websrvr.c 72.1 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
/* websrvr.c */

/* Synchronet Web Server */

/* $Id$ */

/****************************************************************************
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
11
 * Copyright 2003 Rob Swindell - http://www.synchro.net/copyright.html		*
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
 * as published by the Free Software Foundation; either version 2			*
 * of the License, or (at your option) any later version.					*
 * See the GNU General Public License for more details: gpl.txt or			*
 * http://www.fsf.org/copyleft/gpl.html										*
 *																			*
 * Anonymous FTP access to the most recent released source is available at	*
 * ftp://vert.synchro.net, ftp://cvs.synchro.net and ftp://ftp.synchro.net	*
 *																			*
 * Anonymous CVS access to the development source and modification history	*
 * is available at cvs.synchro.net:/cvsroot/sbbs, example:					*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs login			*
 *     (just hit return, no password is necessary)							*
 * cvs -d :pserver:anonymous@cvs.synchro.net:/cvsroot/sbbs checkout src		*
 *																			*
 * For Synchronet coding style and modification guidelines, see				*
 * http://www.synchro.net/source.html										*
 *																			*
 * You are encouraged to submit any modifications (preferably in Unix diff	*
 * format) via e-mail to mods@synchro.net									*
 *																			*
 * Note: If this box doesn't appear square, then you need to fix your tabs.	*
 ****************************************************************************/

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
/*
 * General notes: (ToDo stuff)
 * strtok() is used a LOT in here... notice that there is a strtok_r() for reentrant...
 * this may imply that strtok() is NOT thread-safe... if in fact it isn't this HAS
 * to be fixed before any real production-level quality is achieved with this web server
 * however, strtok_r() may not be a standard function.
 *
 * RE: not sending the headers if an nph scrpit is detected.  (The headers buffer could
 * just be free()ed and NULLed)
 *
 * Currently, all SSJS requests for a session are ran in the same context without clearing the context in
 * any way.  This behaviour should not be relied on as it may disappear in the future... this will require
 * some thought as it COULD be handy in some circumstances and COULD cause weird bugs in others.
 *
 * Dynamic content is always resent on an If-Modified-Since request... this may not be optimal behaviour
 * for GET requests...
 *
 * Should support RFC2617 Digest auth.
 *
 * Fix up all the logging stuff.
 */

60
61
#if defined(__unix__)
	#include <sys/wait.h>		/* waitpid() */
rswindell's avatar
rswindell committed
62
63
	#include <sys/types.h>
	#include <signal.h>			/* kill() */
64
65
#endif

66
#ifndef JAVASCRIPT
67
#define JAVASCRIPT
68
69
#endif

70
71
72
#include "sbbs.h"
#include "sockwrap.h"		/* sendfilesocket() */
#include "websrvr.h"
deuce's avatar
deuce committed
73
#include "base64.h"
74

75
76
static const char*	server_name="Synchronet Web Server";
static const char*	newline="\r\n";
77
78
static const char*	http_scheme="http://";
static const size_t	http_scheme_len=7;
79
80
static const char*	error_404="404 Not Found";
static const char*	error_500="500 Internal Server Error";
81
82

extern const uchar* nular;
rswindell's avatar
rswindell committed
83
84

#define TIMEOUT_THREAD_WAIT		60		/* Seconds */
85
86
#define MAX_MIME_TYPES			128
#define MAX_REQUEST_LINE		1024
87
88
#define MAX_HEADERS_SIZE		16384	/* Maximum total size of all headers */

89
90
91
92
93
94
95
96
97
98
static scfg_t	scfg;
static BOOL		scfg_reloaded=TRUE;
static uint 	http_threads_running=0;
static ulong	active_clients=0;
static ulong	sockets=0;
static BOOL		recycle_server=FALSE;
static uint		thread_count=0;
static SOCKET	server_socket=INVALID_SOCKET;
static ulong	mime_count=0;
static char		revision[16];
99
100
static char		root_dir[MAX_PATH+1];
static char		error_dir[MAX_PATH+1];
101
static char		cgi_dir[MAX_PATH+1];
102
static time_t	uptime=0;
103
static DWORD	served=0;
104
static web_startup_t* startup=NULL;
105
static js_server_props_t js_server_props;
106
107

typedef struct  {
108
	char	*val;
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
	void	*next;
} linked_list;

typedef struct  {
	BOOL		method;
	char		virtual_path[MAX_PATH+1];
	char		physical_path[MAX_PATH+1];
	BOOL		parsed_headers;
	BOOL    	expect_go_ahead;
	time_t		if_modified_since;
	BOOL		keep_alive;
	char		ars[256];
	char    	auth[128];				/* UserID:Password */
	char		host[128];				/* The requested host. (virtual hosts) */
	int			send_location;
124
125
126
	const char*	mime_type;

	/* CGI parameters */
deuce's avatar
deuce committed
127
	char		query_str[MAX_REQUEST_LINE];
128
	char		extra_path_info[MAX_REQUEST_LINE];
deuce's avatar
deuce committed
129

