Annotation of src/libexec/httpd/bozohttpd.c, Revision 1.33
1.33 ! mrg 1: /* $NetBSD: bozohttpd.c,v 1.32 2012/07/19 09:53:06 mrg Exp $ */
1.3 tls 2:
1.30 mrg 3: /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
1.1 tls 4:
5: /*
1.30 mrg 6: * Copyright (c) 1997-2011 Matthew R. Green
1.1 tls 7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer and
16: * dedication in the documentation and/or other materials provided
17: * with the distribution.
18: *
19: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24: * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
26: * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29: * SUCH DAMAGE.
30: *
31: */
32:
33: /* this program is dedicated to the Great God of Processed Cheese */
34:
35: /*
36: * bozohttpd.c: minimal httpd; provides only these features:
37: * - HTTP/0.9 (by virtue of ..)
38: * - HTTP/1.0
39: * - HTTP/1.1
40: * - CGI/1.1 this will only be provided for "system" scripts
41: * - automatic "missing trailing slash" redirections
42: * - configurable translation of /~user/ to ~user/public_html,
43: * however, this does not include cgi-bin support
44: * - access lists via libwrap via inetd/tcpd
45: * - virtual hosting
46: * - not that we do not even pretend to understand MIME, but
47: * rely only on the HTTP specification
48: * - ipv6 support
49: * - automatic `index.html' generation
50: * - configurable server name
51: * - directory index generation
52: * - daemon mode (lacks libwrap support)
53: * - .htpasswd support
54: */
55:
56: /*
57: * requirements for minimal http/1.1 (at least, as documented in
58: * <draft-ietf-http-v11-spec-rev-06> which expired may 18, 1999):
59: *
60: * - 14.15: content-encoding handling. [1]
61: *
62: * - 14.16: content-length handling. this is only a SHOULD header
63: * thus we could just not send it ever. [1]
64: *
65: * - 14.17: content-type handling. [1]
66: *
67: * - 14.25/28: if-{,un}modified-since handling. maybe do this, but
68: * i really don't want to have to parse 3 differnet date formats
69: *
70: * [1] need to revisit to ensure proper behaviour
71: *
72: * and the following is a list of features that we do not need
73: * to have due to other limits, or are too lazy. there are more
74: * of these than are listed, but these are of particular note,
75: * and could perhaps be implemented.
76: *
77: * - 3.5/3.6: content/transfer codings. probably can ignore
78: * this? we "SHOULD"n't. but 4.4 says we should ignore a
79: * `content-length' header upon reciept of a `transfer-encoding'
80: * header.
81: *
82: * - 5.1.1: request methods. only MUST support GET and HEAD,
83: * but there are new ones besides POST that are currently
84: * supported: OPTIONS PUT DELETE TRACE and CONNECT, plus
85: * extensions not yet known?
86: *
87: * - 10.1: we can ignore informational status codes
88: *
89: * - 10.3.3/10.3.4/10.3.8: just use '302' codes always.
90: *
91: * - 14.1/14.2/14.3/14.27: we do not support Accept: headers..
92: * just ignore them and send the request anyway. they are
93: * only SHOULD.
94: *
95: * - 14.5/14.16/14.35: we don't do ranges. from section 14.35.2
96: * `A server MAY ignore the Range header'. but it might be nice.
1.6 mrg 97: * since 20080301 we support simple range headers.
1.1 tls 98: *
99: * - 14.9: we aren't a cache.
100: *
101: * - 14.15: content-md5 would be nice...
102: *
103: * - 14.24/14.26/14.27: be nice to support this...
104: *
105: * - 14.44: not sure about this Vary: header. ignore it for now.
106: */
107:
108: #ifndef INDEX_HTML
109: #define INDEX_HTML "index.html"
110: #endif
111: #ifndef SERVER_SOFTWARE
1.30 mrg 112: #define SERVER_SOFTWARE "bozohttpd/20111118"
1.1 tls 113: #endif
114: #ifndef DIRECT_ACCESS_FILE
115: #define DIRECT_ACCESS_FILE ".bzdirect"
116: #endif
117: #ifndef REDIRECT_FILE
118: #define REDIRECT_FILE ".bzredirect"
119: #endif
120: #ifndef ABSREDIRECT_FILE
121: #define ABSREDIRECT_FILE ".bzabsredirect"
122: #endif
1.16 mrg 123: #ifndef PUBLIC_HTML
124: #define PUBLIC_HTML "public_html"
125: #endif
126:
127: #ifndef USE_ARG
128: #define USE_ARG(x) /*LINTED*/(void)&(x)
129: #endif
1.1 tls 130:
131: /*
132: * And so it begins ..
133: */
134:
135: #include <sys/param.h>
136: #include <sys/socket.h>
137: #include <sys/time.h>
138: #include <sys/mman.h>
139:
140: #include <arpa/inet.h>
141:
142: #include <ctype.h>
143: #include <dirent.h>
144: #include <errno.h>
145: #include <fcntl.h>
146: #include <netdb.h>
147: #include <pwd.h>
148: #include <grp.h>
149: #include <signal.h>
150: #include <stdarg.h>
151: #include <stdlib.h>
152: #include <string.h>
153: #include <syslog.h>
154: #include <time.h>
155: #include <unistd.h>
156:
157: #include "bozohttpd.h"
158:
159: #ifndef MAX_WAIT_TIME
160: #define MAX_WAIT_TIME 60 /* hang around for 60 seconds max */
161: #endif
162:
163: /* variables and functions */
164: #ifndef LOG_FTP
165: #define LOG_FTP LOG_DAEMON
166: #endif
167:
168: volatile sig_atomic_t alarmhit;
169:
1.16 mrg 170: /*
171: * check there's enough space in the prefs and names arrays.
172: */
173: static int
174: size_arrays(bozoprefs_t *bozoprefs, unsigned needed)
175: {
176: char **temp;
1.1 tls 177:
1.16 mrg 178: if (bozoprefs->size == 0) {
179: /* only get here first time around */
180: bozoprefs->size = needed;
181: if ((bozoprefs->name = calloc(sizeof(char *), needed)) == NULL) {
182: (void) fprintf(stderr, "size_arrays: bad alloc\n");
183: return 0;
184: }
185: if ((bozoprefs->value = calloc(sizeof(char *), needed)) == NULL) {
186: free(bozoprefs->name);
187: (void) fprintf(stderr, "size_arrays: bad alloc\n");
188: return 0;
189: }
190: } else if (bozoprefs->c == bozoprefs->size) {
191: /* only uses 'needed' when filled array */
192: bozoprefs->size += needed;
193: temp = realloc(bozoprefs->name, sizeof(char *) * needed);
194: if (temp == NULL) {
195: (void) fprintf(stderr, "size_arrays: bad alloc\n");
196: return 0;
197: }
198: bozoprefs->name = temp;
199: temp = realloc(bozoprefs->value, sizeof(char *) * needed);
200: if (temp == NULL) {
201: (void) fprintf(stderr, "size_arrays: bad alloc\n");
202: return 0;
203: }
204: bozoprefs->value = temp;
205: }
206: return 1;
207: }
1.1 tls 208:
1.16 mrg 209: static int
210: findvar(bozoprefs_t *bozoprefs, const char *name)
211: {
212: unsigned i;
1.1 tls 213:
1.16 mrg 214: for (i = 0 ; i < bozoprefs->c && strcmp(bozoprefs->name[i], name) != 0; i++)
215: ;
216: return (i == bozoprefs->c) ? -1 : (int)i;
1.1 tls 217: }
218:
219: int
1.16 mrg 220: bozo_set_pref(bozoprefs_t *bozoprefs, const char *name, const char *value)
1.1 tls 221: {
1.16 mrg 222: int i;
1.1 tls 223:
1.16 mrg 224: if ((i = findvar(bozoprefs, name)) < 0) {
225: /* add the element to the array */
226: if (size_arrays(bozoprefs, bozoprefs->size + 15)) {
227: bozoprefs->name[i = bozoprefs->c++] = strdup(name);
228: }
229: } else {
230: /* replace the element in the array */
231: if (bozoprefs->value[i]) {
232: free(bozoprefs->value[i]);
233: bozoprefs->value[i] = NULL;
1.1 tls 234: }
235: }
1.16 mrg 236: /* sanity checks for range of values go here */
237: bozoprefs->value[i] = strdup(value);
238: return 1;
239: }
1.1 tls 240:
1.16 mrg 241: /*
242: * get a variable's value, or NULL
243: */
244: char *
245: bozo_get_pref(bozoprefs_t *bozoprefs, const char *name)
246: {
247: int i;
1.1 tls 248:
1.16 mrg 249: return ((i = findvar(bozoprefs, name)) < 0) ? NULL :
250: bozoprefs->value[i];
1.1 tls 251: }
252:
253: char *
1.16 mrg 254: bozo_http_date(char *date, size_t datelen)
1.1 tls 255: {
256: struct tm *tm;
257: time_t now;
258:
259: /* Sun, 06 Nov 1994 08:49:37 GMT */
260: now = time(NULL);
261: tm = gmtime(&now); /* HTTP/1.1 spec rev 06 sez GMT only */
1.16 mrg 262: strftime(date, datelen, "%a, %d %b %Y %H:%M:%S GMT", tm);
1.1 tls 263: return date;
264: }
265:
266: /*
1.12 mrg 267: * convert "in" into the three parts of a request (first line).
268: * we allocate into file and query, but return pointers into
269: * "in" for proto and method.
1.1 tls 270: */
271: static void
1.16 mrg 272: parse_request(bozohttpd_t *httpd, char *in, char **method, char **file,
273: char **query, char **proto)
1.1 tls 274: {
275: ssize_t len;
276: char *val;
1.16 mrg 277:
278: USE_ARG(httpd);
279: debug((httpd, DEBUG_EXPLODING, "parse in: %s", in));
1.12 mrg 280: *method = *file = *query = *proto = NULL;
1.1 tls 281:
282: len = (ssize_t)strlen(in);
1.6 mrg 283: val = bozostrnsep(&in, " \t\n\r", &len);
1.1 tls 284: if (len < 1 || val == NULL)
285: return;
286: *method = val;
1.12 mrg 287:
1.1 tls 288: while (*in == ' ' || *in == '\t')
289: in++;
1.6 mrg 290: val = bozostrnsep(&in, " \t\n\r", &len);
1.1 tls 291: if (len < 1) {
292: if (len == 0)
1.9 tls 293: *file = val;
1.1 tls 294: else
1.9 tls 295: *file = in;
1.16 mrg 296: } else {
297: *file = val;
1.9 tls 298:
1.16 mrg 299: *query = strchr(*file, '?');
300: if (*query)
301: *(*query)++ = '\0';
302:
303: if (in) {
304: while (*in && (*in == ' ' || *in == '\t'))
305: in++;
306: if (*in)
307: *proto = in;
308: }
1.12 mrg 309: }
310:
311: /* allocate private copies */
1.16 mrg 312: *file = bozostrdup(httpd, *file);
1.12 mrg 313: if (*query)
1.16 mrg 314: *query = bozostrdup(httpd, *query);
1.12 mrg 315:
1.16 mrg 316: debug((httpd, DEBUG_FAT,
317: "url: method: \"%s\" file: \"%s\" query: \"%s\" proto: \"%s\"",
318: *method, *file, *query, *proto));
1.1 tls 319: }
320:
321: /*
1.16 mrg 322: * cleanup a bozo_httpreq_t after use
1.1 tls 323: */
1.16 mrg 324: void
325: bozo_clean_request(bozo_httpreq_t *request)
1.1 tls 326: {
1.16 mrg 327: struct bozoheaders *hdr, *ohdr = NULL;
1.12 mrg 328:
329: if (request == NULL)
330: return;
331:
1.21 mrg 332: /* If SSL enabled cleanup SSL structure. */
1.22 mrg 333: bozo_ssl_destroy(request->hr_httpd);
1.21 mrg 334:
1.12 mrg 335: /* clean up request */
336: #define MF(x) if (request->x) free(request->x)
337: MF(hr_remotehost);
338: MF(hr_remoteaddr);
339: MF(hr_serverport);
340: MF(hr_file);
1.20 mrg 341: MF(hr_oldfile);
1.12 mrg 342: MF(hr_query);
343: #undef MF
1.16 mrg 344: bozo_auth_cleanup(request);
1.12 mrg 345: for (hdr = SIMPLEQ_FIRST(&request->hr_headers); hdr;
346: hdr = SIMPLEQ_NEXT(hdr, h_next)) {
347: free(hdr->h_value);
348: free(hdr->h_header);
349: if (ohdr)
350: free(ohdr);
351: ohdr = hdr;
352: }
353: if (ohdr)
354: free(ohdr);
355:
356: free(request);
357: }
358:
359: /*
1.16 mrg 360: * send a HTTP/1.1 408 response if we timeout.
