File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / axTLS / httpd / proc.c
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Fri Sep 28 11:55:55 2012 UTC (12 years, 3 months ago) by misho
Branches: v1_4_8, MAIN
CVS tags: datecs, HEAD
axTLS

/*
 * Copyright (c) Cameron Rich
 * 
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met:
 *
 * * Redistributions of source code must retain the above copyright notice, 
 *   this list of conditions and the following disclaimer.
 * * Redistributions in binary form must reproduce the above copyright notice, 
 *   this list of conditions and the following disclaimer in the documentation 
 *   and/or other materials provided with the distribution.
 * * Neither the name of the axTLS project nor the names of its contributors 
 *   may be used to endorse or promote products derived from this software 
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <time.h>
#include <string.h>
#include "axhttp.h"

#define HTTP_VERSION        "HTTP/1.1"

static const char * index_file = "index.html";
static const char * rfc1123_format = "%a, %d %b %Y %H:%M:%S GMT";

static int special_read(struct connstruct *cn, void *buf, size_t count);
static int special_write(struct connstruct *cn, 
                                        const char *buf, size_t count);
static void send_error(struct connstruct *cn, int err);
static int hexit(char c);
static void urldecode(char *buf);
static void buildactualfile(struct connstruct *cn);
static int sanitizefile(const char *buf);
static int sanitizehost(char *buf);
static int htaccess_check(struct connstruct *cn);
static const char *getmimetype(const char *name);

#if defined(CONFIG_HTTP_DIRECTORIES)
static void urlencode(const uint8_t *s, char *t);
static void procdirlisting(struct connstruct *cn);
#endif
#if defined(CONFIG_HTTP_HAS_CGI)
static void proccgi(struct connstruct *cn);
static void decode_path_info(struct connstruct *cn, char *path_info);
static int init_read_post_data(char *buf, char *data, struct connstruct *cn, int old_rv);
#endif
#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
static int auth_check(struct connstruct *cn);
#endif

#if AXDEBUG
#define AXDEBUGSTART \
	{ \
		FILE *axdout; \
		axdout = fopen("/var/log/axdebug", "a"); \
	
#define AXDEBUGEND \
		fclose(axdout); \
	}
#else /* AXDEBUG */
#define AXDEBUGSTART
#define AXDEBUGEND
#endif /* AXDEBUG */

/* Returns 1 if elems should continue being read, 0 otherwise */
static int procheadelem(struct connstruct *cn, char *buf) 
{
    char *delim, *value;

    if ((delim = strchr(buf, ' ')) == NULL)
        return 0;

    *delim = 0;
    value = delim+1;

    if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 ||
                                            strcmp(buf, "POST") == 0) 
    {
        if (buf[0] == 'H') 
            cn->reqtype = TYPE_HEAD;
        else if (buf[0] == 'P') 
            cn->reqtype = TYPE_POST;

        if ((delim = strchr(value, ' ')) == NULL)       /* expect HTTP type */
            return 0;

        *delim++ = 0;
        urldecode(value);

        if (sanitizefile(value) == 0) 
        {
            send_error(cn, 403);
            return 0;
        }

#if defined(CONFIG_HTTP_HAS_CGI)
        decode_path_info(cn, value);
#else
        my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
#endif
        cn->if_modified_since = -1;
        if (strcmp(delim, "HTTP/1.0") == 0) /* v1.0 HTTP? */
            cn->is_v1_0 = 1;
    } 
    else if (strcasecmp(buf, "Host:") == 0) 
    {
        if (sanitizehost(value) == 0) 
        {
            removeconnection(cn);
            return 0;
        }

