From 93e34db926b0c33d1ce3f92d03fec1e623d882e1 Mon Sep 17 00:00:00 2001 From: patacongo Date: Sun, 12 Jul 2009 16:45:27 +0000 Subject: [PATCH] Add libhttpd.c git-svn-id: svn://svn.code.sf.net/p/nuttx/code/trunk@1978 42af7a65-404d-4744-a932-0658087f49c3 --- netutils/thttpd/Makefile | 2 +- netutils/thttpd/config.h | 194 ++ netutils/thttpd/libhttpd.c | 4361 ++++++++++++++++++++++++++++++++++++ netutils/thttpd/libhttpd.h | 32 +- netutils/thttpd/thttpd.c | 26 +- netutils/thttpd/version.h | 50 - 6 files changed, 4564 insertions(+), 101 deletions(-) create mode 100644 netutils/thttpd/config.h create mode 100644 netutils/thttpd/libhttpd.c delete mode 100644 netutils/thttpd/version.h diff --git a/netutils/thttpd/Makefile b/netutils/thttpd/Makefile index 37825c2cc4..b6f713d226 100644 --- a/netutils/thttpd/Makefile +++ b/netutils/thttpd/Makefile @@ -42,7 +42,7 @@ SUBDIRS = cgi-src ASRCS = AOBJS = $(ASRCS:.S=$(OBJEXT)) -CSRCS = thttpd.c +CSRCS = thttpd.c libhttpd.c COBJS = $(CSRCS:.c=$(OBJEXT)) SRCS = $(ASRCS) $(CSRCS) diff --git a/netutils/thttpd/config.h b/netutils/thttpd/config.h new file mode 100644 index 0000000000..9b61f4d9b3 --- /dev/null +++ b/netutils/thttpd/config.h @@ -0,0 +1,194 @@ +/**************************************************************************** + * netutils/thttpd/config.h + * + * Copyright (C) 2009 Gregory Nutt. All rights reserved. + * Author: Gregory Nutt + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * 3. Neither the name NuttX nor the names of its contributors may be + * used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + ****************************************************************************/ + +#ifndef __NETUTILS_THTTPD_VERSION_H +#define __NETUTILS_THTTPD_VERSION_H + +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +/* Make sure that the system is configured to handle THTTPD */ + +#undef CONFIG_THTTPD +#if defined(CONFIG_NET) && defined(CONFIG_NET_TCP) && defined(CONFIG_NET_TCPBACKLOG) +# define CONFIG_THTTPD +#else +# warning "THTTPD not built because dependenciesnot selected in configuration" +#endif + +#if !defined(CONFIG_NET_NTCP_READAHEAD_BUFFERS) || CONFIG_NET_NTCP_READAHEAD_BUFFERS < 1 +# warning "CONFIG_NET_NTCP_READAHEAD_BUFFERS > 0 is recommended" +#endif + +/* Check all THTTPD configuration settings. Complain on any that should have + * been defined but were not. Supply some kind of reasonable value for all + * undefined settings. + */ + +/* Server port number */ + +#ifndef CONFIG_THTTPD_PORT +# define CONFIG_THTTPD_PORT 80 +#endif + +/* Server IP address (no host name) */ + +#ifndef CONFIG_THTTPD_IPADDR +# warning "CONFIG_THTTPD_IPADDR not defined" +# define CONFIG_THTTPD_IPADDR (10<<24|0<<16|0<<8|2) +#endif + +/* SERVER_ADDRESS: response */ + +#ifndef CONFIG_THTTPD_SERVER_ADDRESS +# define CONFIG_THTTPD_SERVER_ADDRESS "http://www.nuttx.org" +#endif + +/* SERVER_SOFTWARE: response */ + +#ifndef CONFIG_THTTPD_SERVER_SOFTWARE +# define CONFIG_THTTPD_SERVER_SOFTWARE "thttpd/2.25b 29dec2003-NuttX" +#endif + +#ifndef CONFIG_THTTPD_CGI_PATH +# warning "CONFIG_THTTPD_CGI_PATH not defined" +# define CONFIG_THTTPD_CGI_PATH "/mnt/www/cgi-bin" +#endif + +/* Only CGI programs matching this pattern will be executed. In fact, + * if this value is not defined then no CGI logic will be built. + */ + +#ifndef CONFIG_THTTPD_CGI_PATTERN +# define CONFIG_THTTPD_CGI_PATTERN "/cgi-bin/*" +#endif + +/* Byte output limit for CGI tasks */ + +#ifndef CONFIG_THTTPD_CGI_BYTECOUNT +# define CONFIG_THTTPD_CGI_BYTECOUNT 200000 +#endif + +/* How many seconds to allow CGI programs to run before killing them. */ + +#ifndef CONFIG_THTTPD_CGI_TIMELIMIT +# define CONFIG_THTTPD_CGI_TIMELIMIT 0 /* No time limit */ +#endif + +/* The default character set name to use with text MIME types. */ + +#ifndef CONFIG_THTTPD_CHARSET +# define CONFIG_THTTPD_CHARSET "iso-8859-1" +#endif + +#ifndef CONFIG_THTTPD_IOBUFFERSIZE +# define CONFIG_THTTPD_IOBUFFERSIZE 256 +#endif + +#if CONFIG_THTTPD_IOBUFFERSIZE > 65535 +# error "Can't use uint16 for buffer" +#endif + +/* A list of index filenames to check. The files are searched for in this order. */ + +#ifndef CONFIG_THTTPD_INDEX_NAMES +# define CONFIG_THTTPD_INDEX_NAMES "index.html", "index.htm", "index.cgi" +#endif + +/* CONFIG_AUTH_FILE - The file to use for authentication. If this is defined then + * thttpd checks for this file in the local directory before every fetch. If the + * file exists then authentication is done, otherwise the fetch proceeds as usual. + * If you leave this undefined then thttpd will not implement authentication at + * all and will not check for auth files, which saves a bit of CPU time. + * A typical value is ".htpasswd" + */ + +/* The listen() backlog queue length. */ + +#ifndef CONFIG_THTTPD_LISTEN_BACKLOG +# define CONFIG_THTTPD_LISTEN_BACKLOG 8 +#endif + +/* How many milliseconds to leave a connection open while doing a lingering close */ + +#ifndef CONFIG_THTTPD_LINGER_MSEC +# define CONFIG_THTTPD_LINGER_MSEC 500 +#endif + +/* How often to run the occasional cleanup job.*/ + +#ifndef CONFIG_THTTPD_OCCASIONAL_MSEC +# define CONFIG_THTTPD_OCCASIONAL_MSEC 120 /* Two minutes */ +#endif + +/* How many seconds to allow for reading the initial request on a new connection. */ + +#ifndef CONFIG_THTTPD_IDLE_READ_LIMIT_SEC +# define CONFIG_THTTPD_IDLE_READ_LIMIT_SEC 300 +#endif + +/* How many seconds before an idle connection gets closed. */ + +#ifndef CONFIG_THTTPD_IDLE_SEND_LIMIT_SEC +# define CONFIG_THTTPD_IDLE_SEND_LIMIT_SEC 300 +#endif + +/* Tilde mapping. Many URLs use ~username to indicate a user's home directory. thttpd + * provides two options for mapping this construct to an actual filename. + * + * 1) Map ~username to /username. This is the recommended choice. Each user + * gets a subdirectory in the main web tree, and the tilde construct points there. + * The prefix could be something like "users", or it could be empty. + * 2) Map ~username to /. The postfix would be the name of + * a subdirectory off of the user's actual home dir, something like "public_html". + * + * You can also leave both options undefined, and thttpd will not do anything special + * about tildes. Enabling both options is an error. + * + * Typical values, if they're defined, are "users" for TILDE_MAP_1 and "public_html" + * for TILDE_MAP_2. + */ + +#if defined(TILDE_MAP_1) && defined(TILDE_MAP_2) +# error "Both TILDE_MAP_1 and TILDE_MAP_2 are defined" +#endif + +/* If CONFIG_THTTPD_URLPATTERN is not defined, then it will be used to match and verify + * referrers. + */ + +#endif /* __NETUTILS_THTTPD_VERSION_H */ + diff --git a/netutils/thttpd/libhttpd.c b/netutils/thttpd/libhttpd.c new file mode 100644 index 0000000000..f6db22ca80 --- /dev/null +++ b/netutils/thttpd/libhttpd.c @@ -0,0 +1,4361 @@ +/**************************************************************************** + * netutils/thttpd/libhttpd.c + * HTTP Protocol Library + * + * Copyright (C) 2009 Gregory Nutt. All rights reserved. + * Author: Gregory Nutt + * + * Derived from the file of the same name in the original THTTPD package: + * + * Copyright © 1995,1998,1999,2000,2001 by Jef Poskanzer . + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + ****************************************************************************/ + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "config.h" +#include "libhttpd.h" +#include "timers.h" +#include "tdate_parse.h" + +#ifdef CONFIG_THTTPD + +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +#ifndef STDIN_FILENO +# define STDIN_FILENO 0 +#endif +#ifndef STDOUT_FILENO +# define STDOUT_FILENO 1 +#endif +#ifndef STDERR_FILENO +# define STDERR_FILENO 2 +#endif + +#define NAMLEN(dirent) strlen((dirent)->d_name) + +extern char *crypt(const char *key, const char *setting); + +#ifndef MAX +# define MAX(a,b) ((a) > (b) ? (a) : (b)) +#endif + +#ifndef MIN +# define MIN(a,b) ((a) < (b) ? (a) : (b)) +#endif + +/* Conditional macro to allow two alternate forms for use in the built-in + * error pages. If EXPLICIT_ERROR_PAGES is defined, the second and more + * explicit error form is used; otherwise, the first and more generic + * form is used. + */ + +#ifdef EXPLICIT_ERROR_PAGES +# define ERROR_FORM(a,b) b +#else +# define ERROR_FORM(a,b) a +#endif + +/**************************************************************************** + * Private Function Prototypes + ****************************************************************************/ + +static void free_httpd_server(httpd_server *hs); +static int initialize_listen_socket(httpd_sockaddr *saP); +static void add_response(httpd_conn * hc, char *str); +static void send_mime(httpd_conn * hc, int status, char *title, char *encodings, + char *extraheads, char *type, off_t length, time_t mod); +static void send_response(httpd_conn * hc, int status, char *title, + char *extraheads, char *form, char *arg); +static void send_response_tail(httpd_conn * hc); +static void defang(char *str, char *dfstr, int dfsize); +#ifdef CONFIG_THTTPD_ERROR_DIRECTORY +static int send_err_file(httpd_conn * hc, int status, char *title, + char *extraheads, char *filename); +#endif +#ifdef CONFIG_THTTPD_AUTH_FILE +static void send_authenticate(httpd_conn * hc, char *realm); +static int b64_decode(const char *str, unsigned char *space, int size); +static int auth_check(httpd_conn * hc, char *dirname); +static int auth_check2(httpd_conn * hc, char *dirname); +#endif +static void send_dirredirect(httpd_conn * hc); +static int hexit(char c); +static void strdecode(char *to, char *from); +#ifdef GENERATE_INDEXES +static void strencode(char *to, int tosize, char *from); +#endif +#ifdef TILDE_MAP_1 +static int tilde_map_1(httpd_conn * hc); +#endif +#ifdef TILDE_MAP_2 +static int tilde_map_2(httpd_conn * hc); +#endif +#ifdef CONFIG_THTTPD_VHOST +static int vhost_map(httpd_conn * hc); +#endif +static char *expand_filename(char *path, char **restP, boolean tildemapped); +static char *bufgets(httpd_conn * hc); +static void de_dotdot(char *file); +static void init_mime(void); +static void figure_mime(httpd_conn * hc); +#if CONFIG_THTTPD_CGI_TIMELIMIT > 0 +static void cgi_kill2(ClientData client_data, struct timeval *nowP); +static void cgi_kill(ClientData client_data, struct timeval *nowP); +#endif +#ifdef GENERATE_INDEXES +static int ls(httpd_conn * hc); +#endif +#ifdef SERVER_NAME_LIST +static char *hostname_map(char *hostname); +#endif + +/* CGI Support */ + +#ifdef CONFIG_THTTPD_CGI_PATTERN +static char *build_env(char *fmt, char *arg); +static char **make_envp(httpd_conn * hc); +static char **make_argp(httpd_conn * hc); +static void cgi_interpose_input(httpd_conn * hc, int wfd); +static void post_post_garbage_hack(httpd_conn * hc); +static void cgi_interpose_output(httpd_conn * hc, int rfd); +static void cgi_child(httpd_conn * hc); +static int cgi(httpd_conn * hc); +#endif + +static int really_start_request(httpd_conn * hc, struct timeval *nowP); +static int check_referer(httpd_conn * hc); +#ifdef CONFIG_THTTPD_URLPATTERN +static int really_check_referer(httpd_conn * hc); +#endif +static int sockaddr_check(httpd_sockaddr * saP); +static size_t sockaddr_len(httpd_sockaddr * saP); + +/**************************************************************************** + * Private Data + ****************************************************************************/ + +/* This global keeps track of whether we are in the main process or a + * sub-process. The reason is that httpd_write_response() can get called + * in either context; when it is called from the main process it must use + * non-blocking I/O to avoid stalling the server, but when it is called + * from a sub-process it wants to use blocking I/O so that the whole + * response definitely gets written. So, it checks this variable. A bit + * of a hack but it seems to do the right thing. + */ + +static pid_t main_thread; +static int str_alloc_count = 0; +static size_t str_alloc_size = 0; + +/* Base-64 decoding. This represents binary data as printable ASCII + * characters. Three 8-bit binary bytes are turned into four 6-bit + * values, like so: + * + * [11111111][22222222][33333333] -> [111111][112222][222233][333333] + * + * Then the 6-bit values are represented using the characters "A-Za-z0-9+/". + */ + +#ifdef CONFIG_THTTPD_AUTH_FILE +static const int b64_decode_table[256] = +{ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 00-0F */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 10-1F */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 20-2F */ + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 30-3F */ + -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 40-4F */ + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 50-5F */ + -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 60-6F */ + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 70-7F */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 80-8F */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 90-9F */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* A0-AF */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* B0-BF */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* C0-CF */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* D0-DF */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* E0-EF */ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 /* F0-FF */ +}; +#endif + +/* Include MIME encodings and types */ + +#include "mime_types.h" + +/**************************************************************************** + * HTTP Strings + ****************************************************************************/ + +static char *ok200title = "OK"; +static char *ok206title = "Partial Content"; + +static char *err302title = "Found"; +static char *err302form = "The actual URL is '%s'.