websrvr.c 90.7 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2004 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/*
 * General notes: (ToDo stuff)
 * strtok() is used a LOT in here... notice that there is a strtok_r() for reentrant...
 * this may imply that strtok() is NOT thread-safe... if in fact it isn't this HAS
 * to be fixed before any real production-level quality is achieved with this web server
 * however, strtok_r() may not be a standard function.
 *
 * RE: not sending the headers if an nph scrpit is detected.  (The headers buffer could
 * just be free()ed and NULLed)
 *
 * Currently, all SSJS requests for a session are ran in the same context without clearing the context in
 * any way.  This behaviour should not be relied on as it may disappear in the future... this will require
 * some thought as it COULD be handy in some circumstances and COULD cause weird bugs in others.
 *
 * Dynamic content is always resent on an If-Modified-Since request... this may not be optimal behaviour
 * for GET requests...
 *
 * Should support RFC2617 Digest auth.
 *
 * Fix up all the logging stuff.
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 *
 * SSJS stuff could work using three different methods:
 * 1) Temporary file as happens currently
 *		Advantages:
 *			Allows to keep current connection (keep-alive works)
 *			write() doesn't need to be "special"
 *		Disadvantages:
 *			Depends on the temp dir being writable and capable of holding
 *				the full reply
 *			Everything goes throug the disk, so probobly some performance
 *				penalty is involved
 *			No way of sending directly to the remote system
 * 2) nph- style
 *		Advantages:
 *			No file I/O involved
 *			Can do magic tricks (ala my perl web wrapper)
 *		Disadvantages:
 *			Pretty much everything needs to be handled by the script.
 * 3) Return body in http_reply object
 *		All the advantages of 1)
 *		Could use a special write() to make everything just great.
 *		Still doesn't allow page to be sent until fully composed (ie: long
 *			delays)
 * 4) Type three with a callback that sends the header and current body, then
 *		converts write() to send directly to remote.
deuce's avatar
deuce committed
83
84
85
86
 *
 * Add in support to pass connections through to a different webserver...
 *      probobly in access.ars... with like a simplified mod_rewrite.
 *      This would allow people to run apache and Synchronet as the same site.
87
88
 */

deuce's avatar
deuce committed
89
/* Headers for CGI stuff */
90
91
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
92
93
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
94
95
#endif

96
#ifndef JAVASCRIPT
97
#define JAVASCRIPT
98
99
#endif

100
#undef SBBS	/* this shouldn't be defined unless building sbbs.dll/libsbbs.so */
101
102
#include "sbbs.h"
#include "sockwrap.h"		/* sendfilesocket() */
103
#include "threadwrap.h"		/* pthread_mutex_t */
104
#include "semwrap.h"
105
#include "websrvr.h"
deuce's avatar
deuce committed
106
#include "base64.h"
107

108
109
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
110
111
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
112
113
static const char*	error_404="404 Not Found";
static const char*	error_500="500 Internal Server Error";
114
static const char*	unknown="<unknown>";
115

116
/* Is this not in a header somewhere? */
117
extern const uchar* nular;
rswindell's avatar
rswindell committed
118
119

#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
deuce's avatar
deuce committed
120
121
122
#define MAX_REQUEST_LINE		1024	/* NOT including terminator */
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers 
										   (Including terminator )*/
123
#define MAX_REDIR_LOOPS			20		/* Max. times to follow internal redirects for a single request */
124

125
126
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
127
static BOOL		http_logging_thread_running=FALSE;
128
129
static ulong	active_clients=0;
static ulong	sockets=0;
130
static BOOL		terminate_server=FALSE;
131
static BOOL		terminate_http_logging_thread=FALSE;
132
133
134
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static char		revision[16];
135
136
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
137
static char		cgi_dir[MAX_PATH+1];
138
static time_t	uptime=0;
139
static DWORD	served=0;
140
static web_startup_t* startup=NULL;
141
static js_server_props_t js_server_props;
142
143
static link_list_t recycle_semfiles;
static link_list_t shutdown_semfiles;
144

145
146
static named_string_t** mime_types;

