archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/inetsrv/iis/setup/urlscan/updateini.cpp

439 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name :
  7. updateini.cpp
  9. Abstract:
  11. High level function to update the ini with new values
  13. Author:
  15. Christopher Achille (cachille)
  17. Project:
  19. URLScan Update
  21. Revision History:
  23. March 2002: Created
  25. --*/
  28. #include "stdafx.h"
  29. #include "windows.h"
  30. #include "updateini.h"
  31. #include "parseini.h"
  33. sURLScan_Settings g_urlSettings[] =
  34. { { L"options",
  35. L"UseAllowVerbs",
  36. { L"UseAllowVerbs=1 ; If 1, use [AllowVerbs] section, else use the",
  37. L" ; [DenyVerbs] section.",
  38. L"",
  39. NULL }
  40. }, // UseAllowVerbs
  41. { L"options",
  42. L"UseAllowExtensions",
  43. { L"UseAllowExtensions=0 ; If 1, use [AllowExtensions] section, else use",
  44. L" ; the [DenyExtensions] section.",
  45. L"",
  46. NULL }
  47. }, // UseAllowExtensions
  48. { L"options",
  49. L"NormalizeUrlBeforeScan",
  50. { L"NormalizeUrlBeforeScan=1 ; If 1, canonicalize URL before processing.",
  51. L"",
  52. NULL }
  53. }, // NormalizeUrlBeforeScan
  54. { L"options",
  55. L"VerifyNormalization",
  56. { L"VerifyNormalization=1 ; If 1, canonicalize URL twice and reject request",
  57. L" ; if a change occurs.",
  58. NULL }
  59. }, // VerifyNormalization
  60. { L"options",
  61. L"AllowHighBitCharacters",
  62. { L"AllowHighBitCharacters=0 ; If 1, allow high bit (ie. UTF8 or MBCS)",
  63. L" ; characters in URL.",
  64. L"",
  65. NULL }
  66. }, // AllowHighBitCharacters
  67. { L"options",
  68. L"AllowDotInPath",
  69. { L"AllowDotInPath=0 ; If 1, allow dots that are not file extensions.",
  70. L"",
  71. NULL }
  72. }, // AllowDotInPath
  73. { L"options",
  74. L"RemoveServerHeader",
  75. { L"RemoveServerHeader=0 ; If 1, remove the 'Server' header from response.",
  76. L"",
  77. NULL }
  78. }, // RemoveServerHeader
  79. { L"options",
  80. L"EnableLogging",
  81. { L"EnableLogging=1 ; If 1, log UrlScan activity.",
  82. L"",
  83. NULL }
  84. }, // EnableLogging
  85. { L"options",
  86. L"PerProcessLogging",
  87. { L"PerProcessLogging=0 ; If 1, the UrlScan.log filename will contain a PID",
  88. L" ; (ie. UrlScan.123.log).",
  89. L"",
  90. NULL }
  91. }, // PerProcessLogging
  92. { L"options",
  93. L"AllowLateScanning",
  94. { L"AllowLateScanning=0 ; If 1, then UrlScan will load as a low priority",
  95. L" ; filter.",
  96. L"",
  97. NULL }
  98. }, // AllowLateScanning
  99. { L"options",
  100. L"PerDayLogging",
  101. { L"PerDayLogging=1 ; If 1, UrlScan will produce a new log each day with",
  102. L" ; activity in the form 'UrlScan.010101.log'.",
  103. L"",
  104. NULL }
  105. }, // PerDayLogging
  106. { L"options",
  107. L"UseFastPathReject",
  108. { L"UseFastPathReject=0 ; If 1, then UrlScan will not use the",
  109. L" ; RejectResponseUrl or allow IIS to log the request.",
  110. L"",
  111. NULL }
  112. }, // UseFastPathReject
  113. { L"options", // Section Name
  114. L"LogLongUrls", // Setting Name
  115. { L"LogLongUrls=0 ; If 1, then up to 128K per request can be logged.",
  116. L" ; If 0, then only 1k is allowed.",
  117. L"",
  118. NULL }
  119. }, // LogLongURLs
  120. { L"options",
