| 1 | /* |
| 2 | * httpd.c: implementation of httpd.h. |
| 3 | */ |
| 4 | |
| 5 | #include "agedu.h" |
| 6 | #include "alloc.h" |
| 7 | #include "html.h" |
| 8 | #include "httpd.h" |
| 9 | |
| 10 | /* --- Logic driving what the web server's responses are. --- */ |
| 11 | |
| 12 | enum { /* connctx states */ |
| 13 | READING_REQ_LINE, |
| 14 | READING_HEADERS, |
| 15 | DONE |
| 16 | }; |
| 17 | |
| 18 | struct connctx { |
| 19 | const void *t; |
| 20 | char *data; |
| 21 | int datalen, datasize; |
| 22 | char *method, *url, *headers, *auth; |
| 23 | int state; |
| 24 | }; |
| 25 | |
| 26 | /* |
| 27 | * Called when a new connection arrives on a listening socket. |
| 28 | * Returns a connctx for the new connection. |
| 29 | */ |
| 30 | struct connctx *new_connection(const void *t) |
| 31 | { |
| 32 | struct connctx *cctx = snew(struct connctx); |
| 33 | cctx->t = t; |
| 34 | cctx->data = NULL; |
| 35 | cctx->datalen = cctx->datasize = 0; |
| 36 | cctx->state = READING_REQ_LINE; |
| 37 | cctx->method = cctx->url = cctx->headers = cctx->auth = NULL; |
| 38 | return cctx; |
| 39 | } |
| 40 | |
| 41 | void free_connection(struct connctx *cctx) |
| 42 | { |
| 43 | sfree(cctx->data); |
| 44 | sfree(cctx); |
| 45 | } |
| 46 | |
| 47 | static char *http_error(char *code, char *errmsg, char *extraheader, |
| 48 | char *errtext, ...) |
| 49 | { |
| 50 | return dupfmt("HTTP/1.1 %s %s\r\n" |
| 51 | "Date: %D\r\n" |
| 52 | "Server: " PNAME "\r\n" |
| 53 | "Connection: close\r\n" |
| 54 | "%s" |
| 55 | "Content-Type: text/html; charset=US-ASCII\r\n" |
| 56 | "\r\n" |
| 57 | "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n" |
| 58 | "<HTML><HEAD>\r\n" |
| 59 | "<TITLE>%s %s</TITLE>\r\n" |
| 60 | "</HEAD><BODY>\r\n" |
| 61 | "<H1>%s %s</H1>\r\n" |
| 62 | "<P>%s</P>\r\n" |
| 63 | "</BODY></HTML>\r\n", code, errmsg, |
| 64 | extraheader ? extraheader : "", |
| 65 | code, errmsg, code, errmsg, errtext); |
| 66 | } |
| 67 | |
| 68 | static char *http_success(char *mimetype, int stuff_cr, char *document) |
| 69 | { |
| 70 | return dupfmt("HTTP/1.1 200 OK\r\n" |
| 71 | "Date: %D\r\n" |
| 72 | "Expires: %D\r\n" |
| 73 | "Server: " PNAME "\r\n" |
| 74 | "Connection: close\r\n" |
| 75 | "Content-Type: %s\r\n" |
| 76 | "\r\n" |
| 77 | "%S", mimetype, stuff_cr, document); |
| 78 | } |
| 79 | |
| 80 | /* |
| 81 | * Called when data comes in on a connection. |
| 82 | * |
| 83 | * If this function returns NULL, the platform code continues |
| 84 | * reading from the socket. Otherwise, it returns some dynamically |
| 85 | * allocated data which the platform code will then write to the |
| 86 | * socket before closing it. |
| 87 | */ |
| 88 | char *got_data(struct connctx *ctx, char *data, int length, |
| 89 | int magic_access, const char *auth_string, |
| 90 | const struct html_config *cfg) |
| 91 | { |
| 92 | char *line, *p, *q, *r, *z1, *z2, c1, c2; |
| 93 | int auth_correct = 0; |
| 94 | unsigned long index; |
| 95 | char *document, *ret; |
| 96 | |
| 97 | /* |
| 98 | * Add the data we've just received to our buffer. |
| 99 | */ |
| 100 | if (ctx->datasize < ctx->datalen + length) { |
| 101 | ctx->datasize = (ctx->datalen + length) * 3 / 2 + 4096; |
| 102 | ctx->data = sresize(ctx->data, ctx->datasize, char); |
| 103 | } |
| 104 | memcpy(ctx->data + ctx->datalen, data, length); |
| 105 | ctx->datalen += length; |
| 106 | |
| 107 | /* |
| 108 | * Gradually process the HTTP request as we receive it. |
| 109 | */ |
| 110 | if (ctx->state == READING_REQ_LINE) { |
| 111 | /* |
| 112 | * We're waiting for the first line of the input, which |
| 113 | * contains the main HTTP request. See if we've got it |
| 114 | * yet. |
| 115 | */ |
| 116 | |
| 117 | line = ctx->data; |
| 118 | /* |
| 119 | * RFC 2616 section 4.1: `In the interest of robustness, |
| 120 | * [...] if the server is reading the protocol stream at |
| 121 | * the beginning of a message and receives a CRLF first, |
| 122 | * it should ignore the CRLF.' |
| 123 | */ |
| 124 | while (line - ctx->data < ctx->datalen && |
| 125 | (*line == '\r' || *line == '\n')) |
| 126 | line++; |