147
148
149
/* Logging stuff */
sem_t	log_sem;
pthread_mutex_t	log_mutex;
150
link_list_t	log_list;
151
152
153
154
155
156
157
158
159
160
161
162
struct log_data {
	char	*hostname;
	char	*ident;
	char	*user;
	char	*request;
	char	*referrer;
	char	*agent;
	int		status;
	unsigned int	size;
	struct tm completed;
};

163
typedef struct  {
164
	int			method;
165
166
167
168
169
170
171
172
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL		parsed_headers;
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
	char    	auth[128];				/* UserID:Password */
173
174
	char		host[128];				/* The requested host. (as used for self-referencing URLs) */
	char		vhost[128];				/* The requested host. (virtual host) */
175
	int			send_location;
176
	const char*	mime_type;
177
	link_list_t	headers;
178
	char		status[MAX_REQUEST_LINE+1];
179
180
	char *		post_data;
	size_t		post_len;
181
	int			dynamic;
182
	struct log_data	*ld;
183
	char		request_line[MAX_REQUEST_LINE+1];
184

185
186
187
188
189
190
	/* CGI parameters */
	char		query_str[MAX_REQUEST_LINE+1];
	char		extra_path_info[MAX_REQUEST_LINE+1];
	link_list_t	cgi_env;
	link_list_t	dynamic_heads;

191
192
193
	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;

194
195
196
} http_request_t;

typedef struct  {
197
198
	SOCKET			socket;
	SOCKADDR_IN		addr;
199
	http_request_t	req;
200
201
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
202
203
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
204
205
206
	user_t			user;
	int				last_user_num;
	time_t			logon_time;
207
	char			username[LEN_NAME+1];
208
	int				last_js_user_num;
209
210
211
212
213

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
214
215
216
	JSObject*		js_query;
	JSObject*		js_header;
	JSObject*		js_request;
217
	js_branch_t		js_branch;
deuce's avatar
deuce committed
218
	subscan_t		*subscan;
219
220
221

	/* Client info */
	client_t		client;
222
223
224
225
226
} http_session_t;

enum { 
	 HTTP_0_9
	,HTTP_1_0
227
	,HTTP_1_1
228
229
230
231
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
232
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
233
	,NULL	/* terminator */
234
235
236
237
238
239
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
};
240

rswindell's avatar
rswindell committed
241
242
243
static char* methods[] = {
	 "HEAD"
	,"GET"
244
	,"POST"
rswindell's avatar
rswindell committed
245
246
	,NULL	/* terminator */
};
247

248
enum {
249
250
251
252
253
254
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

255
enum { 
256
257
258
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
259
260
	,HEAD_LENGTH
	,HEAD_TYPE
261
262
263
264
265
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
266
267
268
269
270
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
271
272
	,HEAD_REFERER
	,HEAD_AGENT
273
274
275
276
277
278
};

static struct {
	int		id;
	char*	text;
} headers[] = {
279
280
281
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
282
283
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
284
285
286
287
288
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
289
290
291
292
293
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
294
295
	{ HEAD_REFERER,			"Referer"				},
	{ HEAD_AGENT,			"User-Agent"			},
296
	{ -1,					NULL /* terminator */	},
297
298
};

299
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
300
enum  {
301
	 NO_LOCATION
302
	,MOVED_PERM
303
	,MOVED_TEMP
304
	,MOVED_STAT
305
306
};

307
308
309
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

310
static void respond(http_session_t * session);
311
static BOOL js_setup(http_session_t* session);
312
static char *find_last_slash(char *str);
313
static BOOL check_extra_path(http_session_t * session);
314

315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
static time_t
sub_mkgmt(struct tm *tm)
{
        int y, nleapdays;
        time_t t;
        /* days before the month */
        static const unsigned short moff[12] = {
                0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
        };

        /*
         * XXX: This code assumes the given time to be normalized.
         * Normalizing here is impossible in case the given time is a leap
         * second but the local time library is ignorant of leap seconds.
         */

