70322ae3 |
1 | /* |
2 | * httpd.c: implementation of httpd.h. |
3 | */ |
4 | |
bf53e756 |
5 | #include "agedu.h" |
995db599 |
6 | #include "alloc.h" |
70322ae3 |
7 | #include "html.h" |
812e4bf2 |
8 | #include "httpd.h" |
70322ae3 |
9 | |
10 | /* --- Logic driving what the web server's responses are. --- */ |
11 | |
812e4bf2 |
12 | enum { /* connctx states */ |
13 | READING_REQ_LINE, |
14 | READING_HEADERS, |
15 | DONE |
16 | }; |
17 | |
70322ae3 |
18 | struct connctx { |
19 | const void *t; |
20 | char *data; |
21 | int datalen, datasize; |
812e4bf2 |
22 | char *method, *url, *headers, *auth; |
23 | int state; |
70322ae3 |
24 | }; |
25 | |
26 | /* |
27 | * Called when a new connection arrives on a listening socket. |
28 | * Returns a connctx for the new connection. |
29 | */ |
30 | struct connctx *new_connection(const void *t) |
31 | { |
32 | struct connctx *cctx = snew(struct connctx); |
33 | cctx->t = t; |
34 | cctx->data = NULL; |
35 | cctx->datalen = cctx->datasize = 0; |
812e4bf2 |
36 | cctx->state = READING_REQ_LINE; |
37 | cctx->method = cctx->url = cctx->headers = cctx->auth = NULL; |
70322ae3 |
38 | return cctx; |
39 | } |
40 | |
41 | void free_connection(struct connctx *cctx) |
42 | { |
43 | sfree(cctx->data); |
44 | sfree(cctx); |
45 | } |
46 | |
812e4bf2 |
47 | static char *http_error(char *code, char *errmsg, char *extraheader, |
48 | char *errtext, ...) |
70322ae3 |
49 | { |
50 | return dupfmt("HTTP/1.1 %s %s\r\n" |
51 | "Date: %D\r\n" |
bf53e756 |
52 | "Server: " PNAME "\r\n" |
70322ae3 |
53 | "Connection: close\r\n" |
812e4bf2 |
54 | "%s" |
70322ae3 |
55 | "Content-Type: text/html; charset=US-ASCII\r\n" |
56 | "\r\n" |
57 | "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n" |
58 | "<HTML><HEAD>\r\n" |
59 | "<TITLE>%s %s</TITLE>\r\n" |
60 | "</HEAD><BODY>\r\n" |
61 | "<H1>%s %s</H1>\r\n" |
62 | "<P>%s</P>\r\n" |
63 | "</BODY></HTML>\r\n", code, errmsg, |
812e4bf2 |
64 | extraheader ? extraheader : "", |
70322ae3 |
65 | code, errmsg, code, errmsg, errtext); |
66 | } |
67 | |
68 | static char *http_success(char *mimetype, int stuff_cr, char *document) |
69 | { |
70 | return dupfmt("HTTP/1.1 200 OK\r\n" |
71 | "Date: %D\r\n" |
72 | "Expires: %D\r\n" |
bf53e756 |
73 | "Server: " PNAME "\r\n" |
70322ae3 |
74 | "Connection: close\r\n" |
75 | "Content-Type: %s\r\n" |
76 | "\r\n" |
77 | "%S", mimetype, stuff_cr, document); |
78 | } |
79 | |
80 | /* |
81 | * Called when data comes in on a connection. |
82 | * |
83 | * If this function returns NULL, the platform code continues |
84 | * reading from the socket. Otherwise, it returns some dynamically |
85 | * allocated data which the platform code will then write to the |
86 | * socket before closing it. |
87 | */ |
812e4bf2 |
88 | char *got_data(struct connctx *ctx, char *data, int length, |
f2e52893 |
89 | int magic_access, const char *auth_string, |
90 | const struct html_config *cfg) |
70322ae3 |
91 | { |
812e4bf2 |
92 | char *line, *p, *q, *r, *z1, *z2, c1, c2; |
a8d1009f |
93 | int auth_correct = 0; |
70322ae3 |
94 | unsigned long index; |
95 | char *document, *ret; |
96 | |
812e4bf2 |
97 | /* |
98 | * Add the data we've just received to our buffer. |
99 | */ |
70322ae3 |
100 | if (ctx->datasize < ctx->datalen + length) { |
101 | ctx->datasize = (ctx->datalen + length) * 3 / 2 + 4096; |
102 | ctx->data = sresize(ctx->data, ctx->datasize, char); |
103 | } |
104 | memcpy(ctx->data + ctx->datalen, data, length); |
105 | ctx->datalen += length; |
106 | |
107 | /* |
812e4bf2 |
108 | * Gradually process the HTTP request as we receive it. |
70322ae3 |
109 | */ |
812e4bf2 |
110 | if (ctx->state == READING_REQ_LINE) { |
111 | /* |
112 | * We're waiting for the first line of the input, which |
113 | * contains the main HTTP request. See if we've got it |
114 | * yet. |
115 | */ |
70322ae3 |
116 | |
812e4bf2 |
117 | line = ctx->data; |
118 | /* |
119 | * RFC 2616 section 4.1: `In the interest of robustness, |
120 | * [...] if the server is reading the protocol stream at |
121 | * the beginning of a message and receives a CRLF first, |
