/*
* uhttpd - Tiny single-threaded httpd - Utility functions
*
- * Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
+ * Copyright (C) 2010-2012 Jo-Philipp Wich <xm@subsignal.org>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
struct sockaddr_in *v4 = (struct sockaddr_in *)sa;
struct sockaddr_in6 *v6 = (struct sockaddr_in6 *)sa;
- if( v4->sin_family == AF_INET )
+ if (v4->sin_family == AF_INET)
return inet_ntop(AF_INET, &(v4->sin_addr), str, sizeof(str));
else
return inet_ntop(AF_INET6, &(v6->sin6_addr), str, sizeof(str));
return ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
}
+int sa_rfc1918(void *sa)
+{
+ struct sockaddr_in *v4 = (struct sockaddr_in *)sa;
+ unsigned long a = htonl(v4->sin_addr.s_addr);
+
+ if (v4->sin_family == AF_INET)
+ {
+ return ((a >= 0x0A000000) && (a <= 0x0AFFFFFF)) ||
+ ((a >= 0xAC100000) && (a <= 0xAC1FFFFF)) ||
+ ((a >= 0xC0A80000) && (a <= 0xC0A8FFFF));
+ }
+
+ return 0;
+}
+
/* Simple strstr() like function that takes len arguments for both haystack and needle. */
char *strfind(char *haystack, int hslen, const char *needle, int ndlen)
{
int match = 0;
int i, j;
- for( i = 0; i < hslen; i++ )
+ for (i = 0; i < hslen; i++)
{
- if( haystack[i] == needle[0] )
+ if (haystack[i] == needle[0])
{
match = ((ndlen == 1) || ((i + ndlen) <= hslen));
- for( j = 1; (j < ndlen) && ((i + j) < hslen); j++ )
+ for (j = 1; (j < ndlen) && ((i + j) < hslen); j++)
{
- if( haystack[i+j] != needle[j] )
+ if (haystack[i+j] != needle[j])
{
match = 0;
break;
}
}
- if( match )
+ if (match)
return &haystack[i];
}
}
return NULL;
}
-/* interruptable select() */
-int select_intr(int n, fd_set *r, fd_set *w, fd_set *e, struct timeval *t)
+bool uh_socket_wait(int fd, int sec, bool write)
{
int rv;
- sigset_t ssn, sso;
-
- /* unblock SIGCHLD */
- sigemptyset(&ssn);
- sigaddset(&ssn, SIGCHLD);
- sigprocmask(SIG_UNBLOCK, &ssn, &sso);
-
- rv = select(n, r, w, e, t);
-
- /* restore signal mask */
- sigprocmask(SIG_SETMASK, &sso, NULL);
+ struct timeval timeout;
- return rv;
-}
+ fd_set fds;
+ FD_ZERO(&fds);
+ FD_SET(fd, &fds);
-int uh_tcp_send(struct client *cl, const char *buf, int len)
-{
- fd_set writer;
- struct timeval timeout;
+ timeout.tv_sec = sec;
+ timeout.tv_usec = 0;
- FD_ZERO(&writer);
- FD_SET(cl->socket, &writer);
+ while (((rv = select(fd+1, write ? NULL : &fds, write ? &fds : NULL,
+ NULL, &timeout)) < 0) && (errno == EINTR))
+ {
+ D("IO: FD(%d) select interrupted: %s\n",
+ fd, strerror(errno));
- timeout.tv_sec = cl->server->conf->network_timeout;
- timeout.tv_usec = 0;
+ continue;
+ }
- if( select(cl->socket + 1, NULL, &writer, NULL, &timeout) > 0 )
+ if (rv <= 0)
{
-#ifdef HAVE_TLS
- if( cl->tls )
- return cl->server->conf->tls_send(cl, (void *)buf, len);
- else
-#endif
- return send(cl->socket, buf, len, 0);
+ D("IO: FD(%d) appears dead (rv=%d)\n", fd, rv);
+ return false;
}
- return -1;
+ return true;
}
-int uh_tcp_peek(struct client *cl, char *buf, int len)
+static int __uh_raw_send(struct client *cl, const char *buf, int len, int sec,
+ int (*wfn) (struct client *, const char *, int))
{
- int sz = uh_tcp_recv(cl, buf, len);
+ ssize_t rv;
+ int fd = cl->fd.fd;
- /* store received data in peek buffer */
- if( sz > 0 )
+ while (true)
{
- cl->peeklen = sz;
- memcpy(cl->peekbuf, buf, sz);
+ if ((rv = wfn(cl, buf, len)) < 0)
+ {
+ if (errno == EINTR)
+ {
+ D("IO: FD(%d) interrupted\n", cl->fd.fd);
+ continue;
+ }
+ else if ((sec > 0) && (errno == EAGAIN || errno == EWOULDBLOCK))
+ {
+ if (!uh_socket_wait(fd, sec, true))
+ return -1;
+ }
+ else
+ {
+ D("IO: FD(%d) write error: %s\n", fd, strerror(errno));
+ return -1;
+ }
+ }
+ /*
+ * It is not entirely clear whether rv = 0 on nonblocking sockets
+ * is an error. In real world fuzzing tests, not handling it as close
+ * led to tight infinite loops in this send procedure, so treat it as
+ * closed and break out.
