Kagera uHTTP Daemon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

2278 lines
58 KiB

/**
* @PROJECT Kagera uHTTP Daemon
* @COPYRIGHT See COPYING in the top level directory
* @FILE kuhttpd.c
* @PURPOSE HTTP Server
* @DEVELOPERS Eric Bishop <eric@gargoyle-router.com>
* Rafal Kupiec <belliash@asiotec.eu.org>
* Jef Poskanzer <jef@acme.com>
*/
#include <unistd.h>
#include <stdlib.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <syslog.h>
#include <limits.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <time.h>
#include <pwd.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <ctype.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <dirent.h>
#include <cyassl/openssl/ssl.h>
#include <cyassl/openssl/err.h>
#include <cyassl/error.h>
#ifdef CROSS_BUILD
#include <cyassl/cyassl_error.h>
#endif
#include "kuhttpd.h"
#include "dateparse.h"
#include "match.h"
#include "mime_enc.h"
#include "mime_typ.h"
static void add_headers(int s, char* title, char* extra_header, char* me, char* mt, off_t b, time_t mod) {
time_t now;
char timebuf[100];
char buf[10000];
int buflen;
const char* rfc1123_fmt = "%a, %d %b %Y %H:%M:%S GMT";
status = s;
bytes = b;
make_log_entry();
start_response();
buflen = snprintf(buf, sizeof(buf), "%s %d %s\015\012", protocol, status, title);
add_to_response(buf, buflen);
buflen = snprintf(buf, sizeof(buf), "Server: %s\015\012", SERVER_SOFTWARE);
add_to_response(buf, buflen);
now = time((time_t*) 0);
(void) strftime(timebuf, sizeof(timebuf), rfc1123_fmt, gmtime(&now));
buflen = snprintf(buf, sizeof(buf), "Date: %s\015\012", timebuf);
add_to_response(buf, buflen);
buflen = snprintf(buf, sizeof(buf), "Expires: %s\015\012", timebuf);
add_to_response(buf, buflen);
if(mod != (time_t) -1) {
(void) strftime(timebuf, sizeof(timebuf), rfc1123_fmt, gmtime(&mod));
buflen = snprintf(buf, sizeof(buf), "Last-Modified: %s\015\012", timebuf);
add_to_response(buf, buflen);
}
if(extra_header != (char*) 0 && extra_header[0] != '\0') {
buflen = snprintf(buf, sizeof(buf), "%s\015\012", extra_header);
add_to_response(buf, buflen);
}
if(me != (char*) 0 && me[0] != '\0') {
buflen = snprintf(buf, sizeof(buf), "Content-Encoding: %s\015\012", me);
add_to_response(buf, buflen);
}
if(mt != (char*) 0 && mt[0] != '\0') {
buflen = snprintf(buf, sizeof(buf), "Content-Type: %s\015\012", mt);
add_to_response(buf, buflen);
}
if(bytes >= 0) {
buflen = snprintf(buf, sizeof(buf), "Content-Length: %lld\015\012", (long long int) bytes);
add_to_response(buf, buflen);
}
if(p3p != (char*) 0 && p3p[0] != '\0') {
buflen = snprintf(buf, sizeof(buf), "P3P: %s\015\012", p3p);
add_to_response(buf, buflen);
}
buflen = snprintf(buf, sizeof(buf), "\015\012");
add_to_response(buf, buflen);
}
static void add_to_buf(char** bufP, size_t* bufsizeP, size_t* buflenP, char* str, size_t len) {
if(*bufsizeP == 0) {
*bufsizeP = len + 500;
*buflenP = 0;
*bufP = (char*) e_malloc(*bufsizeP);
} else if(*buflenP + len >= *bufsizeP) {
*bufsizeP = *buflenP + len + 500;
*bufP = (char*) e_realloc((void*) *bufP, *bufsizeP);
}
(void) memmove(&((*bufP)[*buflenP]), str, len);
*buflenP += len;
(*bufP)[*buflenP] = '\0';
}
static void add_to_request(char* str, size_t len) {
add_to_buf(&request, &request_size, &request_len, str, len);
}
static void add_to_response(char* str, size_t len) {
add_to_buf(&response, &response_size, &response_len, str, len);
}
static void auth_check(char* dirname, int is_ssl) {
char authpath[10000];
char realmName[500];
struct stat sb;
char authinfo[500];
char* authpass;
char* colon;
static char line[10000];
int l;
FILE* fp;
char* cryp;
if(dirname[strlen(dirname) - 1] == '/') {
(void) snprintf(authpath, sizeof(authpath), "%s%s", dirname, AUTH_FILE);
} else {
(void) snprintf(authpath, sizeof(authpath), "%s/%s", dirname, AUTH_FILE);
}
if(stat(authpath, &sb) < 0) {
if(defaultRealmName == NULL || defaultRealmPasswordFile == NULL) {
return;
} else {
snprintf(authpath, sizeof(authpath), "%s", defaultRealmPasswordFile);
}
}
if(strcmp(authpath, defaultRealmPasswordFile) == 0) {
snprintf(realmName, sizeof(realmName), "%s", defaultRealmName);
} else {
snprintf(realmName, sizeof(realmName), "%s", dirname);
}
if(authorization == (char*) 0) {
send_authenticate(realmName, is_ssl);
}
if(strncmp(authorization, "Basic ", 6) != 0) {
send_authenticate(realmName, is_ssl);
}
l = b64_decode(&(authorization[6]), (unsigned char*) authinfo, sizeof(authinfo) - 1);
authinfo[l] = '\0';
authpass = strchr(authinfo, ':');
if(authpass == (char*) 0) {
send_authenticate(realmName, is_ssl);
}
*authpass++ = '\0';
colon = strchr(authpass, ':');
if(colon != (char*) 0) {
*colon = '\0';
}
fp = fopen(authpath, "r");
if(fp == (FILE*) 0) {
syslog(LOG_ERR, "%.80s auth file %.80s could not be opened - %m", ntoa(&client_addr), authpath);
send_error(403, "Forbidden", "", "File is protected.", is_ssl);
}
while(fgets(line, sizeof(line), fp) != (char*) 0) {
l = strlen(line);
if(line[l - 1] == '\n') {
line[l - 1] = '\0';
}
cryp = strchr(line, ':');
if(cryp == (char*) 0) {
continue;
}
*cryp++ = '\0';
if(strcmp(line, authinfo) == 0) {
(void) fclose(fp);
if(strcmp(crypt(authpass, cryp), cryp) == 0) {
remoteuser = line;
return;
} else {
send_authenticate(realmName, is_ssl);
}
}
}
(void) fclose(fp);
send_authenticate(realmName, is_ssl);
}
static int b64_decode(const char* str, unsigned char* space, int size) {
const char* cp;
int space_idx, phase;
int d, prev_d = 0;
unsigned char c;
space_idx = 0;
phase = 0;
for(cp = str; *cp != '\0'; ++cp) {
d = b64_decode_table[(int) *cp];
if(d != -1) {
switch(phase) {
case 0:
++phase;
break;
case 1:
c = ((prev_d << 2) | ((d & 0x30) >> 4));
if(space_idx < size) {
space[space_idx++] = c;
}
++phase;
break;
case 2:
c = (((prev_d & 0xf) << 4) | ((d & 0x3c) >> 2));
if(space_idx < size) {
space[space_idx++] = c;
}
++phase;
break;
case 3:
c = (((prev_d & 0x03) << 6) | d);
if(space_idx < size) {
space[space_idx++] = c;
}
phase = 0;
break;
}
prev_d = d;
}
}
return space_idx;
}
static char* build_env(char* fmt, char* arg) {
char* cp;
int size;
static char* buf;
static int maxbuf = 0;
size = strlen(fmt) + strlen(arg);
if(size > maxbuf) {
if(maxbuf == 0) {
maxbuf = MAX(200, size + 100);
buf = (char*) e_malloc(maxbuf);
} else {
maxbuf = MAX(maxbuf * 2, size * 5 / 4);
buf = (char*) e_realloc((void*) buf, maxbuf);
}
}
(void) snprintf(buf, maxbuf, fmt, arg);
cp = e_strdup(buf);
return cp;
}
static void cgi_interpose_input(int wfd, int is_ssl) {
size_t c;
ssize_t r, r2;
char buf[1024];
c = request_len - request_idx;
if(c > 0) {
if(write(wfd, &(request[request_idx]), c) != c) {
return;
}
}
while(c < content_length) {
r = my_read(buf, MIN( sizeof(buf), content_length - c), is_ssl);
if(r < 0 && (errno == EINTR || errno == EAGAIN)) {
sleep(1);
continue;
}
if(r <= 0) {
return;
}
for(;;) {
r2 = write(wfd, buf, r);
if(r2 < 0 && (errno == EINTR || errno == EAGAIN)) {
sleep(1);
continue;
}
if(r2 != r) {
return;
}
break;
}
c += r;
}
post_post_garbage_hack(is_ssl);
}
