1 /* libhttpd.c - HTTP protocol library
2 **
3 ** Copyright © 1995,1998,1999,2000,2001,2015 by
4 ** Jef Poskanzer <jef@mail.acme.com>. All rights reserved.
5 **
6 ** Redistribution and use in source and binary forms, with or without
7 ** modification, are permitted provided that the following conditions
8 ** are met:
9 ** 1. Redistributions of source code must retain the above copyright
10 ** notice, this list of conditions and the following disclaimer.
11 ** 2. Redistributions in binary form must reproduce the above copyright
12 ** notice, this list of conditions and the following disclaimer in the
13 ** documentation and/or other materials provided with the distribution.
14 **
15 ** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 ** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 ** ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 ** FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 ** DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 ** OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 ** HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 ** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 ** OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 ** SUCH DAMAGE.
26 */
27
28
29 #include "config.h"
30 #include "version.h"
31
32 #ifdef SHOW_SERVER_VERSION
33 #define EXPOSED_SERVER_SOFTWARE SERVER_SOFTWARE
34 #else /* SHOW_SERVER_VERSION */
35 #define EXPOSED_SERVER_SOFTWARE "Haiku/PoorMan"
36 #endif /* SHOW_SERVER_VERSION */
37
38 #include <sys/types.h>
39 #include <sys/param.h>
40 #include <sys/stat.h>
41
42 #include <ctype.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #include <time.h>
46 #ifdef HAVE_MEMORY_H
47 #include <memory.h>
48 #endif /* HAVE_MEMORY_H */
49 #include <pwd.h>
50 #include <signal.h>
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <strings.h>
54 //#include <syslog.h>
55 #include <unistd.h>
56 #include <stdarg.h>
57 #include <pthread.h>
58 #include <StorageDefs.h>
59 #include <GraphicsDefs.h>
60
61 #ifdef HAVE_OSRELDATE_H
62 #include <osreldate.h>
63 #endif /* HAVE_OSRELDATE_H */
64
65 #ifdef HAVE_DIRENT_H
66 # include <dirent.h>
67 # define NAMLEN(dirent) strlen((dirent)->d_name)
68 #else
69 # define dirent direct
70 # define NAMLEN(dirent) (dirent)->d_namlen
71 # ifdef HAVE_SYS_NDIR_H
72 # include <sys/ndir.h>
73 # endif
74 # ifdef HAVE_SYS_DIR_H
75 # include <sys/dir.h>
76 # endif
77 # ifdef HAVE_NDIR_H
78 # include <ndir.h>
79 # endif
80 #endif
81
82 #include "libhttpd.h"
83 //#include "mmc.h"
84 //#include "timers.h"
85 #include "match.h"
86 #include "tdate_parse.h"
87 #include "../PoorManServer.h"
88 #include "../PoorManLogger.h"
89
90 #ifndef STDIN_FILENO
91 #define STDIN_FILENO 0
92 #endif
93 #ifndef STDOUT_FILENO
94 #define STDOUT_FILENO 1
95 #endif
96 #ifndef STDERR_FILENO
97 #define STDERR_FILENO 2
98 #endif
99
100 #ifndef SHUT_WR
101 #define SHUT_WR 1
102 #endif
103
104 #ifndef HAVE_INT64T
105 typedef long long int64_t;
106 #endif
107
108 #ifndef HAVE_SOCKLENT
109 typedef int socklen_t;
110 #endif
111
112 #ifdef __CYGWIN__
113 #define timezone _timezone
114 #endif
115
116 #ifndef MAX
117 #define MAX(a,b) ((a) > (b) ? (a) : (b))
118 #endif
119 #ifndef MIN
120 #define MIN(a,b) ((a) < (b) ? (a) : (b))
121 #endif
122
123
124 /* Forwards. */
125 static void check_options( void );
126 static void free_httpd_server( httpd_server* hs );
127 //static int initialize_listen_socket( httpd_sockaddr* saP );
128 static void add_response( httpd_conn* hc, char* str );
129 static void send_mime( httpd_conn* hc, int status, char* title, char* encodings, char* extraheads, char* type, off_t length, time_t mod );
130 static void send_response( httpd_conn* hc, int status, char* title, char* extraheads, char* form, char* arg );
131 static void send_response_tail( httpd_conn* hc );
132 static void defang( char* str, char* dfstr, int dfsize );
133 #ifdef ERR_DIR
134 static int send_err_file( httpd_conn* hc, int status, char* title, char* extraheads, char* filename );
135 #endif /* ERR_DIR */
136 #ifdef AUTH_FILE
137 static void send_authenticate( httpd_conn* hc, char* realm );
138 static int b64_decode( const char* str, unsigned char* space, int size );
139 static int auth_check( httpd_conn* hc, char* dirname );
140 static int auth_check2( httpd_conn* hc, char* dirname );
141 #endif /* AUTH_FILE */
142 static void send_dirredirect( httpd_conn* hc );
143 static int hexit( char c );
144 static void strdecode( char* to, char* from );
145 #ifdef GENERATE_INDEXES
146 static void strencode( char* to, int tosize, char* from );
147 #endif /* GENERATE_INDEXES */
148 #ifdef TILDE_MAP_1
149 static int tilde_map_1( httpd_conn* hc );
150 #endif /* TILDE_MAP_1 */
151 #ifdef TILDE_MAP_2
152 static int tilde_map_2( httpd_conn* hc );
153 #endif /* TILDE_MAP_2 */
154 static int vhost_map( httpd_conn* hc );
155 static char* expand_symlinks( char* path, char** restP, int no_symlink_check, int tildemapped );
156 static char* bufgets( httpd_conn* hc );
157 static void de_dotdot( char* file );
158 static void init_mime( void );
159 static void figure_mime( httpd_conn* hc );
160 #ifdef CGI_TIMELIMIT
161 static void cgi_kill2( ClientData client_data, struct timeval* nowP );
162 static void cgi_kill( ClientData client_data, struct timeval* nowP );
163 #endif /* CGI_TIMELIMIT */
164 #ifdef GENERATE_INDEXES
165 static int ls( httpd_conn* hc );
166 #endif /* GENERATE_INDEXES */
167 //static char* build_env( char* fmt, char* arg );
168 #ifdef SERVER_NAME_LIST
169 static char* hostname_map( char* hostname );
170 #endif /* SERVER_NAME_LIST */
171 //static char** make_envp( httpd_conn* hc );
172 static char** make_argp( httpd_conn* hc );
173 static void cgi_interpose_input( httpd_conn* hc, int wfd );
174 static void post_post_garbage_hack( httpd_conn* hc );
175 static void cgi_interpose_output( httpd_conn* hc, int rfd );
176 static void cgi_child( httpd_conn* hc );
177 static int cgi( httpd_conn* hc );
178 static int really_start_request( httpd_conn* hc, struct timeval* nowP );
179 static void make_log_entry( httpd_conn* hc, struct timeval* nowP );
180 static int check_referrer( httpd_conn* hc );
181 static int really_check_referrer( httpd_conn* hc );
182 static int sockaddr_check( httpd_sockaddr* saP );
183 static size_t sockaddr_len( httpd_sockaddr* saP );
184 static int my_snprintf( char* str, size_t size, const char* format, ... );
185 #ifndef HAVE_ATOLL
186 static long long atoll( const char* str );
187 #endif /* HAVE_ATOLL */
188
189
190 /* This global keeps track of whether we are in the main process or a
191 ** sub-process. The reason is that httpd_write_response() can get called
192 ** in either context; when it is called from the main process it must use
193 ** non-blocking I/O to avoid stalling the server, but when it is called
194 ** from a sub-process it wants to use blocking I/O so that the whole
195 ** response definitely gets written. So, it checks this variable. A bit
196 ** of a hack but it seems to do the right thing.
197 */
198 //static int sub_process = 0;
199
200
201 static void
check_options(void)202 check_options( void )
203 {
204 #if defined(TILDE_MAP_1) && defined(TILDE_MAP_2)
205 // syslog( LOG_CRIT, "both TILDE_MAP_1 and TILDE_MAP_2 are defined" );
206 exit( 1 );
207 #endif /* both */
208 }
209
210
211 static void
free_httpd_server(httpd_server * hs)212 free_httpd_server( httpd_server* hs )
213 {
214 if ( hs->binding_hostname != (char*) 0 )
215 free( (void*) hs->binding_hostname );
216 if ( hs->cwd != (char*) 0 )
217 free( (void*) hs->cwd );
218 if ( hs->cgi_pattern != (char*) 0 )
219 free( (void*) hs->cgi_pattern );
220 if ( hs->charset != (char*) 0 )
221 free( (void*) hs->charset );
222 if ( hs->p3p != (char*) 0 )
223 free( (void*) hs->p3p );
224 if ( hs->url_pattern != (char*) 0 )
225 free( (void*) hs->url_pattern );
226 if ( hs->local_pattern != (char*) 0 )
227 free( (void*) hs->local_pattern );
228 free( (void*) hs );
229 }
230
231
232 httpd_server*
httpd_initialize(char * hostname,httpd_sockaddr * sa4P,httpd_sockaddr * sa6P,unsigned short port,char * cgi_pattern,int cgi_limit,char * charset,char * p3p,int max_age,char * cwd,int no_log,FILE * logfp,int no_symlink_check,int vhost,int global_passwd,char * url_pattern,char * local_pattern,int no_empty_referrers)233 httpd_initialize(
234 char* hostname, httpd_sockaddr* sa4P, httpd_sockaddr* sa6P,
235 unsigned short port, char* cgi_pattern, int cgi_limit, char* charset,
236 char* p3p, int max_age, char* cwd, int no_log, FILE* logfp,
237 int no_symlink_check, int vhost, int global_passwd, char* url_pattern,
238 char* local_pattern, int no_empty_referrers )
239 {
240 httpd_server* hs;
241 static char ghnbuf[256];
242 char* cp;
243
244 check_options();
245
246 hs = NEW( httpd_server, 1 );
247 if ( hs == (httpd_server*) 0 )
248 {
249 // syslog( LOG_CRIT, "out of memory allocating an httpd_server" );
250 return (httpd_server*) 0;
251 }
252
253 if ( hostname != (char*) 0 )
254 {
255 hs->binding_hostname = strdup( hostname );
256 if ( hs->binding_hostname == (char*) 0 )
257 {
258 // syslog( LOG_CRIT, "out of memory copying hostname" );
259 return (httpd_server*) 0;
260 }
261 hs->server_hostname = hs->binding_hostname;
262 }
263 else
264 {
265 hs->binding_hostname = (char*) 0;
266 hs->server_hostname = (char*) 0;
267 if ( gethostname( ghnbuf, sizeof(ghnbuf) ) < 0 )
268 ghnbuf[0] = '\0';
269 #ifdef SERVER_NAME_LIST
270 if ( ghnbuf[0] != '\0' )
271 hs->server_hostname = hostname_map( ghnbuf );
272 #endif /* SERVER_NAME_LIST */
273 if ( hs->server_hostname == (char*) 0 )
274 {
275 #ifdef SERVER_NAME
276 hs->server_hostname = SERVER_NAME;
277 #else /* SERVER_NAME */
278 if ( ghnbuf[0] != '\0' )
279 hs->server_hostname = ghnbuf;
280 #endif /* SERVER_NAME */
281 }
282 }
283
284 hs->port = port;
285 if ( cgi_pattern == (char*) 0 )
286 hs->cgi_pattern = (char*) 0;
287 else
288 {
289 /* Nuke any leading slashes. */
290 if ( cgi_pattern[0] == '/' )
291 ++cgi_pattern;
292 hs->cgi_pattern = strdup( cgi_pattern );
293 if ( hs->cgi_pattern == (char*) 0 )
294 {
295 // syslog( LOG_CRIT, "out of memory copying cgi_pattern" );
296 return (httpd_server*) 0;
297 }
298 /* Nuke any leading slashes in the cgi pattern. */
299 while ( ( cp = strstr( hs->cgi_pattern, "|/" ) ) != (char*) 0 )
300 (void) ol_strcpy( cp + 1, cp + 2 );
301 }
302 hs->cgi_limit = cgi_limit;
303 hs->cgi_count = 0;
304 hs->charset = strdup( charset );
305 hs->p3p = strdup( p3p );
306 hs->max_age = max_age;
307 hs->cwd = strdup( cwd );
308 if ( hs->cwd == (char*) 0 )
309 {
310 //syslog( LOG_CRIT, "out of memory copying cwd" );
311 return (httpd_server*) 0;
312 }
313 if ( url_pattern == (char*) 0 )
314 hs->url_pattern = (char*) 0;
315 else
316 {
317 hs->url_pattern = strdup( url_pattern );
318 if ( hs->url_pattern == (char*) 0 )
319 {
320 //syslog( LOG_CRIT, "out of memory copying url_pattern" );
321 return (httpd_server*) 0;
322 }
323 }
324 if ( local_pattern == (char*) 0 )
325 hs->local_pattern = (char*) 0;
326 else
327 {
328 hs->local_pattern = strdup( local_pattern );
329 if ( hs->local_pattern == (char*) 0 )
330 {
331 //syslog( LOG_CRIT, "out of memory copying local_pattern" );
332 return (httpd_server*) 0;
333 }
334 }
335 hs->no_log = no_log;
336 hs->logfp = (FILE*) 0;
337 httpd_set_logfp( hs, logfp );
338 hs->no_symlink_check = no_symlink_check;
339 hs->vhost = vhost;
340 hs->global_passwd = global_passwd;
341 hs->no_empty_referrers = no_empty_referrers;
342
343 /* Initialize listen sockets. Try v6 first because of a Linux peculiarity;
344 ** like some other systems, it has magical v6 sockets that also listen for
345 ** v4, but in Linux if you bind a v4 socket first then the v6 bind fails.
346 */
347 /*if ( sa6P == (httpd_sockaddr*) 0 )
348 hs->listen6_fd = -1;
349 else
350 hs->listen6_fd = initialize_listen_socket( sa6P );
351 if ( sa4P == (httpd_sockaddr*) 0 )
352 hs->listen4_fd = -1;
353 else
354 hs->listen4_fd = initialize_listen_socket( sa4P );*/
355 /* If we didn't get any valid sockets, fail. */
356 /*if ( hs->listen4_fd == -1 && hs->listen6_fd == -1 )
357 {
358 free_httpd_server( hs );
359 return (httpd_server*) 0;
360 }*/
361
362 init_mime();
363
364 /* Done initializing. */
365 // if ( hs->binding_hostname == (char*) 0 )
366 // syslog(
367 // LOG_NOTICE, "%.80s starting on port %d", SERVER_SOFTWARE,
368 // (int) hs->port );
369 // else
370 // syslog(
371 // LOG_NOTICE, "%.80s starting on %.80s, port %d", SERVER_SOFTWARE,
372 // httpd_ntoa( hs->listen4_fd != -1 ? sa4P : sa6P ),
373 // (int) hs->port );
374 return hs;
375 }
376
377
378 int
httpd_initialize_listen_socket(httpd_sockaddr * saP)379 httpd_initialize_listen_socket( httpd_sockaddr* saP )
380 {
381 int listen_fd;
382 int on, flags;
383
384 /* Check sockaddr. */
385 if ( ! sockaddr_check( saP ) )
386 {
387 // syslog( LOG_CRIT, "unknown sockaddr family on listen socket" );
388 return -1;
389 }
390
391 /* Create socket. */
392 listen_fd = socket( saP->sa.sa_family, SOCK_STREAM, 0 );
393 if ( listen_fd < 0 )
394 {
395 // syslog( LOG_CRIT, "socket %.80s - %m", httpd_ntoa( saP ) );
396 poorman_log("can't create socket.\n", false, NULL, RED);
397 return -1;
398 }
399 (void) fcntl( listen_fd, F_SETFD, 1 );
400
401 /* Allow reuse of local addresses. */
402 on = 1;
403 if ( setsockopt(
404 listen_fd, SOL_SOCKET, SO_REUSEADDR, (char*) &on,
405 sizeof(on) ) < 0 )
406 /*syslog( LOG_CRIT, "setsockopt SO_REUSEADDR - %m" )*/;
407
408 /* Bind to it. */
409 if ( bind( listen_fd, &saP->sa, sockaddr_len( saP ) ) < 0 )
410 {
411 // syslog(
412 // LOG_CRIT, "bind %.80s - %m", httpd_ntoa( saP ) );
413 poorman_log("can't bind to socket.\n", false, NULL, RED);
414 (void) close( listen_fd );
415 return -1;
416 }
417
418 /* Set the listen file descriptor to no-delay / non-blocking mode. */
419 flags = fcntl( listen_fd, F_GETFL, 0 );
420 if ( flags == -1 )
421 {
422 // syslog( LOG_CRIT, "fcntl F_GETFL - %m" );
423 poorman_log("can't listen to socket.\n", false, NULL, RED);
424 (void) close( listen_fd );
425 return -1;
426 }
427 if ( fcntl( listen_fd, F_SETFL, flags | O_NDELAY ) < 0 )
428 {
429 // syslog( LOG_CRIT, "fcntl O_NDELAY - %m" );
430 (void) close( listen_fd );
431 return -1;
432 }
433
434 /* Start a listen going. */
435 if ( listen( listen_fd, LISTEN_BACKLOG ) < 0 )
436 {
437 // syslog( LOG_CRIT, "listen - %m" );
438 (void) close( listen_fd );
439 return -1;
440 }
441
442 /* Use accept filtering, if available. */
443 #ifdef SO_ACCEPTFILTER
444 {
445 #if ( __FreeBSD_version >= 411000 )
446 #define ACCEPT_FILTER_NAME "httpready"
447 #else
448 #define ACCEPT_FILTER_NAME "dataready"
449 #endif
450 struct accept_filter_arg af;
451 (void) bzero( &af, sizeof(af) );
452 (void) strcpy( af.af_name, ACCEPT_FILTER_NAME );
453 (void) setsockopt(
454 listen_fd, SOL_SOCKET, SO_ACCEPTFILTER, (char*) &af, sizeof(af) );
455 }
456 #endif /* SO_ACCEPTFILTER */
457
458 return listen_fd;
459 }
460
461
462 void
httpd_set_logfp(httpd_server * hs,FILE * logfp)463 httpd_set_logfp( httpd_server* hs, FILE* logfp )
464 {
465 if ( hs->logfp != (FILE*) 0 )
466 (void) fclose( hs->logfp );
467 hs->logfp = logfp;
468 }
469
470
471 void
httpd_terminate(httpd_server * hs)472 httpd_terminate( httpd_server* hs )
473 {
474 httpd_unlisten( hs );
475 if ( hs->logfp != (FILE*) 0 )
476 (void) fclose( hs->logfp );
477 free_httpd_server( hs );
478 }
479
480
481 void
httpd_unlisten(httpd_server * hs)482 httpd_unlisten( httpd_server* hs )
483 {
484 if ( hs->listen4_fd != -1 )
485 {
486 (void) close( hs->listen4_fd );
487 hs->listen4_fd = -1;
488 }
489 if ( hs->listen6_fd != -1 )
490 {
491 (void) close( hs->listen6_fd );
492 hs->listen6_fd = -1;
493 }
494 }
495
496
497 /* Conditional macro to allow two alternate forms for use in the built-in
498 ** error pages. If EXPLICIT_ERROR_PAGES is defined, the second and more
499 ** explicit error form is used; otherwise, the first and more generic
500 ** form is used.
