websrvr.c 152 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2006 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
/*
 * General notes: (ToDo stuff)
 *
 * Should support RFC2617 Digest auth.
 *
43
 * Support the ident protocol... the standard log format supports it.
44
 *
deuce's avatar
deuce committed
45
46
47
 * Add in support to pass connections through to a different webserver...
 *      probobly in access.ars... with like a simplified mod_rewrite.
 *      This would allow people to run apache and Synchronet as the same site.
48
49
 */

deuce's avatar
deuce committed
50
/* Headers for CGI stuff */
51
52
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
53
54
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
55
56
#endif

57
#ifndef JAVASCRIPT
58
#define JAVASCRIPT
59
60
#endif

61
#undef SBBS	/* this shouldn't be defined unless building sbbs.dll/libsbbs.so */
62
#include "sbbs.h"
63
#include "sbbsdefs.h"
64
#include "sockwrap.h"		/* sendfilesocket() */
65
#include "threadwrap.h"
66
#include "semwrap.h"
67
#include "websrvr.h"
deuce's avatar
deuce committed
68
#include "base64.h"
69
#include "md5.h"
70

71
72
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
73
74
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
75
76
static const char*	error_301="301 Moved Permanently";
static const char*	error_302="302 Moved Temporarily";
77
static const char*	error_404="404 Not Found";
78
static const char*	error_416="416 Requested Range Not Satisfiable";
79
static const char*	error_500="500 Internal Server Error";
80
static const char*	unknown="<unknown>";
81

rswindell's avatar
rswindell committed
82
#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
deuce's avatar
deuce committed
83
84
85
#define MAX_REQUEST_LINE		1024	/* NOT including terminator */
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers 
										   (Including terminator )*/
86
#define MAX_REDIR_LOOPS			20		/* Max. times to follow internal redirects for a single request */
87
#define MAX_POST_LEN			1048576	/* Max size of body for POSTS */
88
#define	OUTBUF_LEN				20480	/* Size of output thread ring buffer */
89

90
91
92
enum {
	 CLEANUP_SSJS_TMP_FILE
	,CLEANUP_POST_DATA
93
	,MAX_CLEANUPS
94
};
95

96
97
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
98
static BOOL		http_logging_thread_running=FALSE;
deuce's avatar
deuce committed
99
static DWORD	active_clients=0;
100
static ulong	sockets=0;
101
static BOOL		terminate_server=FALSE;
102
static BOOL		terminate_http_logging_thread=FALSE;
103
104
105
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static char		revision[16];
106
107
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
108
static char		temp_dir[MAX_PATH+1];
109
static char		cgi_dir[MAX_PATH+1];
110
static char		cgi_env_ini[MAX_PATH+1];
111
static time_t	uptime=0;
112
static DWORD	served=0;
113
static web_startup_t* startup=NULL;
114
static js_server_props_t js_server_props;
115
116
static str_list_t recycle_semfiles;
static str_list_t shutdown_semfiles;
117
static int session_threads=0;
118

119
static named_string_t** mime_types;
120
121
static named_string_t** cgi_handlers;
static named_string_t** xjs_handlers;
122

123
/* Logging stuff */
124
link_list_t	log_list;
125
126
127
128
129
130
131
struct log_data {
	char	*hostname;
	char	*ident;
	char	*user;
	char	*request;
	char	*referrer;
	char	*agent;
132
	char	*vhost;
133
134
135
136
137
	int		status;
	unsigned int	size;
	struct tm completed;
};

138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
enum auth_type {
	 AUTHENTICATION_UNKNOWN
	,AUTHENTICATION_BASIC
	,AUTHENTICATION_DIGEST
};

enum algorithm {
	 ALGORITHM_UNKNOWN
	,ALGORITHM_MD5
	,ALGORITHM_MD5_SESS
};

enum qop_option {
	 QOP_NONE
	,QOP_AUTH
	,QOP_AUTH_INT
	,QOP_UNKNOWN
};

typedef struct {
	enum auth_type	type;
	char			username[(LEN_ALIAS > LEN_NAME ? LEN_ALIAS : LEN_NAME)+1];
	char			password[LEN_PASS+1];
	char			*digest_uri;
	char			*realm;
	char			*nonce;
	enum algorithm	algorithm;
	enum qop_option	qop_value;
	char			*cnonce;
	char			*nonce_count;
	unsigned char			digest[16];		/* MD5 digest */
169
	BOOL			stale;
170
171
} authentication_request_t;

