1 /* Copyright (C) 2001 by Eric Kidd. All rights reserved.
3 ** Redistribution and use in source and binary forms, with or without
4 ** modification, are permitted provided that the following conditions
6 ** 1. Redistributions of source code must retain the above copyright
7 ** notice, this list of conditions and the following disclaimer.
8 ** 2. Redistributions in binary form must reproduce the above copyright
9 ** notice, this list of conditions and the following disclaimer in the
10 ** documentation and/or other materials provided with the distribution.
11 ** 3. The name of the author may not be used to endorse or promote products
12 ** derived from this software without specific prior written permission.
14 ** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 ** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 ** ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 ** FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 ** DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 ** OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 ** HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 ** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 ** OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include "xmlrpc_config.h"
33 /* Windows NT stdout binary mode fix. */
39 #include "xmlrpc-c/base.h"
40 #include "xmlrpc-c/server.h"
41 #include "xmlrpc-c/server_cgi.h"
44 /*=========================================================================
46 **=========================================================================
47 ** These routines send various kinds of responses to the server.
51 send_xml(const char * const xml_data,
52 size_t const xml_len) {
54 _setmode(_fileno(stdout), _O_BINARY);
56 /* Send our CGI headers back to the server.
57 ** XXX - Coercing 'size_t' to 'unsigned long' might be unsafe under
58 ** really weird circumstances. */
59 fprintf(stdout, "Status: 200 OK\n");
60 /* Handle authentication cookie being sent back. */
61 if (getenv("HTTP_COOKIE_AUTH") != NULL)
62 fprintf(stdout, "Set-Cookie: auth=%s\n", getenv("HTTP_COOKIE_AUTH"));
63 fprintf(stdout, "Content-type: text/xml; charset=\"utf-8\"\n");
64 fprintf(stdout, "Content-length: %ld\n\n", (unsigned long) xml_len);
66 /* Blast out our data. */
67 fwrite(xml_data, sizeof(char), xml_len, stdout);
73 send_error(int const code,
74 const char * const message,
75 xmlrpc_env * const env) {
78 _setmode(_fileno(stdout), _O_BINARY);
80 /* Send an error header. */
81 fprintf(stdout, "Status: %d %s\n", code, message);
82 fprintf(stdout, "Content-type: text/html\n\n");
84 /* Send an error message. */
85 fprintf(stdout, "<title>%d %s</title>\n", code, message);
86 fprintf(stdout, "<h1>%d %s</h1>\n", code, message);
87 fprintf(stdout, "<p>An error occurred processing your request.</p>\n");
89 /* Print out the XML-RPC fault, if present. */
90 if (env && env->fault_occurred)
91 fprintf(stdout, "<p>XML-RPC Fault #%d: %s</p>\n",
92 env->fault_code, env->fault_string);
96 /*=========================================================================
97 ** die_if_fault_occurred
98 **=========================================================================
99 ** Certain kinds of errors aren't worth the trouble of generating
100 ** an XML-RPC fault. For these, we just send status 500 to our web server
101 ** and log the fault to our server log.
105 die_if_fault_occurred(xmlrpc_env * const env) {
106 if (env->fault_occurred) {
107 fprintf(stderr, "Unexpected XML-RPC fault: %s (%d)\n",
108 env->fault_string, env->fault_code);
109 send_error(500, "Internal Server Error", env);
115 /*=========================================================================
116 ** Initialization, Cleanup & Method Registry
117 **=========================================================================
118 ** These are all related, so we group them together.
121 static xmlrpc_registry * globalRegistryP;
123 /*=========================================================================
125 **=========================================================================
126 ** Slurp the body of the request into an xmlrpc_mem_block.
129 static xmlrpc_mem_block *
130 get_body(xmlrpc_env * const env,
131 size_t const length) {
133 xmlrpc_mem_block *result;
137 XMLRPC_ASSERT_ENV_OK(env);
139 /* Error-handling preconditions. */
143 /* Fix from Jeff Stewart: NT opens stdin and stdout in text mode
144 by default, badly confusing our length calculations. So we need
145 to set the file handle to binary.
147 _setmode(_fileno(stdin), _O_BINARY);
149 /* XXX - Puke if length is too big. */
151 /* Allocate our memory block. */
152 result = xmlrpc_mem_block_new(env, length);
153 XMLRPC_FAIL_IF_FAULT(env);
154 contents = XMLRPC_TYPED_MEM_BLOCK_CONTENTS(char, result);
156 /* Get our data off the network.
