websrvr.c 96.5 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2004 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/*
 * General notes: (ToDo stuff)
 * strtok() is used a LOT in here... notice that there is a strtok_r() for reentrant...
 * this may imply that strtok() is NOT thread-safe... if in fact it isn't this HAS
 * to be fixed before any real production-level quality is achieved with this web server
 * however, strtok_r() may not be a standard function.
 *
 * RE: not sending the headers if an nph scrpit is detected.  (The headers buffer could
 * just be free()ed and NULLed)
 *
 * Currently, all SSJS requests for a session are ran in the same context without clearing the context in
 * any way.  This behaviour should not be relied on as it may disappear in the future... this will require
 * some thought as it COULD be handy in some circumstances and COULD cause weird bugs in others.
 *
 * Dynamic content is always resent on an If-Modified-Since request... this may not be optimal behaviour
 * for GET requests...
 *
 * Should support RFC2617 Digest auth.
 *
 * Fix up all the logging stuff.
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 *
 * SSJS stuff could work using three different methods:
 * 1) Temporary file as happens currently
 *		Advantages:
 *			Allows to keep current connection (keep-alive works)
 *			write() doesn't need to be "special"
 *		Disadvantages:
 *			Depends on the temp dir being writable and capable of holding
 *				the full reply
 *			Everything goes throug the disk, so probobly some performance
 *				penalty is involved
 *			No way of sending directly to the remote system
 * 2) nph- style
 *		Advantages:
 *			No file I/O involved
 *			Can do magic tricks (ala my perl web wrapper)
 *		Disadvantages:
 *			Pretty much everything needs to be handled by the script.
 * 3) Return body in http_reply object
 *		All the advantages of 1)
 *		Could use a special write() to make everything just great.
 *		Still doesn't allow page to be sent until fully composed (ie: long
 *			delays)
 * 4) Type three with a callback that sends the header and current body, then
 *		converts write() to send directly to remote.
deuce's avatar
deuce committed
83
84
85
86
 *
 * Add in support to pass connections through to a different webserver...
 *      probobly in access.ars... with like a simplified mod_rewrite.
 *      This would allow people to run apache and Synchronet as the same site.
87
88
 */

deuce's avatar
deuce committed
89
/* Headers for CGI stuff */
90
91
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
92
93
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
94
95
#endif

96
#ifndef JAVASCRIPT
97
#define JAVASCRIPT
98
99
#endif

100
#undef SBBS	/* this shouldn't be defined unless building sbbs.dll/libsbbs.so */
101
102
#include "sbbs.h"
#include "sockwrap.h"		/* sendfilesocket() */
103
#include "threadwrap.h"
104
#include "semwrap.h"
105
#include "websrvr.h"
deuce's avatar
deuce committed
106
#include "base64.h"
107

108
109
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
110
111
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
112
113
static const char*	error_404="404 Not Found";
static const char*	error_500="500 Internal Server Error";
114
static const char*	unknown="<unknown>";
115

116
/* Is this not in a header somewhere? */
117
extern const uchar* nular;
rswindell's avatar
rswindell committed
118
119

#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
deuce's avatar
deuce committed
120
121
122
#define MAX_REQUEST_LINE		1024	/* NOT including terminator */
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers 
										   (Including terminator )*/
123
#define MAX_REDIR_LOOPS			20		/* Max. times to follow internal redirects for a single request */
124
#define MAX_POST_LEN			1048576	/* Max size of body for POSTS */
125

126
127
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
128
static BOOL		http_logging_thread_running=FALSE;
129
130
static ulong	active_clients=0;
static ulong	sockets=0;
131
static BOOL		terminate_server=FALSE;
132
static BOOL		terminate_http_logging_thread=FALSE;
133
134
135
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static char		revision[16];
136
137
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
138
static char		temp_dir[MAX_PATH+1];
139
static char		cgi_dir[MAX_PATH+1];
140
static time_t	uptime=0;
141
static DWORD	served=0;
142
static web_startup_t* startup=NULL;
143
static js_server_props_t js_server_props;
144
145
static link_list_t recycle_semfiles;
static link_list_t shutdown_semfiles;
146

147
148
static named_string_t** mime_types;

