websrvr.c 89.5 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2004 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/*
 * General notes: (ToDo stuff)
 * strtok() is used a LOT in here... notice that there is a strtok_r() for reentrant...
 * this may imply that strtok() is NOT thread-safe... if in fact it isn't this HAS
 * to be fixed before any real production-level quality is achieved with this web server
 * however, strtok_r() may not be a standard function.
 *
 * RE: not sending the headers if an nph scrpit is detected.  (The headers buffer could
 * just be free()ed and NULLed)
 *
 * Currently, all SSJS requests for a session are ran in the same context without clearing the context in
 * any way.  This behaviour should not be relied on as it may disappear in the future... this will require
 * some thought as it COULD be handy in some circumstances and COULD cause weird bugs in others.
 *
 * Dynamic content is always resent on an If-Modified-Since request... this may not be optimal behaviour
 * for GET requests...
 *
 * Should support RFC2617 Digest auth.
 *
 * Fix up all the logging stuff.
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 *
 * SSJS stuff could work using three different methods:
 * 1) Temporary file as happens currently
 *		Advantages:
 *			Allows to keep current connection (keep-alive works)
 *			write() doesn't need to be "special"
 *		Disadvantages:
 *			Depends on the temp dir being writable and capable of holding
 *				the full reply
 *			Everything goes throug the disk, so probobly some performance
 *				penalty is involved
 *			No way of sending directly to the remote system
 * 2) nph- style
 *		Advantages:
 *			No file I/O involved
 *			Can do magic tricks (ala my perl web wrapper)
 *		Disadvantages:
 *			Pretty much everything needs to be handled by the script.
 * 3) Return body in http_reply object
 *		All the advantages of 1)
 *		Could use a special write() to make everything just great.
 *		Still doesn't allow page to be sent until fully composed (ie: long
 *			delays)
 * 4) Type three with a callback that sends the header and current body, then
 *		converts write() to send directly to remote.
deuce's avatar
deuce committed
83
84
85
86
 *
 * Add in support to pass connections through to a different webserver...
 *      probobly in access.ars... with like a simplified mod_rewrite.
 *      This would allow people to run apache and Synchronet as the same site.
87
88
 */

deuce's avatar
deuce committed
89
/* Headers for CGI stuff */
90
91
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
92
93
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
94
95
#endif

96
#ifndef JAVASCRIPT
97
#define JAVASCRIPT
98
99
#endif

100
101
#include "sbbs.h"
#include "sockwrap.h"		/* sendfilesocket() */
102
#include "threadwrap.h"		/* pthread_mutex_t */
103
#include "semwrap.h"
104
#include "websrvr.h"
deuce's avatar
deuce committed
105
#include "base64.h"
106

107
108
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
109
110
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
111
112
static const char*	error_404="404 Not Found";
static const char*	error_500="500 Internal Server Error";
113
static const char*	unknown="<unknown>";
114

115
/* Is this not in a header somewhere? */
116
extern const uchar* nular;
rswindell's avatar
rswindell committed
117
118

#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
deuce's avatar
deuce committed
119
120
121
#define MAX_REQUEST_LINE		1024	/* NOT including terminator */
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers 
										   (Including terminator )*/
122
#define MAX_REDIR_LOOPS			20		/* Max. times to follow internal redirects for a single request */
123

124
125
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
126
static BOOL		http_logging_thread_running=FALSE;
127
128
static ulong	active_clients=0;
static ulong	sockets=0;
129
static BOOL		terminate_server=FALSE;
130
static BOOL		terminate_http_logging_thread=FALSE;
131
132
133
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static char		revision[16];
134
135
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
136
static char		cgi_dir[MAX_PATH+1];
137
static time_t	uptime=0;
138
static DWORD	served=0;
139
static web_startup_t* startup=NULL;
140
static js_server_props_t js_server_props;
141
142
static link_list_t recycle_semfiles;
static link_list_t shutdown_semfiles;
143

144
145
static named_string_t** mime_types;

