/**************************************************************************** * netutils/thttpd/libhttpd.c * HTTP Protocol Library * * Copyright (C) 2009 Gregory Nutt. All rights reserved. * Author: Gregory Nutt * * Derived from the file of the same name in the original THTTPD package: * * Copyright © 1995,1998,1999,2000,2001 by Jef Poskanzer . * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ****************************************************************************/ /**************************************************************************** * Included Files ****************************************************************************/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "config.h" #include "libhttpd.h" #include "timers.h" #include "tdate_parse.h" #include "fdwatch.h" #ifdef CONFIG_THTTPD /**************************************************************************** * Pre-processor Definitions ****************************************************************************/ #ifndef STDIN_FILENO # define STDIN_FILENO 0 #endif #ifndef STDOUT_FILENO # define STDOUT_FILENO 1 #endif #ifndef STDERR_FILENO # define STDERR_FILENO 2 #endif #define NAMLEN(dirent) strlen((dirent)->d_name) extern char *crypt(const char *key, const char *setting); #ifndef MAX # define MAX(a,b) ((a) > (b) ? (a) : (b)) #endif #ifndef MIN # define MIN(a,b) ((a) < (b) ? (a) : (b)) #endif /* Conditional macro to allow two alternate forms for use in the built-in * error pages. If EXPLICIT_ERROR_PAGES is defined, the second and more * explicit error form is used; otherwise, the first and more generic * form is used. */ #ifdef EXPLICIT_ERROR_PAGES # define ERROR_FORM(a,b) b #else # define ERROR_FORM(a,b) a #endif /**************************************************************************** * Private Types ****************************************************************************/ #ifdef CONFIG_THTTPD_CGI_PATTERN enum cgi_outbuffer_e { CGI_OUTBUFFER_READHEADER = 0, CGI_OUTBUFFER_HEADERREAD, CGI_OUTBUFFER_HEADERSENT, CGI_OUTBUFFER_READDATA, CGI_OUTBUFFER_DONE, }; struct cgi_outbuffer_s { enum cgi_outbuffer_e state; char *buffer; size_t size; size_t len; }; #endif /**************************************************************************** * Private Function Prototypes ****************************************************************************/ static void free_httpd_server(httpd_server *hs); static int initialize_listen_socket(httpd_sockaddr *saP); static void add_response(httpd_conn *hc, char *str); static void send_mime(httpd_conn *hc, int status, char *title, char *encodings, char *extraheads, char *type, off_t length, time_t mod); static void send_response(httpd_conn *hc, int status, char *title, char *extraheads, char *form, char *arg); static void send_response_tail(httpd_conn *hc); static void defang(char *str, char *dfstr, int dfsize); #ifdef CONFIG_THTTPD_ERROR_DIRECTORY static int send_err_file(httpd_conn *hc, int status, char *title, char *extraheads, char *filename); #endif #ifdef CONFIG_THTTPD_AUTH_FILE static void send_authenticate(httpd_conn *hc, char *realm); static int b64_decode(const char *str, unsigned char *space, int size); static int auth_check(httpd_conn *hc, char *dirname); static int auth_check2(httpd_conn *hc, char *dirname); #endif static void send_dirredirect(httpd_conn *hc); static int hexit(char c); static void strdecode(char *to, char *from); #ifdef CONFIG_THTTPD_GENERATE_INDICES static void strencode(char *to, int tosize, char *from); #endif #ifdef CONFIG_THTTPD_TILDE_MAP1 static int CONFIG_THTTPD_TILDE_MAP1(httpd_conn *hc); #endif #ifdef CONFIG_THTTPD_TILDE_MAP2 static int CONFIG_THTTPD_TILDE_MAP2(httpd_conn *hc); #endif #ifdef CONFIG_THTTPD_VHOST static int vhost_map(httpd_conn *hc); #endif static char *expand_filename(char *path, char **restP, boolean tildemapped); static char *bufgets(httpd_conn *hc); static void de_dotdot(char *file); static void init_mime(void); static void figure_mime(httpd_conn *hc); #if CONFIG_THTTPD_CGI_TIMELIMIT > 0 static void cgi_kill2(ClientData client_data, struct timeval *nowP); static void cgi_kill(ClientData client_data, struct timeval *nowP); #endif #ifdef CONFIG_THTTPD_GENERATE_INDICES static void ls_child(int argc, char **argv); static int ls(httpd_conn *hc); #endif #ifdef SERVER_NAME_LIST static char *hostname_map(char *hostname); #endif /* CGI Support */ #ifdef CONFIG_THTTPD_CGI_PATTERN static void create_environment(httpd_conn *hc); static char **make_argp(httpd_conn *hc); static inline int cgi_interpose_input(httpd_conn *hc, int wfd, char *buffer); static inline int cgi_interpose_output(httpd_conn *hc, int rfd, char *inbuffer, struct cgi_outbuffer_s *hdr); static int cgi_child(int argc, char **argv); static int cgi(httpd_conn *hc); #endif static int really_start_request(httpd_conn *hc, struct timeval *nowP); static int check_referer(httpd_conn *hc); #ifdef CONFIG_THTTPD_URLPATTERN static int really_check_referer(httpd_conn *hc); #endif static int sockaddr_check(httpd_sockaddr * saP); static size_t sockaddr_len(httpd_sockaddr * saP); /**************************************************************************** * Private Data ****************************************************************************/ /* This global keeps track of whether we are in the main process or a * sub-process. The reason is that httpd_write_response() can get called * in either context; when it is called from the main process it must use * non-blocking I/O to avoid stalling the server, but when it is called * from a sub-process it wants to use blocking I/O so that the whole * response definitely gets written. So, it checks this variable. A bit * of a hack but it seems to do the right thing. */ static pid_t main_thread; static int str_alloc_count = 0; static size_t str_alloc_size = 0; /* Include MIME encodings and types */ #include "mime_types.h" /**************************************************************************** * HTTP Strings ****************************************************************************/ static char *ok200title = "OK"; static char *ok206title = "Partial Content"; static char *err302title = "Found"; static char *err302form = "The actual URL is '%s'.\n"; static char *err304title = "Not Modified"; char *httpd_err400title = "Bad Request"; char *httpd_err400form = "Your request has bad syntax or is inherently impossible to satisfy.\n"; #ifdef CONFIG_THTTPD_AUTH_FILE static char *err401title = "Unauthorized"; static char *err401form = "Authorization required for the URL '%s'.\n"; #endif static char *err403title = "Forbidden"; #ifndef EXPLICIT_ERROR_PAGES static char *err403form = "You do not have permission to get URL '%s' from this server.\n"; #endif static char *err404title = "Not Found"; static char *err404form = "The requested URL '%s' was not found on this server.\n"; char *httpd_err408title = "Request Timeout"; char *httpd_err408form = "No request appeared within a reasonable time period.\n"; static char *err500title = "Internal Error"; static char *err500form = "There was an unusual problem serving the requested URL '%s'.\n"; static char *err501title = "Not Implemented"; static char *err501form = "The requested method '%s' is not implemented by this server.\n"; char *httpd_err503title = "Service Temporarily Overloaded"; char *httpd_err503form = "The requested URL '%s' is temporarily overloaded. Please try again later.\n"; /**************************************************************************** * Private Functions ****************************************************************************/ static void free_httpd_server(httpd_server * hs) { if (hs->binding_hostname) { free((void *)hs->binding_hostname); } if (hs->cwd) { free((void *)hs->cwd); } free((void *)hs); } static int initialize_listen_socket(httpd_sockaddr *saP) { int listen_fd; int on; int flags; /* Check sockaddr. */ if (!sockaddr_check(saP)) { ndbg("unknown sockaddr family on listen socket\n"); return -1; } /* Create socket. */ listen_fd = socket(saP->sin_family, SOCK_STREAM, 0); if (listen_fd < 0) { ndbg("socket %s: %d\n", httpd_ntoa(saP), errno); return -1; } /* Allow reuse of local addresses. */ on = 1; if (setsockopt(listen_fd, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)) < 0) { ndbg("setsockopt SO_REUSEADDR: %d\n", errno); } /* Bind to it. */ if (bind(listen_fd, (struct sockaddr*)&saP, sockaddr_len(saP)) < 0) { ndbg("bind %s: %d\n", httpd_ntoa(saP), errno); (void)close(listen_fd); return -1; } /* Set the listen file descriptor to no-delay / non-blocking mode. */ flags = fcntl(listen_fd, F_GETFL, 0); if (flags == -1) { ndbg("fcntl F_GETFL: %d\n", errno); (void)close(listen_fd); return -1; } if (fcntl(listen_fd, F_SETFL, flags | O_NDELAY) < 0) { ndbg("fcntl O_NDELAY: %d\n", errno); (void)close(listen_fd); return -1; } /* Start a listen going. */ if (listen(listen_fd, CONFIG_THTTPD_LISTEN_BACKLOG) < 0) { ndbg("listen: %d\n", errno); (void)close(listen_fd); return -1; } return listen_fd; } /* Append a string to the buffer waiting to be sent as response. */ static void add_response(httpd_conn *hc, char *str) { int resplen; int len; len = strlen(str); resplen = hc->buflen + len; DEBUGASSERT(resplen < CONFIG_THTTPD_IOBUFFERSIZE); if (resplen > CONFIG_THTTPD_IOBUFFERSIZE) { resplen = CONFIG_THTTPD_IOBUFFERSIZE; len = resplen - hc->buflen; } memcpy(&(hc->buffer[hc->buflen]), str, len); hc->buflen = resplen; } static void send_mime(httpd_conn *hc, int status, char *title, char *encodings, char *extraheads, char *type, off_t length, time_t mod) { struct timeval now; const char *rfc1123fmt = "%a, %d %b %Y %H:%M:%S GMT"; char nowbuf[100]; char modbuf[100]; #ifdef CONFIG_THTTPD_MAXAGE time_t expires; char expbuf[100]; #endif char fixed_type[500]; char buf[1000]; int partial_content; int s100; hc->status = status; hc->bytes_to_send = length; if (hc->mime_flag) { if (status == 200 && hc->got_range && (hc->range_end >= hc->range_start) && ((hc->range_end != length - 1) || (hc->range_start != 0)) && (hc->range_if == (time_t) - 1 || hc->range_if == hc->sb.st_mtime)) { partial_content = 1; hc->status = status = 206; title = ok206title; } else { partial_content = 0; hc->got_range = FALSE; } gettimeofday(&now, NULL); if (mod == (time_t) 0) { mod = now.tv_sec; } (void)strftime(nowbuf, sizeof(nowbuf), rfc1123fmt, gmtime(&now.tv_sec)); (void)strftime(modbuf, sizeof(modbuf), rfc1123fmt, gmtime(&mod)); (void)snprintf(fixed_type, sizeof(fixed_type), type, CONFIG_THTTPD_CHARSET); (void)snprintf(buf, sizeof(buf), "%.20s %d %s\015\012" "Server: %s\015\012" "Content-Type: %s\015\012" "Date: %s\015\012" "Last-Modified: %s\015\012" "Accept-Ranges: bytes\015\012" "Connection: close\015\012", hc->protocol, status, title, "thttpd", fixed_type, nowbuf, modbuf); add_response(hc, buf); s100 = status / 100; if (s100 != 2 && s100 != 3) { (void)snprintf(buf, sizeof(buf), "Cache-Control: no-cache,no-store\015\012"); add_response(hc, buf); } if (encodings[0] != '\0') { (void)snprintf(buf, sizeof(buf), "Content-Encoding: %s\015\012", encodings); add_response(hc, buf); } if (partial_content) { (void)snprintf(buf, sizeof(buf), "Content-Range: bytes %lld-%lld/%lld\015\012" "Content-Length: %lld\015\012", (sint16) hc->range_start, (sint16) hc->range_end, (sint16) length, (sint16) (hc->range_end - hc->range_start + 1)); add_response(hc, buf); } else if (length >= 0) { (void)snprintf(buf, sizeof(buf), "Content-Length: %lld\015\012", (sint16) length); add_response(hc, buf); } #ifdef CONFIG_THTTPD_P3P (void)snprintf(buf, sizeof(buf), "P3P: %s\015\012", CONFIG_THTTPD_P3P); add_response(hc, buf); #endif #ifdef CONFIG_THTTPD_MAXAGE expires = now + CONFIG_THTTPD_MAXAGE; (void)strftime(expbuf, sizeof(expbuf), rfc1123fmt, gmtime(&expires)); (void)snprintf(buf, sizeof(buf), "Cache-Control: max-age=%d\015\012Expires: %s\015\012", CONFIG_THTTPD_MAXAGE, expbuf); add_response(hc, buf); #endif if (extraheads[0] != '\0') { add_response(hc, extraheads); } add_response(hc, "\015\012"); } } static void send_response(httpd_conn *hc, int status, char *title, char *extraheads, char *form, char *arg) { char defanged_arg[1000], buf[2000]; send_mime(hc, status, title, "", extraheads, "text/html; charset=%s", (off_t) - 1, (time_t) 0); (void)snprintf(buf, sizeof(buf), "\ \n\ %d %s\n\ \n\