130
	linked_list*	cgi_env;
131
	linked_list*	dynamic_heads;
132
	char		status[MAX_REQUEST_LINE+1];
133
134
	char *		post_data;
	size_t		post_len;
135
	int			dynamic;
136
137
138
139

	/* Dynamically (sever-side JS) generated HTML parameters */
	FILE*	fp;

140
141
142
} http_request_t;

typedef struct  {
143
144
	SOCKET			socket;
	SOCKADDR_IN		addr;
145
	http_request_t	req;
146
147
	char			host_ip[64];
	char			host_name[128];	/* Resolved remote host */
148
149
	int				http_ver;       /* HTTP version.  0 = HTTP/0.9, 1=HTTP/1.0, 2=HTTP/1.1 */
	BOOL			finished;		/* Do not accept any more imput from client */
150
151
152
153
154
155
	user_t			user;

	/* JavaScript parameters */
	JSRuntime*		js_runtime;
	JSContext*		js_cx;
	JSObject*		js_glob;
156
157
158
	JSObject*		js_query;
	JSObject*		js_header;
	JSObject*		js_request;
159
160
161
162
163
164
165
} http_session_t;

typedef struct {
	char	ext[16];
	char	type[128];
} mime_types_t;

166
static mime_types_t		mime_types[MAX_MIME_TYPES];
167
168
169
170

enum { 
	 HTTP_0_9
	,HTTP_1_0
171
	,HTTP_1_1
172
173
174
175
};
static char* http_vers[] = {
	 ""
	,"HTTP/1.0"
176
	,"HTTP/1.1"
rswindell's avatar
rswindell committed
177
	,NULL	/* terminator */
178
179
180
181
182
183
};

enum { 
	 HTTP_HEAD
	,HTTP_GET
};
184

rswindell's avatar
rswindell committed
185
186
187
static char* methods[] = {
	 "HEAD"
	,"GET"
188
	,"POST"
rswindell's avatar
rswindell committed
189
190
	,NULL	/* terminator */
};
191

192
193
194
195
196
197
198
enum { 
	 IS_STATIC
	,IS_CGI
	,IS_JS
	,IS_SSJS
};

199
enum { 
200
201
202
	 HEAD_DATE
	,HEAD_HOST
	,HEAD_IFMODIFIED
203
204
	,HEAD_LENGTH
	,HEAD_TYPE
205
206
207
208
209
	,HEAD_AUTH
	,HEAD_CONNECTION
	,HEAD_WWWAUTH
	,HEAD_STATUS
	,HEAD_ALLOW
210
211
212
213
214
215
216
217
218
219
220
	,HEAD_EXPIRES
	,HEAD_LASTMODIFIED
	,HEAD_LOCATION
	,HEAD_PRAGMA
	,HEAD_SERVER
};

static struct {
	int		id;
	char*	text;
} headers[] = {
221
222
223
	{ HEAD_DATE,			"Date"					},
	{ HEAD_HOST,			"Host"					},
	{ HEAD_IFMODIFIED,		"If-Modified-Since"		},
224
225
	{ HEAD_LENGTH,			"Content-Length"		},
	{ HEAD_TYPE,			"Content-Type"			},
226
227
228
229
230
	{ HEAD_AUTH,			"Authorization"			},
	{ HEAD_CONNECTION,		"Connection"			},
	{ HEAD_WWWAUTH,			"WWW-Authenticate"		},
	{ HEAD_STATUS,			"Status"				},
	{ HEAD_ALLOW,			"Allow"					},
231
232
233
234
235
	{ HEAD_EXPIRES,			"Expires"				},
	{ HEAD_LASTMODIFIED,	"Last-Modified"			},
	{ HEAD_LOCATION,		"Location"				},
	{ HEAD_PRAGMA,			"Pragma"				},
	{ HEAD_SERVER,			"Server"				},
236
	{ -1,					NULL /* terminator */	},
237
238
};

239
240
241
242
enum  {
	NO_LOCATION
	,MOVED_TEMP
	,MOVED_PERM
243
	,MOVED_STAT
244
245
};

246
247
248
static char	*days[]={"Sun","Mon","Tue","Wed","Thu","Fri","Sat"};
static char	*months[]={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

249
250
static DWORD monthdays[12] = {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};

251
static void respond(http_session_t * session);
252
static BOOL js_setup(http_session_t* session);
253
static char *find_last_slash(char *str);
254