146
147
148
/* Logging stuff */
sem_t	log_sem;
pthread_mutex_t	log_mutex;
149
link_list_t	log_list;
150
151
152
153
154
155
156
157
158
159
160
161
struct log_data {
	char	*hostname;
	char	*ident;
	char	*user;
	char	*request;
	char	*referrer;
	char	*agent;
	int		status;
	unsigned int	size;
	struct tm completed;
};

162
typedef struct  {
163
	int			method;
164
165
166
167
168
169
170
171
172
173
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL		parsed_headers;
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
	char    	auth[128];				/* UserID:Password */
	char		host[128];				/* The requested host. (virtual hosts) */
	int			send_location;
174
	const char*	mime_type;
175
	link_list_t	headers;
176
	char		status[MAX_REQUEST_LINE+1];
177
178
	char *		post_data;
	size_t		post_len;
179
	int			dynamic;
180
	struct log_data	*ld;
181

182
183
184
185
186
187
	/* CGI parameters */
	char		query_str[MAX_REQUEST_LINE+1];
	char		extra_path_info[MAX_REQUEST_LINE+1];
	link_list_t	cgi_env;
	link_list_t	dynamic_heads;

188
189
190
	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;

191
192
193
} http_request_t;

typedef struct  {
194
195
	SOCKET			socket;
	SOCKADDR_IN		addr;
196
	http_request_t	req;
197
198
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
199
200
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
201
202
203
	user_t			user;
	int				last_user_num;
	time_t			logon_time;
204
	char			username[LEN_NAME+1];
205
	int				last_js_user_num;
206
207
208
209
210

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
211
212
213
	JSObject*		js_query;
	JSObject*		js_header;
	JSObject*		js_request;
214
215
216

	/* Client info */
	client_t		client;
217
218
219
220
221
} http_session_t;

enum { 
	 HTTP_0_9
	,HTTP_1_0
222
	,HTTP_1_1
223
224
225
226
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
227
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
228
	,NULL	/* terminator */
229
230
231
232
233
234
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
};
235

rswindell's avatar
rswindell committed
236
237
238
static char* methods[] = {
	 "HEAD"
	,"GET"
239
	,"POST"
rswindell's avatar
rswindell committed
240
241
	,NULL	/* terminator */
};
242

243
enum {
244
245
246
247
248
249
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

250
enum { 
251
252
253
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
254
255
	,HEAD_LENGTH
	,HEAD_TYPE
256
257
258
259
260
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
261
262
263
264
265
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
266
267
	,HEAD_REFERER
	,HEAD_AGENT
268
269
270
271
272
273
};

static struct {
	int		id;
	char*	text;
} headers[] = {
274
275
276
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
277
278
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
279
280
281
282
283
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
284
285
286
287
288
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
289
290
	{ HEAD_REFERER,			"Referer"				},
	{ HEAD_AGENT,			"User-Agent"			},
291
	{ -1,					NULL /* terminator */	},
292
293
};

294
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
295
enum  {
296
	 NO_LOCATION
297
	,MOVED_PERM
298
	,MOVED_TEMP
299
	,MOVED_STAT
300
301
};

302
303
304
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

305
static void respond(http_session_t * session);
306
static BOOL js_setup(http_session_t* session);
307
static char *find_last_slash(char *str);
308
static BOOL check_extra_path(http_session_t * session);
309

310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
static time_t
sub_mkgmt(struct tm *tm)
{
        int y, nleapdays;
        time_t t;
        /* days before the month */
        static const unsigned short moff[12] = {
                0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
        };

        /*
         * XXX: This code assumes the given time to be normalized.
         * Normalizing here is impossible in case the given time is a leap
         * second but the local time library is ignorant of leap seconds.
         */

        /* minimal sanity checking not to access outside of the array */
        if ((unsigned) tm->tm_mon >= 12)
                return (time_t) -1;
        if (tm->tm_year < 1970 - 1900)
                return (time_t) -1;

        y = tm->tm_year + 1900 - (tm->tm_mon < 2);
        nleapdays = y / 4 - y / 100 + y / 400 -
            ((1970-1) / 4 - (1970-1) / 100 + (1970-1) / 400);
        t = ((((time_t) (tm->tm_year - (1970 - 1900)) * 365 +
                        moff[tm->tm_mon] + tm->tm_mday - 1 + nleapdays) * 24 +
                tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;

        return (t < 0 ? (time_t) -1 : t);
}

time_t
time_gm(struct tm *tm)
{
        time_t t, t2;
        struct tm *tm2;
        int sec;

