websrvr.c 164 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
rswindell's avatar
rswindell committed
11
 * Copyright 2014 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
/*
 * General notes: (ToDo stuff)
 *
41
 * Support the ident protocol... the standard log format supports it.
42
 *
deuce's avatar
deuce committed
43
44
45
 * Add in support to pass connections through to a different webserver...
 *      probobly in access.ars... with like a simplified mod_rewrite.
 *      This would allow people to run apache and Synchronet as the same site.
46
47
48
 * 
 * Add support for multipart/form-data
 * 
deuce's avatar
deuce committed
49
 */
50

51
52
//#define ONE_JS_RUNTIME

deuce's avatar
deuce committed
53
/* Headers for CGI stuff */
54
55
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
56
57
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
58
59
#endif

60
#ifndef JAVASCRIPT
61
#define JAVASCRIPT
62
63
#endif

64
#undef SBBS	/* this shouldn't be defined unless building sbbs.dll/libsbbs.so */
65
#include "sbbs.h"
66
#include "sbbsdefs.h"
67
#include "sockwrap.h"		/* sendfilesocket() */
68
#include "threadwrap.h"
69
#include "semwrap.h"
70
#include "websrvr.h"
deuce's avatar
deuce committed
71
#include "base64.h"
72
#include "md5.h"
73
#include "js_rtpool.h"
74
#include "js_request.h"
75
#include "xpmap.h"
76
#include "xpprintf.h"
77

78
79
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
80
81
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
82
83
static const char*	error_301="301 Moved Permanently";
static const char*	error_302="302 Moved Temporarily";
84
static const char*	error_404="404 Not Found";
85
static const char*	error_416="416 Requested Range Not Satisfiable";
86
static const char*	error_500="500 Internal Server Error";
87
static const char*	unknown="<unknown>";
88

rswindell's avatar
rswindell committed
89
#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
deuce's avatar
deuce committed
90
91
92
#define MAX_REQUEST_LINE		1024	/* NOT including terminator */
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers 
										   (Including terminator )*/
93
#define MAX_REDIR_LOOPS			20		/* Max. times to follow internal redirects for a single request */
94
#define MAX_POST_LEN			1048576	/* Max size of body for POSTS */
95
#define	OUTBUF_LEN				20480	/* Size of output thread ring buffer */
96

97
98
99
enum {
	 CLEANUP_SSJS_TMP_FILE
	,CLEANUP_POST_DATA
100
	,MAX_CLEANUPS
101
};
102

103
static scfg_t	scfg;
104
static volatile BOOL	http_logging_thread_running=FALSE;
105
static protected_uint32_t active_clients;
106
107
108
109
static volatile ulong	sockets=0;
static volatile BOOL	terminate_server=FALSE;
static volatile BOOL	terminate_http_logging_thread=FALSE;
static volatile	ulong	thread_count=0;
110
static SOCKET	server_socket=INVALID_SOCKET;
111
static char		revision[16];
112
113
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
114
static char		temp_dir[MAX_PATH+1];
115
static char		cgi_dir[MAX_PATH+1];
116
static char		cgi_env_ini[MAX_PATH+1];
117
static char		default_auth_list[MAX_PATH+1];
118
119
static volatile	time_t	uptime=0;
static volatile	ulong	served=0;
120
static web_startup_t* startup=NULL;
121
static js_server_props_t js_server_props;
122
123
static str_list_t recycle_semfiles;
static str_list_t shutdown_semfiles;
124
static str_list_t cgi_env;
125
static volatile ulong session_threads=0;
126

127
static named_string_t** mime_types;
128
129
static named_string_t** cgi_handlers;
static named_string_t** xjs_handlers;
130

131
/* Logging stuff */
132
link_list_t	log_list;
133
134
135
136
137
138
139
struct log_data {
	char	*hostname;
	char	*ident;
	char	*user;
	char	*request;
	char	*referrer;
	char	*agent;
140
	char	*vhost;
141
142
143
144
145
	int		status;
	unsigned int	size;
	struct tm completed;
};

146
147
148
149
150
151
enum auth_type {
	 AUTHENTICATION_UNKNOWN
	,AUTHENTICATION_BASIC
	,AUTHENTICATION_DIGEST
};

