websrvr.c 86.1 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2004 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/*
 * General notes: (ToDo stuff)
 * strtok() is used a LOT in here... notice that there is a strtok_r() for reentrant...
 * this may imply that strtok() is NOT thread-safe... if in fact it isn't this HAS
 * to be fixed before any real production-level quality is achieved with this web server
 * however, strtok_r() may not be a standard function.
 *
 * RE: not sending the headers if an nph scrpit is detected.  (The headers buffer could
 * just be free()ed and NULLed)
 *
 * Currently, all SSJS requests for a session are ran in the same context without clearing the context in
 * any way.  This behaviour should not be relied on as it may disappear in the future... this will require
 * some thought as it COULD be handy in some circumstances and COULD cause weird bugs in others.
 *
 * Dynamic content is always resent on an If-Modified-Since request... this may not be optimal behaviour
 * for GET requests...
 *
 * Should support RFC2617 Digest auth.
 *
 * Fix up all the logging stuff.
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 *
 * SSJS stuff could work using three different methods:
 * 1) Temporary file as happens currently
 *		Advantages:
 *			Allows to keep current connection (keep-alive works)
 *			write() doesn't need to be "special"
 *		Disadvantages:
 *			Depends on the temp dir being writable and capable of holding
 *				the full reply
 *			Everything goes throug the disk, so probobly some performance
 *				penalty is involved
 *			No way of sending directly to the remote system
 * 2) nph- style
 *		Advantages:
 *			No file I/O involved
 *			Can do magic tricks (ala my perl web wrapper)
 *		Disadvantages:
 *			Pretty much everything needs to be handled by the script.
 * 3) Return body in http_reply object
 *		All the advantages of 1)
 *		Could use a special write() to make everything just great.
 *		Still doesn't allow page to be sent until fully composed (ie: long
 *			delays)
 * 4) Type three with a callback that sends the header and current body, then
 *		converts write() to send directly to remote.
deuce's avatar
deuce committed
83
84
85
86
 *
 * Add in support to pass connections through to a different webserver...
 *      probobly in access.ars... with like a simplified mod_rewrite.
 *      This would allow people to run apache and Synchronet as the same site.
87
88
 */

deuce's avatar
deuce committed
89
/* Headers for CGI stuff */
90
91
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
92
93
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
94
95
#endif

96
#ifndef JAVASCRIPT
97
#define JAVASCRIPT
98
99
#endif

100
#include "sbbs.h"
101
#include "link_list.h"
102
#include "sockwrap.h"		/* sendfilesocket() */
103
#include "threadwrap.h"		/* pthread_mutex_t */
104
#include "semwrap.h"
105
#include "websrvr.h"
deuce's avatar
deuce committed
106
#include "base64.h"
107

108
109
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
110
111
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
112
113
static const char*	error_404="404 Not Found";
static const char*	error_500="500 Internal Server Error";
114
static const char*	unknown="<unknown>";
115
116

extern const uchar* nular;
rswindell's avatar
rswindell committed
117
118

#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
119
#define MAX_MIME_TYPES			128
deuce's avatar
deuce committed
120
121
122
#define MAX_REQUEST_LINE		1024	/* NOT including terminator */
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers 
										   (Including terminator )*/
123

124
125
126
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
static uint 	http_threads_running=0;
127
static BOOL		http_logging_thread_running=FALSE;
128
129
static ulong	active_clients=0;
static ulong	sockets=0;
130
static BOOL		terminate_server=FALSE;
131
static BOOL		terminate_http_logging_thread=FALSE;
132
133
134
135
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static ulong	mime_count=0;
static char		revision[16];
136
137
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
138
static char		cgi_dir[MAX_PATH+1];
139
static time_t	uptime=0;
140
static DWORD	served=0;
141
static web_startup_t* startup=NULL;
142
static js_server_props_t js_server_props;
143
144
static link_list_t recycle_semfiles;
static link_list_t shutdown_semfiles;
145