255
256
257
258
259
260
static time_t time_gm( struct tm* ti )  {
	time_t t;

	t=(ti->tm_year-70)*365;
	t+=(ti->tm_year-69)/4;
	t+=monthdays[ti->tm_mon];
261
262
	if(ti->tm_mon >= 2 
		&& ti->tm_year+1900%400 ? (ti->tm_year+1900%100 ? (ti->tm_year+1900%4 ? 0:1):0):1)
263
264
265
266
267
268
269
270
271
		++t;
	t += ti->tm_mday - 1;
	t = t * 24 + ti->tm_hour;
	t = t * 60 + ti->tm_min;
	t = t * 60 + ti->tm_sec;

	return t;
}

272
static int lprintf(int level, char *fmt, ...)
273
274
275
276
277
278
279
280
281
282
283
{
	va_list argptr;
	char sbuf[1024];

    if(startup==NULL || startup->lputs==NULL)
        return(0);

	va_start(argptr,fmt);
    vsnprintf(sbuf,sizeof(sbuf),fmt,argptr);
	sbuf[sizeof(sbuf)-1]=0;
    va_end(argptr);
284
    return(startup->lputs(startup->cbdata,level,sbuf));
285
286
287
288
289
290
291
292
293
294
295
296
}

#ifdef _WINSOCKAPI_

static WSADATA WSAData;
static BOOL WSAInitialized=FALSE;

static BOOL winsock_startup(void)
{
	int		status;             /* Status Code */

    if((status = WSAStartup(MAKEWORD(1,1), &WSAData))==0) {
297
		lprintf(LOG_INFO,"%s %s",WSAData.szDescription, WSAData.szSystemStatus);
298
299
300
301
		WSAInitialized=TRUE;
		return (TRUE);
	}

302
    lprintf(LOG_ERR,"!WinSock startup ERROR %d", status);
303
304
305
306
307
308
309
310
311
312
313
314
	return (FALSE);
}

#else /* No WINSOCK */

#define winsock_startup()	(TRUE)

#endif

static void status(char* str)
{
	if(startup!=NULL && startup->status!=NULL)
315
	    startup->status(startup->cbdata,str);
316
317
318
319
320
}

static void update_clients(void)
{
	if(startup!=NULL && startup->clients!=NULL)
321
		startup->clients(startup->cbdata,active_clients);
322
323
}

324
#if 0	/* These will be used later ToDo */
325
326
327
328
329
330
331
332
333
334
335
static void client_on(SOCKET sock, client_t* client, BOOL update)
{
	if(startup!=NULL && startup->client_on!=NULL)
		startup->client_on(TRUE,sock,client,update);
}

static void client_off(SOCKET sock)
{
	if(startup!=NULL && startup->client_on!=NULL)
		startup->client_on(FALSE,sock,NULL,FALSE);
}
336
#endif
337
338
339
340
341

static void thread_up(BOOL setuid)
{
	thread_count++;
	if(startup!=NULL && startup->thread_up!=NULL)
342
		startup->thread_up(startup->cbdata,TRUE, setuid);
343
344
345
346
347
348
349
}

static void thread_down(void)
{
	if(thread_count>0)
		thread_count--;
	if(startup!=NULL && startup->thread_up!=NULL)
350
		startup->thread_up(startup->cbdata,FALSE, FALSE);
351
352
}

353
354
static linked_list *add_list(linked_list *list,const char *value)  {
	linked_list*	entry;
355

356
357
	entry=malloc(sizeof(linked_list));
	if(entry==NULL)  {
358
		lprintf(LOG_CRIT,"Could not allocate memory for \"%s\" in linked list.",&value);
359
		return(list);
360
	}
361
362
363
	entry->val=malloc(strlen(value)+1);
	if(entry->val==NULL)  {
		FREE_AND_NULL(entry);
364
		lprintf(LOG_CRIT,"Could not allocate memory for \"%s\" in linked list.",&value);
365
366
367
368
369
		return(list);
	}
	strcpy(entry->val,value);
	entry->next=list;
	return(entry);
370
371
372
}

static void add_env(http_session_t *session, const char *name,const char *value)  {
373
374
	char	newname[129];
	char	fullname[387];
375
376
377
	char	*p;
	
	if(name==NULL || value==NULL)  {
378
		lprintf(LOG_WARNING,"%04d Attempt to set NULL env variable", session->socket);
379
380
381
382
383
384
385
386
387
		return;
	}
	SAFECOPY(newname,name);

	for(p=newname;*p;p++)  {
		*p=toupper(*p);
		if(*p=='-')
			*p='_';
	}
388
389
390

	sprintf(fullname,"%s=%s",newname,value);
	session->req.cgi_env=add_list(session->req.cgi_env,fullname);
391
392
393
394
395
396
397
398
399
400
401
402
403
404
}

static void init_enviro(http_session_t *session)  {
	char	str[128];

	add_env(session,"SERVER_SOFTWARE",VERSION_NOTICE);
	sprintf(str,"%d",startup->port);
	add_env(session,"SERVER_PORT",str);
	add_env(session,"GATEWAY_INTERFACE","CGI/1.1");
	if(!strcmp(session->host_name,"<no name>"))
		add_env(session,"REMOTE_HOST",session->host_name);
	add_env(session,"REMOTE_ADDR",session->host_ip);
}

