[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
[0118]
[0119]
[0120]
[0121]
[0122]
[0123]
[0124]
[0125]
[0126]
[0127]
[0128]
[0129]
[0130]
[0131]
[0132]
[0133]
[0134]
[0135]
[0136]
[0137]
[0138]
[0139]
[0140]
[0141]
[0142]
[0143]
[0144]
[0145]
[0146]
[0147]
[0148]
[0149]
[0150]
[0151]
[0152]
[0153]
[0154]
[0155]
[0156]
[0157]
[0158]
[0159]
[0160]
[0161]
[0162]
[0163]
[0164]
[0165]
[0166]
[0167]
[0168]
[0169]
[0170]
[0171]
[0172]
[0173]
[0174]
[0175]
[0176]
[0177]
[0178]
[0179]
[0180]
[0181]
[0182]
[0183]
[0184]
[0185]
[0186]
[0187]
[0188]
[0189]
[0190]
[0191]
[0192]
[0193]
[0194]
[0195]
[0196]
[0197]
[0198]
[0199]
[0200]
[0201]
[0202]
[0203]
[0204]
[0205]
[0206]
[0207]
[0208]
[0209]
[0210]
[0211]
[0212]
[0213]
[0214]
[0215]
[0216]
[0217]
[0218]
[0219]
[0220]
[0221]
[0222]
[0223]
[0224]
[0225]
[0226]
[0227]
[0228]
[0229]
[0230]
[0231]
[0232]
[0233]
[0234]
[0235]
[0236]
[0237]
[0238]
[0239]
[0240]
[0241]
[0242]
[0243]
[0244]
[0245]
[0246]
[0247]
[0248]
[0249]
[0250]
[0251]
[0252]
[0253]
[0254]
[0255]
[0256]
[0257]
[0258]
[0259]
[0260]
[0261]
[0262]
[0263]
[0264]
[0265]
[0266]
[0267]
[0268]
[0269]
[0270]
[0271]
[0272]
[0273]
[0274]
[0275]
[0276]
[0277]
[0278]
[0279]
[0280]
[0281]
[0282]
[0283]
[0284]
[0285]
[0286]
[0287]
[0288]
[0289]
[0290]
[0291]
[0292]
[0293]
[0294]
[0295]
[0296]
[0297]
[0298]
[0299]
[0300]
[0301]
[0302]
[0303]
[0304]
[0305]
[0306]
[0307]
[0308]
[0309]
[0310]
[0311]
[0312]
[0313]
[0314]
[0315]
[0316]
[0317]
[0318]
[0319]
[0320]
[0321]
[0322]
[0323]
[0324]
[0325]
[0326]
[0327]
[0328]
[0329]
[0330]
[0331]
[0332]
[0333]
[0334]
[0335]
[0336]
[0337]
[0338]
[0339]
[0340]
[0341]
[0342]
[0343]
[0344]
[0345]
[0346]
[0347]
[0348]
[0349]
[0350]
[0351]
[0352]
[0353]
[0354]
[0355]
[0356]
[0357]
[0358]
[0359]
[0360]
[0361]
[0362]
[0363]
[0364]
[0365]
[0366]
[0367]
[0368]
[0369]
[0370]
[0371]
[0372]
[0373]
[0374]
[0375]
[0376]
[0377]
[0378]
[0379]
[0380]
[0381]
[0382]
[0383]
[0384]
[0385]
[0386]
[0387]
[0388]
[0389]
[0390]
[0391]
[0392]
[0393]
[0394]
[0395]
[0396]
[0397]
[0398]
[0399]
[0400]
[0401]
[0402]
[0403]
[0404]
[0405]
[0406]
[0407]
[0408]
[0409]
[0410]
[0411]
[0412]
[0413]
[0414]
[0415]
[0416]
[0417]
[0418]
[0419]
[0420]
[0421]
[0422]
[0423]
[0424]
[0425]
[0426]
[0427]
[0428]
[0429]
[0430]
[0431]
[0432]
[0433]
[0434]
[0435]
[0436]
[0437]
[0438]
[0439]
[0440]
[0441]
[0442]
[0443]
[0444]
[0445]
[0446]
[0447]
[0448]
[0449]
[0450]
[0451]
[0452]
[0453]
[0454]
[0455]
[0456]
[0457]
[0458]
[0459]
[0460]
[0461]
[0462]
[0463]
[0464]
[0465]
[0466]
[0467]
[0468]
[0469]
[0470]
[0471]
[0472]
[0473]
[0474]
[0475]
[0476]
[0477]
[0478]
[0479]
[0480]
[0481]
[0482]
[0483]
[0484]
[0485]
[0486]
[0487]
[0488]
[0489]
[0490]
[0491]
[0492]
[0493]
[0494]
[0495]
[0496]
[0497]
[0498]
[0499]
[0500]
[0501]
[0502]
[0503]
[0504]
[0505]
[0506]
[0507]
[0508]
[0509]
[0510]
[0511]
[0512]
[0513]
[0514]
[0515]
[0516]
[0517]
[0518]
[0519]
[0520]
[0521]
[0522]
[0523]
[0524]
[0525]
[0526]
[0527]
[0528]
[0529]
[0530]
[0531]
[0532]
[0533]
[0534]
[0535]
[0536]
[0537]
[0538]
[0539]
[0540]
[0541]
[0542]
[0543]
[0544]
[0545]
[0546]
[0547]
[0548]
[0549]
[0550]
[0551]
[0552]
[0553]
[0554]
[0555]
[0556]
[0557]
[0558]
[0559]
[0560]
[0561]
[0562]
[0563]
[0564]
[0565]
[0566]
[0567]
[0568]
[0569]
[0570]
[0571]
[0572]
[0573]
[0574]
[0575]
[0576]
[0577]
[0578]
[0579]
[0580]
[0581]
[0582]
[0583]
[0584]
[0585]
[0586]
[0587]
[0588]
[0589]
[0590]
[0591]
[0592]
[0593]
[0594]
[0595]
[0596]
[0597]
[0598]
[0599]
[0600]
[0601]
[0602]
[0603]
[0604]
[0605]
[0606]
[0607]
[0608]
[0609]
[0610]
[0611]
[0612]
[0613]
[0614]
[0615]
[0616]
[0617]
[0618]
[0619]
[0620]
[0621]
[0622]
[0623]
[0624]
[0625]
[0626]
[0627]
[0628]
[0629]
[0630]
[0631]
[0632]
[0633]
[0634]
[0635]
[0636]
[0637]
[0638]
[0639]
[0640]
[0641]
[0642]
[0643]
[0644]
[0645]
[0646]
[0647]
[0648]
[0649]
[0650]
[0651]
[0652]
[0653]
[0654]
[0655]
[0656]
[0657]
[0658]
[0659]
[0660]
[0661]
[0662]
[0663]
[0664]
[0665]
[0666]
[0667]
[0668]
[0669]
[0670]
[0671]
[0672]
[0673]
[0674]
[0675]
[0676]
[0677]
[0678]
[0679]
[0680]
[0681]
[0682]
[0683]
[0684]
[0685]
[0686]
[0687]
[0688]
[0689]
[0690]
[0691]
[0692]
[0693]
[0694]
[0695]
[0696]
[0697]
[0698]
[0699]
[0700]
[0701]
[0702]
[0703]
[0704]
[0705]
[0706]
[0707]
[0708]
[0709]
[0710]
[0711]
[0712]
[0713]
[0714]
[0715]
[0716]
[0717]
[0718]
[0719]
[0720]
[0721]
[0722]
[0723]
[0724]
[0725]
[0726]
[0727]
[0728]
[0729]
[0730]
[0731]
[0732]
[0733]
[0734]
[0735]
[0736]
[0737]
[0738]
[0739]
[0740]
[0741]
[0742]
[0743]
[0744]
[0745]
[0746]
[0747]
[0748]
[0749]
[0750]
[0751]
[0752]
[0753]
[0754]
[0755]
[0756]
[0757]
[0758]
[0759]
[0760]
[0761]
[0762]
[0763]
[0764]
[0765]
[0766]
[0767]
[0768]
[0769]
[0770]
[0771]
[0772]
[0773]
[0774]
[0775]
[0776]
[0777]
[0778]
[0779]
[0780]
[0781]
[0782]
[0783]
[0784]
[0785]
[0786]
[0787]
[0788]
[0789]
[0790]
[0791]
[0792]
[0793]
[0794]
[0795]
[0796]
[0797]
[0798]
[0799]
[0800]
[0801]
[0802]
[0803]
[0804]
[0805]
[0806]
[0807]
[0808]
[0809]
[0810]
[0811]
[0812]
[0813]
[0814]
[0815]
[0816]
[0817]
[0818]
[0819]
[0820]
[0821]
[0822]
[0823]
[0824]
[0825]
[0826]
[0827]
[0828]
[0829]
[0830]
[0831]
[0832]
[0833]
[0834]
[0835]
[0836]
[0837]
[0838]
[0839]
[0840]
[0841]
[0842]
[0843]
[0844]
[0845]
[0846]
[0847]
[0848]
[0849]
[0850]
[0851]
[0852]
[0853]
[0854]
[0855]
[0856]
[0857]
[0858]
[0859]
[0860]
[0861]
[0862]
[0863]
[0864]
[0865]
[0866]
[0867]
[0868]
[0869]
[0870]
[0871]
[0872]
[0873]
[0874]
[0875]
[0876]
[0877]
[0878]
[0879]
[0880]
[0881]
[0882]
[0883]
[0884]
[0885]
[0886]
[0887]
[0888]
[0889]
[0890]
[0891]
[0892]
[0893]
[0894]
[0895]
[0896]
[0897]
[0898]
[0899]
[0900]
[0901]
[0902]
[0903]
[0904]
[0905]
[0906]
[0907]
[0908]
[0909]
[0910]
[0911]
[0912]
[0913]
[0914]
[0915]
[0916]
[0917]
[0918]
[0919]
[0920]
[0921]
[0922]
[0923]
[0924]
[0925]
[0926]
[0927]
[0928]
[0929]
[0930]
[0931]
[0932]
[0933]
[0934]
[0935]
[0936]
[0937]
[0938]
[0939]
[0940]
[0941]
[0942]
[0943]
[0944]
[0945]
[0946]
[0947]
[0948]
[0949]
[0950]
[0951]
[0952]
[0953]
[0954]
[0955]
[0956]
[0957]
[0958]
[0959]
[0960]
[0961]
[0962]
[0963]
[0964]
[0965]
[0966]
[0967]
[0968]
[0969]
[0970]
[0971]
[0972]
[0973]
[0974]
[0975]
[0976]
[0977]
[0978]
[0979]
[0980]
[0981]
[0982]
[0983]
[0984]
[0985]
[0986]
[0987]
[0988]
[0989]
[0990]
[0991]
[0992]
[0993]
[0994]
[0995]
[0996]
[0997]
[0998]
[0999]
[1000]
[1001]
[1002]
[1003]
[1004]
[1005]
[1006]
[1007]
[1008]
[1009]
[1010]
[1011]
[1012]
[1013]
[1014]
[1015]
[1016]
[1017]
[1018]
[1019]
[1020]
[1021]
[1022]
[1023]
[1024]
[1025]
[1026]
[1027]
[1028]
[1029]
[1030]
[1031]
[1032]
[1033]
[1034]
[1035]
[1036]
[1037]
[1038]
[1039]
[1040]
[1041]
[1042]
[1043]
[1044]
[1045]
[1046]
[1047]
[1048]
[1049]
[1050]
[1051]
[1052]
[1053]
[1054]
[1055]
[1056]
[1057]
[1058]
[1059]
[1060]
[1061]
[1062]
[1063]
[1064]
[1065]
[1066]
[1067]
[1068]
[1069]
[1070]
[1071]
[1072]
[1073]
[1074]
[1075]
[1076]
[1077]
[1078]
[1079]
[1080]
[1081]
[1082]
[1083]
[1084]
[1085]
[1086]
[1087]
[1088]
[1089]
[1090]
[1091]
[1092]
[1093]
[1094]
[1095]
[1096]
[1097]
[1098]
[1099]
[1100]
[1101]
[1102]
[1103]
[1104]
[1105]
[1106]
[1107]
[1108]
[1109]
[1110]
[1111]
[1112]
[1113]
[1114]
[1115]
[1116]
[1117]
[1118]
[1119]
[1120]
[1121]
[1122]
[1123]
[1124]
[1125]
[1126]
[1127]
[1128]
[1129]
[1130]
[1131]
[1132]
[1133]
[1134]
[1135]
[1136]
[1137]
[1138]
[1139]
[1140]
[1141]
[1142]
[1143]
[1144]
[1145]
[1146]
[1147]
[1148]
[1149]
[1150]
[1151]
[1152]
[1153]
[1154]
[1155]
[1156]
[1157]
[1158]
[1159]
[1160]
[1161]
[1162]
[1163]
[1164]
[1165]
[1166]
[1167]
[1168]
[1169]
[1170]
[1171]
[1172]
[1173]
[1174]
[1175]
[1176]
[1177]
[1178]
[1179]
[1180]
[1181]
[1182]
[1183]
[1184]
[1185]
[1186]
[1187]
[1188]
[1189]
[1190]
[1191]
[1192]
[1193]
[1194]
[1195]
[1196]
[1197]
[1198]
[1199]
[1200]
[1201]
[1202]
[1203]
[1204]
[1205]
[1206]
[1207]
[1208]
[1209]
[1210]
[1211]
[1212]
[1213]
[1214]
[1215]
[1216]
[1217]
[1218]
[1219]
[1220]
[1221]
[1222]
[1223]
[1224]
[1225]
[1226]
[1227]
[1228]
[1229]
[1230]
[1231]
[1232]
[1233]
[1234]
[1235]
[1236]
[1237]
[1238]
[1239]
[1240]
[1241]
[1242]
[1243]
[1244]
[1245]
[1246]
[1247]
[1248]
[1249]
[1250]
[1251]
[1252]
[1253]
[1254]
[1255]
[1256]
[1257]
[1258]
[1259]
[1260]
[1261]
[1262]
[1263]
[1264]
[1265]
[1266]
[1267]
[1268]
[1269]
[1270]
[1271]
[1272]
[1273]
[1274]
[1275]
[1276]
[1277]
[1278]
[1279]
[1280]
[1281]
[1282]
[1283]
[1284]
[1285]
[1286]
[1287]
[1288]
[1289]
[1290]
[1291]
[1292]
[1293]
[1294]
[1295]
[1296]
[1297]
[1298]
[1299]
[1300]
[1301]
[1302]
[1303]
[1304]
[1305]
[1306]
[1307]
[1308]
[1309]
[1310]
[1311]
[1312]
[1313]
[1314]
[1315]
[1316]
[1317]
[1318]
[1319]
[1320]
[1321]
[1322]
[1323]
[1324]
[1325]
[1326]
[1327]
[1328]
[1329]
[1330]
[1331]
[1332]
[1333]
[1334]
[1335]
[1336]
[1337]
[1338]
[1339]
[1340]
[1341]
[1342]
[1343]
[1344]
[1345]
[1346]
[1347]
[1348]
[1349]
[1350]
[1351]
[1352]
[1353]
[1354]
[1355]
[1356]
[1357]
[1358]
[1359]
[1360]
[1361]
[1362]
[1363]
[1364]
[1365]
[1366]
[1367]
[1368]
[1369]
[1370]
[1371]
[1372]
[1373]
[1374]
[1375]
[1376]
[1377]
[1378]
[1379]
[1380]
[1381]
[1382]
[1383]
[1384]
[1385]
[1386]
[1387]
[1388]
[1389]
[1390]
[1391]
[1392]
[1393]
[1394]
[1395]
[1396]
[1397]
[1398]
[1399]
[1400]
[1401]
[1402]
[1403]
[1404]
[1405]
[1406]
[1407]
[1408]
[1409]
[1410]
[1411]
[1412]
[1413]
[1414]
[1415]
[1416]
[1417]
[1418]
[1419]
[1420]
[1421]
[1422]
[1423]
[1424]
[1425]
[1426]
[1427]
[1428]
[1429]
[1430]
[1431]
[1432]
[1433]
[1434]
[1435]
[1436]
[1437]
[1438]
[1439]
[1440]
[1441]
[1442]
[1443]
[1444]
[1445]
[1446]
[1447]
[1448]
[1449]
[1450]
[1451]
[1452]
[1453]
[1454]
[1455]
[1456]
[1457]
[1458]
[1459]
[1460]
[1461]
[1462]
[1463]
[1464]
[1465]
[1466]
[1467]
[1468]
[1469]
[1470]
[1471]
[1472]
[1473]
[1474]
[1475]
[1476]
[1477]
[1478]
[1479]
[1480]
[1481]
[1482]
[1483]
[1484]
[1485]
[1486]
[1487]
[1488]
[1489]
[1490]
[1491]
[1492]
[1493]
[1494]
[1495]
[1496]
[1497]
[1498]
[1499]
[1500]
[1501]
[1502]
[1503]
[1504]
[1505]
[1506]
[1507]
[1508]
[1509]
[1510]
[1511]
[1512]
[1513]
[1514]
[1515]
[1516]
[1517]
[1518]
[1519]
[1520]
[1521]
[1522]
[1523]
[1524]
[1525]
[1526]
[1527]
[1528]
[1529]
[1530]
[1531]
[1532]
[1533]
[1534]
[1535]
[1536]
[1537]
[1538]
[1539]
[1540]
[1541]
[1542]
[1543]
[1544]
[1545]
[1546]
[1547]
[1548]
[1549]
[1550]
[1551]
[1552]
[1553]
[1554]
[1555]
[1556]
[1557]
[1558]
[1559]
[1560]
[1561]
[1562]
[1563]
[1564]
[1565]
[1566]
[1567]
[1568]
[1569]
[1570]
[1571]
[1572]
[1573]
[1574]
[1575]
[1576]
[1577]
[1578]
[1579]
[1580]
[1581]
[1582]
[1583]
[1584]
[1585]
[1586]
[1587]
[1588]
[1589]
[1590]
[1591]
[1592]
[1593]
[1594]
[1595]
[1596]
[1597]
[1598]
[1599]
[1600]
[1601]
[1602]
[1603]
[1604]
[1605]
[1606]
[1607]
[1608]
[1609]
[1610]
[1611]
[1612]
[1613]
[1614]
[1615]
[1616]
[1617]
[1618]
[1619]
[1620]
[1621]
[1622]
[1623]
[1624]
[1625]
[1626]
[1627]
[1628]
[1629]
[1630]
[1631]
[1632]
[1633]
[1634]
[1635]
[1636]
[1637]
[1638]
[1639]
[1640]
[1641]
[1642]
[1643]
[1644]
[1645]
[1646]
[1647]
[1648]
[1649]
[1650]
[1651]
[1652]
[1653]
[1654]
[1655]
[1656]
[1657]
[1658]
[1659]
[1660]
[1661]
[1662]
[1663]
[1664]
[1665]
[1666]
[1667]
[1668]
[1669]
[1670]
[1671]
[1672]
[1673]
[1674]
[1675]
[1676]
[1677]
[1678]
[1679]
[1680]
[1681]
[1682]
[1683]
[1684]
[1685]
[1686]
[1687]
[1688]
[1689]
[1690]
[1691]
[1692]
[1693]
[1694]
[1695]
[1696]
[1697]
[1698]
[1699]
[1700]
[1701]
[1702]
[1703]
[1704]
[1705]
[1706]
[1707]
[1708]
[1709]
[1710]
[1711]
[1712]
[1713]
[1714]
[1715]
[1716]
[1717]
[1718]
[1719]
[1720]
[1721]
[1722]
[1723]
[1724]
[1725]
[1726]
[1727]
[1728]
[1729]
[1730]
[1731]
[1732]
[1733]
[1734]
[1735]
[1736]
[1737]
[1738]
[1739]
[1740]
[1741]
[1742]
[1743]
[1744]
[1745]
[1746]
[1747]
[1748]
[1749]
[1750]
[1751]
[1752]
[1753]
[1754]
[1755]
[1756]
[1757]
[1758]
[1759]
[1760]
[1761]
[1762]
[1763]
[1764]
[1765]
[1766]
[1767]
[1768]
[1769]
[1770]
[1771]
[1772]
[1773]
[1774]
[1775]
[1776]
[1777]
[1778]
[1779]
[1780]
[1781]
[1782]
[1783]
[1784]
[1785]
[1786]
[1787]
[1788]
[1789]
[1790]
[1791]
[1792]
[1793]
[1794]
[1795]
[1796]
[1797]
[1798]
[1799]
[1800]
[1801]