| 127 | q = line; |
| 128 | while (q - ctx->data < ctx->datalen && *q != '\n') |
| 129 | q++; |
| 130 | if (q - ctx->data >= ctx->datalen) |
| 131 | return NULL; /* not got request line yet */ |
| 132 | |
| 133 | /* |
| 134 | * We've got the first line of the request. Zero-terminate |
| 135 | * and parse it into method, URL and optional HTTP |
| 136 | * version. |
| 137 | */ |
| 138 | *q = '\0'; |
| 139 | ctx->headers = q+1; |
| 140 | if (q > line && q[-1] == '\r') |
| 141 | *--q = '\0'; |
| 142 | z1 = z2 = q; |
| 143 | c1 = c2 = *q; |
| 144 | p = line; |
| 145 | while (*p && !isspace((unsigned char)*p)) p++; |
| 146 | if (*p) { |
| 147 | z1 = p++; |
| 148 | c1 = *z1; |
| 149 | *z1 = '\0'; |
| 150 | } |
| 151 | while (*p && isspace((unsigned char)*p)) p++; |
| 152 | q = p; |
| 153 | while (*q && !isspace((unsigned char)*q)) q++; |
| 154 | z2 = q++; |
| 155 | c2 = *z2; |
| 156 | *z2 = '\0'; |
| 157 | while (*q && isspace((unsigned char)*q)) q++; |
| 158 | |
| 159 | /* |
| 160 | * Now `line' points at the method name; p points at the |
| 161 | * URL, if any; q points at the HTTP version, if any. |
| 162 | */ |
| 163 | |
| 164 | /* |
| 165 | * There should _be_ a URL, on any request type at all. |
| 166 | */ |
| 167 | if (!*p) { |
| 168 | char *ret, *text; |
| 169 | /* Restore the request to the way we received it. */ |
| 170 | *z2 = c2; |
| 171 | *z1 = c1; |
| 172 | text = dupfmt("<code>" PNAME "</code> received the HTTP request" |
| 173 | " \"<code>%h</code>\", which contains no URL.", |
| 174 | line); |
| 175 | ret = http_error("400", "Bad request", NULL, text); |
| 176 | sfree(text); |
| 177 | return ret; |
| 178 | } |
| 179 | |
| 180 | ctx->method = line; |
| 181 | ctx->url = p; |
| 182 | |
| 183 | /* |
| 184 | * If there was an HTTP version, we might need to see |
| 185 | * headers. Otherwise, the request is done. |
| 186 | */ |
| 187 | if (*q) { |
| 188 | ctx->state = READING_HEADERS; |
| 189 | } else { |
| 190 | ctx->state = DONE; |
| 191 | } |
| 192 | } |
| 193 | |
| 194 | if (ctx->state == READING_HEADERS) { |
| 195 | /* |
| 196 | * While we're receiving the HTTP request headers, all we |
| 197 | * do is to keep scanning to see if we find two newlines |
| 198 | * next to each other. |
| 199 | */ |
| 200 | q = ctx->data + ctx->datalen; |
| 201 | for (p = ctx->headers; p < q; p++) { |
| 202 | if (*p == '\n' && |
| 203 | ((p+1 < q && p[1] == '\n') || |
| 204 | (p+2 < q && p[1] == '\r' && p[2] == '\n'))) { |
| 205 | p[1] = '\0'; |
| 206 | ctx->state = DONE; |
| 207 | break; |
| 208 | } |
| 209 | } |
| 210 | } |
| 211 | |
| 212 | if (ctx->state == DONE) { |
| 213 | /* |
| 214 | * Now we have the entire HTTP request. Decide what to do |
| 215 | * with it. |
| 216 | */ |
| 217 | if (auth_string) { |
| 218 | /* |
| 219 | * Search the request headers for Authorization. |
| 220 | */ |
| 221 | q = ctx->data + ctx->datalen; |
| 222 | for (p = ctx->headers; p < q; p++) { |
| 223 | const char *hdr = "Authorization:"; |
| 224 | int i; |
| 225 | for (i = 0; hdr[i]; i++) { |
| 226 | if (p >= q || tolower((unsigned char)*p) != |
| 227 | tolower((unsigned char)hdr[i])) |
| 228 | break; |
| 229 | p++; |
| 230 | } |
| 231 | if (!hdr[i]) |
| 232 | break; /* found our header */ |
| 233 | p = memchr(p, '\n', q - p); |
| 234 | if (!p) |
| 235 | p = q; |
| 236 | } |
| 237 | if (p < q) { |
| 238 | while (p < q && isspace((unsigned char)*p)) |
| 239 | p++; |
| 240 | r = p; |
| 241 | while (p < q && !isspace((unsigned char)*p)) |
| 242 | p++; |
| 243 | if (p < q) { |
| 244 | *p++ = '\0'; |
| 245 | if (!strcasecmp(r, "Basic")) { |
| 246 | while (p < q && isspace((unsigned char)*p)) |
| 247 | p++; |
| 248 | r = p; |
| 249 | while (p < q && !isspace((unsigned char)*p)) |
| 250 | p++; |
| 251 | if (p < q) { |
| 252 | *p++ = '\0'; |
| 253 | if (!strcmp(r, auth_string)) |
| 254 | auth_correct = 1; |
| 255 | } |
| 256 | } |
| 257 | } |
| 258 | } |
| 259 | } |
| 260 | |
| 261 | if (!magic_access && !auth_correct) { |
| 262 | if (auth_string) { |
| 263 | ret = http_error("401", "Unauthorized", |
| 264 | "WWW-Authenticate: Basic realm=\""PNAME"\"\r\n", |