152
153
154
155
156
157
158
char *auth_type_names[4] = {
	 "Unknown"
	,"Basic"
	,"Digest"
	,NULL
};

159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
enum algorithm {
	 ALGORITHM_UNKNOWN
	,ALGORITHM_MD5
	,ALGORITHM_MD5_SESS
};

enum qop_option {
	 QOP_NONE
	,QOP_AUTH
	,QOP_AUTH_INT
	,QOP_UNKNOWN
};

typedef struct {
	enum auth_type	type;
	char			username[(LEN_ALIAS > LEN_NAME ? LEN_ALIAS : LEN_NAME)+1];
	char			password[LEN_PASS+1];
	char			*digest_uri;
	char			*realm;
	char			*nonce;
	enum algorithm	algorithm;
	enum qop_option	qop_value;
	char			*cnonce;
	char			*nonce_count;
183
	unsigned char	digest[16];		/* MD5 digest */
184
	BOOL			stale;
185
186
} authentication_request_t;

187
typedef struct  {
188
	int			method;
189
190
191
192
193
194
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
195
	authentication_request_t	auth;
196
197
	char		host[128];				/* The requested host. (as used for self-referencing URLs) */
	char		vhost[128];				/* The requested host. (virtual host) */
198
	int			send_location;
199
	const char*	mime_type;
200
	str_list_t	headers;
201
	char		status[MAX_REQUEST_LINE+1];
202
	char *		post_data;
203
	struct xpmapping *post_map;
204
	size_t		post_len;
205
	int			dynamic;
206
	char		xjs_handler[MAX_PATH+1];
207
	struct log_data	*ld;
208
	char		request_line[MAX_REQUEST_LINE+1];
209
	BOOL		finished;				/* Done processing request. */
210
211
	BOOL		read_chunked;
	BOOL		write_chunked;
212
213
	long		range_start;
	long		range_end;
214
	BOOL		accept_ranges;
deuce's avatar
deuce committed
215
	time_t		if_range;
216
	BOOL		path_info_index;
217

218
219
220
	/* CGI parameters */
	char		query_str[MAX_REQUEST_LINE+1];
	char		extra_path_info[MAX_REQUEST_LINE+1];
221
222
	str_list_t	cgi_env;
	str_list_t	dynamic_heads;
223

224
225
	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;
226
	char		*cleanup_file[MAX_CLEANUPS];
227
228
	BOOL	sent_headers;
	BOOL	prev_write;
229

230
	/* webctrl.ini overrides */
231
232
	char	*error_dir;
	char	*cgi_dir;
233
	char	*auth_list;
234
	char	*realm;
235
	char	*digest_realm;
236
237
238
} http_request_t;

typedef struct  {
239
240
	SOCKET			socket;
	SOCKADDR_IN		addr;
241
242
	SOCKET			socket6;
	SOCKADDR_IN		addr6;
243
	http_request_t	req;
244
245
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
246
247
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
248
249
250
	user_t			user;
	int				last_user_num;
	time_t			logon_time;
251
	char			username[LEN_NAME+1];
252
	int				last_js_user_num;
253
254
255
256
257

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
258
259
	JSObject*		js_query;
	JSObject*		js_header;
260
	JSObject*		js_cookie;
261
	JSObject*		js_request;
262
	js_callback_t	js_callback;
deuce's avatar
deuce committed
263
	subscan_t		*subscan;
264

265
266
267
	/* Ring Buffer Stuff */
	RingBuf			outbuf;
	sem_t			output_thread_terminated;
268
269
	int				outbuf_write_initialized;
	pthread_mutex_t	outbuf_write;
270

271
272
	/* Client info */
	client_t		client;
deuce's avatar
deuce committed
273
274
275

	/* Synchronization stuff */
	pthread_mutex_t	struct_filled;
276
277
278
279
280
} http_session_t;

enum { 
	 HTTP_0_9
	,HTTP_1_0
281
	,HTTP_1_1
282
283
284
285
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
286
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
287
	,NULL	/* terminator */
288
289
290
291
292
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
293
294
	,HTTP_POST
	,HTTP_OPTIONS
295
};
296

rswindell's avatar
rswindell committed
297
298
299
static char* methods[] = {
	 "HEAD"
	,"GET"
300
	,"POST"
301
	,"OPTIONS"
rswindell's avatar
rswindell committed
302
303
	,NULL	/* terminator */
};
304

