+++ /dev/null
-/*
- * Copyright (c) 2007-2008, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <time.h>
-#include <string.h>
-#include "axhttp.h"
-
-#define HTTP_VERSION "HTTP/1.1"
-
-static const char * index_file = "index.html";
-
-static int special_read(struct connstruct *cn, void *buf, size_t count);
-static int special_write(struct connstruct *cn,
- const char *buf, size_t count);
-static void send_error(struct connstruct *cn, int err);
-static int hexit(char c);
-static void urldecode(char *buf);
-static void buildactualfile(struct connstruct *cn);
-static int sanitizefile(const char *buf);
-static int sanitizehost(char *buf);
-static int htaccess_check(struct connstruct *cn);
-static const char *getmimetype(const char *name);
-
-#if defined(CONFIG_HTTP_DIRECTORIES)
-static void urlencode(const uint8_t *s, char *t);
-static void procdirlisting(struct connstruct *cn);
-#endif
-#if defined(CONFIG_HTTP_HAS_CGI)
-static void proccgi(struct connstruct *cn);
-static void decode_path_info(struct connstruct *cn, char *path_info);
-static int init_read_post_data(char *buf, char *data, struct connstruct *cn, int old_rv);
-#endif
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-static int auth_check(struct connstruct *cn);
-#endif
-
-#if AXDEBUG
-#define AXDEBUGSTART \
- { \
- FILE *axdout; \
- axdout = fopen("/var/log/axdebug", "a"); \
-
-#define AXDEBUGEND \
- fclose(axdout); \
- }
-#else /* AXDEBUG */
-#define AXDEBUGSTART
-#define AXDEBUGEND
-#endif /* AXDEBUG */
-
-/* Returns 1 if elems should continue being read, 0 otherwise */
-static int procheadelem(struct connstruct *cn, char *buf)
-{
- char *delim, *value;
-
- if ((delim = strchr(buf, ' ')) == NULL)
- return 0;
-
- *delim = 0;
- value = delim+1;
-
- if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 ||
- strcmp(buf, "POST") == 0)
- {
- if (buf[0] == 'H')
- cn->reqtype = TYPE_HEAD;
- else if (buf[0] == 'P')
- cn->reqtype = TYPE_POST;
-
- if ((delim = strchr(value, ' ')) == NULL) /* expect HTTP type */
- return 0;
-
- *delim = 0;
- urldecode(value);
-
- if (sanitizefile(value) == 0)
- {
- send_error(cn, 403);
- return 0;
- }
-
-#if defined(CONFIG_HTTP_HAS_CGI)
- decode_path_info(cn, value);
-#else
- my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
-#endif
- cn->if_modified_since = -1;
- }
- else if (strcmp(buf, "Host:") == 0)
- {
- if (sanitizehost(value) == 0)
- {
- removeconnection(cn);
- return 0;
- }
-
- my_strncpy(cn->server_name, value, MAXREQUESTLENGTH);
- }
- else if (strcmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0)
- {
- cn->close_when_done = 1;
- }
- else if (strcmp(buf, "If-Modified-Since:") == 0)
- {
- cn->if_modified_since = tdate_parse(value);
- }
- else if (strcmp(buf, "Expect:") == 0)
- {
- send_error(cn, 417); /* expectation failed */
- return 0;
- }
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
- else if (strcmp(buf, "Authorization:") == 0 &&
- strncmp(value, "Basic ", 6) == 0)
- {
- int size;
- if (base64_decode(&value[6], strlen(&value[6]),
- (uint8_t *)cn->authorization, &size))
- cn->authorization[0] = 0; /* error */
- else
- cn->authorization[size] = 0;
- }
-#endif
-#if defined(CONFIG_HTTP_HAS_CGI)
- else if (strcmp(buf, "Content-Length:") == 0)
- {
- sscanf(value, "%d", &cn->content_length);
- }
- else if (strcmp(buf, "Cookie:") == 0)
- {
- my_strncpy(cn->cookie, value, MAXREQUESTLENGTH);