| 265 | "\nYou must authenticate to view these pages."); |
| 266 | } else { |
| 267 | ret = http_error("403", "Forbidden", NULL, |
| 268 | "This is a restricted-access set of pages."); |
| 269 | } |
| 270 | } else { |
| 271 | p = ctx->url; |
| 272 | if (!html_parse_path(ctx->t, p, cfg, &index)) { |
| 273 | ret = http_error("404", "Not Found", NULL, |
| 274 | "This is not a valid pathname."); |
| 275 | } else { |
| 276 | char *canonpath = html_format_path(ctx->t, cfg, index); |
| 277 | if (!strcmp(canonpath, p)) { |
| 278 | /* |
| 279 | * This is a canonical path. Return the document. |
| 280 | */ |
| 281 | document = html_query(ctx->t, index, cfg, 1); |
| 282 | if (document) { |
| 283 | ret = http_success("text/html", 1, document); |
| 284 | sfree(document); |
| 285 | } else { |
| 286 | ret = http_error("404", "Not Found", NULL, |
| 287 | "This is not a valid pathname."); |
| 288 | } |
| 289 | } else { |
| 290 | /* |
| 291 | * This is a non-canonical path. Return a redirect |
| 292 | * to the right one. |
| 293 | * |
| 294 | * To do this, we must search the request headers |
| 295 | * for Host:, to see what the client thought it |
| 296 | * was calling our server. |
| 297 | */ |
| 298 | |
| 299 | char *host = NULL; |
| 300 | q = ctx->data + ctx->datalen; |
| 301 | for (p = ctx->headers; p < q; p++) { |
| 302 | const char *hdr = "Host:"; |
| 303 | int i; |
| 304 | for (i = 0; hdr[i]; i++) { |
| 305 | if (p >= q || tolower((unsigned char)*p) != |
| 306 | tolower((unsigned char)hdr[i])) |
| 307 | break; |
| 308 | p++; |
| 309 | } |
| 310 | if (!hdr[i]) |
| 311 | break; /* found our header */ |
| 312 | p = memchr(p, '\n', q - p); |
| 313 | if (!p) |
| 314 | p = q; |
| 315 | } |
| 316 | if (p < q) { |
| 317 | while (p < q && isspace((unsigned char)*p)) |
| 318 | p++; |
| 319 | r = p; |
| 320 | while (p < q) { |
| 321 | if (*p == '\r' && (p+1 >= q || p[1] == '\n')) |
| 322 | break; |
| 323 | p++; |
| 324 | } |
| 325 | host = snewn(p-r+1, char); |
| 326 | memcpy(host, r, p-r); |
| 327 | host[p-r] = '\0'; |
| 328 | } |
| 329 | if (host) { |
| 330 | char *header = dupfmt("Location: http://%s%s\r\n", |
| 331 | host, canonpath); |
| 332 | ret = http_error("301", "Moved", header, |
| 333 | "This is not the canonical form of" |
| 334 | " this pathname."); |
| 335 | sfree(header); |
| 336 | } else { |
| 337 | ret = http_error("400", "Bad Request", NULL, |
| 338 | "Needed a Host: header to return" |
| 339 | " the intended redirection."); |
| 340 | } |
| 341 | } |
| 342 | sfree(canonpath); |
| 343 | } |
| 344 | } |
| 345 | return ret; |
| 346 | } else |
| 347 | return NULL; |
| 348 | } |
| 349 | |
| 350 | /* --- Platform support for running a web server. --- */ |
| 351 | |
| 352 | enum { FD_CLIENT, FD_LISTENER, FD_CONNECTION }; |
| 353 | |
| 354 | struct fd { |
| 355 | int fd; |
| 356 | int type; |
| 357 | int deleted; |
| 358 | char *wdata; |
| 359 | int wdatalen, wdatapos; |
| 360 | int magic_access; |
| 361 | struct connctx *cctx; |
| 362 | }; |
| 363 | |
| 364 | struct fd *fds = NULL; |
| 365 | int nfds = 0, fdsize = 0; |
| 366 | |
| 367 | struct fd *new_fdstruct(int fd, int type) |
| 368 | { |
| 369 | struct fd *ret; |
| 370 | |
| 371 | if (nfds >= fdsize) { |
| 372 | fdsize = nfds * 3 / 2 + 32; |
| 373 | fds = sresize(fds, fdsize, struct fd); |
| 374 | } |
| 375 | |
| 376 | ret = &fds[nfds++]; |
| 377 | |
| 378 | ret->fd = fd; |
| 379 | ret->type = type; |
| 380 | ret->wdata = NULL; |
| 381 | ret->wdatalen = ret->wdatapos = 0; |
| 382 | ret->cctx = NULL; |
| 383 | ret->deleted = 0; |
| 384 | ret->magic_access = 0; |
| 385 | |
| 386 | return ret; |
| 387 | } |
| 388 | |
| 389 | int check_owning_uid(int fd, int flip) |
| 390 | { |
| 391 | struct sockaddr_storage sock, peer; |
| 392 | int connected; |
| 393 | socklen_t addrlen; |
| 394 | char linebuf[4096], matchbuf[128]; |
| 395 | char *filename; |
| 396 | int matchcol, uidcol; |
| 397 | FILE *fp; |
| 398 | |
| 399 | addrlen = sizeof(sock); |
| 400 | if (getsockname(fd, (struct sockaddr *)&sock, &addrlen)) { |
| 401 | fprintf(stderr, "getsockname: %s\n", strerror(errno)); |
