websrvr.c 91.2 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2004 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/*
 * General notes: (ToDo stuff)
 * strtok() is used a LOT in here... notice that there is a strtok_r() for reentrant...
 * this may imply that strtok() is NOT thread-safe... if in fact it isn't this HAS
 * to be fixed before any real production-level quality is achieved with this web server
 * however, strtok_r() may not be a standard function.
 *
 * RE: not sending the headers if an nph scrpit is detected.  (The headers buffer could
 * just be free()ed and NULLed)
 *
 * Currently, all SSJS requests for a session are ran in the same context without clearing the context in
 * any way.  This behaviour should not be relied on as it may disappear in the future... this will require
 * some thought as it COULD be handy in some circumstances and COULD cause weird bugs in others.
 *
 * Dynamic content is always resent on an If-Modified-Since request... this may not be optimal behaviour
 * for GET requests...
 *
 * Should support RFC2617 Digest auth.
 *
 * Fix up all the logging stuff.
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 *
 * SSJS stuff could work using three different methods:
 * 1) Temporary file as happens currently
 *		Advantages:
 *			Allows to keep current connection (keep-alive works)
 *			write() doesn't need to be "special"
 *		Disadvantages:
 *			Depends on the temp dir being writable and capable of holding
 *				the full reply
 *			Everything goes throug the disk, so probobly some performance
 *				penalty is involved
 *			No way of sending directly to the remote system
 * 2) nph- style
 *		Advantages:
 *			No file I/O involved
 *			Can do magic tricks (ala my perl web wrapper)
 *		Disadvantages:
 *			Pretty much everything needs to be handled by the script.
 * 3) Return body in http_reply object
 *		All the advantages of 1)
 *		Could use a special write() to make everything just great.
 *		Still doesn't allow page to be sent until fully composed (ie: long
 *			delays)
 * 4) Type three with a callback that sends the header and current body, then
 *		converts write() to send directly to remote.
deuce's avatar
deuce committed
83
84
85
86
 *
 * Add in support to pass connections through to a different webserver...
 *      probobly in access.ars... with like a simplified mod_rewrite.
 *      This would allow people to run apache and Synchronet as the same site.
87
88
 */

deuce's avatar
deuce committed
89
/* Headers for CGI stuff */
90
91
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
92
93
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
94
95
#endif

96
#ifndef JAVASCRIPT
97
#define JAVASCRIPT
98
99
#endif

100
#undef SBBS	/* this shouldn't be defined unless building sbbs.dll/libsbbs.so */
101
102
#include "sbbs.h"
#include "sockwrap.h"		/* sendfilesocket() */
103
#include "threadwrap.h"		/* pthread_mutex_t */
104
#include "semwrap.h"
105
#include "websrvr.h"
deuce's avatar
deuce committed
106
#include "base64.h"
107

108
109
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
110
111
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
112
113
static const char*	error_404="404 Not Found";
static const char*	error_500="500 Internal Server Error";
114
static const char*	unknown="<unknown>";
115

116
/* Is this not in a header somewhere? */
117
extern const uchar* nular;
rswindell's avatar
rswindell committed
118
119

#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
deuce's avatar
deuce committed
120
121
122
#define MAX_REQUEST_LINE		1024	/* NOT including terminator */
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers 
										   (Including terminator )*/
123
#define MAX_REDIR_LOOPS			20		/* Max. times to follow internal redirects for a single request */
124

125
126
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
127
static BOOL		http_logging_thread_running=FALSE;
128
129
static ulong	active_clients=0;
static ulong	sockets=0;
130
static BOOL		terminate_server=FALSE;
131
static BOOL		terminate_http_logging_thread=FALSE;
132
133
134
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static char		revision[16];
135
136
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
137
static char		cgi_dir[MAX_PATH+1];
138
static time_t	uptime=0;
139
static DWORD	served=0;
140
static web_startup_t* startup=NULL;
141
static js_server_props_t js_server_props;
142
143
static link_list_t recycle_semfiles;
static link_list_t shutdown_semfiles;
144

145
146
static named_string_t** mime_types;

