[sgt/agedu] / httpd.c

/*
 * httpd.c: implementation of httpd.h.
 */

#include "agedu.h"
#include "alloc.h"
#include "html.h"
#include "httpd.h"

/* --- Logic driving what the web server's responses are. --- */

enum { /* connctx states */
    READING_REQ_LINE,
    READING_HEADERS,
    DONE
};

struct connctx {
    const void *t;
    char *data;
    int datalen, datasize;
    char *method, *url, *headers, *auth;
    int state;
};

/*
 * Called when a new connection arrives on a listening socket.
 * Returns a connctx for the new connection.
 */
struct connctx *new_connection(const void *t)
{
    struct connctx *cctx = snew(struct connctx);
    cctx->t = t;
    cctx->data = NULL;
    cctx->datalen = cctx->datasize = 0;
    cctx->state = READING_REQ_LINE;
    cctx->method = cctx->url = cctx->headers = cctx->auth = NULL;
    return cctx;
}

void free_connection(struct connctx *cctx)
{
    sfree(cctx->data);
    sfree(cctx);
}

static char *http_error(char *code, char *errmsg, char *extraheader,
			char *errtext, ...)
{
    return dupfmt("HTTP/1.1 %s %s\r\n"
		  "Date: %D\r\n"
		  "Server: " PNAME "\r\n"
		  "Connection: close\r\n"
		  "%s"
		  "Content-Type: text/html; charset=US-ASCII\r\n"
		  "\r\n"
		  "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n"
		  "<HTML><HEAD>\r\n"
		  "<TITLE>%s %s</TITLE>\r\n"
		  "</HEAD><BODY>\r\n"
		  "<H1>%s %s</H1>\r\n"
		  "<P>%s</P>\r\n"
		  "</BODY></HTML>\r\n", code, errmsg,
		  extraheader ? extraheader : "",
		  code, errmsg, code, errmsg, errtext);
}

static char *http_success(char *mimetype, int stuff_cr, char *document)
{
    return dupfmt("HTTP/1.1 200 OK\r\n"
		  "Date: %D\r\n"
		  "Expires: %D\r\n"
		  "Server: " PNAME "\r\n"
		  "Connection: close\r\n"
		  "Content-Type: %s\r\n"
		  "\r\n"
		  "%S", mimetype, stuff_cr, document);
}

/*
 * Called when data comes in on a connection.
 * 
 * If this function returns NULL, the platform code continues
 * reading from the socket. Otherwise, it returns some dynamically
 * allocated data which the platform code will then write to the
 * socket before closing it.
 */
char *got_data(struct connctx *ctx, char *data, int length,
	       int magic_access, const char *auth_string,
	       const struct html_config *cfg)
{
    char *line, *p, *q, *r, *z1, *z2, c1, c2;
    int auth_correct = 0;
    unsigned long index;
    char *document, *ret;

    /*
     * Add the data we've just received to our buffer.
     */
    if (ctx->datasize < ctx->datalen + length) {
	ctx->datasize = (ctx->datalen + length) * 3 / 2 + 4096;
	ctx->data = sresize(ctx->data, ctx->datasize, char);
    }
    memcpy(ctx->data + ctx->datalen, data, length);
    ctx->datalen += length;

    /*
     * Gradually process the HTTP request as we receive it.
     */
    if (ctx->state == READING_REQ_LINE) {
	/*
	 * We're waiting for the first line of the input, which
	 * contains the main HTTP request. See if we've got it
	 * yet.
	 */

	line = ctx->data;
	/*
	 * RFC 2616 section 4.1: `In the interest of robustness,
	 * [...] if the server is reading the protocol stream at
	 * the beginning of a message and receives a CRLF first,
	 * it should ignore the CRLF.'
	 */
	while (line - ctx->data < ctx->datalen &&
	       (*line == '\r' || *line == '\n'))
	    line++;
	q = line;
	while (q - ctx->data < ctx->datalen && *q != '\n')
	    q++;
	if (q - ctx->data >= ctx->datalen)
	    return NULL;	       /* not got request line yet */

	/*
	 * We've got the first line of the request. Zero-terminate
	 * and parse it into method, URL and optional HTTP
	 * version.
	 */
	*q = '\0';
	ctx->headers = q+1;
	if (q > line && q[-1] == '\r')
	    *--q = '\0';
	z1 = z2 = q;
	c1 = c2 = *q;
	p = line;
	while (*p && !isspace((unsigned char)*p)) p++;
	if (*p) {
	    z1 = p++;
	    c1 = *z1;
	    *z1 = '\0';
	}
	while (*p && isspace((unsigned char)*p)) p++;
	q = p;
	while (*q && !isspace((unsigned char)*q)) q++;
	z2 = q++;
	c2 = *z2;
	*z2 = '\0';
	while (*q && isspace((unsigned char)*q)) q++;

	/*
	 * Now `line' points at the method name; p points at the
	 * URL, if any; q points at the HTTP version, if any.
	 */

	/*
	 * There should _be_ a URL, on any request type at all.
	 */
	if (!*p) {
	    char *ret, *text;
	    /* Restore the request to the way we received it. */
	    *z2 = c2;
	    *z1 = c1;
	    text = dupfmt("<code>" PNAME "</code> received the HTTP request"
			  " \"<code>%h</code>\", which contains no URL.",
			  line);
	    ret = http_error("400", "Bad request", NULL, text);
	    sfree(text);
	    return ret;
	}

	ctx->method = line;
	ctx->url = p;

	/*
	 * If there was an HTTP version, we might need to see
	 * headers. Otherwise, the request is done.
	 */
	if (*q) {
	    ctx->state = READING_HEADERS;
	} else {
	    ctx->state = DONE;
	}
    }

    if (ctx->state == READING_HEADERS) {
	/*
	 * While we're receiving the HTTP request headers, all we
	 * do is to keep scanning to see if we find two newlines
	 * next to each other.
	 */
	q = ctx->data + ctx->datalen;
	for (p = ctx->headers; p < q; p++) {
	    if (*p == '\n' &&
		((p+1 < q && p[1] == '\n') ||
		 (p+2 < q && p[1] == '\r' && p[2] == '\n'))) {
		p[1] = '\0';
		ctx->state = DONE;
		break;
	    }
	}
    }

