/* libhttpd.c - HTTP protocol library ** ** Copyright © 1995,1998,1999,2000,2001,2015 by ** Jef Poskanzer . All rights reserved. ** ** Redistribution and use in source and binary forms, with or without ** modification, are permitted provided that the following conditions ** are met: ** 1. Redistributions of source code must retain the above copyright ** notice, this list of conditions and the following disclaimer. ** 2. Redistributions in binary form must reproduce the above copyright ** notice, this list of conditions and the following disclaimer in the ** documentation and/or other materials provided with the distribution. ** ** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ** ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ** FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ** DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ** OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ** HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ** OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ** SUCH DAMAGE. */ #include "config.h" #include "version.h" #ifdef SHOW_SERVER_VERSION #define EXPOSED_SERVER_SOFTWARE SERVER_SOFTWARE #else /* SHOW_SERVER_VERSION */ #define EXPOSED_SERVER_SOFTWARE "thttpd" #endif /* SHOW_SERVER_VERSION */ #include #include #include #include #include #include #include #ifdef HAVE_MEMORY_H #include #endif /* HAVE_MEMORY_H */ #include #include #include #include #include #include #include #include #ifdef HAVE_OSRELDATE_H #include #endif /* HAVE_OSRELDATE_H */ #ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) #else # define dirent direct # define NAMLEN(dirent) (dirent)->d_namlen # ifdef HAVE_SYS_NDIR_H # include # endif # ifdef HAVE_SYS_DIR_H # include # endif # ifdef HAVE_NDIR_H # include # endif #endif #include "libhttpd.h" #include "mmc.h" #include "timers.h" #include "match.h" #include "tdate_parse.h" #ifndef STDIN_FILENO #define STDIN_FILENO 0 #endif #ifndef STDOUT_FILENO #define STDOUT_FILENO 1 #endif #ifndef STDERR_FILENO #define STDERR_FILENO 2 #endif #ifndef SHUT_WR #define SHUT_WR 1 #endif #ifndef HAVE_INT64T typedef long long int64_t; #endif #ifndef HAVE_SOCKLENT typedef int socklen_t; #endif #ifdef __CYGWIN__ #define timezone _timezone #endif #ifndef MAX #define MAX(a,b) ((a) > (b) ? (a) : (b)) #endif #ifndef MIN #define MIN(a,b) ((a) < (b) ? (a) : (b)) #endif /* Forwards. */ static void check_options( void ); static void free_httpd_server( httpd_server* hs ); static int initialize_listen_socket( httpd_sockaddr* saP ); static void add_response( httpd_conn* hc, char* str ); static void send_mime( httpd_conn* hc, int status, char* title, char* encodings, char* extraheads, char* type, off_t length, time_t mod ); static void send_response( httpd_conn* hc, int status, char* title, char* extraheads, char* form, char* arg ); static void send_response_tail( httpd_conn* hc ); static void defang( char* str, char* dfstr, int dfsize ); #ifdef ERR_DIR static int send_err_file( httpd_conn* hc, int status, char* title, char* extraheads, char* filename ); #endif /* ERR_DIR */ #ifdef AUTH_FILE static void send_authenticate( httpd_conn* hc, char* realm ); static int b64_decode( const char* str, unsigned char* space, int size ); static int auth_check( httpd_conn* hc, char* dirname ); static int auth_check2( httpd_conn* hc, char* dirname ); #endif /* AUTH_FILE */ static void send_dirredirect( httpd_conn* hc ); static int hexit( char c ); static void strdecode( char* to, char* from ); #ifdef GENERATE_INDEXES static void strencode( char* to, int tosize, char* from ); #endif /* GENERATE_INDEXES */ #ifdef TILDE_MAP_1 static int tilde_map_1( httpd_conn* hc ); #endif /* TILDE_MAP_1 */ #ifdef TILDE_MAP_2 static int tilde_map_2( httpd_conn* hc ); #endif /* TILDE_MAP_2 */ static int vhost_map( httpd_conn* hc ); static char* expand_symlinks( char* path, char** restP, int no_symlink_check, int tildemapped ); static char* bufgets( httpd_conn* hc ); static void de_dotdot( char* file ); static void init_mime( void ); static void figure_mime( httpd_conn* hc ); #ifdef CGI_TIMELIMIT static void cgi_kill2( ClientData client_data, struct timeval* nowP ); static void cgi_kill( ClientData client_data, struct timeval* nowP ); #endif /* CGI_TIMELIMIT */ #ifdef GENERATE_INDEXES static int ls( httpd_conn* hc ); #endif /* GENERATE_INDEXES */ static char* build_env( char* fmt, char* arg ); #ifdef SERVER_NAME_LIST static char* hostname_map( char* hostname ); #endif /* SERVER_NAME_LIST */ static char** make_envp( httpd_conn* hc ); static char** make_argp( httpd_conn* hc ); static void cgi_interpose_input( httpd_conn* hc, int wfd ); static void post_post_garbage_hack( httpd_conn* hc ); static void cgi_interpose_output( httpd_conn* hc, int rfd ); static void cgi_child( httpd_conn* hc ); static int cgi( httpd_conn* hc ); static int really_start_request( httpd_conn* hc, struct timeval* nowP ); static void make_log_entry( httpd_conn* hc, struct timeval* nowP ); static int check_referrer( httpd_conn* hc ); static int really_check_referrer( httpd_conn* hc ); static int sockaddr_check( httpd_sockaddr* saP ); static size_t sockaddr_len( httpd_sockaddr* saP ); static int my_snprintf( char* str, size_t size, const char* format, ... ); #ifndef HAVE_ATOLL static long long atoll( const char* str ); #endif /* HAVE_ATOLL */ /* This global keeps track of whether we are in the main process or a ** sub-process. The reason is that httpd_write_response() can get called ** in either context; when it is called from the main process it must use ** non-blocking I/O to avoid stalling the server, but when it is called ** from a sub-process it wants to use blocking I/O so that the whole ** response definitely gets written. So, it checks this variable. A bit ** of a hack but it seems to do the right thing. */ static int sub_process = 0; static void check_options( void ) { #if defined(TILDE_MAP_1) && defined(TILDE_MAP_2) syslog( LOG_CRIT, "both TILDE_MAP_1 and TILDE_MAP_2 are defined" ); exit( 1 ); #endif /* both */ } static void free_httpd_server( httpd_server* hs ) { if ( hs->binding_hostname != (char*) 0 ) free( (void*) hs->binding_hostname ); if ( hs->cwd != (char*) 0 ) free( (void*) hs->cwd ); if ( hs->cgi_pattern != (char*) 0 ) free( (void*) hs->cgi_pattern ); if ( hs->charset != (char*) 0 ) free( (void*) hs->charset ); if ( hs->p3p != (char*) 0 ) free( (void*) hs->p3p ); if ( hs->url_pattern != (char*) 0 ) free( (void*) hs->url_pattern ); if ( hs->local_pattern != (char*) 0 ) free( (void*) hs->local_pattern ); free( (void*) hs ); } httpd_server* httpd_initialize( char* hostname, httpd_sockaddr* sa4P, httpd_sockaddr* sa6P, unsigned short port, char* cgi_pattern, int cgi_limit, char* charset, char* p3p, int max_age, char* cwd, int no_log, FILE* logfp, int no_symlink_check, int vhost, int global_passwd, char* url_pattern, char* local_pattern, int no_empty_referrers ) { httpd_server* hs; static char ghnbuf[256]; char* cp; check_options(); hs = NEW( httpd_server, 1 ); if ( hs == (httpd_server*) 0 ) { syslog( LOG_CRIT, "out of memory allocating an httpd_server" ); return (httpd_server*) 0; } if ( hostname != (char*) 0 ) { hs->binding_hostname = strdup( hostname ); if ( hs->binding_hostname == (char*) 0 ) { syslog( LOG_CRIT, "out of memory copying hostname" ); return (httpd_server*) 0; } hs->server_hostname = hs->binding_hostname; } else { hs->binding_hostname = (char*) 0; hs->server_hostname = (char*) 0; if ( gethostname( ghnbuf, sizeof(ghnbuf) ) < 0 ) ghnbuf[0] = '\0'; #ifdef SERVER_NAME_LIST if ( ghnbuf[0] != '\0' ) hs->server_hostname = hostname_map( ghnbuf ); #endif /* SERVER_NAME_LIST */ if ( hs->server_hostname == (char*) 0 ) { #ifdef SERVER_NAME hs->server_hostname = SERVER_NAME; #else /* SERVER_NAME */ if ( ghnbuf[0] != '\0' ) hs->server_hostname = ghnbuf; #endif /* SERVER_NAME */ } } hs->port = port; if ( cgi_pattern == (char*) 0 ) hs->cgi_pattern = (char*) 0; else { /* Nuke any leading slashes. */ if ( cgi_pattern[0] == '/' ) ++cgi_pattern; hs->cgi_pattern = strdup( cgi_pattern ); if ( hs->cgi_pattern == (char*) 0 ) { syslog( LOG_CRIT, "out of memory copying cgi_pattern" ); return (httpd_server*) 0; } /* Nuke any leading slashes in the cgi pattern. */ while ( ( cp = strstr( hs->cgi_pattern, "|/" ) ) != (char*) 0 ) (void) ol_strcpy( cp + 1, cp + 2 ); } hs->cgi_limit = cgi_limit; hs->cgi_count = 0; hs->charset = strdup( charset ); hs->p3p = strdup( p3p ); hs->max_age = max_age; hs->cwd = strdup( cwd ); if ( hs->cwd == (char*) 0 ) { syslog( LOG_CRIT, "out of memory copying cwd" ); return (httpd_server*) 0; } if ( url_pattern == (char*) 0 ) hs->url_pattern = (char*) 0; else { hs->url_pattern = strdup( url_pattern ); if ( hs->url_pattern == (char*) 0 ) { syslog( LOG_CRIT, "out of memory copying url_pattern" ); return (httpd_server*) 0; } } if ( local_pattern == (char*) 0 ) hs->local_pattern = (char*) 0; else { hs->local_pattern = strdup( local_pattern ); if ( hs->local_pattern == (char*) 0 ) { syslog( LOG_CRIT, "out of memory copying local_pattern" ); return (httpd_server*) 0; } } hs->no_log = no_log; hs->logfp = (FILE*) 0; httpd_set_logfp( hs, logfp ); hs->no_symlink_check = no_symlink_check; hs->vhost = vhost; hs->global_passwd = global_passwd; hs->no_empty_referrers = no_empty_referrers; /* Initialize listen sockets. Try v6 first because of a Linux peculiarity; ** like some other systems, it has magical v6 sockets that also listen for ** v4, but in Linux if you bind a v4 socket first then the v6 bind fails. */ if ( sa6P == (httpd_sockaddr*) 0 ) hs->listen6_fd = -1; else hs->listen6_fd = initialize_listen_socket( sa6P ); if ( sa4P == (httpd_sockaddr*) 0 ) hs->listen4_fd = -1; else hs->listen4_fd = initialize_listen_socket( sa4P ); /* If we didn't get any valid sockets, fail. */ if ( hs->listen4_fd == -1 && hs->listen6_fd == -1 ) { free_httpd_server( hs ); return (httpd_server*) 0; } init_mime(); /* Done initializing. */ if ( hs->binding_hostname == (char*) 0 ) syslog( LOG_NOTICE, "%.80s starting on port %d", SERVER_SOFTWARE, (int) hs->port ); else syslog( LOG_NOTICE, "%.80s starting on %.80s, port %d", SERVER_SOFTWARE, httpd_ntoa( hs->listen4_fd != -1 ? sa4P : sa6P ), (int) hs->port ); return hs; } static int initialize_listen_socket( httpd_sockaddr* saP ) { int listen_fd; int on, flags; /* Check sockaddr. */ if ( ! sockaddr_check( saP ) ) { syslog( LOG_CRIT, "unknown sockaddr family on listen socket" ); return -1; } /* Create socket. */ listen_fd = socket( saP->sa.sa_family, SOCK_STREAM, 0 ); if ( listen_fd < 0 ) { syslog( LOG_CRIT, "socket %.80s - %m", httpd_ntoa( saP ) ); return -1; } (void) fcntl( listen_fd, F_SETFD, 1 ); /* Allow reuse of local addresses. */ on = 1; if ( setsockopt( listen_fd, SOL_SOCKET, SO_REUSEADDR, (char*) &on, sizeof(on) ) < 0 ) syslog( LOG_CRIT, "setsockopt SO_REUSEADDR - %m" ); /* Bind to it. */ if ( bind( listen_fd, &saP->sa, sockaddr_len( saP ) ) < 0 ) { syslog( LOG_CRIT, "bind %.80s - %m", httpd_ntoa( saP ) ); (void) close( listen_fd ); return -1; } /* Set the listen file descriptor to no-delay / non-blocking mode. */ flags = fcntl( listen_fd, F_GETFL, 0 ); if ( flags == -1 ) { syslog( LOG_CRIT, "fcntl F_GETFL - %m" ); (void) close( listen_fd ); return -1; } if ( fcntl( listen_fd, F_SETFL, flags | O_NDELAY ) < 0 ) { syslog( LOG_CRIT, "fcntl O_NDELAY - %m" ); (void) close( listen_fd ); return -1; } /* Start a listen going. */ if ( listen( listen_fd, LISTEN_BACKLOG ) < 0 ) { syslog( LOG_CRIT, "listen - %m" ); (void) close( listen_fd ); return -1; } /* Use accept filtering, if available. */ #ifdef SO_ACCEPTFILTER { #if ( __FreeBSD_version >= 411000 ) #define ACCEPT_FILTER_NAME "httpready" #else #define ACCEPT_FILTER_NAME "dataready" #endif struct accept_filter_arg af; (void) bzero( &af, sizeof(af) ); (void) strcpy( af.af_name, ACCEPT_FILTER_NAME ); (void) setsockopt( listen_fd, SOL_SOCKET, SO_ACCEPTFILTER, (char*) &af, sizeof(af) ); } #endif /* SO_ACCEPTFILTER */ return listen_fd; } void httpd_set_logfp( httpd_server* hs, FILE* logfp ) { if ( hs->logfp != (FILE*) 0 ) (void) fclose( hs->logfp ); hs->logfp = logfp; } void httpd_terminate( httpd_server* hs ) { httpd_unlisten( hs ); if ( hs->logfp != (FILE*) 0 ) (void) fclose( hs->logfp ); free_httpd_server( hs ); } void httpd_unlisten( httpd_server* hs ) { if ( hs->listen4_fd != -1 ) { (void) close( hs->listen4_fd ); hs->listen4_fd = -1; } if ( hs->listen6_fd != -1 ) { (void) close( hs->listen6_fd ); hs->listen6_fd = -1; } } /* Conditional macro to allow two alternate forms for use in the built-in ** error pages. If EXPLICIT_ERROR_PAGES is defined, the second and more ** explicit error form is used; otherwise, the first and more generic ** form is used. */ #ifdef EXPLICIT_ERROR_PAGES #define ERROR_FORM(a,b) b #else /* EXPLICIT_ERROR_PAGES */ #define ERROR_FORM(a,b) a #endif /* EXPLICIT_ERROR_PAGES */ static char* ok200title = "OK"; static char* ok206title = "Partial Content"; static char* err302title = "Found"; static char* err302form = "The actual URL is '%.80s'.\n"; static char* err304title = "Not Modified"; char* httpd_err400title = "Bad Request"; char* httpd_err400form = "Your request has bad syntax or is inherently impossible to satisfy.\n"; #ifdef AUTH_FILE static char* err401title = "Unauthorized"; static char* err401form = "Authorization required for the URL '%.80s'.\n"; #endif /* AUTH_FILE */ static char* err403title = "Forbidden"; #ifndef EXPLICIT_ERROR_PAGES static char* err403form = "You do not have permission to get URL '%.80s' from this server.\n"; #endif /* !EXPLICIT_ERROR_PAGES */ static char* err404title = "Not Found"; static char* err404form = "The requested URL '%.80s' was not found on this server.\n"; char* httpd_err408title = "Request Timeout"; char* httpd_err408form = "No request appeared within a reasonable time period.\n"; static char* err451title = "Unavailable For Legal Reasons"; static char* err451form = "You do not have legal permission to get URL '%.80s' from this server.\n"; static char* err500title = "Internal Error"; static char* err500form = "There was an unusual problem serving the requested URL '%.80s'.\n"; static char* err501title = "Not Implemented"; static char* err501form = "The requested method '%.80s' is not implemented by this server.\n"; char* httpd_err503title = "Service Temporarily Overloaded"; char* httpd_err503form = "The requested URL '%.80s' is temporarily overloaded. Please try again later.\n"; /* Append a string to the buffer waiting to be sent as response. */ static void add_response( httpd_conn* hc, char* str ) { size_t len; len = strlen( str ); httpd_realloc_str( &hc->response, &hc->maxresponse, hc->responselen + len ); (void) memmove( &(hc->response[hc->responselen]), str, len ); hc->responselen += len; } /* Send the buffered response. */ void httpd_write_response( httpd_conn* hc ) { /* If we are in a sub-process, turn off no-delay mode. */ if ( sub_process ) httpd_clear_ndelay( hc->conn_fd ); /* Send the response, if necessary. */ if ( hc->responselen > 0 ) { (void) httpd_write_fully( hc->conn_fd, hc->response, hc->responselen ); hc->responselen = 0; } } /* Set no-delay / non-blocking mode on a socket. */ void httpd_set_ndelay( int fd ) { int flags, newflags; flags = fcntl( fd, F_GETFL, 0 ); if ( flags != -1 ) { newflags = flags | (int) O_NDELAY; if ( newflags != flags ) (void) fcntl( fd, F_SETFL, newflags ); } } /* Clear no-delay / non-blocking mode on a socket. */ void httpd_clear_ndelay( int fd ) { int flags, newflags; flags = fcntl( fd, F_GETFL, 0 ); if ( flags != -1 ) { newflags = flags & ~ (int) O_NDELAY; if ( newflags != flags ) (void) fcntl( fd, F_SETFL, newflags ); } } static void send_mime( httpd_conn* hc, int status, char* title, char* encodings, char* extraheads, char* type, off_t length, time_t mod ) { time_t now, expires; const char* rfc1123fmt = "%a, %d %b %Y %H:%M:%S GMT"; char nowbuf[100]; char modbuf[100]; char expbuf[100]; char fixed_type[500]; char buf[1000]; int partial_content; int s100; hc->status = status; hc->bytes_to_send = length; if ( hc->mime_flag ) { if ( status == 200 && hc->got_range && ( hc->last_byte_index >= hc->first_byte_index ) && ( ( hc->last_byte_index != length - 1 ) || ( hc->first_byte_index != 0 ) ) && ( hc->range_if == (time_t) -1 || hc->range_if == hc->sb.st_mtime ) ) { partial_content = 1; hc->status = status = 206; title = ok206title; } else { partial_content = 0; hc->got_range = 0; } now = time( (time_t*) 0 ); if ( mod == (time_t) 0 ) mod = now; (void) strftime( nowbuf, sizeof(nowbuf), rfc1123fmt, gmtime( &now ) ); (void) strftime( modbuf, sizeof(modbuf), rfc1123fmt, gmtime( &mod ) ); (void) my_snprintf( fixed_type, sizeof(fixed_type), type, hc->hs->charset ); (void) my_snprintf( buf, sizeof(buf), "%.20s %d %s\015\012Server: %s\015\012Content-Type: %s\015\012Date: %s\015\012Last-Modified: %s\015\012Accept-Ranges: bytes\015\012Connection: close\015\012", hc->protocol, status, title, EXPOSED_SERVER_SOFTWARE, fixed_type, nowbuf, modbuf ); add_response( hc, buf ); s100 = status / 100; if ( s100 != 2 && s100 != 3 ) { (void) my_snprintf( buf, sizeof(buf), "Cache-Control: no-cache,no-store\015\012" ); add_response( hc, buf ); } if ( encodings[0] != '\0' ) { (void) my_snprintf( buf, sizeof(buf), "Content-Encoding: %s\015\012", encodings ); add_response( hc, buf ); } if ( partial_content ) { (void) my_snprintf( buf, sizeof(buf), "Content-Range: bytes %lld-%lld/%lld\015\012Content-Length: %lld\015\012", (long long) hc->first_byte_index, (long long) hc->last_byte_index, (long long) length, (long long) ( hc->last_byte_index - hc->first_byte_index + 1 ) ); add_response( hc, buf ); } else if ( length >= 0 ) { (void) my_snprintf( buf, sizeof(buf), "Content-Length: %lld\015\012", (long long) length ); add_response( hc, buf ); } if ( hc->hs->p3p[0] != '\0' ) { (void) my_snprintf( buf, sizeof(buf), "P3P: %s\015\012", hc->hs->p3p ); add_response( hc, buf ); } if ( hc->hs->max_age >= 0 ) { expires = now + hc->hs->max_age; (void) strftime( expbuf, sizeof(expbuf), rfc1123fmt, gmtime( &expires ) ); (void) my_snprintf( buf, sizeof(buf), "Cache-Control: max-age=%d\015\012Expires: %s\015\012", hc->hs->max_age, expbuf ); add_response( hc, buf ); } if ( extraheads[0] != '\0' ) add_response( hc, extraheads ); add_response( hc, "\015\012" ); } } static int str_alloc_count = 0; static size_t str_alloc_size = 0; void httpd_realloc_str( char** strP, size_t* maxsizeP, size_t size ) { if ( *maxsizeP == 0 ) { *maxsizeP = MAX( 200, size + 100 ); *strP = NEW( char, *maxsizeP + 1 ); ++str_alloc_count; str_alloc_size += *maxsizeP; } else if ( size > *maxsizeP ) { str_alloc_size -= *maxsizeP; *maxsizeP = MAX( *maxsizeP * 2, size * 5 / 4 ); *strP = RENEW( *strP, char, *maxsizeP + 1 ); str_alloc_size += *maxsizeP; } else return; if ( *strP == (char*) 0 ) { syslog( LOG_ERR, "out of memory reallocating a string to %ld bytes", (long) *maxsizeP ); exit( 1 ); } } static void send_response( httpd_conn* hc, int status, char* title, char* extraheads, char* form, char* arg ) { char defanged_arg[1000], buf[2000]; send_mime( hc, status, title, "", extraheads, "text/html; charset=%s", (off_t) -1, (time_t) 0 ); (void) my_snprintf( buf, sizeof(buf), "\ \n\ \n\ \n\ \n\ \n\ \n\ %d %s\n\ \n\ \n\ \n\ \n\

