websrvr.c

	int			i;

	if(session->req.write_chunked) {
		drain_outbuf(session);
		session->req.write_chunked=0;
		writebuf(session,"0\r\n",3);
		if(session->req.dynamic==IS_SSJS)
			ssjs_send_headers(session,FALSE);
		else
			/* Non-ssjs isn't capable of generating headers during execution */
			writebuf(session, newline, 2);
	}

	/* Force the output thread to go NOW */
	sem_post(&(session->outbuf.highwater_sem));

	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
		listPushNode(&log_list,session->req.ld);
		session->req.ld=NULL;
	}

	strListFree(&session->req.headers);
	strListFree(&session->req.dynamic_heads);
	strListFree(&session->req.cgi_env);
	if(session->req.post_map != NULL) {
		xpunmap(session->req.post_map);
		session->req.post_data=NULL;
		session->req.post_map=NULL;
	}
	FREE_AND_NULL(session->req.post_data);
	FREE_AND_NULL(session->req.error_dir);
	FREE_AND_NULL(session->req.cgi_dir);
	FREE_AND_NULL(session->req.auth_list);
	FREE_AND_NULL(session->req.realm);
	FREE_AND_NULL(session->req.digest_realm);

	FREE_AND_NULL(session->req.auth_list);
	FREE_AND_NULL(session->req.auth.digest_uri);
	FREE_AND_NULL(session->req.auth.cnonce);
	FREE_AND_NULL(session->req.auth.realm);
	FREE_AND_NULL(session->req.auth.nonce);
	FREE_AND_NULL(session->req.auth.nonce_count);

	/*
	 * This causes all active http_session_threads to terminate.
	 */
	if((!session->req.keep_alive) || terminate_server) {
		drain_outbuf(session);
		close_session_socket(session);
	}
	if(session->socket==INVALID_SOCKET)
		session->finished=TRUE;

	if(session->js_cx!=NULL && (session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS)) {
		JS_BEGINREQUEST(session->js_cx);
		JS_GC(session->js_cx);
		JS_ENDREQUEST(session->js_cx);
	}
	if(session->subscan!=NULL)
		putmsgptrs(&scfg, session->user.number, session->subscan);

	if(session->req.fp!=NULL)
		fclose(session->req.fp);

	for(i=0;i<MAX_CLEANUPS;i++) {
		if(session->req.cleanup_file[i]!=NULL) {
			if(!(startup->options&WEB_OPT_DEBUG_SSJS))
				remove(session->req.cleanup_file[i]);
			free(session->req.cleanup_file[i]);
		}
	}

	memset(&session->req,0,sizeof(session->req));
}

static int get_header_type(char *header)
{
	int i;
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

/* Opposite of get_header_type() */
static char *get_header(int id) 
{
	int i;
	if(headers[id].id==id)
		return(headers[id].text);

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

static const char* unknown_mime_type="application/octet-stream";

static const char* get_mime_type(char *ext)
{
	uint i;

	if(ext==NULL || mime_types==NULL)
		return(unknown_mime_type);

	for(i=0;mime_types[i]!=NULL;i++)
		if(stricmp(ext+1,mime_types[i]->name)==0)
			return(mime_types[i]->value);

	return(unknown_mime_type);
}

static char* get_cgi_handler(const char* fname)
{
	char*	ext;
	size_t	i;

	if(cgi_handlers==NULL || (ext=getfext(fname))==NULL)
		return(NULL);
	for(i=0;cgi_handlers[i]!=NULL;i++) {
		if(stricmp(cgi_handlers[i]->name, ext+1)==0)
			return(cgi_handlers[i]->value);
	}
	return(NULL);
}

static BOOL get_xjs_handler(char* ext, http_session_t* session)
{
	size_t	i;

	if(ext==NULL || xjs_handlers==NULL || ext[0]==0)
		return(FALSE);

	for(i=0;xjs_handlers[i]!=NULL;i++) {
		if(stricmp(xjs_handlers[i]->name, ext+1)==0) {
			if(getfname(xjs_handlers[i]->value)==xjs_handlers[i]->value)	/* no path specified */
				SAFEPRINTF2(session->req.xjs_handler,"%s%s",scfg.exec_dir,xjs_handlers[i]->value);
			else
				SAFECOPY(session->req.xjs_handler,xjs_handlers[i]->value);
			return(TRUE);
		}
	}
	return(FALSE);
}