        my_strncpy(cn->server_name, value, MAXREQUESTLENGTH);
    } 
    else if (strcasecmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0) 
    {
        cn->close_when_done = 1;
    } 
    else if (strcasecmp(buf, "If-Modified-Since:") == 0) 
    {
        cn->if_modified_since = tdate_parse(value);
    }
    else if (strcasecmp(buf, "Expect:") == 0)
    {
		/* supposed to be safe to ignore 100-continue */
		if (strcasecmp(value, "100-continue") != 0) {
			send_error(cn, 417); /* expectation failed */
			return 0;
		}
    }
#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
    else if (strcasecmp(buf, "Authorization:") == 0 &&
                                    strncmp(value, "Basic ", 6) == 0)
    {
        int size = sizeof(cn->authorization);
        if (base64_decode(&value[6], strlen(&value[6]), 
                                        (uint8_t *)cn->authorization, &size))
            cn->authorization[0] = 0;   /* error */
        else
            cn->authorization[size] = 0;
    }
#endif
#if defined(CONFIG_HTTP_HAS_CGI)
    else if (strcasecmp(buf, "Content-Length:") == 0)
    {
        sscanf(value, "%d", &cn->content_length);
    }
    else if (strcasecmp(buf, "Content-Type:") == 0)
    {
        my_strncpy(cn->cgicontenttype, value, MAXREQUESTLENGTH);
    }
    else if (strcasecmp(buf, "Cookie:") == 0)
    {
        my_strncpy(cn->cookie, value, MAXREQUESTLENGTH);
    }
#endif

    return 1;
}

#if defined(CONFIG_HTTP_DIRECTORIES)
static void procdirlisting(struct connstruct *cn)
{
    char buf[MAXREQUESTLENGTH];
    char actualfile[1024];

    if (cn->reqtype == TYPE_HEAD) 
    {
        snprintf(buf, sizeof(buf), HTTP_VERSION
                " 200 OK\nContent-Type: text/html\n\n");
        write(cn->networkdesc, buf, strlen(buf));
        removeconnection(cn);
        return;
    }

    strcpy(actualfile, cn->actualfile);

#ifdef WIN32
    strcat(actualfile, "*");
    cn->dirp = FindFirstFile(actualfile, &cn->file_data);

    if (cn->dirp == INVALID_HANDLE_VALUE) 
    {
        send_error(cn, 404);
        return;
    }
#else
    if ((cn->dirp = opendir(actualfile)) == NULL) 
    {
        send_error(cn, 404);
        return;
    }
#endif

    snprintf(buf, sizeof(buf), HTTP_VERSION
            " 200 OK\nContent-Type: text/html\n\n"
            "<html><body>\n<title>Directory Listing</title>\n"
            "<h3>Directory listing of %s://%s%s</h3><br />\n", 
            cn->is_ssl ? "https" : "http", cn->server_name, cn->filereq);
    special_write(cn, buf, strlen(buf));
    cn->state = STATE_DOING_DIR;
}

void procdodir(struct connstruct *cn) 
{
#ifndef WIN32
    struct dirent *dp;
#endif
    char buf[MAXREQUESTLENGTH];
    char encbuf[1024];
    char *file;

    do 
    {
       buf[0] = 0;

#ifdef WIN32
        if (!FindNextFile(cn->dirp, &cn->file_data)) 
#else
        if ((dp = readdir(cn->dirp)) == NULL)  
#endif
        {
            snprintf(buf, sizeof(buf), "</body></html>\n");
            special_write(cn, buf, strlen(buf));
            removeconnection(cn);
#ifndef WIN32
            closedir(cn->dirp);
#endif
            return;
        }

#ifdef WIN32
        file = cn->file_data.cFileName;
#else
        file = dp->d_name;
#endif

        /* if no index file, don't display the ".." directory */
        if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
                strcmp(file, "..") == 0) 
            continue;

        /* don't display files beginning with "." */
        if (file[0] == '.' && file[1] != '.')
            continue;

        /* make sure a '/' is at the end of a directory */
        if (cn->filereq[strlen(cn->filereq)-1] != '/')
            strcat(cn->filereq, "/");

        /* see if the dir + file is another directory */
        snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
        if (isdir(buf))
            strcat(file, "/");

        urlencode((uint8_t *)file, encbuf);
        snprintf(buf, sizeof(buf), "<a href=\"%s%s\">%s</a><br />\n",
                cn->filereq, encbuf, file);
    } while (special_write(cn, buf, strlen(buf)));
}

/* Encode funny chars -> %xx in newly allocated storage */
/* (preserves '/' !) */
static void urlencode(const uint8_t *s, char *t) 
{
    const uint8_t *p = s;
    char *tp = t;

    for (; *p; p++) 
    {
        if ((*p > 0x00 && *p < ',') ||
                (*p > '9' && *p < 'A') ||
                (*p > 'Z' && *p < '_') ||
                (*p > '_' && *p < 'a') ||
                (*p > 'z' && *p < 0xA1)) 
        {
            sprintf((char *)tp, "%%%02X", *p);
            tp += 3; 
        } 
        else 
        {
            *tp = *p;
            tp++;
        }
    }