    if (ctx->state == DONE) {
	/*
	 * Now we have the entire HTTP request. Decide what to do
	 * with it.
	 */
	if (auth_string) {
	    /*
	     * Search the request headers for Authorization.
	     */
	    q = ctx->data + ctx->datalen;
	    for (p = ctx->headers; p < q; p++) {
		const char *hdr = "Authorization:";
		int i;
		for (i = 0; hdr[i]; i++) {
		    if (p >= q || tolower((unsigned char)*p) !=
			tolower((unsigned char)hdr[i]))
			break;
		    p++;
		}
		if (!hdr[i])
		    break;	       /* found our header */
		p = memchr(p, '\n', q - p);
		if (!p)
		    p = q;
	    }
	    if (p < q) {
		while (p < q && isspace((unsigned char)*p))
		    p++;
		r = p;
		while (p < q && !isspace((unsigned char)*p))
		    p++;
		if (p < q) {
		    *p++ = '\0';
		    if (!strcasecmp(r, "Basic")) {
			while (p < q && isspace((unsigned char)*p))
			    p++;
			r = p;
			while (p < q && !isspace((unsigned char)*p))
			    p++;
			if (p < q) {
			    *p++ = '\0';
			    if (!strcmp(r, auth_string))
				auth_correct = 1;
			}
		    }
		}
	    }
	}

	if (!magic_access && !auth_correct) {
	    if (auth_string) {
		ret = http_error("401", "Unauthorized",
				 "WWW-Authenticate: Basic realm=\""PNAME"\"\r\n",
				 "\nYou must authenticate to view these pages.");
	    } else {
		ret = http_error("403", "Forbidden", NULL,
				 "This is a restricted-access set of pages.");
	    }
	} else {
	    char *q;
	    p = ctx->url;
	    p += strspn(p, "/?");
	    index = strtoul(p, &q, 10);
	    if (*q) {
		ret = http_error("404", "Not Found", NULL,
				 "This is not a valid pathname index.");
	    } else {
		document = html_query(ctx->t, index, cfg, 1);
		if (document) {
		    ret = http_success("text/html", 1, document);
		    sfree(document);
		} else {
		    ret = http_error("404", "Not Found", NULL,
				     "Pathname index out of range.");
		}
	    }
	}
	return ret;
    } else
	return NULL;
}

/* --- Platform support for running a web server. --- */

enum { FD_CLIENT, FD_LISTENER, FD_CONNECTION };

struct fd {
    int fd;
    int type;
    int deleted;
    char *wdata;
    int wdatalen, wdatapos;
    int magic_access;
    struct connctx *cctx;
};

struct fd *fds = NULL;
int nfds = 0, fdsize = 0;

struct fd *new_fdstruct(int fd, int type)
{
    struct fd *ret;

    if (nfds >= fdsize) {
	fdsize = nfds * 3 / 2 + 32;
	fds = sresize(fds, fdsize, struct fd);
    }

    ret = &fds[nfds++];

    ret->fd = fd;
    ret->type = type;
    ret->wdata = NULL;
    ret->wdatalen = ret->wdatapos = 0;
    ret->cctx = NULL;
    ret->deleted = 0;
    ret->magic_access = 0;

    return ret;
}

int check_owning_uid(int fd, int flip)
{
    struct sockaddr_in sock, peer;
    socklen_t addrlen;
    char linebuf[4096], matchbuf[80];
    FILE *fp;

    addrlen = sizeof(sock);
    if (getsockname(fd, (struct sockaddr *)&sock, &addrlen)) {
	fprintf(stderr, "getsockname: %s\n", strerror(errno));
	exit(1);
    }
    addrlen = sizeof(peer);
    if (getpeername(fd, (struct sockaddr *)&peer, &addrlen)) {
	if (errno == ENOTCONN) {
	    peer.sin_addr.s_addr = htonl(0);
	    peer.sin_port = htons(0);
	} else {
	    fprintf(stderr, "getpeername: %s\n", strerror(errno));
	    exit(1);
	}
    }

    if (flip) {
	struct sockaddr_in tmp = sock;
	sock = peer;
	peer = tmp;
    }

    sprintf(matchbuf, "%08X:%04X %08X:%04X",
	    peer.sin_addr.s_addr, ntohs(peer.sin_port),
	    sock.sin_addr.s_addr, ntohs(sock.sin_port));
    fp = fopen("/proc/net/tcp", "r");
    if (fp) {
	while (fgets(linebuf, sizeof(linebuf), fp)) {
	    if (strlen(linebuf) >= 75 &&
		!strncmp(linebuf+6, matchbuf, strlen(matchbuf))) {
		fclose(fp);
		return atoi(linebuf + 75);
	    }
	}
	fclose(fp);
    }

    return -1;
}

void check_magic_access(struct fd *fd)
{
    if (check_owning_uid(fd->fd, 0) == getuid())
	fd->magic_access = 1;
}

static void base64_encode_atom(unsigned char *data, int n, char *out)
{
    static const char base64_chars[] =
	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

    unsigned word;

    word = data[0] << 16;
    if (n > 1)
	word |= data[1] << 8;
    if (n > 2)
	word |= data[2];
    out[0] = base64_chars[(word >> 18) & 0x3F];
    out[1] = base64_chars[(word >> 12) & 0x3F];
    if (n > 1)
	out[2] = base64_chars[(word >> 6) & 0x3F];
    else
	out[2] = '=';
    if (n > 2)
	out[3] = base64_chars[word & 0x3F];
    else
	out[3] = '=';
}

void run_httpd(const void *t, int authmask, const struct httpd_config *dcfg,
	       const struct html_config *incfg)
{
    int fd, ret;
    int authtype;
    char *authstring = NULL;
    struct sockaddr_in addr;
    socklen_t addrlen;
    struct html_config cfg = *incfg;

    cfg.format = "%.0lu";