%d %s

\n", status, title, status, title); add_response(hc, buf); defang(arg, defanged_arg, sizeof(defanged_arg)); (void)snprintf(buf, sizeof(buf), form, defanged_arg); add_response(hc, buf); if (match("**MSIE**", hc->useragent)) { int n; add_response(hc, "\n"); } send_response_tail(hc); } static void send_response_tail(httpd_conn *hc) { char buf[1000]; (void)snprintf(buf, sizeof(buf), "\
\n\
%s
\n\ \n\ \n", CONFIG_THTTPD_SERVER_ADDRESS, "thttpd"); add_response(hc, buf); } static void defang(char *str, char *dfstr, int dfsize) { char *cp1; char *cp2; for (cp1 = str, cp2 = dfstr; *cp1 != '\0' && cp2 - dfstr < dfsize - 5; ++cp1, ++cp2) { switch (*cp1) { case '<': *cp2++ = '&'; *cp2++ = 'l'; *cp2++ = 't'; *cp2 = ';'; break; case '>': *cp2++ = '&'; *cp2++ = 'g'; *cp2++ = 't'; *cp2 = ';'; break; default: *cp2 = *cp1; break; } } *cp2 = '\0'; } #ifdef CONFIG_THTTPD_ERROR_DIRECTORY static int send_err_file(httpd_conn *hc, int status, char *title, char *extraheads, char *filename) { FILE *fp; char buf[1000]; size_t nread; fp = fopen(filename, "r"); if (fp == (FILE *) 0) return 0; send_mime(hc, status, title, "", extraheads, "text/html; charset=%s", (off_t) - 1, (time_t) 0); for (;;) { nread = fread(buf, 1, sizeof(buf) - 1, fp); if (nread == 0) break; buf[nread] = '\0'; add_response(hc, buf); } (void)fclose(fp); #ifdef ERR_APPEND_SERVER_INFO send_response_tail(hc); #endif return 1; } #endif #ifdef CONFIG_THTTPD_AUTH_FILE static void send_authenticate(httpd_conn *hc, char *realm) { static char *header; static size_t maxheader = 0; static char headstr[] = "WWW-Authenticate: Basic realm=\""; httpd_realloc_str(&header, &maxheader, sizeof(headstr) + strlen(realm) + 3); (void)snprintf(header, maxheader, "%s%s\"\015\012", headstr, realm); httpd_send_err(hc, 401, err401title, header, err401form, hc->encodedurl); /* If the request was a POST then there might still be data to be read, so * we need to do a lingering close. */ if (hc->method == METHOD_POST) { hc->should_linger = TRUE; } } /* Base-64 decoding. This represents binary data as printable ASCII * characters. Three 8-bit binary bytes are turned into four 6-bit * values, like so: * * [11111111][22222222][33333333] -> [111111][112222][222233][333333] * * Then the 6-bit values are represented using the characters "A-Za-z0-9+/". */ static inline b64_charmap(char *ch) { char bin6; bin6 = -1; if (c == 0x20) /* ' ' */ { bin6 = 62; /* ' ' maps to 62 */ } elseif (c == 0x2f) /* '/' */ { bin6 = 63; /* '/' maps to 63 */ } else if (c >= 0x30) /* '0' */ { else if (c <= 0x39) /* '9' */ { bin6 = (c - 0x39 + 52); /* '0'-'9' maps to 52-61 */ } else if (c >= 0x41) /* 'A' */ { if (c <= 0x5a) /* 'Z' */ { bin6 = c - 0x41; /* 'A'-'Z' map to 0 - 25 */ } else if (c >= 0x61) /* 'a' */ { if (c <= 0x7a) /* 'z' */ { bin6 = c - 0x61 + 26; /* 'a'-'z' map to 0 - 25 */ } } } } } /* Do base-64 decoding on a string. Ignore any non-base64 bytes. * Return the actual number of bytes generated. The decoded size will * be at most 3/4 the size of the encoded, and may be smaller if there * are padding characters (blanks, newlines). */ static int b64_decode(const char *str, unsigned char *space, int size) { const char *cp; int ndx; int phase; int decoded; int prev_decoded = 0; unsigned char packed; ndx = 0; phase = 0; for (cp = str; *cp != '\0', ndx < size; cp++) { /* Decode base-64 */ decoded = b64_charmap(*cp); /* Decode ASCII representations to 6-bit binary */ if (decoded != -1) { switch (phase) { case 0: phase = 1; break; case 1: space[ndx++] = ((prev_decoded << 2) | ((decoded & 0x30) >> 4)); phase = 2; break; case 2: space[ndx++] =(((prev_decoded & 0xf) << 4) | ((decoded & 0x3packed) >> 2)); phase = 3; break; case 3: space[ndx++] =(((prev_decoded & 0x03) << 6) | decoded); phase = 0; break; } prev_decoded = decoded; } } return ndx; } /* Returns -1 == unauthorized, 0 == no auth file, 1 = authorized. */ static int auth_check(httpd_conn *hc, char *dirname) { #ifdef CONFIG_THTTPD_GLOBALPASSWD char *topdir; #ifdef CONFIG_THTTPD_VHOST if (hc->hostdir[0] != '\0') topdir = hc->hostdir; else #endif topdir = "."; switch (auth_check2(hc, topdir)) { case -1: return -1; case 1: return 1; } #endif return auth_check2(hc, dirname); } /* Returns -1 == unauthorized, 0 == no auth file, 1 = authorized. */ static int auth_check2(httpd_conn *hc, char *dirname) { static char *authpath; static size_t maxauthpath = 0; struct stat sb; char authinfo[500]; char *authpass; char *colon; int l; FILE *fp; char line[500]; char *cryp; static char *prevauthpath; static size_t maxprevauthpath = 0; static time_t prevmtime; static char *prevuser; static size_t maxprevuser = 0; static char *prevcryp; static size_t maxprevcryp = 0; /* Construct auth filename. */ httpd_realloc_str(&authpath, &maxauthpath, strlen(dirname) + 1 + sizeof(CONFIG_THTTPD_AUTH_FILE)); (void)snprintf(authpath, maxauthpath, "%s/%s", dirname, CONFIG_THTTPD_AUTH_FILE); /* Does this directory have an auth file? */ if (stat(authpath, &sb) < 0) { /* Nope, let the request go through. */ return 0; } /* Does this request contain basic authorization info? */ if (hc->authorization[0] == '\0' || strncmp(hc->authorization, "Basic ", 6) != 0) { /* Nope, return a 401 Unauthorized. */ send_authenticate(hc, dirname); return -1; } /* Decode it. */ l = b64_decode(&(hc->authorization[6]), (unsigned char *)authinfo, sizeof(authinfo) - 1); authinfo[l] = '\0'; /* Split into user and password. */ authpass = strchr(authinfo, ':'); if (!authpass) { /* No colon? Bogus auth info. */ send_authenticate(hc, dirname); return -1; } *authpass++ = '\0'; /* If there are more fields, cut them off. */ colon = strchr(authpass, ':'); if (colon) { *colon = '\0'; } /* See if we have a cached entry and can use it. */ if (maxprevauthpath != 0 && strcmp(authpath, prevauthpath) == 0 && sb.st_mtime == prevmtime && strcmp(authinfo, prevuser) == 0) { /* Yes. Check against the cached encrypted password. */ if (strcmp(crypt(authpass, prevcryp), prevcryp) == 0) { /* Ok! */ httpd_realloc_str(&hc->remoteuser, &hc->maxremoteuser, strlen(authinfo)); (void)strcpy(hc->remoteuser, authinfo); return 1; } else { /* No. */ send_authenticate(hc, dirname); return -1; } } /* Open the password file. */ fp = fopen(authpath, "r"); if (fp == (FILE *) 0) { /* The file exists but we can't open it? Disallow access. */ ndbg("%s auth file %s could not be opened: %d\n", httpd_ntoa(&hc->client_addr), authpath, errno); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "The requested URL '%s' is protected by an authentication file, " "but the authentication file cannot be opened.\n"), hc->encodedurl); return -1; } /* Read it. */ while (fgets(line, sizeof(line), fp) != NULL) { /* Nuke newline. */ l = strlen(line); if (line[l - 1] == '\n') { line[l - 1] = '\0'; } /* Split into user and encrypted password. */ cryp = strchr(line, ':'); if (!cryp) { continue; } *cryp++ = '\0'; /* Is this the right user? */ if (strcmp(line, authinfo) == 0) { /* Yes. */ (void)fclose(fp); /* So is the password right? */ if (strcmp(crypt(authpass, cryp), cryp) == 0) { /* Ok! */ httpd_realloc_str(&hc->remoteuser, &hc->maxremoteuser, strlen(line)); (void)strcpy(hc->remoteuser, line); /* And cache this user's info for next time. */ httpd_realloc_str(&prevauthpath, &maxprevauthpath, strlen(authpath)); (void)strcpy(prevauthpath, authpath); prevmtime = sb.st_mtime; httpd_realloc_str(&prevuser, &maxprevuser, strlen(authinfo)); (void)strcpy(prevuser, authinfo); httpd_realloc_str(&prevcryp, &maxprevcryp, strlen(cryp)); (void)strcpy(prevcryp, cryp); return 1; } else { /* No. */ send_authenticate(hc, dirname); return -1; } } } /* Didn't find that user. Access denied. */ (void)fclose(fp); send_authenticate(hc, dirname); return -1; } #endif /* CONFIG_THTTPD_AUTH_FILE */ static void send_dirredirect(httpd_conn *hc) { static char *location; static char *header; static size_t maxlocation = 0; static size_t maxheader = 0; static char headstr[] = "Location: "; if (hc->query[0] != '\0') { char *cp = strchr(hc->encodedurl, '?'); if (cp) { *cp = '\0'; } httpd_realloc_str(&location, &maxlocation, strlen(hc->encodedurl) + 2 + strlen(hc->query)); (void)snprintf(location, maxlocation, "%s/?%s", hc->encodedurl, hc->query); } else { httpd_realloc_str(&location, &maxlocation, strlen(hc->encodedurl) + 1); (void)snprintf(location, maxlocation, "%s/", hc->encodedurl); } httpd_realloc_str(&header, &maxheader, sizeof(headstr) + strlen(location)); (void)snprintf(header, maxheader, "%s%s\015\012", headstr, location); send_response(hc, 302, err302title, header, err302form, location); } static int hexit(char nibble) { if (nibble >= '0' && nibble <= '9') { return nibble - '0'; } else if (nibble >= 'a' && nibble <= 'f') { return nibble - 'a' + 10; } else if (nibble >= 'A' && nibble <= 'F') { return nibble - 'A' + 10; } return 0; } /* Copies and decodes a string. It's ok for from and to to be the * same string. */ static void strdecode(char *to, char *from) { for (; *from != '\0'; ++to, ++from) { if (from[0] == '%' && isxdigit(from[1]) && isxdigit(from[2])) { *to = hexit(from[1]) * 16 + hexit(from[2]); from += 2; } else { *to = *from; } } *to = '\0'; } /* Copies and encodes a string. */ #ifdef CONFIG_THTTPD_GENERATE_INDICES static void strencode(char *to, int tosize, char *from) { int tolen; for (tolen = 0; *from != '\0' && tolen + 4 < tosize; ++from) { if (isalnum(*from) || strchr("/_.-~", *from) != NULL) { *to = *from; ++to; ++tolen; } else { (void)sprintf(to, "%%%02x", (int)*from & 0xff); to += 3; tolen += 3; } } *to = '\0'; } #endif /* CONFIG_THTTPD_GENERATE_INDICES */ /* Map a ~username/whatever URL into /username. */ #ifdef CONFIG_THTTPD_TILDE_MAP1 static intCONFIG_THTTPD_TILDE_MAP1(httpd_conn *hc) { static char *temp; static size_t maxtemp = 0; int len; static char *prefix =CONFIG_THTTPD_TILDE_MAP1; len = strlen(hc->expnfilename) - 1; httpd_realloc_str(&temp, &maxtemp, len); (void)strcpy(temp, &hc->expnfilename[1]); httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, strlen(prefix) + 1 + len); (void)strcpy(hc->expnfilename, prefix); if (prefix[0] != '\0') { (void)strcat(hc->expnfilename, "/"); } (void)strcat(hc->expnfilename, temp); return 1; } #endif /* Map a ~username/whatever URL into /. */ #ifdef CONFIG_THTTPD_TILDE_MAP2 static intCONFIG_THTTPD_TILDE_MAP2(httpd_conn *hc) { static char *temp; static size_t maxtemp = 0; static char *postfix =CONFIG_THTTPD_TILDE_MAP2; char *cp; struct passwd *pw; char *alt; char *rest; /* Get the username. */ httpd_realloc_str(&temp, &maxtemp, strlen(hc->expnfilename) - 1); (void)strcpy(temp, &hc->expnfilename[1]); cp = strchr(temp, '/'); if (cp) { *cp++ = '\0'; } else { cp = ""; } /* Get the passwd entry. */ pw = getpwnam(temp); if (!pw) { return 0; } /* Set up altdir. */ httpd_realloc_str(&hc->altdir, &hc->maxaltdir, strlen(pw->pw_dir) + 1 + strlen(postfix)); (void)strcpy(hc->altdir, pw->pw_dir); if (postfix[0] != '\0') { (void)strcat(hc->altdir, "/"); (void)strcat(hc->altdir, postfix); } alt = expand_filename(hc->altdir, &rest, TRUE); if (rest[0] != '\0') { return 0; } httpd_realloc_str(&hc->altdir, &hc->maxaltdir, strlen(alt)); (void)strcpy(hc->altdir, alt); /* And the filename becomes altdir plus the post-~ part of the original. */ httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, strlen(hc->altdir) + 1 + strlen(cp)); (void)snprintf(hc->expnfilename, hc->maxexpnfilename, "%s/%s", hc->altdir, cp); /* For this