+ */
+ else if (rv == 0)
+ {
+ D("IO: FD(%d) appears closed\n", fd);
+ return 0;
+ }
+ else if (rv < len)
+ {
+ D("IO: FD(%d) short write %d/%d bytes\n", fd, rv, len);
+ len -= rv;
+ buf += rv;
+ continue;
+ }
+ else
+ {
+ D("IO: FD(%d) sent %d/%d bytes\n", fd, rv, len);
+ return rv;
+ }
}
+}
- return sz;
+int uh_tcp_send_lowlevel(struct client *cl, const char *buf, int len)
+{
+ return write(cl->fd.fd, buf, len);
}
-int uh_tcp_recv(struct client *cl, char *buf, int len)
+int uh_raw_send(int fd, const char *buf, int len, int sec)
{
- int sz = 0;
- int rsz = 0;
+ struct client_light cl = { .fd = { .fd = fd } };
+ return __uh_raw_send((struct client *)&cl, buf, len, sec,
+ uh_tcp_send_lowlevel);
+}
- /* first serve data from peek buffer */
- if( cl->peeklen > 0 )
- {
- sz = min(cl->peeklen, len);
- len -= sz; cl->peeklen -= sz;
+int uh_tcp_send(struct client *cl, const char *buf, int len)
+{
+ int seconds = cl->server->conf->network_timeout;
+#ifdef HAVE_TLS
+ if (cl->tls)
+ return __uh_raw_send(cl, buf, len, seconds,
+ cl->server->conf->tls_send);
+#endif
+ return __uh_raw_send(cl, buf, len, seconds, uh_tcp_send_lowlevel);
+}
- memcpy(buf, cl->peekbuf, sz);
- memmove(cl->peekbuf, &cl->peekbuf[sz], cl->peeklen);
- }
+static int __uh_raw_recv(struct client *cl, char *buf, int len, int sec,
+ int (*rfn) (struct client *, char *, int))
+{
+ ssize_t rv;
+ int fd = cl->fd.fd;
- /* caller wants more */
- if( len > 0 )
+ while (true)
{
-#ifdef HAVE_TLS
- if( cl->tls )
- rsz = cl->server->conf->tls_recv(cl, (void *)&buf[sz], len);
+ if ((rv = rfn(cl, buf, len)) < 0)
+ {
+ if (errno == EINTR)
+ {
+ continue;
+ }
+ else if ((sec > 0) && (errno == EAGAIN || errno == EWOULDBLOCK))
+ {
+ if (!uh_socket_wait(fd, sec, false))
+ return -1;
+ }
+ else
+ {
+ D("IO: FD(%d) read error: %s\n", fd, strerror(errno));
+ return -1;
+ }
+ }
+ else if (rv == 0)
+ {
+ D("IO: FD(%d) appears closed\n", fd);
+ return 0;
+ }
else
-#endif
- rsz = recv(cl->socket, (void *)&buf[sz], len, 0);
-
- if( (sz == 0) || (rsz > 0) )
- sz += rsz;
+ {
+ D("IO: FD(%d) read %d bytes\n", fd, rv);
+ return rv;
+ }
}
+}
+
+int uh_tcp_recv_lowlevel(struct client *cl, char *buf, int len)
+{
+ return read(cl->fd.fd, buf, len);
+}
- return sz;
+int uh_raw_recv(int fd, char *buf, int len, int sec)
+{
+ struct client_light cl = { .fd = { .fd = fd } };
+ return __uh_raw_recv((struct client *)&cl, buf, len, sec,
+ uh_tcp_recv_lowlevel);
+}
+
+int uh_tcp_recv(struct client *cl, char *buf, int len)
+{
+ int seconds = cl->server->conf->network_timeout;
+#ifdef HAVE_TLS
+ if (cl->tls)
+ return __uh_raw_recv(cl, buf, len, seconds,
+ cl->server->conf->tls_recv);
+#endif
+ return __uh_raw_recv(cl, buf, len, seconds, uh_tcp_recv_lowlevel);
}
-#define ensure(x) \
- do { if( x < 0 ) return -1; } while(0)
-int uh_http_sendhf(struct client *cl, int code, const char *summary, const char *fmt, ...)