122 | * it should ignore the CRLF.' |
123 | */ |
124 | while (line - ctx->data < ctx->datalen && |
125 | (*line == '\r' || *line == '\n')) |
126 | line++; |
127 | q = line; |
128 | while (q - ctx->data < ctx->datalen && *q != '\n') |
129 | q++; |
130 | if (q - ctx->data >= ctx->datalen) |
131 | return NULL; /* not got request line yet */ |
70322ae3 |
132 | |
812e4bf2 |
133 | /* |
134 | * We've got the first line of the request. Zero-terminate |
135 | * and parse it into method, URL and optional HTTP |
136 | * version. |
137 | */ |
138 | *q = '\0'; |
139 | ctx->headers = q+1; |
140 | if (q > line && q[-1] == '\r') |
141 | *--q = '\0'; |
142 | z1 = z2 = q; |
143 | c1 = c2 = *q; |
144 | p = line; |
145 | while (*p && !isspace((unsigned char)*p)) p++; |
146 | if (*p) { |
147 | z1 = p++; |
148 | c1 = *z1; |
149 | *z1 = '\0'; |
150 | } |
151 | while (*p && isspace((unsigned char)*p)) p++; |
152 | q = p; |
153 | while (*q && !isspace((unsigned char)*q)) q++; |
154 | z2 = q++; |
155 | c2 = *z2; |
156 | *z2 = '\0'; |
157 | while (*q && isspace((unsigned char)*q)) q++; |
158 | |
159 | /* |
160 | * Now `line' points at the method name; p points at the |
161 | * URL, if any; q points at the HTTP version, if any. |
162 | */ |
163 | |
164 | /* |
165 | * There should _be_ a URL, on any request type at all. |
166 | */ |
167 | if (!*p) { |
168 | char *ret, *text; |
169 | /* Restore the request to the way we received it. */ |
170 | *z2 = c2; |
171 | *z1 = c1; |
bf53e756 |
172 | text = dupfmt("<code>" PNAME "</code> received the HTTP request" |
812e4bf2 |
173 | " \"<code>%h</code>\", which contains no URL.", |
174 | line); |
175 | ret = http_error("400", "Bad request", NULL, text); |
176 | sfree(text); |
177 | return ret; |
178 | } |
179 | |
180 | ctx->method = line; |
181 | ctx->url = p; |
182 | |
183 | /* |
184 | * If there was an HTTP version, we might need to see |
185 | * headers. Otherwise, the request is done. |
186 | */ |
187 | if (*q) { |
188 | ctx->state = READING_HEADERS; |
189 | } else { |
190 | ctx->state = DONE; |
191 | } |
70322ae3 |
192 | } |
70322ae3 |
193 | |
812e4bf2 |
194 | if (ctx->state == READING_HEADERS) { |
195 | /* |
196 | * While we're receiving the HTTP request headers, all we |
197 | * do is to keep scanning to see if we find two newlines |
198 | * next to each other. |
199 | */ |
200 | q = ctx->data + ctx->datalen; |
201 | for (p = ctx->headers; p < q; p++) { |
202 | if (*p == '\n' && |
203 | ((p+1 < q && p[1] == '\n') || |
204 | (p+2 < q && p[1] == '\r' && p[2] == '\n'))) { |
205 | p[1] = '\0'; |
206 | ctx->state = DONE; |
207 | break; |
208 | } |
209 | } |
70322ae3 |
210 | } |
211 | |
812e4bf2 |
212 | if (ctx->state == DONE) { |
213 | /* |
214 | * Now we have the entire HTTP request. Decide what to do |
215 | * with it. |
216 | */ |
217 | if (auth_string) { |
218 | /* |
219 | * Search the request headers for Authorization. |
220 | */ |
221 | q = ctx->data + ctx->datalen; |
222 | for (p = ctx->headers; p < q; p++) { |
223 | const char *hdr = "Authorization:"; |
224 | int i; |
225 | for (i = 0; hdr[i]; i++) { |
226 | if (p >= q || tolower((unsigned char)*p) != |
227 | tolower((unsigned char)hdr[i])) |
228 | break; |
229 | p++; |
230 | } |
231 | if (!hdr[i]) |
232 | break; /* found our header */ |
233 | p = memchr(p, '\n', q - p); |
234 | if (!p) |
235 | p = q; |
236 | } |
237 | if (p < q) { |
812e4bf2 |
238 | while (p < q && isspace((unsigned char)*p)) |
239 | p++; |
240 | r = p; |
241 | while (p < q && !isspace((unsigned char)*p)) |
242 | p++; |
243 | if (p < q) { |
244 | *p++ = '\0'; |
245 | if (!strcasecmp(r, "Basic")) { |
246 | while (p < q && isspace((unsigned char)*p)) |
247 | p++; |
248 | r = p; |
249 | while (p < q && !isspace((unsigned char)*p)) |
250 | p++; |
251 | if (p < q) { |
252 | *p++ = '\0'; |
253 | if (!strcmp(r, auth_string)) |
254 | auth_correct = 1; |
255 | } |
256 | } |
257 | } |
258 | } |
259 | } |
260 | |
261 | if (!magic_access && !auth_correct) { |
5a830bf8 |
262 | if (auth_string) { |
812e4bf2 |