%d %s

\n", status, title, status, title ); add_response( hc, buf ); defang( arg, defanged_arg, sizeof(defanged_arg) ); (void) my_snprintf( buf, sizeof(buf), form, defanged_arg ); add_response( hc, buf ); if ( match( "**MSIE**", hc->useragent ) ) { int n; add_response( hc, "\n" ); } send_response_tail( hc ); } static void send_response_tail( httpd_conn* hc ) { char buf[1000]; (void) my_snprintf( buf, sizeof(buf), "\
\n\ \n\
%s
\n\ \n\ \n\ \n\ \n", SERVER_ADDRESS, EXPOSED_SERVER_SOFTWARE ); add_response( hc, buf ); } static void defang( char* str, char* dfstr, int dfsize ) { char* cp1; char* cp2; for ( cp1 = str, cp2 = dfstr; *cp1 != '\0' && cp2 - dfstr < dfsize - 5; ++cp1, ++cp2 ) { switch ( *cp1 ) { case '<': *cp2++ = '&'; *cp2++ = 'l'; *cp2++ = 't'; *cp2 = ';'; break; case '>': *cp2++ = '&'; *cp2++ = 'g'; *cp2++ = 't'; *cp2 = ';'; break; default: *cp2 = *cp1; break; } } *cp2 = '\0'; } void httpd_send_err( httpd_conn* hc, int status, char* title, char* extraheads, char* form, char* arg ) { #ifdef ERR_DIR char filename[1000]; /* Try virtual host error page. */ if ( hc->hs->vhost && hc->hostdir[0] != '\0' ) { (void) my_snprintf( filename, sizeof(filename), "%s/%s/err%d.html", hc->hostdir, ERR_DIR, status ); if ( send_err_file( hc, status, title, extraheads, filename ) ) return; } /* Try server-wide error page. */ (void) my_snprintf( filename, sizeof(filename), "%s/err%d.html", ERR_DIR, status ); if ( send_err_file( hc, status, title, extraheads, filename ) ) return; /* Fall back on built-in error page. */ send_response( hc, status, title, extraheads, form, arg ); #else /* ERR_DIR */ send_response( hc, status, title, extraheads, form, arg ); #endif /* ERR_DIR */ } #ifdef ERR_DIR static int send_err_file( httpd_conn* hc, int status, char* title, char* extraheads, char* filename ) { FILE* fp; char buf[1000]; size_t r; fp = fopen( filename, "r" ); if ( fp == (FILE*) 0 ) return 0; send_mime( hc, status, title, "", extraheads, "text/html; charset=%s", (off_t) -1, (time_t) 0 ); for (;;) { r = fread( buf, 1, sizeof(buf) - 1, fp ); if ( r == 0 ) break; buf[r] = '\0'; add_response( hc, buf ); } (void) fclose( fp ); #ifdef ERR_APPEND_SERVER_INFO send_response_tail( hc ); #endif /* ERR_APPEND_SERVER_INFO */ return 1; } #endif /* ERR_DIR */ #ifdef AUTH_FILE static void send_authenticate( httpd_conn* hc, char* realm ) { static char* header; static size_t maxheader = 0; static char headstr[] = "WWW-Authenticate: Basic realm=\""; httpd_realloc_str( &header, &maxheader, sizeof(headstr) + strlen( realm ) + 3 ); (void) my_snprintf( header, maxheader, "%s%s\"\015\012", headstr, realm ); httpd_send_err( hc, 401, err401title, header, err401form, hc->encodedurl ); /* If the request was a POST then there might still be data to be read, ** so we need to do a lingering close. */ if ( hc->method == METHOD_POST ) hc->should_linger = 1; } /* Base-64 decoding. This represents binary data as printable ASCII ** characters. Three 8-bit binary bytes are turned into four 6-bit ** values, like so: ** ** [11111111] [22222222] [33333333] ** ** [111111] [112222] [222233] [333333] ** ** Then the 6-bit values are represented using the characters "A-Za-z0-9+/". */ static int b64_decode_table[256] = { -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 00-0F */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 10-1F */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,62,-1,-1,-1,63, /* 20-2F */ 52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-1,-1,-1, /* 30-3F */ -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14, /* 40-4F */ 15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1, /* 50-5F */ -1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40, /* 60-6F */ 41,42,43,44,45,46,47,48,49,50,51,-1,-1,-1,-1,-1, /* 70-7F */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 80-8F */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 90-9F */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* A0-AF */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* B0-BF */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* C0-CF */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* D0-DF */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* E0-EF */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1 /* F0-FF */ }; /* Do base-64 decoding on a string. Ignore any non-base64 bytes. ** Return the actual number of bytes generated. The decoded size will ** be at most 3/4 the size of the encoded, and may be smaller if there ** are padding characters (blanks, newlines). */ static int b64_decode( const char* str, unsigned char* space, int size ) { const char* cp; int space_idx, phase; int d, prev_d = 0; unsigned char c; space_idx = 0; phase = 0; for ( cp = str; *cp != '\0'; ++cp ) { d = b64_decode_table[(int) ((unsigned char) *cp)]; if ( d != -1 ) { switch ( phase ) { case 0: ++phase; break; case 1: c = ( ( prev_d << 2 ) | ( ( d & 0x30 ) >> 4 ) ); if ( space_idx < size ) space[space_idx++] = c; ++phase; break; case 2: c = ( ( ( prev_d & 0xf ) << 4 ) | ( ( d & 0x3c ) >> 2 ) ); if ( space_idx < size ) space[space_idx++] = c; ++phase; break; case 3: c = ( ( ( prev_d & 0x03 ) << 6 ) | d ); if ( space_idx < size ) space[space_idx++] = c; phase = 0; break; } prev_d = d; } } return space_idx; } /* Returns -1 == unauthorized, 0 == no auth file, 1 = authorized. */ static int auth_check( httpd_conn* hc, char* dirname ) { if ( hc->hs->global_passwd ) { char* topdir; if ( hc->hs->vhost && hc->hostdir[0] != '\0' ) topdir = hc->hostdir; else topdir = "."; switch ( auth_check2( hc, topdir ) ) { case -1: return -1; case 1: return 1; } } return auth_check2( hc, dirname ); } /* Returns -1 == unauthorized, 0 == no auth file, 1 = authorized. */ static int auth_check2( httpd_conn* hc, char* dirname ) { static char* authpath; static size_t maxauthpath = 0; struct stat sb; char authinfo[500]; char* authpass; char* colon; int l; FILE* fp; char line[500]; char* cryp; static char* prevauthpath; static size_t maxprevauthpath = 0; static time_t prevmtime; static char* prevuser; static size_t maxprevuser = 0; static char* prevcryp; static size_t maxprevcryp = 0; /* Construct auth filename. */ httpd_realloc_str( &authpath, &maxauthpath, strlen( dirname ) + 1 + sizeof(AUTH_FILE) ); (void) my_snprintf( authpath, maxauthpath, "%s/%s", dirname, AUTH_FILE ); /* Does this directory have an auth file? */ if ( stat( authpath, &sb ) < 0 ) /* Nope, let the request go through. */ return 0; /* Does this request contain basic authorization info? */ if ( hc->authorization[0] == '\0' || strncmp( hc->authorization, "Basic ", 6 ) != 0 ) { /* Nope, return a 401 Unauthorized. */ send_authenticate( hc, dirname ); return -1; } /* Decode it. */ l = b64_decode( &(hc->authorization[6]), (unsigned char*) authinfo, sizeof(authinfo) - 1 ); authinfo[l] = '\0'; /* Split into user and password. */ authpass = strchr( authinfo, ':' ); if ( authpass == (char*) 0 ) { /* No colon? Bogus auth info. */ send_authenticate( hc, dirname ); return -1; } *authpass++ = '\0'; /* If there are more fields, cut them off. */ colon = strchr( authpass, ':' ); if ( colon != (char*) 0 ) *colon = '\0'; /* See if we have a cached entry and can use it. */ if ( maxprevauthpath != 0 && strcmp( authpath, prevauthpath ) == 0 && sb.st_mtime == prevmtime && strcmp( authinfo, prevuser ) == 0 ) { /* Yes. Check against the cached encrypted password. */ if ( strcmp( crypt( authpass, prevcryp ), prevcryp ) == 0 ) { /* Ok! */ httpd_realloc_str( &hc->remoteuser, &hc->maxremoteuser, strlen( authinfo ) ); (void) strcpy( hc->remoteuser, authinfo ); return 1; } else { /* No. */ send_authenticate( hc, dirname ); return -1; } } /* Open the password file. */ fp = fopen( authpath, "r" ); if ( fp == (FILE*) 0 ) { /* The file exists but we can't open it? Disallow access. */ syslog( LOG_ERR, "%.80s auth file %.80s could not be opened - %m", httpd_ntoa( &hc->client_addr ), authpath ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "The requested URL '%.80s' is protected by an authentication file, but the authentication file cannot be opened.\n" ), hc->encodedurl ); return -1; } /* Read it. */ while ( fgets( line, sizeof(line), fp ) != (char*) 0 ) { /* Nuke newline. */ l = strlen( line ); if ( line[l - 1] == '\n' ) line[l - 1] = '\0'; /* Split into user and encrypted password. */ cryp = strchr( line, ':' ); if ( cryp == (char*) 0 ) continue; *cryp++ = '\0'; /* Is this the right user? */ if ( strcmp( line, authinfo ) == 0 ) { /* Yes. */ (void) fclose( fp ); /* So is the password right? */ if ( strcmp( crypt( authpass, cryp ), cryp ) == 0 ) { /* Ok! */ httpd_realloc_str( &hc->remoteuser, &hc->maxremoteuser, strlen( line ) ); (void) strcpy( hc->remoteuser, line ); /* And cache this user's info for next time. */ httpd_realloc_str( &prevauthpath, &maxprevauthpath, strlen( authpath ) ); (void) strcpy( prevauthpath, authpath ); prevmtime = sb.st_mtime; httpd_realloc_str( &prevuser, &maxprevuser, strlen( authinfo ) ); (void) strcpy( prevuser, authinfo ); httpd_realloc_str( &prevcryp, &maxprevcryp, strlen( cryp ) ); (void) strcpy( prevcryp, cryp ); return 1; } else { /* No. */ send_authenticate( hc, dirname ); return -1; } } } /* Didn't find that user. Access denied. */ (void) fclose( fp ); send_authenticate( hc, dirname ); return -1; } #endif /* AUTH_FILE */ static void send_dirredirect( httpd_conn* hc ) { static char* location; static char* header; static size_t maxlocation = 0, maxheader = 0; static char headstr[] = "Location: "; if ( hc->query[0] != '\0') { char* cp = strchr( hc->encodedurl, '?' ); if ( cp != (char*) 0 ) /* should always find it */ *cp = '\0'; httpd_realloc_str( &location, &maxlocation, strlen( hc->encodedurl ) + 2 + strlen( hc->query ) ); (void) my_snprintf( location, maxlocation, "%s/?%s", hc->encodedurl, hc->query ); } else { httpd_realloc_str( &location, &maxlocation, strlen( hc->encodedurl ) + 1 ); (void) my_snprintf( location, maxlocation, "%s/", hc->encodedurl ); } httpd_realloc_str( &header, &maxheader, sizeof(headstr) + strlen( location ) ); (void) my_snprintf( header, maxheader, "%s%s\015\012", headstr, location ); send_response( hc, 302, err302title, header, err302form, location ); } char* httpd_method_str( int method ) { switch ( method ) { case METHOD_GET: return "GET"; case METHOD_HEAD: return "HEAD"; case METHOD_POST: return "POST"; case METHOD_PUT: return "PUT"; case METHOD_DELETE: return "DELETE"; case METHOD_TRACE: return "TRACE"; default: return "UNKNOWN"; } } static int hexit( char c ) { if ( c >= '0' && c <= '9' ) return c - '0'; if ( c >= 'a' && c <= 'f' ) return c - 'a' + 10; if ( c >= 'A' && c <= 'F' ) return c - 'A' + 10; return 0; /* shouldn't happen, we're guarded by isxdigit() */ } /* Copies and decodes a string. It's ok for from and to to be the ** same string. */ static void strdecode( char* to, char* from ) { for ( ; *from != '\0'; ++to, ++from ) { if ( from[0] == '%' && isxdigit( from[1] ) && isxdigit( from[2] ) ) { *to = hexit( from[1] ) * 16 + hexit( from[2] ); from += 2; } else *to = *from; } *to = '\0'; } #ifdef GENERATE_INDEXES /* Copies and encodes a string. */ static void strencode( char* to, int tosize, char* from ) { int tolen; for ( tolen = 0; *from != '\0' && tolen + 4 < tosize; ++from ) { if ( isalnum(*from) || strchr( "/_.