websrvr.c 91.1 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2004 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/*
 * General notes: (ToDo stuff)
 * strtok() is used a LOT in here... notice that there is a strtok_r() for reentrant...
 * this may imply that strtok() is NOT thread-safe... if in fact it isn't this HAS
 * to be fixed before any real production-level quality is achieved with this web server
 * however, strtok_r() may not be a standard function.
 *
 * RE: not sending the headers if an nph scrpit is detected.  (The headers buffer could
 * just be free()ed and NULLed)
 *
 * Currently, all SSJS requests for a session are ran in the same context without clearing the context in
 * any way.  This behaviour should not be relied on as it may disappear in the future... this will require
 * some thought as it COULD be handy in some circumstances and COULD cause weird bugs in others.
 *
 * Dynamic content is always resent on an If-Modified-Since request... this may not be optimal behaviour
 * for GET requests...
 *
 * Should support RFC2617 Digest auth.
 *
 * Fix up all the logging stuff.
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 *
 * SSJS stuff could work using three different methods:
 * 1) Temporary file as happens currently
 *		Advantages:
 *			Allows to keep current connection (keep-alive works)
 *			write() doesn't need to be "special"
 *		Disadvantages:
 *			Depends on the temp dir being writable and capable of holding
 *				the full reply
 *			Everything goes throug the disk, so probobly some performance
 *				penalty is involved
 *			No way of sending directly to the remote system
 * 2) nph- style
 *		Advantages:
 *			No file I/O involved
 *			Can do magic tricks (ala my perl web wrapper)
 *		Disadvantages:
 *			Pretty much everything needs to be handled by the script.
 * 3) Return body in http_reply object
 *		All the advantages of 1)
 *		Could use a special write() to make everything just great.
 *		Still doesn't allow page to be sent until fully composed (ie: long
 *			delays)
 * 4) Type three with a callback that sends the header and current body, then
 *		converts write() to send directly to remote.
deuce's avatar
deuce committed
83
84
85
86
 *
 * Add in support to pass connections through to a different webserver...
 *      probobly in access.ars... with like a simplified mod_rewrite.
 *      This would allow people to run apache and Synchronet as the same site.
87
88
 */

deuce's avatar
deuce committed
89
/* Headers for CGI stuff */
90
91
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
92
93
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
94
95
#endif

96
#ifndef JAVASCRIPT
97
#define JAVASCRIPT
98
99
#endif

100
#undef SBBS	/* this shouldn't be defined unless building sbbs.dll/libsbbs.so */
101
102
#include "sbbs.h"
#include "sockwrap.h"		/* sendfilesocket() */
103
#include "threadwrap.h"		/* pthread_mutex_t */
104
#include "semwrap.h"
105
#include "websrvr.h"
deuce's avatar
deuce committed
106
#include "base64.h"
107

108
109
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
110
111
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
112
113
static const char*	error_404="404 Not Found";
static const char*	error_500="500 Internal Server Error";
114
static const char*	unknown="<unknown>";
115

116
/* Is this not in a header somewhere? */
117
extern const uchar* nular;
rswindell's avatar
rswindell committed
118
119

#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
deuce's avatar
deuce committed
120
121
122
#define MAX_REQUEST_LINE		1024	/* NOT including terminator */
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers 
										   (Including terminator )*/
123
#define MAX_REDIR_LOOPS			20		/* Max. times to follow internal redirects for a single request */
124

125
126
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
127
static BOOL		http_logging_thread_running=FALSE;
128
129
static ulong	active_clients=0;
static ulong	sockets=0;
130
static BOOL		terminate_server=FALSE;
131
static BOOL		terminate_http_logging_thread=FALSE;
132
133
134
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static char		revision[16];
135
136
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
137
static char		cgi_dir[MAX_PATH+1];
138
static time_t	uptime=0;
139
static DWORD	served=0;
140
static web_startup_t* startup=NULL;
141
static js_server_props_t js_server_props;
142
143
static link_list_t recycle_semfiles;
static link_list_t shutdown_semfiles;
144

145
146
static named_string_t** mime_types;