[1802]
[1803]
[1804]
[1805]
[1806]
[1807]
[1808]
[1809]
[1810]
[1811]
[1812]
[1813]
[1814]
[1815]
[1816]
[1817]
[1818]
[1819]
[1820]
[1821]
[1822]
[1823]
[1824]
[1825]
[1826]
[1827]
[1828]
[1829]
[1830]
[1831]
[1832]
[1833]
[1834]
[1835]
[1836]
[1837]
[1838]
[1839]
[1840]
[1841]
[1842]
[1843]
[1844]
[1845]
[1846]
[1847]
[1848]
[1849]
[1850]
[1851]
[1852]
[1853]
[1854]
[1855]
[1856]
[1857]
[1858]
[1859]
[1860]
[1861]
[1862]
[1863]
[1864]
[1865]
[1866]
[1867]
[1868]
[1869]
[1870]
[1871]
[1872]
[1873]
[1874]
[1875]
[1876]
[1877]
[1878]
[1879]
[1880]
[1881]
[1882]
[1883]
[1884]
[1885]
[1886]
[1887]
[1888]
[1889]
[1890]
[1891]
[1892]
[1893]
[1894]
[1895]
[1896]
[1897]
[1898]
[1899]
[1900]
[1901]
[1902]
[1903]
[1904]
[1905]
[1906]
[1907]
[1908]
[1909]
[1910]
[1911]
[1912]
[1913]
[1914]
[1915]
[1916]
[1917]
[1918]
[1919]
[1920]
[1921]
[1922]
[1923]
[1924]
[1925]
[1926]
[1927]
[1928]
[1929]
[1930]
[1931]
[1932]
[1933]
[1934]
[1935]
[1936]
[1937]
[1938]
[1939]
[1940]
[1941]
[1942]
[1943]
[1944]
[1945]
[1946]
[1947]
[1948]
[1949]
[1950]
[1951]
[1952]
[1953]
[1954]
[1955]
[1956]
[1957]
[1958]
[1959]
[1960]
[1961]
[1962]
[1963]
[1964]
[1965]
[1966]
[1967]
[1968]
[1969]
[1970]
[1971]
[1972]
[1973]
[1974]
[1975]
[1976]
[1977]
[1978]
[1979]
[1980]
[1981]
[1982]
[1983]
[1984]
[1985]
[1986]
[1987]
[1988]
[1989]
[1990]
[1991]
[1992]
[1993]
[1994]
[1995]
[1996]
[1997]
[1998]
[1999]
[2000]
[2001]
[2002]
[2003]
[2004]
[2005]
[2006]
[2007]
[2008]
[2009]
[2010]
[2011]
[2012]
[2013]
[2014]
[2015]
[2016]
[2017]
[2018]
[2019]
[2020]
[2021]
[2022]
[2023]
[2024]
[2025]
[2026]
[2027]
[2028]
[2029]
[2030]
[2031]
[2032]
[2033]
[2034]
[2035]
[2036]
[2037]
[2038]
[2039]
[2040]
[2041]
[2042]
[2043]
[2044]
[2045]
[2046]
[2047]
[2048]
[2049]
[2050]
[2051]
[2052]
[2053]
[2054]
[2055]
[2056]
[2057]
[2058]
[2059]
[2060]
[2061]
[2062]
[2063]
[2064]
[2065]
[2066]
[2067]
[2068]
[2069]
[2070]
[2071]
[2072]
[2073]
[2074]
[2075]
[2076]
[2077]
[2078]
[2079]
[2080]
[2081]
[2082]
[2083]
[2084]
[2085]
[2086]
[2087]
[2088]
[2089]
[2090]
[2091]
[2092]
[2093]
[2094]
[2095]
[2096]
[2097]
[2098]
[2099]
[2100]
[2101]
[2102]
[2103]
[2104]
[2105]
[2106]
[2107]
[2108]
[2109]
[2110]
[2111]
[2112]
[2113]
[2114]
[2115]
[2116]
[2117]
[2118]
[2119]
[2120]
[2121]
[2122]
[2123]
[2124]
[2125]
[2126]
[2127]
[2128]
[2129]
[2130]
[2131]
[2132]
[2133]
[2134]
[2135]
[2136]
[2137]
[2138]
[2139]
[2140]
[2141]
[2142]
[2143]
[2144]
[2145]
[2146]
[2147]
[2148]
[2149]
[2150]
[2151]
[2152]
[2153]
[2154]
[2155]
[2156]
[2157]
[2158]
[2159]
[2160]
[2161]
[2162]
[2163]
[2164]
[2165]
[2166]
[2167]
[2168]
[2169]
[2170]
[2171]
[2172]
[2173]
[2174]
[2175]
[2176]
[2177]
[2178]
[2179]
[2180]
[2181]
[2182]
[2183]
[2184]
[2185]
[2186]
[2187]
[2188]
[2189]
[2190]
[2191]
[2192]
[2193]
[2194]
[2195]
[2196]
[2197]
[2198]
[2199]
[2200]
[2201]
[2202]
[2203]
[2204]
[2205]
[2206]
[2207]
[2208]
[2209]
[2210]
[2211]
[2212]
[2213]
[2214]
[2215]
[2216]
[2217]
[2218]
[2219]
[2220]
[2221]
[2222]
[2223]
[2224]
[2225]
[2226]
[2227]
[2228]
[2229]
[2230]
[2231]
[2232]
[2233]
[2234]
[2235]
[2236]
[2237]
[2238]
[2239]
[2240]
[2241]
[2242]
[2243]
[2244]
[2245]
[2246]
[2247]
[2248]
[2249]
[2250]
[2251]
[2252]
[2253]
[2254]
[2255]
[2256]
[2257]
[2258]
[2259]
[2260]
[2261]
[2262]
[2263]
[2264]
[2265]
[2266]
[2267]
[2268]
[2269]
[2270]
[2271]
[2272]
[2273]
[2274]
[2275]
[2276]
[2277]
[2278]
[2279]
[2280]
[2281]
[2282]
[2283]
[2284]
[2285]
[2286]
[2287]
[2288]
[2289]
[2290]
[2291]
[2292]
[2293]
[2294]
[2295]
[2296]
[2297]
[2298]
[2299]
[2300]
[2301]
[2302]
[2303]
[2304]
[2305]
[2306]
[2307]
[2308]
[2309]
[2310]
[2311]
[2312]
[2313]
[2314]
[2315]
[2316]
[2317]
[2318]
[2319]
[2320]
[2321]
[2322]
[2323]
[2324]
[2325]
[2326]
[2327]
[2328]
[2329]
[2330]
[2331]
[2332]
[2333]
[2334]
[2335]
[2336]
[2337]
[2338]
[2339]
[2340]
[2341]
[2342]
[2343]
[2344]
[2345]
[2346]
[2347]
[2348]
[2349]
[2350]
[2351]
[2352]
[2353]
[2354]
[2355]
[2356]
[2357]
[2358]
[2359]
[2360]
[2361]
[2362]
[2363]
[2364]
[2365]
[2366]
[2367]
[2368]
[2369]
[2370]
[2371]
[2372]
[2373]
[2374]
[2375]
[2376]
[2377]
[2378]
[2379]
[2380]
[2381]
[2382]
[2383]
[2384]
[2385]
[2386]
[2387]
[2388]
[2389]
[2390]
[2391]
[2392]
[2393]
[2394]
[2395]
[2396]
[2397]
[2398]
[2399]
[2400]
[2401]
[2402]
[2403]
[2404]
[2405]
[2406]
[2407]
[2408]
[2409]
[2410]
[2411]
[2412]
[2413]
[2414]
[2415]
[2416]
[2417]
[2418]
[2419]
[2420]
[2421]
[2422]
[2423]
[2424]
[2425]
[2426]
[2427]
[2428]
[2429]
[2430]
[2431]
[2432]
[2433]
[2434]
[2435]
[2436]
[2437]
[2438]
[2439]
[2440]
[2441]
[2442]
[2443]
[2444]
[2445]
[2446]
[2447]
[2448]
[2449]
[2450]
[2451]
[2452]
[2453]
[2454]
[2455]
[2456]
[2457]
[2458]
[2459]
[2460]
[2461]
[2462]
[2463]
[2464]
[2465]
[2466]
[2467]
[2468]
[2469]
[2470]
[2471]
[2472]
[2473]
[2474]
[2475]
[2476]
[2477]
[2478]
[2479]
[2480]
[2481]
[2482]
[2483]
[2484]
[2485]
[2486]
[2487]
[2488]
[2489]
[2490]
[2491]
[2492]
[2493]
[2494]
[2495]
[2496]
[2497]
[2498]
[2499]
[2500]
[2501]
[2502]
[2503]
[2504]
[2505]
[2506]
[2507]
[2508]
[2509]
[2510]
[2511]
[2512]
[2513]
[2514]
[2515]
[2516]
[2517]
[2518]
[2519]
[2520]
[2521]
[2522]
[2523]
[2524]
[2525]
[2526]
[2527]
[2528]
[2529]
[2530]
[2531]
[2532]
[2533]
[2534]
[2535]
[2536]
[2537]
[2538]
[2539]
[2540]
[2541]
[2542]
[2543]
[2544]
[2545]
[2546]
[2547]
[2548]
[2549]
[2550]
[2551]
[2552]
[2553]
[2554]
[2555]
[2556]
[2557]
[2558]
[2559]
[2560]
[2561]
[2562]
[2563]
[2564]
[2565]
[2566]
[2567]
[2568]
[2569]
[2570]
[2571]
[2572]
[2573]
[2574]
[2575]
[2576]
[2577]
[2578]
[2579]
[2580]
[2581]
[2582]
[2583]
[2584]
[2585]
[2586]
[2587]
[2588]
[2589]
[2590]
[2591]
[2592]
[2593]
[2594]
[2595]
[2596]
[2597]
[2598]
[2599]
[2600]
[2601]
[2602]
[2603]
[2604]
[2605]
[2606]
[2607]
[2608]
[2609]
[2610]
[2611]
[2612]
[2613]
[2614]
[2615]
[2616]
[2617]
[2618]
[2619]
[2620]
[2621]
[2622]
[2623]
[2624]
[2625]
[2626]
[2627]
[2628]
[2629]
[2630]
[2631]
[2632]
[2633]
[2634]
[2635]
[2636]
[2637]
[2638]
[2639]
[2640]
[2641]
[2642]
[2643]
[2644]
[2645]
[2646]
[2647]
[2648]
[2649]
[2650]
[2651]
[2652]
[2653]
[2654]
[2655]
[2656]
[2657]
[2658]
[2659]
[2660]
[2661]
[2662]
[2663]
[2664]
[2665]
[2666]
[2667]
[2668]
[2669]
[2670]
[2671]
[2672]
[2673]
[2674]
[2675]
[2676]
[2677]
[2678]
[2679]
[2680]
[2681]
[2682]
[2683]
[2684]
[2685]
[2686]
[2687]
[2688]
[2689]
[2690]
[2691]
[2692]
[2693]
[2694]
[2695]
[2696]
[2697]
[2698]
[2699]
[2700]
[2701]
[2702]
[2703]
[2704]
[2705]
[2706]
[2707]
[2708]
[2709]
[2710]
[2711]
[2712]
[2713]
[2714]
[2715]
[2716]
[2717]
[2718]
[2719]
[2720]
[2721]
[2722]
[2723]
[2724]
[2725]
[2726]
[2727]
[2728]
[2729]
[2730]
[2731]
[2732]
[2733]
[2734]
[2735]
[2736]
[2737]
[2738]
[2739]
[2740]
[2741]
[2742]
[2743]
[2744]
[2745]
[2746]
[2747]
[2748]
[2749]
[2750]
[2751]
[2752]
[2753]
[2754]
[2755]
[2756]
[2757]
[2758]
[2759]
[2760]
[2761]
[2762]
[2763]
[2764]
[2765]
[2766]
[2767]
[2768]
[2769]
[2770]
[2771]
[2772]
[2773]
[2774]
[2775]
[2776]
[2777]
[2778]
[2779]
[2780]
[2781]
[2782]
[2783]
[2784]
[2785]
[2786]
[2787]
[2788]
[2789]
[2790]
[2791]
[2792]
[2793]
[2794]
[2795]
[2796]
[2797]
[2798]
[2799]
[2800]
[2801]
[2802]
[2803]
[2804]
[2805]
[2806]
[2807]
[2808]
[2809]
[2810]
[2811]
[2812]
[2813]
[2814]
[2815]
[2816]
[2817]
[2818]
[2819]
[2820]
[2821]
[2822]
[2823]
[2824]
[2825]
[2826]
[2827]
[2828]
[2829]
[2830]
[2831]
[2832]
[2833]
[2834]
[2835]
[2836]
[2837]
[2838]
[2839]
[2840]
[2841]
[2842]
[2843]
[2844]
[2845]
[2846]
[2847]
[2848]
[2849]
[2850]
[2851]
[2852]
[2853]
[2854]
[2855]
[2856]
[2857]
[2858]
[2859]
[2860]
[2861]
[2862]
[2863]
[2864]
[2865]
[2866]
[2867]
[2868]
[2869]
[2870]
[2871]
[2872]
[2873]
[2874]
[2875]
[2876]
[2877]
[2878]
[2879]
[2880]
[2881]
[2882]
[2883]
[2884]
[2885]
[2886]
[2887]
[2888]
[2889]
[2890]
[2891]
[2892]
[2893]
[2894]
[2895]
[2896]
[2897]
[2898]
[2899]
[2900]
[2901]
[2902]
[2903]
[2904]
[2905]
[2906]
[2907]
[2908]
[2909]
[2910]
[2911]
[2912]
[2913]
[2914]
[2915]
[2916]
[2917]
[2918]
[2919]
[2920]
[2921]
[2922]
[2923]
[2924]
[2925]
[2926]
[2927]
[2928]
[2929]
[2930]
[2931]
[2932]
[2933]
[2934]
[2935]
[2936]
[2937]
[2938]
[2939]
[2940]
[2941]
[2942]
[2943]
[2944]
[2945]
[2946]
[2947]
[2948]
[2949]
[2950]
[2951]
[2952]
[2953]
[2954]
[2955]
[2956]
[2957]
[2958]
[2959]
[2960]
[2961]
[2962]
[2963]
[2964]
[2965]
[2966]
[2967]
[2968]
[2969]
[2970]
[2971]
[2972]
[2973]
[2974]
[2975]
[2976]
[2977]
[2978]
[2979]
[2980]
[2981]
[2982]
[2983]
[2984]
[2985]
[2986]
[2987]
[2988]
[2989]
[2990]
[2991]
[2992]
[2993]
[2994]
[2995]
[2996]
[2997]
[2998]
[2999]
[3000]
[3001]
[3002]
[3003]
[3004]
[3005]
[3006]
[3007]
[3008]
[3009]
[3010]
[3011]
[3012]
[3013]
[3014]
[3015]
[3016]
[3017]
[3018]
[3019]
[3020]
[3021]
[3022]
[3023]
[3024]
[3025]
[3026]
[3027]
[3028]
[3029]
[3030]
[3031]
[3032]
[3033]
[3034]
[3035]
[3036]
[3037]
[3038]
[3039]
[3040]
[3041]
[3042]
[3043]
[3044]
[3045]
[3046]
[3047]
[3048]
[3049]
[3050]
[3051]
[3052]
[3053]
[3054]
[3055]
[3056]
[3057]
[3058]
[3059]
[3060]
[3061]
[3062]
[3063]
[3064]
[3065]
[3066]
[3067]
[3068]
[3069]
[3070]
[3071]
[3072]
[3073]
[3074]
[3075]
[3076]
[3077]
[3078]
[3079]
[3080]
[3081]
[3082]
[3083]
[3084]
[3085]
[3086]
[3087]
[3088]
[3089]
[3090]
[3091]
[3092]
[3093]
[3094]
[3095]
[3096]
[3097]
[3098]
[3099]
[3100]
[3101]
[3102]
[3103]
[3104]
[3105]
[3106]
[3107]
[3108]
[3109]
[3110]
[3111]
[3112]
[3113]
[3114]
[3115]
[3116]
[3117]
[3118]
[3119]
[3120]
[3121]
[3122]
[3123]
[3124]
[3125]
[3126]
[3127]
[3128]
[3129]
[3130]
[3131]
[3132]
[3133]
[3134]
[3135]
[3136]
[3137]
[3138]
[3139]
[3140]
[3141]
[3142]
[3143]
[3144]
[3145]
[3146]
[3147]
[3148]
[3149]
[3150]
[3151]
[3152]
[3153]
[3154]
[3155]
[3156]
[3157]
[3158]
[3159]
[3160]
[3161]
[3162]
[3163]
[3164]
[3165]
[3166]
[3167]
[3168]
[3169]
[3170]
[3171]
[3172]
[3173]
[3174]
[3175]
[3176]
[3177]
[3178]
[3179]
[3180]
[3181]
[3182]
[3183]
[3184]
[3185]
[3186]
[3187]
[3188]
[3189]
[3190]
[3191]
[3192]
[3193]
[3194]
[3195]
[3196]
[3197]
[3198]
[3199]
[3200]
[3201]
[3202]
[3203]
[3204]
[3205]
[3206]
[3207]
[3208]
[3209]
[3210]
[3211]
[3212]
[3213]
[3214]
[3215]
[3216]
[3217]
[3218]
[3219]
[3220]
[3221]
[3222]
[3223]
[3224]
[3225]
[3226]
[3227]
[3228]
[3229]
[3230]
[3231]
[3232]
[3233]
[3234]
[3235]
[3236]
[3237]
[3238]
[3239]
[3240]
[3241]
[3242]
[3243]
[3244]
[3245]
[3246]
[3247]
[3248]
[3249]
[3250]
[3251]
[3252]
[3253]
[3254]
[3255]
[3256]
[3257]
[3258]
[3259]
[3260]
[3261]
[3262]
[3263]
[3264]
[3265]
[3266]
[3267]
[3268]
[3269]
[3270]
[3271]
[3272]
[3273]
[3274]
[3275]
[3276]
[3277]
[3278]
[3279]
[3280]
[3281]
[3282]
[3283]
[3284]
[3285]
[3286]
[3287]
[3288]
[3289]
[3290]
[3291]
[3292]
[3293]
[3294]
[3295]
[3296]
[3297]
[3298]
[3299]
[3300]
[3301]
[3302]
[3303]
[3304]
[3305]
[3306]
[3307]
[3308]
[3309]
[3310]
[3311]
[3312]
[3313]
[3314]
[3315]
[3316]
[3317]
[3318]
[3319]
[3320]
[3321]
[3322]
[3323]
[3324]
[3325]
[3326]
[3327]
[3328]
[3329]
[3330]
[3331]
[3332]
[3333]
[3334]
[3335]
[3336]
[3337]
[3338]
[3339]
[3340]
[3341]
[3342]
[3343]
[3344]
[3345]
[3346]
[3347]
[3348]
[3349]
[3350]
[3351]
[3352]
[3353]
[3354]
[3355]
[3356]
[3357]
[3358]
[3359]
[3360]
[3361]
[3362]
[3363]
[3364]
[3365]
[3366]
[3367]
[3368]
[3369]
[3370]
[3371]
[3372]
[3373]
[3374]
[3375]
[3376]
[3377]
[3378]
[3379]
[3380]
[3381]
[3382]
[3383]
[3384]
[3385]
[3386]
[3387]
[3388]
[3389]
[3390]
[3391]
[3392]
[3393]
[3394]
[3395]
[3396]
[3397]
[3398]
[3399]
[3400]
[3401]
[3402]
[3403]
[3404]
[3405]
[3406]
[3407]
[3408]
[3409]
[3410]
[3411]
[3412]
[3413]
[3414]
[3415]
[3416]
[3417]
[3418]
[3419]
[3420]
[3421]
[3422]
[3423]
[3424]
[3425]
[3426]
[3427]
[3428]
[3429]
[3430]
[3431]
[3432]
[3433]
[3434]
[3435]
[3436]
[3437]
[3438]
[3439]
[3440]
[3441]
[3442]
[3443]
[3444]
[3445]
[3446]
[3447]
[3448]
[3449]
[3450]
[3451]
[3452]
[3453]
[3454]
[3455]
[3456]
[3457]
[3458]
[3459]
[3460]
[3461]
[3462]
[3463]
[3464]
[3465]
[3466]
[3467]
/*****************************************************************************/
/*
Proxy.c
*************
** CAUTION **
*************
THIS MODULE IS TASK-ORIENTED, NOT REQUEST-ORIENTED.