  121. L"RejectResponseUrl",
  122. { L";",
  123. L"; If UseFastPathReject is 0, then UrlScan will send",
  124. L"; rejected requests to the URL specified by RejectResponseUrl.",
  125. L"; If not specified, '/<Rejected-by-UrlScan>' will be used.",
  126. L";",
  127. L"",
  128. L"RejectResponseUrl=",
  129. L"",
  130. NULL }
  131. }, // RejectResponseUrl
  132. { L"options",
  133. L"LoggingDirectory",
  134. { L";",
  135. L"; LoggingDirectory can be used to specify the directory where the",
  136. L"; log file will be created. This value should be the absolute path",
  137. L"; (ie. c:\\some\\path). If not specified, then UrlScan will create",
  138. L"; the log in the same directory where the UrlScan.dll file is located.",
  139. L";",
  140. L"",
  141. L"LoggingDirectory=",
  142. L"",
  143. NULL }
  144. }, // Logging Directory
  145. { L"options",
  146. L"AlternateServerName",
  147. { L";",
  148. L"; If RemoveServerHeader is 0, then AlternateServerName can be",
  149. L"; used to specify a replacement for IIS's built in 'Server' header",
  150. L";",
  151. L"",
  152. L"AlternateServerName=",
  153. L"",
  154. NULL }
  155. }, // AlternateServerName
  156. { L"RequestLimits",
  157. L"MaxUrl",
  158. { L"MaxUrl=16384",
  159. NULL }
  160. }, // MaxUrl
  161. { L"RequestLimits",
  162. L"MaxQueryString",
  163. { L"MaxQueryString=4096",
  164. NULL}
  165. }, // MaxQueryString
  166. { L"RequestLimits",
  167. L"MaxAllowedContentLength",
  168. #ifdef PLEASE_BUILD_LESS_AGRESSIVE_DEFAULTS_VERSION
  169. { L"MaxAllowedContentLength=2000000000",
  170. #else
  171. { L"MaxAllowedContentLength=30000000",
  172. #endif
  173. NULL }
  174. } // MaxAllowedContentLength
  175. };
  177. sURLScan_Sections g_urlSections[] =
  178. { { L"RequestLimits", // Section Name
  179. { L"",
  180. L";",
  181. L"; The entries in this section impose limits on the length",
  182. L"; of allowed parts of requests reaching the server.",
  183. L";",
  184. L"; It is possible to impose a limit on the length of the",
  185. L"; value of a specific request header by prepending \"Max-\" to the",
  186. L"; name of the header. For example, the following entry would",
  187. L"; impose a limit of 100 bytes to the value of the",
  188. L"; 'Content-Type' header:",
  189. L";",
  190. L"; Max-Content-Type=100",
  191. L";",
  192. L"; To list a header and not specify a maximum value, use 0",
  193. L"; (ie. 'Max-User-Agent=0'). Also, any headers not listed",
  194. L"; in this section will not be checked for length limits.",
  195. L";",
  196. L"; There are 3 special case limits:",
  197. L";",
  198. L"; - MaxAllowedContentLength specifies the maximum allowed",
  199. L"; numeric value of the Content-Length request header. For",
  200. L"; example, setting this to 1000 would cause any request",
  201. L"; with a content length that exceeds 1000 to be rejected.",
  202. #ifdef PLEASE_BUILD_LESS_AGRESSIVE_DEFAULTS_VERSION
  203. L"; The default is 2000000000.",
  204. #else
  205. L"; The default is 30000000.",
  206. #endif
  207. L";",
  208. L"; - MaxUrl specifies the maximum length of the request URL,",
  209. L"; not including the query string. The default is 260 (which",
  210. L"; is equivalent to MAX_PATH).",
  211. L";",
  212. L"; - MaxQueryString specifies the maximum length of the query",