+int uh_http_sendhf(struct client *cl, int code, const char *summary,
+ const char *fmt, ...)
{
va_list ap;
code, summary
);
- ensure(uh_tcp_send(cl, buffer, len));
+ ensure_ret(uh_tcp_send(cl, buffer, len));
va_start(ap, fmt);
len = vsnprintf(buffer, sizeof(buffer), fmt, ap);
va_end(ap);
- ensure(uh_http_sendc(cl, buffer, len));
- ensure(uh_http_sendc(cl, NULL, 0));
+ ensure_ret(uh_http_sendc(cl, buffer, len));
+ ensure_ret(uh_http_sendc(cl, NULL, 0));
return 0;
}
char chunk[8];
int clen;
- if( len == -1 )
+ if (len == -1)
len = strlen(data);
- if( len > 0 )
+ if (len > 0)
{
- clen = snprintf(chunk, sizeof(chunk), "%X\r\n", len);
- ensure(uh_tcp_send(cl, chunk, clen));
- ensure(uh_tcp_send(cl, data, len));
- ensure(uh_tcp_send(cl, "\r\n", 2));
+ clen = snprintf(chunk, sizeof(chunk), "%X\r\n", len);
+ ensure_ret(uh_tcp_send(cl, chunk, clen));
+ ensure_ret(uh_tcp_send(cl, data, len));
+ ensure_ret(uh_tcp_send(cl, "\r\n", 2));
}
else
{
- ensure(uh_tcp_send(cl, "0\r\n\r\n", 5));
+ ensure_ret(uh_tcp_send(cl, "0\r\n\r\n", 5));
}
return 0;
}
-int uh_http_sendf(
- struct client *cl, struct http_request *req, const char *fmt, ...
-) {
+int uh_http_sendf(struct client *cl, struct http_request *req,
+ const char *fmt, ...)
+{
va_list ap;
char buffer[UH_LIMIT_MSGHEAD];
int len;
len = vsnprintf(buffer, sizeof(buffer), fmt, ap);
va_end(ap);
- if( (req != NULL) && (req->version > 1.0) )
- ensure(uh_http_sendc(cl, buffer, len));
- else if( len > 0 )
- ensure(uh_tcp_send(cl, buffer, len));
+ if ((req != NULL) && (req->version > UH_HTTP_VER_1_0))
+ ensure_ret(uh_http_sendc(cl, buffer, len));
+ else if (len > 0)
+ ensure_ret(uh_tcp_send(cl, buffer, len));
return 0;
}
-int uh_http_send(
- struct client *cl, struct http_request *req, const char *buf, int len
-) {
- if( len < 0 )
+int uh_http_send(struct client *cl, struct http_request *req,
+ const char *buf, int len)
+{
+ if (len < 0)
len = strlen(buf);
- if( (req != NULL) && (req->version > 1.0) )
- ensure(uh_http_sendc(cl, buf, len));
- else if( len > 0 )
- ensure(uh_tcp_send(cl, buf, len));
+ if ((req != NULL) && (req->version > UH_HTTP_VER_1_0))
+ ensure_ret(uh_http_sendc(cl, buf, len));
+ else if (len > 0)
+ ensure_ret(uh_tcp_send(cl, buf, len));
return 0;
}
+/* blen is the size of buf; slen is the length of src. The input-string need
+** not be, and the output string will not be, null-terminated. Returns the
+** length of the decoded string, -1 on buffer overflow, -2 on malformed string. */
int uh_urldecode(char *buf, int blen, const char *src, int slen)
{
int i;
(((x) <= 'F') ? ((x) - 'A' + 10) : \
((x) - 'a' + 10)))
- for( i = 0; (i <= slen) && (i <= blen); i++ )
+ for (i = 0; (i < slen) && (len < blen); i++)
{
- if( src[i] == '%' )
+ if (src[i] == '%')
{
- if( ((i+2) <= slen) && isxdigit(src[i+1]) && isxdigit(src[i+2]) )
+ if (((i+2) < slen) && isxdigit(src[i+1]) && isxdigit(src[i+2]))
{
buf[len++] = (char)(16 * hex(src[i+1]) + hex(src[i+2]));
i += 2;
}
else
{
- buf[len++] = '%';
+ /* Encoding error: it's hard to think of a
+ ** scenario in which returning an incorrect
+ ** 'decoding' of the malformed string is
+ ** preferable to signaling an error condition. */
+ #if 0 /* WORSE_IS_BETTER */
+ buf[len++] = '%';
+ #else
+ return -2;
+ #endif
}
}
else
}
}
- return len;
+ return (i == slen) ? len : -1;