That is, most of the functions take a pointer to proxy task rather than a
pointer to request as do other modules. The reason is simple. Many of these
functions are designed for use independently of a request.
All errors related to connecting to, requesting from, and processing the
response from the proxied server are reported as 502s (gateway failures). Any
errors such as buffer overflows, etc., are reported as 500 (internal problems).
NON-PROXY REDIRECTION
---------------------
WASD provides for redirection from non-proxy to proxy request, allowing a type
of gatewaying between http: and https:, ftp: and ftp:, https: and http:, etc.
Warning: THIS REEKS OF BEING KLUDGY. Although the redirection is implemented
in RequestRedirect() in REQUEST.C module RequestRedirect() function it is
described in greater detail here because it is wholly dependent on proxying
functionality.
Note that there are many combinations of mappings and services that could be
used to provide gatewaying between protocols. What follows here are the
special case and some suggestions. There are many other ways to organise these
capabilities.
Note that the proxy services must support the type of proxy request being
demanded of it (i.e. http:, https: and/or ftp:).
1. Simple in-line URL ("one-shot" proxy)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is when a request to a proxy service contains, *not* a proxy format
GET http://the.host.name:port/path HTTP/1.0
but a standard format request, with the URL containing another "full" URL,
GET /http://the.host.name:port/path HTTP/1.0
because the 'user' entered
http://the.proxy.service:8080/http://the.host.name:port/path
into the browser location field. This known with WASD as a "one-shot" proxy
because the server will retrieve it but the anything other than a self-relative
link within any HTML document will not be correct.
The configuration requirements for this type of proxy are fairly simple.
[[the.proxy.service:port]]
pass /http://* http://*
pass /https://* https://*
pass /ftp://* ftp://*
2. Wildcard DNS (CNAME) record
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This relies on being able to manipulate host records in the DNS or local name
resolution database. If a "*.the.proxy.host" DNS (CNAME) record is resolved it
allows any host name ending in ".the.proxy.host" to resolve to the
corresponding IP address. Similarly (at least the Compaq TCP/IP Services)
local host database allows an alias like "another.host.name.proxy.host.name"
for the proxy host name. Both of these would allow a browser to access
"another.host.name.proxy.host.name" with it resolved to the proxy service. The
request "Host:" field would contain "another.host.name.proxy.host.name".
Using this approach a complete proxy may be implemented, where returned HTML
documents contain links that are always correct with reference to the host used
to request them. For a wildcard DNS (CNAME) record the browser user may enter
any host name appended by the proxy service host name and port and have the
request proxied to the host name. Entering the following URL into the browser
location field,
http://the.host.name.the.proxy.service:8080/path
would result in a standard HTTP proxy request for "/path" being made to
"the.host.name:80". The URL,
https://the.host.name.the.proxy.service:8080/path
in an SSL proxy request. Note that normally the well-known port would be used
to connect to (80 for http: and 443 for https:). If the final,
period-separated component of the wildcard host name is all digits it is
interpreted as a specific port to connect to. The example
http://the.host.name.8001.the.proxy.service:8080/path
would connect to "the.host.name:8001", and
https://the.host.name.8443.the.proxy.service:8080/path
to "the.host.name:8443".
A further special case may be developed where part of that host name may be
used to indicate the proxy gateway desired.
The REDIRECT mapping rule allows for the following configuration being
specially processed. The following example shows a complex but powerful
arrangement where the host name used provides an indication of the type of
gatewaying required to be performed.
[[the.proxy.service:port]]
if (host:*.ftp.the.proxy.service:*)
redirect * /ftp://ftp.the.proxy.service/*?
elif (host:*.https.the.proxy.service:*)
redirect * /https://https.the.proxy.service/*?
elif (host:*.http.the.proxy.service:*)
redirect * /http://http.the.proxy.service/*?
elif (host:*.the.proxy.service:*)
# fallback to HTTP if no other specified
redirect * /http://the.proxy.service/*?
else
pass https://* https://*
pass http://* http://*
pass ftp://* ftp://*
endif
In this case a user may specify to connect via HTTP but gateway to an
HTTP-over-SSL service using a request such as
http://the.host.name.https.the.proxy.service:8080/path
where a proxy request will effectively be made to
https://the.host.name:443/path
All digit components may still be used to indicate specific ports to be
connected to, as in this example
http://the.host.name.7443.https.the.proxy.service:8080/path
where the proxy request would effectively be made to
https://the.host.name:7443/path
Notice that the example configuration allows for gatewayed HTTP, HTTP-over-SSL
and FTP based on the original host name used for the request and the consequent
contents of the "Host:" request field (which is adjusted to reflect the changed
host contents during the gatewaying). Note also that is a script author is
going to use the mechansim for 'protocol conversion' then the script needs to
provide an appropriate "Host:" request header field.
CLIENT TO ORIGIN SERVER AFFINITY
--------------------------------
Courtesy Jean-Pierre Petit (jpp@esme.fr)
High performance/highly available proxy server configurations require more than
one instance configured and running. Whether this is done by running multiple
instances on the same host or one instance on multiple hosts, it leads to
situations where successive requests will be processed by different instances.
As those instances don't share a common name to IP address cache, they will
eventually use different IP addresses when trying to connect to an origin
server running on multiple hosts.
This may results in the following, user visible, issues:
* multiple requests for authentication (one from each origin host)
* loss of icons, images, javascripts, CSS because requests for these files,
although they return a 401 status, will not trigger a browser authentication
dialog
* loss of context and performance issues where scripts/environments need to
be started on a new host (php, python, webware,...)
For these reasons, the proxy server will make every effort to relay successive
requests from a given client to the same origin host as long as this one is
available (built-in failover capability will ultimately trigger the choice of a
new host). This is known as client to origin affinity or proxy affinity
capability.
After the first successful connection to an origin host, the proxy server will
send a cookie indicating the IP address used to the client browser. Upon
subsequent requests, this cookie will be used to select the same host. The
cookie is named WasdProxyAffinity_the.origin.server and his value is simply the
IP address. This behaviour can be WATCHed by checking the "Proxy Processing"
box.
WEBSOCKET PROXY
---------------
This is a second guess because the RFC specifies that CONNECT should be used to
establish a connection to the WebSocket host. However the WASD proxy facility
does recognise a WebSocket upgrade request in a standard proxied GET and will
recognise an upgrade response from the proxied server and set up a WASD tunnel
between client and proxied server.
VERSION HISTORY
---------------
14-MAR-2021 MGD proxy caching obsolete
14-AUG-2020 MGD bugfix; ProxyEnd() fix NetIoEnd() fix
20-JUL-2020 MGD bugfix; ProxyEnd() free ioptr using NetIoEnd()
19-JAN-2020 MGD more proxy persistent connection (per JPP)
23-APR-2018 MGD ProxyRequestRebuild() proxy-authorization opaque:
12-DEC-2017 MGD ProxyRequestRebuild() refine rebuild memory allocation
18-MAR-2017 MGD ProxyRequestRebuild() replace the "Host:" header
07-MAR-2017 MGD ProxyRequestRebuild() implement proxy=header=<name>[=<string>]
15-APR-2016 JPP bugfix; ProxyRequestBegin() task connection persistence
10-JAN-2016 MGD rework request processing due to dictionary
11-AUG-2015 MGD restructure of network I/O abstractions
19-JAN-2015 JPP ProxyResponseRebuild() and ProxyRequestRebuild() provide
timeout=n parameter with Keep-Alive: header field (some
origin servers hang when no parameters supplied)
06-NOV-2014 MGD ProxyInit() unescaped "!" in FaoToStdout() (thanks Tony)
09-JUN-2014 MGD accounting for network blocks
18-NOV-2013 JMB bugfix; no $QIO buffer should exceed 65535!
20-APR-2013 MGD bugfix; ProxyResponseRebuild() call ProxyRebuildLocation()
can return a pointer to the original location!
18-MAR-2013 MGD ProxyResponseRebuild() additional header length bumped
from an ambit 256 to an ambit 1024 (Uni Malaga :-)
08-JUN-2012 JPP set ProxyReadBufferSize to 64k
05-FEB-2012 MGD proxy WebSocket upgrade requests as raw tunnels
31-AUG-2010 MGD ProxyRequestParse() allow for IPv6 addressed hosts
e.g. http://[fe80::200:f8ff:fe75:c062%eth0]:6680/
24-AUG-2010 MGD ProxyResponseRebuild() generate "Proxy-Authorization:"
header for [ServiceProxyChainCred] and proxy=chain=cred=
20-JAN-2010 JPP ProxyResponseRebuild() "accept" && !"accept-encoding"
20-SEP-2008 MGD bugfix; ProxyResponseRebuild() proxy->client compression
chunk only for HTTP/1.1 responses and connection
persistence header fields reflect non-chunked GZIP stream
23-OCT-2007 MGD ProxyRequestRebuild() allow "Proxy-Authorization:" header
only if configured for REMOTE proxy authentication
02-JUN-2007 MGD WebDAV requirements
04-MAY-2007 MGD ProxyRequestBegin() restrict HTTP methods for FTP scheme
ProxyResponseRebuild() make request HTTP version a
consideration before chunking proxy->client (with JPP)
10-JAN-2007 MGD bugfix; ProxyRequestRebuild() proxy verify
"Authorization:" request header field carriage-control
21-APR-2006 JPP add support for sending proxy generated cookies in
ProxyResponseRebuild() (to support proxy affinity)
12-APR-2006 MGD ProxyEnd() minor rework
10-SEP-2005 JPP implement proxy=reverse=[no]auth
14-JUL-2005 MGD detect and absorb a "Public:" response header field
(present in RFC2068 but obsoleted in RFC2116)
03-MAY-2005 MGD "Cache-Control: max-age=0" applied only to proxy cache
16-MAR-2005 JPP allow client-side GZIPing of proxied responses
20-JAN-2005 MGD bugfix; ProxyReadResponseAst() if required, chunking needs
to be performed after header as well as body processing
05-JAN-2005 MGD ProxyRequestBegin() remove explicit disable of
POST & PUT connection persistence
18-NOV-2004 MGD ensure (persistent) HEAD responses do not wait for a body,
allow for a server sending more body than in content-length
14-NOV-2004 MGD remove suppression of "Accept-Encoding:" request header,
detect "Content-Encoding:" responses (to suppress caching)
26-OCT-2004 MGD bugfix; ProxyEnd() check for outstanding client SSL I/O
30-AUG-2004 MGD increased HTTP/1.1 compliance,
now supports independent client->proxy and proxy-origin
connection persistence,
significant revision to cache file management
10-AUG-2004 MGD some functionality moved to ProxyTunnel.c
30-APR-2004 MGD significant changes to eliminate RMS from cache file read
by using ACP/QIOs (saves a few cycles and a little latency,
continue to use the RMS abstraction for handling the greater
complexity of file creation and population).
10-APR-2004 MGD significant modifications to support IPv6,
use generic name-to-address resolution function
20-NOV-2003 MGD reverse proxy 302 "Location:" rewrite,
reverse proxy authorization verification
28-OCT-2003 MGD bugfix; chained proxy CONNECT processing
bugfix; keep track of outstanding body reads
19-SEP-2003 MGD bugfix; ProxyRequestRebuild() rebuild buffer space
21-AUG-2003 MGD "Range:" header field
25-MAY-2003 MGD improve efficiency of ProxyRequestRebuild(),
un-recognised/known request fields,
remove explicit setting 'rqBody.DataStatus = SS$_ENDOFFILE'
02-APR-2003 MGD "X-Forwarded-For:" header field,
modify to "Forwarded: by" processing
15-MAY-2002 MGD proxy gateway statistics
30-APR-2002 MGD "Cache-Control:" field for Mozilla compatibility
17-MAR-2002 MGD ParseRequest() allow for incomplete FTP URLs
02-FEB-2002 MGD rework for request body processing changes
22-JAN-2002 MGD ProxyNetHostConnectAst() invalidate host cache entry
if connection fails (jpp@esme.fr),
ProxyRequestParse() ignore leading '/' allowing "one-shot"
proxying using a standard request
04-JAN-2002 MGD proxy HTTP-to-SSL gateway
14-OCT-2001 MGD outgoing sockets may be bound to a specific IP address
04-AUG-2001 MGD support module WATCHing
27-APR-2001 MGD requirement for ProxyResolveHostCacheTimer() has been
eliminated with HttpTick() and 'HttpdTickSecond'
03-SEP-2000 MGD bugfix; ProxyResolveHostLookup() can be called multiple
during host name resolution - only allocate channel once!!
bugfix; ProxyResolveHostLookup() hash collision list
04-JUL-2000 MGD bugfix; ProxyEnd() for CONNECT (proxy SSL)
11-JUN-2000 MGD refine numeric host detection,
ProxyRequestRebuild() now dynamically allocates a rebuild
buffer based on 'NetReadBufferSize'
01-JUN-2000 MGD bugfix; use 'rqHeader.RequestUriPtr' as '->RequestUriPtr'
(non-URL-decoded path plus query string)
29-APR-2000 MGD proxy authorization
04-MAR-2000 MGD use FaolToNet(), et.al.
04-DEC-1999 MGD default host name cache purge now 24 hours
11-NOV-1999 MGD provide "ETag:" propagation
25-OCT-1999 MGD remove NETLIB support
10-OCT-1999 MGD just sys$dassn() the socket
26-JUN-1999 MGD bugfix; ProxyEnd() call in ProxyReadResponseAst(),
bugfix; header pointer in ProxyHttp09ResponseHeader(),
always initialize cache parameters (even if not enabled),
revised request run down ProxyShutdownSocket()
19-AUG-1998 MGD initial development (recommenced DEC 1998)
*/
/*****************************************************************************/
#ifdef WASD_VMS_V7
#undef _VMS__V6__SOURCE
#define _VMS__V6__SOURCE
#undef __VMS_VER
#define __VMS_VER 70000000
#undef __CRTL_VER
#define __CRTL_VER 70000000
#endif
/* standard C header files */
#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
/* VMS related header files */
#include <descrip.h>
#include <dvidef.h>
#include <iodef.h>
#include <psldef.h>
#include <ssdef.h>
#include <stsdef.h>
/* application-related header files */
#include "wasd.h"
#define WASD_MODULE "PROXY"
/******************/
/* global storage */
/******************/
int ProxyReadBufferSize = 65535;
BOOL ProxyServingEnabled,
ProxyUnknownRequestFields;
int ProxyConnectPersistMax,
ProxyConnectPersistSeconds,
ProxyConnectTimeoutSeconds,
ProxyForwardedBy,
ProxyHostLookupRetryCount,
ProxyXForwardedFor;
PROXY_ACCOUNTING_STRUCT *ProxyAccountingPtr;
/********************/
/* external storage */
/********************/
extern int ToLowerCase[],
ToUpperCase[];
extern int64 HttpdTime64;
extern BOOL GzipResponse;
extern char ErrorSanityCheck[],
ServerHostPort[],
SoftwareID[];
extern ACCOUNTING_STRUCT *AccountingPtr;
extern CONFIG_STRUCT Config;
extern MSG_STRUCT Msgs;
extern LIST_HEAD ServiceList;
extern WATCH_STRUCT Watch;
/****************************************************************************/
/*
*/
ProxyInit ()
{
char *cptr;
SERVICE_STRUCT *svptr, *tsvptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_PROXY))
WatchThis (WATCHALL, WATCH_MOD_PROXY, "ProxyInit()");
ProxyForwardedBy = ProxyXForwardedFor = 0;
ProxyServingEnabled = false;
/* copy the configuration parameters, ensuring they're reasonable */
ProxyHostLookupRetryCount = Config.cfProxy.HostLookupRetryCount;
if (!ProxyHostLookupRetryCount)
ProxyHostLookupRetryCount = Config.cfMisc.DnsLookupRetryCount;
if (!ProxyHostLookupRetryCount)
ProxyHostLookupRetryCount = TCPIP_LOOKUP_RETRY_COUNT;
if (ProxyHostLookupRetryCount < 0 || ProxyHostLookupRetryCount > 100)
ProxyHostLookupRetryCount = 0;
/* just some information about the proxy services */
LIST_ITERATE (svptr, &ServiceList)
{
if (!svptr->ProxyService) continue;
if (svptr->ProxyChainHostName[0])
FaoToStdout ("%HTTPD-I-PROXY, !AZ chains to !AZ\n",
svptr->ServerHostPort, svptr->ProxyChainHostPort);
if (svptr->ProxyService)
{
FaoToStdout ("%HTTPD-I-PROXY, HTTP service !AZ",
svptr->ServerHostPort);
if (svptr->ProxyAuthRequired)
fprintf (stdout, " (auth)");
fputs ("\n", stdout);
}
}
if (ProxyServiceCount())
{
/* initialize the proxy file cache (at least parameters) */
if (Config.cfProxy.ServingEnabled)
{
ProxyServingEnabled = true;
FaoToStdout ("%HTTPD-I-PROXY, processing enabled\n");
}
else
FaoToStdout ("%HTTPD-W-PROXY, \
disabled in configuration, services not enabled!!\n");
}
ProxyForwardedBy = Config.cfProxy.ForwardedBy;
ProxyXForwardedFor = Config.cfProxy.XForwardedFor;
ProxyUnknownRequestFields = Config.cfProxy.UnknownRequestFields;
ProxyConnectPersistMax = Config.cfProxy.ConnectPersistMax;
ProxyConnectPersistSeconds = Config.cfProxy.ConnectPersistSeconds;
ProxyConnectTimeoutSeconds = Config.cfProxy.ConnectTimeoutSeconds;
InstanceMutexLock (INSTANCE_MUTEX_HTTPD);
ProxyAccountingPtr->ServingEnabled = ProxyServingEnabled;
ProxyAccountingPtr->TunnelCurrent = 0;
InstanceMutexUnLock (INSTANCE_MUTEX_HTTPD);
ProxyNetInit ();
ProxyVerifyInit ();
}
/*****************************************************************************/
/*
Return the number of proxy-capable services in the global list.