  213. L"; string. The default is 4096.",
  214. L";",
  215. L"",
  216. #ifdef PLEASE_BUILD_LESS_AGRESSIVE_DEFAULTS_VERSION
  217. L"MaxAllowedContentLength=2000000000",
  218. #else
  219. L"MaxAllowedContentLength=30000000",
  220. #endif
  221. L"MaxUrl=16384",
  222. L"MaxQueryString=4096",
  223. L"",
  224. NULL }
  225. } // end of RequestLimits
  226. };
  228. sURLScan_Items g_urlItems[] =
  229. { { L"DenyHeaders",
  230. L"Transfer-Encoding:",
  231. { L"Transfer-Encoding:",
  232. NULL }
  233. }
  234. };
  236. // GetListLen
  237. //
  238. // Retrieve the Length of a variable length array of Strings
  239. // This is a special case function that works for our structs
  240. // above, because we leave the last String as NULL
  241. //
  242. DWORD GetListLen(LPWSTR szLines[])
  243. {
  244. DWORD dwLen = 0;
  246. while ( szLines[dwLen] != NULL )
  247. {
  248. dwLen++;
  249. }
  251. return dwLen;
  252. }
  254. // GetIniPath
  255. //
  256. // Given the Path to the Dll, create the path to the ini
  257. //
  258. // Parameters:
  259. // szDllPath - [in] The path to the binary for urlscan.dll
  260. // szIniPath - [out] The path to the ini file
  261. // dwIniLen - [in] The length of the string passed in for szIniPath
  262. //
  263. BOOL GetIniPath( LPTSTR szDllPath, LPTSTR szIniPath, DWORD dwIniLen )
  264. {
  265. LPTSTR szLastPeriod;
  267. if ( _tcslen( szDllPath ) >= ( dwIniLen - 3 ) )
  268. {
  269. // Error, string is not big enough
  270. return FALSE;
  271. }
  273. _tcscpy( szIniPath, szDllPath);
  275. szLastPeriod = _tcsrchr( szIniPath, '.' );
  277. if ( !szLastPeriod )
  278. {
  279. // Can not find the extension
  280. return FALSE;
  281. }
  283. _tcscpy( szLastPeriod, URLSCAN_INI_EXTENSION );
  285. return TRUE;
  286. }
  288. // UpdateIniSections
  289. //
  290. // Update the Sections in the Ini, by merging them with the ones we have
  291. // defined
  292. //
  293. BOOL UpdateIniSections( CIniFile *pURLScanIniFile )
  294. {
  295. DWORD dwCurrentSection;
  297. for ( dwCurrentSection = 0;
  298. dwCurrentSection < ( (DWORD) sizeof( g_urlSections ) / sizeof ( sURLScan_Sections ) );
  299. dwCurrentSection++)
  300. {
  301. if ( !pURLScanIniFile->DoesSectionExist( g_urlSections[ dwCurrentSection].szSection ) )
  302. {
  303. // Try to Create Section Then
  304. if ( !pURLScanIniFile->AddSection( g_urlSections[dwCurrentSection].szSection ) )
  305. {
  306. // Failed to Add Section
  307. return FALSE;
  308. }
  310. // Now try to add the correct lines to it
  311. if ( g_urlSections[dwCurrentSection].szLines &&
  312. !pURLScanIniFile->AddLinesToSection( g_urlSections[dwCurrentSection].szSection,
  313. GetListLen( g_urlSections[dwCurrentSection].szLines ),
  314. g_urlSections[dwCurrentSection].szLines ) )
  315. {
  316. // Failed to Add Lines
  317. return FALSE;
  318. }
  319. }
  320. }
  322. return TRUE;
  323. }
  325. // UpdateIniSettings
  326. //
  327. // Update the Ini Settings inside the different sections if they are
  328. // not already set
  329. //
  330. BOOL UpdateIniSettings( CIniFile *pURLScanIniFile )
  331. {
  332. DWORD dwCurrentSettings;
  334. for ( dwCurrentSettings = 0;
  335. dwCurrentSettings < ( (DWORD) sizeof( g_urlSettings ) / sizeof ( sURLScan_Settings ) );