305
enum {
306
307
308
309
310
311
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

312
enum { 
313
314
315
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
316
317
	,HEAD_LENGTH
	,HEAD_TYPE
318
319
320
321
322
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
323
324
325
326
327
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
328
329
	,HEAD_REFERER
	,HEAD_AGENT
330
	,HEAD_TRANSFER_ENCODING
331
332
333
	,HEAD_ACCEPT_RANGES
	,HEAD_CONTENT_RANGE
	,HEAD_RANGE
deuce's avatar
deuce committed
334
	,HEAD_IFRANGE
335
	,HEAD_COOKIE
336
337
338
339
340
341
};

static struct {
	int		id;
	char*	text;
} headers[] = {
342
343
344
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
345
346
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
347
348
349
350
351
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
352
353
354
355
356
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
357
358
	{ HEAD_REFERER,			"Referer"				},
	{ HEAD_AGENT,			"User-Agent"			},
359
	{ HEAD_TRANSFER_ENCODING,			"Transfer-Encoding"			},
360
361
362
	{ HEAD_ACCEPT_RANGES,	"Accept-Ranges"			},
	{ HEAD_CONTENT_RANGE,	"Content-Range"			},
	{ HEAD_RANGE,			"Range"					},
deuce's avatar
deuce committed
363
	{ HEAD_IFRANGE,			"If-Range"				},
364
	{ HEAD_COOKIE,			"Cookie"				},
365
	{ -1,					NULL /* terminator */	},
366
367
};

368
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
369
enum  {
370
	 NO_LOCATION
371
	,MOVED_PERM
372
	,MOVED_TEMP
373
	,MOVED_STAT
374
375
};

376
377
378
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

379
static void respond(http_session_t * session);
380
static BOOL js_setup(http_session_t* session);
381
static char *find_last_slash(char *str);
382
static BOOL check_extra_path(http_session_t * session);
383
static BOOL exec_ssjs(http_session_t* session, char* script);
384
static BOOL ssjs_send_headers(http_session_t* session, int chunked);
385

386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
static time_t
sub_mkgmt(struct tm *tm)
{
        int y, nleapdays;
        time_t t;
        /* days before the month */
        static const unsigned short moff[12] = {
                0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
        };

        /*
         * XXX: This code assumes the given time to be normalized.
         * Normalizing here is impossible in case the given time is a leap
         * second but the local time library is ignorant of leap seconds.
         */

        /* minimal sanity checking not to access outside of the array */
        if ((unsigned) tm->tm_mon >= 12)
                return (time_t) -1;
        if (tm->tm_year < 1970 - 1900)
                return (time_t) -1;

        y = tm->tm_year + 1900 - (tm->tm_mon < 2);
        nleapdays = y / 4 - y / 100 + y / 400 -
            ((1970-1) / 4 - (1970-1) / 100 + (1970-1) / 400);
        t = ((((time_t) (tm->tm_year - (1970 - 1900)) * 365 +
                        moff[tm->tm_mon] + tm->tm_mday - 1 + nleapdays) * 24 +
                tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;

        return (t < 0 ? (time_t) -1 : t);
}

time_t
time_gm(struct tm *tm)
{
        time_t t, t2;
        struct tm *tm2;
        int sec;

        /* Do the first guess. */
        if ((t = sub_mkgmt(tm)) == (time_t) -1)
                return (time_t) -1;

        /* save value in case *tm is overwritten by gmtime() */
        sec = tm->tm_sec;

        tm2 = gmtime(&t);
        if ((t2 = sub_mkgmt(tm2)) == (time_t) -1)
                return (time_t) -1;

        if (t2 < t || tm2->tm_sec != sec) {
                /*
                 * Adjust for leap seconds.
                 *
                 *     real time_t time
                 *           |
                 *          tm
                 *         /        ... (a) first sub_mkgmt() conversion
                 *       t
                 *       |
                 *      tm2
                 *     /        ... (b) second sub_mkgmt() conversion
                 *   t2
                 *                        --->time
                 */
                /*
                 * Do the second guess, assuming (a) and (b) are almost equal.
                 */
                t += t - t2;
                tm2 = gmtime(&t);

