACE()
+bool Http::allowHTTPTRACE()
{
- int ret;
- /*! Check if the host allows HTTP trace. */
- ostringstream filename;
- char *httpTraceValue;
- XmlParser parser;
+ const char *allowTrace = securityToken.getHashedData ("http.allow_trace",
MYSERVER_VHOST_CONF |
+ MYSERVER_SERVER_CONF,
"NO");
- filename << td->getVhostDir() << "/security" ;
- if(parser.open(filename.str().c_str()))
- {
- return 0;
- }
- httpTraceValue = parser.getAttr("HTTP", "TRACE");
-
- /*!
- *If the returned value is equal to ON so the
- *HTTP TRACE is active for this vhost.
- *By default don't allow the trace.
- */
- if(httpTraceValue && !strcmpi(httpTraceValue, "ON"))
- ret = 1;
+ if (!strcmpi (allowTrace, "YES"))
+ return true;
else
- ret = 0;
- parser.close();
- return ret;
+ return false;
}
/*!
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [myserver-commit] [2870] HTTP TRACE command allowed using the new security APIs.,
Giuseppe Scrivano <=