static void cgi_interpose_output(int rfd, int parse_headers, int is_ssl) {
ssize_t r, r2;
char buf[1024];
if(!parse_headers) {
char http_head[] = "HTTP/1.0 200 OK\015\012";
(void) my_write(http_head, sizeof(http_head), is_ssl);
} else {
size_t headers_size, headers_len;
char* headers;
char* br;
int status;
char* title;
char* cp;
headers_size = 0;
add_to_buf(&headers, &headers_size, &headers_len, (char*) 0, 0);
for(;;) {
r = read(rfd, buf, sizeof(buf));
if(r < 0 && (errno == EINTR || errno == EAGAIN)) {
sleep(1);
continue;
}
if(r <= 0) {
br = &(headers[headers_len]);
break;
}
add_to_buf(&headers, &headers_size, &headers_len, buf, r);
if((br = strstr(headers, "\015\012\015\012")) != (char*) 0 || (br = strstr(headers, "\012\012")) != (char*) 0) {
break;
}
}
if(headers[0] == '\0') {
return;
}
status = 200;
if((cp = strstr(headers, "Status:")) != (char*) 0 && cp < br && (cp == headers || *(cp-1) == '\012')) {
cp += 7;
cp += strspn(cp, " \t");
status = atoi(cp);
}
if((cp = strstr(headers, "Location:")) != (char*) 0 && cp < br && (cp == headers || *(cp-1) == '\012')) {
status = 302;
}
switch(status) {
case 200:
title = "OK";
break;
case 302:
title = "Found";
break;
case 304:
title = "Not Modified";
break;
case 400:
title = "Bad Request";
break;
case 401:
title = "Unauthorized";
break;
case 403:
title = "Forbidden";
break;
case 404:
title = "Not Found";
break;
case 408:
title = "Request Timeout";
break;
case 500:
title = "Internal Error";
break;
case 501:
title = "Not Implemented";
break;
case 503:
title = "Service Temporarily Overloaded";
break;
default:
title = "Something";
break;
}
(void) snprintf(buf, sizeof(buf), "HTTP/1.0 %d %s\015\012", status, title);
(void) my_write(buf, strlen(buf), is_ssl);
if(strstr(headers, "Server:") == NULL) {
char line[200];
sprintf(line, "Server: %s\015\012", SERVER_SOFTWARE);
(void) my_write(line, strlen(line), is_ssl);
}
if(strstr(headers, "Date:") == NULL) {
char line[200];
char timebuf[100];
time_t now = time((time_t*) 0);
const char* rfc1123_fmt = "%a, %d %b %Y %H:%M:%S GMT";
(void) strftime(timebuf, sizeof(timebuf), rfc1123_fmt, gmtime(&now));
sprintf(line, "Date: %s\015\012", timebuf);
(void) my_write(line, strlen(line), is_ssl);
if(strstr(headers, "Expires:") == NULL) {
sprintf(line, "Expires: %s\015\012", timebuf);
(void) my_write(line, strlen(line), is_ssl);
}
} else if(strstr(headers, "Expires:") == NULL) {
char* line = "Expires: Thu, 01 Jan 1970 00:00:00 GMT\015\012";
(void) my_write(line, strlen(line), is_ssl);
}
(void) my_write(headers, headers_len, is_ssl);
}
for(;;) {
r = read(rfd, buf, sizeof(buf));
if(r < 0 && (errno == EINTR || errno == EAGAIN)) {
sleep(1);
continue;
}
if(r <= 0) {
goto done;
}
for(;;) {
r2 = my_write(buf, r, is_ssl);
if(r2 < 0 && (errno == EINTR || errno == EAGAIN)) {
sleep(1);
continue;
}
if(r2 != r) {
goto done;
}
break;
}
}
done:
shutdown(conn_fd, SHUT_WR);
}
static void check_referer(int is_ssl) {
char* cp;
if(url_pattern == (char*) 0) {
return;
}
if(really_check_referer()) {
return;
}
cp = hostname;
if(cp == (char*) 0) {
cp = "";
}
syslog(LOG_INFO, "%.80s non-local referer \"%.80s%.80s\" \"%.80s\"", ntoa(&client_addr), cp, path, referer);
send_error(403, "Forbidden", "", "You must supply a local referer.", is_ssl);
}
static void clear_ndelay(int fd) {
int flags, newflags;
flags = fcntl(fd, F_GETFL, 0);
if(flags != -1) {
newflags = flags & ~ (int) O_NDELAY;
if(newflags != flags) {
(void) fcntl(fd, F_SETFL, newflags);
}
}
}
static void de_dotdot(char* file) {
char* cp;
char* cp2;
int l;
while((cp = strstr(file, "//")) != (char*) 0) {
for(cp2 = cp + 2; *cp2 == '/'; ++cp2) {
continue;
}
(void) strcpy(cp + 1, cp2);
}
while(strncmp(file, "./", 2) == 0) {
(void) strcpy(file, file + 2);
}
while((cp = strstr( file, "/./")) != (char*) 0) {
(void) strcpy(cp, cp + 2);
}
for(;;) {
while(strncmp(file, "../", 3) == 0) {
(void) strcpy( file, file + 3 );
}
cp = strstr(file, "/../");
if(cp == (char*) 0) {
break;
}
for(cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2) {
continue;
}
(void) strcpy(cp2 + 1, cp + 4);
}
while((l = strlen(file)) > 3 && strcmp((cp = file + l - 3), "/..") == 0) {
for(cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2) {
continue;
}
if(cp2 < file) {
break;
}
*cp2 = '\0';
}
}
static void do_cgi(int is_ssl, unsigned short conn_port) {
char** argp;
char** envp;
int parse_headers;
char* binary;
char* directory;
if(method != METHOD_GET && method != METHOD_POST) {
send_error(501, "Not Implemented", "", "That method is not implemented for CGI.", is_ssl);
}
if(conn_fd == STDIN_FILENO || conn_fd == STDOUT_FILENO || conn_fd == STDERR_FILENO) {
int newfd = dup2(conn_fd, STDERR_FILENO + 1);
if(newfd >= 0) {
conn_fd = newfd;
}
}
envp = make_envp(is_ssl, conn_port);
argp = make_argp();
if((method == METHOD_POST && request_len > request_idx) || is_ssl) {
int p[2];
int r;
if(pipe(p) < 0) {
send_error(500, "Internal Error", "", "Something unexpected went wrong making a pipe.", is_ssl);
}
r = fork();
if(r < 0) {
send_error(500, "Internal Error", "", "Something unexpected went wrong forking an interposer.", is_ssl);
}
if(r == 0) {
(void) close(p[0]);
cgi_interpose_input(p[1], is_ssl);
exit(0);
}
(void) close(p[1]);
if(p[0] != STDIN_FILENO) {
(void) dup2(p[0], STDIN_FILENO);
(void) close(p[0]);
}
} else {
if(conn_fd != STDIN_FILENO) {
(void) dup2(conn_fd, STDIN_FILENO);
}
}
if(strncmp(argp[0], "nph-", 4) == 0) {
parse_headers = 0;
} else {
parse_headers = 1;
}
if(parse_headers || is_ssl) {
int p[2];
int r;
if(pipe(p) < 0) {
send_error(500, "Internal Error", "", "Something unexpected went wrong making a pipe.", is_ssl);
}
r = fork();
if(r < 0) {
send_error(500, "Internal Error", "", "Something unexpected went wrong forking an interposer.", is_ssl);
}
if(r == 0) {
(void) close(p[1]);
cgi_interpose_output(p[0], parse_headers, is_ssl);
exit(0);
}
(void) close(p[0]);
if(p[1] != STDOUT_FILENO) {
(void) dup2(p[1], STDOUT_FILENO);
}
if(p[1] != STDERR_FILENO) {
(void) dup2(p[1], STDERR_FILENO);
}
if(p[1] != STDOUT_FILENO && p[1] != STDERR_FILENO) {
(void) close(p[1]);
}
} else {
if(conn_fd != STDOUT_FILENO) {
(void) dup2(conn_fd, STDOUT_FILENO);
}
if(conn_fd != STDERR_FILENO) {
(void) dup2(conn_fd, STDERR_FILENO);
}
}
if(logfp != (FILE*) 0) {
(void) fclose(logfp);
}
closelog();
if(nice(CGI_NICE) < 0) { ; }
directory = e_strdup(file);
binary = strrchr(directory, '/');
if(binary == (char*) 0) {
binary = file;
} else {
*binary++ = '\0';
if(chdir(directory) < 0) { ; }
}
(void) signal(SIGPIPE, SIG_DFL);
(void) execve(binary, argp, envp);
send_error(500, "Internal Error", "", "Something unexpected went wrong running a CGI program.", is_ssl);
}
static void do_dir(int is_ssl) {
char buf[10000];
size_t buflen;
char* contents;
size_t contents_size, contents_len;
int n, i;
struct dirent **dl;
char* name_info;
if(pathinfo != (char*) 0) {
send_error(404, "Not Found", "", "File not found.", is_ssl);
}
auth_check(file, is_ssl);
check_referer(is_ssl);
n = scandir(file, &dl, NULL, alphasort);