263 | ret = http_error("401", "Unauthorized", |
72bd16db |
264 | "WWW-Authenticate: Basic realm=\""PNAME"\"\r\n", |
5a830bf8 |
265 | "\nYou must authenticate to view these pages."); |
812e4bf2 |
266 | } else { |
267 | ret = http_error("403", "Forbidden", NULL, |
268 | "This is a restricted-access set of pages."); |
269 | } |
70322ae3 |
270 | } else { |
812e4bf2 |
271 | p = ctx->url; |
c47f39de |
272 | if (!html_parse_path(ctx->t, p, cfg, &index)) { |
812e4bf2 |
273 | ret = http_error("404", "Not Found", NULL, |
c47f39de |
274 | "This is not a valid pathname."); |
14601b5d |
275 | } else { |
c47f39de |
276 | char *canonpath = html_format_path(ctx->t, cfg, index); |
277 | if (!strcmp(canonpath, p)) { |
278 | /* |
279 | * This is a canonical path. Return the document. |
280 | */ |
281 | document = html_query(ctx->t, index, cfg, 1); |
282 | if (document) { |
283 | ret = http_success("text/html", 1, document); |
284 | sfree(document); |
285 | } else { |
286 | ret = http_error("404", "Not Found", NULL, |
287 | "This is not a valid pathname."); |
288 | } |
289 | } else { |
290 | /* |
291 | * This is a non-canonical path. Return a redirect |
292 | * to the right one. |
293 | * |
294 | * To do this, we must search the request headers |
295 | * for Host:, to see what the client thought it |
296 | * was calling our server. |
297 | */ |
298 | |
299 | char *host = NULL; |
300 | q = ctx->data + ctx->datalen; |
301 | for (p = ctx->headers; p < q; p++) { |
302 | const char *hdr = "Host:"; |
303 | int i; |
304 | for (i = 0; hdr[i]; i++) { |
305 | if (p >= q || tolower((unsigned char)*p) != |
306 | tolower((unsigned char)hdr[i])) |
307 | break; |
308 | p++; |
309 | } |
310 | if (!hdr[i]) |
311 | break; /* found our header */ |
312 | p = memchr(p, '\n', q - p); |
313 | if (!p) |
314 | p = q; |
315 | } |
316 | if (p < q) { |
317 | while (p < q && isspace((unsigned char)*p)) |
318 | p++; |
319 | r = p; |
320 | while (p < q) { |
321 | if (*p == '\r' && (p+1 >= q || p[1] == '\n')) |
322 | break; |
323 | p++; |
324 | } |
325 | host = snewn(p-r+1, char); |
326 | memcpy(host, r, p-r); |
327 | host[p-r] = '\0'; |
328 | } |
329 | if (host) { |
330 | char *header = dupfmt("Location: http://%s%s\r\n", |
331 | host, canonpath); |
332 | ret = http_error("301", "Moved", header, |
333 | "This is not the canonical form of" |
334 | " this pathname."); |
335 | sfree(header); |
336 | } else { |
337 | ret = http_error("400", "Bad Request", NULL, |
338 | "Needed a Host: header to return" |
339 | " the intended redirection."); |
340 | } |
341 | } |
342 | sfree(canonpath); |
812e4bf2 |
343 | } |
70322ae3 |
344 | } |
812e4bf2 |
345 | return ret; |
346 | } else |
347 | return NULL; |
70322ae3 |
348 | } |
349 | |
350 | /* --- Platform support for running a web server. --- */ |
351 | |
352 | enum { FD_CLIENT, FD_LISTENER, FD_CONNECTION }; |
353 | |
354 | struct fd { |
355 | int fd; |
356 | int type; |
357 | int deleted; |
358 | char *wdata; |
359 | int wdatalen, wdatapos; |
360 | int magic_access; |
361 | struct connctx *cctx; |
362 | }; |
363 | |
364 | struct fd *fds = NULL; |
365 | int nfds = 0, fdsize = 0; |
366 | |
367 | struct fd *new_fdstruct(int fd, int type) |
368 | { |
369 | struct fd *ret; |
370 | |
371 | if (nfds >= fdsize) { |
372 | fdsize = nfds * 3 / 2 + 32; |
373 | fds = sresize(fds, fdsize, struct fd); |
374 | } |
375 | |
376 | ret = &fds[nfds++]; |
377 | |
378 | ret->fd = fd; |
379 | ret->type = type; |
380 | ret->wdata = NULL; |
381 | ret->wdatalen = ret->wdatapos = 0; |
382 | ret->cctx = NULL; |
383 | ret->deleted = 0; |
384 | ret->magic_access = 0; |
385 | |
386 | return ret; |
387 | } |
388 | |
812e4bf2 |
389 | int check_owning_uid(int fd, int flip) |
70322ae3 |
390 | { |
6f25b662 |
391 | struct sockaddr_storage sock, peer; |
392 | int connected; |
70322ae3 |
393 | socklen_t addrlen; |
6f25b662 |
394 | char linebuf[4096], matchbuf[128]; |
395 | char *filename; |
396 | int matchcol, uidcol; |
70322ae3 |
397 | FILE *fp; |
398 | |
399 | addrlen = sizeof(sock); |
812e4bf2 |
400 | if (getsockname(fd, (struct sockaddr *)&sock, &addrlen)) { |
