bozohttpd.c revision 1.89
1 1.89 mrg /* $NetBSD: bozohttpd.c,v 1.89 2018/11/19 04:12:22 mrg Exp $ */ 2 1.3 tls 3 1.30 mrg /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ 4 1.1 tls 5 1.1 tls /* 6 1.85 mrg * Copyright (c) 1997-2017 Matthew R. Green 7 1.1 tls * All rights reserved. 8 1.1 tls * 9 1.1 tls * Redistribution and use in source and binary forms, with or without 10 1.1 tls * modification, are permitted provided that the following conditions 11 1.1 tls * are met: 12 1.1 tls * 1. Redistributions of source code must retain the above copyright 13 1.1 tls * notice, this list of conditions and the following disclaimer. 14 1.1 tls * 2. Redistributions in binary form must reproduce the above copyright 15 1.1 tls * notice, this list of conditions and the following disclaimer and 16 1.1 tls * dedication in the documentation and/or other materials provided 17 1.1 tls * with the distribution. 18 1.1 tls * 19 1.1 tls * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 1.1 tls * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 1.1 tls * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 1.1 tls * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 1.1 tls * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 1.1 tls * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 1.1 tls * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 26 1.1 tls * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 1.1 tls * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 1.1 tls * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 1.1 tls * SUCH DAMAGE. 30 1.1 tls * 31 1.1 tls */ 32 1.1 tls 33 1.1 tls /* this program is dedicated to the Great God of Processed Cheese */ 34 1.1 tls 35 1.1 tls /* 36 1.1 tls * bozohttpd.c: minimal httpd; provides only these features: 37 1.1 tls * - HTTP/0.9 (by virtue of ..) 38 1.1 tls * - HTTP/1.0 39 1.1 tls * - HTTP/1.1 40 1.1 tls * - CGI/1.1 this will only be provided for "system" scripts 41 1.1 tls * - automatic "missing trailing slash" redirections 42 1.1 tls * - configurable translation of /~user/ to ~user/public_html, 43 1.1 tls * however, this does not include cgi-bin support 44 1.1 tls * - access lists via libwrap via inetd/tcpd 45 1.1 tls * - virtual hosting 46 1.1 tls * - not that we do not even pretend to understand MIME, but 47 1.1 tls * rely only on the HTTP specification 48 1.1 tls * - ipv6 support 49 1.1 tls * - automatic `index.html' generation 50 1.1 tls * - configurable server name 51 1.1 tls * - directory index generation 52 1.1 tls * - daemon mode (lacks libwrap support) 53 1.1 tls * - .htpasswd support 54 1.1 tls */ 55 1.1 tls 56 1.1 tls /* 57 1.1 tls * requirements for minimal http/1.1 (at least, as documented in 58 1.48 mrg * RFC 2616 (HTTP/1.1): 59 1.1 tls * 60 1.48 mrg * - 14.11: content-encoding handling. [1] 61 1.1 tls * 62 1.48 mrg * - 14.13: content-length handling. this is only a SHOULD header 63 1.1 tls * thus we could just not send it ever. [1] 64 1.1 tls * 65 1.1 tls * - 14.17: content-type handling. [1] 66 1.1 tls * 67 1.48 mrg * - 14.28: if-unmodified-since handling. if-modified-since is 68 1.48 mrg * done since, shouldn't be too hard for this one. 69 1.1 tls * 70 1.1 tls * [1] need to revisit to ensure proper behaviour 71 1.1 tls * 72 1.1 tls * and the following is a list of features that we do not need 73 1.1 tls * to have due to other limits, or are too lazy. there are more 74 1.1 tls * of these than are listed, but these are of particular note, 75 1.1 tls * and could perhaps be implemented. 76 1.1 tls * 77 1.1 tls * - 3.5/3.6: content/transfer codings. probably can ignore 78 1.1 tls * this? we "SHOULD"n't. but 4.4 says we should ignore a 79 1.1 tls * `content-length' header upon reciept of a `transfer-encoding' 80 1.1 tls * header. 81 1.1 tls * 82 1.1 tls * - 5.1.1: request methods. only MUST support GET and HEAD, 83 1.1 tls * but there are new ones besides POST that are currently 84 1.1 tls * supported: OPTIONS PUT DELETE TRACE and CONNECT, plus 85 1.1 tls * extensions not yet known? 86 1.1 tls * 87 1.1 tls * - 10.1: we can ignore informational status codes 88 1.1 tls * 89 1.1 tls * - 10.3.3/10.3.4/10.3.8: just use '302' codes always. 90 1.1 tls * 91 1.48 mrg * - 14.1/14.2/14.3/14.27: we do not support Accept: headers. 92 1.1 tls * just ignore them and send the request anyway. they are 93 1.1 tls * only SHOULD. 94 1.1 tls * 95 1.48 mrg * - 14.5/14.16/14.35: only support simple ranges: %d- and %d-%d 96 1.48 mrg * would be nice to support more. 97 1.1 tls * 98 1.1 tls * - 14.9: we aren't a cache. 99 1.1 tls * 100 1.48 mrg * - 14.15: content-md5 would be nice. 101 1.42 mbalmer * 102 1.48 mrg * - 14.24/14.26/14.27: if-match, if-none-match, if-range. be 103 1.48 mrg * nice to support this. 104 1.1 tls * 105 1.48 mrg * - 14.44: Vary: seems unneeded. ignore it for now. 106 1.1 tls */ 107 1.1 tls 108 1.1 tls #ifndef INDEX_HTML 109 1.1 tls #define INDEX_HTML "index.html" 110 1.1 tls #endif 111 1.1 tls #ifndef SERVER_SOFTWARE 112 1.89 mrg #define SERVER_SOFTWARE "bozohttpd/20181118" 113 1.1 tls #endif 114 1.1 tls #ifndef DIRECT_ACCESS_FILE 115 1.1 tls #define DIRECT_ACCESS_FILE ".bzdirect" 116 1.1 tls #endif 117 1.1 tls #ifndef REDIRECT_FILE 118 1.1 tls #define REDIRECT_FILE ".bzredirect" 119 1.1 tls #endif 120 1.1 tls #ifndef ABSREDIRECT_FILE 121 1.1 tls #define ABSREDIRECT_FILE ".bzabsredirect" 122 1.1 tls #endif 123 1.88 martin #ifndef REMAP_FILE 124 1.88 martin #define REMAP_FILE ".bzremap" 125 1.88 martin #endif 126 1.88 martin 127 1.88 martin /* 128 1.88 martin * When you add some .bz* file, make sure to also check it in 129 1.88 martin * bozo_check_special_files() 130 1.88 martin */ 131 1.88 martin 132 1.16 mrg #ifndef PUBLIC_HTML 133 1.16 mrg #define PUBLIC_HTML "public_html" 134 1.16 mrg #endif 135 1.16 mrg 136 1.16 mrg #ifndef USE_ARG 137 1.16 mrg #define USE_ARG(x) /*LINTED*/(void)&(x) 138 1.16 mrg #endif 139 1.1 tls 140 1.1 tls /* 141 1.1 tls * And so it begins .. 142 1.1 tls */ 143 1.1 tls 144 1.1 tls #include <sys/param.h> 145 1.1 tls #include <sys/socket.h> 146 1.1 tls #include <sys/time.h> 147 1.1 tls #include <sys/mman.h> 148 1.1 tls 149 1.1 tls #include <arpa/inet.h> 150 1.1 tls 151 1.1 tls #include <ctype.h> 152 1.1 tls #include <dirent.h> 153 1.1 tls #include <errno.h> 154 1.1 tls #include <fcntl.h> 155 1.1 tls #include <netdb.h> 156 1.1 tls #include <pwd.h> 157 1.1 tls #include <grp.h> 158 1.1 tls #include <signal.h> 159 1.1 tls #include <stdarg.h> 160 1.1 tls #include <stdlib.h> 161 1.88 martin #include <stdbool.h> 162 1.1 tls #include <string.h> 163 1.1 tls #include <syslog.h> 164 1.1 tls #include <time.h> 165 1.1 tls #include <unistd.h> 166 1.1 tls 167 1.1 tls #include "bozohttpd.h" 168 1.1 tls 169 1.1 tls #ifndef MAX_WAIT_TIME 170 1.1 tls #define MAX_WAIT_TIME 60 /* hang around for 60 seconds max */ 171 1.1 tls #endif 172 1.1 tls 173 1.1 tls /* variables and functions */ 174 1.1 tls #ifndef LOG_FTP 175 1.1 tls #define LOG_FTP LOG_DAEMON 176 1.1 tls #endif 177 1.1 tls 178 1.1 tls volatile sig_atomic_t alarmhit; 179 1.1 tls 180 1.16 mrg /* 181 1.16 mrg * check there's enough space in the prefs and names arrays. 182 1.16 mrg */ 183 1.16 mrg static int 184 1.73 mrg size_arrays(bozoprefs_t *bozoprefs, size_t needed) 185 1.16 mrg { 186 1.16 mrg char **temp; 187 1.1 tls 188 1.16 mrg if (bozoprefs->size == 0) { 189 1.16 mrg /* only get here first time around */ 190 1.73 mrg bozoprefs->name = calloc(sizeof(char *), needed); 191 1.73 mrg if (bozoprefs->name == NULL) 192 1.16 mrg return 0; 193 1.73 mrg bozoprefs->value = calloc(sizeof(char *), needed); 194 1.73 mrg if (bozoprefs->value == NULL) { 195 1.16 mrg free(bozoprefs->name); 196 1.16 mrg return 0; 197 1.16 mrg } 198 1.73 mrg bozoprefs->size = needed; 199 1.73 mrg } else if (bozoprefs->count == bozoprefs->size) { 200 1.16 mrg /* only uses 'needed' when filled array */ 201 1.16 mrg temp = realloc(bozoprefs->name, sizeof(char *) * needed); 202 1.73 mrg if (temp == NULL) 203 1.16 mrg return 0; 204 1.16 mrg bozoprefs->name = temp; 205 1.16 mrg temp = realloc(bozoprefs->value, sizeof(char *) * needed); 206 1.73 mrg if (temp == NULL) 207 1.16 mrg return 0; 208 1.16 mrg bozoprefs->value = temp; 209 1.73 mrg bozoprefs->size += needed; 210 1.16 mrg } 211 1.16 mrg return 1; 212 1.16 mrg } 213 1.1 tls 214 1.73 mrg static ssize_t 215 1.16 mrg findvar(bozoprefs_t *bozoprefs, const char *name) 216 1.16 mrg { 217 1.73 mrg size_t i; 218 1.1 tls 219 1.73 mrg for (i = 0; i < bozoprefs->count; i++) 220 1.73 mrg if (strcmp(bozoprefs->name[i], name) == 0) 221 1.73 mrg return (ssize_t)i; 222 1.73 mrg return -1; 223 1.1 tls } 224 1.1 tls 225 1.1 tls int 226 1.73 mrg bozo_set_pref(bozohttpd_t *httpd, bozoprefs_t *bozoprefs, 227 1.73 mrg const char *name, const char *value) 228 1.1 tls { 229 1.73 mrg ssize_t i; 230 1.1 tls 231 1.16 mrg if ((i = findvar(bozoprefs, name)) < 0) { 232 1.16 mrg /* add the element to the array */ 233 1.73 mrg if (!size_arrays(bozoprefs, bozoprefs->size + 15)) 234 1.73 mrg return 0; 235 1.73 mrg i = bozoprefs->count++; 236 1.73 mrg bozoprefs->name[i] = bozostrdup(httpd, NULL, name); 237 1.16 mrg } else { 238 1.16 mrg /* replace the element in the array */ 239 1.16 mrg if (bozoprefs->value[i]) { 240 1.16 mrg free(bozoprefs->value[i]); 241 1.16 mrg bozoprefs->value[i] = NULL; 242 1.1 tls } 243 1.1 tls } 244 1.73 mrg bozoprefs->value[i] = bozostrdup(httpd, NULL, value); 245 1.16 mrg return 1; 246 1.16 mrg } 247 1.1 tls 248 1.16 mrg /* 249 1.16 mrg * get a variable's value, or NULL 250 1.16 mrg */ 251 1.16 mrg char * 252 1.16 mrg bozo_get_pref(bozoprefs_t *bozoprefs, const char *name) 253 1.16 mrg { 254 1.73 mrg ssize_t i; 255 1.1 tls 256 1.73 mrg i = findvar(bozoprefs, name); 257 1.73 mrg return i < 0 ? NULL : bozoprefs->value[i]; 258 1.1 tls } 259 1.1 tls 260 1.1 tls char * 261 1.16 mrg bozo_http_date(char *date, size_t datelen) 262 1.1 tls { 263 1.1 tls struct tm *tm; 264 1.1 tls time_t now; 265 1.1 tls 266 1.1 tls /* Sun, 06 Nov 1994 08:49:37 GMT */ 267 1.1 tls now = time(NULL); 268 1.1 tls tm = gmtime(&now); /* HTTP/1.1 spec rev 06 sez GMT only */ 269 1.16 mrg strftime(date, datelen, "%a, %d %b %Y %H:%M:%S GMT", tm); 270 1.1 tls return date; 271 1.1 tls } 272 1.1 tls 273 1.1 tls /* 274 1.12 mrg * convert "in" into the three parts of a request (first line). 275 1.12 mrg * we allocate into file and query, but return pointers into 276 1.12 mrg * "in" for proto and method. 