websrvr.c 87.6 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2004 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/*
 * General notes: (ToDo stuff)
 * strtok() is used a LOT in here... notice that there is a strtok_r() for reentrant...
 * this may imply that strtok() is NOT thread-safe... if in fact it isn't this HAS
 * to be fixed before any real production-level quality is achieved with this web server
 * however, strtok_r() may not be a standard function.
 *
 * RE: not sending the headers if an nph scrpit is detected.  (The headers buffer could
 * just be free()ed and NULLed)
 *
 * Currently, all SSJS requests for a session are ran in the same context without clearing the context in
 * any way.  This behaviour should not be relied on as it may disappear in the future... this will require
 * some thought as it COULD be handy in some circumstances and COULD cause weird bugs in others.
 *
 * Dynamic content is always resent on an If-Modified-Since request... this may not be optimal behaviour
 * for GET requests...
 *
 * Should support RFC2617 Digest auth.
 *
 * Fix up all the logging stuff.
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 *
 * SSJS stuff could work using three different methods:
 * 1) Temporary file as happens currently
 *		Advantages:
 *			Allows to keep current connection (keep-alive works)
 *			write() doesn't need to be "special"
 *		Disadvantages:
 *			Depends on the temp dir being writable and capable of holding
 *				the full reply
 *			Everything goes throug the disk, so probobly some performance
 *				penalty is involved
 *			No way of sending directly to the remote system
 * 2) nph- style
 *		Advantages:
 *			No file I/O involved
 *			Can do magic tricks (ala my perl web wrapper)
 *		Disadvantages:
 *			Pretty much everything needs to be handled by the script.
 * 3) Return body in http_reply object
 *		All the advantages of 1)
 *		Could use a special write() to make everything just great.
 *		Still doesn't allow page to be sent until fully composed (ie: long
 *			delays)
 * 4) Type three with a callback that sends the header and current body, then
 *		converts write() to send directly to remote.
deuce's avatar
deuce committed
83
84
85
86
 *
 * Add in support to pass connections through to a different webserver...
 *      probobly in access.ars... with like a simplified mod_rewrite.
 *      This would allow people to run apache and Synchronet as the same site.
87
88
 */

deuce's avatar
deuce committed
89
/* Headers for CGI stuff */
90
91
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
92
93
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
94
95
#endif

96
#ifndef JAVASCRIPT
97
#define JAVASCRIPT
98
99
#endif

100
#include "sbbs.h"
101
#include "link_list.h"
102
#include "sockwrap.h"		/* sendfilesocket() */
103
#include "threadwrap.h"		/* pthread_mutex_t */
104
#include "semwrap.h"
105
#include "websrvr.h"
deuce's avatar
deuce committed
106
#include "base64.h"
107

108
109
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
110
111
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
112
113
static const char*	error_404="404 Not Found";
static const char*	error_500="500 Internal Server Error";
114
static const char*	unknown="<unknown>";
115
116

extern const uchar* nular;
rswindell's avatar
rswindell committed
117
118

#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
deuce's avatar
deuce committed
119
120
121
#define MAX_REQUEST_LINE		1024	/* NOT including terminator */
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers 
										   (Including terminator )*/
122

123
124
125
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
static uint 	http_threads_running=0;
126
static BOOL		http_logging_thread_running=FALSE;
127
128
static ulong	active_clients=0;
static ulong	sockets=0;
129
static BOOL		terminate_server=FALSE;
130
static BOOL		terminate_http_logging_thread=FALSE;
131
132
133
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static char		revision[16];
134
135
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
136
static char		cgi_dir[MAX_PATH+1];
137
static time_t	uptime=0;
138
static DWORD	served=0;
139
static web_startup_t* startup=NULL;
140
static js_server_props_t js_server_props;
141
142
static link_list_t recycle_semfiles;
static link_list_t shutdown_semfiles;
143

144
145
static named_string_t** mime_types;

146
147
148
/* Logging stuff */
sem_t	log_sem;
pthread_mutex_t	log_mutex;
149
link_list_t	log_list;
150
151
152
153
154
155
156
157
158
159
160
161
struct log_data {
	char	*hostname;
	char	*ident;
	char	*user;
	char	*request;
	char	*referrer;
	char	*agent;
	int		status;
	unsigned int	size;
	struct tm completed;
};