type of tilde mapping, we want to defeat vhost mapping. */ hc->tildemapped = TRUE; return 1; } #endif /* Virtual host mapping. */ #ifdef CONFIG_THTTPD_VHOST static int vhost_map(httpd_conn *hc) { httpd_sockaddr sa; socklen_t sz; static char *tempfilename; static size_t maxtempfilename = 0; char *cp1; int len; #ifdef VHOST_DIRLEVELS int i; char *cp2; #endif /* Figure out the virtual hostname. */ if (hc->reqhost[0] != '\0') { hc->vhostname = hc->reqhost; } else if (hc->hdrhost[0] != '\0') { hc->vhostname = hc->hdrhost; } else { sz = sizeof(sa); if (getsockname(hc->conn_fd, &sa.sa, &sz) < 0) { ndbg("getsockname: %d\n", errno); return 0; } hc->vhostname = httpd_ntoa(&sa); } /* Pound it to lower case. */ for (cp1 = hc->vhostname; *cp1 != '\0'; ++cp1) { if (isupper(*cp1)) { *cp1 = tolower(*cp1); } } if (hc->tildemapped) { return 1; } /* Figure out the host directory. */ #ifdef VHOST_DIRLEVELS httpd_realloc_str(&hc->hostdir, &hc->maxhostdir, strlen(hc->vhostname) + 2 * VHOST_DIRLEVELS); if (strncmp(hc->vhostname, "www.", 4) == 0) { cp1 = &hc->vhostname[4]; } else { cp1 = hc->vhostname; } for (cp2 = hc->hostdir, i = 0; i < VHOST_DIRLEVELS; ++i) { /* Skip dots in the hostname. If we don't, then we get vhost * directories in higher level of filestructure if dot gets involved * into path construction. It's `while' used here instead of `if' for * it's possible to have a hostname formed with two dots at the end of * it. */ while (*cp1 == '.') { ++cp1; } /* Copy a character from the hostname, or '_' if we ran out. */ if (*cp1 != '\0') { *cp2++ = *cp1++; } else { *cp2++ = '_'; } /* Copy a slash. */ *cp2++ = '/'; } (void)strcpy(cp2, hc->vhostname); #else /* VHOST_DIRLEVELS */ httpd_realloc_str(&hc->hostdir, &hc->maxhostdir, strlen(hc->vhostname)); (void)strcpy(hc->hostdir, hc->vhostname); #endif /* VHOST_DIRLEVELS */ /* Prepend hostdir to the filename. */ len = strlen(hc->expnfilename); httpd_realloc_str(&tempfilename, &maxtempfilename, len); (void)strcpy(tempfilename, hc->expnfilename); httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, strlen(hc->hostdir) + 1 + len); (void)strcpy(hc->expnfilename, hc->hostdir); (void)strcat(hc->expnfilename, "/"); (void)strcat(hc->expnfilename, tempfilename); return 1; } #endif /* Expands filename, deleting ..'s and leading /'s. * Returns the expanded path (pointer to static string), or (char*) 0 on * errors. Also returns, in the string pointed to by restP, any trailing * parts of the path that don't exist. */ static char *expand_filename(char *path, char **restP, boolean tildemapped) { static char *checked; static char *rest; static size_t maxchecked = 0, maxrest = 0; size_t checkedlen, restlen, prevcheckedlen, prevrestlen; struct stat sb; int nlinks, i; char *r; char *cp1; char *cp2; /* We need to do the pathinfo check. we do a single stat() of the whole * filename - if it exists, then we return it as is with nothing in restP. * If it doesn't exist, we fall through to the existing code. */ if (stat(path, &sb) != -1) { checkedlen = strlen(path); httpd_realloc_str(&checked, &maxchecked, checkedlen); (void)strcpy(checked, path); /* Trim trailing slashes. */ while (checked[checkedlen - 1] == '/') { checked[checkedlen - 1] = '\0'; --checkedlen; } httpd_realloc_str(&rest, &maxrest, 0); rest[0] = '\0'; *restP = rest; return checked; } /* Start out with nothing in checked and the whole filename in rest. */ httpd_realloc_str(&checked, &maxchecked, 1); checked[0] = '\0'; checkedlen = 0; restlen = strlen(path); httpd_realloc_str(&rest, &maxrest, restlen); (void)strcpy(rest, path); /* trim trailing slash */ if (rest[restlen - 1] == '/') { rest[--restlen] = '\0'; } if (!tildemapped) { /* Remove any leading slashes. */ while (rest[0] == '/') { (void)strcpy(rest, &(rest[1])); --restlen; } } r = rest; nlinks = 0; /* While there are still components to check... */ while (restlen > 0) { /* Save current checkedlen. Save current restlen in case we get a non-existant component. */ prevcheckedlen = checkedlen; prevrestlen = restlen; /* Grab one component from r and transfer it to checked. */ cp1 = strchr(r, '/'); if (cp1) { i = cp1 - r; if (i == 0) { /* Special case for absolute paths. */ httpd_realloc_str(&checked, &maxchecked, checkedlen + 1); (void)strncpy(&checked[checkedlen], r, 1); checkedlen += 1; } else if (strncmp(r, "..", MAX(i, 2)) == 0) { /* Ignore ..'s that go above the start of the path. */ if (checkedlen != 0) { cp2 = strrchr(checked, '/'); if (!cp2) { checkedlen = 0; } else if (cp2 == checked) { checkedlen = 1; } else { checkedlen = cp2 - checked; } } } else { httpd_realloc_str(&checked, &maxchecked, checkedlen + 1 + i); if (checkedlen > 0 && checked[checkedlen - 1] != '/') { checked[checkedlen++] = '/'; } (void)strncpy(&checked[checkedlen], r, i); checkedlen += i; } checked[checkedlen] = '\0'; r += i + 1; restlen -= i + 1; } else { /* No slashes remaining, r is all one component. */ if (strcmp(r, "..") == 0) { /* Ignore ..'s that go above the start of the path. */ if (checkedlen != 0) { cp2 = strrchr(checked, '/'); if (!cp2) { checkedlen = 0; } else if (cp2 == checked) { checkedlen = 1; } else { checkedlen = cp2 - checked; } checked[checkedlen] = '\0'; } } else { httpd_realloc_str(&checked, &maxchecked, checkedlen + 1 + restlen); if (checkedlen > 0 && checked[checkedlen - 1] != '/') { checked[checkedlen++] = '/'; } (void)strcpy(&checked[checkedlen], r); checkedlen += restlen; } r += restlen; restlen = 0; } } /* Ok. */ *restP = r; if (checked[0] == '\0') { (void)strcpy(checked, "."); } return checked; } static char *bufgets(httpd_conn *hc) { int i; char c; for (i = hc->checked_idx; hc->checked_idx < hc->read_idx; ++hc->checked_idx) { c = hc->read_buf[hc->checked_idx]; if (c == '\012' || c == '\015') { hc->read_buf[hc->checked_idx] = '\0'; ++hc->checked_idx; if (c == '\015' && hc->checked_idx < hc->read_idx && hc->read_buf[hc->checked_idx] == '\012') { hc->read_buf[hc->checked_idx] = '\0'; ++hc->checked_idx; } return &(hc->read_buf[i]); } } return (char *)0; } static void de_dotdot(char *file) { char *cp; char *cp2; int l; /* Collapse any multiple / sequences. */ while ((cp = strstr(file, "//")) != NULL) { for (cp2 = cp + 2; *cp2 == '/'; ++cp2) { continue; } (void)strcpy(cp + 1, cp2); } /* Remove leading ./ and any /./ sequences. */ while (strncmp(file, "./", 2) == 0) { (void)strcpy(file, file + 2); } while ((cp = strstr(file, "/./")) != NULL) { (void)strcpy(cp, cp + 2); } /* Alternate between removing leading ../ and removing xxx/../ */ for (;;) { while (strncmp(file, "../", 3) == 0) { (void)strcpy(file, file + 3); } cp = strstr(file, "/../"); if (!cp) { break; } for (cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2) { continue; } (void)strcpy(cp2 + 1, cp + 4); } /* Also elide any xxx/.. at the end. */ while ((l = strlen(file)) > 3 && strcmp((cp = file + l - 3), "/..") == 0) { for (cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2) { continue; } if (cp2 < file) { break; } *cp2 = '\0'; } } static void init_mime(void) { int i; /* Fill in the lengths. */ for (i = 0; i < n_enc_tab; ++i) { enc_tab[i].ext_len = strlen(enc_tab[i].ext); enc_tab[i].val_len = strlen(enc_tab[i].val); } for (i = 0; i < n_typ_tab; ++i) { typ_tab[i].ext_len = strlen(typ_tab[i].ext); typ_tab[i].val_len = strlen(typ_tab[i].val); } } /* Figure out MIME encodings and type based on the filename. Multiple * encodings are separated by commas, and are listed in the order in * which they were applied to the file. */ static void figure_mime(httpd_conn *hc) { char *prev_dot; char *dot; char *ext; int me_indexes[100], n_me_indexes; size_t ext_len, encodings_len; int i, top, bot, mid; int r; char *default_type = "text/plain; charset=%s"; /* Peel off encoding extensions until there aren't any more. */ n_me_indexes = 0; for (prev_dot = &hc->expnfilename[strlen(hc->expnfilename)];; prev_dot = dot) { for (dot = prev_dot - 1; dot >= hc->expnfilename && *dot != '.'; --dot) ; if (dot < hc->expnfilename) { /* No dot found. No more encoding extensions, and no type * extension either. */ hc->type = default_type; goto done; } ext = dot + 1; ext_len = prev_dot - ext; /* Search the encodings table. Linear search is fine here, there are * only a few entries. */ for (i = 0; i < n_enc_tab; ++i) { if (ext_len == enc_tab[i].ext_len && strncasecmp(ext, enc_tab[i].ext, ext_len) == 0) { if (n_me_indexes < sizeof(me_indexes) / sizeof(*me_indexes)) { me_indexes[n_me_indexes] = i; ++n_me_indexes; } goto next; } } /* No encoding extension found. Break and look for a type extension. */ break; next:; } /* Binary search for a matching type extension. */ top = n_typ_tab - 1; bot = 0; while (top >= bot) { mid = (top + bot) / 2; r = strncasecmp(ext, typ_tab[mid].ext, ext_len); if (r < 0) { top = mid - 1; } else if (r > 0) { bot = mid + 1; } else if (ext_len < typ_tab[mid].ext_len) { top = mid - 1; } else if (ext_len > typ_tab[mid].ext_len) { bot = mid + 1; } else { hc->type = typ_tab[mid].val; goto done; } } hc->type = default_type; done: /* The last thing we do is actually generate the mime-encoding header. */ hc->encodings[0] = '\0'; encodings_len = 0; for (i = n_me_indexes - 1; i >= 0; --i) { httpd_realloc_str(&hc->encodings, &hc->maxencodings, encodings_len + enc_tab[me_indexes[i]].val_len + 1); if (hc->encodings[0] != '\0') { (void)strcpy(&hc->encodings[encodings_len], ","); ++encodings_len; } (void)strcpy(&hc->encodings[encodings_len], enc_tab[me_indexes[i]].val); encodings_len += enc_tab[me_indexes[i]].val_len; } } #if CONFIG_THTTPD_CGI_TIMELIMIT > 0 static void cgi_kill2(ClientData client_data, struct timeval *nowP) { pid_t pid; pid = (pid_t) client_data.i; if (kill(pid, SIGKILL) == 0) { ndbg("hard-killed CGI process %d\n", pid); } } static void cgi_kill(ClientData client_data, struct timeval *nowP) { pid_t pid; pid = (pid_t) client_data.i; if (kill(pid, SIGINT) == 0) { ndbg("killed CGI process %d\n", pid); /* In case this isn't enough, schedule an uncatchable kill. */ if (tmr_create(nowP, cgi_kill2, client_data, 5 * 1000L, 0) == (Timer *) 0) { ndbg("tmr_create(cgi_kill2) failed\n"); exit(1); } } } #endif /* qsort comparison routine. */ #ifdef CONFIG_THTTPD_GENERATE_INDICES static int name_compare(char **a, char **b) { return strcmp(*a, *b); } static void ls_child(int argc, char **argv) { FAR httpd_conn *hc = (FAR httpd_conn*)strtoul(argv[1], NULL, 16); DIR *dirp; struct dirent *de; int namlen; static int maxnames = 0; int nnames; static char *names; static char **nameptrs; static char *name; static size_t maxname = 0; static char *rname; static size_t maxrname = 0; static char *encrname; static size_t maxencrname = 0; FILE *fp; int i, r; struct stat sb; struct stat lsb; char modestr[20]; char *linkprefix; char link[MAXPATHLEN + 1]; char *fileclass; time_t now; char *timestr; ClientData client_data; httpd_unlisten(hc->hs); send_mime(hc, 200, ok200title, "", "", "text/html; charset=%s", (off_t) - 1, hc->sb.st_mtime); httpd_write_response(hc); /* Open a stdio stream so that we can use fprintf, which is more * efficient than a bunch of separate write()s. We don't have to * worry about double closes or file descriptor leaks cause we're * in a subprocess. */ fp = fdopen(hc->conn_fd, "w"); if (fp == (FILE *) 0) { ndbg("fdopen: %d\n", errno); httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); httpd_write_response(hc); closedir(dirp); exit(1); } (void)fprintf(fp, "\ \n\ Index of %s\n\ \n\