                /*
                 * Either (a) or (b), may include one or two extra
                 * leap seconds.  Try t, t + 2, t - 2, t + 1, and t - 1.
                 */
                if (tm2->tm_sec == sec
                    || (t += 2, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 4, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t += 3, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 2, tm2 = gmtime(&t), tm2->tm_sec == sec))
                        ;        /* found */
                else {
                        /*
                         * Not found.
                         */
                        if (sec >= 60)
                                /*
                                 * The given time is a leap second
                                 * (sec 60 or 61), but the time library
                                 * is ignorant of the leap second.
                                 */
                                ;        /* treat sec 60 as 59,
                                           sec 61 as 0 of the next minute */
                        else
                                /* The given time may not be normalized. */
                                t++;        /* restore t */
                }
        }

        return (t < 0 ? (time_t) -1 : t);
}
487

488
static int lprintf(int level, const char *fmt, ...)
489
490
491
492
493
494
495
496
{
	va_list argptr;
	char sbuf[1024];

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
497

498
	if(level <= LOG_ERR) {
499
		errorlog(&scfg,startup==NULL ? NULL:startup->host_name, sbuf);
500
501
502
		if(startup!=NULL && startup->errormsg!=NULL)
			startup->errormsg(startup->cbdata,level,sbuf);
	}
503
504
505
506
507
508
509
510
511

    if(startup==NULL || startup->lputs==NULL || level > startup->log_level)
        return(0);

#if defined(_WIN32)
	if(IsBadCodePtr((FARPROC)startup->lputs))
		return(0);
#endif

512
    return(startup->lputs(startup->cbdata,level,sbuf));
513
514
}

515
516
static int writebuf(http_session_t	*session, const char *buf, size_t len)
{
517
518
	size_t	sent=0;
	size_t	avail;
519

520
	while(sent < len) {
521
		avail=RingBufFree(&session->outbuf);
deuce's avatar
deuce committed
522
		if(!avail) {
523
			SLEEP(1);
deuce's avatar
deuce committed
524
525
			continue;
		}
526
527
		if(avail > len-sent)
			avail=len-sent;
528
		sent+=RingBufWrite(&(session->outbuf), ((const BYTE *)buf)+sent, avail);
529
530
531
532
	}
	return(sent);
}

533
static int sock_sendbuf(SOCKET *sock, const char *buf, size_t len, BOOL *failed)
534
535
536
{
	size_t sent=0;
	int result;
537
	int sel;
538
539
	fd_set	wr_set;
	struct timeval tv;
540

541
	while(sent<len && *sock!=INVALID_SOCKET) {
542
543
544
545
546
		FD_ZERO(&wr_set);
		FD_SET(*sock,&wr_set);
		/* Convert timeout from ms to sec/usec */
		tv.tv_sec=startup->max_inactivity;
		tv.tv_usec=0;
547
548
		sel=select(*sock+1,NULL,&wr_set,NULL,&tv);
		switch(sel) {
549
550
551
552
553
554
555
			case 1:
				result=sendsocket(*sock,buf+sent,len-sent);
				if(result==SOCKET_ERROR) {
					if(ERROR_VALUE==ECONNRESET) 
						lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",*sock);
					else if(ERROR_VALUE==ECONNABORTED) 
						lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",*sock);
556
557
558
559
#ifdef EPIPE
					else if(ERROR_VALUE==EPIPE) 
						lprintf(LOG_NOTICE,"%04d Unable to send to peer",*sock);
#endif
560
561
562
563
564
565
566
567
					else
						lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",*sock,ERROR_VALUE);
					if(failed)
						*failed=TRUE;
					return(sent);
				}
				break;
			case 0:
568
				lprintf(LOG_WARNING,"%04d Timeout selecting socket for write",*sock);
569
570
571
572
				if(failed)
					*failed=TRUE;
				return(sent);
			case -1:
573
				lprintf(LOG_WARNING,"%04d !ERROR %d selecting socket for write",*sock,ERROR_VALUE);
574
575
576
				if(failed)
					*failed=TRUE;
				return(sent);
577
578
579
580
581
582
583
584
		}
		sent+=result;
	}
	if(failed && sent<len)
		*failed=TRUE;
	return(sent);
}