    /*
     * Establish the listening socket and retrieve its port
     * number.
     */
    fd = socket(PF_INET, SOCK_STREAM, 0);
    if (fd < 0) {
	fprintf(stderr, "socket(PF_INET): %s\n", strerror(errno));
	exit(1);
    }
    memset(&addr, 0, sizeof(addr));
    addr.sin_family = AF_INET;
    if (!dcfg->address) {
#ifdef RANDOM_LOCALHOST
	unsigned long ipaddr;
	srand(0L);
	ipaddr = 0x7f000000;
	ipaddr += (1 + rand() % 255) << 16;
	ipaddr += (1 + rand() % 255) << 8;
	ipaddr += (1 + rand() % 255);
	addr.sin_addr.s_addr = htonl(ipaddr);
#else
	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
#endif
	addr.sin_port = htons(0);
    } else {
	addr.sin_addr.s_addr = inet_addr(dcfg->address);
	addr.sin_port = dcfg->port ? htons(dcfg->port) : 0;
    }
    addrlen = sizeof(addr);
    ret = bind(fd, (const struct sockaddr *)&addr, addrlen);
#ifdef RANDOM_LOCALHOST
    if (ret < 0 && errno == EADDRNOTAVAIL && !dcfg->address) {
	/*
	 * Some systems don't like us binding to random weird
	 * localhost-space addresses. Try again with the official
	 * INADDR_LOOPBACK.
	 */
	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
	addr.sin_port = htons(0);
	ret = bind(fd, (const struct sockaddr *)&addr, addrlen);
    }
#endif
    if (ret < 0) {
	fprintf(stderr, "bind: %s\n", strerror(errno));
	exit(1);
    }
    if (listen(fd, 5) < 0) {
	fprintf(stderr, "listen: %s\n", strerror(errno));
	exit(1);
    }
    addrlen = sizeof(addr);
    if (getsockname(fd, (struct sockaddr *)&addr, &addrlen)) {
	fprintf(stderr, "getsockname: %s\n", strerror(errno));
	exit(1);
    }
    if ((authmask & HTTPD_AUTH_MAGIC) &&
	(check_owning_uid(fd, 1) == getuid())) {
	authtype = HTTPD_AUTH_MAGIC;
	if (authmask != HTTPD_AUTH_MAGIC)
	    printf("Using Linux /proc/net magic authentication\n");
    } else if ((authmask & HTTPD_AUTH_BASIC)) {
	char username[128], password[128], userpassbuf[259];
	const char *userpass;
	const char *rname;
	unsigned char passbuf[10];
	int i, j, k, fd;

	authtype = HTTPD_AUTH_BASIC;

	if (authmask != HTTPD_AUTH_BASIC)
	    printf("Using HTTP Basic authentication\n");

	if (dcfg->basicauthdata) {
	    userpass = dcfg->basicauthdata;
	} else {
	    strcpy(username, PNAME);
	    rname = "/dev/urandom";
	    fd = open(rname, O_RDONLY);
	    if (fd < 0) {
		int err = errno;
		rname = "/dev/random";
		fd = open(rname, O_RDONLY);
		if (fd < 0) {
		    int err2 = errno;
		    fprintf(stderr, "/dev/urandom: open: %s\n", strerror(err));
		    fprintf(stderr, "/dev/random: open: %s\n", strerror(err2));
		    exit(1);
		}
	    }
	    for (i = 0; i < 10 ;) {
		j = read(fd, passbuf + i, 10 - i);
		if (j <= 0) {
		    fprintf(stderr, "%s: read: %s\n", rname,
			    j < 0 ? strerror(errno) : "unexpected EOF");
		    exit(1);
		}
		i += j;
	    }
	    close(fd);
	    for (i = 0; i < 16; i++) {
		/*
		 * 32 characters out of the 36 alphanumerics gives
		 * me the latitude to discard i,l,o for being too
		 * numeric-looking, and w because it has two too
		 * many syllables and one too many presidential
		 * associations.
		 */
		static const char chars[32] =
		    "0123456789abcdefghjkmnpqrstuvxyz";
		int v = 0;

		k = i / 8 * 5;
		for (j = 0; j < 5; j++)
		    v |= ((passbuf[k+j] >> (i%8)) & 1) << j;

		password[i] = chars[v];
	    }
	    password[i] = '\0';

	    sprintf(userpassbuf, "%s:%s", username, password);
	    userpass = userpassbuf;

	    printf("Username: %s\nPassword: %s\n", username, password);
	}

	k = strlen(userpass);
	authstring = snewn(k * 4 / 3 + 16, char);
	for (i = j = 0; i < k ;) {
	    int s = k-i < 3 ? k-i : 3;
	    base64_encode_atom((unsigned char *)(userpass+i), s, authstring+j);
	    i += s;
	    j += 4;
	}
	authstring[j] = '\0';
    } else if ((authmask & HTTPD_AUTH_NONE)) {
	authtype = HTTPD_AUTH_NONE;
	if (authmask != HTTPD_AUTH_NONE)
	    printf("Web server is unauthenticated\n");
    } else {
	fprintf(stderr, PNAME ": authentication method not supported\n");
	exit(1);
    }
    if (ntohs(addr.sin_addr.s_addr) == INADDR_ANY) {
	printf("Server port: %d\n", ntohs(addr.sin_port));
    } else if (ntohs(addr.sin_port) == 80) {
	printf("URL: http://%s/\n", inet_ntoa(addr.sin_addr));
    } else {
	printf("URL: http://%s:%d/\n",
	       inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
    }
    fflush(stdout);

    /*
     * Now construct an fd structure to hold it.
     */
    new_fdstruct(fd, FD_LISTENER);

    if (dcfg->closeoneof) {
        /*
         * Read from standard input, and treat EOF as a notification
         * to exit.
         */
       new_fdstruct(0, FD_CLIENT);
    }

    /*
     * Now we're ready to run our main loop. Keep looping round on
     * select.
     */
    while (1) {
	fd_set rfds, wfds;
	int i, j;
	SELECT_TYPE_ARG1 maxfd;
	int ret;

#define FD_SET_MAX(fd, set, max) \
        do { FD_SET((fd),(set)); (max) = ((max)<=(fd)?(fd)+1:(max)); } while(0)

	/*
	 * Loop round the fd list putting fds into our select
	 * sets. Also in this loop we remove any that were marked
	 * as deleted in the previous loop.
	 */
	FD_ZERO(&rfds);
	FD_ZERO(&wfds);
	maxfd = 0;
	for (i = j = 0; j < nfds; j++) {

	    if (fds[j].deleted) {
		sfree(fds[j].wdata);
		free_connection(fds[j].cctx);
		continue;
	    }
	    fds[i] = fds[j];

	    switch (fds[i].type) {
	      case FD_CLIENT:
		FD_SET_MAX(fds[i].fd, &rfds, maxfd);
		break;
	      case FD_LISTENER:
		FD_SET_MAX(fds[i].fd, &rfds, maxfd);
		break;
	      case FD_CONNECTION:
		/*
		 * Always read from a connection socket. Even
		 * after we've started writing, the peer might
		 * still be sending (e.g. because we shamefully
		 * jumped the gun before waiting for the end of
		 * the HTTP request) and so we should be prepared
		 * to read data and throw it away.
		 */
		FD_SET_MAX(fds[i].fd, &rfds, maxfd);
		/*
		 * Also attempt to write, if we have data to write.
		 */
		if (fds[i].wdatapos < fds[i].wdatalen)
		    FD_SET_MAX(fds[i].fd, &wfds, maxfd);
		break;
	    }