147
148
149
/* Logging stuff */
sem_t	log_sem;
pthread_mutex_t	log_mutex;
150
link_list_t	log_list;
151
152
153
154
155
156
157
struct log_data {
	char	*hostname;
	char	*ident;
	char	*user;
	char	*request;
	char	*referrer;
	char	*agent;
158
	char	*vhost;
159
160
161
162
163
	int		status;
	unsigned int	size;
	struct tm completed;
};

164
typedef struct  {
165
	int			method;
166
167
168
169
170
171
172
173
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL		parsed_headers;
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
	char    	auth[128];				/* UserID:Password */
174
175
	char		host[128];				/* The requested host. (as used for self-referencing URLs) */
	char		vhost[128];				/* The requested host. (virtual host) */
176
	int			send_location;
177
	const char*	mime_type;
178
	link_list_t	headers;
179
	char		status[MAX_REQUEST_LINE+1];
180
181
	char *		post_data;
	size_t		post_len;
182
	int			dynamic;
183
	struct log_data	*ld;
184
	char		request_line[MAX_REQUEST_LINE+1];
185

186
187
188
189
190
191
	/* CGI parameters */
	char		query_str[MAX_REQUEST_LINE+1];
	char		extra_path_info[MAX_REQUEST_LINE+1];
	link_list_t	cgi_env;
	link_list_t	dynamic_heads;

192
193
194
	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;

195
196
197
} http_request_t;

typedef struct  {
198
199
	SOCKET			socket;
	SOCKADDR_IN		addr;
200
	http_request_t	req;
201
202
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
203
204
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
205
206
207
	user_t			user;
	int				last_user_num;
	time_t			logon_time;
208
	char			username[LEN_NAME+1];
209
	int				last_js_user_num;
210
211
212
213
214

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
215
216
217
	JSObject*		js_query;
	JSObject*		js_header;
	JSObject*		js_request;
218
	js_branch_t		js_branch;
deuce's avatar
deuce committed
219
	subscan_t		*subscan;
220
221
222

	/* Client info */
	client_t		client;
223
224
225
226
227
} http_session_t;

enum { 
	 HTTP_0_9
	,HTTP_1_0
228
	,HTTP_1_1
229
230
231
232
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
233
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
234
	,NULL	/* terminator */
235
236
237
238
239
240
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
};
241

rswindell's avatar
rswindell committed
242
243
244
static char* methods[] = {
	 "HEAD"
	,"GET"
245
	,"POST"
rswindell's avatar
rswindell committed
246
247
	,NULL	/* terminator */
};
248

249
enum {
250
251
252
253
254
255
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

256
enum { 
257
258
259
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
260
261
	,HEAD_LENGTH
	,HEAD_TYPE
262
263
264
265
266
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
267
268
269
270
271
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
272
273
	,HEAD_REFERER
	,HEAD_AGENT
274
275
276
277
278
279
};

static struct {
	int		id;
	char*	text;
} headers[] = {
280
281
282
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
283
284
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
285
286
287
288
289
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
290
291
292
293
294
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
295
296
	{ HEAD_REFERER,			"Referer"				},
	{ HEAD_AGENT,			"User-Agent"			},
297
	{ -1,					NULL /* terminator */	},
298
299
};

300
/* Everything MOVED_TEMP and everything after is a magical internal redirect */
301
enum  {
302
	 NO_LOCATION
303
	,MOVED_PERM
304
	,MOVED_TEMP
305
	,MOVED_STAT
306
307
};

308
309
310
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

311
static void respond(http_session_t * session);
312
static BOOL js_setup(http_session_t* session);
313
static char *find_last_slash(char *str);
314
static BOOL check_extra_path(http_session_t * session);
315

316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
static time_t
sub_mkgmt(struct tm *tm)
{
        int y, nleapdays;
        time_t t;
        /* days before the month */
        static const unsigned short moff[12] = {
                0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
        };

        /*
         * XXX: This code assumes the given time to be normalized.
         * Normalizing here is impossible in case the given time is a leap
         * second but the local time library is ignorant of leap seconds.
         */