172
typedef struct  {
173
	int			method;
174
175
176
177
178
179
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
180
	authentication_request_t	auth;
181
182
	char		host[128];				/* The requested host. (as used for self-referencing URLs) */
	char		vhost[128];				/* The requested host. (virtual host) */
183
	int			send_location;
184
	const char*	mime_type;
185
	str_list_t	headers;
186
	char		status[MAX_REQUEST_LINE+1];
187
188
	char *		post_data;
	size_t		post_len;
189
	int			dynamic;
190
	char		xjs_handler[MAX_PATH+1];
191
	struct log_data	*ld;
192
	char		request_line[MAX_REQUEST_LINE+1];
193
	BOOL		finished;				/* Done processing request. */
194
195
	BOOL		read_chunked;
	BOOL		write_chunked;
196
197
	long		range_start;
	long		range_end;
198
	BOOL		accept_ranges;
deuce's avatar
deuce committed
199
	time_t		if_range;
200
	BOOL		path_info_index;
201

202
203
204
	/* CGI parameters */
	char		query_str[MAX_REQUEST_LINE+1];
	char		extra_path_info[MAX_REQUEST_LINE+1];
205
206
	str_list_t	cgi_env;
	str_list_t	dynamic_heads;
207

208
209
	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;
210
	char		*cleanup_file[MAX_CLEANUPS];
211
212
	BOOL	sent_headers;
	BOOL	prev_write;
213
214
215
216
217

	/* webconfig.ini overrides */
	char	*error_dir;
	char	*cgi_dir;
	char	*realm;
218
219
220
} http_request_t;

typedef struct  {
221
222
	SOCKET			socket;
	SOCKADDR_IN		addr;
223
	http_request_t	req;
224
225
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
226
227
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
228
229
230
	user_t			user;
	int				last_user_num;
	time_t			logon_time;
231
	char			username[LEN_NAME+1];
232
	int				last_js_user_num;
233
234
235
236
237

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
238
239
	JSObject*		js_query;
	JSObject*		js_header;
240
	JSObject*		js_cookie;
241
	JSObject*		js_request;
242
	js_branch_t		js_branch;
deuce's avatar
deuce committed
243
	subscan_t		*subscan;
244

245
246
247
	/* Ring Buffer Stuff */
	RingBuf			outbuf;
	sem_t			output_thread_terminated;
248
249
	int				outbuf_write_initialized;
	pthread_mutex_t	outbuf_write;
250

251
252
	/* Client info */
	client_t		client;
deuce's avatar
deuce committed
253
254
255

	/* Synchronization stuff */
	pthread_mutex_t	struct_filled;
256
257
258
259
260
} http_session_t;

enum { 
	 HTTP_0_9
	,HTTP_1_0
261
	,HTTP_1_1
262
263
264
265
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
266
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
267
	,NULL	/* terminator */
268
269
270
271
272
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
273
274
	,HTTP_POST
	,HTTP_OPTIONS
275
};
276

rswindell's avatar
rswindell committed
277
278
279
static char* methods[] = {
	 "HEAD"
	,"GET"
280
	,"POST"
281
	,"OPTIONS"
rswindell's avatar
rswindell committed
282
283
	,NULL	/* terminator */
};
284

285
enum {
286
287
288
289
290
291
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

292
enum { 
293
294
295
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
296
297
	,HEAD_LENGTH
	,HEAD_TYPE
298
299
300
301
302
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
303
304
305
306
307
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
308
309
	,HEAD_REFERER
	,HEAD_AGENT
310
	,HEAD_TRANSFER_ENCODING
311
312
313
	,HEAD_ACCEPT_RANGES
	,HEAD_CONTENT_RANGE
	,HEAD_RANGE
deuce's avatar
deuce committed
314
	,HEAD_IFRANGE
315
	,HEAD_COOKIE
316
317
318
319
320
321
};

static struct {
	int		id;
	char*	text;
} headers[] = {
322
323
324
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
325
326
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
327
328
329
330
331
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
332
333
334
335
336
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
337
338
	{ HEAD_REFERER,			"Referer"				},
	{ HEAD_AGENT,			"User-Agent"			},
339
	{ HEAD_TRANSFER_ENCODING,			"Transfer-Encoding"			},
340
341
342
	{ HEAD_ACCEPT_RANGES,	"Accept-Ranges"			},
	{ HEAD_CONTENT_RANGE,	"Content-Range"			},
	{ HEAD_RANGE,			"Range"					},
deuce's avatar
deuce committed
343
	{ HEAD_IFRANGE,			"If-Range"				},
344
	{ HEAD_COOKIE,			"Cookie"				},
345
	{ -1,					NULL /* terminator */	},
346
347
};