277 1.1 tls */ 278 1.1 tls static void 279 1.16 mrg parse_request(bozohttpd_t *httpd, char *in, char **method, char **file, 280 1.16 mrg char **query, char **proto) 281 1.1 tls { 282 1.1 tls ssize_t len; 283 1.1 tls char *val; 284 1.16 mrg 285 1.16 mrg USE_ARG(httpd); 286 1.16 mrg debug((httpd, DEBUG_EXPLODING, "parse in: %s", in)); 287 1.12 mrg *method = *file = *query = *proto = NULL; 288 1.1 tls 289 1.1 tls len = (ssize_t)strlen(in); 290 1.6 mrg val = bozostrnsep(&in, " \t\n\r", &len); 291 1.1 tls if (len < 1 || val == NULL) 292 1.1 tls return; 293 1.1 tls *method = val; 294 1.12 mrg 295 1.1 tls while (*in == ' ' || *in == '\t') 296 1.1 tls in++; 297 1.6 mrg val = bozostrnsep(&in, " \t\n\r", &len); 298 1.1 tls if (len < 1) { 299 1.1 tls if (len == 0) 300 1.9 tls *file = val; 301 1.1 tls else 302 1.9 tls *file = in; 303 1.16 mrg } else { 304 1.16 mrg *file = val; 305 1.9 tls 306 1.16 mrg *query = strchr(*file, '?'); 307 1.16 mrg if (*query) 308 1.16 mrg *(*query)++ = '\0'; 309 1.16 mrg 310 1.16 mrg if (in) { 311 1.16 mrg while (*in && (*in == ' ' || *in == '\t')) 312 1.16 mrg in++; 313 1.16 mrg if (*in) 314 1.16 mrg *proto = in; 315 1.16 mrg } 316 1.12 mrg } 317 1.12 mrg 318 1.12 mrg /* allocate private copies */ 319 1.73 mrg *file = bozostrdup(httpd, NULL, *file); 320 1.12 mrg if (*query) 321 1.73 mrg *query = bozostrdup(httpd, NULL, *query); 322 1.12 mrg 323 1.16 mrg debug((httpd, DEBUG_FAT, 324 1.16 mrg "url: method: \"%s\" file: \"%s\" query: \"%s\" proto: \"%s\"", 325 1.16 mrg *method, *file, *query, *proto)); 326 1.1 tls } 327 1.1 tls 328 1.1 tls /* 329 1.16 mrg * cleanup a bozo_httpreq_t after use 330 1.1 tls */ 331 1.16 mrg void 332 1.16 mrg bozo_clean_request(bozo_httpreq_t *request) 333 1.1 tls { 334 1.16 mrg struct bozoheaders *hdr, *ohdr = NULL; 335 1.12 mrg 336 1.12 mrg if (request == NULL) 337 1.12 mrg return; 338 1.12 mrg 339 1.21 mrg /* If SSL enabled cleanup SSL structure. */ 340 1.22 mrg bozo_ssl_destroy(request->hr_httpd); 341 1.21 mrg 342 1.12 mrg /* clean up request */ 343 1.51 shm free(request->hr_remotehost); 344 1.51 shm free(request->hr_remoteaddr); 345 1.51 shm free(request->hr_serverport); 346 1.51 shm free(request->hr_virthostname); 347 1.51 shm free(request->hr_file); 348 1.51 shm free(request->hr_oldfile); 349 1.51 shm free(request->hr_query); 350 1.51 shm free(request->hr_host); 351 1.67 shm bozo_user_free(request->hr_user); 352 1.16 mrg bozo_auth_cleanup(request); 353 1.12 mrg for (hdr = SIMPLEQ_FIRST(&request->hr_headers); hdr; 354 1.12 mrg hdr = SIMPLEQ_NEXT(hdr, h_next)) { 355 1.12 mrg free(hdr->h_value); 356 1.12 mrg free(hdr->h_header); 357 1.44 mbalmer free(ohdr); 358 1.12 mrg ohdr = hdr; 359 1.12 mrg } 360 1.79 elric free(ohdr); 361 1.79 elric ohdr = NULL; 362 1.78 elric for (hdr = SIMPLEQ_FIRST(&request->hr_replheaders); hdr; 363 1.78 elric hdr = SIMPLEQ_NEXT(hdr, h_next)) { 364 1.78 elric free(hdr->h_value); 365 1.78 elric free(hdr->h_header); 366 1.78 elric free(ohdr); 367 1.78 elric ohdr = hdr; 368 1.78 elric } 369 1.44 mbalmer free(ohdr); 370 1.12 mrg 371 1.12 mrg free(request); 372 1.12 mrg } 373 1.12 mrg 374 1.12 mrg /* 375 1.16 mrg * send a HTTP/1.1 408 response if we timeout. 376 1.16 mrg */ 377 1.16 mrg /* ARGSUSED */ 378 1.16 mrg static void 379 1.16 mrg alarmer(int sig) 380 1.16 mrg { 381 1.16 mrg alarmhit = 1; 382 1.16 mrg } 383 1.16 mrg 384 1.16 mrg /* 385 1.78 elric * a list of header quirks: currently, a list of headers that 386 1.78 elric * can't be folded into a single line. 387 1.78 elric */ 388 1.78 elric const char *header_quirks[] = { "WWW-Authenticate", NULL }; 389 1.78 elric 390 1.78 elric /* 391 1.16 mrg * add or merge this header (val: str) into the requests list 392 1.16 mrg */ 393 1.16 mrg static bozoheaders_t * 394 1.78 elric addmerge_header(bozo_httpreq_t *request, struct qheaders *headers, 395 1.78 elric const char *val, const char *str, ssize_t len) 396 1.16 mrg { 397 1.73 mrg struct bozohttpd_t *httpd = request->hr_httpd; 398 1.78 elric struct bozoheaders *hdr = NULL; 399 1.78 elric const char **quirk; 400 1.16 mrg 401 1.16 mrg USE_ARG(len); 402 1.78 elric for (quirk = header_quirks; *quirk; quirk++) 403 1.78 elric if (strcasecmp(*quirk, val) == 0) 404 1.16 mrg break; 405 1.78 elric 406 1.78 elric if (*quirk == NULL) { 407 1.78 elric /* do we exist already? */ 408 1.78 elric SIMPLEQ_FOREACH(hdr, headers, h_next) { 409 1.78 elric if (strcasecmp(val, hdr->h_header) == 0) 410 1.78 elric break; 411 1.78 elric } 412 1.16 mrg } 413 1.16 mrg 414 1.16 mrg if (hdr) { 415 1.16 mrg /* yup, merge it in */ 416 1.16 mrg char *nval; 417 1.16 mrg 418 1.75 mrg bozoasprintf(httpd, &nval, "%s, %s", hdr->h_value, str); 419 1.16 mrg free(hdr->h_value); 420 1.16 mrg hdr->h_value = nval; 421 1.16 mrg } else { 422 1.16 mrg /* nope, create a new one */ 423 1.16 mrg 424 1.73 mrg hdr = bozomalloc(httpd, sizeof *hdr); 425 1.73 mrg hdr->h_header = bozostrdup(httpd, request, val); 426 1.16 mrg if (str && *str) 427 1.73 mrg hdr->h_value = bozostrdup(httpd, request, str); 428 1.16 mrg else 429 1.73 mrg hdr->h_value = bozostrdup(httpd, request, " "); 430 1.16 mrg 431 1.78 elric SIMPLEQ_INSERT_TAIL(headers, hdr, h_next); 432 1.16 mrg request->hr_nheaders++; 433 1.16 mrg } 434 1.16 mrg 435 1.16 mrg return hdr; 436 1.16 mrg } 437 1.16 mrg 438 1.78 elric bozoheaders_t * 439 1.78 elric addmerge_reqheader(bozo_httpreq_t *request, const char *val, const char *str, 440 1.78 elric ssize_t len) 441 1.78 elric { 442 1.78 elric 443 1.78 elric return addmerge_header(request, &request->hr_headers, val, str, len); 444 1.78 elric } 445 1.78 elric 446 1.78 elric bozoheaders_t * 447 1.78 elric addmerge_replheader(bozo_httpreq_t *request, const char *val, const char *str, 448 1.78 elric ssize_t len) 449 1.78 elric { 450 1.78 elric 451 1.78 elric return addmerge_header(request, &request->hr_replheaders, 452 1.78 elric val, str, len); 453 1.78 elric } 454 1.78 elric 455 1.16 mrg /* 456 1.16 mrg * as the prototype string is not constant (eg, "HTTP/1.1" is equivalent 457 1.16 mrg * to "HTTP/001.01"), we MUST parse this. 458 1.16 mrg */ 459 1.16 mrg static int 460 1.16 mrg process_proto(bozo_httpreq_t *request, const char *proto) 461 1.16 mrg { 462 1.73 mrg struct bozohttpd_t *httpd = request->hr_httpd; 463 1.16 mrg char majorstr[16], *minorstr; 464 1.16 mrg int majorint, minorint; 465 1.16 mrg 466 1.16 mrg if (proto == NULL) { 467 1.16 mrg got_proto_09: 468 1.73 mrg request->hr_proto = httpd->consts.http_09; 469 1.73 mrg debug((httpd, DEBUG_FAT, "request %s is http/0.9", 470 1.16 mrg request->hr_file)); 471 1.16 mrg return 0; 472 1.16 mrg } 473 1.16 mrg 474 1.16 mrg if (strncasecmp(proto, "HTTP/", 5) != 0) 475 1.16 mrg goto bad; 476 1.16 mrg strncpy(majorstr, proto + 5, sizeof majorstr); 477 1.16 mrg majorstr[sizeof(majorstr)-1] = 0; 478 1.16 mrg minorstr = strchr(majorstr, '.'); 479 1.16 mrg if (minorstr == NULL) 480 1.16 mrg goto bad; 481 1.16 mrg *minorstr++ = 0; 482 1.16 mrg 483 1.16 mrg majorint = atoi(majorstr); 484 1.16 mrg minorint = atoi(minorstr); 485 1.16 mrg 486 1.16 mrg switch (majorint) { 487 1.16 mrg case 0: 488 1.16 mrg if (minorint != 9) 489 1.16 mrg break; 490 1.16 mrg goto got_proto_09; 491 1.16 mrg case 1: 492 1.16 mrg if (minorint == 0) 493 1.73 mrg request->hr_proto = httpd->consts.http_10; 494 1.16 mrg else if (minorint == 1) 495 1.73 mrg request->hr_proto = httpd->consts.http_11; 496 1.16 mrg else 497 1.16 mrg break; 498 1.16 mrg 499 1.73 mrg debug((httpd, DEBUG_FAT, "request %s is %s", 500 1.16 mrg request->hr_file, request->hr_proto)); 501 1.16 mrg SIMPLEQ_INIT(&request->hr_headers); 502 1.16 mrg request->hr_nheaders = 0; 503 1.16 mrg return 0; 504 1.16 mrg } 505 1.16 mrg bad: 506 1.73 mrg return bozo_http_error(httpd, 404, NULL, "unknown prototype"); 507 1.16 mrg } 508 1.16 mrg 509 1.16 mrg /* 510 1.16 mrg * process each type of HTTP method, setting this HTTP requests 511 1.73 mrg * method type. 512 1.16 mrg */ 513 1.16 mrg static struct method_map { 514 1.16 mrg const char *name; 515 1.16 mrg int type; 516 1.16 mrg } method_map[] = { 517 1.16 mrg { "GET", HTTP_GET, }, 518 1.16 mrg { "POST", HTTP_POST, }, 519 1.16 mrg { "HEAD", HTTP_HEAD, }, 520 1.16 mrg #if 0 /* other non-required http/1.1 methods */ 521 1.16 mrg { "OPTIONS", HTTP_OPTIONS, }, 522 1.16 mrg { "PUT", HTTP_PUT, }, 523 1.16 mrg { "DELETE", HTTP_DELETE, }, 524 1.16 mrg { "TRACE", HTTP_TRACE, }, 525 1.16 mrg { "CONNECT", HTTP_CONNECT, }, 526 1.16 mrg #endif 527 1.16 mrg { NULL, 0, }, 528 1.16 mrg }; 529 1.16 mrg 530 1.16 mrg static int 531 1.16 mrg process_method(bozo_httpreq_t *request, const char *method) 532 1.16 mrg { 533 1.73 mrg struct bozohttpd_t *httpd = request->hr_httpd; 534 1.16 mrg struct method_map *mmp; 535 1.16 mrg 536 1.73 mrg if (request->hr_proto == httpd->consts.http_11) 537 1.16 mrg request->hr_allow = "GET, HEAD, POST"; 538 1.16 mrg 539 1.16 mrg for (mmp = method_map; mmp->name; mmp++) 540 1.16 mrg if (strcasecmp(method, mmp->name) == 0) { 541 1.16 mrg request->hr_method = mmp->type; 542 1.16 mrg request->hr_methodstr = mmp->name; 543 1.16 mrg return 0; 544 1.16 mrg } 545 1.16 mrg 546 1.73 mrg return bozo_http_error(httpd, 404, request, "unknown method"); 547 1.16 mrg } 548 1.16 mrg 549 1.89 mrg /* check header byte count */ 550 1.89 mrg static int 551 1.89 mrg bozo_got_header_length(bozo_httpreq_t *request, size_t len) 552 1.89 mrg { 553 1.89 mrg request->hr_header_bytes += len; 554 1.89 mrg if (request->hr_header_bytes < BOZO_HEADERS_MAX_SIZE) 555 1.89 mrg return 0; 556 1.89 mrg 557 1.89 mrg return bozo_http_error(request->hr_httpd, 413, request, 558 1.89 mrg "too many headers"); 559 1.89 mrg } 560 1.89 mrg 561 1.16 mrg /* 562 1.1 tls * This function reads a http request from stdin, returning a pointer to a 563 1.16 mrg * bozo_httpreq_t structure, describing the request. 564 1.1 tls */ 565 1.16 mrg bozo_httpreq_t * 566 1.16 mrg bozo_read_request(bozohttpd_t *httpd) 567 1.1 tls { 568 1.1 tls struct sigaction sa; 569 1.9 tls char *str, *val, *method, *file, *proto, *query; 570 1.1 tls char *host, *addr, *port; 571 1.1 tls char bufport[10]; 572 1.1 tls char hbuf[NI_MAXHOST], abuf[NI_MAXHOST]; 573 1.1 tls struct sockaddr_storage ss; 574 1.1 tls ssize_t len; 575 1.1 tls int line = 0; 576 1.1 tls socklen_t slen; 577 1.16 mrg bozo_httpreq_t *request; 578 1.1 tls 579 1.1 tls /* 580 1.20 mrg * if we're in daemon mode, bozo_daemon_fork() will return here twice 581 1.20 mrg * for each call. once in the child, returning 0, and once in the 582 1.20 mrg * parent, returning 1. for each child, then we can setup SSL, and 583 1.20 mrg * the parent can signal the caller there was no request to process 584 1.20 mrg * and it will wait for another. 585 1.1 tls */ 586 1.20 mrg if (bozo_daemon_fork(httpd)) 587 1.20 mrg return NULL; 588 1.55 mrg if (bozo_ssl_accept(httpd)) 589 1.55 mrg return NULL; 590 1.1 tls 591 1.16 mrg request = bozomalloc(httpd, sizeof(*request)); 592 1.16 mrg memset(request, 0, sizeof(*request)); 593 1.16 mrg request->hr_httpd = httpd; 594 1.1 tls request->hr_allow = request->hr_host = NULL; 595 1.1 tls request->hr_content_type = request->hr_content_length = NULL; 596 1.6 mrg request->hr_range = NULL; 597 1.12 mrg request->hr_last_byte_pos = -1; 598 1.10 joerg request->hr_if_modified_since = NULL; 599 1.35 martin request->hr_virthostname = NULL; 600 1.12 mrg request->hr_file = NULL; 601 1.20 mrg request->hr_oldfile = NULL; 602 1.78 elric SIMPLEQ_INIT(&request->hr_replheaders); 603 1.59 shm bozo_auth_init(request); 604 1.1 tls 605 1.1 tls slen = sizeof(ss); 606 1.16 mrg if (getpeername(0, (struct sockaddr *)(void *)&ss, &slen) < 0) 607 1.1 tls host = addr = NULL; 608 1.1 tls else { 609 1.16 mrg if (getnameinfo((struct sockaddr *)(void *)&ss, slen, 610 1.1 tls abuf, sizeof abuf, NULL, 0, NI_NUMERICHOST) == 0) 611 1.1 tls addr = abuf; 612 1.1 tls else 613 1.1 tls addr = NULL; 614 1.16 mrg if (httpd->numeric == 0 && 615 1.16 mrg getnameinfo((struct sockaddr *)(void *)&ss, slen, 616 1.16 mrg hbuf, sizeof hbuf, NULL, 0, 0) == 0) 617 1.1 tls host = hbuf; 618 1.1 tls else 619 1.1 tls host = NULL; 620 1.1 tls } 621 1.1 tls if (host != NULL) 622 1.73 mrg request->hr_remotehost = bozostrdup(httpd, request, host); 623 1.1 tls if (addr != NULL) 624 1.73 mrg request->hr_remoteaddr = bozostrdup(httpd, request, addr); 625 1.1 tls slen = sizeof(ss); 626 1.29 mrg 627 1.29 mrg /* 628 1.29 mrg * Override the bound port from the request value, so it works even 629 1.29 mrg * if passed through a proxy that doesn't rewrite the port. 630 1.29 mrg */ 631 1.29 mrg if (httpd->bindport) { 632 1.29 mrg if (strcmp(httpd->bindport, "80") != 0) 633 1.29 mrg port = httpd->bindport; 634 1.1 tls else 635 1.1 tls port = NULL; 636 1.29 mrg } else { 637 1.29 mrg if (getsockname(0, (struct sockaddr *)(void *)&ss, &slen) < 0) 638 1.29 mrg port = NULL; 639 1.29 mrg else { 640 1.73 mrg if (getnameinfo((struct sockaddr *)(void *)&ss, slen, 641 1.73 mrg NULL, 0, bufport, sizeof bufport, 642 1.73 mrg NI_NUMERICSERV) == 0) 643 1.29 mrg port = bufport; 644 1.29 mrg else 645 1.29 mrg port = NULL; 646 1.29 mrg } 647 1.1 tls } 648 1.1 tls if (port != NULL) 649 1.73 mrg request->hr_serverport = bozostrdup(httpd, request, port); 650 1.1 tls 651 1.1 tls /* 652 1.1 tls * setup a timer to make sure the request is not hung 653 1.1 tls */ 654 1.1 tls sa.sa_handler = alarmer; 655 1.1 tls sigemptyset(&sa.sa_mask); 656 1.1 tls sigaddset(&sa.sa_mask, SIGALRM); 657 1.1 tls sa.sa_flags = 0; 658 1.74 mrg sigaction(SIGALRM, &sa, NULL); 659 1.1 tls 660 1.1 tls