    *tp='\0';
}

#endif

void procreadhead(struct connstruct *cn) 
{
    char buf[MAXREADLENGTH], *tp, *next;
    int rv;

    memset(buf, 0, sizeof(buf));
    rv = special_read(cn, buf, sizeof(buf)-1);
    if (rv <= 0) 
    {
        if (rv < 0 || !cn->is_ssl) /* really dead? */
            removeconnection(cn);
        return;
    }

    buf[rv] = '\0';
    next = tp = buf;

#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
    cn->authorization[0] = 0;
#endif

    /* Split up lines and send to procheadelem() */
    while (*next != '\0') 
    {
        /* If we have a blank line, advance to next stage */
        if (*next == '\r' || *next == '\n') 
        {
#if defined(CONFIG_HTTP_HAS_CGI)
            if (cn->reqtype == TYPE_POST && cn->content_length > 0)
            {
                if (init_read_post_data(buf, next, cn, rv) == 0)
                    return;
            }
#endif

            buildactualfile(cn);
            cn->state = STATE_WANT_TO_SEND_HEAD;
            return;
        }

        while (*next != '\r' && *next != '\n' && *next != '\0') 
            next++;

        if (*next == '\r') 
        {
            *next = '\0';
            next += 2;
        }
        else if (*next == '\n') 
            *next++ = '\0';

        if (procheadelem(cn, tp) == 0) 
            return;

        tp = next;
    }
}

/* In this function we assume that the file has been checked for
 * maliciousness (".."s, etc) and has been decoded
 */
void procsendhead(struct connstruct *cn) 
{
    char buf[MAXREQUESTLENGTH];
    struct stat stbuf;
    time_t t_time;
    struct tm *ptm;
    char date[32];
    char last_modified[32];
    char expires[32];
    int file_exists;

    /* are we trying to access a file over the HTTP connection instead of a
     * HTTPS connection? Or is this directory disabled? */
    if (htaccess_check(cn))      
    {
        send_error(cn, 403);
        return;
    }

#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
    if (auth_check(cn))     /* see if there is a '.htpasswd' file */
    {
#ifdef CONFIG_HTTP_VERBOSE
        printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
#endif
        removeconnection(cn);
        return;
    }
#endif

    file_exists = stat(cn->actualfile, &stbuf);

#if defined(CONFIG_HTTP_HAS_CGI)
    if (file_exists != -1 && cn->is_cgi)
    {
        proccgi(cn);
        return;
    }
#endif

    /* look for "index.html"? */
    if (isdir(cn->actualfile))
    {
        char tbuf[MAXREQUESTLENGTH];
        snprintf(tbuf, MAXREQUESTLENGTH, "%s%s", cn->actualfile, index_file);

        if ((file_exists = stat(tbuf, &stbuf)) != -1) 
            my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
        else
        {
#if defined(CONFIG_HTTP_DIRECTORIES)
            /* If not, we do a directory listing of it */
            procdirlisting(cn);
#else
            send_error(cn, 404);
#endif
            return;
        }
    }

    if (file_exists == -1)
    {
        send_error(cn, 404);
        return;
    }


    time(&t_time);
    ptm = gmtime(&t_time);
    strftime(date, sizeof(date), rfc1123_format, ptm);

    /* has the file been read before? */
    if (cn->if_modified_since != -1)  
                                       