146
147
148
/* Logging stuff */
sem_t	log_sem;
pthread_mutex_t	log_mutex;
149
link_list_t	log_list;
150
151
152
153
154
155
156
157
158
159
160
161
struct log_data {
	char	*hostname;
	char	*ident;
	char	*user;
	char	*request;
	char	*referrer;
	char	*agent;
	int		status;
	unsigned int	size;
	struct tm completed;
};

162
typedef struct  {
163
	char	*val;
164
165
166
167
	void	*next;
} linked_list;

typedef struct  {
168
	int			method;
169
170
171
172
173
174
175
176
177
178
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL		parsed_headers;
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
	char    	auth[128];				/* UserID:Password */
	char		host[128];				/* The requested host. (virtual hosts) */
	int			send_location;
179
180
181
	const char*	mime_type;

	/* CGI parameters */
182
183
	char		query_str[MAX_REQUEST_LINE+1];
	char		extra_path_info[MAX_REQUEST_LINE+1];
deuce's avatar
deuce committed
184

185
	linked_list*	cgi_env;
186
	linked_list*	dynamic_heads;
187
	char		status[MAX_REQUEST_LINE+1];
188
189
	char *		post_data;
	size_t		post_len;
190
	int			dynamic;
191
	struct log_data	*ld;
192
193
194
195

	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;

196
197
198
} http_request_t;

typedef struct  {
199
200
	SOCKET			socket;
	SOCKADDR_IN		addr;
201
	http_request_t	req;
202
203
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
204
205
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
206
	user_t			user;	
207
	char			username[LEN_NAME+1];
208
209
210
211
212

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
213
214
215
	JSObject*		js_query;
	JSObject*		js_header;
	JSObject*		js_request;
216
217
218

	/* Client info */
	client_t		client;
219
220
221
222
223
224
225
} http_session_t;

typedef struct {
	char	ext[16];
	char	type[128];
} mime_types_t;

226
static mime_types_t		mime_types[MAX_MIME_TYPES];
227
228
229
230

enum { 
	 HTTP_0_9
	,HTTP_1_0
231
	,HTTP_1_1
232
233
234
235
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
236
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
237
	,NULL	/* terminator */
238
239
240
241
242
243
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
};
244

rswindell's avatar
rswindell committed
245
246
247
static char* methods[] = {
	 "HEAD"
	,"GET"
248
	,"POST"
rswindell's avatar
rswindell committed
249
250
	,NULL	/* terminator */
};
251

252
253
254
255
256
257
258
enum { 
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

259
enum { 
260
261
262
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
263
264
	,HEAD_LENGTH
	,HEAD_TYPE
265
266
267
268
269
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
270
271
272
273
274
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
275
276
	,HEAD_REFERER
	,HEAD_AGENT
277
278
279
280
281
282
};

static struct {
	int		id;
	char*	text;
} headers[] = {
283
284
285
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
286
287
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
288
289
290
291
292
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
293
294
295
296
297
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
298
299
	{ HEAD_REFERER,			"Referer"				},
	{ HEAD_AGENT,			"User-Agent"			},
300
	{ -1,					NULL /* terminator */	},
301
302
};

303
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
304
305
306
enum  {
	NO_LOCATION
	,MOVED_PERM
307
	,MOVED_TEMP
308
	,MOVED_STAT
309
310
};

311
312
313
/* Max. times to follow internal redirects for a single request */
#define MAX_REDIR_LOOPS	20

314
315
316
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

317
static void respond(http_session_t * session);
318
static BOOL js_setup(http_session_t* session);
319
static char *find_last_slash(char *str);
320

321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
static time_t
sub_mkgmt(struct tm *tm)
{
        int y, nleapdays;
        time_t t;
        /* days before the month */
        static const unsigned short moff[12] = {
                0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
        };

        /*
         * XXX: This code assumes the given time to be normalized.
         * Normalizing here is impossible in case the given time is a leap
         * second but the local time library is ignorant of leap seconds.
         */