361: */
362: /* ARGSUSED */
363: static void
364: alarmer(int sig)
365: {
366: alarmhit = 1;
367: }
368:
369: /*
370: * add or merge this header (val: str) into the requests list
371: */
372: static bozoheaders_t *
373: addmerge_header(bozo_httpreq_t *request, char *val,
374: char *str, ssize_t len)
375: {
376: struct bozoheaders *hdr;
377:
378: USE_ARG(len);
379: /* do we exist already? */
380: SIMPLEQ_FOREACH(hdr, &request->hr_headers, h_next) {
381: if (strcasecmp(val, hdr->h_header) == 0)
382: break;
383: }
384:
385: if (hdr) {
386: /* yup, merge it in */
387: char *nval;
388:
389: if (asprintf(&nval, "%s, %s", hdr->h_value, str) == -1) {
390: (void)bozo_http_error(request->hr_httpd, 500, NULL,
391: "memory allocation failure");
392: return NULL;
393: }
394: free(hdr->h_value);
395: hdr->h_value = nval;
396: } else {
397: /* nope, create a new one */
398:
399: hdr = bozomalloc(request->hr_httpd, sizeof *hdr);
400: hdr->h_header = bozostrdup(request->hr_httpd, val);
401: if (str && *str)
402: hdr->h_value = bozostrdup(request->hr_httpd, str);
403: else
404: hdr->h_value = bozostrdup(request->hr_httpd, " ");
405:
406: SIMPLEQ_INSERT_TAIL(&request->hr_headers, hdr, h_next);
407: request->hr_nheaders++;
408: }
409:
410: return hdr;
411: }
412:
413: /*
414: * as the prototype string is not constant (eg, "HTTP/1.1" is equivalent
415: * to "HTTP/001.01"), we MUST parse this.
416: */
417: static int
418: process_proto(bozo_httpreq_t *request, const char *proto)
419: {
420: char majorstr[16], *minorstr;
421: int majorint, minorint;
422:
423: if (proto == NULL) {
424: got_proto_09:
425: request->hr_proto = request->hr_httpd->consts.http_09;
426: debug((request->hr_httpd, DEBUG_FAT, "request %s is http/0.9",
427: request->hr_file));
428: return 0;
429: }
430:
431: if (strncasecmp(proto, "HTTP/", 5) != 0)
432: goto bad;
433: strncpy(majorstr, proto + 5, sizeof majorstr);
434: majorstr[sizeof(majorstr)-1] = 0;
435: minorstr = strchr(majorstr, '.');
436: if (minorstr == NULL)
437: goto bad;
438: *minorstr++ = 0;
439:
440: majorint = atoi(majorstr);
441: minorint = atoi(minorstr);
442:
443: switch (majorint) {
444: case 0:
445: if (minorint != 9)
446: break;
447: goto got_proto_09;
448: case 1:
449: if (minorint == 0)
450: request->hr_proto = request->hr_httpd->consts.http_10;
451: else if (minorint == 1)
452: request->hr_proto = request->hr_httpd->consts.http_11;
453: else
454: break;
455:
456: debug((request->hr_httpd, DEBUG_FAT, "request %s is %s",
457: request->hr_file, request->hr_proto));
458: SIMPLEQ_INIT(&request->hr_headers);
459: request->hr_nheaders = 0;
460: return 0;
461: }
462: bad:
463: return bozo_http_error(request->hr_httpd, 404, NULL, "unknown prototype");
464: }
465:
466: /*
467: * process each type of HTTP method, setting this HTTP requests
468: # method type.
469: */
470: static struct method_map {
471: const char *name;
472: int type;
473: } method_map[] = {
474: { "GET", HTTP_GET, },
475: { "POST", HTTP_POST, },
476: { "HEAD", HTTP_HEAD, },
477: #if 0 /* other non-required http/1.1 methods */
478: { "OPTIONS", HTTP_OPTIONS, },
479: { "PUT", HTTP_PUT, },
480: { "DELETE", HTTP_DELETE, },
481: { "TRACE", HTTP_TRACE, },
482: { "CONNECT", HTTP_CONNECT, },
483: #endif
484: { NULL, 0, },
485: };
486:
487: static int
488: process_method(bozo_httpreq_t *request, const char *method)
489: {
490: struct method_map *mmp;
491:
492: if (request->hr_proto == request->hr_httpd->consts.http_11)
493: request->hr_allow = "GET, HEAD, POST";
494:
495: for (mmp = method_map; mmp->name; mmp++)
496: if (strcasecmp(method, mmp->name) == 0) {
497: request->hr_method = mmp->type;
498: request->hr_methodstr = mmp->name;
499: return 0;
500: }
501:
502: return bozo_http_error(request->hr_httpd, 404, request, "unknown method");
503: }
504:
505: /*
1.1 tls 506: * This function reads a http request from stdin, returning a pointer to a
1.16 mrg 507: * bozo_httpreq_t structure, describing the request.
1.1 tls 508: */
1.16 mrg 509: bozo_httpreq_t *
510: bozo_read_request(bozohttpd_t *httpd)
1.1 tls 511: {
512: struct sigaction sa;
1.9 tls 513: char *str, *val, *method, *file, *proto, *query;
1.1 tls 514: char *host, *addr, *port;
515: char bufport[10];
516: char hbuf[NI_MAXHOST], abuf[NI_MAXHOST];
517: struct sockaddr_storage ss;
518: ssize_t len;
519: int line = 0;
520: socklen_t slen;
1.16 mrg 521: bozo_httpreq_t *request;
1.1 tls 522:
523: /*
1.20 mrg 524: * if we're in daemon mode, bozo_daemon_fork() will return here twice
525: * for each call. once in the child, returning 0, and once in the
526: * parent, returning 1. for each child, then we can setup SSL, and
527: * the parent can signal the caller there was no request to process
528: * and it will wait for another.
1.1 tls 529: */
1.20 mrg 530: if (bozo_daemon_fork(httpd))
531: return NULL;
1.16 mrg 532: bozo_ssl_accept(httpd);
1.1 tls 533:
1.16 mrg 534: request = bozomalloc(httpd, sizeof(*request));
535: memset(request, 0, sizeof(*request));
536: request->hr_httpd = httpd;
1.1 tls 537: request->hr_allow = request->hr_host = NULL;
538: request->hr_content_type = request->hr_content_length = NULL;
1.6 mrg 539: request->hr_range = NULL;
1.12 mrg 540: request->hr_last_byte_pos = -1;
1.10 joerg 541: request->hr_if_modified_since = NULL;
1.12 mrg 542: request->hr_file = NULL;
1.20 mrg 543: request->hr_oldfile = NULL;
1.1 tls 544:
545: slen = sizeof(ss);
1.16 mrg 546: if (getpeername(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
1.1 tls 547: host = addr = NULL;
548: else {
1.16 mrg 549: if (getnameinfo((struct sockaddr *)(void *)&ss, slen,
1.1 tls 550: abuf, sizeof abuf, NULL, 0, NI_NUMERICHOST) == 0)
551: addr = abuf;
552: else
553: addr = NULL;
1.16 mrg 554: if (httpd->numeric == 0 &&
555: getnameinfo((struct sockaddr *)(void *)&ss, slen,
556: hbuf, sizeof hbuf, NULL, 0, 0) == 0)
1.1 tls 557: host = hbuf;
558: else
559: host = NULL;
560: }
561: if (host != NULL)
1.16 mrg 562: request->hr_remotehost = bozostrdup(request->hr_httpd, host);
1.1 tls 563: if (addr != NULL)
1.16 mrg 564: request->hr_remoteaddr = bozostrdup(request->hr_httpd, addr);
1.1 tls 565: slen = sizeof(ss);
1.29 mrg 566:
567: /*
568: * Override the bound port from the request value, so it works even
569: * if passed through a proxy that doesn't rewrite the port.
570: */
571: if (httpd->bindport) {
572: if (strcmp(httpd->bindport, "80") != 0)
573: port = httpd->bindport;
1.1 tls 574: else
575: port = NULL;
1.29 mrg 576: } else {
577: if (getsockname(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
578: port = NULL;
579: else {
580: if (getnameinfo((struct sockaddr *)(void *)&ss, slen, NULL, 0,
581: bufport, sizeof bufport, NI_NUMERICSERV) == 0)
582: port = bufport;
583: else
584: port = NULL;
585: }
1.1 tls 586: }
587: if (port != NULL)
1.16 mrg 588: request->hr_serverport = bozostrdup(request->hr_httpd, port);
1.1 tls 589:
590: /*
591: * setup a timer to make sure the request is not hung
592: */
593: sa.sa_handler = alarmer;
594: sigemptyset(&sa.sa_mask);
595: sigaddset(&sa.sa_mask, SIGALRM);
596: sa.sa_flags = 0;
597: sigaction(SIGALRM, &sa, NULL); /* XXX */
598:
599: alarm(MAX_WAIT_TIME);
1.16 mrg 600: while ((str = bozodgetln(httpd, STDIN_FILENO, &len, bozo_read)) != NULL) {
1.1 tls 601: alarm(0);
1.12 mrg 602: if (alarmhit) {
1.16 mrg 603: (void)bozo_http_error(httpd, 408, NULL,
604: "request timed out");
1.12 mrg 605: goto cleanup;
606: }
1.1 tls 607: line++;
608:
609: if (line == 1) {
610:
1.12 mrg 611: if (len < 1) {
1.16 mrg 612: (void)bozo_http_error(httpd, 404, NULL,
613: "null method");
1.12 mrg 614: goto cleanup;
615: }
616:
1.16 mrg 617: bozo_warn(httpd, "got request ``%s'' from host %s to port %s",
618: str,
619: host ? host : addr ? addr : "<local>",
620: port ? port : "<stdin>");
1.1 tls 621:
1.12 mrg 622: /* we allocate return space in file and query only */
1.16 mrg 623: parse_request(httpd, str, &method, &file, &query, &proto);
1.12 mrg 624: request->hr_file = file;
625: request->hr_query = query;
626: if (method == NULL) {
1.16 mrg 627: (void)bozo_http_error(httpd, 404, NULL,
628: "null method");
1.12 mrg 629: goto cleanup;
630: }
631: if (file == NULL) {
1.16 mrg 632: (void)bozo_http_error(httpd, 404, NULL,
633: "null file");
1.12 mrg 634: goto cleanup;
635: }
1.1 tls 636:
637: /*
638: * note that we parse the proto first, so that we
639: * can more properly parse the method and the url.
