[myserver-commit] [3019] Possibility to disable a specific HTTP command.

[Giuseppe Scrivano]

Revision: 3019
          http://svn.sv.gnu.org/viewvc/?view=rev&root=myserver&revision=3019
Author:   gscrivano
Date:     2009-03-02 21:27:19 +0000 (Mon, 02 Mar 2009)
Log Message:
-----------
Possibility to disable a specific HTTP command.

Modified Paths:
--------------
    trunk/myserver/documentation/virtual_hosts.texi
    trunk/myserver/include/protocol/http/http.h
    trunk/myserver/src/protocol/http/http.cpp

Modified: trunk/myserver/documentation/virtual_hosts.texi
===================================================================
--- trunk/myserver/documentation/virtual_hosts.texi     2009-03-01 18:35:31 UTC 
(rev 3018)
+++ trunk/myserver/documentation/virtual_hosts.texi     2009-03-02 21:27:19 UTC 
(rev 3019)
@@ -118,15 +118,13 @@
 @file{foo/bar/a/file}, everything that follows @file{foo/bar} will be
 part of @code{PATH_INFO}.
 
address@hidden HTTP trace command
-MyServer gives you the option to enable the HTTP TRACE command for
-each virtual host.
address@hidden Disable specific HTTP methods
+MyServer gives you the option to enable or disable HTTP methods
+command for each virtual host.  It can be done trought the
address@hidden variable.
 
-This value can be specified in the global and in the virtual host
-configuration.
+For example, the HTTP TRACE command can be disabled using:
 
 @example
-<DEFINE name="http.allow_trace" value="YES" />
+<DEFINE name="http.trace.allow" value="NO" />
 @end example
-
-By default, it's disabled.

Modified: trunk/myserver/include/protocol/http/http.h
===================================================================
--- trunk/myserver/include/protocol/http/http.h 2009-03-01 18:35:31 UTC (rev 
3018)
+++ trunk/myserver/include/protocol/http/http.h 2009-03-02 21:27:19 UTC (rev 
3019)
@@ -123,9 +123,6 @@
                       int onlyHeader = 0,
                       int yetMapped = 0);
 
-  bool allowHTTPTRACE();
-
-
   int optionsHTTPRESOURCE(string &filename,
                           int yetMapped = 0);
 
@@ -135,6 +132,8 @@
   int deleteHTTPRESOURCE(string& filename,
                          int yetMapped = 0);
 
+  bool allowMethod(const char *name);
+
   int raiseHTTPError(int ID);
 
   int sendHTTPhardError500();

Modified: trunk/myserver/src/protocol/http/http.cpp
===================================================================
--- trunk/myserver/src/protocol/http/http.cpp   2009-03-01 18:35:31 UTC (rev 
3018)
+++ trunk/myserver/src/protocol/http/http.cpp   2009-03-02 21:27:19 UTC (rev 
3019)
@@ -109,7 +109,7 @@
   try
   {
     HttpRequestHeader::Entry *connection = td->request.other.get("Connection");
-    string methods("OPTIONS, GET, POST, HEAD, DELETE, PUT");
+    string methods("OPTIONS, GET, POST, HEAD, DELETE, PUT, TRACE");
 
     HashMap<string, DynamicHttpCommand*>::Iterator it = 
staticHttp.dynCmdManager.begin();
     while(it != staticHttp.dynCmdManager.end())
@@ -132,17 +132,9 @@
     if(connection && connection->value->length())
       *td->secondaryBuffer << "\r\nConnection:" << connection->value->c_str() 
<< "\r\n";
     *td->secondaryBuffer <<"Content-Length: 0\r\nAccept-Ranges: bytes\r\n";
-    *td->secondaryBuffer << "Allow: " << methods << "\r\n";
+    *td->secondaryBuffer << "Allow: " << methods << "\r\n\r\n";
 
-    /*!
-     *Check if the TRACE command is allowed on the virtual host.
-     */
-    if (allowHTTPTRACE ())
-      *td->secondaryBuffer << ", TRACE\r\n";
-
-    *td->secondaryBuffer << "r\n";
-
-    /*! Send the HTTP header. */
+    /* Send the HTTP header. */
     ret = td->connection->socket->send(td->secondaryBuffer->getBuffer(),
                                       
(u_long)td->secondaryBuffer->getLength(), 0);
     if( ret == SOCKET_ERROR )
@@ -180,9 +172,6 @@
     tmp.intToStr(contentLength, tmpStr, 12);
     getRFC822GMTTime(time, HTTP_RESPONSE_DATE_DIM);
 
-    if (!allowHTTPTRACE ())
-      return raiseHTTPError (401);
-
     td->secondaryBuffer->setLength(0);
     *td->secondaryBuffer << "HTTP/1.1 200 OK\r\n";
     *td->secondaryBuffer << "Date: " << time << "\r\n";
@@ -218,18 +207,22 @@
 }
 
 /*!
- *Check if the host allows the HTTP TRACE command.
+ *Check if the method is allowed.
+ *\param method The HTTP method name.
+ *\return true if it is allowed.
  */
-bool Http::allowHTTPTRACE()
+bool Http::allowMethod(const char *method)
 {
-  const char *allowTrace = td->securityToken.getHashedData 
("http.allow_trace", 
-                                                            
MYSERVER_VHOST_CONF |
-                                                            
MYSERVER_SERVER_CONF, "NO");
+  char name[64];
+  sprintf ("http.%s.allow", method);
+  const char *allow = td->securityToken.getHashedData (name, 
+                                                       MYSERVER_VHOST_CONF |
+                                                       MYSERVER_SERVER_CONF, 
"YES");
 
-  if (!strcmpi (allowTrace, "YES"))
-    return true;
-  else
+  if (!strcmpi (allow, "NO"))
     return false;
+  else
+    return true;
 }
 
 /*!
@@ -1356,10 +1349,9 @@
 
       if(!ret)
       {
-        /*
-         *Here we control all the HTTP commands.
-         */
-        
+        if (!allowMethod (td->request.cmd.c_str ()))
+          return raiseHTTPError (401);
+
         /* GET REQUEST.  */
         if(!td->request.cmd.compare("GET"))
           ret = sendHTTPResource(td->request.uri);