  336. dwCurrentSettings++)
  337. {
  338. if ( !pURLScanIniFile->DoesSectionExist( g_urlSettings[ dwCurrentSettings].szSection ) )
  339. {
  340. // Create Section Since it does not exist
  341. if ( !pURLScanIniFile->AddSection( g_urlSettings[dwCurrentSettings].szSection ) )
  342. {
  343. return FALSE;
  344. }
  345. } // !pURLScanIniFile->DoesSectionExist
  347. if ( !pURLScanIniFile->DoesSettingInSectionExist( g_urlSettings[dwCurrentSettings].szSection,
  348. g_urlSettings[dwCurrentSettings].szSettingName ) )
  349. {
  350. // This setting does not exist, so lets add it
  351. if ( !pURLScanIniFile->AddLinesToSection( g_urlSettings[dwCurrentSettings].szSection,
  352. GetListLen( g_urlSettings[dwCurrentSettings].szLines ),
  353. g_urlSettings[dwCurrentSettings].szLines ) )
  354. {
  355. return FALSE;
  356. }
  357. } // !pURLScanIniFile->DoesSettingInSectionExist
  358. }
  360. return TRUE;
  361. }
  363. // UpdateIniItems
  364. //
  365. // Update the Ini Settings inside the different sections if they are
  366. // not already set
  367. //
  368. BOOL UpdateIniItems( CIniFile *pURLScanIniFile )
  369. {
  370. DWORD dwCurrentItems;
  372. for ( dwCurrentItems = 0;
  373. dwCurrentItems < ( (DWORD) sizeof( g_urlItems ) / sizeof ( sURLScan_Items ) );
  374. dwCurrentItems++)
  375. {
  376. if ( !pURLScanIniFile->DoesSectionExist( g_urlItems[ dwCurrentItems].szSection ) )
  377. {
  378. // Create Section Since it does not exist
  379. if ( !pURLScanIniFile->AddSection( g_urlSettings[dwCurrentItems].szSection ) )
  380. {
  381. return FALSE;
  382. }
  383. } // !pURLScanIniFile->DoesSectionExist
  385. if ( !pURLScanIniFile->DoesItemInSectionExist( g_urlItems[dwCurrentItems].szSection,
  386. g_urlItems[dwCurrentItems].szSettingName ) )
  387. {
  388. // This setting does not exist, so lets add it
  389. if ( !pURLScanIniFile->AddLinesToSection( g_urlItems[dwCurrentItems].szSection,
  390. GetListLen( g_urlItems[dwCurrentItems].szLines ),
  391. g_urlItems[dwCurrentItems].szLines ) )
  392. {
  393. return FALSE;
  394. }
  395. } // !pURLScanIniFile->DoesItemInSectionExist
  396. }
  398. return TRUE;
  399. }
  401. // UpdateIni File
  402. //
  403. // Update the inf file with the new features
  404. //
  405. BOOL UpdateIni( LPTSTR szUrlScanPath )
  406. {
  407. CIniFile URLScanIniFile;
  408. TCHAR szIniLocation[MAX_PATH];
  409. BOOL bRet = TRUE;
  411. if ( !GetIniPath( szUrlScanPath, szIniLocation, MAX_PATH ) ||
  412. !URLScanIniFile.LoadFile( szIniLocation ) )
  413. {
  414. // Either we couldn't determine the location, or we couldn't
  415. // load the file
  416. return FALSE;
  417. }
  419. if ( bRet )
  420. {
  421. // Note: UpdateIniSections must come before UpdateIniSettings
  422. #ifdef PLEASE_BUILD_LESS_AGRESSIVE_DEFAULTS_VERSION
  423. bRet = UpdateIniSections( &URLScanIniFile ) &&
  424. UpdateIniSettings( &URLScanIniFile );
  425. #else
  426. bRet = UpdateIniSections( &URLScanIniFile ) &&
  427. UpdateIniSettings( &URLScanIniFile ) &&
  428. UpdateIniItems( &URLScanIniFile );
  429. #endif
  430. }
  432. if ( bRet )
  433. {
  434. // Everything so far so good, so lets write the new ini
  435. bRet = URLScanIniFile.SaveFile( szIniLocation );
  436. }
  438. return bRet;
  439. }