alarm(MAX_WAIT_TIME); 661 1.16 mrg while ((str = bozodgetln(httpd, STDIN_FILENO, &len, bozo_read)) != NULL) { 662 1.1 tls alarm(0); 663 1.12 mrg if (alarmhit) { 664 1.16 mrg (void)bozo_http_error(httpd, 408, NULL, 665 1.16 mrg "request timed out"); 666 1.12 mrg goto cleanup; 667 1.12 mrg } 668 1.1 tls line++; 669 1.1 tls 670 1.1 tls if (line == 1) { 671 1.1 tls 672 1.12 mrg if (len < 1) { 673 1.16 mrg (void)bozo_http_error(httpd, 404, NULL, 674 1.16 mrg "null method"); 675 1.12 mrg goto cleanup; 676 1.12 mrg } 677 1.74 mrg bozowarn(httpd, 678 1.73 mrg "got request ``%s'' from host %s to port %s", 679 1.73 mrg str, 680 1.73 mrg host ? host : addr ? addr : "<local>", 681 1.73 mrg port ? port : "<stdin>"); 682 1.1 tls 683 1.12 mrg /* we allocate return space in file and query only */ 684 1.16 mrg parse_request(httpd, str, &method, &file, &query, &proto); 685 1.12 mrg request->hr_file = file; 686 1.12 mrg request->hr_query = query; 687 1.12 mrg if (method == NULL) { 688 1.16 mrg (void)bozo_http_error(httpd, 404, NULL, 689 1.16 mrg "null method"); 690 1.12 mrg goto cleanup; 691 1.12 mrg } 692 1.12 mrg if (file == NULL) { 693 1.16 mrg (void)bozo_http_error(httpd, 404, NULL, 694 1.16 mrg "null file"); 695 1.12 mrg goto cleanup; 696 1.12 mrg } 697 1.1 tls 698 1.1 tls /* 699 1.1 tls * note that we parse the proto first, so that we 700 1.1 tls * can more properly parse the method and the url. 701 1.1 tls */ 702 1.9 tls 703 1.12 mrg if (process_proto(request, proto) || 704 1.12 mrg process_method(request, method)) { 705 1.12 mrg goto cleanup; 706 1.12 mrg } 707 1.12 mrg 708 1.16 mrg debug((httpd, DEBUG_FAT, "got file \"%s\" query \"%s\"", 709 1.12 mrg request->hr_file, 710 1.12 mrg request->hr_query ? request->hr_query : "<none>")); 711 1.1 tls 712 1.1 tls /* http/0.9 has no header processing */ 713 1.16 mrg if (request->hr_proto == httpd->consts.http_09) 714 1.1 tls break; 715 1.1 tls } else { /* incoming headers */ 716 1.16 mrg bozoheaders_t *hdr; 717 1.1 tls 718 1.1 tls if (*str == '\0') 719 1.1 tls break; 720 1.1 tls 721 1.6 mrg val = bozostrnsep(&str, ":", &len); 722 1.16 mrg debug((httpd, DEBUG_EXPLODING, 723 1.6 mrg "read_req2: after bozostrnsep: str ``%s'' val ``%s''", 724 1.1 tls str, val)); 725 1.12 mrg if (val == NULL || len == -1) { 726 1.16 mrg (void)bozo_http_error(httpd, 404, request, 727 1.16 mrg "no header"); 728 1.12 mrg goto cleanup; 729 1.12 mrg } 730 1.1 tls while (*str == ' ' || *str == '\t') 731 1.1 tls len--, str++; 732 1.6 mrg while (*val == ' ' || *val == '\t') 733 1.6 mrg val++; 734 1.1 tls 735 1.89 mrg if (bozo_got_header_length(request, len)) 736 1.89 mrg goto cleanup; 737 1.89 mrg 738 1.17 mrg if (bozo_auth_check_headers(request, val, str, len)) 739 1.1 tls goto next_header; 740 1.1 tls 741 1.78 elric hdr = addmerge_reqheader(request, val, str, len); 742 1.1 tls 743 1.1 tls if (strcasecmp(hdr->h_header, "content-type") == 0) 744 1.1 tls request->hr_content_type = hdr->h_value; 745 1.1 tls else if (strcasecmp(hdr->h_header, "content-length") == 0) 746 1.1 tls request->hr_content_length = hdr->h_value; 747 1.1 tls else if (strcasecmp(hdr->h_header, "host") == 0) 748 1.73 mrg request->hr_host = bozostrdup(httpd, request, 749 1.73 mrg hdr->h_value); 750 1.48 mrg /* RFC 2616 (HTTP/1.1): 14.20 */ 751 1.12 mrg else if (strcasecmp(hdr->h_header, "expect") == 0) { 752 1.16 mrg (void)bozo_http_error(httpd, 417, request, 753 1.16 mrg "we don't support Expect:"); 754 1.12 mrg goto cleanup; 755 1.12 mrg } 756 1.1 tls else if (strcasecmp(hdr->h_header, "referrer") == 0 || 757 1.1 tls strcasecmp(hdr->h_header, "referer") == 0) 758 1.1 tls request->hr_referrer = hdr->h_value; 759 1.6 mrg else if (strcasecmp(hdr->h_header, "range") == 0) 760 1.6 mrg request->hr_range = hdr->h_value; 761 1.16 mrg else if (strcasecmp(hdr->h_header, 762 1.16 mrg "if-modified-since") == 0) 763 1.10 joerg request->hr_if_modified_since = hdr->h_value; 764 1.31 elric else if (strcasecmp(hdr->h_header, 765 1.31 elric "accept-encoding") == 0) 766 1.31 elric request->hr_accept_encoding = hdr->h_value; 767 1.1 tls 768 1.16 mrg debug((httpd, DEBUG_FAT, "adding header %s: %s", 769 1.1 tls hdr->h_header, hdr->h_value)); 770 1.1 tls } 771 1.1 tls next_header: 772 1.1 tls alarm(MAX_WAIT_TIME); 773 1.1 tls } 774 1.1 tls 775 1.1 tls /* now, clear it all out */ 776 1.1 tls alarm(0); 777 1.1 tls signal(SIGALRM, SIG_DFL); 778 1.1 tls 779 1.1 tls /* RFC1945, 8.3 */ 780 1.16 mrg if (request->hr_method == HTTP_POST && 781 1.16 mrg request->hr_content_length == NULL) { 782 1.16 mrg (void)bozo_http_error(httpd, 400, request, 783 1.16 mrg "missing content length"); 784 1.12 mrg goto cleanup; 785 1.12 mrg } 786 1.1 tls 787 1.48 mrg /* RFC 2616 (HTTP/1.1), 14.23 & 19.6.1.1 */ 788 1.16 mrg if (request->hr_proto == httpd->consts.http_11 && 789 1.48 mrg /*(strncasecmp(request->hr_file, "http://", 7) != 0) &&*/ 790 1.16 mrg request->hr_host == NULL) { 791 1.16 mrg (void)bozo_http_error(httpd, 400, request, 792 1.16 mrg "missing Host header"); 793 1.12 mrg goto cleanup; 794 1.12 mrg } 795 1.12 mrg 796 1.12 mrg if (request->hr_range != NULL) { 797 1.16 mrg debug((httpd, DEBUG_FAT, "hr_range: %s", request->hr_range)); 798 1.12 mrg /* support only simple ranges %d- and %d-%d */ 799 1.12 mrg if (strchr(request->hr_range, ',') == NULL) { 800 1.12 mrg const char *rstart, *dash; 801 1.12 mrg 802 1.12 mrg rstart = strchr(request->hr_range, '='); 803 1.12 mrg if (rstart != NULL) { 804 1.12 mrg rstart++; 805 1.12 mrg dash = strchr(rstart, '-'); 806 1.12 mrg if (dash != NULL && dash != rstart) { 807 1.12 mrg dash++; 808 1.12 mrg request->hr_have_range = 1; 809 1.12 mrg request->hr_first_byte_pos = 810 1.12 mrg strtoll(rstart, NULL, 10); 811 1.12 mrg if (request->hr_first_byte_pos < 0) 812 1.12 mrg request->hr_first_byte_pos = 0; 813 1.12 mrg if (*dash != '\0') { 814 1.12 mrg request->hr_last_byte_pos = 815 1.12 mrg strtoll(dash, NULL, 10); 816 1.12 mrg if (request->hr_last_byte_pos < 0) 817 1.12 mrg request->hr_last_byte_pos = -1; 818 1.12 mrg } 819 1.12 mrg } 820 1.12 mrg } 821 1.12 mrg } 822 1.12 mrg } 823 1.1 tls 824 1.16 mrg debug((httpd, DEBUG_FAT, "bozo_read_request returns url %s in request", 825 1.16 mrg request->hr_file)); 826 1.16 mrg return request; 827 1.1 tls 828 1.16 mrg cleanup: 829 1.16 mrg bozo_clean_request(request); 830 1.1 tls 831 1.16 mrg return NULL; 832 1.1 tls } 833 1.1 tls 834 1.10 joerg static int 835 1.16 mrg mmap_and_write_part(bozohttpd_t *httpd, int fd, off_t first_byte_pos, size_t sz) 836 1.12 mrg { 837 1.14 mrg size_t mappedsz, wroffset; 838 1.14 mrg off_t mappedoffset; 839 1.12 mrg char *addr; 840 1.14 mrg void *mappedaddr; 841 1.14 mrg 842 1.14 mrg /* 843 1.14 mrg * we need to ensure that both the size *and* offset arguments to 844 1.14 mrg * mmap() are page-aligned. our formala for this is: 845 1.14 mrg * 846 1.14 mrg * input offset: first_byte_pos 847 1.14 mrg * input size: sz 848 1.14 mrg * 849 1.14 mrg * mapped offset = page align truncate (input offset) 850 1.14 mrg * mapped size = 851 1.14 mrg * page align extend (input offset - mapped offset + input size) 852 1.14 mrg * write offset = input offset - mapped offset 853 1.14 mrg * 854 1.14 mrg * we use the write offset in all writes 855 1.14 mrg */ 856 1.16 mrg mappedoffset = first_byte_pos & ~(httpd->page_size - 1); 857 1.16 mrg mappedsz = (size_t) 858 1.16 mrg (first_byte_pos - mappedoffset + sz + httpd->page_size - 1) & 859 1.16 mrg ~(httpd->page_size - 1); 860 1.16 mrg wroffset = (size_t)(first_byte_pos - mappedoffset); 861 1.12 mrg 862 1.14 mrg addr = mmap(0, mappedsz, PROT_READ, MAP_SHARED, fd, mappedoffset); 863 1.12 mrg if (addr == (char *)-1) { 864 1.74 mrg bozowarn(httpd, "mmap failed: %s", strerror(errno)); 865 1.12 mrg return -1; 866 1.12 mrg } 867 1.14 mrg mappedaddr = addr; 868 1.12 mrg 869 1.12 mrg #ifdef MADV_SEQUENTIAL 870 1.12 mrg (void)madvise(addr, sz, MADV_SEQUENTIAL); 871 1.12 mrg #endif 872 1.16 mrg while (sz > BOZO_WRSZ) { 873 1.16 mrg if (bozo_write(httpd, STDOUT_FILENO, addr + wroffset, 874 1.16 mrg BOZO_WRSZ) != BOZO_WRSZ) { 875 1.74 mrg bozowarn(httpd, "write failed: %s", strerror(errno)); 876 1.12 mrg goto out; 877 1.12 mrg } 878 1.16 mrg debug((httpd, DEBUG_OBESE, "wrote %d bytes", BOZO_WRSZ)); 879 1.16 mrg sz -= BOZO_WRSZ; 880 1.16 mrg addr += BOZO_WRSZ; 881 1.16 mrg } 882 1.16 mrg if (sz && (size_t)bozo_write(httpd, STDOUT_FILENO, addr + wroffset, 883 1.16 mrg sz) != sz) { 884 1.74 mrg bozowarn(httpd, "final write failed: %s", strerror(errno)); 885 1.12 mrg goto out; 886 1.12 mrg } 887 1.16 mrg debug((httpd, DEBUG_OBESE, "wrote %d bytes", (int)sz)); 888 1.12 mrg out: 889 1.14 mrg if (munmap(mappedaddr, mappedsz) < 0) { 890 1.74 mrg bozowarn(httpd, "munmap failed"); 891 1.12 mrg return -1; 892 1.12 mrg } 893 1.12 mrg 894 1.12 mrg return 0; 895 1.12 mrg } 896 1.12 mrg 897 1.12 mrg static int 898 1.10 joerg parse_http_date(const char *val, time_t *timestamp) 899 1.10 joerg { 900 1.10 joerg char *remainder; 901 1.10 joerg struct tm tm; 902 1.10 joerg 903 1.10 joerg if ((remainder = strptime(val, "%a, %d %b %Y %T GMT", &tm)) == NULL && 904 1.10 joerg (remainder = strptime(val, "%a, %d-%b-%y %T GMT", &tm)) == NULL && 905 1.10 joerg (remainder = strptime(val, "%a %b %d %T %Y", &tm)) == NULL) 906 1.10 joerg return 0; /* Invalid HTTP date format */ 907 1.10 joerg 908 1.10 joerg if (*remainder) 909 1.10 joerg return 0; /* No trailing garbage */ 910 1.10 joerg 911 1.10 joerg *timestamp = timegm(&tm); 912 1.10 joerg return 1; 913 1.10 joerg } 914 1.10 joerg 915 1.1 tls /* 916 1.32 mrg * given an url, encode it ala rfc 3986. ie, escape ? and friends. 917 1.32 mrg * note that this function returns a static buffer, and thus needs 918 1.67 shm * to be updated for any sort of parallel processing. escape only 919 1.67 shm * chosen characters for absolute redirects 920 1.32 mrg */ 921 1.32 mrg char * 922 1.67 shm bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url, int absolute) 923 1.32 mrg { 924 1.32 mrg static char *buf; 925 1.32 mrg static size_t buflen = 0; 926 1.32 mrg size_t len; 927 1.32 mrg const char *s; 928 1.32 mrg char *d; 929 1.32 mrg 930 1.32 mrg len = strlen(url); 931 1.32 mrg if (buflen < len * 3 + 1) { 932 1.32 mrg buflen = len * 3 + 1; 933 1.32 mrg buf = bozorealloc(httpd, buf, buflen); 934 1.32 mrg } 935 1.42 mbalmer 936 1.33 mrg for (len = 0, s = url, d = buf; *s;) { 937 1.32 mrg if (*s & 0x80) 938 1.32 mrg goto encode_it; 939 1.32 mrg switch (*s) { 940 1.32 mrg case ':': 941 1.32 mrg case '?': 942 1.32 mrg case '#': 943 1.32 mrg case '[': 944 1.32 mrg case ']': 945 1.32 mrg case '@': 946 1.32 mrg case '!': 947 1.32 mrg case '$': 948 1.32 mrg case '&': 949 1.32 mrg case '\'': 950 1.32 mrg case '(': 951 1.32 mrg case ')': 952 1.32 mrg case '*': 953 1.32 mrg case '+': 954 1.32 mrg case ',': 955 1.32 mrg case ';': 956 1.32 mrg case '=': 957 1.33 mrg case '%': 958 1.67 shm case '"': 959 1.67 shm if (absolute) 960 1.67 shm goto leave_it; 961 1.66 shm case '\n': 962 1.66 shm case '\r': 963 1.66 shm case ' ': 964 1.32 mrg encode_it: 965 1.66 shm snprintf(d, 4, "%%%02X", *s++); 966 1.32 mrg d += 3; 967 1.32 mrg len += 3; 968 1.33 mrg break; 969 1.67 shm leave_it: 970 1.32 mrg default: 971 1.32 mrg *d++ = *s++; 972 1.32 mrg len++; 973 1.33 mrg break; 974 1.32 mrg } 975 1.32 mrg } 976 1.32 mrg buf[len] = 0; 977 1.32 mrg 978 1.32 mrg return buf; 979 1.32 mrg } 980 1.32 mrg 981 1.32 mrg /* 982 1.67 shm * do automatic redirection -- if there are query parameters or userdir for 983 1.67 shm * the URL we will tack these on to the new (redirected) URL. 984 1.16 mrg */ 985 1.16 mrg static void 986 1.74 mrg handle_redirect(bozo_httpreq_t *request, const char *url, int absolute) 987 1.16 mrg { 988 1.16 mrg bozohttpd_t *httpd = request->hr_httpd; 989 1.67 shm char *finalurl, *urlbuf; 990 1.67 shm #ifndef NO_USER_SUPPORT 991 1.67 shm char *userbuf; 992 1.67 shm #endif /* !NO_USER_SUPPORT */ 993 1.16 mrg char portbuf[20]; 994 1.76 mrg const char *scheme, *query, *quest; 995 1.35 martin const char *hostname = BOZOHOST(httpd, request); 996 1.76 mrg int absproto = 0; /* absolute redirect provides own schema */ 997 1.42 mbalmer 998 1.16 mrg if (url == NULL) { 999 1.74 mrg bozoasprintf(httpd, &urlbuf, "/%s/", request->hr_file); 1000 1.16 mrg url = urlbuf; 1001 1.16 mrg } else 1002 1.16 mrg urlbuf = NULL; 1003 1.67 shm 1004 1.67 shm #ifndef NO_USER_SUPPORT 1005 1.67 shm if (request->hr_user && !absolute) { 1006 1.74 mrg bozoasprintf(httpd, &userbuf, "/~%s%s", request->hr_user, url); 1007 1.67 shm url = userbuf; 1008 1.67 shm } else 1009 1.67 shm userbuf = NULL; 1010 1.67 shm #endif /* !NO_USER_SUPPORT */ 1011 1.67 shm 1012 1.67 shm if (absolute) { 1013 1.67 shm char *sep = NULL; 1014 1.67 shm const char *s; 1015 1.67 shm 1016 1.67 shm /* 1017 1.75 mrg * absolute redirect may specify own protocol i.e. to redirect 1018 1.75 mrg * to another schema like https:// or ftp://. 