501 */
502 #ifdef EXPLICIT_ERROR_PAGES
503 #define ERROR_FORM(a,b) b
504 #else /* EXPLICIT_ERROR_PAGES */
505 #define ERROR_FORM(a,b) a
506 #endif /* EXPLICIT_ERROR_PAGES */
507
508
509 static char* ok200title = "OK";
510 static char* ok206title = "Partial Content";
511
512 static char* err302title = "Found";
513 static char* err302form = "The actual URL is '%.80s'.\n";
514
515 static char* err304title = "Not Modified";
516
517 char* httpd_err400title = "Bad Request";
518 char* httpd_err400form =
519 "Your request has bad syntax or is inherently impossible to satisfy.\n";
520
521 #ifdef AUTH_FILE
522 static char* err401title = "Unauthorized";
523 static char* err401form =
524 "Authorization required for the URL '%.80s'.\n";
525 #endif /* AUTH_FILE */
526
527 static char* err403title = "Forbidden";
528 #ifndef EXPLICIT_ERROR_PAGES
529 static char* err403form =
530 "You do not have permission to get URL '%.80s' from this server.\n";
531 #endif /* !EXPLICIT_ERROR_PAGES */
532
533 static char* err404title = "Not Found";
534 static char* err404form =
535 "The requested URL '%.80s' was not found on this server.\n";
536
537 char* httpd_err408title = "Request Timeout";
538 char* httpd_err408form =
539 "No request appeared within a reasonable time period.\n";
540
541 static char* err451title = "Unavailable For Legal Reasons";
542 static char* err451form =
543 "You do not have legal permission to get URL '%.80s' from this server.\n";
544
545 static char* err500title = "Internal Error";
546 static char* err500form =
547 "There was an unusual problem serving the requested URL '%.80s'.\n";
548
549 static char* err501title = "Not Implemented";
550 static char* err501form =
551 "The requested method '%.80s' is not implemented by this server.\n";
552
553 char* httpd_err503title = "Service Temporarily Overloaded";
554 char* httpd_err503form =
555 "The requested URL '%.80s' is temporarily overloaded. Please try again later.\n";
556
557
558 /* Append a string to the buffer waiting to be sent as response. */
559 static void
add_response(httpd_conn * hc,char * str)560 add_response( httpd_conn* hc, char* str )
561 {
562 size_t len;
563
564 len = strlen( str );
565 httpd_realloc_str( &hc->response, &hc->maxresponse, hc->responselen + len );
566 (void) memmove( &(hc->response[hc->responselen]), str, len );
567 hc->responselen += len;
568 }
569
570 /* Send the buffered response. */
571 void
httpd_write_response(httpd_conn * hc)572 httpd_write_response( httpd_conn* hc )
573 {
574 /* If we are in a sub-process, turn off no-delay mode. */
575 /*if ( sub_process )
576 httpd_clear_ndelay( hc->conn_fd );*/
577 /* Send the response, if necessary. */
578 if ( hc->responselen > 0 )
579 {
580 (void) httpd_write_fully( hc->conn_fd, hc->response, hc->responselen );
581 hc->responselen = 0;
582 }
583 }
584
585
586 /* Set no-delay / non-blocking mode on a socket. */
587 void
httpd_set_ndelay(int fd)588 httpd_set_ndelay( int fd )
589 {
590 int flags, newflags;
591
592 flags = fcntl( fd, F_GETFL, 0 );
593 if ( flags != -1 )
594 {
595 newflags = flags | (int) O_NDELAY;
596 if ( newflags != flags )
597 (void) fcntl( fd, F_SETFL, newflags );
598 }
599 }
600
601
602 /* Clear no-delay / non-blocking mode on a socket. */
603 void
httpd_clear_ndelay(int fd)604 httpd_clear_ndelay( int fd )
605 {
606 int flags, newflags;
607
608 flags = fcntl( fd, F_GETFL, 0 );
609 if ( flags != -1 )
610 {
611 newflags = flags & ~ (int) O_NDELAY;
612 if ( newflags != flags )
613 (void) fcntl( fd, F_SETFL, newflags );
614 }
615 }
616
617
618 static void
send_mime(httpd_conn * hc,int status,char * title,char * encodings,char * extraheads,char * type,off_t length,time_t mod)619 send_mime( httpd_conn* hc, int status, char* title, char* encodings, char* extraheads, char* type, off_t length, time_t mod )
620 {
621 time_t now, expires;
622 const char* rfc1123fmt = "%a, %d %b %Y %H:%M:%S GMT";
623 char nowbuf[100];
624 char modbuf[100];
625 char expbuf[100];
626 char fixed_type[500];
627 char buf[1000];
628 int partial_content;
629 int s100;
630
631 hc->status = status;
632 hc->bytes_to_send = length;
633 if ( hc->mime_flag )
634 {
635 if ( status == 200 && hc->got_range &&
636 ( hc->last_byte_index >= hc->first_byte_index ) &&
637 ( ( hc->last_byte_index != length - 1 ) ||
638 ( hc->first_byte_index != 0 ) ) &&
639 ( hc->range_if == (time_t) -1 ||
640 hc->range_if == hc->sb.st_mtime ) )
641 {
642 partial_content = 1;
643 hc->status = status = 206;
644 title = ok206title;
645 }
646 else
647 {
648 partial_content = 0;
649 hc->got_range = 0;
650 }
651
652 now = time( (time_t*) 0 );
653 if ( mod == (time_t) 0 )
654 mod = now;
655 (void) strftime( nowbuf, sizeof(nowbuf), rfc1123fmt, gmtime( &now ) );
656 (void) strftime( modbuf, sizeof(modbuf), rfc1123fmt, gmtime( &mod ) );
657 (void) my_snprintf(
658 fixed_type, sizeof(fixed_type), type, hc->hs->charset );
659 (void) my_snprintf( buf, sizeof(buf),
660 "%.20s %d %s\015\012Server: %s\015\012Content-Type: %s\015\012Date: %s\015\012Last-Modified: %s\015\012Accept-Ranges: bytes\015\012Connection: close\015\012",
661 hc->protocol, status, title, EXPOSED_SERVER_SOFTWARE, fixed_type,
662 nowbuf, modbuf );
663 add_response( hc, buf );
664 s100 = status / 100;
665 if ( s100 != 2 && s100 != 3 )
666 {
667 (void) my_snprintf( buf, sizeof(buf),
668 "Cache-Control: no-cache,no-store\015\012" );
669 add_response( hc, buf );
670 }
671 if ( encodings[0] != '\0' )
672 {
673 (void) my_snprintf( buf, sizeof(buf),
674 "Content-Encoding: %s\015\012", encodings );
675 add_response( hc, buf );
676 }
677 if ( partial_content )
678 {
679 (void) my_snprintf( buf, sizeof(buf),
680 "Content-Range: bytes %lld-%lld/%lld\015\012Content-Length: %lld\015\012",
681 (long long) hc->first_byte_index,
682 (long long) hc->last_byte_index,
683 (long long) length,
684 (long long) ( hc->last_byte_index - hc->first_byte_index + 1 ) );
685 add_response( hc, buf );
686 }
687 else if ( length >= 0 )
688 {
689 (void) my_snprintf( buf, sizeof(buf),
690 "Content-Length: %lld\015\012", (long long) length );
691 add_response( hc, buf );
692 }
693 if ( hc->hs->p3p[0] != '\0' )
694 {
695 (void) my_snprintf( buf, sizeof(buf), "P3P: %s\015\012", hc->hs->p3p );
696 add_response( hc, buf );
697 }
698 if ( hc->hs->max_age >= 0 )
699 {
700 expires = now + hc->hs->max_age;
701 (void) strftime(
702 expbuf, sizeof(expbuf), rfc1123fmt, gmtime( &expires ) );
703 (void) my_snprintf( buf, sizeof(buf),
704 "Cache-Control: max-age=%d\015\012Expires: %s\015\012",
705 hc->hs->max_age, expbuf );
706 add_response( hc, buf );
707 }
708 if ( extraheads[0] != '\0' )
709 add_response( hc, extraheads );
710 add_response( hc, "\015\012" );
711 }
712 }
713
714
715 static int str_alloc_count = 0;
716 static size_t str_alloc_size = 0;
717
718 void
httpd_realloc_str(char ** strP,size_t * maxsizeP,size_t size)719 httpd_realloc_str( char** strP, size_t* maxsizeP, size_t size )
720 {
721 if ( *maxsizeP == 0 )
722 {
723 *maxsizeP = MAX( 200, size + 100 );
724 *strP = NEW( char, *maxsizeP + 1 );
725 ++str_alloc_count;
726 str_alloc_size += *maxsizeP;
727 }
728 else if ( size > *maxsizeP )
729 {
730 str_alloc_size -= *maxsizeP;
731 *maxsizeP = MAX( *maxsizeP * 2, size * 5 / 4 );
732 *strP = RENEW( *strP, char, *maxsizeP + 1 );
733 str_alloc_size += *maxsizeP;
734 }
735 else
736 return;
737 if ( *strP == (char*) 0 )
738 {
739 // syslog(
740 // LOG_ERR, "out of memory reallocating a string to %ld bytes",
741 // (long) *maxsizeP );
742 exit( 1 );
743 }
744 }
745
746
747 static void
send_response(httpd_conn * hc,int status,char * title,char * extraheads,char * form,char * arg)748 send_response( httpd_conn* hc, int status, char* title, char* extraheads, char* form, char* arg )
749 {
750 char defanged_arg[1000], buf[2000];
751
752 send_mime(
753 hc, status, title, "", extraheads, "text/html; charset=%s", (off_t) -1,
754 (time_t) 0 );
755 (void) my_snprintf( buf, sizeof(buf), "\
756 <!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n\
757 \n\
758 <html>\n\
759 \n\
760 <head>\n\
761 <meta http-equiv=\"Content-type\" content=\"text/html;charset=UTF-8\">\n\
762 <title>%d %s</title>\n\
763 </head>\n\
764 \n\
765 <body bgcolor=\"#cc9999\" text=\"#000000\" link=\"#2020ff\" vlink=\"#4040cc\">\n\
766 \n\
767 <h2>%d %s</h2>\n",
768 status, title, status, title );
769 add_response( hc, buf );
770 defang( arg, defanged_arg, sizeof(defanged_arg) );
771 (void) my_snprintf( buf, sizeof(buf), form, defanged_arg );
772 add_response( hc, buf );
773 if ( match( "**MSIE**", hc->useragent ) )
774 {
775 int n;
776 add_response( hc, "<!--\n" );
777 for ( n = 0; n < 6; ++n )
778 add_response( hc, "Padding so that MSIE deigns to show this error instead of its own canned one.\n");
779 add_response( hc, "-->\n" );
780 }
781 send_response_tail( hc );
782 }
783
784
785 static void
send_response_tail(httpd_conn * hc)786 send_response_tail( httpd_conn* hc )
787 {
788 char buf[1000];
789
790 (void) my_snprintf( buf, sizeof(buf), "\
791 <hr>\n\
792 \n\
793 <address><a href=\"%s\">%s</a></address>\n\
794 \n\
795 </body>\n\
796 \n\
797 </html>\n",
798 SERVER_ADDRESS, EXPOSED_SERVER_SOFTWARE );
799 add_response( hc, buf );
800 }
801
802
803 static void
defang(char * str,char * dfstr,int dfsize)804 defang( char* str, char* dfstr, int dfsize )
805 {
806 char* cp1;
807 char* cp2;
808
809 for ( cp1 = str, cp2 = dfstr;
810 *cp1 != '\0' && cp2 - dfstr < dfsize - 5;
811 ++cp1, ++cp2 )
812 {
813 switch ( *cp1 )
814 {
815 case '<':
816 *cp2++ = '&';
817 *cp2++ = 'l';
818 *cp2++ = 't';
819 *cp2 = ';';
820 break;
821 case '>':
822 *cp2++ = '&';
823 *cp2++ = 'g';
824 *cp2++ = 't';
825 *cp2 = ';';
826 break;
827 default:
828 *cp2 = *cp1;
829 break;
830 }
831 }
832 *cp2 = '\0';
833 }
834
835
836 void
httpd_send_err(httpd_conn * hc,int status,char * title,char * extraheads,char * form,char * arg)837 httpd_send_err( httpd_conn* hc, int status, char* title, char* extraheads, char* form, char* arg )
838 {
839 #ifdef ERR_DIR
840
841 char filename[1000];
842
843 /* Try virtual host error page. */
844 if ( hc->hs->vhost && hc->hostdir[0] != '\0' )
845 {
846 (void) my_snprintf( filename, sizeof(filename),
847 "%s/%s/err%d.html", hc->hostdir, ERR_DIR, status );
848 if ( send_err_file( hc, status, title, extraheads, filename ) )
849 return;
850 }
851
852 /* Try server-wide error page. */
853 (void) my_snprintf( filename, sizeof(filename),
854 "%s/err%d.html", ERR_DIR, status );
855 if ( send_err_file( hc, status, title, extraheads, filename ) )
856 return;
857
858 /* Fall back on built-in error page. */
859 send_response( hc, status, title, extraheads, form, arg );
860
861 #else /* ERR_DIR */
862
863 send_response( hc, status, title, extraheads, form, arg );
864
865 #endif /* ERR_DIR */
866 }
867
868
869 #ifdef ERR_DIR
870 static int
send_err_file(httpd_conn * hc,int status,char * title,char * extraheads,char * filename)871 send_err_file( httpd_conn* hc, int status, char* title, char* extraheads, char* filename )
872 {
873 FILE* fp;
874 char buf[1000];
875 size_t r;
876
877 fp = fopen( filename, "r" );
878 if ( fp == (FILE*) 0 )
879 return 0;
880 send_mime(
881 hc, status, title, "", extraheads, "text/html; charset=%s", (off_t) -1,
882 (time_t) 0 );
883 for (;;)
884 {
885 r = fread( buf, 1, sizeof(buf) - 1, fp );
886 if ( r == 0 )
887 break;
888 buf[r] = '\0';
889 add_response( hc, buf );
890 }
891 (void) fclose( fp );
892
893 #ifdef ERR_APPEND_SERVER_INFO
894 send_response_tail( hc );
895 #endif /* ERR_APPEND_SERVER_INFO */
896
897 return 1;
898 }
899 #endif /* ERR_DIR */
900
901
902 #ifdef AUTH_FILE
903
904 static void
send_authenticate(httpd_conn * hc,char * realm)905 send_authenticate( httpd_conn* hc, char* realm )
906 {
907 static char* header;
908 static size_t maxheader = 0;
909 static char headstr[] = "WWW-Authenticate: Basic realm=\"";
910
911 httpd_realloc_str(
912 &header, &maxheader, sizeof(headstr) + strlen( realm ) + 3 );
913 (void) my_snprintf( header, maxheader, "%s%s\"\015\012", headstr, realm );
914 httpd_send_err( hc, 401, err401title, header, err401form, hc->encodedurl );
915 /* If the request was a POST then there might still be data to be read,
916 ** so we need to do a lingering close.
917 */
918 if ( hc->method == METHOD_POST )
919 hc->should_linger = 1;
920 }
921
922
923 /* Base-64 decoding. This represents binary data as printable ASCII
924 ** characters. Three 8-bit binary bytes are turned into four 6-bit
925 ** values, like so:
926 **
927 ** [11111111] [22222222] [33333333]
928 **
929 ** [111111] [112222] [222233] [333333]
930 **
931 ** Then the 6-bit values are represented using the characters "A-Za-z0-9+/".
932 */
933
934 static int b64_decode_table[256] = {
935 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 00-0F */
936 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 10-1F */
937 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,62,-1,-1,-1,63, /* 20-2F */
938 52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-1,-1,-1, /* 30-3F */
939 -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14, /* 40-4F */
940 15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1, /* 50-5F */
941 -1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40, /* 60-6F */
942 41,42,43,44,45,46,47,48,49,50,51,-1,-1,-1,-1,-1, /* 70-7F */
943 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 80-8F */
944 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 90-9F */
945 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* A0-AF */
946 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* B0-BF */
947 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* C0-CF */
948 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* D0-DF */
949 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* E0-EF */
950 -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1 /* F0-FF */
951 };
952
953 /* Do base-64 decoding on a string. Ignore any non-base64 bytes.
954 ** Return the actual number of bytes generated. The decoded size will
955 ** be at most 3/4 the size of the encoded, and may be smaller if there
956 ** are padding characters (blanks, newlines).
957 */
958 static int
b64_decode(const char * str,unsigned char * space,int size)959 b64_decode( const char* str, unsigned char* space, int size )
960 {
961 const char* cp;
962 int space_idx, phase;
963 int d, prev_d = 0;
964 unsigned char c;
965
966 space_idx = 0;
967 phase = 0;
968 for ( cp = str; *cp != '\0'; ++cp )
969 {
970 d = b64_decode_table[(int) ((unsigned char) *cp)];
971 if ( d != -1 )
972 {
973 switch ( phase )
974 {
975 case 0:
976 ++phase;
977 break;
978 case 1:
979 c = ( ( prev_d << 2 ) | ( ( d & 0x30 ) >> 4 ) );
980 if ( space_idx < size )
981 space[space_idx++] = c;
982 ++phase;
983 break;
984 case 2:
985 c = ( ( ( prev_d & 0xf ) << 4 ) | ( ( d & 0x3c ) >> 2 ) );
986 if ( space_idx < size )
987 space[space_idx++] = c;
988 ++phase;
989 break;
990 case 3:
991 c = ( ( ( prev_d & 0x03 ) << 6 ) | d );
992 if ( space_idx < size )
993 space[space_idx++] = c;
994 phase = 0;
995 break;
996 }
997 prev_d = d;
998 }
999 }
1000 return space_idx;
1001 }
1002
1003
1004 /* Returns -1 == unauthorized, 0 == no auth file, 1 = authorized. */
1005 static int
auth_check(httpd_conn * hc,char * dirname)1006 auth_check( httpd_conn* hc, char* dirname )
1007 {
1008 if ( hc->hs->global_passwd )
1009 {
1010 char* topdir;
1011 if ( hc->hs->vhost && hc->hostdir[0] != '\0' )
1012 topdir = hc->hostdir;
1013 else
1014 topdir = ".";
1015 switch ( auth_check2( hc, topdir ) )
1016 {
1017 case -1:
1018 return -1;
1019 case 1:
1020 return 1;
1021 }
1022 }
1023 return auth_check2( hc, dirname );
1024 }
1025
1026
1027 /* Returns -1 == unauthorized, 0 == no auth file, 1 = authorized. */
1028 static int
auth_check2(httpd_conn * hc,char * dirname)1029 auth_check2( httpd_conn* hc, char* dirname )
1030 {
1031 static char* authpath;
1032 static size_t maxauthpath = 0;
1033 struct stat sb;
1034 char authinfo[500];
1035 char* authpass;
1036 char* colon;
1037 int l;
1038 FILE* fp;
1039 char line[500];
1040 char* cryp;
1041 static char* prevauthpath;
1042 static size_t maxprevauthpath = 0;
1043 static time_t prevmtime;
1044 static char* prevuser;
1045 static size_t maxprevuser = 0;
1046 static char* prevcryp;
1047 static size_t maxprevcryp = 0;
1048
1049 /* Construct auth filename. */
1050 httpd_realloc_str(
1051 &authpath, &maxauthpath, strlen( dirname ) + 1 + sizeof(AUTH_FILE) );
1052 (void) my_snprintf( authpath, maxauthpath, "%s/%s", dirname, AUTH_FILE );
1053
1054 /* Does this directory have an auth file? */
1055 if ( stat( authpath, &sb ) < 0 )
1056 /* Nope, let the request go through. */
1057 return 0;
1058
1059 /* Does this request contain basic authorization info? */
1060 if ( hc->authorization[0] == '\0' ||
1061 strncmp( hc->authorization, "Basic ", 6 ) != 0 )
1062 {
1063 /* Nope, return a 401 Unauthorized. */
1064 send_authenticate( hc, dirname );
1065 return -1;
1066 }
1067
1068 /* Decode it. */
1069 l = b64_decode(
1070 &(hc->authorization[6]), (unsigned char*) authinfo,
1071 sizeof(authinfo) - 1 );
1072 authinfo[l] = '\0';
1073 /* Split into user and password. */
1074 authpass = strchr( authinfo, ':' );
1075 if ( authpass == (char*) 0 )
1076 {
1077 /* No colon? Bogus auth info. */
1078 send_authenticate( hc, dirname );
1079 return -1;
1080 }
1081 *authpass++ = '\0';
1082 /* If there are more fields, cut them off. */
1083 colon = strchr( authpass, ':' );
1084 if ( colon != (char*) 0 )
1085 *colon = '\0';
1086
1087 /* See if we have a cached entry and can use it. */
1088 if ( maxprevauthpath != 0 &&
1089 strcmp( authpath, prevauthpath ) == 0 &&
1090 sb.st_mtime == prevmtime &&
1091 strcmp( authinfo, prevuser ) == 0 )
1092 {
1093 /* Yes. Check against the cached encrypted password. */
1094 if ( strcmp( crypt( authpass, prevcryp ), prevcryp ) == 0 )
1095 {
1096 /* Ok! */
1097 httpd_realloc_str(
1098 &hc->remoteuser, &hc->maxremoteuser, strlen( authinfo ) );
1099 (void) strcpy( hc->remoteuser, authinfo );
1100 return 1;
1101 }
1102 else
1103 {
1104 /* No. */
1105 send_authenticate( hc, dirname );
1106 return -1;
1107 }
1108 }
1109
1110 /* Open the password file. */
1111 fp = fopen( authpath, "r" );
1112 if ( fp == (FILE*) 0 )
1113 {
1114 /* The file exists but we can't open it? Disallow access. */
1115 // syslog(
1116 // LOG_ERR, "%.80s auth file %.80s could not be opened - %m",
1117 // httpd_ntoa( &hc->client_addr ), authpath );
1118 httpd_send_err(
1119 hc, 403, err403title, "",
1120 ERROR_FORM( err403form, "The requested URL '%.80s' is protected by an authentication file, but the authentication file cannot be opened.\n" ),
1121 hc->encodedurl );
1122 return -1;
1123 }
1124
1125 /* Read it. */
1126 while ( fgets( line, sizeof(line), fp ) != (char*) 0 )
1127 {
1128 /* Nuke newline. */
1129 l = strlen( line );
1130 if ( line[l - 1] == '\n' )
1131 line[l - 1] = '\0';
1132 /* Split into user and encrypted password. */
1133 cryp = strchr( line, ':' );
1134 if ( cryp == (char*) 0 )
1135 continue;
1136 *cryp++ = '\0';
1137 /* Is this the right user? */
1138 if ( strcmp( line, authinfo ) == 0 )
1139 {
1140 /* Yes. */
1141 (void) fclose( fp );
1142 /* So is the password right? */
1143 if ( strcmp( crypt( authpass, cryp ), cryp ) == 0 )
1144 {
1145 /* Ok! */
1146 httpd_realloc_str(
1147 &hc->remoteuser, &hc->maxremoteuser, strlen( line ) );
1148 (void) strcpy( hc->remoteuser, line );
1149 /* And cache this user's info for next time. */
1150 httpd_realloc_str(
1151 &prevauthpath, &maxprevauthpath, strlen( authpath ) );
1152 (void) strcpy( prevauthpath, authpath );
1153 prevmtime = sb.st_mtime;
1154 httpd_realloc_str(
1155 &prevuser, &maxprevuser, strlen( authinfo ) );
1156 (void) strcpy( prevuser, authinfo );
1157 httpd_realloc_str( &prevcryp, &maxprevcryp, strlen( cryp ) );
1158 (void) strcpy( prevcryp, cryp );
1159 return 1;
1160 }
1161 else
1162 {
1163 /* No. */
1164 send_authenticate( hc, dirname );
1165 return -1;
1166 }
1167 }
1168 }
1169
1170 /* Didn't find that user. Access denied. */
1171 (void) fclose( fp );
1172 send_authenticate( hc, dirname );
1173 return -1;
1174 }
1175
1176 #endif /* AUTH_FILE */
1177
1178
1179 static void
send_dirredirect(httpd_conn * hc)1180 send_dirredirect( httpd_conn* hc )
1181 {
1182 static char* location;
1183 static char* header;
1184 static size_t maxlocation = 0, maxheader = 0;
1185 static char headstr[] = "Location: ";
1186
1187 if ( hc->query[0] != '\0')
1188 {
1189 char* cp = strchr( hc->encodedurl, '?' );
1190 if ( cp != (char*) 0 ) /* should always find it */
1191 *cp = '\0';
1192 httpd_realloc_str(
1193 &location, &maxlocation,
1194 strlen( hc->encodedurl ) + 2 + strlen( hc->query ) );
1195 (void) my_snprintf( location, maxlocation,
1196 "%s/?%s", hc->encodedurl, hc->query );
1197 }
1198 else
1199 {
1200 httpd_realloc_str(
1201 &location, &maxlocation, strlen( hc->encodedurl ) + 1 );
1202 (void) my_snprintf( location, maxlocation,
1203 "%s/", hc->encodedurl );
1204 }
1205 httpd_realloc_str(
1206 &header, &maxheader, sizeof(headstr) + strlen( location ) );
1207 (void) my_snprintf( header, maxheader,
1208 "%s%s\015\012", headstr, location );
1209 send_response( hc, 302, err302title, header, err302form, location );
1210 }
1211
1212
1213 char*
httpd_method_str(int method)1214 httpd_method_str( int method )
1215 {
1216 switch ( method )
1217 {
1218 case METHOD_GET: return "GET";
1219 case METHOD_HEAD: return "HEAD";
1220 case METHOD_POST: return "POST";
1221 case METHOD_PUT: return "PUT";
1222 case METHOD_DELETE: return "DELETE";
1223 case METHOD_TRACE: return "TRACE";
1224 default: return "UNKNOWN";
1225 }
1226 }
1227
1228
1229 static int
hexit(char c)1230 hexit( char c )
1231 {
1232 if ( c >= '0' && c <= '9' )
1233 return c - '0';
1234 if ( c >= 'a' && c <= 'f' )
1235 return c - 'a' + 10;
1236 if ( c >= 'A' && c <= 'F' )
1237 return c - 'A' + 10;
1238 return 0; /* shouldn't happen, we're guarded by isxdigit() */
1239 }
1240
1241
1242 /* Copies and decodes a string. It's ok for from and to to be the
1243 ** same string.