if(n < 0) {
syslog(LOG_INFO, "%.80s Directory \"%.80s\" is protected", ntoa(&client_addr), path);
send_error(403, "Forbidden", "", "Directory is protected.", is_ssl);
}
contents_size = 0;
buflen = snprintf(buf, sizeof(buf), "<html>\n<head><title>Index of %s</title></head>\n<body bgcolor=\"#FFFFFF\">\n<h1>Index of %s</h1><hr><pre>\n", file, file);
add_to_buf(&contents, &contents_size, &contents_len, buf, buflen);
for(i = 0; i < n; ++i) {
if(strcmp(dl[i]->d_name, ".") == 0) {
continue;
}
name_info = file_details(file, dl[i]->d_name);
add_to_buf(&contents, &contents_size, &contents_len, name_info, strlen(name_info));
}
buflen = snprintf(buf, sizeof(buf), "</pre><hr>\n%s\n</body>\n</html>\n", SERVER_SOFTWARE);
add_to_buf(&contents, &contents_size, &contents_len, buf, buflen);
add_headers(200, "Ok", "", "", "text/html; charset=%s", contents_len, sb.st_mtime);
if(method != METHOD_HEAD) {
add_to_response(contents, contents_len);
}
send_response(is_ssl);
}
static void do_file(int is_ssl, unsigned short conn_port) {
char buf[10000];
char mime_encodings[500];
const char* mime_type;
char fixed_mime_type[500];
char* cp;
int fd;
(void) strncpy(buf, file, sizeof(buf));
cp = strrchr(buf, '/');
if(cp == (char*) 0) {
(void) strcpy(buf, ".");
} else {
*cp = '\0';
}
auth_check(buf, is_ssl);
if(strcmp(file, AUTH_FILE) == 0 || (strcmp(&(file[strlen(file) - sizeof(AUTH_FILE) + 1]), AUTH_FILE) == 0 && file[strlen(file) - sizeof(AUTH_FILE)] == '/')) {
syslog(LOG_NOTICE, "%.80s URL \"%.80s\" tried to retrieve an auth file", ntoa(&client_addr), path);
send_error(403, "Forbidden", "", "File is protected.", is_ssl);
}
if(defaultRealmName != NULL && defaultRealmPasswordFile != NULL) {
if(strcmp(file, defaultRealmPasswordFile) == 0 || strcmp(&(file[strlen(file) - sizeof(defaultRealmPasswordFile) + 1]), defaultRealmPasswordFile) == 0 && file[strlen(file) - sizeof(defaultRealmPasswordFile)] == '/') {
syslog(LOG_NOTICE, "%.80s URL \"%.80s\" tried to retrieve an auth file", ntoa(&client_addr), path);
send_error(403, "Forbidden", "", "File is protected.", is_ssl);
}
}
check_referer(is_ssl);
if(cgi_pattern != (char*) 0 && match(cgi_pattern, file)) {
do_cgi(is_ssl, conn_port);
return;
} else if(pathinfo != (char*) 0) {
send_error(404, "Not Found", "", "File not found.", is_ssl);
}
fd = open(file, O_RDONLY);
if(fd < 0) {
syslog(LOG_INFO, "%.80s File \"%.80s\" is protected", ntoa(&client_addr), path);
send_error(403, "Forbidden", "", "File is protected.", is_ssl);
}
mime_type = figure_mime(file, mime_encodings, sizeof(mime_encodings));
(void) snprintf(fixed_mime_type, sizeof(fixed_mime_type), mime_type, charset);
if(if_modified_since != (time_t) -1 && if_modified_since >= sb.st_mtime) {
add_headers(304, "Not Modified", "", mime_encodings, fixed_mime_type, (off_t) -1, sb.st_mtime);
send_response(is_ssl);
return;
}
add_headers(200, "Ok", "", mime_encodings, fixed_mime_type, sb.st_size, sb.st_mtime);
send_response(is_ssl);
if(method == METHOD_HEAD) {
return;
}
if(sb.st_size > 0) {
send_via_write(fd, sb.st_size, is_ssl);
}
(void) close(fd);
}
static void* e_malloc(size_t size) {
void* ptr;
ptr = malloc(size);
if(ptr == (void*) 0) {
syslog(LOG_CRIT, "out of memory");
(void) fprintf(stderr, "%s: out of memory\n", argv0);
exit(1);
}
return ptr;
}
static void* e_realloc(void* optr, size_t size) {
void* ptr;
ptr = realloc(optr, size);
if(ptr == (void*) 0) {
syslog(LOG_CRIT, "out of memory");
(void) fprintf(stderr, "%s: out of memory\n", argv0);
exit(1);
}
return ptr;
}
static char* e_strdup(char* ostr) {
char* str;
str = strdup(ostr);
if(str == (char*) 0) {
syslog(LOG_CRIT, "out of memory copying a string");
(void) fprintf(stderr, "%s: out of memory copying a string\n", argv0);
exit(1);
}
return str;
}
static int ext_compare(struct mime_entry* a, struct mime_entry* b) {
return strcmp(a->ext, b->ext);
}
static const char* figure_mime(char* name, char* me, size_t me_size) {
char* prev_dot;
char* dot;
char* ext;
int me_indexes[100], n_me_indexes;
size_t ext_len, me_len;
int i, top, bot, mid;
int r;
const char* default_type = "application/octet-stream ";
const char* type;
n_me_indexes = 0;
for(prev_dot = &name[strlen(name)]; ; prev_dot = dot) {
for(dot = prev_dot - 1; dot >= name && *dot != '.'; --dot);
if(dot < name) {
type = default_type;
goto done;
}
ext = dot + 1;
ext_len = prev_dot - ext;
for(i = 0; i < n_enc_tab; ++i) {
if(ext_len == enc_tab[i].ext_len && strncasecmp(ext, enc_tab[i].ext, ext_len) == 0) {
if(n_me_indexes < sizeof(me_indexes)/sizeof(*me_indexes)) {
me_indexes[n_me_indexes] = i;
++n_me_indexes;
}
goto next;
}
}
break;
next: ;
}
top = n_typ_tab - 1;
bot = 0;
while(top >= bot) {
mid = (top + bot) / 2;
r = strncasecmp(ext, typ_tab[mid].ext, ext_len);
if(r < 0) {
top = mid - 1;
} else if(r > 0) {
bot = mid + 1;
} else if(ext_len < typ_tab[mid].ext_len) {
top = mid - 1;
} else if(ext_len > typ_tab[mid].ext_len) {
bot = mid + 1;
} else {
type = typ_tab[mid].val;
goto done;
}
}
type = default_type;
done:
me[0] = '\0';
me_len = 0;
for(i = n_me_indexes - 1; i >= 0; --i) {
if(me_len + enc_tab[me_indexes[i]].val_len + 1 < me_size) {
if(me[0] != '\0') {
(void) strcpy(&me[me_len], ",");
++me_len;
}
(void) strcpy(&me[me_len], enc_tab[me_indexes[i]].val);
me_len += enc_tab[me_indexes[i]].val_len;
}
}
return type;
}
static char* file_details(const char* dir, const char* name) {
struct stat sb;
char f_time[20];
static char encname[1000];
static char buf[2000];
(void) snprintf(buf, sizeof(buf), "%s/%s", dir, name);
if(lstat(buf, &sb) < 0)
return "???";
(void) strftime(f_time, sizeof(f_time), "%d-%b-%Y %H:%M", localtime(&sb.st_mtime));
strencode(encname, sizeof(encname), name);
(void) snprintf(buf, sizeof(buf), "<a href=\"%s\">%-50s</a> %15s %14lld\n", encname, name, f_time, (long long int) sb.st_size);
return buf;
}
static char* get_method_str(int m) {
switch(m) {
case METHOD_GET:
return "GET";
case METHOD_HEAD:
return "HEAD";
case METHOD_POST:
return "POST";
default:
return "UNKNOWN";
}
}
static int get_pathinfo(void) {
int r;
pathinfo = &file[strlen(file)];
for(;;) {
do {
--pathinfo;
if(pathinfo <= file) {
pathinfo = (char*) 0;
return -1;
}
} while(*pathinfo != '/');
*pathinfo = '\0';
r = stat(file, &sb);
if(r >= 0) {
++pathinfo;
return r;
} else {
*pathinfo = '/';
}
}
}
static char* get_request_line(void) {
int i;
char c;
for(i = request_idx; request_idx < request_len; ++request_idx) {
c = request[request_idx];
if(c == '\012' || c == '\015') {
request[request_idx] = '\0';
++request_idx;
if(c == '\015' && request_idx < request_len && request[request_idx] == '\012') {
request[request_idx] = '\0';
++request_idx;
}
return &(request[i]);
}
}
return (char*) 0;
}
static void handle_read_timeout(int sig, int is_ssl) {
syslog(LOG_INFO, "%.80s connection timed out reading", ntoa(&client_addr));
send_error(408, "Request Timeout", "", "No request appeared within a reasonable time period.", is_ssl);
}
static void handle_read_timeout_sig(int sig) {
handle_read_timeout(0,0);
}
