| /* Copyright (C) 2001 by Eric Kidd. All rights reserved. |
| ** |
| ** Redistribution and use in source and binary forms, with or without |
| ** modification, are permitted provided that the following conditions |
| ** are met: |
| ** 1. Redistributions of source code must retain the above copyright |
| ** notice, this list of conditions and the following disclaimer. |
| ** 2. Redistributions in binary form must reproduce the above copyright |
| ** notice, this list of conditions and the following disclaimer in the |
| ** documentation and/or other materials provided with the distribution. |
| ** 3. The name of the author may not be used to endorse or promote products |
| ** derived from this software without specific prior written permission. |
| ** |
| ** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
| ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| ** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| ** ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| ** FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| ** DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| ** OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| ** HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| ** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| ** OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| ** SUCH DAMAGE. */ |
| |
| |
| #include "xmlrpc_config.h" |
| |
| #include <stdlib.h> |
| #include <stdio.h> |
| #include <string.h> |
| |
| /* Windows NT stdout binary mode fix. */ |
| #ifdef _WIN32 |
| #include <io.h> |
| #include <fcntl.h> |
| #endif |
| |
| #include "xmlrpc.h" |
| #include "xmlrpc_server.h" |
| #include "xmlrpc_cgi.h" |
| |
| |
| /*========================================================================= |
| ** Output Routines |
| **========================================================================= |
| ** These routines send various kinds of responses to the server. |
| */ |
| |
| static void send_xml (char *xml_data, size_t xml_len) |
| { |
| /* Send our CGI headers back to the server. |
| ** XXX - Coercing 'size_t' to 'unsigned long' might be unsafe under |
| ** really weird circumstances. */ |
| fprintf(stdout, "Status: 200 OK\n"); |
| /* Handle authentication cookie being sent back. */ |
| if (getenv("HTTP_COOKIE_AUTH") != NULL) |
| fprintf(stdout, "Set-Cookie: auth=%s\n", getenv("HTTP_COOKIE_AUTH")); |
| fprintf(stdout, "Content-type: text/xml; charset=\"utf-8\"\n"); |
| fprintf(stdout, "Content-length: %ld\n\n", (unsigned long) xml_len); |
| |
| /* Blast out our data. */ |
| fwrite(xml_data, sizeof(char), xml_len, stdout); |
| } |
| |
| static void send_error (int code, char *message, xmlrpc_env *env) |
| { |
| /* Send an error header. */ |
| fprintf(stdout, "Status: %d %s\n", code, message); |
| fprintf(stdout, "Content-type: text/html\n\n"); |
| |
| /* Send an error message. */ |
| fprintf(stdout, "<title>%d %s</title>\n", code, message); |
| fprintf(stdout, "<h1>%d %s</h1>\n", code, message); |
| fprintf(stdout, "<p>An error occurred processing your request.</p>\n"); |
| |
| /* Print out the XML-RPC fault, if present. */ |
| if (env && env->fault_occurred) |
| fprintf(stdout, "<p>XML-RPC Fault #%d: %s</p>\n", |
| env->fault_code, env->fault_string); |
| } |
| |
| |
| /*========================================================================= |
| ** die_if_fault_occurred |
| **========================================================================= |
| ** Certain kinds of errors aren't worth the trouble of generating |
| ** an XML-RPC fault. For these, we just send status 500 to our web server |
| ** and log the fault to our server log. |
| */ |
| |
| static void die_if_fault_occurred (xmlrpc_env *env) |
| { |
| if (env->fault_occurred) { |
| fprintf(stderr, "Unexpected XML-RPC fault: %s (%d)\n", |
| env->fault_string, env->fault_code); |
| send_error(500, "Internal Server Error", env); |
| exit(1); |
| } |
| } |
| |
| |
| /*========================================================================= |
| ** Initialization, Cleanup & Method Registry |
| **========================================================================= |
| ** These are all related, so we group them together. |
| */ |
| |
| static xmlrpc_registry *registry; |
| |
| void xmlrpc_cgi_init (int flags ATTR_UNUSED) |
| { |
| xmlrpc_env env; |
| |
| xmlrpc_env_init(&env); |
| registry = xmlrpc_registry_new(&env); |
| die_if_fault_occurred(&env); |
| xmlrpc_env_clean(&env); |
| |
| #ifdef _WIN32 |
| /* Fix from Jeff Stewart: NT opens stdin and stdout in text mode |
| ** by default, badly confusing our length calculations. So we need |
| ** to set these file handles to binary. */ |
| _setmode(_fileno(stdout), _O_BINARY); |
| _setmode(_fileno(stdin), _O_BINARY); |
| #endif |
| } |
| |
| void xmlrpc_cgi_cleanup (void) |
| { |
| xmlrpc_registry_free(registry); |
| } |
| |
