1: /*
2: * Copyright (c) Cameron Rich
3: *
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions are met:
8: *
9: * * Redistributions of source code must retain the above copyright notice,
10: * this list of conditions and the following disclaimer.
11: * * Redistributions in binary form must reproduce the above copyright notice,
12: * this list of conditions and the following disclaimer in the documentation
13: * and/or other materials provided with the distribution.
14: * * Neither the name of the axTLS project nor the names of its contributors
15: * may be used to endorse or promote products derived from this software
16: * without specific prior written permission.
17: *
18: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21: * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25: * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27: * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29: */
30:
31: #include <stdio.h>
32: #include <stdlib.h>
33: #include <ctype.h>
34: #include <sys/types.h>
35: #include <sys/stat.h>
36: #include <fcntl.h>
37: #include <time.h>
38: #include <string.h>
39: #include "axhttp.h"
40:
41: #define HTTP_VERSION "HTTP/1.1"
42:
43: static const char * index_file = "index.html";
44: static const char * rfc1123_format = "%a, %d %b %Y %H:%M:%S GMT";
45:
46: static int special_read(struct connstruct *cn, void *buf, size_t count);
47: static int special_write(struct connstruct *cn,
48: const char *buf, size_t count);
49: static void send_error(struct connstruct *cn, int err);
50: static int hexit(char c);
51: static void urldecode(char *buf);
52: static void buildactualfile(struct connstruct *cn);
53: static int sanitizefile(const char *buf);
54: static int sanitizehost(char *buf);
55: static int htaccess_check(struct connstruct *cn);
56: static const char *getmimetype(const char *name);
57:
58: #if defined(CONFIG_HTTP_DIRECTORIES)
59: static void urlencode(const uint8_t *s, char *t);
60: static void procdirlisting(struct connstruct *cn);
61: #endif
62: #if defined(CONFIG_HTTP_HAS_CGI)
63: static void proccgi(struct connstruct *cn);
64: static void decode_path_info(struct connstruct *cn, char *path_info);
65: static int init_read_post_data(char *buf, char *data, struct connstruct *cn, int old_rv);
66: #endif
67: #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
68: static int auth_check(struct connstruct *cn);
69: #endif
70:
71: #if AXDEBUG
72: #define AXDEBUGSTART \
73: { \
74: FILE *axdout; \
75: axdout = fopen("/var/log/axdebug", "a"); \
76:
77: #define AXDEBUGEND \
78: fclose(axdout); \
79: }
80: #else /* AXDEBUG */
81: #define AXDEBUGSTART
82: #define AXDEBUGEND
83: #endif /* AXDEBUG */
84:
85: /* Returns 1 if elems should continue being read, 0 otherwise */
86: static int procheadelem(struct connstruct *cn, char *buf)
87: {
88: char *delim, *value;
89:
90: if ((delim = strchr(buf, ' ')) == NULL)
91: return 0;
92:
93: *delim = 0;
94: value = delim+1;
95:
96: if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 ||
97: strcmp(buf, "POST") == 0)
98: {
99: if (buf[0] == 'H')
100: cn->reqtype = TYPE_HEAD;
101: else if (buf[0] == 'P')
102: cn->reqtype = TYPE_POST;
103:
104: if ((delim = strchr(value, ' ')) == NULL) /* expect HTTP type */
105: return 0;
106:
107: *delim++ = 0;
108: urldecode(value);
109:
110: if (sanitizefile(value) == 0)
111: {
112: send_error(cn, 403);
113: return 0;
114: }
115:
116: #if defined(CONFIG_HTTP_HAS_CGI)
117: decode_path_info(cn, value);
118: #else
119: my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
120: #endif
121: cn->if_modified_since = -1;
122: if (strcmp(delim, "HTTP/1.0") == 0) /* v1.0 HTTP? */