    {
        ptm = gmtime(&stbuf.st_mtime);
        t_time = mktime(ptm);

        if (cn->if_modified_since >= t_time)
        {
            snprintf(buf, sizeof(buf), HTTP_VERSION" 304 Not Modified\nServer: "
                "%s\nDate: %s\n\n", server_version, date);
            special_write(cn, buf, strlen(buf));
            cn->state = STATE_WANT_TO_READ_HEAD;
            return;
        }
    }

    if (cn->reqtype == TYPE_HEAD) 
    {
        removeconnection(cn);
        return;
    } 
    else 
    {
        int flags = O_RDONLY;
#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
        flags |= O_BINARY;
#endif
        cn->filedesc = open(cn->actualfile, flags);

        if (cn->filedesc < 0) 
        {
            send_error(cn, 404);
            return;
        }

        ptm = gmtime(&stbuf.st_mtime);
        strftime(last_modified, sizeof(last_modified), rfc1123_format, ptm);
        t_time += CONFIG_HTTP_TIMEOUT;
        ptm = gmtime(&t_time);
        strftime(expires, sizeof(expires), rfc1123_format, ptm);

        snprintf(buf, sizeof(buf), HTTP_VERSION" 200 OK\nServer: %s\n"
            "Content-Type: %s\nContent-Length: %ld\n"
            "Date: %s\nLast-Modified: %s\nExpires: %s\n\n", server_version,
            getmimetype(cn->actualfile), (long) stbuf.st_size,
            date, last_modified, expires); 

        special_write(cn, buf, strlen(buf));

#ifdef CONFIG_HTTP_VERBOSE
        printf("axhttpd: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
        TTY_FLUSH();
#endif

#ifdef WIN32
        for (;;)
        {
            procreadfile(cn);
            if (cn->filedesc == -1)
                break;

            do 
            {
                procsendfile(cn);
            } while (cn->state != STATE_WANT_TO_READ_FILE);
        }
#else
        cn->state = STATE_WANT_TO_READ_FILE;
#endif
    }
}

void procreadfile(struct connstruct *cn) 
{
    int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);

    if (rv <= 0) 
    {
        close(cn->filedesc);
        cn->filedesc = -1;

        if (cn->close_when_done)        /* close immediately */
            removeconnection(cn);
        else 
        {
            if (cn->is_v1_0)    /* die now */
                removeconnection(cn);
            else                /* keep socket open - HTTP 1.1 */
            {
                cn->state = STATE_WANT_TO_READ_HEAD;
                cn->numbytes = 0;
            }
        }

        return;
    }

    cn->numbytes = rv;
    cn->state = STATE_WANT_TO_SEND_FILE;
}

void procsendfile(struct connstruct *cn) 
{
    int rv = special_write(cn, cn->databuf, cn->numbytes);

    if (rv < 0)
        removeconnection(cn);
    else if (rv == cn->numbytes)
    {
        cn->state = STATE_WANT_TO_READ_FILE;
    }
    else if (rv == 0)
    { 
        /* Do nothing */ 
    }
    else 
    {
        memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
        cn->numbytes -= rv;
    }
}

#if defined(CONFIG_HTTP_HAS_CGI)
/* Should this be a bit more dynamic? It would mean more calls to malloc etc */
#define CGI_ARG_SIZE        17

static void proccgi(struct connstruct *cn) 
{
    int tpipe[2], spipe[2];
    char *myargs[3];
    char cgienv[CGI_ARG_SIZE][MAXREQUESTLENGTH];
    char * cgiptr[CGI_ARG_SIZE+4];
    const char *type = "HEAD";
    int cgi_index = 0, i;
    pid_t pid;
#ifdef WIN32
    int tmp_stdout;
#endif

    snprintf(cgienv[0], MAXREQUESTLENGTH, 
            HTTP_VERSION" 200 OK\nServer: %s\n%s",
            server_version, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
    special_write(cn, cgienv[0], strlen(cgienv[0]));

    if (cn->reqtype == TYPE_HEAD) 
    {
        removeconnection(cn);
        return;
    }

#ifdef CONFIG_HTTP_VERBOSE
    printf("[CGI]: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
    TTY_FLUSH();
#endif

    /* win32 cgi is a bit too painful */
#ifndef WIN32
	/* set up pipe that is used for sending POST query data to CGI script*/
    if (cn->reqtype == TYPE_POST) 
    {
        if (pipe(spipe) == -1)
        {
            printf("[CGI]: could not create pipe");
            TTY_FLUSH();
            return;
        }
    }

	if (pipe(tpipe) == -1)
    {
        printf("[CGI]: could not create pipe");
        TTY_FLUSH();
        return;
    }