162
typedef struct  {
163
	char	*val;
164
165
166
167
	void	*next;
} linked_list;

typedef struct  {
168
	int			method;
169
170
171
172
173
174
175
176
177
178
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL		parsed_headers;
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
	char    	auth[128];				/* UserID:Password */
	char		host[128];				/* The requested host. (virtual hosts) */
	int			send_location;
179
180
181
	const char*	mime_type;

	/* CGI parameters */
182
183
	char		query_str[MAX_REQUEST_LINE+1];
	char		extra_path_info[MAX_REQUEST_LINE+1];
deuce's avatar
deuce committed
184

185
	linked_list*	cgi_env;
186
	linked_list*	dynamic_heads;
187
	char		status[MAX_REQUEST_LINE+1];
188
189
	char *		post_data;
	size_t		post_len;
190
	int			dynamic;
191
	struct log_data	*ld;
192
193
194
195

	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;

196
197
198
} http_request_t;

typedef struct  {
199
200
	SOCKET			socket;
	SOCKADDR_IN		addr;
201
	http_request_t	req;
202
203
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
204
205
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
206
207
208
	user_t			user;
	int				last_user_num;
	time_t			logon_time;
209
	char			username[LEN_NAME+1];
210
211
212
213
214

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
215
216
217
	JSObject*		js_query;
	JSObject*		js_header;
	JSObject*		js_request;
218
219
220

	/* Client info */
	client_t		client;
221
222
223
224
225
} http_session_t;

enum { 
	 HTTP_0_9
	,HTTP_1_0
226
	,HTTP_1_1
227
228
229
230
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
231
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
232
	,NULL	/* terminator */
233
234
235
236
237
238
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
};
239

rswindell's avatar
rswindell committed
240
241
242
static char* methods[] = {
	 "HEAD"
	,"GET"
243
	,"POST"
rswindell's avatar
rswindell committed
244
245
	,NULL	/* terminator */
};
246

247
248
249
250
251
252
253
enum { 
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

254
enum { 
255
256
257
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
258
259
	,HEAD_LENGTH
	,HEAD_TYPE
260
261
262
263
264
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
265
266
267
268
269
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
270
271
	,HEAD_REFERER
	,HEAD_AGENT
272
273
274
275
276
277
};

static struct {
	int		id;
	char*	text;
} headers[] = {
278
279
280
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
281
282
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
283
284
285
286
287
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
288
289
290
291
292
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
293
294
	{ HEAD_REFERER,			"Referer"				},
	{ HEAD_AGENT,			"User-Agent"			},
295
	{ -1,					NULL /* terminator */	},
296
297
};

298
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
299
300
301
enum  {
	NO_LOCATION
	,MOVED_PERM
302
	,MOVED_TEMP
303
	,MOVED_STAT
304
305
};

306
307
308
/* Max. times to follow internal redirects for a single request */
#define MAX_REDIR_LOOPS	20

309
310
311
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

312
static void respond(http_session_t * session);
313
static BOOL js_setup(http_session_t* session);
314
static char *find_last_slash(char *str);
315

316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
static time_t
sub_mkgmt(struct tm *tm)
{
        int y, nleapdays;
        time_t t;
        /* days before the month */
        static const unsigned short moff[12] = {
                0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
        };

        /*
         * XXX: This code assumes the given time to be normalized.
         * Normalizing here is impossible in case the given time is a leap
         * second but the local time library is ignorant of leap seconds.
         */

        /* minimal sanity checking not to access outside of the array */
        if ((unsigned) tm->tm_mon >= 12)
                return (time_t) -1;
        if (tm->tm_year < 1970 - 1900)
                return (time_t) -1;

        y = tm->tm_year + 1900 - (tm->tm_mon < 2);
        nleapdays = y / 4 - y / 100 + y / 400 -
            ((1970-1) / 4 - (1970-1) / 100 + (1970-1) / 400);
        t = ((((time_t) (tm->tm_year - (1970 - 1900)) * 365 +
                        moff[tm->tm_mon] + tm->tm_mday - 1 + nleapdays) * 24 +
                tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;

        return (t < 0 ? (time_t) -1 : t);
}

time_t
time_gm(struct tm *tm)
{
        time_t t, t2;
        struct tm *tm2;
        int sec;