}
+/* blen is the size of buf; slen is the length of src. The input-string need
+** not be, and the output string will not be, null-terminated. Returns the
+** length of the encoded string, or -1 on error (buffer overflow) */
int uh_urlencode(char *buf, int blen, const char *src, int slen)
{
int i;
int len = 0;
const char hex[] = "0123456789abcdef";
- for( i = 0; (i <= slen) && (i <= blen); i++ )
+ for (i = 0; (i < slen) && (len < blen); i++)
{
if( isalnum(src[i]) || (src[i] == '-') || (src[i] == '_') ||
(src[i] == '.') || (src[i] == '~') )
{
buf[len++] = src[i];
}
- else if( (len+3) <= blen )
+ else if ((len+3) <= blen)
{
buf[len++] = '%';
buf[len++] = hex[(src[i] >> 4) & 15];
- buf[len++] = hex[(src[i] & 15) & 15];
+ buf[len++] = hex[ src[i] & 15];
}
else
{
+ len = -1;
break;
}
}
- return len;
+ return (i == slen) ? len : -1;
}
int uh_b64decode(char *buf, int blen, const unsigned char *src, int slen)
unsigned int cout = 0;
- for( i = 0; (i <= slen) && (src[i] != 0); i++ )
+ for (i = 0; (i <= slen) && (src[i] != 0); i++)
{
cin = src[i];
- if( (cin >= '0') && (cin <= '9') )
+ if ((cin >= '0') && (cin <= '9'))
cin = cin - '0' + 52;
- else if( (cin >= 'A') && (cin <= 'Z') )
+ else if ((cin >= 'A') && (cin <= 'Z'))
cin = cin - 'A';
- else if( (cin >= 'a') && (cin <= 'z') )
+ else if ((cin >= 'a') && (cin <= 'z'))
cin = cin - 'a' + 26;
- else if( cin == '+' )
+ else if (cin == '+')
cin = 62;
- else if( cin == '/' )
+ else if (cin == '/')
cin = 63;
- else if( cin == '=' )
+ else if (cin == '=')
cin = 0;
else
continue;
cout = (cout << 6) | cin;
- if( (i % 4) == 3 )
+ if ((i % 4) == 3)
{
- if( (len + 3) < blen )
+ if ((len + 3) < blen)
{
buf[len++] = (char)(cout >> 16);
buf[len++] = (char)(cout >> 8);
/* relative -> absolute */
- if( *path != '/' )
+ if (*path != '/')
{
getcwd(path_copy, PATH_MAX);
strncat(path_copy, "/", PATH_MAX - strlen(path_copy));
}
/* normalize */
- while( (*path_cpy != '\0') && (path_cpy < (path_copy + PATH_MAX - 2)) )
+ while ((*path_cpy != '\0') && (path_cpy < (path_copy + PATH_MAX - 2)))
{
- if( *path_cpy == '/' )
+ if (*path_cpy == '/')
{
/* skip repeating / */
- if( path_cpy[1] == '/' )
+ if (path_cpy[1] == '/')
{
path_cpy++;
continue;
}
/* /./ or /../ */
- else if( path_cpy[1] == '.' )
+ else if (path_cpy[1] == '.')
{
/* skip /./ */
- if( (path_cpy[2] == '/') || (path_cpy[2] == '\0') )
+ if ((path_cpy[2] == '/') || (path_cpy[2] == '\0'))
{
path_cpy += 2;
continue;
}
/* collapse /x/../ */
- else if( (path_cpy[2] == '.') &&
- ((path_cpy[3] == '/') || (path_cpy[3] == '\0'))
- ) {
- while( (path_res > path_resolved) && (*--path_res != '/') )
+ else if ((path_cpy[2] == '.') &&
+ ((path_cpy[3] == '/') || (path_cpy[3] == '\0')))
+ {
+ while ((path_res > path_resolved) && (*--path_res != '/'))
;
path_cpy += 3;
}
/* remove trailing slash if not root / */
- if( (path_res > (path_resolved+1)) && (path_res[-1] == '/') )
+ if ((path_res > (path_resolved+1)) && (path_res[-1] == '/'))
path_res--;
- else if( path_res == path_resolved )
+ else if (path_res == path_resolved)
*path_res++ = '/';
*path_res = '\0';
/* test access */
- if( !stat(path_resolved, &s) && (s.st_mode & S_IROTH) )
+ if (!stat(path_resolved, &s) && (s.st_mode & S_IROTH))
return path_resolved;
return NULL;
}
+/* Returns NULL on error.