    /*
     * use vfork() instead of fork() for performance 
     */
    if ((pid = vfork()) > 0)  /* parent */
    {
        /* Send POST query data to CGI script */
        if ((cn->reqtype == TYPE_POST) && (cn->content_length > 0)) 
        {
            write(spipe[1], cn->post_data, cn->content_length);
            close(spipe[0]);	 
            close(spipe[1]);

            /* free the memory that is allocated in read_post_data() */
            free(cn->post_data); 
            cn->post_data = NULL;
        }

        /* Close the write descriptor */
        close(tpipe[1]);
        cn->filedesc = tpipe[0];
        cn->state = STATE_WANT_TO_READ_FILE;
        cn->close_when_done = 1;
        return;
    }

    if (pid < 0) /* vfork failed */
        exit(1);

    /* The problem child... */

    /* Our stdout/stderr goes to the socket */
    dup2(tpipe[1], 1);
    dup2(tpipe[1], 2);
    close(tpipe[0]);
    close(tpipe[1]);

    /* If it was a POST request, send the socket data to our stdin */
    if (cn->reqtype == TYPE_POST)  {
        dup2(spipe[0], 0);  
        close(spipe[0]);
        close(spipe[1]);
    } else    /* Otherwise we can shutdown the read side of the sock */
        shutdown(cn->networkdesc, 0);

    myargs[0] = CONFIG_HTTP_CGI_LAUNCHER;
    myargs[1] = cn->actualfile;
    myargs[2] = NULL;

    /* 
     * set the cgi args. A url is defined by:
     * http://$SERVER_NAME:$SERVER_PORT$SCRIPT_NAME$PATH_INFO?$QUERY_STRING
     * TODO: other CGI parameters?
     */
    sprintf(cgienv[cgi_index++], "SERVER_SOFTWARE=%s", server_version);
    strcpy(cgienv[cgi_index++], "DOCUMENT_ROOT=" CONFIG_HTTP_WEBROOT);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "SERVER_NAME=%s", cn->server_name);
    sprintf(cgienv[cgi_index++], "SERVER_PORT=%d", 
            cn->is_ssl ? CONFIG_HTTP_HTTPS_PORT : CONFIG_HTTP_PORT);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "REQUEST_URI=%s", cn->uri_request);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "SCRIPT_NAME=%s", cn->filereq);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "PATH_INFO=%s", cn->uri_path_info);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "QUERY_STRING=%s", cn->uri_query);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "REMOTE_ADDR=%s", cn->remote_addr);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "HTTP_COOKIE=%s", cn->cookie);  /* note: small size */
#if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "REMOTE_USER=%s", cn->authorization);
#endif

    switch (cn->reqtype)
    {
        case TYPE_GET: 
            type = "GET";
            break;

#if defined(CONFIG_HTTP_HAS_CGI)
        case TYPE_POST:
            type = "POST";
            sprintf(cgienv[cgi_index++], 
                        "CONTENT_LENGTH=%d", cn->content_length);
            snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
                        "CONTENT_TYPE=%s", cn->cgicontenttype);
            break;
#endif
    }

    sprintf(cgienv[cgi_index++], "REQUEST_METHOD=%s", type);

    if (cn->is_ssl)
        strcpy(cgienv[cgi_index++], "HTTPS=on");

    if (cgi_index >= CGI_ARG_SIZE)
    {
        printf("Content-type: text/plain\n\nToo many CGI args (%d, %d)\n",
                cgi_index, CGI_ARG_SIZE);
        _exit(1);
    }

    /* copy across the pointer indexes */
    for (i = 0; i < cgi_index; i++)
        cgiptr[i] = cgienv[i];

    cgiptr[i++] = "AUTH_TYPE=Basic";
    cgiptr[i++] = "GATEWAY_INTERFACE=CGI/1.1";
    cgiptr[i++] = "SERVER_PROTOCOL="HTTP_VERSION;
    cgiptr[i] = NULL;

    execve(myargs[0], myargs, cgiptr);
    printf("Content-type: text/plain\n\nshouldn't get here\n");
    _exit(1);
#endif
}

static char * cgi_filetype_match(struct connstruct *cn, const char *fn)
{
    struct cgiextstruct *tp = cgiexts;

    while (tp != NULL) 
    {
        char *t;

        if ((t = strstr(fn, tp->ext)) != NULL)
        {
            t += strlen(tp->ext);

            if (*t == '/' || *t == '\0')
                return t;
            else
                return NULL;