157 ** XXX - Coercing 'size_t' to 'unsigned long' might be unsafe under
158 ** really weird circumstances. */
159 count = fread(contents, sizeof(char), length, stdin);
161 XMLRPC_FAIL2(env, XMLRPC_INTERNAL_ERROR,
162 "Expected %ld bytes, received %ld",
163 (unsigned long) length, (unsigned long) count);
166 if (env->fault_occurred) {
168 xmlrpc_mem_block_free(result);
177 xmlrpc_server_cgi_process_call(xmlrpc_registry * const registryP) {
178 /*----------------------------------------------------------------------------
179 Get the XML-RPC call from Standard Input and environment variables,
180 parse it, find the right method, call it, prepare an XML-RPC
181 response with the result, and write it to Standard Output.
182 -----------------------------------------------------------------------------*/
184 char *method, *type, *length_str;
186 xmlrpc_mem_block *input, *output;
187 char *input_data, *output_data;
188 size_t input_size, output_size;
192 /* Error-handling preconditions. */
193 xmlrpc_env_init(&env);
194 input = output = NULL;
196 /* Set up a default error message. */
197 code = 500; message = "Internal Server Error";
199 /* Get our HTTP information from the environment. */
200 method = getenv("REQUEST_METHOD");
201 type = getenv("CONTENT_TYPE");
202 length_str = getenv("CONTENT_LENGTH");
204 /* Perform some sanity checks. */
205 if (!method || 0 != strcmp(method, "POST")) {
206 code = 405; message = "Method Not Allowed";
207 XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Expected HTTP method POST");
209 if (!type || 0 != strcmp(type, "text/xml")) {
210 code = 400; message = "Bad Request";
211 XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Expected text/xml content");
214 code = 411; message = "Length Required";
215 XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Content-length required");
218 /* Get our content length. */
219 length = atoi(length_str);
221 code = 400; message = "Bad Request";
222 XMLRPC_FAIL(&env, XMLRPC_INTERNAL_ERROR, "Content-length must be > 0");
225 /* SECURITY: Make sure our content length is legal.
226 ** XXX - We can cast 'input_len' because we know it's >= 0, yes? */
227 if ((size_t) length > xmlrpc_limit_get(XMLRPC_XML_SIZE_LIMIT_ID)) {
228 code = 400; message = "Bad Request";
229 XMLRPC_FAIL(&env, XMLRPC_LIMIT_EXCEEDED_ERROR,
230 "XML-RPC request too large");
234 input = get_body(&env, length);
235 XMLRPC_FAIL_IF_FAULT(&env);
236 input_data = XMLRPC_TYPED_MEM_BLOCK_CONTENTS(char, input);
237 input_size = XMLRPC_TYPED_MEM_BLOCK_SIZE(char, input);
239 /* Process our call. */
240 output = xmlrpc_registry_process_call(&env, registryP, NULL,
241 input_data, input_size);
242 XMLRPC_FAIL_IF_FAULT(&env);
243 output_data = XMLRPC_TYPED_MEM_BLOCK_CONTENTS(char, output);
244 output_size = XMLRPC_TYPED_MEM_BLOCK_SIZE(char, output);
247 send_xml(output_data, output_size);
251 xmlrpc_mem_block_free(input);
253 xmlrpc_mem_block_free(output);
255 if (env.fault_occurred)
256 send_error(code, message, &env);
258 xmlrpc_env_clean(&env);
264 xmlrpc_cgi_init(int const flags ATTR_UNUSED) {
267 xmlrpc_env_init(&env);
268 globalRegistryP = xmlrpc_registry_new(&env);
269 die_if_fault_occurred(&env);
270 xmlrpc_env_clean(&env);
276 xmlrpc_cgi_cleanup(void) {
277 xmlrpc_registry_free(globalRegistryP);
283 xmlrpc_cgi_registry(void) {
284 return globalRegistryP;
290 xmlrpc_cgi_add_method(const char * const method_name,
291 xmlrpc_method const method,
292 void * const user_data) {
294 xmlrpc_env_init(&env);
295 xmlrpc_registry_add_method(&env, globalRegistryP, NULL, method_name,
297 die_if_fault_occurred(&env);
298 xmlrpc_env_clean(&env);
304 xmlrpc_cgi_add_method_w_doc(const char * const method_name,
305 xmlrpc_method const method,
306 void * const user_data,
307 const char * const signature,
308 const char * const help) {
310 xmlrpc_env_init(&env);
311 xmlrpc_registry_add_method_w_doc(&env, globalRegistryP, NULL, method_name,
312 method, user_data, signature, help);
313 die_if_fault_occurred(&env);
314 xmlrpc_env_clean(&env);
320 xmlrpc_cgi_process_call(void) {
322 xmlrpc_server_cgi_process_call(globalRegistryP);