149
150
/* Logging stuff */
sem_t	log_sem;
151
link_list_t	log_list;
152
153
154
155
156
157
158
struct log_data {
	char	*hostname;
	char	*ident;
	char	*user;
	char	*request;
	char	*referrer;
	char	*agent;
159
	char	*vhost;
160
161
162
163
164
	int		status;
	unsigned int	size;
	struct tm completed;
};

165
typedef struct  {
166
	int			method;
167
168
169
170
171
172
173
174
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL		parsed_headers;
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
	char    	auth[128];				/* UserID:Password */
175
176
	char		host[128];				/* The requested host. (as used for self-referencing URLs) */
	char		vhost[128];				/* The requested host. (virtual host) */
177
	int			send_location;
178
	const char*	mime_type;
179
	link_list_t	headers;
180
	char		status[MAX_REQUEST_LINE+1];
181
182
	char *		post_data;
	size_t		post_len;
183
	int			dynamic;
184
	struct log_data	*ld;
185
	char		request_line[MAX_REQUEST_LINE+1];
186

187
188
189
190
191
192
	/* CGI parameters */
	char		query_str[MAX_REQUEST_LINE+1];
	char		extra_path_info[MAX_REQUEST_LINE+1];
	link_list_t	cgi_env;
	link_list_t	dynamic_heads;

193
194
	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;
195
	char		*cleanup_file;
196
197
	BOOL	sent_headers;
	BOOL	prev_write;
198
199
200
} http_request_t;

typedef struct  {
201
202
	SOCKET			socket;
	SOCKADDR_IN		addr;
203
	http_request_t	req;
204
205
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
206
207
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
208
209
210
	user_t			user;
	int				last_user_num;
	time_t			logon_time;
211
	char			username[LEN_NAME+1];
212
	int				last_js_user_num;
213
214
215
216
217

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
218
219
220
	JSObject*		js_query;
	JSObject*		js_header;
	JSObject*		js_request;
221
	js_branch_t		js_branch;
deuce's avatar
deuce committed
222
	subscan_t		*subscan;
223
224
225

	/* Client info */
	client_t		client;
226
227
228
229
230
} http_session_t;

enum { 
	 HTTP_0_9
	,HTTP_1_0
231
	,HTTP_1_1
232
233
234
235
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
236
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
237
	,NULL	/* terminator */
238
239
240
241
242
243
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
};
244

rswindell's avatar
rswindell committed
245
246
247
static char* methods[] = {
	 "HEAD"
	,"GET"
248
	,"POST"
rswindell's avatar
rswindell committed
249
250
	,NULL	/* terminator */
};
251

252
enum {
253
254
255
256
257
258
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

259
enum { 
260
261
262
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
263
264
	,HEAD_LENGTH
	,HEAD_TYPE
265
266
267
268
269
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
270
271
272
273
274
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
275
276
	,HEAD_REFERER
	,HEAD_AGENT
277
278
279
280
281
282
};

static struct {
	int		id;
	char*	text;
} headers[] = {
283
284
285
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
286
287
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
288
289
290
291
292
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
293
294
295
296
297
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
298
299
	{ HEAD_REFERER,			"Referer"				},
	{ HEAD_AGENT,			"User-Agent"			},
300
	{ -1,					NULL /* terminator */	},
301
302
};

303
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
304
enum  {
305
	 NO_LOCATION
306
	,MOVED_PERM
307
	,MOVED_TEMP
308
	,MOVED_STAT
309
310
};

311
312
313
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

314
static void respond(http_session_t * session);
315
static BOOL js_setup(http_session_t* session);
316
static char *find_last_slash(char *str);
317
static BOOL check_extra_path(http_session_t * session);
318
static BOOL exec_ssjs(http_session_t* session, char *script);
319
static BOOL ssjs_send_headers(http_session_t* session);
320

321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
static time_t
sub_mkgmt(struct tm *tm)
{
        int y, nleapdays;
        time_t t;
        /* days before the month */
        static const unsigned short moff[12] = {
                0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
        };

        /*
         * XXX: This code assumes the given time to be normalized.
         * Normalizing here is impossible in case the given time is a leap
         * second but the local time library is ignorant of leap seconds.
         */