- }
-#endif
-
- return 1;
-}
-
-#if defined(CONFIG_HTTP_DIRECTORIES)
-static void procdirlisting(struct connstruct *cn)
-{
- char buf[MAXREQUESTLENGTH];
- char actualfile[1024];
-
- if (cn->reqtype == TYPE_HEAD)
- {
- snprintf(buf, sizeof(buf), HTTP_VERSION
- " 200 OK\nContent-Type: text/html\n\n");
- write(cn->networkdesc, buf, strlen(buf));
- removeconnection(cn);
- return;
- }
-
- strcpy(actualfile, cn->actualfile);
-
-#ifdef WIN32
- strcat(actualfile, "*");
- cn->dirp = FindFirstFile(actualfile, &cn->file_data);
-
- if (cn->dirp == INVALID_HANDLE_VALUE)
- {
- send_error(cn, 404);
- return;
- }
-#else
- if ((cn->dirp = opendir(actualfile)) == NULL)
- {
- send_error(cn, 404);
- return;
- }
-#endif
-
- snprintf(buf, sizeof(buf), HTTP_VERSION
- " 200 OK\nContent-Type: text/html\n\n"
- "<html><body>\n<title>Directory Listing</title>\n"
- "<h3>Directory listing of %s://%s%s</h3><br />\n",
- cn->is_ssl ? "https" : "http", cn->server_name, cn->filereq);
- special_write(cn, buf, strlen(buf));
- cn->state = STATE_DOING_DIR;
-}
-
-void procdodir(struct connstruct *cn)
-{
-#ifndef WIN32
- struct dirent *dp;
-#endif
- char buf[MAXREQUESTLENGTH];
- char encbuf[1024];
- char *file;
-
- do
- {
- buf[0] = 0;
-
-#ifdef WIN32
- if (!FindNextFile(cn->dirp, &cn->file_data))
-#else
- if ((dp = readdir(cn->dirp)) == NULL)
-#endif
- {
- snprintf(buf, sizeof(buf), "</body></html>\n");
- special_write(cn, buf, strlen(buf));
- removeconnection(cn);
-#ifndef WIN32
- closedir(cn->dirp);
-#endif
- return;
- }
-
-#ifdef WIN32
- file = cn->file_data.cFileName;
-#else
- file = dp->d_name;
-#endif
-
- /* if no index file, don't display the ".." directory */
- if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
- strcmp(file, "..") == 0)
- continue;
-
- /* don't display files beginning with "." */
- if (file[0] == '.' && file[1] != '.')
- continue;
-
- /* make sure a '/' is at the end of a directory */
- if (cn->filereq[strlen(cn->filereq)-1] != '/')
- strcat(cn->filereq, "/");
-
- /* see if the dir + file is another directory */
- snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
- if (isdir(buf))
- strcat(file, "/");
-
- urlencode((uint8_t *)file, encbuf);
- snprintf(buf, sizeof(buf), "<a href=\"%s%s\">%s</a><br />\n",
- cn->filereq, encbuf, file);
- } while (special_write(cn, buf, strlen(buf)));
-}
-
-/* Encode funny chars -> %xx in newly allocated storage */
-/* (preserves '/' !) */
-static void urlencode(const uint8_t *s, char *t)
-{
- const uint8_t *p = s;
- char *tp = t;
-
- for (; *p; p++)
- {
- if ((*p > 0x00 && *p < ',') ||
- (*p > '9' && *p < 'A') ||
- (*p > 'Z' && *p < '_') ||
- (*p > '_' && *p < 'a') ||
- (*p > 'z' && *p < 0xA1))
- {
- sprintf((char *)tp, "%%%02X", *p);
- tp += 3;
- }
- else
- {
- *tp = *p;
- tp++;
- }
- }
-
- *tp='\0';
-}
-
-#endif
-
-void procreadhead(struct connstruct *cn)
-{
- char buf[MAXREQUESTLENGTH*4], *tp, *next;
- int rv;
-
- memset(buf, 0, MAXREQUESTLENGTH*4);
- rv = special_read(cn, buf, sizeof(buf)-1);
- if (rv <= 0)
- {
- if (rv < 0) /* really dead? */
- removeconnection(cn);
- return;
- }
-
- buf[rv] = '\0';
- next = tp = buf;
-
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
- cn->authorization[0] = 0;
-#endif
-
- /* Split up lines and send to procheadelem() */
- while (*next != '\0')
- {
- /* If we have a blank line, advance to next stage */