640: */
1.9 tls 641:
1.12 mrg 642: if (process_proto(request, proto) ||
643: process_method(request, method)) {
644: goto cleanup;
645: }
646:
1.16 mrg 647: debug((httpd, DEBUG_FAT, "got file \"%s\" query \"%s\"",
1.12 mrg 648: request->hr_file,
649: request->hr_query ? request->hr_query : "<none>"));
1.1 tls 650:
651: /* http/0.9 has no header processing */
1.16 mrg 652: if (request->hr_proto == httpd->consts.http_09)
1.1 tls 653: break;
654: } else { /* incoming headers */
1.16 mrg 655: bozoheaders_t *hdr;
1.1 tls 656:
657: if (*str == '\0')
658: break;
659:
1.6 mrg 660: val = bozostrnsep(&str, ":", &len);
1.16 mrg 661: debug((httpd, DEBUG_EXPLODING,
1.6 mrg 662: "read_req2: after bozostrnsep: str ``%s'' val ``%s''",
1.1 tls 663: str, val));
1.12 mrg 664: if (val == NULL || len == -1) {
1.16 mrg 665: (void)bozo_http_error(httpd, 404, request,
666: "no header");
1.12 mrg 667: goto cleanup;
668: }
1.1 tls 669: while (*str == ' ' || *str == '\t')
670: len--, str++;
1.6 mrg 671: while (*val == ' ' || *val == '\t')
672: val++;
1.1 tls 673:
1.17 mrg 674: if (bozo_auth_check_headers(request, val, str, len))
1.1 tls 675: goto next_header;
676:
677: hdr = addmerge_header(request, val, str, len);
678:
679: if (strcasecmp(hdr->h_header, "content-type") == 0)
680: request->hr_content_type = hdr->h_value;
681: else if (strcasecmp(hdr->h_header, "content-length") == 0)
682: request->hr_content_length = hdr->h_value;
683: else if (strcasecmp(hdr->h_header, "host") == 0)
684: request->hr_host = hdr->h_value;
685: /* HTTP/1.1 rev06 draft spec: 14.20 */
1.12 mrg 686: else if (strcasecmp(hdr->h_header, "expect") == 0) {
1.16 mrg 687: (void)bozo_http_error(httpd, 417, request,
688: "we don't support Expect:");
1.12 mrg 689: goto cleanup;
690: }
1.1 tls 691: else if (strcasecmp(hdr->h_header, "referrer") == 0 ||
692: strcasecmp(hdr->h_header, "referer") == 0)
693: request->hr_referrer = hdr->h_value;
1.6 mrg 694: else if (strcasecmp(hdr->h_header, "range") == 0)
695: request->hr_range = hdr->h_value;
1.16 mrg 696: else if (strcasecmp(hdr->h_header,
697: "if-modified-since") == 0)
1.10 joerg 698: request->hr_if_modified_since = hdr->h_value;
1.31 elric 699: else if (strcasecmp(hdr->h_header,
700: "accept-encoding") == 0)
701: request->hr_accept_encoding = hdr->h_value;
1.1 tls 702:
1.16 mrg 703: debug((httpd, DEBUG_FAT, "adding header %s: %s",
1.1 tls 704: hdr->h_header, hdr->h_value));
705: }
706: next_header:
707: alarm(MAX_WAIT_TIME);
708: }
709:
710: /* now, clear it all out */
711: alarm(0);
712: signal(SIGALRM, SIG_DFL);
713:
714: /* RFC1945, 8.3 */
1.16 mrg 715: if (request->hr_method == HTTP_POST &&
716: request->hr_content_length == NULL) {
717: (void)bozo_http_error(httpd, 400, request,
718: "missing content length");
1.12 mrg 719: goto cleanup;
720: }
1.1 tls 721:
722: /* HTTP/1.1 draft rev-06, 14.23 & 19.6.1.1 */
1.16 mrg 723: if (request->hr_proto == httpd->consts.http_11 &&
724: request->hr_host == NULL) {
725: (void)bozo_http_error(httpd, 400, request,
726: "missing Host header");
1.12 mrg 727: goto cleanup;
728: }
729:
730: if (request->hr_range != NULL) {
1.16 mrg 731: debug((httpd, DEBUG_FAT, "hr_range: %s", request->hr_range));
1.12 mrg 732: /* support only simple ranges %d- and %d-%d */
733: if (strchr(request->hr_range, ',') == NULL) {
734: const char *rstart, *dash;
735:
736: rstart = strchr(request->hr_range, '=');
737: if (rstart != NULL) {
738: rstart++;
739: dash = strchr(rstart, '-');
740: if (dash != NULL && dash != rstart) {
741: dash++;
742: request->hr_have_range = 1;
743: request->hr_first_byte_pos =
744: strtoll(rstart, NULL, 10);
745: if (request->hr_first_byte_pos < 0)
746: request->hr_first_byte_pos = 0;
747: if (*dash != '\0') {
748: request->hr_last_byte_pos =
749: strtoll(dash, NULL, 10);
750: if (request->hr_last_byte_pos < 0)
751: request->hr_last_byte_pos = -1;
752: }
753: }
754: }
755: }
756: }
1.1 tls 757:
1.16 mrg 758: debug((httpd, DEBUG_FAT, "bozo_read_request returns url %s in request",
759: request->hr_file));
760: return request;
1.1 tls 761:
1.16 mrg 762: cleanup:
763: bozo_clean_request(request);
1.1 tls 764:
1.16 mrg 765: return NULL;
1.1 tls 766: }
767:
1.10 joerg 768: static int
1.16 mrg 769: mmap_and_write_part(bozohttpd_t *httpd, int fd, off_t first_byte_pos, size_t sz)
1.12 mrg 770: {
1.14 mrg 771: size_t mappedsz, wroffset;
772: off_t mappedoffset;
1.12 mrg 773: char *addr;
1.14 mrg 774: void *mappedaddr;
775:
776: /*
777: * we need to ensure that both the size *and* offset arguments to
778: * mmap() are page-aligned. our formala for this is:
779: *
780: * input offset: first_byte_pos
781: * input size: sz
782: *
783: * mapped offset = page align truncate (input offset)
784: * mapped size =
785: * page align extend (input offset - mapped offset + input size)
786: * write offset = input offset - mapped offset
787: *
788: * we use the write offset in all writes
789: */
1.16 mrg 790: mappedoffset = first_byte_pos & ~(httpd->page_size - 1);
791: mappedsz = (size_t)
792: (first_byte_pos - mappedoffset + sz + httpd->page_size - 1) &
793: ~(httpd->page_size - 1);
794: wroffset = (size_t)(first_byte_pos - mappedoffset);
1.12 mrg 795:
1.14 mrg 796: addr = mmap(0, mappedsz, PROT_READ, MAP_SHARED, fd, mappedoffset);
1.12 mrg 797: if (addr == (char *)-1) {
1.16 mrg 798: bozo_warn(httpd, "mmap failed: %s", strerror(errno));
1.12 mrg 799: return -1;
800: }
1.14 mrg 801: mappedaddr = addr;
1.12 mrg 802:
803: #ifdef MADV_SEQUENTIAL
804: (void)madvise(addr, sz, MADV_SEQUENTIAL);
805: #endif
1.16 mrg 806: while (sz > BOZO_WRSZ) {
807: if (bozo_write(httpd, STDOUT_FILENO, addr + wroffset,
808: BOZO_WRSZ) != BOZO_WRSZ) {
809: bozo_warn(httpd, "write failed: %s", strerror(errno));
1.12 mrg 810: goto out;
811: }
1.16 mrg 812: debug((httpd, DEBUG_OBESE, "wrote %d bytes", BOZO_WRSZ));
813: sz -= BOZO_WRSZ;
814: addr += BOZO_WRSZ;
815: }
816: if (sz && (size_t)bozo_write(httpd, STDOUT_FILENO, addr + wroffset,
817: sz) != sz) {
818: bozo_warn(httpd, "final write failed: %s", strerror(errno));
1.12 mrg 819: goto out;
820: }
1.16 mrg 821: debug((httpd, DEBUG_OBESE, "wrote %d bytes", (int)sz));
1.12 mrg 822: out:
1.14 mrg 823: if (munmap(mappedaddr, mappedsz) < 0) {
1.16 mrg 824: bozo_warn(httpd, "munmap failed");
1.12 mrg 825: return -1;
826: }
827:
828: return 0;
829: }
830:
831: static int
1.10 joerg 832: parse_http_date(const char *val, time_t *timestamp)
833: {
834: char *remainder;
835: struct tm tm;
836:
837: if ((remainder = strptime(val, "%a, %d %b %Y %T GMT", &tm)) == NULL &&
838: (remainder = strptime(val, "%a, %d-%b-%y %T GMT", &tm)) == NULL &&
839: (remainder = strptime(val, "%a %b %d %T %Y", &tm)) == NULL)
840: return 0; /* Invalid HTTP date format */
841:
842: if (*remainder)
843: return 0; /* No trailing garbage */
844:
845: *timestamp = timegm(&tm);
846: return 1;
847: }
848:
1.1 tls 849: /*
1.32 mrg 850: * given an url, encode it ala rfc 3986. ie, escape ? and friends.
851: * note that this function returns a static buffer, and thus needs
852: * to be updated for any sort of parallel processing.
853: */
854: char *
855: escape_rfc3986(bozohttpd_t *httpd, const char *url)
856: {
857: static char *buf;
858: static size_t buflen = 0;
859: size_t len;
860: const char *s;
861: char *d;
862:
863: len = strlen(url);
864: if (buflen < len * 3 + 1) {
865: buflen = len * 3 + 1;
866: buf = bozorealloc(httpd, buf, buflen);
867: }
868:
869: if (url == NULL) {
870: buf[0] = 0;
871: return buf;
872: }
873:
1.33 ! mrg 874: for (len = 0, s = url, d = buf; *s;) {
1.32 mrg 875: if (*s & 0x80)
876: goto encode_it;
877: switch (*s) {
878: case ':':
879: case '/':
880: case '?':
881: case '#':
882: case '[':
883: case ']':
884: case '@':
885: case '!':
886: case '$':
887: case '&':
888: case '\'':
889: case '(':
890: case ')':
891: case '*':
892: case '+':
893: case ',':
894: case ';':
895: case '=':
1.33 ! mrg 896: case '%':
1.32 mrg 897: encode_it:
898: snprintf(d, 4, "%%%2X", *s++);
899: d += 3;
900: len += 3;
1.33 ! mrg 901: break;
1.32 mrg 902: default:
903: *d++ = *s++;
904: len++;
1.33 ! mrg 905: break;
1.32 mrg 906: }
907: }
908: buf[len] = 0;
909:
910: return buf;
911: }
912:
913: /*
1.16 mrg 914: * checks to see if this request has a valid .bzdirect file. returns
915: * 0 on failure and 1 on success.