147
148
149
/* Logging stuff */
sem_t	log_sem;
pthread_mutex_t	log_mutex;
150
link_list_t	log_list;
151
152
153
154
155
156
157
158
159
160
161
162
struct log_data {
	char	*hostname;
	char	*ident;
	char	*user;
	char	*request;
	char	*referrer;
	char	*agent;
	int		status;
	unsigned int	size;
	struct tm completed;
};

163
typedef struct  {
164
	int			method;
165
166
167
168
169
170
171
172
173
174
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL		parsed_headers;
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
	char    	auth[128];				/* UserID:Password */
	char		host[128];				/* The requested host. (virtual hosts) */
	int			send_location;
175
	const char*	mime_type;
176
	link_list_t	headers;
177
	char		status[MAX_REQUEST_LINE+1];
178
179
	char *		post_data;
	size_t		post_len;
180
	int			dynamic;
181
	struct log_data	*ld;
182

183
184
185
186
187
188
	/* CGI parameters */
	char		query_str[MAX_REQUEST_LINE+1];
	char		extra_path_info[MAX_REQUEST_LINE+1];
	link_list_t	cgi_env;
	link_list_t	dynamic_heads;

189
190
191
	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;

192
193
194
} http_request_t;

typedef struct  {
195
196
	SOCKET			socket;
	SOCKADDR_IN		addr;
197
	http_request_t	req;
198
199
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
200
201
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
202
203
204
	user_t			user;
	int				last_user_num;
	time_t			logon_time;
205
	char			username[LEN_NAME+1];
206
	int				last_js_user_num;
207
	subscan_t		*subscan;
208
209
210
211
212

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
213
214
215
	JSObject*		js_query;
	JSObject*		js_header;
	JSObject*		js_request;
216
	js_branch_t		js_branch;
217
218
219

	/* Client info */
	client_t		client;
220
221
222
223
224
} http_session_t;

enum { 
	 HTTP_0_9
	,HTTP_1_0
225
	,HTTP_1_1
226
227
228
229
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
230
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
231
	,NULL	/* terminator */
232
233
234
235
236
237
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
};
238

rswindell's avatar
rswindell committed
239
240
241
static char* methods[] = {
	 "HEAD"
	,"GET"
242
	,"POST"
rswindell's avatar
rswindell committed
243
244
	,NULL	/* terminator */
};
245

246
enum {
247
248
249
250
251
252
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

253
enum { 
254
255
256
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
257
258
	,HEAD_LENGTH
	,HEAD_TYPE
259
260
261
262
263
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
264
265
266
267
268
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
269
270
	,HEAD_REFERER
	,HEAD_AGENT
271
272
273
274
275
276
};

static struct {
	int		id;
	char*	text;
} headers[] = {
277
278
279
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
280
281
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
282
283
284
285
286
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
287
288
289
290
291
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
292
293
	{ HEAD_REFERER,			"Referer"				},
	{ HEAD_AGENT,			"User-Agent"			},
294
	{ -1,					NULL /* terminator */	},
295
296
};

297
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
298
enum  {
299
	 NO_LOCATION
300
	,MOVED_PERM
301
	,MOVED_TEMP
302
	,MOVED_STAT
303
304
};

305
306
307
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

308
static void respond(http_session_t * session);
309
static BOOL js_setup(http_session_t* session);
310
static char *find_last_slash(char *str);
311
static BOOL check_extra_path(http_session_t * session);
312

313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
static time_t
sub_mkgmt(struct tm *tm)
{
        int y, nleapdays;
        time_t t;
        /* days before the month */
        static const unsigned short moff[12] = {
                0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
        };

        /*
         * XXX: This code assumes the given time to be normalized.
         * Normalizing here is impossible in case the given time is a leap
         * second but the local time library is ignorant of leap seconds.
         */

        /* minimal sanity checking not to access outside of the array */
        if ((unsigned) tm->tm_mon >= 12)
                return (time_t) -1;
        if (tm->tm_year < 1970 - 1900)
                return (time_t) -1;

        y = tm->tm_year + 1900 - (tm->tm_mon < 2);
        nleapdays = y / 4 - y / 100 + y / 400 -
            ((1970-1) / 4 - (1970-1) / 100 + (1970-1) / 400);
        t = ((((time_t) (tm->tm_year - (1970 - 1900)) * 365 +
                        moff[tm->tm_mon] + tm->tm_mday - 1 + nleapdays) * 24 +
                tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;

        return (t < 0 ? (time_t) -1 : t);
}

time_t
time_gm(struct tm *tm)
{
        time_t t, t2;
        struct tm *tm2;
        int sec;