/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
	size_t dstlen,appendlen;
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
static BOOL send_headers(http_session_t *session, const char *status, int chunked)
{
	int		ret;
	int		stat_code;
	BOOL	send_file=TRUE;
	time_t	ti;
	size_t	idx;
	const char	*status_line;
	struct stat	stats;
	struct tm	tm;
	char	*headers;
	char	header[MAX_REQUEST_LINE+1];
	BOOL	send_entity=TRUE;

	if(session->socket==INVALID_SOCKET) {
		session->req.sent_headers=TRUE;
		return(FALSE);
	}
	lprintf(LOG_DEBUG,"%04d Request resolved to: %s"
		,session->socket,session->req.physical_path);
	if(session->http_ver <= HTTP_0_9) {
		session->req.sent_headers=TRUE;
		if(session->req.ld != NULL)
			session->req.ld->status=atoi(status);
		return(TRUE);
	}
	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
		return(FALSE);
	}
	*headers=0;
	if(!session->req.sent_headers) {
		session->req.sent_headers=TRUE;
		status_line=status;
		ret=stat(session->req.physical_path,&stats);
		if(session->req.method==HTTP_OPTIONS)
			ret=-1;
		if(!ret && session->req.if_modified_since && (stats.st_mtime <= session->req.if_modified_since) && !session->req.dynamic) {
			status_line="304 Not Modified";
			ret=-1;
			send_file=FALSE;
			send_entity=FALSE;
		}
		if(!ret && session->req.if_range && (stats.st_mtime > session->req.if_range || session->req.dynamic)) {
			status_line="200 OK";
			session->req.range_start=0;
			session->req.range_end=0;
		}
		if(session->req.send_location==MOVED_PERM)  {
			status_line=error_301;
			ret=-1;
			send_file=FALSE;
		}
		if(session->req.send_location==MOVED_TEMP)  {
			status_line=error_302;
			ret=-1;
			send_file=FALSE;
		}

		stat_code=atoi(status_line);
		if(session->req.ld!=NULL)
			session->req.ld->status=stat_code;

		if(stat_code==304 || stat_code==204 || (stat_code >= 100 && stat_code<=199)) {
			send_file=FALSE;
			chunked=FALSE;
		}

		/* Status-Line */
		safe_snprintf(header,sizeof(header),"%s %s",http_vers[session->http_ver],status_line);

		lprintf(LOG_DEBUG,"%04d Result: %s",session->socket,header);

		safecat(headers,header,MAX_HEADERS_SIZE);

		/* General Headers */
		ti=time(NULL);
		if(gmtime_r(&ti,&tm)==NULL)
			memset(&tm,0,sizeof(tm));
		safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
			,get_header(HEAD_DATE)
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
		safecat(headers,header,MAX_HEADERS_SIZE);
		if(session->req.keep_alive) {
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
			safecat(headers,header,MAX_HEADERS_SIZE);
		}
		else {
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Close");
			safecat(headers,header,MAX_HEADERS_SIZE);
		}

		/* Response Headers */
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
		safecat(headers,header,MAX_HEADERS_SIZE);

		/* Entity Headers */
		if(session->req.dynamic) {
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST, OPTIONS");
			safecat(headers,header,MAX_HEADERS_SIZE);
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ACCEPT_RANGES),"none");
			safecat(headers,header,MAX_HEADERS_SIZE);
		}
		else {
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, OPTIONS");
			safecat(headers,header,MAX_HEADERS_SIZE);
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ACCEPT_RANGES),"bytes");
			safecat(headers,header,MAX_HEADERS_SIZE);
		}

		if(session->req.send_location) {
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
			safecat(headers,header,MAX_HEADERS_SIZE);
		}

		if(chunked) {
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_TRANSFER_ENCODING),"Chunked");
			safecat(headers,header,MAX_HEADERS_SIZE);
		}