static void handle_request(int is_ssl, unsigned short conn_port) {
char* method_str;
char* line;
char* cp;
int r, file_len, i;
const char* index_names[] = {"default.html", "default.htm", "index.html", "index.htm", "index.cgi", "index.sh" };
(void) signal(SIGALRM, handle_read_timeout_sig);
(void) alarm(READ_TIMEOUT);
remoteuser = (char*) 0;
method = METHOD_UNKNOWN;
path = (char*) 0;
file = (char*) 0;
pathinfo = (char*) 0;
query = "";
protocol = (char*) 0;
status = 0;
bytes = -1;
authorization = (char*) 0;
content_type = (char*) 0;
content_length = -1;
cookie = (char*) 0;
host = (char*) 0;
if_modified_since = (time_t) -1;
referer = "";
useragent = "";
#ifdef TCP_NOPUSH
r = 1;
(void) setsockopt(conn_fd, IPPROTO_TCP, TCP_NOPUSH, (void*) &r, sizeof(r));
#endif
if(is_ssl) {
ssl = SSL_new(ssl_ctx);
SSL_set_fd(ssl, conn_fd);
int accept_ret = SSL_accept(ssl);
if(accept_ret <= 0) {
int e = SSL_get_error(ssl, accept_ret);
if(e != VERSION_ERROR) {
syslog(LOG_CRIT, "error: can't initialize ssl connection, error = %d\n", e);
}
exit(1);
}
}
start_request();
for(;;) {
char buf[10000];
int r = my_read( buf, sizeof(buf), is_ssl );
if(r < 0 && (errno == EINTR || errno == EAGAIN)) {
continue;
}
if(r <= 0) {
break;
}
(void) alarm(READ_TIMEOUT);
add_to_request(buf, r);
if(strstr(request, "\015\012\015\012") != (char*) 0 || strstr(request, "\012\012") != (char*) 0) {
break;
}
}
method_str = get_request_line();
if(method_str == (char*) 0) {
send_error(400, "Bad Request", "", "Can't parse request.", is_ssl);
}
path = strpbrk(method_str, " \t\012\015");
if(path == (char*) 0) {
send_error(400, "Bad Request", "", "Can't parse request.", is_ssl);
}
*path++ = '\0';
path += strspn(path, " \t\012\015");
protocol = strpbrk(path, " \t\012\015");
if(protocol == (char*) 0) {
send_error(400, "Bad Request", "", "Can't parse request.", is_ssl);
}
*protocol++ = '\0';
protocol += strspn(protocol, " \t\012\015");
query = strchr(path, '?');
if(query == (char*) 0) {
query = "";
} else {
*query++ = '\0';
}
while((line = get_request_line()) != (char*) 0) {
if(line[0] == '\0') {
break;
} else if(strncasecmp(line, "Authorization:", 14) == 0) {
cp = &line[14];
cp += strspn(cp, " \t");
authorization = cp;
} else if(strncasecmp(line, "Content-Length:", 15) == 0) {
cp = &line[15];
cp += strspn(cp, " \t");
content_length = atol(cp);
} else if(strncasecmp(line, "Content-Type:", 13) == 0) {
cp = &line[13];
cp += strspn(cp, " \t");
content_type = cp;
} else if(strncasecmp(line, "Cookie:", 7) == 0) {
cp = &line[7];
cp += strspn(cp, " \t");
cookie = cp;
} else if(strncasecmp(line, "Host:", 5) == 0) {
cp = &line[5];
cp += strspn(cp, " \t");
host = cp;
if(strchr(host, '/') != (char*) 0 || host[0] == '.') {
send_error(400, "Bad Request", "", "Can't parse request.", is_ssl);
}
} else if(strncasecmp(line, "If-Modified-Since:", 18) == 0) {
cp = &line[18];
cp += strspn(cp, " \t");
if_modified_since = dateparse(cp);
} else if(strncasecmp(line, "Referer:", 8) == 0) {
cp = &line[8];
cp += strspn(cp, " \t");
referer = cp;
} else if(strncasecmp(line, "User-Agent:", 11) == 0) {
cp = &line[11];
cp += strspn(cp, " \t");
useragent = cp;
}
}
if(strcasecmp(method_str, get_method_str(METHOD_GET)) == 0) {
method = METHOD_GET;
} else if(strcasecmp(method_str, get_method_str(METHOD_HEAD)) == 0) {
method = METHOD_HEAD;
} else if(strcasecmp(method_str, get_method_str(METHOD_POST)) == 0) {
method = METHOD_POST;
} else {
send_error(501, "Not Implemented", "", "That method is not implemented.", is_ssl);
}
strdecode(path, path);
if(path[0] != '/') {
send_error(400, "Bad Request", "", "Bad filename.", is_ssl);
}
file = &(path[1]);
de_dotdot(file);
if(file[0] == '\0') {
file = "./";
}
if(file[0] == '/' || (file[0] == '.' && file[1] == '.' && (file[2] == '\0' || file[2] == '/'))) {
send_error(400, "Bad Request", "", "Illegal filename.", is_ssl);
}
(void) signal(SIGALRM, handle_write_timeout);
(void) alarm(WRITE_TIMEOUT);
r = stat(file, &sb);
if(r < 0) {
r = get_pathinfo();
}
if(r < 0) {
if(pageNotFoundFile != NULL && host != NULL) {
send_redirect("", host, pageNotFoundFile, is_ssl);
} else {
send_error(404, "Not Found", "", "File not found.", is_ssl);
}
}
file_len = strlen( file );
if(!S_ISDIR(sb.st_mode)) {
while(file[file_len - 1] == '/') {
file[file_len - 1] = '\0';
--file_len;
}
do_file(is_ssl, conn_port);
} else {
char idx[10000];
unsigned char found_index = 0;
if(file[file_len - 1] != '/' && pathinfo == (char*) 0) {
char location[10000];
if(query[0] != '\0') {
(void) snprintf(location, sizeof(location), "Location: %s/?%s", path, query);
} else {
(void) snprintf(location, sizeof(location), "Location: %s/", path);
send_error(302, "Found", location, "Directories must end with a slash.", is_ssl);
}
}
if(defaultPageFile != NULL) {
(void) snprintf(idx, sizeof(idx), "%s%s", file, defaultPageFile);
if(stat( idx, &sb ) >= 0) {
file = idx;
do_file(is_ssl, conn_port);
found_index = 1;
}
}
for(i = 0; i < (sizeof(index_names) / sizeof(char*)) && found_index == 0; ++i) {
(void) snprintf(idx, sizeof(idx), "%s%s", file, index_names[i]);
if(stat(idx, &sb) >= 0) {
file = idx;
do_file(is_ssl, conn_port);
found_index = 1;
}
}
if(found_index == 0) {
if(allowDirectoryListing == 0) {
if(pageNotFoundFile != NULL && host != NULL) {
send_redirect("", host, pageNotFoundFile, is_ssl);
} else {
send_error(404, "Not Found", "", "File not found.", is_ssl);
}
} else {
do_dir(is_ssl);
}
}
}
if(is_ssl) {
SSL_free(ssl);
}
}
static void handle_sigchld(int sig) {
const int oerrno = errno;
pid_t pid;
int status;
(void) signal(SIGCHLD, handle_sigchld);
for(;;) {
pid = waitpid((pid_t) -1, &status, WNOHANG);
if((int) pid == 0) {
break;
}
if((int) pid < 0) {
if(errno == EINTR || errno == EAGAIN) {
continue;
}
if(errno != ECHILD) {
syslog(LOG_ERR, "child wait - %m");
perror("child wait");
}
break;
}
}
errno = oerrno;
}
static void handle_sighup(int sig) {
const int oerrno = errno;
(void) signal(SIGHUP, handle_sighup);
got_hup = 1;
errno = oerrno;
}
static void handle_sigterm(int sig) {
syslog(LOG_NOTICE, "exiting due to signal %d", sig);
(void) fprintf(stderr, "%s: exiting due to signal %d\n", argv0, sig);
closelog();
exit(1);
}
static void handle_write_timeout(int sig) {
syslog(LOG_INFO, "%.80s connection timed out writing", ntoa(&client_addr));
exit(1);
}
static int hexit(char c) {
if(c >= '0' && c <= '9') {
return c - '0';
}
if(c >= 'a' && c <= 'f') {
return c - 'a' + 10;
}
if(c >= 'A' && c <= 'F') {
return c - 'A' + 10;
}
return 0;
}
static void init_mime(void) {
int i;
qsort(enc_tab, n_enc_tab, sizeof(*enc_tab), (int(*)(const void*, const void*)) ext_compare);
qsort(typ_tab, n_typ_tab, sizeof(*typ_tab), (int(*)(const void*, const void*)) ext_compare);
for(i = 0; i < n_enc_tab; ++i) {
enc_tab[i].ext_len = strlen(enc_tab[i].ext);
enc_tab[i].val_len = strlen(enc_tab[i].val);
}
for(i = 0; i < n_typ_tab; ++i) {
typ_tab[i].ext_len = strlen(typ_tab[i].ext);
typ_tab[i].val_len = strlen(typ_tab[i].val);
}
}
static int initialize_listen_socket(usockaddr* usaP) {