\n"; + +static char *err304title = "Not Modified"; + +char *httpd_err400title = "Bad Request"; +char *httpd_err400form = "Your request has bad syntax or is inherently impossible to satisfy.\n"; + +#ifdef CONFIG_THTTPD_AUTH_FILE +static char *err401title = "Unauthorized"; +static char *err401form = "Authorization required for the URL '%s'.\n"; +#endif + +static char *err403title = "Forbidden"; +#ifndef EXPLICIT_ERROR_PAGES +static char *err403form = "You do not have permission to get URL '%s' from this server.\n"; +#endif + +static char *err404title = "Not Found"; +static char *err404form = "The requested URL '%s' was not found on this server.\n"; + +char *httpd_err408title = "Request Timeout"; +char *httpd_err408form = "No request appeared within a reasonable time period.\n"; + +static char *err500title = "Internal Error"; +static char *err500form = "There was an unusual problem serving the requested URL '%s'.\n"; + +static char *err501title = "Not Implemented"; +static char *err501form = "The requested method '%s' is not implemented by this server.\n"; + +char *httpd_err503title = "Service Temporarily Overloaded"; +char *httpd_err503form = "The requested URL '%s' is temporarily overloaded. Please try again later.\n"; + +/**************************************************************************** + * Private Functions + ****************************************************************************/ + +static void free_httpd_server(httpd_server * hs) +{ + if (hs->binding_hostname) + { + free((void *)hs->binding_hostname); + } + + if (hs->cwd) + { + free((void *)hs->cwd); + } + free((void *)hs); +} + +static int initialize_listen_socket(httpd_sockaddr *saP) +{ + int listen_fd; + int on; + int flags; + + /* Check sockaddr. */ + + if (!sockaddr_check(saP)) + { + ndbg("unknown sockaddr family on listen socket\n"); + return -1; + } + + /* Create socket. */ + + listen_fd = socket(saP->sin_family, SOCK_STREAM, 0); + if (listen_fd < 0) + { + ndbg("socket %s: %d\n", httpd_ntoa(saP), errno); + return -1; + } + (void)fcntl(listen_fd, F_SETFD, 1); + + /* Allow reuse of local addresses. */ + + on = 1; + if (setsockopt(listen_fd, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)) < 0) + { + ndbg("setsockopt SO_REUSEADDR: %d\n", errno); + } + + /* Bind to it. */ + + if (bind(listen_fd, (struct sockaddr*)&saP, sockaddr_len(saP)) < 0) + { + ndbg("bind %s: %d\n", httpd_ntoa(saP), errno); + (void)close(listen_fd); + return -1; + } + + /* Set the listen file descriptor to no-delay / non-blocking mode. */ + + flags = fcntl(listen_fd, F_GETFL, 0); + if (flags == -1) + { + ndbg("fcntl F_GETFL: %d\n", errno); + (void)close(listen_fd); + return -1; + } + + if (fcntl(listen_fd, F_SETFL, flags | O_NDELAY) < 0) + { + ndbg("fcntl O_NDELAY: %d\n", errno); + (void)close(listen_fd); + return -1; + } + + /* Start a listen going. */ + + if (listen(listen_fd, CONFIG_THTTPD_LISTEN_BACKLOG) < 0) + { + ndbg("listen: %d\n", errno); + (void)close(listen_fd); + return -1; + } + + return listen_fd; +} + +/* Append a string to the buffer waiting to be sent as response. */ + +static void add_response(httpd_conn * hc, char *str) +{ + int resplen; + int len; + + len = strlen(str); + resplen = hc->buflen + len; + DEBUGASSERT(resplen < CONFIG_THTTPD_IOBUFFERSIZE); + + if (resplen > CONFIG_THTTPD_IOBUFFERSIZE) + { + resplen = CONFIG_THTTPD_IOBUFFERSIZE; + len = resplen - hc->buflen; + } + + memcpy(&(hc->buffer[hc->buflen]), str, len); + hc->buflen = resplen; +} + +static void send_mime(httpd_conn * hc, int status, char *title, char *encodings, + char *extraheads, char *type, off_t length, time_t mod) +{ + struct timeval now; + const char *rfc1123fmt = "%a, %d %b %Y %H:%M:%S GMT"; + char nowbuf[100]; + char modbuf[100]; +#ifdef CONFIG_THTTPD_MAXAGE + time_t expires; + char expbuf[100]; +#endif + char fixed_type[500]; + char buf[1000]; + int partial_content; + int s100; + + hc->status = status; + hc->bytes_to_send = length; + if (hc->mime_flag) + { + if (status == 200 && hc->got_range && + (hc->range_end >= hc->range_start) && + ((hc->range_end != length - 1) || + (hc->range_start != 0)) && + (hc->range_if == (time_t) - 1 || hc->range_if == hc->sb.st_mtime)) + { + partial_content = 1; + hc->status = status = 206; + title = ok206title; + } + else + { + partial_content = 0; + hc->got_range = FALSE; + } + + gettimeofday(&now, NULL); + if (mod == (time_t) 0) + { + mod = now.tv_sec; + } + + (void)strftime(nowbuf, sizeof(nowbuf), rfc1123fmt, gmtime(&now.tv_sec)); + (void)strftime(modbuf, sizeof(modbuf), rfc1123fmt, gmtime(&mod)); + (void)snprintf(fixed_type, sizeof(fixed_type), type, CONFIG_THTTPD_CHARSET); + (void)snprintf(buf, sizeof(buf), + "%.20s %d %s\015\012" + "Server: %s\015\012" + "Content-Type: %s\015\012" + "Date: %s\015\012" + "Last-Modified: %s\015\012" + "Accept-Ranges: bytes\015\012" + "Connection: close\015\012", + hc->protocol, status, title, "thttpd", fixed_type, nowbuf, modbuf); + add_response(hc, buf); + + s100 = status / 100; + if (s100 != 2 && s100 != 3) + { + (void)snprintf(buf, sizeof(buf), "Cache-Control: no-cache,no-store\015\012"); + add_response(hc, buf); + } + + if (encodings[0] != '\0') + { + (void)snprintf(buf, sizeof(buf), "Content-Encoding: %s\015\012", encodings); + add_response(hc, buf); + } + + if (partial_content) + { + (void)snprintf(buf, sizeof(buf), + "Content-Range: bytes %lld-%lld/%lld\015\012" + "Content-Length: %lld\015\012", + (sint16) hc->range_start, + (sint16) hc->range_end, (sint16) length, + (sint16) (hc->range_end - hc->range_start + 1)); + add_response(hc, buf); + } + else if (length >= 0) + { + (void)snprintf(buf, sizeof(buf), "Content-Length: %lld\015\012", (sint16) length); + add_response(hc, buf); + } + +#ifdef CONFIG_THTTPD_P3P + (void)snprintf(buf, sizeof(buf), "P3P: %s\015\012", CONFIG_THTTPD_P3P); + add_response(hc, buf); +#endif + +#ifdef CONFIG_THTTPD_MAXAGE + expires = now + CONFIG_THTTPD_MAXAGE; + (void)strftime(expbuf, sizeof(expbuf), rfc1123fmt, gmtime(&expires)); + (void)snprintf(buf, sizeof(buf), + "Cache-Control: max-age=%d\015\012Expires: %s\015\012", + CONFIG_THTTPD_MAXAGE, expbuf); + add_response(hc, buf); +#endif + + if (extraheads[0] != '\0') + { + add_response(hc, extraheads); + } + add_response(hc, "\015\012"); + } +} + +static void send_response(httpd_conn * hc, int status, char *title, char *extraheads, + char *form, char *arg) +{ + char defanged_arg[1000], buf[2000]; + + send_mime(hc, status, title, "", extraheads, "text/html; charset=%s", + (off_t) - 1, (time_t) 0); + (void)snprintf(buf, sizeof(buf), "\ +\n\ +%d %s\n\ +\n\ +

%d %s

\n", status, title, status, title); + add_response(hc, buf); + defang(arg, defanged_arg, sizeof(defanged_arg)); + (void)snprintf(buf, sizeof(buf), form, defanged_arg); + add_response(hc, buf); + + if (match("**MSIE**", hc->useragent)) + { + int n; + add_response(hc, "\n"); + } + + send_response_tail(hc); +} + +static void send_response_tail(httpd_conn * hc) +{ + char buf[1000]; + + (void)snprintf(buf, sizeof(buf), "\ +
\n\ +
%s
\n\ +\n\ +\n", CONFIG_THTTPD_SERVER_ADDRESS, "thttpd"); + add_response(hc, buf); +} + +static void defang(char *str, char *dfstr, int dfsize) +{ + char *cp1; + char *cp2; + + for (cp1 = str, cp2 = dfstr; + *cp1 != '\0' && cp2 - dfstr < dfsize - 5; ++cp1, ++cp2) + { + switch (*cp1) + { + case '<': + *cp2++ = '&'; + *cp2++ = 'l'; + *cp2++ = 't'; + *cp2 = ';'; + break; + case '>': + *cp2++ = '&'; + *cp2++ = 'g'; + *cp2++ = 't'; + *cp2 = ';'; + break; + default: + *cp2 = *cp1; + break; + } + } + *cp2 = '\0'; +} + +#ifdef CONFIG_THTTPD_ERROR_DIRECTORY +static int send_err_file(httpd_conn * hc, int status, char *title, char *extraheads, + char *filename) +{ + FILE *fp; + char buf[1000]; + size_t nread; + + fp = fopen(filename, "r"); + if (fp == (FILE *) 0) + return 0; + send_mime(hc, status, title, "", extraheads, "text/html; charset=%s", + (off_t) - 1, (time_t) 0); + for (;;) + { + nread = fread(buf, 1, sizeof(buf) - 1, fp); + if (nread == 0) + break; + buf[nread] = '\0'; + add_response(hc, buf); + } + (void)fclose(fp); + +#ifdef ERR_APPEND_SERVER_INFO + send_response_tail(hc); +#endif + + return 1; +} +#endif /* CONFIG_THTTPD_ERROR_DIRECTORY */ + +#ifdef CONFIG_THTTPD_AUTH_FILE +static void send_authenticate(httpd_conn * hc, char *realm) +{ + static char *header; + static size_t maxheader = 0; + static char headstr[] = "WWW-Authenticate: Basic realm=\""; + + httpd_realloc_str(&header, &maxheader, sizeof(headstr) + strlen(realm) + 3); + (void)snprintf(header, maxheader, "%s%s\"\015\012", headstr, realm); + httpd_send_err(hc, 401, err401title, header, err401form, hc->encodedurl); + + /* If the request was a POST then there might still be data to be read, so + * we need to do a lingering close. + */ + + if (hc->method == METHOD_POST) + { + hc->should_linger = TRUE; + } +} + +/* Do base-64 decoding on a string. Ignore any non-base64 bytes. + * Return the actual number of bytes generated. The decoded size will + * be at most 3/4 the size of the encoded, and may be smaller if there + * are padding characters (blanks, newlines). + */ + +static int b64_decode(const char *str, unsigned char *space, int size) +{ + const char *cp; + int space_idx, phase; + int d, prev_d = 0; + unsigned char c; + + space_idx = 0; + phase = 0; + for (cp = str; *cp != '\0'; ++cp) + { + d = b64_decode_table[(int)*cp]; + if (d != -1) + { + switch (phase) + { + case 0: + ++phase; + break; + case 1: + c = ((prev_d << 2) | ((d & 0x30) >> 4)); + if (space_idx < size) + space[space_idx++] = c; + ++phase; + break; + case 2: + c = (((prev_d & 0xf) << 4) | ((d & 0x3c) >> 2)); + if (space_idx < size) + space[space_idx++] = c; + ++phase; + break; + case 3: + c = (((prev_d & 0x03) << 6) | d); + if (space_idx < size) + space[space_idx++] = c; + phase = 0; + break; + } + prev_d = d; + } + } + return space_idx; +} + +/* Returns -1 == unauthorized, 0 == no auth file, 1 = authorized. */ + +static int auth_check(httpd_conn * hc, char *dirname) +{ +#ifdef CONFIG_THTTPD_GLOBALPASSWD + char *topdir; + +#ifdef CONFIG_THTTPD_VHOST + if (hc->hostdir[0] != '\0') + topdir = hc->hostdir; + else +#endif + topdir = "."; + + switch (auth_check2(hc, topdir)) + { + case -1: + return -1; + case 1: + return 1; + } +#endif + return auth_check2(hc, dirname); +} + +/* Returns -1 == unauthorized, 0 == no auth file, 1 = authorized. */ + +static int auth_check2(httpd_conn * hc, char *dirname) +{ + static char *authpath; + static size_t maxauthpath = 0; + struct stat sb; + char authinfo[500]; + char *authpass; + char *colon; + int l; + FILE *fp; + char line[500]; + char *cryp; + static char *prevauthpath; + static size_t maxprevauthpath = 0; + static time_t prevmtime; + static char *prevuser; + static size_t maxprevuser = 0; + static char *prevcryp; + static size_t maxprevcryp = 0; + + /* Construct auth filename. */ + + httpd_realloc_str(&authpath, &maxauthpath, + strlen(dirname) + 1 + sizeof(CONFIG_THTTPD_AUTH_FILE)); + (void)snprintf(authpath, maxauthpath, "%s/%s", dirname, CONFIG_THTTPD_AUTH_FILE); + + /* Does this directory have an auth file? */ + + if (stat(authpath, &sb) < 0) + { + /* Nope, let the request go through. */ + + return 0; + } + + /* Does this request contain basic authorization info? */ + + if (hc->authorization[0] == '\0' || strncmp(hc->authorization, "Basic ", 6) != 0) + { + /* Nope, return a 401 Unauthorized. */ + + send_authenticate(hc, dirname); + return -1; + } + + /* Decode it. */ + + l = b64_decode(&(hc->authorization[6]), (unsigned char *)authinfo, sizeof(authinfo) - 1); + authinfo[l] = '\0'; + + /* Split into user and password. */ + + authpass = strchr(authinfo, ':'); + if (!authpass) + { + /* No colon? Bogus auth info. */ + + send_authenticate(hc, dirname); + return -1; + } + *authpass++ = '\0'; + + /* If there are more fields, cut them off. */ + + colon = strchr(authpass, ':'); + if (colon) + { + *colon = '\0'; + } + + /* See if we have a cached entry and can use it. */ + + if (maxprevauthpath != 0 && + strcmp(authpath, prevauthpath) == 0 && + sb.st_mtime == prevmtime && strcmp(authinfo, prevuser) == 0) + { + /* Yes. Check against the cached encrypted password. */ + + if (strcmp(crypt(authpass, prevcryp), prevcryp) == 0) + { + /* Ok! */ + + httpd_realloc_str(&hc->remoteuser, &hc->maxremoteuser, + strlen(authinfo)); + (void)strcpy(hc->remoteuser, authinfo); + return 1; + } + else + { + /* No. */ + + send_authenticate(hc, dirname); + return -1; + } + } + + /* Open the password file. */ + + fp = fopen(authpath, "r"); + if (fp == (FILE *) 0) + { + /* The file exists but we can't open it? Disallow access. */ + + ndbg("%s auth file %s could not be opened: %d\n", + httpd_ntoa(&hc->client_addr), authpath, errno); + + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "The requested URL '%s' is protected by an authentication file, " + "but the authentication file cannot be opened.