		/* DO NOT send a content-length for chunked */
		if(send_entity) {
			if((session->req.keep_alive || session->req.method == HTTP_HEAD) && session->req.dynamic!=IS_CGI && (!chunked)) {
				if(ret)  {
					safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LENGTH),"0");
					safecat(headers,header,MAX_HEADERS_SIZE);
				}
				else  {
					if((session->req.range_start || session->req.range_end) && atoi(status_line)==206) {
						safe_snprintf(header,sizeof(header),"%s: %d",get_header(HEAD_LENGTH),session->req.range_end-session->req.range_start+1);
						safecat(headers,header,MAX_HEADERS_SIZE);
					}
					else {
						safe_snprintf(header,sizeof(header),"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
						safecat(headers,header,MAX_HEADERS_SIZE);
					}
				}
			}

			if(!ret && !session->req.dynamic)  {
				safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
				safecat(headers,header,MAX_HEADERS_SIZE);
				gmtime_r(&stats.st_mtime,&tm);
				safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
					,get_header(HEAD_LASTMODIFIED)
					,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
					,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
				safecat(headers,header,MAX_HEADERS_SIZE);
			}

			if(session->req.range_start || session->req.range_end) {
				switch(atoi(status_line)) {
					case 206:	/* Partial reply */
						safe_snprintf(header,sizeof(header),"%s: bytes %d-%d/%d",get_header(HEAD_CONTENT_RANGE),session->req.range_start,session->req.range_end,stats.st_size);
						safecat(headers,header,MAX_HEADERS_SIZE);
						break;
					default:
						safe_snprintf(header,sizeof(header),"%s: *",get_header(HEAD_CONTENT_RANGE));
						safecat(headers,header,MAX_HEADERS_SIZE);
						break;
				}
			}
		}
	}

	if(session->req.dynamic)  {
		/* Dynamic headers */
		/* Set up environment */
		for(idx=0;session->req.dynamic_heads[idx]!=NULL;idx++)
			safecat(headers,session->req.dynamic_heads[idx],MAX_HEADERS_SIZE);
		/* free() the headers so they don't get sent again if more are sent at the end of the request (chunked) */
		strListFreeStrings(session->req.dynamic_heads);
	}

	safecat(headers,"",MAX_HEADERS_SIZE);
	send_file = (bufprint(session,headers) && send_file);
	drain_outbuf(session);
	session->req.write_chunked=chunked;
	free(headers);
	return(send_file);
}

static int sock_sendfile(http_session_t *session,char *path,unsigned long start, unsigned long end)
{
	int		file;
	int		ret=0;
	int		i;
	char	buf[2048];		/* Input buffer */
	unsigned long		remain;

	if(startup->options&WEB_OPT_DEBUG_TX)
		lprintf(LOG_DEBUG,"%04d Sending %s",session->socket,path);
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",session->socket,errno,path);
	else {
		if(start || end) {
			if(lseek(file, start, SEEK_SET)==-1) {
				lprintf(LOG_WARNING,"%04d !ERROR %d seeking to position %lu in %s",session->socket,ERROR_VALUE,start,path);
				return(0);
			}
			remain=end-start+1;
		}
		else {
			remain=-1L;
		}
		while((i=read(file, buf, remain>sizeof(buf)?sizeof(buf):remain))>0) {
			if(writebuf(session,buf,i)!=i) {
				lprintf(LOG_WARNING,"%04d !ERROR sending %s",session->socket,path);
				return(0);
			}
			ret+=i;
			remain-=i;
		}
		close(file);
	}
	return(ret);
}

/********************************************************/
/* Sends a specified error message, closes the request, */
/* and marks the session to be closed 					*/
/********************************************************/
static void send_error(http_session_t * session, const char* message)
{
	char	error_code[4];
	struct stat	sb;
	char	sbuf[MAX_PATH+1];
	char	sbuf2[MAX_PATH+1];
	BOOL	sent_ssjs=FALSE;

	if(session->socket==INVALID_SOCKET)
		return;
	session->req.if_modified_since=0;
	lprintf(LOG_INFO,"%04d !ERROR: %s",session->socket,message);
	session->req.keep_alive=FALSE;
	session->req.send_location=NO_LOCATION;
	SAFECOPY(error_code,message);
	SAFECOPY(session->req.status,message);
	if(atoi(error_code)<500) {
		/*
		 * Attempt to run SSJS error pages
		 * If this fails, do the standard error page instead,
		 * ie: Don't "upgrade" to a 500 error
		 */

