1 const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.4 2002/03/07 03:46:17 oes Exp $";
2 /*********************************************************************
4 * File : $Source: /cvsroot/ijbswa/current/urlmatch.c,v $
6 * Purpose : Declares functions to match URLs against URL
9 * Copyright : Written by and Copyright (C) 2001 the SourceForge
10 * IJBSWA team. http://ijbswa.sourceforge.net
12 * Based on the Internet Junkbuster originally written
13 * by and Copyright (C) 1997 Anonymous Coders and
14 * Junkbusters Corporation. http://www.junkbusters.com
16 * This program is free software; you can redistribute it
17 * and/or modify it under the terms of the GNU General
18 * Public License as published by the Free Software
19 * Foundation; either version 2 of the License, or (at
20 * your option) any later version.
22 * This program is distributed in the hope that it will
23 * be useful, but WITHOUT ANY WARRANTY; without even the
24 * implied warranty of MERCHANTABILITY or FITNESS FOR A
25 * PARTICULAR PURPOSE. See the GNU General Public
26 * License for more details.
28 * The GNU General Public License should be included with
29 * this file. If not, you can view it at
30 * http://www.gnu.org/copyleft/gpl.html
31 * or write to the Free Software Foundation, Inc., 59
32 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35 * $Log: urlmatch.c,v $
36 * Revision 1.4 2002/03/07 03:46:17 oes
37 * Fixed compiler warnings
39 * Revision 1.3 2002/03/03 14:51:11 oes
40 * Fixed CLF logging: Added ocmd member for client's request to struct http_request
42 * Revision 1.2 2002/01/21 00:14:09 jongfoster
43 * Correcting comment style
44 * Fixing an uninitialized memory bug in create_url_spec()
46 * Revision 1.1 2002/01/17 20:53:46 jongfoster
47 * Moving all our URL and URL pattern parsing code to the same file - it
48 * was scattered around in filters.c, loaders.c and parsers.c.
50 * Providing a single, simple url_match(pattern,url) function - rather than
51 * the 3-line match routine which was repeated all over the place.
53 * Renaming free_url to free_url_spec, since it frees a struct url_spec.
55 * Providing parse_http_url() so that URLs can be parsed without faking a
56 * HTTP request line for parse_http_request() or repeating the parsing
57 * code (both of which were techniques that were actually in use).
59 * Standardizing that struct http_request is used to represent a URL, and
60 * struct url_spec is used to represent a URL pattern. (Before, URLs were
61 * represented as seperate variables and a partially-filled-in url_spec).
64 *********************************************************************/
71 #include <sys/types.h>
79 #if !defined(_WIN32) && !defined(__OS2__)
89 const char urlmatch_h_rcs[] = URLMATCH_H_VERSION;
91 /* Fix a problem with Solaris. There should be no effect on other
93 * Solaris's isspace() is a macro which uses it's argument directly
94 * as an array index. Therefore we need to make sure that high-bit
95 * characters generate +ve values, and ideally we also want to make
96 * the argument match the declared parameter type of "int".
98 * Why did they write a character function that can't take a simple
99 * "char" argument? Doh!
101 #define ijb_isupper(__X) isupper((int)(unsigned char)(__X))
102 #define ijb_tolower(__X) tolower((int)(unsigned char)(__X))
105 /*********************************************************************
107 * Function : free_http_request
109 * Description : Freez a http_request structure
112 * 1 : http = points to a http_request structure to free
116 *********************************************************************/
117 void free_http_request(struct http_request *http)
126 freez(http->hostport);
129 freez(http->host_ip_addr_str);
130 freez(http->dbuffer);
136 /*********************************************************************
138 * Function : parse_http_url
140 * Description : Parse out the host and port from the URL. Find the
141 * hostname & path, port (if ':'), and/or password (if '@')
144 * 1 : url = URL (or is it URI?) to break down
145 * 2 : http = pointer to the http structure to hold elements.
146 * Will be zeroed before use. Note that this
147 * function sets the http->gpc and http->ver
149 * 3 : csp = Current client state (buffers, headers, etc...)