        /* minimal sanity checking not to access outside of the array */
        if ((unsigned) tm->tm_mon >= 12)
                return (time_t) -1;
        if (tm->tm_year < 1970 - 1900)
                return (time_t) -1;

        y = tm->tm_year + 1900 - (tm->tm_mon < 2);
        nleapdays = y / 4 - y / 100 + y / 400 -
            ((1970-1) / 4 - (1970-1) / 100 + (1970-1) / 400);
        t = ((((time_t) (tm->tm_year - (1970 - 1900)) * 365 +
                        moff[tm->tm_mon] + tm->tm_mday - 1 + nleapdays) * 24 +
                tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;

        return (t < 0 ? (time_t) -1 : t);
}

time_t
time_gm(struct tm *tm)
{
        time_t t, t2;
        struct tm *tm2;
        int sec;

        /* Do the first guess. */
        if ((t = sub_mkgmt(tm)) == (time_t) -1)
                return (time_t) -1;

        /* save value in case *tm is overwritten by gmtime() */
        sec = tm->tm_sec;

        tm2 = gmtime(&t);
        if ((t2 = sub_mkgmt(tm2)) == (time_t) -1)
                return (time_t) -1;

        if (t2 < t || tm2->tm_sec != sec) {
                /*
                 * Adjust for leap seconds.
                 *
                 *     real time_t time
                 *           |
                 *          tm
                 *         /        ... (a) first sub_mkgmt() conversion
                 *       t
                 *       |
                 *      tm2
                 *     /        ... (b) second sub_mkgmt() conversion
                 *   t2
                 *                        --->time
                 */
                /*
                 * Do the second guess, assuming (a) and (b) are almost equal.
                 */
                t += t - t2;
                tm2 = gmtime(&t);

                /*
                 * Either (a) or (b), may include one or two extra
                 * leap seconds.  Try t, t + 2, t - 2, t + 1, and t - 1.
                 */
                if (tm2->tm_sec == sec
                    || (t += 2, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 4, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t += 3, tm2 = gmtime(&t), tm2->tm_sec == sec)
                    || (t -= 2, tm2 = gmtime(&t), tm2->tm_sec == sec))
                        ;        /* found */
                else {
                        /*
                         * Not found.
                         */
                        if (sec >= 60)
                                /*
                                 * The given time is a leap second
                                 * (sec 60 or 61), but the time library
                                 * is ignorant of the leap second.
                                 */
                                ;        /* treat sec 60 as 59,
                                           sec 61 as 0 of the next minute */
                        else
                                /* The given time may not be normalized. */
                                t++;        /* restore t */
                }
        }

        return (t < 0 ? (time_t) -1 : t);
}
417

418
static int lprintf(int level, char *fmt, ...)
419
420
421
422
423
424
425
426
427
428
429
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
430
    return(startup->lputs(startup->cbdata,level,sbuf));
431
432
433
434
435
}

#ifdef _WINSOCKAPI_

static WSADATA WSAData;
436
#define SOCKLIB_DESC WSAData.szDescription
437
438
439
440
441
442
443
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
444
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
445
446
447
448
		WSAInitialized=TRUE;
		return (TRUE);
	}

449
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
450
451
452
453
454
455
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)
456
#define SOCKLIB_DESC NULL
457
458
459
460
461
462

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
463
	    startup->status(startup->cbdata,str);
464
465
466
467
468
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
469
		startup->clients(startup->cbdata,active_clients);
470
471
472
473
474
}

static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
475
		startup->client_on(startup->cbdata,TRUE,sock,client,update);
476
477
478
479
480
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
481
		startup->client_on(startup->cbdata,FALSE,sock,NULL,FALSE);
482
483
484
485
486
487
}

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
488
		startup->thread_up(startup->cbdata,TRUE, setuid);
489
490
491
492
493
494
495
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
496
		startup->thread_up(startup->cbdata,FALSE, FALSE);
497
498
}

deuce's avatar
deuce committed
499
500
501
/*********************************************************************/
/* Adds an environment variable to the sessions  cgi_env linked list */
/*********************************************************************/
502
static void add_env(http_session_t *session, const char *name,const char *value)  {
503
	char	newname[129];
504
	char	*p;
505