int listen_fd;
int i;
if(!sockaddr_check(usaP)) {
syslog(LOG_ERR, "unknown sockaddr family on listen socket - %d", usaP->sa.sa_family);
(void) fprintf(stderr, "%s: unknown sockaddr family on listen socket - %d\n", argv0, usaP->sa.sa_family);
return -1;
}
listen_fd = socket(usaP->sa.sa_family, SOCK_STREAM, 0);
if(listen_fd < 0) {
if(usaP->sa.sa_family == AF_INET6 && (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || errno == ESOCKTNOSUPPORT || EPFNOSUPPORT || EAFNOSUPPORT)) {
/* IPv6 not compiled into kernel, no big deal, don't print errors */
} else {
syslog(LOG_CRIT, "socket %.80s - %m", ntoa(usaP));
perror("socket");
}
return -1;
}
(void) fcntl(listen_fd, F_SETFD, 1);
i = 1;
if(setsockopt(listen_fd, SOL_SOCKET, SO_REUSEADDR, (void*) &i, sizeof(i)) < 0) {
syslog(LOG_CRIT, "setsockopt SO_REUSEADDR - %m");
perror("setsockopt SO_REUSEADDR");
return -1;
}
if(bind(listen_fd, &usaP->sa, sockaddr_len(usaP)) < 0) {
syslog(LOG_CRIT, "bind %.80s - %m", ntoa(usaP));
perror("bind");
return -1;
}
if(listen(listen_fd, 1024) < 0) {
syslog(LOG_CRIT, "listen - %m");
perror("listen");
return -1;
}
return listen_fd;
}
static void lookup_hostname(usockaddr* usa4P, usockaddr* usa4sP, size_t sa4_len, int* gotv4P, int* gotv4sP, usockaddr* usa6P, usockaddr* usa6sP, size_t sa6_len, int* gotv6P, int* gotv6sP) {
int port_index;
unsigned short port_list[4];
port_list[0] = port;
port_list[1] = sslPort;
port_list[2] = 0;
*gotv6P = 0;
*gotv6sP = 0;
*gotv4P = 0;
*gotv4sP = 0;
for(port_index=0; port_list[port_index] != 0; port_index++) {
struct addrinfo hints;
char portstr[10];
int gaierr;
struct addrinfo* ai;
struct addrinfo* ai2;
struct addrinfo* aiv6;
struct addrinfo* aiv4;
(void) memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_flags = AI_PASSIVE;
hints.ai_socktype = SOCK_STREAM;
(void) snprintf(portstr, sizeof(portstr), "%d", (int) port_list[port_index]);
if((gaierr = getaddrinfo(hostname, portstr, &hints, &ai)) != 0) {
syslog(LOG_CRIT, "getaddrinfo %.80s - %s", hostname, gai_strerror(gaierr));
(void) fprintf(stderr, "%s: getaddrinfo %.80s - %s\n", argv0, hostname, gai_strerror(gaierr));
exit(1);
}
aiv6 = (struct addrinfo*) 0;
aiv4 = (struct addrinfo*) 0;
for(ai2 = ai; ai2 != (struct addrinfo*) 0; ai2 = ai2->ai_next) {
switch(ai2->ai_family) {
case AF_INET6:
if(aiv6 == (struct addrinfo*) 0) {
aiv6 = ai2;
}
break;
case AF_INET:
if(aiv4 == (struct addrinfo*) 0) {
aiv4 = ai2;
}
break;
}
}
if(aiv6 != (struct addrinfo*) 0) {
if(sa6_len < aiv6->ai_addrlen) {
syslog(LOG_CRIT, "%.80s - sockaddr too small (%lu < %lu)", hostname, (unsigned long) sa6_len, (unsigned long) aiv6->ai_addrlen);
(void) fprintf(stderr, "%s: %.80s - sockaddr too small (%lu < %lu)\n", argv0, hostname, (unsigned long) sa6_len, (unsigned long) aiv6->ai_addrlen);
exit(1);
}
if(port_index==0) {
*gotv6P = 1;
(void) memset(usa6P, 0, sa6_len);
(void) memmove(usa6P, aiv6->ai_addr, aiv6->ai_addrlen);
} else {
*gotv6sP = 1;
(void) memset(usa6sP, 0, sa6_len);
(void) memmove(usa6sP, aiv6->ai_addr, aiv6->ai_addrlen);
}
}
if(aiv4 != (struct addrinfo*) 0) {
if(sa4_len < aiv4->ai_addrlen) {
syslog(LOG_CRIT, "%.80s - sockaddr too small (%lu < %lu)", hostname, (unsigned long) sa4_len, (unsigned long) aiv4->ai_addrlen);
(void) fprintf(stderr, "%s: %.80s - sockaddr too small (%lu < %lu)\n", argv0, hostname, (unsigned long) sa4_len, (unsigned long) aiv4->ai_addrlen);
exit(1);
}
if(port_index == 0) {
*gotv4P = 1;
(void) memset(usa4P, 0, sa4_len);
(void) memmove(usa4P, aiv4->ai_addr, aiv4->ai_addrlen);
} else {
*gotv4sP = 1;
(void) memset(usa4sP, 0, sa4_len);
(void) memmove(usa4sP, aiv4->ai_addr, aiv4->ai_addrlen);
}
*gotv4P = 1;
}
freeaddrinfo(ai);
}
}
int main(int argc, char** argv) {
int argn;
struct passwd* pwd;
uid_t uid = 32767;
gid_t gid = 32767;
usockaddr host_addr4;
usockaddr host_addr6;
int gotv4, gotv4s, gotv6, gotv6s;
fd_set lfdset;
int maxfd;
usockaddr usa;
int sz, r;
char* cp;
usockaddr host_addr4s;
usockaddr host_addr6s;
argv0 = argv[0];
debug = 0;
port = 0;
dir = (char*) 0;
data_dir = (char*) 0;
cgi_pattern = DEFAULT_CGI_PATTERN;
url_pattern = (char*) 0;
no_empty_referers = 0;
local_pattern = (char*) 0;
charset = DEFAULT_CHARSET;
language = DEFAULT_LANGUAGE;
p3p = (char*) 0;
max_age = -1;
user = DEFAULT_USER;
hostname = (char*) 0;
logfile = (char*) 0;
pidfile = (char*) 0;
logfp = (FILE*) 0;
do_ssl = 0;
certfile = DEFAULT_CERTFILE;
cipher = (char*) 0;
defaultRealmName = NULL;
defaultRealmPasswordFile = NULL;
defaultPageFile = NULL;
pageNotFoundFile = NULL;
allowDirectoryListing = 1;
sslPort = 0;
argn = 1;
while(argn < argc && argv[argn][0] == '-') {
if(strcmp( argv[argn], "-V" ) == 0) {
(void) printf("%s\n", SERVER_SOFTWARE);
exit(0);
} else if(strcmp(argv[argn], "-C") == 0 && argn + 1 < argc) {
++argn;
read_config(argv[argn]);
} else if(strcmp(argv[argn], "-D") == 0) {
debug = 1;
} else if(strcmp(argv[argn], "-S") == 0) {
do_ssl = 1;
} else if(strcmp(argv[argn], "-E") == 0 && argn + 1 < argc) {
++argn;
certfile = argv[argn];
} else if(strcmp(argv[argn], "-Y") == 0 && argn + 1 < argc) {
++argn;
cipher = argv[argn];
} else if(strcmp(argv[argn], "-p") == 0 && argn + 1 < argc) {
++argn;
port = (unsigned short) atoi(argv[argn]);
} else if(strcmp(argv[argn], "-d") == 0 && argn + 1 < argc) {
++argn;
dir = argv[argn];
} else if(strcmp(argv[argn], "-dd") == 0 && argn + 1 < argc) {
++argn;
data_dir = argv[argn];
} else if(strcmp(argv[argn], "-c") == 0 && argn + 1 < argc) {
++argn;
cgi_pattern = argv[argn];
} else if(strcmp(argv[argn], "-u") == 0 && argn + 1 < argc) {
++argn;
user = argv[argn];
} else if(strcmp(argv[argn], "-h") == 0 && argn + 1 < argc) {
++argn;
hostname = argv[argn];
} else if(strcmp(argv[argn], "-l") == 0 && argn + 1 < argc) {
++argn;
logfile = argv[argn];
} else if(strcmp(argv[argn], "-i") == 0 && argn + 1 < argc) {
++argn;
pidfile = argv[argn];
} else if(strcmp(argv[argn], "-T") == 0 && argn + 1 < argc) {
++argn;
charset = argv[argn];
} else if(strcmp(argv[argn], "-L") == 0 && argn + 1 < argc) {
++argn;
language = argv[argn];
} else if(strcmp(argv[argn], "-P") == 0 && argn + 1 < argc) {
++argn;
p3p = argv[argn];
} else if(strcmp(argv[argn], "-M") == 0 && argn + 1 < argc) {
++argn;
max_age = atoi(argv[argn]);
} else if(strcmp(argv[argn], "-DRN") == 0 && argn + 1 < argc) {
++argn;
defaultRealmName = argv[argn];
} else if(strcmp(argv[argn], "-DRP") == 0 && argn + 1 < argc) {
++argn;
defaultRealmPasswordFile = argv[argn];
} else if(strcmp(argv[argn], "-DPF") == 0 && argn + 1 < argc) {
++argn;
defaultPageFile = argv[argn];
} else if(strcmp(argv[argn], "-PNF") == 0 && argn + 1 < argc) {
++argn;
pageNotFoundFile = argv[argn];
} else if(strcmp(argv[argn], "-ADL") == 0 && argn + 1 < argc) {
++argn;
if(strcmp(argv[argn], "1") == 0 || strcmp(argv[argn], "true") == 0 || strcmp(argv[argn], "TRUE") == 0 || strcmp(argv[argn], "yes") == 0 || strcmp(argv[argn], "YES") == 0) {
allowDirectoryListing = 1;
} else {
allowDirectoryListing = 0;
}