- if (*next == '\r' || *next == '\n')
- {
-#if defined(CONFIG_HTTP_HAS_CGI)
- if (cn->reqtype == TYPE_POST && cn->content_length > 0)
- {
- if (init_read_post_data(buf,next,cn,rv) == 0)
- return;
- }
-#endif
-
- buildactualfile(cn);
- cn->state = STATE_WANT_TO_SEND_HEAD;
- return;
- }
-
- while (*next != '\r' && *next != '\n' && *next != '\0')
- next++;
-
- if (*next == '\r')
- {
- *next = '\0';
- next += 2;
- }
- else if (*next == '\n')
- *next++ = '\0';
-
- if (procheadelem(cn, tp) == 0)
- return;
-
- tp = next;
- }
-}
-
-/* In this function we assume that the file has been checked for
- * maliciousness (".."s, etc) and has been decoded
- */
-void procsendhead(struct connstruct *cn)
-{
- char buf[MAXREQUESTLENGTH];
- struct stat stbuf;
- time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
- char date[32];
- int file_exists;
-
- /* are we trying to access a file over the HTTP connection instead of a
- * HTTPS connection? Or is this directory disabled? */
- if (htaccess_check(cn))
- {
- send_error(cn, 403);
- return;
- }
-
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
- if (auth_check(cn)) /* see if there is a '.htpasswd' file */
- {
-#ifdef CONFIG_HTTP_VERBOSE
- printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
-#endif
- removeconnection(cn);
- return;
- }
-#endif
-
- file_exists = stat(cn->actualfile, &stbuf);
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-
- if (file_exists != -1 && cn->is_cgi)
- {
- if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile))
- {
- /* A non-executable file, or directory? */
- send_error(cn, 403);
- }
- else
- proccgi(cn);
-
- return;
- }
-#endif
-
- /* look for "index.html"? */
- if (isdir(cn->actualfile))
- {
- char tbuf[MAXREQUESTLENGTH];
- snprintf(tbuf, MAXREQUESTLENGTH, "%s%s", cn->actualfile, index_file);
-
- if ((file_exists = stat(tbuf, &stbuf)) != -1)
- my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
- else
- {
-#if defined(CONFIG_HTTP_DIRECTORIES)
- /* If not, we do a directory listing of it */
- procdirlisting(cn);
-#else
- send_error(cn, 404);
-#endif
- return;
- }
- }
-
- if (file_exists == -1)
- {
- send_error(cn, 404);
- return;
- }
-
- strcpy(date, ctime(&now));
-
- /* has the file been read before? */
- if (cn->if_modified_since != -1 && (cn->if_modified_since == 0 ||
- cn->if_modified_since >= stbuf.st_mtime))
- {
- snprintf(buf, sizeof(buf), HTTP_VERSION" 304 Not Modified\nServer: "
- "%s\nDate: %s\n", server_version, date);
- special_write(cn, buf, strlen(buf));
- cn->state = STATE_WANT_TO_READ_HEAD;
- return;
- }
-
- if (cn->reqtype == TYPE_HEAD)
- {
- removeconnection(cn);
- return;
- }
- else
- {
- int flags = O_RDONLY;
-#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
- flags |= O_BINARY;
-#endif
- cn->filedesc = open(cn->actualfile, flags);
-
- if (cn->filedesc < 0)
- {
- send_error(cn, 404);
- return;
- }
-
- snprintf(buf, sizeof(buf), HTTP_VERSION" 200 OK\nServer: %s\n"
- "Content-Type: %s\nContent-Length: %ld\n"
- "Date: %sLast-Modified: %s\n", server_version,
- getmimetype(cn->actualfile), (long) stbuf.st_size,
- date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */
-
- special_write(cn, buf, strlen(buf));
-
-#ifdef CONFIG_HTTP_VERBOSE
- printf("axhttpd: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
- TTY_FLUSH();
-#endif
-
-#ifdef WIN32
- for (;;)
- {
- procreadfile(cn);
- if (cn->filedesc == -1)