        /* Do the first guess. */
        if ((t = sub_mkgmt(tm)) == (time_t) -1)
                return (time_t) -1;

        /* save value in case *tm is overwritten by gmtime() */
        sec = tm->tm_sec;

        tm2 = gmtime(&t);
        if ((t2 = sub_mkgmt(tm2)) == (time_t) -1)
                return (time_t) -1;

        if (t2 < t || tm2->tm_sec != sec) {
                /*
                 * Adjust for leap seconds.
                 *
                 *     real time_t time
                 *           |
                 *          tm
                 *         /        ... (a) first sub_mkgmt() conversion
                 *       t
                 *       |
                 *      tm2
                 *     /        ... (b) second sub_mkgmt() conversion
                 *   t2
                 *                        --->time
                 */
                /*
                 * Do the second guess, assuming (a) and (b) are almost equal.
                 */
                t += t - t2;
                tm2 = gmtime(&t);

                /*
                 * Either (a) or (b), may include one or two extra
                 * leap seconds.  Try t, t + 2, t - 2, t + 1, and t - 1.
                 */
                if (tm2->tm_sec == sec
                    || (t += 2, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 4, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t += 3, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 2, tm2 = gmtime(&t), tm2->tm_sec == sec))
                        ;        /* found */
                else {
                        /*
                         * Not found.
                         */
                        if (sec >= 60)
                                /*
                                 * The given time is a leap second
                                 * (sec 60 or 61), but the time library
                                 * is ignorant of the leap second.
                                 */
                                ;        /* treat sec 60 as 59,
                                           sec 61 as 0 of the next minute */
                        else
                                /* The given time may not be normalized. */
                                t++;        /* restore t */
                }
        }

        return (t < 0 ? (time_t) -1 : t);
}
414

415
static int lprintf(int level, char *fmt, ...)
416
417
418
419
420
421
422
423
424
425
426
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
427
    return(startup->lputs(startup->cbdata,level,sbuf));
428
429
430
431
432
}

#ifdef _WINSOCKAPI_

static WSADATA WSAData;
433
#define SOCKLIB_DESC WSAData.szDescription
434
435
436
437
438
439
440
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
441
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
442
443
444
445
		WSAInitialized=TRUE;
		return (TRUE);
	}

446
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
447
448
449
450
451
452
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
453
#define SOCKLIB_DESC NULL
454
455
456
457
458
459

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
460
	    startup->status(startup->cbdata,str);
461
462
463
464
465
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
466
		startup->clients(startup->cbdata,active_clients);
467
468
469
470
471
}

static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
472
		startup->client_on(startup->cbdata,TRUE,sock,client,update);
473
474
475
476
477
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
478
		startup->client_on(startup->cbdata,FALSE,sock,NULL,FALSE);
479
480
481
482
483
484
}

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
485
		startup->thread_up(startup->cbdata,TRUE, setuid);
486
487
488
489
490
491
492
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
493
		startup->thread_up(startup->cbdata,FALSE, FALSE);
494
495
}

deuce's avatar
deuce committed
496
497
498
/*********************************************************************/
/* Adds an environment variable to the sessions  cgi_env linked list */
/*********************************************************************/
499
static void add_env(http_session_t *session, const char *name,const char *value)  {
500
	char	newname[129];
501
	char	*p;
502

503
	if(name==NULL || value==NULL)  {
504
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
505
506
507
508
509
510
511
512
513
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
514
515
516
517
518
519
520
521
	p=(char *)malloc(strlen(name)+strlen(value)+2);
	if(p==NULL) {
		lprintf(LOG_WARNING,"%04d Cannot allocate memory for string", session->socket);
		return;
	}
	sprintf(p,"%s=%s",newname,value);
	listPushNodeString(&session->req.cgi_env,p);
	free(p);
522
523
}

deuce's avatar
deuce committed
524
525
526
/***************************************/
/* Initializes default CGI envirnoment */
/***************************************/
527
528
529
530
531
532
533
static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
534
	if(!strcmp(session->host_name,session->host_ip))
535
536
537
538
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
}