        /* minimal sanity checking not to access outside of the array */
        if ((unsigned) tm->tm_mon >= 12)
                return (time_t) -1;
        if (tm->tm_year < 1970 - 1900)
                return (time_t) -1;

        y = tm->tm_year + 1900 - (tm->tm_mon < 2);
        nleapdays = y / 4 - y / 100 + y / 400 -
            ((1970-1) / 4 - (1970-1) / 100 + (1970-1) / 400);
        t = ((((time_t) (tm->tm_year - (1970 - 1900)) * 365 +
                        moff[tm->tm_mon] + tm->tm_mday - 1 + nleapdays) * 24 +
                tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;

        return (t < 0 ? (time_t) -1 : t);
}

time_t
time_gm(struct tm *tm)
{
        time_t t, t2;
        struct tm *tm2;
        int sec;

        /* Do the first guess. */
        if ((t = sub_mkgmt(tm)) == (time_t) -1)
                return (time_t) -1;

        /* save value in case *tm is overwritten by gmtime() */
        sec = tm->tm_sec;

        tm2 = gmtime(&t);
        if ((t2 = sub_mkgmt(tm2)) == (time_t) -1)
                return (time_t) -1;

        if (t2 < t || tm2->tm_sec != sec) {
                /*
                 * Adjust for leap seconds.
                 *
                 *     real time_t time
                 *           |
                 *          tm
                 *         /        ... (a) first sub_mkgmt() conversion
                 *       t
                 *       |
                 *      tm2
                 *     /        ... (b) second sub_mkgmt() conversion
                 *   t2
                 *                        --->time
                 */
                /*
                 * Do the second guess, assuming (a) and (b) are almost equal.
                 */
                t += t - t2;
                tm2 = gmtime(&t);

                /*
                 * Either (a) or (b), may include one or two extra
                 * leap seconds.  Try t, t + 2, t - 2, t + 1, and t - 1.
                 */
                if (tm2->tm_sec == sec
                    || (t += 2, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 4, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t += 3, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 2, tm2 = gmtime(&t), tm2->tm_sec == sec))
                        ;        /* found */
                else {
                        /*
                         * Not found.
                         */
                        if (sec >= 60)
                                /*
                                 * The given time is a leap second
                                 * (sec 60 or 61), but the time library
                                 * is ignorant of the leap second.
                                 */
                                ;        /* treat sec 60 as 59,
                                           sec 61 as 0 of the next minute */
                        else
                                /* The given time may not be normalized. */
                                t++;        /* restore t */
                }
        }

        return (t < 0 ? (time_t) -1 : t);
}
422

423
static int lprintf(int level, char *fmt, ...)
424
425
426
427
428
429
430
431
432
433
434
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
435
    return(startup->lputs(startup->cbdata,level,sbuf));
436
437
438
439
440
}

#ifdef _WINSOCKAPI_

static WSADATA WSAData;
441
#define SOCKLIB_DESC WSAData.szDescription
442
443
444
445
446
447
448
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
449
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
450
451
452
453
		WSAInitialized=TRUE;
		return (TRUE);
	}

454
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
455
456
457
458
459
460
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
461
#define SOCKLIB_DESC NULL
462
463
464
465
466
467

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
468
	    startup->status(startup->cbdata,str);
469
470
471
472
473
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
474
		startup->clients(startup->cbdata,active_clients);
475
476
477
478
479
}

static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
480
		startup->client_on(startup->cbdata,TRUE,sock,client,update);
481
482
483
484
485
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
486
		startup->client_on(startup->cbdata,FALSE,sock,NULL,FALSE);
487
488
489
490
491
492
}

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
493
		startup->thread_up(startup->cbdata,TRUE, setuid);
494
495
496
497
498
499
500
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
501
		startup->thread_up(startup->cbdata,FALSE, FALSE);
502
503
}

deuce's avatar
deuce committed
504
505
506
/*********************************************************************/
/* Adds an environment variable to the sessions  cgi_env linked list */
/*********************************************************************/
507
static void add_env(http_session_t *session, const char *name,const char *value)  {
508
	char	newname[129];
509
	char	*p;
510