+** NB: improperly encoded URL should give client 400 [Bad Syntax]; returning
+** NULL here causes 404 [Not Found], but that's not too unreasonable. */
struct path_info * uh_path_lookup(struct client *cl, const char *url)
{
static char path_phys[PATH_MAX];
char *docroot = cl->server->conf->docroot;
char *pathptr = NULL;
+ int slash = 0;
int no_sym = cl->server->conf->no_symlinks;
int i = 0;
struct stat s;
/* back out early if url is undefined */
- if ( url == NULL )
+ if (url == NULL)
return NULL;
memset(path_phys, 0, sizeof(path_phys));
/* copy docroot */
memcpy(buffer, docroot,
- min(strlen(docroot), sizeof(buffer) - 1));
+ min(strlen(docroot), sizeof(buffer) - 1));
/* separate query string from url */
- if( (pathptr = strchr(url, '?')) != NULL )
+ if ((pathptr = strchr(url, '?')) != NULL)
{
p.query = pathptr[1] ? pathptr + 1 : NULL;
/* urldecode component w/o query */
- if( pathptr > url )
- uh_urldecode(
- &buffer[strlen(docroot)],
- sizeof(buffer) - strlen(docroot) - 1,
- url, (int)(pathptr - url) - 1
- );
+ if (pathptr > url)
+ {
+ if (uh_urldecode(&buffer[strlen(docroot)],
+ sizeof(buffer) - strlen(docroot) - 1,
+ url, pathptr - url ) < 0)
+ {
+ return NULL; /* bad URL */
+ }
+ }
}
/* no query string, decode all of url */
else
{
- uh_urldecode(
- &buffer[strlen(docroot)],
- sizeof(buffer) - strlen(docroot) - 1,
- url, strlen(url)
- );
+ if (uh_urldecode(&buffer[strlen(docroot)],
+ sizeof(buffer) - strlen(docroot) - 1,
+ url, strlen(url) ) < 0)
+ {
+ return NULL; /* bad URL */
+ }
}
/* create canon path */
- for( i = strlen(buffer); i >= 0; i-- )
+ for (i = strlen(buffer), slash = (buffer[max(0, i-1)] == '/'); i >= 0; i--)
{
- if( (buffer[i] == 0) || (buffer[i] == '/') )
+ if ((buffer[i] == 0) || (buffer[i] == '/'))
{
memset(path_info, 0, sizeof(path_info));
memcpy(path_info, buffer, min(i + 1, sizeof(path_info) - 1));
- if( no_sym ? realpath(path_info, path_phys)
- : canonpath(path_info, path_phys)
- ) {
+ if (no_sym ? realpath(path_info, path_phys)
+ : canonpath(path_info, path_phys))
+ {
memset(path_info, 0, sizeof(path_info));
memcpy(path_info, &buffer[i],
- min(strlen(buffer) - i, sizeof(path_info) - 1));
+ min(strlen(buffer) - i, sizeof(path_info) - 1));
break;
}
}
/* check whether found path is within docroot */
- if( strncmp(path_phys, docroot, strlen(docroot)) ||
- ((path_phys[strlen(docroot)] != 0) &&
- (path_phys[strlen(docroot)] != '/'))
- ) {
+ if (strncmp(path_phys, docroot, strlen(docroot)) ||
+ ((path_phys[strlen(docroot)] != 0) &&
+ (path_phys[strlen(docroot)] != '/')))
+ {
return NULL;
}
/* test current path */
- if( ! stat(path_phys, &p.stat) )
+ if (!stat(path_phys, &p.stat))
{
/* is a regular file */
- if( p.stat.st_mode & S_IFREG )
+ if (p.stat.st_mode & S_IFREG)
{
p.root = docroot;
p.phys = path_phys;
}
/* is a directory */
- else if( (p.stat.st_mode & S_IFDIR) && !strlen(path_info) )
+ else if ((p.stat.st_mode & S_IFDIR) && !strlen(path_info))
{
/* ensure trailing slash */
- if( path_phys[strlen(path_phys)-1] != '/' )
+ if (path_phys[strlen(path_phys)-1] != '/')
path_phys[strlen(path_phys)] = '/';
/* try to locate index file */
memcpy(buffer, path_phys, sizeof(buffer));
pathptr = &buffer[strlen(buffer)];
- if( cl->server->conf->index_file )
+ /* if requested url resolves to a directory and a trailing slash
+ is missing in the request url, redirect the client to the same
+ url with trailing slash appended */
+ if (!slash)
+ {
+ uh_http_sendf(cl, NULL,
+ "HTTP/1.1 302 Found\r\n"
+ "Location: %s%s%s\r\n"
+ "Connection: close\r\n\r\n",
+ &path_phys[strlen(docroot)],