70322ae3 |
401 | fprintf(stderr, "getsockname: %s\n", strerror(errno)); |
402 | exit(1); |
403 | } |
404 | addrlen = sizeof(peer); |
6f25b662 |
405 | connected = 1; |
812e4bf2 |
406 | if (getpeername(fd, (struct sockaddr *)&peer, &addrlen)) { |
407 | if (errno == ENOTCONN) { |
6f25b662 |
408 | connected = 0; |
409 | memset(&peer, 0, sizeof(peer)); |
410 | peer.ss_family = sock.ss_family; |
812e4bf2 |
411 | } else { |
412 | fprintf(stderr, "getpeername: %s\n", strerror(errno)); |
413 | exit(1); |
414 | } |
415 | } |
416 | |
417 | if (flip) { |
6f25b662 |
418 | struct sockaddr_storage tmp = sock; |
812e4bf2 |
419 | sock = peer; |
420 | peer = tmp; |
70322ae3 |
421 | } |
422 | |
6f25b662 |
423 | #ifndef NO_IPV4 |
424 | if (peer.ss_family == AF_INET) { |
425 | struct sockaddr_in *sock4 = (struct sockaddr_in *)&sock; |
426 | struct sockaddr_in *peer4 = (struct sockaddr_in *)&peer; |
427 | |
428 | assert(peer4->sin_family == AF_INET); |
429 | |
430 | sprintf(matchbuf, "%08X:%04X %08X:%04X", |
431 | peer4->sin_addr.s_addr, ntohs(peer4->sin_port), |
432 | sock4->sin_addr.s_addr, ntohs(sock4->sin_port)); |
433 | filename = "/proc/net/tcp"; |
434 | matchcol = 6; |
435 | uidcol = 75; |
436 | } else |
437 | #endif |
438 | #ifndef NO_IPV6 |
439 | if (peer.ss_family == AF_INET6) { |
440 | struct sockaddr_in6 *sock6 = (struct sockaddr_in6 *)&sock; |
441 | struct sockaddr_in6 *peer6 = (struct sockaddr_in6 *)&peer; |
442 | char *p; |
443 | |
444 | assert(peer6->sin6_family == AF_INET6); |
445 | |
446 | p = matchbuf; |
447 | for (int i = 0; i < 4; i++) |
448 | p += sprintf(p, "%08X", |
449 | ((uint32_t *)peer6->sin6_addr.s6_addr)[i]); |
450 | p += sprintf(p, ":%04X ", ntohs(peer6->sin6_port)); |
451 | for (int i = 0; i < 4; i++) |
452 | p += sprintf(p, "%08X", |
453 | ((uint32_t *)sock6->sin6_addr.s6_addr)[i]); |
454 | p += sprintf(p, ":%04X", ntohs(sock6->sin6_port)); |
455 | |
456 | filename = "/proc/net/tcp6"; |
457 | matchcol = 6; |
458 | uidcol = 123; |
459 | } else |
460 | #endif |
461 | { |
462 | return -1; /* unidentified family */ |
463 | } |
464 | |
465 | fp = fopen(filename, "r"); |
70322ae3 |
466 | if (fp) { |
467 | while (fgets(linebuf, sizeof(linebuf), fp)) { |
6f25b662 |
468 | if (strlen(linebuf) >= uidcol && |
469 | !strncmp(linebuf+matchcol, matchbuf, strlen(matchbuf))) { |
14601b5d |
470 | fclose(fp); |
6f25b662 |
471 | return atoi(linebuf + uidcol); |
70322ae3 |
472 | } |
473 | } |
14601b5d |
474 | fclose(fp); |
70322ae3 |
475 | } |
812e4bf2 |
476 | |
477 | return -1; |
478 | } |
479 | |
480 | void check_magic_access(struct fd *fd) |
481 | { |
482 | if (check_owning_uid(fd->fd, 0) == getuid()) |
483 | fd->magic_access = 1; |
70322ae3 |
484 | } |
485 | |
812e4bf2 |
486 | static void base64_encode_atom(unsigned char *data, int n, char *out) |
487 | { |
488 | static const char base64_chars[] = |
489 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; |
490 | |
491 | unsigned word; |
492 | |
493 | word = data[0] << 16; |
494 | if (n > 1) |
495 | word |= data[1] << 8; |
496 | if (n > 2) |
497 | word |= data[2]; |
498 | out[0] = base64_chars[(word >> 18) & 0x3F]; |
499 | out[1] = base64_chars[(word >> 12) & 0x3F]; |
500 | if (n > 1) |
501 | out[2] = base64_chars[(word >> 6) & 0x3F]; |
502 | else |
503 | out[2] = '='; |
504 | if (n > 2) |
505 | out[3] = base64_chars[word & 0x3F]; |
506 | else |
507 | out[3] = '='; |
508 | } |
509 | |
6f25b662 |
510 | struct listenfds { |
511 | int v4, v6; |
512 | }; |
513 | |
514 | static int make_listening_sockets(struct listenfds *fds, const char *address, |
515 | const char *portstr, char **outhostname) |
70322ae3 |
516 | { |
6f25b662 |
517 | /* |
518 | * Establish up to 2 listening sockets, for IPv4 and IPv6, on the |
519 | * same arbitrarily selected port. Return them in fds.v4 and |
520 | * fds.v6, with each entry being -1 if that socket was not |
521 | * established at all. Main return value is the port chosen, or <0 |
522 | * if the whole process failed. |
523 | */ |
524 | struct sockaddr_in6 addr6; |