506
	if(name==NULL || value==NULL)  {
507
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
508
509
510
511
512
513
514
515
516
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
517
518
519
520
521
522
523
524
	p=(char *)malloc(strlen(name)+strlen(value)+2);
	if(p==NULL) {
		lprintf(LOG_WARNING,"%04d Cannot allocate memory for string", session->socket);
		return;
	}
	sprintf(p,"%s=%s",newname,value);
	listPushNodeString(&session->req.cgi_env,p);
	free(p);
525
526
}

deuce's avatar
deuce committed
527
528
529
/***************************************/
/* Initializes default CGI envirnoment */
/***************************************/
530
531
532
533
534
535
536
static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
537
	if(!strcmp(session->host_name,session->host_ip))
538
539
540
541
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
}

542
/*
deuce's avatar
deuce committed
543
 * Sends string str to socket sock... returns number of bytes written, or 0 on an error
544
545
546
547
 * (Should it be -1 on an error?)
 * Can not close the socket since it can not set it to INVALID_SOCKET
 * ToDo - Decide error behaviour, should a SOCKET * be passed around rather than a socket?
 */
548
549
static int sockprint(SOCKET sock, const char *str)
{
550
551
552
	int len;
	int	result;
	int written=0;
553
	BOOL	wr;
554
555
556

	if(sock==INVALID_SOCKET)
		return(0);
557
	if(startup->options&WEB_OPT_DEBUG_TX)
558
		lprintf(LOG_DEBUG,"%04d TX: %s", sock, str);
559
	len=strlen(str);
560

561
	while(socket_check(sock,NULL,&wr,startup->max_inactivity*1000) && wr && written<len)  {
562
		result=sendsocket(sock,str+written,len-written);
563
564
		if(result==SOCKET_ERROR) {
			if(ERROR_VALUE==ECONNRESET) 
565
				lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",sock);
566
			else if(ERROR_VALUE==ECONNABORTED) 
567
				lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",sock);
568
			else
569
				lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
570
571
			return(0);
		}
572
573
574
		written+=result;
	}
	if(written != len) {
575
		lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
576
577
578
579
580
		return(0);
	}
	return(len);
}

deuce's avatar
deuce committed
581
582
583
584
/**********************************************************/
/* Converts a month name/abbr to the 0-based month number */
/* ToDo: This probobly exists somewhere else already	  */
/**********************************************************/
585
586
587
588
589
590
591
592
593
594
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

deuce's avatar
deuce committed
595
596
597
/*******************************************************************/
/* Converts a date string in any of the common formats to a time_t */
/*******************************************************************/
598
599
600
static time_t decode_date(char *date)
{
	struct	tm	ti;
601
602
	char	*token;
	time_t	t;
603
604
605
606
607
608
609
610
611

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

612
	token=strtok(date,",");
613
614
	if(token==NULL)
		return(0);
615
616
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
617
		/* asctime() */
618
619
		/* Toss away week day */
		token=strtok(date," ");
620
621
		if(token==NULL)
			return(0);
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
		token=strtok(NULL,"");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
646
647
648
	}
	else  {
		/* RFC 1123 or RFC 850 */
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
673
674
675
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
676

677
	t=time_gm(&ti);
678
	return(t);
679
680
681
682
683
684
685
686
687
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
688
		startup->socket_open(startup->cbdata,TRUE);
689
690
	if(sock!=INVALID_SOCKET) {
		if(set_socket_options(&scfg, sock,error))
691
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707

		sockets++;
	}
	return(sock);
}

static int close_socket(SOCKET sock)
{
	int		result;

	if(sock==INVALID_SOCKET)
		return(-1);

	shutdown(sock,SHUT_RDWR);	/* required on Unix */
	result=closesocket(sock);
	if(startup!=NULL && startup->socket_open!=NULL) {
708
		startup->socket_open(startup->cbdata,FALSE);
709
710
711
712
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
713
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",sock, ERROR_VALUE);
714
715
716
717
718
	}

	return(result);
}

deuce's avatar
deuce committed
719
720
721
722
723
724
725
726
/**************************************************/
/* End of a single request...					  */
/* This is called at the end of EVERY request	  */
/*  Log the request       						  */
/*  Free request-specific data ie: dynamic stuff  */
/*  Close socket unless it's being kept alive     */
/*   If the socket is closed, the session is done */
/**************************************************/
727
728
static void close_request(http_session_t * session)
{
729
730
	time_t		now;