- break;
-
- do
- {
- procsendfile(cn);
- } while (cn->state != STATE_WANT_TO_READ_FILE);
- }
-#else
- cn->state = STATE_WANT_TO_READ_FILE;
-#endif
- }
-}
-
-void procreadfile(struct connstruct *cn)
-{
- int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
-
- if (rv <= 0)
- {
- close(cn->filedesc);
- cn->filedesc = -1;
-
- if (cn->close_when_done) /* close immediately */
- removeconnection(cn);
- else
- { /* keep socket open - HTTP 1.1 */
- cn->state = STATE_WANT_TO_READ_HEAD;
- cn->numbytes = 0;
- }
-
- return;
- }
-
- cn->numbytes = rv;
- cn->state = STATE_WANT_TO_SEND_FILE;
-}
-
-void procsendfile(struct connstruct *cn)
-{
- int rv = special_write(cn, cn->databuf, cn->numbytes);
-
- if (rv < 0)
- removeconnection(cn);
- else if (rv == cn->numbytes)
- {
- cn->state = STATE_WANT_TO_READ_FILE;
- }
- else if (rv == 0)
- {
- /* Do nothing */
- }
- else
- {
- memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
- cn->numbytes -= rv;
- }
-}
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-/* Should this be a bit more dynamic? It would mean more calls to malloc etc */
-#define CGI_ARG_SIZE 17
-
-static void proccgi(struct connstruct *cn)
-{
- int tpipe[2], spipe[2];
- char *myargs[2];
- char cgienv[CGI_ARG_SIZE][MAXREQUESTLENGTH];
- char * cgiptr[CGI_ARG_SIZE+4];
- const char *type = "HEAD";
- int cgi_index = 0, i;
- pid_t pid;
-#ifdef WIN32
- int tmp_stdout;
-#endif
-
- snprintf(cgienv[0], MAXREQUESTLENGTH,
- HTTP_VERSION" 200 OK\nServer: %s\n%s",
- server_version, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
- special_write(cn, cgienv[0], strlen(cgienv[0]));
-
- if (cn->reqtype == TYPE_HEAD)
- {
- removeconnection(cn);
- return;
- }
-
-#ifdef CONFIG_HTTP_VERBOSE
- printf("[CGI]: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
- TTY_FLUSH();
-#endif
-
- /* win32 cgi is a bit too painful */
-#ifndef WIN32
- /* set up pipe that is used for sending POST query data to CGI script*/
- if (cn->reqtype == TYPE_POST)
- {
- if (pipe(spipe) == -1)
- {
- printf("[CGI]: could not create pipe");
- TTY_FLUSH();
- return;
- }
- }
-
- if (pipe(tpipe) == -1)
- {
- printf("[CGI]: could not create pipe");
- TTY_FLUSH();
- return;
- }
-
- /*
- * use vfork() instead of fork() for performance
- */
- if ((pid = vfork()) > 0) /* parent */
- {
- /* Send POST query data to CGI script */
- if ((cn->reqtype == TYPE_POST) && (cn->content_length > 0))
- {
- write(spipe[1], cn->post_data, cn->content_length);
- close(spipe[0]);
- close(spipe[1]);
-
- /* free the memory that is allocated in read_post_data() */
- free(cn->post_data);
- cn->post_data = NULL;
- }
-
- /* Close the write descriptor */
- close(tpipe[1]);
- cn->filedesc = tpipe[0];
- cn->state = STATE_WANT_TO_READ_FILE;
- cn->close_when_done = 1;
- return;
- }
-
- if (pid < 0) /* vfork failed */
- exit(1);
-
- /* The problem child... */
-
- /* Our stdout/stderr goes to the socket */
- dup2(tpipe[1], 1);
- dup2(tpipe[1], 2);
-
- /* If it was a POST request, send the socket data to our stdin */
- if (cn->reqtype == TYPE_POST)
- dup2(spipe[0], 0);
- else /* Otherwise we can shutdown the read side of the sock */
- shutdown(cn->networkdesc, 0);
-
- myargs[0] = cn->actualfile;
- myargs[1] = NULL;
-
- /*
- * set the cgi args. A url is defined by:
- * http://$SERVER_NAME:$SERVER_PORT$SCRIPT_NAME$PATH_INFO?$QUERY_STRING
- * TODO: other CGI parameters?