123: cn->is_v1_0 = 1;
124: }
125: else if (strcasecmp(buf, "Host:") == 0)
126: {
127: if (sanitizehost(value) == 0)
128: {
129: removeconnection(cn);
130: return 0;
131: }
132:
133: my_strncpy(cn->server_name, value, MAXREQUESTLENGTH);
134: }
135: else if (strcasecmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0)
136: {
137: cn->close_when_done = 1;
138: }
139: else if (strcasecmp(buf, "If-Modified-Since:") == 0)
140: {
141: cn->if_modified_since = tdate_parse(value);
142: }
143: else if (strcasecmp(buf, "Expect:") == 0)
144: {
145: /* supposed to be safe to ignore 100-continue */
146: if (strcasecmp(value, "100-continue") != 0) {
147: send_error(cn, 417); /* expectation failed */
148: return 0;
149: }
150: }
151: #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
152: else if (strcasecmp(buf, "Authorization:") == 0 &&
153: strncmp(value, "Basic ", 6) == 0)
154: {
155: int size = sizeof(cn->authorization);
156: if (base64_decode(&value[6], strlen(&value[6]),
157: (uint8_t *)cn->authorization, &size))
158: cn->authorization[0] = 0; /* error */
159: else
160: cn->authorization[size] = 0;
161: }
162: #endif
163: #if defined(CONFIG_HTTP_HAS_CGI)
164: else if (strcasecmp(buf, "Content-Length:") == 0)
165: {
166: sscanf(value, "%d", &cn->content_length);
167: }
168: else if (strcasecmp(buf, "Content-Type:") == 0)
169: {
170: my_strncpy(cn->cgicontenttype, value, MAXREQUESTLENGTH);
171: }
172: else if (strcasecmp(buf, "Cookie:") == 0)
173: {
174: my_strncpy(cn->cookie, value, MAXREQUESTLENGTH);
175: }
176: #endif
177:
178: return 1;
179: }
180:
181: #if defined(CONFIG_HTTP_DIRECTORIES)
182: static void procdirlisting(struct connstruct *cn)
183: {
184: char buf[MAXREQUESTLENGTH];
185: char actualfile[1024];
186:
187: if (cn->reqtype == TYPE_HEAD)
188: {
189: snprintf(buf, sizeof(buf), HTTP_VERSION
190: " 200 OK\nContent-Type: text/html\n\n");
191: write(cn->networkdesc, buf, strlen(buf));
192: removeconnection(cn);
193: return;
194: }
195:
196: strcpy(actualfile, cn->actualfile);
197:
198: #ifdef WIN32
199: strcat(actualfile, "*");
200: cn->dirp = FindFirstFile(actualfile, &cn->file_data);
201:
202: if (cn->dirp == INVALID_HANDLE_VALUE)
203: {
204: send_error(cn, 404);
205: return;
206: }
207: #else
208: if ((cn->dirp = opendir(actualfile)) == NULL)
209: {
210: send_error(cn, 404);
211: return;
212: }
213: #endif
214:
215: snprintf(buf, sizeof(buf), HTTP_VERSION
216: " 200 OK\nContent-Type: text/html\n\n"
217: "<html><body>\n<title>Directory Listing</title>\n"
218: "<h3>Directory listing of %s://%s%s</h3><br />\n",
219: cn->is_ssl ? "https" : "http", cn->server_name, cn->filereq);
220: special_write(cn, buf, strlen(buf));
221: cn->state = STATE_DOING_DIR;
222: }
223:
224: void procdodir(struct connstruct *cn)
225: {
226: #ifndef WIN32
227: struct dirent *dp;
228: #endif
229: char buf[MAXREQUESTLENGTH];
230: char encbuf[1024];
231: char *file;
232:
233: do
234: {
235: buf[0] = 0;
236:
237: #ifdef WIN32
238: if (!FindNextFile(cn->dirp, &cn->file_data))
239: #else
240: if ((dp = readdir(cn->dirp)) == NULL)
241: #endif
242: {
243: snprintf(buf, sizeof(buf), "</body></html>\n");
244: special_write(cn, buf, strlen(buf));
245: removeconnection(cn);
246: #ifndef WIN32
247: closedir(cn->dirp);
248: #endif
249: return;
250: }
251:
252: #ifdef WIN32
253: file = cn->file_data.cFileName;
254: #else
255: file = dp->d_name;
256: #endif
257:
258: /* if no index file, don't display the ".." directory */
259: if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
260: strcmp(file, "..") == 0)
261: continue;
262:
263: /* don't display files beginning with "." */
264: if (file[0] == '.' && file[1] != '.')