        /* minimal sanity checking not to access outside of the array */
        if ((unsigned) tm->tm_mon >= 12)
                return (time_t) -1;
        if (tm->tm_year < 1970 - 1900)
                return (time_t) -1;

        y = tm->tm_year + 1900 - (tm->tm_mon < 2);
        nleapdays = y / 4 - y / 100 + y / 400 -
            ((1970-1) / 4 - (1970-1) / 100 + (1970-1) / 400);
        t = ((((time_t) (tm->tm_year - (1970 - 1900)) * 365 +
                        moff[tm->tm_mon] + tm->tm_mday - 1 + nleapdays) * 24 +
                tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;

        return (t < 0 ? (time_t) -1 : t);
}

time_t
time_gm(struct tm *tm)
{
        time_t t, t2;
        struct tm *tm2;
        int sec;

        /* Do the first guess. */
        if ((t = sub_mkgmt(tm)) == (time_t) -1)
                return (time_t) -1;

        /* save value in case *tm is overwritten by gmtime() */
        sec = tm->tm_sec;

        tm2 = gmtime(&t);
        if ((t2 = sub_mkgmt(tm2)) == (time_t) -1)
                return (time_t) -1;

        if (t2 < t || tm2->tm_sec != sec) {
                /*
                 * Adjust for leap seconds.
                 *
                 *     real time_t time
                 *           |
                 *          tm
                 *         /        ... (a) first sub_mkgmt() conversion
                 *       t
                 *       |
                 *      tm2
                 *     /        ... (b) second sub_mkgmt() conversion
                 *   t2
                 *                        --->time
                 */
                /*
                 * Do the second guess, assuming (a) and (b) are almost equal.
                 */
                t += t - t2;
                tm2 = gmtime(&t);

                /*
                 * Either (a) or (b), may include one or two extra
                 * leap seconds.  Try t, t + 2, t - 2, t + 1, and t - 1.
                 */
                if (tm2->tm_sec == sec
                    || (t += 2, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 4, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t += 3, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 2, tm2 = gmtime(&t), tm2->tm_sec == sec))
                        ;        /* found */
                else {
                        /*
                         * Not found.
                         */
                        if (sec >= 60)
                                /*
                                 * The given time is a leap second
                                 * (sec 60 or 61), but the time library
                                 * is ignorant of the leap second.
                                 */
                                ;        /* treat sec 60 as 59,
                                           sec 61 as 0 of the next minute */
                        else
                                /* The given time may not be normalized. */
                                t++;        /* restore t */
                }
        }

        return (t < 0 ? (time_t) -1 : t);
}
422

423
static int lprintf(int level, char *fmt, ...)
424
425
426
427
428
429
430
431
432
433
434
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
435
    return(startup->lputs(startup->cbdata,level,sbuf));
436
437
438
439
440
}

#ifdef _WINSOCKAPI_

static WSADATA WSAData;
441
#define SOCKLIB_DESC WSAData.szDescription
442
443
444
445
446
447
448
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
449
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
450
451
452
453
		WSAInitialized=TRUE;
		return (TRUE);
	}

454
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
455
456
457
458
459
460
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
461
#define SOCKLIB_DESC NULL
462
463
464
465
466
467

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
468
	    startup->status(startup->cbdata,str);
469
470
471
472
473
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
474
		startup->clients(startup->cbdata,active_clients);
475
476
477
478
479
}

static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
480
		startup->client_on(startup->cbdata,TRUE,sock,client,update);
481
482
483
484
485
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
486
		startup->client_on(startup->cbdata,FALSE,sock,NULL,FALSE);
487
488
489
490
491
492
}

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
493
		startup->thread_up(startup->cbdata,TRUE, setuid);
494
495
496
497
498
499
500
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
501
		startup->thread_up(startup->cbdata,FALSE, FALSE);
502
503
}

deuce's avatar
deuce committed
504
505
506
507
/********************************************************/
/* Adds an item to a linked list 						*/
/* ToDo: Replace this with link_list stuff from xpdev 	*/
/********************************************************/
508
509
static linked_list *add_list(linked_list *list,const char *value)  {
	linked_list*	entry;
510