585
586
587
#ifdef _WINSOCKAPI_

static WSADATA WSAData;
588
#define SOCKLIB_DESC WSAData.szDescription
589
590
591
592
593
594
595
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
596
		lprintf(LOG_DEBUG,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
597
598
599
600
		WSAInitialized=TRUE;
		return (TRUE);
	}

601
    lprintf(LOG_CRIT,"!WinSock startup ERROR %d", status);
602
603
604
605
606
607
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
608
#define SOCKLIB_DESC NULL
609
610
611
612
613
614

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
615
	    startup->status(startup->cbdata,str);
616
617
618
619
620
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
621
		startup->clients(startup->cbdata,active_clients.value);
622
623
624
625
626
}

static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
627
		startup->client_on(startup->cbdata,TRUE,sock,client,update);
628
629
630
631
632
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
633
		startup->client_on(startup->cbdata,FALSE,sock,NULL,FALSE);
634
635
636
637
638
639
}

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
640
		startup->thread_up(startup->cbdata,TRUE, setuid);
641
642
643
644
645
646
647
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
648
		startup->thread_up(startup->cbdata,FALSE, FALSE);
649
650
}

deuce's avatar
deuce committed
651
652
653
/*********************************************************************/
/* Adds an environment variable to the sessions  cgi_env linked list */
/*********************************************************************/
654
static void add_env(http_session_t *session, const char *name,const char *value)  {
655
	char	newname[129];
656
	char	*p;
657

658
	if(name==NULL || value==NULL)  {
659
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
660
661
662
663
664
665
666
667
668
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
deuce's avatar
deuce committed
669
	p=xp_asprintf("%s=%s",newname,value);
670
671
672
673
	if(p==NULL) {
		lprintf(LOG_WARNING,"%04d Cannot allocate memory for string", session->socket);
		return;
	}
674
	strListPush(&session->req.cgi_env,p);
deuce's avatar
deuce committed
675
	free(p);
676
677
}

deuce's avatar
deuce committed
678
679
680
/***************************************/
/* Initializes default CGI envirnoment */
/***************************************/
681
682
683
684
685
686
687
static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
688
	if(!strcmp(session->host_name,session->host_ip))
689
690
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
691
	add_env(session,"REQUEST_URI",session->req.request_line);
692
693
}

694
/*
deuce's avatar
deuce committed
695
 * Sends string str to socket sock... returns number of bytes written, or 0 on an error
696
697
 * Can not close the socket since it can not set it to INVALID_SOCKET
 */
698
static int bufprint(http_session_t *session, const char *str)
699
{
700
701
702
	int len;

	len=strlen(str);
703
	return(writebuf(session,str,len));
704
705
}

deuce's avatar
deuce committed
706
707
708
709
/**********************************************************/
/* Converts a month name/abbr to the 0-based month number */
/* ToDo: This probobly exists somewhere else already	  */
/**********************************************************/
710
711
712
713
714
715
716
717
718
719
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

deuce's avatar
deuce committed
720
721
722
/*******************************************************************/
/* Converts a date string in any of the common formats to a time_t */
/*******************************************************************/
723
724
725
static time_t decode_date(char *date)
{
	struct	tm	ti;
726
	char	*token;
727
	char	*last;
728
	time_t	t;
729
730
731
732
733
734
735
736
737

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

738
	token=strtok_r(date,",",&last);
739
740
	if(token==NULL)
		return(0);
741
742
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
743
		/* asctime() */
744
		/* Toss away week day */
745
		token=strtok_r(date," ",&last);
746
747
		if(token==NULL)
			return(0);
748
		token=strtok_r(NULL," ",&last);
749
750
751
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
752
		token=strtok_r(NULL," ",&last);
753
754
755
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
756
		token=strtok_r(NULL,":",&last);
757
758
759
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
760
		token=strtok_r(NULL,":",&last);
761
762
763
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
764
		token=strtok_r(NULL," ",&last);
765
766
767
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
768
		token=strtok_r(NULL,"",&last);
769
770
771
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
772
773
774
	}
	else  {
		/* RFC 1123 or RFC 850 */
775
		token=strtok_r(NULL," -",&last);
776
777
778
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
779
		token=strtok_r(NULL," -",&last);
780
781
782
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
783
		token=strtok_r(NULL," ",&last);
784
785
786
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
787
		token=strtok_r(NULL,":",&last);
788
789
790
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
791
		token=strtok_r(NULL,":",&last);
792
793
794
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
795
		token=strtok_r(NULL," ",&last);
796
797
798
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
799
800
801
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
802