        /* minimal sanity checking not to access outside of the array */
        if ((unsigned) tm->tm_mon >= 12)
                return (time_t) -1;
        if (tm->tm_year < 1970 - 1900)
                return (time_t) -1;

        y = tm->tm_year + 1900 - (tm->tm_mon < 2);
        nleapdays = y / 4 - y / 100 + y / 400 -
            ((1970-1) / 4 - (1970-1) / 100 + (1970-1) / 400);
        t = ((((time_t) (tm->tm_year - (1970 - 1900)) * 365 +
                        moff[tm->tm_mon] + tm->tm_mday - 1 + nleapdays) * 24 +
                tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;

        return (t < 0 ? (time_t) -1 : t);
}

time_t
time_gm(struct tm *tm)
{
        time_t t, t2;
        struct tm *tm2;
        int sec;

        /* Do the first guess. */
        if ((t = sub_mkgmt(tm)) == (time_t) -1)
                return (time_t) -1;

        /* save value in case *tm is overwritten by gmtime() */
        sec = tm->tm_sec;

        tm2 = gmtime(&t);
        if ((t2 = sub_mkgmt(tm2)) == (time_t) -1)
                return (time_t) -1;

        if (t2 < t || tm2->tm_sec != sec) {
                /*
                 * Adjust for leap seconds.
                 *
                 *     real time_t time
                 *           |
                 *          tm
                 *         /        ... (a) first sub_mkgmt() conversion
                 *       t
                 *       |
                 *      tm2
                 *     /        ... (b) second sub_mkgmt() conversion
                 *   t2
                 *                        --->time
                 */
                /*
                 * Do the second guess, assuming (a) and (b) are almost equal.
                 */
                t += t - t2;
                tm2 = gmtime(&t);

                /*
                 * Either (a) or (b), may include one or two extra
                 * leap seconds.  Try t, t + 2, t - 2, t + 1, and t - 1.
                 */
                if (tm2->tm_sec == sec
                    || (t += 2, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 4, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t += 3, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 2, tm2 = gmtime(&t), tm2->tm_sec == sec))
                        ;        /* found */
                else {
                        /*
                         * Not found.
                         */
                        if (sec >= 60)
                                /*
                                 * The given time is a leap second
                                 * (sec 60 or 61), but the time library
                                 * is ignorant of the leap second.
                                 */
                                ;        /* treat sec 60 as 59,
                                           sec 61 as 0 of the next minute */
                        else
                                /* The given time may not be normalized. */
                                t++;        /* restore t */
                }
        }

        return (t < 0 ? (time_t) -1 : t);
}
416

417
static int lprintf(int level, char *fmt, ...)
418
419
420
421
422
423
424
425
426
427
428
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
429
    return(startup->lputs(startup->cbdata,level,sbuf));
430
431
432
433
434
}

#ifdef _WINSOCKAPI_

static WSADATA WSAData;
435
#define SOCKLIB_DESC WSAData.szDescription
436
437
438
439
440
441
442
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
443
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
444
445
446
447
		WSAInitialized=TRUE;
		return (TRUE);
	}

448
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
449
450
451
452
453
454
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
455
#define SOCKLIB_DESC NULL
456
457
458
459
460
461

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
462
	    startup->status(startup->cbdata,str);
463
464
465
466
467
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
468
		startup->clients(startup->cbdata,active_clients);
469
470
471
472
473
}

static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
474
		startup->client_on(startup->cbdata,TRUE,sock,client,update);
475
476
477
478
479
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
480
		startup->client_on(startup->cbdata,FALSE,sock,NULL,FALSE);
481
482
483
484
485
486
}

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
487
		startup->thread_up(startup->cbdata,TRUE, setuid);
488
489
490
491
492
493
494
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
495
		startup->thread_up(startup->cbdata,FALSE, FALSE);
496
497
}

deuce's avatar
deuce committed
498
499
500
/*********************************************************************/
/* Adds an environment variable to the sessions  cgi_env linked list */
/*********************************************************************/
501
static void add_env(http_session_t *session, const char *name,const char *value)  {
502
	char	newname[129];
503
	char	*p;
504