+ p.query ? "?" : "",
+ p.query ? p.query : ""
+ );
+
+ p.redirected = 1;
+ }
+ else if (cl->server->conf->index_file)
{
strncat(buffer, cl->server->conf->index_file, sizeof(buffer));
- if( !stat(buffer, &s) && (s.st_mode & S_IFREG) )
+ if (!stat(buffer, &s) && (s.st_mode & S_IFREG))
{
memcpy(path_phys, buffer, sizeof(path_phys));
memcpy(&p.stat, &s, sizeof(p.stat));
}
else
{
- for( i = 0; i < array_size(uh_index_files); i++ )
+ for (i = 0; i < array_size(uh_index_files); i++)
{
strncat(buffer, uh_index_files[i], sizeof(buffer));
- if( !stat(buffer, &s) && (s.st_mode & S_IFREG) )
+ if (!stat(buffer, &s) && (s.st_mode & S_IFREG))
{
memcpy(path_phys, buffer, sizeof(path_phys));
memcpy(&p.stat, &s, sizeof(p.stat));
}
-static char uh_realms[UH_LIMIT_AUTHREALMS * sizeof(struct auth_realm)] = { 0 };
-static int uh_realm_count = 0;
+static struct auth_realm *uh_realms = NULL;
struct auth_realm * uh_auth_add(char *path, char *user, char *pass)
{
struct auth_realm *new = NULL;
struct passwd *pwd;
+
+#ifdef HAVE_SHADOW
struct spwd *spwd;
+#endif
- if( uh_realm_count < UH_LIMIT_AUTHREALMS )
+ if((new = (struct auth_realm *)malloc(sizeof(struct auth_realm))) != NULL)
{
- new = (struct auth_realm *)
- &uh_realms[uh_realm_count * sizeof(struct auth_realm)];
-
memset(new, 0, sizeof(struct auth_realm));
memcpy(new->path, path,
- min(strlen(path), sizeof(new->path) - 1));
+ min(strlen(path), sizeof(new->path) - 1));
memcpy(new->user, user,
- min(strlen(user), sizeof(new->user) - 1));
+ min(strlen(user), sizeof(new->user) - 1));
/* given password refers to a passwd entry */
- if( (strlen(pass) > 3) && !strncmp(pass, "$p$", 3) )
+ if ((strlen(pass) > 3) && !strncmp(pass, "$p$", 3))
{
+#ifdef HAVE_SHADOW
/* try to resolve shadow entry */
- if( ((spwd = getspnam(&pass[3])) != NULL) && spwd->sp_pwdp )
+ if (((spwd = getspnam(&pass[3])) != NULL) && spwd->sp_pwdp)
{
memcpy(new->pass, spwd->sp_pwdp,
- min(strlen(spwd->sp_pwdp), sizeof(new->pass) - 1));
+ min(strlen(spwd->sp_pwdp), sizeof(new->pass) - 1));
}
+ else
+#endif
+
/* try to resolve passwd entry */
- else if( ((pwd = getpwnam(&pass[3])) != NULL) && pwd->pw_passwd &&
- (pwd->pw_passwd[0] != '!') && (pwd->pw_passwd[0] != 0)
- ) {
+ if (((pwd = getpwnam(&pass[3])) != NULL) && pwd->pw_passwd &&
+ (pwd->pw_passwd[0] != '!') && (pwd->pw_passwd[0] != 0))
+ {
memcpy(new->pass, pwd->pw_passwd,
- min(strlen(pwd->pw_passwd), sizeof(new->pass) - 1));
- }
+ min(strlen(pwd->pw_passwd), sizeof(new->pass) - 1));
+ }
}
/* ordinary pwd */
min(strlen(pass), sizeof(new->pass) - 1));
}
- if( new->pass[0] )
+ if (new->pass[0])
{
- uh_realm_count++;
+ new->next = uh_realms;
+ uh_realms = new;
+
return new;
}
+
+ free(new);
}
return NULL;
}
-int uh_auth_check(
- struct client *cl, struct http_request *req, struct path_info *pi
-) {
+int uh_auth_check(struct client *cl, struct http_request *req,
+ struct path_info *pi)
+{
int i, plen, rlen, protected;
char buffer[UH_LIMIT_MSGHEAD];
char *user = NULL;
protected = 0;
/* check whether at least one realm covers the requested url */
- for( i = 0; i < uh_realm_count; i++ )
+ for (realm = uh_realms; realm; realm = realm->next)
{
- realm = (struct auth_realm *)
- &uh_realms[i * sizeof(struct auth_realm)];
-
rlen = strlen(realm->path);
- if( (plen >= rlen) && !strncasecmp(pi->name, realm->path, rlen) )
+ if ((plen >= rlen) && !strncasecmp(pi->name, realm->path, rlen))
{
req->realm = realm;
protected = 1;
}
/* requested resource is covered by a realm */
- if( protected )
+ if (protected)
{
/* try to get client auth info */