511
512
	entry=malloc(sizeof(linked_list));
	if(entry==NULL)  {
513
		lprintf(LOG_CRIT,"Could not allocate memory for \"%s\" in linked list.",&value);
514
		return(list);
515
	}
516
517
518
	entry->val=malloc(strlen(value)+1);
	if(entry->val==NULL)  {
		FREE_AND_NULL(entry);
519
		lprintf(LOG_CRIT,"Could not allocate memory for \"%s\" in linked list.",&value);
520
521
522
523
524
		return(list);
	}
	strcpy(entry->val,value);
	entry->next=list;
	return(entry);
525
526
}

deuce's avatar
deuce committed
527
528
529
/*********************************************************************/
/* Adds an environment variable to the sessions  cgi_env linked list */
/*********************************************************************/
530
static void add_env(http_session_t *session, const char *name,const char *value)  {
531
532
	char	newname[129];
	char	fullname[387];
533
534
535
	char	*p;
	
	if(name==NULL || value==NULL)  {
536
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
537
538
539
540
541
542
543
544
545
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
546
547
548

	sprintf(fullname,"%s=%s",newname,value);
	session->req.cgi_env=add_list(session->req.cgi_env,fullname);
549
550
}

deuce's avatar
deuce committed
551
552
553
/***************************************/
/* Initializes default CGI envirnoment */
/***************************************/
554
555
556
557
558
559
560
static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
561
	if(!strcmp(session->host_name,session->host_ip))
562
563
564
565
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
}

566
/*
deuce's avatar
deuce committed
567
 * Sends string str to socket sock... returns number of bytes written, or 0 on an error
568
569
570
571
 * (Should it be -1 on an error?)
 * Can not close the socket since it can not set it to INVALID_SOCKET
 * ToDo - Decide error behaviour, should a SOCKET * be passed around rather than a socket?
 */
572
573
static int sockprint(SOCKET sock, const char *str)
{
574
575
576
	int len;
	int	result;
	int written=0;
577
	BOOL	wr;
578
579
580

	if(sock==INVALID_SOCKET)
		return(0);
581
	if(startup->options&WEB_OPT_DEBUG_TX)
582
		lprintf(LOG_DEBUG,"%04d TX: %s", sock, str);
583
	len=strlen(str);
584

585
	while(socket_check(sock,NULL,&wr,60000) && wr && written<len)  {
586
		result=sendsocket(sock,str+written,len-written);
587
588
		if(result==SOCKET_ERROR) {
			if(ERROR_VALUE==ECONNRESET) 
589
				lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",sock);
590
			else if(ERROR_VALUE==ECONNABORTED) 
591
				lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",sock);
592
			else
593
				lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
594
595
			return(0);
		}
596
597
598
		written+=result;
	}
	if(written != len) {
599
		lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
600
601
602
603
604
		return(0);
	}
	return(len);
}

deuce's avatar
deuce committed
605
606
607
608
/**********************************************************/
/* Converts a month name/abbr to the 0-based month number */
/* ToDo: This probobly exists somewhere else already	  */
/**********************************************************/
609
610
611
612
613
614
615
616
617
618
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

deuce's avatar
deuce committed
619
620
621
/*******************************************************************/
/* Converts a date string in any of the common formats to a time_t */
/*******************************************************************/
622
623
624
static time_t decode_date(char *date)
{
	struct	tm	ti;
625
626
	char	*token;
	time_t	t;
627
628
629
630
631
632
633
634
635

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

636
	token=strtok(date,",");
637
638
	if(token==NULL)
		return(0);
639
640
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
641
		/* asctime() */
642
643
		/* Toss away week day */
		token=strtok(date," ");
644
645
		if(token==NULL)
			return(0);
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
		token=strtok(NULL,"");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
670
671
672
	}
	else  {
		/* RFC 1123 or RFC 850 */
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
697
698
699
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
700