- */
- sprintf(cgienv[cgi_index++], "SERVER_SOFTWARE=%s", server_version);
- strcpy(cgienv[cgi_index++], "DOCUMENT_ROOT=" CONFIG_HTTP_WEBROOT);
- snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
- "SERVER_NAME=%s", cn->server_name);
- sprintf(cgienv[cgi_index++], "SERVER_PORT=%d",
- cn->is_ssl ? CONFIG_HTTP_HTTPS_PORT : CONFIG_HTTP_PORT);
- snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
- "REQUEST_URI=%s", cn->uri_request);
- snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
- "SCRIPT_NAME=%s", cn->filereq);
- snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
- "PATH_INFO=%s", cn->uri_path_info);
- snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
- "QUERY_STRING=%s", cn->uri_query);
- snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
- "REMOTE_ADDR=%s", cn->remote_addr);
- snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
- "HTTP_COOKIE=%s", cn->cookie); /* note: small size */
-#if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
- snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
- "REMOTE_USER=%s", cn->authorization);
-#endif
-
- switch (cn->reqtype)
- {
- case TYPE_GET:
- type = "GET";
- break;
-
- case TYPE_POST:
- type = "POST";
- sprintf(cgienv[cgi_index++],
- "CONTENT_LENGTH=%d", cn->content_length);
- strcpy(cgienv[cgi_index++], /* hard-code? */
- "CONTENT_TYPE=application/x-www-form-urlencoded");
- break;
- }
-
- sprintf(cgienv[cgi_index++], "REQUEST_METHOD=%s", type);
-
- if (cn->is_ssl)
- strcpy(cgienv[cgi_index++], "HTTPS=on");
-
-#ifdef CONFIG_PLATFORM_CYGWIN
- /* TODO: find out why Lua needs this */
- strcpy(cgienv[cgi_index++], "PATH=/usr/bin");
-#endif
-
- if (cgi_index >= CGI_ARG_SIZE)
- {
- printf("Content-type: text/plain\n\nToo many CGI args (%d, %d)\n",
- cgi_index, CGI_ARG_SIZE);
- _exit(1);
- }
-
- /* copy across the pointer indexes */
- for (i = 0; i < cgi_index; i++)
- cgiptr[i] = cgienv[i];
-
- cgiptr[i++] = "AUTH_TYPE=Basic";
- cgiptr[i++] = "GATEWAY_INTERFACE=CGI/1.1";
- cgiptr[i++] = "SERVER_PROTOCOL="HTTP_VERSION;
- cgiptr[i] = NULL;
-
- execve(myargs[0], myargs, cgiptr);
- printf("Content-type: text/plain\n\nshouldn't get here\n");
- _exit(1);
-#endif
-}
-
-static char * cgi_filetype_match(struct connstruct *cn, const char *fn)
-{
- struct cgiextstruct *tp = cgiexts;
-
- while (tp != NULL)
- {
- char *t;
-
- if ((t = strstr(fn, tp->ext)) != NULL)
- {
- t += strlen(tp->ext);
-
- if (*t == '/' || *t == '\0')
- {
-#ifdef CONFIG_HTTP_ENABLE_LUA
- if (strcmp(tp->ext, ".lua") == 0 || strcmp(tp->ext, ".lp") == 0)
- cn->is_lua = 1;
-#endif
-
- return t;
- }
- else
- return NULL;
-
- }
-
- tp = tp->next;
- }
-
- return NULL;
-}
-
-static void decode_path_info(struct connstruct *cn, char *path_info)
-{
- char *cgi_delim;
-
- cn->is_cgi = 0;
-#ifdef CONFIG_HTTP_ENABLE_LUA
- cn->is_lua = 0;
-#endif
- *cn->uri_request = '\0';
- *cn->uri_path_info = '\0';
- *cn->uri_query = '\0';
-
- my_strncpy(cn->uri_request, path_info, MAXREQUESTLENGTH);
-
- /* query info? */
- if ((cgi_delim = strchr(path_info, '?')))