        }

        tp = tp->next;
    }

    return NULL;
}

static void decode_path_info(struct connstruct *cn, char *path_info)
{
    char *cgi_delim;

#if defined(CONFIG_HTTP_HAS_CGI)
    cn->is_cgi = 0;
#endif
    *cn->uri_request = '\0';
    *cn->uri_path_info = '\0';
    *cn->uri_query = '\0';

    my_strncpy(cn->uri_request, path_info, MAXREQUESTLENGTH);

    /* query info? */
    if ((cgi_delim = strchr(path_info, '?')))
    {
        *cgi_delim = '\0';
        my_strncpy(cn->uri_query, cgi_delim+1, MAXREQUESTLENGTH);
    }

#if defined(CONFIG_HTTP_HAS_CGI)
    if ((cgi_delim = cgi_filetype_match(cn, path_info)) != NULL)
    {
        cn->is_cgi = 1;     /* definitely a CGI script */

        /* path info? */
        if (*cgi_delim != '\0')
        {
            my_strncpy(cn->uri_path_info, cgi_delim, MAXREQUESTLENGTH);
            *cgi_delim = '\0';
        }
    }
#endif

    /* the bit at the start must be the script name */
    my_strncpy(cn->filereq, path_info, MAXREQUESTLENGTH);
}

static int init_read_post_data(char *buf, char *data, 
                                struct connstruct *cn, int old_rv)
{
   char *next = data;
   int rv = old_rv;
   char *post_data;

    /* Too much Post data to send. MAXPOSTDATASIZE should be 
       configured (now it can be changed in the header file) */
   if (cn->content_length > MAXPOSTDATASIZE) 
   {
       send_error(cn, 418);
       return 0;
   }
   
   /* remove CRLF */
   while ((*next == '\r' || *next == '\n') && (next < &buf[rv])) 
       next++;
   
   if (cn->post_data == NULL)
   {
       /* Allocate buffer for the POST data that will be used by proccgi 
          to send POST data to the CGI script */
       cn->post_data = (char *)ax_calloc(1, (cn->content_length + 1)); 
   }

   cn->post_state = 0;
   cn->post_read = 0;
   post_data = cn->post_data;

   while (next < &buf[rv])
   { 
       /* copy POST data to buffer */
       *post_data++ = *next++;
       cn->post_read++;
       if (cn->post_read == cn->content_length)
       { 
           /* No more POST data to be copied */
           *post_data = '\0';
           return 1;
       }
   }

   /* More POST data has to be read. read_post_data will continue with that */
   cn->post_state = 1;
   return 0;
}

void read_post_data(struct connstruct *cn)
{
    char buf[MAXREADLENGTH], *next;
    char *post_data;
    int rv;

    memset(buf, 0, sizeof(buf));
    rv = special_read(cn, buf, sizeof(buf)-1);
    if (rv <= 0) 
    {
        if (rv < 0 || !cn->is_ssl) /* really dead? */
            removeconnection(cn);
        return;
    }

    buf[rv] = '\0';
    next = buf;
    post_data = &cn->post_data[cn->post_read];

    while (next < &buf[rv])
    {
        *post_data++ = *next++;
        cn->post_read++;

        if (cn->post_read == cn->content_length)
        {  
            /* No more POST data to be copied */
            *post_data='\0';
            cn->post_state = 0;
            buildactualfile(cn);
            cn->state = STATE_WANT_TO_SEND_HEAD;
            return;
        }
    }

    /* More POST data to read */
}

#endif  /* CONFIG_HTTP_HAS_CGI */

/* Decode string %xx -> char (in place) */
static void urldecode(char *buf) 
{
    int v;
    char *p, *s, *w;

    w = p = buf;

    while (*p) 
    {
        v = 0;

        if (*p == '%') 
        {
            s = p;
            s++;

            if (isxdigit((int) s[0]) && isxdigit((int) s[1]))
            {
                v = hexit(s[0])*16 + hexit(s[1]);

                if (v) 
                { 
                    /* do not decode %00 to null char */
                    *w = (char)v;
                    p = &s[1];
                }
            }