525 | struct sockaddr_in addr4; |
526 | int got_v6, got_v4; |
70322ae3 |
527 | socklen_t addrlen; |
6f25b662 |
528 | int ret, port = 0; |
f2e52893 |
529 | |
70322ae3 |
530 | /* |
6f25b662 |
531 | * Special case of the address parameter: if it's "0.0.0.0", treat |
532 | * it like NULL, because that was how you specified listen-on-any- |
533 | * address in versions before the IPv6 revamp. |
70322ae3 |
534 | */ |
6f25b662 |
535 | { |
536 | int u,v,w,x; |
537 | if (address && |
538 | 4 == sscanf(address, "%d.%d.%d.%d", &u, &v, &w, &x) && |
539 | u==0 && v==0 && w==0 && x==0) |
540 | address = NULL; |
70322ae3 |
541 | } |
6f25b662 |
542 | |
543 | if (portstr && !*portstr) |
544 | portstr = NULL; /* normalise NULL and empty string */ |
545 | |
546 | if (!address) { |
547 | char hostname[HOST_NAME_MAX]; |
548 | if (gethostname(hostname, sizeof(hostname)) < 0) { |
549 | perror("hostname"); |
550 | return -1; |
551 | } |
552 | *outhostname = dupstr(hostname); |
1e8d78b9 |
553 | } else { |
6f25b662 |
554 | *outhostname = dupstr(address); |
1e8d78b9 |
555 | } |
6f25b662 |
556 | |
557 | fds->v6 = fds->v4 = -1; |
558 | got_v6 = got_v4 = 0; |
559 | |
560 | #if defined HAVE_GETADDRINFO |
561 | |
562 | /* |
563 | * Resolve the given address using getaddrinfo, yielding an IPv6 |
564 | * address or an IPv4 one or both. |
565 | */ |
566 | |
567 | struct addrinfo hints; |
568 | struct addrinfo *addrs, *ai; |
569 | hints.ai_family = AF_UNSPEC; |
570 | hints.ai_socktype = SOCK_STREAM; |
571 | hints.ai_protocol = 0; |
572 | hints.ai_flags = AI_PASSIVE; |
712ecaa0 |
573 | ret = getaddrinfo(address, portstr, &hints, &addrs); |
6f25b662 |
574 | if (ret) { |
575 | fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(ret)); |
576 | return -1; |
15e73840 |
577 | } |
6f25b662 |
578 | for (ai = addrs; ai; ai = ai->ai_next) { |
579 | #ifndef NO_IPV6 |
580 | if (!got_v6 && ai->ai_family == AF_INET6) { |
581 | memcpy(&addr6, ai->ai_addr, ai->ai_addrlen); |
582 | if (portstr && !port) |
583 | port = ntohs(addr6.sin6_port); |
584 | got_v6 = 1; |
585 | } |
586 | #endif |
587 | #ifndef NO_IPV4 |
588 | if (!got_v4 && ai->ai_family == AF_INET) { |
589 | memcpy(&addr4, ai->ai_addr, ai->ai_addrlen); |
590 | if (portstr && !port) |
591 | port = ntohs(addr4.sin_port); |
592 | got_v4 = 1; |
593 | } |
14557c01 |
594 | #endif |
70322ae3 |
595 | } |
6f25b662 |
596 | |
597 | #elif defined HAVE_GETHOSTBYNAME |
598 | |
599 | /* |
600 | * IPv4-only setup using inet_addr and gethostbyname. |
601 | */ |
602 | struct hostent *h; |
603 | |
604 | memset(&addr4, 0, sizeof(addr4)); |
605 | addr4.sin_family = AF_INET; |
606 | |
607 | if (!address) { |
608 | addr4.sin_addr.s_addr = htons(INADDR_ANY); |
609 | got_v4 = 1; |
610 | } else if (inet_aton(address, &addr4.sin_addr)) { |
611 | got_v4 = 1; /* numeric address */ |
612 | } else if ((h = gethostbyname(address)) != NULL) { |
613 | memcpy(&addr4.sin_addr, h->h_addr, sizeof(addr4.sin_addr)); |
614 | got_v4 = 1; |
615 | } else { |
616 | fprintf(stderr, "gethostbyname: %s\n", hstrerror(h_errno)); |
617 | return -1; |
70322ae3 |
618 | } |
6f25b662 |
619 | |
620 | if (portstr) { |
621 | struct servent *s; |
622 | if (!portstr[strspn(portstr, "0123456789")]) { |
623 | port = atoi(portstr); |
624 | } else if ((s = getservbyname(portstr, NULL)) != NULL) { |
625 | port = ntohs(s->s_port); |
626 | } else { |
627 | fprintf(stderr, "getservbyname: port '%s' not understood\n", |
628 | portstr); |
629 | return -1; |
630 | } |
70322ae3 |
631 | } |
6f25b662 |
632 | |
633 | #endif |
634 | |
635 | #ifndef NO_IPV6 |
636 | #ifndef NO_IPV4 |
637 | retry: |
638 | #endif |
639 | if (got_v6) { |
640 | fds->v6 = socket(PF_INET6, SOCK_STREAM, 0); |
641 | if (fds->v6 < 0) { |
642 | fprintf(stderr, "socket(PF_INET6): %s\n", strerror(errno)); |
643 | goto done_v6; |
644 | } |
645 | #ifdef IPV6_V6ONLY |
646 | { |
647 | int i = 1; |
648 | if (setsockopt(fds->v6, IPPROTO_IPV6, IPV6_V6ONLY, |
649 | (char *)&i, sizeof(i)) < 0) { |
650 | fprintf(stderr, "setsockopt(IPV6_V6ONLY): %s\n", |
651 | strerror(errno)); |
652 | close(fds->v6); |