1.1 tls 916: */
1.16 mrg 917: static int
918: check_direct_access(bozo_httpreq_t *request)
1.1 tls 919: {
1.16 mrg 920: FILE *fp;
921: struct stat sb;
922: char dir[MAXPATHLEN], dirfile[MAXPATHLEN], *basename;
1.1 tls 923:
1.16 mrg 924: snprintf(dir, sizeof(dir), "%s", request->hr_file + 1);
1.17 mrg 925: debug((request->hr_httpd, DEBUG_FAT, "check_bzredirect: dir %s", dir));
1.16 mrg 926: basename = strrchr(dir, '/');
1.12 mrg 927:
1.16 mrg 928: if ((!basename || basename[1] != '\0') &&
929: lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode))
930: /* nothing */;
931: else if (basename == NULL)
932: strcpy(dir, ".");
933: else {
934: *basename++ = '\0';
935: bozo_check_special_files(request, basename);
1.12 mrg 936: }
937:
1.16 mrg 938: snprintf(dirfile, sizeof(dirfile), "%s/%s", dir, DIRECT_ACCESS_FILE);
939: if (stat(dirfile, &sb) < 0 ||
940: (fp = fopen(dirfile, "r")) == NULL)
941: return 0;
942: fclose(fp);
943: return 1;
944: }
1.1 tls 945:
1.16 mrg 946: /*
947: * do automatic redirection -- if there are query parameters for the URL
948: * we will tack these on to the new (redirected) URL.
949: */
950: static void
951: handle_redirect(bozo_httpreq_t *request,
952: const char *url, int absolute)
953: {
954: bozohttpd_t *httpd = request->hr_httpd;
955: char *urlbuf;
956: char portbuf[20];
957: int query = 0;
958:
959: if (url == NULL) {
960: if (asprintf(&urlbuf, "/%s/", request->hr_file) < 0)
961: bozo_err(httpd, 1, "asprintf");
962: url = urlbuf;
963: } else
964: urlbuf = NULL;
1.32 mrg 965: url = escape_rfc3986(request->hr_httpd, url);
1.1 tls 966:
1.32 mrg 967: if (request->hr_query && strlen(request->hr_query))
1.16 mrg 968: query = 1;
1.1 tls 969:
1.16 mrg 970: if (request->hr_serverport && strcmp(request->hr_serverport, "80") != 0)
971: snprintf(portbuf, sizeof(portbuf), ":%s",
972: request->hr_serverport);
973: else
974: portbuf[0] = '\0';
975: bozo_warn(httpd, "redirecting %s%s%s", httpd->virthostname, portbuf, url);
976: debug((httpd, DEBUG_FAT, "redirecting %s", url));
977: bozo_printf(httpd, "%s 301 Document Moved\r\n", request->hr_proto);
978: if (request->hr_proto != httpd->consts.http_09)
979: bozo_print_header(request, NULL, "text/html", NULL);
980: if (request->hr_proto != httpd->consts.http_09) {
981: bozo_printf(httpd, "Location: http://");
982: if (absolute == 0)
983: bozo_printf(httpd, "%s%s", httpd->virthostname, portbuf);
984: if (query) {
1.32 mrg 985: bozo_printf(httpd, "%s?%s\r\n", url, request->hr_query);
1.16 mrg 986: } else {
1.32 mrg 987: bozo_printf(httpd, "%s\r\n", url);
1.12 mrg 988: }
1.1 tls 989: }
1.16 mrg 990: bozo_printf(httpd, "\r\n");
991: if (request->hr_method == HTTP_HEAD)
992: goto head;
993: bozo_printf(httpd, "<html><head><title>Document Moved</title></head>\n");
994: bozo_printf(httpd, "<body><h1>Document Moved</h1>\n");
995: bozo_printf(httpd, "This document had moved <a href=\"http://");
996: if (query) {
1.32 mrg 997: if (absolute)
998: bozo_printf(httpd, "%s?%s", url, request->hr_query);
999: else
1000: bozo_printf(httpd, "%s%s%s?%s", httpd->virthostname,
1001: portbuf, url, request->hr_query);
1002: } else {
1003: if (absolute)
1004: bozo_printf(httpd, "%s", url);
1005: else
1006: bozo_printf(httpd, "%s%s%s", httpd->virthostname,
1007: portbuf, url);
1.16 mrg 1008: }
1009: bozo_printf(httpd, "\">here</a>\n");
1010: bozo_printf(httpd, "</body></html>\n");
1011: head:
1012: bozo_flush(httpd, stdout);
1013: if (urlbuf)
1014: free(urlbuf);
1.1 tls 1015: }
1016:
1017: /*
1018: * deal with virtual host names; we do this:
1.16 mrg 1019: * if we have a virtual path root (httpd->virtbase), and we are given a
1.1 tls 1020: * virtual host spec (Host: ho.st or http://ho.st/), see if this
1.16 mrg 1021: * directory exists under httpd->virtbase. if it does, use this as the
1.1 tls 1022: # new slashdir.
1023: */
1.12 mrg 1024: static int
1.16 mrg 1025: check_virtual(bozo_httpreq_t *request)
1.1 tls 1026: {
1.16 mrg 1027: bozohttpd_t *httpd = request->hr_httpd;
1.9 tls 1028: char *file = request->hr_file, *s;
1.1 tls 1029: size_t len;
1030:
1.16 mrg 1031: if (!httpd->virtbase)
1.1 tls 1032: goto use_slashdir;
1033:
1034: /*
1035: * convert http://virtual.host/ to request->hr_host
1036: */
1.16 mrg 1037: debug((httpd, DEBUG_OBESE, "checking for http:// virtual host in ``%s''",
1038: file));
1.9 tls 1039: if (strncasecmp(file, "http://", 7) == 0) {
1.1 tls 1040: /* we would do virtual hosting here? */
1.9 tls 1041: file += 7;
1042: s = strchr(file, '/');
1.1 tls 1043: /* HTTP/1.1 draft rev-06, 5.2: URI takes precedence over Host: */
1.9 tls 1044: request->hr_host = file;
1.16 mrg 1045: request->hr_file = bozostrdup(request->hr_httpd, s ? s : "/");
1046: debug((httpd, DEBUG_OBESE, "got host ``%s'' file is now ``%s''",
1.9 tls 1047: request->hr_host, request->hr_file));
1.1 tls 1048: } else if (!request->hr_host)
1049: goto use_slashdir;
1050:
1051: /*
1052: * ok, we have a virtual host, use scandir(3) to find a case
1053: * insensitive match for the virtual host we are asked for.
1054: * note that if the virtual host is the same as the master,
1055: * we don't need to do anything special.
1056: */
1057: len = strlen(request->hr_host);
1.16 mrg 1058: debug((httpd, DEBUG_OBESE,
1059: "check_virtual: checking host `%s' under httpd->virtbase `%s' "
1060: "for file `%s'",
1061: request->hr_host, httpd->virtbase, request->hr_file));
1062: if (strncasecmp(httpd->virthostname, request->hr_host, len) != 0) {
1.1 tls 1063: s = 0;
1.24 mrg 1064: DIR *dirp;
1065: struct dirent *d;
1066:
1.23 mrg 1067: if ((dirp = opendir(httpd->virtbase)) != NULL) {
1068: while ((d = readdir(dirp)) != NULL) {
1069: if (strcmp(d->d_name, ".") == 0 ||
1070: strcmp(d->d_name, "..") == 0) {
1071: continue;
1072: }
1073: debug((httpd, DEBUG_OBESE, "looking at dir``%s''",
1074: d->d_name));
1075: if (strncasecmp(d->d_name, request->hr_host,
1076: len) == 0) {
1077: /* found it, punch it */
1078: debug((httpd, DEBUG_OBESE, "found it punch it"));
1079: httpd->virthostname = d->d_name;
1080: if (asprintf(&s, "%s/%s", httpd->virtbase,
1081: httpd->virthostname) < 0)
1082: bozo_err(httpd, 1, "asprintf");
1083: break;
1084: }
1.1 tls 1085: }
1.23 mrg 1086: closedir(dirp);
1087: }
1088: else {
1089: debug((httpd, DEBUG_FAT, "opendir %s failed: %s",
1090: httpd->virtbase, strerror(errno)));
1.1 tls 1091: }
1092: if (s == 0) {
1.16 mrg 1093: if (httpd->unknown_slash)
1.1 tls 1094: goto use_slashdir;
1.16 mrg 1095: return bozo_http_error(httpd, 404, request,
1096: "unknown URL");
1.1 tls 1097: }
1098: } else
1099: use_slashdir:
1.16 mrg 1100: s = httpd->slashdir;
1.1 tls 1101:
1102: /*
1103: * ok, nailed the correct slashdir, chdir to it
1104: */
1105: if (chdir(s) < 0)
1.16 mrg 1106: return bozo_http_error(httpd, 404, request,
1107: "can't chdir to slashdir");
1.12 mrg 1108: return 0;
1.1 tls 1109: }
1110:
1111: /*
1112: * checks to see if this request has a valid .bzredirect file. returns
1113: * 0 on failure and 1 on success.
1114: */
1115: static void
1.16 mrg 1116: check_bzredirect(bozo_httpreq_t *request)
1.1 tls 1117: {
1118: struct stat sb;
1119: char dir[MAXPATHLEN], redir[MAXPATHLEN], redirpath[MAXPATHLEN + 1];
1120: char *basename, *finalredir;
1121: int rv, absolute;
1122:
1123: /*
1124: * if this pathname is really a directory, but doesn't end in /,
1125: * use it as the directory to look for the redir file.