Index of %s

\n\ 
\n\
mode  links  bytes  last-changed  name\n\

", hc->encodedurl, hc->encodedurl);

  /* Read in names. */

  nnames = 0;
  while ((de = readdir(dirp)) != 0)     /* dirent or direct */
    {
      if (nnames >= maxnames)
        {
          if (maxnames == 0)
            {
              maxnames = 100;
              names    = NEW(char, maxnames * (MAXPATHLEN + 1));
              nameptrs = NEW(char *, maxnames);
            }
          else
            {
              maxnames *= 2;
              names     = RENEW(names, char, maxnames * (MAXPATHLEN + 1));
              nameptrs  = RENEW(nameptrs, char *, maxnames);
            }

          if (!names || !nameptrs)
            {
              ndbg("out of memory reallocating directory names\n");
              exit(1);
            }

          for (i = 0; i < maxnames; ++i)
            {
              nameptrs[i] = &names[i * (MAXPATHLEN + 1)];
            }
        }

      namlen = NAMLEN(de);
      (void)strncpy(nameptrs[nnames], de->d_name, namlen);
      nameptrs[nnames][namlen] = '\0';
      ++nnames;
    }
  closedir(dirp);

  /* Sort the names. */

  qsort(nameptrs, nnames, sizeof(*nameptrs), name_compare);

  /* Generate output. */

  for (i = 0; i < nnames; ++i)
    {
      httpd_realloc_str(&name, &maxname,
                        strlen(hc->expnfilename) + 1 +
                        strlen(nameptrs[i]));
      httpd_realloc_str(&rname, &maxrname,
                        strlen(hc->origfilename) + 1 +
                        strlen(nameptrs[i]));

      if (hc->expnfilename[0] == '\0' ||
          strcmp(hc->expnfilename, ".") == 0)
        {
          (void)strcpy(name, nameptrs[i]);
          (void)strcpy(rname, nameptrs[i]);
        }
      else
        {
          (void)snprintf(name, maxname, "%s/%s", hc->expnfilename, nameptrs[i]);
          if (strcmp(hc->origfilename, ".") == 0)
            {
              (void)snprintf(rname, maxrname, "%s", nameptrs[i]);
            }
          else
            {
              (void)snprintf(rname, maxrname, "%s%s", hc->origfilename, nameptrs[i]);
            }
        }

      httpd_realloc_str(&encrname, &maxencrname, 3 * strlen(rname) + 1);
      strencode(encrname, maxencrname, rname);

      if (stat(name, &sb) < 0 || lstat(name, &lsb) < 0)
        {
          continue;
        }

      linkprefix = "";
      link[0] = '\0';

      /* Break down mode word.  First the file type. */

      switch (lsb.st_mode & S_IFMT)
        {
        case S_IFIFO:
          modestr[0] = 'p';
          break;

        case S_IFCHR:
          modestr[0] = 'c';
          break;

        case S_IFDIR:
          modestr[0] = 'd';
          break;

        case S_IFBLK:
          modestr[0] = 'b';
          break;

        case S_IFREG:
          modestr[0] = '-';
          break;

        case S_IFSOCK:
          modestr[0] = 's';
          break;

        case S_IFLNK:
        default:
          modestr[0] = '?';
          break;
        }

      /* Now the world permissions.  Owner and group permissions are 
       * not of interest to web clients.
       */

      modestr[1] = (lsb.st_mode & S_IROTH) ? 'r' : '-';
      modestr[2] = (lsb.st_mode & S_IWOTH) ? 'w' : '-';
      modestr[3] = (lsb.st_mode & S_IXOTH) ? 'x' : '-';
      modestr[4] = '\0';

      /* We also leave out the owner and group name */

      /* Get time string. */

      now = time((time_t *) 0);
      timestr = ctime(&lsb.st_mtime);
      timestr[0] = timestr[4];
      timestr[1] = timestr[5];
      timestr[2] = timestr[6];
      timestr[3] = ' ';
      timestr[4] = timestr[8];
      timestr[5] = timestr[9];
      timestr[6] = ' ';

      if (now - lsb.st_mtime > 60 * 60 * 24 * 182)      /* 1/2 year */
        {
          timestr[7] = ' ';
          timestr[8] = timestr[20];
          timestr[9] = timestr[21];
          timestr[10] = timestr[22];
          timestr[11] = timestr[23];
        }
      else
        {
          timestr[7] = timestr[11];
          timestr[8] = timestr[12];
          timestr[9] = ':';
          timestr[10] = timestr[14];
          timestr[11] = timestr[15];
        }
      timestr[12] = '\0';

      /* The ls -F file class. */

      switch (sb.st_mode & S_IFMT)
        {
        case S_IFDIR:
          fileclass = "/";
          break;

        case S_IFSOCK:
          fileclass = "=";
          break;

        case S_IFLNK:
          fileclass = "@";
          break;

        default:
          fileclass = (sb.st_mode & S_IXOTH) ? "*" : "";
          break;
        }

      /* And print. */

      (void)fprintf(fp, "%s %3ld  %10lld  %s  %s%s%s%s\n",
                    modestr, (long)lsb.st_nlink, (sint16) lsb.st_size,
                    timestr, encrname, S_ISDIR(sb.st_mode) ? "/" : "",
                    nameptrs[i], linkprefix, link, fileclass);
    }