511
	if(name==NULL || value==NULL)  {
512
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
513
514
515
516
517
518
519
520
521
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
522
523
524
525
526
527
528
529
	p=(char *)malloc(strlen(name)+strlen(value)+2);
	if(p==NULL) {
		lprintf(LOG_WARNING,"%04d Cannot allocate memory for string", session->socket);
		return;
	}
	sprintf(p,"%s=%s",newname,value);
	listPushNodeString(&session->req.cgi_env,p);
	free(p);
530
531
}

deuce's avatar
deuce committed
532
533
534
/***************************************/
/* Initializes default CGI envirnoment */
/***************************************/
535
536
537
538
539
540
541
static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
542
	if(!strcmp(session->host_name,session->host_ip))
543
544
545
546
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
}

547
/*
deuce's avatar
deuce committed
548
 * Sends string str to socket sock... returns number of bytes written, or 0 on an error
549
550
551
552
 * (Should it be -1 on an error?)
 * Can not close the socket since it can not set it to INVALID_SOCKET
 * ToDo - Decide error behaviour, should a SOCKET * be passed around rather than a socket?
 */
553
554
static int sockprint(SOCKET sock, const char *str)
{
555
556
557
	int len;
	int	result;
	int written=0;
558
	BOOL	wr;
559
560
561

	if(sock==INVALID_SOCKET)
		return(0);
562
	if(startup->options&WEB_OPT_DEBUG_TX)
563
		lprintf(LOG_DEBUG,"%04d TX: %s", sock, str);
564
	len=strlen(str);
565

566
	while(socket_check(sock,NULL,&wr,startup->max_inactivity*1000) && wr && written<len)  {
567
		result=sendsocket(sock,str+written,len-written);
568
569
		if(result==SOCKET_ERROR) {
			if(ERROR_VALUE==ECONNRESET) 
570
				lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",sock);
571
			else if(ERROR_VALUE==ECONNABORTED) 
572
				lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",sock);
573
			else
574
				lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
575
576
			return(0);
		}
577
578
579
		written+=result;
	}
	if(written != len) {
580
		lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
581
582
583
584
585
		return(0);
	}
	return(len);
}

deuce's avatar
deuce committed
586
587
588
589
/**********************************************************/
/* Converts a month name/abbr to the 0-based month number */
/* ToDo: This probobly exists somewhere else already	  */
/**********************************************************/
590
591
592
593
594
595
596
597
598
599
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

deuce's avatar
deuce committed
600
601
602
/*******************************************************************/
/* Converts a date string in any of the common formats to a time_t */
/*******************************************************************/
603
604
605
static time_t decode_date(char *date)
{
	struct	tm	ti;
606
607
	char	*token;
	time_t	t;
608
609
610
611
612
613
614
615
616

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

617
	token=strtok(date,",");
618
619
	if(token==NULL)
		return(0);
620
621
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
622
		/* asctime() */
623
624
		/* Toss away week day */
		token=strtok(date," ");
625
626
		if(token==NULL)
			return(0);
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
		token=strtok(NULL,"");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
651
652
653
	}
	else  {
		/* RFC 1123 or RFC 850 */
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
678
679
680
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
681

682
	t=time_gm(&ti);
683
	return(t);
684
685
686
687
688
689
690
691
692
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
693
		startup->socket_open(startup->cbdata,TRUE);
694
695
	if(sock!=INVALID_SOCKET) {
		if(set_socket_options(&scfg, sock,error))
696
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712

		sockets++;
	}
	return(sock);
}

static int close_socket(SOCKET sock)
{
	int		result;

	if(sock==INVALID_SOCKET)
		return(-1);

	shutdown(sock,SHUT_RDWR);	/* required on Unix */
	result=closesocket(sock);
	if(startup!=NULL && startup->socket_open!=NULL) {
713
		startup->socket_open(startup->cbdata,FALSE);
714
715
716
717
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
718
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",sock, ERROR_VALUE);
719
720
721
722
723
	}

	return(result);
}

deuce's avatar
deuce committed
724
725
726
727
728
729
730
731
/**************************************************/
/* End of a single request...					  */
/* This is called at the end of EVERY request	  */
/*  Log the request       						  */
/*  Free request-specific data ie: dynamic stuff  */
/*  Close socket unless it's being kept alive     */
/*   If the socket is closed, the session is done */
/**************************************************/
732
733
static void close_request(http_session_t * session)
{
734
735
	time_t		now;