1244 */
1245 static void
strdecode(char * to,char * from)1246 strdecode( char* to, char* from )
1247 {
1248 for ( ; *from != '\0'; ++to, ++from )
1249 {
1250 if ( from[0] == '%' && isxdigit( from[1] ) && isxdigit( from[2] ) )
1251 {
1252 *to = hexit( from[1] ) * 16 + hexit( from[2] );
1253 from += 2;
1254 }
1255 else
1256 *to = *from;
1257 }
1258 *to = '\0';
1259 }
1260
1261
1262 #ifdef GENERATE_INDEXES
1263 /* Copies and encodes a string. */
1264 static void
strencode(char * to,int tosize,char * from)1265 strencode( char* to, int tosize, char* from )
1266 {
1267 int tolen;
1268
1269 for ( tolen = 0; *from != '\0' && tolen + 4 < tosize; ++from )
1270 {
1271 if ( isalnum(*from) || strchr( "/_.-~", *from ) != (char*) 0 )
1272 {
1273 *to = *from;
1274 ++to;
1275 ++tolen;
1276 }
1277 else
1278 {
1279 (void) sprintf( to, "%%%02x", (int) *from & 0xff );
1280 to += 3;
1281 tolen += 3;
1282 }
1283 }
1284 *to = '\0';
1285 }
1286 #endif /* GENERATE_INDEXES */
1287
1288
1289 #ifdef TILDE_MAP_1
1290 /* Map a ~username/whatever URL into <prefix>/username. */
1291 static int
tilde_map_1(httpd_conn * hc)1292 tilde_map_1( httpd_conn* hc )
1293 {
1294 static char* temp;
1295 static size_t maxtemp = 0;
1296 int len;
1297 static char* prefix = TILDE_MAP_1;
1298
1299 len = strlen( hc->expnfilename ) - 1;
1300 httpd_realloc_str( &temp, &maxtemp, len );
1301 (void) strcpy( temp, &hc->expnfilename[1] );
1302 httpd_realloc_str(
1303 &hc->expnfilename, &hc->maxexpnfilename, strlen( prefix ) + 1 + len );
1304 (void) strcpy( hc->expnfilename, prefix );
1305 if ( prefix[0] != '\0' )
1306 (void) strcat( hc->expnfilename, "/" );
1307 (void) strcat( hc->expnfilename, temp );
1308 return 1;
1309 }
1310 #endif /* TILDE_MAP_1 */
1311
1312 #ifdef TILDE_MAP_2
1313 /* Map a ~username/whatever URL into <user's homedir>/<postfix>. */
1314 static int
tilde_map_2(httpd_conn * hc)1315 tilde_map_2( httpd_conn* hc )
1316 {
1317 static char* temp;
1318 static size_t maxtemp = 0;
1319 static char* postfix = TILDE_MAP_2;
1320 char* cp;
1321 struct passwd* pw;
1322 char* alt;
1323 char* rest;
1324
1325 /* Get the username. */
1326 httpd_realloc_str( &temp, &maxtemp, strlen( hc->expnfilename ) - 1 );
1327 (void) strcpy( temp, &hc->expnfilename[1] );
1328 cp = strchr( temp, '/' );
1329 if ( cp != (char*) 0 )
1330 *cp++ = '\0';
1331 else
1332 cp = "";
1333
1334 /* Get the passwd entry. */
1335 pw = getpwnam( temp );
1336 if ( pw == (struct passwd*) 0 )
1337 return 0;
1338
1339 /* Set up altdir. */
1340 httpd_realloc_str(
1341 &hc->altdir, &hc->maxaltdir,
1342 strlen( pw->pw_dir ) + 1 + strlen( postfix ) );
1343 (void) strcpy( hc->altdir, pw->pw_dir );
1344 if ( postfix[0] != '\0' )
1345 {
1346 (void) strcat( hc->altdir, "/" );
1347 (void) strcat( hc->altdir, postfix );
1348 }
1349 alt = expand_symlinks( hc->altdir, &rest, 0, 1 );
1350 if ( rest[0] != '\0' )
1351 return 0;
1352 httpd_realloc_str( &hc->altdir, &hc->maxaltdir, strlen( alt ) );
1353 (void) strcpy( hc->altdir, alt );
1354
1355 /* And the filename becomes altdir plus the post-~ part of the original. */
1356 httpd_realloc_str(
1357 &hc->expnfilename, &hc->maxexpnfilename,
1358 strlen( hc->altdir ) + 1 + strlen( cp ) );
1359 (void) my_snprintf( hc->expnfilename, hc->maxexpnfilename,
1360 "%s/%s", hc->altdir, cp );
1361
1362 /* For this type of tilde mapping, we want to defeat vhost mapping. */
1363 hc->tildemapped = 1;
1364
1365 return 1;
1366 }
1367 #endif /* TILDE_MAP_2 */
1368
1369
1370 /* Virtual host mapping. */
1371 static int
vhost_map(httpd_conn * hc)1372 vhost_map( httpd_conn* hc )
1373 {
1374 httpd_sockaddr sa;
1375 socklen_t sz;
1376 static char* tempfilename;
1377 static size_t maxtempfilename = 0;
1378 char* cp1;
1379 int len;
1380 #ifdef VHOST_DIRLEVELS
1381 int i;
1382 char* cp2;
1383 #endif /* VHOST_DIRLEVELS */
1384
1385 /* Figure out the virtual hostname. */
1386 if ( hc->reqhost[0] != '\0' )
1387 hc->hostname = hc->reqhost;
1388 else if ( hc->hdrhost[0] != '\0' )
1389 hc->hostname = hc->hdrhost;
1390 else
1391 {
1392 sz = sizeof(sa);
1393 if ( getsockname( hc->conn_fd, &sa.sa, &sz ) < 0 )
1394 {
1395 // syslog( LOG_ERR, "getsockname - %m" );
1396 return 0;
1397 }
1398 hc->hostname = httpd_ntoa( &sa );
1399 }
1400 /* Pound it to lower case. */
1401 for ( cp1 = hc->hostname; *cp1 != '\0'; ++cp1 )
1402 if ( isupper( *cp1 ) )
1403 *cp1 = tolower( *cp1 );
1404
1405 if ( hc->tildemapped )
1406 return 1;
1407
1408 /* Figure out the host directory. */
1409 #ifdef VHOST_DIRLEVELS
1410 httpd_realloc_str(
1411 &hc->hostdir, &hc->maxhostdir,
1412 strlen( hc->hostname ) + 2 * VHOST_DIRLEVELS );
1413 if ( strncmp( hc->hostname, "www.", 4 ) == 0 )
1414 cp1 = &hc->hostname[4];
1415 else
1416 cp1 = hc->hostname;
1417 for ( cp2 = hc->hostdir, i = 0; i < VHOST_DIRLEVELS; ++i )
1418 {
1419 /* Skip dots in the hostname. If we don't, then we get vhost
1420 ** directories in higher level of filestructure if dot gets
1421 ** involved into path construction. It's `while' used here instead
1422 ** of `if' for it's possible to have a hostname formed with two
1423 ** dots at the end of it.
1424 */
1425 while ( *cp1 == '.' )
1426 ++cp1;
1427 /* Copy a character from the hostname, or '_' if we ran out. */
1428 if ( *cp1 != '\0' )
1429 *cp2++ = *cp1++;
1430 else
1431 *cp2++ = '_';
1432 /* Copy a slash. */
1433 *cp2++ = '/';
1434 }
1435 (void) strcpy( cp2, hc->hostname );
1436 #else /* VHOST_DIRLEVELS */
1437 httpd_realloc_str( &hc->hostdir, &hc->maxhostdir, strlen( hc->hostname ) );
1438 (void) strcpy( hc->hostdir, hc->hostname );
1439 #endif /* VHOST_DIRLEVELS */
1440
1441 /* Prepend hostdir to the filename. */
1442 len = strlen( hc->expnfilename );
1443 httpd_realloc_str( &tempfilename, &maxtempfilename, len );
1444 (void) strcpy( tempfilename, hc->expnfilename );
1445 httpd_realloc_str(
1446 &hc->expnfilename, &hc->maxexpnfilename,
1447 strlen( hc->hostdir ) + 1 + len );
1448 (void) strcpy( hc->expnfilename, hc->hostdir );
1449 (void) strcat( hc->expnfilename, "/" );
1450 (void) strcat( hc->expnfilename, tempfilename );
1451 return 1;
1452 }
1453
1454
1455 /* Expands all symlinks in the given filename, eliding ..'s and leading /'s.
1456 ** Returns the expanded path (pointer to static string), or (char*) 0 on
1457 ** errors. Also returns, in the string pointed to by restP, any trailing
1458 ** parts of the path that don't exist.
1459 **
1460 ** This is a fairly nice little routine. It handles any size filenames
1461 ** without excessive mallocs.
1462 **
1463 ** PoorMan: This routine is modified for multithreaded envirenment. Static
1464 ** pointers are changed. When you done with the pointer returned and restP,
1465 ** free() the pointer and *freethis. If there is something wrong within this
1466 ** routine, NULL is returned, the malloc()ed is free()ed for you and *freethis
1467 ** is set to NULL.
1468 */
1469 static char*
expand_symlinks(char * path,char ** restP,int no_symlink_check,int tildemapped)1470 expand_symlinks( char* path, char** restP, int no_symlink_check, int tildemapped )
1471 {
1472 static char* checked;
1473 static char* rest;
1474 char lnk[5000];
1475 static size_t maxchecked = 0, maxrest = 0;
1476 size_t checkedlen, restlen, linklen, prevcheckedlen, prevrestlen;
1477 int nlinks, i;
1478 char* r;
1479 char* cp1;
1480 char* cp2;
1481
1482 if ( no_symlink_check )
1483 {
1484 /* If we are chrooted, we can actually skip the symlink-expansion,
1485 ** since it's impossible to get out of the tree. However, we still
1486 ** need to do the pathinfo check, and the existing symlink expansion
1487 ** code is a pretty reasonable way to do this. So, what we do is
1488 ** a single stat() of the whole filename - if it exists, then we
1489 ** return it as is with nothing in restP. If it doesn't exist, we
1490 ** fall through to the existing code.
1491 **
1492 ** One side-effect of this is that users can't symlink to central
1493 ** approved CGIs any more. The workaround is to use the central
1494 ** URL for the CGI instead of a local symlinked one.
1495 */
1496 struct stat sb;
1497 if ( stat( path, &sb ) != -1 )
1498 {
1499 checkedlen = strlen( path );
1500 httpd_realloc_str( &checked, &maxchecked, checkedlen );
1501 (void) strcpy( checked, path );
1502 /* Trim trailing slashes. */
1503 while ( checked[checkedlen - 1] == '/' )
1504 {
1505 checked[checkedlen - 1] = '\0';
1506 --checkedlen;
1507 }
1508 httpd_realloc_str( &rest, &maxrest, 0 );
1509 rest[0] = '\0';
1510 *restP = rest;
1511 return checked;
1512 }
1513 }
1514
1515 /* Start out with nothing in checked and the whole filename in rest. */
1516 httpd_realloc_str( &checked, &maxchecked, 1 );
1517 checked[0] = '\0';
1518 checkedlen = 0;
1519 restlen = strlen( path );
1520 httpd_realloc_str( &rest, &maxrest, restlen );
1521 (void) strcpy( rest, path );
1522 if ( rest[restlen - 1] == '/' )
1523 rest[--restlen] = '\0'; /* trim trailing slash */
1524 if ( ! tildemapped )
1525 /* Remove any leading slashes. */
1526 while ( rest[0] == '/' )
1527 {
1528 (void) ol_strcpy( rest, &(rest[1]) );
1529 --restlen;
1530 }
1531 r = rest;
1532 nlinks = 0;
1533
1534 /* While there are still components to check... */
1535 while ( restlen > 0 )
1536 {
1537 /* Save current checkedlen in case we get a symlink. Save current
1538 ** restlen in case we get a non-existant component.
1539 */
1540 prevcheckedlen = checkedlen;
1541 prevrestlen = restlen;
1542
1543 /* Grab one component from r and transfer it to checked. */
1544 cp1 = strchr( r, '/' );
1545 if ( cp1 != (char*) 0 )
1546 {
1547 i = cp1 - r;
1548 if ( i == 0 )
1549 {
1550 /* Special case for absolute paths. */
1551 httpd_realloc_str( &checked, &maxchecked, checkedlen + 1 );
1552 (void) strncpy( &checked[checkedlen], r, 1 );
1553 checkedlen += 1;
1554 }
1555 else if ( strncmp( r, "..", MAX( i, 2 ) ) == 0 )
1556 {
1557 /* Ignore ..'s that go above the start of the path. */
1558 if ( checkedlen != 0 )
1559 {
1560 cp2 = strrchr( checked, '/' );
1561 if ( cp2 == (char*) 0 )
1562 checkedlen = 0;
1563 else if ( cp2 == checked )
1564 checkedlen = 1;
1565 else
1566 checkedlen = cp2 - checked;
1567 }
1568 }
1569 else
1570 {
1571 httpd_realloc_str( &checked, &maxchecked, checkedlen + 1 + i );
1572 if ( checkedlen > 0 && checked[checkedlen-1] != '/' )
1573 checked[checkedlen++] = '/';
1574 (void) strncpy( &checked[checkedlen], r, i );
1575 checkedlen += i;
1576 }
1577 checked[checkedlen] = '\0';
1578 r += i + 1;
1579 restlen -= i + 1;
1580 }
1581 else
1582 {
1583 /* No slashes remaining, r is all one component. */
1584 if ( strcmp( r, ".." ) == 0 )
1585 {
1586 /* Ignore ..'s that go above the start of the path. */
1587 if ( checkedlen != 0 )
1588 {
1589 cp2 = strrchr( checked, '/' );
1590 if ( cp2 == (char*) 0 )
1591 checkedlen = 0;
1592 else if ( cp2 == checked )
1593 checkedlen = 1;
1594 else
1595 checkedlen = cp2 - checked;
1596 checked[checkedlen] = '\0';
1597 }
1598 }
1599 else
1600 {
1601 httpd_realloc_str(
1602 &checked, &maxchecked, checkedlen + 1 + restlen );
1603 if ( checkedlen > 0 && checked[checkedlen-1] != '/' )
1604 checked[checkedlen++] = '/';
1605 (void) strcpy( &checked[checkedlen], r );
1606 checkedlen += restlen;
1607 }
1608 r += restlen;
1609 restlen = 0;
1610 }
1611
1612 /* Try reading the current filename as a symlink */
1613 if ( checked[0] == '\0' )
1614 continue;
1615 linklen = readlink( checked, lnk, sizeof(lnk) - 1 );
1616 if ( linklen == -1 )
1617 {
1618 if ( errno == EINVAL )
1619 continue; /* not a symlink */
1620 if ( errno == EACCES || errno == ENOENT || errno == ENOTDIR )
1621 {
1622 /* That last component was bogus. Restore and return. */
1623 *restP = r - ( prevrestlen - restlen );
1624 if ( prevcheckedlen == 0 )
1625 (void) strcpy( checked, "." );
1626 else
1627 checked[prevcheckedlen] = '\0';
1628 return checked;
1629 }
1630 // syslog( LOG_ERR, "readlink %.80s - %m", checked );
1631 return (char*) 0;
1632 }
1633 ++nlinks;
1634 if ( nlinks > MAX_LINKS )
1635 {
1636 // syslog( LOG_ERR, "too many symlinks in %.80s", path );
1637 return (char*) 0;
1638 }
1639 lnk[linklen] = '\0';
1640 if ( lnk[linklen - 1] == '/' )
1641 lnk[--linklen] = '\0'; /* trim trailing slash */
1642
1643 /* Insert the link contents in front of the rest of the filename. */
1644 if ( restlen != 0 )
1645 {
1646 (void) ol_strcpy( rest, r );
1647 httpd_realloc_str( &rest, &maxrest, restlen + linklen + 1 );
1648 for ( i = restlen; i >= 0; --i )
1649 rest[i + linklen + 1] = rest[i];
1650 (void) strcpy( rest, lnk );
1651 rest[linklen] = '/';
1652 restlen += linklen + 1;
1653 r = rest;
1654 }
1655 else
1656 {
1657 /* There's nothing left in the filename, so the link contents
1658 ** becomes the rest.