- {
- *cgi_delim = '\0';
- my_strncpy(cn->uri_query, cgi_delim+1, MAXREQUESTLENGTH);
- }
-
- if ((cgi_delim = cgi_filetype_match(cn, path_info)) != NULL)
- {
- cn->is_cgi = 1; /* definitely a CGI script */
-
- /* path info? */
- if (*cgi_delim != '\0')
- {
- my_strncpy(cn->uri_path_info, cgi_delim, MAXREQUESTLENGTH);
- *cgi_delim = '\0';
- }
- }
-
- /* the bit at the start must be the script name */
- my_strncpy(cn->filereq, path_info, MAXREQUESTLENGTH);
-}
-
-static int init_read_post_data(char *buf, char *data,
- struct connstruct *cn, int old_rv)
-{
- char *next = data;
- int rv = old_rv;
- char *post_data;
-
- /* Too much Post data to send. MAXPOSTDATASIZE should be
- configured (now it can be chaged in the header file) */
- if (cn->content_length > MAXPOSTDATASIZE)
- {
- send_error(cn, 418);
- return 0;
- }
-
- /* remove CRLF */
- while ((*next == '\r' || *next == '\n') && (next < &buf[rv]))
- next++;
-
- if (cn->post_data == NULL)
- {
- cn->post_data = (char *) calloc(1, (cn->content_length + 1));
- /* Allocate buffer for the POST data that will be used by proccgi
- to send POST data to the CGI script */
-
- if (cn->post_data == NULL)
- {
- printf("axhttpd: could not allocate memory for POST data\n");
- TTY_FLUSH();
- send_error(cn, 599);
- return 0;
- }
- }
-
- cn->post_state = 0;
- cn->post_read = 0;
- post_data = cn->post_data;
-
- while (next < &buf[rv])
- {
- /*copy POST data to buffer*/
- *post_data = *next;
- post_data++;
- next++;
- cn->post_read++;
- if (cn->post_read == cn->content_length)
- {
- /* No more POST data to be copied */
- *post_data = '\0';
- return 1;
- }
- }
-
- /* More POST data has to be read. read_post_data will continue with that */
- cn->post_state = 1;
- return 0;
-}
-
-void read_post_data(struct connstruct *cn)
-{
- char buf[MAXREQUESTLENGTH*4], *next;
- char *post_data;
- int rv;
-
- bzero(buf,MAXREQUESTLENGTH*4);
- rv = special_read(cn, buf, sizeof(buf)-1);
- if (rv <= 0)
- {
- if (rv < 0) /* really dead? */
- removeconnection(cn);
- return;
- }
-
- buf[rv] = '\0';
- next = buf;
-
- post_data = &cn->post_data[cn->post_read];
-
- while (next < &buf[rv])
- {
- *post_data = *next;
- post_data++;
- next++;
- cn->post_read++;
- if (cn->post_read == cn->content_length)
- {
- /* No more POST data to be copied */
- *post_data='\0';
- cn->post_state = 0;
- buildactualfile(cn);
- cn->state = STATE_WANT_TO_SEND_HEAD;
- return;
- }
- }
-
- /* More POST data to read */
-}
-
-#endif /* CONFIG_HTTP_HAS_CGI */
-
-/* Decode string %xx -> char (in place) */
-static void urldecode(char *buf)
-{
- int v;
- char *p, *s, *w;
-
- w = p = buf;
-
- while (*p)
- {
- v = 0;
-
- if (*p == '%')
- {
- s = p;
- s++;
-
- if (isxdigit((int) s[0]) && isxdigit((int) s[1]))
- {
- v = hexit(s[0])*16 + hexit(s[1]);
-
- if (v)
- {
- /* do not decode %00 to null char */
- *w = (char)v;
- p = &s[1];
- }
- }
-
- }
-
- if (!v) *w=*p;
- p++;
- w++;
- }
-
- *w='\0';
-}
-
-static int hexit(char c)
-{
- if (c >= '0' && c <= '9')
- return c - '0';
- else if (c >= 'a' && c <= 'f')
- return c - 'a' + 10;
- else if (c >= 'A' && c <= 'F')
- return c - 'A' + 10;
- else
- return 0;
-}
-
-static void buildactualfile(struct connstruct *cn)
-{
- char *cp;
- snprintf(cn->actualfile, MAXREQUESTLENGTH, ".%s", cn->filereq);
-
-#ifndef WIN32
- /* Add directory slash if not there */
- if (isdir(cn->actualfile) &&