\n"), + hc->encodedurl); + return -1; + } + + /* Read it. */ + + while (fgets(line, sizeof(line), fp) != NULL) + { + /* Nuke newline. */ + + l = strlen(line); + if (line[l - 1] == '\n') + { + line[l - 1] = '\0'; + } + + /* Split into user and encrypted password. */ + + cryp = strchr(line, ':'); + if (!cryp) + { + continue; + } + *cryp++ = '\0'; + + /* Is this the right user? */ + + if (strcmp(line, authinfo) == 0) + { + /* Yes. */ + + (void)fclose(fp); + + /* So is the password right? */ + + if (strcmp(crypt(authpass, cryp), cryp) == 0) + { + /* Ok! */ + + httpd_realloc_str(&hc->remoteuser, &hc->maxremoteuser, strlen(line)); + (void)strcpy(hc->remoteuser, line); + + /* And cache this user's info for next time. */ + + httpd_realloc_str(&prevauthpath, &maxprevauthpath, strlen(authpath)); + (void)strcpy(prevauthpath, authpath); + prevmtime = sb.st_mtime; + httpd_realloc_str(&prevuser, &maxprevuser, strlen(authinfo)); + (void)strcpy(prevuser, authinfo); + httpd_realloc_str(&prevcryp, &maxprevcryp, strlen(cryp)); + (void)strcpy(prevcryp, cryp); + return 1; + } + else + { + /* No. */ + + send_authenticate(hc, dirname); + return -1; + } + } + } + + /* Didn't find that user. Access denied. */ + + (void)fclose(fp); + send_authenticate(hc, dirname); + return -1; +} +#endif /* CONFIG_THTTPD_AUTH_FILE */ + +static void send_dirredirect(httpd_conn * hc) +{ + static char *location; + static char *header; + static size_t maxlocation = 0; + static size_t maxheader = 0; + static char headstr[] = "Location: "; + + if (hc->query[0] != '\0') + { + char *cp = strchr(hc->encodedurl, '?'); + if (cp) + { + *cp = '\0'; + } + + httpd_realloc_str(&location, &maxlocation, strlen(hc->encodedurl) + 2 + strlen(hc->query)); + (void)snprintf(location, maxlocation, "%s/?%s", hc->encodedurl, hc->query); + } + else + { + httpd_realloc_str(&location, &maxlocation, strlen(hc->encodedurl) + 1); + (void)snprintf(location, maxlocation, "%s/", hc->encodedurl); + } + + httpd_realloc_str(&header, &maxheader, sizeof(headstr) + strlen(location)); + (void)snprintf(header, maxheader, "%s%s\015\012", headstr, location); + send_response(hc, 302, err302title, header, err302form, location); +} + +static int hexit(char c) +{ + if (c >= '0' && c <= '9') + { + return c - '0'; + } + else if (c >= 'a' && c <= 'f') + { + return c - 'a' + 10; + } + else if (c >= 'A' && c <= 'F') + { + return c - 'A' + 10; + } + return 0; +} + +/* Copies and decodes a string. It's ok for from and to to be the + * same string. + */ + +static void strdecode(char *to, char *from) +{ + for (; *from != '\0'; ++to, ++from) + { + if (from[0] == '%' && isxdigit(from[1]) && isxdigit(from[2])) + { + *to = hexit(from[1]) * 16 + hexit(from[2]); + from += 2; + } + else + { + *to = *from; + } + } + *to = '\0'; +} + +/* Copies and encodes a string. */ + +#ifdef GENERATE_INDEXES +static void strencode(char *to, int tosize, char *from) +{ + int tolen; + + for (tolen = 0; *from != '\0' && tolen + 4 < tosize; ++from) + { + if (isalnum(*from) || strchr("/_.-~", *from) != NULL) + { + *to = *from; + ++to; + ++tolen; + } + else + { + (void)sprintf(to, "%%%02x", (int)*from & 0xff); + to += 3; + tolen += 3; + } + } + *to = '\0'; +} +#endif /* GENERATE_INDEXES */ + +/* Map a ~username/whatever URL into /username. */ + +#ifdef TILDE_MAP_1 +static int tilde_map_1(httpd_conn * hc) +{ + static char *temp; + static size_t maxtemp = 0; + int len; + static char *prefix = TILDE_MAP_1; + + len = strlen(hc->expnfilename) - 1; + httpd_realloc_str(&temp, &maxtemp, len); + (void)strcpy(temp, &hc->expnfilename[1]); + + httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, strlen(prefix) + 1 + len); + (void)strcpy(hc->expnfilename, prefix); + + if (prefix[0] != '\0') + { + (void)strcat(hc->expnfilename, "/"); + } + + (void)strcat(hc->expnfilename, temp); + return 1; +} +#endif /* TILDE_MAP_1 */ + +/* Map a ~username/whatever URL into /. */ + +#ifdef TILDE_MAP_2 +static int tilde_map_2(httpd_conn * hc) +{ + static char *temp; + static size_t maxtemp = 0; + static char *postfix = TILDE_MAP_2; + char *cp; + struct passwd *pw; + char *alt; + char *rest; + + /* Get the username. */ + + httpd_realloc_str(&temp, &maxtemp, strlen(hc->expnfilename) - 1); + (void)strcpy(temp, &hc->expnfilename[1]); + + cp = strchr(temp, '/'); + if (cp) + { + *cp++ = '\0'; + } + else + { + cp = ""; + } + + /* Get the passwd entry. */ + + pw = getpwnam(temp); + if (!pw) + { + return 0; + } + + /* Set up altdir. */ + + httpd_realloc_str(&hc->altdir, &hc->maxaltdir, strlen(pw->pw_dir) + 1 + strlen(postfix)); + (void)strcpy(hc->altdir, pw->pw_dir); + if (postfix[0] != '\0') + { + (void)strcat(hc->altdir, "/"); + (void)strcat(hc->altdir, postfix); + } + + alt = expand_filename(hc->altdir, &rest, TRUE); + if (rest[0] != '\0') + { + return 0; + } + + httpd_realloc_str(&hc->altdir, &hc->maxaltdir, strlen(alt)); + (void)strcpy(hc->altdir, alt); + + /* And the filename becomes altdir plus the post-~ part of the original. */ + + httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, strlen(hc->altdir) + 1 + strlen(cp)); + (void)snprintf(hc->expnfilename, hc->maxexpnfilename, "%s/%s", hc->altdir, cp); + + /* For this type of tilde mapping, we want to defeat vhost mapping. */ + + hc->tildemapped = TRUE; + return 1; +} +#endif /* TILDE_MAP_2 */ + +/* Virtual host mapping. */ + +#ifdef CONFIG_THTTPD_VHOST +static int vhost_map(httpd_conn * hc) +{ + httpd_sockaddr sa; + socklen_t sz; + static char *tempfilename; + static size_t maxtempfilename = 0; + char *cp1; + int len; +#ifdef VHOST_DIRLEVELS + int i; + char *cp2; +#endif /* VHOST_DIRLEVELS */ + + /* Figure out the virtual hostname. */ + + if (hc->reqhost[0] != '\0') + { + hc->vhostname = hc->reqhost; + } + else if (hc->hdrhost[0] != '\0') + { + hc->vhostname = hc->hdrhost; + } + else + { + sz = sizeof(sa); + if (getsockname(hc->conn_fd, &sa.sa, &sz) < 0) + { + ndbg("getsockname: %d\n", errno); + return 0; + } + hc->vhostname = httpd_ntoa(&sa); + } + + /* Pound it to lower case. */ + + for (cp1 = hc->vhostname; *cp1 != '\0'; ++cp1) + { + if (isupper(*cp1)) + { + *cp1 = tolower(*cp1); + } + } + + if (hc->tildemapped) + { + return 1; + } + + /* Figure out the host directory. */ + +#ifdef VHOST_DIRLEVELS + httpd_realloc_str(&hc->hostdir, &hc->maxhostdir, strlen(hc->vhostname) + 2 * VHOST_DIRLEVELS); + if (strncmp(hc->vhostname, "www.", 4) == 0) + { + cp1 = &hc->vhostname[4]; + } + else + { + cp1 = hc->vhostname; + } + + for (cp2 = hc->hostdir, i = 0; i < VHOST_DIRLEVELS; ++i) + { + /* Skip dots in the hostname. If we don't, then we get vhost + * directories in higher level of filestructure if dot gets involved + * into path construction. It's `while' used here instead of `if' for + * it's possible to have a hostname formed with two dots at the end of + * it. + */ + + while (*cp1 == '.') + { + ++cp1; + } + + /* Copy a character from the hostname, or '_' if we ran out. */ + + if (*cp1 != '\0') + { + *cp2++ = *cp1++; + } + else + { + *cp2++ = '_'; + } + + /* Copy a slash. */ + + *cp2++ = '/'; + } + (void)strcpy(cp2, hc->vhostname); +#else /* VHOST_DIRLEVELS */ + httpd_realloc_str(&hc->hostdir, &hc->maxhostdir, strlen(hc->vhostname)); + (void)strcpy(hc->hostdir, hc->vhostname); +#endif /* VHOST_DIRLEVELS */ + + /* Prepend hostdir to the filename. */ + + len = strlen(hc->expnfilename); + httpd_realloc_str(&tempfilename, &maxtempfilename, len); + (void)strcpy(tempfilename, hc->expnfilename); + httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, strlen(hc->hostdir) + 1 + len); + (void)strcpy(hc->expnfilename, hc->hostdir); + (void)strcat(hc->expnfilename, "/"); + (void)strcat(hc->expnfilename, tempfilename); + return 1; +} +#endif + +/* Expands filename, deleting ..'s and leading /'s. + * Returns the expanded path (pointer to static string), or (char*) 0 on + * errors. Also returns, in the string pointed to by restP, any trailing + * parts of the path that don't exist. + */ + +static char *expand_filename(char *path, char **restP, boolean tildemapped) +{ + static char *checked; + static char *rest; + static size_t maxchecked = 0, maxrest = 0; + size_t checkedlen, restlen, prevcheckedlen, prevrestlen; + struct stat sb; + int nlinks, i; + char *r; + char *cp1; + char *cp2; + + /* We need to do the pathinfo check. we do a single stat() of the whole + * filename - if it exists, then we return it as is with nothing in restP. + * If it doesn't exist, we fall through to the existing code. + */ + + if (stat(path, &sb) != -1) + { + checkedlen = strlen(path); + httpd_realloc_str(&checked, &maxchecked, checkedlen); + (void)strcpy(checked, path); + + /* Trim trailing slashes. */ + + while (checked[checkedlen - 1] == '/') + { + checked[checkedlen - 1] = '\0'; + --checkedlen; + } + + httpd_realloc_str(&rest, &maxrest, 0); + rest[0] = '\0'; + *restP = rest; + return checked; + } + + /* Start out with nothing in checked and the whole filename in rest. */ + + httpd_realloc_str(&checked, &maxchecked, 1); + checked[0] = '\0'; + checkedlen = 0; + restlen = strlen(path); + httpd_realloc_str(&rest, &maxrest, restlen); + (void)strcpy(rest, path); + + /* trim trailing slash */ + + if (rest[restlen - 1] == '/') + { + rest[--restlen] = '\0'; + } + + if (!tildemapped) + { + /* Remove any leading slashes. */ + + while (rest[0] == '/') + { + (void)strcpy(rest, &(rest[1])); + --restlen; + } + } + + r = rest; + nlinks = 0; + + /* While there are still components to check... */ + + while (restlen > 0) + { + /* Save current checkedlen. Save current restlen in case we get a non-existant component. */ + + prevcheckedlen = checkedlen; + prevrestlen = restlen; + + /* Grab one component from r and transfer it to checked. */ + + cp1 = strchr(r, '/'); + if (cp1) + { + i = cp1 - r; + if (i == 0) + { + /* Special case for absolute paths. */ + + httpd_realloc_str(&checked, &maxchecked, checkedlen + 1); + (void)strncpy(&checked[checkedlen], r, 1); + checkedlen += 1; + } + else if (strncmp(r, "..", MAX(i, 2)) == 0) + { + /* Ignore ..'s that go above the start of the path. */ + + if (checkedlen != 0) + { + cp2 = strrchr(checked, '/'); + if (!cp2) + { + checkedlen = 0; + } + else if (cp2 == checked) + { + checkedlen = 1; + } + else + { + checkedlen = cp2 - checked; + } + } + } + else + { + httpd_realloc_str(&checked, &maxchecked, checkedlen + 1 + i); + if (checkedlen > 0 && checked[checkedlen - 1] != '/') + { + checked[checkedlen++] = '/'; + } + + (void)strncpy(&checked[checkedlen], r, i); + checkedlen += i; + } + + checked[checkedlen] = '\0'; + r += i + 1; + restlen -= i + 1; + } + else + { + /* No slashes remaining, r is all one component. */ + + if (strcmp(r, "..") == 0) + { + /* Ignore ..'s that go above the start of the path. */ + + if (checkedlen != 0) + { + cp2 = strrchr(checked, '/'); + if (!cp2) + { + checkedlen = 0; + } + else if (cp2 == checked) + { + checkedlen = 1; + } + else + { + checkedlen = cp2 - checked; + } + + checked[checkedlen] = '\0'; + } + } + else + { + httpd_realloc_str(&checked, &maxchecked, checkedlen + 1 + restlen); + if (checkedlen > 0 && checked[checkedlen - 1] != '/') + { + checked[checkedlen++] = '/'; + } + + (void)strcpy(&checked[checkedlen], r); + checkedlen += restlen; + } + + r += restlen; + restlen = 0; + } + } + + /* Ok. */ + + *restP = r; + if (checked[0] == '\0') + { + (void)strcpy(checked, "."); + } + return checked; +} + +static char *bufgets(httpd_conn * hc) +{ + int i; + char c; + + for (i = hc->checked_idx; hc->checked_idx < hc->read_idx; ++hc->checked_idx) + { + c = hc->read_buf[hc->checked_idx]; + if (c == '\012' || c == '\015') + { + hc->read_buf[hc->checked_idx] = '\0'; + ++hc->checked_idx; + if (c == '\015' && hc->checked_idx < hc->read_idx && + hc->read_buf[hc->checked_idx] == '\012') + { + hc->read_buf[hc->checked_idx] = '\0'; + ++hc->checked_idx; + } + return &(hc->read_buf[i]); + } + } + return (char *)0; +} + +static void de_dotdot(char *file) +{ + char *cp; + char *cp2; + int l; + + /* Collapse any multiple / sequences. */ + + while ((cp = strstr(file, "//")) != NULL) + { + for (cp2 = cp + 2; *cp2 == '/'; ++cp2) + { + continue; + } + + (void)strcpy(cp + 1, cp2); + } + + /* Remove leading ./ and any /./ sequences. */ + + while (strncmp(file, "./", 2) == 0) + { + (void)strcpy(file, file + 2); + } + + while ((cp = strstr(file, "/./")) != NULL) + { + (void)strcpy(cp, cp + 2); + } + + /* Alternate between removing leading ../ and removing xxx/../ */ + + for (;;) + { + while (strncmp(file, "../", 3) == 0) + { + (void)strcpy(file, file + 3); + } + + cp = strstr(file, "/../"); + if (!cp) + { + break; + } + + for (cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2) + { + continue; + } + + (void)strcpy(cp2 + 1, cp + 4); + } + + /* Also elide any xxx/.. at the end. */ + + while ((l = strlen(file)) > 3 && strcmp((cp = file + l - 3), "/..") == 0) + { + for (cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2) + { + continue; + } + + if (cp2 < file) + { + break; + } + + *cp2 = '\0'; + } +} + +static void init_mime(void) +{ + int i; + + /* Fill in the lengths. */ + + for (i = 0; i < n_enc_tab; ++i) + { + enc_tab[i].ext_len = strlen(enc_tab[i].ext); + enc_tab[i].val_len = strlen(enc_tab[i].val); + } + + for (i = 0; i < n_typ_tab; ++i) + { + typ_tab[i].ext_len = strlen(typ_tab[i].ext); + typ_tab[i].val_len = strlen(typ_tab[i].val); + } +} + +/* Figure out MIME encodings and type based on the filename. Multiple + * encodings are separated by commas, and are listed in the order in + * which they were applied to the file. + */ + +static void figure_mime(httpd_conn * hc) +{ + char *prev_dot; + char *dot; + char *ext; + int me_indexes[100], n_me_indexes; + size_t ext_len, encodings_len; + int i, top, bot, mid; + int r; + char *default_type = "text/plain; charset=%s"; + + /* Peel off encoding extensions until there aren't any more. */ + + n_me_indexes = 0; + for (prev_dot = &hc->expnfilename[strlen(hc->expnfilename)];; prev_dot = dot) + { + for (dot = prev_dot - 1; dot >= hc->expnfilename && *dot != '.'; --dot) + ; + + if (dot < hc->expnfilename) + { + /* No dot found. No more encoding