        /* Do the first guess. */
        if ((t = sub_mkgmt(tm)) == (time_t) -1)
                return (time_t) -1;

        /* save value in case *tm is overwritten by gmtime() */
        sec = tm->tm_sec;

        tm2 = gmtime(&t);
        if ((t2 = sub_mkgmt(tm2)) == (time_t) -1)
                return (time_t) -1;

        if (t2 < t || tm2->tm_sec != sec) {
                /*
                 * Adjust for leap seconds.
                 *
                 *     real time_t time
                 *           |
                 *          tm
                 *         /        ... (a) first sub_mkgmt() conversion
                 *       t
                 *       |
                 *      tm2
                 *     /        ... (b) second sub_mkgmt() conversion
                 *   t2
                 *                        --->time
                 */
                /*
                 * Do the second guess, assuming (a) and (b) are almost equal.
                 */
                t += t - t2;
                tm2 = gmtime(&t);

                /*
                 * Either (a) or (b), may include one or two extra
                 * leap seconds.  Try t, t + 2, t - 2, t + 1, and t - 1.
                 */
                if (tm2->tm_sec == sec
                    || (t += 2, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 4, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t += 3, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 2, tm2 = gmtime(&t), tm2->tm_sec == sec))
                        ;        /* found */
                else {
                        /*
                         * Not found.
                         */
                        if (sec >= 60)
                                /*
                                 * The given time is a leap second
                                 * (sec 60 or 61), but the time library
                                 * is ignorant of the leap second.
                                 */
                                ;        /* treat sec 60 as 59,
                                           sec 61 as 0 of the next minute */
                        else
                                /* The given time may not be normalized. */
                                t++;        /* restore t */
                }
        }

        return (t < 0 ? (time_t) -1 : t);
}
411

412
static int lprintf(int level, char *fmt, ...)
413
414
415
416
417
418
419
420
421
422
423
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
424
    return(startup->lputs(startup->cbdata,level,sbuf));
425
426
427
428
429
}

#ifdef _WINSOCKAPI_

static WSADATA WSAData;
430
#define SOCKLIB_DESC WSAData.szDescription
431
432
433
434
435
436
437
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
438
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
439
440
441
442
		WSAInitialized=TRUE;
		return (TRUE);
	}

443
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
444
445
446
447
448
449
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
450
#define SOCKLIB_DESC NULL
451
452
453
454
455
456

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
457
	    startup->status(startup->cbdata,str);
458
459
460
461
462
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
463
		startup->clients(startup->cbdata,active_clients);
464
465
466
467
468
}

static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
469
		startup->client_on(startup->cbdata,TRUE,sock,client,update);
470
471
472
473
474
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
475
		startup->client_on(startup->cbdata,FALSE,sock,NULL,FALSE);
476
477
478
479
480
481
}

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
482
		startup->thread_up(startup->cbdata,TRUE, setuid);
483
484
485
486
487
488
489
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
490
		startup->thread_up(startup->cbdata,FALSE, FALSE);
491
492
}

deuce's avatar
deuce committed
493
494
495
/*********************************************************************/
/* Adds an environment variable to the sessions  cgi_env linked list */
/*********************************************************************/
496
static void add_env(http_session_t *session, const char *name,const char *value)  {
497
	char	newname[129];
498
	char	*p;
499

500
	if(name==NULL || value==NULL)  {
501
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
502
503
504
505
506
507
508
509
510
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
511
512
513
514
515
516
517
518
	p=(char *)malloc(strlen(name)+strlen(value)+2);
	if(p==NULL) {
		lprintf(LOG_WARNING,"%04d Cannot allocate memory for string", session->socket);
		return;
	}
	sprintf(p,"%s=%s",newname,value);
	listPushNodeString(&session->req.cgi_env,p);
	free(p);
519
520
}

deuce's avatar
deuce committed
521
522
523
/***************************************/
/* Initializes default CGI envirnoment */
/***************************************/
524
525
526
527
528
529
530
static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
531
	if(!strcmp(session->host_name,session->host_ip))
532
533
534
535
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
}