265: continue;
266:
267: /* make sure a '/' is at the end of a directory */
268: if (cn->filereq[strlen(cn->filereq)-1] != '/')
269: strcat(cn->filereq, "/");
270:
271: /* see if the dir + file is another directory */
272: snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
273: if (isdir(buf))
274: strcat(file, "/");
275:
276: urlencode((uint8_t *)file, encbuf);
277: snprintf(buf, sizeof(buf), "<a href=\"%s%s\">%s</a><br />\n",
278: cn->filereq, encbuf, file);
279: } while (special_write(cn, buf, strlen(buf)));
280: }
281:
282: /* Encode funny chars -> %xx in newly allocated storage */
283: /* (preserves '/' !) */
284: static void urlencode(const uint8_t *s, char *t)
285: {
286: const uint8_t *p = s;
287: char *tp = t;
288:
289: for (; *p; p++)
290: {
291: if ((*p > 0x00 && *p < ',') ||
292: (*p > '9' && *p < 'A') ||
293: (*p > 'Z' && *p < '_') ||
294: (*p > '_' && *p < 'a') ||
295: (*p > 'z' && *p < 0xA1))
296: {
297: sprintf((char *)tp, "%%%02X", *p);
298: tp += 3;
299: }
300: else
301: {
302: *tp = *p;
303: tp++;
304: }
305: }
306:
307: *tp='\0';
308: }
309:
310: #endif
311:
312: void procreadhead(struct connstruct *cn)
313: {
314: char buf[MAXREADLENGTH], *tp, *next;
315: int rv;
316:
317: memset(buf, 0, sizeof(buf));
318: rv = special_read(cn, buf, sizeof(buf)-1);
319: if (rv <= 0)
320: {
321: if (rv < 0 || !cn->is_ssl) /* really dead? */
322: removeconnection(cn);
323: return;
324: }
325:
326: buf[rv] = '\0';
327: next = tp = buf;
328:
329: #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
330: cn->authorization[0] = 0;
331: #endif
332:
333: /* Split up lines and send to procheadelem() */
334: while (*next != '\0')
335: {
336: /* If we have a blank line, advance to next stage */
337: if (*next == '\r' || *next == '\n')
338: {
339: #if defined(CONFIG_HTTP_HAS_CGI)
340: if (cn->reqtype == TYPE_POST && cn->content_length > 0)
341: {
342: if (init_read_post_data(buf, next, cn, rv) == 0)
343: return;
344: }
345: #endif
346:
347: buildactualfile(cn);
348: cn->state = STATE_WANT_TO_SEND_HEAD;
349: return;
350: }
351:
352: while (*next != '\r' && *next != '\n' && *next != '\0')
353: next++;
354:
355: if (*next == '\r')
356: {
357: *next = '\0';
358: next += 2;
359: }
360: else if (*next == '\n')
361: *next++ = '\0';
362:
363: if (procheadelem(cn, tp) == 0)
364: return;
365:
366: tp = next;
367: }
368: }
369:
370: /* In this function we assume that the file has been checked for
371: * maliciousness (".."s, etc) and has been decoded
372: */
373: void procsendhead(struct connstruct *cn)
374: {
375: char buf[MAXREQUESTLENGTH];
376: struct stat stbuf;
377: time_t t_time;
378: struct tm *ptm;
379: char date[32];
380: char last_modified[32];
381: char expires[32];
382: int file_exists;
383:
384: /* are we trying to access a file over the HTTP connection instead of a
385: * HTTPS connection? Or is this directory disabled? */
386: if (htaccess_check(cn))
387: {
388: send_error(cn, 403);
389: return;
390: }
391:
392: #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
393: if (auth_check(cn)) /* see if there is a '.htpasswd' file */
394: {
395: #ifdef CONFIG_HTTP_VERBOSE
396: printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
397: #endif
398: removeconnection(cn);
399: return;
400: }
401: #endif
402:
403: file_exists = stat(cn->actualfile, &stbuf);
404:
405: #if defined(CONFIG_HTTP_HAS_CGI)
406: if (file_exists != -1 && cn->is_cgi)
407: {
408: proccgi(cn);
409: return;
410: }
411: #endif
412:
413: /* look for "index.html"? */
414: if (isdir(cn->actualfile))
415: {
416: char tbuf[MAXREQUESTLENGTH];
417: snprintf(tbuf, MAXREQUESTLENGTH, "%s%s", cn->actualfile, index_file);
418:
419: if ((file_exists = stat(tbuf, &stbuf)) != -1)
420: my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
421: else
422: {
423: #if defined(CONFIG_HTTP_DIRECTORIES)
424: /* If not, we do a directory listing of it */
425: procdirlisting(cn);
426: #else
427: send_error(cn, 404);
428: #endif
429: return;
430: }
431: }
432:
433: if (file_exists == -1)
434: {
435: send_error(cn, 404);
436: return;
437: }
438:
439:
440: time(&t_time);
441: ptm = gmtime(&t_time);
442: strftime(date, sizeof(date), rfc1123_format, ptm);
443:
444: /* has the file been read before? */
445: if (cn->if_modified_since != -1)
446:
447: {
448: ptm = gmtime(&stbuf.st_mtime);
449: t_time = mktime(ptm);
450:
451: if (cn->if_modified_since >= t_time)
452: {
453: snprintf(buf, sizeof(buf), HTTP_VERSION" 304 Not Modified\nServer: "
454: "%s\nDate: %s\n\n", server_version, date);
455: special_write(cn, buf, strlen(buf));
456: cn->state = STATE_WANT_TO_READ_HEAD;
457: return;
458: }
459: }
460:
461: if (cn->reqtype == TYPE_HEAD)
462: {
463: removeconnection(cn);
464: return;
465: }
466: else
467: {
468: int flags = O_RDONLY;
469: #if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
470: flags |= O_BINARY;
471: #endif
472: cn->filedesc = open(cn->actualfile, flags);
473:
474: if (cn->filedesc < 0)
475: {
476: send_error(cn, 404);
477: return;
478: }
479:
480: ptm = gmtime(&stbuf.st_mtime);
481: strftime(last_modified, sizeof(last_modified), rfc1123_format, ptm);
482: t_time += CONFIG_HTTP_TIMEOUT;
483: ptm = gmtime(&t_time);
484: strftime(expires, sizeof(expires), rfc1123_format, ptm);
485:
486: snprintf(buf, sizeof(buf), HTTP_VERSION" 200 OK\nServer: %s\n"
487: "Content-Type: %s\nContent-Length: %ld\n"
488: "Date: %s\nLast-Modified: %s\nExpires: %s\n\n", server_version,
489: getmimetype(cn->actualfile), (long) stbuf.st_size,
490: date, last_modified, expires);
491:
492: special_write(cn, buf, strlen(buf));
493:
494: #ifdef CONFIG_HTTP_VERBOSE
495: printf("axhttpd: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
496: TTY_FLUSH();
497: #endif
498:
499: #ifdef WIN32
500: for (;;)
501: {
502: procreadfile(cn);
503: if (cn->filedesc == -1)
504: break;
505:
506: do
507: {
508: procsendfile(cn);
509: } while (cn->state != STATE_WANT_TO_READ_FILE);
510: }
511: #else
512: cn->state = STATE_WANT_TO_READ_FILE;
513: #endif
514: }
515: }
516:
517: void procreadfile(struct connstruct *cn)
518: {
519: int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
520:
521: if (rv <= 0)
522: {
523: close(cn->filedesc);
524: cn->filedesc = -1;
525:
526: if (cn->close_when_done) /* close immediately */
527: removeconnection(cn);
528: else
529: {
530: if (cn->is_v1_0) /* die now */
531: removeconnection(cn);
532: else /* keep socket open - HTTP 1.1 */
533: {
534: cn->state = STATE_WANT_TO_READ_HEAD;
535: cn->numbytes = 0;
536: }
537: }
538:
539: return;
540: }
541:
542: cn->numbytes = rv;
543: cn->state = STATE_WANT_TO_SEND_FILE;
544: }
545:
546: void procsendfile(struct connstruct *cn)
547: {
548: int rv = special_write(cn, cn->databuf, cn->numbytes);
549:
550: if (rv < 0)
551: removeconnection(cn);
552: else if (rv == cn->numbytes)
553: {
554: cn->state = STATE_WANT_TO_READ_FILE;
555: }
556: else if (rv == 0)
557: {
558: /* Do nothing */
559: }
560: else
561: {
562: memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
563: cn->numbytes -= rv;
564: }
565: }
566:
567: #if defined(CONFIG_HTTP_HAS_CGI)
568: /* Should this be a bit more dynamic? It would mean more calls to malloc etc */
569: #define CGI_ARG_SIZE 17
570:
571: static void proccgi(struct connstruct *cn)
572: {
573: int tpipe[2], spipe[2];
574: char *myargs[3];
575: char cgienv[CGI_ARG_SIZE][MAXREQUESTLENGTH];
576: char * cgiptr[CGI_ARG_SIZE+4];
577: const char *type = "HEAD";
578: int cgi_index = 0, i;
579: pid_t pid;
580: #ifdef WIN32
581: int tmp_stdout;
582: #endif
583:
584: snprintf(cgienv[0], MAXREQUESTLENGTH,
585: HTTP_VERSION" 200 OK\nServer: %s\n%s",
586: server_version, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
587: special_write(cn, cgienv[0], strlen(cgienv[0]));
588:
589: if (cn->reqtype == TYPE_HEAD)
590: {
591: removeconnection(cn);
592: return;
593: }
594:
595: #ifdef CONFIG_HTTP_VERBOSE
596: printf("[CGI]: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
597: TTY_FLUSH();
598: #endif
599:
600: /* win32 cgi is a bit too painful */
601: #ifndef WIN32
602: /* set up pipe that is used for sending POST query data to CGI script*/
603: if (cn->reqtype == TYPE_POST)
604: {
605: if (pipe(spipe) == -1)
606: {
607: printf("[CGI]: could not create pipe");
608: TTY_FLUSH();
609: return;
610: }
611: }
612:
613: if (pipe(tpipe) == -1)
614: {
615: printf("[CGI]: could not create pipe");
616: TTY_FLUSH();
617: return;
618: }
619:
620: /*
621: * use vfork() instead of fork() for performance
622: */
623: if ((pid = vfork()) > 0) /* parent */
624: {
625: /* Send POST query data to CGI script */
626: if ((cn->reqtype == TYPE_POST) && (cn->content_length > 0))
627: {
628: write(spipe[1], cn->post_data, cn->content_length);
629: close(spipe[0]);
630: close(spipe[1]);
631:
632: /* free the memory that is allocated in read_post_data() */
633: free(cn->post_data);
634: cn->post_data = NULL;
635: }
636:
637: /* Close the write descriptor */
638: close(tpipe[1]);
639: cn->filedesc = tpipe[0];
640: cn->state = STATE_WANT_TO_READ_FILE;
641: cn->close_when_done = 1;
642: return;
643: }
644:
645: if (pid < 0) /* vfork failed */
646: exit(1);
647:
648: /* The problem child... */
649:
650: /* Our stdout/stderr goes to the socket */
651: dup2(tpipe[1], 1);
652: dup2(tpipe[1], 2);
653: close(tpipe[0]);
654: close(tpipe[1]);
655:
656: /* If it was a POST request, send the socket data to our stdin */
657: if (cn->reqtype == TYPE_POST) {
658: dup2(spipe[0], 0);
659: close(spipe[0]);
660: close(spipe[1]);
661: } else /* Otherwise we can shutdown the read side of the sock */
662: shutdown(cn->networkdesc, 0);
663:
664: myargs[0] = CONFIG_HTTP_CGI_LAUNCHER;
665: myargs[1] = cn->actualfile;
666: myargs[2] = NULL;
667:
668: /*
669: * set the cgi args. A url is defined by:
670: * http://$SERVER_NAME:$SERVER_PORT$SCRIPT_NAME$PATH_INFO?$QUERY_STRING
671: * TODO: other CGI parameters?