539
/*
deuce's avatar
deuce committed
540
 * Sends string str to socket sock... returns number of bytes written, or 0 on an error
541
542
543
544
 * (Should it be -1 on an error?)
 * Can not close the socket since it can not set it to INVALID_SOCKET
 * ToDo - Decide error behaviour, should a SOCKET * be passed around rather than a socket?
 */
545
546
static int sockprint(SOCKET sock, const char *str)
{
547
548
549
	int len;
	int	result;
	int written=0;
550
	BOOL	wr;
551
552
553

	if(sock==INVALID_SOCKET)
		return(0);
554
	if(startup->options&WEB_OPT_DEBUG_TX)
555
		lprintf(LOG_DEBUG,"%04d TX: %s", sock, str);
556
	len=strlen(str);
557

558
	while(socket_check(sock,NULL,&wr,startup->max_inactivity*1000) && wr && written<len)  {
559
		result=sendsocket(sock,str+written,len-written);
560
561
		if(result==SOCKET_ERROR) {
			if(ERROR_VALUE==ECONNRESET) 
562
				lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",sock);
563
			else if(ERROR_VALUE==ECONNABORTED) 
564
				lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",sock);
565
			else
566
				lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
567
568
			return(0);
		}
569
570
571
		written+=result;
	}
	if(written != len) {
572
		lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
573
574
575
576
577
		return(0);
	}
	return(len);
}

deuce's avatar
deuce committed
578
579
580
581
/**********************************************************/
/* Converts a month name/abbr to the 0-based month number */
/* ToDo: This probobly exists somewhere else already	  */
/**********************************************************/
582
583
584
585
586
587
588
589
590
591
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

deuce's avatar
deuce committed
592
593
594
/*******************************************************************/
/* Converts a date string in any of the common formats to a time_t */
/*******************************************************************/
595
596
597
static time_t decode_date(char *date)
{
	struct	tm	ti;
598
599
	char	*token;
	time_t	t;
600
601
602
603
604
605
606
607
608

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

609
	token=strtok(date,",");
610
611
	if(token==NULL)
		return(0);
612
613
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
614
		/* asctime() */
615
616
		/* Toss away week day */
		token=strtok(date," ");
617
618
		if(token==NULL)
			return(0);
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
		token=strtok(NULL,"");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
643
644
645
	}
	else  {
		/* RFC 1123 or RFC 850 */
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
670
671
672
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
673

674
	t=time_gm(&ti);
675
	return(t);
676
677
678
679
680
681
682
683
684
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
685
		startup->socket_open(startup->cbdata,TRUE);
686
687
	if(sock!=INVALID_SOCKET) {
		if(set_socket_options(&scfg, sock,error))
688
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704

		sockets++;
	}
	return(sock);
}

static int close_socket(SOCKET sock)
{
	int		result;

	if(sock==INVALID_SOCKET)
		return(-1);

	shutdown(sock,SHUT_RDWR);	/* required on Unix */
	result=closesocket(sock);
	if(startup!=NULL && startup->socket_open!=NULL) {
705
		startup->socket_open(startup->cbdata,FALSE);
706
707
708
709
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
710
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",sock, ERROR_VALUE);
711
712
713
714
715
	}

	return(result);
}

deuce's avatar
deuce committed
716
717
718
719
720
721
722
723
/**************************************************/
/* End of a single request...					  */
/* This is called at the end of EVERY request	  */
/*  Log the request       						  */
/*  Free request-specific data ie: dynamic stuff  */
/*  Close socket unless it's being kept alive     */
/*   If the socket is closed, the session is done */
/**************************************************/
724
725
static void close_request(http_session_t * session)
{
726
727
	time_t		now;

728
729
730
731
	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
		pthread_mutex_lock(&log_mutex);
732
		listPushNode(&log_list,session->req.ld);
733
734
735
736
		pthread_mutex_unlock(&log_mutex);
		sem_post(&log_sem);
		session->req.ld=NULL;
	}
737

