|
|
//---------------------------------------------------------------------------
// Copyright (C) Microsoft Corporation, 1997 - 1999
//
// httpreg.c
//
// HTTP/RPC Proxy Registry Functions.
//
// Author:
// 06-16-97 Edward Reus Initial version.
//
//---------------------------------------------------------------------------
#include <sysinc.h>
#include <rpc.h>
#include <rpcdce.h>
#include <winsock2.h>
#include <httpfilt.h>
#include <httpext.h>
#include <mbstring.h>
#include "ecblist.h"
#include "filter.h"
#include "regexp.h"
//-------------------------------------------------------------------------
// AtoUS()
//
// Convert a numeric string to an unsigned short. If the conversion
// fails return FALSE.
//-------------------------------------------------------------------------
static BOOL AtoUS( char *pszValue, unsigned short *pusValue ){ int iValue; size_t iLen = strlen(pszValue);
*pusValue = 0;
if ((iLen == 0) || (iLen > 5) || (iLen != strspn(pszValue,"0123456789"))) { return FALSE; }
iValue = atoi(pszValue);
if ((iValue < 0) || (iValue > 65535)) { return FALSE; }
*pusValue = (unsigned short) iValue;
return TRUE;}
//-------------------------------------------------------------------------
// HttpParseServerPort()
//
// Parse strings of the form: <svr>:<port>[-<port>]
//
// Return TRUE iff we have a valid specification of a server/port range.
//-------------------------------------------------------------------------
static BOOL HttpParseServerPort( IN char *pszServerPortRange, OUT VALID_PORT *pValidPort ){ char *psz; char *pszColon; char *pszDash;
if (pszColon=_mbschr(pszServerPortRange,':')) { if (pszColon == pszServerPortRange) { return FALSE; }
*pszColon = 0; psz = pszColon; psz++; pValidPort->pszMachine = (char*)MemAllocate(1+lstrlen(pszServerPortRange)); if (!pValidPort->pszMachine) { return FALSE; }
lstrcpy(pValidPort->pszMachine,pszServerPortRange); *pszColon = ':'; if (*psz) { if (pszDash=_mbschr(psz,'-')) { *pszDash = 0; if (!AtoUS(psz,&pValidPort->usPort1)) { pValidPort->pszMachine = MemFree(pValidPort->pszMachine); return FALSE; }
*pszDash = '-'; psz = pszDash;
if (!AtoUS(++psz,&pValidPort->usPort2)) { pValidPort->pszMachine = MemFree(pValidPort->pszMachine); return FALSE; } } else { if (!AtoUS(psz,&pValidPort->usPort1)) { pValidPort->pszMachine = MemFree(pValidPort->pszMachine); return FALSE; }
pValidPort->usPort2 = pValidPort->usPort1; } } else { pValidPort->pszMachine = MemFree(pValidPort->pszMachine); return FALSE; } } else { return FALSE; }
return TRUE;}
//-------------------------------------------------------------------------
// HttpFreeValidPortList()
//
//-------------------------------------------------------------------------
void HttpFreeValidPortList( IN VALID_PORT *pValidPorts ){ VALID_PORT *pCurrent = pValidPorts;
if (pValidPorts) { while (pCurrent->pszMachine) { MemFree(pCurrent->pszMachine);
if (pCurrent->ppszDotMachineList) { FreeIpAddressList(pCurrent->ppszDotMachineList); }
pCurrent++; }
MemFree(pValidPorts); }}
//-------------------------------------------------------------------------
// HttpParseValidPortsList()
//
// Given a semicolon separated list of valid machine name/port ranges
// string, part it and return an array of ValidPort structures. The last
// entry has a NULL pszMachine field.