	    i++;
	}
	nfds = i;

        ret = select(maxfd, SELECT_TYPE_ARG234 &rfds,
		     SELECT_TYPE_ARG234 &wfds, SELECT_TYPE_ARG234 NULL,
		     SELECT_TYPE_ARG5 NULL);
	if (ret <= 0) {
	    if (ret < 0 && (errno != EINTR)) {
		fprintf(stderr, "select: %s", strerror(errno));
		exit(1);
	    }
	    continue;
	}

	for (i = 0; i < nfds; i++) {
	    switch (fds[i].type) {
	      case FD_CLIENT:
		if (FD_ISSET(fds[i].fd, &rfds)) {
		    char buf[4096];
		    int ret = read(fds[i].fd, buf, sizeof(buf));
		    if (ret <= 0) {
			if (ret < 0) {
			    fprintf(stderr, "standard input: read: %s\n",
				    strerror(errno));
			    exit(1);
			}
			return;
		    }
		}
		break;
	      case FD_LISTENER:
		if (FD_ISSET(fds[i].fd, &rfds)) {
		    /*
		     * New connection has come in. Accept it.
		     */
		    struct fd *f;
		    struct sockaddr_in addr;
		    socklen_t addrlen = sizeof(addr);
		    int newfd = accept(fds[i].fd, (struct sockaddr *)&addr,
				       &addrlen);
		    if (newfd < 0)
			break;	       /* not sure what happened there */

		    f = new_fdstruct(newfd, FD_CONNECTION);
		    f->cctx = new_connection(t);
		    if (authtype == HTTPD_AUTH_MAGIC)
			check_magic_access(f);
		}
		break;
	      case FD_CONNECTION:
		if (FD_ISSET(fds[i].fd, &rfds)) {
		    /*
		     * There's data to be read.
		     */
		    char readbuf[4096];
		    int ret;

		    ret = read(fds[i].fd, readbuf, sizeof(readbuf));
		    if (ret <= 0) {
			/*
			 * This shouldn't happen in a sensible
			 * HTTP connection, so we abandon the
			 * connection if it does.
			 */
			close(fds[i].fd);
			fds[i].deleted = 1;
			break;
		    } else {
			if (!fds[i].wdata) {
			    /*
			     * If we haven't got an HTTP response
			     * yet, keep processing data in the
			     * hope of acquiring one.
			     */
			    fds[i].wdata = got_data
				(fds[i].cctx, readbuf, ret,
				 (authtype == HTTPD_AUTH_NONE ||
				  fds[i].magic_access), authstring, &cfg);
			    if (fds[i].wdata) {
				fds[i].wdatalen = strlen(fds[i].wdata);
				fds[i].wdatapos = 0;
			    }
			} else {
			    /*
			     * Otherwise, just drop our read data
			     * on the floor.
			     */
			}
		    }
		}
		if (FD_ISSET(fds[i].fd, &wfds) &&
		    fds[i].wdatapos < fds[i].wdatalen) {
		    /*
		     * The socket is writable, and we have data to
		     * write. Write it.
		     */
		    int ret = write(fds[i].fd, fds[i].wdata + fds[i].wdatapos,
				    fds[i].wdatalen - fds[i].wdatapos);
		    if (ret <= 0) {
			/*
			 * Shouldn't happen; abandon the connection.
			 */
			close(fds[i].fd);
			fds[i].deleted = 1;
			break;
		    } else {
			fds[i].wdatapos += ret;
			if (fds[i].wdatapos == fds[i].wdatalen) {
			    shutdown(fds[i].fd, SHUT_WR);
			}
		    }
		}
		break;
	    }
	}