        /* Do the first guess. */
        if ((t = sub_mkgmt(tm)) == (time_t) -1)
                return (time_t) -1;

        /* save value in case *tm is overwritten by gmtime() */
        sec = tm->tm_sec;

        tm2 = gmtime(&t);
        if ((t2 = sub_mkgmt(tm2)) == (time_t) -1)
                return (time_t) -1;

        if (t2 < t || tm2->tm_sec != sec) {
                /*
                 * Adjust for leap seconds.
                 *
                 *     real time_t time
                 *           |
                 *          tm
                 *         /        ... (a) first sub_mkgmt() conversion
                 *       t
                 *       |
                 *      tm2
                 *     /        ... (b) second sub_mkgmt() conversion
                 *   t2
                 *                        --->time
                 */
                /*
                 * Do the second guess, assuming (a) and (b) are almost equal.
                 */
                t += t - t2;
                tm2 = gmtime(&t);

                /*
                 * Either (a) or (b), may include one or two extra
                 * leap seconds.  Try t, t + 2, t - 2, t + 1, and t - 1.
                 */
                if (tm2->tm_sec == sec
                    || (t += 2, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 4, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t += 3, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 2, tm2 = gmtime(&t), tm2->tm_sec == sec))
                        ;        /* found */
                else {
                        /*
                         * Not found.
                         */
                        if (sec >= 60)
                                /*
                                 * The given time is a leap second
                                 * (sec 60 or 61), but the time library
                                 * is ignorant of the leap second.
                                 */
                                ;        /* treat sec 60 as 59,
                                           sec 61 as 0 of the next minute */
                        else
                                /* The given time may not be normalized. */
                                t++;        /* restore t */
                }
        }

        return (t < 0 ? (time_t) -1 : t);
}
417

418
static int lprintf(int level, char *fmt, ...)
419
420
421
422
423
424
425
426
427
428
429
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
430
    return(startup->lputs(startup->cbdata,level,sbuf));
431
432
433
434
435
}

#ifdef _WINSOCKAPI_

static WSADATA WSAData;
436
#define SOCKLIB_DESC WSAData.szDescription
437
438
439
440
441
442
443
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
444
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
445
446
447
448
		WSAInitialized=TRUE;
		return (TRUE);
	}

449
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
450
451
452
453
454
455
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
456
#define SOCKLIB_DESC NULL
457
458
459
460
461
462

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
463
	    startup->status(startup->cbdata,str);
464
465
466
467
468
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
469
		startup->clients(startup->cbdata,active_clients);
470
471
472
473
474
}

static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
475
		startup->client_on(startup->cbdata,TRUE,sock,client,update);
476
477
478
479
480
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
481
		startup->client_on(startup->cbdata,FALSE,sock,NULL,FALSE);
482
483
484
485
486
487
}

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
488
		startup->thread_up(startup->cbdata,TRUE, setuid);
489
490
491
492
493
494
495
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
496
		startup->thread_up(startup->cbdata,FALSE, FALSE);
497
498
}

deuce's avatar
deuce committed
499
500
501
502
/********************************************************/
/* Adds an item to a linked list 						*/
/* ToDo: Replace this with link_list stuff from xpdev 	*/
/********************************************************/
503
504
static linked_list *add_list(linked_list *list,const char *value)  {
	linked_list*	entry;
505