//-------------------------------------------------------------------------
static VALID_PORT *HttpParseValidPortsList( IN char *pszValidPorts ){ int i; int iLen; int count = 1; DWORD dwSize = 1+lstrlen(pszValidPorts); char *pszList; char *psz; VALID_PORT *pValidPorts = NULL;
if (!dwSize) { return NULL; }
// Make a local copy of the machine/ports list to work with:
pszList = _alloca(dwSize);
if (!pszList) { // Out of memory.
return NULL; }
lstrcpy(pszList,pszValidPorts);
// See how many separate machine/port range patterns ther are in
// the list:
//
// NOTE: That count may be too high, if either the list contains
// double semicolons or the list ends with a semicolon. If
// either/both of these happen that's Ok, our array will be
// just a little too long.
psz = pszList; while (psz=_mbsstr(psz,";")) { count++; psz++; }
pValidPorts = (VALID_PORT*)MemAllocate( (1+count)*sizeof(VALID_PORT) ); if (!pValidPorts) { // Out of memory.
return NULL; }
memset(pValidPorts,0,(1+count)*sizeof(VALID_PORT));
i = 0; while (i<count) { if (!*pszList) { // End of list. This happens when the list contained empty
// patterns.
break; }
psz = _mbsstr(pszList,";"); if (psz) { *psz = 0; // Nul where the semicolon was...
if ( (iLen=lstrlen(pszList)) == 0) { // Zero length pattern.
pszList = ++psz; continue; }
if (!HttpParseServerPort(pszList,&(pValidPorts[i++]))) { HttpFreeValidPortList(pValidPorts); return NULL; } } else { // Last one.
if (!HttpParseServerPort(pszList,&(pValidPorts[i++]))) { HttpFreeValidPortList(pValidPorts); return NULL; } }
pszList = ++psz; }
return pValidPorts;}
//-------------------------------------------------------------------------
// HttpProxyCheckRegistry()
//
// Check the registry to see if HTTP/RPC is enabled and if so, return a
// list (array) of machines that the RPC Proxy is allowed to reach (may
// be NULL. If the proxy is enabled but the list is NULL they you can
// only do RPC to processes local to the IIS HTTP/RPC Proxy. Otherwise,
// the returned list specifies specifically what machines may be reached
// by the proxy.
//
// The following registry entries are found in:
//
// \HKEY_LOCAL_MACHINE
// \Software
// \Microsoft
// \Rpc
// \RpcProxy
//
// Enabled : REG_DWORD
//
// TRUE iff the RPC proxy is enabled.
//
// ValidPorts : REG_SZ
//
// Semicolon separated list of machine/port ranges used to specify
// what machine are reachable from the RPC proxy. For example:
//
// foxtrot:1-4000;Data*:200-4000
//
// Will allow access to the machine foxtrot (port ranges 1 to 4000) and
// to all machines whose name begins with Data (port ranges 200-4000).
//
//-------------------------------------------------------------------------
BOOL HttpProxyCheckRegistry( OUT DWORD *pdwEnabled, OUT VALID_PORT **ppValidPorts ){ int i; long lStatus; DWORD dwType; DWORD dwSize; HKEY hKey; char *pszValidPorts; struct hostent UNALIGNED *pHostEnt; struct in_addr ServerInAddr;
*pdwEnabled = FALSE; *ppValidPorts = NULL;
lStatus = RegOpenKeyEx(HKEY_LOCAL_MACHINE,REG_PROXY_PATH_STR,0,KEY_READ,&hKey); if (lStatus != ERROR_SUCCESS) { return TRUE; }
dwSize = sizeof(*pdwEnabled); lStatus = RegQueryValueEx(hKey,REG_PROXY_ENABLE_STR,0,&dwType,(LPBYTE)pdwEnabled,&dwSize); if (lStatus != ERROR_SUCCESS) { RegCloseKey(hKey); return TRUE; }
if (!*pdwEnabled) { // RPC Proxy is disabled, no need to go on.
RegCloseKey(hKey); return TRUE; }
dwSize = 0; lStatus = RegQueryValueEx(hKey,REG_PROXY_VALID_PORTS_STR,0,&dwType,(LPBYTE)NULL,&dwSize); if ( (lStatus != ERROR_SUCCESS) || (dwSize == 0) ) { // I don't care if this registry entry is missing, just won't be able to talk to
// any other machines.