    }
}
Commit	Line	Data
70322ae3	1	/*
	2	* httpd.c: implementation of httpd.h.
	3	*/
	4
bf53e756	5	#include "agedu.h"
995db599	6	#include "alloc.h"
70322ae3	7	#include "html.h"
812e4bf2	8	#include "httpd.h"
70322ae3	9
	10	/* --- Logic driving what the web server's responses are. --- */
	11
812e4bf2	12	enum { /* connctx states */
	13	READING_REQ_LINE,
	14	READING_HEADERS,
	15	DONE
	16	};
	17
70322ae3	18	struct connctx {
	19	const void *t;
	20	char *data;
	21	int datalen, datasize;
812e4bf2	22	char method, url, headers, auth;
812e4bf2	23	int state;
70322ae3	24	};
	25
	26	/*
	27	* Called when a new connection arrives on a listening socket.
	28	* Returns a connctx for the new connection.
	29	*/
	30	struct connctx new_connection(const void t)
	31	{
	32	struct connctx *cctx = snew(struct connctx);
	33	cctx->t = t;
	34	cctx->data = NULL;
	35	cctx->datalen = cctx->datasize = 0;
812e4bf2	36	cctx->state = READING_REQ_LINE;
812e4bf2	37	cctx->method = cctx->url = cctx->headers = cctx->auth = NULL;
70322ae3	38	return cctx;
	39	}
	40
	41	void free_connection(struct connctx *cctx)
	42	{
	43	sfree(cctx->data);
	44	sfree(cctx);
	45	}
	46
812e4bf2	47	static char http_error(char code, char errmsg, char extraheader,
812e4bf2	48	char *errtext, ...)
70322ae3	49	{
	50	return dupfmt("HTTP/1.1 %s %s\r\n"
	51	"Date: %D\r\n"
bf53e756	52	"Server: " PNAME "\r\n"
70322ae3	53	"Connection: close\r\n"
812e4bf2	54	"%s"
70322ae3	55	"Content-Type: text/html; charset=US-ASCII\r\n"
	56	"\r\n"
	57	"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n"
	58	"<HTML><HEAD>\r\n"
	59	"<TITLE>%s %s</TITLE>\r\n"
	60	"</HEAD><BODY>\r\n"
	61	"<H1>%s %s</H1>\r\n"
	62	"<P>%s</P>\r\n"
	63	"</BODY></HTML>\r\n", code, errmsg,
812e4bf2	64	extraheader ? extraheader : "",
70322ae3	65	code, errmsg, code, errmsg, errtext);
	66	}
	67
	68	static char http_success(char mimetype, int stuff_cr, char *document)
	69	{
	70	return dupfmt("HTTP/1.1 200 OK\r\n"
	71	"Date: %D\r\n"
	72	"Expires: %D\r\n"
bf53e756	73	"Server: " PNAME "\r\n"
70322ae3	74	"Connection: close\r\n"
	75	"Content-Type: %s\r\n"
	76	"\r\n"
	77	"%S", mimetype, stuff_cr, document);
	78	}
	79
	80	/*
	81	* Called when data comes in on a connection.
	82	*
	83	* If this function returns NULL, the platform code continues
	84	* reading from the socket. Otherwise, it returns some dynamically
	85	* allocated data which the platform code will then write to the
	86	* socket before closing it.
	87	*/
812e4bf2	88	char got_data(struct connctx ctx, char *data, int length,
f2e52893	89	int magic_access, const char *auth_string,
f2e52893	90	const struct html_config *cfg)
70322ae3	91	{
812e4bf2	92	char line, p, q, r, z1, z2, c1, c2;
a8d1009f	93	int auth_correct = 0;
70322ae3	94	unsigned long index;
	95	char document, ret;
	96
812e4bf2	97	/*
	98	* Add the data we've just received to our buffer.
	99	*/
70322ae3	100	if (ctx->datasize < ctx->datalen + length) {
	101	ctx->datasize = (ctx->datalen + length) * 3 / 2 + 4096;
	102	ctx->data = sresize(ctx->data, ctx->datasize, char);
	103	}
	104	memcpy(ctx->data + ctx->datalen, data, length);
	105	ctx->datalen += length;
	106
	107	/*
812e4bf2	108	* Gradually process the HTTP request as we receive it.
70322ae3	109	*/
812e4bf2	110	if (ctx->state == READING_REQ_LINE) {
	111	/*
	112	* We're waiting for the first line of the input, which
	113	* contains the main HTTP request. See if we've got it
	114	* yet.
	115	*/
70322ae3	116
812e4bf2	117	line = ctx->data;
	118	/*
	119	* RFC 2616 section 4.1: `In the interest of robustness,
	120	* [...] if the server is reading the protocol stream at
	121	* the beginning of a message and receives a CRLF first,
	122	* it should ignore the CRLF.'
	123	*/
	124	while (line - ctx->data < ctx->datalen &&
	125	(line == '\r' \|\| line == '\n'))
	126	line++;
	127	q = line;
	128	while (q - ctx->data < ctx->datalen && *q != '\n')
	129	q++;
	130	if (q - ctx->data >= ctx->datalen)
	131	return NULL; /* not got request line yet */
70322ae3	132
812e4bf2	133	/*
	134	* We've got the first line of the request. Zero-terminate
	135	* and parse it into method, URL and optional HTTP
	136	* version.
	137	*/
	138	*q = '\0';
	139	ctx->headers = q+1;
	140	if (q > line && q[-1] == '\r')
	141	*--q = '\0';
	142	z1 = z2 = q;
	143	c1 = c2 = *q;
	144	p = line;
	145	while (p && !isspace((unsigned char)p)) p++;
	146	if (*p) {
	147	z1 = p++;
	148	c1 = *z1;
	149	*z1 = '\0';
	150	}
	151	while (p && isspace((unsigned char)p)) p++;
	152	q = p;
	153	while (q && !isspace((unsigned char)q)) q++;
	154	z2 = q++;
	155	c2 = *z2;
	156	*z2 = '\0';
	157	while (q && isspace((unsigned char)q)) q++;
	158
	159	/*
	160	* Now `line' points at the method name; p points at the
	161	* URL, if any; q points at the HTTP version, if any.
	162	*/
	163
	164	/*
	165	* There should _be_ a URL, on any request type at all.
	166	*/
	167	if (!*p) {
	168	char ret, text;
	169	/* Restore the request to the way we received it. */
	170	*z2 = c2;
	171	*z1 = c1;
bf53e756	172	text = dupfmt("<code>" PNAME "</code> received the HTTP request"
812e4bf2	173	" \"<code>%h</code>\", which contains no URL.",
	174	line);
	175	ret = http_error("400", "Bad request", NULL, text);
	176	sfree(text);
	177	return ret;
	178	}
	179
	180	ctx->method = line;
	181	ctx->url = p;
	182
	183	/*
	184	* If there was an HTTP version, we might need to see