506
507
	entry=malloc(sizeof(linked_list));
	if(entry==NULL)  {
508
		lprintf(LOG_CRIT,"Could not allocate memory for \"%s\" in linked list.",&value);
509
		return(list);
510
	}
511
512
513
	entry->val=malloc(strlen(value)+1);
	if(entry->val==NULL)  {
		FREE_AND_NULL(entry);
514
		lprintf(LOG_CRIT,"Could not allocate memory for \"%s\" in linked list.",&value);
515
516
517
518
519
		return(list);
	}
	strcpy(entry->val,value);
	entry->next=list;
	return(entry);
520
521
}

deuce's avatar
deuce committed
522
523
524
/*********************************************************************/
/* Adds an environment variable to the sessions  cgi_env linked list */
/*********************************************************************/
525
static void add_env(http_session_t *session, const char *name,const char *value)  {
526
527
	char	newname[129];
	char	fullname[387];
528
529
530
	char	*p;
	
	if(name==NULL || value==NULL)  {
531
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
532
533
534
535
536
537
538
539
540
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
541
542
543

	sprintf(fullname,"%s=%s",newname,value);
	session->req.cgi_env=add_list(session->req.cgi_env,fullname);
544
545
}

deuce's avatar
deuce committed
546
547
548
/***************************************/
/* Initializes default CGI envirnoment */
/***************************************/
549
550
551
552
553
554
555
static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
556
	if(!strcmp(session->host_name,session->host_ip))
557
558
559
560
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
}

561
/*
deuce's avatar
deuce committed
562
 * Sends string str to socket sock... returns number of bytes written, or 0 on an error
563
564
565
566
 * (Should it be -1 on an error?)
 * Can not close the socket since it can not set it to INVALID_SOCKET
 * ToDo - Decide error behaviour, should a SOCKET * be passed around rather than a socket?
 */
567
568
static int sockprint(SOCKET sock, const char *str)
{
569
570
571
	int len;
	int	result;
	int written=0;
572
	BOOL	wr;
573
574
575

	if(sock==INVALID_SOCKET)
		return(0);
576
	if(startup->options&WEB_OPT_DEBUG_TX)
577
		lprintf(LOG_DEBUG,"%04d TX: %s", sock, str);
578
	len=strlen(str);
579

580
	while(socket_check(sock,NULL,&wr,60000) && wr && written<len)  {
581
		result=sendsocket(sock,str+written,len-written);
582
583
		if(result==SOCKET_ERROR) {
			if(ERROR_VALUE==ECONNRESET) 
584
				lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",sock);
585
			else if(ERROR_VALUE==ECONNABORTED) 
586
				lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",sock);
587
			else
588
				lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
589
590
			return(0);
		}
591
592
593
		written+=result;
	}
	if(written != len) {
594
		lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
595
596
597
598
599
		return(0);
	}
	return(len);
}

deuce's avatar
deuce committed
600
601
602
603
/**********************************************************/
/* Converts a month name/abbr to the 0-based month number */
/* ToDo: This probobly exists somewhere else already	  */
/**********************************************************/
604
605
606
607
608
609
610
611
612
613
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

deuce's avatar
deuce committed
614
615
616
/*******************************************************************/
/* Converts a date string in any of the common formats to a time_t */
/*******************************************************************/
617
618
619
static time_t decode_date(char *date)
{
	struct	tm	ti;
620
621
	char	*token;
	time_t	t;
622
623
624
625
626
627
628
629
630

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

631
	token=strtok(date,",");
632
633
	if(token==NULL)
		return(0);
634
635
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
636
		/* asctime() */
637
638
		/* Toss away week day */
		token=strtok(date," ");
639
640
		if(token==NULL)
			return(0);
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
		token=strtok(NULL,"");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
665
666
667
	}
	else  {
		/* RFC 1123 or RFC 850 */
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
692
693
694
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
695

696
	t=time_gm(&ti);
697
	return(t);
698
699
700
701
702
703
704
705
706
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
707
		startup->socket_open(startup->cbdata,TRUE);
708
709
	if(sock!=INVALID_SOCKET) {
		if(set_socket_options(&scfg, sock,error))
710
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727

		sockets++;
	}
	return(sock);
}


static int close_socket(SOCKET sock)
{
	int		result;

	if(sock==INVALID_SOCKET)
		return(-1);

	shutdown(sock,SHUT_RDWR);	/* required on Unix */
	result=closesocket(sock);
	if(startup!=NULL && startup->socket_open!=NULL) {
728
		startup->socket_open(startup->cbdata,FALSE);
729
730
731
732
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
733
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",sock, ERROR_VALUE);
734
735
736
737
738
	}

	return(result);
}

deuce's avatar
deuce committed
739
740
741
742
743
744
745
746
/**************************************************/
/* End of a single request...					  */
/* This is called at the end of EVERY request	  */
/*  Log the request       						  */
/*  Free request-specific data ie: dynamic stuff  */
/*  Close socket unless it's being kept alive     */
/*   If the socket is closed, the session is done */
/**************************************************/
747
748
static void close_request(http_session_t * session)
{
749
	linked_list	*p;
750
751
	time_t		now;