1659 */
1660 httpd_realloc_str( &rest, &maxrest, linklen );
1661 (void) strcpy( rest, lnk );
1662 restlen = linklen;
1663 r = rest;
1664 }
1665
1666 if ( rest[0] == '/' )
1667 {
1668 /* There must have been an absolute symlink - zero out checked. */
1669 checked[0] = '\0';
1670 checkedlen = 0;
1671 }
1672 else
1673 {
1674 /* Re-check this component. */
1675 checkedlen = prevcheckedlen;
1676 checked[checkedlen] = '\0';
1677 }
1678 }
1679
1680 /* Ok. */
1681 *restP = r;
1682 if ( checked[0] == '\0' )
1683 (void) strcpy( checked, "." );
1684 return checked;
1685 }
1686
1687
1688 int
httpd_get_conn(httpd_server * hs,int listen_fd,httpd_conn * hc)1689 httpd_get_conn( httpd_server* hs, int listen_fd, httpd_conn* hc )
1690 {
1691 httpd_sockaddr sa;
1692 socklen_t sz;
1693
1694 if ( ! hc->initialized )
1695 {
1696 hc->read_size = 0;
1697 httpd_realloc_str( &hc->read_buf, &hc->read_size, 500 );
1698 hc->maxdecodedurl =
1699 hc->maxorigfilename = hc->maxexpnfilename = hc->maxencodings =
1700 hc->maxpathinfo = hc->maxquery = hc->maxaccept =
1701 hc->maxaccepte = hc->maxreqhost = hc->maxhostdir =
1702 hc->maxremoteuser = hc->maxresponse = 0;
1703 #ifdef TILDE_MAP_2
1704 hc->maxaltdir = 0;
1705 #endif /* TILDE_MAP_2 */
1706 httpd_realloc_str( &hc->decodedurl, &hc->maxdecodedurl, 1 );
1707 httpd_realloc_str( &hc->origfilename, &hc->maxorigfilename, 1 );
1708 httpd_realloc_str( &hc->expnfilename, &hc->maxexpnfilename, 0 );
1709 httpd_realloc_str( &hc->encodings, &hc->maxencodings, 0 );
1710 httpd_realloc_str( &hc->pathinfo, &hc->maxpathinfo, 0 );
1711 httpd_realloc_str( &hc->query, &hc->maxquery, 0 );
1712 httpd_realloc_str( &hc->accept, &hc->maxaccept, 0 );
1713 httpd_realloc_str( &hc->accepte, &hc->maxaccepte, 0 );
1714 httpd_realloc_str( &hc->reqhost, &hc->maxreqhost, 0 );
1715 httpd_realloc_str( &hc->hostdir, &hc->maxhostdir, 0 );
1716 httpd_realloc_str( &hc->remoteuser, &hc->maxremoteuser, 0 );
1717 httpd_realloc_str( &hc->response, &hc->maxresponse, 0 );
1718 #ifdef TILDE_MAP_2
1719 httpd_realloc_str( &hc->altdir, &hc->maxaltdir, 0 );
1720 #endif /* TILDE_MAP_2 */
1721 hc->initialized = 1;
1722 }
1723
1724 /* Accept the new connection. */
1725 sz = sizeof(sa);
1726 hc->conn_fd = accept( listen_fd, &sa.sa, &sz );
1727 if ( hc->conn_fd < 0 )
1728 {
1729 if ( errno == EWOULDBLOCK )
1730 return GC_NO_MORE;
1731 /* ECONNABORTED means the connection was closed by the client while
1732 ** it was waiting in the listen queue. It's not worth logging.
1733 */
1734 if ( errno != ECONNABORTED )
1735 // syslog( LOG_ERR, "accept - %m" );
1736 return GC_FAIL;
1737 }
1738 if ( ! sockaddr_check( &sa ) )
1739 {
1740 // syslog( LOG_ERR, "unknown sockaddr family" );
1741 close( hc->conn_fd );
1742 hc->conn_fd = -1;
1743 return GC_FAIL;
1744 }
1745 (void) fcntl( hc->conn_fd, F_SETFD, 1 );
1746 hc->hs = hs;
1747 (void) memset( &hc->client_addr, 0, sizeof(hc->client_addr) );
1748 (void) memmove( &hc->client_addr, &sa, sockaddr_len( &sa ) );
1749 hc->read_idx = 0;
1750 hc->checked_idx = 0;
1751 hc->checked_state = CHST_FIRSTWORD;
1752 hc->method = METHOD_UNKNOWN;
1753 hc->status = 0;
1754 hc->bytes_to_send = 0;
1755 hc->bytes_sent = 0;
1756 hc->encodedurl = "";
1757 hc->decodedurl[0] = '\0';
1758 hc->protocol = "UNKNOWN";
1759 hc->origfilename[0] = '\0';
1760 hc->expnfilename[0] = '\0';
1761 hc->encodings[0] = '\0';
1762 hc->pathinfo[0] = '\0';
1763 hc->query[0] = '\0';
1764 hc->referrer = "";
1765 hc->useragent = "";
1766 hc->accept[0] = '\0';
1767 hc->accepte[0] = '\0';
1768 hc->acceptl = "";
1769 hc->cookie = "";
1770 hc->contenttype = "";
1771 hc->reqhost[0] = '\0';
1772 hc->hdrhost = "";
1773 hc->hostdir[0] = '\0';
1774 hc->authorization = "";
1775 hc->remoteuser[0] = '\0';
1776 hc->response[0] = '\0';
1777 #ifdef TILDE_MAP_2
1778 hc->altdir[0] = '\0';
1779 #endif /* TILDE_MAP_2 */
1780 hc->responselen = 0;
1781 hc->if_modified_since = (time_t) -1;
1782 hc->range_if = (time_t) -1;
1783 hc->contentlength = -1;
1784 hc->type = "";
1785 hc->hostname = (char*) 0;
1786 hc->mime_flag = 1;
1787 hc->one_one = 0;
1788 hc->got_range = 0;
1789 hc->tildemapped = 0;
1790 hc->first_byte_index = 0;
1791 hc->last_byte_index = -1;
1792 hc->keep_alive = 0;
1793 hc->should_linger = 0;
1794 hc->processed_directory_index = 0;
1795 hc->file_address = (char*) 0;
1796 return GC_OK;
1797 }
1798
1799
1800 /* Checks hc->read_buf to see whether a complete request has been read so far;
1801 ** either the first line has two words (an HTTP/0.9 request), or the first
1802 ** line has three words and there's a blank line present.
1803 **
1804 ** hc->read_idx is how much has been read in; hc->checked_idx is how much we
1805 ** have checked so far; and hc->checked_state is the current state of the
1806 ** finite state machine.
1807 */
1808 int
httpd_got_request(httpd_conn * hc)1809 httpd_got_request( httpd_conn* hc )
1810 {
1811 char c;
1812
1813 for ( ; hc->checked_idx < hc->read_idx; ++hc->checked_idx )
1814 {
1815 c = hc->read_buf[hc->checked_idx];
1816 switch ( hc->checked_state )
1817 {
1818 case CHST_FIRSTWORD:
1819 switch ( c )
1820 {
1821 case ' ': case '\t':
1822 hc->checked_state = CHST_FIRSTWS;
1823 break;
1824 case '\012': case '\015':
1825 hc->checked_state = CHST_BOGUS;
1826 return GR_BAD_REQUEST;
1827 }
1828 break;
1829 case CHST_FIRSTWS:
1830 switch ( c )
1831 {
1832 case ' ': case '\t':
1833 break;
1834 case '\012': case '\015':
1835 hc->checked_state = CHST_BOGUS;
1836 return GR_BAD_REQUEST;
1837 default:
1838 hc->checked_state = CHST_SECONDWORD;
1839 break;
1840 }
1841 break;
1842 case CHST_SECONDWORD:
1843 switch ( c )
1844 {
1845 case ' ': case '\t':
1846 hc->checked_state = CHST_SECONDWS;
1847 break;
1848 case '\012': case '\015':
1849 /* The first line has only two words - an HTTP/0.9 request. */
1850 return GR_GOT_REQUEST;
1851 }
1852 break;
1853 case CHST_SECONDWS:
1854 switch ( c )
1855 {
1856 case ' ': case '\t':
1857 break;
1858 case '\012': case '\015':
1859 hc->checked_state = CHST_BOGUS;
1860 return GR_BAD_REQUEST;
1861 default:
1862 hc->checked_state = CHST_THIRDWORD;
1863 break;
1864 }
1865 break;
1866 case CHST_THIRDWORD:
1867 switch ( c )
1868 {
1869 case ' ': case '\t':
1870 hc->checked_state = CHST_THIRDWS;
1871 break;
1872 case '\012':
1873 hc->checked_state = CHST_LF;
1874 break;
1875 case '\015':
1876 hc->checked_state = CHST_CR;
1877 break;
1878 }
1879 break;
1880 case CHST_THIRDWS:
1881 switch ( c )
1882 {
1883 case ' ': case '\t':
1884 break;
1885 case '\012':
1886 hc->checked_state = CHST_LF;
1887 break;
1888 case '\015':
1889 hc->checked_state = CHST_CR;
1890 break;
1891 default:
1892 hc->checked_state = CHST_BOGUS;
1893 return GR_BAD_REQUEST;
1894 }
1895 break;
1896 case CHST_LINE:
1897 switch ( c )
1898 {
1899 case '\012':
1900 hc->checked_state = CHST_LF;
1901 break;
1902 case '\015':
1903 hc->checked_state = CHST_CR;
1904 break;
1905 }
1906 break;
1907 case CHST_LF:
1908 switch ( c )
1909 {
1910 case '\012':
1911 /* Two newlines in a row - a blank line - end of request. */
1912 return GR_GOT_REQUEST;
1913 case '\015':
1914 hc->checked_state = CHST_CR;
1915 break;
1916 default:
1917 hc->checked_state = CHST_LINE;
1918 break;
1919 }
1920 break;
1921 case CHST_CR:
1922 switch ( c )
1923 {
1924 case '\012':
1925 hc->checked_state = CHST_CRLF;
1926 break;
1927 case '\015':
1928 /* Two returns in a row - end of request. */
1929 return GR_GOT_REQUEST;
1930 default:
1931 hc->checked_state = CHST_LINE;
1932 break;
1933 }
1934 break;
1935 case CHST_CRLF:
1936 switch ( c )
1937 {
1938 case '\012':
1939 /* Two newlines in a row - end of request. */
1940 return GR_GOT_REQUEST;
1941 case '\015':
1942 hc->checked_state = CHST_CRLFCR;
1943 break;
1944 default:
1945 hc->checked_state = CHST_LINE;
1946 break;
1947 }
1948 break;
1949 case CHST_CRLFCR:
1950 switch ( c )
1951 {
1952 case '\012': case '\015':
1953 /* Two CRLFs or two CRs in a row - end of request. */
1954 return GR_GOT_REQUEST;
1955 default:
1956 hc->checked_state = CHST_LINE;
1957 break;
1958 }
1959 break;
1960 case CHST_BOGUS:
1961 return GR_BAD_REQUEST;
1962 }
1963 }
1964 return GR_NO_REQUEST;
1965 }
1966
1967
1968 int
httpd_parse_request(httpd_conn * hc)1969 httpd_parse_request( httpd_conn* hc )
1970 {
1971 char* buf;
1972 char* method_str;
1973 char* url;
1974 char* protocol;
1975 char* reqhost;
1976 char* eol;
1977 char* cp;
1978 char* pi;
1979
1980 hc->checked_idx = 0; /* reset */
1981 method_str = bufgets( hc );
1982 url = strpbrk( method_str, " \t\012\015" );
1983 if ( url == (char*) 0 )
1984 {
1985 httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
1986 return -1;
1987 }
1988 *url++ = '\0';
1989 url += strspn( url, " \t\012\015" );
1990 protocol = strpbrk( url, " \t\012\015" );
1991 if ( protocol == (char*) 0 )
1992 {
1993 protocol = "HTTP/0.9";
1994 hc->mime_flag = 0;
1995 }
1996 else
1997 {
1998 *protocol++ = '\0';
1999 protocol += strspn( protocol, " \t\012\015" );
2000 if ( *protocol != '\0' )
2001 {
2002 eol = strpbrk( protocol, " \t\012\015" );
2003 if ( eol != (char*) 0 )
2004 *eol = '\0';
2005 if ( strcasecmp( protocol, "HTTP/1.0" ) != 0 )
2006 hc->one_one = 1;
2007 }
2008 }
2009 hc->protocol = protocol;
2010
2011 /* Check for HTTP/1.1 absolute URL. */
2012 if ( strncasecmp( url, "http://", 7 ) == 0 )
2013 {
2014 if ( ! hc->one_one )
2015 {
2016 httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
2017 return -1;
2018 }
2019 reqhost = url + 7;
2020 url = strchr( reqhost, '/' );
2021 if ( url == (char*) 0 )
2022 {
2023 httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
2024 return -1;
2025 }
2026 *url = '\0';
2027 if ( strchr( reqhost, '/' ) != (char*) 0 || reqhost[0] == '.' )
2028 {
2029 httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
2030 return -1;
2031 }
2032 httpd_realloc_str( &hc->reqhost, &hc->maxreqhost, strlen( reqhost ) );
2033 (void) strcpy( hc->reqhost, reqhost );
2034 *url = '/';
2035 }
2036
2037 if ( *url != '/' )
2038 {
2039 httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
2040 return -1;
2041 }
2042
2043 if ( strcasecmp( method_str, httpd_method_str( METHOD_GET ) ) == 0 )
2044 hc->method = METHOD_GET;
2045 else if ( strcasecmp( method_str, httpd_method_str( METHOD_HEAD ) ) == 0 )
2046 hc->method = METHOD_HEAD;
2047 /*else if ( strcasecmp( method_str, httpd_method_str( METHOD_POST ) ) == 0 )
2048 hc->method = METHOD_POST;*/
2049 else if ( strcasecmp( method_str, httpd_method_str( METHOD_PUT ) ) == 0 )
2050 hc->method = METHOD_PUT;
2051 else if ( strcasecmp( method_str, httpd_method_str( METHOD_DELETE ) ) == 0 )
2052 hc->method = METHOD_DELETE;
2053 else if ( strcasecmp( method_str, httpd_method_str( METHOD_TRACE ) ) == 0 )
2054 hc->method = METHOD_TRACE;
2055 else
2056 {
2057 httpd_send_err( hc, 501, err501title, "", err501form, method_str );
2058 return -1;
2059 }
2060
2061 hc->encodedurl = url;
2062 httpd_realloc_str(
2063 &hc->decodedurl, &hc->maxdecodedurl, strlen( hc->encodedurl ) );
2064 strdecode( hc->decodedurl, hc->encodedurl );
2065
2066 httpd_realloc_str(
2067 &hc->origfilename, &hc->maxorigfilename, strlen( hc->decodedurl ) );
2068 (void) strcpy( hc->origfilename, &hc->decodedurl[1] );
2069 /* Special case for top-level URL. */
2070 if ( hc->origfilename[0] == '\0' )
2071 (void) strcpy( hc->origfilename, "." );
2072
2073 /* Extract query string from encoded URL. */
2074 cp = strchr( hc->encodedurl, '?' );
2075 if ( cp != (char*) 0 )
2076 {
2077 ++cp;
2078 httpd_realloc_str( &hc->query, &hc->maxquery, strlen( cp ) );
2079 (void) strcpy( hc->query, cp );
2080 /* Remove query from (decoded) origfilename. */
2081 cp = strchr( hc->origfilename, '?' );
2082 if ( cp != (char*) 0 )
2083 *cp = '\0';
2084 }
2085
2086 de_dotdot( hc->origfilename );
2087 if ( hc->origfilename[0] == '/' ||
2088 ( hc->origfilename[0] == '.' && hc->origfilename[1] == '.' &&
2089 ( hc->origfilename[2] == '\0' || hc->origfilename[2] == '/' ) ) )
2090 {
2091 httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
2092 return -1;
2093 }
2094
2095 if ( hc->mime_flag )
2096 {
2097 /* Read the MIME headers. */
2098 while ( ( buf = bufgets( hc ) ) != (char*) 0 )
2099 {
2100 if ( buf[0] == '\0' )
2101 break;
2102 if ( strncasecmp( buf, "Referer:", 8 ) == 0 )
2103 {
2104 cp = &buf[8];
2105 cp += strspn( cp, " \t" );
2106 hc->referrer = cp;
2107 }
2108 else if ( strncasecmp( buf, "Referrer:", 9 ) == 0 )
2109 {
2110 cp = &buf[9];
2111 cp += strspn( cp, " \t" );
2112 hc->referrer = cp;
2113 }
2114 else if ( strncasecmp( buf, "User-Agent:", 11 ) == 0 )
2115 {
2116 cp = &buf[11];
2117 cp += strspn( cp, " \t" );
2118 hc->useragent = cp;
2119 }
2120 else if ( strncasecmp( buf, "Host:", 5 ) == 0 )
2121 {
2122 cp = &buf[5];
2123 cp += strspn( cp, " \t" );
2124 hc->hdrhost = cp;
2125 cp = strchr( hc->hdrhost, ':' );
2126 if ( cp != (char*) 0 )
2127 *cp = '\0';
2128 if ( strchr( hc->hdrhost, '/' ) != (char*) 0 || hc->hdrhost[0] == '.' )
2129 {
2130 httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
2131 return -1;
2132 }
2133 }
2134 else if ( strncasecmp( buf, "Accept:", 7 ) == 0 )
2135 {
2136 cp = &buf[7];
2137 cp += strspn( cp, " \t" );
2138 if ( hc->accept[0] != '\0' )
2139 {
2140 if ( strlen( hc->accept ) > 5000 )
2141 {
2142 // syslog(
2143 // LOG_ERR, "%.80s way too much Accept: data",
2144 // httpd_ntoa( &hc->client_addr ) );
2145 continue;
2146 }
2147 httpd_realloc_str(
2148 &hc->accept, &hc->maxaccept,
2149 strlen( hc->accept ) + 2 + strlen( cp ) );
2150 (void) strcat( hc->accept, ", " );
2151 }
2152 else
2153 httpd_realloc_str(
2154 &hc->accept, &hc->maxaccept, strlen( cp ) );
2155 (void) strcat( hc->accept, cp );
2156 }
2157 else if ( strncasecmp( buf, "Accept-Encoding:", 16 ) == 0 )
2158 {
2159 cp = &buf[16];
2160 cp += strspn( cp, " \t" );
2161 if ( hc->accepte[0] != '\0' )
2162 {
2163 if ( strlen( hc->accepte ) > 5000 )
2164 {
2165 // syslog(
2166 // LOG_ERR, "%.80s way too much Accept-Encoding: data",
2167 // httpd_ntoa( &hc->client_addr ) );
2168 continue;
2169 }
2170 httpd_realloc_str(
2171 &hc->accepte, &hc->maxaccepte,
2172 strlen( hc->accepte ) + 2 + strlen( cp ) );
2173 (void) strcat( hc->accepte, ", " );
2174 }
2175 else
2176 httpd_realloc_str(
2177 &hc->accepte, &hc->maxaccepte, strlen( cp ) );
2178 (void) strcpy( hc->accepte, cp );
2179 }
2180 else if ( strncasecmp( buf, "Accept-Language:", 16 ) == 0 )
2181 {
2182 cp = &buf[16];
2183 cp += strspn( cp, " \t" );
2184 hc->acceptl = cp;
2185 }
2186 else if ( strncasecmp( buf, "If-Modified-Since:", 18 ) == 0 )
2187 {
2188 cp = &buf[18];
2189 hc->if_modified_since = tdate_parse( cp );
2190 if ( hc->if_modified_since == (time_t) -1 )
2191 /*syslog( LOG_DEBUG, "unparsable time: %.80s", cp )*/;
2192 }
2193 else if ( strncasecmp( buf, "Cookie:", 7 ) == 0 )
2194 {
2195 cp = &buf[7];
2196 cp += strspn( cp, " \t" );
2197 hc->cookie = cp;
2198 }
2199 else if ( strncasecmp( buf, "Range:", 6 ) == 0 )
2200 {
2201 /* Only support %d- and %d-%d, not %d-%d,%d-%d or -%d. */
2202 if ( strchr( buf, ',' ) == (char*) 0 )
2203 {
2204 char* cp_dash;
2205 cp = strpbrk( buf, "=" );
2206 if ( cp != (char*) 0 )
2207 {
2208 cp_dash = strchr( cp + 1, '-' );
2209 if ( cp_dash != (char*) 0 && cp_dash != cp + 1 )
2210 {
2211 *cp_dash = '\0';
2212 hc->got_range = 1;
2213 hc->first_byte_index = atoll( cp + 1 );
2214 if ( hc->first_byte_index < 0 )
2215 hc->first_byte_index = 0;
2216 if ( isdigit( (int) cp_dash[1] ) )
2217 {
2218 hc->last_byte_index = atoll( cp_dash + 1 );
2219 if ( hc->last_byte_index < 0 )
2220 hc->last_byte_index = -1;
2221 }
2222 }
2223 }
2224 }
2225 }
2226 else if ( strncasecmp( buf, "Range-If:", 9 ) == 0 ||
2227 strncasecmp( buf, "If-Range:", 9 ) == 0 )
2228 {
2229 cp = &buf[9];
2230 hc->range_if = tdate_parse( cp );
2231 if ( hc->range_if == (time_t) -1 )
2232 /*syslog( LOG_DEBUG, "unparsable time: %.80s", cp )*/;
2233 }
2234 else if ( strncasecmp( buf, "Content-Type:", 13 ) == 0 )
2235 {
2236 cp = &buf[13];
2237 cp += strspn( cp, " \t" );
2238 hc->contenttype = cp;
2239 }
2240 else if ( strncasecmp( buf, "Content-Length:", 15 ) == 0 )
2241 {
2242 cp = &buf[15];
2243 hc->contentlength = atol( cp );
2244 }
2245 else if ( strncasecmp( buf, "Authorization:", 14 ) == 0 )
2246 {
2247 cp = &buf[14];
2248 cp += strspn( cp, " \t" );
2249 hc->authorization = cp;
2250 }
2251 else if ( strncasecmp( buf, "Connection:", 11 ) == 0 )
2252 {
2253 cp = &buf[11];
2254 cp += strspn( cp, " \t" );
2255 if ( strcasecmp( cp, "keep-alive" ) == 0 )
2256 hc->keep_alive = 1;
2257 }
2258 #ifdef LOG_UNKNOWN_HEADERS
2259 else if ( strncasecmp( buf, "Accept-Charset:", 15 ) == 0 ||
2260 strncasecmp( buf, "Accept-Language:", 16 ) == 0 ||
2261 strncasecmp( buf, "Agent:", 6 ) == 0 ||
2262 strncasecmp( buf, "Cache-Control:", 14 ) == 0 ||
2263 strncasecmp( buf, "Cache-Info:", 11 ) == 0 ||
2264 strncasecmp( buf, "Charge-To:", 10 ) == 0 ||
2265 strncasecmp( buf, "Client-IP:", 10 ) == 0 ||
2266 strncasecmp( buf, "Date:", 5 ) == 0 ||
2267 strncasecmp( buf, "Extension:", 10 ) == 0 ||
2268 strncasecmp( buf, "Forwarded:", 10 ) == 0 ||
2269 strncasecmp( buf, "From:", 5 ) == 0 ||
2270 strncasecmp( buf, "HTTP-Version:", 13 ) == 0 ||
2271 strncasecmp( buf, "Max-Forwards:", 13 ) == 0 ||
2272 strncasecmp( buf, "Message-Id:", 11 ) == 0 ||
2273 strncasecmp( buf, "MIME-Version:", 13 ) == 0 ||
2274 strncasecmp( buf, "Negotiate:", 10 ) == 0 ||
2275 strncasecmp( buf, "Pragma:", 7 ) == 0 ||
2276 strncasecmp( buf, "Proxy-Agent:", 12 ) == 0 ||
2277 strncasecmp( buf, "Proxy-Connection:", 17 ) == 0 ||
2278 strncasecmp( buf, "Security-Scheme:", 16 ) == 0 ||
2279 strncasecmp( buf, "Session-Id:", 11 ) == 0 ||
2280 strncasecmp( buf, "UA-Color:", 9 ) == 0 ||
2281 strncasecmp( buf, "UA-CPU:", 7 ) == 0 ||
2282 strncasecmp( buf, "UA-Disp:", 8 ) == 0 ||
2283 strncasecmp( buf, "UA-OS:", 6 ) == 0 ||
2284 strncasecmp( buf, "UA-Pixels:", 10 ) == 0 ||
2285 strncasecmp( buf, "User:", 5 ) == 0 ||
2286 strncasecmp( buf, "Via:", 4 ) == 0 ||
2287 strncasecmp( buf, "X-", 2 ) == 0 )
2288 ; /* ignore */
2289 else
2290 // syslog( LOG_DEBUG, "unknown request header: %.80s", buf );
2291 #endif /* LOG_UNKNOWN_HEADERS */
2292 }
2293 }
2294
2295 if ( hc->one_one )
2296 {
2297 /* Check that HTTP/1.1 requests specify a host, as required. */
2298 if ( hc->reqhost[0] == '\0' && hc->hdrhost[0] == '\0' )
2299 {
2300 httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
2301 return -1;
2302 }
2303
2304 /* If the client wants to do keep-alives, it might also be doing
2305 ** pipelining. There's no way for us to tell. Since we don't
2306 ** implement keep-alives yet, if we close such a connection there
2307 ** might be unread pipelined requests waiting. So, we have to
2308 ** do a lingering close.