	185	* headers. Otherwise, the request is done.
	186	*/
	187	if (*q) {
	188	ctx->state = READING_HEADERS;
	189	} else {
	190	ctx->state = DONE;
	191	}
70322ae3	192	}
70322ae3	193
812e4bf2	194	if (ctx->state == READING_HEADERS) {
	195	/*
	196	* While we're receiving the HTTP request headers, all we
	197	* do is to keep scanning to see if we find two newlines
	198	* next to each other.
	199	*/
	200	q = ctx->data + ctx->datalen;
	201	for (p = ctx->headers; p < q; p++) {
	202	if (*p == '\n' &&
	203	((p+1 < q && p[1] == '\n') \|\|
	204	(p+2 < q && p[1] == '\r' && p[2] == '\n'))) {
	205	p[1] = '\0';
	206	ctx->state = DONE;
	207	break;
	208	}
	209	}
70322ae3	210	}
70322ae3	211
812e4bf2	212	if (ctx->state == DONE) {
	213	/*
	214	* Now we have the entire HTTP request. Decide what to do
	215	* with it.
	216	*/
	217	if (auth_string) {
	218	/*
	219	* Search the request headers for Authorization.
	220	*/
	221	q = ctx->data + ctx->datalen;
	222	for (p = ctx->headers; p < q; p++) {
	223	const char *hdr = "Authorization:";
	224	int i;
	225	for (i = 0; hdr[i]; i++) {
	226	if (p >= q \|\| tolower((unsigned char)*p) !=
	227	tolower((unsigned char)hdr[i]))
	228	break;
	229	p++;
	230	}
	231	if (!hdr[i])
	232	break; /* found our header */
	233	p = memchr(p, '\n', q - p);
	234	if (!p)
	235	p = q;
	236	}
	237	if (p < q) {
812e4bf2	238	while (p < q && isspace((unsigned char)*p))
	239	p++;
	240	r = p;
	241	while (p < q && !isspace((unsigned char)*p))
	242	p++;
	243	if (p < q) {
	244	*p++ = '\0';
	245	if (!strcasecmp(r, "Basic")) {
	246	while (p < q && isspace((unsigned char)*p))
	247	p++;
	248	r = p;
	249	while (p < q && !isspace((unsigned char)*p))
	250	p++;
	251	if (p < q) {
	252	*p++ = '\0';
	253	if (!strcmp(r, auth_string))
	254	auth_correct = 1;
	255	}
	256	}
	257	}
	258	}
	259	}
	260
	261	if (!magic_access && !auth_correct) {
5a830bf8	262	if (auth_string) {
812e4bf2	263	ret = http_error("401", "Unauthorized",
72bd16db	264	"WWW-Authenticate: Basic realm=\""PNAME"\"\r\n",
5a830bf8	265	"\nYou must authenticate to view these pages.");
812e4bf2	266	} else {
	267	ret = http_error("403", "Forbidden", NULL,
	268	"This is a restricted-access set of pages.");
	269	}
70322ae3	270	} else {
14601b5d	271	char *q;
812e4bf2	272	p = ctx->url;
812e4bf2	273	p += strspn(p, "/?");
14601b5d	274	index = strtoul(p, &q, 10);
14601b5d	275	if (*q) {
812e4bf2	276	ret = http_error("404", "Not Found", NULL,
14601b5d	277	"This is not a valid pathname index.");
14601b5d	278	} else {
00c5e40c	279	document = html_query(ctx->t, index, cfg, 1);
14601b5d	280	if (document) {
	281	ret = http_success("text/html", 1, document);
	282	sfree(document);
	283	} else {
	284	ret = http_error("404", "Not Found", NULL,
	285	"Pathname index out of range.");
	286	}
812e4bf2	287	}
70322ae3	288	}
812e4bf2	289	return ret;
	290	} else
	291	return NULL;
70322ae3	292	}
	293
	294	/* --- Platform support for running a web server. --- */
	295
	296	enum { FD_CLIENT, FD_LISTENER, FD_CONNECTION };
	297
	298	struct fd {
	299	int fd;
	300	int type;
	301	int deleted;
	302	char *wdata;
	303	int wdatalen, wdatapos;
	304	int magic_access;
	305	struct connctx *cctx;
	306	};
	307
	308	struct fd *fds = NULL;
	309	int nfds = 0, fdsize = 0;
	310
	311	struct fd *new_fdstruct(int fd, int type)
	312	{
	313	struct fd *ret;
	314
	315	if (nfds >= fdsize) {
	316	fdsize = nfds * 3 / 2 + 32;
	317	fds = sresize(fds, fdsize, struct fd);
	318	}
	319
	320	ret = &fds[nfds++];
	321
	322	ret->fd = fd;
	323	ret->type = type;
	324	ret->wdata = NULL;
	325	ret->wdatalen = ret->wdatapos = 0;
	326	ret->cctx = NULL;
	327	ret->deleted = 0;
	328	ret->magic_access = 0;
	329
	330	return ret;
	331	}
	332
812e4bf2	333	int check_owning_uid(int fd, int flip)
70322ae3	334	{
	335	struct sockaddr_in sock, peer;
	336	socklen_t addrlen;
	337	char linebuf[4096], matchbuf[80];
	338	FILE *fp;
	339
	340	addrlen = sizeof(sock);
812e4bf2	341	if (getsockname(fd, (struct sockaddr *)&sock, &addrlen)) {
70322ae3	342	fprintf(stderr, "getsockname: %s\n", strerror(errno));
	343	exit(1);
	344	}
	345	addrlen = sizeof(peer);
812e4bf2	346	if (getpeername(fd, (struct sockaddr *)&peer, &addrlen)) {
	347	if (errno == ENOTCONN) {
	348	peer.sin_addr.s_addr = htonl(0);
	349	peer.sin_port = htons(0);
	350	} else {
	351	fprintf(stderr, "getpeername: %s\n", strerror(errno));
	352	exit(1);
	353	}
	354	}
	355
	356	if (flip) {
	357	struct sockaddr_in tmp = sock;
	358	sock = peer;
	359	peer = tmp;
70322ae3	360	}
	361
	362	sprintf(matchbuf, "%08X:%04X %08X:%04X",
	363	peer.sin_addr.s_addr, ntohs(peer.sin_port),
	364	sock.sin_addr.s_addr, ntohs(sock.sin_port));
	365	fp = fopen("/proc/net/tcp", "r");
	366	if (fp) {
	367	while (fgets(linebuf, sizeof(linebuf), fp)) {
	368	if (strlen(linebuf) >= 75 &&
	369	!strncmp(linebuf+6, matchbuf, strlen(matchbuf))) {
14601b5d	370	fclose(fp);
812e4bf2	371	return atoi(linebuf + 75);
70322ae3	372	}
70322ae3	373	}
14601b5d	374	fclose(fp);
70322ae3	375	}
812e4bf2	376
	377	return -1;
	378	}
	379
	380	void check_magic_access(struct fd *fd)
	381	{
	382	if (check_owning_uid(fd->fd, 0) == getuid())
	383	fd->magic_access = 1;
70322ae3	384	}
70322ae3	385
812e4bf2	386	static void base64_encode_atom(unsigned char data, int n, char out)
	387	{
	388	static const char base64_chars[] =
	389	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
