websrvr.c 74 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2003 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
/*
 * General notes: (ToDo stuff)
 * strtok() is used a LOT in here... notice that there is a strtok_r() for reentrant...
 * this may imply that strtok() is NOT thread-safe... if in fact it isn't this HAS
 * to be fixed before any real production-level quality is achieved with this web server
 * however, strtok_r() may not be a standard function.
 *
 * RE: not sending the headers if an nph scrpit is detected.  (The headers buffer could
 * just be free()ed and NULLed)
 *
 * Currently, all SSJS requests for a session are ran in the same context without clearing the context in
 * any way.  This behaviour should not be relied on as it may disappear in the future... this will require
 * some thought as it COULD be handy in some circumstances and COULD cause weird bugs in others.
 *
 * Dynamic content is always resent on an If-Modified-Since request... this may not be optimal behaviour
 * for GET requests...
 *
 * Should support RFC2617 Digest auth.
 *
 * Fix up all the logging stuff.
 */

60
61
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
62
63
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
64
65
#endif

66
#ifndef JAVASCRIPT
67
#define JAVASCRIPT
68
69
#endif

70
71
72
#include "sbbs.h"
#include "sockwrap.h"		/* sendfilesocket() */
#include "websrvr.h"
deuce's avatar
deuce committed
73
#include "base64.h"
74

75
76
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
77
78
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
79
80
static const char*	error_404="404 Not Found";
static const char*	error_500="500 Internal Server Error";
81
82

extern const uchar* nular;
rswindell's avatar
rswindell committed
83
84

#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
85
86
#define MAX_MIME_TYPES			128
#define MAX_REQUEST_LINE		1024
87
88
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers */

89
90
91
92
93
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
static uint 	http_threads_running=0;
static ulong	active_clients=0;
static ulong	sockets=0;
94
static BOOL		terminate_server=FALSE;
95
96
97
98
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static ulong	mime_count=0;
static char		revision[16];
99
100
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
101
static char		cgi_dir[MAX_PATH+1];
102
static time_t	uptime=0;
103
static DWORD	served=0;
104
static web_startup_t* startup=NULL;
105
static js_server_props_t js_server_props;
106
107

typedef struct  {
108
	char	*val;
109
110
111
112
	void	*next;
} linked_list;

typedef struct  {
113
	int			method;
114
115
116
117
118
119
120
121
122
123
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL		parsed_headers;
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
	char    	auth[128];				/* UserID:Password */
	char		host[128];				/* The requested host. (virtual hosts) */
	int			send_location;
124
125
126
	const char*	mime_type;

	/* CGI parameters */
deuce's avatar
deuce committed
127
	char		query_str[MAX_REQUEST_LINE];
128
	char		extra_path_info[MAX_REQUEST_LINE];
deuce's avatar
deuce committed
129

130
	linked_list*	cgi_env;
131
	linked_list*	dynamic_heads;
132
	char		status[MAX_REQUEST_LINE+1];
133
134
	char *		post_data;
	size_t		post_len;
135
	int			dynamic;
136
137
138
139

	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;

140
141
142
} http_request_t;

typedef struct  {
143
144
	SOCKET			socket;
	SOCKADDR_IN		addr;
145
	http_request_t	req;
146
147
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
148
149
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
150
151
152
153
154
155
	user_t			user;

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
156
157
158
	JSObject*		js_query;
	JSObject*		js_header;
	JSObject*		js_request;
159
160
161
162
163
164
165
} http_session_t;

typedef struct {
	char	ext[16];
	char	type[128];
} mime_types_t;

166
static mime_types_t		mime_types[MAX_MIME_TYPES];
167
168
169
170

enum { 
	 HTTP_0_9
	,HTTP_1_0
171
	,HTTP_1_1
172
173
174
175
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
176
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
177
	,NULL	/* terminator */
178
179
180
181
182
183
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
};
184

rswindell's avatar
rswindell committed
185
186
187
static char* methods[] = {
	 "HEAD"
	,"GET"
188
	,"POST"
rswindell's avatar
rswindell committed
189
190
	,NULL	/* terminator */
};
191

192
193
194
195
196
197
198
enum { 
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

199
enum { 
200
201
202
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
203
204
	,HEAD_LENGTH
	,HEAD_TYPE
205
206
207
208
209
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
210
211
212
213
214
215
216
217
218
219
220
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
};

static struct {
	int		id;
	char*	text;
} headers[] = {
221
222
223
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
224
225
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
226
227
228
229
230
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
231
232
233
234
235
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
236
	{ -1,					NULL /* terminator */	},
237
238
};

239
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
240
241
242
enum  {
	NO_LOCATION
	,MOVED_PERM
243
	,MOVED_TEMP
244
	,MOVED_STAT
245
246
};

247
248
249
/* Max. times to follow internal redirects for a single request */
#define MAX_REDIR_LOOPS	20

250
251
252
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

253
254
static DWORD monthdays[12] = {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};

255
static void respond(http_session_t * session);
256
static BOOL js_setup(http_session_t* session);
257
static char *find_last_slash(char *str);
258

259
260
261
262
263
264
static time_t time_gm( struct tm* ti )  {
	time_t t;

	t=(ti->tm_year-70)*365;
	t+=(ti->tm_year-69)/4;
	t+=monthdays[ti->tm_mon];
265
266
	if(ti->tm_mon >= 2 
		&& ti->tm_year+1900%400 ? (ti->tm_year+1900%100 ? (ti->tm_year+1900%4 ? 0:1):0):1)
267
268
269
270
271
272
273
274
275
		++t;
	t += ti->tm_mday - 1;
	t = t * 24 + ti->tm_hour;
	t = t * 60 + ti->tm_min;
	t = t * 60 + ti->tm_sec;

	return t;
}

276
static int lprintf(int level, char *fmt, ...)
277
278
279
280
281
282
283
284
285
286
287
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
288
    return(startup->lputs(startup->cbdata,level,sbuf));
289
290
291
292
293
}

#ifdef _WINSOCKAPI_

static WSADATA WSAData;
294
#define SOCKLIB_DESC WSAData.szDescription
295
296
297
298
299
300
301
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
302
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
303
304
305
306
		WSAInitialized=TRUE;
		return (TRUE);
	}

307
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
308
309
310
311
312
313
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
314
#define SOCKLIB_DESC NULL
315
316
317
318
319
320

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
321
	    startup->status(startup->cbdata,str);
322
323
324
325
326
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
327
		startup->clients(startup->cbdata,active_clients);
328
329
}

330
#if 0	/* These will be used later ToDo */
331
332
333
334
335
336
337
338
339
340
341
static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
		startup->client_on(TRUE,sock,client,update);
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
		startup->client_on(FALSE,sock,NULL,FALSE);
}
342
#endif
343
344
345
346
347

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
348
		startup->thread_up(startup->cbdata,TRUE, setuid);
349
350
351
352
353
354
355
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
356
		startup->thread_up(startup->cbdata,FALSE, FALSE);
357
358
}

359
360
static linked_list *add_list(linked_list *list,const char *value)  {
	linked_list*	entry;
361

362
363
	entry=malloc(sizeof(linked_list));
	if(entry==NULL)  {
364
		lprintf(LOG_CRIT,"Could not allocate memory for \"%s\" in linked list.",&value);
365
		return(list);
366
	}
367
368
369
	entry->val=malloc(strlen(value)+1);
	if(entry->val==NULL)  {
		FREE_AND_NULL(entry);
370
		lprintf(LOG_CRIT,"Could not allocate memory for \"%s\" in linked list.",&value);
371
372
373
374
375
		return(list);
	}
	strcpy(entry->val,value);
	entry->next=list;
	return(entry);
376
377
378
}

static void add_env(http_session_t *session, const char *name,const char *value)  {
379
380
	char	newname[129];
	char	fullname[387];
381
382
383
	char	*p;
	
	if(name==NULL || value==NULL)  {
384
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
385
386
387
388
389
390
391
392
393
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
394
395
396

	sprintf(fullname,"%s=%s",newname,value);
	session->req.cgi_env=add_list(session->req.cgi_env,fullname);
397
398
399
400
401
402
403
404
405
406
407
408
409
410
}

static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
	if(!strcmp(session->host_name,"<no name>"))
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
}

411
412
413
414
415
416
/*
 * Sets string str to socket sock... returns number of bytes written, or 0 on an error
 * (Should it be -1 on an error?)
 * Can not close the socket since it can not set it to INVALID_SOCKET
 * ToDo - Decide error behaviour, should a SOCKET * be passed around rather than a socket?
 */
417
418
static int sockprint(SOCKET sock, const char *str)
{
419
420
421
	int len;
	int	result;
	int written=0;
422
	BOOL	wr;
423
424
425

	if(sock==INVALID_SOCKET)
		return(0);
426
	if(startup->options&WEB_OPT_DEBUG_TX)
427
		lprintf(LOG_DEBUG,"%04d TX: %s", sock, str);
428
	len=strlen(str);
429

430
	while(socket_check(sock,NULL,&wr,60000) && wr && written<len)  {
431
		result=sendsocket(sock,str+written,len-written);
432
433
		if(result==SOCKET_ERROR) {
			if(ERROR_VALUE==ECONNRESET) 
434
				lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",sock);
435
			else if(ERROR_VALUE==ECONNABORTED) 
436
				lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",sock);
437
			else
438
				lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
439
440
			return(0);
		}
441
442
443
		written+=result;
	}
	if(written != len) {
444
		lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
445
446
447
448
449
		return(0);
	}
	return(len);
}

450
451
452
453
454
455
456
457
458
459
460
461
462
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

static time_t decode_date(char *date)
{
	struct	tm	ti;
463
464
	char	*token;
	time_t	t;
465
466
467
468
469
470
471
472
473
474
475
476
477

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

#if 0	/* non-standard */
	ti.tm_zone="UTC";	/* abbreviation of timezone name */
	ti.tm_gmtoff=0;		/* offset from UTC in seconds */
#endif
478
479

	token=strtok(date,",");
480
481
	if(token==NULL)
		return(0);
482
483
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
484
		/* asctime() */
485
486
		/* Toss away week day */
		token=strtok(date," ");
487
488
		if(token==NULL)
			return(0);
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
		token=strtok(NULL,"");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
513
514
515
	}
	else  {
		/* RFC 1123 or RFC 850 */
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
540
541
542
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
543

544
	t=time_gm(&ti);
545
	return(t);
546
547
548
549
550
551
552
553
554
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
555
		startup->socket_open(startup->cbdata,TRUE);
556
557
	if(sock!=INVALID_SOCKET) {
		if(set_socket_options(&scfg, sock,error))
558
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575

		sockets++;
	}
	return(sock);
}


static int close_socket(SOCKET sock)
{
	int		result;

	if(sock==INVALID_SOCKET)
		return(-1);

	shutdown(sock,SHUT_RDWR);	/* required on Unix */
	result=closesocket(sock);
	if(startup!=NULL && startup->socket_open!=NULL) {
576
		startup->socket_open(startup->cbdata,FALSE);
577
578
579
580
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
581
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",sock, ERROR_VALUE);
582
583
584
585
586
587
588
	}

	return(result);
}

static void close_request(http_session_t * session)
{
589
590
591
592
593
594
	linked_list	*p;
	while(session->req.dynamic_heads != NULL)  {
		FREE_AND_NULL(session->req.dynamic_heads->val);
		p=session->req.dynamic_heads->next;
		FREE_AND_NULL(session->req.dynamic_heads);
		session->req.dynamic_heads=p;
595
	}
596
597
598
599
600
601
602
	while(session->req.cgi_env != NULL)  {
		FREE_AND_NULL(session->req.cgi_env->val);
		p=session->req.cgi_env->next;
		FREE_AND_NULL(session->req.cgi_env);
		session->req.cgi_env=p;
	}
	FREE_AND_NULL(session->req.post_data);
deuce's avatar
deuce committed
603
	if(!session->req.keep_alive || session->socket==INVALID_SOCKET) {
604
		close_socket(session->socket);
605
		session->socket=INVALID_SOCKET;
606
607
608
609
610
611
		session->finished=TRUE;
	}
}

static int get_header_type(char *header)
{
612
	int i;
613
614
615
616
617
618
619
620
621
622
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

static char *get_header(int id) 
{
623
	int i;
624
625
	if(headers[id].id==id)
		return(headers[id].text);
626
627
628
629
630
631
632
633
634

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

635
636
static const char* unknown_mime_type="application/octet-stream";

637
static const char* get_mime_type(char *ext)
638
639
640
641
{
	uint i;

	if(ext==NULL)
642
643
644
		return(unknown_mime_type);

	for(i=0;i<mime_count;i++)
645
		if(!stricmp(ext+1,mime_types[i].ext))
646
647
648
			return(mime_types[i].type);

	return(unknown_mime_type);
649
650
}

651
652
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
653
	size_t dstlen,appendlen;
654
655
656
657
658
659
660
661
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

662
static BOOL send_headers(http_session_t *session, const char *status)
663
{
664
	int		ret;
665
	BOOL	send_file=TRUE;
666
	time_t	ti;
667
	const char	*status_line;
668
	struct stat	stats;
669
	struct tm	tm;
670
	linked_list	*p;
671
672
	char	*headers;
	char	header[MAX_REQUEST_LINE];
673

674
	status_line=status;
675
	ret=stat(session->req.physical_path,&stats);
676
677
678
679
680
	/*
	 * ToDo this always resends dynamic content... although this makes complete sense to me,
	 * I can't help but feel that this may not be required for GET requests.
	 * Look into this and revisit this section - ToDo
	 */
681
	if(!ret && (stats.st_mtime < session->req.if_modified_since) && !session->req.dynamic) {
682
		status_line="304 Not Modified";
683
		ret=-1;
684
		send_file=FALSE;
685
	}
686
	if(session->req.send_location==MOVED_PERM)  {
687
		status_line="301 Moved Permanently";
688
689
690
		ret=-1;
		send_file=FALSE;
	}
691
	if(session->req.send_location==MOVED_TEMP)  {
692
		status_line="302 Moved Temporarily";
693
694
695
		ret=-1;
		send_file=FALSE;
	}
696
697
698

	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
699
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
700
701
702
		return(FALSE);
	}
	*headers=0;
703
	/* Status-Line */
704
705
	snprintf(header,MAX_REQUEST_LINE,"%s %s",http_vers[session->http_ver],status_line);
	safecat(headers,header,MAX_HEADERS_SIZE);
706
707
708

	/* General Headers */
	ti=time(NULL);
709
710
	if(gmtime_r(&ti,&tm)==NULL)
		memset(&tm,0,sizeof(tm));
711
	snprintf(header,MAX_REQUEST_LINE,"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
712
713
714
		,get_header(HEAD_DATE)
		,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
		,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
715
716
717
718
719
720
721
722
723
	safecat(headers,header,MAX_HEADERS_SIZE);
	if(session->req.keep_alive) {
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_CONNECTION),"Close");
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
724
725

	/* Response Headers */
726
727
	snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
	safecat(headers,header,MAX_HEADERS_SIZE);
728
729
	
	/* Entity Headers */
730
731
732
733
734
735
736
737
	if(session->req.dynamic) {
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST");
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD");
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
738

739
	if(session->req.send_location) {
740
741
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
		safecat(headers,header,MAX_HEADERS_SIZE);
742
	}
743
	if(session->req.keep_alive) {
deuce's avatar
deuce committed
744
		if(ret)  {
745
746
			snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_LENGTH),"0");
			safecat(headers,header,MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
747
		}
748
		else  {
749
750
			snprintf(header,MAX_REQUEST_LINE,"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
			safecat(headers,header,MAX_HEADERS_SIZE);
751
		}
752
	}
753

754
	if(!ret && !session->req.dynamic)  {
755
756
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
		safecat(headers,header,MAX_HEADERS_SIZE);
757
		gmtime_r(&stats.st_mtime,&tm);
758
		snprintf(header,MAX_REQUEST_LINE,"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
759
			,get_header(HEAD_LASTMODIFIED)
760
761
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
762
		safecat(headers,header,MAX_HEADERS_SIZE);
763
	} 
rswindell's avatar
rswindell committed
764

765
766
	if(session->req.dynamic)  {
		/* Dynamic headers */
767
		/* Set up environment */
768
		p=session->req.dynamic_heads;
769
		while(p != NULL)  {
770
			safecat(headers,p->val,MAX_HEADERS_SIZE);
771
			p=p->next;
772
		}
773
	}
774

775
	safecat(headers,"",MAX_HEADERS_SIZE);
776
777
	send_file = (sockprint(session->socket,headers) && send_file);
	free(headers);
778
	return(send_file);
779
780
781
782
783
}

static void sock_sendfile(SOCKET socket,char *path)
{
	int		file;
784
	long	offset=0;
785

786
	if(startup->options&WEB_OPT_DEBUG_TX)
787
		lprintf(LOG_DEBUG,"%04d Sending %s",socket,path);
788
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
789
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",socket,errno,path);
790
	else {
791
		if(sendfilesocket(socket, file, &offset, 0) < 1)
792
			lprintf(LOG_DEBUG,"%04d !ERROR %d sending %s"
deuce's avatar
deuce committed
793
				, socket, errno, path);
794
795
796
797
		close(file);
	}
}

798
static void send_error(http_session_t * session, const char* message)
799
800
{
	char	error_code[4];
801
	struct stat	sb;
802
	char	sbuf[1024];
803

804
	lprintf(LOG_INFO,"%04d !ERROR %s",session->socket,message);
805
	session->req.keep_alive=FALSE;
806
	session->req.send_location=NO_LOCATION;
807
	SAFECOPY(error_code,message);
808
	sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
809
	if(session->http_ver > HTTP_0_9)  {
810
		session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
811
		send_headers(session,message);
812
	}
813
	if(!stat(session->req.physical_path,&sb))
814
		sock_sendfile(session->socket,session->req.physical_path);
815
	else {
816
		lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist."
817
			,session->socket,session->req.physical_path);
818
		snprintf(sbuf,1024
819
820
821
			,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
			"<BODY><H1>%s Error</H1><BR><H3>In addition, "
			"I can't seem to find the %s error file</H3><br>"
822
823
824
			"please notify <a href=\"mailto:sysop@%s\">"
			"%s</a></BODY></HTML>"
			,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
825
		sockprint(session->socket,sbuf);
826
	}
827
828
829
	close_request(session);
}

830
static BOOL check_ars(http_session_t * session)
831
832
833
834
{
	char	*username;
	char	*password;
	uchar	*ar;
835
	BOOL	authorized;
836
	char	auth_req[MAX_REQUEST_LINE];
837

838
	if(session->req.auth[0]==0) {
839
		if(startup->options&WEB_OPT_DEBUG_RX)
840
			lprintf(LOG_NOTICE,"%04d !No authentication information",session->socket);
841
		return(FALSE);
842
	}
843
	SAFECOPY(auth_req,session->req.auth);
844

845
	username=strtok(auth_req,":");
846
847
	if(username==NULL)
		username="";
848
849
850
	password=strtok(NULL,":");
	/* Require a password */
	if(password==NULL)
851
		password="";
852
853
	session->user.number=matchuser(&scfg, username, FALSE);
	if(session->user.number==0) {
854
		if(scfg.sys_misc&SM_ECHO_PW)
855
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: %s, Password: %s"
856
857
				,session->socket,username,password);
		else
858
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: %s"
859
860
861
				,session->socket,username);
		return(FALSE);
	}
862
863
	getuserdat(&scfg, &session->user);
	if(session->user.pass[0] && stricmp(session->user.pass,password)) {
864
		/* Should go to the hack log? */
865
		if(scfg.sys_misc&SM_ECHO_PW)
866
			lprintf(LOG_WARNING,"%04d !PASSWORD FAILURE for user %s: '%s' expected '%s'"
867
				,session->socket,username,password,session->user.pass);
868
		else
869
			lprintf(LOG_WARNING,"%04d !PASSWORD FAILURE for user %s"
870
				,session->socket,username);
871
		session->user.number=0;
872
		return(FALSE);
873
	}
874
	ar = arstr(NULL,session->req.ars,&scfg);
875
	authorized=chk_ar(&scfg,ar,&session->user);
876
877
878
	if(ar!=NULL && ar!=nular)
		free(ar);

deuce's avatar
deuce committed
879
880
881
	if(session->req.dynamic==IS_SSJS)  {
		if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, &session->user
			,NULL /* ftp index file */, NULL /* subscan */)) 
882
			lprintf(LOG_ERR,"%04d !JavaScript ERROR creating user objects",session->socket);
deuce's avatar
deuce committed
883
884
	}

885
	if(authorized)  {
886
		if(session->req.dynamic==IS_CGI || session->req.dynamic==IS_STATIC)  {
887
888
889
890
891
			add_env(session,"AUTH_TYPE","Basic");
			/* Should use real name if set to do so somewhere ToDo */
			add_env(session,"REMOTE_USER",session->user.alias);
		}

892
		return(TRUE);
893
	}
894
895

	/* Should go to the hack log? */
896
	lprintf(LOG_WARNING,"%04d !AUTHORIZATION FAILURE for user %s, ARS: %s"
897
		,session->socket,username,session->req.ars);
898

899
900
901
	return(FALSE);
}

902
static BOOL read_mime_types(char* fname)
903
904
905
906
907
908
{
	char	str[1024];
	char *	ext;
	char *	type;
	FILE*	mime_config;

909
	if((mime_config=fopen(fname,"r"))==NULL)
910
		return(FALSE);
911

912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
	while (!feof(mime_config)&&mime_count<MAX_MIME_TYPES) {
		if(fgets(str,sizeof(str),mime_config)!=NULL) {
			truncsp(str);
			ext=strtok(str," \t");
			if(ext!=NULL) {
				while(*ext && *ext<=' ') ext++;
				if(*ext!=';') {
					type=strtok(NULL," \t");
					if(type!=NULL) {
						while(*type && *type<=' ') type++;
						if(strlen(ext)>0 && strlen(type)>0) {
							SAFECOPY((mime_types[mime_count]).ext,ext);
							SAFECOPY((mime_types[mime_count++]).type,type);
						}
					}
				}
			}
		}
	}
	fclose(mime_config);
932
	lprintf(LOG_DEBUG,"Loaded %d mime types",mime_count);
933
934
935
	return(mime_count>0);
}

936
static int sockreadline(http_session_t * session, char *buf, size_t length)
937
938
939
940
{
	char	ch;
	DWORD	i;
	BOOL	rd;
941
#if 0
942
943
944
945
	time_t	start;

	start=time(NULL);
	for(i=0;TRUE;) {
946
		if(!socket_check(session->socket,&rd,NULL,1000)) {
947
948
			session->req.keep_alive=FALSE;
			close_request(session);
949
			session->socket=INVALID_SOCKET;
950
951
952
953
			return(-1);
		}

		if(!rd) {
954
			if(time(NULL)-start>startup->max_inactivity) {
955
956
				session->req.keep_alive=FALSE;
				close_request(session);
957
				session->socket=INVALID_SOCKET;
958
959
960
961
962
				return(-1);        /* time-out */
			}
			continue;       /* no data */
		}

963
		if(recv(session->socket, &ch, 1, 0)!=1)
964
965
966
967
968
969
970
971
			break;

		if(ch=='\n')
			break;

		if(i<length)
			buf[i++]=ch;
	}
972
973
#else
	for(i=0;TRUE;) {
974
		if(!socket_check(session->socket,&rd,NULL,60000) || !rd || recv(session->socket, &ch, 1, 0)!=1)  {
975
976
977
978
979
980
981
982
983
984
985
986
987
			session->req.keep_alive=FALSE;
			close_request(session);
			session->socket=INVALID_SOCKET;
			return(-1);        /* time-out */
		}

		if(ch=='\n')
			break;

		if(i<length)
			buf[i++]=ch;
	}
#endif
988
989
990
991
992
993

	/* Terminate at length if longer */
	if(i>length)
		i=length;
		
	if(i>0 && buf[i-1]=='\r')
rswindell's avatar
rswindell committed
994
		buf[--i]=0;
995
996
997
	else
		buf[i]=0;

998
	if(startup->options&WEB_OPT_DEBUG_RX)
999
		lprintf(LOG_DEBUG,"%04d RX: %s",session->socket,buf);
rswindell's avatar
rswindell committed
1000
	return(i);
1001
1002
1003
1004
1005
1006
1007
1008
}

static int pipereadline(int pipe, char *buf, size_t length)
{
	char	ch;
	DWORD	i;
	time_t	start;

rswindell's avatar
rswindell committed
1009
	start=time(NULL);
1010
	for(i=0;TRUE;) {
rswindell's avatar
rswindell committed
1011
1012
1013
1014
		if(time(NULL)-start>startup->max_cgi_inactivity) {
			return(-1);
		}
		
1015
		if(read(pipe, &ch, 1)==1)  {
rswindell's avatar
rswindell committed
1016
1017
			start=time(NULL);
			
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
			if(ch=='\n')
				break;

			if(i<length)
				buf[i++]=ch;
		}
	}

	/* Terminate at length if longer */
	if(i>length)
		i=length;
		
	if(i>0 && buf[i-1]=='\r')
rswindell's avatar
rswindell committed
1031
		buf[--i]=0;
1032
1033
1034
	else
		buf[i]=0;

rswindell's avatar
rswindell committed
1035
	return(i);
1036
1037
}

1038
1039
1040
int recvbufsocket(int sock, char *buf, long count)
{
	int		rd=0;
rswindell's avatar
rswindell committed
1041
1042
	int		i;
	time_t	start;
1043
1044
1045
1046
1047
1048

	if(count<1) {
		errno=ERANGE;
		return(0);
	}

1049
	while(rd<count && socket_check(sock,NULL,NULL,60000))  {
1050
		i=recv(sock,buf,count-rd,0);
rswindell's avatar
rswindell committed
1051
1052
1053
1054
1055
1056
1057
		if(i<=0)  {
			*buf=0;
			return(0);
		}

		rd+=i;
		start=time(NULL);
1058
1059
1060
1061
1062
1063
1064
	}

	if(rd==count)  {
		return(rd);
	}

	*buf=0;
rswindell's avatar
rswindell committed
1065
	return(0);
1066
1067
}

1068
/* Wasn't this done up as a JS thing too?  ToDo */
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
static void unescape(char *p)
{
	char *	dst;
	char	code[3];
	
	dst=p;
	for(;*p;p++) {
		if(*p=='%' && isxdigit(*(p+1)) && isxdigit(*(p+2))) {
			sprintf(code,"%.2s",p+1);
			*(dst++)=(char)strtol(code,NULL,16);
			p+=2;
		}
		else  {
			if(*p=='+')  {
				*(dst++)=' ';
			}
			else  {
				*(dst++)=*p;
			}
		}
	}
	*(dst)=0;
}

1093
1094
static void js_parse_post(http_session_t * session)  
{
1095
1096
1097
1098
1099
	char		*p;
	char		*key;
	char		*value;
	JSString*	js_str;

1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113