672: */
673: sprintf(cgienv[cgi_index++], "SERVER_SOFTWARE=%s", server_version);
674: strcpy(cgienv[cgi_index++], "DOCUMENT_ROOT=" CONFIG_HTTP_WEBROOT);
675: snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
676: "SERVER_NAME=%s", cn->server_name);
677: sprintf(cgienv[cgi_index++], "SERVER_PORT=%d",
678: cn->is_ssl ? CONFIG_HTTP_HTTPS_PORT : CONFIG_HTTP_PORT);
679: snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
680: "REQUEST_URI=%s", cn->uri_request);
681: snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
682: "SCRIPT_NAME=%s", cn->filereq);
683: snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
684: "PATH_INFO=%s", cn->uri_path_info);
685: snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
686: "QUERY_STRING=%s", cn->uri_query);
687: snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
688: "REMOTE_ADDR=%s", cn->remote_addr);
689: snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
690: "HTTP_COOKIE=%s", cn->cookie); /* note: small size */
691: #if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
692: snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
693: "REMOTE_USER=%s", cn->authorization);
694: #endif
695:
696: switch (cn->reqtype)
697: {
698: case TYPE_GET:
699: type = "GET";
700: break;
701:
702: #if defined(CONFIG_HTTP_HAS_CGI)
703: case TYPE_POST:
704: type = "POST";
705: sprintf(cgienv[cgi_index++],
706: "CONTENT_LENGTH=%d", cn->content_length);
707: snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
708: "CONTENT_TYPE=%s", cn->cgicontenttype);
709: break;
710: #endif
711: }
712:
713: sprintf(cgienv[cgi_index++], "REQUEST_METHOD=%s", type);
714:
715: if (cn->is_ssl)
716: strcpy(cgienv[cgi_index++], "HTTPS=on");
717:
718: if (cgi_index >= CGI_ARG_SIZE)
719: {
720: printf("Content-type: text/plain\n\nToo many CGI args (%d, %d)\n",
721: cgi_index, CGI_ARG_SIZE);
722: _exit(1);
723: }
724:
725: /* copy across the pointer indexes */
726: for (i = 0; i < cgi_index; i++)
727: cgiptr[i] = cgienv[i];
728:
729: cgiptr[i++] = "AUTH_TYPE=Basic";
730: cgiptr[i++] = "GATEWAY_INTERFACE=CGI/1.1";
731: cgiptr[i++] = "SERVER_PROTOCOL="HTTP_VERSION;
732: cgiptr[i] = NULL;
733:
734: execve(myargs[0], myargs, cgiptr);
735: printf("Content-type: text/plain\n\nshouldn't get here\n");
736: _exit(1);
737: #endif
738: }
739:
740: static char * cgi_filetype_match(struct connstruct *cn, const char *fn)
741: {
742: struct cgiextstruct *tp = cgiexts;
743:
744: while (tp != NULL)
745: {
746: char *t;
747:
748: if ((t = strstr(fn, tp->ext)) != NULL)
749: {
750: t += strlen(tp->ext);
751:
752: if (*t == '/' || *t == '\0')
753: return t;
754: else
755: return NULL;
756:
757: }
758:
759: tp = tp->next;
760: }
761:
762: return NULL;
763: }
764:
765: static void decode_path_info(struct connstruct *cn, char *path_info)
766: {
767: char *cgi_delim;
768:
769: #if defined(CONFIG_HTTP_HAS_CGI)
770: cn->is_cgi = 0;
771: #endif
772: *cn->uri_request = '\0';
773: *cn->uri_path_info = '\0';
774: *cn->uri_query = '\0';
775:
776: my_strncpy(cn->uri_request, path_info, MAXREQUESTLENGTH);
777:
778: /* query info? */
779: if ((cgi_delim = strchr(path_info, '?')))