1019 1.75 mrg * Details: RFC 3986, section 3. 1020 1.67 shm */ 1021 1.67 shm 1022 1.67 shm /* 1. check if url contains :// */ 1023 1.67 shm sep = strstr(url, "://"); 1024 1.67 shm 1025 1.67 shm /* 1026 1.67 shm * RFC 3986, section 3.1: 1027 1.67 shm * scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." ) 1028 1.67 shm */ 1029 1.73 mrg if (sep) { 1030 1.67 shm for (s = url; s != sep;) { 1031 1.75 mrg if (!isalnum((int)*s) && 1032 1.75 mrg *s != '+' && *s != '-' && *s != '.') 1033 1.67 shm break; 1034 1.67 shm if (++s == sep) { 1035 1.67 shm absproto = 1; 1036 1.67 shm } 1037 1.67 shm } 1038 1.67 shm } 1039 1.67 shm } 1040 1.67 shm 1041 1.76 mrg /* construct final redirection url */ 1042 1.1 tls 1043 1.76 mrg scheme = absproto ? "" : httpd->sslinfo ? "https://" : "http://"; 1044 1.1 tls 1045 1.76 mrg if (absolute) { 1046 1.76 mrg hostname = ""; 1047 1.16 mrg portbuf[0] = '\0'; 1048 1.76 mrg } else { 1049 1.76 mrg const char *defport = httpd->sslinfo ? "443" : "80"; 1050 1.67 shm 1051 1.76 mrg if (request->hr_serverport && 1052 1.76 mrg strcmp(request->hr_serverport, defport) != 0) 1053 1.76 mrg snprintf(portbuf, sizeof(portbuf), ":%s", 1054 1.76 mrg request->hr_serverport); 1055 1.67 shm else 1056 1.76 mrg portbuf[0] = '\0'; 1057 1.67 shm } 1058 1.76 mrg 1059 1.76 mrg url = bozo_escape_rfc3986(httpd, url, absolute); 1060 1.76 mrg 1061 1.76 mrg if (request->hr_query && strlen(request->hr_query)) { 1062 1.76 mrg query = request->hr_query; 1063 1.76 mrg quest = "?"; 1064 1.76 mrg } else { 1065 1.76 mrg query = quest = ""; 1066 1.67 shm } 1067 1.76 mrg 1068 1.76 mrg bozoasprintf(httpd, &finalurl, "%s%s%s%s%s%s", 1069 1.76 mrg scheme, hostname, portbuf, url, quest, query); 1070 1.67 shm 1071 1.74 mrg bozowarn(httpd, "redirecting %s", finalurl); 1072 1.67 shm debug((httpd, DEBUG_FAT, "redirecting %s", finalurl)); 1073 1.67 shm 1074 1.16 mrg bozo_printf(httpd, "%s 301 Document Moved\r\n", request->hr_proto); 1075 1.42 mbalmer if (request->hr_proto != httpd->consts.http_09) 1076 1.16 mrg bozo_print_header(request, NULL, "text/html", NULL); 1077 1.67 shm if (request->hr_proto != httpd->consts.http_09) 1078 1.67 shm bozo_printf(httpd, "Location: %s\r\n", finalurl); 1079 1.16 mrg bozo_printf(httpd, "\r\n"); 1080 1.16 mrg if (request->hr_method == HTTP_HEAD) 1081 1.16 mrg goto head; 1082 1.16 mrg bozo_printf(httpd, "<html><head><title>Document Moved</title></head>\n"); 1083 1.16 mrg bozo_printf(httpd, "<body><h1>Document Moved</h1>\n"); 1084 1.67 shm bozo_printf(httpd, "This document had moved <a href=\"%s\">here</a>\n", 1085 1.67 shm finalurl); 1086 1.16 mrg bozo_printf(httpd, "</body></html>\n"); 1087 1.16 mrg head: 1088 1.16 mrg bozo_flush(httpd, stdout); 1089 1.44 mbalmer free(urlbuf); 1090 1.67 shm free(finalurl); 1091 1.67 shm #ifndef NO_USER_SUPPORT 1092 1.67 shm free(userbuf); 1093 1.67 shm #endif /* !NO_USER_SUPPORT */ 1094 1.1 tls } 1095 1.1 tls 1096 1.1 tls /* 1097 1.88 martin * Like strncmp(), but s_esc may contain characters escaped by \. 1098 1.88 martin * The len argument does not include the backslashes used for escaping, 1099 1.88 martin * that is: it gives the raw len, after unescaping the string. 1100 1.88 martin */ 1101 1.88 martin static int 1102 1.88 martin esccmp(const char *s_plain, const char *s_esc, size_t len) 1103 1.88 martin { 1104 1.88 martin bool esc = false; 1105 1.88 martin 1106 1.88 martin while (len) { 1107 1.88 martin if (!esc && *s_esc == '\\') { 1108 1.88 martin esc = true; 1109 1.88 martin s_esc++; 1110 1.88 martin continue; 1111 1.88 martin } 1112 1.88 martin esc = false; 1113 1.88 martin if (*s_plain == 0 || *s_esc == 0 || *s_plain != *s_esc) 1114 1.88 martin return *s_esc - *s_plain; 1115 1.88 martin s_esc++; 1116 1.88 martin s_plain++; 1117 1.88 martin len--; 1118 1.88 martin } 1119 1.88 martin return 0; 1120 1.88 martin } 1121 1.88 martin 1122 1.88 martin /* 1123 1.88 martin * Check if the request refers to a uri that is mapped via a .bzremap. 1124 1.88 martin * We have /requested/path:/re/mapped/to/this.html lines in there, 1125 1.88 martin * and the : separator may be use in the left hand side escaped with 1126 1.88 martin * \ to encode a path containig a : character. 1127 1.88 martin */ 1128 1.88 martin static void 1129 1.88 martin check_mapping(bozo_httpreq_t *request) 1130 1.88 martin { 1131 1.88 martin bozohttpd_t *httpd = request->hr_httpd; 1132 1.88 martin char *file = request->hr_file, *newfile; 1133 1.88 martin void *fmap; 1134 1.88 martin const char *replace, *map_to, *p; 1135 1.88 martin struct stat st; 1136 1.88 martin int mapfile; 1137 1.88 martin size_t avail, len, rlen, reqlen, num_esc = 0; 1138 1.88 martin bool escaped = false; 1139 1.88 martin 1140 1.88 martin mapfile = open(REMAP_FILE, O_RDONLY, 0); 1141 1.88 martin if (mapfile == -1) 1142 1.88 martin return; 1143 1.88 martin debug((httpd, DEBUG_FAT, "remap file found")); 1144 1.88 martin if (fstat(mapfile, &st) == -1) { 1145 1.88 martin bozowarn(httpd, "could not stat " REMAP_FILE ", errno: %d", 1146 1.88 martin errno); 1147 1.88 martin close(mapfile); 1148 1.88 martin return; 1149 1.88 martin } 1150 1.88 martin 1151 1.88 martin fmap = mmap(NULL, st.st_size, PROT_READ, 0, mapfile, 0); 1152 1.88 martin if (fmap == NULL) { 1153 1.88 martin bozowarn(httpd, "could not mmap " REMAP_FILE ", error %d", 1154 1.88 martin errno); 1155 1.88 martin close(mapfile); 1156 1.88 martin return; 1157 1.88 martin } 1158 1.88 martin reqlen = strlen(file); 1159 1.88 martin for (p = fmap, avail = st.st_size; avail; ) { 1160 1.88 martin /* 1161 1.88 martin * We have lines like: 1162 1.88 martin * /this/url:/replacement/that/url 1163 1.88 martin * If we find a matching left hand side, replace will point 1164 1.88 martin * to it and len will be its length. map_to will point to 1165 1.88 martin * the right hand side and rlen wil be its length. 1166 1.88 martin * If we have no match, both pointers will be NULL. 1167 1.88 martin */ 1168 1.88 martin 1169 1.88 martin /* skip empty lines */ 1170 1.88 martin while ((*p == '\r' || *p == '\n') && avail) { 1171 1.88 martin p++; 1172 1.88 martin avail--; 1173 1.88 martin } 1174 1.88 martin replace = p; 1175 1.88 martin escaped = false; 1176 1.88 martin while (avail) { 1177 1.88 martin if (*p == '\r' || *p == '\n') 1178 1.88 martin break; 1179 1.88 martin if (!escaped && *p == ':') 1180 1.88 martin break; 1181 1.88 martin if (escaped) { 1182 1.88 martin escaped = false; 1183 1.88 martin num_esc++; 1184 1.88 martin } else if (*p == '\\') { 1185 1.88 martin escaped = true; 1186 1.88 martin } 1187 1.88 martin p++; 1188 1.88 martin avail--; 1189 1.88 martin } 1190 1.88 martin if (!avail || *p != ':') { 1191 1.88 martin replace = NULL; 1192 1.88 martin map_to = NULL; 1193 1.88 martin break; 1194 1.88 martin } 1195 1.88 martin len = p - replace - num_esc; 1196 1.88 martin /* 1197 1.88 martin * reqlen < len: the left hand side is too long, can't be a 1198 1.88 martin * match 1199 1.88 martin * reqlen == len: full string has to match 1200 1.88 martin * reqlen > len: make sure there is a path separator at 'len' 1201 1.88 martin * avail < 2: we are at eof, missing right hand side 1202 1.88 martin */ 1203 1.88 martin if (avail < 2 || reqlen < len || 1204 1.88 martin (reqlen == len && esccmp(file, replace, len) != 0) || 1205 1.88 martin (reqlen > len && (file[len] != '/' || 1206 1.88 martin esccmp(file, replace, len) != 0))) { 1207 1.88 martin 1208 1.88 martin /* non-match, skip to end of line and continue */ 1209 1.88 martin while (*p != '\r' && *p != '\n' && avail) { 1210 1.88 martin p++; 1211 1.88 martin avail--; 1212 1.88 martin } 1213 1.88 martin replace = NULL; 1214 1.88 martin map_to = NULL; 1215 1.88 martin continue; 1216 1.88 martin } 1217 1.88 martin p++; 1218 1.88 martin avail--; 1219 1.88 martin 1220 1.88 martin /* found a match, parse the target */ 1221 1.88 martin map_to = p; 1222 1.88 martin while (*p != '\r' && *p != '\n' && avail) { 1223 1.88 martin p++; 1224 1.88 martin avail--; 1225 1.88 martin } 1226 1.88 martin rlen = p - map_to; 1227 1.88 martin break; 1228 1.88 martin } 1229 1.88 martin 1230 1.88 martin if (replace && map_to) { 1231 1.88 martin newfile = bozomalloc(httpd, strlen(file) + rlen - len + 1); 1232 1.88 martin memcpy(newfile, map_to, rlen); 1233 1.88 martin strcpy(newfile+rlen, file + len); 1234 1.88 martin debug((httpd, DEBUG_NORMAL, "remapping found ``%s'' ", 1235 1.88 martin newfile)); 1236 1.88 martin free(request->hr_file); 1237 1.88 martin request->hr_file = newfile; 1238 1.88 martin } 1239 1.88 martin 1240 1.88 martin munmap(fmap, st.st_size); 1241 1.88 martin close(mapfile); 1242 1.88 martin } 1243 1.88 martin 1244 1.88 martin /* 1245 1.1 tls * deal with virtual host names; we do this: 1246 1.16 mrg * if we have a virtual path root (httpd->virtbase), and we are given a 1247 1.1 tls * virtual host spec (Host: ho.st or http://ho.st/), see if this 1248 1.16 mrg * directory exists under httpd->virtbase. if it does, use this as the 1249 1.1 tls # new slashdir. 1250 1.1 tls */ 1251 1.12 mrg static int 1252 1.16 mrg check_virtual(bozo_httpreq_t *request) 1253 1.1 tls { 1254 1.16 mrg bozohttpd_t *httpd = request->hr_httpd; 1255 1.9 tls char *file = request->hr_file, *s; 1256 1.1 tls size_t len; 1257 1.1 tls 1258 1.1 tls /* 1259 1.1 tls * convert http://virtual.host/ to request->hr_host 1260 1.1 tls */ 1261 1.16 mrg debug((httpd, DEBUG_OBESE, "checking for http:// virtual host in ``%s''", 1262 1.16 mrg file)); 1263 1.9 tls if (strncasecmp(file, "http://", 7) == 0) { 1264 1.1 tls /* we would do virtual hosting here? */ 1265 1.9 tls file += 7; 1266 1.48 mrg /* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */ 1267 1.48 mrg free(request->hr_host); 1268 1.73 mrg request->hr_host = bozostrdup(httpd, request, file); 1269 1.48 mrg if ((s = strchr(request->hr_host, '/')) != NULL) 1270 1.48 mrg *s = '\0'; 1271 1.9 tls s = strchr(file, '/'); 1272 1.48 mrg free(request->hr_file); 1273 1.73 mrg request->hr_file = bozostrdup(httpd, request, s ? s : "/"); 1274 1.16 mrg debug((httpd, DEBUG_OBESE, "got host ``%s'' file is now ``%s''", 1275 1.9 tls request->hr_host, request->hr_file)); 1276 1.1 tls } else if (!request->hr_host) 1277 1.1 tls goto use_slashdir; 1278 1.1 tls 1279 1.1 tls /* 1280 1.49 mrg * canonicalise hr_host - that is, remove any :80. 1281 1.49 mrg */ 1282 1.49 mrg len = strlen(request->hr_host); 1283 1.49 mrg if (len > 3 && strcmp(request->hr_host + len - 3, ":80") == 0) { 1284 1.49 mrg request->hr_host[len - 3] = '\0'; 1285 1.49 mrg len = strlen(request->hr_host); 1286 1.49 mrg } 1287 1.67 shm 1288 1.67 shm if (!httpd->virtbase) { 1289 1.67 shm 1290 1.67 shm /* 1291 1.67 shm * if we don't use vhost support, then set virthostname if 1292 1.67 shm * user supplied Host header. It will be used for possible 1293 1.67 shm * redirections 1294 1.67 shm */ 1295 1.67 shm 1296 1.67 shm if (request->hr_host) { 1297 1.67 shm s = strrchr(request->hr_host, ':'); 1298 1.67 shm if (s != NULL) 1299 1.67 shm /* truncate Host: as we want to copy it without port part */ 1300 1.67 shm *s = '\0'; 1301 1.73 mrg request->hr_virthostname = bozostrdup(httpd, request, 1302 1.67 shm request->hr_host); 1303 1.67 shm if (s != NULL) 1304 1.67 shm /* fix Host: again, if we truncated it */ 1305 1.67 shm *s = ':'; 1306 1.67 shm } 1307 1.67 shm 1308 1.67 shm goto use_slashdir; 1309 1.67 shm } 1310 1.49 mrg 1311 1.49 mrg /* 1312 1.49 mrg * ok, we have a virtual host, use opendir(3) to find a case 1313 1.1 tls * insensitive match for the virtual host we are asked for. 1314 1.1 tls * note that if the virtual host is the same as the master, 1315 1.1 tls * we don't need to do anything special. 