		if(session->req.error_dir) {
			/* We have a custom error directory from webctrl.ini look there first */
			sprintf(sbuf,"%s%s%s",session->req.error_dir,error_code,startup->ssjs_ext);
			if(stat(sbuf,&sb)) {
				/* No custom .ssjs error message... check for custom .html */
				sprintf(sbuf2,"%s%s.html",session->req.error_dir,error_code);
				if(stat(sbuf2,&sb)) {
					/* Nope, no custom .html error either, check for global ssjs one */
					sprintf(sbuf,"%s%s%s",error_dir,error_code,startup->ssjs_ext);
				}
			}
		}
		else
			sprintf(sbuf,"%s%s%s",error_dir,error_code,startup->ssjs_ext);
		if(!stat(sbuf,&sb)) {
			lprintf(LOG_INFO,"%04d Using SSJS error page",session->socket);
			session->req.dynamic=IS_SSJS;
			if(js_setup(session)) {
				sent_ssjs=exec_ssjs(session,sbuf);
				if(sent_ssjs) {
					int	snt=0;

					lprintf(LOG_INFO,"%04d Sending generated error page",session->socket);
					snt=sock_sendfile(session,session->req.physical_path,0,0);
					if(snt<0)
						snt=0;
					if(session->req.ld!=NULL)
						session->req.ld->size=snt;
				}
				else
					 session->req.dynamic=IS_STATIC;
			}
			else
				session->req.dynamic=IS_STATIC;
		}
	}
	if(!sent_ssjs) {
		if(session->req.error_dir) {
			sprintf(session->req.physical_path,"%s%s.html",session->req.error_dir,error_code);
			if(stat(session->req.physical_path,&sb))
				sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
		}
		else
			sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
		session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
		send_headers(session,message,FALSE);
		if(!stat(session->req.physical_path,&sb)) {
			int	snt=0;
			snt=sock_sendfile(session,session->req.physical_path,0,0);
			if(snt<0)
				snt=0;
			if(session->req.ld!=NULL)
				session->req.ld->size=snt;
		}
		else {
			lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist"
				,session->socket,session->req.physical_path);
			safe_snprintf(sbuf,sizeof(sbuf)
				,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
				"<BODY><H1>%s Error</H1><BR><H3>In addition, "
				"I can't seem to find the %s error file</H3><br>"
				"please notify <a href=\"mailto:sysop@%s\">"
				"%s</a></BODY></HTML>"
				,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
			bufprint(session,sbuf);
			if(session->req.ld!=NULL)
				session->req.ld->size=strlen(sbuf);
		}
	}
	drain_outbuf(session);
	session->req.finished=TRUE;
}

void http_logon(http_session_t * session, user_t *usr)
{
	if(usr==NULL)
		getuserdat(&scfg, &session->user);
	else
		session->user=*usr;

	if(session->user.number==session->last_user_num)
		return;

	lprintf(LOG_DEBUG,"%04d HTTP Logon (user #%d)",session->socket,session->user.number);

	if(session->subscan!=NULL)
		getmsgptrs(&scfg,session->user.number,session->subscan);

	session->logon_time=time(NULL);
	if(session->user.number==0)
		SAFECOPY(session->username,unknown);
	else {
		SAFECOPY(session->username,session->user.alias);
		/* Adjust Connect and host */
		SAFECOPY(session->user.modem, session->client.protocol);
		SAFECOPY(session->user.comp, session->host_name);
		SAFECOPY(session->user.ipaddr, session->host_ip);
		session->user.logontime = (time32_t)session->logon_time;
		putuserdat(&scfg, &session->user);
	}
	session->client.user=session->username;
	client_on(session->socket, &session->client, /* update existing client record? */TRUE);

	session->last_user_num=session->user.number;
}

void http_logoff(http_session_t* session, SOCKET socket, int line)
{
	if(session->last_user_num<=0)
		return;

	lprintf(LOG_DEBUG,"%04d HTTP Logoff (user #%d) from line %d"
		,socket,session->user.number, line);

	SAFECOPY(session->username,unknown);
	if(!logoutuserdat(&scfg, &session->user, time(NULL), session->logon_time))
		lprintf(LOG_ERR,"%04d !ERROR in logoutuserdat", socket);
	memset(&session->user,0,sizeof(session->user));
	session->last_user_num=session->user.number;
}