780: {
781: *cgi_delim = '\0';
782: my_strncpy(cn->uri_query, cgi_delim+1, MAXREQUESTLENGTH);
783: }
784:
785: #if defined(CONFIG_HTTP_HAS_CGI)
786: if ((cgi_delim = cgi_filetype_match(cn, path_info)) != NULL)
787: {
788: cn->is_cgi = 1; /* definitely a CGI script */
789:
790: /* path info? */
791: if (*cgi_delim != '\0')
792: {
793: my_strncpy(cn->uri_path_info, cgi_delim, MAXREQUESTLENGTH);
794: *cgi_delim = '\0';
795: }
796: }
797: #endif
798:
799: /* the bit at the start must be the script name */
800: my_strncpy(cn->filereq, path_info, MAXREQUESTLENGTH);
801: }
802:
803: static int init_read_post_data(char *buf, char *data,
804: struct connstruct *cn, int old_rv)
805: {
806: char *next = data;
807: int rv = old_rv;
808: char *post_data;
809:
810: /* Too much Post data to send. MAXPOSTDATASIZE should be
811: configured (now it can be changed in the header file) */
812: if (cn->content_length > MAXPOSTDATASIZE)
813: {
814: send_error(cn, 418);
815: return 0;
816: }
817:
818: /* remove CRLF */
819: while ((*next == '\r' || *next == '\n') && (next < &buf[rv]))
820: next++;
821:
822: if (cn->post_data == NULL)
823: {
824: /* Allocate buffer for the POST data that will be used by proccgi
825: to send POST data to the CGI script */
826: cn->post_data = (char *)ax_calloc(1, (cn->content_length + 1));
827: }
828:
829: cn->post_state = 0;
830: cn->post_read = 0;
831: post_data = cn->post_data;
832:
833: while (next < &buf[rv])
834: {
835: /* copy POST data to buffer */
836: *post_data++ = *next++;
837: cn->post_read++;
838: if (cn->post_read == cn->content_length)
839: {
840: /* No more POST data to be copied */
841: *post_data = '\0';
842: return 1;
843: }
844: }
845:
846: /* More POST data has to be read. read_post_data will continue with that */
847: cn->post_state = 1;
848: return 0;
849: }
850:
851: void read_post_data(struct connstruct *cn)
852: {
853: char buf[MAXREADLENGTH], *next;
854: char *post_data;
855: int rv;
856:
857: memset(buf, 0, sizeof(buf));
858: rv = special_read(cn, buf, sizeof(buf)-1);
859: if (rv <= 0)
860: {
861: if (rv < 0 || !cn->is_ssl) /* really dead? */
862: removeconnection(cn);
863: return;
864: }
865:
866: buf[rv] = '\0';
867: next = buf;
868: post_data = &cn->post_data[cn->post_read];
869:
870: while (next < &buf[rv])
871: {
872: *post_data++ = *next++;
873: cn->post_read++;
874:
875: if (cn->post_read == cn->content_length)
876: {
877: /* No more POST data to be copied */
878: *post_data='\0';
879: cn->post_state = 0;
880: buildactualfile(cn);
881: cn->state = STATE_WANT_TO_SEND_HEAD;
882: return;
883: }
884: }
885:
886: /* More POST data to read */
887: }
888:
889: #endif /* CONFIG_HTTP_HAS_CGI */
890:
891: /* Decode string %xx -> char (in place) */
892: static void urldecode(char *buf)
893: {
894: int v;
895: char *p, *s, *w;
896:
897: w = p = buf;
898:
899: while (*p)
900: {
901: v = 0;
902:
903: if (*p == '%')
904: {
905: s = p;
906: s++;
907:
908: if (isxdigit((int) s[0]) && isxdigit((int) s[1]))
909: {
910: v = hexit(s[0])*16 + hexit(s[1]);
911:
912: if (v)
913: {
914: /* do not decode %00 to null char */
915: *w = (char)v;
916: p = &s[1];
917: }
918: }
919:
920: }
921:
922: if (!v) *w=*p;
923: p++;
924: w++;
925: }
926:
927: *w='\0';
928: }
929:
930: static int hexit(char c)
931: {
932: if (c >= '0' && c <= '9')
933: return c - '0';
934: else if (c >= 'a' && c <= 'f')
935: return c - 'a' + 10;
936: else if (c >= 'A' && c <= 'F')
937: return c - 'A' + 10;
938: else
939: return 0;
940: }
941:
942: static void buildactualfile(struct connstruct *cn)
943: {
944: char *cp;
945: snprintf(cn->actualfile, MAXREQUESTLENGTH, ".%s", cn->filereq);
946:
947: #ifndef WIN32
948: /* Add directory slash if not there */
949: if (isdir(cn->actualfile) &&
950: cn->actualfile[strlen(cn->actualfile)-1] != '/')
951: strcat(cn->actualfile, "/");
952:
953: /* work out the directory name */