1316 1.1 tls */ 1317 1.16 mrg debug((httpd, DEBUG_OBESE, 1318 1.16 mrg "check_virtual: checking host `%s' under httpd->virtbase `%s' " 1319 1.16 mrg "for file `%s'", 1320 1.16 mrg request->hr_host, httpd->virtbase, request->hr_file)); 1321 1.16 mrg if (strncasecmp(httpd->virthostname, request->hr_host, len) != 0) { 1322 1.1 tls s = 0; 1323 1.24 mrg DIR *dirp; 1324 1.24 mrg struct dirent *d; 1325 1.24 mrg 1326 1.23 mrg if ((dirp = opendir(httpd->virtbase)) != NULL) { 1327 1.23 mrg while ((d = readdir(dirp)) != NULL) { 1328 1.23 mrg if (strcmp(d->d_name, ".") == 0 || 1329 1.23 mrg strcmp(d->d_name, "..") == 0) { 1330 1.23 mrg continue; 1331 1.23 mrg } 1332 1.23 mrg debug((httpd, DEBUG_OBESE, "looking at dir``%s''", 1333 1.23 mrg d->d_name)); 1334 1.65 shm if (strcmp(d->d_name, request->hr_host) == 0) { 1335 1.23 mrg /* found it, punch it */ 1336 1.23 mrg debug((httpd, DEBUG_OBESE, "found it punch it")); 1337 1.35 martin request->hr_virthostname = 1338 1.73 mrg bozostrdup(httpd, request, d->d_name); 1339 1.74 mrg bozoasprintf(httpd, &s, "%s/%s", 1340 1.72 christos httpd->virtbase, 1341 1.72 christos request->hr_virthostname); 1342 1.23 mrg break; 1343 1.23 mrg } 1344 1.1 tls } 1345 1.23 mrg closedir(dirp); 1346 1.23 mrg } 1347 1.23 mrg else { 1348 1.23 mrg debug((httpd, DEBUG_FAT, "opendir %s failed: %s", 1349 1.23 mrg httpd->virtbase, strerror(errno))); 1350 1.1 tls } 1351 1.1 tls if (s == 0) { 1352 1.16 mrg if (httpd->unknown_slash) 1353 1.1 tls goto use_slashdir; 1354 1.16 mrg return bozo_http_error(httpd, 404, request, 1355 1.16 mrg "unknown URL"); 1356 1.1 tls } 1357 1.1 tls } else 1358 1.1 tls use_slashdir: 1359 1.16 mrg s = httpd->slashdir; 1360 1.1 tls 1361 1.1 tls /* 1362 1.1 tls * ok, nailed the correct slashdir, chdir to it 1363 1.1 tls */ 1364 1.1 tls if (chdir(s) < 0) 1365 1.16 mrg return bozo_http_error(httpd, 404, request, 1366 1.16 mrg "can't chdir to slashdir"); 1367 1.88 martin 1368 1.88 martin /* 1369 1.88 martin * is there a mapping for this request? 1370 1.88 martin */ 1371 1.88 martin check_mapping(request); 1372 1.88 martin 1373 1.12 mrg return 0; 1374 1.1 tls } 1375 1.1 tls 1376 1.1 tls /* 1377 1.1 tls * checks to see if this request has a valid .bzredirect file. returns 1378 1.36 martin * 0 when no redirection happend, or 1 when handle_redirect() has been 1379 1.53 mrg * called, -1 on error. 1380 1.1 tls */ 1381 1.36 martin static int 1382 1.16 mrg check_bzredirect(bozo_httpreq_t *request) 1383 1.1 tls { 1384 1.73 mrg bozohttpd_t *httpd = request->hr_httpd; 1385 1.1 tls struct stat sb; 1386 1.39 martin char dir[MAXPATHLEN], redir[MAXPATHLEN], redirpath[MAXPATHLEN + 1], 1387 1.39 martin path[MAXPATHLEN]; 1388 1.1 tls char *basename, *finalredir; 1389 1.1 tls int rv, absolute; 1390 1.1 tls 1391 1.1 tls /* 1392 1.1 tls * if this pathname is really a directory, but doesn't end in /, 1393 1.1 tls * use it as the directory to look for the redir file. 1394 1.1 tls */ 1395 1.53 mrg if((size_t)snprintf(dir, sizeof(dir), "%s", request->hr_file + 1) >= 1396 1.53 mrg sizeof(dir)) { 1397 1.73 mrg bozo_http_error(httpd, 404, request, 1398 1.53 mrg "file path too long"); 1399 1.53 mrg return -1; 1400 1.53 mrg } 1401 1.73 mrg debug((httpd, DEBUG_FAT, "check_bzredirect: dir %s", dir)); 1402 1.1 tls basename = strrchr(dir, '/'); 1403 1.1 tls 1404 1.1 tls if ((!basename || basename[1] != '\0') && 1405 1.67 shm lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode)) { 1406 1.67 shm strcpy(path, dir); 1407 1.67 shm } else if (basename == NULL) { 1408 1.67 shm strcpy(path, "."); 1409 1.67 shm strcpy(dir, ""); 1410 1.67 shm } else { 1411 1.1 tls *basename++ = '\0'; 1412 1.16 mrg bozo_check_special_files(request, basename); 1413 1.67 shm strcpy(path, dir); 1414 1.1 tls } 1415 1.1 tls 1416 1.73 mrg debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path)); 1417 1.67 shm 1418 1.67 shm if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path, 1419 1.53 mrg REDIRECT_FILE) >= sizeof(redir)) { 1420 1.73 mrg bozo_http_error(httpd, 404, request, 1421 1.73 mrg "redirectfile path too long"); 1422 1.53 mrg return -1; 1423 1.53 mrg } 1424 1.1 tls if (lstat(redir, &sb) == 0) { 1425 1.16 mrg if (!S_ISLNK(sb.st_mode)) 1426 1.36 martin return 0; 1427 1.1 tls absolute = 0; 1428 1.1 tls } else { 1429 1.67 shm if((size_t)snprintf(redir, sizeof(redir), "%s/%s", path, 1430 1.53 mrg ABSREDIRECT_FILE) >= sizeof(redir)) { 1431 1.73 mrg bozo_http_error(httpd, 404, request, 1432 1.53 mrg "redirectfile path too long"); 1433 1.53 mrg return -1; 1434 1.53 mrg } 1435 1.16 mrg if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode)) 1436 1.36 martin return 0; 1437 1.1 tls absolute = 1; 1438 1.1 tls } 1439 1.73 mrg debug((httpd, DEBUG_FAT, "check_bzredirect: calling readlink")); 1440 1.1 tls rv = readlink(redir, redirpath, sizeof redirpath - 1); 1441 1.1 tls if (rv == -1 || rv == 0) { 1442 1.73 mrg debug((httpd, DEBUG_FAT, "readlink failed")); 1443 1.36 martin return 0; 1444 1.1 tls } 1445 1.1 tls redirpath[rv] = '\0'; 1446 1.73 mrg debug((httpd, DEBUG_FAT, "readlink returned \"%s\"", redirpath)); 1447 1.39 martin 1448 1.39 martin /* check if we need authentication */ 1449 1.39 martin snprintf(path, sizeof(path), "%s/", dir); 1450 1.39 martin if (bozo_auth_check(request, path)) 1451 1.39 martin return 1; 1452 1.39 martin 1453 1.1 tls /* now we have the link pointer, redirect to the real place */ 1454 1.67 shm if (!absolute && redirpath[0] != '/') { 1455 1.67 shm if ((size_t)snprintf(finalredir = redir, sizeof(redir), "%s%s/%s", 1456 1.67 shm (strlen(dir) > 0 ? "/" : ""), dir, redirpath) >= sizeof(redir)) { 1457 1.73 mrg bozo_http_error(httpd, 404, request, 1458 1.53 mrg "redirect path too long"); 1459 1.53 mrg return -1; 1460 1.53 mrg } 1461 1.67 shm } else 1462 1.67 shm finalredir = redirpath; 1463 1.1 tls 1464 1.73 mrg debug((httpd, DEBUG_FAT, "check_bzredirect: new redir %s", finalredir)); 1465 1.1 tls handle_redirect(request, finalredir, absolute); 1466 1.36 martin return 1; 1467 1.1 tls } 1468 1.1 tls 1469 1.16 mrg /* this fixes the %HH hack that RFC2396 requires. */ 1470 1.80 mrg int 1471 1.80 mrg bozo_decode_url_percent(bozo_httpreq_t *request, char *str) 1472 1.1 tls { 1473 1.16 mrg bozohttpd_t *httpd = request->hr_httpd; 1474 1.80 mrg char *s, *t, buf[3]; 1475 1.16 mrg char *end; /* if end is not-zero, we don't translate beyond that */ 1476 1.16 mrg 1477 1.80 mrg end = str + strlen(str); 1478 1.16 mrg 1479 1.16 mrg /* fast forward to the first % */ 1480 1.80 mrg if ((s = strchr(str, '%')) == NULL) 1481 1.51 shm return 0; 1482 1.1 tls 1483 1.16 mrg t = s; 1484 1.16 mrg do { 1485 1.16 mrg if (end && s >= end) { 1486 1.16 mrg debug((httpd, DEBUG_EXPLODING, 1487 1.16 mrg "fu_%%: past end, filling out..")); 1488 1.16 mrg while (*s) 1489 1.16 mrg *t++ = *s++; 1490 1.16 mrg break; 1491 1.16 mrg } 1492 1.16 mrg debug((httpd, DEBUG_EXPLODING, 1493 1.16 mrg "fu_%%: got s == %%, s[1]s[2] == %c%c", 1494 1.16 mrg s[1], s[2])); 1495 1.16 mrg if (s[1] == '\0' || s[2] == '\0') { 1496 1.16 mrg (void)bozo_http_error(httpd, 400, request, 1497 1.16 mrg "percent hack missing two chars afterwards"); 1498 1.51 shm return 1; 1499 1.16 mrg } 1500 1.16 mrg if (s[1] == '0' && s[2] == '0') { 1501 1.16 mrg (void)bozo_http_error(httpd, 404, request, 1502 1.16 mrg "percent hack was %00"); 1503 1.51 shm return 1; 1504 1.16 mrg } 1505 1.16 mrg if (s[1] == '2' && s[2] == 'f') { 1506 1.16 mrg (void)bozo_http_error(httpd, 404, request, 1507 1.16 mrg "percent hack was %2f (/)"); 1508 1.51 shm return 1; 1509 1.16 mrg } 1510 1.42 mbalmer 1511 1.16 mrg buf[0] = *++s; 1512 1.16 mrg buf[1] = *++s; 1513 1.16 mrg buf[2] = '\0'; 1514 1.16 mrg s++; 1515 1.16 mrg *t = (char)strtol(buf, NULL, 16); 1516 1.16 mrg debug((httpd, DEBUG_EXPLODING, 1517 1.16 mrg "fu_%%: strtol put '%02x' into *t", *t)); 1518 1.16 mrg if (*t++ == '\0') { 1519 1.16 mrg (void)bozo_http_error(httpd, 400, request, 1520 1.16 mrg "percent hack got a 0 back"); 1521 1.51 shm return 1; 1522 1.16 mrg } 1523 1.1 tls 1524 1.16 mrg while (*s && *s != '%') { 1525 1.16 mrg if (end && s >= end) 1526 1.16 mrg break; 1527 1.16 mrg *t++ = *s++; 1528 1.16 mrg } 1529 1.16 mrg } while (*s); 1530 1.16 mrg *t = '\0'; 1531 1.51 shm 1532 1.80 mrg debug((httpd, DEBUG_FAT, "bozo_decode_url_percent returns `%s'", 1533 1.16 mrg request->hr_file)); 1534 1.51 shm 1535 1.51 shm return 0; 1536 1.1 tls } 1537 1.1 tls 1538 1.1 tls /* 1539 1.1 tls * transform_request does this: 1540 1.1 tls * - ``expand'' %20 crapola 1541 1.1 tls * - punt if it doesn't start with / 1542 1.1 tls * - look for "http://myname/" and deal with it. 1543 1.42 mbalmer * - maybe call bozo_process_cgi() 1544 1.16 mrg * - check for ~user and call bozo_user_transform() if so 1545 1.1 tls * - if the length > 1, check for trailing slash. if so, 1546 1.1 tls * add the index.html file 1547 1.1 tls * - if the length is 1, return the index.html file 1548 1.1 tls * - disallow anything ending up with a file starting 1549 1.1 tls * at "/" or having ".." in it. 1550 1.1 tls * - anything else is a really weird internal error 1551 1.12 mrg * - returns malloced file to serve, if unhandled 1552 1.1 tls */ 1553 1.16 mrg static int 1554 1.16 mrg transform_request(bozo_httpreq_t *request, int *isindex) 1555 1.1 tls { 1556 1.16 mrg bozohttpd_t *httpd = request->hr_httpd; 1557 1.12 mrg char *file, *newfile = NULL; 1558 1.1 tls size_t len; 1559 1.1 tls 1560 1.12 mrg file = NULL; 1561 1.1 tls *isindex = 0; 1562 1.16 mrg debug((httpd, DEBUG_FAT, "tf_req: file %s", request->hr_file)); 1563 1.80 mrg if (bozo_decode_url_percent(request, request->hr_file)) { 1564 1.51 shm goto bad_done; 1565 1.51 shm } 1566 1.12 mrg if (check_virtual(request)) { 1567 1.12 mrg goto bad_done; 1568 1.12 mrg } 1569 1.12 mrg file = request->hr_file; 1570 1.1 tls 1571 1.12 mrg if (file[0] != '/') { 1572 1.16 mrg (void)bozo_http_error(httpd, 404, request, "unknown URL"); 1573 1.12 mrg goto bad_done; 1574 1.12 mrg } 1575 1.1 tls 1576 1.66 shm /* omit additional slashes at the beginning */ 1577 1.66 shm while (file[1] == '/') 1578 1.66 shm file++; 1579 1.66 shm 1580 1.67 shm /* fix file provided by user as it's used in other handlers */ 1581 1.67 shm request->hr_file = file; 1582 1.1 tls 1583 1.67 shm len = strlen(file); 1584 1.1 tls 1585 1.1 tls #ifndef NO_USER_SUPPORT 1586 1.67 shm /* first of all expand user path */ 1587 1.67 shm if (len > 1 && httpd->enable_users && file[1] == '~') { 1588 1.12 mrg if (file[2] == '\0') { 1589 1.16 mrg (void)bozo_http_error(httpd, 404, request, 1590 1.16 mrg "missing username"); 1591 1.12 mrg goto bad_done; 1592 1.12 mrg } 1593 1.12 mrg if (strchr(file + 2, '/') == NULL) { 1594 1.67 shm char *userredirecturl; 1595 1.74 mrg bozoasprintf(httpd, &userredirecturl, "%s/", file); 1596 1.67 shm handle_redirect(request, userredirecturl, 0); 1597 1.67 shm free(userredirecturl); 1598 1.12 mrg return 0; 1599 1.12 mrg } 1600 1.16 mrg debug((httpd, DEBUG_FAT, "calling bozo_user_transform")); 1601 1.12 mrg 1602 1.67 shm if (!bozo_user_transform(request)) 1603 1.67 shm return 0; 1604 1.67 shm 1605 1.67 shm file = request->hr_file; 1606 1.67 shm len = strlen(file); 1607 1.67 shm } 1608 1.1 tls #endif /* NO_USER_SUPPORT */ 1609 1.67 shm 1610 1.67 shm 1611 1.67 shm switch (check_bzredirect(request)) { 1612 1.67 shm case -1: 1613 1.67 shm goto bad_done; 1614 1.67 shm case 1: 1615 1.67 shm return 0; 1616 1.67 shm } 1617 1.67 shm 1618 1.67 shm if (len > 1) { 1619 1.16 mrg debug((httpd, DEBUG_FAT, "file[len-1] == %c", file[len-1])); 1620 1.12 mrg if (file[len-1] == '/') { /* append index.html */ 1621 1.1 tls *isindex = 1; 1622 1.16 mrg debug((httpd, DEBUG_FAT, "appending index.html")); 1623 1.16 mrg newfile = bozomalloc(httpd, 1624 1.16 mrg len + strlen(httpd->index_html) + 1); 1625 1.12 mrg strcpy(newfile, file + 1); 1626 1.16 mrg strcat(newfile, httpd->index_html); 1627 1.1 tls } else 1628 1.73 mrg newfile = bozostrdup(httpd, request, file + 1); 1629 1.1 tls } else if (len == 1) { 1630 1.16 mrg debug((httpd, DEBUG_EXPLODING, "tf_req: len == 1")); 1631 1.73 mrg newfile = bozostrdup(httpd, request, httpd->index_html); 1632 1.1 tls *isindex = 1; 1633 1.12 mrg } else { /* len == 0 ? */ 1634 1.16 mrg (void)bozo_http_error(httpd, 500, request, 1635 1.16 mrg "request->hr_file is nul?"); 1636 1.12 mrg goto bad_done; 1637 1.12 mrg } 1638 1.1 tls 1639 1.12 mrg if (newfile == NULL) { 1640 1.16 mrg (void)bozo_http_error(httpd, 500, request, "internal failure"); 1641 1.12 mrg goto bad_done; 1642 1.12 mrg } 1643 1.1 tls 1644 1.1 tls /* 1645 1.42 mbalmer * stop traversing outside our domain 1646 1.1 tls * 1647 1.1 tls * XXX true security only comes from our parent using chroot(2) 1648 1.1 tls * before execve(2)'ing us. or our own built in chroot(2) support. 