1126: */
1.9 tls 1127: snprintf(dir, sizeof(dir), "%s", request->hr_file + 1);
1.17 mrg 1128: debug((request->hr_httpd, DEBUG_FAT, "check_bzredirect: dir %s", dir));
1.1 tls 1129: basename = strrchr(dir, '/');
1130:
1131: if ((!basename || basename[1] != '\0') &&
1132: lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode))
1133: /* nothing */;
1134: else if (basename == NULL)
1135: strcpy(dir, ".");
1136: else {
1137: *basename++ = '\0';
1.16 mrg 1138: bozo_check_special_files(request, basename);
1.1 tls 1139: }
1140:
1141: snprintf(redir, sizeof(redir), "%s/%s", dir, REDIRECT_FILE);
1142: if (lstat(redir, &sb) == 0) {
1.16 mrg 1143: if (!S_ISLNK(sb.st_mode))
1.1 tls 1144: return;
1145: absolute = 0;
1146: } else {
1147: snprintf(redir, sizeof(redir), "%s/%s", dir, ABSREDIRECT_FILE);
1.16 mrg 1148: if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode))
1.1 tls 1149: return;
1150: absolute = 1;
1151: }
1.17 mrg 1152: debug((request->hr_httpd, DEBUG_FAT,
1153: "check_bzredirect: calling readlink"));
1.1 tls 1154: rv = readlink(redir, redirpath, sizeof redirpath - 1);
1155: if (rv == -1 || rv == 0) {
1.17 mrg 1156: debug((request->hr_httpd, DEBUG_FAT, "readlink failed"));
1.1 tls 1157: return;
1158: }
1159: redirpath[rv] = '\0';
1.17 mrg 1160: debug((request->hr_httpd, DEBUG_FAT,
1161: "readlink returned \"%s\"", redirpath));
1.1 tls 1162:
1163: /* now we have the link pointer, redirect to the real place */
1164: if (absolute)
1165: finalredir = redirpath;
1166: else
1167: snprintf(finalredir = redir, sizeof(redir), "/%s/%s", dir,
1168: redirpath);
1169:
1.17 mrg 1170: debug((request->hr_httpd, DEBUG_FAT,
1171: "check_bzredirect: new redir %s", finalredir));
1.1 tls 1172: handle_redirect(request, finalredir, absolute);
1173: }
1174:
1.16 mrg 1175: /* this fixes the %HH hack that RFC2396 requires. */
1176: static void
1177: fix_url_percent(bozo_httpreq_t *request)
1.1 tls 1178: {
1.16 mrg 1179: bozohttpd_t *httpd = request->hr_httpd;
1180: char *s, *t, buf[3], *url;
1181: char *end; /* if end is not-zero, we don't translate beyond that */
1182:
1183: url = request->hr_file;
1184:
1185: end = url + strlen(url);
1186:
1187: /* fast forward to the first % */
1188: if ((s = strchr(url, '%')) == NULL)
1189: return;
1.1 tls 1190:
1.16 mrg 1191: t = s;
1192: do {
1193: if (end && s >= end) {
1194: debug((httpd, DEBUG_EXPLODING,
1195: "fu_%%: past end, filling out.."));
1196: while (*s)
1197: *t++ = *s++;
1198: break;
1199: }
1200: debug((httpd, DEBUG_EXPLODING,
1201: "fu_%%: got s == %%, s[1]s[2] == %c%c",
1202: s[1], s[2]));
1203: if (s[1] == '\0' || s[2] == '\0') {
1204: (void)bozo_http_error(httpd, 400, request,
1205: "percent hack missing two chars afterwards");
1206: goto copy_rest;
1207: }
1208: if (s[1] == '0' && s[2] == '0') {
1209: (void)bozo_http_error(httpd, 404, request,
1210: "percent hack was %00");
1211: goto copy_rest;
1212: }
1213: if (s[1] == '2' && s[2] == 'f') {
1214: (void)bozo_http_error(httpd, 404, request,
1215: "percent hack was %2f (/)");
1216: goto copy_rest;
1217: }
1218:
1219: buf[0] = *++s;
1220: buf[1] = *++s;
1221: buf[2] = '\0';
1222: s++;
1223: *t = (char)strtol(buf, NULL, 16);
1224: debug((httpd, DEBUG_EXPLODING,
1225: "fu_%%: strtol put '%02x' into *t", *t));
1226: if (*t++ == '\0') {
1227: (void)bozo_http_error(httpd, 400, request,
1228: "percent hack got a 0 back");
1229: goto copy_rest;
1230: }
1.1 tls 1231:
1.16 mrg 1232: while (*s && *s != '%') {
1233: if (end && s >= end)
1234: break;
1235: *t++ = *s++;
1236: }
1237: } while (*s);
1238: copy_rest:
1239: while (*s) {
1240: if (s >= end)
1241: break;
1242: *t++ = *s++;
1.1 tls 1243: }
1.16 mrg 1244: *t = '\0';
1245: debug((httpd, DEBUG_FAT, "fix_url_percent returns %s in url",
1246: request->hr_file));
1.1 tls 1247: }
1248:
1249: /*
1250: * transform_request does this:
1251: * - ``expand'' %20 crapola
1252: * - punt if it doesn't start with /
1.16 mrg 1253: * - check httpd->untrustedref / referrer
1.1 tls 1254: * - look for "http://myname/" and deal with it.
1.16 mrg 1255: * - maybe call bozo_process_cgi()
1256: * - check for ~user and call bozo_user_transform() if so
1.1 tls 1257: * - if the length > 1, check for trailing slash. if so,
1258: * add the index.html file
1259: * - if the length is 1, return the index.html file
1260: * - disallow anything ending up with a file starting
1261: * at "/" or having ".." in it.
1262: * - anything else is a really weird internal error
1.12 mrg 1263: * - returns malloced file to serve, if unhandled
1.1 tls 1264: */
1.16 mrg 1265: static int
1266: transform_request(bozo_httpreq_t *request, int *isindex)
1.1 tls 1267: {
1.16 mrg 1268: bozohttpd_t *httpd = request->hr_httpd;
1.12 mrg 1269: char *file, *newfile = NULL;
1.1 tls 1270: size_t len;
1271:
1.12 mrg 1272: file = NULL;
1.1 tls 1273: *isindex = 0;
1.16 mrg 1274: debug((httpd, DEBUG_FAT, "tf_req: file %s", request->hr_file));
1.1 tls 1275: fix_url_percent(request);
1.12 mrg 1276: if (check_virtual(request)) {
1277: goto bad_done;
1278: }
1279: file = request->hr_file;
1.1 tls 1280:
1.12 mrg 1281: if (file[0] != '/') {
1.16 mrg 1282: (void)bozo_http_error(httpd, 404, request, "unknown URL");
1.12 mrg 1283: goto bad_done;
1284: }
1.1 tls 1285:
1286: check_bzredirect(request);
1287:
1.16 mrg 1288: if (httpd->untrustedref) {
1.1 tls 1289: int to_indexhtml = 0;
1290:
1291: #define TOP_PAGE(x) (strcmp((x), "/") == 0 || \
1.16 mrg 1292: strcmp((x) + 1, httpd->index_html) == 0 || \
1.1 tls 1293: strcmp((x) + 1, "favicon.ico") == 0)
1294:
1.16 mrg 1295: debug((httpd, DEBUG_EXPLODING, "checking httpd->untrustedref"));
1.1 tls 1296: /*
1297: * first check that this path isn't allowed via .bzdirect file,
1298: * and then check referrer; make sure that people come via the
1299: * real name... otherwise if we aren't looking at / or
1300: * /index.html, redirect... we also special case favicon.ico.
1301: */
1302: if (check_direct_access(request))
1303: /* nothing */;
1304: else if (request->hr_referrer) {
1305: const char *r = request->hr_referrer;
1306:
1.16 mrg 1307: debug((httpd, DEBUG_FAT,
1308: "checking referrer \"%s\" vs virthostname %s",
1309: r, httpd->virthostname));
1.1 tls 1310: if (strncmp(r, "http://", 7) != 0 ||
1.16 mrg 1311: (strncasecmp(r + 7, httpd->virthostname,
1312: strlen(httpd->virthostname)) != 0 &&
1.12 mrg 1313: !TOP_PAGE(file)))
1.1 tls 1314: to_indexhtml = 1;
1315: } else {
1316: const char *h = request->hr_host;
1317:
1.16 mrg 1318: debug((httpd, DEBUG_FAT, "url has no referrer at all"));
1.1 tls 1319: /* if there's no referrer, let / or /index.html past */
1.12 mrg 1320: if (!TOP_PAGE(file) ||
1.16 mrg 1321: (h && strncasecmp(h, httpd->virthostname,
1322: strlen(httpd->virthostname)) != 0))
1.1 tls 1323: to_indexhtml = 1;
1324: }
1325:
1326: if (to_indexhtml) {
1327: char *slashindexhtml;
1328:
1.16 mrg 1329: if (asprintf(&slashindexhtml, "/%s",
1330: httpd->index_html) < 0)
1331: bozo_err(httpd, 1, "asprintf");
1332: debug((httpd, DEBUG_FAT,
1333: "httpd->untrustedref: redirecting %s to %s",
1334: file, slashindexhtml));
1.1 tls 1335: handle_redirect(request, slashindexhtml, 0);
1.12 mrg 1336: free(slashindexhtml);
1337: return 0;
1.1 tls 1338: }
1339: }
1340:
1.12 mrg 1341: len = strlen(file);
1.16 mrg 1342: if (/*CONSTCOND*/0) {
1.1 tls 1343: #ifndef NO_USER_SUPPORT
1.16 mrg 1344: } else if (len > 1 && httpd->enable_users && file[1] == '~') {
1.12 mrg 1345: if (file[2] == '\0') {
1.16 mrg 1346: (void)bozo_http_error(httpd, 404, request,
1347: "missing username");
1.12 mrg 1348: goto bad_done;
1349: }
1350: if (strchr(file + 2, '/') == NULL) {
1.1 tls 1351: handle_redirect(request, NULL, 0);
1.12 mrg 1352: return 0;
1353: }
1.16 mrg 1354: debug((httpd, DEBUG_FAT, "calling bozo_user_transform"));
1.12 mrg 1355:
1.16 mrg 1356: return bozo_user_transform(request, isindex);
1.1 tls 1357: #endif /* NO_USER_SUPPORT */
1358: } else if (len > 1) {
1.16 mrg 1359: debug((httpd, DEBUG_FAT, "file[len-1] == %c", file[len-1]));
1.12 mrg 1360: if (file[len-1] == '/') { /* append index.html */
1.1 tls 1361: *isindex = 1;
1.16 mrg 1362: debug((httpd, DEBUG_FAT, "appending index.html"));
1363: newfile = bozomalloc(httpd,
1364: len + strlen(httpd->index_html) + 1);
1.12 mrg 1365: strcpy(newfile, file + 1);
1.16 mrg 1366: strcat(newfile, httpd->index_html);
1.1 tls 1367: } else
1.16 mrg 1368: newfile = bozostrdup(request->hr_httpd, file + 1);
1.1 tls 1369: } else if (len == 1) {
1.16 mrg 1370: debug((httpd, DEBUG_EXPLODING, "tf_req: len == 1"));
1371: newfile = bozostrdup(request->hr_httpd, httpd->index_html);
1.1 tls 1372: *isindex = 1;
1.12 mrg 1373: } else { /* len == 0 ? */
1.16 mrg 1374: (void)bozo_http_error(httpd, 500, request,
1375: "request->hr_file is nul?");
1.12 mrg 1376: goto bad_done;
1377: }
1.1 tls 1378:
1.12 mrg 1379: if (newfile == NULL) {
1.16 mrg 1380: (void)bozo_http_error(httpd, 500, request, "internal failure");
1.12 mrg 1381: goto bad_done;
1382: }
1.1 tls 1383:
1384: /*
1385: * look for "http://myname/" and deal with it as necessary.
1386: */
1387:
1388: /*
1389: * stop traversing outside our domain
1390: *
1391: * XXX true security only comes from our parent using chroot(2)
1392: * before execve(2)'ing us. or our own built in chroot(2) support.