505
	if(name==NULL || value==NULL)  {
506
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
507
508
509
510
511
512
513
514
515
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
516
517
518
519
520
521
522
523
	p=(char *)malloc(strlen(name)+strlen(value)+2);
	if(p==NULL) {
		lprintf(LOG_WARNING,"%04d Cannot allocate memory for string", session->socket);
		return;
	}
	sprintf(p,"%s=%s",newname,value);
	listPushNodeString(&session->req.cgi_env,p);
	free(p);
524
525
}

deuce's avatar
deuce committed
526
527
528
/***************************************/
/* Initializes default CGI envirnoment */
/***************************************/
529
530
531
532
533
534
535
static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
536
	if(!strcmp(session->host_name,session->host_ip))
537
538
539
540
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
}

541
/*
deuce's avatar
deuce committed
542
 * Sends string str to socket sock... returns number of bytes written, or 0 on an error
543
544
545
546
 * (Should it be -1 on an error?)
 * Can not close the socket since it can not set it to INVALID_SOCKET
 * ToDo - Decide error behaviour, should a SOCKET * be passed around rather than a socket?
 */
547
548
static int sockprint(SOCKET sock, const char *str)
{
549
550
551
	int len;
	int	result;
	int written=0;
552
	BOOL	wr;
553
554
555

	if(sock==INVALID_SOCKET)
		return(0);
556
	if(startup->options&WEB_OPT_DEBUG_TX)
557
		lprintf(LOG_DEBUG,"%04d TX: %s", sock, str);
558
	len=strlen(str);
559

560
	while(socket_check(sock,NULL,&wr,startup->max_inactivity*1000) && wr && written<len)  {
561
		result=sendsocket(sock,str+written,len-written);
562
563
		if(result==SOCKET_ERROR) {
			if(ERROR_VALUE==ECONNRESET) 
564
				lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",sock);
565
			else if(ERROR_VALUE==ECONNABORTED) 
566
				lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",sock);
567
			else
568
				lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
569
570
			return(0);
		}
571
572
573
		written+=result;
	}
	if(written != len) {
574
		lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
575
576
577
578
579
		return(0);
	}
	return(len);
}

deuce's avatar
deuce committed
580
581
582
583
/**********************************************************/
/* Converts a month name/abbr to the 0-based month number */
/* ToDo: This probobly exists somewhere else already	  */
/**********************************************************/
584
585
586
587
588
589
590
591
592
593
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

deuce's avatar
deuce committed
594
595
596
/*******************************************************************/
/* Converts a date string in any of the common formats to a time_t */
/*******************************************************************/
597
598
599
static time_t decode_date(char *date)
{
	struct	tm	ti;
600
601
	char	*token;
	time_t	t;
602
603
604
605
606
607
608
609
610

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

611
	token=strtok(date,",");
612
613
	if(token==NULL)
		return(0);
614
615
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
616
		/* asctime() */
617
618
		/* Toss away week day */
		token=strtok(date," ");
619
620
		if(token==NULL)
			return(0);
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
		token=strtok(NULL,"");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
645
646
647
	}
	else  {
		/* RFC 1123 or RFC 850 */
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
672
673
674
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
675

676
	t=time_gm(&ti);
677
	return(t);
678
679
680
681
682
683
684
685
686
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
687
		startup->socket_open(startup->cbdata,TRUE);
688
689
	if(sock!=INVALID_SOCKET) {
		if(set_socket_options(&scfg, sock,error))
690
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706

		sockets++;
	}
	return(sock);
}

static int close_socket(SOCKET sock)
{
	int		result;

	if(sock==INVALID_SOCKET)
		return(-1);

	shutdown(sock,SHUT_RDWR);	/* required on Unix */
	result=closesocket(sock);
	if(startup!=NULL && startup->socket_open!=NULL) {
707
		startup->socket_open(startup->cbdata,FALSE);
708
709
710
711
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
712
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",sock, ERROR_VALUE);
713
714
715
716
717
	}

	return(result);
}

deuce's avatar
deuce committed
718
719
720
721
722
723
724
725
/**************************************************/
/* End of a single request...					  */
/* This is called at the end of EVERY request	  */
/*  Log the request       						  */
/*  Free request-specific data ie: dynamic stuff  */
/*  Close socket unless it's being kept alive     */
/*   If the socket is closed, the session is done */
/**************************************************/
726
727
static void close_request(http_session_t * session)
{
728
729
	time_t		now;