736
737
738
	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
739
		listPushNode(&log_list,session->req.ld);
740
741
742
		sem_post(&log_sem);
		session->req.ld=NULL;
	}
743

744
745
746
	listFree(&session->req.headers);
	listFree(&session->req.dynamic_heads);
	listFree(&session->req.cgi_env);
747
	FREE_AND_NULL(session->req.post_data);
748
	if(!session->req.keep_alive) {
749
		close_socket(session->socket);
750
		session->socket=INVALID_SOCKET;
751
	}
752
753
754
	if(session->socket==INVALID_SOCKET)
		session->finished=TRUE;

deuce's avatar
deuce committed
755
756
757
	if(session->js_cx!=NULL && (session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS)) {
		JS_GC(session->js_cx);
	}
deuce's avatar
deuce committed
758
759
	if(session->subscan!=NULL)
		putmsgptrs(&scfg, session->user.number, session->subscan);
deuce's avatar
deuce committed
760

761
762
763
	if(session->req.fp!=NULL)
		fclose(session->req.fp);

764
	if(session->req.cleanup_file!=NULL) {
765
766
		if(!(startup->options&WEB_OPT_DEBUG_SSJS))
			remove(session->req.cleanup_file);
767
768
769
		free(session->req.cleanup_file);
	}

770
	memset(&session->req,0,sizeof(session->req));
771
772
773
774
}

static int get_header_type(char *header)
{
775
	int i;
776
777
778
779
780
781
782
783
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

deuce's avatar
deuce committed
784
/* Opposite of get_header_type() */
785
786
static char *get_header(int id) 
{
787
	int i;
788
789
	if(headers[id].id==id)
		return(headers[id].text);
790
791
792
793
794
795
796
797
798

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

799
800
static const char* unknown_mime_type="application/octet-stream";

801
static const char* get_mime_type(char *ext)
802
803
804
805
{
	uint i;

	if(ext==NULL)
806
807
		return(unknown_mime_type);

808
809
810
	for(i=0;mime_types[i]!=NULL;i++)
		if(!stricmp(ext+1,mime_types[i]->name))
			return(mime_types[i]->value);
811
812

	return(unknown_mime_type);
813
814
}

815
816
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
817
	size_t dstlen,appendlen;
818
819
820
821
822
823
824
825
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

deuce's avatar
deuce committed
826
827
828
829
/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
830
static BOOL send_headers(http_session_t *session, const char *status)
831
{
832
	int		ret;
833
	BOOL	send_file=TRUE;
834
	time_t	ti;
835
	const char	*status_line;
836
	struct stat	stats;
837
	struct tm	tm;
838
	char	*headers;
839
	char	header[MAX_REQUEST_LINE+1];
deuce's avatar
deuce committed
840
	list_node_t	*node;
841

842
843
844
	lprintf(LOG_DEBUG,"%04d Request resolved to: %s"
		,session->socket,session->req.physical_path);
	if(session->http_ver <= HTTP_0_9) {
deuce's avatar
deuce committed
845
846
		if(session->req.ld != NULL)
			session->req.ld->status=atoi(status);
deuce's avatar
deuce committed
847
		return(TRUE);
848
	}
deuce's avatar
deuce committed
849

850
	status_line=status;
851
	ret=stat(session->req.physical_path,&stats);
852
	if(!ret && session->req.if_modified_since && (stats.st_mtime <= session->req.if_modified_since) && !session->req.dynamic) {
853
		status_line="304 Not Modified";
854
		ret=-1;
855
		send_file=FALSE;
856
	}
857
	if(session->req.send_location==MOVED_PERM)  {
858
		status_line="301 Moved Permanently";
859
860
861
		ret=-1;
		send_file=FALSE;
	}
862
	if(session->req.send_location==MOVED_TEMP)  {
863
		status_line="302 Moved Temporarily";
864
865
866
		ret=-1;
		send_file=FALSE;
	}
867

868
869
870
	if(session->req.ld!=NULL)
		session->req.ld->status=atoi(status_line);