1393: */
1.12 mrg 1394: if (*newfile == '/' || strcmp(newfile, "..") == 0 ||
1395: strstr(newfile, "/..") || strstr(newfile, "../")) {
1.16 mrg 1396: (void)bozo_http_error(httpd, 403, request, "illegal request");
1.12 mrg 1397: goto bad_done;
1398: }
1399:
1.17 mrg 1400: if (bozo_auth_check(request, newfile))
1.12 mrg 1401: goto bad_done;
1.1 tls 1402:
1.13 mrg 1403: if (strlen(newfile)) {
1.20 mrg 1404: request->hr_oldfile = request->hr_file;
1.12 mrg 1405: request->hr_file = newfile;
1.13 mrg 1406: }
1.9 tls 1407:
1.16 mrg 1408: if (bozo_process_cgi(request))
1.12 mrg 1409: return 0;
1.1 tls 1410:
1.16 mrg 1411: debug((httpd, DEBUG_FAT, "transform_request set: %s", newfile));
1.12 mrg 1412: return 1;
1413: bad_done:
1.16 mrg 1414: debug((httpd, DEBUG_FAT, "transform_request returning: 0"));
1.12 mrg 1415: if (newfile)
1416: free(newfile);
1417: return 0;
1.1 tls 1418: }
1419:
1420: /*
1.31 elric 1421: * can_gzip checks if the request supports and prefers gzip encoding.
1422: *
1423: * XXX: we do not consider the associated q with gzip in making our
1424: * decision which is broken.
1425: */
1426:
1427: static int
1428: can_gzip(bozo_httpreq_t *request)
1429: {
1430: const char *pos;
1431: const char *tmp;
1432: size_t len;
1433:
1434: /* First we decide if the request can be gzipped at all. */
1435:
1436: /* not if we already are encoded... */
1437: tmp = bozo_content_encoding(request, request->hr_file);
1438: if (tmp && *tmp)
1439: return 0;
1440:
1441: /* not if we are not asking for the whole file... */
1442: if (request->hr_last_byte_pos != -1 || request->hr_have_range)
1443: return 0;
1444:
1445: /* Then we determine if gzip is on the cards. */
1446:
1447: for (pos = request->hr_accept_encoding; pos && *pos; pos += len) {
1448: while (*pos == ' ')
1449: pos++;
1450:
1451: len = strcspn(pos, ";,");
1452:
1453: if ((len == 4 && strncasecmp("gzip", pos, 4) == 0) ||
1454: (len == 6 && strncasecmp("x-gzip", pos, 6) == 0))
1455: return 1;
1456:
1457: if (pos[len] == ';')
1458: len += strcspn(&pos[len], ",");
1459:
1460: if (pos[len])
1461: len++;
1462: }
1463:
1464: return 0;
1465: }
1466:
1467: /*
1.16 mrg 1468: * bozo_process_request does the following:
1469: * - check the request is valid
1470: * - process cgi-bin if necessary
1471: * - transform a filename if necesarry
1472: * - return the HTTP request
1.1 tls 1473: */
1.16 mrg 1474: void
1475: bozo_process_request(bozo_httpreq_t *request)
1.1 tls 1476: {
1.16 mrg 1477: bozohttpd_t *httpd = request->hr_httpd;
1478: struct stat sb;
1479: time_t timestamp;
1480: char *file;
1481: const char *type, *encoding;
1482: int fd, isindex;
1483:
1484: /*
1485: * note that transform_request chdir()'s if required. also note
1486: * that cgi is handed here. if transform_request() returns 0
1487: * then the request has been handled already.
1488: */
1489: if (transform_request(request, &isindex) == 0)
1490: return;
1.12 mrg 1491:
1.31 elric 1492: fd = -1;
1493: encoding = NULL;
1494: if (can_gzip(request)) {
1495: asprintf(&file, "%s.gz", request->hr_file);
1496: fd = open(file, O_RDONLY);
1497: if (fd >= 0)
1498: encoding = "gzip";
1499: free(file);
1500: }
1501:
1.16 mrg 1502: file = request->hr_file;
1.9 tls 1503:
1.31 elric 1504: if (fd < 0)
1505: fd = open(file, O_RDONLY);
1506:
1.16 mrg 1507: if (fd < 0) {
1508: debug((httpd, DEBUG_FAT, "open failed: %s", strerror(errno)));
1509: if (errno == EPERM)
1510: (void)bozo_http_error(httpd, 403, request,
1511: "no permission to open file");
1512: else if (errno == ENOENT) {
1513: if (!bozo_dir_index(request, file, isindex))
1514: (void)bozo_http_error(httpd, 404, request,
1515: "no file");
1516: } else
1517: (void)bozo_http_error(httpd, 500, request, "open file");
1518: goto cleanup_nofd;
1.1 tls 1519: }
1.16 mrg 1520: if (fstat(fd, &sb) < 0) {
1521: (void)bozo_http_error(httpd, 500, request, "can't fstat");
1522: goto cleanup;
1.9 tls 1523: }
1.16 mrg 1524: if (S_ISDIR(sb.st_mode)) {
1525: handle_redirect(request, NULL, 0);
1526: goto cleanup;
1.6 mrg 1527: }
1.1 tls 1528:
1.16 mrg 1529: if (request->hr_if_modified_since &&
1530: parse_http_date(request->hr_if_modified_since, ×tamp) &&
1531: timestamp >= sb.st_mtime) {
1532: /* XXX ignore subsecond of timestamp */
1533: bozo_printf(httpd, "%s 304 Not Modified\r\n",
1534: request->hr_proto);
1535: bozo_printf(httpd, "\r\n");
1536: bozo_flush(httpd, stdout);
1537: goto cleanup;
1.1 tls 1538: }
1539:
1.16 mrg 1540: /* validate requested range */
1541: if (request->hr_last_byte_pos == -1 ||
1542: request->hr_last_byte_pos >= sb.st_size)
1543: request->hr_last_byte_pos = sb.st_size - 1;
1544: if (request->hr_have_range &&
1545: request->hr_first_byte_pos > request->hr_last_byte_pos) {
1546: request->hr_have_range = 0; /* punt */
1547: request->hr_first_byte_pos = 0;
1548: request->hr_last_byte_pos = sb.st_size - 1;
1.1 tls 1549: }
1.28 joerg 1550: debug((httpd, DEBUG_FAT, "have_range %d first_pos %lld last_pos %lld",
1.16 mrg 1551: request->hr_have_range,
1.28 joerg 1552: (long long)request->hr_first_byte_pos,
1553: (long long)request->hr_last_byte_pos));
1.16 mrg 1554: if (request->hr_have_range)
1555: bozo_printf(httpd, "%s 206 Partial Content\r\n",
1556: request->hr_proto);
1557: else
1558: bozo_printf(httpd, "%s 200 OK\r\n", request->hr_proto);
1.1 tls 1559:
1.16 mrg 1560: if (request->hr_proto != httpd->consts.http_09) {
1561: type = bozo_content_type(request, file);
1.31 elric 1562: if (!encoding)
1563: encoding = bozo_content_encoding(request, file);
1.1 tls 1564:
1.16 mrg 1565: bozo_print_header(request, &sb, type, encoding);
1566: bozo_printf(httpd, "\r\n");
1.12 mrg 1567: }
1.16 mrg 1568: bozo_flush(httpd, stdout);
1.1 tls 1569:
1.16 mrg 1570: if (request->hr_method != HTTP_HEAD) {
1571: off_t szleft, cur_byte_pos;
1.1 tls 1572:
1.16 mrg 1573: szleft =
1574: request->hr_last_byte_pos - request->hr_first_byte_pos + 1;
1575: cur_byte_pos = request->hr_first_byte_pos;
1.1 tls 1576:
1.16 mrg 1577: retry:
1578: while (szleft) {
1579: size_t sz;
1.12 mrg 1580:
1.16 mrg 1581: /* This should take care of the first unaligned chunk */
1582: if ((cur_byte_pos & (httpd->page_size - 1)) != 0)
1583: sz = (size_t)(cur_byte_pos & ~httpd->page_size);
1584: if ((off_t)httpd->mmapsz < szleft)
1585: sz = httpd->mmapsz;
1586: else
1587: sz = (size_t)szleft;
1588: if (mmap_and_write_part(httpd, fd, cur_byte_pos, sz)) {
1589: if (errno == ENOMEM) {
1590: httpd->mmapsz /= 2;
1591: if (httpd->mmapsz >= httpd->page_size)
1592: goto retry;
1593: }
1594: goto cleanup;
1595: }
1596: cur_byte_pos += sz;
1597: szleft -= sz;
1.1 tls 1598: }
1.16 mrg 1599: }
1600: cleanup:
1601: close(fd);
1602: cleanup_nofd:
1603: close(STDIN_FILENO);
1604: close(STDOUT_FILENO);
1605: /*close(STDERR_FILENO);*/
1.1 tls 1606: }
1607:
1.16 mrg 1608: /* make sure we're not trying to access special files */
1609: int
1610: bozo_check_special_files(bozo_httpreq_t *request, const char *name)
1.1 tls 1611: {
1.16 mrg 1612: bozohttpd_t *httpd = request->hr_httpd;
1.1 tls 1613:
1.16 mrg 1614: /* ensure basename(name) != special files */
1615: if (strcmp(name, DIRECT_ACCESS_FILE) == 0)
1616: return bozo_http_error(httpd, 403, request,
1617: "no permission to open direct access file");
1618: if (strcmp(name, REDIRECT_FILE) == 0)
1619: return bozo_http_error(httpd, 403, request,
1620: "no permission to open redirect file");
1621: if (strcmp(name, ABSREDIRECT_FILE) == 0)
1622: return bozo_http_error(httpd, 403, request,
1623: "no permission to open redirect file");
1.17 mrg 1624: return bozo_auth_check_special_files(request, name);
1.16 mrg 1625: }
1.1 tls 1626:
1.16 mrg 1627: /* generic header printing routine */
1628: void
1629: bozo_print_header(bozo_httpreq_t *request,
1630: struct stat *sbp, const char *type, const char *encoding)
1631: {
1632: bozohttpd_t *httpd = request->hr_httpd;
1633: off_t len;
1634: char date[40];
1.1 tls 1635:
1.16 mrg 1636: bozo_printf(httpd, "Date: %s\r\n", bozo_http_date(date, sizeof(date)));
1637: bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
1638: bozo_printf(httpd, "Accept-Ranges: bytes\r\n");
1639: if (sbp) {
1640: char filedate[40];
1641: struct tm *tm;
1.1 tls 1642:
1.16 mrg 1643: tm = gmtime(&sbp->st_mtime);
1644: strftime(filedate, sizeof filedate,
1645: "%a, %d %b %Y %H:%M:%S GMT", tm);
1646: bozo_printf(httpd, "Last-Modified: %s\r\n", filedate);
1647: }
1648: if (type && *type)
1649: bozo_printf(httpd, "Content-Type: %s\r\n", type);
1650: if (encoding && *encoding)
1651: bozo_printf(httpd, "Content-Encoding: %s\r\n", encoding);
1652: if (sbp) {
1653: if (request->hr_have_range) {
1654: len = request->hr_last_byte_pos -
1655: request->hr_first_byte_pos +1;
1656: bozo_printf(httpd,
1657: "Content-Range: bytes %qd-%qd/%qd\r\n",
1658: (long long) request->hr_first_byte_pos,
1659: (long long) request->hr_last_byte_pos,
1660: (long long) sbp->st_size);
1661: } else
1662: len = sbp->st_size;
1663: bozo_printf(httpd, "Content-Length: %qd\r\n", (long long)len);
1.1 tls 1664: }
1.16 mrg 1665: if (request && request->hr_proto == httpd->consts.http_11)
1666: bozo_printf(httpd, "Connection: close\r\n");
1667: bozo_flush(httpd, stdout);
1.1 tls 1668: }
1669:
1.25 mrg 1670: #ifndef NO_DEBUG
1.1 tls 1671: void
1.16 mrg 1672: debug__(bozohttpd_t *httpd, int level, const char *fmt, ...)