752
753
754
755
	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
		pthread_mutex_lock(&log_mutex);
756
		listPushNode(&log_list,session->req.ld);
757
758
759
760
		pthread_mutex_unlock(&log_mutex);
		sem_post(&log_sem);
		session->req.ld=NULL;
	}
761

762
763
764
765
766
	while(session->req.dynamic_heads != NULL)  {
		FREE_AND_NULL(session->req.dynamic_heads->val);
		p=session->req.dynamic_heads->next;
		FREE_AND_NULL(session->req.dynamic_heads);
		session->req.dynamic_heads=p;
767
	}
768
769
770
771
772
773
774
	while(session->req.cgi_env != NULL)  {
		FREE_AND_NULL(session->req.cgi_env->val);
		p=session->req.cgi_env->next;
		FREE_AND_NULL(session->req.cgi_env);
		session->req.cgi_env=p;
	}
	FREE_AND_NULL(session->req.post_data);
deuce's avatar
deuce committed
775
	if(!session->req.keep_alive || session->socket==INVALID_SOCKET) {
776
		close_socket(session->socket);
777
		session->socket=INVALID_SOCKET;
778
779
		session->finished=TRUE;
	}
780
	memset(&session->req,0,sizeof(session->req));
781
782
783
784
}

static int get_header_type(char *header)
{
785
	int i;
786
787
788
789
790
791
792
793
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

deuce's avatar
deuce committed
794
/* Opposite of get_header_type() */
795
796
static char *get_header(int id) 
{
797
	int i;
798
799
	if(headers[id].id==id)
		return(headers[id].text);
800
801
802
803
804
805
806
807
808

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

809
810
static const char* unknown_mime_type="application/octet-stream";

811
static const char* get_mime_type(char *ext)
812
813
814
815
{
	uint i;

	if(ext==NULL)
816
817
		return(unknown_mime_type);

818
819
820
	for(i=0;mime_types[i]!=NULL;i++)
		if(!stricmp(ext+1,mime_types[i]->name))
			return(mime_types[i]->value);
821
822

	return(unknown_mime_type);
823
824
}

825
826
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
827
	size_t dstlen,appendlen;
828
829
830
831
832
833
834
835
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

deuce's avatar
deuce committed
836
837
838
839
/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
840
static BOOL send_headers(http_session_t *session, const char *status)
841
{
842
	int		ret;
843
	BOOL	send_file=TRUE;
844
	time_t	ti;
845
	const char	*status_line;
846
	struct stat	stats;
847
	struct tm	tm;
848
	linked_list	*p;
849
	char	*headers;
850
	char	header[MAX_REQUEST_LINE+1];
851

852
853
854
	lprintf(LOG_DEBUG,"%04d Request resolved to: %s"
		,session->socket,session->req.physical_path);
	if(session->http_ver <= HTTP_0_9) {
deuce's avatar
deuce committed
855
856
		if(session->req.ld != NULL)
			session->req.ld->status=atoi(status);
deuce's avatar
deuce committed
857
		return(TRUE);
858
	}
deuce's avatar
deuce committed
859

860
	status_line=status;
861
	ret=stat(session->req.physical_path,&stats);
862
	if(!ret && session->req.if_modified_since && (stats.st_mtime <= session->req.if_modified_since) && !session->req.dynamic) {
863
		status_line="304 Not Modified";
864
		ret=-1;
865
		send_file=FALSE;
866
	}
867
	if(session->req.send_location==MOVED_PERM)  {
868
		status_line="301 Moved Permanently";
869
870
871
		ret=-1;
		send_file=FALSE;
	}
872
	if(session->req.send_location==MOVED_TEMP)  {
873
		status_line="302 Moved Temporarily";
874
875
876
		ret=-1;
		send_file=FALSE;
	}
877