731
732
733
734
	if(session->req.ld!=NULL) {
		now=time(NULL);
		localtime_r(&now,&session->req.ld->completed);
		pthread_mutex_lock(&log_mutex);
735
		listPushNode(&log_list,session->req.ld);
736
737
738
739
		pthread_mutex_unlock(&log_mutex);
		sem_post(&log_sem);
		session->req.ld=NULL;
	}
740

741
742
743
	listFree(&session->req.headers);
	listFree(&session->req.dynamic_heads);
	listFree(&session->req.cgi_env);
744
	FREE_AND_NULL(session->req.post_data);
745
	if(!session->req.keep_alive) {
746
		close_socket(session->socket);
747
		session->socket=INVALID_SOCKET;
748
	}
749
750
751
	if(session->socket==INVALID_SOCKET)
		session->finished=TRUE;

deuce's avatar
deuce committed
752
753
754
	if(session->js_cx!=NULL && (session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS)) {
		JS_GC(session->js_cx);
	}
deuce's avatar
deuce committed
755
756
	if(session->subscan!=NULL)
		putmsgptrs(&scfg, session->user.number, session->subscan);
deuce's avatar
deuce committed
757

758
	memset(&session->req,0,sizeof(session->req));
759
760
761
762
}

static int get_header_type(char *header)
{
763
	int i;
764
765
766
767
768
769
770
771
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

deuce's avatar
deuce committed
772
/* Opposite of get_header_type() */
773
774
static char *get_header(int id) 
{
775
	int i;
776
777
	if(headers[id].id==id)
		return(headers[id].text);
778
779
780
781
782
783
784
785
786

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

787
788
static const char* unknown_mime_type="application/octet-stream";

789
static const char* get_mime_type(char *ext)
790
791
792
793
{
	uint i;

	if(ext==NULL)
794
795
		return(unknown_mime_type);

796
797
798
	for(i=0;mime_types[i]!=NULL;i++)
		if(!stricmp(ext+1,mime_types[i]->name))
			return(mime_types[i]->value);
799
800

	return(unknown_mime_type);
801
802
}

803
804
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
805
	size_t dstlen,appendlen;
806
807
808
809
810
811
812
813
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

deuce's avatar
deuce committed
814
815
816
817
/*************************************************/
/* Sends headers for the reply.					 */
/* HTTP/0.9 doesn't use headers, so just returns */
/*************************************************/
818
static BOOL send_headers(http_session_t *session, const char *status)
819
{
820
	int		ret;
821
	BOOL	send_file=TRUE;
822
	time_t	ti;
823
	const char	*status_line;
824
	struct stat	stats;
825
	struct tm	tm;
826
	char	*headers;
827
	char	header[MAX_REQUEST_LINE+1];
deuce's avatar
deuce committed
828
	list_node_t	*node;
829

830
831
832
	lprintf(LOG_DEBUG,"%04d Request resolved to: %s"
		,session->socket,session->req.physical_path);
	if(session->http_ver <= HTTP_0_9) {
deuce's avatar
deuce committed
833
834
		if(session->req.ld != NULL)
			session->req.ld->status=atoi(status);
deuce's avatar
deuce committed
835
		return(TRUE);
836
	}
deuce's avatar
deuce committed
837

838
	status_line=status;
839
	ret=stat(session->req.physical_path,&stats);
840
	if(!ret && session->req.if_modified_since && (stats.st_mtime <= session->req.if_modified_since) && !session->req.dynamic) {
841
		status_line="304 Not Modified";
842
		ret=-1;
843
		send_file=FALSE;
844
	}
845
	if(session->req.send_location==MOVED_PERM)  {
846
		status_line="301 Moved Permanently";
847
848
849
		ret=-1;
		send_file=FALSE;
	}
850
	if(session->req.send_location==MOVED_TEMP)  {
851
		status_line="302 Moved Temporarily";
852
853
854
		ret=-1;
		send_file=FALSE;
	}
855

856
857
858
	if(session->req.ld!=NULL)
		session->req.ld->status=atoi(status_line);

859
860
	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
861
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
862
863
864
		return(FALSE);
	}
	*headers=0;
865
	/* Status-Line */
866
	safe_snprintf(header,sizeof(header),"%s %s",http_vers[session->http_ver],status_line);
867
868
869

	lprintf(LOG_DEBUG,"%04d Result: %s",session->socket,header);