*/
int ProxyServiceCount ()
{
int count;
SERVICE_STRUCT *svptr;
/*********/
/* begin */
/*********/
count = 0;
LIST_ITERATE (svptr, &ServiceList)
if (svptr->ProxyService) count++;
return (count);
}
/****************************************************************************/
/*
************
*** NOTE *** This function takes a pointer to a request!!!
************
*/
ProxyRequestBegin (REQUEST_STRUCT *rqptr)
{
int status;
char *cptr, *sptr, *zptr;
PROXY_TASK *tkptr;
DICT_ENTRY_STRUCT *denptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_MOD_PROXY, "ProxyRequestBegin()");
if (!ProxyServingEnabled)
{
rqptr->rqResponse.HttpStatus = 503;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_DISABLED), FI_LI);
RequestEnd (rqptr);
return;
}
if (HTTP2_REQUEST(rqptr))
{
rqptr->rqResponse.HttpStatus = 400;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_NONE_CONFIGURED), FI_LI);
RequestEnd (rqptr);
return;
}
if (rqptr->rqHeader.Method == HTTP_METHOD_CONNECT ||
rqptr->rqHeader.Method == HTTP_METHOD_SHARE_SSH)
{
if (!rqptr->ServicePtr->ProxyTunnel)
{
rqptr->rqResponse.HttpStatus = 403;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_NOT_CONNECT), FI_LI);
RequestEnd (rqptr);
return;
}
}
else
{
if (!rqptr->ServicePtr->ProxyService)
{
rqptr->rqResponse.HttpStatus = 403;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_NOT_SERVICE), FI_LI);
RequestEnd (rqptr);
return;
}
}
if (!rqptr->AccountingDone++)
InstanceGblSecIncrLong (&AccountingPtr->DoProxyCount);
if (denptr = DictLookup (rqptr->rqDictPtr, DICT_TYPE_REQUEST,
"proxy-connection", 16))
{
cptr = DICT_GET_VALUE(denptr);
while (*cptr)
{
while (*cptr && ISLWS(*cptr)) cptr++;
if (strsame (cptr, "close", 5))
{
rqptr->rqHeader.ProxyConnectionClose = true;
cptr += 5;
}
else
if (strsame (cptr, "keep-alive", 10))
{
rqptr->rqHeader.ProxyConnectionKeepAlive = true;
cptr += 10;
}
while (*cptr && !ISLWS(*cptr) && *cptr != ',') cptr++;
while (*cptr && (ISLWS(*cptr) || *cptr == ',')) cptr++;
}
if (WATCHMOD (rqptr, WATCH_MOD_REQUEST))
WatchDataFormatted ("close:!&B keep-alive:!&B\n",
rqptr->rqHeader.ProxyConnectionClose,
rqptr->rqHeader.ProxyConnectionKeepAlive);
}
/* set up the task structure (only ever one per request!) */
rqptr->ProxyTaskPtr = tkptr = VmGetHeap (rqptr, sizeof(PROXY_TASK));
/* populate fundamental task fields */
tkptr->RequestPtr = rqptr;
tkptr->ServicePtr = rqptr->ServicePtr;
tkptr->WatchItem = rqptr->WatchItem;
tkptr->NetIoPtr = NetIoProxyBegin();
tkptr->NetIoPtr->WatchItem = tkptr->WatchItem;
NetIoQioMaxSeg (tkptr->NetIoPtr);
/* copy the request method number and HTTP version number */
tkptr->HttpMethod = rqptr->rqHeader.Method;
tkptr->RequestHttpVersion = rqptr->rqHeader.HttpVersion;
tkptr->PersistentRequest = true;
if (rqptr->rqHeader.Method != HTTP_METHOD_GET &&
rqptr->rqHeader.Method != HTTP_METHOD_HEAD &&
rqptr->rqHeader.Method != HTTP_METHOD_POST &&
rqptr->rqHeader.Method != HTTP_METHOD_PUT)
rqptr->PersistentRequest = tkptr->PersistentRequest = false;
else
if (rqptr->PersistentRequest ||
(rqptr->rqHeader.ProxyConnectionKeepAlive &&
!rqptr->rqHeader.ProxyConnectionClose))
tkptr->PersistentRequest = true;
else
tkptr->PersistentRequest = false;
/* if there is a specific proxy IP address to bind to */
if (IPADDRESS_IS_SET (&rqptr->rqPathSet.ProxyBindIpAddress))
IPADDRESS_COPY (&tkptr->BindIpAddress,
&rqptr->rqPathSet.ProxyBindIpAddress)
if (IPADDRESS_IS_SET (&rqptr->rqPathSet.ProxyChainIpAddress))
{
/* a chain has been set by mapping rule, overrides any service */
IPADDRESS_COPY (&tkptr->ChainIpAddress,
&rqptr->rqPathSet.ProxyChainIpAddress)
tkptr->ChainIpPort = rqptr->rqPathSet.ProxyChainPort;
tkptr->ChainHostPortPtr = tkptr->ChainHostPort;
/* a local copy is needed because of the volatility of request heap */
zptr = (sptr = tkptr->ChainHostPort) + sizeof(tkptr->ChainHostPort)-1;
for (cptr = rqptr->rqPathSet.ProxyChainHostPortPtr;
*cptr && sptr < zptr;
*sptr++ = *cptr++);
*sptr = '\0';
}
else
if (IPADDRESS_IS_SET (&tkptr->ServicePtr->ProxyChainIpAddress))
{
/* chaining to the next proxy server in a cascade */
IPADDRESS_COPY (&tkptr->ChainIpAddress,
&tkptr->ServicePtr->ProxyChainIpAddress)
tkptr->ChainIpPort = tkptr->ServicePtr->ProxyChainPort;
tkptr->ChainHostPortPtr = tkptr->ServicePtr->ProxyChainHostPort;
}
/* allocate a buffer used for creating the MD5 digest, network I/O, etc. */
if (!tkptr->ResponseBufferPtr)
{
tkptr->ResponseBufferPtr = tkptr->ResponseBufferCurrentPtr =
VmGetHeap (rqptr, ProxyReadBufferSize);
tkptr->ResponseBufferSize = tkptr->ResponseBufferRemaining =
ProxyReadBufferSize;
}
/* set the lookup retry count to default if necessary */
if (!tkptr->ProxyLookupRetryCount)
tkptr->ProxyLookupRetryCount = ProxyHostLookupRetryCount;
/* a little accounting */
switch (tkptr->HttpMethod)
{
case HTTP_METHOD_CONNECT :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodConnectCount);
break;
case HTTP_METHOD_DELETE :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodDeleteCount);
break;
case HTTP_METHOD_EXTENSION :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodExtensionCount);
break;
case HTTP_METHOD_GET :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodGetCount);
break;
case HTTP_METHOD_HEAD :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodHeadCount);
break;
case HTTP_METHOD_OPTIONS :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodOptionsCount);
break;
case HTTP_METHOD_POST :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodPostCount);
break;
case HTTP_METHOD_PUT :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodPutCount);
break;
case HTTP_METHOD_TRACE :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodTraceCount);
break;
case HTTP_METHOD_WEBDAV_COPY:
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodWebDavCopyCount);
break;
case HTTP_METHOD_WEBDAV_LOCK :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodWebDavLockCount);
break;
case HTTP_METHOD_WEBDAV_MKCOL :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodWebDavMkColCount);
break;
case HTTP_METHOD_WEBDAV_MOVE :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodWebDavMoveCount);
break;
case HTTP_METHOD_WEBDAV_PROPFIND :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodWebDavPropFindCount);
break;
case HTTP_METHOD_WEBDAV_PROPPATCH :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodWebDavPropPatchCount);
break;
case HTTP_METHOD_WEBDAV_UNLOCK :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodWebDavUnLockCount);
break;
case HTTP_METHOD_SHARE_SSH :
InstanceGblSecIncrLong (&ProxyAccountingPtr->MethodSshCount);
break;
default :
ErrorExitVmsStatus (SS$_BUGCHECK, ErrorSanityCheck, FI_LI);
}
if (rqptr->rqHeader.Method == HTTP_METHOD_CONNECT ||
rqptr->rqHeader.Method == HTTP_METHOD_SHARE_SSH)
{
/**************/
/* tunnelling */
/**************/
/* these definitely do not persist! */
rqptr->PersistentRequest = false;
if (tkptr->ProxyTunnel == PROXY_TUNNEL_HTTPS)
{
if (!tkptr->ServicePtr->SSLclientEnabled)
{
if (WATCHING (rqptr, WATCH_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_PROXY,
"CLIENT SSL not configured");
rqptr->rqResponse.HttpStatus = 503;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_GATEWAY), FI_LI);
ProxyEnd (tkptr);
return;
}
}
if (VMSnok (status = ProxyTunnelRequestParse (rqptr)))
{
RequestEnd (rqptr);
return;
}
ProxyNetResolveHost (tkptr);
return;
}
/***************************/
/* GET, POST, etc. methods */
/***************************/
/* get the method, host (and port), path and query string */
if (VMSnok (status = ProxyRequestParse (rqptr)))
{
RequestEnd (rqptr);
return;
}
if (WATCHING (tkptr, WATCH_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_PROXY,
"!AZ !AZ!AZ", tkptr->RequestHttpMethodNamePtr,
tkptr->RequestHostPort, tkptr->RequestUriPtr);
if (tkptr->RequestScheme == PROXY_SCHEME_FTP)
{
/*************/
/* proxy FTP */
/*************/
/* ensure only meaningful methods are used against an FTP service */
switch (tkptr->HttpMethod)
{
case HTTP_METHOD_GET :
case HTTP_METHOD_HEAD :
case HTTP_METHOD_POST :
case HTTP_METHOD_PUT :
break;
default:
rqptr->rqResponse.HttpStatus = 405;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_HTTP_405), FI_LI);
RequestEnd (rqptr);
return;
}
/* get (any requested) authentication before we do too much else */
if (*(cptr = rqptr->rqHeader.QueryStringPtr))
{
if (ProxyFtpInQueryString (cptr, "login"))
{
if (rqptr->rqHeader.AuthorizationPtr)
{
/* our authorization source is "local" not proxy */
rqptr->rqAuth.RequestAuthorizationPtr =
rqptr->rqHeader.AuthorizationPtr;
BasicAuthorization (rqptr);
}
if (!rqptr->RemoteUser[0] ||
!rqptr->RemoteUserPassword[0])
{
rqptr->rqResponse.HttpStatus = 401;
rqptr->rqAuth.RealmDescrPtr =
MsgFor(rqptr,MSG_PROXY_FTP_SERVER);
ErrorGeneral (rqptr,
MsgFor(rqptr,MSG_PROXY_FTP_USERNAME_PWD), FI_LI);
RequestEnd (rqptr);
return;
}
}
if (ProxyFtpInQueryString (cptr, "upload"))
{
ProxyFtpStoreForm (rqptr);
RequestEnd (rqptr);
return;
}
}
}
ProxyNetResolveHost (tkptr);
}
/****************************************************************************/
/*
************
*** NOTE *** This function takes a pointer to a request!!!
************
Parse the various components from the proxy request.
*/
int ProxyRequestParse (REQUEST_STRUCT *rqptr)
{
#define paptr ProxyAccountingPtr
int Length;
char *cptr, *sptr, *zptr;
PROXY_TASK *tkptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_MOD_PROXY,
"ProxyRequestParse() !&Z", rqptr->MappedPathPtr);
/* get a local pointer to the proxy task structure */
tkptr = rqptr->ProxyTaskPtr;
cptr = rqptr->rqHeader.RequestUriPtr;
zptr = (sptr = tkptr->RequestSchemeName) +
sizeof(tkptr->RequestSchemeName)-1;
/* this allows a proxy service to be used non-proxy (if mapped) */
if (*cptr == '/') cptr++;
while (*cptr && *cptr != ':' && sptr < zptr) *sptr++ = *cptr++;
if (*cptr && sptr < zptr) *sptr++ = *cptr++;
if (sptr >= zptr)
{
InstanceGblSecIncrLong (&AccountingPtr->RequestErrorCount);
rqptr->rqResponse.HttpStatus = 502;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_REQUEST_FORMAT), FI_LI);
return (STS$K_ERROR);
}
*sptr = '\0';
if (WATCHMOD (rqptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_MOD_PROXY,
"!&Z", tkptr->RequestSchemeName);
if (tkptr->HttpMethod == HTTP_METHOD_CONNECT)
tkptr->RequestScheme = PROXY_SCHEME_CONNECT;
else
if (strsame (tkptr->RequestSchemeName, "http:", -1))
{
tkptr->RequestScheme = PROXY_SCHEME_HTTP;
/* [http=0,https=1][http=0,https=1,ftp=2] */
if (rqptr->ServicePtr->RequestScheme == SCHEME_HTTP)
InstanceGblSecIncrLong (&paptr->GatewaySchemeCount[0][0]);
else
InstanceGblSecIncrLong (&paptr->GatewaySchemeCount[1][0]);
}
else
if (strsame (tkptr->RequestSchemeName, "ftp:", -1))
{
tkptr->RequestScheme = PROXY_SCHEME_FTP;
/* [http=0,https=1][http=0,https=1,ftp=2] */
if (rqptr->ServicePtr->RequestScheme == SCHEME_HTTP)
InstanceGblSecIncrLong (&paptr->GatewaySchemeCount[0][2]);
else
InstanceGblSecIncrLong (&paptr->GatewaySchemeCount[1][2]);
}
else
if (strsame (tkptr->RequestSchemeName, "https:", -1))
{
if (tkptr->ServicePtr->SSLclientEnabled)
{
/* proxy HTTP-to-SSL gateway "one-shot" request */
tkptr->RequestScheme = PROXY_SCHEME_HTTPSSL;
/* [http=0,https=1][http=0,https=1,ftp=2] */
if (rqptr->ServicePtr->RequestScheme == SCHEME_HTTP)
InstanceGblSecIncrLong (&paptr->GatewaySchemeCount[0][1]);
else
InstanceGblSecIncrLong (&paptr->GatewaySchemeCount[1][1]);
}
else
{
if (WATCHING (rqptr, WATCH_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_PROXY,
"CLIENT SSL not configured");
rqptr->rqResponse.HttpStatus = 503;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_GATEWAY), FI_LI);
return (STS$K_ERROR);
}
}
else
tkptr->RequestScheme = 0;
if (!tkptr->RequestScheme)
{
rqptr->rqResponse.HttpStatus = 502;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_REQUEST_SCHEME), FI_LI);
return (STS$K_ERROR);
}
if (*((USHORTPTR)cptr) != '//')
{
InstanceGblSecIncrLong (&AccountingPtr->RequestErrorCount);
rqptr->rqResponse.HttpStatus = 502;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_REQUEST_FORMAT), FI_LI);
return (STS$K_ERROR);
}
cptr += 2;
/*******************************/
/* check for username:password */
/*******************************/
for (sptr = cptr;
*sptr && *sptr != '@' && *sptr != '/' && *sptr != '?';
sptr++);
if (*sptr == '@')
{
/* looks like we found one */
zptr = (sptr = tkptr->UrlUserName) + sizeof(tkptr->UrlUserName)-1;
while (*cptr && *cptr != ':' && *cptr != '@' &&
*cptr != '/' && *cptr != '?' && sptr < zptr)
*sptr++ = *cptr++;
*sptr = '\0';
if (sptr >= zptr) cptr = "";
if (*cptr == ':')
{
cptr++;
zptr = (sptr = tkptr->UrlPassword) + sizeof(tkptr->UrlPassword)-1;
while (*cptr && *cptr != '@' && *cptr != '/' &&
*cptr != '?' && sptr < zptr)
*sptr++ = *cptr++;
*sptr = '\0';
if (sptr >= zptr) cptr = "";
}
if (*cptr != '@')
{
InstanceGblSecIncrLong (&AccountingPtr->RequestErrorCount);
rqptr->rqResponse.HttpStatus = 502;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_REQUEST_FORMAT), FI_LI);
return (STS$K_ERROR);
}
cptr++;
}
/*************************/
/* get server host name */
/*************************/
zptr = (sptr = tkptr->RequestHostName) + sizeof(tkptr->RequestHostName)-1;
if (*cptr == '[')
{
/* square bracket delimited IPv6 address (de facto?) */
cptr++;
while (*cptr && *cptr != ']' && *cptr != '%' && sptr < zptr)
*sptr++ = *cptr++;
if (*cptr == '%')
{
/* e.g. http://[fe80::200:f8ff:fe75:c062%eth0]:6680 */
while (*cptr && *cptr != ']') cptr++;
}
if (*cptr) cptr++;
}
else
while (*cptr && *cptr != ':' && *cptr != '/' &&
*cptr != '?' && sptr < zptr) *sptr++ = *cptr++;
*sptr = '\0';
if (sptr >= zptr) cptr = "";
if (*cptr && *cptr != ':' && *cptr != '/' && *cptr != '?')