extensions, and no type + * extension either. + */ + + hc->type = default_type; + goto done; + } + + ext = dot + 1; + ext_len = prev_dot - ext; + + /* Search the encodings table. Linear search is fine here, there are + * only a few entries. + */ + + for (i = 0; i < n_enc_tab; ++i) + { + if (ext_len == enc_tab[i].ext_len && + strncasecmp(ext, enc_tab[i].ext, ext_len) == 0) + { + if (n_me_indexes < sizeof(me_indexes) / sizeof(*me_indexes)) + { + me_indexes[n_me_indexes] = i; + ++n_me_indexes; + } + goto next; + } + } + + /* No encoding extension found. Break and look for a type extension. */ + + break; + + next:; + } + + /* Binary search for a matching type extension. */ + + top = n_typ_tab - 1; + bot = 0; + while (top >= bot) + { + mid = (top + bot) / 2; + r = strncasecmp(ext, typ_tab[mid].ext, ext_len); + if (r < 0) + { + top = mid - 1; + } + else if (r > 0) + { + bot = mid + 1; + } + else if (ext_len < typ_tab[mid].ext_len) + { + top = mid - 1; + } + else if (ext_len > typ_tab[mid].ext_len) + { + bot = mid + 1; + } + else + { + hc->type = typ_tab[mid].val; + goto done; + } + } + hc->type = default_type; + +done: + + /* The last thing we do is actually generate the mime-encoding header. */ + + hc->encodings[0] = '\0'; + encodings_len = 0; + for (i = n_me_indexes - 1; i >= 0; --i) + { + httpd_realloc_str(&hc->encodings, &hc->maxencodings, + encodings_len + enc_tab[me_indexes[i]].val_len + 1); + if (hc->encodings[0] != '\0') + { + (void)strcpy(&hc->encodings[encodings_len], ","); + ++encodings_len; + } + + (void)strcpy(&hc->encodings[encodings_len], enc_tab[me_indexes[i]].val); + encodings_len += enc_tab[me_indexes[i]].val_len; + } +} + +#if CONFIG_THTTPD_CGI_TIMELIMIT > 0 +static void cgi_kill2(ClientData client_data, struct timeval *nowP) +{ + pid_t pid; + + pid = (pid_t) client_data.i; + if (kill(pid, SIGKILL) == 0) + { + ndbg("hard-killed CGI process %d\n", pid); + } +} + +static void cgi_kill(ClientData client_data, struct timeval *nowP) +{ + pid_t pid; + + pid = (pid_t) client_data.i; + if (kill(pid, SIGINT) == 0) + { + ndbg("killed CGI process %d\n", pid); + + /* In case this isn't enough, schedule an uncatchable kill. */ + + if (tmr_create(nowP, cgi_kill2, client_data, 5 * 1000L, 0) == (Timer *) 0) + { + ndbg("tmr_create(cgi_kill2) failed\n"); + exit(1); + } + } +} +#endif + +/* qsort comparison routine. */ + +#ifdef GENERATE_INDEXES +static int name_compare(char **a, char **b) +{ + return strcmp(*a, *b); +} + +static int ls(httpd_conn * hc) +{ + DIR *dirp; + struct dirent *de; + int namlen; + static int maxnames = 0; + int nnames; + static char *names; + static char **nameptrs; + static char *name; + static size_t maxname = 0; + static char *rname; + static size_t maxrname = 0; + static char *encrname; + static size_t maxencrname = 0; + FILE *fp; + int i, r; + struct stat sb; + struct stat lsb; + char modestr[20]; + char *linkprefix; + char link[MAXPATHLEN + 1]; + char *fileclass; + time_t now; + char *timestr; + ClientData client_data; + + dirp = opendir(hc->expnfilename); + if (dirp == (DIR *) 0) + { + ndbg("opendir %s: %d\n", hc->expnfilename, errno); + httpd_send_err(hc, 404, err404title, "", err404form, hc->encodedurl); + return -1; + } + + if (hc->method == METHOD_HEAD) + { + closedir(dirp); + send_mime(hc, 200, ok200title, "", "", "text/html; charset=%s", + (off_t) - 1, hc->sb.st_mtime); + } + else if (hc->method == METHOD_GET) + { +#ifdef CONFIG_THTTPD_CGILIMIT + if (hc->hs->cgi_count >= CONFIG_THTTPD_CGILIMIT) + { + closedir(dirp); + httpd_send_err(hc, 503, httpd_err503title, "", httpd_err503form, + hc->encodedurl); + return -1; + } +#endif + ++hc->hs->cgi_count; + + r = fork(); + if (r < 0) + { + ndbg("fork: %d\n", errno); + closedir(dirp); + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + return -1; + } + + if (r == 0) + { + /* Child process. */ + + httpd_unlisten(hc->hs); + send_mime(hc, 200, ok200title, "", "", "text/html; charset=%s", + (off_t) - 1, hc->sb.st_mtime); + httpd_write_response(hc); + + /* Open a stdio stream so that we can use fprintf, which is more + * efficient than a bunch of separate write()s. We don't have to + * worry about double closes or file descriptor leaks cause we're + * in a subprocess. + */ + + fp = fdopen(hc->conn_fd, "w"); + if (fp == (FILE *) 0) + { + ndbg("fdopen: %d\n", errno); + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + httpd_write_response(hc); + closedir(dirp); + exit(1); + } + + (void)fprintf(fp, "\ +\n\ +Index of %s\n\ +\n\ +

Index of %s

\n\ +
\n\
+mode  links  bytes  last-changed  name\n\
+
", hc->encodedurl, hc->encodedurl);
+
+          /* Read in names. */
+
+          nnames = 0;
+          while ((de = readdir(dirp)) != 0)     /* dirent or direct */
+            {
+              if (nnames >= maxnames)
+                {
+                  if (maxnames == 0)
+                    {
+                      maxnames = 100;
+                      names    = NEW(char, maxnames * (MAXPATHLEN + 1));
+                      nameptrs = NEW(char *, maxnames);
+                    }
+                  else
+                    {
+                      maxnames *= 2;
+                      names     = RENEW(names, char, maxnames * (MAXPATHLEN + 1));
+                      nameptrs  = RENEW(nameptrs, char *, maxnames);
+                    }
+
+                  if (!names || !nameptrs)
+                    {
+                      ndbg("out of memory reallocating directory names\n");
+                      exit(1);
+                    }
+
+                  for (i = 0; i < maxnames; ++i)
+                    nameptrs[i] = &names[i * (MAXPATHLEN + 1)];
+                }
+
+              namlen = NAMLEN(de);
+              (void)strncpy(nameptrs[nnames], de->d_name, namlen);
+              nameptrs[nnames][namlen] = '\0';
+              ++nnames;
+            }
+          closedir(dirp);
+
+          /* Sort the names. */
+
+          qsort(nameptrs, nnames, sizeof(*nameptrs), name_compare);
+
+          /* Generate output. */
+
+          for (i = 0; i < nnames; ++i)
+            {
+              httpd_realloc_str(&name, &maxname,
+                                strlen(hc->expnfilename) + 1 +
+                                strlen(nameptrs[i]));
+              httpd_realloc_str(&rname, &maxrname,
+                                strlen(hc->origfilename) + 1 +
+                                strlen(nameptrs[i]));
+              if (hc->expnfilename[0] == '\0' ||
+                  strcmp(hc->expnfilename, ".") == 0)
+                {
+                  (void)strcpy(name, nameptrs[i]);
+                  (void)strcpy(rname, nameptrs[i]);
+                }
+              else
+                {
+                  (void)snprintf(name, maxname, "%s/%s", hc->expnfilename, nameptrs[i]);
+                  if (strcmp(hc->origfilename, ".") == 0)
+                    {
+                      (void)snprintf(rname, maxrname, "%s", nameptrs[i]);
+                    }
+                  else
+                    {
+                      (void)snprintf(rname, maxrname, "%s%s", hc->origfilename, nameptrs[i]);
+                    }
+                }
+
+              httpd_realloc_str(&encrname, &maxencrname, 3 * strlen(rname) + 1);
+              strencode(encrname, maxencrname, rname);
+
+              if (stat(name, &sb) < 0 || lstat(name, &lsb) < 0)
+                {
+                  continue;
+                }
+
+              linkprefix = "";
+              link[0] = '\0';
+
+              /* Break down mode word.  First the file type. */
+
+              switch (lsb.st_mode & S_IFMT)
+                {
+                case S_IFIFO:
+                  modestr[0] = 'p';
+                  break;
+
+                case S_IFCHR:
+                  modestr[0] = 'c';
+                  break;
+
+                case S_IFDIR:
+                  modestr[0] = 'd';
+                  break;
+
+                case S_IFBLK:
+                  modestr[0] = 'b';
+                  break;
+
+                case S_IFREG:
+                  modestr[0] = '-';
+                  break;
+
+                case S_IFSOCK:
+                  modestr[0] = 's';
+                  break;
+
+                case S_IFLNK:
+                default:
+                  modestr[0] = '?';
+                  break;
+                }
+
+              /* Now the world permissions.  Owner and group permissions are 
+               * not of interest to web clients.
+               */
+
+              modestr[1] = (lsb.st_mode & S_IROTH) ? 'r' : '-';
+              modestr[2] = (lsb.st_mode & S_IWOTH) ? 'w' : '-';
+              modestr[3] = (lsb.st_mode & S_IXOTH) ? 'x' : '-';
+              modestr[4] = '\0';
+
+              /* We also leave out the owner and group name */
+
+              /* Get time string. */
+
+              now = time((time_t *) 0);
+              timestr = ctime(&lsb.st_mtime);
+              timestr[0] = timestr[4];
+              timestr[1] = timestr[5];
+              timestr[2] = timestr[6];
+              timestr[3] = ' ';
+              timestr[4] = timestr[8];
+              timestr[5] = timestr[9];
+              timestr[6] = ' ';
+
+              if (now - lsb.st_mtime > 60 * 60 * 24 * 182)      /* 1/2 year */
+                {
+                  timestr[7] = ' ';
+                  timestr[8] = timestr[20];
+                  timestr[9] = timestr[21];
+                  timestr[10] = timestr[22];
+                  timestr[11] = timestr[23];
+                }
+              else
+                {
+                  timestr[7] = timestr[11];
+                  timestr[8] = timestr[12];
+                  timestr[9] = ':';
+                  timestr[10] = timestr[14];
+                  timestr[11] = timestr[15];
+                }
+              timestr[12] = '\0';
+
+              /* The ls -F file class. */
+
+              switch (sb.st_mode & S_IFMT)
+                {
+                case S_IFDIR:
+                  fileclass = "/";
+                  break;
+
+                case S_IFSOCK:
+                  fileclass = "=";
+                  break;
+
+                case S_IFLNK:
+                  fileclass = "@";
+                  break;
+
+                default:
+                  fileclass = (sb.st_mode & S_IXOTH) ? "*" : "";
+                  break;
+                }
+
+              /* And print. */
+
+              (void)fprintf(fp, "%s %3ld  %10lld  %s  %s%s%s%s\n",
+                            modestr, (long)lsb.st_nlink, (sint16) lsb.st_size,
+                            timestr, encrname, S_ISDIR(sb.st_mode) ? "/" : "",
+                            nameptrs[i], linkprefix, link, fileclass);
+            }
+
+          (void)fprintf(fp, "
\n\n"); + (void)fclose(fp); + exit(0); + } + + /* Parent process. */ + + closedir(dirp); + ndbg("spawned indexing process %d for directory '%s'\n", r, hc->expnfilename); + + /* Schedule a kill for the child process, in case it runs too long */ + +#if CONFIG_THTTPD_CGI_TIMELIMIT > 0 + client_data.i = r; + if (tmr_create((struct timeval *)0, cgi_kill, client_data, CONFIG_THTTPD_CGI_TIMELIMIT * 1000L, 0) == (Timer *) 0) + { + ndbg("tmr_create(cgi_kill ls) failed\n"); + exit(1); + } +#endif + + hc->status = 200; + hc->bytes_sent = CONFIG_THTTPD_CGI_BYTECOUNT; + hc->should_linger = FALSE; + } + else + { + closedir(dirp); + httpd_send_err(hc, 501, err501title, "", err501form, httpd_method_str(hc->method)); + return -1; + } + + return 0; +} +#endif /* GENERATE_INDEXES */ + +#ifdef CONFIG_THTTPD_CGI_PATTERN +static char *build_env(char *fmt, char *arg) +{ + char *cp; + size_t size; + static char *buf; + static size_t maxbuf = 0; + + size = strlen(fmt) + strlen(arg); + if (size > maxbuf) + { + httpd_realloc_str(&buf, &maxbuf, size); + } + + (void)snprintf(buf, maxbuf, fmt, arg); + cp = strdup(buf); + if (!cp) + { + ndbg("out of memory copying environment variable\n"); + exit(1); + } + return cp; +} +#endif + +/* Set up environment variables. Be real careful here to avoid + * letting malicious clients overrun a buffer. We don't have + * to worry about freeing stuff since we're a sub-process. + */ + +#ifdef CONFIG_THTTPD_CGI_PATTERN +static char **make_envp(httpd_conn * hc) +{ + static char *envp[50]; + int envn; + char *cp; + char buf[256]; + + envn = 0; + envp[envn++] = build_env("PATH=%s", CONFIG_THTTPD_CGI_PATH); +#ifdef CGI_LD_LIBRARY_PATH + envp[envn++] = build_env("LD_LIBRARY_PATH=%s", CGI_LD_LIBRARY_PATH); +#endif /* CGI_LD_LIBRARY_PATH */ + envp[envn++] = build_env("SERVER_SOFTWARE=%s", CONFIG_THTTPD_SERVER_SOFTWARE); + /* If vhosting, use that server-name here. */ +#ifdef CONFIG_THTTPD_VHOST + if (hc->vhostname) + { + cp = hc->vhostname; + } + else +#endif + { + cp = hc->hs->server_hostname; + } + + if (cp) + { + envp[envn++] = build_env("SERVER_NAME=%s", cp); + } + + envp[envn++] = "GATEWAY_INTERFACE=CGI/1.1"; + envp[envn++] = build_env("SERVER_PROTOCOL=%s", hc->protocol); + (void)snprintf(buf, sizeof(buf), "%d", (int)CONFIG_THTTPD_PORT); + envp[envn++] = build_env("SERVER_PORT=%s", buf); + envp[envn++] = build_env("REQUEST_METHOD=%s", httpd_method_str(hc->method)); + + if (hc->pathinfo[0] != '\0') + { + char *cp2; + size_t l; + envp[envn++] = build_env("PATH_INFO=/%s", hc->pathinfo); + l = strlen(hc->hs->cwd) + strlen(hc->pathinfo) + 1; + cp2 = NEW(char, l); + if (cp2) + { + (void)snprintf(cp2, l, "%s%s", hc->hs->cwd, hc->pathinfo); + envp[envn++] = build_env("PATH_TRANSLATED=%s", cp2); + } + } + + envp[envn++] = + build_env("SCRIPT_NAME=/%s", + strcmp(hc->origfilename, ".") == 