-~", *from ) != (char*) 0 ) { *to = *from; ++to; ++tolen; } else { (void) sprintf( to, "%%%02x", (int) *from & 0xff ); to += 3; tolen += 3; } } *to = '\0'; } #endif /* GENERATE_INDEXES */ #ifdef TILDE_MAP_1 /* Map a ~username/whatever URL into /username. */ static int tilde_map_1( httpd_conn* hc ) { static char* temp; static size_t maxtemp = 0; int len; static char* prefix = TILDE_MAP_1; len = strlen( hc->expnfilename ) - 1; httpd_realloc_str( &temp, &maxtemp, len ); (void) strcpy( temp, &hc->expnfilename[1] ); httpd_realloc_str( &hc->expnfilename, &hc->maxexpnfilename, strlen( prefix ) + 1 + len ); (void) strcpy( hc->expnfilename, prefix ); if ( prefix[0] != '\0' ) (void) strcat( hc->expnfilename, "/" ); (void) strcat( hc->expnfilename, temp ); return 1; } #endif /* TILDE_MAP_1 */ #ifdef TILDE_MAP_2 /* Map a ~username/whatever URL into /. */ static int tilde_map_2( httpd_conn* hc ) { static char* temp; static size_t maxtemp = 0; static char* postfix = TILDE_MAP_2; char* cp; struct passwd* pw; char* alt; char* rest; /* Get the username. */ httpd_realloc_str( &temp, &maxtemp, strlen( hc->expnfilename ) - 1 ); (void) strcpy( temp, &hc->expnfilename[1] ); cp = strchr( temp, '/' ); if ( cp != (char*) 0 ) *cp++ = '\0'; else cp = ""; /* Get the passwd entry. */ pw = getpwnam( temp ); if ( pw == (struct passwd*) 0 ) return 0; /* Set up altdir. */ httpd_realloc_str( &hc->altdir, &hc->maxaltdir, strlen( pw->pw_dir ) + 1 + strlen( postfix ) ); (void) strcpy( hc->altdir, pw->pw_dir ); if ( postfix[0] != '\0' ) { (void) strcat( hc->altdir, "/" ); (void) strcat( hc->altdir, postfix ); } alt = expand_symlinks( hc->altdir, &rest, 0, 1 ); if ( rest[0] != '\0' ) return 0; httpd_realloc_str( &hc->altdir, &hc->maxaltdir, strlen( alt ) ); (void) strcpy( hc->altdir, alt ); /* And the filename becomes altdir plus the post-~ part of the original. */ httpd_realloc_str( &hc->expnfilename, &hc->maxexpnfilename, strlen( hc->altdir ) + 1 + strlen( cp ) ); (void) my_snprintf( hc->expnfilename, hc->maxexpnfilename, "%s/%s", hc->altdir, cp ); /* For this type of tilde mapping, we want to defeat vhost mapping. */ hc->tildemapped = 1; return 1; } #endif /* TILDE_MAP_2 */ /* Virtual host mapping. */ static int vhost_map( httpd_conn* hc ) { httpd_sockaddr sa; socklen_t sz; static char* tempfilename; static size_t maxtempfilename = 0; char* cp1; int len; #ifdef VHOST_DIRLEVELS int i; char* cp2; #endif /* VHOST_DIRLEVELS */ /* Figure out the virtual hostname. */ if ( hc->reqhost[0] != '\0' ) hc->hostname = hc->reqhost; else if ( hc->hdrhost[0] != '\0' ) hc->hostname = hc->hdrhost; else { sz = sizeof(sa); if ( getsockname( hc->conn_fd, &sa.sa, &sz ) < 0 ) { syslog( LOG_ERR, "getsockname - %m" ); return 0; } hc->hostname = httpd_ntoa( &sa ); } /* Pound it to lower case. */ for ( cp1 = hc->hostname; *cp1 != '\0'; ++cp1 ) if ( isupper( *cp1 ) ) *cp1 = tolower( *cp1 ); if ( hc->tildemapped ) return 1; /* Figure out the host directory. */ #ifdef VHOST_DIRLEVELS httpd_realloc_str( &hc->hostdir, &hc->maxhostdir, strlen( hc->hostname ) + 2 * VHOST_DIRLEVELS ); if ( strncmp( hc->hostname, "www.", 4 ) == 0 ) cp1 = &hc->hostname[4]; else cp1 = hc->hostname; for ( cp2 = hc->hostdir, i = 0; i < VHOST_DIRLEVELS; ++i ) { /* Skip dots in the hostname. If we don't, then we get vhost ** directories in higher level of filestructure if dot gets ** involved into path construction. It's `while' used here instead ** of `if' for it's possible to have a hostname formed with two ** dots at the end of it. */ while ( *cp1 == '.' ) ++cp1; /* Copy a character from the hostname, or '_' if we ran out. */ if ( *cp1 != '\0' ) *cp2++ = *cp1++; else *cp2++ = '_'; /* Copy a slash. */ *cp2++ = '/'; } (void) strcpy( cp2, hc->hostname ); #else /* VHOST_DIRLEVELS */ httpd_realloc_str( &hc->hostdir, &hc->maxhostdir, strlen( hc->hostname ) ); (void) strcpy( hc->hostdir, hc->hostname ); #endif /* VHOST_DIRLEVELS */ /* Prepend hostdir to the filename. */ len = strlen( hc->expnfilename ); httpd_realloc_str( &tempfilename, &maxtempfilename, len ); (void) strcpy( tempfilename, hc->expnfilename ); httpd_realloc_str( &hc->expnfilename, &hc->maxexpnfilename, strlen( hc->hostdir ) + 1 + len ); (void) strcpy( hc->expnfilename, hc->hostdir ); (void) strcat( hc->expnfilename, "/" ); (void) strcat( hc->expnfilename, tempfilename ); return 1; } /* Expands all symlinks in the given filename, eliding ..'s and leading /'s. ** Returns the expanded path (pointer to static string), or (char*) 0 on ** errors. Also returns, in the string pointed to by restP, any trailing ** parts of the path that don't exist. ** ** This is a fairly nice little routine. It handles any size filenames ** without excessive mallocs. */ static char* expand_symlinks( char* path, char** restP, int no_symlink_check, int tildemapped ) { static char* checked; static char* rest; char lnk[5000]; static size_t maxchecked = 0, maxrest = 0; size_t checkedlen, restlen, linklen, prevcheckedlen, prevrestlen; int nlinks, i; char* r; char* cp1; char* cp2; if ( no_symlink_check ) { /* If we are chrooted, we can actually skip the symlink-expansion, ** since it's impossible to get out of the tree. However, we still ** need to do the pathinfo check, and the existing symlink expansion ** code is a pretty reasonable way to do this. So, what we do is ** a single stat() of the whole filename - if it exists, then we ** return it as is with nothing in restP. If it doesn't exist, we ** fall through to the existing code. ** ** One side-effect of this is that users can't symlink to central ** approved CGIs any more. The workaround is to use the central ** URL for the CGI instead of a local symlinked one. */ struct stat sb; if ( stat( path, &sb ) != -1 ) { checkedlen = strlen( path ); httpd_realloc_str( &checked, &maxchecked, checkedlen ); (void) strcpy( checked, path ); /* Trim trailing slashes. */ while ( checked[checkedlen - 1] == '/' ) { checked[checkedlen - 1] = '\0'; --checkedlen; } httpd_realloc_str( &rest, &maxrest, 0 ); rest[0] = '\0'; *restP = rest; return checked; } } /* Start out with nothing in checked and the whole filename in rest. */ httpd_realloc_str( &checked, &maxchecked, 1 ); checked[0] = '\0'; checkedlen = 0; restlen = strlen( path ); httpd_realloc_str( &rest, &maxrest, restlen ); (void) strcpy( rest, path ); if ( rest[restlen - 1] == '/' ) rest[--restlen] = '\0'; /* trim trailing slash */ if ( ! tildemapped ) /* Remove any leading slashes. */ while ( rest[0] == '/' ) { (void) ol_strcpy( rest, &(rest[1]) ); --restlen; } r = rest; nlinks = 0; /* While there are still components to check... */ while ( restlen > 0 ) { /* Save current checkedlen in case we get a symlink. Save current ** restlen in case we get a non-existant component. */ prevcheckedlen = checkedlen; prevrestlen = restlen; /* Grab one component from r and transfer it to checked. */ cp1 = strchr( r, '/' ); if ( cp1 != (char*) 0 ) { i = cp1 - r; if ( i == 0 ) { /* Special case for absolute paths. */ httpd_realloc_str( &checked, &maxchecked, checkedlen + 1 ); (void) strncpy( &checked[checkedlen], r, 1 ); checkedlen += 1; } else if ( strncmp( r, "..", MAX( i, 2 ) ) == 0 ) { /* Ignore ..'s that go above the start of the path. */ if ( checkedlen != 0 ) { cp2 = strrchr( checked, '/' ); if ( cp2 == (char*) 0 ) checkedlen = 0; else if ( cp2 == checked ) checkedlen = 1; else checkedlen = cp2 - checked; } } else { httpd_realloc_str( &checked, &maxchecked, checkedlen + 1 + i ); if ( checkedlen > 0 && checked[checkedlen-1] != '/' ) checked[checkedlen++] = '/'; (void) strncpy( &checked[checkedlen], r, i ); checkedlen += i; } checked[checkedlen] = '\0'; r += i + 1; restlen -= i + 1; } else { /* No slashes remaining, r is all one component. */ if ( strcmp( r, ".." ) == 0 ) { /* Ignore ..'s that go above the start of the path. */ if ( checkedlen != 0 ) { cp2 = strrchr( checked, '/' ); if ( cp2 == (char*) 0 ) checkedlen = 0; else if ( cp2 == checked ) checkedlen = 1; else checkedlen = cp2 - checked; checked[checkedlen] = '\0'; } } else { httpd_realloc_str( &checked, &maxchecked, checkedlen + 1 + restlen ); if ( checkedlen > 0 && checked[checkedlen-1] != '/' ) checked[checkedlen++] = '/'; (void) strcpy( &checked[checkedlen], r ); checkedlen += restlen; } r += restlen; restlen = 0; } /* Try reading the current filename as a symlink */ if ( checked[0] == '\0' ) continue; linklen = readlink( checked, lnk, sizeof(lnk) - 1 ); if ( linklen == -1 ) { if ( errno == EINVAL ) continue; /* not a symlink */ if ( errno == EACCES || errno == ENOENT || errno == ENOTDIR ) { /* That last component was bogus. Restore and return. */ *restP = r - ( prevrestlen - restlen ); if ( prevcheckedlen == 0 ) (void) strcpy( checked, "." ); else checked[prevcheckedlen] = '\0'; return checked; } syslog( LOG_ERR, "readlink %.80s - %m", checked ); return (char*) 0; } ++nlinks; if ( nlinks > MAX_LINKS ) { syslog( LOG_ERR, "too many symlinks in %.80s", path ); return (char*) 0; } lnk[linklen] = '\0'; if ( lnk[linklen - 1] == '/' ) lnk[--linklen] = '\0'; /* trim trailing slash */ /* Insert the link contents in front of the rest of the filename. */ if ( restlen != 0 ) { (void) ol_strcpy( rest, r ); httpd_realloc_str( &rest, &maxrest, restlen + linklen + 1 ); for ( i = restlen; i >= 0; --i ) rest[i + linklen + 1] = rest[i]; (void) strcpy( rest, lnk ); rest[linklen] = '/'; restlen += linklen + 1; r = rest; } else { /* There's nothing left in the filename, so the link contents ** becomes the rest. */ httpd_realloc_str( &rest, &maxrest, linklen ); (void) strcpy( rest, lnk ); restlen = linklen; r = rest; } if ( rest[0] == '/' ) { /* There must have been an absolute symlink - zero out checked. */ checked[0] = '\0'; checkedlen = 0; } else { /* Re-check this component. */ checkedlen = prevcheckedlen; checked[checkedlen] = '\0'; } } /* Ok. */ *restP = r; if ( checked[0] == '\0' ) (void) strcpy( checked, "." ); return checked; } int httpd_get_conn( httpd_server* hs, int listen_fd, httpd_conn* hc ) { httpd_sockaddr sa; socklen_t sz; if ( ! hc->initialized ) { hc->read_size = 0; httpd_realloc_str( &hc->read_buf, &hc->read_size, 500 ); hc->maxdecodedurl = hc->maxorigfilename = hc->maxexpnfilename = hc->maxencodings = hc->maxpathinfo = hc->maxquery = hc->maxaccept = hc->maxaccepte = hc->maxreqhost = hc->maxhostdir = hc->maxremoteuser = hc->maxresponse = 0; #ifdef TILDE_MAP_2 hc->maxaltdir = 0; #endif /* TILDE_MAP_2 */ httpd_realloc_str( &hc->decodedurl, &hc->maxdecodedurl, 1 ); httpd_realloc_str( &hc->origfilename, &hc->maxorigfilename, 1 ); httpd_realloc_str( &hc->expnfilename, &hc->maxexpnfilename, 0 ); httpd_realloc_str( &hc->encodings, &hc->maxencodings, 0 ); httpd_realloc_str( &hc->pathinfo, &hc->maxpathinfo, 0 ); httpd_realloc_str( &hc->query, &hc->maxquery, 0 ); httpd_realloc_str( &hc->accept, &hc->maxaccept, 0 ); httpd_realloc_str( &hc->accepte, &hc->maxaccepte, 0 ); httpd_realloc_str( &hc->reqhost, &hc->maxreqhost, 0 ); httpd_realloc_str( &hc->hostdir, &hc->maxhostdir, 0 ); httpd_realloc_str( &hc->remoteuser, &hc->maxremoteuser, 0 ); httpd_realloc_str( &hc->response, &hc->maxresponse, 0 ); #ifdef TILDE_MAP_2 httpd_realloc_str( &hc->altdir, &hc->maxaltdir, 0 ); #endif /* TILDE_MAP_2 */ hc->initialized = 1; } /* Accept the new connection. */ sz = sizeof(sa); hc->conn_fd = accept( listen_fd, &sa.sa, &sz ); if ( hc->conn_fd < 0 ) { if ( errno == EWOULDBLOCK ) return GC_NO_MORE; /* ECONNABORTED means the connection was closed by the client while ** it was waiting in the listen queue. It's not worth logging. */ if ( errno != ECONNABORTED ) syslog( LOG_ERR, "accept - %m" ); return GC_FAIL; } if ( ! sockaddr_check( &sa ) ) { syslog( LOG_ERR, "unknown sockaddr family" ); close( hc->conn_fd ); hc->conn_fd = -1; return GC_FAIL; } (void) fcntl( hc->conn_fd, F_SETFD, 1 ); hc->hs = hs; (void) memset( &hc->client_addr, 0, sizeof(hc->client_addr) ); (void) memmove( &hc->client_addr, &sa, sockaddr_len( &sa ) ); hc->read_idx = 0; hc->checked_idx = 0; hc->checked_state = CHST_FIRSTWORD; hc->method = METHOD_UNKNOWN; hc->status = 0; hc->bytes_to_send = 0; hc->bytes_sent = 0; hc->encodedurl = ""; hc->decodedurl[0] = '\0'; hc->protocol = "UNKNOWN"; hc->origfilename[0] = '\0'; hc->expnfilename[0] = '\0'; hc->encodings[0] = '\0'; hc->pathinfo[0] = '\0'; hc->query[0] = '\0'; hc->referrer = ""; hc->useragent = ""; hc->accept[0] = '\0'; hc->accepte[0] = '\0'; hc->acceptl = ""; hc->cookie = ""; hc->contenttype = ""; hc->reqhost[0] = '\0'; hc->hdrhost = ""; hc->hostdir[0] = '\0'; hc->authorization = ""; hc->remoteuser[0] = '\0'; hc->response[0] = '\0'; #ifdef TILDE_MAP_2 hc->altdir[0] = '\0'; #endif /* TILDE_MAP_2 */ hc->responselen = 0; hc->if_modified_since = (time_t) -1; hc->range_if = (time_t) -1; hc->contentlength = -1; hc->type = ""; hc->hostname = (char*) 0; hc->mime_flag = 1; hc->one_one = 0; hc->got_range = 0; hc->tildemapped = 0; hc->first_byte_index = 0; hc->last_byte_index = -1; hc->keep_alive = 0; hc->should_linger = 0; hc->file_address = (char*) 0; return GC_OK; } /* Checks hc->read_buf to see whether a complete request has been read so far; ** either the first line has two words (an HTTP/0.9 request), or the first ** line has three words and there's a blank line present. ** ** hc->read_idx is how much has been read in; hc->checked_idx is how much we ** have checked so far; and hc->checked_state is the current state of the ** finite state machine. */ int httpd_got_request( httpd_conn* hc ) { char c; for ( ; hc->checked_idx < hc->read_idx; ++hc->checked_idx ) { c = hc->read_buf[hc->checked_idx]; switch ( hc->checked_state ) { case CHST_FIRSTWORD: switch ( c ) { case ' ': case '\t': hc->checked_state = CHST_FIRSTWS; break; case '\012': case '\015': hc->checked_state = CHST_BOGUS; return GR_BAD_REQUEST; } break; case CHST_FIRSTWS: switch ( c ) { case ' ': case '\t': break; case '\012': case '\015': hc->checked_state = CHST_BOGUS; return GR_BAD_REQUEST; default: hc->checked_state = CHST_SECONDWORD; break; } break; case CHST_SECONDWORD: switch ( c ) { case ' ': case '\t': hc->checked_state = CHST_SECONDWS; break; case '\012': case '\015': /* The first line has only two words - an HTTP/0.9 request. */ return GR_GOT_REQUEST; } break; case CHST_SECONDWS: switch ( c ) { case ' ': case '\t': break; case '\012': case '\015': hc->checked_state = CHST_BOGUS; return GR_BAD_REQUEST; default: hc->checked_state = CHST_THIRDWORD; break; } break; case CHST_THIRDWORD: switch ( c ) { case ' ': case '\t': hc->checked_state = CHST_THIRDWS; break; case '\012': hc->checked_state = CHST_LF; break; case '\015': hc->checked_state = CHST_CR; break; } break; case CHST_THIRDWS: switch ( c ) { case ' ': case '\t': break; case '\012': hc->checked_state = CHST_LF; break; case '\015': hc->checked_state = CHST_CR; break; default: hc->checked_state = CHST_BOGUS; return GR_BAD_REQUEST; } break; case CHST_LINE: switch ( c ) { case '\012': hc->checked_state = CHST_LF; break; case '\015': hc->checked_state = CHST_CR; break; } break; case CHST_LF: switch ( c ) { case '\012': /* Two newlines in a row - a blank line - end of request. */ return GR_GOT_REQUEST; case '\015': hc->checked_state = CHST_CR; break; default: hc->checked_state = CHST_LINE; break; } break; case CHST_CR: switch ( c ) { case '\012': hc->checked_state = CHST_CRLF; break; case '\015': /* Two returns in a row - end of request. */ return GR_GOT_REQUEST; default: hc->checked_state = CHST_LINE; break; } break; case CHST_CRLF: switch ( c ) { case '\012': /* Two newlines in a row - end of request. */ return GR_GOT_REQUEST; case '\015': hc->checked_state = CHST_CRLFCR; break; default: hc->checked_state = CHST_LINE; break; } break; case CHST_CRLFCR: switch ( c ) { case '\012': case '\015': /* Two CRLFs or two CRs in a row - end of request. */ return GR_GOT_REQUEST; default: hc->checked_state = CHST_LINE; break; } break; case CHST_BOGUS: return GR_BAD_REQUEST; } } return GR_NO_REQUEST; } int httpd_parse_request( httpd_conn* hc ) { char* buf; char* method_str; char* url; char* protocol; char* reqhost; char* eol; char* cp; char* pi; hc->checked_idx = 0; /* reset */ method_str = bufgets( hc ); url = strpbrk( method_str, " \t\012\015" ); if ( url == (char*) 0 ) { httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" ); return -1; } *url++ = '\0'; url += strspn( url, " \t\012\015" ); protocol = strpbrk( url, " \t\012\015" ); if ( protocol == (char*) 0 ) { protocol = "HTTP/0.9"; hc->mime_flag = 0; } else { *protocol++ = '\0'; protocol += strspn( protocol, " \t\012\015" ); if ( *protocol != '\0' ) { eol = strpbrk( protocol, " \t\012\015" ); if ( eol != (char*) 0 ) *eol = '\0'; if ( strcasecmp( protocol, "HTTP/1.0" ) != 0 ) hc->one_one = 1; } } hc->protocol = protocol; /* Check for HTTP/1.1 absolute URL. */ if ( strncasecmp( url, "http://", 7 ) == 0 ) { if ( ! hc->one_one ) { httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" ); return -1; } reqhost = url + 7; url = strchr( reqhost, '/' ); if ( url == (char*) 0 ) { httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" ); return -1; } *url = '\0'; if ( strchr( reqhost, '/' ) != (char*) 0 || reqhost[0] == '.' ) { httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" ); return -1; } httpd_realloc_str( &hc->reqhost, &hc->maxreqhost, strlen( reqhost ) ); (void) strcpy( hc->reqhost, reqhost ); *url = '/'; } if ( *url != '/' ) { httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" ); return -1; } if ( strcasecmp( method_str, httpd_method_str( METHOD_GET ) ) == 0 ) hc->method = METHOD_GET; else if ( strcasecmp( method_str, httpd_method_str( METHOD_HEAD ) ) == 0 ) hc->method = METHOD_HEAD; else if ( strcasecmp( method_str, httpd_method_str( METHOD_POST ) ) == 0 ) hc->method = METHOD_POST; else if ( strcasecmp( method_str, httpd_method_str( METHOD_PUT ) ) == 0 ) hc->method = METHOD_PUT; else if ( strcasecmp( method_str, httpd_method_str( METHOD_DELETE ) ) == 0 ) hc->method = METHOD_DELETE; else if ( strcasecmp( method_str, httpd_method_str( METHOD_TRACE ) ) == 0 ) hc->method = METHOD_TRACE; else { httpd_send_err( hc, 501, err501title, "", err501form, method_str ); return -1; } hc->encodedurl = url; httpd_realloc_str( &hc->decodedurl, &hc->maxdecodedurl, strlen( hc->encodedurl ) ); strdecode( hc->decodedurl, hc->encodedurl ); httpd_realloc_str( &hc->origfilename, &hc->maxorigfilename, strlen( hc->decodedurl ) ); (void) strcpy( hc->origfilename, &hc->decodedurl[1] ); /* Special case for top-level URL. */ if ( hc->origfilename[0] == '\0' ) (void) strcpy( hc->origfilename, "." ); /* Extract query string from encoded URL. */ cp = strchr( hc->encodedurl, '?' ); if ( cp != (char*) 0 ) { ++cp; httpd_realloc_str( &hc->query, &hc->maxquery, strlen( cp ) ); (void) strcpy( hc->query, cp ); /* Remove query from (decoded) origfilename. */ cp = strchr( hc->origfilename, '?' ); if ( cp != (char*) 0 ) *cp = '\0'; } de_dotdot( hc->origfilename ); if ( hc->origfilename[0] == '/' || ( hc->origfilename[0] == '.' && hc->origfilename[1] == '.' && ( hc->origfilename[2] == '\0' || hc->origfilename[2] == '/' ) ) ) { httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" ); return -1; } if ( hc->mime_flag ) { /* Read the MIME headers. */ while ( ( buf = bufgets( hc ) ) != (char*) 0 ) { if ( buf[0] == '\0' ) break; if ( strncasecmp( buf, "Referer:", 8 ) == 0 ) { cp = &buf[8]; cp += strspn( cp, " \t" ); hc->referrer = cp; } else if ( strncasecmp( buf, "Referrer:", 9 ) == 0 ) { cp = &buf[9]; cp += strspn( cp, " \t" ); hc->referrer = cp; } else if ( strncasecmp( buf, "User-Agent:", 11 ) == 0 ) { cp = &buf[11]; cp += strspn( cp, " \t" ); hc->useragent = cp; } else if ( strncasecmp( buf, "Host:", 5 ) == 0 ) { cp = &buf[5]; cp += strspn( cp, " \t" ); hc->hdrhost = cp; cp = strchr( hc->hdrhost, ':' ); if ( cp != (char*) 0 ) *cp = '\0'; if ( strchr( hc->hdrhost, '/' ) != (char*) 0 || hc->hdrhost[0] == '.' ) { httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" ); return -1; } } else if ( strncasecmp( buf, "Accept:", 7 ) == 0 ) { cp = &buf[7]; cp += strspn( cp, " \t" ); if ( hc->accept[0] != '\0' ) { if ( strlen( hc->accept ) > 5000 ) { syslog( LOG_ERR, "%.80s way too much Accept: data", httpd_ntoa( &hc->client_addr ) ); continue; } httpd_realloc_str( &hc->accept, &hc->maxaccept, strlen( hc->accept ) + 2 + strlen( cp ) ); (void) strcat( hc->accept, ", " ); } else httpd_realloc_str( &hc->accept, &hc->maxaccept, strlen( cp ) ); (void) strcat( hc->accept, cp ); } else if ( strncasecmp( buf, "Accept-Encoding:", 16 ) == 0 ) { cp = &buf[16]; cp += strspn( cp, " \t" ); if ( hc->accepte[0] != '\0' ) { if ( strlen( hc->accepte ) > 5000 ) { syslog( LOG_ERR, "%.80s way too much Accept-Encoding: data", httpd_ntoa( &hc->client_addr ) ); continue; } httpd_realloc_str( &hc->accepte, &hc->maxaccepte, strlen( hc->accepte ) + 2 + strlen( cp ) ); (void) strcat( hc->accepte, ", " ); } else httpd_realloc_str( &hc->accepte, &hc->maxaccepte, strlen( cp ) ); (void) strcpy( hc->accepte, cp ); } else if ( strncasecmp( buf, "Accept-Language:", 16 ) == 0 ) { cp = &buf[16]; cp += strspn( cp, " \t" ); hc->acceptl = cp; } else if ( strncasecmp( buf, "If-Modified-Since:", 18 ) == 0 ) { cp = &buf[18]; hc->if_modified_since = tdate_parse( cp ); if ( hc->if_modified_since == (time_t) -1 ) syslog( LOG_DEBUG, "unparsable time: %.80s", cp ); } else if ( strncasecmp( buf, "Cookie:", 7 ) == 0 ) { cp = &buf[7]; cp += strspn( cp, " \t" ); hc->cookie = cp; } else if ( strncasecmp( buf, "Range:", 6 ) == 0 ) { /* Only support %d- and %d-%d, not %d-%d,%d-%d or -%d. */ if ( strchr( buf, ',' ) == (char*) 0 ) { char* cp_dash; cp = strpbrk( buf, "=" ); if ( cp != (char*) 0 ) { cp_dash = strchr( cp + 1, '-' ); if ( cp_dash != (char*) 0 && cp_dash != cp + 1 ) { *cp_dash = '\0'; hc->got_range = 1; hc->first_byte_index = atoll( cp + 1 ); if ( hc->first_byte_index < 0 ) hc->first_byte_index = 0; if ( isdigit( (int) cp_dash[1] ) ) { hc->last_byte_index = atoll( cp_dash + 1 ); if ( hc->last_byte_index < 0 ) hc->last_byte_index = -1; } } } } } else if ( strncasecmp( buf, "Range-If:", 9 ) == 0 || strncasecmp( buf, "If-Range:", 9 ) == 0 ) { cp = &buf[9]; hc->range_if = tdate_parse( cp ); if ( hc->range_if == (time_t) -1 ) syslog( LOG_DEBUG, "unparsable time: %.80s", cp ); } else if ( strncasecmp( buf, "Content-Type:", 13 ) == 0 ) { cp = &buf[13]; cp += strspn( cp, " \t" ); hc->contenttype = cp; } else if ( strncasecmp( buf, "Content-Length:", 15 ) == 0 ) { cp = &buf[15]; hc->contentlength = atol( cp ); } else if ( strncasecmp( buf, "Authorization:", 14 ) == 0 ) { cp = &buf[14]; cp += strspn( cp, " \t" ); hc->authorization = cp; } else if ( strncasecmp( buf, "Connection:", 11 ) == 0 ) { cp = &buf[11]; cp += strspn( cp, " \t" ); if ( strcasecmp( cp, "keep-alive" ) == 0 ) hc->keep_alive = 1; } #ifdef LOG_UNKNOWN_HEADERS else if ( strncasecmp( buf, "Accept-Charset:", 15 ) == 0 || strncasecmp( buf, "Accept-Language:", 16 ) == 0 || strncasecmp( buf, "Agent:", 6 ) == 0 || strncasecmp( buf, "Cache-Control:", 14 ) == 0 || strncasecmp( buf, "Cache-Info:", 11 ) == 0 || strncasecmp( buf, "Charge-To:", 10 ) == 0 || strncasecmp( buf, "Client-IP:", 10 ) == 0 || strncasecmp( buf, "Date:", 5 ) == 0 || strncasecmp( buf, "Extension:", 10 ) == 0 || strncasecmp( buf, "Forwarded:", 10 ) == 0 || strncasecmp( buf, "From:", 5 ) == 0 || strncasecmp( buf, "HTTP-Version:", 13 ) == 0 || strncasecmp( buf, "Max-Forwards:", 13 ) == 0 || strncasecmp( buf, "Message-Id:", 11 ) == 0 || strncasecmp( buf, "MIME-Version:", 13 ) == 0 || strncasecmp( buf, "Negotiate:", 10 ) == 0 || strncasecmp( buf, "Pragma:", 7 ) == 0 || strncasecmp( buf, "Proxy-Agent:", 12 ) == 0 || strncasecmp( buf, "Proxy-Connection:", 17 ) == 0 || strncasecmp( buf, "Security-Scheme:", 16 ) == 0 || strncasecmp( buf, "Session-Id:", 11 ) == 0 || strncasecmp( buf, "UA-Color:", 9 ) == 0 || strncasecmp( buf, "UA-CPU:", 7 ) == 0 || strncasecmp( buf, "UA-Disp:", 8 ) == 0 || strncasecmp( buf, "UA-OS:", 6 ) == 0 || strncasecmp( buf, "UA-Pixels:", 10 ) == 0 || strncasecmp( buf, "User:", 5 ) == 0 || strncasecmp( buf, "Via:", 4 ) == 0 || strncasecmp( buf, "X-", 2 ) == 0 ) ; /* ignore */ else syslog( LOG_DEBUG, "unknown