738
739
740
	listFree(&session->req.headers);
	listFree(&session->req.dynamic_heads);
	listFree(&session->req.cgi_env);
741
	FREE_AND_NULL(session->req.post_data);
742
	if(!session->req.keep_alive) {
743
		close_socket(session->socket);
744
		session->socket=INVALID_SOCKET;
745
	}
746
747
748
	if(session->socket==INVALID_SOCKET)
		session->finished=TRUE;

deuce's avatar
deuce committed
749
750
751
752
	if(session->js_cx!=NULL && (session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS)) {
		JS_GC(session->js_cx);
	}

753
	memset(&session->req,0,sizeof(session->req));
754
755
756
757
}

static int get_header_type(char *header)
{
758
	int i;
759
760
761
762
763
764
765
766
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

deuce's avatar
deuce committed
767
/* Opposite of get_header_type() */
768
769
static char *get_header(int id) 
{
770
	int i;
771
772
	if(headers[id].id==id)
		return(headers[id].text);
773
774
775
776
777
778
779
780
781

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

782
783
static const char* unknown_mime_type="application/octet-stream";

784
static const char* get_mime_type(char *ext)
785
786
787
788
{
	uint i;

	if(ext==NULL)
789
790
		return(unknown_mime_type);

791
792
793
	for(i=0;mime_types[i]!=NULL;i++)
		if(!stricmp(ext+1,mime_types[i]->name))
			return(mime_types[i]->value);
794
795

	return(unknown_mime_type);
796
797
}

798
799
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
800
	size_t dstlen,appendlen;
801
802
803
804
805
806
807
808
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

deuce's avatar
deuce committed
809
810
811
812
/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
813
static BOOL send_headers(http_session_t *session, const char *status)
814
{
815
	int		ret;
816
	BOOL	send_file=TRUE;
817
	time_t	ti;
818
	const char	*status_line;
819
	struct stat	stats;
820
	struct tm	tm;
821
	char	*headers;
822
	char	header[MAX_REQUEST_LINE+1];
deuce's avatar
deuce committed
823
	list_node_t	*node;
824

825
826
827
	lprintf(LOG_DEBUG,"%04d Request resolved to: %s"
		,session->socket,session->req.physical_path);
	if(session->http_ver <= HTTP_0_9) {
deuce's avatar
deuce committed
828
829
		if(session->req.ld != NULL)
			session->req.ld->status=atoi(status);
deuce's avatar
deuce committed
830
		return(TRUE);
831
	}
deuce's avatar
deuce committed
832

833
	status_line=status;
834
	ret=stat(session->req.physical_path,&stats);
835
	if(!ret && session->req.if_modified_since && (stats.st_mtime <= session->req.if_modified_since) && !session->req.dynamic) {
836
		status_line="304 Not Modified";
837
		ret=-1;
838
		send_file=FALSE;
839
	}
840
	if(session->req.send_location==MOVED_PERM)  {
841
		status_line="301 Moved Permanently";
842
843
844
		ret=-1;
		send_file=FALSE;
	}
845
	if(session->req.send_location==MOVED_TEMP)  {
846
		status_line="302 Moved Temporarily";
847
848
849
		ret=-1;
		send_file=FALSE;
	}
850

851
852
853
	if(session->req.ld!=NULL)
		session->req.ld->status=atoi(status_line);

854
855
	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
856
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
857
858
859
		return(FALSE);
	}
	*headers=0;
860
	/* Status-Line */
861
	safe_snprintf(header,sizeof(header),"%s %s",http_vers[session->http_ver],status_line);
862
863
864

	lprintf(LOG_DEBUG,"%04d Result: %s",session->socket,header);

865
	safecat(headers,header,MAX_HEADERS_SIZE);
866
867
868

	/* General Headers */
	ti=time(NULL);
869
870
	if(gmtime_r(&ti,&tm)==NULL)
		memset(&tm,0,sizeof(tm));
871
	safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
872
873
874
		,get_header(HEAD_DATE)
		,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
		,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
875
876
	safecat(headers,header,MAX_HEADERS_SIZE);
	if(session->req.keep_alive) {
877
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
878
879
880
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
881
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Close");
882
883
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
884
885

	/* Response Headers */
886
	safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
887
	safecat(headers,header,MAX_HEADERS_SIZE);
888
889
	
	/* Entity Headers */
890
	if(session->req.dynamic) {
891
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST");
892
893
894
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
895
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD");
896
897
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
898

899
	if(session->req.send_location) {
900
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
901
		safecat(headers,header,MAX_HEADERS_SIZE);
902
	}
903
	if(session->req.keep_alive) {
deuce's avatar
deuce committed
904
		if(ret)  {
905
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LENGTH),"0");
906
			safecat(headers,header,MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
907
		}
908
		else  {
909
			safe_snprintf(header,sizeof(header),"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
910
			safecat(headers,header,MAX_HEADERS_SIZE);
911
		}
912
	}
913

914
	if(!ret && !session->req.dynamic)  {
915
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
916
		safecat(headers,header,MAX_HEADERS_SIZE);
917
		gmtime_r(&stats.st_mtime,&tm);
918
		safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
919
			,get_header(HEAD_LASTMODIFIED)
920
921
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
922
		safecat(headers,header,MAX_HEADERS_SIZE);
923
	} 
rswindell's avatar
rswindell committed
924

925
926
	if(session->req.dynamic)  {
		/* Dynamic headers */
927
		/* Set up environment */
deuce's avatar
deuce committed
928
929
		for(node=listFirstNode(&session->req.dynamic_heads);node!=NULL;node=listNextNode(node))
			safecat(headers,listNodeData(node),MAX_HEADERS_SIZE);
930
	}
931

932
	safecat(headers,"",MAX_HEADERS_SIZE);
933
	send_file = (sockprint(session->socket,headers) && send_file);
deuce's avatar
deuce committed
934
	FREE_AND_NULL(headers);
935
	return(send_file);
936
937
}

938
static int sock_sendfile(SOCKET socket,char *path)
939
940
{
	int		file;
941
	long	offset=0;
942
	int		ret=0;
943

944
	if(startup->options&WEB_OPT_DEBUG_TX)
945
		lprintf(LOG_DEBUG,"%04d Sending %s",socket,path);
946
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
947
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",socket,errno,path);
948
	else {
949
		if((ret=sendfilesocket(socket, file, &offset, 0)) < 1) {
950
			lprintf(LOG_DEBUG,"%04d !ERROR %d sending %s"
deuce's avatar
deuce committed
951
				, socket, errno, path);
952
953
			ret=0;
		}
954
955
		close(file);
	}
956
	return(ret);
957
958
}

deuce's avatar
deuce committed
959
960
961
962
/********************************************************/
/* Sends a specified error message, closes the request, */
/* and marks the session to be closed 					*/
/********************************************************/
963
static void send_error(http_session_t * session, const char* message)
964
965
{
	char	error_code[4];
966
	struct stat	sb;
967
	char	sbuf[1024];
968

969
	session->req.if_modified_since=0;
970
	lprintf(LOG_INFO,"%04d !ERROR: %s",session->socket,message);
971
	session->req.keep_alive=FALSE;
972
	session->req.send_location=NO_LOCATION;
973
	SAFECOPY(error_code,message);
974
	sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
deuce's avatar
deuce committed
975
976
	session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
	send_headers(session,message);
977
	if(!stat(session->req.physical_path,&sb)) {
978
979
980
981
982
983
		int	snt=0;
		snt=sock_sendfile(session->socket,session->req.physical_path);
		if(snt<0)
			snt=0;
		if(session->req.ld!=NULL)
			session->req.ld->size=snt;
984
	}
985
	else {
986
		lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist"
987
			,session->socket,session->req.physical_path);
988
		safe_snprintf(sbuf,sizeof(sbuf)
989
990
991
			,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
			"<BODY><H1>%s Error</H1><BR><H3>In addition, "
			"I can't seem to find the %s error file</H3><br>"
992
993
994
			"please notify <a href=\"mailto:sysop@%s\">"
			"%s</a></BODY></HTML>"
			,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
995
		sockprint(session->socket,sbuf);
996
997
		if(session->req.ld!=NULL)
			session->req.ld->size=strlen(sbuf);
998
	}
999
1000
1001
	close_request(session);
}