701
	t=time_gm(&ti);
702
	return(t);
703
704
705
706
707
708
709
710
711
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
712
		startup->socket_open(startup->cbdata,TRUE);
713
714
	if(sock!=INVALID_SOCKET) {
		if(set_socket_options(&scfg, sock,error))
715
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732

		sockets++;
	}
	return(sock);
}


static int close_socket(SOCKET sock)
{
	int		result;

	if(sock==INVALID_SOCKET)
		return(-1);

	shutdown(sock,SHUT_RDWR);	/* required on Unix */
	result=closesocket(sock);
	if(startup!=NULL && startup->socket_open!=NULL) {
733
		startup->socket_open(startup->cbdata,FALSE);
734
735
736
737
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
738
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",sock, ERROR_VALUE);
739
740
741
742
743
	}

	return(result);
}

deuce's avatar
deuce committed
744
745
746
747
748
749
750
751
/**************************************************/
/* End of a single request...					  */
/* This is called at the end of EVERY request	  */
/*  Log the request       						  */
/*  Free request-specific data ie: dynamic stuff  */
/*  Close socket unless it's being kept alive     */
/*   If the socket is closed, the session is done */
/**************************************************/
752
753
static void close_request(http_session_t * session)
{
754
	linked_list	*p;
755
756
	time_t		now;

757
758
759
760
	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
		pthread_mutex_lock(&log_mutex);
761
		listPushNode(&log_list,session->req.ld);
762
763
764
765
		pthread_mutex_unlock(&log_mutex);
		sem_post(&log_sem);
		session->req.ld=NULL;
	}
766

767
768
769
770
771
	while(session->req.dynamic_heads != NULL)  {
		FREE_AND_NULL(session->req.dynamic_heads->val);
		p=session->req.dynamic_heads->next;
		FREE_AND_NULL(session->req.dynamic_heads);
		session->req.dynamic_heads=p;
772
	}
773
774
775
776
777
778
779
	while(session->req.cgi_env != NULL)  {
		FREE_AND_NULL(session->req.cgi_env->val);
		p=session->req.cgi_env->next;
		FREE_AND_NULL(session->req.cgi_env);
		session->req.cgi_env=p;
	}
	FREE_AND_NULL(session->req.post_data);
deuce's avatar
deuce committed
780
	if(!session->req.keep_alive || session->socket==INVALID_SOCKET) {
781
		close_socket(session->socket);
782
		session->socket=INVALID_SOCKET;
783
784
		session->finished=TRUE;
	}
785
	memset(&session->req,0,sizeof(session->req));
786
787
788
789
}

static int get_header_type(char *header)
{
790
	int i;
791
792
793
794
795
796
797
798
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

deuce's avatar
deuce committed
799
/* Opposite of get_header_type() */
800
801
static char *get_header(int id) 
{
802
	int i;
803
804
	if(headers[id].id==id)
		return(headers[id].text);
805
806
807
808
809
810
811
812
813

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

814
815
static const char* unknown_mime_type="application/octet-stream";

816
static const char* get_mime_type(char *ext)
817
818
819
820
{
	uint i;

	if(ext==NULL)
821
822
823
		return(unknown_mime_type);

	for(i=0;i<mime_count;i++)
824
		if(!stricmp(ext+1,mime_types[i].ext))
825
826
827
			return(mime_types[i].type);

	return(unknown_mime_type);
828
829
}

830
831
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
832
	size_t dstlen,appendlen;
833
834
835
836
837
838
839
840
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

deuce's avatar
deuce committed
841
842
843
844
/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
845
static BOOL send_headers(http_session_t *session, const char *status)
846
{
847
	int		ret;
848
	BOOL	send_file=TRUE;
849
	time_t	ti;
850
	const char	*status_line;
851
	struct stat	stats;
852
	struct tm	tm;
853
	linked_list	*p;
854
	char	*headers;
855
	char	header[MAX_REQUEST_LINE+1];
856