653 | fds->v6 = -1; |
654 | goto done_v6; |
655 | } |
656 | } |
657 | #endif /* IPV6_V6ONLY */ |
658 | addr6.sin6_port = htons(port); |
659 | addrlen = sizeof(addr6); |
660 | if (bind(fds->v6, (const struct sockaddr *)&addr6, addrlen) < 0) { |
661 | fprintf(stderr, "bind: %s\n", strerror(errno)); |
662 | close(fds->v6); |
663 | fds->v6 = -1; |
664 | goto done_v6; |
665 | } |
666 | if (listen(fds->v6, 5) < 0) { |
667 | fprintf(stderr, "listen: %s\n", strerror(errno)); |
668 | close(fds->v6); |
669 | fds->v6 = -1; |
670 | goto done_v6; |
671 | } |
672 | if (port == 0) { |
673 | addrlen = sizeof(addr6); |
674 | if (getsockname(fds->v6, (struct sockaddr *)&addr6, |
675 | &addrlen) < 0) { |
676 | fprintf(stderr, "getsockname: %s\n", strerror(errno)); |
677 | close(fds->v6); |
678 | fds->v6 = -1; |
679 | goto done_v6; |
680 | } |
681 | port = ntohs(addr6.sin6_port); |
682 | } |
683 | } |
684 | done_v6: |
685 | #endif |
686 | |
687 | #ifndef NO_IPV4 |
688 | if (got_v4) { |
689 | fds->v4 = socket(PF_INET, SOCK_STREAM, 0); |
690 | if (fds->v4 < 0) { |
691 | fprintf(stderr, "socket(PF_INET): %s\n", strerror(errno)); |
692 | goto done_v4; |
693 | } |
694 | addr4.sin_port = htons(port); |
695 | addrlen = sizeof(addr4); |
696 | if (bind(fds->v4, (const struct sockaddr *)&addr4, addrlen) < 0) { |
697 | #ifndef NO_IPV6 |
698 | if (fds->v6 >= 0) { |
699 | /* |
700 | * If we support both v6 and v4, it's a failure |
701 | * condition if we didn't manage to bind to both. If |
702 | * the port number was arbitrary, we go round and try |
703 | * again. Otherwise, give up. |
704 | */ |
705 | close(fds->v6); |
706 | close(fds->v4); |
707 | fds->v6 = fds->v4 = -1; |
708 | port = 0; |
709 | if (!portstr) |
710 | goto retry; |
711 | } |
712 | #endif |
713 | fprintf(stderr, "bind: %s\n", strerror(errno)); |
714 | close(fds->v4); |
715 | fds->v4 = -1; |
716 | goto done_v4; |
717 | } |
718 | if (listen(fds->v4, 5) < 0) { |
719 | fprintf(stderr, "listen: %s\n", strerror(errno)); |
720 | close(fds->v4); |
721 | fds->v4 = -1; |
722 | goto done_v4; |
723 | } |
724 | if (port == 0) { |
725 | addrlen = sizeof(addr4); |
726 | if (getsockname(fds->v4, (struct sockaddr *)&addr4, |
727 | &addrlen) < 0) { |
728 | fprintf(stderr, "getsockname: %s\n", strerror(errno)); |
729 | close(fds->v4); |
730 | fds->v4 = -1; |
731 | goto done_v4; |
732 | } |
733 | port = ntohs(addr4.sin_port); |
734 | } |
735 | } |
736 | done_v4: |
737 | #endif |
738 | |
739 | if (fds->v6 >= 0 || fds->v4 >= 0) |
740 | return port; |
741 | else |
742 | return -1; |
743 | } |
744 | |
745 | void run_httpd(const void *t, int authmask, const struct httpd_config *dcfg, |
746 | const struct html_config *incfg) |
747 | { |
748 | struct listenfds lfds; |
749 | int ret, port; |
750 | int authtype; |
751 | char *authstring = NULL; |
752 | char *hostname; |
753 | struct sockaddr_in addr; |
754 | socklen_t addrlen; |
755 | struct html_config cfg = *incfg; |
756 | |
757 | /* |
758 | * Establish the listening socket(s) and retrieve its port |
759 | * number. |
760 | */ |
761 | port = make_listening_sockets(&lfds, dcfg->address, dcfg->port, &hostname); |
762 | if (port < 0) |
763 | exit(1); /* already reported an error */ |
764 | |
812e4bf2 |
765 | if ((authmask & HTTPD_AUTH_MAGIC) && |
6f25b662 |
766 | (lfds.v4 < 0 || check_owning_uid(lfds.v4, 1) == getuid()) && |
767 | (lfds.v6 < 0 || check_owning_uid(lfds.v6, 1) == getuid())) { |
812e4bf2 |
768 | authtype = HTTPD_AUTH_MAGIC; |
1e8d78b9 |
769 | if (authmask != HTTPD_AUTH_MAGIC) |
770 | printf("Using Linux /proc/net magic authentication\n"); |
812e4bf2 |
771 | } else if ((authmask & HTTPD_AUTH_BASIC)) { |
1e8d78b9 |
772 | char username[128], password[128], userpassbuf[259]; |
773 | const char *userpass; |
812e4bf2 |
774 | const char *rname; |
775 | unsigned char passbuf[10]; |
776 | int i, j, k, fd; |
777 | |
778 | authtype = HTTPD_AUTH_BASIC; |
779 | |
1e8d78b9 |
780 | if (authmask != HTTPD_AUTH_BASIC) |
781 | printf("Using HTTP Basic authentication\n"); |
782 | |
783 | if (dcfg->basicauthdata) { |