0 ? "" : hc->origfilename); + if (hc->query[0] != '\0') + { + envp[envn++] = build_env("QUERY_STRING=%s", hc->query); + } + + envp[envn++] = build_env("REMOTE_ADDR=%s", httpd_ntoa(&hc->client_addr)); + if (hc->referer[0] != '\0') + { + envp[envn++] = build_env("HTTP_REFERER=%s", hc->referer); + } + + if (hc->useragent[0] != '\0') + { + envp[envn++] = build_env("HTTP_USER_AGENT=%s", hc->useragent); + } + + if (hc->accept[0] != '\0') + { + envp[envn++] = build_env("HTTP_ACCEPT=%s", hc->accept); + } + + if (hc->accepte[0] != '\0') + { + envp[envn++] = build_env("HTTP_ACCEPT_ENCODING=%s", hc->accepte); + } + + if (hc->acceptl[0] != '\0') + { + envp[envn++] = build_env("HTTP_ACCEPT_LANGUAGE=%s", hc->acceptl); + } + + if (hc->cookie[0] != '\0') + { + envp[envn++] = build_env("HTTP_COOKIE=%s", hc->cookie); + } + + if (hc->contenttype[0] != '\0') + { + envp[envn++] = build_env("CONTENT_TYPE=%s", hc->contenttype); + } + + if (hc->hdrhost[0] != '\0') + { + envp[envn++] = build_env("HTTP_HOST=%s", hc->hdrhost); + } + + if (hc->contentlength != -1) + { + (void)snprintf(buf, sizeof(buf), "%lu", (unsigned long)hc->contentlength); + envp[envn++] = build_env("CONTENT_LENGTH=%s", buf); + } + + if (hc->remoteuser[0] != '\0') + { + envp[envn++] = build_env("REMOTE_USER=%s", hc->remoteuser); + } + + if (hc->authorization[0] != '\0') + { + envp[envn++] = build_env("AUTH_TYPE=%s", "Basic"); + } + + /* We only support Basic auth at the moment. */ + + if (getenv("TZ") != NULL) + { + envp[envn++] = build_env("TZ=%s", getenv("TZ")); + } + + envp[envn++] = build_env("CGI_PATTERN=%s", CONFIG_THTTPD_CGI_PATTERN); + envp[envn] = (char *)0; + return envp; +} +#endif + +/* Set up argument vector. Again, we don't have to worry about freeing stuff + * since we're a sub-process. This gets done after make_envp() because we + * scribble on hc->query. + */ + +#ifdef CONFIG_THTTPD_CGI_PATTERN +static char **make_argp(httpd_conn * hc) +{ + char **argp; + int argn; + char *cp1; + char *cp2; + + /* By allocating an arg slot for every character in the query, plus one + * for the filename and one for the NULL, we are guaranteed to have + * enough. We could actually use strlen/2. + */ + + argp = NEW(char *, strlen(hc->query) + 2); + if (!argp) + { + return (char **)0; + } + + argp[0] = strrchr(hc->expnfilename, '/'); + if (argp[0]) + { + ++argp[0]; + } + else + { + argp[0] = hc->expnfilename; + } + argn = 1; + + /* According to the CGI spec at http://hoohoo.ncsa.uiuc.edu/cgi/cl.html, + * "The server should search the query information for a non-encoded = + * character to determine if the command line is to be used, if it finds + * one, the command line is not to be used." + */ + + if (strchr(hc->query, '=') == NULL) + { + for (cp1 = cp2 = hc->query; *cp2 != '\0'; ++cp2) + { + if (*cp2 == '+') + { + *cp2 = '\0'; + strdecode(cp1, cp1); + argp[argn++] = cp1; + cp1 = cp2 + 1; + } + } + + if (cp2 != cp1) + { + strdecode(cp1, cp1); + argp[argn++] = cp1; + } + } + + argp[argn] = (char *)0; + return argp; +} +#endif + +/* This routine is used only for POST requests. It reads the data + * from the request and sends it to the child process. The only reason + * we need to do it this way instead of just letting the child read + * directly is that we have already read part of the data into our + * buffer. + */ + +#ifdef CONFIG_THTTPD_CGI_PATTERN +static void cgi_interpose_input(httpd_conn * hc, int wfd) +{ + size_t c; + ssize_t r; + char buf[1024]; + + c = hc->read_idx - hc->checked_idx; + if (c > 0) + { + if (httpd_write(wfd, &(hc->read_buf[hc->checked_idx]), c) != c) + { + return; + } + } + while (c < hc->contentlength) + { + r = read(hc->conn_fd, buf, MIN(sizeof(buf), hc->contentlength - c)); + if (r < 0 && (errno == EINTR || errno == EAGAIN)) + { + sleep(1); + continue; + } + if (r <= 0) + { + return; + } + + if (httpd_write(wfd, buf, r) != r) + { + return; + } + + c += r; + } + post_post_garbage_hack(hc); +} +#endif + +/* Special hack to deal with broken browsers that send a LF or CRLF + * after POST data, causing TCP resets - we just read and discard up + * to 2 bytes. Unfortunately this doesn't fix the problem for CGIs + * which avoid the interposer process due to their POST data being + * short. Creating an interposer process for all POST CGIs is + * unacceptably expensive. The eventual fix will come when interposing + * gets integrated into the main loop as a tasklet instead of a process. + */ + +#ifdef CONFIG_THTTPD_CGI_PATTERN +static void post_post_garbage_hack(httpd_conn * hc) +{ + char buf[2]; + + /* If we are in a sub-process, turn on no-delay mode in case we previously + * cleared it. + */ + + if (main_thread != getpid()) + { + httpd_set_ndelay(hc->conn_fd); + } + + /* And read up to 2 bytes. */ + + (void)read(hc->conn_fd, buf, sizeof(buf)); +} +#endif /* CONFIG_THTTPD_CGI_PATTERN */ + +/* This routine is used for parsed-header CGIs. The idea here is that the + * CGI can return special headers such as "Status:" and "Location:" which + * change the return status of the response. Since the return status has to + * be the very first line written out, we have to accumulate all the headers + * and check for the special ones before writing the status. Then we write + * out the saved headers and proceed to echo the rest of the response. + */ + +#ifdef CONFIG_THTTPD_CGI_PATTERN +static void cgi_interpose_output(httpd_conn * hc, int rfd) +{ + int r; + char buf[1024]; + size_t headers_size, headers_len; + char *headers; + char *br; + int status; + char *title; + char *cp; + + /* Make sure the connection is in blocking mode. It should already be + * blocking, but we might as well be sure. + */ + + httpd_clear_ndelay(hc->conn_fd); + + /* Slurp in all headers. */ + + headers_size = 0; + httpd_realloc_str(&headers, &headers_size, 500); + headers_len = 0; + for (;;) + { + r = read(rfd, buf, sizeof(buf)); + if (r < 0 && (errno == EINTR || errno == EAGAIN)) + { + sleep(1); + continue; + } + + if (r <= 0) + { + br = &(headers[headers_len]); + break; + } + + httpd_realloc_str(&headers, &headers_size, headers_len + r); + (void)memmove(&(headers[headers_len]), buf, r); + headers_len += r; + headers[headers_len] = '\0'; + + if ((br = strstr(headers, "\015\012\015\012")) != NULL || + (br = strstr(headers, "\012\012")) != NULL) + { + break; + } + } + + /* If there were no headers, bail. */ + + if (headers[0] == '\0') + { + return; + } + + /* Figure out the status. Look for a Status: or Location: header; else if + * there's an HTTP header line, get it from there; else default to 200. + */ + + status = 200; + if (strncmp(headers, "HTTP/", 5) == 0) + { + cp = headers; + cp += strcspn(cp, " \t"); + status = atoi(cp); + } + + if ((cp = strstr(headers, "Status:")) != (char *)0 && + cp < br && (cp == headers || *(cp - 1) == '\012')) + { + cp += 7; + cp += strspn(cp, " \t"); + status = atoi(cp); + } + + if ((cp = strstr(headers, "Location:")) != (char *)0 && + cp < br && (cp == headers || *(cp - 1) == '\012')) + { + status = 302; + } + + /* Write the status line. */ + + switch (status) + { + case 200: + title = ok200title; + break; + + case 302: + title = err302title; + break; + + case 304: + title = err304title; + break; + + case 400: + title = httpd_err400title; + break; + +#ifdef CONFIG_THTTPD_AUTH_FILE + case 401: + title = err401title; + break; +#endif /* CONFIG_THTTPD_AUTH_FILE */ + + case 403: + title = err403title; + break; + + case 404: + title = err404title; + break; + + case 408: + title = httpd_err408title; + break; + + case 500: + title = err500title; + break; + + case 501: + title = err501title; + break; + + case 503: + title = httpd_err503title; + break; + + default: + title = "Something"; + break; + } + + (void)snprintf(buf, sizeof(buf), "HTTP/1.0 %d %s\015\012", status, title); + (void)httpd_write(hc->conn_fd, buf, strlen(buf)); + + /* Write the saved headers. */ + + (void)httpd_write(hc->conn_fd, headers, headers_len); + + /* Echo the rest of the output. */ + + for (;;) + { + r = read(rfd, buf, sizeof(buf)); + if (r < 0 && (errno == EINTR || errno == EAGAIN)) + { + sleep(1); + continue; + } + + if (r <= 0) + { + break; + } + + if (httpd_write(hc->conn_fd, buf, r) != r) + { + break; + } + } + + close(hc->conn_fd); +} +#endif + +/* CGI child process. */ + +#ifdef CONFIG_THTTPD_CGI_PATTERN +static void cgi_child(httpd_conn * hc) +{ + int r; + char **argp; + char **envp; + char *binary; + char *directory; + + /* Unset close-on-exec flag for this socket. This actually shouldn't be + * necessary, according to POSIX a dup()'d file descriptor does *not* + * inherit the close-on-exec flag, its flag is always clear. However, + * Linux messes this up and does copy the flag to the dup()'d descriptor, + * so we have to clear it. This could be ifdeffed for Linux only. + */ + + (void)fcntl(hc->conn_fd, F_SETFD, 0); + + /* If the socket happens to be using one of the stdin/stdout/stderr + * descriptors, move it to another descriptor so that the dup2 calls below + * don't screw things up. We arbitrarily pick fd 3 - if there was already + * something on it, we clobber it, but that doesn't matter since at this + * point the only fd of interest is the connection. All others will be + * closed on exec. + */ + + if (hc->conn_fd == STDIN_FILENO || hc->conn_fd == STDOUT_FILENO || + hc->conn_fd == STDERR_FILENO) + { + int newfd = dup2(hc->conn_fd, STDERR_FILENO + 1); + if (newfd >= 0) + { + hc->conn_fd = newfd; + } + + /* If the dup2 fails, shrug. We'll just take our chances. Shouldn't + * happen though. + */ + } + + /* Make the environment vector. */ + + envp = make_envp(hc); + + /* Make the argument vector. */ + + argp = make_argp(hc); + + /* Set up stdin. For POSTs we may have to set up a pipe from an + * interposer process, depending on if we've read some of the data into + * our buffer. + */ + + if (hc->method == METHOD_POST && hc->read_idx > hc->checked_idx) + { + int p[2]; + + if (pipe(p) < 0) + { + ndbg("pipe: %d\n", errno); + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + httpd_write_response(hc); + exit(1); + } + + r = fork(); + if (r < 0) + { + ndbg("fork: %d\n", errno); + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + httpd_write_response(hc); + exit(1); + } + + if (r == 0) + { + /* Interposer process. */ + + (void)close(p[0]); + cgi_interpose_input(hc, p[1]); + exit(0); + } + + /* Need to schedule a kill for process r; but in the main process! */ + + (void)close(p[1]); + if (p[0] != STDIN_FILENO) + { + (void)dup2(p[0], STDIN_FILENO); + (void)close(p[0]); + } + } + else + { + /* Otherwise, the request socket is stdin. */ + + if (hc->conn_fd != STDIN_FILENO) + { + (void)dup2(hc->conn_fd, STDIN_FILENO); + } + } + + /* Set up stdout/stderr. If we're doing CGI header parsing, we need an + * output interposer too. + */ + + if (strncmp(argp[0], "nph-", 4) != 0 && hc->mime_flag) + { + int p[2]; + + if (pipe(p) < 0) + { + ndbg("pipe: %d\n", errno); + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + httpd_write_response(hc); + exit(1); + } + + r = fork(); + if (r < 0) + { + ndbg("fork: %d\n", errno); + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + httpd_write_response(hc); + exit(1); + } + + if (r == 0) + { + /* Interposer process. */ + + (void)close(p[1]); + cgi_interpose_output(hc, p[0]); + exit(0); + } + + /* Need to schedule a kill for process r; but in the main process! */ + + (void)close(p[0]); + if (p[1] != STDOUT_FILENO) + { + (void)dup2(p[1], STDOUT_FILENO); + } + + if (p[1] != STDERR_FILENO) + { + (void)dup2(p[1], STDERR_FILENO); + } + + if (p[1] != STDOUT_FILENO && p[1] != STDERR_FILENO) + { + (void)close(p[1]); + } + } + else + { + /* Otherwise, the request socket is stdout/stderr. */ + + if (hc->conn_fd != STDOUT_FILENO) + { + (void)dup2(hc->conn_fd, STDOUT_FILENO); + } + + if (hc->conn_fd != STDERR_FILENO) + { + (void)dup2(hc->conn_fd, STDERR_FILENO); + } + } + + /* At this point we would like to set close-on-exec again for hc->conn_fd + * (see previous comments on Linux's broken behavior re: close-on-exec and + * dup.) Unfortunately there seems to be another Linux problem, or perhaps + * a different aspect of the same problem - if we do this close-on-exec in + * Linux, the socket stays open but stderr gets closed - the last fd duped + * from the socket. What a mess. So we'll just leave the socket as is, + * which under other OSs means an extra file descriptor gets passed to the + * child process. Since the child probably already has that file open via + * stdin stdout and/or stderr, this is not a problem. + */ + + /* Split the program into directory and binary, so we can chdir() to the + * program's own directory. This isn't in the CGI 1.1 spec, but it's what + * other HTTP servers do. + */ + + directory = strdup(hc->expnfilename); + if (!directory) + { + binary = hc->expnfilename; /* ignore errors */ + } + else + { + binary = strrchr(directory, '/'); + if (!binary) + { + binary = hc->expnfilename; + } + else + { + *binary++ = '\0'; + (void)chdir(directory); /* ignore errors */ + } + } + + /* Run the program. */ + + (void)execve(binary, argp, envp); + + /* Something went wrong. */ + + ndbg("execve %s: %d\n", hc->expnfilename, errno); + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + httpd_write_response(hc); + exit(1); +} +#endif /* CONFIG_THTTPD_CGI_PATTERN */ + +#ifdef CONFIG_THTTPD_CGI_PATTERN +static int cgi(httpd_conn * hc) +{ +#if CONFIG_THTTPD_CGI_TIMELIMIT > 0 + ClientData client_data; +#endif + int r; + + if (hc->method == METHOD_GET || hc->method == METHOD_POST) + { +#ifdef CONFIG_THTTPD_CGILIMIT + if (hc->hs->cgi_count >= CONFIG_THTTPD_CGILIMIT) + { + httpd_send_err(hc, 503, httpd_err503title, "", httpd_err503form, + hc->encodedurl); + return -1; + } +#endif + ++hc->hs->cgi_count; + httpd_clear_ndelay(hc->conn_fd); + + r = fork(); + if (r < 0) + { + ndbg("fork: %d\n", errno); + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + return -1; + } + else if (r == 0) + { + /* Child process. */ + + httpd_unlisten(hc->hs); + cgi_child(hc); + } + + /* Parent process. */ + + ndbg("spawned CGI process %d for file '%s'\n", r, hc->expnfilename); + +#if CONFIG_THTTPD_CGI_TIMELIMIT > 0 + /* Schedule a kill for the child process, in case it runs too long */ + + client_data.i = r; + if (tmr_create((struct timeval *)0, cgi_kill, client_data, CONFIG_THTTPD_CGI_TIMELIMIT * 1000L, 0) == (Timer *) 0) + { + ndbg("tmr_create(cgi_kill child) failed\n"); + exit(1); + } +#endif + + hc->status = 200; + hc->bytes_sent = CONFIG_THTTPD_CGI_BYTECOUNT; + hc->should_linger = FALSE; + } + else + { + httpd_send_err(hc, 501, err501title, "", err501form, httpd_method_str(hc->method)); + return -1; + } + + return 0; +} +#endif + +static int really_start_request(httpd_conn * hc, struct timeval *nowP) +{ + static char *indexname; + static size_t maxindexname = 0; + static const char *index_names[] = { CONFIG_THTTPD_INDEX_NAMES }; + int i; +#ifdef CONFIG_THTTPD_AUTH_FILE + static char *dirname; + static size_t maxdirname = 0; +#endif /* CONFIG_THTTPD_AUTH_FILE */ + size_t expnlen, indxlen; + char *cp; + char *pi; + + expnlen = strlen(hc->expnfilename); + + if (hc->method != METHOD_GET && hc->method != METHOD_HEAD && + hc->method != METHOD_POST) + { + httpd_send_err(hc, 501, err501title, "", err501form, + httpd_method_str(hc->method)); + return -1; + } + + /* Stat the file. */ + if (stat(hc->expnfilename, &hc->sb) < 0) + { + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + return -1; + } + + /* Is it world-readable or world-executable? We check explicitly instead + * of just trying to open it, so that no one ever gets surprised by a file + * that's not set world-readable and yet somehow is readable by the HTTP + * server and therefore the *whole* world. + */ + + if (!(hc->sb.st_mode & (S_IROTH | S_IXOTH))) + { + ndbg("%s URL \"%s\" resolves to a non world-readable file\n", + httpd_ntoa(&hc->client_addr), hc->encodedurl); + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "The requested URL '%s' resolves to a file that is not world-readable.\n"), + hc->encodedurl); + return -1; + } + + /* Is it a directory? */ + + if (S_ISDIR(hc->sb.st_mode)) + { + /* If there's pathinfo, it's just a non-existent file. */ + + if (hc->pathinfo[0] != '\0') + { + httpd_send_err(hc, 404, err404title, "", err404form, hc->encodedurl); + return -1; + } + + /* Special handling for directory URLs that don't end in a slash. We + * send back an explicit redirect with the slash, because otherwise + * many clients can't build relative URLs properly. + */ + + if (strcmp(hc->origfilename, "") != 0 && + strcmp(hc->origfilename, ".") != 0 && + hc->origfilename[strlen(hc->origfilename) - 1] != '/') + { + send_dirredirect(hc); + return -1; + } + + /* Check for an index file. */ + + for (i = 0; i < sizeof(index_names) / sizeof(char *); ++i) + { + httpd_realloc_str(&indexname, &maxindexname, + expnlen + 1 + strlen(index_names[i])); + (void)strcpy(indexname, hc->expnfilename); + indxlen = strlen(indexname); + if (indxlen == 0 || indexname[indxlen - 1] != '/') + { + (void)strcat(indexname, "/"); + } + + if (strcmp(indexname, "./") == 0) + { + indexname[0] = '\0'; + } + + (void)strcat(indexname, index_names[i]); + if (stat(indexname, &hc->sb) >= 0) + { + goto got_one; + } + } + + /* Nope, no index file, so it's an actual directory request. */ +#ifdef GENERATE_INDEXES + /* Directories must be readable for indexing. */ + if (!(hc->sb.st_mode & S_IROTH)) + { + ndbg("%s URL \"%s\" tried to index a directory with indexing disabled\n", + httpd_ntoa(&hc->client_addr), hc->encodedurl); + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "The requested URL '%s' resolves to a directory that has indexing disabled.\n"), + hc->encodedurl); + return -1; + } +# ifdef CONFIG_THTTPD_AUTH_FILE + /* Check authorization for this directory. */ + + if (auth_check(hc, hc->expnfilename) == -1) + { + return -1; + } +# endif /* CONFIG_THTTPD_AUTH_FILE */ + + /* Referer check. */ + + if (!check_referer(hc)) + { + return -1; + } + + /* Ok, generate an index. */ + return ls(hc); +#else /* GENERATE_INDEXES */ + ndbg("%s URL \"%s\" tried to index a directory\n", + httpd_ntoa(&hc->client_addr), hc->encodedurl); + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "The requested URL '%s' is a directory, and directory indexing is disabled on this server.\n"), + hc->encodedurl); + return -1; +#endif /* GENERATE_INDEXES */ + + got_one: + + /* Got an index file. Expand again. More pathinfo means + * something went wrong. + */ + + cp = expand_filename(indexname, &pi, hc->tildemapped); + if (cp == (char *)0 || pi[0] != '\0') + { + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + return -1; + } + + expnlen = strlen(cp); + httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, expnlen); + (void)strcpy(hc->expnfilename, cp); + + /* Now, is the index version world-readable or world-executable? */ + + if (!(hc->sb.st_mode & (S_IROTH | S_IXOTH))) + { + ndbg("%s URL \"%s\" resolves to a non-world-readable index file\n", + httpd_ntoa(&hc->client_addr), hc->encodedurl); + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "The requested URL '%s' resolves to an index file that is not world-readable.\n"), + hc->encodedurl); + return -1; + } + } + + /* Check authorization for this directory. */ + +#ifdef CONFIG_THTTPD_AUTH_FILE + httpd_realloc_str(&dirname, &maxdirname, expnlen); + (void)strcpy(dirname, hc->expnfilename); + cp = strrchr(dirname, '/'); + if (!cp) + { + (void)strcpy(dirname, "."); + } + else + { + *cp = '\0'; + } + + if (auth_check(hc, dirname) == -1) + { + return -1; + } + + /* Check if the filename is the CONFIG_THTTPD_AUTH_FILE itself - that's verboten. */ + + if (expnlen == sizeof(CONFIG_THTTPD_AUTH_FILE) - 1) + { + if (strcmp(hc->expnfilename, CONFIG_THTTPD_AUTH_FILE) == 0) + { + ndbg("%s URL \"%s\" tried to retrieve an auth file\n", + httpd_ntoa(&hc->client_addr), hc->encodedurl); + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "The requested URL '%s' is an authorization file, retrieving it is not permitted.\n"), + hc->encodedurl); + return -1; + } + } + else if (expnlen >= sizeof(CONFIG_THTTPD_AUTH_FILE) && + strcmp(&(hc->expnfilename[expnlen - sizeof(CONFIG_THTTPD_AUTH_FILE) + 1]), + CONFIG_THTTPD_AUTH_FILE) == 0 && + hc->expnfilename[expnlen - sizeof(CONFIG_THTTPD_AUTH_FILE)] == '/') + { + ndbg("%s URL \"%s\" tried to retrieve an auth file\n", + httpd_ntoa(&hc->client_addr), hc->encodedurl); + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "The requested URL '%s' is an authorization file, retrieving it is not permitted.\n"), + hc->encodedurl); + return -1; + } +#endif /* CONFIG_THTTPD_AUTH_FILE */ + + /* Referer check. */ + + if (!check_referer(hc)) + return -1; + + /* Is it in the CGI area? */ + +#ifdef CONFIG_THTTPD_CGI_PATTERN + if (match(CONFIG_THTTPD_CGI_PATTERN, hc->expnfilename)) + { + return cgi(hc); + } +#endif + + /* It's not CGI. If it's executable or there's pathinfo, someone's trying + * to either serve or run a non-CGI file as CGI. Either case is + * prohibited. + */ + + if (hc->sb.st_mode & S_IXOTH) + { + ndbg("%s URL \"%s\" is executable but isn't CGI\n", + httpd_ntoa(&hc->client_addr), hc->encodedurl); + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "The requested URL '%s' resolves to a file which is marked executable but is not a CGI file; retrieving it is forbidden.\n"), + hc->encodedurl); + return -1; + } + + if (hc->pathinfo[0] != '\0') + { + ndbg("%s URL \"%s\" has pathinfo but isn't CGI\n", + httpd_ntoa(&hc->client_addr), hc->encodedurl); + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "The requested URL '%s' resolves to a file plus CGI-style pathinfo, but the file is not a valid CGI file.\n"), + hc->encodedurl); + return -1; + } + + /* Fill in range_end, if necessary. */ + + if (hc->got_range && + (hc->range_end == -1 || hc->range_end >= hc->sb.st_size)) + { + hc->range_end = hc->sb.st_size - 1; + } + + figure_mime(hc); + + if (hc->method == METHOD_HEAD) + { + send_mime(hc, 200, ok200title, hc->encodings, "", hc->type, + hc->sb.st_size, hc->sb.st_mtime); + } + else if (hc->if_modified_since != (time_t) - 1 && + hc->if_modified_since >= hc->sb.st_mtime) + { + send_mime(hc, 304, err304title, hc->encodings, "", hc->type, (off_t) - 1, + hc->sb.st_mtime); + } + else + { + hc->file_fd = open(hc->expnfilename, O_RDONLY); + if (!hc->file_fd < 0) + { + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + return -1; + } + send_mime(hc, 200, ok200title, hc->encodings, "", hc->type, + hc->sb.st_size, hc->sb.st_mtime); + } + + return 0; +} + +/* Returns 1 if ok to serve the url, 0 if not. */ + +static int check_referer(httpd_conn * hc) +{ + /* Are we doing referer checking at all? */ + +#ifdef CONFIG_THTTPD_URLPATTERN + int r; + char *cp; + + r = really_check_referer(hc); + + if (!r) + { +#ifdef CONFIG_THTTPD_VHOST + if (hc->vhostname != NULL) + { + cp = hc->vhostname; + } + else +#endif + { + cp = hc->hs->server_hostname; + } + + if (cp == NULL) + { + cp = ""; + } + + ndbg("%s non-local referer \"%s%s\" \"%s\"\n", + httpd_ntoa(&hc->client_addr), cp, hc->encodedurl, hc->referer); + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "You must supply a local referer to get URL '%s' from this server.\n"), + hc->encodedurl); + } + return r; +#else + return 1; +#endif +} + +/* Returns 1 if ok to serve the url, 0 if not. */ + +#ifdef CONFIG_THTTPD_URLPATTERN +static int really_check_referer(httpd_conn * hc) +{ + httpd_server *hs; + char *cp1; + char *cp2; + char *cp3; + static char *refhost = (char *)0; + static size_t refhost_size = 0; + char *lp; + + hs = hc->hs; + + /* Check for an empty referer. */ + + if (hc->referer == NULL || hc->referer[0] == '\0' || + (cp1 = strstr(hc->referer, "//")) == NULL) + { + /* Disallow if the url matches. */ + + if (match(CONFIG_THTTPD_URLPATTERN, hc->origfilename)) + { + return 0; + } + + /* Otherwise ok. */ + + return 1; + } + + /* Extract referer host. */ + + cp1 += 2; + for (cp2 = cp1; *cp2 != '/' && *cp2 != ':' && *cp2 != '\0'; ++cp2) + { + continue; + } + + httpd_realloc_str(&refhost, &refhost_size, cp2 - cp1); + for (cp3 = refhost; cp1 < cp2; ++cp1, ++cp3) + if (isupper(*cp1)) + { + *cp3 = tolower(*cp1); + } + else + { + *cp3 = *cp1; + } + *cp3 = '\0'; + + /* Local pattern? */ + +#ifdef CONFIG_THTTPD_LOCALPATTERN + lp = CONFIG_THTTPD_LOCALPATTERN; +#else + + /* No local pattern. What's our hostname? */ + +#ifndef CONFIG_THTTPD_VHOST + /* Not vhosting, use the server name. */ + + lp = hs->server_hostname; + if (!lp) + { + /* Couldn't figure out local hostname - give up. */ + + return 1; + } + +#else + /* We are vhosting, use the hostname on this connection. */ + + lp = hc->vhostname; + if (!lp) + { + /* Oops, no hostname. Maybe it's an old browser that doesn't + * send a Host: header. We could figure out the default + * hostname for this IP address, but it's not worth it for the + * few requests like this. + */ + + return 1; + } +#endif /* CONFIG_THTTPD_VHOST */ +#endif /* CONFIG_THTTPD_LOCALPATTERN */ + + /* If the referer host doesn't match the local host pattern, and the + * filename does match the url pattern, it's an illegal reference. + */ + +#ifdef CONFIG_THTTPD_URLPATTERN + if (!match(lp, refhost) && match(CONFIG_THTTPD_URLPATTERN, hc->origfilename)) + { + return 0; + } +#endif + + /* Otherwise ok. */ + + return 1; +} +#endif /* CONFIG_THTTPD_URLPATTERN */ + +static int sockaddr_check(httpd_sockaddr * saP) +{ + switch (saP->sin_family) + { + case AF_INET: + return 1; + +#ifdef CONFIG_NET_IPv6 + case AF_INET6: + return 1; +#endif /* CONFIG_NET_IPv6 */ + + default: + return 0; + } +} + +static size_t sockaddr_len(httpd_sockaddr * saP) +{ + switch (saP->sin_family) + { + case AF_INET: + return sizeof(struct sockaddr_in); + +#ifdef CONFIG_NET_IPv6 + case AF_INET6: + return sizeof(struct sockaddr_in6); +#endif /* CONFIG_NET_IPv6 */ + + default: + break; + } + return 0; +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +httpd_server *httpd_initialize(httpd_sockaddr *sa, char *cwd) +{ + httpd_server *hs; + + /* Save the PID of the main thread */ + + main_thread = getpid(); + + /* Allocate the server structure */ + + hs = NEW(httpd_server, 1); + if (hs == (httpd_server *) 0) + { + ndbg("out of memory allocating an httpd_server\n"); + return (httpd_server *) 0; + } + +#ifdef CONFIG_THTTPD_HOSTNAME + hs->server_hostname = strdup(CONFIG_THTTPD_HOSTNAME); +#else + hs->server_hostname = strdup(httpd_ntoa(sa)); +#endif + + if (!hs->server_hostname) + { + ndbg("out of memory copying hostname\n"); + return NULL; + } + + hs->cgi_count = 0; + hs->cwd = strdup(cwd); + if (!hs->cwd) + { + ndbg("out of memory copying cwd\n"); + return (httpd_server *) 0; + } + + /* Initialize listen sockets */ + + hs->listen_fd = initialize_listen_socket(sa); + if (hs->listen_fd == -1) + { + free_httpd_server(hs); + return (httpd_server *) 0; + } + + init_mime(); + + /* Done initializing. */ + + ndbg("%s starting on port %d\n", CONFIG_THTTPD_SERVER_SOFTWARE, (int)CONFIG_THTTPD_PORT); + return hs; +} + +void httpd_terminate(httpd_server * hs) +{ + httpd_unlisten(hs); + free_httpd_server(hs); +} + +void httpd_unlisten(httpd_server * hs) +{ + if (hs->listen_fd != -1) + { + (void)close(hs->listen_fd); + hs->listen_fd = -1; + } +} + +/* Send the buffered response. */ + +void httpd_write_response(httpd_conn * hc) +{ + /* If we are in a sub-process, turn off no-delay mode. */ + + if (main_thread != getpid()) + { + httpd_clear_ndelay(hc->conn_fd); + } + + /* Send the response, if necessary. */ + + if (hc->buflen > 0) + { + (void)httpd_write(hc->conn_fd, hc->buffer, hc->buflen); + hc->buflen = 0; + } +} + +/* Set no-delay / non-blocking mode on a socket. */ + +void httpd_set_ndelay(int fd) +{ + int flags, newflags; + + flags = fcntl(fd, F_GETFL, 0); + if (flags != -1) + { + newflags = flags | (int)O_NDELAY; + if (newflags != flags) + (void)fcntl(fd, F_SETFL, newflags); + } +} + +/* Clear no-delay / non-blocking mode on a socket. */ + +void httpd_clear_ndelay(int fd) +{ + int flags, newflags; + + flags = fcntl(fd, F_GETFL, 0); + if (flags != -1) + { + newflags = flags & ~(int)O_NDELAY; + if (newflags != flags) + { + (void)fcntl(fd, F_SETFL, newflags); + } + } +} + +void httpd_realloc_str(char **strP, size_t * maxsizeP, size_t size) +{ + if (*maxsizeP == 0) + { + *maxsizeP = MAX(200, size + 100); + *strP = NEW(char, *maxsizeP + 1); + ++str_alloc_count; + str_alloc_size += *maxsizeP; + } + else if (size > *maxsizeP) + { + str_alloc_size -= *maxsizeP; + *maxsizeP = MAX(*maxsizeP * 2, size * 5 / 4); + *strP = RENEW(*strP, char, *maxsizeP + 1); + str_alloc_size += *maxsizeP; + } + else + { + return; + } + + if (!