{
InstanceGblSecIncrLong (&AccountingPtr->RequestErrorCount);
rqptr->rqResponse.HttpStatus = 502;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_REQUEST_FORMAT), FI_LI);
return (STS$K_ERROR);
}
if (WATCHMOD (rqptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_MOD_PROXY,
"!&Z", tkptr->RequestHostName);
/******************************/
/* get (optional) server port */
/******************************/
if (*cptr == ':')
{
cptr++;
if (isdigit(*cptr))
{
zptr = (sptr = tkptr->RequestPortString) +
sizeof(tkptr->RequestPortString)-1;
while (*cptr && isdigit(*cptr) && sptr < zptr) *sptr++ = *cptr++;
if (sptr >= zptr)
{
InstanceGblSecIncrLong (&AccountingPtr->RequestErrorCount);
rqptr->rqResponse.HttpStatus = 502;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_REQUEST_FORMAT), FI_LI);
return (STS$K_ERROR);
}
*sptr = '\0';
tkptr->RequestPort = atol (tkptr->RequestPortString);
}
}
if (!tkptr->RequestPort)
{
if (tkptr->RequestScheme == PROXY_SCHEME_HTTP)
{
tkptr->RequestPort = 80;
SET4(tkptr->RequestPortString,'80\0\0');
}
else
if (tkptr->RequestScheme == PROXY_SCHEME_FTP)
{
tkptr->RequestPort = 21;
SET4(tkptr->RequestPortString,'21\0\0');
}
else
if (tkptr->RequestScheme == PROXY_SCHEME_HTTPSSL)
{
tkptr->RequestPort = 443;
SET4(tkptr->RequestPortString,'443\0');
}
}
if (WATCHMOD (rqptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_MOD_PROXY,
"!UL !&Z", tkptr->RequestPort, tkptr->RequestPortString);
/***************************************/
/* get request URI and if query string */
/***************************************/
if (*cptr == '/')
tkptr->RequestUriPtr = cptr;
else
if (tkptr->RequestScheme == PROXY_SCHEME_FTP)
{
/* no trailing slash after host[:port], redirect to add one */
sptr = ResponseLocation (rqptr, rqptr->rqHeader.RequestUriPtr,
rqptr->rqHeader.RequestUriLength+1);
sptr[rqptr->rqHeader.RequestUriLength] = '/';
return (STS$K_ERROR);
}
else
tkptr->RequestUriPtr = "/";
if (rqptr->rqHeader.QueryStringPtr[0])
{
while (*cptr && *cptr != '?') cptr++;
tkptr->RequestUriQueryStringPtr = cptr;
}
else
tkptr->RequestUriQueryStringPtr = "";
/*******************************/
/* point to any request cookie */
/*******************************/
tkptr->RequestHttpCookiePtr = rqptr->rqHeader.CookiePtr;
/***********************/
/* composite name:port */
/***********************/
/* store host name/port as FIRST ITEM in cache data block */
zptr = (sptr = tkptr->RequestHostPort) + sizeof(tkptr->RequestHostPort);
for (cptr = tkptr->RequestHostName;
*cptr && sptr < zptr;
*sptr++ = *cptr++);
if (sptr < zptr) *sptr++ = ':';
for (cptr = tkptr->RequestPortString;
*cptr && sptr < zptr;
*sptr++ = *cptr++);
if (sptr >= zptr)
{
rqptr->rqResponse.HttpStatus = 500;
ErrorGeneralOverflow (rqptr, FI_LI);
return (STS$K_ERROR);
}
*sptr = '\0';
tkptr->RequestHostPortLength = sptr - tkptr->RequestHostPort;
if (WATCHMOD (rqptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_MOD_PROXY,
"!&Z", tkptr->RequestHostPort);
tkptr->RequestHttpMethod = rqptr->rqHeader.Method;
tkptr->RequestHttpMethodNamePtr = rqptr->rqHeader.MethodName;
return (SS$_NORMAL);
#undef paptr
}
/*****************************************************************************/
/*
If a proxied request is being supplied from cache then end that (basically
close the associated cache file). If supplied via a network transaction and
the socket was created then shut and close the socket. If concurrently writing
a request body to the proxied server then just return after closing the socket.
The body write will receive an error and call this function to close the
request down. Finally deallocate proxy memory and if an associated request
structure end that request.
*/
ProxyEnd (PROXY_TASK *tkptr)
{
#define paptr ProxyAccountingPtr
int status,
StatusCodeGroup;
NETIO_STRUCT *ioptr;
REQUEST_STRUCT *rqptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY, "ProxyEnd()");
ioptr = tkptr->NetIoPtr;
rqptr = tkptr->RequestPtr;
if (ioptr->SesolaPtr &&
!(tkptr->PersistentRequest &&
tkptr->PersistentResponse &&
NETIO_CONNECTED (tkptr->NetIoPtr)))
{
/* proxy Secure Sockets Layer request */
SesolaNetClientShutdown (ioptr->SesolaPtr);
return;
}
if (tkptr->ProxyTunnel)
{
if (NETIO_CONNECTED (rqptr->NetIoPtr)) NetCloseSocket (rqptr);
if (NETIO_CONNECTED (tkptr->NetIoPtr)) ProxyNetCloseSocket (tkptr);
}
/* if outstanding I/O then wait until it concludes */
if (NETIO_IN_PROGRESS (ioptr)) return;
if (NETIO_IN_PROGRESS (rqptr->NetIoPtr)) return;
/********************/
/* proxy accounting */
/********************/
InstanceMutexLock (INSTANCE_MUTEX_HTTPD);
StatusCodeGroup = tkptr->ResponseStatusCode / 100;
if (StatusCodeGroup < 0 || StatusCodeGroup > 5) StatusCodeGroup = 0;
paptr->NetStatusCodeCount[StatusCodeGroup]++;
/* update the stats using the underlying network I/O structure */
paptr->BytesRawRx64 += ioptr->BytesTallyRx64;
paptr->BlocksRawRx64 += ioptr->BlocksTallyRx64;
paptr->BytesRawTx64 += ioptr->BytesTallyTx64;
paptr->BlocksRawTx64 += ioptr->BlocksTallyTx64;
/* reset the intermediate accumulators used to update the stats */
ioptr->BlocksTallyRx64 = ioptr->BlocksTallyTx64 =
ioptr->BytesTallyRx64 = ioptr->BytesTallyTx64 = 0;
if (tkptr->ProxyTunnel)
if (paptr->TunnelCurrent > 0)
paptr->TunnelCurrent--;
InstanceMutexUnLock (INSTANCE_MUTEX_HTTPD);
/****************/
/* task rundown */
/****************/
if (tkptr->VerifyRecordPtr) ProxyVerifyRecordReset (tkptr);
if (tkptr->ResponseStatusCode)
rqptr->rqResponse.HttpStatus = tkptr->ResponseStatusCode;
if (tkptr->ProxyTunnel)
{
rqptr->ProxyTunnelRequest = true;
if (WATCHING (tkptr, WATCH_PROXY))
{
char *cptr;
switch (tkptr->ProxyTunnel)
{
case PROXY_TUNNEL_CONNECT : cptr = "CONNECT"; break;
case PROXY_TUNNEL_HTTP : cptr = "HTTP"; break;
case PROXY_TUNNEL_HTTPS : cptr = "HTTPS"; break;
case PROXY_TUNNEL_RAW :
if (rqptr->rqHeader.UpgradeSocks5Ptr)
cptr = "RAW/SOCKS5";
else
cptr = "RAW";
break;
default : cptr = "?";
}
WatchThis (WATCHITM(tkptr), WATCH_PROXY,
"TUNNEL (!AZ) removed", cptr);
}
}
/* use |tkptr->NetIoPtr| not |ioptr| */
if (tkptr->PersistentRequest &&
tkptr->PersistentResponse &&
NETIO_CONNECTED (tkptr->NetIoPtr))
{
/* try to make the connection persist */
ProxyNetConnectPersist (tkptr);
}
/* use |tkptr->NetIoPtr| not |ioptr| */
if (NETIO_CONNECTED (tkptr->NetIoPtr))
{
/* still have the socket open (obviously couldn't persist) */
if (ioptr->SesolaPtr)
{
SesolaNetClientShutdown (ioptr->SesolaPtr);
return;
}
ProxyNetCloseSocket (tkptr);
NetIoEnd (ioptr);
tkptr->NetIoPtr = NULL;
}
else
if (tkptr->ProxyTunnel)
{
NetIoEnd (ioptr);
tkptr->NetIoPtr = NULL;
}
/* indicate this no longer has an associated proxy task */
rqptr->ProxyTaskPtr = NULL;
/* request heap memory will be freed by request rundown */
RequestEnd (rqptr);
#undef paptr
}
/****************************************************************************/
/*
Called from ProxyNetHostConnectAst() or SesolaNetClientConnect() to rebuild and
then write the request to the proxied server.
*/
ProxyWriteRequest (PROXY_TASK *tkptr)
{
int status;
REQUEST_STRUCT *rqptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY, "ProxyWriteRequest()");
rqptr = tkptr->RequestPtr;
ProxyRequestRebuild (tkptr);
if (WATCHING (tkptr, WATCH_PROXY_REQU_HDR))
{
WatchThis (WATCHITM(tkptr), WATCH_PROXY_REQU_HDR,
"REQUEST HEADER !UL bytes", tkptr->RebuiltRequestLength);
WatchData (tkptr->RebuiltRequestPtr, tkptr->RebuiltRequestLength);
}
ProxyNetWrite (tkptr, &ProxyWriteRequestAst,
tkptr->RebuiltRequestPtr,
tkptr->RebuiltRequestLength);
}
/****************************************************************************/
/*
Called as an AST from ProxyWriteRequest(). The write of the request header to
the remote server has completed. If the is a body to the request (i.e. a POST
or PUT method) then call the function to BEGIN CONCURRENTLY writing that. If
no body check the status of the proxy write. If not successful then report the
error and end the proxy processing. If OK then queue a read from the remote
server to begin to get the response.
*/
ProxyWriteRequestAst (PROXY_TASK *tkptr)
{
int DataLength;
char *cptr, *sptr, *zptr,
*DataPtr;
REQUEST_STRUCT *rqptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"ProxyWriteRequestAst() !&F !&S",
&ProxyWriteRequestAst, tkptr->NetIoPtr->WriteStatus);
rqptr = tkptr->RequestPtr;
if (VMSnok (tkptr->NetIoPtr->WriteStatus))
{
/***********************/
/* write request error */
/***********************/
if (tkptr->NetIoPtr->Channel)
{
/* the socket has not been explicitly closed, so ... */
tkptr->ResponseStatusCode = 502;
if (rqptr)
{
/* a request associated with this proxy task */
rqptr->rqResponse.HttpStatus = 502;
rqptr->rqResponse.ErrorTextPtr = tkptr->RequestHostPort;
ErrorVmsStatus (rqptr, tkptr->NetIoPtr->WriteStatus, FI_LI);
}
}
/* toodleoo */
ProxyEnd (tkptr);
return;
}
/**********************************************************/
/* concurrently send body as well as waiting for response */
/**********************************************************/
if (rqptr->rqHeader.ContentLength64)
{
BodyReadBegin (rqptr, &ProxyWriteRequestBody, NULL);
tkptr->QueuedBodyRead++;
}
/*************************************/
/* begin (wait for) reading response */
/*************************************/
tkptr->ResponseHeaderPtr = tkptr->ResponseBufferCurrentPtr;
tkptr->ResponseBodyLength = 0;
tkptr->ResponseHeaderLength = 0;
tkptr->ResponseConsecutiveNewLineCount = 0;
/* responses can quite legitimately have a content-length of zero */
tkptr->ResponseContentLength = -1;
ProxyNetRead (tkptr, &ProxyReadResponseAst,
tkptr->ResponseBufferCurrentPtr,
tkptr->ResponseBufferRemaining);
}
/*****************************************************************************/
/*
A network read of the request body has completed and BodyReadAst() has called
this function as an AST. Write it to the remote server with a completion AST
to ProxyWriteRequestBodyAst().
*/
ProxyWriteRequestBody (REQUEST_STRUCT *rqptr)
{
int status;
PROXY_TASK *tkptr;
/*********/
/* begin */
/*********/
tkptr = rqptr->ProxyTaskPtr;
if (WATCHMOD (rqptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_MOD_PROXY,
"ProxyWriteRequestBody() !&F !&S !&X !UL",
&ProxyWriteRequestBody,
rqptr->rqBody.DataStatus, rqptr->rqBody.DataPtr,
rqptr->rqBody.DataCount);
if (tkptr->QueuedBodyRead) tkptr->QueuedBodyRead--;
if (rqptr->rqBody.DataStatus == SS$_ENDOFFILE)
{
/****************************/
/* request body is finished */
/****************************/
/* just finish up this concurrent activity */
return;
}
if (VMSnok (rqptr->rqBody.DataStatus))
{
ProxyEnd (tkptr);
return;
}
ProxyNetWrite (tkptr, &ProxyWriteRequestBodyAst,
rqptr->rqBody.DataPtr,
rqptr->rqBody.DataCount);
}
/*****************************************************************************/
/*
A queued write to the remote server has completed.
Get more of the request body.
*/
ProxyWriteRequestBodyAst (PROXY_TASK *tkptr)
{
int status;
REQUEST_STRUCT *rqptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"ProxyWriteRequestBodyAst() !&F !&S",
&ProxyWriteRequestBodyAst, tkptr->NetIoPtr->WriteStatus);
rqptr = tkptr->RequestPtr;
if (VMSnok (tkptr->NetIoPtr->WriteStatus))
{
/* write body error */
if (tkptr->NetIoPtr->Channel)
{
/* only if the remote server has not responded do we report this */
if (!tkptr->ResponseStatusCode)
{
/* the socket has not been deliberately closed */
tkptr->ResponseStatusCode = 502;
if (rqptr)
{
/* a request associated with this proxy task */
rqptr->rqResponse.HttpStatus = 502;
rqptr->rqResponse.ErrorTextPtr = tkptr->RequestHostPort;
ErrorVmsStatus (rqptr, tkptr->NetIoPtr->WriteStatus, FI_LI);
}
}
}
/* finale */
ProxyEnd (tkptr);
return;
}
/* get more from the client */
BodyRead (rqptr);
tkptr->QueuedBodyRead++;
}
/****************************************************************************/
/*
*/
void ProxyResponseNetRead (PROXY_TASK *tkptr)
{
int size;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY, "ProxyResponseNetRead()");
if (tkptr->ResponseTransferEncodingChunked)
{
if (tkptr->ResponseChunkedEnd)
{
/* end of chunked response body */
if (tkptr->ResponseReworkMax)
{
ProxyReworkProcess (tkptr);
ProxyResponseNetWrite (tkptr);
}
else
ProxyEnd (tkptr);
return;
}
size = tkptr->ResponseBufferSize;
}
else
if (tkptr->ResponseContentLength >= 0)
{
/* a content-length was specified, read only enough to satisfy that */
size = tkptr->ResponseContentLength - tkptr->ResponseBodyLength;
if (size > tkptr->ResponseBufferSize) size = tkptr->ResponseBufferSize;
/* if more was initially sent than content-length this can be negative */
if (size <= 0)
{
/* have read enough to satisfy this (perhaps persistent) response */
if (tkptr->ResponseReworkMax)
{
ProxyReworkProcess (tkptr);
ProxyResponseNetWrite (tkptr);
}
else
ProxyEnd (tkptr);
return;
}
}
else
size = tkptr->ResponseBufferSize;
if (tkptr->ResponseReworkMax)
ProxyNetRead (tkptr, &ProxyReadResponseAst,
tkptr->ResponseBufferCurrentPtr,
tkptr->ResponseBufferRemaining);
else
ProxyNetRead (tkptr, &ProxyReadResponseAst,
tkptr->ResponseBufferPtr, size);
}
/****************************************************************************/
/*
Called as an AST when the read of a buffer from the proxied server completes.
It checks for, and analyzes, the response header. When the response header
has been analyzed a decision is made as to whether the response is cachable.
If cacheable this function stops executing while the cache file is created.
When that is complete ProxyReadResponseCacheWrite() is called as an AST to
write the first buffer of data into the file. If not cacheable then if
associated with a request the data is written to the client via the network.