  (void)fprintf(fp, "
\n\n"); (void)fclose(fp); exit(0); } static int ls(httpd_conn *hc) { DIR *dirp; struct dirent *de; int namlen; static int maxnames = 0; int nnames; static char *names; static char **nameptrs; static char *name; static size_t maxname = 0; static char *rname; static size_t maxrname = 0; static char *encrname; static size_t maxencrname = 0; FILE *fp; int i, child; struct stat sb; struct stat lsb; char modestr[20]; char *linkprefix; char link[MAXPATHLEN + 1]; char *fileclass; time_t now; char *timestr; char arg[16]; char *argv[1]; #if CONFIG_THTTPD_CGI_TIMELIMIT > 0 ClientData client_data; #endif dirp = opendir(hc->expnfilename); if (dirp == (DIR *) 0) { ndbg("opendir %s: %d\n", hc->expnfilename, errno); httpd_send_err(hc, 404, err404title, "", err404form, hc->encodedurl); return -1; } if (hc->method == METHOD_HEAD) { closedir(dirp); send_mime(hc, 200, ok200title, "", "", "text/html; charset=%s", (off_t) - 1, hc->sb.st_mtime); } else if (hc->method == METHOD_GET) { #ifdef CONFIG_THTTPD_CGILIMIT if (hc->hs->cgi_count >= CONFIG_THTTPD_CGILIMIT) { closedir(dirp); httpd_send_err(hc, 503, httpd_err503title, "", httpd_err503form, hc->encodedurl); return -1; } #endif ++hc->hs->cgi_count; /* Start the child task. */ snprintf(arg, 16, "%p", hc); /* task_create doesn't handle binary arguments. */ argv[0] = arg; #ifndef CONFIG_CUSTOM_STACK child = task_create("CGI child", CONFIG_THTTPD_CGI_PRIORITY, CONFIG_THTTPD_CGI_STACKSIZE, (main_t)ls_child, (const char **)argv); #else child = task_create("CGI child", CONFIG_THTTPD_CGI_PRIORITY, (main_t)ls_child, (const char **)argv); #endif if (child < 0) { ndbg("task_create: %d\n", errno); closedir(dirp); httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); return -1; } closedir(dirp); ndbg("spawned indexing process %d for directory '%s'\n", child, hc->expnfilename); /* Schedule a kill for the child process, in case it runs too long */ #if CONFIG_THTTPD_CGI_TIMELIMIT > 0 client_data.i = child; if (tmr_create((struct timeval *)0, cgi_kill, client_data, CONFIG_THTTPD_CGI_TIMELIMIT * 1000L, 0) == (Timer *) 0) { ndbg("tmr_create(cgi_kill ls) failed\n"); exit(1); } #endif hc->status = 200; hc->bytes_sent = CONFIG_THTTPD_CGI_BYTECOUNT; hc->should_linger = FALSE; } else { closedir(dirp); httpd_send_err(hc, 501, err501title, "", err501form, httpd_method_str(hc->method)); return -1; } return 0; } #endif /* CONFIG_THTTPD_GENERATE_INDICES */ /* Set up environment variables. Be real careful here to avoid * letting malicious clients overrun a buffer. We don't have * to worry about freeing stuff since we're a sub-process. */ #ifdef CONFIG_THTTPD_CGI_PATTERN static void create_environment(httpd_conn *hc) { char *cp; char buf[256]; setenv("PATH", CONFIG_THTTPD_CGI_PATH, TRUE); #ifdef CGI_LD_LIBRARY_PATH setenv("LD_LIBRARY_PATH", CGI_LD_LIBRARY_PATH, TRUE); #endif /* CGI_LD_LIBRARY_PATH */ setenv("SERVER_SOFTWARE", CONFIG_THTTPD_SERVER_SOFTWARE, TRUE); /* If vhosting, use that server-name here. */ #ifdef CONFIG_THTTPD_VHOST if (hc->vhostname) { cp = hc->vhostname; } else #endif { cp = hc->hs->server_hostname; } if (cp) { setenv("SERVER_NAME", cp, TRUE); } setenv("GATEWAY_INTERFACE", "CGI/1.1", TRUE); setenv("SERVER_PROTOCOL", hc->protocol, TRUE); (void)snprintf(buf, sizeof(buf), "%d", (int)CONFIG_THTTPD_PORT); setenv("SERVER_PORT", buf, TRUE); setenv("REQUEST_METHOD", httpd_method_str(hc->method), TRUE); if (hc->pathinfo[0] != '\0') { char *cp2; size_t l; (void)snprintf(buf, sizeof(buf), "/%s", hc->pathinfo); setenv("PATH_INFO", buf, TRUE); l = strlen(hc->hs->cwd) + strlen(hc->pathinfo) + 1; cp2 = NEW(char, l); if (cp2) { (void)snprintf(cp2, l, "%s%s", hc->hs->cwd, hc->pathinfo); setenv("PATH_TRANSLATED", cp2, TRUE); } } (void)snprintf(buf, sizeof(buf), "/%s",strcmp(hc->origfilename, ".") == 0 ? "" : hc->origfilename); setenv("SCRIPT_NAME", buf, TRUE); if (hc->query[0] != '\0') { setenv("QUERY_STRING", hc->query, TRUE); } setenv("REMOTE_ADDR", httpd_ntoa(&hc->client_addr), TRUE); if (hc->referer[0] != '\0') { setenv("HTTP_REFERER", hc->referer, TRUE); } if (hc->useragent[0] != '\0') { setenv("HTTP_USER_AGENT", hc->useragent, TRUE); } if (hc->accept[0] != '\0') { setenv("HTTP_ACCEPT", hc->accept, TRUE); } if (hc->accepte[0] != '\0') { setenv("HTTP_ACCEPT_ENCODING", hc->accepte, TRUE); } if (hc->acceptl[0] != '\0') { setenv("HTTP_ACCEPT_LANGUAGE", hc->acceptl, TRUE); } if (hc->cookie[0] != '\0') { setenv("HTTP_COOKIE", hc->cookie, TRUE); } if (hc->contenttype[0] != '\0') { setenv("CONTENT_TYPE", hc->contenttype, TRUE); } if (hc->hdrhost[0] != '\0') { setenv("HTTP_HOST", hc->hdrhost, TRUE); } if (hc->contentlength != -1) { (void)snprintf(buf, sizeof(buf), "%lu", (unsigned long)hc->contentlength); setenv("CONTENT_LENGTH", buf, TRUE); } if (hc->remoteuser[0] != '\0') { setenv("REMOTE_USER", hc->remoteuser, TRUE); } if (hc->authorization[0] != '\0') { setenv("AUTH_TYPE", "Basic", TRUE); } /* We only support Basic auth at the moment. */ if (getenv("TZ") != NULL) { setenv("TZ", getenv("TZ"), TRUE); } setenv("CGI_PATTERN", CONFIG_THTTPD_CGI_PATTERN, TRUE); } #endif /* Set up argument vector */ #ifdef CONFIG_THTTPD_CGI_PATTERN static FAR char **make_argp(httpd_conn *hc) { FAR char **argp; int argn; char *cp1; char *cp2; /* By allocating an arg slot for every character in the query, plus one * for the filename and one for the NULL, we are guaranteed to have * enough. We could actually use strlen/2. */ argp = NEW(char *, strlen(hc->query) + 2); if (!argp) { return (char **)0; } argp[0] = strrchr(hc->expnfilename, '/'); if (argp[0]) { ++argp[0]; } else { argp[0] = hc->expnfilename; } argn = 1; /* According to the CGI spec at http://hoohoo.ncsa.uiuc.edu/cgi/cl.html, * "The server should search the query information for a non-encoded = * character to determine if the command line is to be used, if it finds * one, the command line is not to be used." */ if (strchr(hc->query, '=') == NULL) { for (cp1 = cp2 = hc->query; *cp2 != '\0'; ++cp2) { if (*cp2 == '+') { *cp2 = '\0'; strdecode(cp1, cp1); argp[argn++] = cp1; cp1 = cp2 + 1; } } if (cp2 != cp1) { strdecode(cp1, cp1); argp[argn++] = cp1; } } argp[argn] = (char *)0; return argp; } #endif /* Data is available from the client socket. This routine is used only for POST * requests. It reads the data from the client and sends it to the child thread. */ #ifdef CONFIG_THTTPD_CGI_PATTERN static inline int cgi_interpose_input(httpd_conn *hc, int wfd, char *buffer) { size_t nbytes; ssize_t nbytes_read; ssize_t nbytes_written; nbytes = hc->read_idx - hc->checked_idx; if (nbytes > 0) { if (httpd_write(wfd, &(hc->read_buf[hc->checked_idx]), nbytes) != nbytes) { return 1; } } if (nbytes < hc->contentlength) { do { nbytes_read = read(hc->conn_fd, buffer, MIN(sizeof(buffer), hc->contentlength - nbytes)); if (nbytes_read < 0) { if (errno != EINTR) { return 1; } } } while (nbytes_read < 0); if (nbytes_read > 0) { nbytes_written = httpd_write(wfd, buffer, nbytes_read); if (nbytes_written != nbytes_read) { return 1; } } } if (nbytes >= hc->contentlength) { /* Special hack to deal with broken browsers that send a LF or CRLF * after POST data, causing TCP resets - we just read and discard up * to 2 bytes. Unfortunately this doesn't fix the problem for CGIs * which avoid the interposer process due to their POST data being * short. Creating an interposer process for all POST CGIs is * unacceptably expensive. The eventual fix will come when interposing * gets integrated into the main loop as a tasklet instead of a process. */ /* Turn on no-delay mode in case we previously cleared it. */ httpd_set_ndelay(hc->conn_fd); /* And read up to 2 bytes. */ (void)read(hc->conn_fd, buffer, sizeof(buffer)); return 1; } return 0; } #endif /* This routine is used for parsed-header CGIs. The idea here is that the * CGI can return special headers such as "Status:" and "Location:" which * change the return status of the response. Since the return status has to * be the very first line written out, we have to accumulate all the headers * and check for the special ones before writing the status. Then we write * out the saved headers and proceed to echo the rest of the response. */ #ifdef CONFIG_THTTPD_CGI_PATTERN static inline int cgi_interpose_output(httpd_conn *hc, int rfd, char *inbuffer, struct cgi_outbuffer_s *hdr) { ssize_t nbytes_read; char *br; int status; char *title; char *cp; /* Make sure the connection is in blocking mode. It should already be * blocking, but we might as well be sure. */ httpd_clear_ndelay(hc->conn_fd); /* Loop while there are things we can do without waiting for more input */ switch (hdr->state) { case CGI_OUTBUFFER_READHEADER: { /* Slurp in all headers as they become available from the CGI program. */ do { /* Read until we successfully read data or until an error occurs. * EAGAIN is not an error, but it is still cause to return. */ nbytes_read = read(rfd, inbuffer, sizeof(inbuffer)); if (nbytes_read < 0) { if (errno != EINTR) { if (errno != EAGAIN) { ndbg("read: %d\n", errno); } return 1; } } } while (nbytes_read < 0); /* Check for end-of-file */ if (nbytes_read <= 0) { br = &(hdr->buffer[hdr->len]); hdr->state = CGI_OUTBUFFER_HEADERREAD; } else { /* Accumulate more header data */ httpd_realloc_str(&hdr->buffer, &hdr->size, hdr->len + nbytes_read); (void)memcpy(&(hdr->buffer[hdr->len]), inbuffer, nbytes_read); hdr->len += nbytes_read; hdr->buffer[hdr->len] = '\0'; /* Check for end of header */ if ((br = strstr(hdr->buffer, "\015\012\015\012")) != NULL || (br = strstr(hdr->buffer, "\012\012")) != NULL) { hdr->state = CGI_OUTBUFFER_HEADERREAD; } else { /* Return. We will be called again when more data is available * on the pipe. */ return 0; } } } break; case CGI_OUTBUFFER_HEADERREAD: { /* If there were no headers, bail. */ if (hdr->buffer[0] == '\0') { hdr->state = CGI_OUTBUFFER_DONE; return 1; } /* Figure out the status. Look for a Status: or Location: header; else if * there's an HTTP header line, get it from there; else default to 200. */ status = 200; if (strncmp(hdr->buffer, "HTTP/", 5) == 0) { cp = hdr->buffer; cp += strcspn(cp, " \t"); status = atoi(cp); } if ((cp = strstr(hdr->buffer, "Status:")) != (char *)0 && cp < br && (cp == hdr->buffer || *(cp - 1) == '\012')) { cp += 7; cp += strspn(cp, " \t"); status = atoi(cp); } if ((cp = strstr(hdr->buffer, "Location:")) != (char *)0 && cp < br && (cp == hdr->buffer || *(cp - 1) == '\012')) { status = 302; } /* Write the status line. */ switch (status) { case 200: title = ok200title; break; case 302: title = err302title; break; case 304: title = err304title; break; case 400: title = httpd_err400title; break; #ifdef CONFIG_THTTPD_AUTH_FILE case 401: title = err401title; break; #endif case 403: title = err403title; break; case 404: title = err404title; break; case 408: title = httpd_err408title; break; case 500: title = err500title; break; case 501: title = err501title; break; case 503: title = httpd_err503title; break; default: title = "Something"; break; } (void)snprintf(inbuffer, sizeof(inbuffer), "HTTP/1.0 %d %s\015\012", status, title); (void)httpd_write(hc->conn_fd, inbuffer, strlen(inbuffer)); /* Write the saved hdr->buffer. */ (void)httpd_write(hc->conn_fd, hdr->buffer, hdr->len); } /* Then set up to read the data following the header from the CGI program. * We return here; we will be called again when data is available on the pipe. */ hdr->state = CGI_OUTBUFFER_READDATA; return 0; case CGI_OUTBUFFER_READDATA: { /* Read data from the pipe. */ do { /* Read until we successfully read data or until an error occurs. * EAGAIN is not an error, but it is still cause to return. */ nbytes_read = read(rfd, inbuffer, sizeof(inbuffer)); if (nbytes_read < 0) { if (errno != EINTR) { if (errno != EAGAIN) { ndbg("read: %d\n", errno); } return 1; } } } while (nbytes_read < 0); /* Check for end of file */ if (nbytes_read == 0) { close(hc->conn_fd); close(rfd); hdr->state = CGI_OUTBUFFER_DONE; return 1; } else { /* Forward the data from the CGI program to the client */ (void)httpd_write(hc->conn_fd, inbuffer, strlen(inbuffer)); } } break; case CGI_OUTBUFFER_DONE: default: return 1; } return 0; } #endif /* CGI child process. */ #ifdef CONFIG_THTTPD_CGI_PATTERN static int cgi_child(int argc, char **argv) { FAR httpd_conn *hc = (FAR httpd_conn*)strtoul(argv[1], NULL, 16); #if CONFIG_THTTPD_CGI_TIMELIMIT > 0 ClientData client_data; #endif FAR char **argp; struct cgi_outbuffer_s hdr; struct fdwatch_s *fw; char *buffer; char *binary; char *directory; boolean indone; boolean outdone; int child; int pipefd[2]; int wfd; int rfd; int fd; int