954: strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
955: if ((cp = strrchr(cn->dirname, '/')) == NULL)
956: cn->dirname[0] = 0;
957: else
958: *cp = 0;
959: #else
960: {
961: char curr_dir[MAXREQUESTLENGTH];
962: char path[MAXREQUESTLENGTH];
963: char *t = cn->actualfile;
964:
965: GetCurrentDirectory(MAXREQUESTLENGTH, curr_dir);
966:
967: /* convert all the forward slashes to back slashes */
968: while ((t = strchr(t, '/')))
969: *t++ = '\\';
970:
971: snprintf(path, MAXREQUESTLENGTH, "%s%s", curr_dir, cn->actualfile);
972: memcpy(cn->actualfile, path, MAXREQUESTLENGTH);
973:
974: /* Add directory slash if not there */
975: if (isdir(cn->actualfile) &&
976: cn->actualfile[strlen(cn->actualfile)-1] != '\\')
977: strcat(cn->actualfile, "\\");
978:
979: /* work out the directory name */
980: strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
981: if ((cp = strrchr(cn->dirname, '\\')) == NULL)
982: cn->dirname[0] = 0;
983: else
984: *cp = 0;
985: }
986: #endif
987: }
988:
989: static int sanitizefile(const char *buf)
990: {
991: int len, i;
992:
993: /* Don't accept anything not starting with a / */
994: if (*buf != '/')
995: return 0;
996:
997: len = strlen(buf);
998: for (i = 0; i < len; i++)
999: {
1000: /* Check for "/." i.e. don't send files starting with a . */
1001: if (buf[i] == '/' && buf[i+1] == '.')
1002: return 0;
1003: }
1004:
1005: return 1;
1006: }
1007:
1008: static int sanitizehost(char *buf)
1009: {
1010: while (*buf != '\0')
1011: {
1012: /* Handle the port */
1013: if (*buf == ':')
1014: {
1015: *buf = '\0';
1016: return 1;
1017: }
1018:
1019: /* Enforce some basic URL rules... */
1020: if ((isalnum((int)(*buf)) == 0 && *buf != '-' && *buf != '.') ||
1021: (*buf == '.' && *(buf+1) == '.') ||
1022: (*buf == '.' && *(buf+1) == '-') ||
1023: (*buf == '-' && *(buf+1) == '.'))
1024: return 0;
1025:
1026: buf++;
1027: }
1028:
1029: return 1;
1030: }
1031:
1032: static FILE * exist_check(struct connstruct *cn, const char *check_file)
1033: {
1034: char pathname[MAXREQUESTLENGTH];
1035: snprintf(pathname, MAXREQUESTLENGTH, "%s/%s", cn->dirname, check_file);
1036: return fopen(pathname, "r");
1037: }
1038:
1039: #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
1040: static void send_authenticate(struct connstruct *cn, const char *realm)
1041: {
1042: char buf[1024];
1043:
1044: snprintf(buf, sizeof(buf), HTTP_VERSION" 401 Unauthorized\n"
1045: "WWW-Authenticate: Basic\n"
1046: "realm=\"%s\"\n", realm);
1047: special_write(cn, buf, strlen(buf));
1048: }
1049:
1050: static int check_digest(char *salt, const char *msg_passwd)
1051: {
1052: uint8_t b256_salt[MAXREQUESTLENGTH];
1053: uint8_t real_passwd[MD5_SIZE];
1054: int salt_size = sizeof(b256_salt);
1055: int password_size = sizeof(real_passwd);
1056: char *b64_passwd;
1057: uint8_t md5_result[MD5_SIZE];
1058: MD5_CTX ctx;
1059:
1060: /* retrieve the salt */
1061: if ((b64_passwd = strchr(salt, '$')) == NULL)
1062: return -1;
1063:
1064: *b64_passwd++ = 0;
1065: if (base64_decode(salt, strlen(salt), b256_salt, &salt_size))
1066: return -1;
1067:
1068: if (base64_decode(b64_passwd, strlen(b64_passwd), real_passwd,
1069: &password_size))
1070: return -1;
1071:
1072: /* very simple MD5 crypt algorithm, but then the salt we use is large */
1073: MD5_Init(&ctx);
1074: MD5_Update(&ctx, b256_salt, salt_size); /* process the salt */
1075: MD5_Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd));
1076: MD5_Final(md5_result, &ctx);
1077: return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
1078: }
1079:
1080: static int auth_check(struct connstruct *cn)
1081: {
1082: char line[MAXREQUESTLENGTH];
1083: FILE *fp;
1084: char *cp;
1085:
1086: if ((fp = exist_check(cn, ".htpasswd")) == NULL)
1087: return 0; /* no .htpasswd file, so let though */
1088:
1089: if (cn->authorization[0] == 0)
1090: goto error;
1091:
1092: /* cn->authorization is in form "username:password" */