536
/*
deuce's avatar
deuce committed
537
 * Sends string str to socket sock... returns number of bytes written, or 0 on an error
538
539
540
541
 * (Should it be -1 on an error?)
 * Can not close the socket since it can not set it to INVALID_SOCKET
 * ToDo - Decide error behaviour, should a SOCKET * be passed around rather than a socket?
 */
542
543
static int sockprint(SOCKET sock, const char *str)
{
544
545
546
	int len;
	int	result;
	int written=0;
547
	BOOL	wr;
548
549
550

	if(sock==INVALID_SOCKET)
		return(0);
551
	if(startup->options&WEB_OPT_DEBUG_TX)
552
		lprintf(LOG_DEBUG,"%04d TX: %s", sock, str);
553
	len=strlen(str);
554

555
	while(socket_check(sock,NULL,&wr,startup->max_inactivity*1000) && wr && written<len)  {
556
		result=sendsocket(sock,str+written,len-written);
557
558
		if(result==SOCKET_ERROR) {
			if(ERROR_VALUE==ECONNRESET) 
559
				lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",sock);
560
			else if(ERROR_VALUE==ECONNABORTED) 
561
				lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",sock);
562
			else
563
				lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
564
565
			return(0);
		}
566
567
568
		written+=result;
	}
	if(written != len) {
569
		lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
570
571
572
573
574
		return(0);
	}
	return(len);
}

deuce's avatar
deuce committed
575
576
577
578
/**********************************************************/
/* Converts a month name/abbr to the 0-based month number */
/* ToDo: This probobly exists somewhere else already	  */
/**********************************************************/
579
580
581
582
583
584
585
586
587
588
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

deuce's avatar
deuce committed
589
590
591
/*******************************************************************/
/* Converts a date string in any of the common formats to a time_t */
/*******************************************************************/
592
593
594
static time_t decode_date(char *date)
{
	struct	tm	ti;
595
596
	char	*token;
	time_t	t;
597
598
599
600
601
602
603
604
605

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

606
	token=strtok(date,",");
607
608
	if(token==NULL)
		return(0);
609
610
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
611
		/* asctime() */
612
613
		/* Toss away week day */
		token=strtok(date," ");
614
615
		if(token==NULL)
			return(0);
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
		token=strtok(NULL,"");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
640
641
642
	}
	else  {
		/* RFC 1123 or RFC 850 */
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
667
668
669
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
670

671
	t=time_gm(&ti);
672
	return(t);
673
674
675
676
677
678
679
680
681
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
682
		startup->socket_open(startup->cbdata,TRUE);
683
684
	if(sock!=INVALID_SOCKET) {
		if(set_socket_options(&scfg, sock,error))
685
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701

		sockets++;
	}
	return(sock);
}

static int close_socket(SOCKET sock)
{
	int		result;

	if(sock==INVALID_SOCKET)
		return(-1);

	shutdown(sock,SHUT_RDWR);	/* required on Unix */
	result=closesocket(sock);
	if(startup!=NULL && startup->socket_open!=NULL) {
702
		startup->socket_open(startup->cbdata,FALSE);
703
704
705
706
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
707
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",sock, ERROR_VALUE);
708
709
710
711
712
	}

	return(result);
}

deuce's avatar
deuce committed
713
714
715
716
717
718
719
720
/**************************************************/
/* End of a single request...					  */
/* This is called at the end of EVERY request	  */
/*  Log the request       						  */
/*  Free request-specific data ie: dynamic stuff  */
/*  Close socket unless it's being kept alive     */
/*   If the socket is closed, the session is done */
/**************************************************/
721
722
static void close_request(http_session_t * session)
{
723
724
	time_t		now;

725
726
727
728
	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
		pthread_mutex_lock(&log_mutex);
729
		listPushNode(&log_list,session->req.ld);
730
731
732
733
		pthread_mutex_unlock(&log_mutex);
		sem_post(&log_sem);
		session->req.ld=NULL;
	}
734