2309 */
2310 if ( hc->keep_alive )
2311 hc->should_linger = 1;
2312 }
2313
2314 /* Ok, the request has been parsed. Now we resolve stuff that
2315 ** may require the entire request.
2316 */
2317
2318 /* Copy original filename to expanded filename. */
2319 httpd_realloc_str(
2320 &hc->expnfilename, &hc->maxexpnfilename, strlen( hc->origfilename ) );
2321 (void) strcpy( hc->expnfilename, hc->origfilename );
2322
2323 /* Tilde mapping. */
2324 if ( hc->expnfilename[0] == '~' )
2325 {
2326 #ifdef TILDE_MAP_1
2327 if ( ! tilde_map_1( hc ) )
2328 {
2329 httpd_send_err( hc, 404, err404title, "", err404form, hc->encodedurl );
2330 return -1;
2331 }
2332 #endif /* TILDE_MAP_1 */
2333 #ifdef TILDE_MAP_2
2334 if ( ! tilde_map_2( hc ) )
2335 {
2336 httpd_send_err( hc, 404, err404title, "", err404form, hc->encodedurl );
2337 return -1;
2338 }
2339 #endif /* TILDE_MAP_2 */
2340 }
2341
2342 /* Virtual host mapping. */
2343 if ( hc->hs->vhost )
2344 if ( ! vhost_map( hc ) )
2345 {
2346 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
2347 return -1;
2348 }
2349
2350 /* Expand all symbolic links in the filename. This also gives us
2351 ** any trailing non-existing components, for pathinfo.
2352 */
2353 cp = expand_symlinks( hc->expnfilename, &pi, hc->hs->no_symlink_check, hc->tildemapped );
2354 if ( cp == (char*) 0 )
2355 {
2356 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
2357 return -1;
2358 }
2359 httpd_realloc_str( &hc->expnfilename, &hc->maxexpnfilename, strlen( cp ) );
2360 (void) strcpy( hc->expnfilename, cp );
2361 httpd_realloc_str( &hc->pathinfo, &hc->maxpathinfo, strlen( pi ) );
2362 (void) strcpy( hc->pathinfo, pi );
2363
2364 /* Remove pathinfo stuff from the original filename too. */
2365 if ( hc->pathinfo[0] != '\0' )
2366 {
2367 int i;
2368 i = strlen( hc->origfilename ) - strlen( hc->pathinfo );
2369 if ( i > 0 && strcmp( &hc->origfilename[i], hc->pathinfo ) == 0 )
2370 hc->origfilename[i - 1] = '\0';
2371 }
2372
2373 /* If the expanded filename is an absolute path, check that it's still
2374 ** within the current directory or the alternate directory.
2375 */
2376 if ( hc->expnfilename[0] == '/' )
2377 {
2378 if ( strncmp(
2379 hc->expnfilename, hc->hs->cwd, strlen( hc->hs->cwd ) ) == 0 )
2380 {
2381 /* Elide the current directory. */
2382 (void) ol_strcpy(
2383 hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )] );
2384 }
2385 #ifdef TILDE_MAP_2
2386 else if ( hc->altdir[0] != '\0' &&
2387 ( strncmp(
2388 hc->expnfilename, hc->altdir,
2389 strlen( hc->altdir ) ) == 0 &&
2390 ( hc->expnfilename[strlen( hc->altdir )] == '\0' ||
2391 hc->expnfilename[strlen( hc->altdir )] == '/' ) ) )
2392 {}
2393 #endif /* TILDE_MAP_2 */
2394 else
2395 {
2396 // syslog(
2397 // LOG_NOTICE, "%.80s URL \"%.80s\" goes outside the web tree",
2398 // httpd_ntoa( &hc->client_addr ), hc->encodedurl );
2399 httpd_send_err(
2400 hc, 403, err403title, "",
2401 ERROR_FORM( err403form, "The requested URL '%.80s' resolves to a file outside the permitted web server directory tree.\n" ),
2402 hc->encodedurl );
2403 return -1;
2404 }
2405 }
2406
2407 return 0;
2408 }
2409
2410
2411 static char*
bufgets(httpd_conn * hc)2412 bufgets( httpd_conn* hc )
2413 {
2414 int i;
2415 char c;
2416
2417 for ( i = hc->checked_idx; hc->checked_idx < hc->read_idx; ++hc->checked_idx )
2418 {
2419 c = hc->read_buf[hc->checked_idx];
2420 if ( c == '\012' || c == '\015' )
2421 {
2422 hc->read_buf[hc->checked_idx] = '\0';
2423 ++hc->checked_idx;
2424 if ( c == '\015' && hc->checked_idx < hc->read_idx &&
2425 hc->read_buf[hc->checked_idx] == '\012' )
2426 {
2427 hc->read_buf[hc->checked_idx] = '\0';
2428 ++hc->checked_idx;
2429 }
2430 return &(hc->read_buf[i]);
2431 }
2432 }
2433 return (char*) 0;
2434 }
2435
2436
2437 static void
de_dotdot(char * file)2438 de_dotdot( char* file )
2439 {
2440 char* cp;
2441 char* cp2;
2442 int l;
2443
2444 /* Collapse any multiple / sequences. */
2445 while ( ( cp = strstr( file, "//") ) != (char*) 0 )
2446 {
2447 for ( cp2 = cp + 2; *cp2 == '/'; ++cp2 )
2448 continue;
2449 (void) ol_strcpy( cp + 1, cp2 );
2450 }
2451
2452 /* Remove leading ./ and any /./ sequences. */
2453 while ( strncmp( file, "./", 2 ) == 0 )
2454 (void) ol_strcpy( file, file + 2 );
2455 while ( ( cp = strstr( file, "/./") ) != (char*) 0 )
2456 (void) ol_strcpy( cp, cp + 2 );
2457
2458 /* Alternate between removing leading ../ and removing xxx/../ */
2459 for (;;)
2460 {
2461 while ( strncmp( file, "../", 3 ) == 0 )
2462 (void) ol_strcpy( file, file + 3 );
2463 cp = strstr( file, "/../" );
2464 if ( cp == (char*) 0 )
2465 break;
2466 for ( cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2 )
2467 continue;
2468 (void) ol_strcpy( cp2 + 1, cp + 4 );
2469 }
2470
2471 /* Also elide any xxx/.. at the end. */
2472 while ( ( l = strlen( file ) ) > 3 &&
2473 strcmp( ( cp = file + l - 3 ), "/.." ) == 0 )
2474 {
2475 for ( cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2 )
2476 continue;
2477 if ( cp2 < file )
2478 break;
2479 *cp2 = '\0';
2480 }
2481 }
2482
2483
2484 void
httpd_close_conn(httpd_conn * hc,struct timeval * nowP)2485 httpd_close_conn( httpd_conn* hc, struct timeval* nowP )
2486 {
2487 make_log_entry( hc, nowP );
2488
2489 /* if ( hc->file_address != (char*) 0 )
2490 {
2491 mmc_unmap( hc->file_address, &(hc->sb), nowP );
2492 hc->file_address = (char*) 0;
2493 }*/
2494 if ( hc->conn_fd >= 0 )
2495 {
2496 (void) close( hc->conn_fd );
2497 hc->conn_fd = -1;
2498 }
2499 }
2500
2501 void
httpd_destroy_conn(httpd_conn * hc)2502 httpd_destroy_conn( httpd_conn* hc )
2503 {
2504 if ( hc->initialized )
2505 {
2506 free( (void*) hc->read_buf );
2507 free( (void*) hc->decodedurl );
2508 free( (void*) hc->origfilename );
2509 free( (void*) hc->expnfilename );
2510 free( (void*) hc->encodings );
2511 free( (void*) hc->pathinfo );
2512 free( (void*) hc->query );
2513 free( (void*) hc->accept );
2514 free( (void*) hc->accepte );
2515 free( (void*) hc->reqhost );
2516 free( (void*) hc->hostdir );
2517 free( (void*) hc->remoteuser );
2518 free( (void*) hc->response );
2519 #ifdef TILDE_MAP_2
2520 free( (void*) hc->altdir );
2521 #endif /* TILDE_MAP_2 */
2522 hc->initialized = 0;
2523 }
2524 }
2525
2526
2527 struct mime_entry {
2528 char* ext;
2529 size_t ext_len;
2530 char* val;
2531 size_t val_len;
2532 };
2533 static struct mime_entry enc_tab[] = {
2534 #include "mime_encodings.h"
2535 };
2536 static const int n_enc_tab = sizeof(enc_tab) / sizeof(*enc_tab);
2537 static struct mime_entry typ_tab[] = {
2538 #include "mime_types.h"
2539 };
2540 static const int n_typ_tab = sizeof(typ_tab) / sizeof(*typ_tab);
2541
2542
2543 /* qsort comparison routine */
2544 static int
ext_compare(const void * v1,const void * v2)2545 ext_compare( const void* v1, const void* v2 )
2546 {
2547 const struct mime_entry* m1 = (const struct mime_entry*) v1;
2548 const struct mime_entry* m2 = (const struct mime_entry*) v2;
2549
2550 return strcmp( m1->ext, m2->ext );
2551 }
2552
2553
2554 static void
init_mime(void)2555 init_mime( void )
2556 {
2557 int i;
2558
2559 /* Sort the tables so we can do binary search. */
2560 qsort( enc_tab, n_enc_tab, sizeof(*enc_tab), ext_compare );
2561 qsort( typ_tab, n_typ_tab, sizeof(*typ_tab), ext_compare );
2562
2563 /* Fill in the lengths. */
2564 for ( i = 0; i < n_enc_tab; ++i )
2565 {
2566 enc_tab[i].ext_len = strlen( enc_tab[i].ext );
2567 enc_tab[i].val_len = strlen( enc_tab[i].val );
2568 }
2569 for ( i = 0; i < n_typ_tab; ++i )
2570 {
2571 typ_tab[i].ext_len = strlen( typ_tab[i].ext );
2572 typ_tab[i].val_len = strlen( typ_tab[i].val );
2573 }
2574
2575 }
2576
2577
2578 /* Figure out MIME encodings and type based on the filename. Multiple
2579 ** encodings are separated by commas, and are listed in the order in
2580 ** which they were applied to the file.
2581 */
2582 static void
figure_mime(httpd_conn * hc)2583 figure_mime( httpd_conn* hc )
2584 {
2585 char* prev_dot;
2586 char* dot;
2587 char* ext;
2588 int me_indexes[100], n_me_indexes;
2589 size_t ext_len, encodings_len;
2590 int i, top, bot, mid;
2591 int r;
2592 char* default_type = "text/plain; charset=%s";
2593
2594 /* Peel off encoding extensions until there aren't any more. */
2595 n_me_indexes = 0;
2596 for ( prev_dot = &hc->expnfilename[strlen(hc->expnfilename)]; ; prev_dot = dot )
2597 {
2598 for ( dot = prev_dot - 1; dot >= hc->expnfilename && *dot != '.'; --dot )
2599 ;
2600 if ( dot < hc->expnfilename )
2601 {
2602 /* No dot found. No more encoding extensions, and no type
2603 ** extension either.
2604 */
2605 hc->type = default_type;
2606 goto done;
2607 }
2608 ext = dot + 1;
2609 ext_len = prev_dot - ext;
2610 /* Search the encodings table. Linear search is fine here, there
2611 ** are only a few entries.
2612 */
2613 for ( i = 0; i < n_enc_tab; ++i )
2614 {
2615 if ( ext_len == enc_tab[i].ext_len && strncasecmp( ext, enc_tab[i].ext, ext_len ) == 0 )
2616 {
2617 if ( n_me_indexes < sizeof(me_indexes)/sizeof(*me_indexes) )
2618 {
2619 me_indexes[n_me_indexes] = i;
2620 ++n_me_indexes;
2621 }
2622 goto next;
2623 }
2624 }
2625 /* No encoding extension found. Break and look for a type extension. */
2626 break;
2627
2628 next: ;
2629 }
2630
2631 /* Binary search for a matching type extension. */
2632 top = n_typ_tab - 1;
2633 bot = 0;
2634 while ( top >= bot )
2635 {
2636 mid = ( top + bot ) / 2;
2637 r = strncasecmp( ext, typ_tab[mid].ext, ext_len );
2638 if ( r < 0 )
2639 top = mid - 1;
2640 else if ( r > 0 )
2641 bot = mid + 1;
2642 else
2643 if ( ext_len < typ_tab[mid].ext_len )
2644 top = mid - 1;
2645 else if ( ext_len > typ_tab[mid].ext_len )
2646 bot = mid + 1;
2647 else
2648 {
2649 hc->type = typ_tab[mid].val;
2650 goto done;
2651 }
2652 }
2653 hc->type = default_type;
2654
2655 done:
2656
2657 /* The last thing we do is actually generate the mime-encoding header. */
2658 hc->encodings[0] = '\0';
2659 encodings_len = 0;
2660 for ( i = n_me_indexes - 1; i >= 0; --i )
2661 {
2662 httpd_realloc_str(
2663 &hc->encodings, &hc->maxencodings,
2664 encodings_len + enc_tab[me_indexes[i]].val_len + 1 );
2665 if ( hc->encodings[0] != '\0' )
2666 {
2667 (void) strcpy( &hc->encodings[encodings_len], "," );
2668 ++encodings_len;
2669 }
2670 (void) strcpy( &hc->encodings[encodings_len], enc_tab[me_indexes[i]].val );
2671 encodings_len += enc_tab[me_indexes[i]].val_len;
2672 }
2673
2674 }
2675
2676
2677 #ifdef CGI_TIMELIMIT
2678 static void
cgi_kill2(ClientData client_data,struct timeval * nowP)2679 cgi_kill2( ClientData client_data, struct timeval* nowP )
2680 {
2681 pid_t pid;
2682
2683 pid = (pid_t) client_data.i;
2684 if ( kill( pid, SIGKILL ) == 0 )
2685 syslog( LOG_WARNING, "hard-killed CGI process %d", pid );
2686 }
2687
2688 static void
cgi_kill(ClientData client_data,struct timeval * nowP)2689 cgi_kill( ClientData client_data, struct timeval* nowP )
2690 {
2691 pid_t pid;
2692
2693 pid = (pid_t) client_data.i;
2694 if ( kill( pid, SIGINT ) == 0 )
2695 {
2696 syslog( LOG_WARNING, "killed CGI process %d", pid );
2697 /* In case this isn't enough, schedule an uncatchable kill. */
2698 if ( tmr_create( nowP, cgi_kill2, client_data, 5 * 1000L, 0 ) == (Timer*) 0 )
2699 {
2700 // syslog( LOG_CRIT, "tmr_create(cgi_kill2) failed" );
2701 exit( 1 );
2702 }
2703 }
2704 }
2705 #endif /* CGI_TIMELIMIT */
2706
2707
2708 #ifdef GENERATE_INDEXES
2709
2710 /* qsort comparison routine */
2711 static int
name_compare(const void * v1,const void * v2)2712 name_compare( const void* v1, const void* v2 )
2713 {
2714 const char** c1 = (const char**) v1;
2715 const char** c2 = (const char**) v2;
2716 return strcmp( *c1, *c2 );
2717 }
2718
2719
2720 static int
ls(httpd_conn * hc)2721 ls( httpd_conn* hc )
2722 {
2723 DIR* dirp;
2724 struct dirent* de;
2725 int namlen;
2726 /*static*/int maxnames = 0;
2727 int nnames;
2728 /*static*/char* names = NULL;
2729 /*static*/char** nameptrs = NULL;
2730 /*static*/char* name = NULL;
2731 /*static*/size_t maxname = 0;
2732 /*static*/char* rname = NULL;
2733 /*static*/size_t maxrname = 0;
2734 /*static*/char* encrname = NULL;
2735 /*static*/size_t maxencrname = 0;
2736 FILE* fp;
2737 int i/*, r*/;
2738 struct stat sb;
2739 struct stat lsb;
2740 char modestr[20];
2741 char* linkprefix;
2742 char lnk[MAXPATHLEN+1];
2743 int linklen;
2744 char* fileclass;
2745 time_t now;
2746 char* timestr;
2747 //ClientData client_data;
2748
2749 dirp = opendir( hc->expnfilename );
2750 if ( dirp == (DIR*) 0 )
2751 {
2752 char logString[27+B_PATH_NAME_LENGTH+1];
2753 sprintf(logString, "Error 404 File not found: %s\n", hc->decodedurl+1);
2754 poorman_log(logString, true, &hc->client_addr, RED);
2755 // syslog( LOG_ERR, "opendir %.80s - %m", hc->expnfilename );
2756 httpd_send_err( hc, 404, err404title, "", err404form, hc->encodedurl );
2757 return -1;
2758 }
2759
2760 if ( hc->method == METHOD_HEAD )
2761 {
2762 closedir( dirp );
2763 send_mime(
2764 hc, 200, ok200title, "", "", "text/html; charset=%s", (off_t) -1,
2765 hc->sb.st_mtime );
2766 httpd_write_response( hc );
2767 }
2768 else if ( hc->method == METHOD_GET )
2769 {
2770 {
2771 char logString[B_FILE_NAME_LENGTH+B_PATH_NAME_LENGTH+51];
2772 if(pthread_rwlock_rdlock(get_web_dir_lock()) == 0){
2773 sprintf(
2774 logString,
2775 "Directory %s/%s/ has no ",
2776 hc->hs->cwd,
2777 hc->expnfilename
2778 );
2779 pthread_rwlock_unlock(get_web_dir_lock());
2780 }
2781 else
2782 strcpy(logString, "A web directory has no ");
2783
2784 if(pthread_rwlock_rdlock(get_index_name_lock()) == 0){
2785 strcat(logString, hc->hs->index_name);
2786 pthread_rwlock_unlock(get_index_name_lock());
2787 }
2788 else
2789 strcat(logString, "index file");
2790
2791 strcat(logString, ". Sending directory listing.\n");
2792 poorman_log(logString, true, &hc->client_addr, BLACK);
2793 }
2794 send_mime(
2795 hc, 200, ok200title, "", "", "text/html; charset=%s",
2796 (off_t) -1, hc->sb.st_mtime );
2797 httpd_write_response( hc );
2798
2799 #ifdef CGI_NICE
2800 /* Set priority. */
2801 (void) nice( CGI_NICE );
2802 #endif /* CGI_NICE */
2803
2804 /* Open a stdio stream so that we can use fprintf, which is more
2805 ** efficient than a bunch of separate write()s. We don't have
2806 ** to worry about double closes or file descriptor leaks cause
2807 ** we're in a subprocess.