1649 1.1 tls */ 1650 1.67 shm 1651 1.67 shm debug((httpd, DEBUG_FAT, "newfile: %s", newfile)); 1652 1.67 shm 1653 1.12 mrg if (*newfile == '/' || strcmp(newfile, "..") == 0 || 1654 1.12 mrg strstr(newfile, "/..") || strstr(newfile, "../")) { 1655 1.16 mrg (void)bozo_http_error(httpd, 403, request, "illegal request"); 1656 1.12 mrg goto bad_done; 1657 1.12 mrg } 1658 1.12 mrg 1659 1.17 mrg if (bozo_auth_check(request, newfile)) 1660 1.12 mrg goto bad_done; 1661 1.1 tls 1662 1.13 mrg if (strlen(newfile)) { 1663 1.20 mrg request->hr_oldfile = request->hr_file; 1664 1.12 mrg request->hr_file = newfile; 1665 1.13 mrg } 1666 1.9 tls 1667 1.16 mrg if (bozo_process_cgi(request)) 1668 1.12 mrg return 0; 1669 1.1 tls 1670 1.43 mbalmer if (bozo_process_lua(request)) 1671 1.43 mbalmer return 0; 1672 1.43 mbalmer 1673 1.16 mrg debug((httpd, DEBUG_FAT, "transform_request set: %s", newfile)); 1674 1.12 mrg return 1; 1675 1.12 mrg bad_done: 1676 1.16 mrg debug((httpd, DEBUG_FAT, "transform_request returning: 0")); 1677 1.44 mbalmer free(newfile); 1678 1.12 mrg return 0; 1679 1.1 tls } 1680 1.1 tls 1681 1.1 tls /* 1682 1.31 elric * can_gzip checks if the request supports and prefers gzip encoding. 1683 1.31 elric * 1684 1.31 elric * XXX: we do not consider the associated q with gzip in making our 1685 1.31 elric * decision which is broken. 1686 1.31 elric */ 1687 1.31 elric 1688 1.31 elric static int 1689 1.31 elric can_gzip(bozo_httpreq_t *request) 1690 1.31 elric { 1691 1.31 elric const char *pos; 1692 1.31 elric const char *tmp; 1693 1.31 elric size_t len; 1694 1.31 elric 1695 1.31 elric /* First we decide if the request can be gzipped at all. */ 1696 1.31 elric 1697 1.31 elric /* not if we already are encoded... */ 1698 1.31 elric tmp = bozo_content_encoding(request, request->hr_file); 1699 1.31 elric if (tmp && *tmp) 1700 1.31 elric return 0; 1701 1.31 elric 1702 1.31 elric /* not if we are not asking for the whole file... */ 1703 1.31 elric if (request->hr_last_byte_pos != -1 || request->hr_have_range) 1704 1.31 elric return 0; 1705 1.31 elric 1706 1.31 elric /* Then we determine if gzip is on the cards. */ 1707 1.31 elric 1708 1.31 elric for (pos = request->hr_accept_encoding; pos && *pos; pos += len) { 1709 1.31 elric while (*pos == ' ') 1710 1.31 elric pos++; 1711 1.31 elric 1712 1.31 elric len = strcspn(pos, ";,"); 1713 1.31 elric 1714 1.31 elric if ((len == 4 && strncasecmp("gzip", pos, 4) == 0) || 1715 1.31 elric (len == 6 && strncasecmp("x-gzip", pos, 6) == 0)) 1716 1.31 elric return 1; 1717 1.31 elric 1718 1.31 elric if (pos[len] == ';') 1719 1.31 elric len += strcspn(&pos[len], ","); 1720 1.31 elric 1721 1.31 elric if (pos[len]) 1722 1.31 elric len++; 1723 1.31 elric } 1724 1.31 elric 1725 1.31 elric return 0; 1726 1.31 elric } 1727 1.31 elric 1728 1.31 elric /* 1729 1.16 mrg * bozo_process_request does the following: 1730 1.16 mrg * - check the request is valid 1731 1.16 mrg * - process cgi-bin if necessary 1732 1.16 mrg * - transform a filename if necesarry 1733 1.16 mrg * - return the HTTP request 1734 1.1 tls */ 1735 1.16 mrg void 1736 1.16 mrg bozo_process_request(bozo_httpreq_t *request) 1737 1.1 tls { 1738 1.16 mrg bozohttpd_t *httpd = request->hr_httpd; 1739 1.16 mrg struct stat sb; 1740 1.16 mrg time_t timestamp; 1741 1.16 mrg char *file; 1742 1.16 mrg const char *type, *encoding; 1743 1.16 mrg int fd, isindex; 1744 1.16 mrg 1745 1.16 mrg /* 1746 1.16 mrg * note that transform_request chdir()'s if required. also note 1747 1.16 mrg * that cgi is handed here. if transform_request() returns 0 1748 1.16 mrg * then the request has been handled already. 1749 1.16 mrg */ 1750 1.16 mrg if (transform_request(request, &isindex) == 0) 1751 1.16 mrg return; 1752 1.12 mrg 1753 1.31 elric fd = -1; 1754 1.31 elric encoding = NULL; 1755 1.31 elric if (can_gzip(request)) { 1756 1.74 mrg bozoasprintf(httpd, &file, "%s.gz", request->hr_file); 1757 1.31 elric fd = open(file, O_RDONLY); 1758 1.31 elric if (fd >= 0) 1759 1.31 elric encoding = "gzip"; 1760 1.31 elric free(file); 1761 1.31 elric } 1762 1.31 elric 1763 1.16 mrg file = request->hr_file; 1764 1.9 tls 1765 1.31 elric if (fd < 0) 1766 1.31 elric fd = open(file, O_RDONLY); 1767 1.31 elric 1768 1.16 mrg if (fd < 0) { 1769 1.16 mrg debug((httpd, DEBUG_FAT, "open failed: %s", strerror(errno))); 1770 1.67 shm switch (errno) { 1771 1.52 shm case EPERM: 1772 1.61 snj case EACCES: 1773 1.16 mrg (void)bozo_http_error(httpd, 403, request, 1774 1.16 mrg "no permission to open file"); 1775 1.52 shm break; 1776 1.52 shm case ENAMETOOLONG: 1777 1.52 shm /*FALLTHROUGH*/ 1778 1.52 shm case ENOENT: 1779 1.42 mbalmer if (!bozo_dir_index(request, file, isindex)) 1780 1.16 mrg (void)bozo_http_error(httpd, 404, request, 1781 1.16 mrg "no file"); 1782 1.52 shm break; 1783 1.52 shm default: 1784 1.16 mrg (void)bozo_http_error(httpd, 500, request, "open file"); 1785 1.52 shm } 1786 1.16 mrg goto cleanup_nofd; 1787 1.1 tls } 1788 1.16 mrg if (fstat(fd, &sb) < 0) { 1789 1.16 mrg (void)bozo_http_error(httpd, 500, request, "can't fstat"); 1790 1.16 mrg goto cleanup; 1791 1.9 tls } 1792 1.16 mrg if (S_ISDIR(sb.st_mode)) { 1793 1.16 mrg handle_redirect(request, NULL, 0); 1794 1.16 mrg goto cleanup; 1795 1.6 mrg } 1796 1.1 tls 1797 1.16 mrg if (request->hr_if_modified_since && 1798 1.16 mrg parse_http_date(request->hr_if_modified_since, ×tamp) && 1799 1.16 mrg timestamp >= sb.st_mtime) { 1800 1.16 mrg /* XXX ignore subsecond of timestamp */ 1801 1.16 mrg bozo_printf(httpd, "%s 304 Not Modified\r\n", 1802 1.16 mrg request->hr_proto); 1803 1.16 mrg bozo_printf(httpd, "\r\n"); 1804 1.16 mrg bozo_flush(httpd, stdout); 1805 1.16 mrg goto cleanup; 1806 1.1 tls } 1807 1.1 tls 1808 1.16 mrg /* validate requested range */ 1809 1.16 mrg if (request->hr_last_byte_pos == -1 || 1810 1.16 mrg request->hr_last_byte_pos >= sb.st_size) 1811 1.16 mrg request->hr_last_byte_pos = sb.st_size - 1; 1812 1.16 mrg if (request->hr_have_range && 1813 1.16 mrg request->hr_first_byte_pos > request->hr_last_byte_pos) { 1814 1.16 mrg request->hr_have_range = 0; /* punt */ 1815 1.16 mrg request->hr_first_byte_pos = 0; 1816 1.16 mrg request->hr_last_byte_pos = sb.st_size - 1; 1817 1.1 tls } 1818 1.28 joerg debug((httpd, DEBUG_FAT, "have_range %d first_pos %lld last_pos %lld", 1819 1.16 mrg request->hr_have_range, 1820 1.28 joerg (long long)request->hr_first_byte_pos, 1821 1.28 joerg (long long)request->hr_last_byte_pos)); 1822 1.16 mrg if (request->hr_have_range) 1823 1.16 mrg bozo_printf(httpd, "%s 206 Partial Content\r\n", 1824 1.16 mrg request->hr_proto); 1825 1.16 mrg else 1826 1.16 mrg bozo_printf(httpd, "%s 200 OK\r\n", request->hr_proto); 1827 1.1 tls 1828 1.16 mrg if (request->hr_proto != httpd->consts.http_09) { 1829 1.16 mrg type = bozo_content_type(request, file); 1830 1.31 elric if (!encoding) 1831 1.31 elric encoding = bozo_content_encoding(request, file); 1832 1.1 tls 1833 1.16 mrg bozo_print_header(request, &sb, type, encoding); 1834 1.16 mrg bozo_printf(httpd, "\r\n"); 1835 1.12 mrg } 1836 1.16 mrg bozo_flush(httpd, stdout); 1837 1.1 tls 1838 1.16 mrg if (request->hr_method != HTTP_HEAD) { 1839 1.16 mrg off_t szleft, cur_byte_pos; 1840 1.1 tls 1841 1.16 mrg szleft = 1842 1.16 mrg request->hr_last_byte_pos - request->hr_first_byte_pos + 1; 1843 1.16 mrg cur_byte_pos = request->hr_first_byte_pos; 1844 1.1 tls 1845 1.16 mrg retry: 1846 1.16 mrg while (szleft) { 1847 1.16 mrg size_t sz; 1848 1.12 mrg 1849 1.16 mrg if ((off_t)httpd->mmapsz < szleft) 1850 1.16 mrg sz = httpd->mmapsz; 1851 1.16 mrg else 1852 1.16 mrg sz = (size_t)szleft; 1853 1.16 mrg if (mmap_and_write_part(httpd, fd, cur_byte_pos, sz)) { 1854 1.16 mrg if (errno == ENOMEM) { 1855 1.16 mrg httpd->mmapsz /= 2; 1856 1.16 mrg if (httpd->mmapsz >= httpd->page_size) 1857 1.16 mrg goto retry; 1858 1.16 mrg } 1859 1.16 mrg goto cleanup; 1860 1.16 mrg } 1861 1.16 mrg cur_byte_pos += sz; 1862 1.16 mrg szleft -= sz; 1863 1.1 tls } 1864 1.16 mrg } 1865 1.16 mrg cleanup: 1866 1.16 mrg close(fd); 1867 1.16 mrg cleanup_nofd: 1868 1.16 mrg close(STDIN_FILENO); 1869 1.16 mrg close(STDOUT_FILENO); 1870 1.16 mrg /*close(STDERR_FILENO);*/ 1871 1.1 tls } 1872 1.1 tls 1873 1.16 mrg /* make sure we're not trying to access special files */ 1874 1.16 mrg int 1875 1.16 mrg bozo_check_special_files(bozo_httpreq_t *request, const char *name) 1876 1.1 tls { 1877 1.16 mrg bozohttpd_t *httpd = request->hr_httpd; 1878 1.1 tls 1879 1.16 mrg /* ensure basename(name) != special files */ 1880 1.16 mrg if (strcmp(name, DIRECT_ACCESS_FILE) == 0) 1881 1.16 mrg return bozo_http_error(httpd, 403, request, 1882 1.16 mrg "no permission to open direct access file"); 1883 1.16 mrg if (strcmp(name, REDIRECT_FILE) == 0) 1884 1.16 mrg return bozo_http_error(httpd, 403, request, 1885 1.16 mrg "no permission to open redirect file"); 1886 1.16 mrg if (strcmp(name, ABSREDIRECT_FILE) == 0) 1887 1.16 mrg return bozo_http_error(httpd, 403, request, 1888 1.16 mrg "no permission to open redirect file"); 1889 1.88 martin if (strcmp(name, REMAP_FILE) == 0) 1890 1.88 martin return bozo_http_error(httpd, 403, request, 1891 1.88 martin "no permission to open redirect file"); 1892 1.17 mrg return bozo_auth_check_special_files(request, name); 1893 1.16 mrg } 1894 1.1 tls 1895 1.16 mrg /* generic header printing routine */ 1896 1.16 mrg void 1897 1.16 mrg bozo_print_header(bozo_httpreq_t *request, 1898 1.16 mrg struct stat *sbp, const char *type, const char *encoding) 1899 1.16 mrg { 1900 1.16 mrg bozohttpd_t *httpd = request->hr_httpd; 1901 1.16 mrg off_t len; 1902 1.16 mrg char date[40]; 1903 1.78 elric bozoheaders_t *hdr; 1904 1.78 elric 1905 1.78 elric SIMPLEQ_FOREACH(hdr, &request->hr_replheaders, h_next) { 1906 1.78 elric bozo_printf(httpd, "%s: %s\r\n", hdr->h_header, 1907 1.78 elric hdr->h_value); 1908 1.78 elric } 1909 1.1 tls 1910 1.16 mrg bozo_printf(httpd, "Date: %s\r\n", bozo_http_date(date, sizeof(date))); 1911 1.16 mrg bozo_printf(httpd, "Server: %s\r\n", httpd->server_software); 1912 1.16 mrg bozo_printf(httpd, "Accept-Ranges: bytes\r\n"); 1913 1.16 mrg if (sbp) { 1914 1.16 mrg char filedate[40]; 1915 1.16 mrg struct tm *tm; 1916 1.1 tls 1917 1.16 mrg tm = gmtime(&sbp->st_mtime); 1918 1.16 mrg strftime(filedate, sizeof filedate, 1919 1.16 mrg "%a, %d %b %Y %H:%M:%S GMT", tm); 1920 1.16 mrg bozo_printf(httpd, "Last-Modified: %s\r\n", filedate); 1921 1.16 mrg } 1922 1.16 mrg if (type && *type) 1923 1.16 mrg bozo_printf(httpd, "Content-Type: %s\r\n", type); 1924 1.16 mrg if (encoding && *encoding) 1925 1.16 mrg bozo_printf(httpd, "Content-Encoding: %s\r\n", encoding); 1926 1.16 mrg if (sbp) { 1927 1.16 mrg if (request->hr_have_range) { 1928 1.16 mrg len = request->hr_last_byte_pos - 1929 1.16 mrg request->hr_first_byte_pos +1; 1930 1.16 mrg bozo_printf(httpd, 1931 1.16 mrg "Content-Range: bytes %qd-%qd/%qd\r\n", 1932 1.16 mrg (long long) request->hr_first_byte_pos, 1933 1.16 mrg (long long) request->hr_last_byte_pos, 1934 1.16 mrg (long long) sbp->st_size); 1935 1.16 mrg } else 1936 1.16 mrg len = sbp->st_size; 1937 1.16 mrg bozo_printf(httpd, "Content-Length: %qd\r\n", (long long)len); 1938 1.1 tls } 1939 1.67 shm if (request->hr_proto == httpd->consts.http_11) 1940 1.16 mrg bozo_printf(httpd, "Connection: close\r\n"); 1941 1.16 mrg bozo_flush(httpd, stdout); 1942 1.1 tls } 1943 1.1 tls 1944 1.25 mrg #ifndef NO_DEBUG 1945 1.1 tls void 1946 1.16 mrg debug__(bozohttpd_t *httpd, int level, const char *fmt, ...) 