1093: if ((cp = strchr(cn->authorization, ':')) == NULL)
1094: goto error;
1095: else
1096: *cp++ = 0; /* cp becomes the password */
1097:
1098: while (fgets(line, sizeof(line), fp) != NULL)
1099: {
1100: char *b64_file_passwd;
1101: int l = strlen(line);
1102:
1103: /* nuke newline */
1104: if (line[l-1] == '\n')
1105: line[l-1] = 0;
1106:
1107: /* line is form "username:salt(b64)$password(b64)" */
1108: if ((b64_file_passwd = strchr(line, ':')) == NULL)
1109: continue;
1110:
1111: *b64_file_passwd++ = 0;
1112:
1113: if (strcmp(line, cn->authorization)) /* our user? */
1114: continue;
1115:
1116: if (check_digest(b64_file_passwd, cp) == 0)
1117: {
1118: fclose(fp);
1119: return 0;
1120: }
1121: }
1122:
1123: error:
1124: fclose(fp);
1125: send_authenticate(cn, cn->server_name);
1126: return -1;
1127: }
1128: #endif
1129:
1130: static int htaccess_check(struct connstruct *cn)
1131: {
1132: char line[MAXREQUESTLENGTH];
1133: FILE *fp;
1134: int ret = 0;
1135:
1136: if ((fp = exist_check(cn, ".htaccess")) == NULL)
1137: return 0; /* no .htaccess file, so let though */
1138:
1139: while (fgets(line, sizeof(line), fp) != NULL)
1140: {
1141: if (strstr(line, "Deny all") || /* access to this dir denied */
1142: /* Access will be denied unless SSL is active */
1143: (!cn->is_ssl && strstr(line, "SSLRequireSSL")) ||
1144: /* Access will be denied if SSL is active */
1145: (cn->is_ssl && strstr(line, "SSLDenySSL")))
1146: {
1147: ret = -1;
1148: break;
1149: }
1150: }
1151:
1152: fclose(fp);
1153: return ret;
1154: }
1155:
1156: static void send_error(struct connstruct *cn, int err)
1157: {
1158: char buf[MAXREQUESTLENGTH];
1159: char *title;
1160: char *text;
1161:
1162: switch (err)
1163: {
1164: case 403:
1165: title = "Forbidden";
1166: text = "File is protected";
1167: #ifdef CONFIG_HTTP_VERBOSE
1168: printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
1169: #endif
1170: break;
1171:
1172: case 404:
1173: title = "Not Found";
1174: text = title;
1175: break;
1176:
1177: case 418:
1178: title = "POST data size is too large";
1179: text = title;
1180: break;
1181:
1182: default:
1183: title = "Unknown";
1184: text = "Unknown";
1185: break;
1186: }
1187:
1188: snprintf(buf, sizeof(buf), HTTP_VERSION" 200 OK\n"
1189: "Content-Type: text/html\n\n"
1190: "<html><body>\n<title>%s</title>\n"
1191: "<h1>Error %d - %s</h1>\n</body></html>\n",
1192: title, err, text);
1193: special_write(cn, buf, strlen(buf));
1194:
1195: #ifdef CONFIG_HTTP_VERBOSE
1196: printf("axhttpd: http error: %s [%d]\n", title, err); TTY_FLUSH();
1197: #endif
1198: removeconnection(cn);
1199: }
1200:
1201: static const char *getmimetype(const char *name)
1202: {
1203: /* only bother with a few mime types - let the browser figure the rest out */
1204: if (strstr(name, ".htm"))
1205: return "text/html";
1206: else if (strstr(name, ".css"))
1207: return "text/css";
1208: else if (strstr(name, ".php"))
1209: return "application/x-http-php";
1210: else
1211: return "application/octet-stream";
1212: }
1213:
1214: static int special_write(struct connstruct *cn,
1215: const char *buf, size_t count)
1216: {
1217: if (cn->is_ssl)
1218: {
1219: SSL *ssl = cn->ssl;
1220: return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
1221: }
1222: else
1223: return SOCKET_WRITE(cn->networkdesc, buf, count);
1224: }
1225:
1226: static int special_read(struct connstruct *cn, void *buf, size_t count)
1227: {
1228: int res;
1229:
1230: if (cn->is_ssl)
1231: {
1232: uint8_t *read_buf;
1233: if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
1234: {
1235: memcpy(buf, read_buf, res > (int)count ? count : res);
1236: }
1237: }
1238: else
1239: res = SOCKET_READ(cn->networkdesc, buf, count);
1240:
1241: return res;
1242: }
1243:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to proc.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / axTLS / httpd