870
	safecat(headers,header,MAX_HEADERS_SIZE);
871
872
873

	/* General Headers */
	ti=time(NULL);
874
875
	if(gmtime_r(&ti,&tm)==NULL)
		memset(&tm,0,sizeof(tm));
876
	safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
877
878
879
		,get_header(HEAD_DATE)
		,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
		,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
880
881
	safecat(headers,header,MAX_HEADERS_SIZE);
	if(session->req.keep_alive) {
882
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
883
884
885
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
886
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_CONNECTION),"Close");
887
888
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
889
890

	/* Response Headers */
891
	safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
892
	safecat(headers,header,MAX_HEADERS_SIZE);
893
894
	
	/* Entity Headers */
895
	if(session->req.dynamic) {
896
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST");
897
898
899
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
900
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD");
901
902
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
903

904
	if(session->req.send_location) {
905
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
906
		safecat(headers,header,MAX_HEADERS_SIZE);
907
	}
908
	if(session->req.keep_alive) {
deuce's avatar
deuce committed
909
		if(ret)  {
910
			safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_LENGTH),"0");
911
			safecat(headers,header,MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
912
		}
913
		else  {
914
			safe_snprintf(header,sizeof(header),"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
915
			safecat(headers,header,MAX_HEADERS_SIZE);
916
		}
917
	}
918

919
	if(!ret && !session->req.dynamic)  {
920
		safe_snprintf(header,sizeof(header),"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
921
		safecat(headers,header,MAX_HEADERS_SIZE);
922
		gmtime_r(&stats.st_mtime,&tm);
923
		safe_snprintf(header,sizeof(header),"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
924
			,get_header(HEAD_LASTMODIFIED)
925
926
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
927
		safecat(headers,header,MAX_HEADERS_SIZE);
928
	} 
rswindell's avatar
rswindell committed
929

930
931
	if(session->req.dynamic)  {
		/* Dynamic headers */
932
		/* Set up environment */
deuce's avatar
deuce committed
933
934
		for(node=listFirstNode(&session->req.dynamic_heads);node!=NULL;node=listNextNode(node))
			safecat(headers,listNodeData(node),MAX_HEADERS_SIZE);
935
	}
936

937
	safecat(headers,"",MAX_HEADERS_SIZE);
938
	send_file = (sockprint(session->socket,headers) && send_file);
deuce's avatar
deuce committed
939
	FREE_AND_NULL(headers);
940
	return(send_file);
941
942
}

943
static int sock_sendfile(SOCKET socket,char *path)
944
945
{
	int		file;
946
	long	offset=0;
947
	int		ret=0;
948

949
	if(startup->options&WEB_OPT_DEBUG_TX)
950
		lprintf(LOG_DEBUG,"%04d Sending %s",socket,path);
951
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
952
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",socket,errno,path);
953
	else {
954
		if((ret=sendfilesocket(socket, file, &offset, 0)) < 1) {
955
			lprintf(LOG_DEBUG,"%04d !ERROR %d sending %s"
deuce's avatar
deuce committed
956
				, socket, errno, path);
957
958
			ret=0;
		}
959
960
		close(file);
	}
961
	return(ret);
962
963
}

deuce's avatar
deuce committed
964
965
966
967
/********************************************************/
/* Sends a specified error message, closes the request, */
/* and marks the session to be closed 					*/
/********************************************************/
968
static void send_error(http_session_t * session, const char* message)
969
970
{
	char	error_code[4];
971
	struct stat	sb;
972
	char	sbuf[1024];
973