foreach_header(i, req->headers)
{
- if( !strcasecmp(req->headers[i], "Authorization") &&
+ if (!strcasecmp(req->headers[i], "Authorization") &&
(strlen(req->headers[i+1]) > 6) &&
- !strncasecmp(req->headers[i+1], "Basic ", 6)
- ) {
+ !strncasecmp(req->headers[i+1], "Basic ", 6))
+ {
memset(buffer, 0, sizeof(buffer));
uh_b64decode(buffer, sizeof(buffer) - 1,
(unsigned char *) &req->headers[i+1][6],
strlen(req->headers[i+1]) - 6);
- if( (pass = strchr(buffer, ':')) != NULL )
+ if ((pass = strchr(buffer, ':')) != NULL)
{
user = buffer;
*pass++ = 0;
}
/* have client auth */
- if( user && pass )
+ if (user && pass)
{
/* find matching realm */
- for( i = 0, realm = NULL; i < uh_realm_count; i++ )
+ for (realm = uh_realms; realm; realm = realm->next)
{
- realm = (struct auth_realm *)
- &uh_realms[i * sizeof(struct auth_realm)];
-
rlen = strlen(realm->path);
- if( (plen >= rlen) &&
- !strncasecmp(pi->name, realm->path, rlen) &&
- !strcmp(user, realm->user)
- ) {
+ if ((plen >= rlen) &&
+ !strncasecmp(pi->name, realm->path, rlen) &&
+ !strcmp(user, realm->user))
+ {
req->realm = realm;
break;
}
-
- realm = NULL;
}
/* found a realm matching the username */
- if( realm )
+ if (realm)
{
- /* is a crypt passwd */
- if( realm->pass[0] == '$' )
- pass = crypt(pass, realm->pass);
-
/* check user pass */
- if( !strcmp(pass, realm->pass) )
+ if (!strcmp(pass, realm->pass) ||
+ !strcmp(crypt(pass, realm->pass), realm->pass))
return 1;
}
}
/* 401 */
uh_http_sendf(cl, NULL,
- "HTTP/%.1f 401 Authorization Required\r\n"
- "WWW-Authenticate: Basic realm=\"%s\"\r\n"
- "Content-Type: text/plain\r\n"
- "Content-Length: 23\r\n\r\n"
- "Authorization Required\n",
- req->version, cl->server->conf->realm
- );
+ "%s 401 Authorization Required\r\n"
+ "WWW-Authenticate: Basic realm=\"%s\"\r\n"
+ "Content-Type: text/plain\r\n"
+ "Content-Length: 23\r\n\r\n"
+ "Authorization Required\n",
+ http_versions[req->version],
+ cl->server->conf->realm);
return 0;
}
}
-static char uh_listeners[UH_LIMIT_LISTENERS * sizeof(struct listener)] = { 0 };
-static char uh_clients[UH_LIMIT_CLIENTS * sizeof(struct client)] = { 0 };
-
-static int uh_listener_count = 0;
-static int uh_client_count = 0;
-
+static struct listener *uh_listeners = NULL;
+static struct client *uh_clients = NULL;
struct listener * uh_listener_add(int sock, struct config *conf)
{
struct listener *new = NULL;
socklen_t sl;
- if( uh_listener_count < UH_LIMIT_LISTENERS )
+ if ((new = (struct listener *)malloc(sizeof(struct listener))) != NULL)
{
- new = (struct listener *)
- &uh_listeners[uh_listener_count * sizeof(struct listener)];
+ memset(new, 0, sizeof(struct listener));
+
+ new->fd.fd = sock;
+ new->conf = conf;
- new->socket = sock;
- new->conf = conf;
/* get local endpoint addr */
sl = sizeof(struct sockaddr_in6);
memset(&(new->addr), 0, sl);
getsockname(sock, (struct sockaddr *) &(new->addr), &sl);
- uh_listener_count++;
+ new->next = uh_listeners;
+ uh_listeners = new;
+
+ return new;
}
- return new;
+ return NULL;
}
struct listener * uh_listener_lookup(int sock)
{
struct listener *cur = NULL;
- int i;
-
- for( i = 0; i < uh_listener_count; i++ )
- {
- cur = (struct listener *) &uh_listeners[i * sizeof(struct listener)];
- if( cur->socket == sock )
+ for (cur = uh_listeners; cur; cur = cur->next)
+ if (cur->fd.fd == sock)
return cur;
- }
return NULL;
}
-struct client * uh_client_add(int sock, struct listener *serv)
+struct client * uh_client_add(int sock, struct listener *serv,
+ struct sockaddr_in6 *peer)
{
struct client *new = NULL;
socklen_t sl;