784 | userpass = dcfg->basicauthdata; |
785 | } else { |
bf53e756 |
786 | strcpy(username, PNAME); |
1e8d78b9 |
787 | rname = "/dev/urandom"; |
812e4bf2 |
788 | fd = open(rname, O_RDONLY); |
789 | if (fd < 0) { |
1e8d78b9 |
790 | int err = errno; |
791 | rname = "/dev/random"; |
792 | fd = open(rname, O_RDONLY); |
793 | if (fd < 0) { |
794 | int err2 = errno; |
795 | fprintf(stderr, "/dev/urandom: open: %s\n", strerror(err)); |
796 | fprintf(stderr, "/dev/random: open: %s\n", strerror(err2)); |
797 | exit(1); |
798 | } |
812e4bf2 |
799 | } |
1e8d78b9 |
800 | for (i = 0; i < 10 ;) { |
801 | j = read(fd, passbuf + i, 10 - i); |
802 | if (j <= 0) { |
803 | fprintf(stderr, "%s: read: %s\n", rname, |
804 | j < 0 ? strerror(errno) : "unexpected EOF"); |
805 | exit(1); |
806 | } |
807 | i += j; |
812e4bf2 |
808 | } |
1e8d78b9 |
809 | close(fd); |
810 | for (i = 0; i < 16; i++) { |
811 | /* |
812 | * 32 characters out of the 36 alphanumerics gives |
813 | * me the latitude to discard i,l,o for being too |
814 | * numeric-looking, and w because it has two too |
815 | * many syllables and one too many presidential |
816 | * associations. |
817 | */ |
818 | static const char chars[32] = |
819 | "0123456789abcdefghjkmnpqrstuvxyz"; |
820 | int v = 0; |
821 | |
822 | k = i / 8 * 5; |
823 | for (j = 0; j < 5; j++) |
824 | v |= ((passbuf[k+j] >> (i%8)) & 1) << j; |
825 | |
826 | password[i] = chars[v]; |
827 | } |
828 | password[i] = '\0'; |
829 | |
830 | sprintf(userpassbuf, "%s:%s", username, password); |
831 | userpass = userpassbuf; |
812e4bf2 |
832 | |
1e8d78b9 |
833 | printf("Username: %s\nPassword: %s\n", username, password); |
834 | } |
812e4bf2 |
835 | |
1e8d78b9 |
836 | k = strlen(userpass); |
837 | authstring = snewn(k * 4 / 3 + 16, char); |
812e4bf2 |
838 | for (i = j = 0; i < k ;) { |
839 | int s = k-i < 3 ? k-i : 3; |
1e8d78b9 |
840 | base64_encode_atom((unsigned char *)(userpass+i), s, authstring+j); |
812e4bf2 |
841 | i += s; |
842 | j += 4; |
843 | } |
1e8d78b9 |
844 | authstring[j] = '\0'; |
845 | } else if ((authmask & HTTPD_AUTH_NONE)) { |
812e4bf2 |
846 | authtype = HTTPD_AUTH_NONE; |
1e8d78b9 |
847 | if (authmask != HTTPD_AUTH_NONE) |
848 | printf("Web server is unauthenticated\n"); |
849 | } else { |
bf53e756 |
850 | fprintf(stderr, PNAME ": authentication method not supported\n"); |
1e8d78b9 |
851 | exit(1); |
852 | } |
6f25b662 |
853 | if (port == 80) { |
854 | printf("URL: http://%s/\n", hostname); |
15e73840 |
855 | } else { |
6f25b662 |
856 | printf("URL: http://%s:%d/\n", hostname, port); |
812e4bf2 |
857 | } |
a8a4d6d8 |
858 | fflush(stdout); |
70322ae3 |
859 | |
860 | /* |
6f25b662 |
861 | * Now construct fd structure(s) to hold the listening sockets. |
70322ae3 |
862 | */ |
6f25b662 |
863 | if (lfds.v4 >= 0) |
864 | new_fdstruct(lfds.v4, FD_LISTENER); |
865 | if (lfds.v6 >= 0) |
866 | new_fdstruct(lfds.v6, FD_LISTENER); |
70322ae3 |
867 | |
a8a4d6d8 |
868 | if (dcfg->closeoneof) { |
869 | /* |
870 | * Read from standard input, and treat EOF as a notification |
871 | * to exit. |
872 | */ |
873 | new_fdstruct(0, FD_CLIENT); |
874 | } |
70322ae3 |
875 | |
876 | /* |
877 | * Now we're ready to run our main loop. Keep looping round on |
878 | * select. |
879 | */ |
880 | while (1) { |
881 | fd_set rfds, wfds; |
50e82fdc |
882 | int i, j; |
883 | SELECT_TYPE_ARG1 maxfd; |
884 | int ret; |
70322ae3 |
885 | |
886 | #define FD_SET_MAX(fd, set, max) \ |
887 | do { FD_SET((fd),(set)); (max) = ((max)<=(fd)?(fd)+1:(max)); } while(0) |
888 | |
889 | /* |
890 | * Loop round the fd list putting fds into our select |
891 | * sets. Also in this loop we remove any that were marked |
892 | * as deleted in the previous loop. |
893 | */ |
894 | FD_ZERO(&rfds); |
895 | FD_ZERO(&wfds); |
896 | maxfd = 0; |
897 | for (i = j = 0; j < nfds; j++) { |
898 | |
899 | if (fds[j].deleted) { |
900 | sfree(fds[j].wdata); |
901 | free_connection(fds[j].cctx); |
902 | continue; |
903 | } |
904 | fds[i] = fds[j]; |
905 | |
906 | switch (fds[i].type) { |
907 | case FD_CLIENT: |
15e73840 |