878
879
880
	if(session->req.ld!=NULL)
		session->req.ld->status=atoi(status_line);

881
882
	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
883
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
884
885
886
		return(FALSE);
	}
	*headers=0;
887
	/* Status-Line */
888
	safe_snprintf(header,sizeof(header),"%s %s",http_vers[session->http_ver],status_line);
889
890
891

	lprintf(LOG_DEBUG,"%04d Result: %s",session->socket,header);

892
	safecat(headers,header,MAX_HEADERS_SIZE);
893
894
895

	/* General Headers */
	ti=time(NULL);
896
897
	if(gmtime_r(&ti,&tm)==NULL)
		memset(&tm,0,sizeof(tm));
898
	safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
899
900
901
		,get_header(HEAD_DATE)
		,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
		,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
902
903
	safecat(headers,header,MAX_HEADERS_SIZE);
	if(session->req.keep_alive) {
904
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
905
906
907
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
908
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Close");
909
910
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
911
912

	/* Response Headers */
913
	safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
914
	safecat(headers,header,MAX_HEADERS_SIZE);
915
916
	
	/* Entity Headers */
917
	if(session->req.dynamic) {
918
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST");
919
920
921
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
922
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD");
923
924
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
925

926
	if(session->req.send_location) {
927
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
928
		safecat(headers,header,MAX_HEADERS_SIZE);
929
	}
930
	if(session->req.keep_alive) {
deuce's avatar
deuce committed
931
		if(ret)  {
932
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LENGTH),"0");
933
			safecat(headers,header,MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
934
		}
935
		else  {
936
			safe_snprintf(header,sizeof(header),"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
937
			safecat(headers,header,MAX_HEADERS_SIZE);
938
		}
939
	}
940

941
	if(!ret && !session->req.dynamic)  {
942
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
943
		safecat(headers,header,MAX_HEADERS_SIZE);
944
		gmtime_r(&stats.st_mtime,&tm);
945
		safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
946
			,get_header(HEAD_LASTMODIFIED)
947
948
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
949
		safecat(headers,header,MAX_HEADERS_SIZE);
950
	} 
rswindell's avatar
rswindell committed
951

952
953
	if(session->req.dynamic)  {
		/* Dynamic headers */
954
		/* Set up environment */
955
		p=session->req.dynamic_heads;
956
		while(p != NULL)  {
957
			safecat(headers,p->val,MAX_HEADERS_SIZE);
958
			p=p->next;
959
		}
960
	}
961

962
	safecat(headers,"",MAX_HEADERS_SIZE);
963
	send_file = (sockprint(session->socket,headers) && send_file);
deuce's avatar
deuce committed
964
	FREE_AND_NULL(headers);
965
	return(send_file);
966
967
}

968
static int sock_sendfile(SOCKET socket,char *path)
969
970
{
	int		file;
971
	long	offset=0;
972
	int		ret=0;
973

974
	if(startup->options&WEB_OPT_DEBUG_TX)
975
		lprintf(LOG_DEBUG,"%04d Sending %s",socket,path);
976
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
977
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",socket,errno,path);
978
	else {
979
		if((ret=sendfilesocket(socket, file, &offset, 0)) < 1) {
980
			lprintf(LOG_DEBUG,"%04d !ERROR %d sending %s"
deuce's avatar
deuce committed
981
				, socket, errno, path);
982
983
			ret=0;
		}
984
985
		close(file);
	}
986
	return(ret);
987
988
}

deuce's avatar
deuce committed
989
990
991
992
/********************************************************/
/* Sends a specified error message, closes the request, */
/* and marks the session to be closed 					*/
/********************************************************/
993
static void send_error(http_session_t * session, const char* message)
994
995
{
	char	error_code[4];
996
	struct stat	sb;
997
	char	sbuf[1024];
998