405
406
407
408
409
410
/*
 * Sets string str to socket sock... returns number of bytes written, or 0 on an error
 * (Should it be -1 on an error?)
 * Can not close the socket since it can not set it to INVALID_SOCKET
 * ToDo - Decide error behaviour, should a SOCKET * be passed around rather than a socket?
 */
411
412
static int sockprint(SOCKET sock, const char *str)
{
413
414
415
	int len;
	int	result;
	int written=0;
416
	BOOL	wr;
417
418
419

	if(sock==INVALID_SOCKET)
		return(0);
420
	if(startup->options&WEB_OPT_DEBUG_TX)
421
		lprintf(LOG_DEBUG,"%04d TX: %s", sock, str);
422
	len=strlen(str);
423

424
	while(socket_check(sock,NULL,&wr,60000) && wr && written<len)  {
425
		result=sendsocket(sock,str+written,len-written);
426
427
		if(result==SOCKET_ERROR) {
			if(ERROR_VALUE==ECONNRESET) 
428
				lprintf(LOG_NOTICE,"%04d Connection reset by peer on send",sock);
429
			else if(ERROR_VALUE==ECONNABORTED) 
430
				lprintf(LOG_NOTICE,"%04d Connection aborted by peer on send",sock);
431
			else
432
				lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
433
434
			return(0);
		}
435
436
437
		written+=result;
	}
	if(written != len) {
438
		lprintf(LOG_WARNING,"%04d !ERROR %d sending on socket",sock,ERROR_VALUE);
439
440
441
442
443
		return(0);
	}
	return(len);
}

444
445
446
447
448
449
450
451
452
453
454
455
456
static int getmonth(char *mon)
{
	int	i;
	for(i=0;i<12;i++)
		if(!stricmp(mon,months[i]))
			return(i);

	return 0;
}

static time_t decode_date(char *date)
{
	struct	tm	ti;
457
458
	char	*token;
	time_t	t;
459
460
461
462
463
464
465
466
467
468
469
470
471

	ti.tm_sec=0;		/* seconds (0 - 60) */
	ti.tm_min=0;		/* minutes (0 - 59) */
	ti.tm_hour=0;		/* hours (0 - 23) */
	ti.tm_mday=1;		/* day of month (1 - 31) */
	ti.tm_mon=0;		/* month of year (0 - 11) */
	ti.tm_year=0;		/* year - 1900 */
	ti.tm_isdst=0;		/* is summer time in effect? */

#if 0	/* non-standard */
	ti.tm_zone="UTC";	/* abbreviation of timezone name */
	ti.tm_gmtoff=0;		/* offset from UTC in seconds */
#endif
472
473

	token=strtok(date,",");
474
475
	if(token==NULL)
		return(0);
476
477
	/* This probobly only needs to be 9, but the extra one is for luck. */
	if(strlen(date)>15) {
478
		/* asctime() */
479
480
		/* Toss away week day */
		token=strtok(date," ");
481
482
		if(token==NULL)
			return(0);
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
		token=strtok(NULL,"");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token)-1900;
507
508
509
	}
	else  {
		/* RFC 1123 or RFC 850 */
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mday=atoi(token);
		token=strtok(NULL," -");
		if(token==NULL)
			return(0);
		ti.tm_mon=getmonth(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_year=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_hour=atoi(token);
		token=strtok(NULL,":");
		if(token==NULL)
			return(0);
		ti.tm_min=atoi(token);
		token=strtok(NULL," ");
		if(token==NULL)
			return(0);
		ti.tm_sec=atoi(token);
534
535
536
		if(ti.tm_year>1900)
			ti.tm_year -= 1900;
	}
537

538
	t=time_gm(&ti);
539
	return(t);
540
541
542
543
544
545
546
547
548
}

static SOCKET open_socket(int type)
{
	char	error[256];
	SOCKET	sock;

	sock=socket(AF_INET, type, IPPROTO_IP);
	if(sock!=INVALID_SOCKET && startup!=NULL && startup->socket_open!=NULL) 
549
		startup->socket_open(startup->cbdata,TRUE);
550
551
	if(sock!=INVALID_SOCKET) {
		if(set_socket_options(&scfg, sock,error))
552
			lprintf(LOG_ERR,"%04d !ERROR %s",sock,error);
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569

		sockets++;
	}
	return(sock);
}


static int close_socket(SOCKET sock)
{
	int		result;

	if(sock==INVALID_SOCKET)
		return(-1);

	shutdown(sock,SHUT_RDWR);	/* required on Unix */
	result=closesocket(sock);
	if(startup!=NULL && startup->socket_open!=NULL) {
570
		startup->socket_open(startup->cbdata,FALSE);
571
572
573
574
	}
	sockets--;
	if(result!=0) {
		if(ERROR_VALUE!=ENOTSOCK)
575
			lprintf(LOG_WARNING,"%04d !ERROR %d closing socket",sock, ERROR_VALUE);
576
577
578
579
580
581
582
	}