- cn->actualfile[strlen(cn->actualfile)-1] != '/')
- strcat(cn->actualfile, "/");
-
- /* work out the directory name */
- strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
- if ((cp = strrchr(cn->dirname, '/')) == NULL)
- cn->dirname[0] = 0;
- else
- *cp = 0;
-#else
- {
- char curr_dir[MAXREQUESTLENGTH];
- char path[MAXREQUESTLENGTH];
- char *t = cn->actualfile;
-
- GetCurrentDirectory(MAXREQUESTLENGTH, curr_dir);
-
- /* convert all the forward slashes to back slashes */
- while ((t = strchr(t, '/')))
- *t++ = '\\';
-
- snprintf(path, MAXREQUESTLENGTH, "%s%s", curr_dir, cn->actualfile);
- memcpy(cn->actualfile, path, MAXREQUESTLENGTH);
-
- /* Add directory slash if not there */
- if (isdir(cn->actualfile) &&
- cn->actualfile[strlen(cn->actualfile)-1] != '\\')
- strcat(cn->actualfile, "\\");
-
- /* work out the directory name */
- strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
- if ((cp = strrchr(cn->dirname, '\\')) == NULL)
- cn->dirname[0] = 0;
- else
- *cp = 0;
- }
-#endif
-
-#if defined(CONFIG_HTTP_ENABLE_LUA)
- /*
- * Use the lua launcher if this file has a lua extension. Put this at the
- * end as we need the directory name.
- */
- if (cn->is_lua)
- sprintf(cn->actualfile, "%s%s", CONFIG_HTTP_LUA_PREFIX,
- CONFIG_HTTP_LUA_CGI_LAUNCHER);
-#endif
-}
-
-static int sanitizefile(const char *buf)
-{
- int len, i;
-
- /* Don't accept anything not starting with a / */
- if (*buf != '/')
- return 0;
-
- len = strlen(buf);
- for (i = 0; i < len; i++)
- {
- /* Check for "/." i.e. don't send files starting with a . */
- if (buf[i] == '/' && buf[i+1] == '.')
- return 0;
- }
-
- return 1;
-}
-
-static int sanitizehost(char *buf)
-{
- while (*buf != '\0')
- {
- /* Handle the port */
- if (*buf == ':')
- {
- *buf = '\0';
- return 1;
- }
-
- /* Enforce some basic URL rules... */
- if ((isalnum(*buf) == 0 && *buf != '-' && *buf != '.') ||
- (*buf == '.' && *(buf+1) == '.') ||
- (*buf == '.' && *(buf+1) == '-') ||
- (*buf == '-' && *(buf+1) == '.'))
- return 0;
-
- buf++;
- }
-
- return 1;
-}
-
-static FILE * exist_check(struct connstruct *cn, const char *check_file)
-{
- char pathname[MAXREQUESTLENGTH];
- snprintf(pathname, MAXREQUESTLENGTH, "%s/%s", cn->dirname, check_file);
- return fopen(pathname, "r");
-}
-
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-static void send_authenticate(struct connstruct *cn, const char *realm)
-{
- char buf[1024];
-
- snprintf(buf, sizeof(buf), HTTP_VERSION" 401 Unauthorized\n"
- "WWW-Authenticate: Basic\n"
- "realm=\"%s\"\n", realm);
- special_write(cn, buf, strlen(buf));
-}
-
-static int check_digest(char *salt, const char *msg_passwd)
-{
- uint8_t b256_salt[MAXREQUESTLENGTH];
- uint8_t real_passwd[MD5_SIZE];
- int salt_size;
- char *b64_passwd;
- uint8_t md5_result[MD5_SIZE];
- MD5_CTX ctx;
-
- /* retrieve the salt */
- if ((b64_passwd = strchr(salt, '$')) == NULL)
- return -1;
-
- *b64_passwd++ = 0;
- if (base64_decode(salt, strlen(salt), b256_salt, &salt_size))
- return -1;
-
- if (base64_decode(b64_passwd, strlen(b64_passwd), real_passwd, NULL))
- return -1;
-
- /* very simple MD5 crypt algorithm, but then the salt we use is large */
- MD5_Init(&ctx);
- MD5_Update(&ctx, b256_salt, salt_size); /* process the salt */
- MD5_Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd));
- MD5_Final(md5_result, &ctx);
- return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