| 402 | exit(1); |
| 403 | } |
| 404 | addrlen = sizeof(peer); |
| 405 | connected = 1; |
| 406 | if (getpeername(fd, (struct sockaddr *)&peer, &addrlen)) { |
| 407 | if (errno == ENOTCONN) { |
| 408 | connected = 0; |
| 409 | memset(&peer, 0, sizeof(peer)); |
| 410 | peer.ss_family = sock.ss_family; |
| 411 | } else { |
| 412 | fprintf(stderr, "getpeername: %s\n", strerror(errno)); |
| 413 | exit(1); |
| 414 | } |
| 415 | } |
| 416 | |
| 417 | if (flip) { |
| 418 | struct sockaddr_storage tmp = sock; |
| 419 | sock = peer; |
| 420 | peer = tmp; |
| 421 | } |
| 422 | |
| 423 | #ifndef NO_IPV4 |
| 424 | if (peer.ss_family == AF_INET) { |
| 425 | struct sockaddr_in *sock4 = (struct sockaddr_in *)&sock; |
| 426 | struct sockaddr_in *peer4 = (struct sockaddr_in *)&peer; |
| 427 | |
| 428 | assert(peer4->sin_family == AF_INET); |
| 429 | |
| 430 | sprintf(matchbuf, "%08X:%04X %08X:%04X", |
| 431 | peer4->sin_addr.s_addr, ntohs(peer4->sin_port), |
| 432 | sock4->sin_addr.s_addr, ntohs(sock4->sin_port)); |
| 433 | filename = "/proc/net/tcp"; |
| 434 | matchcol = 6; |
| 435 | uidcol = 75; |
| 436 | } else |
| 437 | #endif |
| 438 | #ifndef NO_IPV6 |
| 439 | if (peer.ss_family == AF_INET6) { |
| 440 | struct sockaddr_in6 *sock6 = (struct sockaddr_in6 *)&sock; |
| 441 | struct sockaddr_in6 *peer6 = (struct sockaddr_in6 *)&peer; |
| 442 | char *p; |
| 443 | |
| 444 | assert(peer6->sin6_family == AF_INET6); |
| 445 | |
| 446 | p = matchbuf; |
| 447 | for (int i = 0; i < 4; i++) |
| 448 | p += sprintf(p, "%08X", |
| 449 | ((uint32_t *)peer6->sin6_addr.s6_addr)[i]); |
| 450 | p += sprintf(p, ":%04X ", ntohs(peer6->sin6_port)); |
| 451 | for (int i = 0; i < 4; i++) |
| 452 | p += sprintf(p, "%08X", |
| 453 | ((uint32_t *)sock6->sin6_addr.s6_addr)[i]); |
| 454 | p += sprintf(p, ":%04X", ntohs(sock6->sin6_port)); |
| 455 | |
| 456 | filename = "/proc/net/tcp6"; |
| 457 | matchcol = 6; |
| 458 | uidcol = 123; |
| 459 | } else |
| 460 | #endif |
| 461 | { |
| 462 | return -1; /* unidentified family */ |
| 463 | } |
| 464 | |
| 465 | fp = fopen(filename, "r"); |
| 466 | if (fp) { |
| 467 | while (fgets(linebuf, sizeof(linebuf), fp)) { |
| 468 | if (strlen(linebuf) >= uidcol && |
| 469 | !strncmp(linebuf+matchcol, matchbuf, strlen(matchbuf))) { |
| 470 | fclose(fp); |
| 471 | return atoi(linebuf + uidcol); |
| 472 | } |
| 473 | } |
| 474 | fclose(fp); |
| 475 | } |
| 476 | |
| 477 | return -1; |
| 478 | } |
| 479 | |
| 480 | void check_magic_access(struct fd *fd) |
| 481 | { |
| 482 | if (check_owning_uid(fd->fd, 0) == getuid()) |
| 483 | fd->magic_access = 1; |
| 484 | } |
| 485 | |
| 486 | static void base64_encode_atom(unsigned char *data, int n, char *out) |
| 487 | { |
| 488 | static const char base64_chars[] = |
| 489 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; |
| 490 | |
| 491 | unsigned word; |
| 492 | |
| 493 | word = data[0] << 16; |
| 494 | if (n > 1) |
| 495 | word |= data[1] << 8; |
| 496 | if (n > 2) |
| 497 | word |= data[2]; |
| 498 | out[0] = base64_chars[(word >> 18) & 0x3F]; |
| 499 | out[1] = base64_chars[(word >> 12) & 0x3F]; |
| 500 | if (n > 1) |
| 501 | out[2] = base64_chars[(word >> 6) & 0x3F]; |
| 502 | else |
| 503 | out[2] = '='; |
| 504 | if (n > 2) |
| 505 | out[3] = base64_chars[word & 0x3F]; |
| 506 | else |
| 507 | out[3] = '='; |
| 508 | } |
| 509 | |
| 510 | struct listenfds { |
| 511 | int v4, v6; |
| 512 | }; |
| 513 | |
| 514 | static int make_listening_sockets(struct listenfds *fds, const char *address, |
| 515 | const char *portstr, char **outhostname) |
| 516 | { |
| 517 | /* |
| 518 | * Establish up to 2 listening sockets, for IPv4 and IPv6, on the |
| 519 | * same arbitrarily selected port. Return them in fds.v4 and |
| 520 | * fds.v6, with each entry being -1 if that socket was not |
| 521 | * established at all. Main return value is the port chosen, or <0 |
| 522 | * if the whole process failed. |
| 523 | */ |
| 524 | struct sockaddr_in6 addr6; |
| 525 | struct sockaddr_in addr4; |
| 526 | int got_v6, got_v4; |
| 527 | socklen_t addrlen; |