	return(result);
}

static void close_request(http_session_t * session)
{
583
584
585
586
587
588
	linked_list	*p;
	while(session->req.dynamic_heads != NULL)  {
		FREE_AND_NULL(session->req.dynamic_heads->val);
		p=session->req.dynamic_heads->next;
		FREE_AND_NULL(session->req.dynamic_heads);
		session->req.dynamic_heads=p;
589
	}
590
591
592
593
594
595
596
	while(session->req.cgi_env != NULL)  {
		FREE_AND_NULL(session->req.cgi_env->val);
		p=session->req.cgi_env->next;
		FREE_AND_NULL(session->req.cgi_env);
		session->req.cgi_env=p;
	}
	FREE_AND_NULL(session->req.post_data);
deuce's avatar
deuce committed
597
	if(!session->req.keep_alive || session->socket==INVALID_SOCKET) {
598
		close_socket(session->socket);
599
		session->socket=INVALID_SOCKET;
600
601
602
603
604
605
		session->finished=TRUE;
	}
}

static int get_header_type(char *header)
{
606
	int i;
607
608
609
610
611
612
613
614
615
616
	for(i=0; headers[i].text!=NULL; i++) {
		if(!stricmp(header,headers[i].text)) {
			return(headers[i].id);
		}
	}
	return(-1);
}

static char *get_header(int id) 
{
617
	int i;
618
619
	if(headers[id].id==id)
		return(headers[id].text);
620
621
622
623
624
625
626
627
628

	for(i=0;headers[i].text!=NULL;i++) {
		if(headers[i].id==id) {
			return(headers[i].text);
		}
	}
	return(NULL);
}

629
630
static const char* unknown_mime_type="application/octet-stream";

631
static const char* get_mime_type(char *ext)
632
633
634
635
{
	uint i;

	if(ext==NULL)
636
637
638
		return(unknown_mime_type);

	for(i=0;i<mime_count;i++)
639
		if(!stricmp(ext+1,mime_types[i].ext))
640
641
642
			return(mime_types[i].type);

	return(unknown_mime_type);
643
644
}

645
646
/* This function appends append plus a newline IF the final dst string would have a length less than maxlen */
static void safecat(char *dst, const char *append, size_t maxlen) {
647
	size_t dstlen,appendlen;
648
649
650
651
652
653
654
655
	dstlen=strlen(dst);
	appendlen=strlen(append);
	if(dstlen+appendlen+2 < maxlen) {
		strcat(dst,append);
		strcat(dst,newline);
	}
}

656
static BOOL send_headers(http_session_t *session, const char *status)
657
{
658
	int		ret;
659
	BOOL	send_file=TRUE;
660
	time_t	ti;
661
	const char	*status_line;
662
	struct stat	stats;
663
	struct tm	tm;
664
	linked_list	*p;
665
666
	char	*headers;
	char	header[MAX_REQUEST_LINE];
667

668
	status_line=status;
669
	ret=stat(session->req.physical_path,&stats);
670
671
672
673
674
	/*
	 * ToDo this always resends dynamic content... although this makes complete sense to me,
	 * I can't help but feel that this may not be required for GET requests.
	 * Look into this and revisit this section - ToDo
	 */
675
	if(!ret && (stats.st_mtime < session->req.if_modified_since) && !session->req.dynamic) {
676
		status_line="304 Not Modified";
677
		ret=-1;
678
		send_file=FALSE;
679
	}
680
	if(session->req.send_location==MOVED_PERM)  {
681
		status_line="301 Moved Permanently";
682
683
684
		ret=-1;
		send_file=FALSE;
	}
685
	if(session->req.send_location==MOVED_TEMP)  {
686
		status_line="302 Moved Temporarily";
687
688
689
		ret=-1;
		send_file=FALSE;
	}
690
691
692

	headers=malloc(MAX_HEADERS_SIZE);
	if(headers==NULL)  {
693
		lprintf(LOG_CRIT,"Could not allocate memory for response headers.");
694
695
696
		return(FALSE);
	}
	*headers=0;
697
	/* Status-Line */
698
699
	snprintf(header,MAX_REQUEST_LINE,"%s %s",http_vers[session->http_ver],status_line);
	safecat(headers,header,MAX_HEADERS_SIZE);
700
701
702

	/* General Headers */
	ti=time(NULL);
703
704
	if(gmtime_r(&ti,&tm)==NULL)
		memset(&tm,0,sizeof(tm));
705
	snprintf(header,MAX_REQUEST_LINE,"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
706
707
708
		,get_header(HEAD_DATE)
		,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
		,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
709
710
711
712
713
714
715
716
717
	safecat(headers,header,MAX_HEADERS_SIZE);
	if(session->req.keep_alive) {
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_CONNECTION),"Keep-Alive");
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_CONNECTION),"Close");
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
718
719

	/* Response Headers */
720
721
	snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_SERVER),VERSION_NOTICE);
	safecat(headers,header,MAX_HEADERS_SIZE);
722
723
	