| xmlrpc_registry *xmlrpc_cgi_registry (void) |
| { |
| return registry; |
| } |
| |
| void xmlrpc_cgi_add_method (char *method_name, |
| xmlrpc_method method, |
| void *user_data) |
| { |
| xmlrpc_env env; |
| xmlrpc_env_init(&env); |
| xmlrpc_registry_add_method(&env, registry, NULL, method_name, |
| method, user_data); |
| die_if_fault_occurred(&env); |
| xmlrpc_env_clean(&env); |
| } |
| |
| extern void |
| xmlrpc_cgi_add_method_w_doc (char *method_name, |
| xmlrpc_method method, |
| void *user_data, |
| char *signature, |
| char *help) |
| { |
| xmlrpc_env env; |
| xmlrpc_env_init(&env); |
| xmlrpc_registry_add_method_w_doc(&env, registry, NULL, method_name, |
| method, user_data, signature, help); |
| die_if_fault_occurred(&env); |
| xmlrpc_env_clean(&env); |
| } |
| |
| |
| /*========================================================================= |
| ** get_body |
| **========================================================================= |
| ** Slurp the body of the request into an xmlrpc_mem_block. |
| */ |
| |
| static xmlrpc_mem_block *get_body (xmlrpc_env *env, size_t length) |
| { |
| xmlrpc_mem_block *result; |
| char *contents; |
| size_t count; |
| |
| XMLRPC_ASSERT_ENV_OK(env); |
| |
| /* Error-handling preconditions. */ |
| result = NULL; |
| |
| /* XXX - Puke if length is too big. */ |
| |
| /* Allocate our memory block. */ |
| result = xmlrpc_mem_block_new(env, length); |
| XMLRPC_FAIL_IF_FAULT(env); |
| contents = XMLRPC_TYPED_MEM_BLOCK_CONTENTS(char, result); |
| |
| /* Get our data off the network. |
| ** XXX - Coercing 'size_t' to 'unsigned long' might be unsafe under |
| ** really weird circumstances. */ |
| count = fread(contents, sizeof(char), length, stdin); |
| if (count < length) |
| XMLRPC_FAIL2(env, XMLRPC_INTERNAL_ERROR, |
| "Expected %ld bytes, received %ld", |
| (unsigned long) length, (unsigned long) count); |
| |
| cleanup: |
| if (env->fault_occurred) { |
| if (result) |
| xmlrpc_mem_block_free(result); |
| return NULL; |
| } |
| return result; |
| } |
| |
| |
| /*========================================================================= |
| ** xmlrpc_cgi_process_call |
| **========================================================================= |
| ** Parse the incoming XML-RPC call, find the right method, call it, and |
| ** serialize our response. |
| */ |
| |
| void xmlrpc_cgi_process_call (void) |
| { |
| xmlrpc_env env; |
| char *method, *type, *length_str; |
| int length; |
| xmlrpc_mem_block *input, *output; |
| char *input_data, *output_data; |
| size_t input_size, output_size; |
| int code; |
| char *message; |
| |
| /* Error-handling preconditions. */ |
| xmlrpc_env_init(&env); |
| input = output = NULL; |
| |
| /* Set up a default error message. */ |
| code = 500; message = "Internal Server Error"; |
| |
| /* Get our HTTP information from the environment. */ |
| method = getenv("REQUEST_METHOD"); |
| type = getenv("CONTENT_TYPE"); |
| length_str = getenv("CONTENT_LENGTH"); |
| |
| /* Perform some sanity checks. */ |
| if (!method || 0 != strcmp(method, "POST")) { |
| code = 405; message = "Method Not Allowed"; |
| XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Expected HTTP method POST"); |
| } |
| if (!type || 0 != strcmp(type, "text/xml")) { |
| code = 400; message = "Bad Request"; |
| XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Expected text/xml content"); |
| } |
| if (!length_str) { |
| code = 411; message = "Length Required"; |
| XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Content-length required"); |
| } |
| |
| /* Get our content length. */ |
| length = atoi(length_str); |
| if (length <= 0) { |
| code = 400; message = "Bad Request"; |
| XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Content-length must be > 0"); |
| } |
| |
| /* SECURITY: Make sure our content length is legal. |
| ** XXX - We can cast 'input_len' because we know it's >= 0, yes? */ |
| if ((size_t) length > xmlrpc_limit_get(XMLRPC_XML_SIZE_LIMIT_ID)) { |
| code = 400; message = "Bad Request"; |
| XMLRPC_FAIL(&env, XMLRPC_LIMIT_EXCEEDED_ERROR, |
| "XML-RPC request too large"); |
| } |
| |
| /* Get our body. */ |
| input = get_body(&env, length); |
| XMLRPC_FAIL_IF_FAULT(&env); |
| input_data = XMLRPC_TYPED_MEM_BLOCK_CONTENTS(char, input); |
| input_size = XMLRPC_TYPED_MEM_BLOCK_SIZE(char, input); |
| |
| /* Process our call. */ |
| output = xmlrpc_registry_process_call(&env, registry, NULL, |
| input_data, input_size); |
| XMLRPC_FAIL_IF_FAULT(&env); |
| output_data = XMLRPC_TYPED_MEM_BLOCK_CONTENTS(char, output); |
| output_size = XMLRPC_TYPED_MEM_BLOCK_SIZE(char, output); |
| |
| /* Send our data. */ |
| send_xml(output_data, output_size); |
| |
| cleanup: |
| if (input) |
| xmlrpc_mem_block_free(input); |
| if (output) |
| xmlrpc_mem_block_free(output); |
| |
| if (env.fault_occurred) |
| send_error(code, message, &env); |
| |
| xmlrpc_env_clean(&env); |
| } |