348
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
349
enum  {
350
	 NO_LOCATION
351
	,MOVED_PERM
352
	,MOVED_TEMP
353
	,MOVED_STAT
354
355
};

356
357
358
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

359
static void respond(http_session_t * session);
360
static BOOL js_setup(http_session_t* session);
361
static char *find_last_slash(char *str);
362
static BOOL check_extra_path(http_session_t * session);
363
static BOOL exec_ssjs(http_session_t* session, char* script);
364
static BOOL ssjs_send_headers(http_session_t* session, int chunked);
365

366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
static time_t
sub_mkgmt(struct tm *tm)
{
        int y, nleapdays;
        time_t t;
        /* days before the month */
        static const unsigned short moff[12] = {
                0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
        };

        /*
         * XXX: This code assumes the given time to be normalized.
         * Normalizing here is impossible in case the given time is a leap
         * second but the local time library is ignorant of leap seconds.
         */

        /* minimal sanity checking not to access outside of the array */
        if ((unsigned) tm->tm_mon >= 12)
                return (time_t) -1;
        if (tm->tm_year < 1970 - 1900)
                return (time_t) -1;

        y = tm->tm_year + 1900 - (tm->tm_mon < 2);
        nleapdays = y / 4 - y / 100 + y / 400 -
            ((1970-1) / 4 - (1970-1) / 100 + (1970-1) / 400);
        t = ((((time_t) (tm->tm_year - (1970 - 1900)) * 365 +
                        moff[tm->tm_mon] + tm->tm_mday - 1 + nleapdays) * 24 +
                tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;

        return (t < 0 ? (time_t) -1 : t);
}

time_t
time_gm(struct tm *tm)
{
        time_t t, t2;
        struct tm *tm2;
        int sec;

        /* Do the first guess. */
        if ((t = sub_mkgmt(tm)) == (time_t) -1)
                return (time_t) -1;

        /* save value in case *tm is overwritten by gmtime() */
        sec = tm->tm_sec;

        tm2 = gmtime(&t);
        if ((t2 = sub_mkgmt(tm2)) == (time_t) -1)
                return (time_t) -1;

        if (t2 < t || tm2->tm_sec != sec) {
                /*
                 * Adjust for leap seconds.
                 *
                 *     real time_t time
                 *           |
                 *          tm
                 *         /        ... (a) first sub_mkgmt() conversion
                 *       t
                 *       |
                 *      tm2
                 *     /        ... (b) second sub_mkgmt() conversion
                 *   t2
                 *                        --->time
                 */
                /*
                 * Do the second guess, assuming (a) and (b) are almost equal.
                 */
                t += t - t2;
                tm2 = gmtime(&t);

                /*
                 * Either (a) or (b), may include one or two extra
                 * leap seconds.  Try t, t + 2, t - 2, t + 1, and t - 1.
                 */
                if (tm2->tm_sec == sec
                    || (t += 2, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 4, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t += 3, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 2, tm2 = gmtime(&t), tm2->tm_sec == sec))
                        ;        /* found */
                else {
                        /*
                         * Not found.
                         */
                        if (sec >= 60)
                                /*
                                 * The given time is a leap second
                                 * (sec 60 or 61), but the time library
                                 * is ignorant of the leap second.
                                 */
                                ;        /* treat sec 60 as 59,
                                           sec 61 as 0 of the next minute */
                        else
                                /* The given time may not be normalized. */
                                t++;        /* restore t */
                }
        }

        return (t < 0 ? (time_t) -1 : t);
}
467

468
static int lprintf(int level, char *fmt, ...)
469
470
471
472
473
474
475
476
477
478
479
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
480
    return(startup->lputs(startup->cbdata,level,sbuf));
481
482
}

483
484
static int writebuf(http_session_t	*session, const char *buf, size_t len)
{
485
486
	size_t	sent=0;
	size_t	avail;
487