803
	t=time_gm(&ti);
804
	return(t);
805
806
807
808
809
810
811
812
813
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
814
		startup->socket_open(startup->cbdata,TRUE);
815
	if(sock!=INVALID_SOCKET) {
816
		if(set_socket_options(&scfg, sock, "web|http", error, sizeof(error)))
817
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
818
819
820
821
822
823

		sockets++;
	}
	return(sock);
}

824
static int close_socket(SOCKET *sock)
825
826
827
{
	int		result;

828
	if(sock==NULL || *sock==INVALID_SOCKET)
829
830
		return(-1);

deuce's avatar
deuce committed
831
832
	/* required to ensure all data is send when SO_LINGER is off (Not functional on Win32) */
	shutdown(*sock,SHUT_RDWR);
833
834
	result=closesocket(*sock);
	*sock=INVALID_SOCKET;
835
	if(startup!=NULL && startup->socket_open!=NULL) {
836
		startup->socket_open(startup->cbdata,FALSE);
837
838
839
840
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
841
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",*sock, ERROR_VALUE);
842
843
844
845
846
	}

	return(result);
}

847
848
849
/* Waits for the outbuf to drain */
static void drain_outbuf(http_session_t * session)
{
850
851
	if(session->socket==INVALID_SOCKET)
		return;
852
853
854
	/* Force the output thread to go NOW */
	sem_post(&(session->outbuf.highwater_sem));
	/* ToDo: This should probobly timeout eventually... */
855
	while(RingBufFull(&session->outbuf) && session->socket!=INVALID_SOCKET)
856
857
		SLEEP(1);
	/* Lock the mutex to ensure data has been sent */
858
	while(session->socket!=INVALID_SOCKET && !session->outbuf_write_initialized)
859
		SLEEP(1);
860
	if(session->socket==INVALID_SOCKET)
861
		return;
862
	pthread_mutex_lock(&session->outbuf_write);		/* Win32 Access violation here on Jan-11-2006 - shutting down webserver while in use */
863
864
865
	pthread_mutex_unlock(&session->outbuf_write);
}

deuce's avatar
deuce committed
866
867
868
869
870
871
872
873
/**************************************************/
/* End of a single request...					  */
/* This is called at the end of EVERY request	  */
/*  Log the request       						  */
/*  Free request-specific data ie: dynamic stuff  */
/*  Close socket unless it's being kept alive     */
/*   If the socket is closed, the session is done */
/**************************************************/
874
875
static void close_request(http_session_t * session)
{
876
	time_t		now;
877
	int			i;
878

879
	if(session->req.write_chunked) {
880
		drain_outbuf(session);
881
882
		session->req.write_chunked=0;
		writebuf(session,"0\r\n",3);
883
		if(session->req.dynamic==IS_SSJS)
884
			ssjs_send_headers(session,FALSE);
885
886
		else
			/* Non-ssjs isn't capable of generating headers during execution */
887
			writebuf(session, newline, 2);
888
889
	}

890
891
892
	/* Force the output thread to go NOW */
	sem_post(&(session->outbuf.highwater_sem));

893
894
895
	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
896
		listPushNode(&log_list,session->req.ld);
897
898
		session->req.ld=NULL;
	}
899

900
901
902
	strListFree(&session->req.headers);
	strListFree(&session->req.dynamic_heads);
	strListFree(&session->req.cgi_env);
903
904
905
906
907
	if(session->req.post_map != NULL) {
		xpunmap(session->req.post_map);
		session->req.post_data=NULL;
		session->req.post_map=NULL;
	}
908
	FREE_AND_NULL(session->req.post_data);
909
910
	FREE_AND_NULL(session->req.error_dir);
	FREE_AND_NULL(session->req.cgi_dir);
911
	FREE_AND_NULL(session->req.auth_list);
912
	FREE_AND_NULL(session->req.realm);
913
	FREE_AND_NULL(session->req.digest_realm);
914

915
	FREE_AND_NULL(session->req.auth_list);
916
917
918
919
920
921
	FREE_AND_NULL(session->req.auth.digest_uri);
	FREE_AND_NULL(session->req.auth.cnonce);
	FREE_AND_NULL(session->req.auth.realm);
	FREE_AND_NULL(session->req.auth.nonce);
	FREE_AND_NULL(session->req.auth.nonce_count);

922
923
924
925
	/*
	 * This causes all active http_session_threads to terminate.
	 */
	if((!session->req.keep_alive) || terminate_server) {
926
		drain_outbuf(session);
927
		close_socket(&session->socket);
928
	}
929
930
931
	if(session->socket==INVALID_SOCKET)
		session->finished=TRUE;

deuce's avatar
deuce committed
932
	if(session->js_cx!=NULL && (session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS)) {
933
		JS_BEGINREQUEST(session->js_cx);
deuce's avatar
deuce committed
934
		JS_GC(session->js_cx);
935
		JS_ENDREQUEST(session->js_cx);
deuce's avatar
deuce committed
936
	}
deuce's avatar
deuce committed
937
938
	if(session->subscan!=NULL)
		putmsgptrs(&scfg, session->user.number, session->subscan);
deuce's avatar
deuce committed
939

940
941
942
	if(session->req.fp!=NULL)
		fclose(session->req.fp);

943
944
945
946
947
948
	for(i=0;i<MAX_CLEANUPS;i++) {
		if(session->req.cleanup_file[i]!=NULL) {
			if(!(startup->options&WEB_OPT_DEBUG_SSJS))
				remove(session->req.cleanup_file[i]);
			free(session->req.cleanup_file[i]);
		}
949
950
	}

951
	memset(&session->req,0,sizeof(session->req));
952
953
954
955
}

static int get_header_type(char *header)
{
956
	int i;
957
958
959
960
961
962
963
964
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

deuce's avatar
deuce committed
965
/* Opposite of get_header_type() */
966
967
static char *get_header(int id) 
{
968
	int i;
969
970
	if(headers[id].id==id)
		return(headers[id].text);
971
972
973
974
975
976
977
978
979

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

980
981
static const char* unknown_mime_type="application/octet-stream";

982
static const char* get_mime_type(char *ext)
983
984
985
{
	uint i;

986
	if(ext==NULL || mime_types==NULL)
987
988
		return(unknown_mime_type);

989
	for(i=0;mime_types[i]!=NULL;i++)
990
		if(stricmp(ext+1,mime_types[i]->name)==0)
991
			return(mime_types[i]->value);
992
993

	return(unknown_mime_type);
994
995
}

996
static char* get_cgi_handler(const char* fname)
997
998
999
1000
{
	char*	ext;
	size_t	i;

1001
1002
	if(cgi_handlers==NULL || (ext=getfext(fname))==NULL)
		return(NULL);
1003
	for(i=0;cgi_handlers[i]!=NULL;i++) {
1004
1005
		if(stricmp(cgi_handlers[i]->name, ext+1)==0)
			return(cgi_handlers[i]->value);
1006
	}
1007
	return(NULL);
1008
1009
1010
1011
1012
1013
}

static BOOL get_xjs_handler(char* ext, http_session_t* session)
{
	size_t	i;

deuce's avatar
deuce committed
1014
	if(ext==NULL || xjs_handlers==NULL || ext[0]==0)
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
		return(FALSE);

	for(i=0;xjs_handlers[i]!=NULL;i++) {
		if(stricmp(xjs_handlers[i]->name, ext+1)==0) {
			if(getfname(xjs_handlers[i]->value)==xjs_handlers[i]->value)	/* no path specified */
				SAFEPRINTF2(session->req.xjs_handler,"%s%s",scfg.exec_dir,xjs_handlers[i]->value);
			else
				SAFECOPY(session->req.xjs_handler,xjs_handlers[i]->value);
			return(TRUE);
		}
	}
	return(FALSE);
}

1029
1030
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
1031
	size_t dstlen,appendlen;
1032
1033
1034
1035
1036
1037
1038
1039
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

deuce's avatar
deuce committed
1040
1041
1042
1043
/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
1044
static BOOL send_headers(http_session_t *session, const char *status, int chunked)
1045
{
1046
	int		ret;
1047
	int		stat_code;
1048
	BOOL	send_file=TRUE;
1049
	time_t	ti;