BOOL http_checkuser(http_session_t * session)
{
	if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {
		if(session->last_js_user_num==session->user.number)
			return(TRUE);
		lprintf(LOG_DEBUG,"%04d JavaScript: Initializing User Objects",session->socket);
		JS_BEGINREQUEST(session->js_cx);
		if(session->user.number>0) {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, &session->user, &session->client
				,NULL /* ftp index file */, session->subscan /* subscan */)) {
				JS_ENDREQUEST(session->js_cx);
				lprintf(LOG_ERR,"%04d !JavaScript ERROR creating user objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
		else {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, /* user: */NULL, &session->client
				,NULL /* ftp index file */, session->subscan /* subscan */)) {
				JS_ENDREQUEST(session->js_cx);
				lprintf(LOG_ERR,"%04d !ERROR initializing JavaScript User Objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
		JS_ENDREQUEST(session->js_cx);
		session->last_js_user_num=session->user.number;
	}
	return(TRUE);
}

static void calculate_digest(http_session_t * session, char *ha1, char *ha2, unsigned char digest[MD5_DIGEST_SIZE])
{
	MD5		ctx;

	MD5_open(&ctx);
	MD5_digest(&ctx, ha1, strlen(ha1));
	MD5_digest(&ctx, ":", 1);
	/* exception on next line (session->req.auth.nonce==NULL) */
	MD5_digest(&ctx, session->req.auth.nonce, strlen(session->req.auth.nonce));
	MD5_digest(&ctx, ":", 1);

	if(session->req.auth.qop_value != QOP_NONE) {
		MD5_digest(&ctx, session->req.auth.nonce_count, strlen(session->req.auth.nonce_count));
		MD5_digest(&ctx, ":", 1);
		MD5_digest(&ctx, session->req.auth.cnonce, strlen(session->req.auth.cnonce));
		MD5_digest(&ctx, ":", 1);
		switch(session->req.auth.qop_value) {
			case QOP_AUTH:
				MD5_digest(&ctx, "auth", 4);
				break;
			case QOP_AUTH_INT:
				MD5_digest(&ctx, "auth-int", 7);
				break;
			default:
				break;
		}
		MD5_digest(&ctx, ":", 1);
	}
	MD5_digest(&ctx, ha2, strlen(ha2));
	MD5_close(&ctx, digest);
}

static BOOL digest_authentication(http_session_t* session, int auth_allowed, user_t thisuser, char** reason)
{
	unsigned char	digest[MD5_DIGEST_SIZE];
	char			ha1[MD5_DIGEST_SIZE*2+1];
	char			ha1l[MD5_DIGEST_SIZE*2+1];
	char			ha1u[MD5_DIGEST_SIZE*2+1];
	char			ha2[MD5_DIGEST_SIZE*2+1];
	char			*pass;
	char			*p;
	time32_t		nonce_time;
	time32_t		now;
	MD5				ctx;

	if((auth_allowed & (1<<AUTHENTICATION_DIGEST))==0) {
		*reason="digest auth not allowed";
		return(FALSE);
	}
	if(session->req.auth.qop_value==QOP_UNKNOWN) {
		*reason="QOP unknown";
		return(FALSE);
	}
	if(session->req.auth.algorithm==ALGORITHM_UNKNOWN) {
		*reason="algorithm unknown";
		return(FALSE);
	}
	/* Validate rules from RFC-2617 */
	if(session->req.auth.qop_value==QOP_AUTH
			|| session->req.auth.qop_value==QOP_AUTH_INT) {
		if(session->req.auth.cnonce==NULL) {
			*reason="no cnonce";
			return(FALSE);
		}
		if(session->req.auth.nonce_count==NULL) {
			*reason="no nonce count";
			return(FALSE);
		}
	}
	else {
		if(session->req.auth.cnonce!=NULL) {
			*reason="unexpected cnonce present";
			return(FALSE);
		}
		if(session->req.auth.nonce_count!=NULL) {
			*reason="unexpected nonce count present";
			return(FALSE);
		}
	}

	/* H(A1) */
	MD5_open(&ctx);
	MD5_digest(&ctx, session->req.auth.username, strlen(session->req.auth.username));
	MD5_digest(&ctx, ":", 1);
	MD5_digest(&ctx, session->req.digest_realm?session->req.digest_realm:(session->req.realm?session->req.realm:scfg.sys_name), strlen(session->req.digest_realm?session->req.digest_realm:(session->req.realm?session->req.realm:scfg.sys_name)));
	MD5_digest(&ctx, ":", 1);
	MD5_digest(&ctx, thisuser.pass, strlen(thisuser.pass));
	MD5_close(&ctx, digest);
	MD5_hex((BYTE*)ha1, digest);