488
	while(sent < len) {
489
		avail=RingBufFree(&session->outbuf);
deuce's avatar
deuce committed
490
		if(!avail) {
491
			SLEEP(1);
deuce's avatar
deuce committed
492
493
			continue;
		}
494
495
		if(avail > len-sent)
			avail=len-sent;
496
		sent+=RingBufWrite(&(session->outbuf), ((char *)buf)+sent, avail);
497
498
499
500
	}
	return(sent);
}

501
static int sock_sendbuf(SOCKET *sock, const char *buf, size_t len, BOOL *failed)
502
503
504
{
	size_t sent=0;
	int result;
505
	int sel;
506
507
	fd_set	wr_set;
	struct timeval tv;
508

509
	while(sent<len && *sock!=INVALID_SOCKET) {
510
511
512
513
514
		FD_ZERO(&wr_set);
		FD_SET(*sock,&wr_set);
		/* Convert timeout from ms to sec/usec */
		tv.tv_sec=startup->max_inactivity;
		tv.tv_usec=0;
515
516
		sel=select(*sock+1,NULL,&wr_set,NULL,&tv);
		switch(sel) {
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
			case 1:
				result=sendsocket(*sock,buf+sent,len-sent);
				if(result==SOCKET_ERROR) {
					if(ERROR_VALUE==ECONNRESET) 
						lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",*sock);
					else if(ERROR_VALUE==ECONNABORTED) 
						lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",*sock);
					else
						lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",*sock,ERROR_VALUE);
					if(failed)
						*failed=TRUE;
					return(sent);
				}
				break;
			case 0:
532
				lprintf(LOG_WARNING,"%04d Timeout selecting socket for write",*sock);
533
534
535
536
				if(failed)
					*failed=TRUE;
				return(sent);
			case -1:
537
				lprintf(LOG_WARNING,"%04d !ERROR %d selecting socket for write",*sock,ERROR_VALUE);
538
539
540
				if(failed)
					*failed=TRUE;
				return(sent);
541
542
543
544
545
546
547
548
		}
		sent+=result;
	}
	if(failed && sent<len)
		*failed=TRUE;
	return(sent);
}

549
550
551
#ifdef _WINSOCKAPI_

static WSADATA WSAData;
552
#define SOCKLIB_DESC WSAData.szDescription
553
554
555
556
557
558
559
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
560
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
561
562
563
564
		WSAInitialized=TRUE;
		return (TRUE);
	}

565
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
566
567
568
569
570
571
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
572
#define SOCKLIB_DESC NULL
573
574
575
576
577
578

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
579
	    startup->status(startup->cbdata,str);
580
581
582
583
584
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
585
		startup->clients(startup->cbdata,active_clients);
586
587
588
589
590
}

static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
591
		startup->client_on(startup->cbdata,TRUE,sock,client,update);
592
593
594
595
596
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
597
		startup->client_on(startup->cbdata,FALSE,sock,NULL,FALSE);
598
599
600
601
602
603
}

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
604
		startup->thread_up(startup->cbdata,TRUE, setuid);
605
606
607
608
609
610
611
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
612
		startup->thread_up(startup->cbdata,FALSE, FALSE);
613
614
}

deuce's avatar
deuce committed
615
616
617
/*********************************************************************/
/* Adds an environment variable to the sessions  cgi_env linked list */
/*********************************************************************/
618
static void add_env(http_session_t *session, const char *name,const char *value)  {
619
	char	newname[129];
620
	char	*p;
621

622
	if(name==NULL || value==NULL)  {
623
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
624
625
626
627
628
629
630
631
632
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
633
	p=(char *)alloca(strlen(name)+strlen(value)+2);
634
635
636
637
	if(p==NULL) {
		lprintf(LOG_WARNING,"%04d Cannot allocate memory for string", session->socket);
		return;
	}
638
#if 0	/* this is way too verbose for every request */
639
	lprintf(LOG_DEBUG,"%04d Adding CGI environment variable %s=%s",session->socket,newname,value);
640
#endif
641
	sprintf(p,"%s=%s",newname,value);
642
	strListPush(&session->req.cgi_env,p);
643
644
}

deuce's avatar
deuce committed
645
646
647
/***************************************/
/* Initializes default CGI envirnoment */
/***************************************/
648
649
650
651
652
653
654
static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
655
	if(!strcmp(session->host_name,session->host_ip))
656
657
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
658
	add_env(session,"REQUEST_URI",session->req.request_line);
659
660
}