908 | FD_SET_MAX(fds[i].fd, &rfds, maxfd); |
909 | break; |
70322ae3 |
910 | case FD_LISTENER: |
911 | FD_SET_MAX(fds[i].fd, &rfds, maxfd); |
912 | break; |
913 | case FD_CONNECTION: |
914 | /* |
915 | * Always read from a connection socket. Even |
916 | * after we've started writing, the peer might |
917 | * still be sending (e.g. because we shamefully |
918 | * jumped the gun before waiting for the end of |
919 | * the HTTP request) and so we should be prepared |
920 | * to read data and throw it away. |
921 | */ |
922 | FD_SET_MAX(fds[i].fd, &rfds, maxfd); |
923 | /* |
924 | * Also attempt to write, if we have data to write. |
925 | */ |
926 | if (fds[i].wdatapos < fds[i].wdatalen) |
927 | FD_SET_MAX(fds[i].fd, &wfds, maxfd); |
928 | break; |
929 | } |
930 | |
931 | i++; |
932 | } |
933 | nfds = i; |
934 | |
50e82fdc |
935 | ret = select(maxfd, SELECT_TYPE_ARG234 &rfds, |
936 | SELECT_TYPE_ARG234 &wfds, SELECT_TYPE_ARG234 NULL, |
937 | SELECT_TYPE_ARG5 NULL); |
70322ae3 |
938 | if (ret <= 0) { |
939 | if (ret < 0 && (errno != EINTR)) { |
940 | fprintf(stderr, "select: %s", strerror(errno)); |
941 | exit(1); |
942 | } |
943 | continue; |
944 | } |
945 | |
946 | for (i = 0; i < nfds; i++) { |
947 | switch (fds[i].type) { |
948 | case FD_CLIENT: |
949 | if (FD_ISSET(fds[i].fd, &rfds)) { |
950 | char buf[4096]; |
951 | int ret = read(fds[i].fd, buf, sizeof(buf)); |
952 | if (ret <= 0) { |
953 | if (ret < 0) { |
954 | fprintf(stderr, "standard input: read: %s\n", |
955 | strerror(errno)); |
956 | exit(1); |
957 | } |
958 | return; |
959 | } |
960 | } |
961 | break; |
962 | case FD_LISTENER: |
963 | if (FD_ISSET(fds[i].fd, &rfds)) { |
964 | /* |
965 | * New connection has come in. Accept it. |
966 | */ |
967 | struct fd *f; |
968 | struct sockaddr_in addr; |
969 | socklen_t addrlen = sizeof(addr); |
970 | int newfd = accept(fds[i].fd, (struct sockaddr *)&addr, |
971 | &addrlen); |
972 | if (newfd < 0) |
973 | break; /* not sure what happened there */ |
974 | |
975 | f = new_fdstruct(newfd, FD_CONNECTION); |
976 | f->cctx = new_connection(t); |
812e4bf2 |
977 | if (authtype == HTTPD_AUTH_MAGIC) |
978 | check_magic_access(f); |
70322ae3 |
979 | } |
980 | break; |
981 | case FD_CONNECTION: |
982 | if (FD_ISSET(fds[i].fd, &rfds)) { |
983 | /* |
984 | * There's data to be read. |
985 | */ |
986 | char readbuf[4096]; |
987 | int ret; |
988 | |
989 | ret = read(fds[i].fd, readbuf, sizeof(readbuf)); |
990 | if (ret <= 0) { |
991 | /* |
992 | * This shouldn't happen in a sensible |
993 | * HTTP connection, so we abandon the |
994 | * connection if it does. |
995 | */ |
996 | close(fds[i].fd); |
997 | fds[i].deleted = 1; |
998 | break; |
999 | } else { |
1000 | if (!fds[i].wdata) { |
1001 | /* |
1002 | * If we haven't got an HTTP response |
1003 | * yet, keep processing data in the |
1004 | * hope of acquiring one. |
1005 | */ |
812e4bf2 |
1006 | fds[i].wdata = got_data |
1007 | (fds[i].cctx, readbuf, ret, |
1008 | (authtype == HTTPD_AUTH_NONE || |
f2e52893 |
1009 | fds[i].magic_access), authstring, &cfg); |
70322ae3 |
1010 | if (fds[i].wdata) { |
1011 | fds[i].wdatalen = strlen(fds[i].wdata); |
1012 | fds[i].wdatapos = 0; |
1013 | } |
1014 | } else { |
1015 | /* |
1016 | * Otherwise, just drop our read data |
1017 | * on the floor. |
1018 | */ |
1019 | } |
1020 | } |
1021 | } |
1022 | if (FD_ISSET(fds[i].fd, &wfds) && |
1023 | fds[i].wdatapos < fds[i].wdatalen) { |
1024 | /* |
1025 | * The socket is writable, and we have data to |
1026 | * write. Write it. |
1027 | */ |
1028 | int ret = write(fds[i].fd, fds[i].wdata + fds[i].wdatapos, |
1029 | fds[i].wdatalen - fds[i].wdatapos); |
1030 | if (ret <= 0) { |
1031 | /* |
1032 | * Shouldn't happen; abandon the connection. |
1033 | */ |
1034 | close(fds[i].fd); |
1035 | fds[i].deleted = 1; |
1036 | break; |
1037 | } else { |
1038 | fds[i].wdatapos += ret; |
1039 | if (fds[i].wdatapos == fds[i].wdatalen) { |
1040 | shutdown(fds[i].fd, SHUT_WR); |
1041 | } |
1042 | } |
1043 | } |
1044 | break; |
1045 | } |
1046 | } |
1047 | |
1048 | } |
1049 | } |