1.1 tls 1673: {
1674: va_list ap;
1675: int savederrno;
1676:
1677: /* only log if the level is low enough */
1.16 mrg 1678: if (httpd->debug < level)
1.1 tls 1679: return;
1680:
1681: savederrno = errno;
1682: va_start(ap, fmt);
1.16 mrg 1683: if (httpd->logstderr) {
1.1 tls 1684: vfprintf(stderr, fmt, ap);
1685: fputs("\n", stderr);
1686: } else
1687: vsyslog(LOG_DEBUG, fmt, ap);
1688: va_end(ap);
1689: errno = savederrno;
1690: }
1.25 mrg 1691: #endif /* NO_DEBUG */
1.1 tls 1692:
1693: /* these are like warn() and err(), except for syslog not stderr */
1694: void
1.16 mrg 1695: bozo_warn(bozohttpd_t *httpd, const char *fmt, ...)
1.1 tls 1696: {
1697: va_list ap;
1698:
1699: va_start(ap, fmt);
1.16 mrg 1700: if (httpd->logstderr || isatty(STDERR_FILENO)) {
1.14 mrg 1701: //fputs("warning: ", stderr);
1.1 tls 1702: vfprintf(stderr, fmt, ap);
1703: fputs("\n", stderr);
1704: } else
1705: vsyslog(LOG_INFO, fmt, ap);
1706: va_end(ap);
1707: }
1708:
1709: void
1.16 mrg 1710: bozo_err(bozohttpd_t *httpd, int code, const char *fmt, ...)
1.1 tls 1711: {
1712: va_list ap;
1713:
1714: va_start(ap, fmt);
1.16 mrg 1715: if (httpd->logstderr || isatty(STDERR_FILENO)) {
1.14 mrg 1716: //fputs("error: ", stderr);
1.1 tls 1717: vfprintf(stderr, fmt, ap);
1718: fputs("\n", stderr);
1719: } else
1720: vsyslog(LOG_ERR, fmt, ap);
1721: va_end(ap);
1722: exit(code);
1723: }
1724:
1.16 mrg 1725: /* this escape HTML tags */
1726: static void
1727: escape_html(bozo_httpreq_t *request)
1.1 tls 1728: {
1.16 mrg 1729: int i, j;
1730: char *url = request->hr_file, *tmp;
1.1 tls 1731:
1.16 mrg 1732: for (i = 0, j = 0; url[i]; i++) {
1733: switch (url[i]) {
1734: case '<':
1735: case '>':
1736: j += 4;
1737: break;
1738: case '&':
1739: j += 5;
1740: break;
1741: }
1.12 mrg 1742: }
1.1 tls 1743:
1.16 mrg 1744: if (j == 0)
1745: return;
1746:
1747: if ((tmp = (char *) malloc(strlen(url) + j)) == 0)
1748: /*
1749: * ouch, but we are only called from an error context, and
1750: * most paths here come from malloc(3) failures anyway...
1751: * we could completely punt and just exit, but isn't returning
1752: * an not-quite-correct error better than nothing at all?
1753: */
1754: return;
1.1 tls 1755:
1.16 mrg 1756: for (i = 0, j = 0; url[i]; i++) {
1757: switch (url[i]) {
1758: case '<':
1759: memcpy(tmp + j, "<", 4);
1760: j += 4;
1761: break;
1762: case '>':
1763: memcpy(tmp + j, ">", 4);
1764: j += 4;
1765: break;
1766: case '&':
1767: memcpy(tmp + j, "&", 5);
1768: j += 5;
1769: break;
1770: default:
1771: tmp[j++] = url[i];
1.12 mrg 1772: }
1.16 mrg 1773: }
1774: tmp[j] = 0;
1.1 tls 1775:
1.16 mrg 1776: free(request->hr_file);
1777: request->hr_file = tmp;
1.1 tls 1778: }
1779:
1780: /* short map between error code, and short/long messages */
1781: static struct errors_map {
1782: int code; /* HTTP return code */
1783: const char *shortmsg; /* short version of message */
1784: const char *longmsg; /* long version of message */
1785: } errors_map[] = {
1786: { 400, "400 Bad Request", "The request was not valid", },
1787: { 401, "401 Unauthorized", "No authorization", },
1.6 mrg 1788: { 403, "403 Forbidden", "Access to this item has been denied",},
1.1 tls 1789: { 404, "404 Not Found", "This item has not been found", },
1790: { 408, "408 Request Timeout", "This request took too long", },
1791: { 417, "417 Expectation Failed","Expectations not available", },
1792: { 500, "500 Internal Error", "An error occured on the server", },
1793: { 501, "501 Not Implemented", "This request is not available", },
1794: { 0, NULL, NULL, },
1795: };
1796:
1797: static const char *help = "DANGER! WILL ROBINSON! DANGER!";
1798:
1799: static const char *
1800: http_errors_short(int code)
1801: {
1802: struct errors_map *ep;
1803:
1804: for (ep = errors_map; ep->code; ep++)
1805: if (ep->code == code)
1806: return (ep->shortmsg);
1807: return (help);
1808: }
1809:
1810: static const char *
1811: http_errors_long(int code)
1812: {
1813: struct errors_map *ep;
1814:
1815: for (ep = errors_map; ep->code; ep++)
1816: if (ep->code == code)
1817: return (ep->longmsg);
1818: return (help);
1819: }
1820:
1.16 mrg 1821: /* the follow functions and variables are used in handling HTTP errors */
1822: /* ARGSUSED */
1823: int
1824: bozo_http_error(bozohttpd_t *httpd, int code, bozo_httpreq_t *request,
1825: const char *msg)
1826: {
1827: char portbuf[20];
1828: const char *header = http_errors_short(code);
1829: const char *reason = http_errors_long(code);
1830: const char *proto = (request && request->hr_proto) ?
1831: request->hr_proto : httpd->consts.http_11;
1832: int size;
1833:
1834: debug((httpd, DEBUG_FAT, "bozo_http_error %d: %s", code, msg));
1835: if (header == NULL || reason == NULL) {
1836: bozo_err(httpd, 1,
1837: "bozo_http_error() failed (short = %p, long = %p)",
1838: header, reason);
1839: return code;
1840: }
1841:
1842: if (request && request->hr_serverport &&
1843: strcmp(request->hr_serverport, "80") != 0)
1844: snprintf(portbuf, sizeof(portbuf), ":%s",
1845: request->hr_serverport);
1846: else
1847: portbuf[0] = '\0';
1848:
1849: if (request && request->hr_file) {
1850: escape_html(request);
1851: size = snprintf(httpd->errorbuf, BUFSIZ,
1852: "<html><head><title>%s</title></head>\n"
1853: "<body><h1>%s</h1>\n"
1854: "%s: <pre>%s</pre>\n"
1855: "<hr><address><a href=\"http://%s%s/\">%s%s</a></address>\n"
1856: "</body></html>\n",
1857: header, header, request->hr_file, reason,
1858: httpd->virthostname, portbuf, httpd->virthostname, portbuf);
1859: if (size >= (int)BUFSIZ) {
1860: bozo_warn(httpd,
1861: "bozo_http_error buffer too small, truncated");
1862: size = (int)BUFSIZ;
1863: }
1864: } else
1865: size = 0;
1866:
1867: bozo_printf(httpd, "%s %s\r\n", proto, header);
1.26 pooka 1868: if (request)
1869: bozo_auth_check_401(request, code);
1.16 mrg 1870:
1871: bozo_printf(httpd, "Content-Type: text/html\r\n");
1872: bozo_printf(httpd, "Content-Length: %d\r\n", size);
1873: bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
1874: if (request && request->hr_allow)
1875: bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow);
1876: bozo_printf(httpd, "\r\n");
1877: if (size)
1878: bozo_printf(httpd, "%s", httpd->errorbuf);
1879: bozo_flush(httpd, stdout);
1880:
1881: return code;
1882: }
1883:
1.1 tls 1884: /* Below are various modified libc functions */
1885:
1886: /*
1887: * returns -1 in lenp if the string ran out before finding a delimiter,
1888: * but is otherwise the same as strsep. Note that the length must be
1889: * correctly passed in.
1890: */
1891: char *
1.6 mrg 1892: bozostrnsep(char **strp, const char *delim, ssize_t *lenp)
1.1 tls 1893: {
1894: char *s;
1895: const char *spanp;
1896: int c, sc;
1897: char *tok;
1898:
1899: if ((s = *strp) == NULL)
1900: return (NULL);
1901: for (tok = s;;) {
1902: if (lenp && --(*lenp) == -1)
1903: return (NULL);
1904: c = *s++;
1905: spanp = delim;
1906: do {
1907: if ((sc = *spanp++) == c) {
1908: if (c == 0)
1909: s = NULL;
1910: else
1911: s[-1] = '\0';
1912: *strp = s;
1913: return (tok);
1914: }
1915: } while (sc != 0);
1916: }
1917: /* NOTREACHED */
1918: }
1919:
1920: /*
1921: * inspired by fgetln(3), but works for fd's. should work identically
1922: * except it, however, does *not* return the newline, and it does nul
1923: * terminate the string.
1924: */
1925: char *
1.16 mrg 1926: bozodgetln(bozohttpd_t *httpd, int fd, ssize_t *lenp,
1927: ssize_t (*readfn)(bozohttpd_t *, int, void *, size_t))
1.1 tls 1928: {
1929: ssize_t len;
1930: int got_cr = 0;
1931: char c, *nbuffer;
1932:
1933: /* initialise */
1.16 mrg 1934: if (httpd->getln_buflen == 0) {
1935: /* should be plenty for most requests */
1936: httpd->getln_buflen = 128;
1937: httpd->getln_buffer = malloc((size_t)httpd->getln_buflen);
1938: if (httpd->getln_buffer == NULL) {
1939: httpd->getln_buflen = 0;
1.1 tls 1940: return NULL;
1941: }
1942: }
1943: len = 0;
1944:
1945: /*
1946: * we *have* to read one byte at a time, to not break cgi
1947: * programs (for we pass stdin off to them). could fix this
1948: * by becoming a fd-passing program instead of just exec'ing
1949: * the program
1.17 mrg 1950: *
1951: * the above is no longer true, we are the fd-passing
1952: * program already.