151 * Returns : JB_ERR_OK on success
152 * JB_ERR_MEMORY on out of memory
153 * JB_ERR_CGI_PARAMS on malformed command/URL
154 * or >100 domains deep.
156 *********************************************************************/
157 jb_err parse_http_url(const char * url,
158 struct http_request *http,
159 struct client_state *csp)
162 * Zero out the results structure
164 memset(http, '\0', sizeof(*http));
168 * Save our initial URL
170 http->url = strdup(url);
171 if (http->url == NULL)
173 return JB_ERR_MEMORY;
178 * Split URL into protocol,hostport,path.
188 return JB_ERR_MEMORY;
191 /* Find the start of the URL in our scratch space */
193 if (strncmpic(url_noproto, "http://", 7) == 0)
198 else if (strncmpic(url_noproto, "https://", 8) == 0)
208 url_path = strchr(url_noproto, '/');
209 if (url_path != NULL)
214 * NOTE: The following line ignores the path for HTTPS URLS.
215 * This means that you get consistent behaviour if you type a
216 * https URL in and it's parsed by the function. (When the
217 * URL is actually retrieved, SSL hides the path part).
219 http->path = strdup(http->ssl ? "/" : url_path);
221 http->hostport = strdup(url_noproto);
226 * Repair broken HTTP requests that don't contain a path,
227 * or CONNECT requests
229 http->path = strdup("/");
230 http->hostport = strdup(url_noproto);
235 if ( (http->path == NULL)
236 || (http->hostport == NULL))
239 free_http_request(http);
240 return JB_ERR_MEMORY;
246 * Split hostport into user/password (ignored), host, port.
253 buf = strdup(http->hostport);
256 free_http_request(http);
257 return JB_ERR_MEMORY;
260 /* check if url contains username and/or password */
261 host = strchr(buf, '@');
264 /* Contains username/password, skip it and the @ sign. */
269 /* No username or password. */
273 /* check if url contains port */
274 port = strchr(host, ':');
278 /* Terminate hostname and point to start of port string */
280 http->port = atoi(port);
284 /* No port specified. */
285 http->port = (http->ssl ? 143 : 80);
288 http->host = strdup(host);
292 if (http->host == NULL)
294 free_http_request(http);
295 return JB_ERR_MEMORY;
301 * Split domain name so we can compare it against wildcards
304 char *vec[BUFFER_SIZE];
308 http->dbuffer = strdup(http->host);
309 if (NULL == http->dbuffer)
311 free_http_request(http);
312 return JB_ERR_MEMORY;
315 /* map to lower case */
316 for (p = http->dbuffer; *p ; p++)
318 *p = tolower((int)(unsigned char)*p);
321 /* split the domain name into components */
322 http->dcount = ssplit(http->dbuffer, ".", vec, SZ(vec), 1, 1);
324 if (http->dcount <= 0)
327 * Error: More than SZ(vec) components in domain
328 * or: no components in domain
330 free_http_request(http);
334 /* save a copy of the pointers in dvec */
335 size = http->dcount * sizeof(*http->dvec);
337 http->dvec = (char **)malloc(size);
338 if (NULL == http->dvec)
340 free_http_request(http);
341 return JB_ERR_MEMORY;
344 memcpy(http->dvec, vec, size);
352 /*********************************************************************
354 * Function : parse_http_request
356 * Description : Parse out the host and port from the URL. Find the
357 * hostname & path, port (if ':'), and/or password (if '@')
360 * 1 : req = HTTP request line to break down
361 * 2 : http = pointer to the http structure to hold elements
362 * 3 : csp = Current client state (buffers, headers, etc...)
364 * Returns : JB_ERR_OK on success
365 * JB_ERR_MEMORY on out of memory
366 * JB_ERR_CGI_PARAMS on malformed command/URL
367 * or >100 domains deep.