RegCloseKey(hKey); return TRUE; }
// dwSize is now how big the valid ports string is (including the trailing nul.
pszValidPorts = (char*)_alloca(dwSize);
lStatus = RegQueryValueEx(hKey,REG_PROXY_VALID_PORTS_STR,0,&dwType,(LPBYTE)pszValidPorts,&dwSize); if (lStatus != ERROR_SUCCESS) { RegCloseKey(hKey); return FALSE; }
RegCloseKey(hKey);
*ppValidPorts = HttpParseValidPortsList(pszValidPorts);
return TRUE;}
//-------------------------------------------------------------------------
// HttpConvertToDotAddress()
//
// Convert the specified machine name to IP dot notation if possible.
//-------------------------------------------------------------------------
char *HttpConvertToDotAddress( char *pszMachineName ){ struct hostent UNALIGNED *pHostEnt; struct in_addr MachineInAddr; char *pszDot = NULL; char *pszDotMachine = NULL;
pHostEnt = gethostbyname(pszMachineName); if (pHostEnt) { memcpy(&MachineInAddr,pHostEnt->h_addr,pHostEnt->h_length); pszDot = inet_ntoa(MachineInAddr); }
if (pszDot) { pszDotMachine = (char*)MemAllocate(1+lstrlen(pszDot)); if (pszDotMachine) { lstrcpy(pszDotMachine,pszDot); } }
return pszDotMachine;}
//-------------------------------------------------------------------------
// HttpNameToDotAddressList()
//
// Convert the specified machine name to IP dot notation if possible.
// Return a list (null terminated) of the IP dot addresses in ascii.
//
// If the function fails, then retrun NULL. It can fail if gethostbyname()
// fails, or memory allocation fails.
//-------------------------------------------------------------------------
char **HttpNameToDotAddressList( IN char *pszMachineName ){ int i; int iCount = 0; struct hostent UNALIGNED *pHostEnt; struct in_addr MachineInAddr; char **ppszDotList = NULL; char *pszDot = NULL; char *pszDotMachine = NULL;
pHostEnt = gethostbyname(pszMachineName); if (pHostEnt) { // Count how many addresses we have:
while (pHostEnt->h_addr_list[iCount]) { iCount++; }
// Make sure we have at lease one address:
if (iCount > 0) { ppszDotList = (char**)MemAllocate( sizeof(char*)*(1+iCount) ); }
// Build an array of strings, holding the addresses (ascii DOT
// notation:
if (ppszDotList) { for (i=0; i<iCount; i++) { memcpy(&MachineInAddr, pHostEnt->h_addr_list[i], pHostEnt->h_length);
pszDot = inet_ntoa(MachineInAddr);
if (pszDot) { ppszDotList[i] = (char*)MemAllocate(1+lstrlen(pszDot)); if (ppszDotList[i]) { strcpy(ppszDotList[i],pszDot); } else { // memory allocate failed:
break; } } }
ppszDotList[i] = NULL; // Null terminated list.
} }
return ppszDotList;}
//-------------------------------------------------------------------------
// CheckDotCacheTimestamp()
//
// Return true if the current time stamp is aged out.
//-------------------------------------------------------------------------
static BOOL CheckDotCacheTimestamp( DWORD dwCurrentTickCount, DWORD dwDotCacheTimestamp )
{ if ( (dwCurrentTickCount < dwDotCacheTimestamp) || ((dwCurrentTickCount - dwDotCacheTimestamp) > HOST_ADDR_CACHE_LIFE) ) { return TRUE; }
return FALSE; }
//-------------------------------------------------------------------------
// CheckPort()
//
//-------------------------------------------------------------------------
static BOOL CheckPort( SERVER_CONNECTION *pConn, VALID_PORT *pValidPort ){ return ( (pConn->dwPortNumber >= pValidPort->usPort1) && (pConn->dwPortNumber <= pValidPort->usPort2) );}
//-------------------------------------------------------------------------
// HttpProxyIsValidMachine()
//
//-------------------------------------------------------------------------
BOOL HttpProxyIsValidMachine( SERVER_INFO *pServerInfo, SERVER_CONNECTION *pConn ){ int i; char **ppszDot; DWORD dwTicks; DWORD dwSize; DWORD dwStatus; VALID_PORT *pValidPorts;
// See if the machine is this (local) one, if so, then
// its access is Ok.