} else if(strcmp(argv[argn], "-SP") == 0 && argn + 1 < argc) {
++argn;
sslPort = (unsigned short) atoi(argv[argn]);
} else {
usage();
}
++argn;
}
if(argn != argc) {
usage();
}
cp = strrchr(argv0, '/');
if(cp != (char*) 0) {
++cp;
} else {
cp = argv0;
}
openlog(cp, LOG_NDELAY|LOG_PID, LOG_DAEMON);
if(port == 0) {
if(sslPort != 0 && do_ssl) {
port = sslPort;
sslPort = 0;
}
if(do_ssl) {
port = DEFAULT_HTTPS_PORT;
} else {
port = DEFAULT_HTTP_PORT;
}
}
if(getuid() == 0) {
pwd = getpwnam(user);
if(pwd == (struct passwd*) 0) {
syslog(LOG_CRIT, "unknown user - '%s'", user);
(void) fprintf(stderr, "%s: unknown user - '%s'\n", argv0, user);
exit(1);
}
uid = pwd->pw_uid;
gid = pwd->pw_gid;
}
if(logfile != (char*) 0) {
logfp = fopen(logfile, "a");
if(logfp == (FILE*) 0) {
syslog(LOG_CRIT, "%s - %m", logfile);
perror(logfile);
exit(1);
}
if(logfile[0] != '/') {
syslog(LOG_WARNING, "logfile is not an absolute path, you may not be able to re-open it");
(void) fprintf(stderr, "%s: logfile is not an absolute path, you may not be able to re-open it\n", argv0);
}
if(getuid() == 0) {
if(fchown(fileno(logfp), uid, gid) < 0) {
syslog(LOG_WARNING, "fchown logfile - %m");
perror("fchown logfile");
}
}
}
lookup_hostname(&host_addr4, &host_addr4s, sizeof(struct sockaddr_in), &gotv4, &gotv4s, &host_addr6, &host_addr6s, sizeof(struct sockaddr_in6), &gotv6, &gotv6s);
if(hostname == (char*) 0) {
(void) gethostname(hostname_buf, sizeof(hostname_buf));
hostname = hostname_buf;
}
if(!( gotv4 || gotv4s || gotv6 || gotv6s)) {
syslog(LOG_CRIT, "can't find any valid address");
(void) fprintf(stderr, "%s: can't find any valid address\n", argv0);
exit(1);
}
listen6_fd = -1;
listen6s_fd = -1;
listen4_fd = -1;
listen4s_fd = -1;
if(gotv6) {
listen6_fd = initialize_listen_socket(&host_addr6);
}
if(gotv6s) {
listen6s_fd = initialize_listen_socket(&host_addr6s);
}
if(gotv4) {
listen4_fd = initialize_listen_socket(&host_addr4);
}
if(gotv4s) {
listen4s_fd = initialize_listen_socket(&host_addr4s);
}
if(listen4_fd == -1 && listen6_fd == -1 && listen4s_fd == -1 && listen6s_fd == -1) {
syslog(LOG_CRIT, "can't bind to any address");
(void) fprintf(stderr, "%s: can't bind to any address\n", argv0);
exit(1);
}
if(do_ssl) {
ssl_ctx = SSL_CTX_new(TLSv1_server_method());
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, 0);
if(certfile[0] != '\0') {
if(SSL_CTX_use_certificate_file(ssl_ctx, certfile, SSL_FILETYPE_PEM) != SSL_SUCCESS || SSL_CTX_use_PrivateKey_file(ssl_ctx, certfile, SSL_FILETYPE_PEM) != SSL_SUCCESS) {
syslog(LOG_CRIT, "can't load certificate and/or private key\n");
exit(1);
}
}
if(cipher != (char*) 0) {
if(SSL_CTX_set_cipher_list(ssl_ctx, cipher) <= 0) {
syslog(LOG_CRIT, "can't load certificate and/or private key\n");
exit(1);
}
}
}
if(!debug) {
if(daemon(1, 0) < 0) {
syslog(LOG_CRIT, "daemon - %m");
perror("daemon");
exit(1);
}
} else {
(void) setsid();
}
if(pidfile != (char*) 0) {
FILE* pidfp = fopen(pidfile, "w");
if(pidfp == (FILE*) 0) {
syslog(LOG_CRIT, "%s - %m", pidfile);
perror(pidfile);
exit(1);
}
(void) fprintf(pidfp, "%d\n", (int) getpid());
(void) fclose(pidfp);
}
tzset();
if(getuid() == 0) {
if(setgroups(0, (gid_t*) 0) < 0) {
syslog(LOG_CRIT, "setgroups - %m");
perror("setgroups");
exit(1);
}
if(setgid(gid) < 0) {
syslog(LOG_CRIT, "setgid - %m");
perror("setgid");
exit(1);
}
if(initgroups(user, gid ) < 0) {
syslog(LOG_ERR, "initgroups - %m");
perror("initgroups");
}
}
if(dir != (char*) 0) {
if(chdir(dir) < 0) {
syslog(LOG_CRIT, "chdir - %m");
perror("chdir");
exit(1);
}
}
if(getcwd(cwd, sizeof(cwd) - 1) == NULL) { ; }
if(cwd[strlen(cwd) - 1] != '/') {
(void) strcat( cwd, "/" );
}
if(data_dir != (char*) 0) {
if(chdir(data_dir) < 0) {
syslog(LOG_CRIT, "data_dir chdir - %m");
perror("data_dir chdir");
exit(1);
}
}
if(getuid() == 0) {
if(setuid(uid) < 0) {
syslog(LOG_CRIT, "setuid - %m");
perror("setuid");
exit(1);
}
}
(void) signal(SIGTERM, handle_sigterm);
(void) signal(SIGINT, handle_sigterm);
(void) signal(SIGUSR1, handle_sigterm);
(void) signal(SIGHUP, handle_sighup);
(void) signal(SIGCHLD, handle_sigchld);
(void) signal(SIGPIPE, SIG_IGN);
got_hup = 0;
init_mime();
if(hostname == (char*) 0) {
syslog(LOG_NOTICE, "%.80s starting on port %d", SERVER_SOFTWARE, (int) port);
} else {
syslog(LOG_NOTICE, "%.80s starting on %.80s, port %d", SERVER_SOFTWARE, hostname, (int) port);
}
for(;;) {
int is_ssl;
unsigned short conn_port;
if(got_hup) {
reopen_logfile();
got_hup = 0;
}
FD_ZERO(&lfdset);
maxfd = -1;
if(listen4_fd != -1) {
FD_SET(listen4_fd, &lfdset);
if(listen4_fd > maxfd) {
maxfd = listen4_fd;
}
}
if(listen4s_fd != -1) {
FD_SET(listen4s_fd, &lfdset);
if(listen4s_fd > maxfd) {
maxfd = listen4s_fd;
}
}
if(listen6_fd != -1) {
FD_SET(listen6_fd, &lfdset);
if(listen6_fd > maxfd) {
maxfd = listen6_fd;
}
}
if(listen6s_fd != -1) {
FD_SET(listen6s_fd, &lfdset);
if(listen6s_fd > maxfd) {
maxfd = listen6s_fd;
}
}
if(select(maxfd + 1, &lfdset, (fd_set*) 0, (fd_set*) 0, (struct timeval*) 0) < 0) {
if(errno == EINTR || errno == EAGAIN) {
continue;
}
syslog(LOG_CRIT, "select - %m");
perror("select");
exit(1);
}
is_ssl= 0;
conn_port = port;
if(do_ssl) {
if(sslPort == 0) {
is_ssl= 1;
} else if(listen4s_fd != -1 && FD_ISSET(listen4s_fd, &lfdset)) {
is_ssl = 1;
conn_port = sslPort;
} else if(listen6s_fd != -1 && FD_ISSET(listen6s_fd, &lfdset)) {
is_ssl = 1;
conn_port = sslPort;
}
}
sz = sizeof(usa);
if(listen4_fd != -1 && FD_ISSET(listen4_fd, &lfdset)) {
conn_fd = accept(listen4_fd, &usa.sa, &sz);
} else if(listen4s_fd != -1 && FD_ISSET(listen4s_fd, &lfdset)) {
conn_fd = accept(listen4s_fd, &usa.sa, &sz);
} else if(listen6_fd != -1 && FD_ISSET(listen6_fd, &lfdset)) {
conn_fd = accept(listen6_fd, &usa.sa, &sz);
} else if(listen6s_fd != -1 && FD_ISSET(listen6s_fd, &lfdset)) {
conn_fd = accept(listen6s_fd, &usa.sa, &sz);
} else {
syslog(LOG_CRIT, "select failure");
(void) fprintf(stderr, "%s: select failure\n", argv0);
exit(1);
}
if(conn_fd < 0) {
if(errno == EINTR || errno == EAGAIN) {
continue;
}
#ifdef EPROTO
if(errno == EPROTO) {
continue;
}
#endif
syslog(LOG_CRIT, "accept - %m");
perror("accept");
exit(1);
}
r = fork();
if(r < 0) {
syslog(LOG_CRIT, "fork - %m");
perror("fork");
exit(1);
}
if(r == 0) {
client_addr = usa;
if(listen4_fd != -1) {
(void) close(listen4_fd);
}
if(listen4s_fd != -1) {
(void) close(listen4s_fd);
}
if(listen6_fd != -1) {
(void) close(listen6_fd);
}
if(listen6s_fd != -1) {
(void) close(listen6s_fd);
}
handle_request(is_ssl, conn_port);
exit(0);
}
(void) close(conn_fd);
}
}
static char** make_argp(void) {
char** argp;
int argn;
char* cp1;
char* cp2;
argp = (char**) malloc((strlen(query) + 2) * sizeof(char*));
if(argp == NULL) {
return NULL;
}
argp[0] = strrchr(file, '/');
if(argp[0] != NULL) {
++argp[0];
} else {
argp[0] = file;
}
argn = 1;
if(strchr(query, '=') == NULL) {
for(cp1 = cp2 = query; *cp2 != '\0'; ++cp2) {
if(*cp2 == '+') {
*cp2 = '\0';
strdecode(cp1, cp1);
argp[argn++] = cp1;
cp1 = cp2 + 1;
}
}
if(cp2 != cp1) {
strdecode(cp1, cp1);