| 528 | int ret, port = 0; |
| 529 | |
| 530 | /* |
| 531 | * Special case of the address parameter: if it's "0.0.0.0", treat |
| 532 | * it like NULL, because that was how you specified listen-on-any- |
| 533 | * address in versions before the IPv6 revamp. |
| 534 | */ |
| 535 | { |
| 536 | int u,v,w,x; |
| 537 | if (address && |
| 538 | 4 == sscanf(address, "%d.%d.%d.%d", &u, &v, &w, &x) && |
| 539 | u==0 && v==0 && w==0 && x==0) |
| 540 | address = NULL; |
| 541 | } |
| 542 | |
| 543 | if (portstr && !*portstr) |
| 544 | portstr = NULL; /* normalise NULL and empty string */ |
| 545 | |
| 546 | if (!address) { |
| 547 | char hostname[HOST_NAME_MAX]; |
| 548 | if (gethostname(hostname, sizeof(hostname)) < 0) { |
| 549 | perror("hostname"); |
| 550 | return -1; |
| 551 | } |
| 552 | *outhostname = dupstr(hostname); |
| 553 | } else { |
| 554 | *outhostname = dupstr(address); |
| 555 | } |
| 556 | |
| 557 | fds->v6 = fds->v4 = -1; |
| 558 | got_v6 = got_v4 = 0; |
| 559 | |
| 560 | #if defined HAVE_GETADDRINFO |
| 561 | |
| 562 | /* |
| 563 | * Resolve the given address using getaddrinfo, yielding an IPv6 |
| 564 | * address or an IPv4 one or both. |
| 565 | */ |
| 566 | |
| 567 | struct addrinfo hints; |
| 568 | struct addrinfo *addrs, *ai; |
| 569 | hints.ai_family = AF_UNSPEC; |
| 570 | hints.ai_socktype = SOCK_STREAM; |
| 571 | hints.ai_protocol = 0; |
| 572 | hints.ai_flags = AI_PASSIVE; |
| 573 | ret = getaddrinfo(address, portstr, &hints, &addrs); |
| 574 | if (ret) { |
| 575 | fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(ret)); |
| 576 | return -1; |
| 577 | } |
| 578 | for (ai = addrs; ai; ai = ai->ai_next) { |
| 579 | #ifndef NO_IPV6 |
| 580 | if (!got_v6 && ai->ai_family == AF_INET6) { |
| 581 | memcpy(&addr6, ai->ai_addr, ai->ai_addrlen); |
| 582 | if (portstr && !port) |
| 583 | port = ntohs(addr6.sin6_port); |
| 584 | got_v6 = 1; |
| 585 | } |
| 586 | #endif |
| 587 | #ifndef NO_IPV4 |
| 588 | if (!got_v4 && ai->ai_family == AF_INET) { |
| 589 | memcpy(&addr4, ai->ai_addr, ai->ai_addrlen); |
| 590 | if (portstr && !port) |
| 591 | port = ntohs(addr4.sin_port); |
| 592 | got_v4 = 1; |
| 593 | } |
| 594 | #endif |
| 595 | } |
| 596 | |
| 597 | #elif defined HAVE_GETHOSTBYNAME |
| 598 | |
| 599 | /* |
| 600 | * IPv4-only setup using inet_addr and gethostbyname. |
| 601 | */ |
| 602 | struct hostent *h; |
| 603 | |
| 604 | memset(&addr4, 0, sizeof(addr4)); |
| 605 | addr4.sin_family = AF_INET; |
| 606 | |
| 607 | if (!address) { |
| 608 | addr4.sin_addr.s_addr = htons(INADDR_ANY); |
| 609 | got_v4 = 1; |
| 610 | } else if (inet_aton(address, &addr4.sin_addr)) { |
| 611 | got_v4 = 1; /* numeric address */ |
| 612 | } else if ((h = gethostbyname(address)) != NULL) { |
| 613 | memcpy(&addr4.sin_addr, h->h_addr, sizeof(addr4.sin_addr)); |
| 614 | got_v4 = 1; |
| 615 | } else { |
| 616 | fprintf(stderr, "gethostbyname: %s\n", hstrerror(h_errno)); |
| 617 | return -1; |
| 618 | } |
| 619 | |
| 620 | if (portstr) { |
| 621 | struct servent *s; |
| 622 | if (!portstr[strspn(portstr, "0123456789")]) { |
| 623 | port = atoi(portstr); |
| 624 | } else if ((s = getservbyname(portstr, NULL)) != NULL) { |
| 625 | port = ntohs(s->s_port); |
| 626 | } else { |
| 627 | fprintf(stderr, "getservbyname: port '%s' not understood\n", |
| 628 | portstr); |
| 629 | return -1; |
| 630 | } |
| 631 | } |
| 632 | |
| 633 | #endif |
| 634 | |
| 635 | #ifndef NO_IPV6 |
| 636 | #ifndef NO_IPV4 |
| 637 | retry: |
| 638 | #endif |
| 639 | if (got_v6) { |
| 640 | fds->v6 = socket(PF_INET6, SOCK_STREAM, 0); |
| 641 | if (fds->v6 < 0) { |
| 642 | fprintf(stderr, "socket(PF_INET6): %s\n", strerror(errno)); |
| 643 | goto done_v6; |
| 644 | } |
| 645 | #ifdef IPV6_V6ONLY |
| 646 | { |
| 647 | int i = 1; |
| 648 | if (setsockopt(fds->v6, IPPROTO_IPV6, IPV6_V6ONLY, |
| 649 | (char *)&i, sizeof(i)) < 0) { |
| 650 | fprintf(stderr, "setsockopt(IPV6_V6ONLY): %s\n", |
| 651 | strerror(errno)); |
| 652 | close(fds->v6); |
| 653 | fds->v6 = -1; |
| 654 | goto done_v6; |
| 655 | } |
| 656 | } |
| 657 | #endif /* IPV6_V6ONLY */ |