661
/*
deuce's avatar
deuce committed
662
 * Sends string str to socket sock... returns number of bytes written, or 0 on an error
663
664
 * Can not close the socket since it can not set it to INVALID_SOCKET
 */
665
static int bufprint(http_session_t *session, const char *str)
666
{
667
668
669
	int len;

	len=strlen(str);
670
	return(writebuf(session,str,len));
671
672
}

deuce's avatar
deuce committed
673
674
675
676
/**********************************************************/
/* Converts a month name/abbr to the 0-based month number */
/* ToDo: This probobly exists somewhere else already	  */
/**********************************************************/
677
678
679
680
681
682
683
684
685
686
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

deuce's avatar
deuce committed
687
688
689
/*******************************************************************/
/* Converts a date string in any of the common formats to a time_t */
/*******************************************************************/
690
691
692
static time_t decode_date(char *date)
{
	struct	tm	ti;
693
	char	*token;
694
	char	*last;
695
	time_t	t;
696
697
698
699
700
701
702
703
704

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

705
	token=strtok_r(date,",",&last);
706
707
	if(token==NULL)
		return(0);
708
709
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
710
		/* asctime() */
711
		/* Toss away week day */
712
		token=strtok_r(date," ",&last);
713
714
		if(token==NULL)
			return(0);
715
		token=strtok_r(NULL," ",&last);
716
717
718
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
719
		token=strtok_r(NULL," ",&last);
720
721
722
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
723
		token=strtok_r(NULL,":",&last);
724
725
726
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
727
		token=strtok_r(NULL,":",&last);
728
729
730
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
731
		token=strtok_r(NULL," ",&last);
732
733
734
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
735
		token=strtok_r(NULL,"",&last);
736
737
738
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
739
740
741
	}
	else  {
		/* RFC 1123 or RFC 850 */
742
		token=strtok_r(NULL," -",&last);
743
744
745
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
746
		token=strtok_r(NULL," -",&last);
747
748
749
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
750
		token=strtok_r(NULL," ",&last);
751
752
753
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
754
		token=strtok_r(NULL,":",&last);
755
756
757
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
758
		token=strtok_r(NULL,":",&last);
759
760
761
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
762
		token=strtok_r(NULL," ",&last);
763
764
765
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
766
767
768
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
769

770
	t=time_gm(&ti);
771
	return(t);
772
773
774
775
776
777
778
779
780
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
781
		startup->socket_open(startup->cbdata,TRUE);
782
	if(sock!=INVALID_SOCKET) {
783
		if(set_socket_options(&scfg, sock, "web|http", error, sizeof(error)))
784
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
785
786
787
788
789
790

		sockets++;
	}
	return(sock);
}

791
static int close_socket(SOCKET *sock)
792
793
794
{
	int		result;

795
	if(sock==NULL || *sock==INVALID_SOCKET)
796
797
		return(-1);

deuce's avatar
deuce committed
798
799
	/* required to ensure all data is send when SO_LINGER is off (Not functional on Win32) */
	shutdown(*sock,SHUT_RDWR);
800
801
	result=closesocket(*sock);
	*sock=INVALID_SOCKET;
802
	if(startup!=NULL && startup->socket_open!=NULL) {
803
		startup->socket_open(startup->cbdata,FALSE);
804
805
806
807
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
808
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",*sock, ERROR_VALUE);
809
810
811
812
813
	}

	return(result);
}

814
815
816
/* Waits for the outbuf to drain */
static void drain_outbuf(http_session_t * session)
{
817
818
	if(session->socket==INVALID_SOCKET)
		return;
819
820
821
	/* Force the output thread to go NOW */
	sem_post(&(session->outbuf.highwater_sem));
	/* ToDo: This should probobly timeout eventually... */
822
	while(RingBufFull(&session->outbuf) && session->socket!=INVALID_SOCKET)
823
824
		SLEEP(1);
	/* Lock the mutex to ensure data has been sent */
825
	while(session->socket!=INVALID_SOCKET && !session->outbuf_write_initialized)
826
		SLEEP(1);
827
	if(session->socket==INVALID_SOCKET)
828
		return;
829
	pthread_mutex_lock(&session->outbuf_write);		/* Win32 Access violation here on Jan-11-2006 - shutting down webserver while in use */
830
831
832
	pthread_mutex_unlock(&session->outbuf_write);
}

deuce's avatar
deuce committed
833
834
835
836
837
838
839
840
/**************************************************/
/* End of a single request...					  */
/* This is called at the end of EVERY request	  */
/*  Log the request       						  */
/*  Free request-specific data ie: dynamic stuff  */
/*  Close socket unless it's being kept alive     */
/*   If the socket is closed, the session is done */
/**************************************************/
841
842
static void close_request(http_session_t * session)
{
843
	time_t		now;
844
	int			i;
845