871
872
	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
873
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
874
875
876
		return(FALSE);
	}
	*headers=0;
877
	/* Status-Line */
878
	safe_snprintf(header,sizeof(header),"%s %s",http_vers[session->http_ver],status_line);
879
880
881

	lprintf(LOG_DEBUG,"%04d Result: %s",session->socket,header);

882
	safecat(headers,header,MAX_HEADERS_SIZE);
883
884
885

	/* General Headers */
	ti=time(NULL);
886
887
	if(gmtime_r(&ti,&tm)==NULL)
		memset(&tm,0,sizeof(tm));
888
	safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
889
890
891
		,get_header(HEAD_DATE)
		,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
		,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
892
893
	safecat(headers,header,MAX_HEADERS_SIZE);
	if(session->req.keep_alive) {
894
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
895
896
897
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
898
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Close");
899
900
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
901
902

	/* Response Headers */
903
	safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
904
	safecat(headers,header,MAX_HEADERS_SIZE);
905
906
	
	/* Entity Headers */
907
	if(session->req.dynamic) {
908
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST");
909
910
911
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
912
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD");
913
914
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
915

916
	if(session->req.send_location) {
917
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
918
		safecat(headers,header,MAX_HEADERS_SIZE);
919
	}
920
	if(session->req.keep_alive) {
deuce's avatar
deuce committed
921
		if(ret)  {
922
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LENGTH),"0");
923
			safecat(headers,header,MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
924
		}
925
		else  {
926
			safe_snprintf(header,sizeof(header),"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
927
			safecat(headers,header,MAX_HEADERS_SIZE);
928
		}
929
	}
930

931
	if(!ret && !session->req.dynamic)  {
932
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
933
		safecat(headers,header,MAX_HEADERS_SIZE);
934
		gmtime_r(&stats.st_mtime,&tm);
935
		safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
936
			,get_header(HEAD_LASTMODIFIED)
937
938
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
939
		safecat(headers,header,MAX_HEADERS_SIZE);
940
	} 
rswindell's avatar
rswindell committed
941

942
943
	if(session->req.dynamic)  {
		/* Dynamic headers */
944
		/* Set up environment */
deuce's avatar
deuce committed
945
946
		for(node=listFirstNode(&session->req.dynamic_heads);node!=NULL;node=listNextNode(node))
			safecat(headers,listNodeData(node),MAX_HEADERS_SIZE);
947
	}
948

949
	safecat(headers,"",MAX_HEADERS_SIZE);
950
	send_file = (sockprint(session->socket,headers) && send_file);
deuce's avatar
deuce committed
951
	FREE_AND_NULL(headers);
952
	return(send_file);
953
954
}

955
static int sock_sendfile(SOCKET socket,char *path)
956
957
{
	int		file;
958
	long	offset=0;
959
	int		ret=0;
960

961
	if(startup->options&WEB_OPT_DEBUG_TX)
962
		lprintf(LOG_DEBUG,"%04d Sending %s",socket,path);
963
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
964
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",socket,errno,path);
965
	else {
966
		if((ret=sendfilesocket(socket, file, &offset, 0)) < 0) {
967
			lprintf(LOG_DEBUG,"%04d !ERROR %d sending %s"
deuce's avatar
deuce committed
968
				, socket, errno, path);
969
970
			ret=0;
		}
971
972
		close(file);
	}
973
	return(ret);
974
975
}

deuce's avatar
deuce committed
976
977
978
979
/********************************************************/
/* Sends a specified error message, closes the request, */
/* and marks the session to be closed 					*/
/********************************************************/
980
static void send_error(http_session_t * session, const char* message)
981
982
{
	char	error_code[4];
983
	struct stat	sb;
984
	char	sbuf[1024];
985
	BOOL	sent_ssjs=FALSE;
986