| 658 | addr6.sin6_port = htons(port); |
| 659 | addrlen = sizeof(addr6); |
| 660 | if (bind(fds->v6, (const struct sockaddr *)&addr6, addrlen) < 0) { |
| 661 | fprintf(stderr, "bind: %s\n", strerror(errno)); |
| 662 | close(fds->v6); |
| 663 | fds->v6 = -1; |
| 664 | goto done_v6; |
| 665 | } |
| 666 | if (listen(fds->v6, 5) < 0) { |
| 667 | fprintf(stderr, "listen: %s\n", strerror(errno)); |
| 668 | close(fds->v6); |
| 669 | fds->v6 = -1; |
| 670 | goto done_v6; |
| 671 | } |
| 672 | if (port == 0) { |
| 673 | addrlen = sizeof(addr6); |
| 674 | if (getsockname(fds->v6, (struct sockaddr *)&addr6, |
| 675 | &addrlen) < 0) { |
| 676 | fprintf(stderr, "getsockname: %s\n", strerror(errno)); |
| 677 | close(fds->v6); |
| 678 | fds->v6 = -1; |
| 679 | goto done_v6; |
| 680 | } |
| 681 | port = ntohs(addr6.sin6_port); |
| 682 | } |
| 683 | } |
| 684 | done_v6: |
| 685 | #endif |
| 686 | |
| 687 | #ifndef NO_IPV4 |
| 688 | if (got_v4) { |
| 689 | fds->v4 = socket(PF_INET, SOCK_STREAM, 0); |
| 690 | if (fds->v4 < 0) { |
| 691 | fprintf(stderr, "socket(PF_INET): %s\n", strerror(errno)); |
| 692 | goto done_v4; |
| 693 | } |
| 694 | addr4.sin_port = htons(port); |
| 695 | addrlen = sizeof(addr4); |
| 696 | if (bind(fds->v4, (const struct sockaddr *)&addr4, addrlen) < 0) { |
| 697 | #ifndef NO_IPV6 |
| 698 | if (fds->v6 >= 0) { |
| 699 | /* |
| 700 | * If we support both v6 and v4, it's a failure |
| 701 | * condition if we didn't manage to bind to both. If |
| 702 | * the port number was arbitrary, we go round and try |
| 703 | * again. Otherwise, give up. |
| 704 | */ |
| 705 | close(fds->v6); |
| 706 | close(fds->v4); |
| 707 | fds->v6 = fds->v4 = -1; |
| 708 | port = 0; |
| 709 | if (!portstr) |
| 710 | goto retry; |
| 711 | } |
| 712 | #endif |
| 713 | fprintf(stderr, "bind: %s\n", strerror(errno)); |
| 714 | close(fds->v4); |
| 715 | fds->v4 = -1; |
| 716 | goto done_v4; |
| 717 | } |
| 718 | if (listen(fds->v4, 5) < 0) { |
| 719 | fprintf(stderr, "listen: %s\n", strerror(errno)); |
| 720 | close(fds->v4); |
| 721 | fds->v4 = -1; |
| 722 | goto done_v4; |
| 723 | } |
| 724 | if (port == 0) { |
| 725 | addrlen = sizeof(addr4); |
| 726 | if (getsockname(fds->v4, (struct sockaddr *)&addr4, |
| 727 | &addrlen) < 0) { |
| 728 | fprintf(stderr, "getsockname: %s\n", strerror(errno)); |
| 729 | close(fds->v4); |
| 730 | fds->v4 = -1; |
| 731 | goto done_v4; |
| 732 | } |
| 733 | port = ntohs(addr4.sin_port); |
| 734 | } |
| 735 | } |
| 736 | done_v4: |
| 737 | #endif |
| 738 | |
| 739 | if (fds->v6 >= 0 || fds->v4 >= 0) |
| 740 | return port; |
| 741 | else |
| 742 | return -1; |
| 743 | } |
| 744 | |
| 745 | void run_httpd(const void *t, int authmask, const struct httpd_config *dcfg, |
| 746 | const struct html_config *incfg) |
| 747 | { |
| 748 | struct listenfds lfds; |
| 749 | int ret, port; |
| 750 | int authtype; |
| 751 | char *authstring = NULL; |
| 752 | char *hostname; |
| 753 | struct sockaddr_in addr; |
| 754 | socklen_t addrlen; |
| 755 | struct html_config cfg = *incfg; |
| 756 | |
| 757 | /* |
| 758 | * Establish the listening socket(s) and retrieve its port |
| 759 | * number. |
| 760 | */ |
| 761 | port = make_listening_sockets(&lfds, dcfg->address, dcfg->port, &hostname); |
| 762 | if (port < 0) |
| 763 | exit(1); /* already reported an error */ |
| 764 | |
| 765 | if ((authmask & HTTPD_AUTH_MAGIC) && |
| 766 | (lfds.v4 < 0 || check_owning_uid(lfds.v4, 1) == getuid()) && |
| 767 | (lfds.v6 < 0 || check_owning_uid(lfds.v6, 1) == getuid())) { |
| 768 | authtype = HTTPD_AUTH_MAGIC; |
| 769 | if (authmask != HTTPD_AUTH_MAGIC) |
| 770 | printf("Using Linux /proc/net magic authentication\n"); |
| 771 | } else if ((authmask & HTTPD_AUTH_BASIC)) { |
| 772 | char username[128], password[128], userpassbuf[259]; |
| 773 | const char *userpass; |
| 774 | const char *rname; |
| 775 | unsigned char passbuf[10]; |
| 776 | int i, j, k, fd; |
| 777 | |
| 778 | authtype = HTTPD_AUTH_BASIC; |
| 779 | |
| 780 | if (authmask != HTTPD_AUTH_BASIC) |
| 781 | printf("Using HTTP Basic authentication\n"); |
| 782 | |
| 783 | if (dcfg->basicauthdata) { |