        }

        if (!v) *w=*p;
        p++; 
        w++;
    }

    *w='\0';
}

static int hexit(char c) 
{
    if (c >= '0' && c <= '9')
        return c - '0';
    else if (c >= 'a' && c <= 'f')
        return c - 'a' + 10;
    else if (c >= 'A' && c <= 'F')
        return c - 'A' + 10;
    else
        return 0;
}

static void buildactualfile(struct connstruct *cn)
{
    char *cp;
    snprintf(cn->actualfile, MAXREQUESTLENGTH, ".%s", cn->filereq);

#ifndef WIN32
    /* Add directory slash if not there */
    if (isdir(cn->actualfile) && 
            cn->actualfile[strlen(cn->actualfile)-1] != '/')
        strcat(cn->actualfile, "/");

    /* work out the directory name */
    strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
    if ((cp = strrchr(cn->dirname, '/')) == NULL)
        cn->dirname[0] = 0;
    else
        *cp = 0;
#else
    {
        char curr_dir[MAXREQUESTLENGTH];
        char path[MAXREQUESTLENGTH];
        char *t = cn->actualfile;

        GetCurrentDirectory(MAXREQUESTLENGTH, curr_dir);

        /* convert all the forward slashes to back slashes */
        while ((t = strchr(t, '/')))
            *t++ = '\\';

        snprintf(path, MAXREQUESTLENGTH, "%s%s", curr_dir, cn->actualfile);
        memcpy(cn->actualfile, path, MAXREQUESTLENGTH);

        /* Add directory slash if not there */
        if (isdir(cn->actualfile) && 
                    cn->actualfile[strlen(cn->actualfile)-1] != '\\')
            strcat(cn->actualfile, "\\");

        /* work out the directory name */
        strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
        if ((cp = strrchr(cn->dirname, '\\')) == NULL)
            cn->dirname[0] = 0;
        else
            *cp = 0;
    }
#endif
}

static int sanitizefile(const char *buf) 
{
    int len, i;

    /* Don't accept anything not starting with a / */
    if (*buf != '/') 
        return 0;

    len = strlen(buf);
    for (i = 0; i < len; i++) 
    {
        /* Check for "/." i.e. don't send files starting with a . */
        if (buf[i] == '/' && buf[i+1] == '.') 
            return 0;
    }

    return 1;
}

static int sanitizehost(char *buf)
{
    while (*buf != '\0') 
    {
        /* Handle the port */
        if (*buf == ':') 
        {
            *buf = '\0';
            return 1;
        }

        /* Enforce some basic URL rules... */
        if ((isalnum((int)(*buf)) == 0 && *buf != '-' && *buf != '.') ||
                (*buf == '.' && *(buf+1) == '.') ||
                (*buf == '.' && *(buf+1) == '-') ||
                (*buf == '-' && *(buf+1) == '.'))
            return 0;

        buf++;
    }

    return 1;
}

static FILE * exist_check(struct connstruct *cn, const char *check_file)
{
    char pathname[MAXREQUESTLENGTH];
    snprintf(pathname, MAXREQUESTLENGTH, "%s/%s", cn->dirname, check_file);
    return fopen(pathname, "r");
}

#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
static void send_authenticate(struct connstruct *cn, const char *realm)
{
    char buf[1024];

    snprintf(buf, sizeof(buf), HTTP_VERSION" 401 Unauthorized\n"
         "WWW-Authenticate: Basic\n"
                 "realm=\"%s\"\n", realm);
    special_write(cn, buf, strlen(buf));
}

static int check_digest(char *salt, const char *msg_passwd)
{
    uint8_t b256_salt[MAXREQUESTLENGTH];
    uint8_t real_passwd[MD5_SIZE];
    int salt_size = sizeof(b256_salt);
    int password_size = sizeof(real_passwd);
    char *b64_passwd;
    uint8_t md5_result[MD5_SIZE];
    MD5_CTX ctx;

    /* retrieve the salt */
    if ((b64_passwd = strchr(salt, '$')) == NULL)
        return -1;

    *b64_passwd++ = 0;
    if (base64_decode(salt, strlen(salt), b256_salt, &salt_size))
        return -1;

    if (base64_decode(b64_passwd, strlen(b64_passwd), real_passwd,
                &password_size))
        return -1;