2808 */
2809 fp = fdopen( hc->conn_fd, "w" );
2810 if ( fp == (FILE*) 0 )
2811 {
2812 // syslog( LOG_ERR, "fdopen - %m" );
2813 httpd_send_err(
2814 hc, 500, err500title, "", err500form, hc->encodedurl );
2815 httpd_write_response( hc );
2816 closedir( dirp );
2817 exit( 1 );
2818 }
2819
2820 (void) fprintf( fp, "\
2821 <!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n\
2822 \n\
2823 <html>\n\
2824 \n\
2825 <head>\n\
2826 <meta http-equiv=\"Content-type\" content=\"text/html;charset=UTF-8\">\n\
2827 <title>Index of %.80s</title>\n\
2828 </head>\n\
2829 \n\
2830 <body bgcolor=\"#99cc99\" text=\"#000000\" link=\"#2020ff\" vlink=\"#4040cc\">\n\
2831 \n\
2832 <h2>Index of %.80s</h2>\n\
2833 \n\
2834 <pre>\n\
2835 mode links bytes last-changed name\n\
2836 <hr>",
2837 hc->encodedurl, hc->encodedurl );
2838
2839 /* Read in names. */
2840 nnames = 0;
2841 while ( ( de = readdir( dirp ) ) != 0 ) /* dirent or direct */
2842 {
2843 if ( nnames >= maxnames )
2844 {
2845 if ( maxnames == 0 )
2846 {
2847 maxnames = 100;
2848 names = NEW( char, maxnames * ( MAXPATHLEN + 1 ) );
2849 nameptrs = NEW( char*, maxnames );
2850 }
2851 else
2852 {
2853 maxnames *= 2;
2854 names = RENEW( names, char, maxnames * ( MAXPATHLEN + 1 ) );
2855 nameptrs = RENEW( nameptrs, char*, maxnames );
2856 }
2857 if ( names == (char*) 0 || nameptrs == (char**) 0 )
2858 {
2859 // syslog( LOG_ERR, "out of memory reallocating directory names" );
2860 closedir( dirp );
2861 return -1;
2862 }
2863 for ( i = 0; i < maxnames; ++i )
2864 nameptrs[i] = &names[i * ( MAXPATHLEN + 1 )];
2865 }
2866 namlen = NAMLEN(de);
2867 (void) strncpy( nameptrs[nnames], de->d_name, namlen );
2868 nameptrs[nnames][namlen] = '\0';
2869 ++nnames;
2870 }
2871 closedir( dirp );
2872
2873 /* Sort the names. */
2874 qsort( nameptrs, nnames, sizeof(*nameptrs), name_compare );
2875
2876 /* Generate output. */
2877 for ( i = 0; i < nnames; ++i )
2878 {
2879 httpd_realloc_str(
2880 &name, &maxname,
2881 strlen( hc->expnfilename ) + 1 + strlen( nameptrs[i] ) );
2882 httpd_realloc_str(
2883 &rname, &maxrname,
2884 strlen( hc->origfilename ) + 1 + strlen( nameptrs[i] ) );
2885 if ( hc->expnfilename[0] == '\0' ||
2886 strcmp( hc->expnfilename, "." ) == 0 )
2887 {
2888 (void) strcpy( name, nameptrs[i] );
2889 (void) strcpy( rname, nameptrs[i] );
2890 }
2891 else
2892 {
2893 (void) my_snprintf( name, maxname,
2894 "%s/%s", hc->expnfilename, nameptrs[i] );
2895 if ( strcmp( hc->origfilename, "." ) == 0 )
2896 (void) my_snprintf( rname, maxrname,
2897 "%s", nameptrs[i] );
2898 else
2899 (void) my_snprintf( rname, maxrname,
2900 "%s%s", hc->origfilename, nameptrs[i] );
2901 }
2902 httpd_realloc_str(
2903 &encrname, &maxencrname, 3 * strlen( rname ) + 1 );
2904 strencode( encrname, maxencrname, rname );
2905
2906 if ( stat( name, &sb ) < 0 || lstat( name, &lsb ) < 0 )
2907 continue;
2908
2909 linkprefix = "";
2910 lnk[0] = '\0';
2911 /* Break down mode word. First the file type. */
2912 switch ( lsb.st_mode & S_IFMT )
2913 {
2914 case S_IFIFO: modestr[0] = 'p'; break;
2915 case S_IFCHR: modestr[0] = 'c'; break;
2916 case S_IFDIR: modestr[0] = 'd'; break;
2917 case S_IFBLK: modestr[0] = 'b'; break;
2918 case S_IFREG: modestr[0] = '-'; break;
2919 case S_IFSOCK: modestr[0] = 's'; break;
2920 case S_IFLNK: modestr[0] = 'l';
2921 linklen = readlink( name, lnk, sizeof(lnk) - 1 );
2922 if ( linklen != -1 )
2923 {
2924 lnk[linklen] = '\0';
2925 linkprefix = " -> ";
2926 }
2927 break;
2928 default: modestr[0] = '?'; break;
2929 }
2930 /* Now the world permissions. Owner and group permissions
2931 ** are not of interest to web clients.
2932 */
2933 modestr[1] = ( lsb.st_mode & S_IROTH ) ? 'r' : '-';
2934 modestr[2] = ( lsb.st_mode & S_IWOTH ) ? 'w' : '-';
2935 modestr[3] = ( lsb.st_mode & S_IXOTH ) ? 'x' : '-';
2936 modestr[4] = '\0';
2937
2938 /* We also leave out the owner and group name, they are
2939 ** also not of interest to web clients. Plus if we're
2940 ** running under chroot(), they would require a copy
2941 ** of /etc/passwd and /etc/group, which we want to avoid.
2942 */
2943
2944 /* Get time string. */
2945 now = time( (time_t*) 0 );
2946 timestr = ctime( &lsb.st_mtime );
2947 timestr[ 0] = timestr[ 4];
2948 timestr[ 1] = timestr[ 5];
2949 timestr[ 2] = timestr[ 6];
2950 timestr[ 3] = ' ';
2951 timestr[ 4] = timestr[ 8];
2952 timestr[ 5] = timestr[ 9];
2953 timestr[ 6] = ' ';
2954 if ( now - lsb.st_mtime > 60*60*24*182 ) /* 1/2 year */
2955 {
2956 timestr[ 7] = ' ';
2957 timestr[ 8] = timestr[20];
2958 timestr[ 9] = timestr[21];
2959 timestr[10] = timestr[22];
2960 timestr[11] = timestr[23];
2961 }
2962 else
2963 {
2964 timestr[ 7] = timestr[11];
2965 timestr[ 8] = timestr[12];
2966 timestr[ 9] = ':';
2967 timestr[10] = timestr[14];
2968 timestr[11] = timestr[15];
2969 }
2970 timestr[12] = '\0';
2971
2972 /* The ls -F file class. */
2973 switch ( sb.st_mode & S_IFMT )
2974 {
2975 case S_IFDIR: fileclass = "/"; break;
2976 case S_IFSOCK: fileclass = "="; break;
2977 case S_IFLNK: fileclass = "@"; break;
2978 default:
2979 fileclass = ( sb.st_mode & S_IXOTH ) ? "*" : "";
2980 break;
2981 }
2982
2983 /* And print. */
2984 (void) fprintf( fp,
2985 "%s %3ld %10lld %s <a href=\"/%.500s%s\">%.80s</a>%s%s%s\n",
2986 modestr, (long) lsb.st_nlink, (long long) lsb.st_size,
2987 timestr, encrname, S_ISDIR(sb.st_mode) ? "/" : "",
2988 nameptrs[i], linkprefix, lnk, fileclass );
2989 }
2990
2991 (void) fprintf( fp, " </pre>\n </body>\n</html>\n" );
2992 (void) fclose( fp );
2993 // }
2994
2995 // syslog( LOG_DEBUG, "spawned indexing process %d for directory '%.200s'", r, hc->expnfilename );
2996 #ifdef CGI_TIMELIMIT
2997 /* Schedule a kill for the child process, in case it runs too long */
2998 client_data.i = r;
2999 if ( tmr_create( (struct timeval*) 0, cgi_kill, client_data, CGI_TIMELIMIT * 1000L, 0 ) == (Timer*) 0 )
3000 {
3001 // syslog( LOG_CRIT, "tmr_create(cgi_kill ls) failed" );
3002 exit( 1 );
3003 }
3004 #endif /* CGI_TIMELIMIT */
3005 hc->status = 200;
3006 hc->bytes_sent = CGI_BYTECOUNT;
3007 hc->should_linger = 0;
3008
3009 free(names);
3010 free(nameptrs);
3011 free(name);
3012 free(rname);
3013 free(encrname);
3014 }
3015 else
3016 {
3017 closedir( dirp );
3018 httpd_send_err(
3019 hc, 501, err501title, "", err501form, httpd_method_str( hc->method ) );
3020 return -1;
3021 }
3022 hc->processed_directory_index = 1;
3023 return 0;
3024 }
3025
3026 #endif /* GENERATE_INDEXES */
3027
3028
3029 //static char*
3030 //build_env( char* fmt, char* arg )
3031 // {
3032 // char* cp;
3033 // size_t size;
3034 // static char* buf;
3035 // static size_t maxbuf = 0;
3036 //
3037 // size = strlen( fmt ) + strlen( arg );
3038 // if ( size > maxbuf )
3039 // httpd_realloc_str( &buf, &maxbuf, size );
3040 // (void) my_snprintf( buf, maxbuf, fmt, arg );
3041 // cp = strdup( buf );
3042 // if ( cp == (char*) 0 )
3043 // {
3044 // syslog( LOG_ERR, "out of memory copying environment variable" );
3045 // exit( 1 );
3046 // }
3047 // return cp;
3048 // }
3049
3050
3051 #ifdef SERVER_NAME_LIST
3052 static char*
hostname_map(char * hostname)3053 hostname_map( char* hostname )
3054 {
3055 int len, n;
3056 static char* list[] = { SERVER_NAME_LIST };
3057
3058 len = strlen( hostname );
3059 for ( n = sizeof(list) / sizeof(*list) - 1; n >= 0; --n )
3060 if ( strncasecmp( hostname, list[n], len ) == 0 )
3061 if ( list[n][len] == '/' ) /* check in case of a substring match */
3062 return &list[n][len + 1];
3063 return (char*) 0;
3064 }
3065 #endif /* SERVER_NAME_LIST */
3066
3067
3068 /* Set up environment variables. Be real careful here to avoid
3069 ** letting malicious clients overrun a buffer. We don't have
3070 ** to worry about freeing stuff since we're a sub-process.
3071 */
3072 /*static char**
3073 make_envp( httpd_conn* hc )
3074 {
3075 static char* envp[50];
3076 int envn;
3077 char* cp;
3078 char buf[256];
3079
3080 envn = 0;
3081 envp[envn++] = build_env( "PATH=%s", CGI_PATH );
3082 #ifdef CGI_LD_LIBRARY_PATH
3083 envp[envn++] = build_env( "LD_LIBRARY_PATH=%s", CGI_LD_LIBRARY_PATH );
3084 #endif /* CGI_LD_LIBRARY_PATH */
3085 /* envp[envn++] = build_env( "SERVER_SOFTWARE=%s", SERVER_SOFTWARE );
3086 if ( hc->hs->vhost && hc->hostname != (char*) 0 && hc->hostname[0] != '\0' )
3087 cp = hc->hostname;
3088 else if ( hc->hdrhost != (char*) 0 && hc->hdrhost[0] != '\0' )
3089 cp = hc->hdrhost;
3090 else if ( hc->reqhost != (char*) 0 && hc->reqhost[0] != '\0' )
3091 cp = hc->reqhost;
3092 else
3093 cp = hc->hs->server_hostname;
3094 if ( cp != (char*) 0 )
3095 envp[envn++] = build_env( "SERVER_NAME=%s", cp );
3096 envp[envn++] = "GATEWAY_INTERFACE=CGI/1.1";
3097 envp[envn++] = build_env("SERVER_PROTOCOL=%s", hc->protocol);
3098 (void) my_snprintf( buf, sizeof(buf), "%d", (int) hc->hs->port );
3099 envp[envn++] = build_env( "SERVER_PORT=%s", buf );
3100 envp[envn++] = build_env(
3101 "REQUEST_METHOD=%s", httpd_method_str( hc->method ) );
3102 if ( hc->pathinfo[0] != '\0' )
3103 {
3104 char* cp2;
3105 size_t l;
3106 envp[envn++] = build_env( "PATH_INFO=/%s", hc->pathinfo );
3107 l = strlen( hc->hs->cwd ) + strlen( hc->pathinfo ) + 1;
3108 cp2 = NEW( char, l );
3109 if ( cp2 != (char*) 0 )
3110 {
3111 (void) my_snprintf( cp2, l, "%s%s", hc->hs->cwd, hc->pathinfo );
3112 envp[envn++] = build_env( "PATH_TRANSLATED=%s", cp2 );
3113 }
3114 }
3115 envp[envn++] = build_env(
3116 "SCRIPT_NAME=/%s", strcmp( hc->origfilename, "." ) == 0 ?
3117 "" : hc->origfilename );
3118 if ( hc->query[0] != '\0')
3119 envp[envn++] = build_env( "QUERY_STRING=%s", hc->query );
3120 envp[envn++] = build_env(
3121 "REMOTE_ADDR=%s", httpd_ntoa( &hc->client_addr ) );
3122 if ( hc->referrer[0] != '\0' )
3123 {
3124 envp[envn++] = build_env( "HTTP_REFERER=%s", hc->referrer );
3125 envp[envn++] = build_env( "HTTP_REFERRER=%s", hc->referrer );
3126 }
3127 if ( hc->useragent[0] != '\0' )
3128 envp[envn++] = build_env( "HTTP_USER_AGENT=%s", hc->useragent );
3129 if ( hc->accept[0] != '\0' )
3130 envp[envn++] = build_env( "HTTP_ACCEPT=%s", hc->accept );
3131 if ( hc->accepte[0] != '\0' )
3132 envp[envn++] = build_env( "HTTP_ACCEPT_ENCODING=%s", hc->accepte );
3133 if ( hc->acceptl[0] != '\0' )
3134 envp[envn++] = build_env( "HTTP_ACCEPT_LANGUAGE=%s", hc->acceptl );
3135 if ( hc->cookie[0] != '\0' )
3136 envp[envn++] = build_env( "HTTP_COOKIE=%s", hc->cookie );
3137 if ( hc->contenttype[0] != '\0' )
3138 envp[envn++] = build_env( "CONTENT_TYPE=%s", hc->contenttype );
3139 if ( hc->hdrhost[0] != '\0' )
3140 envp[envn++] = build_env( "HTTP_HOST=%s", hc->hdrhost );
3141 if ( hc->contentlength != -1 )
3142 {
3143 (void) my_snprintf(
3144 buf, sizeof(buf), "%lu", (unsigned long) hc->contentlength );
3145 envp[envn++] = build_env( "CONTENT_LENGTH=%s", buf );
3146 }
3147 if ( hc->remoteuser[0] != '\0' )
3148 envp[envn++] = build_env( "REMOTE_USER=%s", hc->remoteuser );
3149 if ( hc->authorization[0] != '\0' )
3150 envp[envn++] = build_env( "AUTH_TYPE=%s", "Basic" );
3151 /* We only support Basic auth at the moment. */
3152 /* if ( getenv( "TZ" ) != (char*) 0 )
3153 envp[envn++] = build_env( "TZ=%s", getenv( "TZ" ) );
3154 envp[envn++] = build_env( "CGI_PATTERN=%s", hc->hs->cgi_pattern );
3155
3156 envp[envn] = (char*) 0;
3157 return envp;
3158 }
3159 */
3160
3161 /* Set up argument vector. Again, we don't have to worry about freeing stuff
3162 ** since we're a sub-process. This gets done after make_envp() because we
3163 ** scribble on hc->query.
3164 */
3165 static char**
make_argp(httpd_conn * hc)3166 make_argp( httpd_conn* hc )
3167 {
3168 char** argp;
3169 int argn;
3170 char* cp1;
3171 char* cp2;
3172
3173 /* By allocating an arg slot for every character in the query, plus
3174 ** one for the filename and one for the NULL, we are guaranteed to
3175 ** have enough. We could actually use strlen/2.
3176 */
3177 argp = NEW( char*, strlen( hc->query ) + 2 );
3178 if ( argp == (char**) 0 )
3179 return (char**) 0;
3180
3181 argp[0] = strrchr( hc->expnfilename, '/' );
3182 if ( argp[0] != (char*) 0 )
3183 ++argp[0];
3184 else
3185 argp[0] = hc->expnfilename;
3186
3187 argn = 1;
3188 /* According to the CGI spec at http://hoohoo.ncsa.uiuc.edu/cgi/cl.html,
3189 ** "The server should search the query information for a non-encoded =
3190 ** character to determine if the command line is to be used, if it finds
3191 ** one, the command line is not to be used."
3192 */
3193 if ( strchr( hc->query, '=' ) == (char*) 0 )
3194 {
3195 for ( cp1 = cp2 = hc->query; *cp2 != '\0'; ++cp2 )
3196 {
3197 if ( *cp2 == '+' )
3198 {
3199 *cp2 = '\0';
3200 strdecode( cp1, cp1 );
3201 argp[argn++] = cp1;
3202 cp1 = cp2 + 1;
3203 }
3204 }
3205 if ( cp2 != cp1 )
3206 {
3207 strdecode( cp1, cp1 );
3208 argp[argn++] = cp1;
3209 }
3210 }
3211
3212 argp[argn] = (char*) 0;
3213 return argp;
3214 }
3215
3216
3217 /* This routine is used only for POST requests. It reads the data
3218 ** from the request and sends it to the child process. The only reason
3219 ** we need to do it this way instead of just letting the child read
3220 ** directly is that we have already read part of the data into our
3221 ** buffer.