request header: %.80s", buf ); #endif /* LOG_UNKNOWN_HEADERS */ } } if ( hc->one_one ) { /* Check that HTTP/1.1 requests specify a host, as required. */ if ( hc->reqhost[0] == '\0' && hc->hdrhost[0] == '\0' ) { httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" ); return -1; } /* If the client wants to do keep-alives, it might also be doing ** pipelining. There's no way for us to tell. Since we don't ** implement keep-alives yet, if we close such a connection there ** might be unread pipelined requests waiting. So, we have to ** do a lingering close. */ if ( hc->keep_alive ) hc->should_linger = 1; } /* Ok, the request has been parsed. Now we resolve stuff that ** may require the entire request. */ /* Copy original filename to expanded filename. */ httpd_realloc_str( &hc->expnfilename, &hc->maxexpnfilename, strlen( hc->origfilename ) ); (void) strcpy( hc->expnfilename, hc->origfilename ); /* Tilde mapping. */ if ( hc->expnfilename[0] == '~' ) { #ifdef TILDE_MAP_1 if ( ! tilde_map_1( hc ) ) { httpd_send_err( hc, 404, err404title, "", err404form, hc->encodedurl ); return -1; } #endif /* TILDE_MAP_1 */ #ifdef TILDE_MAP_2 if ( ! tilde_map_2( hc ) ) { httpd_send_err( hc, 404, err404title, "", err404form, hc->encodedurl ); return -1; } #endif /* TILDE_MAP_2 */ } /* Virtual host mapping. */ if ( hc->hs->vhost ) if ( ! vhost_map( hc ) ) { httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); return -1; } /* Expand all symbolic links in the filename. This also gives us ** any trailing non-existing components, for pathinfo. */ cp = expand_symlinks( hc->expnfilename, &pi, hc->hs->no_symlink_check, hc->tildemapped ); if ( cp == (char*) 0 ) { httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); return -1; } httpd_realloc_str( &hc->expnfilename, &hc->maxexpnfilename, strlen( cp ) ); (void) strcpy( hc->expnfilename, cp ); httpd_realloc_str( &hc->pathinfo, &hc->maxpathinfo, strlen( pi ) ); (void) strcpy( hc->pathinfo, pi ); /* Remove pathinfo stuff from the original filename too. */ if ( hc->pathinfo[0] != '\0' ) { int i; i = strlen( hc->origfilename ) - strlen( hc->pathinfo ); if ( i > 0 && strcmp( &hc->origfilename[i], hc->pathinfo ) == 0 ) hc->origfilename[i - 1] = '\0'; } /* If the expanded filename is an absolute path, check that it's still ** within the current directory or the alternate directory. */ if ( hc->expnfilename[0] == '/' ) { if ( strncmp( hc->expnfilename, hc->hs->cwd, strlen( hc->hs->cwd ) ) == 0 ) { /* Elide the current directory. */ (void) ol_strcpy( hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )] ); } #ifdef TILDE_MAP_2 else if ( hc->altdir[0] != '\0' && ( strncmp( hc->expnfilename, hc->altdir, strlen( hc->altdir ) ) == 0 && ( hc->expnfilename[strlen( hc->altdir )] == '\0' || hc->expnfilename[strlen( hc->altdir )] == '/' ) ) ) {} #endif /* TILDE_MAP_2 */ else { syslog( LOG_NOTICE, "%.80s URL \"%.80s\" goes outside the web tree", httpd_ntoa( &hc->client_addr ), hc->encodedurl ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "The requested URL '%.80s' resolves to a file outside the permitted web server directory tree.\n" ), hc->encodedurl ); return -1; } } return 0; } static char* bufgets( httpd_conn* hc ) { int i; char c; for ( i = hc->checked_idx; hc->checked_idx < hc->read_idx; ++hc->checked_idx ) { c = hc->read_buf[hc->checked_idx]; if ( c == '\012' || c == '\015' ) { hc->read_buf[hc->checked_idx] = '\0'; ++hc->checked_idx; if ( c == '\015' && hc->checked_idx < hc->read_idx && hc->read_buf[hc->checked_idx] == '\012' ) { hc->read_buf[hc->checked_idx] = '\0'; ++hc->checked_idx; } return &(hc->read_buf[i]); } } return (char*) 0; } static void de_dotdot( char* file ) { char* cp; char* cp2; int l; /* Collapse any multiple / sequences. */ while ( ( cp = strstr( file, "//") ) != (char*) 0 ) { for ( cp2 = cp + 2; *cp2 == '/'; ++cp2 ) continue; (void) ol_strcpy( cp + 1, cp2 ); } /* Remove leading ./ and any /./ sequences. */ while ( strncmp( file, "./", 2 ) == 0 ) (void) ol_strcpy( file, file + 2 ); while ( ( cp = strstr( file, "/./") ) != (char*) 0 ) (void) ol_strcpy( cp, cp + 2 ); /* Alternate between removing leading ../ and removing xxx/../ */ for (;;) { while ( strncmp( file, "../", 3 ) == 0 ) (void) ol_strcpy( file, file + 3 ); cp = strstr( file, "/../" ); if ( cp == (char*) 0 ) break; for ( cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2 ) continue; (void) ol_strcpy( cp2 + 1, cp + 4 ); } /* Also elide any xxx/.. at the end. */ while ( ( l = strlen( file ) ) > 3 && strcmp( ( cp = file + l - 3 ), "/.." ) == 0 ) { for ( cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2 ) continue; if ( cp2 < file ) break; *cp2 = '\0'; } } void httpd_close_conn( httpd_conn* hc, struct timeval* nowP ) { make_log_entry( hc, nowP ); if ( hc->file_address != (char*) 0 ) { mmc_unmap( hc->file_address, &(hc->sb), nowP ); hc->file_address = (char*) 0; } if ( hc->conn_fd >= 0 ) { (void) close( hc->conn_fd ); hc->conn_fd = -1; } } void httpd_destroy_conn( httpd_conn* hc ) { if ( hc->initialized ) { free( (void*) hc->read_buf ); free( (void*) hc->decodedurl ); free( (void*) hc->origfilename ); free( (void*) hc->expnfilename ); free( (void*) hc->encodings ); free( (void*) hc->pathinfo ); free( (void*) hc->query ); free( (void*) hc->accept ); free( (void*) hc->accepte ); free( (void*) hc->reqhost ); free( (void*) hc->hostdir ); free( (void*) hc->remoteuser ); free( (void*) hc->response ); #ifdef TILDE_MAP_2 free( (void*) hc->altdir ); #endif /* TILDE_MAP_2 */ hc->initialized = 0; } } struct mime_entry { char* ext; size_t ext_len; char* val; size_t val_len; }; static struct mime_entry enc_tab[] = { #include "mime_encodings.h" }; static const int n_enc_tab = sizeof(enc_tab) / sizeof(*enc_tab); static struct mime_entry typ_tab[] = { #include "mime_types.h" }; static const int n_typ_tab = sizeof(typ_tab) / sizeof(*typ_tab); /* qsort comparison routine */ static int ext_compare( const void* v1, const void* v2 ) { const struct mime_entry* m1 = (const struct mime_entry*) v1; const struct mime_entry* m2 = (const struct mime_entry*) v2; return strcmp( m1->ext, m2->ext ); } static void init_mime( void ) { int i; /* Sort the tables so we can do binary search. */ qsort( enc_tab, n_enc_tab, sizeof(*enc_tab), ext_compare ); qsort( typ_tab, n_typ_tab, sizeof(*typ_tab), ext_compare ); /* Fill in the lengths. */ for ( i = 0; i < n_enc_tab; ++i ) { enc_tab[i].ext_len = strlen( enc_tab[i].ext ); enc_tab[i].val_len = strlen( enc_tab[i].val ); } for ( i = 0; i < n_typ_tab; ++i ) { typ_tab[i].ext_len = strlen( typ_tab[i].ext ); typ_tab[i].val_len = strlen( typ_tab[i].val ); } } /* Figure out MIME encodings and type based on the filename. Multiple ** encodings are separated by commas, and are listed in the order in ** which they were applied to the file. */ static void figure_mime( httpd_conn* hc ) { char* prev_dot; char* dot; char* ext; int me_indexes[100], n_me_indexes; size_t ext_len, encodings_len; int i, top, bot, mid; int r; char* default_type = "text/plain; charset=%s"; /* Peel off encoding extensions until there aren't any more. */ n_me_indexes = 0; for ( prev_dot = &hc->expnfilename[strlen(hc->expnfilename)]; ; prev_dot = dot ) { for ( dot = prev_dot - 1; dot >= hc->expnfilename && *dot != '.'; --dot ) ; if ( dot < hc->expnfilename ) { /* No dot found. No more encoding extensions, and no type ** extension either. */ hc->type = default_type; goto done; } ext = dot + 1; ext_len = prev_dot - ext; /* Search the encodings table. Linear search is fine here, there ** are only a few entries. */ for ( i = 0; i < n_enc_tab; ++i ) { if ( ext_len == enc_tab[i].ext_len && strncasecmp( ext, enc_tab[i].ext, ext_len ) == 0 ) { if ( n_me_indexes < sizeof(me_indexes)/sizeof(*me_indexes) ) { me_indexes[n_me_indexes] = i; ++n_me_indexes; } goto next; } } /* No encoding extension found. Break and look for a type extension. */ break; next: ; } /* Binary search for a matching type extension. */ top = n_typ_tab - 1; bot = 0; while ( top >= bot ) { mid = ( top + bot ) / 2; r = strncasecmp( ext, typ_tab[mid].ext, ext_len ); if ( r < 0 ) top = mid - 1; else if ( r > 0 ) bot = mid + 1; else if ( ext_len < typ_tab[mid].ext_len ) top = mid - 1; else if ( ext_len > typ_tab[mid].ext_len ) bot = mid + 1; else { hc->type = typ_tab[mid].val; goto done; } } hc->type = default_type; done: /* The last thing we do is actually generate the mime-encoding header. */ hc->encodings[0] = '\0'; encodings_len = 0; for ( i = n_me_indexes - 1; i >= 0; --i ) { httpd_realloc_str( &hc->encodings, &hc->maxencodings, encodings_len + enc_tab[me_indexes[i]].val_len + 1 ); if ( hc->encodings[0] != '\0' ) { (void) strcpy( &hc->encodings[encodings_len], "," ); ++encodings_len; } (void) strcpy( &hc->encodings[encodings_len], enc_tab[me_indexes[i]].val ); encodings_len += enc_tab[me_indexes[i]].val_len; } } #ifdef CGI_TIMELIMIT static void cgi_kill2( ClientData client_data, struct timeval* nowP ) { pid_t pid; pid = (pid_t) client_data.i; if ( kill( pid, SIGKILL ) == 0 ) syslog( LOG_WARNING, "hard-killed CGI process %d", pid ); } static void cgi_kill( ClientData client_data, struct timeval* nowP ) { pid_t pid; pid = (pid_t) client_data.i; if ( kill( pid, SIGINT ) == 0 ) { syslog( LOG_WARNING, "killed CGI process %d", pid ); /* In case this isn't enough, schedule an uncatchable kill. */ if ( tmr_create( nowP, cgi_kill2, client_data, 5 * 1000L, 0 ) == (Timer*) 0 ) { syslog( LOG_CRIT, "tmr_create(cgi_kill2) failed" ); exit( 1 ); } } } #endif /* CGI_TIMELIMIT */ #ifdef GENERATE_INDEXES /* qsort comparison routine */ static int name_compare( const void* v1, const void* v2 ) { const char** c1 = (const char**) v1; const char** c2 = (const char**) v2; return strcmp( *c1, *c2 ); } static int ls( httpd_conn* hc ) { DIR* dirp; struct dirent* de; int namlen; static int maxnames = 0; int nnames; static char* names; static char** nameptrs; static char* name; static size_t maxname = 0; static char* rname; static size_t maxrname = 0; static char* encrname; static size_t maxencrname = 0; FILE* fp; int i, r; struct stat sb; struct stat lsb; char modestr[20]; char* linkprefix; char lnk[MAXPATHLEN+1]; int linklen; char* fileclass; time_t now; char* timestr; ClientData client_data; dirp = opendir( hc->expnfilename ); if ( dirp == (DIR*) 0 ) { syslog( LOG_ERR, "opendir %.80s - %m", hc->expnfilename ); httpd_send_err( hc, 404, err404title, "", err404form, hc->encodedurl ); return -1; } if ( hc->method == METHOD_HEAD ) { closedir( dirp ); send_mime( hc, 200, ok200title, "", "", "text/html; charset=%s", (off_t) -1, hc->sb.st_mtime ); } else if ( hc->method == METHOD_GET ) { if ( hc->hs->cgi_limit != 0 && hc->hs->cgi_count >= hc->hs->cgi_limit ) { closedir( dirp ); httpd_send_err( hc, 503, httpd_err503title, "", httpd_err503form, hc->encodedurl ); return -1; } ++hc->hs->cgi_count; r = fork( ); if ( r < 0 ) { syslog( LOG_ERR, "fork - %m" ); closedir( dirp ); httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); return -1; } if ( r == 0 ) { /* Child process. */ sub_process = 1; httpd_unlisten( hc->hs ); send_mime( hc, 200, ok200title, "", "", "text/html; charset=%s", (off_t) -1, hc->sb.st_mtime ); httpd_write_response( hc ); #ifdef CGI_NICE /* Set priority. */ (void) nice( CGI_NICE ); #endif /* CGI_NICE */ /* Open a stdio stream so that we can use fprintf, which is more ** efficient than a bunch of separate write()s. We don't have ** to worry about double closes or file descriptor leaks cause ** we're in a subprocess. */ fp = fdopen( hc->conn_fd, "w" ); if ( fp == (FILE*) 0 ) { syslog( LOG_ERR, "fdopen - %m" ); httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); httpd_write_response( hc ); closedir( dirp ); exit( 1 ); } (void) fprintf( fp, "\ \n\ \n\ \n\ \n\ \n\ \n\ Index of %.80s\n\ \n\ \n\ \n\ \n\