1947 1.1 tls { 1948 1.1 tls va_list ap; 1949 1.1 tls int savederrno; 1950 1.42 mbalmer 1951 1.1 tls /* only log if the level is low enough */ 1952 1.16 mrg if (httpd->debug < level) 1953 1.1 tls return; 1954 1.1 tls 1955 1.1 tls savederrno = errno; 1956 1.1 tls va_start(ap, fmt); 1957 1.16 mrg if (httpd->logstderr) { 1958 1.1 tls vfprintf(stderr, fmt, ap); 1959 1.1 tls fputs("\n", stderr); 1960 1.1 tls } else 1961 1.1 tls vsyslog(LOG_DEBUG, fmt, ap); 1962 1.1 tls va_end(ap); 1963 1.1 tls errno = savederrno; 1964 1.1 tls } 1965 1.25 mrg #endif /* NO_DEBUG */ 1966 1.1 tls 1967 1.1 tls /* these are like warn() and err(), except for syslog not stderr */ 1968 1.1 tls void 1969 1.74 mrg bozowarn(bozohttpd_t *httpd, const char *fmt, ...) 1970 1.1 tls { 1971 1.1 tls va_list ap; 1972 1.1 tls 1973 1.1 tls va_start(ap, fmt); 1974 1.16 mrg if (httpd->logstderr || isatty(STDERR_FILENO)) { 1975 1.14 mrg //fputs("warning: ", stderr); 1976 1.1 tls vfprintf(stderr, fmt, ap); 1977 1.1 tls fputs("\n", stderr); 1978 1.1 tls } else 1979 1.1 tls vsyslog(LOG_INFO, fmt, ap); 1980 1.1 tls va_end(ap); 1981 1.1 tls } 1982 1.1 tls 1983 1.1 tls void 1984 1.74 mrg bozoerr(bozohttpd_t *httpd, int code, const char *fmt, ...) 1985 1.1 tls { 1986 1.1 tls va_list ap; 1987 1.1 tls 1988 1.1 tls va_start(ap, fmt); 1989 1.16 mrg if (httpd->logstderr || isatty(STDERR_FILENO)) { 1990 1.14 mrg //fputs("error: ", stderr); 1991 1.1 tls vfprintf(stderr, fmt, ap); 1992 1.1 tls fputs("\n", stderr); 1993 1.1 tls } else 1994 1.1 tls vsyslog(LOG_ERR, fmt, ap); 1995 1.1 tls va_end(ap); 1996 1.1 tls exit(code); 1997 1.1 tls } 1998 1.1 tls 1999 1.72 christos void 2000 1.74 mrg bozoasprintf(bozohttpd_t *httpd, char **str, const char *fmt, ...) 2001 1.72 christos { 2002 1.72 christos va_list ap; 2003 1.72 christos int e; 2004 1.72 christos 2005 1.72 christos va_start(ap, fmt); 2006 1.72 christos e = vasprintf(str, fmt, ap); 2007 1.72 christos va_end(ap); 2008 1.72 christos 2009 1.72 christos if (e < 0) 2010 1.74 mrg bozoerr(httpd, EXIT_FAILURE, "asprintf"); 2011 1.72 christos } 2012 1.72 christos 2013 1.40 mrg /* 2014 1.40 mrg * this escapes HTML tags. returns allocated escaped 2015 1.40 mrg * string if needed, or NULL on allocation failure or 2016 1.40 mrg * lack of escape need. 2017 1.40 mrg * call with NULL httpd in error paths, to avoid recursive 2018 1.40 mrg * malloc failure. call with valid httpd in normal paths 2019 1.40 mrg * to get automatic allocation failure handling. 2020 1.40 mrg */ 2021 1.40 mrg char * 2022 1.40 mrg bozo_escape_html(bozohttpd_t *httpd, const char *url) 2023 1.1 tls { 2024 1.16 mrg int i, j; 2025 1.40 mrg char *tmp; 2026 1.40 mrg size_t len; 2027 1.1 tls 2028 1.16 mrg for (i = 0, j = 0; url[i]; i++) { 2029 1.16 mrg switch (url[i]) { 2030 1.16 mrg case '<': 2031 1.16 mrg case '>': 2032 1.16 mrg j += 4; 2033 1.16 mrg break; 2034 1.16 mrg case '&': 2035 1.16 mrg j += 5; 2036 1.16 mrg break; 2037 1.16 mrg } 2038 1.12 mrg } 2039 1.1 tls 2040 1.16 mrg if (j == 0) 2041 1.40 mrg return NULL; 2042 1.16 mrg 2043 1.40 mrg /* 2044 1.40 mrg * we need to handle being called from different 2045 1.40 mrg * pathnames. 2046 1.40 mrg */ 2047 1.40 mrg len = strlen(url) + j; 2048 1.40 mrg if (httpd) 2049 1.40 mrg tmp = bozomalloc(httpd, len); 2050 1.40 mrg else if ((tmp = malloc(len)) == 0) 2051 1.40 mrg return NULL; 2052 1.1 tls 2053 1.16 mrg for (i = 0, j = 0; url[i]; i++) { 2054 1.16 mrg switch (url[i]) { 2055 1.16 mrg case '<': 2056 1.16 mrg memcpy(tmp + j, "<", 4); 2057 1.16 mrg j += 4; 2058 1.16 mrg break; 2059 1.16 mrg case '>': 2060 1.16 mrg memcpy(tmp + j, ">", 4); 2061 1.16 mrg j += 4; 2062 1.16 mrg break; 2063 1.16 mrg case '&': 2064 1.16 mrg memcpy(tmp + j, "&", 5); 2065 1.16 mrg j += 5; 2066 1.16 mrg break; 2067 1.16 mrg default: 2068 1.16 mrg tmp[j++] = url[i]; 2069 1.12 mrg } 2070 1.16 mrg } 2071 1.16 mrg tmp[j] = 0; 2072 1.1 tls 2073 1.40 mrg return tmp; 2074 1.1 tls } 2075 1.1 tls 2076 1.1 tls /* short map between error code, and short/long messages */ 2077 1.1 tls static struct errors_map { 2078 1.1 tls int code; /* HTTP return code */ 2079 1.1 tls const char *shortmsg; /* short version of message */ 2080 1.1 tls const char *longmsg; /* long version of message */ 2081 1.1 tls } errors_map[] = { 2082 1.1 tls { 400, "400 Bad Request", "The request was not valid", }, 2083 1.1 tls { 401, "401 Unauthorized", "No authorization", }, 2084 1.6 mrg { 403, "403 Forbidden", "Access to this item has been denied",}, 2085 1.1 tls { 404, "404 Not Found", "This item has not been found", }, 2086 1.1 tls { 408, "408 Request Timeout", "This request took too long", }, 2087 1.89 mrg { 413, "413 Payload Too Large", "Use smaller requests", }, 2088 1.1 tls { 417, "417 Expectation Failed","Expectations not available", }, 2089 1.64 mrg { 420, "420 Enhance Your Calm","Chill, Winston", }, 2090 1.1 tls { 500, "500 Internal Error", "An error occured on the server", }, 2091 1.1 tls { 501, "501 Not Implemented", "This request is not available", }, 2092 1.1 tls { 0, NULL, NULL, }, 2093 1.1 tls }; 2094 1.1 tls 2095 1.1 tls static const char *help = "DANGER! WILL ROBINSON! DANGER!"; 2096 1.1 tls 2097 1.1 tls static const char * 2098 1.1 tls http_errors_short(int code) 2099 1.1 tls { 2100 1.1 tls struct errors_map *ep; 2101 1.1 tls 2102 1.1 tls for (ep = errors_map; ep->code; ep++) 2103 1.1 tls if (ep->code == code) 2104 1.1 tls return (ep->shortmsg); 2105 1.1 tls return (help); 2106 1.1 tls } 2107 1.1 tls 2108 1.1 tls static const char * 2109 1.1 tls http_errors_long(int code) 2110 1.1 tls { 2111 1.1 tls struct errors_map *ep; 2112 1.1 tls 2113 1.1 tls for (ep = errors_map; ep->code; ep++) 2114 1.1 tls if (ep->code == code) 2115 1.1 tls return (ep->longmsg); 2116 1.1 tls return (help); 2117 1.1 tls } 2118 1.1 tls 2119 1.16 mrg /* the follow functions and variables are used in handling HTTP errors */ 2120 1.16 mrg /* ARGSUSED */ 2121 1.16 mrg int 2122 1.16 mrg bozo_http_error(bozohttpd_t *httpd, int code, bozo_httpreq_t *request, 2123 1.16 mrg const char *msg) 2124 1.16 mrg { 2125 1.16 mrg char portbuf[20]; 2126 1.16 mrg const char *header = http_errors_short(code); 2127 1.16 mrg const char *reason = http_errors_long(code); 2128 1.16 mrg const char *proto = (request && request->hr_proto) ? 2129 1.16 mrg request->hr_proto : httpd->consts.http_11; 2130 1.16 mrg int size; 2131 1.78 elric bozoheaders_t *hdr; 2132 1.16 mrg 2133 1.16 mrg debug((httpd, DEBUG_FAT, "bozo_http_error %d: %s", code, msg)); 2134 1.16 mrg if (header == NULL || reason == NULL) { 2135 1.74 mrg bozoerr(httpd, 1, 2136 1.16 mrg "bozo_http_error() failed (short = %p, long = %p)", 2137 1.16 mrg header, reason); 2138 1.16 mrg return code; 2139 1.16 mrg } 2140 1.16 mrg 2141 1.16 mrg if (request && request->hr_serverport && 2142 1.16 mrg strcmp(request->hr_serverport, "80") != 0) 2143 1.16 mrg snprintf(portbuf, sizeof(portbuf), ":%s", 2144 1.16 mrg request->hr_serverport); 2145 1.16 mrg else 2146 1.16 mrg portbuf[0] = '\0'; 2147 1.16 mrg 2148 1.16 mrg if (request && request->hr_file) { 2149 1.67 shm char *file = NULL, *user = NULL, *user_escaped = NULL; 2150 1.69 christos int file_alloc = 0; 2151 1.46 mrg const char *hostname = BOZOHOST(httpd, request); 2152 1.40 mrg 2153 1.40 mrg /* bozo_escape_html() failure here is just too bad. */ 2154 1.40 mrg file = bozo_escape_html(NULL, request->hr_file); 2155 1.67 shm if (file == NULL) 2156 1.40 mrg file = request->hr_file; 2157 1.67 shm else 2158 1.67 shm file_alloc = 1; 2159 1.67 shm 2160 1.67 shm #ifndef NO_USER_SUPPORT 2161 1.67 shm if (request->hr_user != NULL) { 2162 1.67 shm user_escaped = bozo_escape_html(NULL, request->hr_user); 2163 1.67 shm if (user_escaped == NULL) 2164 1.67 shm user_escaped = request->hr_user; 2165 1.67 shm /* expand username to ~user/ */ 2166 1.74 mrg bozoasprintf(httpd, &user, "~%s/", user_escaped); 2167 1.69 christos if (user_escaped != request->hr_user) 2168 1.67 shm free(user_escaped); 2169 1.67 shm } 2170 1.67 shm #endif /* !NO_USER_SUPPORT */ 2171 1.67 shm 2172 1.16 mrg size = snprintf(httpd->errorbuf, BUFSIZ, 2173 1.16 mrg "<html><head><title>%s</title></head>\n" 2174 1.16 mrg "<body><h1>%s</h1>\n" 2175 1.67 shm "%s%s: <pre>%s</pre>\n" 2176 1.87 maya "<hr><address><a href=\"//%s%s/\">%s%s</a></address>\n" 2177 1.16 mrg "</body></html>\n", 2178 1.67 shm header, header, 2179 1.67 shm user ? user : "", file, 2180 1.67 shm reason, hostname, portbuf, hostname, portbuf); 2181 1.69 christos free(user); 2182 1.16 mrg if (size >= (int)BUFSIZ) { 2183 1.74 mrg bozowarn(httpd, 2184 1.16 mrg "bozo_http_error buffer too small, truncated"); 2185 1.16 mrg size = (int)BUFSIZ; 2186 1.16 mrg } 2187 1.67 shm 2188 1.67 shm if (file_alloc) 2189 1.67 shm free(file); 2190 1.16 mrg } else 2191 1.16 mrg size = 0; 2192 1.16 mrg 2193 1.16 mrg bozo_printf(httpd, "%s %s\r\n", proto, header); 2194 1.78 elric 2195 1.78 elric if (request) { 2196 1.26 pooka bozo_auth_check_401(request, code); 2197 1.78 elric SIMPLEQ_FOREACH(hdr, &request->hr_replheaders, h_next) { 2198 1.78 elric bozo_printf(httpd, "%s: %s\r\n", hdr->h_header, 2199 1.78 elric hdr->h_value); 2200 1.78 elric } 2201 1.78 elric } 2202 1.16 mrg 2203 1.16 mrg bozo_printf(httpd, "Content-Type: text/html\r\n"); 2204 1.16 mrg bozo_printf(httpd, "Content-Length: %d\r\n", size); 2205 1.16 mrg bozo_printf(httpd, "Server: %s\r\n", httpd->server_software); 2206 1.16 mrg if (request && request->hr_allow) 2207 1.16 mrg bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow); 2208 1.16 mrg bozo_printf(httpd, "\r\n"); 2209 1.51 shm /* According to the RFC 2616 sec. 9.4 HEAD method MUST NOT return a 2210 1.51 shm * message-body in the response */ 2211 1.51 shm if (size && request && request->hr_method != HTTP_HEAD) 2212 1.16 mrg bozo_printf(httpd, "%s", httpd->errorbuf); 2213 1.16 mrg bozo_flush(httpd, stdout); 2214 1.16 mrg 2215 1.16 mrg return code; 2216 1.16 mrg } 2217 1.16 mrg 2218 1.1 tls /* Below are various modified libc functions */ 2219 1.1 tls 2220 1.1 tls /* 2221 1.1 tls * returns -1 in lenp if the string ran out before finding a delimiter, 2222 1.1 tls * but is otherwise the same as strsep. Note that the length must be 2223 1.1 tls * correctly passed in. 2224 1.1 tls */ 2225 1.1 tls char * 2226 1.6 mrg bozostrnsep(char **strp, const char *delim, ssize_t *lenp) 2227 1.1 tls { 2228 1.1 tls char *s; 2229 1.1 tls const char *spanp; 2230 1.1 tls int c, sc; 2231 1.1 tls char *tok; 2232 1.1 tls 2233 1.1 tls if ((s = *strp) == NULL) 2234 1.1 tls return (NULL); 2235 1.1 tls for (tok = s;;) { 2236 1.1 tls if (lenp && --(*lenp) == -1) 2237 1.1 tls return (NULL); 2238 1.1 tls c = *s++; 2239 1.1 tls spanp = delim; 2240 1.1 tls do { 2241 1.1 tls if ((sc = *spanp++) == c) { 2242 1.1 tls if (c == 0) 2243 1.1 tls s = NULL; 2244 1.1 tls else 2245 1.1 tls s[-1] = '\0'; 2246 1.1 tls *strp = s; 2247 1.1 tls return (tok); 2248 1.1 tls } 2249 1.1 tls } while (sc != 0); 2250 1.1 tls } 2251 1.1 tls /* NOTREACHED */ 2252 1.1 tls } 2253 1.1 tls 2254 1.1 tls /* 2255 1.1 tls * inspired by fgetln(3), but works for fd's. should work identically 2256 1.1 tls * except it, however, does *not* return the newline, and it does nul 2257 1.1 tls * terminate the string. 