846
	if(session->req.write_chunked) {
847
		drain_outbuf(session);
848
849
		session->req.write_chunked=0;
		writebuf(session,"0\r\n",3);
850
		if(session->req.dynamic==IS_SSJS)
851
			ssjs_send_headers(session,FALSE);
852
853
		else
			/* Non-ssjs isn't capable of generating headers during execution */
854
			writebuf(session, newline, 2);
855
856
	}

857
858
859
	/* Force the output thread to go NOW */
	sem_post(&(session->outbuf.highwater_sem));

860
861
862
	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
863
		listPushNode(&log_list,session->req.ld);
864
865
		session->req.ld=NULL;
	}
866

867
868
869
	strListFree(&session->req.headers);
	strListFree(&session->req.dynamic_heads);
	strListFree(&session->req.cgi_env);
870
	FREE_AND_NULL(session->req.post_data);
871
872
873
	FREE_AND_NULL(session->req.error_dir);
	FREE_AND_NULL(session->req.cgi_dir);
	FREE_AND_NULL(session->req.realm);
874
875
876
877
878
879
880

	FREE_AND_NULL(session->req.auth.digest_uri);
	FREE_AND_NULL(session->req.auth.cnonce);
	FREE_AND_NULL(session->req.auth.realm);
	FREE_AND_NULL(session->req.auth.nonce);
	FREE_AND_NULL(session->req.auth.nonce_count);

881
882
883
884
	/*
	 * This causes all active http_session_threads to terminate.
	 */
	if((!session->req.keep_alive) || terminate_server) {
885
		drain_outbuf(session);
886
		close_socket(&session->socket);
887
	}
888
889
890
	if(session->socket==INVALID_SOCKET)
		session->finished=TRUE;

deuce's avatar
deuce committed
891
892
893
	if(session->js_cx!=NULL && (session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS)) {
		JS_GC(session->js_cx);
	}
deuce's avatar
deuce committed
894
895
	if(session->subscan!=NULL)
		putmsgptrs(&scfg, session->user.number, session->subscan);
deuce's avatar
deuce committed
896

897
898
899
	if(session->req.fp!=NULL)
		fclose(session->req.fp);

900
901
902
903
904
905
	for(i=0;i<MAX_CLEANUPS;i++) {
		if(session->req.cleanup_file[i]!=NULL) {
			if(!(startup->options&WEB_OPT_DEBUG_SSJS))
				remove(session->req.cleanup_file[i]);
			free(session->req.cleanup_file[i]);
		}
906
907
	}

908
	memset(&session->req,0,sizeof(session->req));
909
910
911
912
}

static int get_header_type(char *header)
{
913
	int i;
914
915
916
917
918
919
920
921
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

deuce's avatar
deuce committed
922
/* Opposite of get_header_type() */
923
924
static char *get_header(int id) 
{
925
	int i;
926
927
	if(headers[id].id==id)
		return(headers[id].text);
928
929
930
931
932
933
934
935
936

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

937
938
static const char* unknown_mime_type="application/octet-stream";

939
static const char* get_mime_type(char *ext)
940
941
942
{
	uint i;

943
	if(ext==NULL || mime_types==NULL)
944
945
		return(unknown_mime_type);

946
	for(i=0;mime_types[i]!=NULL;i++)
947
		if(stricmp(ext+1,mime_types[i]->name)==0)
948
			return(mime_types[i]->value);
949
950

	return(unknown_mime_type);
951
952
}

953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
static BOOL get_cgi_handler(char* cmdline, size_t maxlen)
{
	char	fname[MAX_PATH+1];
	char*	ext;
	size_t	i;

	if(cgi_handlers==NULL || (ext=getfext(cmdline))==NULL)
		return(FALSE);

	for(i=0;cgi_handlers[i]!=NULL;i++) {
		if(stricmp(cgi_handlers[i]->name, ext+1)==0) {
			SAFECOPY(fname,cmdline);
			safe_snprintf(cmdline,maxlen,"%s %s",cgi_handlers[i]->value,fname);
			return(TRUE);
		}
	}
	return(FALSE);
}