Index of %.80s

\n\ \n\ 
\n\
mode  links    bytes  last-changed  name\n\
    
",
		hc->encodedurl, hc->encodedurl );

	    /* Read in names. */
	    nnames = 0;
	    while ( ( de = readdir( dirp ) ) != 0 )     /* dirent or direct */
		{
		if ( nnames >= maxnames )
		    {
		    if ( maxnames == 0 )
			{
			maxnames = 100;
			names = NEW( char, maxnames * ( MAXPATHLEN + 1 ) );
			nameptrs = NEW( char*, maxnames );
			}
		    else
			{
			maxnames *= 2;
			names = RENEW( names, char, maxnames * ( MAXPATHLEN + 1 ) );
			nameptrs = RENEW( nameptrs, char*, maxnames );
			}
		    if ( names == (char*) 0 || nameptrs == (char**) 0 )
			{
			syslog( LOG_ERR, "out of memory reallocating directory names" );
			exit( 1 );
			}
		    for ( i = 0; i < maxnames; ++i )
			nameptrs[i] = &names[i * ( MAXPATHLEN + 1 )];
		    }
		namlen = NAMLEN(de);
		(void) strncpy( nameptrs[nnames], de->d_name, namlen );
		nameptrs[nnames][namlen] = '\0';
		++nnames;
		}
	    closedir( dirp );

	    /* Sort the names. */
	    qsort( nameptrs, nnames, sizeof(*nameptrs), name_compare );

	    /* Generate output. */
	    for ( i = 0; i < nnames; ++i )
		{
		httpd_realloc_str(
		    &name, &maxname,
		    strlen( hc->expnfilename ) + 1 + strlen( nameptrs[i] ) );
		httpd_realloc_str(
		    &rname, &maxrname,
		    strlen( hc->origfilename ) + 1 + strlen( nameptrs[i] ) );
		if ( hc->expnfilename[0] == '\0' ||
		     strcmp( hc->expnfilename, "." ) == 0 )
		    {
		    (void) strcpy( name, nameptrs[i] );
		    (void) strcpy( rname, nameptrs[i] );
		    }
		else
		    {
		    (void) my_snprintf( name, maxname,
			"%s/%s", hc->expnfilename, nameptrs[i] );
		    if ( strcmp( hc->origfilename, "." ) == 0 )
			(void) my_snprintf( rname, maxrname,
			    "%s", nameptrs[i] );
		    else
			(void) my_snprintf( rname, maxrname,
			    "%s%s", hc->origfilename, nameptrs[i] );
		    }
		httpd_realloc_str(
		    &encrname, &maxencrname, 3 * strlen( rname ) + 1 );
		strencode( encrname, maxencrname, rname );

		if ( stat( name, &sb ) < 0 || lstat( name, &lsb ) < 0 )
		    continue;

		linkprefix = "";
		lnk[0] = '\0';
		/* Break down mode word.  First the file type. */
		switch ( lsb.st_mode & S_IFMT )
		    {
		    case S_IFIFO:  modestr[0] = 'p'; break;
		    case S_IFCHR:  modestr[0] = 'c'; break;
		    case S_IFDIR:  modestr[0] = 'd'; break;
		    case S_IFBLK:  modestr[0] = 'b'; break;
		    case S_IFREG:  modestr[0] = '-'; break;
		    case S_IFSOCK: modestr[0] = 's'; break;
		    case S_IFLNK:  modestr[0] = 'l';
		    linklen = readlink( name, lnk, sizeof(lnk) - 1 );
		    if ( linklen != -1 )
			{
			lnk[linklen] = '\0';
			linkprefix = " -> ";
			}
		    break;
		    default:       modestr[0] = '?'; break;
		    }
		/* Now the world permissions.  Owner and group permissions
		** are not of interest to web clients.
		*/
		modestr[1] = ( lsb.st_mode & S_IROTH ) ? 'r' : '-';
		modestr[2] = ( lsb.st_mode & S_IWOTH ) ? 'w' : '-';
		modestr[3] = ( lsb.st_mode & S_IXOTH ) ? 'x' : '-';
		modestr[4] = '\0';

		/* We also leave out the owner and group name, they are
		** also not of interest to web clients.  Plus if we're
		** running under chroot(), they would require a copy
		** of /etc/passwd and /etc/group, which we want to avoid.
		*/

		/* Get time string. */
		now = time( (time_t*) 0 );
		timestr = ctime( &lsb.st_mtime );
		timestr[ 0] = timestr[ 4];
		timestr[ 1] = timestr[ 5];
		timestr[ 2] = timestr[ 6];
		timestr[ 3] = ' ';
		timestr[ 4] = timestr[ 8];
		timestr[ 5] = timestr[ 9];
		timestr[ 6] = ' ';
		if ( now - lsb.st_mtime > 60*60*24*182 )        /* 1/2 year */
		    {
		    timestr[ 7] = ' ';
		    timestr[ 8] = timestr[20];
		    timestr[ 9] = timestr[21];
		    timestr[10] = timestr[22];
		    timestr[11] = timestr[23];
		    }
		else
		    {
		    timestr[ 7] = timestr[11];
		    timestr[ 8] = timestr[12];
		    timestr[ 9] = ':';
		    timestr[10] = timestr[14];
		    timestr[11] = timestr[15];
		    }
		timestr[12] = '\0';

		/* The ls -F file class. */
		switch ( sb.st_mode & S_IFMT )
		    {
		    case S_IFDIR:  fileclass = "/"; break;
		    case S_IFSOCK: fileclass = "="; break;
		    case S_IFLNK:  fileclass = "@"; break;
		    default:
		    fileclass = ( sb.st_mode & S_IXOTH ) ? "*" : "";
		    break;
		    }

		/* And print. */
		(void)  fprintf( fp,
		   "%s %3ld  %10lld  %s  %.80s%s%s%s\n",
		    modestr, (long) lsb.st_nlink, (long long) lsb.st_size,
		    timestr, encrname, S_ISDIR(sb.st_mode) ? "/" : "",
		    nameptrs[i], linkprefix, lnk, fileclass );
		}