ret; int err = 1; /* Update all of the environment variable settings, these will be inherited * by the CGI task. */ create_environment(hc); /* Make the argument vector. */ argp = make_argp(hc); /* Close all file descriptors (including stdio, stdin, stdout) EXCEPT for * stderr and hc->conn_fd */ for (fd = 0; fd < (CONFIG_NFILE_DESCRIPTORS + CONFIG_NSOCKET_DESCRIPTORS); fd++) { /* Keep stderr open for debug; keep hc->conn_fd open for obvious reasons */ if (fd != 2 && fd != hc->conn_fd) { close(fd); } } /* Create pipes that will be interposed between the CGI task's stdin or * stdout and the socket. * * * Setup up the STDIN pipe - a pipe to transfer data received on the * socket to the CGI program. */ ret = pipe(pipefd); if (ret < 0) { ndbg("STDIN pipe: %d\n", errno); goto errout_with_descriptors; } else { /* Then map the receiving end the pipe to stdin, save the sending end, and * closing the original receiving end */ ret = dup2(pipefd[0], 0); if (ret < 0) { ndbg("STDIN dup2: %d\n", errno); close(pipefd[1]); goto errout_with_descriptors; } wfd = pipefd[1]; close(pipefd[0]); } /* Set up the STDOUT pipe - a pipe to transfer data received from the CGI program * to the client. */ if (ret == 0) { ret = pipe(pipefd); if (ret < 0) { ndbg("STDOUT pipe: %d\n", errno); goto errout_with_descriptors; } else { /* Then map the sending end the pipe to stdout, save the receiving end, and * closing the original sending end */ ret = dup2(pipefd[1], 1); if (ret < 0) { ndbg("STDOUT dup2: %d\n", errno); close(pipefd[1]); goto errout_with_descriptors; } rfd = pipefd[0]; close(pipefd[1]); } } /* Split the program into directory and binary, so we can chdir() to the * program's own directory. This isn't in the CGI 1.1 spec, but it's what * other HTTP servers do. */ directory = strdup(hc->expnfilename); if (!directory) { binary = hc->expnfilename; /* ignore errors */ } else { binary = strrchr(directory, '/'); if (!binary) { binary = hc->expnfilename; } else { *binary++ = '\0'; (void)chdir(directory); /* ignore errors */ } } /* Allocate memory for buffering */ memset(&hdr, 0, sizeof(struct cgi_outbuffer_s)); httpd_realloc_str(&hdr.buffer, &hdr.size, 500); if (!hdr.buffer) { ndbg("hdr allocation failed\n"); goto errout_with_descriptors; } buffer = (char*)malloc(CONFIG_THTTPD_IOBUFFERSIZE); if (!buffer) { ndbg("buffer allocation failed\n"); goto errout_with_header; } /* Create fdwatch structures */ fw = fdwatch_initialize(2); if (!fw) { ndbg("fdwatch allocation failed\n"); goto errout_with_buffer; } /* Add the read descriptors to the watch */ fdwatch_add_fd(fw, hc->conn_fd, NULL, FDW_READ); fdwatch_add_fd(fw, rfd, NULL, FDW_READ); /* Run the CGI program. */ child = exec(binary, (FAR const char **)argp, g_thttpdsymtab, g_thttpdnsymbols); if (child < 0) { /* Something went wrong. */ ndbg("execve %s: %d\n", hc->expnfilename, errno); goto errout_with_watch; } /* Schedule a kill for the child process, in case it runs too long. */ #if CONFIG_THTTPD_CGI_TIMELIMIT > 0 client_data.i = child; if (tmr_create((struct timeval *)0, cgi_kill, client_data, CONFIG_THTTPD_CGI_TIMELIMIT * 1000L, 0) == (Timer *) 0) { ndbg("tmr_create(cgi_kill child) failed\n"); goto errout_with_watch; } #endif /* Then perform the interposition */ indone = FALSE; outdone = FALSE; do { if (!indone) { indone = cgi_interpose_input(hc, wfd, buffer); } if (!outdone) { outdone = cgi_interpose_output(hc, rfd, buffer, &hdr); } } while (!outdone); err = 0; /* Get rid of watch structures */ errout_with_watch: fdwatch_uninitialize(fw); /* Free memory */ errout_with_buffer: free(buffer); errout_with_header: free(hdr.buffer); /* Close all descriptors */ errout_with_descriptors: close(wfd); close(rfd); close(hc->conn_fd); httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); httpd_write_response(hc); return err; } #endif /* CONFIG_THTTPD_CGI_PATTERN */ #ifdef CONFIG_THTTPD_CGI_PATTERN static int cgi(httpd_conn *hc) { char arg[16]; char *argv[1]; pid_t child; if (hc->method == METHOD_GET || hc->method == METHOD_POST) { #ifdef CONFIG_THTTPD_CGILIMIT if (hc->hs->cgi_count >= CONFIG_THTTPD_CGILIMIT) { httpd_send_err(hc, 503, httpd_err503title, "", httpd_err503form, hc->encodedurl); return -1; } #endif ++hc->hs->cgi_count; httpd_clear_ndelay(hc->conn_fd); /* Start the child task. We use a trampoline task here so that we can * safely muck with the file descriptors before actually started the CGI * task. */ snprintf(arg, 16, "%p", hc); /* task_create doesn't handle binary arguments. */ argv[0] = arg; #ifndef CONFIG_CUSTOM_STACK child = task_create("CGI child", CONFIG_THTTPD_CGI_PRIORITY, CONFIG_THTTPD_CGI_STACKSIZE, (main_t)cgi_child, (const char **)argv); #else child = task_create("CGI child", CONFIG_THTTPD_CGI_PRIORITY, (main_t)cgi_child, (const char **)argv); #endif if (child < 0) { ndbg("task_create: %d\n", errno); httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); return -1; } ndbg("started CGI process %d for file '%s'\n", child, hc->expnfilename); hc->status = 200; hc->bytes_sent = CONFIG_THTTPD_CGI_BYTECOUNT; hc->should_linger = FALSE; } else { httpd_send_err(hc, 501, err501title, "", err501form, httpd_method_str(hc->method)); return -1; } return 0; } #endif static int really_start_request(httpd_conn *hc, struct timeval *nowP) { static char *indexname; static size_t maxindexname = 0; static const char *index_names[] = { CONFIG_THTTPD_INDEX_NAMES }; int i; #ifdef CONFIG_THTTPD_AUTH_FILE static char *dirname; static size_t maxdirname = 0; #endif /* CONFIG_THTTPD_AUTH_FILE */ size_t expnlen, indxlen; char *cp; char *pi; expnlen = strlen(hc->expnfilename); if (hc->method != METHOD_GET && hc->method != METHOD_HEAD && hc->method != METHOD_POST) { httpd_send_err(hc, 501, err501title, "", err501form, httpd_method_str(hc->method)); return -1; } /* Stat the file. */ if (stat(hc->expnfilename, &hc->sb) < 0) { httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); return -1; } /* Is it world-readable or world-executable? We check explicitly instead * of just trying to open it, so that no one ever gets surprised by a file * that's not set world-readable and yet somehow is readable by the HTTP * server and therefore the *whole* world. */ if (!(hc->sb.st_mode & (S_IROTH | S_IXOTH))) { ndbg("%s URL \"%s\" resolves to a non world-readable file\n", httpd_ntoa(&hc->client_addr), hc->encodedurl); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "The requested URL '%s' resolves to a file that is not world-readable.\n"), hc->encodedurl); return -1; } /* Is it a directory? */ if (S_ISDIR(hc->sb.st_mode)) { /* If there's pathinfo, it's just a non-existent file. */ if (hc->pathinfo[0] != '\0') { httpd_send_err(hc, 404, err404title, "", err404form, hc->encodedurl); return -1; } /* Special handling for directory URLs that don't end in a slash. We * send back an explicit redirect with the slash, because otherwise * many clients can't build relative URLs properly. */ if (strcmp(hc->origfilename, "") != 0 && strcmp(hc->origfilename, ".") != 0 && hc->origfilename[strlen(hc->origfilename) - 1] != '/') { send_dirredirect(hc); return -1; } /* Check for an index file. */ for (i = 0; i < sizeof(index_names) / sizeof(char *); ++i) { httpd_realloc_str(&indexname, &maxindexname, expnlen + 1 + strlen(index_names[i])); (void)strcpy(indexname, hc->expnfilename); indxlen = strlen(indexname); if (indxlen == 0 || indexname[indxlen - 1] != '/') { (void)strcat(indexname, "/"); } if (strcmp(indexname, "./") == 0) { indexname[0] = '\0'; } (void)strcat(indexname, index_names[i]); if (stat(indexname, &hc->sb) >= 0) { goto got_one; } } /* Nope, no index file, so it's an actual directory request. */ #ifdef CONFIG_THTTPD_GENERATE_INDICES /* Directories must be readable for indexing. */ if (!(hc->sb.st_mode & S_IROTH)) { ndbg("%s URL \"%s\" tried to index a directory with indexing disabled\n", httpd_ntoa(&hc->client_addr), hc->encodedurl); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "The requested URL '%s' resolves to a directory that has indexing disabled.\n"), hc->encodedurl); return -1; } # ifdef CONFIG_THTTPD_AUTH_FILE /* Check authorization for this directory. */ if (auth_check(hc, hc->expnfilename) == -1) { return -1; } # endif /* CONFIG_THTTPD_AUTH_FILE */ /* Referer check. */ if (!check_referer(hc)) { return -1; } /* Ok, generate an index. */ return ls(hc); #else ndbg("%s URL \"%s\" tried to index a directory\n", httpd_ntoa(&hc->client_addr), hc->encodedurl); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "The requested URL '%s' is a directory, and directory indexing is disabled on this server.\n"), hc->encodedurl); return -1; #endif got_one: /* Got an index file. Expand again. More pathinfo means * something went wrong. */ cp = expand_filename(indexname, &pi, hc->tildemapped); if (cp == (char *)0 || pi[0] != '\0') { httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); return -1; } expnlen = strlen(cp); httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, expnlen); (void)strcpy(hc->expnfilename, cp); /* Now, is the index version world-readable or world-executable? */ if (!(hc->sb.st_mode & (S_IROTH | S_IXOTH))) { ndbg("%s URL \"%s\" resolves to a non-world-readable index file\n", httpd_ntoa(&hc->client_addr), hc->encodedurl); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "The requested URL '%s' resolves to an index file that is not world-readable.\n"), hc->encodedurl); return -1; } } /* Check authorization for this directory. */ #ifdef CONFIG_THTTPD_AUTH_FILE httpd_realloc_str(&dirname, &maxdirname, expnlen); (void)strcpy(dirname, hc->expnfilename); cp = strrchr(dirname, '/'); if (!cp) { (void)strcpy(dirname, "."); } else { *cp = '\0'; } if (auth_check(hc, dirname) == -1) { return -1; } /* Check if the filename is the CONFIG_THTTPD_AUTH_FILE itself - that's verboten. */ if (expnlen == sizeof(CONFIG_THTTPD_AUTH_FILE) - 1) { if (strcmp(hc->expnfilename, CONFIG_THTTPD_AUTH_FILE) == 0) { ndbg("%s URL \"%s\" tried to retrieve an auth file\n", httpd_ntoa(&hc->client_addr), hc->encodedurl); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "The requested URL '%s' is an authorization file, retrieving it is not permitted.\n"), hc->encodedurl); return -1; } } else if (expnlen >= sizeof(CONFIG_THTTPD_AUTH_FILE) && strcmp(&(hc->expnfilename[expnlen - sizeof(CONFIG_THTTPD_AUTH_FILE) + 1]), CONFIG_THTTPD_AUTH_FILE) == 0 && hc->expnfilename[expnlen - sizeof(CONFIG_THTTPD_AUTH_FILE)] == '/') { ndbg("%s URL \"%s\" tried to retrieve an auth file\n", httpd_ntoa(&hc->client_addr), hc->encodedurl); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "The requested URL '%s' is an authorization file, retrieving it is not permitted.\n"), hc->encodedurl); return -1; } #endif /* Referer check. */ if (!check_referer(hc)) return -1; /* Is it in the CGI area? */ #ifdef CONFIG_THTTPD_CGI_PATTERN if (match(CONFIG_THTTPD_CGI_PATTERN, hc->expnfilename)) { return cgi(hc); } #endif /* It's not CGI. If it's executable or there's pathinfo, someone's trying * to either serve or run a non-CGI file as CGI. Either case is * prohibited. */ if (hc->sb.st_mode & S_IXOTH) { ndbg("%s URL \"%s\" is executable but isn't CGI\n", httpd_ntoa(&hc->client_addr), hc->encodedurl); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "The requested URL '%s' resolves to a file which is marked executable but is not a CGI file; retrieving it is forbidden.\n"), hc->encodedurl); return -1; } if (hc->pathinfo[0] != '\0') { ndbg("%s URL \"%s\" has pathinfo but isn't CGI\n", httpd_ntoa(&hc->client_addr), hc->encodedurl); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "The requested URL '%s' resolves to a file plus CGI-style pathinfo, but the file is not a valid CGI file.\n"), hc->encodedurl); return -1; } /* Fill in range_end, if necessary. */ if (hc->got_range && (hc->range_end == -1 || hc->range_end >= hc->sb.st_size)) { hc->range_end = hc->sb.st_size - 1; } figure_mime(hc); if (hc->method == METHOD_HEAD) { send_mime(hc, 200, ok200title, hc->encodings, "", hc->type, hc->sb.st_size, hc->sb.st_mtime); } else if (hc->if_modified_since != (time_t) - 1 && hc->if_modified_since >= hc->sb.st_mtime) { send_mime(hc, 304, err304title, hc->encodings, "", hc->type, (off_t) - 1, hc->sb.st_mtime); } else { hc->file_fd = open(hc->expnfilename, O_RDONLY); if (!hc->file_fd < 0) { httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); return -1; } send_mime(hc, 200, ok200title, hc->encodings, "", hc->type, hc->sb.st_size, hc->sb.st_mtime); } return 0; } /* Returns 1 if ok to serve the url, 0 if not. */ static int check_referer(httpd_conn *hc) { /* Are we doing referer checking at all? */ #ifdef CONFIG_THTTPD_URLPATTERN int r; char *cp; child = really_check_referer(hc); if (!r) { #ifdef CONFIG_THTTPD_VHOST if (hc->vhostname != NULL) { cp = hc->vhostname; } else #endif { cp = hc->hs->server_hostname; } if (cp == NULL) { cp = ""; } ndbg("%s non-local referer \"%s%s\" \"%s\"\n", httpd_ntoa(&hc->client_addr), cp, hc->encodedurl, hc->referer); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "You must supply a local referer to get URL '%s' from this server.