static BOOL get_xjs_handler(char* ext, http_session_t* session)
{
	size_t	i;

deuce's avatar
deuce committed
976
	if(ext==NULL || xjs_handlers==NULL || ext[0]==0)
977
978
979
980
981
982
983
984
985
986
987
988
989
990
		return(FALSE);

	for(i=0;xjs_handlers[i]!=NULL;i++) {
		if(stricmp(xjs_handlers[i]->name, ext+1)==0) {
			if(getfname(xjs_handlers[i]->value)==xjs_handlers[i]->value)	/* no path specified */
				SAFEPRINTF2(session->req.xjs_handler,"%s%s",scfg.exec_dir,xjs_handlers[i]->value);
			else
				SAFECOPY(session->req.xjs_handler,xjs_handlers[i]->value);
			return(TRUE);
		}
	}
	return(FALSE);
}

991
992
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
993
	size_t dstlen,appendlen;
994
995
996
997
998
999
1000
1001
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

deuce's avatar
deuce committed
1002
1003
1004
1005
/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
1006
static BOOL send_headers(http_session_t *session, const char *status, int chunked)
1007
{
1008
	int		ret;
1009
	BOOL	send_file=TRUE;
1010
	time_t	ti;
1011
	size_t	idx;
1012
	const char	*status_line;
1013
	struct stat	stats;
1014
	struct tm	tm;
1015
	char	*headers;
1016
	char	header[MAX_REQUEST_LINE+1];
1017

deuce's avatar
deuce committed
1018
1019
	if(session->socket==INVALID_SOCKET) {
		session->req.sent_headers=TRUE;
1020
		return(FALSE);
deuce's avatar
deuce committed
1021
	}
1022
1023
1024
	lprintf(LOG_DEBUG,"%04d Request resolved to: %s"
		,session->socket,session->req.physical_path);
	if(session->http_ver <= HTTP_0_9) {
deuce's avatar
deuce committed
1025
		session->req.sent_headers=TRUE;
deuce's avatar
deuce committed
1026
1027
		if(session->req.ld != NULL)
			session->req.ld->status=atoi(status);
deuce's avatar
deuce committed
1028
		return(TRUE);
1029
	}
1030
	headers=alloca(MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
1031
1032
1033
1034
1035
	if(headers==NULL)  {
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
		return(FALSE);
	}
	*headers=0;
1036
	if(!session->req.sent_headers) {
deuce's avatar
deuce committed
1037
		session->req.sent_headers=TRUE;
1038
1039
1040
1041
1042
1043
1044
1045
1046
		status_line=status;
		ret=stat(session->req.physical_path,&stats);
		if(session->req.method==HTTP_OPTIONS)
			ret=-1;
		if(!ret && session->req.if_modified_since && (stats.st_mtime <= session->req.if_modified_since) && !session->req.dynamic) {
			status_line="304 Not Modified";
			ret=-1;
			send_file=FALSE;
		}
deuce's avatar
deuce committed
1047
1048
1049
1050
1051
		if(!ret && session->req.if_range && (stats.st_mtime > session->req.if_range || session->req.dynamic)) {
			status_line="200 OK";
			session->req.range_start=0;
			session->req.range_end=0;
		}
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
		if(session->req.send_location==MOVED_PERM)  {
			status_line=error_301;
			ret=-1;
			send_file=FALSE;
		}
		if(session->req.send_location==MOVED_TEMP)  {
			status_line=error_302;
			ret=-1;
			send_file=FALSE;
		}
1062

1063
1064
		if(session->req.ld!=NULL)
			session->req.ld->status=atoi(status_line);
1065

1066
1067
1068
1069
		/* Status-Line */
		safe_snprintf(header,sizeof(header),"%s %s",http_vers[session->http_ver],status_line);

		lprintf(LOG_DEBUG,"%04d Result: %s",session->socket,header);
1070

1071
		safecat(headers,header,MAX_HEADERS_SIZE);
1072

1073
1074
1075
1076
1077
1078
1079
1080
		/* General Headers */
		ti=time(NULL);
		if(gmtime_r(&ti,&tm)==NULL)
			memset(&tm,0,sizeof(tm));
		safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
			,get_header(HEAD_DATE)
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);