| 784 | userpass = dcfg->basicauthdata; |
| 785 | } else { |
| 786 | strcpy(username, PNAME); |
| 787 | rname = "/dev/urandom"; |
| 788 | fd = open(rname, O_RDONLY); |
| 789 | if (fd < 0) { |
| 790 | int err = errno; |
| 791 | rname = "/dev/random"; |
| 792 | fd = open(rname, O_RDONLY); |
| 793 | if (fd < 0) { |
| 794 | int err2 = errno; |
| 795 | fprintf(stderr, "/dev/urandom: open: %s\n", strerror(err)); |
| 796 | fprintf(stderr, "/dev/random: open: %s\n", strerror(err2)); |
| 797 | exit(1); |
| 798 | } |
| 799 | } |
| 800 | for (i = 0; i < 10 ;) { |
| 801 | j = read(fd, passbuf + i, 10 - i); |
| 802 | if (j <= 0) { |
| 803 | fprintf(stderr, "%s: read: %s\n", rname, |
| 804 | j < 0 ? strerror(errno) : "unexpected EOF"); |
| 805 | exit(1); |
| 806 | } |
| 807 | i += j; |
| 808 | } |
| 809 | close(fd); |
| 810 | for (i = 0; i < 16; i++) { |
| 811 | /* |
| 812 | * 32 characters out of the 36 alphanumerics gives |
| 813 | * me the latitude to discard i,l,o for being too |
| 814 | * numeric-looking, and w because it has two too |
| 815 | * many syllables and one too many presidential |
| 816 | * associations. |
| 817 | */ |
| 818 | static const char chars[32] = |
| 819 | "0123456789abcdefghjkmnpqrstuvxyz"; |
| 820 | int v = 0; |
| 821 | |
| 822 | k = i / 8 * 5; |
| 823 | for (j = 0; j < 5; j++) |
| 824 | v |= ((passbuf[k+j] >> (i%8)) & 1) << j; |
| 825 | |
| 826 | password[i] = chars[v]; |
| 827 | } |
| 828 | password[i] = '\0'; |
| 829 | |
| 830 | sprintf(userpassbuf, "%s:%s", username, password); |
| 831 | userpass = userpassbuf; |
| 832 | |
| 833 | printf("Username: %s\nPassword: %s\n", username, password); |
| 834 | } |
| 835 | |
| 836 | k = strlen(userpass); |
| 837 | authstring = snewn(k * 4 / 3 + 16, char); |
| 838 | for (i = j = 0; i < k ;) { |
| 839 | int s = k-i < 3 ? k-i : 3; |
| 840 | base64_encode_atom((unsigned char *)(userpass+i), s, authstring+j); |
| 841 | i += s; |
| 842 | j += 4; |
| 843 | } |
| 844 | authstring[j] = '\0'; |
| 845 | } else if ((authmask & HTTPD_AUTH_NONE)) { |
| 846 | authtype = HTTPD_AUTH_NONE; |
| 847 | if (authmask != HTTPD_AUTH_NONE) |
| 848 | printf("Web server is unauthenticated\n"); |
| 849 | } else { |
| 850 | fprintf(stderr, PNAME ": authentication method not supported\n"); |
| 851 | exit(1); |
| 852 | } |
| 853 | if (port == 80) { |
| 854 | printf("URL: http://%s/\n", hostname); |
| 855 | } else { |
| 856 | printf("URL: http://%s:%d/\n", hostname, port); |
| 857 | } |
| 858 | fflush(stdout); |
| 859 | |
| 860 | /* |
| 861 | * Now construct fd structure(s) to hold the listening sockets. |
| 862 | */ |
| 863 | if (lfds.v4 >= 0) |
| 864 | new_fdstruct(lfds.v4, FD_LISTENER); |
| 865 | if (lfds.v6 >= 0) |
| 866 | new_fdstruct(lfds.v6, FD_LISTENER); |
| 867 | |
| 868 | if (dcfg->closeoneof) { |
| 869 | /* |
| 870 | * Read from standard input, and treat EOF as a notification |
| 871 | * to exit. |
| 872 | */ |
| 873 | new_fdstruct(0, FD_CLIENT); |
| 874 | } |
| 875 | |
| 876 | /* |
| 877 | * Now we're ready to run our main loop. Keep looping round on |
| 878 | * select. |
| 879 | */ |
| 880 | while (1) { |
| 881 | fd_set rfds, wfds; |
| 882 | int i, j; |
| 883 | SELECT_TYPE_ARG1 maxfd; |
| 884 | int ret; |
| 885 | |
| 886 | #define FD_SET_MAX(fd, set, max) \ |
| 887 | do { FD_SET((fd),(set)); (max) = ((max)<=(fd)?(fd)+1:(max)); } while(0) |
| 888 | |
| 889 | /* |
| 890 | * Loop round the fd list putting fds into our select |
| 891 | * sets. Also in this loop we remove any that were marked |
| 892 | * as deleted in the previous loop. |
| 893 | */ |
| 894 | FD_ZERO(&rfds); |
| 895 | FD_ZERO(&wfds); |
| 896 | maxfd = 0; |
| 897 | for (i = j = 0; j < nfds; j++) { |
| 898 | |
| 899 | if (fds[j].deleted) { |
| 900 | sfree(fds[j].wdata); |
| 901 | free_connection(fds[j].cctx); |
| 902 | continue; |
| 903 | } |
| 904 | fds[i] = fds[j]; |
| 905 | |
| 906 | switch (fds[i].type) { |
| 907 | case FD_CLIENT: |
| 908 | FD_SET_MAX(fds[i].fd, &rfds, maxfd); |
| 909 | break; |
| 910 | case FD_LISTENER: |
| 911 | FD_SET_MAX(fds[i].fd, &rfds, maxfd); |
| 912 | break; |