735
736
737
	listFree(&session->req.headers);
	listFree(&session->req.dynamic_heads);
	listFree(&session->req.cgi_env);
738
	FREE_AND_NULL(session->req.post_data);
739
	if(!session->req.keep_alive) {
740
		close_socket(session->socket);
741
		session->socket=INVALID_SOCKET;
742
	}
743
744
745
	if(session->socket==INVALID_SOCKET)
		session->finished=TRUE;

746
	memset(&session->req,0,sizeof(session->req));
747
748
749
750
}

static int get_header_type(char *header)
{
751
	int i;
752
753
754
755
756
757
758
759
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

deuce's avatar
deuce committed
760
/* Opposite of get_header_type() */
761
762
static char *get_header(int id) 
{
763
	int i;
764
765
	if(headers[id].id==id)
		return(headers[id].text);
766
767
768
769
770
771
772
773
774

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

775
776
static const char* unknown_mime_type="application/octet-stream";

777
static const char* get_mime_type(char *ext)
778
779
780
781
{
	uint i;

	if(ext==NULL)
782
783
		return(unknown_mime_type);

784
785
786
	for(i=0;mime_types[i]!=NULL;i++)
		if(!stricmp(ext+1,mime_types[i]->name))
			return(mime_types[i]->value);
787
788

	return(unknown_mime_type);
789
790
}

791
792
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
793
	size_t dstlen,appendlen;
794
795
796
797
798
799
800
801
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

deuce's avatar
deuce committed
802
803
804
805
/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
806
static BOOL send_headers(http_session_t *session, const char *status)
807
{
808
	int		ret;
809
	BOOL	send_file=TRUE;
810
	time_t	ti;
811
	const char	*status_line;
812
	struct stat	stats;
813
	struct tm	tm;
814
	char	*headers;
815
	char	header[MAX_REQUEST_LINE+1];
816
	char	*p;
deuce's avatar
deuce committed
817
	list_node_t	*node;
818

819
820
821
	lprintf(LOG_DEBUG,"%04d Request resolved to: %s"
		,session->socket,session->req.physical_path);
	if(session->http_ver <= HTTP_0_9) {
deuce's avatar
deuce committed
822
823
		if(session->req.ld != NULL)
			session->req.ld->status=atoi(status);
deuce's avatar
deuce committed
824
		return(TRUE);
825
	}
deuce's avatar
deuce committed
826

827
	status_line=status;
828
	ret=stat(session->req.physical_path,&stats);
829
	if(!ret && session->req.if_modified_since && (stats.st_mtime <= session->req.if_modified_since) && !session->req.dynamic) {
830
		status_line="304 Not Modified";
831
		ret=-1;
832
		send_file=FALSE;
833
	}
834
	if(session->req.send_location==MOVED_PERM)  {
835
		status_line="301 Moved Permanently";
836
837
838
		ret=-1;
		send_file=FALSE;
	}
839
	if(session->req.send_location==MOVED_TEMP)  {
840
		status_line="302 Moved Temporarily";
841
842
843
		ret=-1;
		send_file=FALSE;
	}
844

845
846
847
	if(session->req.ld!=NULL)
		session->req.ld->status=atoi(status_line);

848
849
	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
850
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
851
852
853
		return(FALSE);
	}
	*headers=0;
854
	/* Status-Line */
855
	safe_snprintf(header,sizeof(header),"%s %s",http_vers[session->http_ver],status_line);
856
857
858

	lprintf(LOG_DEBUG,"%04d Result: %s",session->socket,header);

859
	safecat(headers,header,MAX_HEADERS_SIZE);
860
861
862

	/* General Headers */
	ti=time(NULL);
863
864
	if(gmtime_r(&ti,&tm)==NULL)
		memset(&tm,0,sizeof(tm));
865
	safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
866
867
868
		,get_header(HEAD_DATE)
		,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
		,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
869
870
	safecat(headers,header,MAX_HEADERS_SIZE);
	if(session->req.keep_alive) {
871
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
872
873
874
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
875
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Close");
876
877
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
878
879