3222 */
3223 static void
cgi_interpose_input(httpd_conn * hc,int wfd)3224 cgi_interpose_input( httpd_conn* hc, int wfd )
3225 {
3226 size_t c;
3227 ssize_t r;
3228 char buf[1024];
3229
3230 c = hc->read_idx - hc->checked_idx;
3231 if ( c > 0 )
3232 {
3233 if ( httpd_write_fully( wfd, &(hc->read_buf[hc->checked_idx]), c ) != c )
3234 return;
3235 }
3236 while ( c < hc->contentlength )
3237 {
3238 r = read( hc->conn_fd, buf, MIN( sizeof(buf), hc->contentlength - c ) );
3239 if ( r < 0 && ( errno == EINTR || errno == EAGAIN ) )
3240 {
3241 sleep( 1 );
3242 continue;
3243 }
3244 if ( r <= 0 )
3245 return;
3246 if ( httpd_write_fully( wfd, buf, r ) != r )
3247 return;
3248 c += r;
3249 }
3250 post_post_garbage_hack( hc );
3251 }
3252
3253
3254 /* Special hack to deal with broken browsers that send a LF or CRLF
3255 ** after POST data, causing TCP resets - we just read and discard up
3256 ** to 2 bytes. Unfortunately this doesn't fix the problem for CGIs
3257 ** which avoid the interposer process due to their POST data being
3258 ** short. Creating an interposer process for all POST CGIs is
3259 ** unacceptably expensive. The eventual fix will come when interposing
3260 ** gets integrated into the main loop as a tasklet instead of a process.
3261 */
3262 static void
post_post_garbage_hack(httpd_conn * hc)3263 post_post_garbage_hack( httpd_conn* hc )
3264 {
3265 char buf[2];
3266
3267 /* If we are in a sub-process, turn on no-delay mode in case we
3268 ** previously cleared it.
3269
3270 if ( sub_process )
3271 httpd_set_ndelay( hc->conn_fd );
3272 /* And read up to 2 bytes. */
3273 (void) read( hc->conn_fd, buf, sizeof(buf) );
3274 }
3275
3276
3277 /* This routine is used for parsed-header CGIs. The idea here is that the
3278 ** CGI can return special headers such as "Status:" and "Location:" which
3279 ** change the return status of the response. Since the return status has to
3280 ** be the very first line written out, we have to accumulate all the headers
3281 ** and check for the special ones before writing the status. Then we write
3282 ** out the saved headers and proceed to echo the rest of the response.
3283 */
3284 static void
cgi_interpose_output(httpd_conn * hc,int rfd)3285 cgi_interpose_output( httpd_conn* hc, int rfd )
3286 {
3287 int r;
3288 char buf[1024];
3289 size_t headers_size, headers_len;
3290 char* headers;
3291 char* br;
3292 int status;
3293 char* title;
3294 char* cp;
3295
3296 /* Make sure the connection is in blocking mode. It should already
3297 ** be blocking, but we might as well be sure.
3298 */
3299 httpd_clear_ndelay( hc->conn_fd );
3300
3301 /* Slurp in all headers. */
3302 headers_size = 0;
3303 httpd_realloc_str( &headers, &headers_size, 500 );
3304 headers_len = 0;
3305 for (;;)
3306 {
3307 r = read( rfd, buf, sizeof(buf) );
3308 if ( r < 0 && ( errno == EINTR || errno == EAGAIN ) )
3309 {
3310 sleep( 1 );
3311 continue;
3312 }
3313 if ( r <= 0 )
3314 {
3315 br = &(headers[headers_len]);
3316 break;
3317 }
3318 httpd_realloc_str( &headers, &headers_size, headers_len + r );
3319 (void) memmove( &(headers[headers_len]), buf, r );
3320 headers_len += r;
3321 headers[headers_len] = '\0';
3322 if ( ( br = strstr( headers, "\015\012\015\012" ) ) != (char*) 0 ||
3323 ( br = strstr( headers, "\012\012" ) ) != (char*) 0 )
3324 break;
3325 }
3326
3327 /* If there were no headers, bail. */
3328 if ( headers[0] == '\0' )
3329 return;
3330
3331 /* Figure out the status. Look for a Status: or Location: header;
3332 ** else if there's an HTTP header line, get it from there; else
3333 ** default to 200.
3334 */
3335 status = 200;
3336 if ( strncmp( headers, "HTTP/", 5 ) == 0 )
3337 {
3338 cp = headers;
3339 cp += strcspn( cp, " \t" );
3340 status = atoi( cp );
3341 }
3342 if ( ( cp = strstr( headers, "Location:" ) ) != (char*) 0 &&
3343 cp < br &&
3344 ( cp == headers || *(cp-1) == '\012' ) )
3345 status = 302;
3346 if ( ( cp = strstr( headers, "Status:" ) ) != (char*) 0 &&
3347 cp < br &&
3348 ( cp == headers || *(cp-1) == '\012' ) )
3349 {
3350 cp += 7;
3351 cp += strspn( cp, " \t" );
3352 status = atoi( cp );
3353 }
3354
3355 /* Write the status line. */
3356 switch ( status )
3357 {
3358 case 200: title = ok200title; break;
3359 case 302: title = err302title; break;
3360 case 304: title = err304title; break;
3361 case 400: title = httpd_err400title; break;
3362 #ifdef AUTH_FILE
3363 case 401: title = err401title; break;
3364 #endif /* AUTH_FILE */
3365 case 403: title = err403title; break;
3366 case 404: title = err404title; break;
3367 case 408: title = httpd_err408title; break;
3368 case 451: title = err451title; break;
3369 case 500: title = err500title; break;
3370 case 501: title = err501title; break;
3371 case 503: title = httpd_err503title; break;
3372 default: title = "Something"; break;
3373 }
3374 (void) my_snprintf( buf, sizeof(buf), "HTTP/1.0 %d %s\015\012", status, title );
3375 (void) httpd_write_fully( hc->conn_fd, buf, strlen( buf ) );
3376
3377 /* Write the saved headers. */
3378 (void) httpd_write_fully( hc->conn_fd, headers, headers_len );
3379
3380 /* Echo the rest of the output. */
3381 for (;;)
3382 {
3383 r = read( rfd, buf, sizeof(buf) );
3384 if ( r < 0 && ( errno == EINTR || errno == EAGAIN ) )
3385 {
3386 sleep( 1 );
3387 continue;
3388 }
3389 if ( r <= 0 )
3390 break;
3391 if ( httpd_write_fully( hc->conn_fd, buf, r ) != r )
3392 break;
3393 }
3394 shutdown( hc->conn_fd, SHUT_WR );
3395 }
3396
3397
3398 /* CGI child process. */
3399 static void
cgi_child(httpd_conn * hc)3400 cgi_child( httpd_conn* hc )
3401 {
3402 int r;
3403 char** argp;
3404 char** envp;
3405 char* binary;
3406 char* directory;
3407
3408 /* Unset close-on-exec flag for this socket. This actually shouldn't
3409 ** be necessary, according to POSIX a dup()'d file descriptor does
3410 ** *not* inherit the close-on-exec flag, its flag is always clear.
3411 ** However, Linux messes this up and does copy the flag to the
3412 ** dup()'d descriptor, so we have to clear it. This could be
3413 ** ifdeffed for Linux only.
3414 */
3415 (void) fcntl( hc->conn_fd, F_SETFD, 0 );
3416
3417 /* Close the syslog descriptor so that the CGI program can't
3418 ** mess with it. All other open descriptors should be either
3419 ** the listen socket(s), sockets from accept(), or the file-logging
3420 ** fd, and all of those are set to close-on-exec, so we don't
3421 ** have to close anything else.
3422 */
3423 closelog();
3424
3425 /* If the socket happens to be using one of the stdin/stdout/stderr
3426 ** descriptors, move it to another descriptor so that the dup2 calls
3427 ** below don't screw things up. We arbitrarily pick fd 3 - if there
3428 ** was already something on it, we clobber it, but that doesn't matter
3429 ** since at this point the only fd of interest is the connection.
3430 ** All others will be closed on exec.
3431 */
3432 if ( hc->conn_fd == STDIN_FILENO || hc->conn_fd == STDOUT_FILENO || hc->conn_fd == STDERR_FILENO )
3433 {
3434 int newfd = dup2( hc->conn_fd, STDERR_FILENO + 1 );
3435 if ( newfd >= 0 )
3436 hc->conn_fd = newfd;
3437 /* If the dup2 fails, shrug. We'll just take our chances.
3438 ** Shouldn't happen though.
3439 */
3440 }
3441
3442 /* Make the environment vector. */
3443 // envp = make_envp( hc );
3444
3445 /* Make the argument vector. */
3446 argp = make_argp( hc );
3447
3448 /* Set up stdin. For POSTs we may have to set up a pipe from an
3449 ** interposer process, depending on if we've read some of the data
3450 ** into our buffer.
3451 */
3452 if ( hc->method == METHOD_POST && hc->read_idx > hc->checked_idx )
3453 {
3454 int p[2];
3455
3456 if ( pipe( p ) < 0 )
3457 {
3458 // syslog( LOG_ERR, "pipe - %m" );
3459 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
3460 httpd_write_response( hc );
3461 exit( 1 );
3462 }
3463 r = fork( );
3464 if ( r < 0 )
3465 {
3466 // syslog( LOG_ERR, "fork - %m" );
3467 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
3468 httpd_write_response( hc );
3469 exit( 1 );
3470 }
3471 if ( r == 0 )
3472 {
3473 /* Interposer process. */
3474 // sub_process = 1;
3475 (void) close( p[0] );
3476 cgi_interpose_input( hc, p[1] );
3477 exit( 0 );
3478 }
3479 /* Need to schedule a kill for process r; but in the main process! */
3480 (void) close( p[1] );
3481 if ( p[0] != STDIN_FILENO )
3482 {
3483 (void) dup2( p[0], STDIN_FILENO );
3484 (void) close( p[0] );
3485 }
3486 }
3487 else
3488 {
3489 /* Otherwise, the request socket is stdin. */
3490 if ( hc->conn_fd != STDIN_FILENO )
3491 (void) dup2( hc->conn_fd, STDIN_FILENO );
3492 }
3493
3494 /* Set up stdout/stderr. If we're doing CGI header parsing,
3495 ** we need an output interposer too.
3496 */
3497 if ( strncmp( argp[0], "nph-", 4 ) != 0 && hc->mime_flag )
3498 {
3499 int p[2];
3500
3501 if ( pipe( p ) < 0 )
3502 {
3503 // syslog( LOG_ERR, "pipe - %m" );
3504 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
3505 httpd_write_response( hc );
3506 exit( 1 );
3507 }
3508 r = fork( );
3509 if ( r < 0 )
3510 {
3511 // syslog( LOG_ERR, "fork - %m" );
3512 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
3513 httpd_write_response( hc );
3514 exit( 1 );
3515 }
3516 if ( r == 0 )
3517 {
3518 /* Interposer process. */
3519 // sub_process = 1;
3520 (void) close( p[1] );
3521 cgi_interpose_output( hc, p[0] );
3522 exit( 0 );
3523 }
3524 /* Need to schedule a kill for process r; but in the main process! */
3525 (void) close( p[0] );
3526 if ( p[1] != STDOUT_FILENO )
3527 (void) dup2( p[1], STDOUT_FILENO );
3528 if ( p[1] != STDERR_FILENO )
3529 (void) dup2( p[1], STDERR_FILENO );
3530 if ( p[1] != STDOUT_FILENO && p[1] != STDERR_FILENO )
3531 (void) close( p[1] );
3532 }
3533 else
3534 {
3535 /* Otherwise, the request socket is stdout/stderr. */
3536 if ( hc->conn_fd != STDOUT_FILENO )
3537 (void) dup2( hc->conn_fd, STDOUT_FILENO );
3538 if ( hc->conn_fd != STDERR_FILENO )
3539 (void) dup2( hc->conn_fd, STDERR_FILENO );
3540 }
3541
3542 /* At this point we would like to set close-on-exec again for hc->conn_fd
3543 ** (see previous comments on Linux's broken behavior re: close-on-exec
3544 ** and dup.) Unfortunately there seems to be another Linux problem, or
3545 ** perhaps a different aspect of the same problem - if we do this
3546 ** close-on-exec in Linux, the socket stays open but stderr gets
3547 ** closed - the last fd duped from the socket. What a mess. So we'll
3548 ** just leave the socket as is, which under other OSs means an extra
3549 ** file descriptor gets passed to the child process. Since the child
3550 ** probably already has that file open via stdin stdout and/or stderr,
3551 ** this is not a problem.
3552 */
3553 /* (void) fcntl( hc->conn_fd, F_SETFD, 1 ); */
3554
3555 #ifdef CGI_NICE
3556 /* Set priority. */
3557 (void) nice( CGI_NICE );
3558 #endif /* CGI_NICE */
3559
3560 /* Split the program into directory and binary, so we can chdir()
3561 ** to the program's own directory. This isn't in the CGI 1.1
3562 ** spec, but it's what other HTTP servers do.
3563 */
3564 directory = strdup( hc->expnfilename );
3565 if ( directory == (char*) 0 )
3566 binary = hc->expnfilename; /* ignore errors */
3567 else
3568 {
3569 binary = strrchr( directory, '/' );
3570 if ( binary == (char*) 0 )
3571 binary = hc->expnfilename;
3572 else
3573 {
3574 *binary++ = '\0';
3575 (void) chdir( directory ); /* ignore errors */
3576 }
3577 }
3578
3579 /* Default behavior for SIGPIPE. */
3580 #ifdef HAVE_SIGSET
3581 (void) sigset( SIGPIPE, SIG_DFL );
3582 #else /* HAVE_SIGSET */
3583 (void) signal( SIGPIPE, SIG_DFL );
3584 #endif /* HAVE_SIGSET */
3585
3586 /* Run the program. */
3587 (void) execve( binary, argp, envp );
3588
3589 /* Something went wrong. */
3590 // syslog( LOG_ERR, "execve %.80s - %m", hc->expnfilename );
3591 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
3592 httpd_write_response( hc );
3593 _exit( 1 );
3594 }
3595
3596
3597 static int
cgi(httpd_conn * hc)3598 cgi( httpd_conn* hc )
3599 {
3600 int r;
3601 // ClientData client_data;
3602
3603 if ( hc->hs->cgi_limit != 0 && hc->hs->cgi_count >= hc->hs->cgi_limit )
3604 {
3605 httpd_send_err(
3606 hc, 503, httpd_err503title, "", httpd_err503form,
3607 hc->encodedurl );
3608 return -1;
3609 }
3610 ++hc->hs->cgi_count;
3611 httpd_clear_ndelay( hc->conn_fd );
3612 r = fork( );
3613 if ( r < 0 )
3614 {
3615 // syslog( LOG_ERR, "fork - %m" );
3616 httpd_send_err(
3617 hc, 500, err500title, "", err500form, hc->encodedurl );
3618 return -1;
3619 }
3620 if ( r == 0 )
3621 {
3622 /* Child process. */
3623 // sub_process = 1;
3624 httpd_unlisten( hc->hs );
3625 cgi_child( hc );
3626 }
3627
3628 /* Parent process. */
3629 // syslog( LOG_DEBUG, "spawned CGI process %d for file '%.200s'", r, hc->expnfilename );
3630 #ifdef CGI_TIMELIMIT
3631 /* Schedule a kill for the child process, in case it runs too long */
3632 client_data.i = r;
3633 if ( tmr_create( (struct timeval*) 0, cgi_kill, client_data, CGI_TIMELIMIT * 1000L, 0 ) == (Timer*) 0 )
3634 {
3635 // syslog( LOG_CRIT, "tmr_create(cgi_kill child) failed" );
3636 exit( 1 );
3637 }
3638 #endif /* CGI_TIMELIMIT */
3639 hc->status = 200;
3640 hc->bytes_sent = CGI_BYTECOUNT;
3641 hc->should_linger = 0;
3642
3643 return 0;
3644 }
3645
3646
3647 static int
really_start_request(httpd_conn * hc,struct timeval * nowP)3648 really_start_request( httpd_conn* hc, struct timeval* nowP )
3649 {
3650 /*static*/ char* indexname;
3651 /*static*/ size_t maxindexname = 0;
3652 //static const char* index_names[] = { INDEX_NAMES };
3653 //int i;
3654 #ifdef AUTH_FILE
3655 static char* dirname;
3656 static size_t maxdirname = 0;
3657 #endif /* AUTH_FILE */
3658 size_t expnlen, indxlen;
3659 char* cp;
3660 char* pi;
3661
3662 expnlen = strlen( hc->expnfilename );
3663
3664 /* Stat the file. */
3665 if ( stat( hc->expnfilename, &hc->sb ) < 0 )
3666 {
3667 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
3668 return -1;
3669 }
3670
3671 /* Is it world-readable or world-executable? We check explicitly instead
3672 ** of just trying to open it, so that no one ever gets surprised by
3673 ** a file that's not set world-readable and yet somehow is
3674 ** readable by the HTTP server and therefore the *whole* world.
3675 */
3676 if ( ! ( hc->sb.st_mode & ( S_IROTH /*| S_IXOTH*/ ) ) )
3677 {
3678 // syslog(
3679 // LOG_INFO,
3680 // "%.80s URL \"%.80s\" resolves to a non world-readable file",
3681 // httpd_ntoa( &hc->client_addr ), hc->encodedurl );
3682 httpd_send_err(
3683 hc, 403, err403title, "",
3684 ERROR_FORM( err403form, "The requested URL '%.80s' resolves to a file that is not world-readable.\n" ),
3685 hc->encodedurl );
3686 return -1;
3687 }
3688
3689 /* Is it a directory? */
3690 if ( S_ISDIR(hc->sb.st_mode) )
3691 {
3692 /* If there's pathinfo, it's just a non-existent file. */
3693 if ( hc->pathinfo[0] != '\0' )
3694 {
3695 char logString[27+B_PATH_NAME_LENGTH+1];
3696 sprintf(logString, "Error 404 File not found: %s\n", hc->decodedurl+1);
3697 poorman_log(logString, true, &hc->client_addr, RED);
3698 httpd_send_err( hc, 404, err404title, "", err404form, hc->encodedurl );
3699 return -1;
3700 }
3701
3702 /* Special handling for directory URLs that don't end in a slash.
3703 ** We send back an explicit redirect with the slash, because
3704 ** otherwise many clients can't build relative URLs properly.
3705 */
3706 if ( strcmp( hc->origfilename, "" ) != 0 &&
3707 strcmp( hc->origfilename, "." ) != 0 &&
3708 hc->origfilename[strlen( hc->origfilename ) - 1] != '/' )
3709 {
3710 send_dirredirect( hc );
3711 return -1;
3712 }
3713
3714 /* Check for an index file. */
3715 if(pthread_rwlock_rdlock(get_index_name_lock()) == 0){
3716 httpd_realloc_str(
3717 &indexname, &maxindexname,
3718 expnlen + 1 + strlen( /*index_names[i]*/hc->hs->index_name ) );
3719 (void) strcpy( indexname, hc->expnfilename );
3720 indxlen = strlen( indexname );
3721 if ( indxlen == 0 || indexname[indxlen - 1] != '/' )
3722 (void) strcat( indexname, "/" );
3723 if ( strcmp( indexname, "./" ) == 0 )
3724 indexname[0] = '\0';
3725 (void) strcat( indexname, /*index_names[i]*/hc->hs->index_name );
3726 pthread_rwlock_unlock(get_index_name_lock());
3727 }
3728 else{
3729 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
3730 return -1;
3731 }
3732 if ( stat( indexname, &hc->sb ) >= 0 )
3733 goto got_one;
3734
3735 free(indexname);
3736 /* Nope, no index file, so it's an actual directory request. */
3737 #ifdef GENERATE_INDEXES
3738 if(hc->hs->do_list_dir){
3739 /* Directories must be readable for indexing. */
3740 if ( ! ( hc->sb.st_mode & S_IROTH ) )
3741 {
3742 // syslog(
3743 // LOG_INFO,
3744 // "%.80s URL \"%.80s\" tried to index a directory with indexing disabled",
3745 // httpd_ntoa( &hc->client_addr ), hc->encodedurl );
3746 httpd_send_err(
3747 hc, 403, err403title, "",
3748 ERROR_FORM( err403form, "The requested URL '%.80s' resolves to a directory that has indexing disabled.\n" ),
3749 hc->encodedurl );
3750 return -1;
3751 }
3752 #ifdef AUTH_FILE
3753 /* Check authorization for this directory. */
3754 if ( auth_check( hc, hc->expnfilename ) == -1 )
3755 return -1;
3756 #endif /* AUTH_FILE */
3757 /* Referrer check. */
3758 if ( ! check_referrer( hc ) )
3759 return -1;
3760 /* Ok, generate an index. */
3761 return ls( hc );
3762 //#else /* GENERATE_INDEXES */
3763 } else {
3764 // syslog(
3765 // LOG_INFO, "%.80s URL \"%.80s\" tried to index a directory",
3766 // httpd_ntoa( &hc->client_addr ), hc->encodedurl );
3767 httpd_send_err(
3768 hc, 403, err403title, "",
3769 ERROR_FORM( err403form, "The requested URL '%.80s' is a directory, and directory indexing is disabled on this server.\n" ),
3770 hc->encodedurl );
3771 return -1;
3772 }
3773 #endif /* GENERATE_INDEXES */
3774
3775 got_one: ;
3776 /* Got an index file. Expand symlinks again. More pathinfo means
3777 ** something went wrong.