	/* Entity Headers */
724
725
726
727
728
729
730
731
	if(session->req.dynamic) {
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD, POST");
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
	else {
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_ALLOW),"GET, HEAD");
		safecat(headers,header,MAX_HEADERS_SIZE);
	}
732

733
	if(session->req.send_location) {
734
735
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_LOCATION),(session->req.virtual_path));
		safecat(headers,header,MAX_HEADERS_SIZE);
736
	}
737
	if(session->req.keep_alive) {
deuce's avatar
deuce committed
738
		if(ret)  {
739
740
			snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_LENGTH),"0");
			safecat(headers,header,MAX_HEADERS_SIZE);
deuce's avatar
deuce committed
741
		}
742
		else  {
743
744
			snprintf(header,MAX_REQUEST_LINE,"%s: %d",get_header(HEAD_LENGTH),(int)stats.st_size);
			safecat(headers,header,MAX_HEADERS_SIZE);
745
		}
746
	}
747

748
	if(!ret && !session->req.dynamic)  {
749
750
		snprintf(header,MAX_REQUEST_LINE,"%s: %s",get_header(HEAD_TYPE),session->req.mime_type);
		safecat(headers,header,MAX_HEADERS_SIZE);
751
		gmtime_r(&stats.st_mtime,&tm);
752
		snprintf(header,MAX_REQUEST_LINE,"%s: %s, %02d %s %04d %02d:%02d:%02d GMT"
753
			,get_header(HEAD_LASTMODIFIED)
754
755
			,days[tm.tm_wday],tm.tm_mday,months[tm.tm_mon]
			,tm.tm_year+1900,tm.tm_hour,tm.tm_min,tm.tm_sec);
756
		safecat(headers,header,MAX_HEADERS_SIZE);
757
	} 
rswindell's avatar
rswindell committed
758

759
760
	if(session->req.dynamic)  {
		/* Dynamic headers */
761
		/* Set up environment */
762
		p=session->req.dynamic_heads;
763
		while(p != NULL)  {
764
			safecat(headers,p->val,MAX_HEADERS_SIZE);
765
			p=p->next;
766
		}
767
	}
768

769
	safecat(headers,"",MAX_HEADERS_SIZE);
770
771
	send_file = (sockprint(session->socket,headers) && send_file);
	free(headers);
772
	return(send_file);
773
774
775
776
777
}

static void sock_sendfile(SOCKET socket,char *path)
{
	int		file;
778
	long	offset=0;
779

780
	if(startup->options&WEB_OPT_DEBUG_TX)
781
		lprintf(LOG_DEBUG,"%04d Sending %s",socket,path);
782
	if((file=open(path,O_RDONLY|O_BINARY))==-1)
783
		lprintf(LOG_WARNING,"%04d !ERROR %d opening %s",socket,errno,path);
784
	else {
785
		if(sendfilesocket(socket, file, &offset, 0) < 1)
786
			lprintf(LOG_DEBUG,"%04d !ERROR %d sending %s"
deuce's avatar
deuce committed
787
				, socket, errno, path);
788
789
790
791
		close(file);
	}
}

792
static void send_error(http_session_t * session, const char* message)
793
794
{
	char	error_code[4];
795
	struct stat	sb;
796
	char	sbuf[1024];
797

798
	lprintf(LOG_INFO,"%04d !ERROR %s",session->socket,message);
799
	session->req.keep_alive=FALSE;
800
	session->req.send_location=NO_LOCATION;
801
	SAFECOPY(error_code,message);
802
	sprintf(session->req.physical_path,"%s%s.html",error_dir,error_code);
803
	if(session->http_ver > HTTP_0_9)  {
804
		session->req.mime_type=get_mime_type(strrchr(session->req.physical_path,'.'));
805
		send_headers(session,message);
806
	}
807
	if(!stat(session->req.physical_path,&sb))
808
		sock_sendfile(session->socket,session->req.physical_path);
809
	else {
810
		lprintf(LOG_NOTICE,"%04d Error message file %s doesn't exist."
811
			,session->socket,session->req.physical_path);
812
		snprintf(sbuf,1024
813
814
815
			,"<HTML><HEAD><TITLE>%s Error</TITLE></HEAD>"
			"<BODY><H1>%s Error</H1><BR><H3>In addition, "
			"I can't seem to find the %s error file</H3><br>"
816
817
818
			"please notify <a href=\"mailto:sysop@%s\">"
			"%s</a></BODY></HTML>"
			,error_code,error_code,error_code,scfg.sys_inetaddr,scfg.sys_op);
819
		sockprint(session->socket,sbuf);
820
	}
821
822
823
	close_request(session);
}

824
static BOOL check_ars(http_session_t * session)
825
826
827
828
{
	char	*username;
	char	*password;
	uchar	*ar;
829
	BOOL	authorized;
830