369 *********************************************************************/
370 jb_err parse_http_request(const char *req,
371 struct http_request *http,
372 struct client_state *csp)
380 memset(http, '\0', sizeof(*http));
385 return JB_ERR_MEMORY;
388 n = ssplit(buf, " \r\n", v, SZ(v), 1, 1);
395 /* this could be a CONNECT request */
396 if (strcmpic(v[0], "connect") == 0)
401 /* or it could be any other basic HTTP request type */
402 else if ((0 == strcmpic(v[0], "get"))
403 || (0 == strcmpic(v[0], "head"))
404 || (0 == strcmpic(v[0], "post"))
405 || (0 == strcmpic(v[0], "put"))
406 || (0 == strcmpic(v[0], "delete"))
408 /* or a webDAV extension (RFC2518) */
409 || (0 == strcmpic(v[0], "propfind"))
410 || (0 == strcmpic(v[0], "proppatch"))
411 || (0 == strcmpic(v[0], "move"))
412 || (0 == strcmpic(v[0], "copy"))
413 || (0 == strcmpic(v[0], "mkcol"))
414 || (0 == strcmpic(v[0], "lock"))
415 || (0 == strcmpic(v[0], "unlock"))
423 /* Unknown HTTP method */
428 err = parse_http_url(v[1], http, csp);
436 * Copy the details into the structure
438 http->ssl = is_connect;
439 http->cmd = strdup(req);
440 http->gpc = strdup(v[0]);
441 http->ver = strdup(v[2]);
443 if ( (http->cmd == NULL)
444 || (http->gpc == NULL)
445 || (http->ver == NULL) )
448 free_http_request(http);
449 return JB_ERR_MEMORY;
456 /*********************************************************************
458 * Function : simple_domaincmp
460 * Description : Domain-wise Compare fqdn's. The comparison is
461 * both left- and right-anchored. The individual
462 * domain names are compared with simplematch().
463 * This is only used by domain_match.
466 * 1 : pv = array of patterns to compare
467 * 2 : fv = array of domain components to compare
468 * 3 : len = length of the arrays (both arrays are the
469 * same length - if they weren't, it couldn't
470 * possibly be a match).
472 * Returns : 0 => domains are equivalent, else no match.
474 *********************************************************************/
475 static int simple_domaincmp(char **pv, char **fv, int len)
479 for (n = 0; n < len; n++)
481 if (simplematch(pv[n], fv[n]))
492 /*********************************************************************
494 * Function : domain_match
496 * Description : Domain-wise Compare fqdn's. Governed by the bimap in
497 * pattern->unachored, the comparison is un-, left-,
498 * right-anchored, or both.
499 * The individual domain names are compared with
503 * 1 : pattern = a domain that may contain a '*' as a wildcard.
504 * 2 : fqdn = domain name against which the patterns are compared.
506 * Returns : 0 => domains are equivalent, else no match.
508 *********************************************************************/
509 static int domain_match(const struct url_spec *pattern, const struct http_request *fqdn)
511 char **pv, **fv; /* vectors */
513 int unanchored = pattern->unanchored & (ANCHOR_RIGHT | ANCHOR_LEFT);
515 plen = pattern->dcount;
520 /* fqdn is too short to match this pattern */
527 if (unanchored == ANCHOR_LEFT)
532 * Convert this into a fully anchored pattern with
533 * the fqdn and pattern the same length
535 fv += (flen - plen); /* flen - plen >= 0 due to check above */
536 return simple_domaincmp(pv, fv, plen);
538 else if (unanchored == 0)
540 /* Fully anchored, check length */
545 return simple_domaincmp(pv, fv, plen);
547 else if (unanchored == ANCHOR_RIGHT)
549 /* Left anchored, ignore all extra in fqdn */
550 return simple_domaincmp(pv, fv, plen);
556 int maxn = flen - plen;
557 for (n = 0; n <= maxn; n++)
559 if (!simple_domaincmp(pv, fv, plen))
564 * Doesn't match from start of fqdn
565 * Try skipping first part of fqdn
575 /*********************************************************************
577 * Function : create_url_spec
579 * Description : Creates a "url_spec" structure from a string.