	390
	391	unsigned word;
	392
	393	word = data[0] << 16;
	394	if (n > 1)
	395	word \|= data[1] << 8;
	396	if (n > 2)
	397	word \|= data[2];
	398	out[0] = base64_chars[(word >> 18) & 0x3F];
	399	out[1] = base64_chars[(word >> 12) & 0x3F];
	400	if (n > 1)
	401	out[2] = base64_chars[(word >> 6) & 0x3F];
	402	else
	403	out[2] = '=';
	404	if (n > 2)
	405	out[3] = base64_chars[word & 0x3F];
	406	else
	407	out[3] = '=';
	408	}
	409
1e8d78b9	410	void run_httpd(const void t, int authmask, const struct httpd_config dcfg,
1e8d78b9	411	const struct html_config *incfg)
70322ae3	412	{
15e73840	413	int fd, ret;
812e4bf2	414	int authtype;
1e8d78b9	415	char *authstring = NULL;
70322ae3	416	struct sockaddr_in addr;
70322ae3	417	socklen_t addrlen;
f2e52893	418	struct html_config cfg = *incfg;
f2e52893	419
cfe942fb	420	cfg.format = "%.0lu";
70322ae3	421
	422	/*
	423	* Establish the listening socket and retrieve its port
	424	* number.
	425	*/
	426	fd = socket(PF_INET, SOCK_STREAM, 0);
	427	if (fd < 0) {
	428	fprintf(stderr, "socket(PF_INET): %s\n", strerror(errno));
	429	exit(1);
	430	}
9827dd71	431	memset(&addr, 0, sizeof(addr));
70322ae3	432	addr.sin_family = AF_INET;
1e8d78b9	433	if (!dcfg->address) {
14557c01	434	#ifdef RANDOM_LOCALHOST
14557c01	435	unsigned long ipaddr;
1e8d78b9	436	srand(0L);
	437	ipaddr = 0x7f000000;
	438	ipaddr += (1 + rand() % 255) << 16;
	439	ipaddr += (1 + rand() % 255) << 8;
	440	ipaddr += (1 + rand() % 255);
	441	addr.sin_addr.s_addr = htonl(ipaddr);
14557c01	442	#else
	443	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
	444	#endif
1e8d78b9	445	addr.sin_port = htons(0);
	446	} else {
	447	addr.sin_addr.s_addr = inet_addr(dcfg->address);
15e73840	448	addr.sin_port = dcfg->port ? htons(dcfg->port) : 0;
1e8d78b9	449	}
70322ae3	450	addrlen = sizeof(addr);
15e73840	451	ret = bind(fd, (const struct sockaddr *)&addr, addrlen);
14557c01	452	#ifdef RANDOM_LOCALHOST
15e73840	453	if (ret < 0 && errno == EADDRNOTAVAIL && !dcfg->address) {
	454	/*
	455	* Some systems don't like us binding to random weird
	456	* localhost-space addresses. Try again with the official
	457	* INADDR_LOOPBACK.
	458	*/
	459	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
	460	addr.sin_port = htons(0);
	461	ret = bind(fd, (const struct sockaddr *)&addr, addrlen);
	462	}
14557c01	463	#endif
15e73840	464	if (ret < 0) {
70322ae3	465	fprintf(stderr, "bind: %s\n", strerror(errno));
	466	exit(1);
	467	}
	468	if (listen(fd, 5) < 0) {
	469	fprintf(stderr, "listen: %s\n", strerror(errno));
	470	exit(1);
	471	}
	472	addrlen = sizeof(addr);
	473	if (getsockname(fd, (struct sockaddr *)&addr, &addrlen)) {
	474	fprintf(stderr, "getsockname: %s\n", strerror(errno));
	475	exit(1);
	476	}
812e4bf2	477	if ((authmask & HTTPD_AUTH_MAGIC) &&
	478	(check_owning_uid(fd, 1) == getuid())) {
	479	authtype = HTTPD_AUTH_MAGIC;
1e8d78b9	480	if (authmask != HTTPD_AUTH_MAGIC)
1e8d78b9	481	printf("Using Linux /proc/net magic authentication\n");
812e4bf2	482	} else if ((authmask & HTTPD_AUTH_BASIC)) {
1e8d78b9	483	char username[128], password[128], userpassbuf[259];
1e8d78b9	484	const char *userpass;
812e4bf2	485	const char *rname;
	486	unsigned char passbuf[10];
	487	int i, j, k, fd;
	488
	489	authtype = HTTPD_AUTH_BASIC;
	490
1e8d78b9	491	if (authmask != HTTPD_AUTH_BASIC)
	492	printf("Using HTTP Basic authentication\n");
	493
	494	if (dcfg->basicauthdata) {
	495	userpass = dcfg->basicauthdata;
	496	} else {
bf53e756	497	strcpy(username, PNAME);
1e8d78b9	498	rname = "/dev/urandom";
812e4bf2	499	fd = open(rname, O_RDONLY);
812e4bf2	500	if (fd < 0) {
1e8d78b9	501	int err = errno;
	502	rname = "/dev/random";
	503	fd = open(rname, O_RDONLY);
	504	if (fd < 0) {
	505	int err2 = errno;
	506	fprintf(stderr, "/dev/urandom: open: %s\n", strerror(err));
	507	fprintf(stderr, "/dev/random: open: %s\n", strerror(err2));
	508	exit(1);
	509	}
812e4bf2	510	}
1e8d78b9	511	for (i = 0; i < 10 ;) {
	512	j = read(fd, passbuf + i, 10 - i);
	513	if (j <= 0) {
	514	fprintf(stderr, "%s: read: %s\n", rname,
	515	j < 0 ? strerror(errno) : "unexpected EOF");
	516	exit(1);
	517	}
	518	i += j;
812e4bf2	519	}
1e8d78b9	520	close(fd);
	521	for (i = 0; i < 16; i++) {
	522	/*
	523	* 32 characters out of the 36 alphanumerics gives
	524	* me the latitude to discard i,l,o for being too
	525	* numeric-looking, and w because it has two too
	526	* many syllables and one too many presidential
	527	* associations.
	528	*/
	529	static const char chars[32] =
	530	"0123456789abcdefghjkmnpqrstuvxyz";
	531	int v = 0;
	532
	533	k = i / 8 * 5;
	534	for (j = 0; j < 5; j++)
	535	v \|= ((passbuf[k+j] >> (i%8)) & 1) << j;
	536
	537	password[i] = chars[v];
	538	}
	539	password[i] = '\0';
	540
	541	sprintf(userpassbuf, "%s:%s", username, password);
	542	userpass = userpassbuf;
812e4bf2	543
1e8d78b9	544	printf("Username: %s\nPassword: %s\n", username, password);
1e8d78b9	545	}
812e4bf2	546
1e8d78b9	547	k = strlen(userpass);
1e8d78b9	548	authstring = snewn(k * 4 / 3 + 16, char);
812e4bf2	549	for (i = j = 0; i < k ;) {
812e4bf2	550	int s = k-i < 3 ? k-i : 3;
1e8d78b9	551	base64_encode_atom((unsigned char *)(userpass+i), s, authstring+j);
812e4bf2	552	i += s;
	553	j += 4;
	554	}
1e8d78b9	555	authstring[j] = '\0';
1e8d78b9	556	} else if ((authmask & HTTPD_AUTH_NONE)) {
812e4bf2	557	authtype = HTTPD_AUTH_NONE;