987
	session->req.if_modified_since=0;
988
	lprintf(LOG_INFO,"%04d !ERROR: %s",session->socket,message);
989
	session->req.keep_alive=FALSE;
990
	session->req.send_location=NO_LOCATION;
991
	SAFECOPY(error_code,message);
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
	SAFECOPY(session->req.status,message);
	if(atoi(error_code)<500) {
		/*
		 * Attempt to run SSJS error pages
		 * If this fails, do the standard error page instead,
		 * ie: Don't "upgrade" to a 500 error
		 */

		sprintf(sbuf,"%s%s.ssjs",error_dir,error_code);
		if(!stat(sbuf,&sb)) {
			lprintf(LOG_INFO,"%04d Using SSJS error page",session->socket);
			if(js_setup(session)) {
				sent_ssjs=exec_ssjs(session,sbuf);
1005
				if(sent_ssjs) {
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
					int	snt=0;

					lprintf(LOG_INFO,"%04d Sending generated error page",session->socket);
					snt=sock_sendfile(session->socket,session->req.physical_path);
					if(snt<0)
						snt=0;
					if(session->req.ld!=NULL)
						session->req.ld->size=snt;
				}
				else
					sent_ssjs=FALSE;
			}
		}
1019
	}
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
	if(!sent_ssjs) {
		sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
		session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
		send_headers(session,message);
		if(!stat(session->req.physical_path,&sb)) {
			int	snt=0;
			snt=sock_sendfile(session->socket,session->req.physical_path);
			if(snt<0)
				snt=0;
			if(session->req.ld!=NULL)
				session->req.ld->size=snt;
		}
		else {
			lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist"
				,session->socket,session->req.physical_path);
			safe_snprintf(sbuf,sizeof(sbuf)
				,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
				"<BODY><H1>%s Error</H1><BR><H3>In addition, "
				"I can't seem to find the %s error file</H3><br>"
				"please notify <a href=\"mailto:sysop@%s\">"
				"%s</a></BODY></HTML>"
				,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
			sockprint(session->socket,sbuf);
			if(session->req.ld!=NULL)
				session->req.ld->size=strlen(sbuf);
		}
1046
	}
1047
1048
1049
	close_request(session);
}

1050
1051
void http_logon(http_session_t * session, user_t *usr)
{
1052
1053
	char	str[128];

1054
1055
	if(usr==NULL)
		getuserdat(&scfg, &session->user);
1056
1057
	else
		session->user=*usr;
1058
1059
1060

	if(session->user.number==session->last_user_num)
		return;
1061

1062
	lprintf(LOG_DEBUG,"%04d HTTP Logon (user #%d)",session->socket,session->user.number);
1063

1064
1065
1066
	if(session->subscan!=NULL)
		getmsgptrs(&scfg,session->user.number,session->subscan);

deuce's avatar
deuce committed
1067
	session->logon_time=time(NULL);
1068
	if(session->user.number==0)
1069
		SAFECOPY(session->username,unknown);
deuce's avatar
deuce committed
1070
	else {
1071
		SAFECOPY(session->username,session->user.alias);
deuce's avatar
deuce committed
1072
1073
1074
1075
		/* Adjust Connect and host */
		putuserrec(&scfg,session->user.number,U_MODEM,LEN_MODEM,"HTTP");
		putuserrec(&scfg,session->user.number,U_COMP,LEN_COMP,session->host_name);
		putuserrec(&scfg,session->user.number,U_NOTE,LEN_NOTE,session->host_ip);
1076
		putuserrec(&scfg,session->user.number,U_LOGONTIME,0,ultoa(session->logon_time,str,16));
deuce's avatar
deuce committed
1077
	}
1078
1079
1080
	session->client.user=session->username;
	client_on(session->socket, &session->client, /* update existing client record? */TRUE);

1081
1082
1083
	session->last_user_num=session->user.number;
}

1084
void http_logoff(http_session_t * session, int line)
1085
1086
1087
{
	if(session->last_user_num<=0)
		return;
1088

1089
1090
	lprintf(LOG_DEBUG,"%04d HTTP Logoff (user #%d) from line %d"
		,session->socket,session->user.number, line);
1091

1092
1093
1094
1095
1096
1097
1098
1099
	SAFECOPY(session->username,unknown);
	logoutuserdat(&scfg, &session->user, time(NULL), session->logon_time);
	memset(&session->user,0,sizeof(session->user));
	session->last_user_num=session->user.number;
}

BOOL http_checkuser(http_session_t * session)
{
1100
	if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {