websrvr.c 90.4 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2004 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/*
 * General notes: (ToDo stuff)
 * strtok() is used a LOT in here... notice that there is a strtok_r() for reentrant...
 * this may imply that strtok() is NOT thread-safe... if in fact it isn't this HAS
 * to be fixed before any real production-level quality is achieved with this web server
 * however, strtok_r() may not be a standard function.
 *
 * RE: not sending the headers if an nph scrpit is detected.  (The headers buffer could
 * just be free()ed and NULLed)
 *
 * Currently, all SSJS requests for a session are ran in the same context without clearing the context in
 * any way.  This behaviour should not be relied on as it may disappear in the future... this will require
 * some thought as it COULD be handy in some circumstances and COULD cause weird bugs in others.
 *
 * Dynamic content is always resent on an If-Modified-Since request... this may not be optimal behaviour
 * for GET requests...
 *
 * Should support RFC2617 Digest auth.
 *
 * Fix up all the logging stuff.
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 *
 * SSJS stuff could work using three different methods:
 * 1) Temporary file as happens currently
 *		Advantages:
 *			Allows to keep current connection (keep-alive works)
 *			write() doesn't need to be "special"
 *		Disadvantages:
 *			Depends on the temp dir being writable and capable of holding
 *				the full reply
 *			Everything goes throug the disk, so probobly some performance
 *				penalty is involved
 *			No way of sending directly to the remote system
 * 2) nph- style
 *		Advantages:
 *			No file I/O involved
 *			Can do magic tricks (ala my perl web wrapper)
 *		Disadvantages:
 *			Pretty much everything needs to be handled by the script.
 * 3) Return body in http_reply object
 *		All the advantages of 1)
 *		Could use a special write() to make everything just great.
 *		Still doesn't allow page to be sent until fully composed (ie: long
 *			delays)
 * 4) Type three with a callback that sends the header and current body, then
 *		converts write() to send directly to remote.
deuce's avatar
deuce committed
83
84
85
86
 *
 * Add in support to pass connections through to a different webserver...
 *      probobly in access.ars... with like a simplified mod_rewrite.
 *      This would allow people to run apache and Synchronet as the same site.
87
88
 */

deuce's avatar
deuce committed
89
/* Headers for CGI stuff */
90
91
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
92
93
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
94
95
#endif

96
#ifndef JAVASCRIPT
97
#define JAVASCRIPT
98
99
#endif

100
#undef SBBS	/* this shouldn't be defined unless building sbbs.dll/libsbbs.so */
101
102
#include "sbbs.h"
#include "sockwrap.h"		/* sendfilesocket() */
103
#include "threadwrap.h"		/* pthread_mutex_t */
104
#include "semwrap.h"
105
#include "websrvr.h"
deuce's avatar
deuce committed
106
#include "base64.h"
107

108
109
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
110
111
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
112
113
static const char*	error_404="404 Not Found";
static const char*	error_500="500 Internal Server Error";
114
static const char*	unknown="<unknown>";
115

116
/* Is this not in a header somewhere? */
117
extern const uchar* nular;
rswindell's avatar
rswindell committed
118
119

#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
deuce's avatar
deuce committed
120
121
122
#define MAX_REQUEST_LINE		1024	/* NOT including terminator */
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers 
										   (Including terminator )*/
123
#define MAX_REDIR_LOOPS			20		/* Max. times to follow internal redirects for a single request */
124

125
126
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
127
static BOOL		http_logging_thread_running=FALSE;
128
129
static ulong	active_clients=0;
static ulong	sockets=0;
130
static BOOL		terminate_server=FALSE;
131
static BOOL		terminate_http_logging_thread=FALSE;
132
133
134
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static char		revision[16];
135
136
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
137
static char		cgi_dir[MAX_PATH+1];
138
static time_t	uptime=0;
139
static DWORD	served=0;
140
static web_startup_t* startup=NULL;
141
static js_server_props_t js_server_props;
142
143
static link_list_t recycle_semfiles;
static link_list_t shutdown_semfiles;
144

145
146
static named_string_t** mime_types;

147
148
149
/* Logging stuff */
sem_t	log_sem;
pthread_mutex_t	log_mutex;
150
link_list_t	log_list;
151
152
153
154
155
156
157
158
159
160
161
162
struct log_data {
	char	*hostname;
	char	*ident;
	char	*user;
	char	*request;
	char	*referrer;
	char	*agent;
	int		status;
	unsigned int	size;
	struct tm completed;
};

163
typedef struct  {
164
	int			method;
165
166
167
168
169
170
171
172
173
174
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL		parsed_headers;
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
	char    	auth[128];				/* UserID:Password */
	char		host[128];				/* The requested host. (virtual hosts) */
	int			send_location;
175
	const char*	mime_type;
176
	link_list_t	headers;
177
	char		status[MAX_REQUEST_LINE+1];
178
179
	char *		post_data;
	size_t		post_len;
180
	int			dynamic;
181
	struct log_data	*ld;
182
	char		request_line[MAX_REQUEST_LINE+1];
183

184
185
186
187
188
189
	/* CGI parameters */
	char		query_str[MAX_REQUEST_LINE+1];
	char		extra_path_info[MAX_REQUEST_LINE+1];
	link_list_t	cgi_env;
	link_list_t	dynamic_heads;

190
191
	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;
192
	subscan_t		*subscan;
193

194
195
196
} http_request_t;

typedef struct  {
197
198
	SOCKET			socket;
	SOCKADDR_IN		addr;
199
	http_request_t	req;
200
201
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
202
203
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
204
205
206
	user_t			user;
	int				last_user_num;
	time_t			logon_time;
207
	char			username[LEN_NAME+1];
208
	int				last_js_user_num;
209
210
211
212
213

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
214
215
216
	JSObject*		js_query;
	JSObject*		js_header;
	JSObject*		js_request;
217
	js_branch_t		js_branch;
218
219
220

	/* Client info */
	client_t		client;
221
222
223
224
225
} http_session_t;

enum { 
	 HTTP_0_9
	,HTTP_1_0
226
	,HTTP_1_1
227
228
229
230
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
231
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
232
	,NULL	/* terminator */
233
234
235
236
237
238
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
};
239

rswindell's avatar
rswindell committed
240
241
242
static char* methods[] = {
	 "HEAD"
	,"GET"
243
	,"POST"
rswindell's avatar
rswindell committed
244
245
	,NULL	/* terminator */
};
246

247
enum {
248
249
250
251
252
253
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

254
enum { 
255
256
257
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
258
259
	,HEAD_LENGTH
	,HEAD_TYPE
260
261
262
263
264
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
265
266
267
268
269
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
270
271
	,HEAD_REFERER
	,HEAD_AGENT
272
273
274
275
276
277
};

static struct {
	int		id;
	char*	text;
} headers[] = {
278
279
280
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
281
282
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
283
284
285
286
287
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
288
289
290
291
292
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
293
294
	{ HEAD_REFERER,			"Referer"				},
	{ HEAD_AGENT,			"User-Agent"			},
295
	{ -1,					NULL /* terminator */	},
296
297
};

298
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
299
enum  {
300
	 NO_LOCATION
301
	,MOVED_PERM
302
	,MOVED_TEMP
303
	,MOVED_STAT
304
305
};

306
307
308
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

309
static void respond(http_session_t * session);
310
static BOOL js_setup(http_session_t* session);
311
static char *find_last_slash(char *str);
312
static BOOL check_extra_path(http_session_t * session);
313

314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
static time_t
sub_mkgmt(struct tm *tm)
{
        int y, nleapdays;
        time_t t;
        /* days before the month */
        static const unsigned short moff[12] = {
                0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
        };

        /*
         * XXX: This code assumes the given time to be normalized.
         * Normalizing here is impossible in case the given time is a leap
         * second but the local time library is ignorant of leap seconds.
         */

        /* minimal sanity checking not to access outside of the array */
        if ((unsigned) tm->tm_mon >= 12)
                return (time_t) -1;
        if (tm->tm_year < 1970 - 1900)
                return (time_t) -1;

        y = tm->tm_year + 1900 - (tm->tm_mon < 2);
        nleapdays = y / 4 - y / 100 + y / 400 -
            ((1970-1) / 4 - (1970-1) / 100 + (1970-1) / 400);
        t = ((((time_t) (tm->tm_year - (1970 - 1900)) * 365 +
                        moff[tm->tm_mon] + tm->tm_mday - 1 + nleapdays) * 24 +
                tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;

        return (t < 0 ? (time_t) -1 : t);
}

time_t
time_gm(struct tm *tm)
{
        time_t t, t2;
        struct tm *tm2;
        int sec;

        /* Do the first guess. */
        if ((t = sub_mkgmt(tm)) == (time_t) -1)
                return (time_t) -1;

        /* save value in case *tm is overwritten by gmtime() */
        sec = tm->tm_sec;

        tm2 = gmtime(&t);
        if ((t2 = sub_mkgmt(tm2)) == (time_t) -1)
                return (time_t) -1;

        if (t2 < t || tm2->tm_sec != sec) {
                /*
                 * Adjust for leap seconds.
                 *
                 *     real time_t time
                 *           |
                 *          tm
                 *         /        ... (a) first sub_mkgmt() conversion
                 *       t
                 *       |
                 *      tm2
                 *     /        ... (b) second sub_mkgmt() conversion
                 *   t2
                 *                        --->time
                 */
                /*
                 * Do the second guess, assuming (a) and (b) are almost equal.
                 */
                t += t - t2;
                tm2 = gmtime(&t);

                /*
                 * Either (a) or (b), may include one or two extra
                 * leap seconds.  Try t, t + 2, t - 2, t + 1, and t - 1.
                 */
                if (tm2->tm_sec == sec
                    || (t += 2, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 4, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t += 3, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 2, tm2 = gmtime(&t), tm2->tm_sec == sec))
                        ;        /* found */
                else {
                        /*
                         * Not found.
                         */
                        if (sec >= 60)
                                /*
                                 * The given time is a leap second
                                 * (sec 60 or 61), but the time library
                                 * is ignorant of the leap second.
                                 */
                                ;        /* treat sec 60 as 59,
                                           sec 61 as 0 of the next minute */
                        else
                                /* The given time may not be normalized. */
                                t++;        /* restore t */
                }
        }

        return (t < 0 ? (time_t) -1 : t);
}
415

416
static int lprintf(int level, char *fmt, ...)
417
418
419
420
421
422
423
424
425
426
427
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
428
    return(startup->lputs(startup->cbdata,level,sbuf));
429
430
431
432
433
}

#ifdef _WINSOCKAPI_

static WSADATA WSAData;
434
#define SOCKLIB_DESC WSAData.szDescription
435
436
437
438
439
440
441
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
442
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
443
444
445
446
		WSAInitialized=TRUE;
		return (TRUE);
	}

447
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
448
449
450
451
452
453
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
454
#define SOCKLIB_DESC NULL
455
456
457
458
459
460

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
461
	    startup->status(startup->cbdata,str);
462
463
464
465
466
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
467
		startup->clients(startup->cbdata,active_clients);
468
469
470
471
472
}

static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
473
		startup->client_on(startup->cbdata,TRUE,sock,client,update);
474
475
476
477
478
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
479
		startup->client_on(startup->cbdata,FALSE,sock,NULL,FALSE);
480
481
482
483
484
485
}

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
486
		startup->thread_up(startup->cbdata,TRUE, setuid);
487
488
489
490
491
492
493
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
494
		startup->thread_up(startup->cbdata,FALSE, FALSE);
495
496
}

deuce's avatar
deuce committed
497
498
499
/*********************************************************************/
/* Adds an environment variable to the sessions  cgi_env linked list */
/*********************************************************************/
500
static void add_env(http_session_t *session, const char *name,const char *value)  {
501
	char	newname[129];
502
	char	*p;
503

504
	if(name==NULL || value==NULL)  {
505
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
506
507
508
509
510
511
512
513
514
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
515
516
517
518
519
520
521
522
	p=(char *)malloc(strlen(name)+strlen(value)+2);
	if(p==NULL) {
		lprintf(LOG_WARNING,"%04d Cannot allocate memory for string", session->socket);
		return;
	}
	sprintf(p,"%s=%s",newname,value);
	listPushNodeString(&session->req.cgi_env,p);
	free(p);
523
524
}

deuce's avatar
deuce committed
525
526
527
/***************************************/
/* Initializes default CGI envirnoment */
/***************************************/
528
529
530
531
532
533
534
static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
535
	if(!strcmp(session->host_name,session->host_ip))
536
537
538
539
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
}

540
/*
deuce's avatar
deuce committed
541
 * Sends string str to socket sock... returns number of bytes written, or 0 on an error
542
543
544
545
 * (Should it be -1 on an error?)
 * Can not close the socket since it can not set it to INVALID_SOCKET
 * ToDo - Decide error behaviour, should a SOCKET * be passed around rather than a socket?
 */
546
547
static int sockprint(SOCKET sock, const char *str)
{
548
549
550
	int len;
	int	result;
	int written=0;
551
	BOOL	wr;
552
553
554

	if(sock==INVALID_SOCKET)
		return(0);
555
	if(startup->options&WEB_OPT_DEBUG_TX)
556
		lprintf(LOG_DEBUG,"%04d TX: %s", sock, str);
557
	len=strlen(str);
558

559
	while(socket_check(sock,NULL,&wr,startup->max_inactivity*1000) && wr && written<len)  {
560
		result=sendsocket(sock,str+written,len-written);
561
562
		if(result==SOCKET_ERROR) {
			if(ERROR_VALUE==ECONNRESET) 
563
				lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",sock);
564
			else if(ERROR_VALUE==ECONNABORTED) 
565
				lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",sock);
566
			else
567
				lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
568
569
			return(0);
		}
570
571
572
		written+=result;
	}
	if(written != len) {
573
		lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
574
575
576
577
578
		return(0);
	}
	return(len);
}

deuce's avatar
deuce committed
579
580
581
582
/**********************************************************/
/* Converts a month name/abbr to the 0-based month number */
/* ToDo: This probobly exists somewhere else already	  */
/**********************************************************/
583
584
585
586
587
588
589
590
591
592
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

deuce's avatar
deuce committed
593
594
595
/*******************************************************************/
/* Converts a date string in any of the common formats to a time_t */
/*******************************************************************/
596
597
598
static time_t decode_date(char *date)
{
	struct	tm	ti;
599
600
	char	*token;
	time_t	t;
601
602
603
604
605
606
607
608
609

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

610
	token=strtok(date,",");
611
612
	if(token==NULL)
		return(0);
613
614
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
615
		/* asctime() */
616
617
		/* Toss away week day */
		token=strtok(date," ");
618
619
		if(token==NULL)
			return(0);
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
		token=strtok(NULL,"");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
644
645
646
	}
	else  {
		/* RFC 1123 or RFC 850 */
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
671
672
673
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
674

675
	t=time_gm(&ti);
676
	return(t);
677
678
679
680
681
682
683
684
685
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
686
		startup->socket_open(startup->cbdata,TRUE);
687
688
	if(sock!=INVALID_SOCKET) {
		if(set_socket_options(&scfg, sock,error))
689
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705

		sockets++;
	}
	return(sock);
}

static int close_socket(SOCKET sock)
{
	int		result;

	if(sock==INVALID_SOCKET)
		return(-1);

	shutdown(sock,SHUT_RDWR);	/* required on Unix */
	result=closesocket(sock);
	if(startup!=NULL && startup->socket_open!=NULL) {
706
		startup->socket_open(startup->cbdata,FALSE);
707
708
709
710
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
711
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",sock, ERROR_VALUE);
712
713
714
715
716
	}

	return(result);
}

deuce's avatar
deuce committed
717
718
719
720
721
722
723
724
/**************************************************/
/* End of a single request...					  */
/* This is called at the end of EVERY request	  */
/*  Log the request       						  */
/*  Free request-specific data ie: dynamic stuff  */
/*  Close socket unless it's being kept alive     */
/*   If the socket is closed, the session is done */
/**************************************************/
725
726
static void close_request(http_session_t * session)
{
727
728
	time_t		now;

729
730
731
732
	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
		pthread_mutex_lock(&log_mutex);
733
		listPushNode(&log_list,session->req.ld);
734
735
736
737
		pthread_mutex_unlock(&log_mutex);
		sem_post(&log_sem);
		session->req.ld=NULL;
	}
738

739
740
741
	listFree(&session->req.headers);
	listFree(&session->req.dynamic_heads);
	listFree(&session->req.cgi_env);
742
	FREE_AND_NULL(session->req.post_data);
743
	if(!session->req.keep_alive) {
744
		close_socket(session->socket);
745
		session->socket=INVALID_SOCKET;
746
	}
747
748
749
	if(session->socket==INVALID_SOCKET)
		session->finished=TRUE;

deuce's avatar
deuce committed
750
751
752
	if(session->js_cx!=NULL && (session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS)) {
		JS_GC(session->js_cx);
	}
753
754
755
	if(session->req.subscan!=NULL)
		putmsgptrs(&scfg, session->user.number, session->req.subscan);
	FREE_AND_NULL(session->req.subscan);
deuce's avatar
deuce committed
756

757
	memset(&session->req,0,sizeof(session->req));
758
759
760
761
}

static int get_header_type(char *header)
{
762
	int i;
763
764
765
766
767
768
769
770
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

deuce's avatar
deuce committed
771
/* Opposite of get_header_type() */
772
773
static char *get_header(int id) 
{
774
	int i;
775
776
	if(headers[id].id==id)
		return(headers[id].text);
777
778
779
780
781
782
783
784
785

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

786
787
static const char* unknown_mime_type="application/octet-stream";

788
static const char* get_mime_type(char *ext)
789
790
791
792
{
	uint i;

	if(ext==NULL)
793
794
		return(unknown_mime_type);

795
796
797
	for(i=0;mime_types[i]!=NULL;i++)
		if(!stricmp(ext+1,mime_types[i]->name))
			return(mime_types[i]->value);
798
799

	return(unknown_mime_type);
800
801
}

802
803
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
804
	size_t dstlen,appendlen;
805
806
807
808
809
810
811
812
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

deuce's avatar
deuce committed
813
814
815
816
/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
817
static BOOL send_headers(http_session_t *session, const char *status)
818
{
819
	int		ret;
820
	BOOL	send_file=TRUE;
821
	time_t	ti;
822
	const char	*status_line;
823
	struct stat	stats;
824
	struct tm	tm;
825
	char	*headers;
826
	char	header[MAX_REQUEST_LINE+1];
deuce's avatar
deuce committed
827
	list_node_t	*node;
828

829
830
831
	lprintf(LOG_DEBUG,"%04d Request resolved to: %s"
		,session->socket,session->req.physical_path);
	if(session->http_ver <= HTTP_0_9) {
deuce's avatar
deuce committed
832
833
		if(session->req.ld != NULL)
			session->req.ld->status=atoi(status);
deuce's avatar
deuce committed
834
		return(TRUE);
835
	}
deuce's avatar
deuce committed
836

837
	status_line=status;
838
	ret=stat(session->req.physical_path,&stats);
839
	if(!ret && session->req.if_modified_since && (stats.st_mtime <= session->req.if_modified_since) && !session->req.dynamic) {
840
		status_line="304 Not Modified";
841
		ret=-1;
842
		send_file=FALSE;
843
	}
844
	if(session->req.send_location==MOVED_PERM)  {
845
		status_line="301 Moved Permanently";
846
847
848
		ret=-1;
		send_file=FALSE;
	}
849
	if(session->req.send_location==MOVED_TEMP)  {
850
		status_line="302 Moved Temporarily";
851
852
853
		ret=-1;
		send_file=FALSE;
	}
854

855
856
857
	if(session->req.ld!=NULL)
		session->req.ld->status=atoi(status_line);

858
859
	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
860
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
861
862
863
		return(FALSE);
	}
	*headers=0;
864
	/* Status-Line */
865
	safe_snprintf(header,sizeof(header),"%s %s",http_vers[session->http_ver],status_line);
866
867
868

	lprintf(LOG_DEBUG,"%04d Result: %s",session->socket,header);

869
	safecat(headers,header,MAX_HEADERS_SIZE);
870
871
872

	/* General Headers */
	ti=time(NULL);
873
874
	if(gmtime_r(&ti,&tm)==NULL)
		memset(&tm,0,sizeof(tm));
875
	safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
876
877
878
		,get_header(HEAD_DATE)
		,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
		,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
879
880
	safecat(headers,header,MAX_HEADERS_SIZE);
	if(session->req.keep_alive) {
881
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
882
883
884
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
885
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Close");
886
887
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
888
889

	/* Response Headers */
890
	safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
891
	safecat(headers,header,MAX_HEADERS_SIZE);
892
893
	
	/* Entity Headers */
894
	if(session->req.dynamic) {
895
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST");
896
897
898
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
899
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD");
900
901
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
902

903
	if(session->req.send_location) {
904
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
905
		safecat(headers,header,MAX_HEADERS_SIZE);
906
	}
907
	if(session->req.keep_alive) {
deuce's avatar
deuce committed
908
		if(ret)  {
909
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LENGTH),"0");
910
			safecat(headers,header,MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
911
		}
912
		else  {
913
			safe_snprintf(header,sizeof(header),"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
914
			safecat(headers,header,MAX_HEADERS_SIZE);
915
		}
916
	}
917

918
	if(!ret && !session->req.dynamic)  {
919
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
920
		safecat(headers,header,MAX_HEADERS_SIZE);
921
		gmtime_r(&stats.st_mtime,&tm);
922
		safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
923
			,get_header(HEAD_LASTMODIFIED)
924
925
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
926
		safecat(headers,header,MAX_HEADERS_SIZE);
927
	} 
rswindell's avatar
rswindell committed
928

929
930
	if(session->req.dynamic)  {
		/* Dynamic headers */
931
		/* Set up environment */
deuce's avatar
deuce committed
932
933
		for(node=listFirstNode(&session->req.dynamic_heads);node!=NULL;node=listNextNode(node))
			safecat(headers,listNodeData(node),MAX_HEADERS_SIZE);
934
	}
935

936
	safecat(headers,"",MAX_HEADERS_SIZE);
937
	send_file = (sockprint(session->socket,headers) && send_file);
deuce's avatar
deuce committed
938
	FREE_AND_NULL(headers);
939
	return(send_file);
940
941
}

942
static int sock_sendfile(SOCKET socket,char *path)
943
944
{
	int		file;
945
	long	offset=0;
946
	int		ret=0;
947

948
	if(startup->options&WEB_OPT_DEBUG_TX)
949
		lprintf(LOG_DEBUG,"%04d Sending %s",socket,path);
950
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
951
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",socket,errno,path);
952
	else {
953
		if((ret=sendfilesocket(socket, file, &offset, 0)) < 1) {
954
			lprintf(LOG_DEBUG,"%04d !ERROR %d sending %s"
deuce's avatar
deuce committed
955
				, socket, errno, path);
956
957
			ret=0;
		}
958
959
		close(file);
	}
960
	return(ret);
961
962
}

deuce's avatar
deuce committed
963
964
965
966
/********************************************************/
/* Sends a specified error message, closes the request, */
/* and marks the session to be closed 					*/
/********************************************************/
967
static void send_error(http_session_t * session, const char* message)
968
969
{
	char	error_code[4];
970
	struct stat	sb;
971
	char	sbuf[1024];
972

973
	session->req.if_modified_since=0;
974
	lprintf(LOG_INFO,"%04d !ERROR: %s",session->socket,message);
975
	session->req.keep_alive=FALSE;
976
	session->req.send_location=NO_LOCATION;
977
	SAFECOPY(error_code,message);
978
	sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
deuce's avatar
deuce committed
979
980
	session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
	send_headers(session,message);
981
	if(!stat(session->req.physical_path,&sb)) {
982
983
984
985
986
987
		int	snt=0;
		snt=sock_sendfile(session->socket,session->req.physical_path);
		if(snt<0)
			snt=0;
		if(session->req.ld!=NULL)
			session->req.ld->size=snt;
988
	}
989
	else {
990
		lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist"
991
			,session->socket,session->req.physical_path);
992
		safe_snprintf(sbuf,sizeof(sbuf)
993
994
995
			,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
			"<BODY><H1>%s Error</H1><BR><H3>In addition, "
			"I can't seem to find the %s error file</H3><br>"
996
997
998
			"please notify <a href=\"mailto:sysop@%s\">"
			"%s</a></BODY></HTML>"
			,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
999
		sockprint(session->socket,sbuf);
1000
1001
		if(session->req.ld!=NULL)
			session->req.ld->size=strlen(sbuf);
1002
	}
1003
1004
1005
	close_request(session);
}

1006
1007
1008
1009
void http_logon(http_session_t * session, user_t *usr)
{
	if(usr==NULL)
		getuserdat(&scfg, &session->user);
1010
1011
	else
		session->user=*usr;
1012

1013
	if(session->user.number!=0) {
1014
1015
1016
1017
		FREE_AND_NULL(session->req.subscan);
		session->req.subscan=(subscan_t*)malloc(sizeof(subscan_t)*scfg.total_subs);
		if(session->req.subscan!=NULL)
			getmsgptrs(&scfg,session->user.number,session->req.subscan);
1018
1019
	}

1020
1021
	if(session->user.number==session->last_user_num)
		return;
1022

1023
	lprintf(LOG_DEBUG,"%04d HTTP Logon (%d)",session->socket,session->user.number);
1024

1025
1026
	if(session->user.number==0)
		SAFECOPY(session->username,unknown);
deuce's avatar
deuce committed
1027
	else {
1028
		SAFECOPY(session->username,session->user.alias);
deuce's avatar
deuce committed
1029
1030
1031
1032
1033
		/* Adjust Connect and host */
		putuserrec(&scfg,session->user.number,U_MODEM,LEN_MODEM,"HTTP");
		putuserrec(&scfg,session->user.number,U_COMP,LEN_COMP,session->host_name);
		putuserrec(&scfg,session->user.number,U_NOTE,LEN_NOTE,session->host_ip);
	}
1034
1035
1036
	session->client.user=session->username;
	client_on(session->socket, &session->client, /* update existing client record? */TRUE);

1037
1038
1039
1040
1041
1042
1043
1044
	session->last_user_num=session->user.number;
	session->logon_time=time(NULL);
}

void http_logoff(http_session_t * session)
{
	if(session->last_user_num<=0)
		return;
1045

1046
	lprintf(LOG_DEBUG,"%04d HTTP Logoff (%d)",session->socket,session->user.number);
1047

1048
1049
1050
1051
1052
1053
1054
1055
	SAFECOPY(session->username,unknown);
	logoutuserdat(&scfg, &session->user, time(NULL), session->logon_time);
	memset(&session->user,0,sizeof(session->user));
	session->last_user_num=session->user.number;
}

BOOL http_checkuser(http_session_t * session)
{
1056
	if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {
1057
1058
		if(session->last_js_user_num==session->user.number)
			return(TRUE);
1059
1060
1061
		lprintf(LOG_INFO,"%04d JavaScript: Initializing User Objects",session->socket);
		if(session->user.number>0) {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, &session->user
1062
				,NULL /* ftp index file */, session->req.subscan /* subscan */)) {
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
				lprintf(LOG_ERR,"%04d !JavaScript ERROR creating user objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
		else {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, NULL
				,NULL /* ftp index file */, NULL /* subscan */)) {
				lprintf(LOG_ERR,"%04d !ERROR initializing JavaScript User Objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
1076
		session->last_js_user_num=session->user.number;
1077
1078
1079
1080
	}
	return(TRUE);
}

1081
static BOOL check_ars(http_session_t * session)
1082
1083
1084
1085
{
	char	*username;
	char	*password;
	uchar	*ar;
1086
	BOOL	authorized;
1087
	char	auth_req[MAX_REQUEST_LINE+1];
1088
1089
	int		i;
	user_t	thisuser;
1090

1091
	if(session->req.auth[0]==0