730
731
732
733
	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
		pthread_mutex_lock(&log_mutex);
734
		listPushNode(&log_list,session->req.ld);
735
736
737
738
		pthread_mutex_unlock(&log_mutex);
		sem_post(&log_sem);
		session->req.ld=NULL;
	}
739

740
741
742
	listFree(&session->req.headers);
	listFree(&session->req.dynamic_heads);
	listFree(&session->req.cgi_env);
743
	FREE_AND_NULL(session->req.post_data);
744
	if(!session->req.keep_alive) {
745
		close_socket(session->socket);
746
		session->socket=INVALID_SOCKET;
747
	}
748
749
750
	if(session->socket==INVALID_SOCKET)
		session->finished=TRUE;

deuce's avatar
deuce committed
751
752
753
	if(session->js_cx!=NULL && (session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS)) {
		JS_GC(session->js_cx);
	}
deuce's avatar
deuce committed
754
755
	if(session->subscan!=NULL)
		putmsgptrs(&scfg, session->user.number, session->subscan);
deuce's avatar
deuce committed
756

757
	memset(&session->req,0,sizeof(session->req));
758
759
760
761
}

static int get_header_type(char *header)
{
762
	int i;
763
764
765
766
767
768
769
770
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

deuce's avatar
deuce committed
771
/* Opposite of get_header_type() */
772
773
static char *get_header(int id) 
{
774
	int i;
775
776
	if(headers[id].id==id)
		return(headers[id].text);
777
778
779
780
781
782
783
784
785

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

786
787
static const char* unknown_mime_type="application/octet-stream";

788
static const char* get_mime_type(char *ext)
789
790
791
792
{
	uint i;

	if(ext==NULL)
793
794
		return(unknown_mime_type);

795
796
797
	for(i=0;mime_types[i]!=NULL;i++)
		if(!stricmp(ext+1,mime_types[i]->name))
			return(mime_types[i]->value);
798
799

	return(unknown_mime_type);
800
801
}

802
803
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
804
	size_t dstlen,appendlen;
805
806
807
808
809
810
811
812
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

deuce's avatar
deuce committed
813
814
815
816
/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
817
static BOOL send_headers(http_session_t *session, const char *status)
818
{
819
	int		ret;
820
	BOOL	send_file=TRUE;
821
	time_t	ti;
822
	const char	*status_line;
823
	struct stat	stats;
824
	struct tm	tm;
825
	char	*headers;
826
	char	header[MAX_REQUEST_LINE+1];
deuce's avatar
deuce committed
827
	list_node_t	*node;
828

829
830
831
	lprintf(LOG_DEBUG,"%04d Request resolved to: %s"
		,session->socket,session->req.physical_path);
	if(session->http_ver <= HTTP_0_9) {
deuce's avatar
deuce committed
832
833
		if(session->req.ld != NULL)
			session->req.ld->status=atoi(status);
deuce's avatar
deuce committed
834
		return(TRUE);
835
	}
deuce's avatar
deuce committed
836

837
	status_line=status;
838
	ret=stat(session->req.physical_path,&stats);
839
	if(!ret && session->req.if_modified_since && (stats.st_mtime <= session->req.if_modified_since) && !session->req.dynamic) {
840
		status_line="304 Not Modified";
841
		ret=-1;
842
		send_file=FALSE;
843
	}
844
	if(session->req.send_location==MOVED_PERM)  {
845
		status_line="301 Moved Permanently";
846
847
848
		ret=-1;
		send_file=FALSE;
	}
849
	if(session->req.send_location==MOVED_TEMP)  {
850
		status_line="302 Moved Temporarily";
851
852
853
		ret=-1;
		send_file=FALSE;
	}
854

855
856
857
	if(session->req.ld!=NULL)
		session->req.ld->status=atoi(status_line);

858
859
	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
860
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
861
862
863
		return(FALSE);
	}
	*headers=0;
864
	/* Status-Line */
865
	safe_snprintf(header,sizeof(header),"%s %s",http_vers[session->http_ver],status_line);
866
867
868

	lprintf(LOG_DEBUG,"%04d Result: %s",session->socket,header);