argp[argn++] = cp1;
}
}
argp[argn] = (char*) 0;
return argp;
}
static char** make_envp(int is_ssl, unsigned short conn_port) {
static char* envp[50];
int envn;
char* cp;
char buf[256];
envn = 0;
envp[envn++] = build_env("PATH=%s", CGI_PATH);
envp[envn++] = build_env("LD_LIBRARY_PATH=%s", CGI_LD_LIBRARY_PATH);
envp[envn++] = build_env("SERVER_SOFTWARE=%s", SERVER_SOFTWARE);
envp[envn++] = build_env("WWW_LANGUAGE=%s", language);
cp = hostname;
if(cp != (char*) 0) {
envp[envn++] = build_env("SERVER_NAME=%s", cp);
}
envp[envn++] = "GATEWAY_INTERFACE=CGI/1.1";
envp[envn++] = "SERVER_PROTOCOL=HTTP/1.0";
(void) snprintf(buf, sizeof(buf), "%d", (int) conn_port);
envp[envn++] = build_env("SERVER_PORT=%s", buf);
envp[envn++] = build_env("REQUEST_METHOD=%s", get_method_str(method));
envp[envn++] = build_env("SCRIPT_NAME=%s", path);
if(pathinfo != (char*) 0) {
envp[envn++] = build_env("PATH_INFO=/%s", pathinfo);
(void) snprintf(buf, sizeof(buf), "%s%s", cwd, pathinfo);
envp[envn++] = build_env("PATH_TRANSLATED=%s", buf);
}
if(query[0] != '\0') {
envp[envn++] = build_env("QUERY_STRING=%s", query);
}
envp[envn++] = build_env("REMOTE_ADDR=%s", ntoa(&client_addr));
if(referer[0] != '\0') {
envp[envn++] = build_env("HTTP_REFERER=%s", referer);
}
if(useragent[0] != '\0') {
envp[envn++] = build_env("HTTP_USER_AGENT=%s", useragent);
}
if(cookie != (char*) 0) {
envp[envn++] = build_env("HTTP_COOKIE=%s", cookie);
}
if(host != (char*) 0) {
envp[envn++] = build_env("HTTP_HOST=%s", host);
}
if(content_type != (char*) 0) {
envp[envn++] = build_env("CONTENT_TYPE=%s", content_type);
}
if(content_length != -1) {
(void) snprintf(buf, sizeof(buf), "%lu", (unsigned long) content_length);
envp[envn++] = build_env("CONTENT_LENGTH=%s", buf);
}
if(remoteuser != (char*) 0) {
envp[envn++] = build_env("REMOTE_USER=%s", remoteuser);
}
if(authorization != (char*) 0) {
envp[envn++] = build_env("AUTH_TYPE=%s", "Basic");
}
if(getenv("TZ") != (char*) 0) {
envp[envn++] = build_env("TZ=%s", getenv("TZ"));
}
envp[envn] = (char*) 0;
return envp;
}
static void make_log_entry(void) {
char* ru;
char url[500];
char bytes_str[40];
time_t now;
struct tm* t;
const char* cernfmt_nozone = "%d/%b/%Y:%H:%M:%S";
char date_nozone[100];
int zone;
char sign;
char date[100];
if(logfp == (FILE*) 0) {
return;
}
if(protocol == (char*) 0) {
protocol = "UNKNOWN";
}
if(path == (char*) 0) {
path = "";
}
if(remoteuser != (char*) 0) {
ru = remoteuser;
} else {
ru = "-";
}
now = time((time_t*) 0);
(void) snprintf(url, sizeof(url), "%s", path);
if(bytes >= 0) {
(void) snprintf(bytes_str, sizeof(bytes_str), "%lld", (long long int) bytes );
} else {
(void) strcpy(bytes_str, "-");
}
t = localtime(&now);
(void) strftime(date_nozone, sizeof(date_nozone), cernfmt_nozone, t);
zone = t->tm_gmtoff / 60L;
if(zone >= 0) {
sign = '+';
} else {
sign = '-';
zone = -zone;
}
zone = (zone / 60) * 100 + zone % 60;
(void) snprintf(date, sizeof(date), "%s %c%04d", date_nozone, sign, zone);
(void) fprintf(logfp, "%.80s - %.80s [%s] \"%.80s %.200s %.80s\" %d %s \"%.200s\" \"%.200s\"\n", ntoa(&client_addr), ru, date, get_method_str(method), url, protocol, status, bytes_str, referer, useragent);
(void) fflush(logfp);
}
static ssize_t my_read(char* buf, size_t size, int is_ssl) {
if(is_ssl) {
return SSL_read(ssl, buf, size);
} else {
return read(conn_fd, buf, size);
}
}
static ssize_t my_write(char* buf, size_t size, int is_ssl) {
if(is_ssl) {
return SSL_write(ssl, buf, size);
} else {
return write(conn_fd, buf, size);
}
}
static void no_value_required(char* name, char* value) {
if(value != (char*) 0) {
(void) fprintf(stderr, "%s: no value required for %s option\n", argv0, name);
exit(1);
}
}
static char* ntoa(usockaddr* usaP) {
static char str[200];
if(getnameinfo(&usaP->sa, sockaddr_len(usaP), str, sizeof(str), 0, 0, NI_NUMERICHOST) != 0) {
str[0] = '?';
str[1] = '\0';
} else if(IN6_IS_ADDR_V4MAPPED(&usaP->sa_in6.sin6_addr) && strncmp(str, "::ffff:", 7) == 0) {
(void) strcpy(str, &str[7]);
}
return str;
}
static void post_post_garbage_hack(int is_ssl) {
char buf[2];
if(is_ssl) {
return;
}
set_ndelay(conn_fd);
if(read(conn_fd, buf, sizeof(buf)) < 0) { ; };
clear_ndelay(conn_fd);
}
static void read_config(char* filename) {
FILE* fp;
char line[10000];
char* cp;
char* cp2;
char* name;
char* value;
fp = fopen(filename, "r");
if(fp == (FILE*) 0) {
syslog(LOG_CRIT, "%s - %m", filename);
perror(filename);
exit(1);
}
while(fgets(line, sizeof(line), fp) != (char*) 0) {
if((cp = strchr(line, '#')) != (char*) 0) {
*cp = '\0';
}
cp = line;
cp += strspn(cp, " \t\012\015");
while(*cp != '\0') {
cp2 = cp + strcspn(cp, " \t\012\015");
while(*cp2 == ' ' || *cp2 == '\t' || *cp2 == '\012' || *cp2 == '\015') {
*cp2++ = '\0';
}
name = cp;
value = strchr(name, '=');
if(value != (char*) 0) {
*value++ = '\0';
}
if(strcasecmp(name, "debug") == 0) {
no_value_required(name, value);
debug = 1;
} else if(strcasecmp(name, "port") == 0) {
value_required(name, value);
port = (unsigned short) atoi(value);
} else if(strcasecmp(name, "dir") == 0) {
value_required(name, value);
dir = e_strdup(value);
} else if(strcasecmp(name, "data_dir") == 0) {
value_required(name, value);
data_dir = e_strdup(value);
} else if(strcasecmp(name, "user") == 0) {
value_required(name, value);
user = e_strdup(value);
} else if(strcasecmp(name, "cgipat") == 0) {
value_required(name, value);
cgi_pattern = e_strdup(value);
} else if(strcasecmp(name, "urlpat") == 0) {
value_required(name, value);
url_pattern = e_strdup(value);
} else if(strcasecmp(name, "noemptyreferers") == 0) {
value_required(name, value);
no_empty_referers = 1;
} else if(strcasecmp(name, "localpat") == 0) {
value_required(name, value);
local_pattern = e_strdup(value);
} else if(strcasecmp(name, "host") == 0) {
value_required(name, value);
hostname = e_strdup(value);
} else if(strcasecmp(name, "logfile") == 0) {
value_required(name, value);
logfile = e_strdup(value);
} else if(strcasecmp(name, "pidfile") == 0) {
value_required(name, value);
pidfile = e_strdup(value);
} else if(strcasecmp(name, "charset") == 0) {
value_required(name, value);
charset = e_strdup(value);
} else if(strcasecmp(name, "p3p") == 0) {
value_required(name, value);
p3p = e_strdup(value);
} else if(strcasecmp(name, "max_age") == 0) {
value_required(name, value);
max_age = atoi(value);
} else if(strcasecmp(name, "default_realm_name") == 0) {
value_required(name, value);
defaultRealmName = e_strdup(value);
} else if(strcasecmp(name, "default_realm_password_file") == 0) {
value_required(name, value);
defaultRealmPasswordFile = e_strdup(value);
} else if(strcasecmp(name, "default_page_file") == 0) {
value_required(name, value);
defaultPageFile = e_strdup(value);
} else if(strcasecmp(name, "page_not_found_file") == 0) {
value_required(name, value);
pageNotFoundFile = e_strdup(value);
} else if(strcasecmp(name, "allow_directory_listing") == 0) {
value_required(name, value);