2258 1.1 tls */ 2259 1.1 tls char * 2260 1.16 mrg bozodgetln(bozohttpd_t *httpd, int fd, ssize_t *lenp, 2261 1.16 mrg ssize_t (*readfn)(bozohttpd_t *, int, void *, size_t)) 2262 1.1 tls { 2263 1.1 tls ssize_t len; 2264 1.1 tls int got_cr = 0; 2265 1.1 tls char c, *nbuffer; 2266 1.1 tls 2267 1.1 tls /* initialise */ 2268 1.16 mrg if (httpd->getln_buflen == 0) { 2269 1.16 mrg /* should be plenty for most requests */ 2270 1.16 mrg httpd->getln_buflen = 128; 2271 1.16 mrg httpd->getln_buffer = malloc((size_t)httpd->getln_buflen); 2272 1.16 mrg if (httpd->getln_buffer == NULL) { 2273 1.16 mrg httpd->getln_buflen = 0; 2274 1.1 tls return NULL; 2275 1.1 tls } 2276 1.1 tls } 2277 1.1 tls len = 0; 2278 1.1 tls 2279 1.1 tls /* 2280 1.1 tls * we *have* to read one byte at a time, to not break cgi 2281 1.1 tls * programs (for we pass stdin off to them). could fix this 2282 1.1 tls * by becoming a fd-passing program instead of just exec'ing 2283 1.1 tls * the program 2284 1.17 mrg * 2285 1.17 mrg * the above is no longer true, we are the fd-passing 2286 1.17 mrg * program already. 2287 1.1 tls */ 2288 1.16 mrg for (; readfn(httpd, fd, &c, 1) == 1; ) { 2289 1.16 mrg debug((httpd, DEBUG_EXPLODING, "bozodgetln read %c", c)); 2290 1.1 tls 2291 1.16 mrg if (len >= httpd->getln_buflen - 1) { 2292 1.16 mrg httpd->getln_buflen *= 2; 2293 1.16 mrg debug((httpd, DEBUG_EXPLODING, "bozodgetln: " 2294 1.16 mrg "reallocating buffer to buflen %zu", 2295 1.16 mrg httpd->getln_buflen)); 2296 1.16 mrg nbuffer = bozorealloc(httpd, httpd->getln_buffer, 2297 1.16 mrg (size_t)httpd->getln_buflen); 2298 1.16 mrg httpd->getln_buffer = nbuffer; 2299 1.1 tls } 2300 1.1 tls 2301 1.16 mrg httpd->getln_buffer[len++] = c; 2302 1.1 tls if (c == '\r') { 2303 1.1 tls got_cr = 1; 2304 1.1 tls continue; 2305 1.1 tls } else if (c == '\n') { 2306 1.1 tls /* 2307 1.1 tls * HTTP/1.1 spec says to ignore CR and treat 2308 1.1 tls * LF as the real line terminator. even though 2309 1.1 tls * the same spec defines CRLF as the line 2310 1.1 tls * terminator, it is recommended in section 19.3 2311 1.1 tls * to do the LF trick for tolerance. 2312 1.1 tls */ 2313 1.1 tls if (got_cr) 2314 1.1 tls len -= 2; 2315 1.1 tls else 2316 1.1 tls len -= 1; 2317 1.1 tls break; 2318 1.1 tls } 2319 1.1 tls 2320 1.1 tls } 2321 1.16 mrg httpd->getln_buffer[len] = '\0'; 2322 1.28 joerg debug((httpd, DEBUG_OBESE, "bozodgetln returns: ``%s'' with len %zd", 2323 1.16 mrg httpd->getln_buffer, len)); 2324 1.1 tls *lenp = len; 2325 1.16 mrg return httpd->getln_buffer; 2326 1.1 tls } 2327 1.1 tls 2328 1.1 tls void * 2329 1.16 mrg bozorealloc(bozohttpd_t *httpd, void *ptr, size_t size) 2330 1.1 tls { 2331 1.1 tls void *p; 2332 1.1 tls 2333 1.1 tls p = realloc(ptr, size); 2334 1.73 mrg if (p) 2335 1.73 mrg return p; 2336 1.73 mrg 2337 1.73 mrg (void)bozo_http_error(httpd, 500, NULL, "memory allocation failure"); 2338 1.73 mrg exit(EXIT_FAILURE); 2339 1.1 tls } 2340 1.1 tls 2341 1.1 tls void * 2342 1.16 mrg bozomalloc(bozohttpd_t *httpd, size_t size) 2343 1.1 tls { 2344 1.1 tls void *p; 2345 1.1 tls 2346 1.1 tls p = malloc(size); 2347 1.73 mrg if (p) 2348 1.73 mrg return p; 2349 1.73 mrg 2350 1.73 mrg (void)bozo_http_error(httpd, 500, NULL, "memory allocation failure"); 2351 1.73 mrg exit(EXIT_FAILURE); 2352 1.1 tls } 2353 1.1 tls 2354 1.1 tls char * 2355 1.73 mrg bozostrdup(bozohttpd_t *httpd, bozo_httpreq_t *request, const char *str) 2356 1.1 tls { 2357 1.1 tls char *p; 2358 1.1 tls 2359 1.1 tls p = strdup(str); 2360 1.73 mrg if (p) 2361 1.73 mrg return p; 2362 1.73 mrg 2363 1.73 mrg if (!request) 2364 1.74 mrg bozoerr(httpd, EXIT_FAILURE, "strdup"); 2365 1.73 mrg 2366 1.73 mrg (void)bozo_http_error(httpd, 500, request, "memory allocation failure"); 2367 1.73 mrg exit(EXIT_FAILURE); 2368 1.1 tls } 2369 1.16 mrg 2370 1.16 mrg /* set default values in bozohttpd_t struct */ 2371 1.16 mrg int 2372 1.16 mrg bozo_init_httpd(bozohttpd_t *httpd) 2373 1.16 mrg { 2374 1.16 mrg /* make sure everything is clean */ 2375 1.16 mrg (void) memset(httpd, 0x0, sizeof(*httpd)); 2376 1.16 mrg 2377 1.16 mrg /* constants */ 2378 1.16 mrg httpd->consts.http_09 = "HTTP/0.9"; 2379 1.16 mrg httpd->consts.http_10 = "HTTP/1.0"; 2380 1.16 mrg httpd->consts.http_11 = "HTTP/1.1"; 2381 1.16 mrg httpd->consts.text_plain = "text/plain"; 2382 1.16 mrg 2383 1.16 mrg /* mmap region size */ 2384 1.16 mrg httpd->mmapsz = BOZO_MMAPSZ; 2385 1.16 mrg 2386 1.16 mrg /* error buffer for bozo_http_error() */ 2387 1.16 mrg if ((httpd->errorbuf = malloc(BUFSIZ)) == NULL) { 2388 1.16 mrg (void) fprintf(stderr, 2389 1.16 mrg "bozohttpd: memory_allocation failure\n"); 2390 1.16 mrg return 0; 2391 1.16 mrg } 2392 1.43 mbalmer #ifndef NO_LUA_SUPPORT 2393 1.43 mbalmer SIMPLEQ_INIT(&httpd->lua_states); 2394 1.43 mbalmer #endif 2395 1.16 mrg return 1; 2396 1.16 mrg } 2397 1.16 mrg 2398 1.16 mrg /* set default values in bozoprefs_t struct */ 2399 1.16 mrg int 2400 1.73 mrg bozo_init_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs) 2401 1.16 mrg { 2402 1.16 mrg /* make sure everything is clean */ 2403 1.16 mrg (void) memset(prefs, 0x0, sizeof(*prefs)); 2404 1.16 mrg 2405 1.16 mrg /* set up default values */ 2406 1.73 mrg if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE) || 2407 1.73 mrg !bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML) || 2408 1.73 mrg !bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML)) 2409 1.73 mrg return 0; 2410 1.16 mrg 2411 1.16 mrg return 1; 2412 1.16 mrg } 2413 1.16 mrg 2414 1.16 mrg /* set default values */ 2415 1.16 mrg int 2416 1.16 mrg bozo_set_defaults(bozohttpd_t *httpd, bozoprefs_t *prefs) 2417 1.16 mrg { 2418 1.73 mrg return bozo_init_httpd(httpd) && bozo_init_prefs(httpd, prefs); 2419 1.16 mrg } 2420 1.16 mrg 2421 1.16 mrg /* set the virtual host name, port and root */ 2422 1.16 mrg int 2423 1.16 mrg bozo_setup(bozohttpd_t *httpd, bozoprefs_t *prefs, const char *vhost, 2424 1.16 mrg const char *root) 2425 1.16 mrg { 2426 1.16 mrg struct passwd *pw; 2427 1.16 mrg extern char **environ; 2428 1.21 mrg static char *cleanenv[1] = { NULL }; 2429 1.16 mrg uid_t uid; 2430 1.82 mrg int uidset = 0; 2431 1.16 mrg char *chrootdir; 2432 1.16 mrg char *username; 2433 1.16 mrg char *portnum; 2434 1.16 mrg char *cp; 2435 1.16 mrg int dirtyenv; 2436 1.16 mrg 2437 1.16 mrg dirtyenv = 0; 2438 1.16 mrg 2439 1.16 mrg if (vhost == NULL) { 2440 1.16 mrg httpd->virthostname = bozomalloc(httpd, MAXHOSTNAMELEN+1); 2441 1.16 mrg if (gethostname(httpd->virthostname, MAXHOSTNAMELEN+1) < 0) 2442 1.74 mrg bozoerr(httpd, 1, "gethostname"); 2443 1.16 mrg httpd->virthostname[MAXHOSTNAMELEN] = '\0'; 2444 1.16 mrg } else { 2445 1.73 mrg httpd->virthostname = bozostrdup(httpd, NULL, vhost); 2446 1.16 mrg } 2447 1.73 mrg httpd->slashdir = bozostrdup(httpd, NULL, root); 2448 1.16 mrg if ((portnum = bozo_get_pref(prefs, "port number")) != NULL) { 2449 1.73 mrg httpd->bindport = bozostrdup(httpd, NULL, portnum); 2450 1.16 mrg } 2451 1.16 mrg 2452 1.16 mrg /* go over preferences now */ 2453 1.16 mrg if ((cp = bozo_get_pref(prefs, "numeric")) != NULL && 2454 1.16 mrg strcmp(cp, "true") == 0) { 2455 1.16 mrg httpd->numeric = 1; 2456 1.16 mrg } 2457 1.16 mrg if ((cp = bozo_get_pref(prefs, "log to stderr")) != NULL && 2458 1.16 mrg strcmp(cp, "true") == 0) { 2459 1.16 mrg httpd->logstderr = 1; 2460 1.16 mrg } 2461 1.16 mrg if ((cp = bozo_get_pref(prefs, "bind address")) != NULL) { 2462 1.73 mrg httpd->bindaddress = bozostrdup(httpd, NULL, cp); 2463 1.16 mrg } 2464 1.16 mrg if ((cp = bozo_get_pref(prefs, "background")) != NULL) { 2465 1.16 mrg httpd->background = atoi(cp); 2466 1.16 mrg } 2467 1.16 mrg if ((cp = bozo_get_pref(prefs, "foreground")) != NULL && 2468 1.16 mrg strcmp(cp, "true") == 0) { 2469 1.16 mrg httpd->foreground = 1; 2470 1.16 mrg } 2471 1.27 jmmv if ((cp = bozo_get_pref(prefs, "pid file")) != NULL) { 2472 1.73 mrg httpd->pidfile = bozostrdup(httpd, NULL, cp); 2473 1.27 jmmv } 2474 1.16 mrg if ((cp = bozo_get_pref(prefs, "unknown slash")) != NULL && 2475 1.16 mrg strcmp(cp, "true") == 0) { 2476 1.16 mrg httpd->unknown_slash = 1; 2477 1.16 mrg } 2478 1.16 mrg if ((cp = bozo_get_pref(prefs, "virtual base")) != NULL) { 2479 1.73 mrg httpd->virtbase = bozostrdup(httpd, NULL, cp); 2480 1.16 mrg } 2481 1.16 mrg if ((cp = bozo_get_pref(prefs, "enable users")) != NULL && 2482 1.16 mrg strcmp(cp, "true") == 0) { 2483 1.16 mrg httpd->enable_users = 1; 2484 1.16 mrg } 2485 1.67 shm if ((cp = bozo_get_pref(prefs, "enable user cgibin")) != NULL && 2486 1.67 shm strcmp(cp, "true") == 0) { 2487 1.67 shm httpd->enable_cgi_users = 1; 2488 1.67 shm } 2489 1.16 mrg if ((cp = bozo_get_pref(prefs, "dirty environment")) != NULL && 2490 1.16 mrg strcmp(cp, "true") == 0) { 2491 1.16 mrg dirtyenv = 1; 2492 1.16 mrg } 2493 1.16 mrg if ((cp = bozo_get_pref(prefs, "hide dots")) != NULL && 2494 1.16 mrg strcmp(cp, "true") == 0) { 2495 1.16 mrg httpd->hide_dots = 1; 2496 1.16 mrg } 2497 1.16 mrg if ((cp = bozo_get_pref(prefs, "directory indexing")) != NULL && 2498 1.16 mrg strcmp(cp, "true") == 0) { 2499 1.16 mrg httpd->dir_indexing = 1; 2500 1.16 mrg } 2501 1.20 mrg if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) { 2502 1.73 mrg httpd->public_html = bozostrdup(httpd, NULL, cp); 2503 1.20 mrg } 2504 1.16 mrg httpd->server_software = 2505 1.73 mrg bozostrdup(httpd, NULL, bozo_get_pref(prefs, "server software")); 2506 1.72 christos httpd->index_html = 2507 1.73 mrg bozostrdup(httpd, NULL, bozo_get_pref(prefs, "index.html")); 2508 1.16 mrg 2509 1.16 mrg /* 2510 1.16 mrg * initialise ssl and daemon mode if necessary. 2511 1.16 mrg */ 2512 1.16 mrg bozo_ssl_init(httpd); 2513 1.16 mrg bozo_daemon_init(httpd); 2514 1.16 mrg 2515 1.75 mrg username = bozo_get_pref(prefs, "username"); 2516 1.75 mrg if (username != NULL) { 2517 1.75 mrg if ((pw = getpwnam(username)) == NULL) 2518 1.75 mrg bozoerr(httpd, 1, "getpwnam(%s): %s", username, 2519 1.75 mrg strerror(errno)); 2520 1.16 mrg if (initgroups(pw->pw_name, pw->pw_gid) == -1) 2521 1.74 mrg bozoerr(httpd, 1, "initgroups: %s", strerror(errno)); 2522 1.16 mrg if (setgid(pw->pw_gid) == -1) 2523 1.74 mrg bozoerr(httpd, 1, "setgid(%u): %s", pw->pw_gid, 2524 1.75 mrg strerror(errno)); 2525 1.16 mrg uid = pw->pw_uid; 2526 1.82 mrg uidset = 1; 2527 1.16 mrg } 2528 1.16 mrg /* 2529 1.16 mrg * handle chroot. 2530 1.16 mrg */ 2531 1.16 mrg if ((chrootdir = bozo_get_pref(prefs, "chroot dir")) != NULL) { 2532 1.73 mrg httpd->rootdir = bozostrdup(httpd, NULL, chrootdir); 2533 1.16 mrg if (chdir(httpd->rootdir) == -1) 2534 1.74 mrg bozoerr(httpd, 1, "chdir(%s): %s", httpd->rootdir, 2535 1.16 mrg strerror(errno)); 2536 1.16 mrg if (chroot(httpd->rootdir) == -1) 2537 1.74 mrg bozoerr(httpd, 1, "chroot(%s): %s", httpd->rootdir, 2538 1.16 mrg strerror(errno)); 2539 1.16 mrg } 2540 1.16 mrg 2541 1.82 mrg if (uidset && setuid(uid) == -1) 2542 1.75 mrg bozoerr(httpd, 1, "setuid(%d): %s", uid, strerror(errno)); 2543 1.16 mrg 2544 1.16 mrg /* 2545 1.16 mrg * prevent info leakage between different compartments. 2546 1.16 mrg * some PATH values in the environment would be invalided 2547 1.16 mrg * by chroot. cross-user settings might result in undesirable 2548 1.16 mrg * effects. 2549 1.16 mrg */ 2550 1.21 mrg if ((chrootdir != NULL || username != NULL) && !dirtyenv) 2551 1.16 mrg environ = cleanenv; 2552 1.21 mrg 2553 1.16 mrg #ifdef _SC_PAGESIZE 2554 1.16 mrg httpd->page_size = (long)sysconf(_SC_PAGESIZE); 2555 1.16 mrg #else 2556 1.16 mrg httpd->page_size = 4096; 2557 1.16 mrg #endif 2558 1.16 mrg debug((httpd, DEBUG_OBESE, "myname is %s, slashdir is %s", 2559 1.16 mrg httpd->virthostname, httpd->slashdir)); 2560 1.16 mrg 2561 1.16 mrg return 1; 2562 1.16 mrg } 2563 1.81 agc 2564 1.81 agc int 2565 1.81 agc bozo_get_version(char *buf, size_t size) 2566 1.81 agc { 2567 1.81 agc return snprintf(buf, size, "%s", SERVER_SOFTWARE); 2568 1.81 agc } 2569
Indexes created Mon Sep 29 21:09:56 GMT 2025