857
858
859
	lprintf(LOG_DEBUG,"%04d Request resolved to: %s"
		,session->socket,session->req.physical_path);
	if(session->http_ver <= HTTP_0_9) {
deuce's avatar
deuce committed
860
861
		if(session->req.ld != NULL)
			session->req.ld->status=atoi(status);
deuce's avatar
deuce committed
862
		return(TRUE);
863
	}
deuce's avatar
deuce committed
864

865
	status_line=status;
866
	ret=stat(session->req.physical_path,&stats);
867
	if(!ret && (stats.st_mtime <= session->req.if_modified_since) && !session->req.dynamic) {
868
		status_line="304 Not Modified";
869
		ret=-1;
870
		send_file=FALSE;
871
	}
872
	if(session->req.send_location==MOVED_PERM)  {
873
		status_line="301 Moved Permanently";
874
875
876
		ret=-1;
		send_file=FALSE;
	}
877
	if(session->req.send_location==MOVED_TEMP)  {
878
		status_line="302 Moved Temporarily";
879
880
881
		ret=-1;
		send_file=FALSE;
	}
882

883
884
885
	if(session->req.ld!=NULL)
		session->req.ld->status=atoi(status_line);

886
887
	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
888
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
889
890
891
		return(FALSE);
	}
	*headers=0;
892
	/* Status-Line */
893
	safe_snprintf(header,sizeof(header),"%s %s",http_vers[session->http_ver],status_line);
894
895
896

	lprintf(LOG_DEBUG,"%04d Result: %s",session->socket,header);

897
	safecat(headers,header,MAX_HEADERS_SIZE);
898
899
900

	/* General Headers */
	ti=time(NULL);
901
902
	if(gmtime_r(&ti,&tm)==NULL)
		memset(&tm,0,sizeof(tm));
903
	safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
904
905
906
		,get_header(HEAD_DATE)
		,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
		,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
907
908
	safecat(headers,header,MAX_HEADERS_SIZE);
	if(session->req.keep_alive) {
909
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
910
911
912
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
913
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Close");
914
915
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
916
917

	/* Response Headers */
918
	safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
919
	safecat(headers,header,MAX_HEADERS_SIZE);
920
921
	
	/* Entity Headers */
922
	if(session->req.dynamic) {
923
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST");
924
925
926
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
927
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD");
928
929
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
930

931
	if(session->req.send_location) {
932
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
933
		safecat(headers,header,MAX_HEADERS_SIZE);
934
	}
935
	if(session->req.keep_alive) {
deuce's avatar
deuce committed
936
		if(ret)  {
937
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LENGTH),"0");
938
			safecat(headers,header,MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
939
		}
940
		else  {
941
			safe_snprintf(header,sizeof(header),"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
942
			safecat(headers,header,MAX_HEADERS_SIZE);
943
		}
944
	}
945

946
	if(!ret && !session->req.dynamic)  {
947
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
948
		safecat(headers,header,MAX_HEADERS_SIZE);
949
		gmtime_r(&stats.st_mtime,&tm);
950
		safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
951
			,get_header(HEAD_LASTMODIFIED)
952
953
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
954
		safecat(headers,header,MAX_HEADERS_SIZE);
955
	} 
rswindell's avatar
rswindell committed
956

957
958
	if(session->req.dynamic)  {
		/* Dynamic headers */
959
		/* Set up environment */
960
		p=session->req.dynamic_heads;
961
		while(p != NULL)  {
962
			safecat(headers,p->val,MAX_HEADERS_SIZE);
963
			p=p->next;
964
		}
965
	}
966

967
	safecat(headers,"",MAX_HEADERS_SIZE);
968
	send_file = (sockprint(session->socket,headers) && send_file);
deuce's avatar
deuce committed
969
	FREE_AND_NULL(headers);
970
	return(send_file);
971
972
}

973
static int sock_sendfile(SOCKET socket,char *path)
974
975
{
	int		file;
976
	long	offset=0;
977
	int		ret=0;
978