	/* H(A1)l */
	pass=strdup(thisuser.pass);
	strlwr(pass);
	MD5_open(&ctx);
	MD5_digest(&ctx, session->req.auth.username, strlen(session->req.auth.username));
	MD5_digest(&ctx, ":", 1);
	MD5_digest(&ctx, session->req.digest_realm?session->req.digest_realm:(session->req.realm?session->req.realm:scfg.sys_name), strlen(session->req.digest_realm?session->req.digest_realm:(session->req.realm?session->req.realm:scfg.sys_name)));
	MD5_digest(&ctx, ":", 1);
	MD5_digest(&ctx, pass, strlen(pass));
	MD5_close(&ctx, digest);
	MD5_hex((BYTE*)ha1l, digest);

	/* H(A1)u */
	strupr(pass);
	MD5_open(&ctx);
	MD5_digest(&ctx, session->req.auth.username, strlen(session->req.auth.username));
	MD5_digest(&ctx, ":", 1);
	MD5_digest(&ctx, session->req.digest_realm?session->req.digest_realm:(session->req.realm?session->req.realm:scfg.sys_name), strlen(session->req.digest_realm?session->req.digest_realm:(session->req.realm?session->req.realm:scfg.sys_name)));
	MD5_digest(&ctx, ":", 1);
	MD5_digest(&ctx, thisuser.pass, strlen(thisuser.pass));
	MD5_close(&ctx, digest);
	MD5_hex((BYTE*)ha1u, digest);
	free(pass);

	/* H(A2) */
	MD5_open(&ctx);
	MD5_digest(&ctx, methods[session->req.method], strlen(methods[session->req.method]));
	MD5_digest(&ctx, ":", 1);
	/* exception here, session->req.auth.digest_uri==NULL */
	MD5_digest(&ctx, session->req.auth.digest_uri, strlen(session->req.auth.digest_uri));
	/* TODO QOP==AUTH_INT */
	if(session->req.auth.qop_value == QOP_AUTH_INT) {
		*reason="QOP value";
		return(FALSE);
	}
	MD5_close(&ctx, digest);
	MD5_hex((BYTE*)ha2, digest);

	/* Check password as in user.dat */
	calculate_digest(session, ha1, ha2, digest);
	if(thisuser.pass[0]) {	// Zero-length password is "special" (any password will work)
		if(memcmp(digest, session->req.auth.digest, sizeof(digest))) {
			/* Check against lower-case password */
			calculate_digest(session, ha1l, ha2, digest);
			if(memcmp(digest, session->req.auth.digest, sizeof(digest))) {
				/* Check against upper-case password */
				calculate_digest(session, ha1u, ha2, digest);
				if(memcmp(digest, session->req.auth.digest, sizeof(digest))) {
					*reason="digest mismatch";
					return(FALSE);
				}
			}
		}
	}

	/* Validate nonce */
	p=strchr(session->req.auth.nonce, '@');
	if(p==NULL) {
		session->req.auth.stale=TRUE;
		*reason="nonce lacks @";
		return(FALSE);
	}
	*p=0;
	if(strcmp(session->req.auth.nonce, session->client.addr)) {
		session->req.auth.stale=TRUE;
		*reason="nonce doesn't match client IP address";
		return(FALSE);
	}
	*p='@';
	p++;
	nonce_time=strtoul(p, &p, 10);
	if(*p) {
		session->req.auth.stale=TRUE;
		*reason="unexpected data after nonce time";
		return(FALSE);
	}
	now=(time32_t)time(NULL);
	if(nonce_time > now) {
		session->req.auth.stale=TRUE;
		*reason="nonce time in the future";
		return(FALSE);
	}
	if(nonce_time < now-1800) {
		session->req.auth.stale=TRUE;
		*reason="stale nonce time";
		return(FALSE);
	}

	return(TRUE);
}

static void badlogin(SOCKET sock, const char* prot, const char* user, const char* passwd, const char* host, union xp_sockaddr* addr)
{
	char reason[128];
	char addrstr[INET6_ADDRSTRLEN];
	ulong count;