*strP) + { + ndbg("out of memory reallocating a string to %d bytes\n", *maxsizeP); + exit(1); + } +} + +void httpd_send_err(httpd_conn * hc, int status, char *title, char *extraheads, + char *form, char *arg) +{ +#ifdef CONFIG_THTTPD_ERROR_DIRECTORY + char filename[1000]; + + /* Try virtual host error page. */ + +#ifdef CONFIG_THTTPD_VHOST + if (hc->hostdir[0] != '\0') + { + (void)snprintf(filename, sizeof(filename), + "%s/%s/err%d.html", hc->hostdir, CONFIG_THTTPD_ERROR_DIRECTORY, status); + if (send_err_file(hc, status, title, extraheads, filename)) + { + return; + } + } +#endif + + /* Try server-wide error page. */ + + (void)snprintf(filename, sizeof(filename), + "%s/err%d.html", CONFIG_THTTPD_ERROR_DIRECTORY, status); + if (send_err_file(hc, status, title, extraheads, filename)) + { + return; + } + + /* Fall back on built-in error page. */ + + send_response(hc, status, title, extraheads, form, arg); + +#else /* CONFIG_THTTPD_ERROR_DIRECTORY */ + + send_response(hc, status, title, extraheads, form, arg); + +#endif /* CONFIG_THTTPD_ERROR_DIRECTORY */ +} + +char *httpd_method_str(int method) +{ + switch (method) + { + case METHOD_GET: + return "GET"; + + case METHOD_HEAD: + return "HEAD"; + + case METHOD_POST: + return "POST"; + + default: + return "UNKNOWN"; + } +} + +int httpd_get_conn(httpd_server * hs, int listen_fd, httpd_conn * hc) +{ + httpd_sockaddr sa; + socklen_t sz; + + if (!hc->initialized) + { + hc->read_size = 0; + httpd_realloc_str(&hc->read_buf, &hc->read_size, 500); + hc->maxdecodedurl = + hc->maxorigfilename = hc->maxexpnfilename = hc->maxencodings = + hc->maxpathinfo = hc->maxquery = hc->maxaccept = + hc->maxaccepte = hc->maxreqhost = hc->maxhostdir = + hc->maxremoteuser = 0; +#ifdef TILDE_MAP_2 + hc->maxaltdir = 0; +#endif /* TILDE_MAP_2 */ + httpd_realloc_str(&hc->decodedurl, &hc->maxdecodedurl, 1); + httpd_realloc_str(&hc->origfilename, &hc->maxorigfilename, 1); + httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, 0); + httpd_realloc_str(&hc->encodings, &hc->maxencodings, 0); + httpd_realloc_str(&hc->pathinfo, &hc->maxpathinfo, 0); + httpd_realloc_str(&hc->query, &hc->maxquery, 0); + httpd_realloc_str(&hc->accept, &hc->maxaccept, 0); + httpd_realloc_str(&hc->accepte, &hc->maxaccepte, 0); + httpd_realloc_str(&hc->reqhost, &hc->maxreqhost, 0); + httpd_realloc_str(&hc->hostdir, &hc->maxhostdir, 0); + httpd_realloc_str(&hc->remoteuser, &hc->maxremoteuser, 0); +#ifdef TILDE_MAP_2 + httpd_realloc_str(&hc->altdir, &hc->maxaltdir, 0); +#endif + hc->initialized = 1; + } + + /* Accept the new connection. */ + + sz = sizeof(sa); + hc->conn_fd = accept(listen_fd, (struct sockaddr*)&sa, &sz); + if (hc->conn_fd < 0) + { + if (errno == EWOULDBLOCK) + { + return GC_NO_MORE; + } + + ndbg("accept: %d\n", errno); + return GC_FAIL; + } + + if (!sockaddr_check(&sa)) + { + ndbg("unknown sockaddr family\n"); + close(hc->conn_fd); + hc->conn_fd = -1; + return GC_FAIL; + } + + (void)fcntl(hc->conn_fd, F_SETFD, 1); + hc->hs = hs; + (void)memset(&hc->client_addr, 0, sizeof(hc->client_addr)); + (void)memmove(&hc->client_addr, &sa, sockaddr_len(&sa)); + hc->read_idx = 0; + hc->checked_idx = 0; + hc->checked_state = CHST_FIRSTWORD; + hc->method = METHOD_UNKNOWN; + hc->status = 0; + hc->bytes_to_send = 0; + hc->bytes_sent = 0; + hc->encodedurl = ""; + hc->decodedurl[0] = '\0'; + hc->protocol = "UNKNOWN"; + hc->origfilename[0] = '\0'; + hc->expnfilename[0] = '\0'; + hc->encodings[0] = '\0'; + hc->pathinfo[0] = '\0'; + hc->query[0] = '\0'; + hc->referer = ""; + hc->useragent = ""; + hc->accept[0] = '\0'; + hc->accepte[0] = '\0'; + hc->acceptl = ""; + hc->cookie = ""; + hc->contenttype = ""; + hc->reqhost[0] = '\0'; + hc->hdrhost = ""; + hc->hostdir[0] = '\0'; + hc->authorization = ""; + hc->remoteuser[0] = '\0'; + hc->buffer[0] = '\0'; +#ifdef TILDE_MAP_2 + hc->altdir[0] = '\0'; +#endif /* TILDE_MAP_2 */ + hc->buflen = 0; + hc->if_modified_since = (time_t) - 1; + hc->range_if = (time_t) - 1; + hc->contentlength = -1; + hc->type = ""; +#ifdef CONFIG_THTTPD_VHOST + hc->vhostname = NULL; +#endif + hc->mime_flag = TRUE; + hc->one_one = FALSE; + hc->got_range = FALSE; + hc->tildemapped = FALSE; + hc->range_start = 0; + hc->range_end = -1; + hc->keep_alive = FALSE; + hc->should_linger = FALSE; + hc->file_fd = -1; + return GC_OK; +} + +/* Checks hc->read_buf to see whether a complete request has been read so far; + * either the first line has two words (an HTTP/0.9 request), or the first + * line has three words and there's a blank line present. + * + * hc->read_idx is how much has been read in; hc->checked_idx is how much we + * have checked so far; and hc->checked_state is the current state of the + * finite state machine. +*/ +int httpd_got_request(httpd_conn * hc) +{ + char c; + + for (; hc->checked_idx < hc->read_idx; ++hc->checked_idx) + { + c = hc->read_buf[hc->checked_idx]; + switch (hc->checked_state) + { + case CHST_FIRSTWORD: + switch (c) + { + case ' ': + case '\t': + hc->checked_state = CHST_FIRSTWS; + break; + + case '\012': + case '\015': + hc->checked_state = CHST_BOGUS; + return GR_BAD_REQUEST; + } + break; + + case CHST_FIRSTWS: + switch (c) + { + case ' ': + case '\t': + break; + + case '\012': + case '\015': + hc->checked_state = CHST_BOGUS; + return GR_BAD_REQUEST; + + default: + hc->checked_state = CHST_SECONDWORD; + break; + } + break; + + case CHST_SECONDWORD: + switch (c) + { + case ' ': + case '\t': + hc->checked_state = CHST_SECONDWS; + break; + + case '\012': + case '\015': + /* The first line has only two words - an HTTP/0.9 request. */ + return GR_GOT_REQUEST; + } + break; + + case CHST_SECONDWS: + switch (c) + { + case ' ': + case '\t': + break; + + case '\012': + case '\015': + hc->checked_state = CHST_BOGUS; + return GR_BAD_REQUEST; + + default: + hc->checked_state = CHST_THIRDWORD; + break; + } + break; + + case CHST_THIRDWORD: + switch (c) + { + case ' ': + case '\t': + hc->checked_state = CHST_THIRDWS; + break; + + case '\012': + hc->checked_state = CHST_LF; + break; + + case '\015': + hc->checked_state = CHST_CR; + break; + } + break; + + case CHST_THIRDWS: + switch (c) + { + case ' ': + case '\t': + break; + + case '\012': + hc->checked_state = CHST_LF; + break; + + case '\015': + hc->checked_state = CHST_CR; + break; + + default: + hc->checked_state = CHST_BOGUS; + return GR_BAD_REQUEST; + } + break; + + case CHST_LINE: + switch (c) + { + case '\012': + hc->checked_state = CHST_LF; + break; + + case '\015': + hc->checked_state = CHST_CR; + break; + } + break; + + case CHST_LF: + switch (c) + { + case '\012': + /* Two newlines in a row - a blank line - end of request. */ + + return GR_GOT_REQUEST; + + case '\015': + hc->checked_state = CHST_CR; + break; + + default: + hc->checked_state = CHST_LINE; + break; + } + break; + + case CHST_CR: + switch (c) + { + case '\012': + hc->checked_state = CHST_CRLF; + break; + + case '\015': + /* Two returns in a row - end of request. */ + + return GR_GOT_REQUEST; + + default: + hc->checked_state = CHST_LINE; + break; + } + break; + + case CHST_CRLF: + switch (c) + { + case '\012': + /* Two newlines in a row - end of request. */ + + return GR_GOT_REQUEST; + + case '\015': + hc->checked_state = CHST_CRLFCR; + break; + + default: + hc->checked_state = CHST_LINE; + break; + } + break; + + case CHST_CRLFCR: + switch (c) + { + case '\012': + case '\015': + /* Two CRLFs or two CRs in a row - end of request. */ + + return GR_GOT_REQUEST; + + default: + hc->checked_state = CHST_LINE; + break; + } + break; + + case CHST_BOGUS: + return GR_BAD_REQUEST; + } + } + return GR_NO_REQUEST; +} + +int httpd_parse_request(httpd_conn * hc) +{ + char *buf; + char *method_str; + char *url; + char *protocol; + char *reqhost; + char *eol; + char *cp; + char *pi; + + hc->checked_idx = 0; /* reset */ + method_str = bufgets(hc); + + url = strpbrk(method_str, " \t\012\015"); + if (!url) + { + httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); + return -1; + } + *url++ = '\0'; + url += strspn(url, " \t\012\015"); + + protocol = strpbrk(url, " \t\012\015"); + if (!protocol) + { + protocol = "HTTP/0.9"; + hc->mime_flag = FALSE; + } + else + { + *protocol++ = '\0'; + protocol += strspn(protocol, " \t\012\015"); + if (*protocol != '\0') + { + eol = strpbrk(protocol, " \t\012\015"); + if (eol) + { + *eol = '\0'; + } + + if (strcasecmp(protocol, "HTTP/1.0") != 0) + { + hc->one_one = TRUE; + } + } + } + hc->protocol = protocol; + + /* Check for HTTP/1.1 absolute URL. */ + + if (strncasecmp(url, "http://", 7) == 0) + { + if (!hc->one_one) + { + httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); + return -1; + } + + reqhost = url + 7; + url = strchr(reqhost, '/'); + if (!url) + { + httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); + return -1; + } + *url = '\0'; + + if (strchr(reqhost, '/') != (char *)0 || reqhost[0] == '.') + { + httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); + return -1; + } + + httpd_realloc_str(&hc->reqhost, &hc->maxreqhost, strlen(reqhost)); + (void)strcpy(hc->reqhost, reqhost); + *url = '/'; + } + + if (*url != '/') + { + httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); + return -1; + } + + if (strcasecmp(method_str, httpd_method_str(METHOD_GET)) == 0) + { + hc->method = METHOD_GET; + } + else if (strcasecmp(method_str, httpd_method_str(METHOD_HEAD)) == 0) + { + hc->method = METHOD_HEAD; + } + else if (strcasecmp(method_str, httpd_method_str(METHOD_POST)) == 0) + { + hc->method = METHOD_POST; + } + else + { + httpd_send_err(hc, 501, err501title, "", err501form, method_str); + return -1; + } + + hc->encodedurl = url; + httpd_realloc_str(&hc->decodedurl, &hc->maxdecodedurl, strlen(hc->encodedurl)); + strdecode(hc->decodedurl, hc->encodedurl); + + httpd_realloc_str(&hc->origfilename, &hc->maxorigfilename, strlen(hc->decodedurl)); + (void)strcpy(hc->origfilename, &hc->decodedurl[1]); + + /* Special case for top-level URL. */ + + if (hc->origfilename[0] == '\0') + { + (void)strcpy(hc->origfilename, "."); + } + + /* Extract query string from encoded URL. */ + + cp = strchr(hc->encodedurl, '?'); + if (cp) + { + ++cp; + httpd_realloc_str(&hc->query, &hc->maxquery, strlen(cp)); + (void)strcpy(hc->query, cp); + + /* Remove query from (decoded) origfilename. */ + + cp = strchr(hc->origfilename, '?'); + if (cp) + { + *cp = '\0'; + } + } + + de_dotdot(hc->origfilename); + if (hc->origfilename[0] == '/' || + (hc->origfilename[0] == '.' && hc->origfilename[1] == '.' && + (hc->origfilename[2] == '\0' || hc->origfilename[2] == '/'))) + { + httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); + return -1; + } + + if (hc->mime_flag) + { + /* Read the MIME headers. */ + while ((buf = bufgets(hc)) != NULL) + { + if (buf[0] == '\0') + { + break; + } + + if (strncasecmp(buf, "Referer:", 8) == 0) + { + cp = &buf[8]; + cp += strspn(cp, " \t"); + hc->referer = cp; + } + else if (strncasecmp(buf, "User-Agent:", 11) == 0) + { + cp = &buf[11]; + cp += strspn(cp, " \t"); + hc->useragent = cp; + } + else if (strncasecmp(buf, "Host:", 5) == 0) + { + cp = &buf[5]; + cp += strspn(cp, " \t"); + hc->hdrhost = cp; + cp = strchr(hc->hdrhost, ':'); + if (cp) + { + *cp = '\0'; + } + + if (strchr(hc->hdrhost, '/') != (char *)0 || + hc->hdrhost[0] == '.') + { + httpd_send_err(hc, 400, httpd_err400title, "", + httpd_err400form, ""); + return -1; + } + } + else if (strncasecmp(buf, "Accept:", 7) == 0) + { + cp = &buf[7]; + cp += strspn(cp, " \t"); + if (hc->accept[0] != '\0') + { + if (strlen(hc->accept) > 5000) + { + ndbg("%s way too much Accept: data\n", + httpd_ntoa(&hc->client_addr)); + continue; + } + httpd_realloc_str(&hc->accept, &hc->maxaccept, + strlen(hc->accept) + 2 + strlen(cp)); + (void)strcat(hc->accept, ", "); + } + else + { + httpd_realloc_str(&hc->accept, &hc->maxaccept, strlen(cp)); + } + (void)strcat(hc->accept, cp); + } + else if (strncasecmp(buf, "Accept-Encoding:", 16) == 0) + { + cp = &buf[16]; + cp += strspn(cp, " \t"); + if (hc->accepte[0] != '\0') + { + if (strlen(hc->accepte) > 5000) + { + ndbg("%s way too much Accept-Encoding: data\n", + httpd_ntoa(&hc->client_addr)); + continue; + } + httpd_realloc_str(&hc->accepte, &hc->maxaccepte, + strlen(hc->accepte) + 2 + strlen(cp)); + (void)strcat(hc->accepte, ", "); + } + else + { + httpd_realloc_str(&hc->accepte, &hc->maxaccepte, strlen(cp)); + } + (void)strcpy(hc->accepte, cp); + } + else if (strncasecmp(buf, "Accept-Language:", 16) == 0) + { + cp = &buf[16]; + cp += strspn(cp, " \t"); + hc->acceptl = cp; + } + else if (strncasecmp(buf, "If-Modified-Since:", 18) == 0) + { + cp = &buf[18]; + hc->if_modified_since = tdate_parse(cp); + if (hc->if_modified_since == (time_t) - 1) + ndbg("unparsable time: %s\n", cp); + } + else if (strncasecmp(buf, "Cookie:", 7) == 0) + { + cp = &buf[7]; + cp += strspn(cp, " \t"); + hc->cookie = cp; + } + else if (strncasecmp(buf, "Range:", 6) == 0) + { + /* Only support %d- and %d-%d, not %d-%d,%d-%d or -%d. */ + if (strchr(buf, ',') == NULL) + { + char *cp_dash; + cp = strpbrk(buf, "="); + if (cp) + { + cp_dash = strchr(cp + 1, '-'); + if (cp_dash != (char *)0 && cp_dash != cp + 1) + { + *cp_dash = '\0'; + hc->got_range = TRUE; + hc->range_start = atoll(cp + 1); + if (hc->range_start < 0) + { + hc->range_start = 0; + } + + if (isdigit((int)cp_dash[1])) + { + hc->range_end = atoll(cp_dash + 1); + if (hc->range_end < 0) + hc->range_end = -1; + } + } + } + } + } + else if (strncasecmp(buf, "Range-If:", 9) == 0 || + strncasecmp(buf, "If-Range:", 9) == 0) + { + cp = &buf[9]; + hc->range_if = tdate_parse(cp); + if (hc->range_if == (time_t) - 1) + { + ndbg("unparsable time: %s\n", cp); + } + } + else if (strncasecmp(buf, "Content-Type:", 13) == 0) + { + cp = &buf[13]; + cp += strspn(cp, " \t"); + hc->contenttype = cp; + } + else if (strncasecmp(buf, "Content-Length:", 15) == 0) + { + cp = &buf[15]; + hc->contentlength = atol(cp); + } + else if (strncasecmp(buf, "Authorization:", 14) == 0) + { + cp = &buf[14]; + cp += strspn(cp, " \t"); + hc->authorization = cp; + } + else if (strncasecmp(buf, "Connection:", 11) == 0) + { + cp = &buf[11]; + cp += strspn(cp, " \t"); + if (strcasecmp(cp, "keep-alive") == 0) + { + hc->keep_alive = TRUE; + } + } +#ifdef LOG_UNKNOWN_HEADERS + else if (strncasecmp(buf, "Accept-Charset:", 15) == 0 || + strncasecmp(buf, "Accept-Language:", 16) == 0 || + strncasecmp(buf, "Agent:", 6) == 0 || + strncasecmp(buf, "Cache-Control:", 14) == 0 || + strncasecmp(buf, "Cache-Info:", 11) == 0 || + strncasecmp(buf, "Charge-To:", 10) == 0 || + strncasecmp(buf, "Client-IP:", 10) == 0 || + strncasecmp(buf, "Date:", 5) == 0 || + strncasecmp(buf, "Extension:", 10) == 0 || + strncasecmp(buf, "Forwarded:", 10) == 0 || + strncasecmp(buf, "From:", 5) == 0 || + strncasecmp(buf, "HTTP-Version:", 13) == 0 || + strncasecmp(buf, "Max-Forwards:", 13) == 0 || + strncasecmp(buf, "Message-Id:", 11) == 0 || + strncasecmp(buf, "MIME-Version:", 13) == 0 || + strncasecmp(buf, "Negotiate:", 10) == 0 || + strncasecmp(buf, "Pragma:", 7) == 0 || + strncasecmp(buf, "Proxy-Agent:", 12) == 0 || + strncasecmp(buf, "Proxy-Connection:", 17) == 0 || + strncasecmp(buf, "Security-Scheme:", 16) == 0 || + strncasecmp(buf, "Session-Id:", 11) == 0 || + strncasecmp(buf, "UA-Color:", 9) == 0 || + strncasecmp(buf, "UA-CPU:", 7) == 0 || + strncasecmp(buf, "UA-Disp:", 8) == 0 || + strncasecmp(buf, "UA-OS:", 6) == 0 || + strncasecmp(buf, "UA-Pixels:", 10) == 0 || + strncasecmp(buf, "User:", 5) == 0 || + strncasecmp(buf, "Via:", 4) == 0 || + strncasecmp(buf, "X-", 2) == 0) + ; /* ignore */ + else + { + ndbg("unknown request header: %s\n", buf); + } +#endif /* LOG_UNKNOWN_HEADERS */ + } + } + + if (hc->one_one) + { + /* Check that HTTP/1.1 requests specify a host, as required. */ + + if (hc->reqhost[0] == '\0' && hc->hdrhost[0] == '\0') + { + httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); + return -1; + } + + /* If the client wants to do keep-alives, it might also be doing + * pipelining. There's no way for us to tell. Since we don't + * implement keep-alives yet, if we close such a connection there + * might be unread pipelined requests waiting. So, we have to do a + * lingering close. + */ + + if (hc->keep_alive) + { + hc->should_linger = TRUE; + } + } + + /* Ok, the request has been parsed. Now we resolve stuff that may require + * the entire request. + */ + + /* Copy original filename to expanded filename. */ + + httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, + strlen(hc->origfilename)); + (void)strcpy(hc->expnfilename, hc->origfilename); + + /* Tilde mapping. */ + + if (hc->expnfilename[0] == '~') + { +#ifdef TILDE_MAP_1 + if (!tilde_map_1(hc)) + { + httpd_send_err(hc, 404, err404title, "", err404form, hc->encodedurl); + return -1; + } +#endif /* TILDE_MAP_1 */ +#ifdef TILDE_MAP_2 + if (!tilde_map_2(hc)) + { + httpd_send_err(hc, 404, err404title, "", err404form, hc->encodedurl); + return -1; + } +#endif /* TILDE_MAP_2 */ + } + + /* Virtual host mapping. */ + +#ifdef CONFIG_THTTPD_VHOST + if (!vhost_map(hc)) + { + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + return -1; + } +#endif + + /* Expand all symbolic links in the filename. This also gives us any + * trailing non-existing components, for pathinfo. + */ + + cp = expand_filename(hc->expnfilename, &pi, hc->tildemapped); + if (!cp) + { + httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); + return -1; + } + + httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, strlen(cp)); + (void)strcpy(hc->expnfilename, cp); + httpd_realloc_str(&hc->pathinfo, &hc->maxpathinfo, strlen(pi)); + (void)strcpy(hc->pathinfo, pi); + + /* Remove pathinfo stuff from the original filename too. */ + + if (hc->pathinfo[0] != '\0') + { + int i; + i = strlen(hc->origfilename) - strlen(hc->pathinfo); + if (i > 0 && strcmp(&hc->origfilename[i], hc->pathinfo) == 0) + { + hc->origfilename[i - 1] = '\0'; + } + } + + /* If the expanded filename is an absolute path, check that it's still + * within the current directory or the alternate directory. + */ + + if (hc->expnfilename[0] == '/') + { + if (strncmp(hc->expnfilename, hc->hs->cwd, strlen(hc->hs->cwd)) == 0) + { + /* Elide the current directory. */ + + (void)strcpy(hc->expnfilename, &hc->expnfilename[strlen(hc->hs->cwd)]); + } +#ifdef TILDE_MAP_2 + else if (hc->altdir[0] != '\0' && + (strncmp(hc->expnfilename, hc->altdir, + strlen(hc->altdir)) == 0 && + (hc->expnfilename[strlen(hc->altdir)] == '\0' || + hc->expnfilename[strlen(hc->altdir)] == '/'))) + { + } +#endif /* TILDE_MAP_2 */ + else + { + ndbg("%s URL \"%s\" goes outside the web tree\n", + httpd_ntoa(&hc->client_addr), hc->encodedurl); + httpd_send_err(hc, 403, err403title, "", + ERROR_FORM(err403form, + "The requested URL '%s' resolves to a file outside the permitted web server directory tree.\n"), + hc->encodedurl); + return -1; + } + } + + return 0; +} + +void httpd_close_conn(httpd_conn * hc, struct timeval *nowP) +{ + if (hc->file_fd) + { + (void)close(hc->file_fd); + hc->file_fd = -1; + } + + if (hc->conn_fd >= 0) + { + (void)close(hc->conn_fd); + hc->conn_fd = -1; + } +} + +void httpd_destroy_conn(httpd_conn * hc) +{ + if (hc->initialized) + { + free((void *)hc->read_buf); + free((void *)hc->decodedurl); + free((void *)hc->origfilename); + free((void *)hc->expnfilename); + free((void *)hc->encodings); + free((void *)hc->pathinfo); + free((void *)hc->query); + free((void *)hc->accept); + free((void *)hc->accepte); + free((void *)hc->reqhost); + free((void *)hc->hostdir); + free((void *)hc->remoteuser); + free((void *)hc->buffer); +#ifdef TILDE_MAP_2 + free((void *)hc->altdir); +#endif /* TILDE_MAP_2 */ + hc->initialized = 0; + } +} + +int httpd_start_request(httpd_conn * hc, struct timeval *nowP) +{ + int r; + + /* Really start the request. */ + + r = really_start_request(hc, nowP); + + /* And return the status. */ + + return r; +} + +char *httpd_ntoa(httpd_sockaddr *saP) +{ +#ifdef CONFIG_NET_IPv6 + static char str[200]; + + if (getnameinfo + (&saP->sa, sockaddr_len(saP), str, sizeof(str), 0, 0, + NI_NUMERICHOST) != 0) + { + str[0] = '?'; + str[1] = '\0'; + } + else if (IN6_IS_ADDR_V4MAPPED(&saP->sa_in6.sin6_addr) && + strncmp(str, "::ffff:", 7) == 0) + { + /* Elide IPv6ish prefix for IPv4 addresses. */ + + (void)strcpy(str, &str[7]); + } + + return str; + +#else /* CONFIG_NET_IPv6 */ + + return inet_ntoa(saP->sin_addr); + +#endif /* CONFIG_NET_IPv6 */ +} + +/* Read to requested buffer, accounting for interruptions and EOF */ + +int httpd_read(int fd, const void *buf, size_t nbytes) +{ + ssize_t nread; + int ntotal; + + ntotal = 0; + do + { + nread = read(fd, (char*)buf + ntotal, nbytes - ntotal); + if (nread < 0) + { + if (errno == EAGAIN) + { + usleep(100000); /* 100MS */ + } + else if (errno != EINTR) + { + ndbg("Error sending: %d\n", errno); + return nread; + } + } + else + { + ntotal += nread; + } + } + while (ntotal < nbytes && nread != 0); + return ntotal; +} + +/* Write the requested buffer completely, accounting for interruptions */ + +int httpd_write(int fd, const void *buf, size_t nbytes) +{ + ssize_t nwritten; + int ntotal; + + ntotal = 0; + do + { + nwritten = write(fd, (char*)buf + ntotal, nbytes - ntotal); + if (nwritten < 0) + { + if (errno == EAGAIN) + { + usleep(100000); /* 100MS */ + } + else if (errno != EINTR) + { + ndbg("Error sending: %d\n", errno); + return nwritten; + } + } + else + { + ntotal += nwritten; + } + } + while (ntotal < nbytes); + return ntotal; +} + +/* Generate debugging statistics */ + +#if defined(CONFIG_DEBUG) && defined(CONFIG_DEBUG_NET) +void httpd_logstats(long secs) +{ + if (str_alloc_count > 0) + { + ndbg(" libhttpd - %d strings allocated, %lu bytes (%g bytes/str)\n", + str_alloc_count, (unsigned long)str_alloc_size, + (float)str_alloc_size / str_alloc_count); + } +} +#endif +#endif /* CONFIG_THTTPD */ + diff --git a/netutils/thttpd/libhttpd.h b/netutils/thttpd/libhttpd.h index ddd1e2d694..06d15bcfc4 100644 --- a/netutils/thttpd/libhttpd.h +++ b/netutils/thttpd/libhttpd.h @@ -53,22 +53,6 @@ * Pre-processor Definitions ****************************************************************************/ -#ifndef CONFIG_THTTPD_PORT -# define CONFIG_THTTPD_PORT 80 -#endif - -#ifndef CONFIG_THTTPD_CHARSET -# define CONFIG_THTTPD_CHARSET "iso-8859-1" -#endif - -#ifndef CONFIG_THTTPD_IOBUFFERSIZE -# define CONFIG_THTTPD_IOBUFFERSIZE 256 -#endif - -#if CONFIG_THTTPD_IOBUFFERSIZE > 65535 -# error "Can't use uint16 for buffer" -#endif - /* A few convenient defines. */ #ifndef MAX @@ -117,15 +101,11 @@ /* A multi-family sockaddr. */ -typedef union -{ - struct sockaddr sa; #ifdef CONFIG_NET_IPv6 - struct sockaddr_in6 sa_in6; +typedef struct sockaddr_in6 httpd_sockaddr; #else - struct sockaddr_in sa_in; -#endif /* CONFIG_NET_IPv6 */ -} httpd_sockaddr; +typedef struct sockaddr_in httpd_sockaddr; +#endif /* A server. */ @@ -212,11 +192,7 @@ typedef struct * Return (httpd_server*) 0 on error. */ -#ifdef CONFIG_NET_IPv6 -extern httpd_server *httpd_initialize(struct sockaddr_in6 *sa, char *cwd); -#else -extern httpd_server *httpd_initialize(struct sockaddr_in *sa, char *cwd); -#endif +extern httpd_server *httpd_initialize(httpd_sockaddr *sa, char *cwd); /* Call to unlisten/close socket(s) listening for new connections. */ diff --git a/netutils/thttpd/thttpd.c b/netutils/thttpd/thttpd.c index 2d45b611a8..e8b3ef9f70 100644 --- a/netutils/thttpd/thttpd.c +++ b/netutils/thttpd/thttpd.c @@ -54,36 +54,17 @@ #include -#include "version.h" +#include "config.h" #include "fdwatch.h" #include "libhttpd.h" #include "timers.h" +#ifdef CONFIG_THTTPD + /**************************************************************************** * Pre-processor Definitions ****************************************************************************/ -#ifndef CONFIG_THTTPD_IPADDR -# warning "CONFIG_THTTPD_IPADDR not defined" -# define CONFIG_THTTPD_IPADDR (10<<24|0<<16|0<<8|2) -#endif - -#ifndef CONFIG_THTTPD_LINGER_MSEC -# define CONFIG_THTTPD_LINGER_MSEC 5000 -#endif - -#ifndef CONFIG_THTTPD_OCCASIONAL_MSEC -# define CONFIG_THTTPD_OCCASIONAL_MSEC 2000 -#endif - -#ifndef CONFIG_THTTPD_IDLE_READ_LIMIT_SEC -# define CONFIG_THTTPD_IDLE_READ_LIMIT_SEC 5 -#endif - -#ifndef CONFIG_THTTPD_IDLE_SEND_LIMIT_SEC -# define CONFIG_THTTPD_IDLE_SEND_LIMIT_SEC 5 -#endif - #ifndef MAXPATHLEN # define MAXPATHLEN 64 #endif @@ -944,4 +925,5 @@ int thttpd_main(int argc, char **argv) exit(0); } +#endif /* CONFIG_THTTPD */ diff --git a/netutils/thttpd/version.h b/netutils/thttpd/version.h deleted file mode 100644 index d3e56eaeb1..0000000000 --- a/netutils/thttpd/version.h +++ /dev/null @@ -1,50 +0,0 @@ -/**************************************************************************** - * netutils/thttpd/version.h - * Version definitions for THTTPD - * - * Based on version.h by Jef Poskanser which contained no copyright information. - * - * Copyright (C) 2009 Gregory Nutt. All rights reserved. - * Author: Gregory Nutt - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * 3. Neither the name NuttX nor the names of its contributors may be - * used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN - * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - ****************************************************************************/ - -#ifndef __NETUTILS_THTTPD_VERSION_H -#define __NETUTILS_THTTPD_VERSION_H - -/**************************************************************************** - * Pre-processor Definitions - ****************************************************************************/ - -#define SERVER_SOFTWARE "thttpd/2.25b 29dec2003-NuttX" -#define SERVER_ADDRESS "http://www.nuttx.org" - -#endif /* __NETUTILS_THTTPD_VERSION_H */ -