1002
1003
1004
1005
void http_logon(http_session_t * session, user_t *usr)
{
	if(usr==NULL)
		getuserdat(&scfg, &session->user);
1006
1007
	else
		session->user=*usr;
1008
1009
1010

	if(session->user.number==session->last_user_num)
		return;
1011

1012
	lprintf(LOG_DEBUG,"%04d HTTP Logon (%d)",session->socket,session->user.number);
1013

1014
1015
	if(session->user.number==0)
		SAFECOPY(session->username,unknown);
deuce's avatar
deuce committed
1016
	else {
1017
		SAFECOPY(session->username,session->user.alias);
deuce's avatar
deuce committed
1018
1019
1020
1021
		/* Adjust Connect and host */
		putuserrec(&scfg,session->user.number,U_MODEM,LEN_MODEM,"HTTP");
		putuserrec(&scfg,session->user.number,U_COMP,LEN_COMP,session->host_name);
		putuserrec(&scfg,session->user.number,U_NOTE,LEN_NOTE,session->host_ip);
1022
1023
1024
1025
		FREE_AND_NULL(session->subscan);
		session->subscan=(subscan_t*)malloc(sizeof(subscan_t)*scfg.total_subs);
		if(session->subscan!=NULL)
			getmsgptrs(&scfg,session->user.number,session->subscan);
deuce's avatar
deuce committed
1026
	}
1027
1028
1029
	session->client.user=session->username;
	client_on(session->socket, &session->client, /* update existing client record? */TRUE);

1030
1031
1032
1033
1034
1035
1036
1037
	session->last_user_num=session->user.number;
	session->logon_time=time(NULL);
}

void http_logoff(http_session_t * session)
{
	if(session->last_user_num<=0)
		return;
1038

1039
	lprintf(LOG_DEBUG,"%04d HTTP Logoff (%d)",session->socket,session->user.number);
1040

1041
1042
	SAFECOPY(session->username,unknown);
	logoutuserdat(&scfg, &session->user, time(NULL), session->logon_time);
1043
1044
1045
	if(session->subscan!=NULL)
		putmsgptrs(&scfg, session->user.number, session->subscan);
	FREE_AND_NULL(session->subscan);
1046
1047
1048
1049
1050
1051
	memset(&session->user,0,sizeof(session->user));
	session->last_user_num=session->user.number;
}

BOOL http_checkuser(http_session_t * session)
{
1052
	if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {
1053
1054
		if(session->last_js_user_num==session->user.number)
			return(TRUE);
1055
1056
1057
		lprintf(LOG_INFO,"%04d JavaScript: Initializing User Objects",session->socket);
		if(session->user.number>0) {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, &session->user
1058
				,NULL /* ftp index file */, session->subscan /* subscan */)) {
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
				lprintf(LOG_ERR,"%04d !JavaScript ERROR creating user objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
		else {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, NULL
				,NULL /* ftp index file */, NULL /* subscan */)) {
				lprintf(LOG_ERR,"%04d !ERROR initializing JavaScript User Objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
1072
		session->last_js_user_num=session->user.number;
1073
1074
1075
1076
	}
	return(TRUE);
}

1077
static BOOL check_ars(http_session_t * session)
1078
1079
1080
1081
{
	char	*username;
	char	*password;
	uchar	*ar;
1082
	BOOL	authorized;
1083
	char	auth_req[MAX_REQUEST_LINE+1];
1084
1085
	int		i;
	user_t	thisuser;
1086

1087
	if(session->req.auth[0]==0) {
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
		/* No authentication information... */
		if(session->last_user_num!=0) {
			if(session->last_user_num>0)
				http_logoff(session);
			session->user.number=0;
			http_logon(session,NULL);
		}
		if(!http_checkuser(session))
			return(FALSE);
		if(session->req.ars[0]) {
			/* There *IS* an ARS string  ie: Auth is required */
			if(startup->options&WEB_OPT_DEBUG_RX)
				lprintf(LOG_NOTICE,"%04d !No authentication information",session->socket);
			return(FALSE);