1e8d78b9	558	if (authmask != HTTPD_AUTH_NONE)
	559	printf("Web server is unauthenticated\n");
	560	} else {
bf53e756	561	fprintf(stderr, PNAME ": authentication method not supported\n");
1e8d78b9	562	exit(1);
1e8d78b9	563	}
15e73840	564	if (ntohs(addr.sin_addr.s_addr) == INADDR_ANY) {
	565	printf("Server port: %d\n", ntohs(addr.sin_port));
	566	} else if (ntohs(addr.sin_port) == 80) {
	567	printf("URL: http://%s/\n", inet_ntoa(addr.sin_addr));
	568	} else {
	569	printf("URL: http://%s:%d/\n",
	570	inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
812e4bf2	571	}
a8a4d6d8	572	fflush(stdout);
70322ae3	573
	574	/*
	575	* Now construct an fd structure to hold it.
	576	*/
a8d1009f	577	new_fdstruct(fd, FD_LISTENER);
70322ae3	578
a8a4d6d8	579	if (dcfg->closeoneof) {
	580	/*
	581	* Read from standard input, and treat EOF as a notification
	582	* to exit.
	583	*/
	584	new_fdstruct(0, FD_CLIENT);
	585	}
70322ae3	586
	587	/*
	588	* Now we're ready to run our main loop. Keep looping round on
	589	* select.
	590	*/
	591	while (1) {
	592	fd_set rfds, wfds;
50e82fdc	593	int i, j;
	594	SELECT_TYPE_ARG1 maxfd;
	595	int ret;
70322ae3	596
	597	#define FD_SET_MAX(fd, set, max) \
	598	do { FD_SET((fd),(set)); (max) = ((max)<=(fd)?(fd)+1:(max)); } while(0)
	599
	600	/*
	601	* Loop round the fd list putting fds into our select
	602	* sets. Also in this loop we remove any that were marked
	603	* as deleted in the previous loop.
	604	*/
	605	FD_ZERO(&rfds);
	606	FD_ZERO(&wfds);
	607	maxfd = 0;
	608	for (i = j = 0; j < nfds; j++) {
	609
	610	if (fds[j].deleted) {
	611	sfree(fds[j].wdata);
	612	free_connection(fds[j].cctx);
	613	continue;
	614	}
	615	fds[i] = fds[j];
	616
	617	switch (fds[i].type) {
	618	case FD_CLIENT:
15e73840	619	FD_SET_MAX(fds[i].fd, &rfds, maxfd);
15e73840	620	break;
70322ae3	621	case FD_LISTENER:
	622	FD_SET_MAX(fds[i].fd, &rfds, maxfd);
	623	break;
	624	case FD_CONNECTION:
	625	/*
	626	* Always read from a connection socket. Even
	627	* after we've started writing, the peer might
	628	* still be sending (e.g. because we shamefully
	629	* jumped the gun before waiting for the end of
	630	* the HTTP request) and so we should be prepared
	631	* to read data and throw it away.
	632	*/
	633	FD_SET_MAX(fds[i].fd, &rfds, maxfd);
	634	/*
	635	* Also attempt to write, if we have data to write.
	636	*/
	637	if (fds[i].wdatapos < fds[i].wdatalen)
	638	FD_SET_MAX(fds[i].fd, &wfds, maxfd);
	639	break;
	640	}
	641
	642	i++;
	643	}
	644	nfds = i;
	645
50e82fdc	646	ret = select(maxfd, SELECT_TYPE_ARG234 &rfds,
	647	SELECT_TYPE_ARG234 &wfds, SELECT_TYPE_ARG234 NULL,
	648	SELECT_TYPE_ARG5 NULL);
70322ae3	649	if (ret <= 0) {
	650	if (ret < 0 && (errno != EINTR)) {
	651	fprintf(stderr, "select: %s", strerror(errno));
	652	exit(1);
	653	}
	654	continue;
	655	}
	656
	657	for (i = 0; i < nfds; i++) {
	658	switch (fds[i].type) {
	659	case FD_CLIENT:
	660	if (FD_ISSET(fds[i].fd, &rfds)) {
	661	char buf[4096];
	662	int ret = read(fds[i].fd, buf, sizeof(buf));
	663	if (ret <= 0) {
	664	if (ret < 0) {
	665	fprintf(stderr, "standard input: read: %s\n",
	666	strerror(errno));
	667	exit(1);
	668	}
	669	return;
	670	}
	671	}
	672	break;
	673	case FD_LISTENER:
	674	if (FD_ISSET(fds[i].fd, &rfds)) {
	675	/*
	676	* New connection has come in. Accept it.
	677	*/
	678	struct fd *f;
	679	struct sockaddr_in addr;
	680	socklen_t addrlen = sizeof(addr);
	681	int newfd = accept(fds[i].fd, (struct sockaddr *)&addr,
	682	&addrlen);
	683	if (newfd < 0)
	684	break; /* not sure what happened there */
	685
	686	f = new_fdstruct(newfd, FD_CONNECTION);
	687	f->cctx = new_connection(t);
812e4bf2	688	if (authtype == HTTPD_AUTH_MAGIC)
812e4bf2	689	check_magic_access(f);
70322ae3	690	}
	691	break;
	692	case FD_CONNECTION:
	693	if (FD_ISSET(fds[i].fd, &rfds)) {
	694	/*
	695	* There's data to be read.
	696	*/
	697	char readbuf[4096];
	698	int ret;
	699
	700	ret = read(fds[i].fd, readbuf, sizeof(readbuf));
	701	if (ret <= 0) {
	702	/*
	703	* This shouldn't happen in a sensible
	704	* HTTP connection, so we abandon the
	705	* connection if it does.
	706	*/
	707	close(fds[i].fd);
	708	fds[i].deleted = 1;
	709	break;
	710	} else {
	711	if (!fds[i].wdata) {
	712	/*
	713	* If we haven't got an HTTP response
	714	* yet, keep processing data in the
	715	* hope of acquiring one.
	716	*/
812e4bf2	717	fds[i].wdata = got_data
	718	(fds[i].cctx, readbuf, ret,
	719	(authtype == HTTPD_AUTH_NONE \|\|
f2e52893	720	fds[i].magic_access), authstring, &cfg);
70322ae3	721	if (fds[i].wdata) {
	722	fds[i].wdatalen = strlen(fds[i].wdata);
	723	fds[i].wdatapos = 0;
	724	}
	725	} else {
	726	/*
	727	* Otherwise, just drop our read data
	728	* on the floor.
	729	*/
	730	}
	731	}
	732	}
	733	if (FD_ISSET(fds[i].fd, &wfds) &&
	734	fds[i].wdatapos < fds[i].wdatalen) {
	735	/*
	736	* The socket is writable, and we have data to
	737	* write. Write it.
	738	*/
	739	int ret = write(fds[i].fd, fds[i].wdata + fds[i].wdatapos,
	740	fds[i].wdatalen - fds[i].wdatapos);
	741	if (ret <= 0) {
	742	/*
	743	* Shouldn't happen; abandon the connection.
	744	*/
	745	close(fds[i].fd);
	746	fds[i].deleted = 1;
	747	break;
	748	} else {
	749	fds[i].wdatapos += ret;
	750	if (fds[i].wdatapos == fds[i].wdatalen) {
	751	shutdown(fds[i].fd, SHUT_WR);
	752	}
	753	}
	754	}
	755	break;
	756	}
	757	}
	758
	759	}
	760	}