	    (void) fprintf( fp, "
\n \n\n" ); (void) fclose( fp ); exit( 0 ); } /* Parent process. */ closedir( dirp ); syslog( LOG_DEBUG, "spawned indexing process %d for directory '%.200s'", r, hc->expnfilename ); #ifdef CGI_TIMELIMIT /* Schedule a kill for the child process, in case it runs too long */ client_data.i = r; if ( tmr_create( (struct timeval*) 0, cgi_kill, client_data, CGI_TIMELIMIT * 1000L, 0 ) == (Timer*) 0 ) { syslog( LOG_CRIT, "tmr_create(cgi_kill ls) failed" ); exit( 1 ); } #endif /* CGI_TIMELIMIT */ hc->status = 200; hc->bytes_sent = CGI_BYTECOUNT; hc->should_linger = 0; } else { closedir( dirp ); httpd_send_err( hc, 501, err501title, "", err501form, httpd_method_str( hc->method ) ); return -1; } return 0; } #endif /* GENERATE_INDEXES */ static char* build_env( char* fmt, char* arg ) { char* cp; size_t size; static char* buf; static size_t maxbuf = 0; size = strlen( fmt ) + strlen( arg ); if ( size > maxbuf ) httpd_realloc_str( &buf, &maxbuf, size ); (void) my_snprintf( buf, maxbuf, fmt, arg ); cp = strdup( buf ); if ( cp == (char*) 0 ) { syslog( LOG_ERR, "out of memory copying environment variable" ); exit( 1 ); } return cp; } #ifdef SERVER_NAME_LIST static char* hostname_map( char* hostname ) { int len, n; static char* list[] = { SERVER_NAME_LIST }; len = strlen( hostname ); for ( n = sizeof(list) / sizeof(*list) - 1; n >= 0; --n ) if ( strncasecmp( hostname, list[n], len ) == 0 ) if ( list[n][len] == '/' ) /* check in case of a substring match */ return &list[n][len + 1]; return (char*) 0; } #endif /* SERVER_NAME_LIST */ /* Set up environment variables. Be real careful here to avoid ** letting malicious clients overrun a buffer. We don't have ** to worry about freeing stuff since we're a sub-process. */ static char** make_envp( httpd_conn* hc ) { static char* envp[50]; int envn; char* cp; char buf[256]; envn = 0; envp[envn++] = build_env( "PATH=%s", CGI_PATH ); #ifdef CGI_LD_LIBRARY_PATH envp[envn++] = build_env( "LD_LIBRARY_PATH=%s", CGI_LD_LIBRARY_PATH ); #endif /* CGI_LD_LIBRARY_PATH */ envp[envn++] = build_env( "SERVER_SOFTWARE=%s", SERVER_SOFTWARE ); if ( hc->hs->vhost && hc->hostname != (char*) 0 && hc->hostname[0] != '\0' ) cp = hc->hostname; else if ( hc->hdrhost != (char*) 0 && hc->hdrhost[0] != '\0' ) cp = hc->hdrhost; else if ( hc->reqhost != (char*) 0 && hc->reqhost[0] != '\0' ) cp = hc->reqhost; else cp = hc->hs->server_hostname; if ( cp != (char*) 0 ) envp[envn++] = build_env( "SERVER_NAME=%s", cp ); envp[envn++] = "GATEWAY_INTERFACE=CGI/1.1"; envp[envn++] = build_env("SERVER_PROTOCOL=%s", hc->protocol); (void) my_snprintf( buf, sizeof(buf), "%d", (int) hc->hs->port ); envp[envn++] = build_env( "SERVER_PORT=%s", buf ); envp[envn++] = build_env( "REQUEST_METHOD=%s", httpd_method_str( hc->method ) ); if ( hc->pathinfo[0] != '\0' ) { char* cp2; size_t l; envp[envn++] = build_env( "PATH_INFO=/%s", hc->pathinfo ); l = strlen( hc->hs->cwd ) + strlen( hc->pathinfo ) + 1; cp2 = NEW( char, l ); if ( cp2 != (char*) 0 ) { (void) my_snprintf( cp2, l, "%s%s", hc->hs->cwd, hc->pathinfo ); envp[envn++] = build_env( "PATH_TRANSLATED=%s", cp2 ); } } envp[envn++] = build_env( "SCRIPT_NAME=/%s", strcmp( hc->origfilename, "." ) == 0 ? "" : hc->origfilename ); if ( hc->query[0] != '\0') envp[envn++] = build_env( "QUERY_STRING=%s", hc->query ); envp[envn++] = build_env( "REMOTE_ADDR=%s", httpd_ntoa( &hc->client_addr ) ); if ( hc->referrer[0] != '\0' ) { envp[envn++] = build_env( "HTTP_REFERER=%s", hc->referrer ); envp[envn++] = build_env( "HTTP_REFERRER=%s", hc->referrer ); } if ( hc->useragent[0] != '\0' ) envp[envn++] = build_env( "HTTP_USER_AGENT=%s", hc->useragent ); if ( hc->accept[0] != '\0' ) envp[envn++] = build_env( "HTTP_ACCEPT=%s", hc->accept ); if ( hc->accepte[0] != '\0' ) envp[envn++] = build_env( "HTTP_ACCEPT_ENCODING=%s", hc->accepte ); if ( hc->acceptl[0] != '\0' ) envp[envn++] = build_env( "HTTP_ACCEPT_LANGUAGE=%s", hc->acceptl ); if ( hc->cookie[0] != '\0' ) envp[envn++] = build_env( "HTTP_COOKIE=%s", hc->cookie ); if ( hc->contenttype[0] != '\0' ) envp[envn++] = build_env( "CONTENT_TYPE=%s", hc->contenttype ); if ( hc->hdrhost[0] != '\0' ) envp[envn++] = build_env( "HTTP_HOST=%s", hc->hdrhost ); if ( hc->contentlength != -1 ) { (void) my_snprintf( buf, sizeof(buf), "%lu", (unsigned long) hc->contentlength ); envp[envn++] = build_env( "CONTENT_LENGTH=%s", buf ); } if ( hc->remoteuser[0] != '\0' ) envp[envn++] = build_env( "REMOTE_USER=%s", hc->remoteuser ); if ( hc->authorization[0] != '\0' ) envp[envn++] = build_env( "AUTH_TYPE=%s", "Basic" ); /* We only support Basic auth at the moment. */ if ( getenv( "TZ" ) != (char*) 0 ) envp[envn++] = build_env( "TZ=%s", getenv( "TZ" ) ); envp[envn++] = build_env( "CGI_PATTERN=%s", hc->hs->cgi_pattern ); envp[envn] = (char*) 0; return envp; } /* Set up argument vector. Again, we don't have to worry about freeing stuff ** since we're a sub-process. This gets done after make_envp() because we ** scribble on hc->query. */ static char** make_argp( httpd_conn* hc ) { char** argp; int argn; char* cp1; char* cp2; /* By allocating an arg slot for every character in the query, plus ** one for the filename and one for the NULL, we are guaranteed to ** have enough. We could actually use strlen/2. */ argp = NEW( char*, strlen( hc->query ) + 2 ); if ( argp == (char**) 0 ) return (char**) 0; argp[0] = strrchr( hc->expnfilename, '/' ); if ( argp[0] != (char*) 0 ) ++argp[0]; else argp[0] = hc->expnfilename; argn = 1; /* According to the CGI spec at http://hoohoo.ncsa.uiuc.edu/cgi/cl.html, ** "The server should search the query information for a non-encoded = ** character to determine if the command line is to be used, if it finds ** one, the command line is not to be used." */ if ( strchr( hc->query, '=' ) == (char*) 0 ) { for ( cp1 = cp2 = hc->query; *cp2 != '\0'; ++cp2 ) { if ( *cp2 == '+' ) { *cp2 = '\0'; strdecode( cp1, cp1 ); argp[argn++] = cp1; cp1 = cp2 + 1; } } if ( cp2 != cp1 ) { strdecode( cp1, cp1 ); argp[argn++] = cp1; } } argp[argn] = (char*) 0; return argp; } /* This routine is used only for POST requests. It reads the data ** from the request and sends it to the child process. The only reason ** we need to do it this way instead of just letting the child read ** directly is that we have already read part of the data into our ** buffer. */ static void cgi_interpose_input( httpd_conn* hc, int wfd ) { size_t c; ssize_t r; char buf[1024]; c = hc->read_idx - hc->checked_idx; if ( c > 0 ) { if ( httpd_write_fully( wfd, &(hc->read_buf[hc->checked_idx]), c ) != c ) return; } while ( c < hc->contentlength ) { r = read( hc->conn_fd, buf, MIN( sizeof(buf), hc->contentlength - c ) ); if ( r < 0 && ( errno == EINTR || errno == EAGAIN ) ) { sleep( 1 ); continue; } if ( r <= 0 ) return; if ( httpd_write_fully( wfd, buf, r ) != r ) return; c += r; } post_post_garbage_hack( hc ); } /* Special hack to deal with broken browsers that send a LF or CRLF ** after POST data, causing TCP resets - we just read and discard up ** to 2 bytes. Unfortunately this doesn't fix the problem for CGIs ** which avoid the interposer process due to their POST data being ** short. Creating an interposer process for all POST CGIs is ** unacceptably expensive. The eventual fix will come when interposing ** gets integrated into the main loop as a tasklet instead of a process. */ static void post_post_garbage_hack( httpd_conn* hc ) { char buf[2]; /* If we are in a sub-process, turn on no-delay mode in case we ** previously cleared it. */ if ( sub_process ) httpd_set_ndelay( hc->conn_fd ); /* And read up to 2 bytes. */ (void) read( hc->conn_fd, buf, sizeof(buf) ); } /* This routine is used for parsed-header CGIs. The idea here is that the ** CGI can return special headers such as "Status:" and "Location:" which ** change the return status of the response. Since the return status has to ** be the very first line written out, we have to accumulate all the headers ** and check for the special ones before writing the status. Then we write ** out the saved headers and proceed to echo the rest of the response. */ static void cgi_interpose_output( httpd_conn* hc, int rfd ) { int r; char buf[1024]; size_t headers_size, headers_len; char* headers; char* br; int status; char* title; char* cp; /* Make sure the connection is in blocking mode. It should already ** be blocking, but we might as well be sure. */ httpd_clear_ndelay( hc->conn_fd ); /* Slurp in all headers. */ headers_size = 0; httpd_realloc_str( &headers, &headers_size, 500 ); headers_len = 0; for (;;) { r = read( rfd, buf, sizeof(buf) ); if ( r < 0 && ( errno == EINTR || errno == EAGAIN ) ) { sleep( 1 ); continue; } if ( r <= 0 ) { br = &(headers[headers_len]); break; } httpd_realloc_str( &headers, &headers_size, headers_len + r ); (void) memmove( &(headers[headers_len]), buf, r ); headers_len += r; headers[headers_len] = '\0'; if ( ( br = strstr( headers, "\015\012\015\012" ) ) != (char*) 0 || ( br = strstr( headers, "\012\012" ) ) != (char*) 0 ) break; } /* If there were no headers, bail. */ if ( headers[0] == '\0' ) return; /* Figure out the status. Look for a Status: or Location: header; ** else if there's an HTTP header line, get it from there; else ** default to 200. */ status = 200; if ( strncmp( headers, "HTTP/", 5 ) == 0 ) { cp = headers; cp += strcspn( cp, " \t" ); status = atoi( cp ); } if ( ( cp = strstr( headers, "Location:" ) ) != (char*) 0 && cp < br && ( cp == headers || *(cp-1) == '\012' ) ) status = 302; if ( ( cp = strstr( headers, "Status:" ) ) != (char*) 0 && cp < br && ( cp == headers || *(cp-1) == '\012' ) ) { cp += 7; cp += strspn( cp, " \t" ); status = atoi( cp ); } /* Write the status line. */ switch ( status ) { case 200: title = ok200title; break; case 302: title = err302title; break; case 304: title = err304title; break; case 400: title = httpd_err400title; break; #ifdef AUTH_FILE case 401: title = err401title; break; #endif /* AUTH_FILE */ case 403: title = err403title; break; case 404: title = err404title; break; case 408: title = httpd_err408title; break; case 451: title = err451title; break; case 500: title = err500title; break; case 501: title = err501title; break; case 503: title = httpd_err503title; break; default: title = "Something"; break; } (void) my_snprintf( buf, sizeof(buf), "HTTP/1.0 %d %s\015\012", status, title ); (void) httpd_write_fully( hc->conn_fd, buf, strlen( buf ) ); /* Write the saved headers. */ (void) httpd_write_fully( hc->conn_fd, headers, headers_len ); /* Echo the rest of the output. */ for (;;) { r = read( rfd, buf, sizeof(buf) ); if ( r < 0 && ( errno == EINTR || errno == EAGAIN ) ) { sleep( 1 ); continue; } if ( r <= 0 ) break; if ( httpd_write_fully( hc->conn_fd, buf, r ) != r ) break; } shutdown( hc->conn_fd, SHUT_WR ); } /* CGI child process. */ static void cgi_child( httpd_conn* hc ) { int r; char** argp; char** envp; char* binary; char* directory; /* Unset close-on-exec flag for this socket. This actually shouldn't ** be necessary, according to POSIX a dup()'d file descriptor does ** *not* inherit the close-on-exec flag, its flag is always clear. ** However, Linux messes this up and does copy the flag to the ** dup()'d descriptor, so we have to clear it. This could be ** ifdeffed for Linux only. */ (void) fcntl( hc->conn_fd, F_SETFD, 0 ); /* Close the syslog descriptor so that the CGI program can't ** mess with it. All other open descriptors should be either ** the listen socket(s), sockets from accept(), or the file-logging ** fd, and all of those are set to close-on-exec, so we don't ** have to close anything else. */ closelog(); /* If the socket happens to be using one of the stdin/stdout/stderr ** descriptors, move it to another descriptor so that the dup2 calls ** below don't screw things up. We arbitrarily pick fd 3 - if there ** was already something on it, we clobber it, but that doesn't matter ** since at this point the only fd of interest is the connection. ** All others will be closed on exec. */ if ( hc->conn_fd == STDIN_FILENO || hc->conn_fd == STDOUT_FILENO || hc->conn_fd == STDERR_FILENO ) { int newfd = dup2( hc->conn_fd, STDERR_FILENO + 1 ); if ( newfd >= 0 ) hc->conn_fd = newfd; /* If the dup2 fails, shrug. We'll just take our chances. ** Shouldn't happen though. */ } /* Make the environment vector. */ envp = make_envp( hc ); /* Make the argument vector. */ argp = make_argp( hc ); /* Set up stdin. For POSTs we may have to set up a pipe from an ** interposer process, depending on if we've read some of the data ** into our buffer. */ if ( hc->method == METHOD_POST && hc->read_idx > hc->checked_idx ) { int p[2]; if ( pipe( p ) < 0 ) { syslog( LOG_ERR, "pipe - %m" ); httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); httpd_write_response( hc ); exit( 1 ); } r = fork( ); if ( r < 0 ) { syslog( LOG_ERR, "fork - %m" ); httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); httpd_write_response( hc ); exit( 1 ); } if ( r == 0 ) { /* Interposer process. */ sub_process = 1; (void) close( p[0] ); cgi_interpose_input( hc, p[1] ); exit( 0 ); } /* Need to schedule a kill for process r; but in the main process! */ (void) close( p[1] ); if ( p[0] != STDIN_FILENO ) { (void) dup2( p[0], STDIN_FILENO ); (void) close( p[0] ); } } else { /* Otherwise, the request socket is stdin. */ if ( hc->conn_fd != STDIN_FILENO ) (void) dup2( hc->conn_fd, STDIN_FILENO ); } /* Set up stdout/stderr. If we're doing CGI header parsing, ** we need an output interposer too. */ if ( strncmp( argp[0], "nph-", 4 ) != 0 && hc->mime_flag ) { int p[2]; if ( pipe( p ) < 0 ) { syslog( LOG_ERR, "pipe - %m" ); httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); httpd_write_response( hc ); exit( 1 ); } r = fork( ); if ( r < 0 ) { syslog( LOG_ERR, "fork - %m" ); httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); httpd_write_response( hc ); exit( 1 ); } if ( r == 0 ) { /* Interposer process. */ sub_process = 1; (void) close( p[1] ); cgi_interpose_output( hc, p[0] ); exit( 0 ); } /* Need to schedule a kill for process r; but in the main process! */ (void) close( p[0] ); if ( p[1] != STDOUT_FILENO ) (void) dup2( p[1], STDOUT_FILENO ); if ( p[1] != STDERR_FILENO ) (void) dup2( p[1], STDERR_FILENO ); if ( p[1] != STDOUT_FILENO && p[1] != STDERR_FILENO ) (void) close( p[1] ); } else { /* Otherwise, the request socket is stdout/stderr. */ if ( hc->conn_fd != STDOUT_FILENO ) (void) dup2( hc->conn_fd, STDOUT_FILENO ); if ( hc->conn_fd != STDERR_FILENO ) (void) dup2( hc->conn_fd, STDERR_FILENO ); } /* At this point we would like to set close-on-exec again for hc->conn_fd ** (see previous comments on Linux's broken behavior re: close-on-exec ** and dup.) Unfortunately there seems to be another Linux problem, or ** perhaps a different aspect of the same problem - if we do this ** close-on-exec in Linux, the socket stays open but stderr gets ** closed - the last fd duped from the socket. What a mess. So we'll ** just leave the socket as is, which under other OSs means an extra ** file descriptor gets passed to the child process. Since the child ** probably already has that file open via stdin stdout and/or stderr, ** this is not a problem. */ /* (void) fcntl( hc->conn_fd, F_SETFD, 1 ); */ #ifdef CGI_NICE /* Set priority. */ (void) nice( CGI_NICE ); #endif /* CGI_NICE */ /* Split the program into directory and binary, so we can chdir() ** to the program's own directory. This isn't in the CGI 1.1 ** spec, but it's what other HTTP servers do. */ directory = strdup( hc->expnfilename ); if ( directory == (char*) 0 ) binary = hc->expnfilename; /* ignore errors */ else { binary = strrchr( directory, '/' ); if ( binary == (char*) 0 ) binary = hc->expnfilename; else { *binary++ = '\0'; (void) chdir( directory ); /* ignore errors */ } } /* Default behavior for SIGPIPE. */ #ifdef HAVE_SIGSET (void) sigset( SIGPIPE, SIG_DFL ); #else /* HAVE_SIGSET */ (void) signal( SIGPIPE, SIG_DFL ); #endif /* HAVE_SIGSET */ /* Run the program. */ (void) execve( binary, argp, envp ); /* Something went wrong. */ syslog( LOG_ERR, "execve %.80s - %m", hc->expnfilename ); httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); httpd_write_response( hc ); _exit( 1 ); } static int cgi( httpd_conn* hc ) { int r; ClientData client_data; if ( hc->hs->cgi_limit != 0 && hc->hs->cgi_count >= hc->hs->cgi_limit ) { httpd_send_err( hc, 503, httpd_err503title, "", httpd_err503form, hc->encodedurl ); return -1; } ++hc->hs->cgi_count; httpd_clear_ndelay( hc->conn_fd ); r = fork( ); if ( r < 0 ) { syslog( LOG_ERR, "fork - %m" ); httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); return -1; } if ( r == 0 ) { /* Child process. */ sub_process = 1; httpd_unlisten( hc->hs ); cgi_child( hc ); } /* Parent process. */ syslog( LOG_DEBUG, "spawned CGI process %d for file '%.200s'", r, hc->expnfilename ); #ifdef CGI_TIMELIMIT /* Schedule a kill for the child process, in case it runs too long */ client_data.i = r; if ( tmr_create( (struct timeval*) 0, cgi_kill, client_data, CGI_TIMELIMIT * 1000L, 0 ) == (Timer*) 0 ) { syslog( LOG_CRIT, "tmr_create(cgi_kill child) failed" ); exit( 1 ); } #endif /* CGI_TIMELIMIT */ hc->status = 200; hc->bytes_sent = CGI_BYTECOUNT; hc->should_linger = 0; return 0; } static int really_start_request( httpd_conn* hc, struct timeval* nowP ) { static char* indexname; static size_t maxindexname = 0; static const char* index_names[] = { INDEX_NAMES }; int i; #ifdef AUTH_FILE static char* dirname; static size_t maxdirname = 0; #endif /* AUTH_FILE */ size_t expnlen, indxlen; char* cp; char* pi; expnlen = strlen( hc->expnfilename ); /* Stat the file. */ if ( stat( hc->expnfilename, &hc->sb ) < 0 ) { httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); return -1; } /* Is it world-readable or world-executable? We check explicitly instead ** of just trying to open it, so that no one ever gets surprised by ** a file that's not set world-readable and yet somehow is ** readable by the HTTP server and therefore the *whole* world. */ if ( ! ( hc->sb.st_mode & ( S_IROTH | S_IXOTH ) ) ) { syslog( LOG_INFO, "%.80s URL \"%.80s\" resolves to a non world-readable file", httpd_ntoa( &hc->client_addr ), hc->encodedurl ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "The requested URL '%.80s' resolves to a file that is not world-readable.