	SAFEPRINTF(reason,"%s LOGIN", prot);
	count=loginFailure(startup->login_attempt_list, addr, prot, user, passwd);
	if(startup->login_attempt_hack_threshold && count>=startup->login_attempt_hack_threshold) {
		hacklog(&scfg, reason, user, passwd, host, addr);
#ifdef _WIN32
		if(startup->hack_sound[0] && !(startup->options&BBS_OPT_MUTE)) 
			PlaySound(startup->hack_sound, NULL, SND_ASYNC|SND_FILENAME);
#endif
	}
	if(startup->login_attempt_filter_threshold && count>=startup->login_attempt_filter_threshold)
		filter_ip(&scfg, prot, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS"
			,host, inet_addrtop(addr, addrstr, sizeof(addrstr)), user, /* fname: */NULL);
	if(count>1)
		mswait(startup->login_attempt_delay);
}

static BOOL check_ars(http_session_t * session)
{
	uchar	*ar;
	BOOL	authorized;
	int		i;
	user_t	thisuser;
	int		auth_allowed=0;
	unsigned *auth_list;
	unsigned auth_list_len;

	auth_list=parseEnumList(session->req.auth_list?session->req.auth_list:default_auth_list, ",", auth_type_names, &auth_list_len);
	for(i=0; ((unsigned)i)<auth_list_len; i++)
		auth_allowed |= 1<<auth_list[i];
	if(auth_list)
		free(auth_list);

	/* No authentication provided */
	if(session->req.auth.type==AUTHENTICATION_UNKNOWN) {
		/* No authentication information... */
		if(session->last_user_num!=0) {
			if(session->last_user_num>0)
				http_logoff(session,session->socket,__LINE__);
			session->user.number=0;
			http_logon(session,NULL);
		}
		if(!http_checkuser(session))
			return(FALSE);
		if(session->req.ars[0]) {
			/* There *IS* an ARS string  ie: Auth is required */
			if(startup->options&WEB_OPT_DEBUG_RX)
				lprintf(LOG_NOTICE,"%04d !No authentication information",session->socket);
			return(FALSE);
		}
		/* No auth required, allow */
		return(TRUE);
	}

	/* Require a password */
	i=matchuser(&scfg, session->req.auth.username, FALSE);
	if(i==0) {
		if(session->last_user_num!=0) {
			if(session->last_user_num>0)
				http_logoff(session,session->socket,__LINE__);
			session->user.number=0;
			http_logon(session,NULL);
		}
		if(!http_checkuser(session))
			return(FALSE);
		if(scfg.sys_misc&SM_ECHO_PW && session->req.auth.type==AUTHENTICATION_BASIC)
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: '%s' (password: %s)"
				,session->socket,session->req.auth.username,session->req.auth.password);
		else
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: '%s'"
				,session->socket,session->req.auth.username);
		return(FALSE);
	}
	thisuser.number=i;
	getuserdat(&scfg, &thisuser);
	switch(session->req.auth.type) {
		case AUTHENTICATION_TLS_PSK:
			if((auth_allowed & (1<<AUTHENTICATION_TLS_PSK))==0)
				return(FALSE);
			if(session->last_user_num!=0) {
				if(session->last_user_num>0)
					http_logoff(session,session->socket,__LINE__);
				session->user.number=0;
				http_logon(session,NULL);
			}
			if(!http_checkuser(session))
				return(FALSE);
			break;
		case AUTHENTICATION_BASIC:
			if((auth_allowed & (1<<AUTHENTICATION_BASIC))==0)
				return(FALSE);
			if(thisuser.pass[0] && stricmp(thisuser.pass,session->req.auth.password)) {
				if(session->last_user_num!=0) {
					if(session->last_user_num>0)
						http_logoff(session,session->socket,__LINE__);
					session->user.number=0;
					http_logon(session,NULL);
				}
				if(!http_checkuser(session))
					return(FALSE);
				if(scfg.sys_misc&SM_ECHO_PW)
					lprintf(LOG_WARNING,"%04d !BASIC AUTHENTICATION FAILURE for user '%s' (password: %s)"
						,session->socket,session->req.auth.username,session->req.auth.password);
				else
					lprintf(LOG_WARNING,"%04d !BASIC AUTHENTICATION FAILURE for user '%s'"
						,session->socket,session->req.auth.username);
				badlogin(session->socket,session->client.protocol, session->req.auth.username, session->req.auth.password, session->host_name, &session->addr);
				return(FALSE);
			}
			break;
		case AUTHENTICATION_DIGEST:
		{
			char* reason="unknown";
			if(!digest_authentication(session, auth_allowed, thisuser, &reason)) {
				lprintf(LOG_NOTICE,"%04d !DIGEST AUTHENTICATION FAILURE (reason: %s) for user '%s'"
						,session->socket,reason,session->req.auth.username);
				badlogin(session->socket,session->client.protocol, session->req.auth.username, "<digest>", session->host_name, &session->addr);
				return(FALSE);
			}
			break;
		}
		default:
			break;
	}