831
	if(session->req.auth[0]==0) {
832
		if(startup->options&WEB_OPT_DEBUG_RX)
833
			lprintf(LOG_NOTICE,"%04d !No authentication information",session->socket);
834
		return(FALSE);
835
	}
836
837

	username=strtok(session->req.auth,":");
838
839
	if(username==NULL)
		username="";
840
841
842
	password=strtok(NULL,":");
	/* Require a password */
	if(password==NULL)
843
		password="";
844
845
	session->user.number=matchuser(&scfg, username, FALSE);
	if(session->user.number==0) {
846
		if(scfg.sys_misc&SM_ECHO_PW)
847
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: %s, Password: %s"
848
849
				,session->socket,username,password);
		else
850
			lprintf(LOG_NOTICE,"%04d !UNKNOWN USER: %s"
851
852
853
				,session->socket,username);
		return(FALSE);
	}
854
855
	getuserdat(&scfg, &session->user);
	if(session->user.pass[0] && stricmp(session->user.pass,password)) {
856
		/* Should go to the hack log? */
857
		if(scfg.sys_misc&SM_ECHO_PW)
858
			lprintf(LOG_WARNING,"%04d !PASSWORD FAILURE for user %s: '%s' expected '%s'"
859
				,session->socket,username,password,session->user.pass);
860
		else
861
			lprintf(LOG_WARNING,"%04d !PASSWORD FAILURE for user %s"
862
				,session->socket,username);
863
		session->user.number=0;
864
		return(FALSE);
865
	}
866
	ar = arstr(NULL,session->req.ars,&scfg);
867
	authorized=chk_ar(&scfg,ar,&session->user);
868
869
870
	if(ar!=NULL && ar!=nular)
		free(ar);

deuce's avatar
deuce committed
871
872
873
	if(session->req.dynamic==IS_SSJS)  {
		if(!js_CreateUserObjects(session->js_cx, session->js_glob, &scfg, &session->user
			,NULL /* ftp index file */, NULL /* subscan */)) 
874
			lprintf(LOG_ERR,"%04d !JavaScript ERROR creating user objects",session->socket);
deuce's avatar
deuce committed
875
876
	}

877
	if(authorized)  {
878
		if(session->req.dynamic==IS_CGI || session->req.dynamic==IS_STATIC)  {
879
880
881
882
883
			add_env(session,"AUTH_TYPE","Basic");
			/* Should use real name if set to do so somewhere ToDo */
			add_env(session,"REMOTE_USER",session->user.alias);
		}

884
		return(TRUE);
885
	}
886
887

	/* Should go to the hack log? */
888
	lprintf(LOG_WARNING,"%04d !AUTHORIZATION FAILURE for user %s, ARS: %s"
889
		,session->socket,username,session->req.ars);
890

891
892
893
	return(FALSE);
}

894
static BOOL read_mime_types(char* fname)
895
896
897
898
899
900
{
	char	str[1024];
	char *	ext;
	char *	type;
	FILE*	mime_config;

901
	if((mime_config=fopen(fname,"r"))==NULL)
902
		return(FALSE);
903

904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
	while (!feof(mime_config)&&mime_count<MAX_MIME_TYPES) {
		if(fgets(str,sizeof(str),mime_config)!=NULL) {
			truncsp(str);
			ext=strtok(str," \t");
			if(ext!=NULL) {
				while(*ext && *ext<=' ') ext++;
				if(*ext!=';') {
					type=strtok(NULL," \t");
					if(type!=NULL) {
						while(*type && *type<=' ') type++;
						if(strlen(ext)>0 && strlen(type)>0) {
							SAFECOPY((mime_types[mime_count]).ext,ext);
							SAFECOPY((mime_types[mime_count++]).type,type);
						}
					}
				}
			}
		}
	}
	fclose(mime_config);
924
	lprintf(LOG_DEBUG,"Loaded %d mime types",mime_count);
925
926
927
	return(mime_count>0);
}

928
static int sockreadline(http_session_t * session, char *buf, size_t length)
929
930
931
932
{
	char	ch;
	DWORD	i;
	BOOL	rd;
933
#if 0
934
935
936
937
	time_t	start;

	start=time(NULL);
	for(i=0;TRUE;) {
938
		if(!socket_check(session->socket,&rd,NULL,1000)) {
939
940
			session->req.keep_alive=FALSE;
			close_request(session);
941
			session->socket=INVALID_SOCKET;
942
943
944
945
			return(-1);
		}

		if(!rd) {
946
			if(time(NULL)-start>startup->max_inactivity) {
947
948
				session->req.keep_alive=FALSE;
				close_request(session);
949
				session->socket=INVALID_SOCKET;
950
951
952
953
954
				return(-1);        /* time-out */
			}
			continue;       /* no data */
		}