	/* Response Headers */
880
	safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
881
	safecat(headers,header,MAX_HEADERS_SIZE);
882
883
	
	/* Entity Headers */
884
	if(session->req.dynamic) {
885
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST");
886
887
888
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
889
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD");
890
891
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
892

893
	if(session->req.send_location) {
894
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
895
		safecat(headers,header,MAX_HEADERS_SIZE);
896
	}
897
	if(session->req.keep_alive) {
deuce's avatar
deuce committed
898
		if(ret)  {
899
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LENGTH),"0");
900
			safecat(headers,header,MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
901
		}
902
		else  {
903
			safe_snprintf(header,sizeof(header),"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
904
			safecat(headers,header,MAX_HEADERS_SIZE);
905
		}
906
	}
907

908
	if(!ret && !session->req.dynamic)  {
909
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
910
		safecat(headers,header,MAX_HEADERS_SIZE);
911
		gmtime_r(&stats.st_mtime,&tm);
912
		safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
913
			,get_header(HEAD_LASTMODIFIED)
914
915
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
916
		safecat(headers,header,MAX_HEADERS_SIZE);
917
	} 
rswindell's avatar
rswindell committed
918

919
920
	if(session->req.dynamic)  {
		/* Dynamic headers */
921
		/* Set up environment */
deuce's avatar
deuce committed
922
923
		for(node=listFirstNode(&session->req.dynamic_heads);node!=NULL;node=listNextNode(node))
			safecat(headers,listNodeData(node),MAX_HEADERS_SIZE);
924
	}
925

926
	safecat(headers,"",MAX_HEADERS_SIZE);
927
	send_file = (sockprint(session->socket,headers) && send_file);
deuce's avatar
deuce committed
928
	FREE_AND_NULL(headers);
929
	return(send_file);
930
931
}

932
static int sock_sendfile(SOCKET socket,char *path)
933
934
{
	int		file;
935
	long	offset=0;
936
	int		ret=0;
937

938
	if(startup->options&WEB_OPT_DEBUG_TX)
939
		lprintf(LOG_DEBUG,"%04d Sending %s",socket,path);
940
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
941
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",socket,errno,path);
942
	else {
943
		if((ret=sendfilesocket(socket, file, &offset, 0)) < 1) {
944
			lprintf(LOG_DEBUG,"%04d !ERROR %d sending %s"
deuce's avatar
deuce committed
945
				, socket, errno, path);
946
947
			ret=0;
		}
948
949
		close(file);
	}
950
	return(ret);
951
952
}

deuce's avatar
deuce committed
953
954
955
956
/********************************************************/
/* Sends a specified error message, closes the request, */
/* and marks the session to be closed 					*/
/********************************************************/
957
static void send_error(http_session_t * session, const char* message)
958
959
{
	char	error_code[4];
960
	struct stat	sb;
961
	char	sbuf[1024];
962

963
	session->req.if_modified_since=0;
964
	lprintf(LOG_INFO,"%04d !ERROR: %s",session->socket,message);
965
	session->req.keep_alive=FALSE;
966
	session->req.send_location=NO_LOCATION;
967
	SAFECOPY(error_code,message);
968
	sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
deuce's avatar
deuce committed
969
970
	session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
	send_headers(session,message);
971
	if(!stat(session->req.physical_path,&sb)) {
972
973
974
975
976
977
		int	snt=0;
		snt=sock_sendfile(session->socket,session->req.physical_path);
		if(snt<0)
			snt=0;
		if(session->req.ld!=NULL)
			session->req.ld->size=snt;
978
	}
979
	else {
980
		lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist"
981
			,session->socket,session->req.physical_path);
982
		safe_snprintf(sbuf,sizeof(sbuf)
983
984
985
			,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
			"<BODY><H1>%s Error</H1><BR><H3>In addition, "
			"I can't seem to find the %s error file</H3><br>"
986
987
988
			"please notify <a href=\"mailto:sysop@%s\">"
			"%s</a></BODY></HTML>"
			,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
989
		sockprint(session->socket,sbuf);
990
991
		if(session->req.ld!=NULL)
			session->req.ld->size=strlen(sbuf);
992
	}
993
994
995
	close_request(session);
}