    /* very simple MD5 crypt algorithm, but then the salt we use is large */
    MD5_Init(&ctx);
    MD5_Update(&ctx, b256_salt, salt_size);           /* process the salt */
    MD5_Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd)); 
    MD5_Final(md5_result, &ctx);
    return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
}

static int auth_check(struct connstruct *cn)
{
    char line[MAXREQUESTLENGTH];
    FILE *fp;
    char *cp;

    if ((fp = exist_check(cn, ".htpasswd")) == NULL)
        return 0;               /* no .htpasswd file, so let though */

    if (cn->authorization[0] == 0)
        goto error;

    /* cn->authorization is in form "username:password" */
    if ((cp = strchr(cn->authorization, ':')) == NULL)
        goto error;
    else
        *cp++ = 0;  /* cp becomes the password */

    while (fgets(line, sizeof(line), fp) != NULL)
    {
        char *b64_file_passwd;
        int l = strlen(line);

        /* nuke newline */
        if (line[l-1] == '\n')
            line[l-1] = 0;

        /* line is form "username:salt(b64)$password(b64)" */
        if ((b64_file_passwd = strchr(line, ':')) == NULL)
            continue;

        *b64_file_passwd++ = 0;

        if (strcmp(line, cn->authorization)) /* our user? */
            continue;

        if (check_digest(b64_file_passwd, cp) == 0)
        {
            fclose(fp);
            return 0;
        }
    }

error:
    fclose(fp);
    send_authenticate(cn, cn->server_name);
    return -1;
}
#endif

static int htaccess_check(struct connstruct *cn)
{
    char line[MAXREQUESTLENGTH];
    FILE *fp;
    int ret = 0;

    if ((fp = exist_check(cn, ".htaccess")) == NULL)
        return 0;               /* no .htaccess file, so let though */

    while (fgets(line, sizeof(line), fp) != NULL)
    {
        if (strstr(line, "Deny all") || /* access to this dir denied */
                    /* Access will be denied unless SSL is active */
                    (!cn->is_ssl && strstr(line, "SSLRequireSSL")) ||
                    /* Access will be denied if SSL is active */
                    (cn->is_ssl && strstr(line, "SSLDenySSL")))
        {
            ret = -1;
            break;
        }
    }

    fclose(fp);
    return ret;
}

static void send_error(struct connstruct *cn, int err)
{
    char buf[MAXREQUESTLENGTH];
    char *title;
    char *text;

    switch (err)
    {
        case 403:
            title = "Forbidden";
            text = "File is protected";
#ifdef CONFIG_HTTP_VERBOSE
            printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
#endif
            break;

        case 404:
            title = "Not Found";
            text = title;
            break;

        case 418:
            title = "POST data size is too large";
            text = title;
            break;

        default:
            title = "Unknown";
            text = "Unknown";
            break;
    }

    snprintf(buf, sizeof(buf), HTTP_VERSION" 200 OK\n"
            "Content-Type: text/html\n\n"
            "<html><body>\n<title>%s</title>\n"
            "<h1>Error %d - %s</h1>\n</body></html>\n", 
            title, err, text);
    special_write(cn, buf, strlen(buf));

#ifdef CONFIG_HTTP_VERBOSE
    printf("axhttpd: http error: %s [%d]\n", title, err); TTY_FLUSH();
#endif
    removeconnection(cn);
}

static const char *getmimetype(const char *name)
{
    /* only bother with a few mime types - let the browser figure the rest out */
    if (strstr(name, ".htm"))
        return "text/html";
    else if (strstr(name, ".css"))
        return "text/css"; 
    else if (strstr(name, ".php"))
        return "application/x-http-php"; 
    else
        return "application/octet-stream";
}

static int special_write(struct connstruct *cn, 
                                        const char *buf, size_t count)
{
    if (cn->is_ssl)
    {
        SSL *ssl = cn->ssl;
        return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
    }
    else
        return SOCKET_WRITE(cn->networkdesc, buf, count);
}

static int special_read(struct connstruct *cn, void *buf, size_t count)
{
    int res;

    if (cn->is_ssl)
    {
        uint8_t *read_buf;
        if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
        {
            memcpy(buf, read_buf, res > (int)count ? count : res);
        }
    }
    else
        res = SOCKET_READ(cn->networkdesc, buf, count);

    return res;
}


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>