if(strcmp(value, "1") == 0 || strcmp(value, "true") == 0 || strcmp(value, "TRUE") == 0 || strcmp(value, "yes") == 0 || strcmp(value, "YES") == 0) {
allowDirectoryListing = 1;
} else {
allowDirectoryListing = 0;
}
} else if(strcasecmp(name, "ssl") == 0) {
no_value_required(name, value);
do_ssl = 1;
} else if(strcasecmp(name, "certfile") == 0) {
value_required(name, value);
certfile = e_strdup(value);
} else if(strcasecmp(name, "cipher") == 0) {
value_required(name, value);
cipher = e_strdup(value);
} else {
(void) fprintf(stderr, "%s: unknown config option '%s'\n", argv0, name);
exit(1);
}
cp = cp2;
cp += strspn(cp, " \t\012\015");
}
}
(void) fclose(fp);
}
static int really_check_referer(void) {
char* cp1;
char* cp2;
char* cp3;
char* refhost;
char *lp;
if(referer == (char*) 0 || referer[0] == '\0' || (cp1 = strstr(referer, "//")) == (char*) 0) {
if(no_empty_referers && match(url_pattern, path)) {
return 0;
} else {
return 1;
}
}
cp1 += 2;
for(cp2 = cp1; *cp2 != '/' && *cp2 != ':' && *cp2 != '\0'; ++cp2) {
continue;
}
refhost = (char*) e_malloc(cp2 - cp1 + 1);
for(cp3 = refhost; cp1 < cp2; ++cp1, ++cp3) {
if(isupper(*cp1)) {
*cp3 = tolower(*cp1);
} else {
*cp3 = *cp1;
}
}
*cp3 = '\0';
if(local_pattern != (char*) 0) {
lp = local_pattern;
} else {
lp = hostname;
if(lp == (char*) 0) {
return 1;
}
}
if(!match(lp, refhost) && match(url_pattern, path)) {
return 0;
} else {
return 1;
}
}
static void reopen_logfile(void) {
if(logfp != (FILE*) 0) {
(void) fclose(logfp);
logfp = (FILE*) 0;
}
if(logfile != (char*) 0) {
syslog(LOG_NOTICE, "re-opening logfile");
logfp = fopen(logfile, "a");
if(logfp == (FILE*) 0) {
syslog(LOG_CRIT, "%s - %m", logfile);
perror(logfile);
exit(1);
}
}
}
static void send_authenticate(char* realm, int is_ssl) {
char header[10000];
(void) snprintf(header, sizeof(header), "WWW-Authenticate: Basic realm=\"%s\"", realm);
send_error(401, "Unauthorized", header, "Authorization required.", is_ssl);
}
static void send_error(int s, char* title, char* extra_header, char* text, int is_ssl) {
add_headers(s, title, extra_header, "", "text/html; charset=%s", (off_t) -1, (time_t) -1);
send_error_body(s, title, text);
send_error_tail();
send_response(is_ssl);
SSL_free(ssl);
exit(1);
}
static void send_error_body(int s, char* title, char* text) {
char filename[1000];
char buf[10000];
int buflen;
(void) snprintf(filename, sizeof(filename), "%s/err%d.html", ERR_DIR, s);
if(send_error_file(filename)) {
return;
}
buflen = snprintf(buf, sizeof(buf), "<html>\n<head><title>Error %d - %s</title></head>\n<body bgcolor=\"#cc9999\" text=\"#000000\">\n<h2>Error %d</h2>\n", s, title, s);
add_to_response(buf, buflen);
buflen = snprintf(buf, sizeof(buf), "%s\n", text);
add_to_response(buf, buflen);
}
static int send_error_file(char* filename) {
FILE* fp;
char buf[1000];
size_t r;
fp = fopen(filename, "r");
if(fp == (FILE*) 0) {
return 0;
}
for(;;) {
r = fread(buf, 1, sizeof(buf), fp);
if(r == 0) {
break;
}
add_to_response(buf, r);
}
(void) fclose(fp);
return 1;
}
static void send_error_tail(void) {
char buf[500];
int buflen;
if(match("**MSIE**", useragent)) {
int n;
buflen = snprintf(buf, sizeof(buf), "<!--\n");
add_to_response(buf, buflen);
for(n = 0; n < 6; ++n) {
buflen = snprintf(buf, sizeof(buf), "Padding so that MSIE deigns to show this error instead of its own canned one.\n");
add_to_response(buf, buflen);
}
buflen = snprintf(buf, sizeof(buf), "-->\n");
add_to_response(buf, buflen);
}
buflen = snprintf(buf, sizeof(buf), "<hr>\n%s\n</body>\n</html>\n", SERVER_SOFTWARE);
add_to_response(buf, buflen);
}
static void send_redirect(char* extra_header, char* hostname, char* new_location, int is_ssl) {
char extra_header_buf[5000];
const char *sep = new_location[0] == '/' ? "" : "/";
const char *proto = is_ssl == 1 ? "https://" : "http://";
extra_header = extra_header == NULL ? "" : extra_header;
if(strcmp(extra_header, "") == 0) {
sprintf(extra_header_buf, "Location: %s%s%s%s", proto, hostname, sep, new_location);
} else {
sprintf(extra_header_buf, "%s\r\nLocation: %s%s%s%s", extra_header, proto, hostname, sep, new_location);
}
add_headers(301, "Moved Permanently", extra_header_buf, "", "text/html; charset=%s", (off_t) -1, (time_t) -1);
send_error_body(301, "Moved Permanently", "Moved Permanently");
send_error_tail();
send_response(is_ssl);
SSL_free(ssl);
exit(1);
}
static void send_response(is_ssl) {
(void) my_write(response, response_len, is_ssl);
}
static void send_via_write(int fd, off_t size, int is_ssl) {
if(size <= SIZE_T_MAX) {
size_t size_size = (size_t) size;
void* ptr = mmap(0, size_size, PROT_READ, MAP_PRIVATE, fd, 0);
if(ptr != (void*) -1) {
(void) my_write(ptr, size_size, is_ssl);
(void) munmap(ptr, size_size);
}
#ifdef MADV_SEQUENTIAL
(void) madvise(ptr, size_size, MADV_SEQUENTIAL);
#endif
} else {
char buf[30000];
ssize_t r, r2;
for(;;) {
r = read(fd, buf, sizeof(buf));
if(r < 0 && (errno == EINTR || errno == EAGAIN)) {
sleep(1);
continue;
}
if(r <= 0) {
return;
}
for(;;) {
r2 = my_write(buf, r, is_ssl);
if(r2 < 0 && (errno == EINTR || errno == EAGAIN)) {
sleep(1);
continue;
}
if(r2 != r) {
return;
}
break;
}
}
}
}
static void set_ndelay(int fd) {
int flags, newflags;
flags = fcntl(fd, F_GETFL, 0);
if(flags != -1) {
newflags = flags | (int) O_NDELAY;
if(newflags != flags) {
(void) fcntl(fd, F_SETFL, newflags);
}
}
}
static int sockaddr_check(usockaddr* usaP) {
switch (usaP->sa.sa_family) {
case AF_INET:
return 1;
case AF_INET6:
return 1;
default:
return 0;
}
}
static size_t sockaddr_len(usockaddr* usaP) {
switch(usaP->sa.sa_family) {
case AF_INET:
return sizeof(struct sockaddr_in);
case AF_INET6:
return sizeof(struct sockaddr_in6);
default:
return 0;
}
}
static void start_request(void) {
request_size = 0;
request_idx = 0;
}
static void start_response(void) {
response_size = 0;
}
static void strdecode(char* to, char* from) {
for(; *from != '\0'; ++to, ++from) {
if(from[0] == '%' && isxdigit(from[1]) && isxdigit(from[2])) {
*to = hexit(from[1]) * 16 + hexit(from[2]);
from += 2;
} else {
*to = *from;
}
}
*to = '\0';
}
static void strencode(char* to, size_t tosize, const char* from) {
int tolen;
for(tolen = 0; *from != '\0' && tolen + 4 < tosize; ++from) {
if(isalnum(*from) || strchr("/_.-~", *from) != (char*) 0) {
*to = *from;
++to;
++tolen;
} else {
(void) sprintf(to, "%%%02x", (int) *from & 0xff);
to += 3;
tolen += 3;
}
}
*to = '\0';
}
static void usage(void) {
(void) fprintf(stderr, "Usage: %s [-C configfile] [-D] [-S use ssl, if no ssl port is specified all connections will be SSL] [-E certfile] [-SP ssl port] [-Y cipher] [-p port] [-d dir] [-dd data_dir] [-c cgipat] [-u user] [-h hostname] [-l logfile] [-i pidfile] [-T charset] [-L language] [-P P3P] [-M maxage] [-DRN default realm name] [-DRP default realm password file] [-DPF default page file] [-PNF Page to load when 404 Not Found error occurs] \n", argv0);
exit(1);
}
static void value_required(char* name, char* value) {
if(value == (char*) 0) {
(void) fprintf(stderr, "%s: value required for %s option\n", argv0, name);
exit(1);
}
}