979
	if(startup->options&WEB_OPT_DEBUG_TX)
980
		lprintf(LOG_DEBUG,"%04d Sending %s",socket,path);
981
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
982
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",socket,errno,path);
983
	else {
984
		if((ret=sendfilesocket(socket, file, &offset, 0)) < 1) {
985
			lprintf(LOG_DEBUG,"%04d !ERROR %d sending %s"
deuce's avatar
deuce committed
986
				, socket, errno, path);
987
988
			ret=0;
		}
989
990
		close(file);
	}
991
	return(ret);
992
993
}

deuce's avatar
deuce committed
994
995
996
997
/********************************************************/
/* Sends a specified error message, closes the request, */
/* and marks the session to be closed 					*/
/********************************************************/
998
static void send_error(http_session_t * session, const char* message)
999
1000
{
	char	error_code[4];
1001
	struct stat	sb;
1002
	char	sbuf[1024];
1003

1004
	lprintf(LOG_INFO,"%04d !ERROR: %s",session->socket,message);
1005
	session->req.keep_alive=FALSE;
1006
	session->req.send_location=NO_LOCATION;
1007
	SAFECOPY(error_code,message);
1008
	sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
deuce's avatar
deuce committed
1009
1010
	session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
	send_headers(session,message);
1011
	if(!stat(session->req.physical_path,&sb)) {
1012
1013
1014
1015
1016
1017
		int	snt=0;
		snt=sock_sendfile(session->socket,session->req.physical_path);
		if(snt<0)
			snt=0;
		if(session->req.ld!=NULL)
			session->req.ld->size=snt;
1018
	}
1019
	else {
1020
		lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist"
1021
			,session->socket,session->req.physical_path);
1022
		safe_snprintf(sbuf,sizeof(sbuf)
1023
1024
1025
			,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
			"<BODY><H1>%s Error</H1><BR><H3>In addition, "
			"I can't seem to find the %s error file</H3><br>"
1026
1027
1028
			"please notify <a href=\"mailto:sysop@%s\">"
			"%s</a></BODY></HTML>"
			,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
1029
		sockprint(session->socket,sbuf);
1030
1031
		if(session->req.ld!=NULL)
			session->req.ld->size=strlen(sbuf);
1032
	}
1033
1034
1035
	close_request(session);
}

1036
static BOOL check_ars(http_session_t * session)
1037
1038
1039
1040
{
	char	*username;
	char	*password;
	uchar	*ar;
1041
	BOOL	authorized;
1042
	char	auth_req[MAX_REQUEST_LINE+1];
1043

1044
	if(session->req.auth[0]==0) {
1045
		if(startup->options&WEB_OPT_DEBUG_RX)
1046
			lprintf(LOG_NOTICE,"%04d !No authentication information",session->socket);
1047
		return(FALSE);
1048
	}
1049
	SAFECOPY(auth_req,session->req.auth);
1050

1051
	username=strtok(auth_req,":");
1052
1053
	if(username==NULL)
		username="";
1054
1055
1056
	password=strtok(NULL,":");
	/* Require a password */
	if(password==NULL)
1057
		password="";
1058
1059
	session->user.number=matchuser(&scfg, username, FALSE);
	if(session->user.number==0) {
1060
		SAFECOPY(session->username,unknown);
1061
		if(scfg.sys_misc&SM_ECHO_PW)
1062
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: %s, Password: %s"
1063
1064
				,session->socket,username,password);
		else
1065
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: %s"
1066
1067
1068
				,session->socket,username);
		return(FALSE);
	}
1069
1070
	getuserdat(&scfg, &session->user);
	if(session->user.pass[0] && stricmp(session->user.pass,password)) {
1071
		SAFECOPY(session->username,unknown);
1072
		/* Should go to the hack log? */
1073
		if(scfg.sys_misc&SM_ECHO_PW)
1074
			lprintf(LOG_WARNING,"%04d !PASSWORD FAILURE for user %s: '%s' expected '%s'"
1075
				,session->socket,username,password,session->user.pass);
1076
		else
1077
			lprintf(LOG_WARNING,"%04d !PASSWORD FAILURE for user %s"
1078
				,session->socket,username);
1079
		session->user.number=0;
1080
		return(FALSE);