869
	safecat(headers,header,MAX_HEADERS_SIZE);
870
871
872

	/* General Headers */
	ti=time(NULL);
873
874
	if(gmtime_r(&ti,&tm)==NULL)
		memset(&tm,0,sizeof(tm));
875
	safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
876
877
878
		,get_header(HEAD_DATE)
		,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
		,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
879
880
	safecat(headers,header,MAX_HEADERS_SIZE);
	if(session->req.keep_alive) {
881
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
882
883
884
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
885
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Close");
886
887
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
888
889

	/* Response Headers */
890
	safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
891
	safecat(headers,header,MAX_HEADERS_SIZE);
892
893
	
	/* Entity Headers */
894
	if(session->req.dynamic) {
895
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST");
896
897
898
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
899
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD");
900
901
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
902

903
	if(session->req.send_location) {
904
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
905
		safecat(headers,header,MAX_HEADERS_SIZE);
906
	}
907
	if(session->req.keep_alive) {
deuce's avatar
deuce committed
908
		if(ret)  {
909
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LENGTH),"0");
910
			safecat(headers,header,MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
911
		}
912
		else  {
913
			safe_snprintf(header,sizeof(header),"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
914
			safecat(headers,header,MAX_HEADERS_SIZE);
915
		}
916
	}
917

918
	if(!ret && !session->req.dynamic)  {
919
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
920
		safecat(headers,header,MAX_HEADERS_SIZE);
921
		gmtime_r(&stats.st_mtime,&tm);
922
		safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
923
			,get_header(HEAD_LASTMODIFIED)
924
925
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
926
		safecat(headers,header,MAX_HEADERS_SIZE);
927
	} 
rswindell's avatar
rswindell committed
928

929
930
	if(session->req.dynamic)  {
		/* Dynamic headers */
931
		/* Set up environment */
deuce's avatar
deuce committed
932
933
		for(node=listFirstNode(&session->req.dynamic_heads);node!=NULL;node=listNextNode(node))
			safecat(headers,listNodeData(node),MAX_HEADERS_SIZE);
934
	}
935

936
	safecat(headers,"",MAX_HEADERS_SIZE);
937
	send_file = (sockprint(session->socket,headers) && send_file);
deuce's avatar
deuce committed
938
	FREE_AND_NULL(headers);
939
	return(send_file);
940
941
}

942
static int sock_sendfile(SOCKET socket,char *path)
943
944
{
	int		file;
945
	long	offset=0;
946
	int		ret=0;
947

948
	if(startup->options&WEB_OPT_DEBUG_TX)
949
		lprintf(LOG_DEBUG,"%04d Sending %s",socket,path);
950
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
951
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",socket,errno,path);
952
	else {
953
		if((ret=sendfilesocket(socket, file, &offset, 0)) < 1) {
954
			lprintf(LOG_DEBUG,"%04d !ERROR %d sending %s"
deuce's avatar
deuce committed
955
				, socket, errno, path);
956
957
			ret=0;
		}
958
959
		close(file);
	}
960
	return(ret);
961
962
}

deuce's avatar
deuce committed
963
964
965
966
/********************************************************/
/* Sends a specified error message, closes the request, */
/* and marks the session to be closed 					*/
/********************************************************/
967
static void send_error(http_session_t * session, const char* message)
968
969
{
	char	error_code[4];
970
	struct stat	sb;
971
	char	sbuf[1024];
972