*/
ProxyReadResponseAst (PROXY_TASK *tkptr)
{
int count, status;
char *cptr, *sptr, *zptr;
REQUEST_STRUCT *rqptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"ProxyReadResponseAst() !&F !&X !UL", &ProxyReadResponseAst,
tkptr->NetIoPtr->ReadStatus, tkptr->NetIoPtr->ReadCount);
rqptr = tkptr->RequestPtr;
if (VMSnok (tkptr->NetIoPtr->ReadStatus))
{
/**************/
/* read error */
/**************/
if (tkptr->NetIoPtr->Channel)
{
/* the socket has not been explicitlyly shut down */
if (tkptr->ResponseBytes)
{
/* we got some bytes back from the remote server */
if (tkptr->ResponseHttpVersion != HTTP_VERSION_0_9 &&
!tkptr->ResponseHeaderLength)
{
/* header was not completely received */
tkptr->ResponseStatusCode = 502;
if (rqptr)
{
/* request associated with task */
rqptr->rqResponse.HttpStatus = 502;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_HEADER), FI_LI);
}
}
}
else
{
/* absolutely no bytes at all from the remote server */
tkptr->ResponseStatusCode = 502;
if (rqptr)
{
/* request associated with task */
rqptr->rqResponse.HttpStatus = 502;
rqptr->rqResponse.ErrorTextPtr = tkptr->RequestHostPort;
switch (tkptr->NetIoPtr->ReadStatus)
{
case PROXY_ERROR_HOST_DISCONNECTED :
/* disconnected by third party */
ErrorGeneral (rqptr,
MsgFor(rqptr, MSG_PROXY_DISCON), FI_LI);
break;
default :
ErrorVmsStatus (rqptr, tkptr->NetIoPtr->ReadStatus, FI_LI);
}
}
}
}
/* finis */
if (tkptr->ResponseReworkMax)
{
ProxyReworkProcess (tkptr);
ProxyResponseNetWrite (tkptr);
}
else
ProxyEnd (tkptr);
return;
}
tkptr->ResponseBytes += tkptr->NetIoPtr->ReadCount;
if (tkptr->ResponseConsecutiveNewLineCount < 2)
{
/********************/
/* receiving header */
/********************/
tkptr->ResponseBufferCurrentPtr += tkptr->NetIoPtr->ReadCount;
tkptr->ResponseBufferRemaining -= tkptr->NetIoPtr->ReadCount;
/* careful of this loop - it's only here to help with 100 continues */
while (tkptr->ResponseConsecutiveNewLineCount < 2)
{
/***************************/
/* examine response header */
/***************************/
status = ProxyResponseHeader (tkptr);
if (VMSnok (status))
{
ProxyEnd (tkptr);
return;
}
/* if the full header has not yet been received */
if (tkptr->ResponseConsecutiveNewLineCount < 2) break;
if (tkptr->ResponseStatusCode < 100 ||
tkptr->ResponseStatusCode > 599 ||
tkptr->ResponseTransferEncodingUnsupported)
{
tkptr->ResponseStatusCode = 502;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_HEADER),
FI_LI);
ProxyEnd (tkptr);
return;
}
if (tkptr->ResponseHttpVersion == HTTP_VERSION_1_1 &&
tkptr->ResponseStatusCode == 100 &&
tkptr->ResponseConsecutiveNewLineCount >= 2)
{
/*******************************/
/* special case - 100 continue */
/*******************************/
if (tkptr->ResponseReworkMax) ProxyReworkHeader (tkptr);
/* synchronous write, convenient and won't happen very often */
NetWrite (tkptr->RequestPtr, 0,
tkptr->ResponseBufferPtr,
tkptr->ResponseBufferCount);
/* reset the response header processing */
ProxyResponseRebuild (tkptr, NULL, 0);
/* start again, at the point where the 100 header finished */
tkptr->ResponseHeaderPtr += tkptr->ResponseHeaderLength;
tkptr->ResponseHeaderLength = 0;
tkptr->ResponseConsecutiveNewLineCount = 0;
/* if more still in the read buffer - use that while loop now! */
if (tkptr->ResponseBufferCurrentPtr > tkptr->ResponseHeaderPtr)
continue;
}
/* make sure we're out of that while loop */
break;
}
if (tkptr->ResponseConsecutiveNewLineCount < 2)
{
/*******************************************/
/* entire header has not yet been received */
/*******************************************/
ProxyNetRead (tkptr, &ProxyReadResponseAst,
tkptr->ResponseBufferCurrentPtr,
tkptr->ResponseBufferRemaining);
return;
}
/****************************/
/* header has been received */
/****************************/
rqptr->rqResponse.HttpStatus = tkptr->ResponseStatusCode;
if (tkptr->ResponseHttpVersion == HTTP_VERSION_1_1 &&
tkptr->ResponseStatusCode == 101 &&
tkptr->ResponseUpgradeWebSocket &&
rqptr->WebSocketRequest)
{
/***************************************/
/* special case - 101 change protocols */
/***************************************/
if (WATCHING (rqptr, WATCH_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_PROXY, "UPGRADE WebSocket");
/* the proxied WebSocket will be handled by a raw tunnel */
tkptr->ProxyTunnel = PROXY_TUNNEL_RAW;
NetWriteRaw (rqptr, &ProxyTunnelConnectResponseAst,
tkptr->ResponseHeaderPtr,
tkptr->ResponseHeaderLength);
return;
}
/* there may be some body content following the header */
tkptr->ResponseBufferNetPtr = tkptr->ResponseHeaderPtr +
tkptr->ResponseHeaderLength;
/* ..ResponseBufferNet.. specify what is sent to the client */
tkptr->ResponseBufferNetCount = tkptr->ResponseBufferCurrentPtr -
tkptr->ResponseBufferNetPtr;
if (rqptr->rqPathSet.ProxyReworkPtr)
if (!ProxyReworkResponse (tkptr))
{
ProxyEnd (tkptr);
return;
}
if (WATCHING (tkptr, WATCH_PROXY_RESP_BDY))
{
if (tkptr->ResponseBufferNetCount)
{
/* ..ResponseBufferNet.. specify what is sent to the client */
WatchThis (WATCHITM(rqptr), WATCH_PROXY_RESP_BDY,
"RESPONSE BODY !UL bytes",
tkptr->ResponseBufferNetCount);
WatchDataDump (tkptr->ResponseBufferNetPtr,
tkptr->ResponseBufferNetCount);
}
}
if (rqptr->rqHeader.Method == HTTP_METHOD_HEAD)
{
/* no possibility of a body */
tkptr->ResponseContentLength = tkptr->ResponseBufferNetCount = 0;
}
else
{
/* whatever is left in the buffer */
tkptr->ResponseBodyLength = tkptr->ResponseBufferNetCount;
}
if (tkptr->ResponseTransferEncodingChunked)
{
status = ProxyResponseChunked (tkptr);
if (VMSnok (status))
{
tkptr->ResponseStatusCode = 502;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_HEADER),
FI_LI);
ProxyEnd (tkptr);
return;
}
}
}
else
{
/******************/
/* receiving body */
/******************/
tkptr->ResponseBodyLength += tkptr->NetIoPtr->ReadCount;
if (tkptr->ResponseReworkMax)
{
tkptr->ResponseBufferCurrentPtr += tkptr->NetIoPtr->ReadCount;
tkptr->ResponseBufferRemaining -= tkptr->NetIoPtr->ReadCount;
}
tkptr->ResponseBufferNetPtr = tkptr->ResponseBufferPtr;
tkptr->ResponseBufferNetCount = tkptr->NetIoPtr->ReadCount;
if (WATCHING (tkptr, WATCH_PROXY_RESP_BDY))
{
WatchThis (WATCHITM(rqptr), WATCH_PROXY_RESP_BDY,
"RESPONSE BODY !UL bytes", tkptr->NetIoPtr->ReadCount);
WatchDataDump (tkptr->ResponseBufferPtr, tkptr->NetIoPtr->ReadCount);
}
if (tkptr->ResponseTransferEncodingChunked)
{
status = ProxyResponseChunked (tkptr);
if (VMSnok (status))
{
tkptr->ResponseStatusCode = 502;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_PROXY_HEADER), FI_LI);
ProxyEnd (tkptr);
return;
}
}
}
/*******************************/
/* rework, or direct to client */
/*******************************/
if (tkptr->ResponseReworkMax)
{
if (!ProxyReworkResponse (tkptr))
{
/* for example; growing buffer may have exceeded max */
ProxyEnd (tkptr);
return;
}
/* ProxyReworkResponse() can revert to normal proxying */
if (tkptr->ResponseReworkMax)
ProxyResponseNetRead (tkptr);
else
ProxyResponseNetWrite (tkptr);
}
else
ProxyResponseNetWrite (tkptr);
}
/****************************************************************************/
/*
The body is being "Transfer-Encoding: chunked" so the internal structure of
this data stream needs to be parsed to detect end-of-body.
*/
int ProxyResponseChunked (PROXY_TASK *tkptr)
{
#define WATCH_CHUNK \
if (WATCHMOD (tkptr, WATCH_MOD_PROXY)) \
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY, \
"CHUNKED !SL !UL !UL !UL !&B !&B !&B !&Z", \
BufferRemaining, \
tkptr->ResponseChunkedNewlineCount, \
tkptr->ResponseChunkedSize, \
tkptr->ResponseChunkedCount, \
tkptr->ResponseChunkedEol, \
tkptr->ResponseChunkedEot, \
tkptr->ResponseChunkedEnd, \
tkptr->ResponseChunkedString);
int BufferRemaining;
char *cptr, *czptr, *sptr, *zptr;
REQUEST_STRUCT *rqptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"ProxyResponseChunked()");
rqptr = tkptr->RequestPtr;
if (!tkptr->ResponseChunkedInit)
{
tkptr->ResponseChunkedInit = true;
tkptr->ResponseChunkedEnd =
tkptr->ResponseChunkedEol =
tkptr->ResponseChunkedEot = false;
tkptr->ResponseChunkedCount =
tkptr->ResponseChunkedSize =
tkptr->ResponseChunkedNewlineCount = 0;
tkptr->ResponseChunkedString[0] = '\0';
}
/* ..ResponseBufferNet.. specify what is sent to the client */
czptr = (cptr = tkptr->ResponseBufferNetPtr) + tkptr->ResponseBufferNetCount;
while (cptr < czptr)
{
BufferRemaining = czptr - cptr;
WATCH_CHUNK
if (tkptr->ResponseChunkedSize &&
!tkptr->ResponseChunkedEot)
{
/* currently transfering a chunk */
if (BufferRemaining >=
tkptr->ResponseChunkedSize - tkptr->ResponseChunkedCount)
{
/* have enough for this chunk (at least) */
cptr += tkptr->ResponseChunkedSize - tkptr->ResponseChunkedCount;
tkptr->ResponseChunkedCount = tkptr->ResponseChunkedSize = 0;
}
else
{
/* have not reached the end of this chunk yet */
tkptr->ResponseChunkedCount += BufferRemaining;
break;
}
}
if (cptr >= czptr) break;
BufferRemaining = czptr - cptr;
WATCH_CHUNK
while (cptr < czptr &&
!tkptr->ResponseChunkedSize &&
!tkptr->ResponseChunkedEot)
{
/* getting the size of the next chunk */
if (tkptr->ResponseChunkedEol)
{
/* looking for the end of the chunk size line */
while (cptr < czptr && *cptr != '\n') cptr++;
if (cptr >= czptr) break;
cptr++;
/* hit the end-of-line */
tkptr->ResponseChunkedSize =
strtol (tkptr->ResponseChunkedString, NULL, 16);
if (WATCHING (tkptr, WATCH_PROXY_RESP_BDY))
WatchThis (WATCHITM(rqptr), WATCH_PROXY_RESP_BDY,
"RESPONSE BODY CHUNK \"!AZ\" !UL bytes",
tkptr->ResponseChunkedString,
tkptr->ResponseChunkedSize);
tkptr->ResponseChunkedEol = false;
tkptr->ResponseChunkedString[0] = '\0';
tkptr->ResponseChunkedCount = 0;
if (!tkptr->ResponseChunkedSize)
{
tkptr->ResponseChunkedEot = true;
tkptr->ResponseChunkedNewlineCount = 1;
}
}
else
{
if (!tkptr->ResponseChunkedString[0])
{
/* step over any trailing CR-LF of any preceding chunk */
if (*cptr == '\r' && cptr < czptr) cptr++;
if (*cptr == '\n' && cptr < czptr) cptr++;
}
zptr = (sptr = tkptr->ResponseChunkedString) +
sizeof(tkptr->ResponseChunkedString);
/* find the end of the currently buffered string */
for (sptr = tkptr->ResponseChunkedString;
*sptr && sptr < zptr;
sptr++);
while (isxdigit(*cptr) && cptr < czptr && sptr < zptr)
*sptr++ = *cptr++;
/* this shouldn't happen! */
if (sptr >= zptr) return (STS$K_ERROR);
*sptr = '\0';
/* if reached the end of the hex number look for the end-of-line */
if (cptr < czptr && !isxdigit(*cptr))
tkptr->ResponseChunkedEol = true;
}
}
if (cptr >= czptr) break;
BufferRemaining = czptr - cptr;
WATCH_CHUNK
if (tkptr->ResponseChunkedEot)
{
/* looking for the end-of-trailer consecutive newlines */
while (cptr < czptr && tkptr->ResponseChunkedNewlineCount < 2)
{
if (*cptr == '\n')
tkptr->ResponseChunkedNewlineCount++;
else
if (*cptr != '\r')
tkptr->ResponseChunkedNewlineCount = 0;
cptr++;
}
if (tkptr->ResponseChunkedNewlineCount >= 2) break;
}
if (cptr >= czptr) break;
BufferRemaining = czptr - cptr;
}
if (tkptr->ResponseChunkedNewlineCount >= 2)
tkptr->ResponseChunkedEnd = true;
if (cptr >= czptr) BufferRemaining = 0;
WATCH_CHUNK
return (SS$_NORMAL);
}
/****************************************************************************/
/*
If a cache load is in progress this function is called when the file write is
complete. If not in progress then this is called directly from
ProxyReadResponseAst(). If a request is associated with the task the current
buffer is written out to the client via the network. If no request then the
next buffer is read from the proxied server.
*/
void ProxyResponseNetWrite (PROXY_TASK *tkptr)
{
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY, "ProxyResponseNetWrite()");
if (tkptr->RebuiltHeaderPtr)
NetWrite (tkptr->RequestPtr, &ProxyResponseNetWriteAst,
tkptr->RebuiltHeaderPtr, tkptr->RebuiltHeaderLength);
else
/* ..ResponseBufferNet.. specify what is sent to the client */
NetWrite (tkptr->RequestPtr, &ProxyResponseNetWriteAst,
tkptr->ResponseBufferNetPtr, tkptr->ResponseBufferNetCount);
}
/****************************************************************************/
/*
************
*** NOTE *** This function takes a pointer to a request!!!
************
Just a wrapper for when NetWrite() is used to AST queue a read of the next part
of the response. Check the network write status and if OK then queue another
read of data from the proxied server.
*/
void ProxyResponseNetWriteAst (REQUEST_STRUCT *rqptr)
{
int BufferSize;
PROXY_TASK *tkptr;
/*********/
/* begin */
/*********/
tkptr = rqptr->ProxyTaskPtr;
if (WATCHMOD (rqptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(rqptr), WATCH_MOD_PROXY,
"ProxyResponseNetWriteAst() !&F !&X !&B !&X !UL !UL !UL",
&ProxyResponseNetWriteAst, rqptr->NetIoPtr->WriteStatus,
tkptr->PersistentResponse,
tkptr->RebuiltHeaderPtr,
tkptr->ResponseBodyLength,
tkptr->ResponseContentLength,
tkptr->ResponseBufferNetCount);
if (VMSnok (rqptr->NetIoPtr->WriteStatus))
{
/* write to client failed, just abandon the request */
ProxyEnd (tkptr);
return;
}
if (tkptr->RebuiltHeaderPtr)
{
/* response header has now been sent */
tkptr->RebuiltHeaderPtr = NULL;
if (tkptr->ResponseBufferNetCount)
{
/* there is response body available to be sent */
ProxyResponseNetWrite (tkptr);
return;
}
}
ProxyResponseNetRead (tkptr);
}
/****************************************************************************/
/*
Check the HTTP version. If it doesn't look like an HTTP/1.n then assume its an
HTTP/0.9 (stream of HTML) and don't look for header fields. Look through the
data received from the remote server so far for two consecutive blank lines
(two newlines or two carriage-return/newline combinations). This delimits the
response header. When found parse the response header.
*/
int ProxyResponseHeader (PROXY_TASK *tkptr)
{
int status,
cnlcnt;
char *cptr, *zptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY, "ProxyResponseHeader()");
cnlcnt = tkptr->ResponseConsecutiveNewLineCount;
cptr = tkptr->ResponseHeaderPtr;
zptr = tkptr->ResponseBufferCurrentPtr;
if (!tkptr->ResponseHttpVersion)
{
/******************************/
/* establish response version */
/******************************/
if (MATCH8 (cptr, "HTTP/1.1") && ISLWS(cptr[8]))
tkptr->ResponseHttpVersion = HTTP_VERSION_1_1;
else
if (MATCH8 (cptr, "HTTP/1.0") && ISLWS(cptr[8]))
tkptr->ResponseHttpVersion = HTTP_VERSION_1_0;
else
if (MATCH5 (cptr, "HTTP/"))
tkptr->ResponseHttpVersion = HTTP_VERSION_UNKNOWN;
else
{
ProxyHttp09ResponseHeader (tkptr);
return (SS$_NORMAL);
}
}
/******************************/
/* look for the end-of-header */
/******************************/
while (*cptr && cnlcnt < 2 && cptr < zptr)
{
if (*cptr == '\r') cptr++;
if (!*cptr) break;
if (*cptr != '\n')
{
cptr++;
cnlcnt = 0;
continue;
}
cptr++;
cnlcnt++;
}
if ((tkptr->ResponseConsecutiveNewLineCount = cnlcnt) >= 2)
{
/* found the end of the response header */
tkptr->ResponseHeaderLength = cptr - (char*)tkptr->ResponseHeaderPtr;
status = ProxyResponseRebuild (tkptr, tkptr->ResponseHeaderPtr,
tkptr->ResponseHeaderLength);
return (status);
}
return (SS$_NORMAL);
}
/****************************************************************************/
/*
Fudge status response components for HTTP/0.9. Leave the
'tkptr->ResponseHeaderPtr' pointing where-ever but set the
'tkptr->ResponseHeaderLength' to zero.
*/
ProxyHttp09ResponseHeader (PROXY_TASK *tkptr)
{
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY, "ProxyHttp09ResponseHeader()");
tkptr->ResponseConsecutiveNewLineCount = 2;
tkptr->ResponseHeaderLength = 0;
/* do not touch 'tkptr->ResponseHeaderPtr' upon penalty of bug! */
tkptr->ResponseHttpVersion = HTTP_VERSION_0_9;
tkptr->ResponseStatusCode = 200;
}
/****************************************************************************/
/*
Rebuild the response header pointed to by the supplied paramaters into a new
dynamically allocated buffer. This function is intended to process the
response header either direct from the network or as read from a cache file.
The rebuilt header has been modified to remove hop-by-hop fields and to add
persistent connection fields as required. Other fields, perhaps unknown ones,
are just propagated.