974
	session->req.if_modified_since=0;
975
	lprintf(LOG_INFO,"%04d !ERROR: %s",session->socket,message);
976
	session->req.keep_alive=FALSE;
977
	session->req.send_location=NO_LOCATION;
978
	SAFECOPY(error_code,message);
979
	sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
deuce's avatar
deuce committed
980
981
	session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
	send_headers(session,message);
982
	if(!stat(session->req.physical_path,&sb)) {
983
984
985
986
987
988
		int	snt=0;
		snt=sock_sendfile(session->socket,session->req.physical_path);
		if(snt<0)
			snt=0;
		if(session->req.ld!=NULL)
			session->req.ld->size=snt;
989
	}
990
	else {
991
		lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist"
992
			,session->socket,session->req.physical_path);
993
		safe_snprintf(sbuf,sizeof(sbuf)
994
995
996
			,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
			"<BODY><H1>%s Error</H1><BR><H3>In addition, "
			"I can't seem to find the %s error file</H3><br>"
997
998
999
			"please notify <a href=\"mailto:sysop@%s\">"
			"%s</a></BODY></HTML>"
			,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
1000
		sockprint(session->socket,sbuf);
1001
1002
		if(session->req.ld!=NULL)
			session->req.ld->size=strlen(sbuf);
1003
	}
1004
1005
1006
	close_request(session);
}

1007
1008
1009
1010
void http_logon(http_session_t * session, user_t *usr)
{
	if(usr==NULL)
		getuserdat(&scfg, &session->user);
1011
1012
	else
		session->user=*usr;
1013
1014
1015

	if(session->user.number==session->last_user_num)
		return;
1016

1017
	lprintf(LOG_DEBUG,"%04d HTTP Logon (%d)",session->socket,session->user.number);
1018

1019
1020
1021
1022
	if(session->subscan!=NULL)
		getmsgptrs(&scfg,session->user.number,session->subscan);

	if(session->user.number==0)
1023
		SAFECOPY(session->username,unknown);
deuce's avatar
deuce committed
1024
	else {
1025
		SAFECOPY(session->username,session->user.alias);
deuce's avatar
deuce committed
1026
1027
1028
1029
1030
		/* Adjust Connect and host */
		putuserrec(&scfg,session->user.number,U_MODEM,LEN_MODEM,"HTTP");
		putuserrec(&scfg,session->user.number,U_COMP,LEN_COMP,session->host_name);
		putuserrec(&scfg,session->user.number,U_NOTE,LEN_NOTE,session->host_ip);
	}
1031
1032
1033
	session->client.user=session->username;
	client_on(session->socket, &session->client, /* update existing client record? */TRUE);

1034
1035
1036
1037
1038
1039
1040
1041
	session->last_user_num=session->user.number;
	session->logon_time=time(NULL);
}

void http_logoff(http_session_t * session)
{
	if(session->last_user_num<=0)
		return;
1042

1043
	lprintf(LOG_DEBUG,"%04d HTTP Logoff (%d)",session->socket,session->user.number);
1044

1045
1046
1047
1048
1049
1050
1051
1052
	SAFECOPY(session->username,unknown);
	logoutuserdat(&scfg, &session->user, time(NULL), session->logon_time);
	memset(&session->user,0,sizeof(session->user));
	session->last_user_num=session->user.number;
}

BOOL http_checkuser(http_session_t * session)
{
1053
	if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {
1054
1055
		if(session->last_js_user_num==session->user.number)
			return(TRUE);
1056
1057
1058
		lprintf(LOG_INFO,"%04d JavaScript: Initializing User Objects",session->socket);
		if(session->user.number>0) {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, &session->user
deuce's avatar
deuce committed
1059
				,NULL /* ftp index file */, session->subscan /* subscan */)) {
1060
1061
1062
1063
1064
1065
1066
				lprintf(LOG_ERR,"%04d !JavaScript ERROR creating user objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
		else {
			if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, NULL
deuce's avatar
deuce committed
1067
				,NULL /* ftp index file */, session->subscan /* subscan */)) {
1068
1069
1070
1071
1072
				lprintf(LOG_ERR,"%04d !ERROR initializing JavaScript User Objects",session->socket);
				send_error(session,"500 Error initializing JavaScript User Objects");
				return(FALSE);
			}
		}
1073
		session->last_js_user_num=session->user.number;
1074
1075
1076
1077
	}
	return(TRUE);
}

1078
static BOOL check_ars(http_session_t * session)
1079
1080
1081
1082
{
	char	*username;
	char	*password;
	uchar	*ar;
1083
	BOOL	authorized;
1084
	char	auth_req[MAX_REQUEST_LINE+1];
1085
1086
	int		i;
	user_t	thisuser;
1087