	if(i != session->last_user_num) {
		http_logoff(session,session->socket,__LINE__);
		session->user.number=i;
		http_logon(session,&thisuser);
	}
	if(!http_checkuser(session))
		return(FALSE);

	if(session->req.ld!=NULL) {
		FREE_AND_NULL(session->req.ld->user);
		/* FREE()d in http_logging_thread */
		session->req.ld->user=strdup(session->req.auth.username);
	}

	ar = arstr(NULL,session->req.ars,&scfg);
	authorized=chk_ar(&scfg,ar,&session->user,&session->client);
	if(ar!=NULL && ar!=nular)
		FREE_AND_NULL(ar);

	if(authorized)  {
		switch(session->req.auth.type) {
			case AUTHENTICATION_TLS_PSK:
				add_env(session,"AUTH_TYPE","TLS-PSK");
				break;
			case AUTHENTICATION_BASIC:
				add_env(session,"AUTH_TYPE","Basic");
				break;
			case AUTHENTICATION_DIGEST:
				add_env(session,"AUTH_TYPE","Digest");
				break;
			default:
				break;
		}
		/* Should use real name if set to do so somewhere ToDo */
		add_env(session,"REMOTE_USER",session->user.alias);

		if(thisuser.pass[0])
			loginSuccess(startup->login_attempt_list, &session->addr);

		return(TRUE);
	}

	/* Should go to the hack log? */
	lprintf(LOG_WARNING,"%04d !AUTHORIZATION FAILURE for user %s, ARS: %s"
		,session->socket,session->req.auth.username,session->req.ars);

#ifdef _WIN32
	if(startup->hack_sound[0] && !(startup->options&BBS_OPT_MUTE)) 
		PlaySound(startup->hack_sound, NULL, SND_ASYNC|SND_FILENAME);
#endif

	return(FALSE);
}

static named_string_t** read_ini_list(char* path, char* section, char* desc
									  ,named_string_t** list)
{
	size_t	i;
	FILE*	fp;

	list=iniFreeNamedStringList(list);

	if((fp=iniOpenFile(path, /* create? */FALSE))!=NULL) {
		list=iniReadNamedStringList(fp,section);
		iniCloseFile(fp);
		COUNT_LIST_ITEMS(list,i);
		if(i)
			lprintf(LOG_DEBUG,"Read %u %s from %s section of %s"
				,i,desc,section==NULL ? "root":section,path);
	} else
		lprintf(LOG_WARNING, "Error %d opening %s", errno, path);
	return(list);
}

static int sess_recv(http_session_t *session, char *buf, size_t length, int flags)
{
	int len;
	
	if (session->is_tls) {
		if (flags == MSG_PEEK) {
			if (session->peeked_valid) {
				buf[0] = session->peeked;
				return 1;
			}
			if (HANDLE_CRYPT_CALL(cryptPopData(session->tls_sess, &session->peeked, 1, &len), session)) {
				if (len == 1) {
					session->peeked_valid = TRUE;
					buf[0] = session->peeked;
					return 1;
				}
				return 0;
			}
			return -1;
		}
		else {
			if (session->peeked_valid) {
				buf[0] = session->peeked;
				session->peeked_valid = FALSE;
				return 1;
			}
			if (HANDLE_CRYPT_CALL(cryptPopData(session->tls_sess, buf, length, &len), session)) {
				if (len == 0) {
					session->tls_pending = FALSE;
				}
				return len;
			}
			return -1;
		}
	}
	else {
		return recv(session->socket, buf, length, flags);
	}
}

static int sockreadline(http_session_t * session, char *buf, size_t length)
{
	char	ch;
	int		sel;
	DWORD	i;
	DWORD	chucked=0;
	fd_set	rd_set;
	struct	timeval tv;