*/
int ProxyResponseRebuild
(
PROXY_TASK *tkptr,
char *HeaderPtr,
int HeaderLength
)
{
static char AgeField [32];
static $DESCRIPTOR (AgeFieldDsc, AgeField);
static $DESCRIPTOR (AgeFieldFaoDsc, "Age: !UL\r\n\0");
static char KeepAliveField [32];
static $DESCRIPTOR (KeepAliveFieldDsc, KeepAliveField);
static $DESCRIPTOR (KeepAliveFieldFaoDsc, "Keep-Alive: timeout=!UL\r\n\0");
int idx,
status,
AgeSeconds,
KeepAliveSeconds,
RebuiltHeaderLength;
char *cptr, *hzptr, *lzptr, *sptr, *tcptr, *tsptr, *tzptr, *zptr,
*RebuiltHeaderPtr, *ContentLengthPtr=NULL, *ContentLengthEndPtr;
unsigned long *Time64Ptr;
REQUEST_STRUCT *rqptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
{
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"ProxyResponseRebuild() !&X !UL", HeaderPtr, HeaderLength);
if (HeaderPtr) WatchDataDump (HeaderPtr, HeaderLength);
}
/* initialize header storage/flags potentially modified by this function */
tkptr->ResponseContentLength = -1;
tkptr->PersistentResponse =
tkptr->ResponseConnectionClose =
tkptr->ResponseConnectionKeepAlive =
tkptr->ResponseContentEncodingGzip =
tkptr->ResponseContentEncodingUnknown =
tkptr->ResponseTransferEncodingChunked =
tkptr->ResponseTransferEncodingUnsupported =
tkptr->ResponseVaryUnsupported = false;
tkptr->ResponseExpires[0] =
tkptr->ResponseLastModified[0] = '\0';
tkptr->ResponseContentTypePtr = NULL;
/* can be called with the 100-Continue response header to reset the above */
if (!HeaderPtr) return (SS$_NORMAL);
rqptr = tkptr->RequestPtr;
/* so we can detect whether the original header contained an age field */
AgeSeconds = -1;
if (WATCHING (tkptr, WATCH_PROXY_RESP_HDR))
{
WatchThis (WATCHITM(rqptr), WATCH_PROXY_RESP_HDR,
"RESPONSE HEADER server->proxy !UL bytes", HeaderLength);
WatchData (HeaderPtr, HeaderLength);
}
RebuiltHeaderLength = HeaderLength + 1024;
if (rqptr->ProxyReverseLocationPtr &&
(tkptr->ResponseStatusCode == 301 ||
tkptr->ResponseStatusCode == 302))
RebuiltHeaderLength += PROXY_LOCATION_REBUILD_BUFFER;
RebuiltHeaderPtr = VmGetHeap (rqptr, RebuiltHeaderLength);
zptr = (sptr = RebuiltHeaderPtr) + RebuiltHeaderLength;
cptr = HeaderPtr;
hzptr = cptr + HeaderLength;
/************************/
/* response status line */
/************************/
/* HTTP protocol version (redundant for network, needed for cache file) */
if (MATCH8 (cptr, "HTTP/1.1"))
tkptr->ResponseHttpVersion = HTTP_VERSION_1_1;
else
if (MATCH8 (cptr, "HTTP/1.0"))
tkptr->ResponseHttpVersion = HTTP_VERSION_1_0;
else
if (MATCH5 (cptr, "HTTP/"))
tkptr->ResponseHttpVersion = HTTP_VERSION_UNKNOWN;
while (!ISLWS(*cptr) && NOTEOL(*cptr) && cptr < hzptr && sptr < zptr)
*sptr++ = *cptr++;
while (ISLWS(*cptr) && cptr < hzptr && sptr < zptr) *sptr++ = *cptr++;
/* get the HTTP status code */
tkptr->ResponseStatusCode = atoi(cptr);
/* copy the rest of the response status line */
while (NOTEOL(*cptr) && cptr < hzptr && sptr < zptr) *sptr++ = *cptr++;
if (*cptr == '\r' && cptr < hzptr && sptr < zptr) *sptr++ = *cptr++;
if (*cptr == '\n' && cptr < hzptr && sptr < zptr) *sptr++ = *cptr++;
if (cptr == HeaderPtr ||
cptr == hzptr ||
!tkptr->ResponseStatusCode)
{
ErrorNoticed (rqptr, SS$_BUGCHECK, ErrorSanityCheck, FI_LI);
rqptr->rqResponse.HttpStatus = 500;
ErrorGeneral (rqptr, ErrorSanityCheck, FI_LI);
return (STS$K_ERROR);
}
/******************/
/* rest of header */
/******************/
while (cptr < hzptr && sptr < zptr)
{
/* get a pointer to the end-of-line character */
for (lzptr = cptr; lzptr < hzptr && NOTEOL(*lzptr); lzptr++);
/* if reached the end-of-header empty line */
if (cptr == lzptr) break;
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchDataFormatted ("{!UL}!-!#AZ\n", lzptr-cptr, cptr);
if (TOUP(*cptr) == 'A' &&
strsame (cptr, "Age:", 4))
{
/*******/
/* age */
/*******/
tcptr = cptr + 4;
while (ISLWS(*tcptr) && tcptr < lzptr) tcptr++;
AgeSeconds = atoi(tcptr);
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"!UL", AgeSeconds);
/* we'll add our own later, the original header is not propagated */
cptr += 4;
while (cptr < lzptr) cptr++;
if (*cptr == '\r' && cptr < hzptr) cptr++;
if (*cptr == '\n' && cptr < hzptr) cptr++;
continue;
}
else
if (TOUP(*cptr) == 'C')
{
if (strsame (cptr, "Cache-Control:", 14))
{
/*****************/
/* cache control */
/*****************/
tcptr = cptr + 14;
while (ISLWS(*tcptr) && tcptr < lzptr) tcptr++;
while (tcptr < lzptr)
{
if (strsame (tcptr, "must-revalidate", 15))
{
tkptr->ResponseCacheControlMustReval = true;
tcptr += 15;
}
else
if (strsame (tcptr, "max-age=", 8))
{
tcptr += 8;
tkptr->ResponseCacheControlMaxAge = atoi(tcptr);
if (!tkptr->ResponseCacheControlMaxAge)
tkptr->ResponseCacheControlMaxAgeZero = true;
}
else
if (strsame (tcptr, "no-cache", 8))
{
tkptr->ResponseCacheControlNoCache = true;
tcptr += 8;
}
else
if (strsame (tcptr, "no-store", 8))
{
tkptr->ResponseCacheControlNoStore = true;
tcptr += 8;
}
else
if (strsame (tcptr, "no-transform", 12))
{
tkptr->ResponseCacheControlNoTransform = true;
tcptr += 12;
}
else
if (strsame (tcptr, "private", 7))
{
tkptr->ResponseCacheControlPrivate = true;
tcptr += 7;
}
else
if (strsame (tcptr, "proxy-revalidate", 16))
{
tkptr->ResponseCacheControlProxyReval = true;
tcptr += 16;
}
else
if (strsame (tcptr, "public", 6))
{
tkptr->ResponseCacheControlPublic = true;
tcptr += 6;
}
else
if (strsame (tcptr, "s-maxage=", 9))
{
tcptr += 9;
tkptr->ResponseCacheControlSMaxAge = atoi(tcptr);
if (!tkptr->ResponseCacheControlSMaxAge)
tkptr->ResponseCacheControlMaxAgeZero = true;
}
while (!ISLWS(*tcptr) && *tcptr != ',' && tcptr < lzptr)
tcptr++;
while ((ISLWS(*tcptr) || *tcptr == ',') && tcptr < lzptr)
tcptr++;
}
if (tkptr->ResponseCacheControlMaxAgeZero ||
tkptr->ResponseCacheControlMustReval ||
tkptr->ResponseCacheControlNoCache ||
tkptr->ResponseCacheControlNoStore ||
tkptr->ResponseCacheControlPrivate ||
tkptr->ResponseCacheControlProxyReval)
tkptr->ResponseNoCache = true;
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"!&B - !&B !UL/!&B !&B !&B !&B !&B !&B !&B !UL",
tkptr->ResponseNoCache,
tkptr->ResponseCacheControlMustReval,
tkptr->ResponseCacheControlMaxAge,
tkptr->ResponseCacheControlMaxAgeZero,
tkptr->ResponseCacheControlNoCache,
tkptr->ResponseCacheControlNoStore,
tkptr->ResponseCacheControlNoTransform,
tkptr->ResponseCacheControlPrivate,
tkptr->ResponseCacheControlProxyReval,
tkptr->ResponseCacheControlPublic,
tkptr->ResponseCacheControlSMaxAge);
/* drop through to copy this header */
}
else
if (strsame (cptr, "Content-Length:", 15))
{
/******************/
/* content-length */
/******************/
tcptr = cptr + 15;
while (ISLWS(*tcptr) && tcptr < lzptr) tcptr++;
tkptr->ResponseContentLength = atoi(tcptr);
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"!UL", tkptr->ResponseContentLength);
/* do not copy this header until we are sure we don't deflate */
/* save pointers to Content-Length header for subsequent use */
ContentLengthPtr = cptr;
while (cptr < lzptr) cptr++;
if (*cptr == '\r' && cptr < hzptr) cptr++;
if (*cptr == '\n' && cptr < hzptr) cptr++;
ContentLengthEndPtr = cptr;
continue;
}
else
if (strsame (cptr, "Content-Encoding:", 17))
{
/********************/
/* content-encoding */
/********************/
tcptr = cptr + 17;
while (ISLWS(*tcptr) && tcptr < lzptr) tcptr++;
if (strsame (tcptr, "gzip", 4))
tkptr->ResponseContentEncodingGzip = true;
else
tkptr->ResponseContentEncodingUnknown = true;
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"!&B", tkptr->ResponseContentEncodingGzip);
/* drop through to copy this header */
}
else
if (strsame (cptr, "Content-Type:", 13))
{
/****************/
/* content-type */
/****************/
tcptr = cptr + 13;
while (ISLWS(*tcptr) && tcptr < lzptr) tcptr++;
tkptr->ResponseContentTypePtr = tcptr;
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY, "!15AZ",
tkptr->ResponseContentTypePtr);
/* drop through to copy this header */
}
else
if (strsame (cptr, "Connection:", 11))
{
/**************/
/* connection */
/**************/
cptr += 11;
while (ISLWS(*cptr) && cptr < lzptr) cptr++;
while (cptr < lzptr)
{
if (strsame (cptr, "close", 5))
{
tkptr->ResponseConnectionClose = true;
cptr += 5;
}
else
if (strsame (cptr, "keep-alive", 10))
{
tkptr->ResponseConnectionKeepAlive = true;
cptr += 10;
}
while (!ISLWS(*cptr) && *cptr != ',' && cptr < lzptr) cptr++;
while ((ISLWS(*cptr) || *cptr == ',') && cptr < lzptr) cptr++;
}
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"!&B !&B", tkptr->ResponseConnectionClose,
tkptr->ResponseConnectionKeepAlive);
/* do not drop through, this header is not propagated */
while (cptr < lzptr) cptr++;
if (*cptr == '\r' && cptr < hzptr) cptr++;
if (*cptr == '\n' && cptr < hzptr) cptr++;
continue;
}
}
else
if (TOUP(*cptr) == 'E' &&
strsame (cptr, "Expires:", 8))
{
/***********/
/* expires */
/***********/
tcptr = cptr + 8;
while (ISLWS(*tcptr) && tcptr < lzptr) tcptr++;
tzptr = (tsptr = tkptr->ResponseExpires) +
sizeof(tkptr->ResponseExpires);
while (tcptr < lzptr && tsptr < tzptr) *tsptr++ = *tcptr++;
if (tsptr >= tzptr) tsptr = tkptr->ResponseExpires;
*tsptr = '\0';
status = HttpGetTime (tkptr->ResponseExpires,
&tkptr->ResponseExpiresTime64);
if (VMSnok (status))
{
tkptr->ResponseExpiresTime64 = 0;
tkptr->ResponseExpires[0] = '\0';
}
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"!&Z !&S !%D", tkptr->ResponseExpires, status,
&tkptr->ResponseExpiresTime64);
/* drop through to copy this header */
}
else
if (TOUP(*cptr) == 'K' &&
strsame (cptr, "Keep-Alive:", 11))
{
/**************/
/* keep-alive */
/**************/
/* just note the presence of the field */
tkptr->ResponseKeepAlive = true;
/* do not drop through, this header is not propagated */
cptr += 11;
while (cptr < lzptr) cptr++;
if (*cptr == '\r' && cptr < hzptr) cptr++;
if (*cptr == '\n' && cptr < hzptr) cptr++;
continue;
}
else
if (TOUP(*cptr) == 'L')
{
if (strsame (cptr, "Last-Modified:", 14))
{
/*****************/
/* last-modified */
/*****************/
tcptr = cptr + 14;
while (ISLWS(*tcptr) && tcptr < lzptr) tcptr++;
tzptr = (tsptr = tkptr->ResponseLastModified) +
sizeof(tkptr->ResponseLastModified);
while (tcptr < lzptr && tsptr < tzptr) *tsptr++ = *tcptr++;
if (tsptr >= tzptr) tsptr = tkptr->ResponseLastModified;
*tsptr = '\0';
status = HttpGetTime (tkptr->ResponseLastModified,
&tkptr->ResponseLastModifiedTime64);
if (VMSnok (status))
{
tkptr->ResponseLastModifiedTime64 = 0;
tkptr->ResponseLastModified[0] = '\0';
}
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"!&Z !&S !%D", tkptr->ResponseLastModified, status,
&tkptr->ResponseLastModifiedTime64);
/* drop through to copy this header */
}
else
/* rewrite only if necessary, otherwise fall through to copy */
if (strsame (cptr, "Location:", 9) &&
rqptr->ProxyReverseLocationPtr &&
(tkptr->ResponseStatusCode == 301 ||
tkptr->ResponseStatusCode == 302))
{
/************/
/* location */
/************/
cptr += 9;
while (ISLWS(*cptr) && cptr < lzptr) cptr++;
tcptr = "Location: ";
while (*tcptr && sptr < zptr) *sptr++ = *tcptr++;
if (tcptr = ProxyRebuildLocation (tkptr, cptr))
{
/* the location was rebuilt */
while (*tcptr && sptr < zptr) *sptr++ = *tcptr++;
if (sptr < zptr) *sptr++ = '\r';
if (sptr < zptr) *sptr++ = '\n';
/* do not drop through, this header is not propagated as-is */
while (cptr < lzptr) cptr++;
if (*cptr == '\r' && cptr < hzptr) cptr++;
if (*cptr == '\n' && cptr < hzptr) cptr++;
continue;
}
/* else drop through to copy this header */
}
}
else
if (TOUP(*cptr) == 'P')
{
if (strsame (cptr, "Pragma:", 7))
{
/**********/
/* pragma */
/**********/
cptr += 7;
while (ISLWS(*cptr) && cptr < lzptr) cptr++;
if (strsame (cptr, "no-cache", 8)) tkptr->ResponseNoCache = true;
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"!&B", tkptr->ResponseNoCache);
/* do not drop through, this header is not propagated */
while (cptr < lzptr) cptr++;
if (*cptr == '\r' && cptr < hzptr) cptr++;
if (*cptr == '\n' && cptr < hzptr) cptr++;
continue;
}
else
if (strsame (cptr, "Public:", 7))
{
/**********/
/* public */
/**********/
cptr += 7;
while (ISLWS(*cptr) && cptr < lzptr) cptr++;
/* do not drop through, this header is not propagated */
while (cptr < lzptr) cptr++;
if (*cptr == '\r' && cptr < hzptr) cptr++;
if (*cptr == '\n' && cptr < hzptr) cptr++;
continue;
}
}
else
if (TOUP(*cptr) == 'S')
{
if (strsame (cptr, "Set-Cookie:", 11))
{
/**************/
/* set-cookie */
/**************/
cptr += 11;
while (ISLWS(*cptr) && cptr < lzptr) cptr++;
}
}
else
if (TOUP(*cptr) == 'T' &&
strsame (cptr, "Transfer-Encoding:", 18))
{
/*********************/
/* transfer-encoding */
/*********************/
tcptr = cptr + 18;
while (ISLWS(*tcptr) && tcptr < lzptr) tcptr++;
if (strsame (tcptr, "chunked", 7))
tkptr->ResponseTransferEncodingChunked = true;
else
tkptr->ResponseTransferEncodingUnsupported = true;
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY, "!&B !&B",
tkptr->ResponseTransferEncodingChunked,
tkptr->ResponseTransferEncodingUnsupported);
/* drop through to copy this header */
}
else
if (TOUP(*cptr) == 'U' &&
strsame (cptr, "Upgrade:", 8))
{
/***********/
/* upgrade */
/***********/
tcptr = cptr + 8;
while (ISLWS(*tcptr) && tcptr < lzptr) tcptr++;
if (strsame (tcptr, "websocket", 9))
tkptr->ResponseUpgradeWebSocket = true;
/* drop through to copy this header */
}
else
if (TOUP(*cptr) == 'V' &&
strsame (cptr, "Vary:", 5))
{
/********/
/* vary */
/********/
tcptr = cptr + 5;
while (ISLWS(*tcptr) && tcptr < lzptr) tcptr++;
while (tcptr < lzptr)
{
if (*tcptr == '*')
{
/* something not related to header fields */
tkptr->ResponseVaryUnsupported = true;
tcptr++;
}
else
if (strsame (tcptr, "accept", 6) &&
!strsame (tcptr, "accept-encoding", 15))
{
/* "Accept:", "Accept-Charset:, all-but, etc. */
tkptr->ResponseVaryUnsupported = true;
tcptr += 6;
}
while (!ISLWS(*tcptr) && *tcptr != ',' && tcptr < lzptr) tcptr++;
while ((ISLWS(*tcptr) || *tcptr == ',') && tcptr < lzptr) tcptr++;
}
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"!&B", tkptr->ResponseVaryUnsupported);
/* drop through to copy this header */
}
/* got all the way down here, copy the header into the rebuilt buffer */
while (cptr < lzptr && sptr < zptr) *sptr++ = *cptr++;
if (*cptr == '\r' && cptr < hzptr && sptr < zptr) *sptr++ = *cptr++;
if (*cptr == '\n' && cptr < hzptr && sptr < zptr) *sptr++ = *cptr++;
}
/*********************/
/* add proxy headers */
/*********************/
if (tkptr->ResponseStatusCode != 100)
{
/*******/
/* age */
/*******/
/* if an age field was supplied with the original header */
if (AgeSeconds >= 0)
Time64Ptr = NULL;
else
/* if there's a last modified supplied with the response */
if (tkptr->ResponseLastModifiedTime64)
Time64Ptr = &tkptr->ResponseLastModifiedTime64;
else
/* otherwise just use the current time */
{
Time64Ptr = NULL;
AgeSeconds = 0;
}
if (AgeSeconds < 0) AgeSeconds = 0;
sys$fao (&AgeFieldFaoDsc, 0, &AgeFieldDsc, AgeSeconds);
for (cptr = AgeField; *cptr && sptr < zptr; *sptr++ = *cptr++);
/*************/
/* compress? */
/*************/
if (!tkptr->ResponseContentEncodingGzip &&
!tkptr->ResponseContentEncodingUnknown &&
!tkptr->ResponseTransferEncodingChunked)
{
if (GzipResponse)
rqptr->rqResponse.ContentEncodeAsGzip =
GzipShouldDeflate (rqptr, tkptr->ResponseContentTypePtr,
tkptr->ResponseContentLength);
if (rqptr->rqResponse.ContentEncodeAsGzip)
{
for (cptr = "Content-Encoding: gzip\r\n";
*cptr && sptr < zptr;
*sptr++ = *cptr++);
if (tkptr->ResponseHttpVersion == HTTP_VERSION_1_1 &&
tkptr->RequestHttpVersion == HTTP_VERSION_1_1)
{
rqptr->rqResponse.TransferEncodingChunked = true;
for (cptr = "Transfer-Encoding: chunked\r\n";
*cptr && sptr < zptr;
*sptr++ = *cptr++);
}
}
else
if (ContentLengthPtr)
{
/* we don't deflate, so output any Content-Length header */
for (cptr = ContentLengthPtr;
cptr < ContentLengthEndPtr && sptr < zptr;
*sptr++ = *cptr++);
}
}
else
if (ContentLengthPtr)
{
/* we don't deflate, so output Content-Length header */
for (cptr = ContentLengthPtr;
cptr < ContentLengthEndPtr && sptr < zptr;
*sptr++ = *cptr++);
}
/**************/
/* connection */
/**************/
/* MUST follow the COMPRESS? decision immediately above */
/* special case, 304's SHALL NOT contain a body (the only one AFICT) */
if (tkptr->ResponseStatusCode == 304 &&
tkptr->ResponseContentLength < 0)
{
/* to make persistence work just assume a content-length of 0 */
tkptr->ResponseContentLength = 0;
}
if (tkptr->RequestHttpVersion == HTTP_VERSION_1_1)
{
/* proxy->origin persistence */
if (tkptr->PersistentRequest &&
(tkptr->ResponseContentLength >= 0 ||
tkptr->ResponseTransferEncodingChunked) &&
!tkptr->ResponseConnectionClose &&
!rqptr->rqResponse.ContentEncodeAsGzip)
tkptr->PersistentResponse = true;
else
tkptr->PersistentResponse = false;
/* client->proxy persistence */
if (tkptr->PersistentRequest &&
tkptr->PersistentResponse)
{
rqptr->PersistentResponse = true;
/* not strictly required but many HTTP/1.1 servers supply it */
for (cptr = "Connection: keep-alive\r\n";
*cptr && sptr < zptr;
*sptr++ = *cptr++);
}
else
{
rqptr->PersistentResponse = false;
for (cptr = "Connection: close\r\n";
*cptr && sptr < zptr;
*sptr++ = *cptr++);
}
}
else
if (tkptr->RequestHttpVersion == HTTP_VERSION_1_0)
{
/* proxy->origin persistence */
if (tkptr->PersistentRequest &&
(tkptr->ResponseContentLength >= 0 ||
tkptr->ResponseTransferEncodingChunked) &&
(tkptr->ResponseKeepAlive ||
tkptr->ResponseConnectionKeepAlive) &&
!tkptr->ResponseConnectionClose &&
!rqptr->rqResponse.ContentEncodeAsGzip)
tkptr->PersistentResponse = true;
else
tkptr->PersistentResponse = false;
/* client->proxy persistence */
if (tkptr->PersistentRequest &&
tkptr->PersistentResponse)
{
rqptr->PersistentResponse = true;
for (cptr = "Connection: keep-alive\r\n";
*cptr && sptr < zptr;
*sptr++ = *cptr++);
if (rqptr->rqPathSet.TimeoutPersistent)
KeepAliveSeconds = rqptr->rqPathSet.TimeoutPersistent;
else
KeepAliveSeconds = Config.cfTimeout.Persistent;
sys$fao (&KeepAliveFieldFaoDsc, 0, &KeepAliveFieldDsc,
KeepAliveSeconds);
for (cptr = KeepAliveField;
*cptr && sptr < zptr;
*sptr++ = *cptr++);
}
else
rqptr->PersistentResponse = false;
}
/***************************/
/* proxy generated cookies */
/***************************/
for (idx = 0; idx < RESPONSE_COOKIE_MAX; idx++)
{
if (rqptr->rqResponse.CookiePtr[idx])
{
for (cptr = "Set-Cookie: ";
*cptr && sptr < zptr;
*sptr++ = *cptr++);
for (cptr = rqptr->rqResponse.CookiePtr[idx];
*cptr && sptr < zptr;
*sptr++ = *cptr++);
if (sptr < zptr) *sptr++ = '\r';
if (sptr < zptr) *sptr++ = '\n';
}
}
}
/* header terminating empty line */
if (sptr < zptr) *sptr++ = '\r';
if (sptr < zptr) *sptr++ = '\n';
if (sptr >= zptr)
{
ErrorNoticed (rqptr, SS$_BUGCHECK, ErrorSanityCheck, FI_LI);
rqptr->rqResponse.HttpStatus = 500;
ErrorGeneralOverflow (rqptr, FI_LI);
return (STS$K_ERROR);
}
*sptr = '\0';
RebuiltHeaderLength = sptr - RebuiltHeaderPtr;
if (WATCHING (tkptr, WATCH_PROXY_RESP_HDR))
{
WatchThis (WATCHITM(rqptr), WATCH_PROXY_RESP_HDR,
"RESPONSE HEADER proxy->client !UL bytes",
RebuiltHeaderLength);
WatchData (RebuiltHeaderPtr, RebuiltHeaderLength);
}
tkptr->RebuiltHeaderPtr = RebuiltHeaderPtr;
tkptr->RebuiltHeaderLength = RebuiltHeaderLength;
return (SS$_NORMAL);
}
/****************************************************************************/
#ifdef COMMENTS_WITH_COMMENTS
/*
The reverse-proxy response header "Location:" field needs to be rewritten.