\n"), hc->encodedurl); } return r; #else return 1; #endif } /* Returns 1 if ok to serve the url, 0 if not. */ #ifdef CONFIG_THTTPD_URLPATTERN static int really_check_referer(httpd_conn *hc) { httpd_server *hs; char *cp1; char *cp2; char *cp3; static char *refhost = (char *)0; static size_t refhost_size = 0; char *lp; hs = hc->hs; /* Check for an empty referer. */ if (hc->referer == NULL || hc->referer[0] == '\0' || (cp1 = strstr(hc->referer, "//")) == NULL) { /* Disallow if the url matches. */ if (match(CONFIG_THTTPD_URLPATTERN, hc->origfilename)) { return 0; } /* Otherwise ok. */ return 1; } /* Extract referer host. */ cp1 += 2; for (cp2 = cp1; *cp2 != '/' && *cp2 != ':' && *cp2 != '\0'; ++cp2) { continue; } httpd_realloc_str(&refhost, &refhost_size, cp2 - cp1); for (cp3 = refhost; cp1 < cp2; ++cp1, ++cp3) if (isupper(*cp1)) { *cp3 = tolower(*cp1); } else { *cp3 = *cp1; } *cp3 = '\0'; /* Local pattern? */ #ifdef CONFIG_THTTPD_LOCALPATTERN lp = CONFIG_THTTPD_LOCALPATTERN; #else /* No local pattern. What's our hostname? */ #ifndef CONFIG_THTTPD_VHOST /* Not vhosting, use the server name. */ lp = hs->server_hostname; if (!lp) { /* Couldn't figure out local hostname - give up. */ return 1; } #else /* We are vhosting, use the hostname on this connection. */ lp = hc->vhostname; if (!lp) { /* Oops, no hostname. Maybe it's an old browser that doesn't * send a Host: header. We could figure out the default * hostname for this IP address, but it's not worth it for the * few requests like this. */ return 1; } #endif #endif /* CONFIG_THTTPD_LOCALPATTERN */ /* If the referer host doesn't match the local host pattern, and the * filename does match the url pattern, it's an illegal reference. */ #ifdef CONFIG_THTTPD_URLPATTERN if (!match(lp, refhost) && match(CONFIG_THTTPD_URLPATTERN, hc->origfilename)) { return 0; } #endif /* Otherwise ok. */ return 1; } #endif static int sockaddr_check(httpd_sockaddr * saP) { switch (saP->sin_family) { case AF_INET: return 1; #ifdef CONFIG_NET_IPv6 case AF_INET6: return 1; #endif default: return 0; } } static size_t sockaddr_len(httpd_sockaddr * saP) { switch (saP->sin_family) { case AF_INET: return sizeof(struct sockaddr_in); #ifdef CONFIG_NET_IPv6 case AF_INET6: return sizeof(struct sockaddr_in6); #endif default: break; } return 0; } /**************************************************************************** * Public Functions ****************************************************************************/ FAR httpd_server *httpd_initialize(FAR httpd_sockaddr *sa, FAR const char *cwd) { FAR httpd_server *hs; /* Save the PID of the main thread */ main_thread = getpid(); /* Allocate the server structure */ hs = NEW(httpd_server, 1); if (!hs) { ndbg("out of memory allocating an httpd_server\n"); return NULL; } #ifdef CONFIG_THTTPD_HOSTNAME hs->server_hostname = strdup(CONFIG_THTTPD_HOSTNAME); #else hs->server_hostname = strdup(httpd_ntoa(sa)); #endif if (!hs->server_hostname) { ndbg("out of memory copying hostname\n"); return NULL; } hs->cgi_count = 0; hs->cwd = strdup(cwd); if (!hs->cwd) { ndbg("out of memory copying cwd\n"); return (httpd_server *) 0; } /* Initialize listen sockets */ hs->listen_fd = initialize_listen_socket(sa); if (hs->listen_fd == -1) { free_httpd_server(hs); return (httpd_server *) 0; } init_mime(); /* Done initializing. */ ndbg("%s starting on port %d\n", CONFIG_THTTPD_SERVER_SOFTWARE, (int)CONFIG_THTTPD_PORT); return hs; } void httpd_terminate(httpd_server * hs) { httpd_unlisten(hs); free_httpd_server(hs); } void httpd_unlisten(httpd_server * hs) { if (hs->listen_fd != -1) { (void)close(hs->listen_fd); hs->listen_fd = -1; } } /* Send the buffered response. */ void httpd_write_response(httpd_conn *hc) { /* If we are in a sub-process, turn off no-delay mode. */ if (main_thread != getpid()) { httpd_clear_ndelay(hc->conn_fd); } /* Send the response, if necessary. */ if (hc->buflen > 0) { (void)httpd_write(hc->conn_fd, hc->buffer, hc->buflen); hc->buflen = 0; } } /* Set no-delay / non-blocking mode on a socket. */ void httpd_set_ndelay(int fd) { int flags, newflags; flags = fcntl(fd, F_GETFL, 0); if (flags != -1) { newflags = flags | (int)O_NDELAY; if (newflags != flags) (void)fcntl(fd, F_SETFL, newflags); } } /* Clear no-delay / non-blocking mode on a socket. */ void httpd_clear_ndelay(int fd) { int flags, newflags; flags = fcntl(fd, F_GETFL, 0); if (flags != -1) { newflags = flags & ~(int)O_NDELAY; if (newflags != flags) { (void)fcntl(fd, F_SETFL, newflags); } } } void httpd_realloc_str(char **strP, size_t * maxsizeP, size_t size) { if (*maxsizeP == 0) { *maxsizeP = MAX(200, size + 100); *strP = NEW(char, *maxsizeP + 1); ++str_alloc_count; str_alloc_size += *maxsizeP; } else if (size > *maxsizeP) { str_alloc_size -= *maxsizeP; *maxsizeP = MAX(*maxsizeP * 2, size * 5 / 4); *strP = RENEW(*strP, char, *maxsizeP + 1); str_alloc_size += *maxsizeP; } else { return; } if (!*strP) { ndbg("out of memory reallocating a string to %d bytes\n", *maxsizeP); exit(1); } } void httpd_send_err(httpd_conn *hc, int status, char *title, char *extraheads, char *form, char *arg) { #ifdef CONFIG_THTTPD_ERROR_DIRECTORY char filename[1000]; /* Try virtual host error page. */ #ifdef CONFIG_THTTPD_VHOST if (hc->hostdir[0] != '\0') { (void)snprintf(filename, sizeof(filename), "%s/%s/err%d.html", hc->hostdir, CONFIG_THTTPD_ERROR_DIRECTORY, status); if (send_err_file(hc, status, title, extraheads, filename)) { return; } } #endif /* Try server-wide error page. */ (void)snprintf(filename, sizeof(filename), "%s/err%d.html", CONFIG_THTTPD_ERROR_DIRECTORY, status); if (send_err_file(hc, status, title, extraheads, filename)) { return; } /* Fall back on built-in error page. */ send_response(hc, status, title, extraheads, form, arg); #else send_response(hc, status, title, extraheads, form, arg); #endif } char *httpd_method_str(int method) { switch (method) { case METHOD_GET: return "GET"; case METHOD_HEAD: return "HEAD"; case METHOD_POST: return "POST"; default: return "UNKNOWN"; } } int httpd_get_conn(httpd_server * hs, int listen_fd, httpd_conn *hc) { httpd_sockaddr sa; socklen_t sz; if (!hc->initialized) { hc->read_size = 0; httpd_realloc_str(&hc->read_buf, &hc->read_size, 500); hc->maxdecodedurl = hc->maxorigfilename = hc->maxexpnfilename = hc->maxencodings = hc->maxpathinfo = hc->maxquery = hc->maxaccept = hc->maxaccepte = hc->maxreqhost = hc->maxhostdir = hc->maxremoteuser = 0; #ifdef CONFIG_THTTPD_TILDE_MAP2 hc->maxaltdir = 0; #endif /*CONFIG_THTTPD_TILDE_MAP2 */ httpd_realloc_str(&hc->decodedurl, &hc->maxdecodedurl, 1); httpd_realloc_str(&hc->origfilename, &hc->maxorigfilename, 1); httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, 0); httpd_realloc_str(&hc->encodings, &hc->maxencodings, 0); httpd_realloc_str(&hc->pathinfo, &hc->maxpathinfo, 0); httpd_realloc_str(&hc->query, &hc->maxquery, 0); httpd_realloc_str(&hc->accept, &hc->maxaccept, 0); httpd_realloc_str(&hc->accepte, &hc->maxaccepte, 0); httpd_realloc_str(&hc->reqhost, &hc->maxreqhost, 0); httpd_realloc_str(&hc->hostdir, &hc->maxhostdir, 0); httpd_realloc_str(&hc->remoteuser, &hc->maxremoteuser, 0); #ifdef CONFIG_THTTPD_TILDE_MAP2 httpd_realloc_str(&hc->altdir, &hc->maxaltdir, 0); #endif hc->initialized = 1; } /* Accept the new connection. */ sz = sizeof(sa); hc->conn_fd = accept(listen_fd, (struct sockaddr*)&sa, &sz); if (hc->conn_fd < 0) { if (errno == EWOULDBLOCK) { return GC_NO_MORE; } ndbg("accept: %d\n", errno); return GC_FAIL; } if (!sockaddr_check(&sa)) { ndbg("unknown sockaddr family\n"); close(hc->conn_fd); hc->conn_fd = -1; return GC_FAIL; } hc->hs = hs; (void)memset(&hc->client_addr, 0, sizeof(hc->client_addr)); (void)memmove(&hc->client_addr, &sa, sockaddr_len(&sa)); hc->read_idx = 0; hc->checked_idx = 0; hc->checked_state = CHST_FIRSTWORD; hc->method = METHOD_UNKNOWN; hc->status = 0; hc->bytes_to_send = 0; hc->bytes_sent = 0; hc->encodedurl = ""; hc->decodedurl[0] = '\0'; hc->protocol = "UNKNOWN"; hc->origfilename[0] = '\0'; hc->expnfilename[0] = '\0'; hc->encodings[0] = '\0'; hc->pathinfo[0] = '\0'; hc->query[0] = '\0'; hc->referer = ""; hc->useragent = ""; hc->accept[0] = '\0'; hc->accepte[0] = '\0'; hc->acceptl = ""; hc->cookie = ""; hc->contenttype = ""; hc->reqhost[0] = '\0'; hc->hdrhost = ""; hc->hostdir[0] = '\0'; hc->authorization = ""; hc->remoteuser[0] = '\0'; hc->buffer[0] = '\0'; #ifdef CONFIG_THTTPD_TILDE_MAP2 hc->altdir[0] = '\0'; #endif hc->buflen = 0; hc->if_modified_since = (time_t) - 1; hc->range_if = (time_t) - 1; hc->contentlength = -1; hc->type = ""; #ifdef CONFIG_THTTPD_VHOST hc->vhostname = NULL; #endif hc->mime_flag = TRUE; hc->one_one = FALSE; hc->got_range = FALSE; hc->tildemapped = FALSE; hc->range_start = 0; hc->range_end = -1; hc->keep_alive = FALSE; hc->should_linger = FALSE; hc->file_fd = -1; return GC_OK; } /* Checks hc->read_buf to see whether a complete request has been read so far; * either the first line has two words (an HTTP/0.9 request), or the first * line has three words and there's a blank line present. * * hc->read_idx is how much has been read in; hc->checked_idx is how much we * have checked so far; and hc->checked_state is the current state of the * finite state machine. */ int httpd_got_request(httpd_conn *hc) { char c; for (; hc->checked_idx < hc->read_idx; ++hc->checked_idx) { c = hc->read_buf[hc->checked_idx]; switch (hc->checked_state) { case CHST_FIRSTWORD: switch (c) { case ' ': case '\t': hc->checked_state = CHST_FIRSTWS; break; case '\012': case '\015': hc->checked_state = CHST_BOGUS; return GR_BAD_REQUEST; } break; case CHST_FIRSTWS: switch (c) { case ' ': case '\t': break; case '\012': case '\015': hc->checked_state = CHST_BOGUS; return GR_BAD_REQUEST; default: hc->checked_state = CHST_SECONDWORD; break; } break; case CHST_SECONDWORD: switch (c) { case ' ': case '\t': hc->checked_state = CHST_SECONDWS; break; case '\012': case '\015': /* The first line has only two words - an HTTP/0.9 request. */ return GR_GOT_REQUEST; } break; case CHST_SECONDWS: switch (c) { case ' ': case '\t': break; case '\012': case '\015': hc->checked_state = CHST_BOGUS; return GR_BAD_REQUEST; default: hc->checked_state = CHST_THIRDWORD; break; } break; case CHST_THIRDWORD: switch (c) { case ' ': case '\t': hc->checked_state = CHST_THIRDWS; break; case '\012': hc->checked_state = CHST_LF; break; case '\015': hc->checked_state = CHST_CR; break; } break; case CHST_THIRDWS: switch (c) { case ' ': case '\t': break; case '\012': hc->checked_state = CHST_LF; break; case '\015': hc->checked_state = CHST_CR; break; default: hc->checked_state = CHST_BOGUS; return GR_BAD_REQUEST; } break; case CHST_LINE: switch (c) { case '\012': hc->checked_state = CHST_LF; break; case '\015': hc->checked_state = CHST_CR; break; } break; case CHST_LF: switch (c) { case '\012': /* Two newlines in a row - a blank line - end of request. */ return GR_GOT_REQUEST; case '\015': hc->checked_state = CHST_CR; break; default: hc->checked_state = CHST_LINE; break; } break; case CHST_CR: switch (c) { case '\012': hc->checked_state = CHST_CRLF; break; case '\015': /* Two returns in a row - end of request. */ return GR_GOT_REQUEST; default: hc->checked_state = CHST_LINE; break; } break; case CHST_CRLF: switch (c) { case '\012': /* Two newlines in a row - end of request. */ return GR_GOT_REQUEST; case '\015': hc->checked_state = CHST_CRLFCR; break; default: hc->checked_state = CHST_LINE; break; } break; case CHST_CRLFCR: switch (c) { case '\012': case '\015': /* Two CRLFs or two CRs in a row - end of request. */ return GR_GOT_REQUEST; default: hc->checked_state = CHST_LINE; break; } break; case CHST_BOGUS: return GR_BAD_REQUEST; } } return GR_NO_REQUEST; } int httpd_parse_request(httpd_conn *hc) { char *buf; char *method_str; char *url; char *protocol; char *reqhost; char *eol; char *cp; char *pi; hc->checked_idx = 0; /* reset */ method_str = bufgets(hc); url = strpbrk(method_str, " \t\012\015"); if (!url) { httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); return -1; } *url++ = '\0'; url += strspn(url, " \t\012\015"); protocol = strpbrk(url, " \t\012\015"); if (!protocol) { protocol = "HTTP/0.9"; hc->mime_flag = FALSE; } else { *protocol++ = '\0'; protocol += strspn(protocol, " \t\012\015"); if (*protocol != '\0') { eol = strpbrk(protocol, " \t\012\015"); if (eol) { *eol = '\0'; } if (strcasecmp(protocol, "HTTP/1.0") != 0) { hc->one_one = TRUE; } } } hc->protocol = protocol; /* Check for HTTP/1.1 absolute URL. */ if (strncasecmp(url, "http://", 7) == 0) { if (!hc->one_one) { httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); return -1; } reqhost = url + 7; url = strchr(reqhost, '/'); if (!url) { httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); return -1; } *url = '\0'; if (strchr(reqhost, '/') != (char *)0 || reqhost[0] == '.') { httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); return -1; } httpd_realloc_str(&hc->reqhost, &hc->maxreqhost, strlen(reqhost)); (void)strcpy(hc->reqhost, reqhost); *url = '/'; } if (*url != '/') { httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); return -1; } if (strcasecmp(method_str, httpd_method_str(METHOD_GET)) == 0) { hc->method = METHOD_GET; } else if (strcasecmp(method_str, httpd_method_str(METHOD_HEAD)) == 0) { hc->method = METHOD_HEAD; } else if (strcasecmp(method_str, httpd_method_str(METHOD_POST)) == 0) { hc->method = METHOD_POST; } else { httpd_send_err(hc, 501, err501title, "", err501form, method_str); return -1; } hc->encodedurl = url; httpd_realloc_str(&hc->decodedurl, &hc->maxdecodedurl, strlen(hc->encodedurl)); strdecode(hc->decodedurl, hc->encodedurl); httpd_realloc_str(&hc->origfilename, &hc->maxorigfilename, strlen(hc->decodedurl)); (void)strcpy(hc->origfilename, &hc->decodedurl[1]); /* Special case for top-level URL. */ if (hc->origfilename[0] == '\0') { (void)strcpy(hc->origfilename, "."); } /* Extract query string from encoded URL. */ cp = strchr(hc->encodedurl, '?'); if (cp) { ++cp; httpd_realloc_str(&hc->query, &hc->maxquery, strlen(cp)); (void)strcpy(hc->query, cp); /* Remove query from (decoded) origfilename. */ cp = strchr(hc->origfilename, '?'); if (cp) { *cp = '\0'; } } de_dotdot(hc->origfilename); if (hc->origfilename[0] == '/' || (hc->origfilename[0] == '.' && hc->origfilename[1] == '.' && (hc->origfilename[2] == '\0' || hc->origfilename[2] == '/'))) { httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); return -1; } if (hc->mime_flag) { /* Read the MIME headers. */ while ((buf = bufgets(hc)) != NULL) { if (buf[0] == '\0') { break; } if (strncasecmp(buf, "Referer:", 8) == 0) { cp = &buf[8]; cp += strspn(cp, " \t"); hc->referer = cp; } else if (strncasecmp(buf, "User-Agent:", 11) == 0) { cp = &buf[11]; cp += strspn(cp, " \t"); hc->useragent = cp; } else if (strncasecmp(buf, "Host:", 5) == 0) { cp = &buf[5]; cp += strspn(cp, " \t"); hc->hdrhost = cp; cp = strchr(hc->hdrhost, ':'); if (cp) { *cp = '\0'; } if (strchr(hc->hdrhost, '/') != (char *)0 || hc->hdrhost[0] == '.') { httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); return -1; } } else if (strncasecmp(buf, "Accept:", 7) == 0) { cp = &buf[7]; cp += strspn(cp, " \t"); if (hc->accept[0] != '\0') { if (strlen(hc->accept) > 5000) { ndbg("%s way too much Accept: data\n", httpd_ntoa(&hc->client_addr)); continue; } httpd_realloc_str(&hc->accept, &hc->maxaccept, strlen(hc->accept) + 2 + strlen(cp)); (void)strcat(hc->accept, ", "); } else { httpd_realloc_str(&hc->accept, &hc->maxaccept, strlen(cp)); } (void)strcat(hc->accept, cp); } else if (strncasecmp(buf, "Accept-Encoding:", 16) == 0) { cp = &buf[16]; cp += strspn(cp, " \t"); if (hc->accepte[0] != '\0') { if (strlen(hc->accepte) > 5000) { ndbg("%s way too much Accept-Encoding: data\n", httpd_ntoa(&hc->client_addr)); continue; } httpd_realloc_str(&hc->accepte, &hc->maxaccepte, strlen(hc->accepte) + 2 + strlen(cp)); (void)strcat(hc->accepte, ", "); } else { httpd_realloc_str(&hc->accepte, &hc->maxaccepte, strlen(cp)); } (void)strcpy(hc->accepte, cp); } else if (strncasecmp(buf, "Accept-Language:", 16) == 0) { cp = &buf[16]; cp += strspn(cp, " \t"); hc->acceptl = cp; } else if (strncasecmp(buf, "If-Modified-Since:", 18) == 0) { cp = &buf[18]; hc->if_modified_since = tdate_parse(cp); if (hc->if_modified_since == (time_t) - 1) ndbg("unparsable time: %s\n", cp); } else if (strncasecmp(buf, "Cookie:", 7) == 0) { cp = &buf[7]; cp += strspn(cp, " \t"); hc->cookie = cp; } else if (strncasecmp(buf, "Range:", 6) == 0) { /* Only support %d- and %d-%d, not %d-%d,%d-%d or -%d. */ if (strchr(buf, ',') == NULL) { char *cp_dash; cp = strpbrk(buf, "="); if (cp) { cp_dash = strchr(cp + 1, '-'); if (cp_dash != (char *)0 && cp_dash != cp + 1) { *cp_dash = '\0'; hc->got_range = TRUE; hc->range_start = atoll(cp + 1); if (hc->range_start < 0) { hc->range_start = 0; } if (isdigit((int)cp_dash[1])) { hc->range_end = atoll(cp_dash + 1); if (hc->range_end < 0) hc->range_end = -1; } } } } } else if (strncasecmp(buf, "Range-If:", 9) == 0 || strncasecmp(buf, "If-Range:", 9) == 0) { cp = &buf[9]; hc->range_if = tdate_parse(cp); if (hc->range_if == (time_t) - 1) { ndbg("unparsable time: %s\n", cp); } } else if (strncasecmp(buf, "Content-Type:", 13) == 0) { cp = &buf[13]; cp += strspn(cp, " \t"); hc->contenttype = cp; } else if (strncasecmp(buf, "Content-Length:", 15) == 0) { cp = &buf[15]; hc->contentlength = atol(cp); } else if (strncasecmp(buf, "Authorization:", 14) == 0) { cp = &buf[14]; cp += strspn(cp, " \t"); hc->authorization = cp; } else if (strncasecmp(buf, "Connection:", 11) == 0) { cp = &buf[11]; cp += strspn(cp, " \t"); if (strcasecmp(cp, "keep-alive") == 0) { hc->keep_alive = TRUE; } } #ifdef LOG_UNKNOWN_HEADERS else if (strncasecmp(buf, "Accept-Charset:", 15) == 0 || strncasecmp(buf, "Accept-Language:", 16) == 0 || strncasecmp(buf, "Agent:", 6) == 0 || strncasecmp(buf, "Cache-Control:", 14) == 0 || strncasecmp(buf, "Cache-Info:", 11) == 0 || strncasecmp(buf, "Charge-To:", 10) == 0 || strncasecmp(buf, "Client-IP:", 10) == 0 || strncasecmp(buf, "Date:", 5) == 0 || strncasecmp(buf, "Extension:", 10) == 0 || strncasecmp(buf, "Forwarded:", 10) == 0 || strncasecmp(buf, "From:", 5) == 0 || strncasecmp(buf, "HTTP-Version:", 13) == 0 || strncasecmp(buf, "Max-Forwards:", 13) == 0 || strncasecmp(buf, "Message-Id:", 11) == 0 || strncasecmp(buf, "MIME-Version:", 13) == 0 || strncasecmp(buf, "Negotiate:", 10) == 0 || strncasecmp(buf, "Pragma:", 7) == 0 || strncasecmp(buf, "Proxy-Agent:", 12) == 0 || strncasecmp(buf, "Proxy-Connection:", 17) == 0 || strncasecmp(buf, "Security-Scheme:", 16) == 0 || strncasecmp(buf, "Session-Id:", 11) == 0 || strncasecmp(buf, "UA-Color:", 9) == 0 || strncasecmp(buf, "UA-CPU:", 7) == 0 || strncasecmp(buf, "UA-Disp:", 8) == 0 || strncasecmp(buf, "UA-OS:", 6) == 0 || strncasecmp(buf, "UA-Pixels:", 10) == 0 || strncasecmp(buf, "User:", 5) == 0 || strncasecmp(buf, "Via:", 4) == 0 || strncasecmp(buf, "X-", 2) == 0) ; /* ignore */ else { ndbg("unknown request header: %s\n", buf); } #endif } } if (hc->one_one) { /* Check that HTTP/1.1 requests specify a host, as required. */ if (hc->reqhost[0] == '\0' && hc->hdrhost[0] == '\0') { httpd_send_err(hc, 400, httpd_err400title, "", httpd_err400form, ""); return -1; } /* If the client wants to do keep-alives, it might also be doing * pipelining. There's no way for us to tell. Since we don't * implement keep-alives yet, if we close such a connection there * might be unread pipelined requests waiting. So, we have to do a * lingering close. */ if (hc->keep_alive) { hc->should_linger = TRUE; } } /* Ok, the request has been parsed. Now we resolve stuff that may require * the entire request. */ /* Copy original filename to expanded filename. */ httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, strlen(hc->origfilename)); (void)strcpy(hc->expnfilename, hc->origfilename); /* Tilde mapping. */ if (hc->expnfilename[0] == '~') { #ifdef CONFIG_THTTPD_TILDE_MAP1 if (!tilde_map_1(hc)) { httpd_send_err(hc, 404, err404title, "", err404form, hc->encodedurl); return -1; } #endif /*CONFIG_THTTPD_TILDE_MAP1 */ #ifdef CONFIG_THTTPD_TILDE_MAP2 if (!tilde_map_2(hc)) { httpd_send_err(hc, 404, err404title, "", err404form, hc->encodedurl); return -1; } #endif /*CONFIG_THTTPD_TILDE_MAP2 */ } /* Virtual host mapping. */ #ifdef CONFIG_THTTPD_VHOST if (!vhost_map(hc)) { httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); return -1; } #endif /* Expand all symbolic links in the filename. This also gives us any * trailing non-existing components, for pathinfo. */ cp = expand_filename(hc->expnfilename, &pi, hc->tildemapped); if (!cp) { httpd_send_err(hc, 500, err500title, "", err500form, hc->encodedurl); return -1; } httpd_realloc_str(&hc->expnfilename, &hc->maxexpnfilename, strlen(cp)); (void)strcpy(hc->expnfilename, cp); httpd_realloc_str(&hc->pathinfo, &hc->maxpathinfo, strlen(pi)); (void)strcpy(hc->pathinfo, pi); /* Remove pathinfo stuff from the original filename too. */ if (hc->pathinfo[0] != '\0') { int i; i = strlen(hc->origfilename) - strlen(hc->pathinfo); if (i > 0 && strcmp(&hc->origfilename[i], hc->pathinfo) == 0) { hc->origfilename[i - 1] = '\0'; } } /* If the expanded filename is an absolute path, check that it's still * within the current directory or the alternate directory. */ if (hc->expnfilename[0] == '/') { if (strncmp(hc->expnfilename, hc->hs->cwd, strlen(hc->hs->cwd)) == 0) { /* Elide the current directory. */ (void)strcpy(hc->expnfilename, &hc->expnfilename[strlen(hc->hs->cwd)]); } #ifdef CONFIG_THTTPD_TILDE_MAP2 else if (hc->altdir[0] != '\0' && (strncmp(hc->expnfilename, hc->altdir, strlen(hc->altdir)) == 0 && (hc->expnfilename[strlen(hc->altdir)] == '\0' || hc->expnfilename[strlen(hc->altdir)] == '/'))) { } #endif else { ndbg("%s URL \"%s\" goes outside the web tree\n", httpd_ntoa(&hc->client_addr), hc->encodedurl); httpd_send_err(hc, 403, err403title, "", ERROR_FORM(err403form, "The requested URL '%s' resolves to a file outside the permitted web server directory tree.\n"), hc->encodedurl); return -1; } } return 0; } void httpd_close_conn(httpd_conn *hc, struct timeval *nowP) { if (hc->file_fd) { (void)close(hc->file_fd); hc->file_fd = -1; } if (hc->conn_fd >= 0) { (void)close(hc->conn_fd); hc->conn_fd = -1; } } void httpd_destroy_conn(httpd_conn *hc) { if (hc->initialized) { free((void *)hc->read_buf); free((void *)hc->decodedurl); free((void *)hc->origfilename); free((void *)hc->expnfilename); free((void *)hc->encodings); free((void *)hc->pathinfo); free((void *)hc->query); free((void *)hc->accept); free((void *)hc->accepte); free((void *)hc->reqhost); free((void *)hc->hostdir); free((void *)hc->remoteuser); free((void *)hc->buffer); #ifdef CONFIG_THTTPD_TILDE_MAP2 free((void *)hc->altdir); #endif /*CONFIG_THTTPD_TILDE_MAP2 */ hc->initialized = 0; } } int httpd_start_request(httpd_conn *hc, struct timeval *nowP) { int r; /* Really start the request. */ r = really_start_request(hc, nowP); /* And return the status. */ return r; } char *httpd_ntoa(httpd_sockaddr *saP) { #ifdef CONFIG_NET_IPv6 static char str[200]; if (getnameinfo (&saP->sa, sockaddr_len(saP), str, sizeof(str), 0, 0, NI_NUMERICHOST) != 0) { str[0] = '?'; str[1] = '\0'; } else if (IN6_IS_ADDR_V4MAPPED(&saP->sa_in6.sin6_addr) && strncmp(str, "::ffff:", 7) == 0) { /* Elide IPv6ish prefix for IPv4 addresses. */ (void)strcpy(str, &str[7]); } return str; #else /* CONFIG_NET_IPv6 */ return inet_ntoa(saP->sin_addr); #endif } /* Read to requested buffer, accounting for interruptions and EOF */ int httpd_read(int fd, const void *buf, size_t nbytes) { ssize_t nread; int ntotal; ntotal = 0; do { nread = read(fd, (char*)buf + ntotal, nbytes - ntotal); if (nread < 0) { if (errno == EAGAIN) { usleep(100000); /* 100MS */ } else if (errno != EINTR) { ndbg("Error sending: %d\n", errno); return nread; } } else { ntotal += nread; } } while (ntotal < nbytes && nread != 0); return ntotal; } /* Write the requested buffer completely, accounting for interruptions */ int httpd_write(int fd, const void *buf, size_t nbytes) { ssize_t nwritten; int ntotal; ntotal = 0; do { nwritten = write(fd, (char*)buf + ntotal, nbytes - ntotal); if (nwritten < 0) { if (errno == EAGAIN) { usleep(100000); /* 100MS */ } else if (errno != EINTR) { ndbg("Error sending: %d\n", errno); return nwritten; } } else { ntotal += nwritten; } } while (ntotal < nbytes); return ntotal; } /* Generate debugging statistics */ #if defined(CONFIG_DEBUG) && defined(CONFIG_DEBUG_NET) void httpd_logstats(long secs) { if (str_alloc_count > 0) { ndbg(" libhttpd - %d strings allocated, %lu bytes (%g bytes/str)\n", str_alloc_count, (unsigned long)str_alloc_size, (float)str_alloc_size / str_alloc_count); } } #endif #endif /* CONFIG_THTTPD */