\n" ), hc->encodedurl ); return -1; } /* Is it a directory? */ if ( S_ISDIR(hc->sb.st_mode) ) { /* If there's pathinfo, it's just a non-existent file. */ if ( hc->pathinfo[0] != '\0' ) { httpd_send_err( hc, 404, err404title, "", err404form, hc->encodedurl ); return -1; } /* Special handling for directory URLs that don't end in a slash. ** We send back an explicit redirect with the slash, because ** otherwise many clients can't build relative URLs properly. */ if ( strcmp( hc->origfilename, "" ) != 0 && strcmp( hc->origfilename, "." ) != 0 && hc->origfilename[strlen( hc->origfilename ) - 1] != '/' ) { send_dirredirect( hc ); return -1; } /* Check for an index file. */ for ( i = 0; i < sizeof(index_names) / sizeof(char*); ++i ) { httpd_realloc_str( &indexname, &maxindexname, expnlen + 1 + strlen( index_names[i] ) ); (void) strcpy( indexname, hc->expnfilename ); indxlen = strlen( indexname ); if ( indxlen == 0 || indexname[indxlen - 1] != '/' ) (void) strcat( indexname, "/" ); if ( strcmp( indexname, "./" ) == 0 ) indexname[0] = '\0'; (void) strcat( indexname, index_names[i] ); if ( stat( indexname, &hc->sb ) >= 0 ) goto got_one; } /* Nope, no index file, so it's an actual directory request. */ #ifdef GENERATE_INDEXES /* Directories must be readable for indexing. */ if ( ! ( hc->sb.st_mode & S_IROTH ) ) { syslog( LOG_INFO, "%.80s URL \"%.80s\" tried to index a directory with indexing disabled", httpd_ntoa( &hc->client_addr ), hc->encodedurl ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "The requested URL '%.80s' resolves to a directory that has indexing disabled.\n" ), hc->encodedurl ); return -1; } #ifdef AUTH_FILE /* Check authorization for this directory. */ if ( auth_check( hc, hc->expnfilename ) == -1 ) return -1; #endif /* AUTH_FILE */ /* Referrer check. */ if ( ! check_referrer( hc ) ) return -1; /* Ok, generate an index. */ return ls( hc ); #else /* GENERATE_INDEXES */ syslog( LOG_INFO, "%.80s URL \"%.80s\" tried to index a directory", httpd_ntoa( &hc->client_addr ), hc->encodedurl ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "The requested URL '%.80s' is a directory, and directory indexing is disabled on this server.\n" ), hc->encodedurl ); return -1; #endif /* GENERATE_INDEXES */ got_one: ; /* Got an index file. Expand symlinks again. More pathinfo means ** something went wrong. */ cp = expand_symlinks( indexname, &pi, hc->hs->no_symlink_check, hc->tildemapped ); if ( cp == (char*) 0 || pi[0] != '\0' ) { httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); return -1; } expnlen = strlen( cp ); httpd_realloc_str( &hc->expnfilename, &hc->maxexpnfilename, expnlen ); (void) strcpy( hc->expnfilename, cp ); /* Now, is the index version world-readable or world-executable? */ if ( ! ( hc->sb.st_mode & ( S_IROTH | S_IXOTH ) ) ) { syslog( LOG_INFO, "%.80s URL \"%.80s\" resolves to a non-world-readable index file", httpd_ntoa( &hc->client_addr ), hc->encodedurl ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "The requested URL '%.80s' resolves to an index file that is not world-readable.\n" ), hc->encodedurl ); return -1; } } #ifdef AUTH_FILE /* Check authorization for this directory. */ httpd_realloc_str( &dirname, &maxdirname, expnlen ); (void) strcpy( dirname, hc->expnfilename ); cp = strrchr( dirname, '/' ); if ( cp == (char*) 0 ) (void) strcpy( dirname, "." ); else *cp = '\0'; if ( auth_check( hc, dirname ) == -1 ) return -1; /* Check if the filename is the AUTH_FILE itself - that's verboten. */ if ( expnlen == sizeof(AUTH_FILE) - 1 ) { if ( strcmp( hc->expnfilename, AUTH_FILE ) == 0 ) { syslog( LOG_NOTICE, "%.80s URL \"%.80s\" tried to retrieve an auth file", httpd_ntoa( &hc->client_addr ), hc->encodedurl ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "The requested URL '%.80s' is an authorization file, retrieving it is not permitted.\n" ), hc->encodedurl ); return -1; } } else if ( expnlen >= sizeof(AUTH_FILE) && strcmp( &(hc->expnfilename[expnlen - sizeof(AUTH_FILE) + 1]), AUTH_FILE ) == 0 && hc->expnfilename[expnlen - sizeof(AUTH_FILE)] == '/' ) { syslog( LOG_NOTICE, "%.80s URL \"%.80s\" tried to retrieve an auth file", httpd_ntoa( &hc->client_addr ), hc->encodedurl ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "The requested URL '%.80s' is an authorization file, retrieving it is not permitted.\n" ), hc->encodedurl ); return -1; } #endif /* AUTH_FILE */ /* Referrer check. */ if ( ! check_referrer( hc ) ) return -1; /* Is it world-executable and in the CGI area? */ if ( hc->hs->cgi_pattern != (char*) 0 && ( hc->sb.st_mode & S_IXOTH ) && match( hc->hs->cgi_pattern, hc->expnfilename ) ) return cgi( hc ); /* It's not CGI. If it's executable or there's pathinfo, someone's ** trying to either serve or run a non-CGI file as CGI. Either case ** is prohibited. */ if ( hc->sb.st_mode & S_IXOTH ) { syslog( LOG_NOTICE, "%.80s URL \"%.80s\" is executable but isn't CGI", httpd_ntoa( &hc->client_addr ), hc->encodedurl ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "The requested URL '%.80s' resolves to a file which is marked executable but is not a CGI file; retrieving it is forbidden.\n" ), hc->encodedurl ); return -1; } if ( hc->pathinfo[0] != '\0' ) { syslog( LOG_INFO, "%.80s URL \"%.80s\" has pathinfo but isn't CGI", httpd_ntoa( &hc->client_addr ), hc->encodedurl ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "The requested URL '%.80s' resolves to a file plus CGI-style pathinfo, but the file is not a valid CGI file.\n" ), hc->encodedurl ); return -1; } if ( hc->method != METHOD_GET && hc->method != METHOD_HEAD ) { httpd_send_err( hc, 501, err501title, "", err501form, httpd_method_str( hc->method ) ); return -1; } /* Fill in last_byte_index, if necessary. */ if ( hc->got_range && ( hc->last_byte_index == -1 || hc->last_byte_index >= hc->sb.st_size ) ) hc->last_byte_index = hc->sb.st_size - 1; figure_mime( hc ); if ( hc->method == METHOD_HEAD ) { send_mime( hc, 200, ok200title, hc->encodings, "", hc->type, hc->sb.st_size, hc->sb.st_mtime ); } else if ( hc->if_modified_since != (time_t) -1 && hc->if_modified_since >= hc->sb.st_mtime ) { send_mime( hc, 304, err304title, hc->encodings, "", hc->type, (off_t) -1, hc->sb.st_mtime ); } else { hc->file_address = mmc_map( hc->expnfilename, &(hc->sb), nowP ); if ( hc->file_address == (char*) 0 ) { httpd_send_err( hc, 500, err500title, "", err500form, hc->encodedurl ); return -1; } send_mime( hc, 200, ok200title, hc->encodings, "", hc->type, hc->sb.st_size, hc->sb.st_mtime ); } return 0; } int httpd_start_request( httpd_conn* hc, struct timeval* nowP ) { int r; /* Really start the request. */ r = really_start_request( hc, nowP ); /* And return the status. */ return r; } static void make_log_entry( httpd_conn* hc, struct timeval* nowP ) { char* ru; char url[305]; char bytes[40]; if ( hc->hs->no_log ) return; /* This is straight CERN Combined Log Format - the only tweak ** being that if we're using syslog() we leave out the date, because ** syslogd puts it in. The included syslogtocern script turns the ** results into true CERN format. */ /* Format remote user. */ if ( hc->remoteuser[0] != '\0' ) ru = hc->remoteuser; else ru = "-"; /* If we're vhosting, prepend the hostname to the url. This is ** a little weird, perhaps writing separate log files for ** each vhost would make more sense. */ if ( hc->hs->vhost && ! hc->tildemapped ) (void) my_snprintf( url, sizeof(url), "/%.100s%.200s", hc->hostname == (char*) 0 ? hc->hs->server_hostname : hc->hostname, hc->encodedurl ); else (void) my_snprintf( url, sizeof(url), "%.200s", hc->encodedurl ); /* Format the bytes. */ if ( hc->bytes_sent >= 0 ) (void) my_snprintf( bytes, sizeof(bytes), "%lld", (long long) hc->bytes_sent ); else (void) strcpy( bytes, "-" ); /* Logfile or syslog? */ if ( hc->hs->logfp != (FILE*) 0 ) { time_t now; struct tm* t; const char* cernfmt_nozone = "%d/%b/%Y:%H:%M:%S"; char date_nozone[100]; int zone; char sign; char date[100]; /* Get the current time, if necessary. */ if ( nowP != (struct timeval*) 0 ) now = nowP->tv_sec; else now = time( (time_t*) 0 ); /* Format the time, forcing a numeric timezone (some log analyzers ** are stoooopid about this). */ t = localtime( &now ); (void) strftime( date_nozone, sizeof(date_nozone), cernfmt_nozone, t ); #ifdef HAVE_TM_GMTOFF zone = t->tm_gmtoff / 60L; #else zone = -timezone / 60L; /* Probably have to add something about daylight time here. */ #endif if ( zone >= 0 ) sign = '+'; else { sign = '-'; zone = -zone; } zone = ( zone / 60 ) * 100 + zone % 60; (void) my_snprintf( date, sizeof(date), "%s %c%04d", date_nozone, sign, zone ); /* And write the log entry. */ (void) fprintf( hc->hs->logfp, "%.80s - %.80s [%s] \"%.80s %.300s %.80s\" %d %s \"%.200s\" \"%.200s\"\n", httpd_ntoa( &hc->client_addr ), ru, date, httpd_method_str( hc->method ), url, hc->protocol, hc->status, bytes, hc->referrer, hc->useragent ); #ifdef FLUSH_LOG_EVERY_TIME (void) fflush( hc->hs->logfp ); #endif } else syslog( LOG_INFO, "%.80s - %.80s \"%.80s %.200s %.80s\" %d %s \"%.200s\" \"%.200s\"", httpd_ntoa( &hc->client_addr ), ru, httpd_method_str( hc->method ), url, hc->protocol, hc->status, bytes, hc->referrer, hc->useragent ); } /* Returns 1 if ok to serve the url, 0 if not. */ static int check_referrer( httpd_conn* hc ) { int r; char* cp; /* Are we doing referrer checking at all? */ if ( hc->hs->url_pattern == (char*) 0 ) return 1; r = really_check_referrer( hc ); if ( ! r ) { if ( hc->hs->vhost && hc->hostname != (char*) 0 ) cp = hc->hostname; else cp = hc->hs->server_hostname; if ( cp == (char*) 0 ) cp = ""; syslog( LOG_INFO, "%.80s non-local referrer \"%.80s%.80s\" \"%.80s\"", httpd_ntoa( &hc->client_addr ), cp, hc->encodedurl, hc->referrer ); httpd_send_err( hc, 403, err403title, "", ERROR_FORM( err403form, "You must supply a local referrer to get URL '%.80s' from this server.\n" ), hc->encodedurl ); } return r; } /* Returns 1 if ok to serve the url, 0 if not. */ static int really_check_referrer( httpd_conn* hc ) { httpd_server* hs; char* cp1; char* cp2; char* cp3; static char* refhost = (char*) 0; static size_t refhost_size = 0; char *lp; hs = hc->hs; /* Check for an empty referrer. */ if ( hc->referrer == (char*) 0 || hc->referrer[0] == '\0' || ( cp1 = strstr( hc->referrer, "//" ) ) == (char*) 0 ) { /* Disallow if we require a referrer and the url matches. */ if ( hs->no_empty_referrers && match( hs->url_pattern, hc->origfilename ) ) return 0; /* Otherwise ok. */ return 1; } /* Extract referrer host. */ cp1 += 2; for ( cp2 = cp1; *cp2 != '/' && *cp2 != ':' && *cp2 != '\0'; ++cp2 ) continue; httpd_realloc_str( &refhost, &refhost_size, cp2 - cp1 ); for ( cp3 = refhost; cp1 < cp2; ++cp1, ++cp3 ) if ( isupper(*cp1) ) *cp3 = tolower(*cp1); else *cp3 = *cp1; *cp3 = '\0'; /* Local pattern? */ if ( hs->local_pattern != (char*) 0 ) lp = hs->local_pattern; else { /* No local pattern. What's our hostname? */ if ( ! hs->vhost ) { /* Not vhosting, use the server name. */ lp = hs->server_hostname; if ( lp == (char*) 0 ) /* Couldn't figure out local hostname - give up. */ return 1; } else { /* We are vhosting, use the hostname on this connection. */ lp = hc->hostname; if ( lp == (char*) 0 ) /* Oops, no hostname. Maybe it's an old browser that ** doesn't send a Host: header. We could figure out ** the default hostname for this IP address, but it's ** not worth it for the few requests like this. */ return 1; } } /* If the referrer host doesn't match the local host pattern, and ** the filename does match the url pattern, it's an illegal reference. */ if ( ! match( lp, refhost ) && match( hs->url_pattern, hc->origfilename ) ) return 0; /* Otherwise ok. */ return 1; } char* httpd_ntoa( httpd_sockaddr* saP ) { #ifdef USE_IPV6 static char str[200]; if ( getnameinfo( &saP->sa, sockaddr_len( saP ), str, sizeof(str), 0, 0, NI_NUMERICHOST ) != 0 ) { str[0] = '?'; str[1] = '\0'; } else if ( IN6_IS_ADDR_V4MAPPED( &saP->sa_in6.sin6_addr ) && strncmp( str, "::ffff:", 7 ) == 0 ) /* Elide IPv6ish prefix for IPv4 addresses. */ (void) ol_strcpy( str, &str[7] ); return str; #else /* USE_IPV6 */ return inet_ntoa( saP->sa_in.sin_addr ); #endif /* USE_IPV6 */ } static int sockaddr_check( httpd_sockaddr* saP ) { switch ( saP->sa.sa_family ) { case AF_INET: return 1; #ifdef USE_IPV6 case AF_INET6: return 1; #endif /* USE_IPV6 */ default: return 0; } } static size_t sockaddr_len( httpd_sockaddr* saP ) { switch ( saP->sa.sa_family ) { case AF_INET: return sizeof(struct sockaddr_in); #ifdef USE_IPV6 case AF_INET6: return sizeof(struct sockaddr_in6); #endif /* USE_IPV6 */ default: return 0; /* shouldn't happen */ } } /* Some systems don't have snprintf(), so we make our own that uses ** either vsnprintf() or vsprintf(). If your system doesn't have ** vsnprintf(), it is probably vulnerable to buffer overruns. ** Upgrade! */ static int my_snprintf( char* str, size_t size, const char* format, ... ) { va_list ap; int r; va_start( ap, format ); #ifdef HAVE_VSNPRINTF r = vsnprintf( str, size, format, ap ); #else /* HAVE_VSNPRINTF */ r = vsprintf( str, format, ap ); #endif /* HAVE_VSNPRINTF */ va_end( ap ); return r; } #ifndef HAVE_ATOLL static long long atoll( const char* str ) { long long value; long long sign; while ( isspace( *str ) ) ++str; switch ( *str ) { case '-': sign = -1; ++str; break; case '+': sign = 1; ++str; break; default: sign = 1; break; } value = 0; while ( isdigit( *str ) ) { value = value * 10 + ( *str - '0' ); ++str; } return sign * value; } #endif /* HAVE_ATOLL */ /* Read the requested buffer completely, accounting for interruptions. */ int httpd_read_fully( int fd, void* buf, size_t nbytes ) { int nread; nread = 0; while ( nread < nbytes ) { int r; r = read( fd, (char*) buf + nread, nbytes - nread ); if ( r < 0 && ( errno == EINTR || errno == EAGAIN ) ) { sleep( 1 ); continue; } if ( r < 0 ) return r; if ( r == 0 ) break; nread += r; } return nread; } /* Write the requested buffer completely, accounting for interruptions. */ int httpd_write_fully( int fd, const char* buf, size_t nbytes ) { int nwritten; nwritten = 0; while ( nwritten < nbytes ) { int r; r = write( fd, buf + nwritten, nbytes - nwritten ); if ( r < 0 && ( errno == EINTR || errno == EAGAIN ) ) { sleep( 1 ); continue; } if ( r < 0 ) return r; if ( r == 0 ) break; nwritten += r; } return nwritten; } /* Generate debugging statistics syslog message. */ void httpd_logstats( long secs ) { if ( str_alloc_count > 0 ) syslog( LOG_NOTICE, " libhttpd - %d strings allocated, %lu bytes (%g bytes/str)", str_alloc_count, (unsigned long) str_alloc_size, (float) str_alloc_size / str_alloc_count ); }