3778 */
3779 cp = expand_symlinks( indexname, &pi, hc->hs->no_symlink_check, hc->tildemapped );
3780 if ( cp == (char*) 0 || pi[0] != '\0' )
3781 {
3782 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
3783 return -1;
3784 }
3785 expnlen = strlen( cp );
3786 httpd_realloc_str( &hc->expnfilename, &hc->maxexpnfilename, expnlen );
3787 (void) strcpy( hc->expnfilename, cp );
3788
3789 /* Now, is the index version world-readable or world-executable? */
3790 if ( ! ( hc->sb.st_mode & ( S_IROTH | S_IXOTH ) ) )
3791 {
3792 // syslog(
3793 // LOG_INFO,
3794 // "%.80s URL \"%.80s\" resolves to a non-world-readable index file",
3795 // httpd_ntoa( &hc->client_addr ), hc->encodedurl );
3796 httpd_send_err(
3797 hc, 403, err403title, "",
3798 ERROR_FORM( err403form, "The requested URL '%.80s' resolves to an index file that is not world-readable.\n" ),
3799 hc->encodedurl );
3800 return -1;
3801 }
3802 }
3803
3804 #ifdef AUTH_FILE
3805 /* Check authorization for this directory. */
3806 httpd_realloc_str( &dirname, &maxdirname, expnlen );
3807 (void) strcpy( dirname, hc->expnfilename );
3808 cp = strrchr( dirname, '/' );
3809 if ( cp == (char*) 0 )
3810 (void) strcpy( dirname, "." );
3811 else
3812 *cp = '\0';
3813 if ( auth_check( hc, dirname ) == -1 )
3814 return -1;
3815
3816 /* Check if the filename is the AUTH_FILE itself - that's verboten. */
3817 if ( expnlen == sizeof(AUTH_FILE) - 1 )
3818 {
3819 if ( strcmp( hc->expnfilename, AUTH_FILE ) == 0 )
3820 {
3821 // syslog(
3822 // LOG_NOTICE,
3823 // "%.80s URL \"%.80s\" tried to retrieve an auth file",
3824 // httpd_ntoa( &hc->client_addr ), hc->encodedurl );
3825 httpd_send_err(
3826 hc, 403, err403title, "",
3827 ERROR_FORM( err403form, "The requested URL '%.80s' is an authorization file, retrieving it is not permitted.\n" ),
3828 hc->encodedurl );
3829 return -1;
3830 }
3831 }
3832 else if ( expnlen >= sizeof(AUTH_FILE) &&
3833 strcmp( &(hc->expnfilename[expnlen - sizeof(AUTH_FILE) + 1]), AUTH_FILE ) == 0 &&
3834 hc->expnfilename[expnlen - sizeof(AUTH_FILE)] == '/' )
3835 {
3836 // syslog(
3837 // LOG_NOTICE,
3838 // "%.80s URL \"%.80s\" tried to retrieve an auth file",
3839 // httpd_ntoa( &hc->client_addr ), hc->encodedurl );
3840 httpd_send_err(
3841 hc, 403, err403title, "",
3842 ERROR_FORM( err403form, "The requested URL '%.80s' is an authorization file, retrieving it is not permitted.\n" ),
3843 hc->encodedurl );
3844 return -1;
3845 }
3846 #endif /* AUTH_FILE */
3847
3848 /* Referrer check. */
3849 if ( ! check_referrer( hc ) )
3850 return -1;
3851
3852 /* Is it world-executable and in the CGI area? */
3853 /*if ( hc->hs->cgi_pattern != (char*) 0 &&
3854 ( hc->sb.st_mode & S_IXOTH ) &&
3855 match( hc->hs->cgi_pattern, hc->expnfilename ) )
3856 return cgi( hc );*/
3857
3858 /* It's not CGI. If it's executable or there's pathinfo, someone's
3859 ** trying to either serve or run a non-CGI file as CGI. Either case
3860 ** is prohibited.
3861 */
3862 /*if ( hc->sb.st_mode & S_IXOTH )
3863 {
3864 syslog(
3865 LOG_NOTICE, "%.80s URL \"%.80s\" is executable but isn't CGI",
3866 httpd_ntoa( &hc->client_addr ), hc->encodedurl );
3867 httpd_send_err(
3868 hc, 403, err403title, "",
3869 ERROR_FORM( err403form, "The requested URL '%.80s' resolves to a file which is marked executable but is not a CGI file; retrieving it is forbidden.\n" ),
3870 hc->encodedurl );
3871 return -1;
3872 }*/
3873 if ( hc->pathinfo[0] != '\0' )
3874 {
3875 // syslog(
3876 // LOG_INFO, "%.80s URL \"%.80s\" has pathinfo but isn't CGI",
3877 // httpd_ntoa( &hc->client_addr ), hc->encodedurl );
3878 httpd_send_err(
3879 hc, 403, err403title, "",
3880 ERROR_FORM( err403form, "The requested URL '%.80s' resolves to a file plus CGI-style pathinfo, but the file is not a valid CGI file.\n" ),
3881 hc->encodedurl );
3882 return -1;
3883 }
3884
3885 if ( hc->method != METHOD_GET && hc->method != METHOD_HEAD )
3886 {
3887 httpd_send_err(
3888 hc, 501, err501title, "", err501form, httpd_method_str( hc->method ) );
3889 return -1;
3890 }
3891
3892 /* Fill in last_byte_index, if necessary. */
3893 if ( hc->got_range &&
3894 ( hc->last_byte_index == -1 || hc->last_byte_index >= hc->sb.st_size ) )
3895 hc->last_byte_index = hc->sb.st_size - 1;
3896
3897 figure_mime( hc );
3898
3899 if ( hc->method == METHOD_HEAD )
3900 {
3901 send_mime(
3902 hc, 200, ok200title, hc->encodings, "", hc->type, hc->sb.st_size,
3903 hc->sb.st_mtime );
3904 }
3905 else if ( hc->if_modified_since != (time_t) -1 &&
3906 hc->if_modified_since >= hc->sb.st_mtime )
3907 {
3908 send_mime(
3909 hc, 304, err304title, hc->encodings, "", hc->type, (off_t) -1,
3910 hc->sb.st_mtime );
3911 }
3912 else
3913 {
3914 /* hc->file_address = mmc_map( hc->expnfilename, &(hc->sb), nowP );
3915 if ( hc->file_address == (char*) 0 )
3916 {
3917 httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl );
3918 return -1;
3919 }*/
3920 send_mime(
3921 hc, 200, ok200title, hc->encodings, "", hc->type, hc->sb.st_size,
3922 hc->sb.st_mtime );
3923 }
3924
3925 return 0;
3926 }
3927
3928
3929 int
httpd_start_request(httpd_conn * hc,struct timeval * nowP)3930 httpd_start_request( httpd_conn* hc, struct timeval* nowP )
3931 {
3932 int r;
3933
3934 /* Really start the request. */
3935 r = really_start_request( hc, nowP );
3936
3937 /* And return the status. */
3938 return r;
3939 }
3940
3941
3942 static void
make_log_entry(httpd_conn * hc,struct timeval * nowP)3943 make_log_entry( httpd_conn* hc, struct timeval* nowP )
3944 {
3945 char* ru;
3946 char url[305];
3947 char bytes[40];
3948
3949 if ( hc->hs->no_log )
3950 return;
3951
3952 /* This is straight CERN Combined Log Format - the only tweak
3953 ** being that if we're using syslog() we leave out the date, because
3954 ** syslogd puts it in. The included syslogtocern script turns the
3955 ** results into true CERN format.
3956 */
3957
3958 /* Format remote user. */
3959 if ( hc->remoteuser[0] != '\0' )
3960 ru = hc->remoteuser;
3961 else
3962 ru = "-";
3963 /* If we're vhosting, prepend the hostname to the url. This is
3964 ** a little weird, perhaps writing separate log files for
3965 ** each vhost would make more sense.
3966 */
3967 if ( hc->hs->vhost && ! hc->tildemapped )
3968 (void) my_snprintf( url, sizeof(url),
3969 "/%.100s%.200s",
3970 hc->hostname == (char*) 0 ? hc->hs->server_hostname : hc->hostname,
3971 hc->encodedurl );
3972 else
3973 (void) my_snprintf( url, sizeof(url),
3974 "%.200s", hc->encodedurl );
3975 /* Format the bytes. */
3976 if ( hc->bytes_sent >= 0 )
3977 (void) my_snprintf(
3978 bytes, sizeof(bytes), "%lld", (long long) hc->bytes_sent );
3979 else
3980 (void) strcpy( bytes, "-" );
3981
3982 /* Logfile or syslog? */
3983 if ( hc->hs->logfp != (FILE*) 0 )
3984 {
3985 time_t now;
3986 struct tm* t;
3987 const char* cernfmt_nozone = "%d/%b/%Y:%H:%M:%S";
3988 char date_nozone[100];
3989 int zone;
3990 char sign;
3991 char date[100];
3992
3993 /* Get the current time, if necessary. */
3994 if ( nowP != (struct timeval*) 0 )
3995 now = nowP->tv_sec;
3996 else
3997 now = time( (time_t*) 0 );
3998 /* Format the time, forcing a numeric timezone (some log analyzers
3999 ** are stoooopid about this).
4000 */
4001 t = localtime( &now );
4002 (void) strftime( date_nozone, sizeof(date_nozone), cernfmt_nozone, t );
4003 #ifdef HAVE_TM_GMTOFF
4004 zone = t->tm_gmtoff / 60L;
4005 #else
4006 zone = -timezone / 60L;
4007 /* Probably have to add something about daylight time here. */
4008 #endif
4009 if ( zone >= 0 )
4010 sign = '+';
4011 else
4012 {
4013 sign = '-';
4014 zone = -zone;
4015 }
4016 zone = ( zone / 60 ) * 100 + zone % 60;
4017 (void) my_snprintf( date, sizeof(date),
4018 "%s %c%04d", date_nozone, sign, zone );
4019 /* And write the log entry. */
4020 (void) fprintf( hc->hs->logfp,
4021 "%.80s - %.80s [%s] \"%.80s %.300s %.80s\" %d %s \"%.200s\" \"%.200s\"\n",
4022 httpd_ntoa( &hc->client_addr ), ru, date,
4023 httpd_method_str( hc->method ), url, hc->protocol,
4024 hc->status, bytes, hc->referrer, hc->useragent );
4025 #ifdef FLUSH_LOG_EVERY_TIME
4026 (void) fflush( hc->hs->logfp );
4027 #endif
4028 }
4029 else
4030 /*syslog( LOG_INFO,
4031 "%.80s - %.80s \"%.80s %.200s %.80s\" %d %s \"%.200s\" \"%.200s\"",
4032 httpd_ntoa( &hc->client_addr ), ru,
4033 httpd_method_str( hc->method ), url, hc->protocol,
4034 hc->status, bytes, hc->referrer, hc->useragent )*/;
4035 }
4036
4037
4038 /* Returns 1 if ok to serve the url, 0 if not. */
4039 static int
check_referrer(httpd_conn * hc)4040 check_referrer( httpd_conn* hc )
4041 {
4042 int r;
4043 char* cp;
4044
4045 /* Are we doing referrer checking at all? */
4046 if ( hc->hs->url_pattern == (char*) 0 )
4047 return 1;
4048
4049 r = really_check_referrer( hc );
4050
4051 if ( ! r )
4052 {
4053 if ( hc->hs->vhost && hc->hostname != (char*) 0 )
4054 cp = hc->hostname;
4055 else
4056 cp = hc->hs->server_hostname;
4057 if ( cp == (char*) 0 )
4058 cp = "";
4059 // syslog(
4060 // LOG_INFO, "%.80s non-local referrer \"%.80s%.80s\" \"%.80s\"",
4061 // httpd_ntoa( &hc->client_addr ), cp, hc->encodedurl, hc->referrer );
4062 httpd_send_err(
4063 hc, 403, err403title, "",
4064 ERROR_FORM( err403form, "You must supply a local referrer to get URL '%.80s' from this server.\n" ),
4065 hc->encodedurl );
4066 }
4067 return r;
4068 }
4069
4070
4071 /* Returns 1 if ok to serve the url, 0 if not. */
4072 static int
really_check_referrer(httpd_conn * hc)4073 really_check_referrer( httpd_conn* hc )
4074 {
4075 httpd_server* hs;
4076 char* cp1;
4077 char* cp2;
4078 char* cp3;
4079 /*static*/char* refhost = (char*) 0;
4080 /*static*/size_t refhost_size = 0;
4081 char *lp;
4082
4083 hs = hc->hs;
4084
4085 /* Check for an empty referrer. */
4086 if ( hc->referrer == (char*) 0 || hc->referrer[0] == '\0' ||
4087 ( cp1 = strstr( hc->referrer, "//" ) ) == (char*) 0 )
4088 {
4089 /* Disallow if we require a referrer and the url matches. */
4090 if ( hs->no_empty_referrers && match( hs->url_pattern, hc->origfilename ) )
4091 return 0;
4092 /* Otherwise ok. */
4093 return 1;
4094 }
4095
4096 /* Extract referrer host. */
4097 cp1 += 2;
4098 for ( cp2 = cp1; *cp2 != '/' && *cp2 != ':' && *cp2 != '\0'; ++cp2 )
4099 continue;
4100 httpd_realloc_str( &refhost, &refhost_size, cp2 - cp1 );
4101 for ( cp3 = refhost; cp1 < cp2; ++cp1, ++cp3 )
4102 if ( isupper(*cp1) )
4103 *cp3 = tolower(*cp1);
4104 else
4105 *cp3 = *cp1;
4106 *cp3 = '\0';
4107
4108 /* Local pattern? */
4109 if ( hs->local_pattern != (char*) 0 )
4110 lp = hs->local_pattern;
4111 else
4112 {
4113 /* No local pattern. What's our hostname? */
4114 if ( ! hs->vhost )
4115 {
4116 /* Not vhosting, use the server name. */
4117 lp = hs->server_hostname;
4118 if ( lp == (char*) 0 )
4119 /* Couldn't figure out local hostname - give up. */
4120 return 1;
4121 }
4122 else
4123 {
4124 /* We are vhosting, use the hostname on this connection. */
4125 lp = hc->hostname;
4126 if ( lp == (char*) 0 )
4127 /* Oops, no hostname. Maybe it's an old browser that
4128 ** doesn't send a Host: header. We could figure out
4129 ** the default hostname for this IP address, but it's
4130 ** not worth it for the few requests like this.
4131 */
4132 return 1;
4133 }
4134 }
4135
4136 /* If the referrer host doesn't match the local host pattern, and
4137 ** the filename does match the url pattern, it's an illegal reference.
4138 */
4139 if ( ! match( lp, refhost ) && match( hs->url_pattern, hc->origfilename ) )
4140 return 0;
4141 /* Otherwise ok. */
4142 return 1;
4143 }
4144
4145
4146 char*
httpd_ntoa(httpd_sockaddr * saP)4147 httpd_ntoa( httpd_sockaddr* saP )
4148 {
4149 #ifdef USE_IPV6
4150 static char str[200];
4151
4152 if ( getnameinfo( &saP->sa, sockaddr_len( saP ), str, sizeof(str), 0, 0, NI_NUMERICHOST ) != 0 )
4153 {
4154 str[0] = '?';
4155 str[1] = '\0';
4156 }
4157 else if ( IN6_IS_ADDR_V4MAPPED( &saP->sa_in6.sin6_addr ) && strncmp( str, "::ffff:", 7 ) == 0 )
4158 /* Elide IPv6ish prefix for IPv4 addresses. */
4159 (void) ol_strcpy( str, &str[7] );
4160
4161 return str;
4162
4163 #else /* USE_IPV6 */
4164
4165 return inet_ntoa( saP->sa_in.sin_addr );
4166
4167 #endif /* USE_IPV6 */
4168 }
4169
4170
4171 static int
sockaddr_check(httpd_sockaddr * saP)4172 sockaddr_check( httpd_sockaddr* saP )
4173 {
4174 switch ( saP->sa.sa_family )
4175 {
4176 case AF_INET: return 1;
4177 #ifdef USE_IPV6
4178 case AF_INET6: return 1;
4179 #endif /* USE_IPV6 */
4180 default:
4181 return 0;
4182 }
4183 }
4184
4185
4186 static size_t
sockaddr_len(httpd_sockaddr * saP)4187 sockaddr_len( httpd_sockaddr* saP )
4188 {
4189 switch ( saP->sa.sa_family )
4190 {
4191 case AF_INET: return sizeof(struct sockaddr_in);
4192 #ifdef USE_IPV6
4193 case AF_INET6: return sizeof(struct sockaddr_in6);
4194 #endif /* USE_IPV6 */
4195 default:
4196 return 0; /* shouldn't happen */
4197 }
4198 }
4199
4200
4201 /* Some systems don't have snprintf(), so we make our own that uses
4202 ** either vsnprintf() or vsprintf(). If your system doesn't have
4203 ** vsnprintf(), it is probably vulnerable to buffer overruns.
4204 ** Upgrade!
4205 */
4206 static int
my_snprintf(char * str,size_t size,const char * format,...)4207 my_snprintf( char* str, size_t size, const char* format, ... )
4208 {
4209 va_list ap;
4210 int r;
4211
4212 va_start( ap, format );
4213 #ifdef HAVE_VSNPRINTF
4214 r = vsnprintf( str, size, format, ap );
4215 #else /* HAVE_VSNPRINTF */
4216 r = vsprintf( str, format, ap );
4217 #endif /* HAVE_VSNPRINTF */
4218 va_end( ap );
4219 return r;
4220 }
4221
4222
4223 #ifndef HAVE_ATOLL
4224 static long long
atoll(const char * str)4225 atoll( const char* str )
4226 {
4227 long long value;
4228 long long sign;
4229
4230 while ( isspace( *str ) )
4231 ++str;
4232 switch ( *str )
4233 {
4234 case '-': sign = -1; ++str; break;
4235 case '+': sign = 1; ++str; break;
4236 default: sign = 1; break;
4237 }
4238 value = 0;
4239 while ( isdigit( *str ) )
4240 {
4241 value = value * 10 + ( *str - '0' );
4242 ++str;
4243 }
4244 return sign * value;
4245 }
4246 #endif /* HAVE_ATOLL */
4247
4248
4249 /* Read the requested buffer completely, accounting for interruptions. */
4250 int
httpd_read_fully(int fd,void * buf,size_t nbytes)4251 httpd_read_fully( int fd, void* buf, size_t nbytes )
4252 {
4253 int nread;
4254
4255 nread = 0;
4256 while ( nread < nbytes )
4257 {
4258 int r;
4259
4260 r = read( fd, (char*) buf + nread, nbytes - nread );
4261 if ( r < 0 && ( errno == EINTR || errno == EAGAIN ) )
4262 {
4263 sleep( 1 );
4264 continue;
4265 }
4266 if ( r < 0 )
4267 return r;
4268 if ( r == 0 )
4269 break;
4270 nread += r;
4271 }
4272
4273 return nread;
4274 }
4275
4276
4277 /* Write the requested buffer completely, accounting for interruptions. */
4278 int
httpd_write_fully(int fd,const char * buf,size_t nbytes)4279 httpd_write_fully( int fd, const char* buf, size_t nbytes )
4280 {
4281 int nwritten;
4282
4283 nwritten = 0;
4284 while ( nwritten < nbytes )
4285 {
4286 int r;
4287
4288 r = write( fd, buf + nwritten, nbytes - nwritten );
4289 if ( r < 0 && ( errno == EINTR || errno == EAGAIN ) )
4290 {
4291 sleep( 1 );
4292 continue;
4293 }
4294 if ( r < 0 )
4295 return r;
4296 if ( r == 0 )
4297 break;
4298 nwritten += r;
4299 }
4300
4301 return nwritten;
4302 }
4303
4304
4305 /* Generate debugging statistics syslog message. */
4306 void
httpd_logstats(long secs)4307 httpd_logstats( long secs )
4308 {
4309 if ( str_alloc_count > 0 )
4310 /*syslog( LOG_NOTICE,
4311 " libhttpd - %d strings allocated, %lu bytes (%g bytes/str)",
4312 str_alloc_count, (unsigned long) str_alloc_size,
4313 (float) str_alloc_size / str_alloc_count )*/;
4314 }
4315