580 * When finished, free with unload_url().
583 * 1 : url = Target url_spec to be filled in. Will be
585 * 2 : buf = Source pattern, null terminated. NOTE: The
586 * contents of this buffer are destroyed by this
587 * function. If this function succeeds, the
588 * buffer is copied to url->spec. If this
589 * function fails, the contents of the buffer
592 * Returns : JB_ERR_OK - Success
593 * JB_ERR_MEMORY - Out of memory
594 * JB_ERR_PARSE - Cannot parse regex (Detailed message
595 * written to system log)
597 *********************************************************************/
598 jb_err create_url_spec(struct url_spec * url, const char * buf)
606 memset(url, '\0', sizeof(*url));
608 /* save a copy of the orignal specification */
609 if ((url->spec = strdup(buf)) == NULL)
611 return JB_ERR_MEMORY;
614 if ((p = strchr(buf, '/')) != NULL)
616 if (NULL == (url->path = strdup(p)))
619 return JB_ERR_MEMORY;
621 url->pathlen = strlen(url->path);
633 char rebuf[BUFFER_SIZE];
635 if (NULL == (url->preg = zalloc(sizeof(*url->preg))))
639 return JB_ERR_MEMORY;
642 sprintf(rebuf, "^(%s)", url->path);
644 errcode = regcomp(url->preg, rebuf,
645 (REG_EXTENDED|REG_NOSUB|REG_ICASE));
648 size_t errlen = regerror(errcode,
649 url->preg, rebuf, sizeof(rebuf));
651 if (errlen > (sizeof(rebuf) - (size_t)1))
653 errlen = sizeof(rebuf) - (size_t)1;
655 rebuf[errlen] = '\0';
657 log_error(LOG_LEVEL_ERROR, "error compiling %s: %s",
668 if ((p = strchr(buf, ':')) == NULL)
683 /* Parse domain part */
684 if (buf[strlen(buf) - 1] == '.')
686 url->unanchored |= ANCHOR_RIGHT;
690 url->unanchored |= ANCHOR_LEFT;
693 /* split domain into components */
695 url->dbuffer = strdup(buf);
696 if (NULL == url->dbuffer)
702 #endif /* def REGEX */
703 return JB_ERR_MEMORY;
706 /* map to lower case */
707 for (p = url->dbuffer; *p ; p++)
709 *p = tolower((int)(unsigned char)*p);
712 /* split the domain name into components */
713 url->dcount = ssplit(url->dbuffer, ".", v, SZ(v), 1, 1);
721 #endif /* def REGEX */
724 return JB_ERR_MEMORY;
726 else if (url->dcount != 0)
729 /* save a copy of the pointers in dvec */
730 size = url->dcount * sizeof(*url->dvec);
732 url->dvec = (char **)malloc(size);
733 if (NULL == url->dvec)
739 #endif /* def REGEX */
742 return JB_ERR_MEMORY;
745 memcpy(url->dvec, v, size);
754 /*********************************************************************
756 * Function : free_url_spec
758 * Description : Called from the "unloaders". Freez the url
759 * structure elements.
762 * 1 : url = pointer to a url_spec structure.
766 *********************************************************************/
767 void free_url_spec(struct url_spec *url)
769 if (url == NULL) return;
786 /*********************************************************************
788 * Function : url_match
790 * Description : Compare a URL against a URL pattern.
793 * 1 : pattern = a URL pattern
794 * 2 : url = URL to match
796 * Returns : 0 iff the URL matches the pattern, else nonzero.
798 *********************************************************************/
799 int url_match(const struct url_spec *pattern,
800 const struct http_request *url)
802 return ((pattern->port == 0) || (pattern->port == url->port))
803 && ((pattern->dbuffer == NULL) || (domain_match(pattern, url) == 0))
804 && ((pattern->path == NULL) ||
806 (regexec(pattern->preg, url->path, 0, NULL, 0) == 0)
808 (strncmp(pattern->path, url->path, pattern->pathlen) == 0)