- if( uh_client_count < UH_LIMIT_CLIENTS )
+ if ((new = (struct client *)malloc(sizeof(struct client))) != NULL)
{
- new = (struct client *)
- &uh_clients[uh_client_count * sizeof(struct client)];
+ memset(new, 0, sizeof(struct client));
+ memcpy(&new->peeraddr, peer, sizeof(new->peeraddr));
- new->socket = sock;
+ new->fd.fd = sock;
new->server = serv;
- /* get remote endpoint addr */
- sl = sizeof(struct sockaddr_in6);
- memset(&(new->peeraddr), 0, sl);
- getpeername(sock, (struct sockaddr *) &(new->peeraddr), &sl);
+ new->rpipe.fd = -1;
+ new->wpipe.fd = -1;
/* get local endpoint addr */
sl = sizeof(struct sockaddr_in6);
- memset(&(new->servaddr), 0, sl);
getsockname(sock, (struct sockaddr *) &(new->servaddr), &sl);
- uh_client_count++;
+ new->next = uh_clients;
+ uh_clients = new;
+
+ serv->n_clients++;
+
+ D("IO: Client(%d) allocated\n", new->fd.fd);
}
return new;
struct client * uh_client_lookup(int sock)
{
struct client *cur = NULL;
- int i;
- for( i = 0; i < uh_client_count; i++ )
+ for (cur = uh_clients; cur; cur = cur->next)
+ if (cur->fd.fd == sock)
+ return cur;
+
+ return NULL;
+}
+
+void uh_client_shutdown(struct client *cl)
+{
+#ifdef HAVE_TLS
+ /* free client tls context */
+ if (cl->server && cl->server->conf->tls)
+ cl->server->conf->tls_close(cl);
+#endif
+
+ /* remove from global client list */
+ uh_client_remove(cl);
+}
+
+void uh_client_remove(struct client *cl)
+{
+ struct client *cur = NULL;
+ struct client *prv = NULL;
+
+ for (cur = uh_clients; cur; prv = cur, cur = cur->next)
{
- cur = (struct client *) &uh_clients[i * sizeof(struct client)];
+ if (cur == cl)
+ {
+ if (prv)
+ prv->next = cur->next;
+ else
+ uh_clients = cur->next;
- if( cur->socket == sock )
- return cur;
+ if (cur->timeout.pending)
+ uloop_timeout_cancel(&cur->timeout);
+
+ if (cur->proc.pid)
+ uloop_process_delete(&cur->proc);
+
+ D("IO: Client(%d) freeing\n", cur->fd.fd);
+
+ uh_ufd_remove(&cur->rpipe);
+ uh_ufd_remove(&cur->wpipe);
+ uh_ufd_remove(&cur->fd);
+
+ cur->server->n_clients--;
+
+ free(cur);
+ break;
+ }
}
+}
- return NULL;
+
+void uh_ufd_add(struct uloop_fd *u, uloop_fd_handler h, unsigned int ev)
+{
+ if (h != NULL)
+ {
+ u->cb = h;
+ uloop_fd_add(u, ev);
+ D("IO: FD(%d) added to uloop\n", u->fd);
+ }
}
-void uh_client_remove(int sock)
+void uh_ufd_remove(struct uloop_fd *u)
{
- struct client *del = uh_client_lookup(sock);
+ if (u->cb != NULL)
+ {
+ uloop_fd_delete(u);
+ D("IO: FD(%d) removed from uloop\n", u->fd);
+ u->cb = NULL;
+ }
- if( del )
+ if (u->fd > -1)
{
- memmove(del, del + 1,
- sizeof(uh_clients) - (int)((char *)del - uh_clients) - sizeof(struct client));
+ close(u->fd);
+ D("IO: FD(%d) closed\n", u->fd);
+ u->fd = -1;
+ }
+}
+
+
+#ifdef HAVE_CGI
+static struct interpreter *uh_interpreters = NULL;
+
+struct interpreter * uh_interpreter_add(const char *extn, const char *path)
+{
+ struct interpreter *new = NULL;
+
+ if ((new = (struct interpreter *)malloc(sizeof(struct interpreter))) != NULL)
+ {
+ memset(new, 0, sizeof(struct interpreter));
+
+ memcpy(new->extn, extn, min(strlen(extn), sizeof(new->extn)-1));
+ memcpy(new->path, path, min(strlen(path), sizeof(new->path)-1));
+
+ new->next = uh_interpreters;
+ uh_interpreters = new;
- uh_client_count--;
+ return new;
}
+
+ return NULL;
}
+struct interpreter * uh_interpreter_lookup(const char *path)
+{
+ struct interpreter *cur = NULL;
+ const char *e;
+
+ for (cur = uh_interpreters; cur; cur = cur->next)
+ {
+ e = &path[max(strlen(path) - strlen(cur->extn), 0)];
+ if (!strcmp(e, cur->extn))
+ return cur;
+ }
+
+ return NULL;
+}
+#endif