1.1 tls 1953: */
1.16 mrg 1954: for (; readfn(httpd, fd, &c, 1) == 1; ) {
1955: debug((httpd, DEBUG_EXPLODING, "bozodgetln read %c", c));
1.1 tls 1956:
1.16 mrg 1957: if (len >= httpd->getln_buflen - 1) {
1958: httpd->getln_buflen *= 2;
1959: debug((httpd, DEBUG_EXPLODING, "bozodgetln: "
1960: "reallocating buffer to buflen %zu",
1961: httpd->getln_buflen));
1962: nbuffer = bozorealloc(httpd, httpd->getln_buffer,
1963: (size_t)httpd->getln_buflen);
1964: httpd->getln_buffer = nbuffer;
1.1 tls 1965: }
1966:
1.16 mrg 1967: httpd->getln_buffer[len++] = c;
1.1 tls 1968: if (c == '\r') {
1969: got_cr = 1;
1970: continue;
1971: } else if (c == '\n') {
1972: /*
1973: * HTTP/1.1 spec says to ignore CR and treat
1974: * LF as the real line terminator. even though
1975: * the same spec defines CRLF as the line
1976: * terminator, it is recommended in section 19.3
1977: * to do the LF trick for tolerance.
1978: */
1979: if (got_cr)
1980: len -= 2;
1981: else
1982: len -= 1;
1983: break;
1984: }
1985:
1986: }
1.16 mrg 1987: httpd->getln_buffer[len] = '\0';
1.28 joerg 1988: debug((httpd, DEBUG_OBESE, "bozodgetln returns: ``%s'' with len %zd",
1.16 mrg 1989: httpd->getln_buffer, len));
1.1 tls 1990: *lenp = len;
1.16 mrg 1991: return httpd->getln_buffer;
1.1 tls 1992: }
1993:
1994: void *
1.16 mrg 1995: bozorealloc(bozohttpd_t *httpd, void *ptr, size_t size)
1.1 tls 1996: {
1997: void *p;
1998:
1999: p = realloc(ptr, size);
1.12 mrg 2000: if (p == NULL) {
1.16 mrg 2001: (void)bozo_http_error(httpd, 500, NULL,
2002: "memory allocation failure");
1.12 mrg 2003: exit(1);
2004: }
1.1 tls 2005: return (p);
2006: }
2007:
2008: void *
1.16 mrg 2009: bozomalloc(bozohttpd_t *httpd, size_t size)
1.1 tls 2010: {
2011: void *p;
2012:
2013: p = malloc(size);
1.12 mrg 2014: if (p == NULL) {
1.16 mrg 2015: (void)bozo_http_error(httpd, 500, NULL,
2016: "memory allocation failure");
1.12 mrg 2017: exit(1);
2018: }
1.1 tls 2019: return (p);
2020: }
2021:
2022: char *
1.16 mrg 2023: bozostrdup(bozohttpd_t *httpd, const char *str)
1.1 tls 2024: {
2025: char *p;
2026:
2027: p = strdup(str);
1.12 mrg 2028: if (p == NULL) {
1.16 mrg 2029: (void)bozo_http_error(httpd, 500, NULL,
2030: "memory allocation failure");
1.12 mrg 2031: exit(1);
2032: }
1.1 tls 2033: return (p);
2034: }
1.16 mrg 2035:
2036: /* set default values in bozohttpd_t struct */
2037: int
2038: bozo_init_httpd(bozohttpd_t *httpd)
2039: {
2040: /* make sure everything is clean */
2041: (void) memset(httpd, 0x0, sizeof(*httpd));
2042:
2043: /* constants */
2044: httpd->consts.http_09 = "HTTP/0.9";
2045: httpd->consts.http_10 = "HTTP/1.0";
2046: httpd->consts.http_11 = "HTTP/1.1";
2047: httpd->consts.text_plain = "text/plain";
2048:
2049: /* mmap region size */
2050: httpd->mmapsz = BOZO_MMAPSZ;
2051:
2052: /* error buffer for bozo_http_error() */
2053: if ((httpd->errorbuf = malloc(BUFSIZ)) == NULL) {
2054: (void) fprintf(stderr,
2055: "bozohttpd: memory_allocation failure\n");
2056: return 0;
2057: }
2058: return 1;
2059: }
2060:
2061: /* set default values in bozoprefs_t struct */
2062: int
2063: bozo_init_prefs(bozoprefs_t *prefs)
2064: {
2065: /* make sure everything is clean */
2066: (void) memset(prefs, 0x0, sizeof(*prefs));
2067:
2068: /* set up default values */
2069: bozo_set_pref(prefs, "server software", SERVER_SOFTWARE);
2070: bozo_set_pref(prefs, "index.html", INDEX_HTML);
2071: bozo_set_pref(prefs, "public_html", PUBLIC_HTML);
2072:
2073: return 1;
2074: }
2075:
2076: /* set default values */
2077: int
2078: bozo_set_defaults(bozohttpd_t *httpd, bozoprefs_t *prefs)
2079: {
2080: return bozo_init_httpd(httpd) && bozo_init_prefs(prefs);
2081: }
2082:
2083: /* set the virtual host name, port and root */
2084: int
2085: bozo_setup(bozohttpd_t *httpd, bozoprefs_t *prefs, const char *vhost,
2086: const char *root)
2087: {
2088: struct passwd *pw;
2089: extern char **environ;
1.21 mrg 2090: static char *cleanenv[1] = { NULL };
1.16 mrg 2091: uid_t uid;
2092: char *chrootdir;
2093: char *username;
2094: char *portnum;
2095: char *cp;
2096: int dirtyenv;
2097:
2098: dirtyenv = 0;
2099:
2100: if (vhost == NULL) {
2101: httpd->virthostname = bozomalloc(httpd, MAXHOSTNAMELEN+1);
2102: /* XXX we do not check for FQDN here */
2103: if (gethostname(httpd->virthostname, MAXHOSTNAMELEN+1) < 0)
2104: bozo_err(httpd, 1, "gethostname");
2105: httpd->virthostname[MAXHOSTNAMELEN] = '\0';
2106: } else {
2107: httpd->virthostname = strdup(vhost);
2108: }
2109: httpd->slashdir = strdup(root);
2110: if ((portnum = bozo_get_pref(prefs, "port number")) != NULL) {
2111: httpd->bindport = strdup(portnum);
2112: }
2113:
2114: /* go over preferences now */
2115: if ((cp = bozo_get_pref(prefs, "numeric")) != NULL &&
2116: strcmp(cp, "true") == 0) {
2117: httpd->numeric = 1;
2118: }
2119: if ((cp = bozo_get_pref(prefs, "trusted referal")) != NULL &&
2120: strcmp(cp, "true") == 0) {
2121: httpd->untrustedref = 1;
2122: }
2123: if ((cp = bozo_get_pref(prefs, "log to stderr")) != NULL &&
2124: strcmp(cp, "true") == 0) {
2125: httpd->logstderr = 1;
2126: }
2127: if ((cp = bozo_get_pref(prefs, "bind address")) != NULL) {
2128: httpd->bindaddress = strdup(cp);
2129: }
2130: if ((cp = bozo_get_pref(prefs, "background")) != NULL) {
2131: httpd->background = atoi(cp);
2132: }
2133: if ((cp = bozo_get_pref(prefs, "foreground")) != NULL &&
2134: strcmp(cp, "true") == 0) {
2135: httpd->foreground = 1;
2136: }
1.27 jmmv 2137: if ((cp = bozo_get_pref(prefs, "pid file")) != NULL) {
2138: httpd->pidfile = strdup(cp);
2139: }
1.16 mrg 2140: if ((cp = bozo_get_pref(prefs, "unknown slash")) != NULL &&
2141: strcmp(cp, "true") == 0) {
2142: httpd->unknown_slash = 1;
2143: }
2144: if ((cp = bozo_get_pref(prefs, "virtual base")) != NULL) {
2145: httpd->virtbase = strdup(cp);
2146: }
2147: if ((cp = bozo_get_pref(prefs, "enable users")) != NULL &&
2148: strcmp(cp, "true") == 0) {
2149: httpd->enable_users = 1;
2150: }
2151: if ((cp = bozo_get_pref(prefs, "dirty environment")) != NULL &&
2152: strcmp(cp, "true") == 0) {
2153: dirtyenv = 1;
2154: }
2155: if ((cp = bozo_get_pref(prefs, "hide dots")) != NULL &&
2156: strcmp(cp, "true") == 0) {
2157: httpd->hide_dots = 1;
2158: }
2159: if ((cp = bozo_get_pref(prefs, "directory indexing")) != NULL &&
2160: strcmp(cp, "true") == 0) {
2161: httpd->dir_indexing = 1;
2162: }
1.20 mrg 2163: if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) {
2164: httpd->public_html = strdup(cp);
2165: }
1.16 mrg 2166: httpd->server_software =
2167: strdup(bozo_get_pref(prefs, "server software"));
2168: httpd->index_html = strdup(bozo_get_pref(prefs, "index.html"));
2169:
2170: /*
2171: * initialise ssl and daemon mode if necessary.
2172: */
2173: bozo_ssl_init(httpd);
2174: bozo_daemon_init(httpd);
2175:
2176: if ((username = bozo_get_pref(prefs, "username")) == NULL) {
2177: if ((pw = getpwuid(uid = 0)) == NULL)
2178: bozo_err(httpd, 1, "getpwuid(0): %s", strerror(errno));
2179: httpd->username = strdup(pw->pw_name);
2180: } else {
2181: httpd->username = strdup(username);
2182: if ((pw = getpwnam(httpd->username)) == NULL)
2183: bozo_err(httpd, 1, "getpwnam(%s): %s", httpd->username,
2184: strerror(errno));
2185: if (initgroups(pw->pw_name, pw->pw_gid) == -1)
2186: bozo_err(httpd, 1, "initgroups: %s", strerror(errno));
2187: if (setgid(pw->pw_gid) == -1)
2188: bozo_err(httpd, 1, "setgid(%u): %s", pw->pw_gid,
2189: strerror(errno));
2190: uid = pw->pw_uid;
2191: }
2192: /*
2193: * handle chroot.
2194: */
2195: if ((chrootdir = bozo_get_pref(prefs, "chroot dir")) != NULL) {
2196: httpd->rootdir = strdup(chrootdir);
2197: if (chdir(httpd->rootdir) == -1)
2198: bozo_err(httpd, 1, "chdir(%s): %s", httpd->rootdir,
2199: strerror(errno));
2200: if (chroot(httpd->rootdir) == -1)
2201: bozo_err(httpd, 1, "chroot(%s): %s", httpd->rootdir,
2202: strerror(errno));
2203: }
2204:
2205: if (username != NULL)
2206: if (setuid(uid) == -1)
2207: bozo_err(httpd, 1, "setuid(%d): %s", uid,
2208: strerror(errno));
2209:
2210: /*
2211: * prevent info leakage between different compartments.
2212: * some PATH values in the environment would be invalided
2213: * by chroot. cross-user settings might result in undesirable
2214: * effects.
2215: */
1.21 mrg 2216: if ((chrootdir != NULL || username != NULL) && !dirtyenv)
1.16 mrg 2217: environ = cleanenv;
1.21 mrg 2218:
1.16 mrg 2219: #ifdef _SC_PAGESIZE
2220: httpd->page_size = (long)sysconf(_SC_PAGESIZE);
2221: #else
2222: httpd->page_size = 4096;
2223: #endif
2224: debug((httpd, DEBUG_OBESE, "myname is %s, slashdir is %s",
2225: httpd->virthostname, httpd->slashdir));
2226:
2227: return 1;
2228: }
CVSweb <webmaster@jp.NetBSD.org>