The original mapping rule would have been something like
redirect /foo/* /http://foo.bar/* proxy=reverse=location=/foo/
Check the "Location:" field for the proxied-to host name and if so rewrite it
to use the proxy server and the path indicated. If the location field does not
contain the proxied-to host name then assume it's not being redirected back to
the same service.
If the 'proxy=reverse=location=<string>' ends in an asterisk the entire 302
"Location:" URL is appended (rather than just the path) resulting in something
along the lines of
Location: http://original.host/foo/http://foo.bar/example/
which once redirected by the client can be subsequently tested for and some
action made according to the content (just a bell or whistle ;^).
The original scheme, host and 'proxy=reverse=location=<string>' information is
conveyed across the reverse-proxy redirect using redirect-persistent storage.
Returns a pointer to a dynamic buffer containing the new location string or
NULL if no rebuild was necesary.
*/
#endif /* COMMENTS_WITH_COMMENTS */
char* ProxyRebuildLocation
(
PROXY_TASK *tkptr,
char *LocationPtr
)
{
boolean RebuildLocation;
int len;
char *cptr, *lptr, *sptr, *zptr;
REQUEST_STRUCT *rqptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"ProxyRebuildLocation() !&Z",
tkptr->RequestPtr->ProxyReverseLocationPtr);
rqptr = tkptr->RequestPtr;
for (cptr = rqptr->ProxyReverseLocationPtr; *cptr; *cptr++);
if (cptr > rqptr->ProxyReverseLocationPtr) cptr--;
if (*cptr == '*')
{
/* ends in a wildcard, use whatever is in the location field */
RebuildLocation = true;
}
else
{
RebuildLocation = false;
lptr = LocationPtr;
while (*lptr && *lptr != ':' && NOTEOL(*lptr)) lptr++;
if (*lptr == ':') lptr++;
if (*lptr == '/') lptr++;
if (*lptr == '/') lptr++;
/* this will contain the redirect-to/proxied-to host */
sptr = rqptr->rqHeader.HostPtr;
while (*sptr && *lptr && TOLO(*sptr) == TOLO(*lptr))
{
sptr++;
lptr++;
}
if (!*sptr && (!*lptr || *lptr == '/')) RebuildLocation = true;
}
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY,
"!&?REBUILD\rNO REBUILD\r", RebuildLocation);
if (!RebuildLocation) return (NULL);
LocationPtr = sptr = VmGetHeap (rqptr, PROXY_LOCATION_REBUILD_BUFFER);
zptr = sptr + PROXY_LOCATION_REBUILD_BUFFER;
for (cptr = rqptr->ProxyReverseLocationPtr;
*cptr && sptr < zptr;
*sptr++ = *cptr++);
/* finished with this now */
rqptr->ProxyReverseLocationPtr = NULL;
/* prevent consecutive slashes */
if (*(sptr-1) == '/' && *lptr == '/') lptr++;
while (*lptr && !ISLWS(*lptr) && NOTEOL(*lptr) && sptr < zptr)
*sptr++ = *lptr++;
if (sptr >= zptr)
{
ErrorNoticed (rqptr, SS$_RESULTOVF, NULL, FI_LI);
strcpy (LocationPtr, "error-buffer-overflow!");
return (LocationPtr);
}
*sptr = '\0';
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchDataFormatted ("!&Z", LocationPtr);
return (LocationPtr);
}
/****************************************************************************/
/*
Using the request header fields rebuild a request header suitable for use by
the proxy server.
*/
int ProxyRequestRebuild (PROXY_TASK *tkptr)
{
#define STRCAT(str) for (cptr = str; *cptr && sptr < zptr; *sptr++ = *cptr++);
#define CHRCAT(ch) { if (sptr < zptr) *sptr++ = ch; }
static char KeepAliveField [32];
static $DESCRIPTOR (KeepAliveFieldDsc, KeepAliveField);
static $DESCRIPTOR (KeepAliveFieldFaoDsc, "Keep-Alive: timeout=!UL\r\n\0");
BOOL ForwardedBy,
XForwardedFor;
int idx, klen,
HeaderSize,
KeepAliveSeconds;
char *aptr, *cptr, *kptr, *sptr, *zptr;
char EncodedString [256];
DICT_ENTRY_STRUCT *denptr;
REQUEST_STRUCT *rqptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchThis (WATCHITM(tkptr), WATCH_MOD_PROXY, "ProxyRequestRebuild()");
rqptr = tkptr->RequestPtr;
tkptr->RebuiltRequestPtr = NULL;
for (HeaderSize = 1024; HeaderSize < MAX_REQUEST_HEADER; HeaderSize *= 2)
{
if (tkptr->RebuiltRequestPtr)
VmFreeFromHeap (rqptr, tkptr->RebuiltRequestPtr, FI_LI);
tkptr->RebuiltRequestPtr = sptr = VmGetHeap (rqptr, HeaderSize);
zptr = sptr + HeaderSize;
STRCAT (rqptr->rqHeader.MethodName)
CHRCAT (' ')
if (IPADDRESS_IS_SET (&tkptr->ChainIpAddress))
{
STRCAT ("http://")
STRCAT (tkptr->RequestHostPort)
}
STRCAT (tkptr->RequestUriPtr)
if (tkptr->RequestHttpVersion == HTTP_VERSION_0_9)
{
/*******************/
/* HTTP/0.9 header */
/*******************/
/* just end the line (and header) without an HTTP protocol version */
STRCAT ("\r\n")
}
else
{
/*******************/
/* HTTP/1.n header */
/*******************/
if (rqptr->rqHeader.HttpVersion == HTTP_VERSION_1_1)
STRCAT (" HTTP/1.1\r\n")
else
STRCAT (" HTTP/1.0\r\n")
/******************/
/* request fields */
/******************/
/* add (with some massage) the original request's header fields */
DictIterate (rqptr->rqDictPtr, NULL);
while (denptr = DictIterate (rqptr->rqDictPtr, DICT_TYPE_REQUEST))
{
cptr = kptr = DICT_GET_KEY(denptr);
if (TOUP(*cptr) == 'A')
{
/* match including the terminating null */
if (MATCH14 (cptr, "authorization") ||
strsame (cptr, "Authorization", -1))
{
if (rqptr->rqPathSet.ProxyReverseNoAuthHeader)
continue;
if (rqptr->rqPathSet.ProxyReverseVerify)
{
/* (very) special case */
ProxyVerifyRecordSet (tkptr);
if (tkptr->VerifyRecordPtr)
{
STRCAT ("Authorization: Basic ")
STRCAT (tkptr->VerifyRecordPtr->AuthorizationString)
STRCAT ("\r\n")
}
else
{
/* busy indicates increase [ProxyVerifyRecordMax] */
rqptr->rqResponse.HttpStatus = 503;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_GENERAL_TOO_BUSY),
FI_LI);
return (STS$K_ERROR);
}
continue;
}
/* inhibits caching (unless "cache-control: public") */
tkptr->RequestAuthorization = true;
}
}
/*
Hop-by-hop header fields ...
For strict HTTP/1.1 compliance the following header fields are
also hop-by-hop; "TE:", "Trailers:", "Transfer-Encoding:".
However WASD transfers chunked request bodies directly to
the proxied server and does not perform any re-encoding.
For the upgrade header field it is just suppressed as WASD does
not support changing protocols let alone HTTP-incompatible ones.
*/
if (TOUP(*cptr) == 'C' &&
(MATCH11 (cptr, "connection") ||
strsame (cptr, "Connection", -1)))
{
/* proxied WebSocket requests use connection upgrade */
if (!rqptr->WebSocketRequest) continue;
}
if (TOUP(*cptr) == 'K' &&
(MATCH11 (cptr, "keep-alive") ||
strsame (cptr, "Keep-Alive", -1)))
continue;
if (TOUP(*cptr) == 'H')
{
/* replace "Host:" field */
if (MATCH5 (cptr, "host") &&
strsame (cptr, "host", -1))
{
aptr = tkptr->RequestHostPort;
if (tkptr->ServicePtr->ProxyReworkMax)
if (rqptr->rqPathSet.ProxyReworkPtr)
if (strsame (tkptr->RequestHostPort,
rqptr->rqPathSet.ProxyReworkPtr, -1))
aptr = rqptr->rqPathSet.ProxyReworkPtr;
STRCAT ("Host: ")
STRCAT (aptr)
STRCAT ("\r\n")
continue;
}
}
if (TOUP(*cptr) == 'P')
{
/* absorb proxy authentication credentials unless CHAIN */
if (MATCH16 (cptr, "proxy-authorization") &&
strsame (cptr, "Proxy-Authorization", -1))
{
if (!rqptr->ServicePtr->ProxyChainAuthRequired ||
rqptr->rqPathSet.ProxyChainCredPtr)
continue;
}
if (MATCH16 (cptr, "proxy-connection") &&
strsame (cptr, "Proxy-Connection", -1))
continue;
}
if (TOUP(*cptr) == 'U' &&
(MATCH8 (cptr, "upgrade") ||
strsame (cptr, "Upgrade", -1)))
{
/* proxied WebSocket requests use connection upgrade */
if (!rqptr->WebSocketRequest) continue;
}
if (rqptr->rqPathSet.ProxyHeaderCount)
{
klen = strlen(kptr);
for (idx = 0; idx < rqptr->rqPathSet.ProxyHeaderCount; idx++)
{
for (aptr = rqptr->rqPathSet.ProxyHeader[idx];
*aptr && *aptr != '=';
aptr++);
/* if not this header then just on to the next */
if (aptr - rqptr->rqPathSet.ProxyHeader[idx] != klen)
continue;
if (!strsame (rqptr->rqPathSet.ProxyHeader[idx], kptr, klen))
continue;
break;
}
if (idx < rqptr->rqPathSet.ProxyHeaderCount)
{
/* if no parameter then exclude the header */
if (!*aptr) continue;
/* else set header value to the parameter (even if empty) */
aptr++;
}
else
aptr = NULL;
}
else
aptr = NULL;
/* otherwise, include this field */
while (*cptr && sptr < zptr)
{
/* make it look more like an HTTP/1.1 request by capitalising */
if (cptr == kptr || *(cptr-1) == '-')
*sptr++ = TOUP(*cptr++);
else
*sptr++ = *cptr++;
}
STRCAT (": ")
if ((cptr = aptr) == NULL) cptr = DICT_GET_VALUE(denptr);
STRCAT (cptr)
STRCAT ("\r\n")
}
if ((cptr = rqptr->ServicePtr->ProxyChainCred)[0] ||
(cptr = rqptr->rqPathSet.ProxyChainCredPtr))
{
/* upstream (chained) proxy require authorization */
if (strsame (cptr, "basic:", 6))
{
/* format is "basic:<username>:<password>" */
cptr = BasicPrintableEncode (cptr+6, EncodedString,
sizeof(EncodedString));
if (cptr[0])
{
/* error report returned by the encode function */
rqptr->rqResponse.HttpStatus = 401;
ErrorGeneral (rqptr, cptr, FI_LI);
return (STS$K_ERROR);
}
STRCAT ("Proxy-Authorization: basic ");
STRCAT (EncodedString);
STRCAT ("\r\n")
}
else
if (strsame (cptr, "opaque:", 7))
{
STRCAT ("Proxy-Authorization: ");
STRCAT (cptr + 7);
STRCAT ("\r\n")
}
else
{
rqptr->rqResponse.HttpStatus = 500;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_AUTH_SCHEME), FI_LI);
return (STS$K_ERROR);
}
}
/* proxy to remote server connection persistence */
if (tkptr->PersistentRequest)
{
STRCAT ("Connection: keep-alive\r\n")
if (rqptr->rqPathSet.TimeoutPersistent)
KeepAliveSeconds = rqptr->rqPathSet.TimeoutPersistent;
else
KeepAliveSeconds = Config.cfTimeout.Persistent;
sys$fao (&KeepAliveFieldFaoDsc, 0, &KeepAliveFieldDsc,
KeepAliveSeconds);
STRCAT (KeepAliveField)
}
else
STRCAT ("Connection: close\r\n")
/*******************************/
/* this proxy's proxied fields */
/*******************************/
ForwardedBy = ProxyForwardedBy;
if (rqptr->rqPathSet.ProxyForwardedBy)
{
if (rqptr->rqPathSet.ProxyForwardedBy == PROXY_FORWARDED_NONE)
ForwardedBy = PROXY_FORWARDED_DISABLED;
else
ForwardedBy = rqptr->rqPathSet.ProxyForwardedBy;
}
if (ForwardedBy)
{
STRCAT ("Forwarded: ")
if (ForwardedBy == PROXY_FORWARDED_BY ||
ForwardedBy == PROXY_FORWARDED_FOR ||
ForwardedBy == PROXY_FORWARDED_ADDRESS)
{
STRCAT ("by http://")
if (rqptr->ServicePtr->ServerPort == 80)
STRCAT (rqptr->ServicePtr->ServerHostName)
else
STRCAT (rqptr->ServicePtr->ServerHostPort)
STRCAT (" (")
STRCAT (SoftwareID)
CHRCAT (')')
}
if (ForwardedBy == PROXY_FORWARDED_FOR)
{
STRCAT (" for ")
STRCAT (rqptr->ClientPtr->Lookup.HostName)
}
else
if (ForwardedBy == PROXY_FORWARDED_ADDRESS)
{
STRCAT (" for ")
STRCAT (&rqptr->ClientPtr->IpAddressString)
}
if (rqptr->rqHeader.ForwardedPtr)
{
if (ForwardedBy == PROXY_FORWARDED_BY ||
ForwardedBy == PROXY_FORWARDED_FOR ||
ForwardedBy == PROXY_FORWARDED_ADDRESS)
STRCAT (", ")
STRCAT (rqptr->rqHeader.ForwardedPtr)
}
STRCAT ("\r\n")
}
XForwardedFor = ProxyXForwardedFor;
if (rqptr->rqPathSet.ProxyXForwardedFor)
{
if (rqptr->rqPathSet.ProxyXForwardedFor == PROXY_XFORWARDEDFOR_NONE)
XForwardedFor = PROXY_XFORWARDEDFOR_DISABLED;
else
XForwardedFor = rqptr->rqPathSet.ProxyXForwardedFor;
}
if (XForwardedFor)
{
STRCAT ("X-Forwarded-For: ")
if (rqptr->rqHeader.XForwardedForPtr)
{
STRCAT (rqptr->rqHeader.XForwardedForPtr)
STRCAT (", ")
}
if (XForwardedFor == PROXY_XFORWARDEDFOR_ENABLED)
STRCAT (rqptr->ClientPtr->Lookup.HostName)
else
if (XForwardedFor == PROXY_XFORWARDEDFOR_ADDRESS)
STRCAT (&rqptr->ClientPtr->IpAddressString)
else
STRCAT ("unknown")
STRCAT ("\r\n")
}
/**************************/
/* end of HTTP/1.n header */
/**************************/
/* terminate last line, end-of-header empty line */
STRCAT ("\r\n")
}
if (sptr < zptr) break;
}
if (sptr >= zptr)
{
rqptr->rqResponse.HttpStatus = 500;
ErrorGeneralOverflow (rqptr, FI_LI);
return (STS$K_ERROR);
}
*sptr = '\0';
tkptr->RebuiltRequestLength = sptr - tkptr->RebuiltRequestPtr;
if (WATCHMOD (tkptr, WATCH_MOD_PROXY))
WatchDataFormatted ("!&Z\n", tkptr->RebuiltRequestPtr);
return (SS$_NORMAL);
#undef STRCAT
#undef CHRCAT
}
/****************************************************************************/