-}
-
-static int auth_check(struct connstruct *cn)
-{
- char line[MAXREQUESTLENGTH];
- FILE *fp;
- char *cp;
-
- if ((fp = exist_check(cn, ".htpasswd")) == NULL)
- return 0; /* no .htpasswd file, so let though */
-
- if (cn->authorization[0] == 0)
- goto error;
-
- /* cn->authorization is in form "username:password" */
- if ((cp = strchr(cn->authorization, ':')) == NULL)
- goto error;
- else
- *cp++ = 0; /* cp becomes the password */
-
- while (fgets(line, sizeof(line), fp) != NULL)
- {
- char *b64_file_passwd;
- int l = strlen(line);
-
- /* nuke newline */
- if (line[l-1] == '\n')
- line[l-1] = 0;
-
- /* line is form "username:salt(b64)$password(b64)" */
- if ((b64_file_passwd = strchr(line, ':')) == NULL)
- continue;
-
- *b64_file_passwd++ = 0;
-
- if (strcmp(line, cn->authorization)) /* our user? */
- continue;
-
- if (check_digest(b64_file_passwd, cp) == 0)
- {
- fclose(fp);
- return 0;
- }
- }
-
-error:
- fclose(fp);
- send_authenticate(cn, cn->server_name);
- return -1;
-}
-#endif
-
-static int htaccess_check(struct connstruct *cn)
-{
- char line[MAXREQUESTLENGTH];
- FILE *fp;
- int ret = 0;
-
- if ((fp = exist_check(cn, ".htaccess")) == NULL)
- return 0; /* no .htaccess file, so let though */
-
- while (fgets(line, sizeof(line), fp) != NULL)
- {
- if (strstr(line, "Deny all") || /* access to this dir denied */
- /* Access will be denied unless SSL is active */
- (!cn->is_ssl && strstr(line, "SSLRequireSSL")) ||
- /* Access will be denied if SSL is active */
- (cn->is_ssl && strstr(line, "SSLDenySSL")))
- {
- ret = -1;
- break;
- }
- }
-
- fclose(fp);
- return ret;
-}
-
-static void send_error(struct connstruct *cn, int err)
-{
- char buf[MAXREQUESTLENGTH];
- char *title;
- char *text;
-
- switch (err)
- {
- case 403:
- title = "Forbidden";
- text = "File is protected";
-#ifdef CONFIG_HTTP_VERBOSE
- printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
-#endif
- break;
-
- case 404:
- title = "Not Found";
- text = title;
- break;
-
- case 418:
- title = "POST data size is to large";
- text = title;
- break;
-
- default:
- title = "Unknown";
- text = "Unknown";
- break;
- }
-
- snprintf(buf, MAXREQUESTLENGTH, "HTTP/1.1 %d %s\n"
- "Content-Type: text/html\n"
- "Cache-Control: no-cache,no-store\n"
- "Connection: close\n\n"
- "<html>\n<head>\n<title>%d %s</title></head>\n"
- "<body><h1>%d %s</h1>\n</body></html>\n",
- err, title, err, title, err, text);
- special_write(cn, buf, strlen(buf));
- removeconnection(cn);
-}
-
-static const char *getmimetype(const char *name)
-{
- /* only bother with a few mime types - let the browser figure the rest out */
- if (strstr(name, ".htm"))
- return "text/html";
- else if (strstr(name, ".css"))
- return "text/css";
- else
- return "application/octet-stream";
-}
-
-static int special_write(struct connstruct *cn,
- const char *buf, size_t count)
-{
- if (cn->is_ssl)
- {
- SSL *ssl = cn->ssl;
- return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
- }
- else
- return SOCKET_WRITE(cn->networkdesc, buf, count);
-}
-
-static int special_read(struct connstruct *cn, void *buf, size_t count)
-{
- int res;
-
- if (cn->is_ssl)
- {
- uint8_t *read_buf;
- if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
- {
- memcpy(buf, read_buf, res > (int)count ? count : res);
- }
- }
- else
- res = SOCKET_READ(cn->networkdesc, buf, count);
-
- return res;
-}
-