999
	session->req.if_modified_since=0;
1000
	lprintf(LOG_INFO,"%04d !ERROR: %s",session->socket,message);
1001
	session->req.keep_alive=FALSE;
1002
	session->req.send_location=NO_LOCATION;
1003
	SAFECOPY(error_code,message);
1004
	sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
deuce's avatar
deuce committed
1005
1006
	session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
	send_headers(session,message);
1007
	if(!stat(session->req.physical_path,&sb)) {
1008
1009
1010
1011
1012
1013
		int	snt=0;
		snt=sock_sendfile(session->socket,session->req.physical_path);
		if(snt<0)
			snt=0;
		if(session->req.ld!=NULL)
			session->req.ld->size=snt;
1014
	}
1015
	else {
1016
		lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist"
1017
			,session->socket,session->req.physical_path);
1018
		safe_snprintf(sbuf,sizeof(sbuf)
1019
1020
1021
			,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
			"<BODY><H1>%s Error</H1><BR><H3>In addition, "
			"I can't seem to find the %s error file</H3><br>"
1022
1023
1024
			"please notify <a href=\"mailto:sysop@%s\">"
			"%s</a></BODY></HTML>"
			,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
1025
		sockprint(session->socket,sbuf);
1026
1027
		if(session->req.ld!=NULL)
			session->req.ld->size=strlen(sbuf);
1028
	}
1029
1030
1031
	close_request(session);
}

1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
void http_logon(http_session_t * session, user_t *usr)
{
	if(usr==NULL)
		getuserdat(&scfg, &session->user);

	if(session->user.number==session->last_user_num)
		return;
	if(session->user.number==0)
		SAFECOPY(session->username,unknown);
	else
		SAFECOPY(session->username,session->user.alias);
	session->last_user_num=session->user.number;
	session->logon_time=time(NULL);
}

void http_logoff(http_session_t * session)
{
	if(session->last_user_num<=0)
		return;
	SAFECOPY(session->username,unknown);
	logoutuserdat(&scfg, &session->user, time(NULL), session->logon_time);
	memset(&session->user,0,sizeof(session->user));
	session->last_user_num=session->user.number;
}

BOOL http_checkuser(http_session_t * session)
{
	if(session->req.dynamic==IS_SSJS) {
		lprintf(LOG_INFO,"%04d JavaScript: Initializing User Objects",session->socket);
		if(session->user.number>0) {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, &session->user
				,NULL /* ftp index file */, NULL /* subscan */)) {
				lprintf(LOG_ERR,"%04d !JavaScript ERROR creating user objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
		else {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, NULL
				,NULL /* ftp index file */, NULL /* subscan */)) {
				lprintf(LOG_ERR,"%04d !ERROR initializing JavaScript User Objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
	}
	return(TRUE);
}

1081
static BOOL check_ars(http_session_t * session)
1082
1083
1084
1085
{
	char	*username;
	char	*password;
	uchar	*ar;
1086
	BOOL	authorized;
1087
	char	auth_req[MAX_REQUEST_LINE+1];
1088
1089
	int		i;
	user_t	thisuser;
1090

1091
	if(session->req.auth[0]==0) {
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
		/* No authentication information... */
		if(session->last_user_num!=0) {
			if(session->last_user_num>0)
				http_logoff(session);
			session->user.number=0;
			http_logon(session,NULL);
		}
		if(!http_checkuser(session))
			return(FALSE);
		if(session->req.ars[0]) {
			/* There *IS* an ARS string  ie: Auth is required */
			if(startup->options&WEB_OPT_DEBUG_RX)
				lprintf(LOG_NOTICE,"%04d !No authentication information",session->socket);
			return(FALSE);
		}
		/* No auth required, allow */
		return(TRUE);
1109
	}
1110
	SAFECOPY(auth_req,session->req.auth);
1111

1112
	username=strtok(auth_req,":");
1113
1114
	if(username==NULL)
		username="";
1115
1116
1117
	password=strtok(NULL,":");
	/* Require a password */
	if(password==NULL)
1118
		password="";
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
	i=matchuser(&scfg, username, FALSE);
	if(i==0) {
		if(session->last_user_num!=0) {
			if(session->last_user_num>0)
				http_logoff(session);
			session->user.number=0;
			http_logon(session,NULL);
		}
		if(!http_checkuser(session))
			return(FALSE);
1129
		if(scfg.sys_misc&SM_ECHO_PW)
1130
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: %s, Password: %s"
1131
1132
				,session->socket,username,password);
		else
1133
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: %s"