955
		if(recv(session->socket, &ch, 1, 0)!=1)
956
957
958
959
960
961
962
963
			break;

		if(ch=='\n')
			break;

		if(i<length)
			buf[i++]=ch;
	}
964
965
#else
	for(i=0;TRUE;) {
966
		if(!socket_check(session->socket,&rd,NULL,60000) || !rd || recv(session->socket, &ch, 1, 0)!=1)  {
967
968
969
970
971
972
973
974
975
976
977
978
979
			session->req.keep_alive=FALSE;
			close_request(session);
			session->socket=INVALID_SOCKET;
			return(-1);        /* time-out */
		}

		if(ch=='\n')
			break;

		if(i<length)
			buf[i++]=ch;
	}
#endif
980
981
982
983
984
985

	/* Terminate at length if longer */
	if(i>length)
		i=length;
		
	if(i>0 && buf[i-1]=='\r')
rswindell's avatar
rswindell committed
986
		buf[--i]=0;
987
988
989
	else
		buf[i]=0;

990
	if(startup->options&WEB_OPT_DEBUG_RX)
991
		lprintf(LOG_DEBUG,"%04d RX: %s",session->socket,buf);
rswindell's avatar
rswindell committed
992
	return(i);
993
994
995
996
997
998
999
1000
}

static int pipereadline(int pipe, char *buf, size_t length)
{
	char	ch;
	DWORD	i;
	time_t	start;

rswindell's avatar
rswindell committed
1001
	start=time(NULL);
1002
	for(i=0;TRUE;) {
rswindell's avatar
rswindell committed
1003
1004
1005
1006
		if(time(NULL)-start>startup->max_cgi_inactivity) {
			return(-1);
		}
		
1007
		if(read(pipe, &ch, 1)==1)  {
rswindell's avatar
rswindell committed
1008
1009
			start=time(NULL);
			
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
			if(ch=='\n')
				break;

			if(i<length)
				buf[i++]=ch;
		}
	}

	/* Terminate at length if longer */
	if(i>length)
		i=length;
		
	if(i>0 && buf[i-1]=='\r')
rswindell's avatar
rswindell committed
1023
		buf[--i]=0;
1024
1025
1026
	else
		buf[i]=0;

rswindell's avatar
rswindell committed
1027
	return(i);
1028
1029
}

1030
1031
1032
int recvbufsocket(int sock, char *buf, long count)
{
	int		rd=0;
rswindell's avatar
rswindell committed
1033
1034
	int		i;
	time_t	start;
1035
1036
1037
1038
1039
1040

	if(count<1) {
		errno=ERANGE;
		return(0);
	}

1041
	while(rd<count && socket_check(sock,NULL,NULL,60000))  {
1042
		i=recv(sock,buf,count-rd,0);
rswindell's avatar
rswindell committed
1043
1044
1045
1046
1047
1048
1049
		if(i<=0)  {
			*buf=0;
			return(0);
		}

		rd+=i;
		start=time(NULL);
1050
1051
1052
1053
1054
1055
1056
	}

	if(rd==count)  {
		return(rd);
	}

	*buf=0;
rswindell's avatar
rswindell committed
1057
	return(0);
1058
1059
}

1060
/* Wasn't this done up as a JS thing too?  ToDo */
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
static void unescape(char *p)
{
	char *	dst;
	char	code[3];
	
	dst=p;
	for(;*p;p++) {
		if(*p=='%' && isxdigit(*(p+1)) && isxdigit(*(p+2))) {
			sprintf(code,"%.2s",p+1);
			*(dst++)=(char)strtol(code,NULL,16);
			p+=2;
		}
		else  {
			if(*p=='+')  {
				*(dst++)=' ';
			}
			else  {
				*(dst++)=*p;
			}
		}
	}
	*(dst)=0;
}

1085
1086
static void js_parse_post(http_session_t * session)  
{
1087
1088
1089
1090
1091
	char		*p;
	char		*key;
	char		*value;
	JSString*	js_str;

1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
	if(session->req.post_data == NULL)
		return;

	p=session->req.post_data;
	while((key=strtok(p,"="))!=NULL)  {
		p=NULL;
		if(key == NULL)
			continue;
		value=strtok(NULL,"&");
		if(value == NULL)
			continue;

		unescape(value);
		unescape(key);
		if((js_str=JS_NewStringCopyZ(session->js_cx, value))==NULL)
			return;
		JS_DefineProperty(session->js_cx, session->js_query, key, STRING_TO_JSVAL(js_str)
			,NULL,NULL,JSPROP_ENUMERATE|JSPROP_READONLY);
1110
1111
1112
	}
}

1113
1114
static void js_add_header(http_session_t * session, char *key, char *value)  
{
1115
1116
1117
1118
1119
1120
1121
1122
	JSString*	js_str;

	if((js_str=JS_NewStringCopyZ(session->js_cx, value))==NULL)
		return;
	JS_DefineProperty(session->js_cx, session->js_header, key, STRING_TO_JSVAL(js_str)
		,NULL,NULL,JSPROP_ENUMERATE|JSPROP_READONLY);
}

1123
1124
1125
1126
1127
1128
1129
static BOOL parse_headers(http_session_t * session)
{
	char	req_line[MAX_REQUEST_LINE];
	char	next_char[2];
	char	*value;
	char	*p;
	int		i;
1130
	size_t	content_len=0;
1131
	char	env_name[128];
1132