if (!_mbsicmp(pConn->pszMachine,pServerInfo->pszLocalMachineName)) { return TRUE; }
// Ok convert the local machine name to dot notation and
// see if we have a match:
dwTicks = GetTickCount(); dwStatus = RtlEnterCriticalSection(&pServerInfo->cs);
// We keep a cache of the IP addresses for the local machine name,
// that chach ages out every ~5 minutes, to allow for dynamic change
// of IP addresses. This does the age-out of the IP address list:
if ( (pServerInfo->ppszLocalDotMachineList) && CheckDotCacheTimestamp(dwTicks,pServerInfo->dwDotCacheTimestamp) ) { FreeIpAddressList(pServerInfo->ppszLocalDotMachineList); pServerInfo->ppszLocalDotMachineList = NULL; }
// If we don't (or no longer have) a list of the IP addresses for the
// local machine, then generate it:
if (!pServerInfo->ppszLocalDotMachineList) { pServerInfo->dwDotCacheTimestamp = dwTicks;
pServerInfo->ppszLocalDotMachineList = HttpNameToDotAddressList(pServerInfo->pszLocalMachineName); }
// Go through a list of the IP addresses to see if we have a match.
// Note that the machine may have more than one address associated
// with it:
if ( (pServerInfo->ppszLocalDotMachineList) && (pConn->pszDotMachine) ) { ppszDot = pServerInfo->ppszLocalDotMachineList;
while (*ppszDot) { if (!_mbsicmp(pConn->pszDotMachine,*ppszDot)) { dwStatus = RtlLeaveCriticalSection(&pServerInfo->cs); return TRUE; } else { ppszDot++; } } }
dwStatus = RtlLeaveCriticalSection(&pServerInfo->cs);
// Check the machine name against those that were allowed
// in the registry:
dwStatus = RtlEnterCriticalSection(&pServerInfo->cs);
pValidPorts = pServerInfo->pValidPorts;
if (pValidPorts) { while (pValidPorts->pszMachine) { // See if we have a name match:
if ( (MatchREi(pConn->pszMachine,pValidPorts->pszMachine)) && (CheckPort(pConn,pValidPorts)) ) { dwStatus = RtlLeaveCriticalSection(&pServerInfo->cs); return TRUE; }
// The "valid entry" in the registry might be an address
// wildcard, check it:
if ( (pConn->pszDotMachine) && (MatchREi(pConn->pszDotMachine,pValidPorts->pszMachine)) && (CheckPort(pConn,pValidPorts)) ) { dwStatus = RtlLeaveCriticalSection(&pServerInfo->cs); return TRUE; }
// If the address list is aged out then get rid of it.
if ( (pValidPorts->ppszDotMachineList) && CheckDotCacheTimestamp(dwTicks,pServerInfo->dwDotCacheTimestamp)) { FreeIpAddressList(pValidPorts->ppszDotMachineList); pValidPorts->ppszDotMachineList = NULL; }
// Make up a new list of addresses for this machine.
if (!pValidPorts->ppszDotMachineList) { // Note: that this will only work if the name in the valid
// ports list is not a wildcard.
//
// Note: pServerInfo->dwCacheTicks will have been updated
// above...
//
pValidPorts->ppszDotMachineList = HttpNameToDotAddressList(pValidPorts->pszMachine); }
// Try a match using internet dot address:
if ( (pValidPorts->ppszDotMachineList) && (pConn->pszDotMachine) && (CheckPort(pConn,pValidPorts)) ) { // Note that the machine may have more than one address
// associated with it:
//
ppszDot = pValidPorts->ppszDotMachineList;
while (*ppszDot) { if (!_mbsicmp(pConn->pszDotMachine,*ppszDot)) { dwStatus = RtlLeaveCriticalSection(&pServerInfo->cs); return TRUE; } else { ppszDot++; } } }
pValidPorts++; } }
dwStatus = RtlLeaveCriticalSection(&pServerInfo->cs);
return FALSE;}
|