973
	session->req.if_modified_since=0;
974
	lprintf(LOG_INFO,"%04d !ERROR: %s",session->socket,message);
975
	session->req.keep_alive=FALSE;
976
	session->req.send_location=NO_LOCATION;
977
	SAFECOPY(error_code,message);
978
	sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
deuce's avatar
deuce committed
979
980
	session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
	send_headers(session,message);
981
	if(!stat(session->req.physical_path,&sb)) {
982
983
984
985
986
987
		int	snt=0;
		snt=sock_sendfile(session->socket,session->req.physical_path);
		if(snt<0)
			snt=0;
		if(session->req.ld!=NULL)
			session->req.ld->size=snt;
988
	}
989
	else {
990
		lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist"
991
			,session->socket,session->req.physical_path);
992
		safe_snprintf(sbuf,sizeof(sbuf)
993
994
995
			,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
			"<BODY><H1>%s Error</H1><BR><H3>In addition, "
			"I can't seem to find the %s error file</H3><br>"
996
997
998
			"please notify <a href=\"mailto:sysop@%s\">"
			"%s</a></BODY></HTML>"
			,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
999
		sockprint(session->socket,sbuf);
1000
1001
		if(session->req.ld!=NULL)
			session->req.ld->size=strlen(sbuf);
1002
	}
1003
1004
1005
	close_request(session);
}

1006
1007
1008
1009
void http_logon(http_session_t * session, user_t *usr)
{
	if(usr==NULL)
		getuserdat(&scfg, &session->user);
1010
1011
	else
		session->user=*usr;
1012
1013
1014

	if(session->user.number==session->last_user_num)
		return;
1015

1016
	lprintf(LOG_DEBUG,"%04d HTTP Logon (%d)",session->socket,session->user.number);
1017

1018
1019
1020
1021
	if(session->subscan!=NULL)
		getmsgptrs(&scfg,session->user.number,session->subscan);

	if(session->user.number==0)
1022
		SAFECOPY(session->username,unknown);
deuce's avatar
deuce committed
1023
	else {
1024
		SAFECOPY(session->username,session->user.alias);
deuce's avatar
deuce committed
1025
1026
1027
1028
1029
		/* Adjust Connect and host */
		putuserrec(&scfg,session->user.number,U_MODEM,LEN_MODEM,"HTTP");
		putuserrec(&scfg,session->user.number,U_COMP,LEN_COMP,session->host_name);
		putuserrec(&scfg,session->user.number,U_NOTE,LEN_NOTE,session->host_ip);
	}
1030
1031
1032
	session->client.user=session->username;
	client_on(session->socket, &session->client, /* update existing client record? */TRUE);

1033
1034
1035
1036
1037
1038
1039
1040
	session->last_user_num=session->user.number;
	session->logon_time=time(NULL);
}

void http_logoff(http_session_t * session)
{
	if(session->last_user_num<=0)
		return;
1041

1042
	lprintf(LOG_DEBUG,"%04d HTTP Logoff (%d)",session->socket,session->user.number);
1043

1044
1045
1046
1047
1048
1049
1050
1051
	SAFECOPY(session->username,unknown);
	logoutuserdat(&scfg, &session->user, time(NULL), session->logon_time);
	memset(&session->user,0,sizeof(session->user));
	session->last_user_num=session->user.number;
}

BOOL http_checkuser(http_session_t * session)
{
1052
	if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {
1053
1054
		if(session->last_js_user_num==session->user.number)
			return(TRUE);
1055
1056
1057
		lprintf(LOG_INFO,"%04d JavaScript: Initializing User Objects",session->socket);
		if(session->user.number>0) {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, &session->user
deuce's avatar
deuce committed
1058
				,NULL /* ftp index file */, session->subscan /* subscan */)) {
1059
1060
1061
1062
1063
1064
1065
				lprintf(LOG_ERR,"%04d !JavaScript ERROR creating user objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
		else {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, NULL
deuce's avatar
deuce committed
1066
				,NULL /* ftp index file */, session->subscan /* subscan */)) {
1067
1068
1069
1070
1071
				lprintf(LOG_ERR,"%04d !ERROR initializing JavaScript User Objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
1072
		session->last_js_user_num=session->user.number;
1073
1074
1075
1076
	}
	return(TRUE);
}

1077
static BOOL check_ars(http_session_t * session)
1078
1079
1080
1081
{
	char	*username;
	char	*password;
	uchar	*ar;
1082
	BOOL	authorized;
1083
	char	auth_req[MAX_REQUEST_LINE+1];
1084
1085
	int		i;
	user_t	thisuser;
1086

1087
	if(session->req.auth[0]==0) {
1088
1089
1090
1091