996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
void http_logon(http_session_t * session, user_t *usr)
{
	if(usr==NULL)
		getuserdat(&scfg, &session->user);

	if(session->user.number==session->last_user_num)
		return;
	if(session->user.number==0)
		SAFECOPY(session->username,unknown);
	else
		SAFECOPY(session->username,session->user.alias);
	session->last_user_num=session->user.number;
	session->logon_time=time(NULL);
}

void http_logoff(http_session_t * session)
{
	if(session->last_user_num<=0)
		return;
	SAFECOPY(session->username,unknown);
	logoutuserdat(&scfg, &session->user, time(NULL), session->logon_time);
	memset(&session->user,0,sizeof(session->user));
	session->last_user_num=session->user.number;
}

BOOL http_checkuser(http_session_t * session)
{
1023
	if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {
1024
1025
		if(session->last_js_user_num==session->user.number)
			return(TRUE);
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
		lprintf(LOG_INFO,"%04d JavaScript: Initializing User Objects",session->socket);
		if(session->user.number>0) {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, &session->user
				,NULL /* ftp index file */, NULL /* subscan */)) {
				lprintf(LOG_ERR,"%04d !JavaScript ERROR creating user objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
		else {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, NULL
				,NULL /* ftp index file */, NULL /* subscan */)) {
				lprintf(LOG_ERR,"%04d !ERROR initializing JavaScript User Objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
1043
		session->last_js_user_num=session->user.number;
1044
1045
1046
1047
	}
	return(TRUE);
}

1048
static BOOL check_ars(http_session_t * session)
1049
1050
1051
1052
{
	char	*username;
	char	*password;
	uchar	*ar;
1053
	BOOL	authorized;
1054
	char	auth_req[MAX_REQUEST_LINE+1];
1055
1056
	int		i;
	user_t	thisuser;
1057

1058
	if(session->req.auth[0]==0) {
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
		/* No authentication information... */
		if(session->last_user_num!=0) {
			if(session->last_user_num>0)
				http_logoff(session);
			session->user.number=0;
			http_logon(session,NULL);
		}
		if(!http_checkuser(session))
			return(FALSE);
		if(session->req.ars[0]) {
			/* There *IS* an ARS string  ie: Auth is required */
			if(startup->options&WEB_OPT_DEBUG_RX)
				lprintf(LOG_NOTICE,"%04d !No authentication information",session->socket);
			return(FALSE);
		}
		/* No auth required, allow */
		return(TRUE);
1076
	}
1077
	SAFECOPY(auth_req,session->req.auth);
1078

1079
	username=strtok(auth_req,":");
1080
1081
	if(username==NULL)
		username="";
1082
1083
1084
	password=strtok(NULL,":");
	/* Require a password */
	if(password==NULL)
1085
		password="";
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
	i=matchuser(&scfg, username, FALSE);
	if(i==0) {
		if(session->last_user_num!=0) {
			if(session->last_user_num>0)
				http_logoff(session);
			session->user.number=0;
			http_logon(session,NULL);
		}
		if(!http_checkuser(session))
			return(FALSE);
1096
		if(scfg.sys_misc&SM_ECHO_PW)
1097
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: %s, Password: %s"
1098
1099
				,session->socket,username,password);
		else
1100
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: %s"
1101
1102
1103
				,session->socket,username);
		return(FALSE);
	}
1104
	thisuser.number=i;
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
	getuserdat(&scfg, &thisuser);
	if(thisuser.pass[0] && stricmp(thisuser.pass,password)) {
		if(session->last_user_num!=0) {
			if(session->last_user_num>0)
				http_logoff(session);
			session->user.number=0;
			http_logon(session,NULL);
		}
		if(!http_checkuser(session))
			return(FALSE);
1115
		/* Should go to the hack log? */
1116
		if(scfg.sys_misc&SM_ECHO_PW)
1117
			lprintf(LOG_WARNING,"%04d !PASSWORD FAILURE for user %s: '%s' expected '%s'"
1118
				,session->socket,username,password,session->user.pass);
1119
		else