| 913 | case FD_CONNECTION: |
| 914 | /* |
| 915 | * Always read from a connection socket. Even |
| 916 | * after we've started writing, the peer might |
| 917 | * still be sending (e.g. because we shamefully |
| 918 | * jumped the gun before waiting for the end of |
| 919 | * the HTTP request) and so we should be prepared |
| 920 | * to read data and throw it away. |
| 921 | */ |
| 922 | FD_SET_MAX(fds[i].fd, &rfds, maxfd); |
| 923 | /* |
| 924 | * Also attempt to write, if we have data to write. |
| 925 | */ |
| 926 | if (fds[i].wdatapos < fds[i].wdatalen) |
| 927 | FD_SET_MAX(fds[i].fd, &wfds, maxfd); |
| 928 | break; |
| 929 | } |
| 930 | |
| 931 | i++; |
| 932 | } |
| 933 | nfds = i; |
| 934 | |
| 935 | ret = select(maxfd, SELECT_TYPE_ARG234 &rfds, |
| 936 | SELECT_TYPE_ARG234 &wfds, SELECT_TYPE_ARG234 NULL, |
| 937 | SELECT_TYPE_ARG5 NULL); |
| 938 | if (ret <= 0) { |
| 939 | if (ret < 0 && (errno != EINTR)) { |
| 940 | fprintf(stderr, "select: %s", strerror(errno)); |
| 941 | exit(1); |
| 942 | } |
| 943 | continue; |
| 944 | } |
| 945 | |
| 946 | for (i = 0; i < nfds; i++) { |
| 947 | switch (fds[i].type) { |
| 948 | case FD_CLIENT: |
| 949 | if (FD_ISSET(fds[i].fd, &rfds)) { |
| 950 | char buf[4096]; |
| 951 | int ret = read(fds[i].fd, buf, sizeof(buf)); |
| 952 | if (ret <= 0) { |
| 953 | if (ret < 0) { |
| 954 | fprintf(stderr, "standard input: read: %s\n", |
| 955 | strerror(errno)); |
| 956 | exit(1); |
| 957 | } |
| 958 | return; |
| 959 | } |
| 960 | } |
| 961 | break; |
| 962 | case FD_LISTENER: |
| 963 | if (FD_ISSET(fds[i].fd, &rfds)) { |
| 964 | /* |
| 965 | * New connection has come in. Accept it. |
| 966 | */ |
| 967 | struct fd *f; |
| 968 | struct sockaddr_in addr; |
| 969 | socklen_t addrlen = sizeof(addr); |
| 970 | int newfd = accept(fds[i].fd, (struct sockaddr *)&addr, |
| 971 | &addrlen); |
| 972 | if (newfd < 0) |
| 973 | break; /* not sure what happened there */ |
| 974 | |
| 975 | f = new_fdstruct(newfd, FD_CONNECTION); |
| 976 | f->cctx = new_connection(t); |
| 977 | if (authtype == HTTPD_AUTH_MAGIC) |
| 978 | check_magic_access(f); |
| 979 | } |
| 980 | break; |
| 981 | case FD_CONNECTION: |
| 982 | if (FD_ISSET(fds[i].fd, &rfds)) { |
| 983 | /* |
| 984 | * There's data to be read. |
| 985 | */ |
| 986 | char readbuf[4096]; |
| 987 | int ret; |
| 988 | |
| 989 | ret = read(fds[i].fd, readbuf, sizeof(readbuf)); |
| 990 | if (ret <= 0) { |
| 991 | /* |
| 992 | * This shouldn't happen in a sensible |
| 993 | * HTTP connection, so we abandon the |
| 994 | * connection if it does. |
| 995 | */ |
| 996 | close(fds[i].fd); |
| 997 | fds[i].deleted = 1; |
| 998 | break; |
| 999 | } else { |
| 1000 | if (!fds[i].wdata) { |
| 1001 | /* |
| 1002 | * If we haven't got an HTTP response |
| 1003 | * yet, keep processing data in the |
| 1004 | * hope of acquiring one. |
| 1005 | */ |
| 1006 | fds[i].wdata = got_data |
| 1007 | (fds[i].cctx, readbuf, ret, |
| 1008 | (authtype == HTTPD_AUTH_NONE || |
| 1009 | fds[i].magic_access), authstring, &cfg); |
| 1010 | if (fds[i].wdata) { |
| 1011 | fds[i].wdatalen = strlen(fds[i].wdata); |
| 1012 | fds[i].wdatapos = 0; |
| 1013 | } |
| 1014 | } else { |
| 1015 | /* |
| 1016 | * Otherwise, just drop our read data |
| 1017 | * on the floor. |
| 1018 | */ |
| 1019 | } |
| 1020 | } |
| 1021 | } |
| 1022 | if (FD_ISSET(fds[i].fd, &wfds) && |
| 1023 | fds[i].wdatapos < fds[i].wdatalen) { |
| 1024 | /* |
| 1025 | * The socket is writable, and we have data to |
| 1026 | * write. Write it. |
| 1027 | */ |
| 1028 | int ret = write(fds[i].fd, fds[i].wdata + fds[i].wdatapos, |
| 1029 | fds[i].wdatalen - fds[i].wdatapos); |
| 1030 | if (ret <= 0) { |
| 1031 | /* |
| 1032 | * Shouldn't happen; abandon the connection. |
| 1033 | */ |
| 1034 | close(fds[i].fd); |
| 1035 | fds[i].deleted = 1; |
| 1036 | break; |
| 1037 | } else { |
| 1038 | fds[i].wdatapos += ret; |
| 1039 | if (fds[i].wdatapos == fds[i].wdatalen) { |
| 1040 | shutdown(fds[i].fd, SHUT_WR); |
| 1041 | } |
| 1042 | } |
| 1043 | } |
| 1044 | break; |
| 1045 | } |
| 1046 | } |
| 1047 | |
| 1048 | } |
| 1049 | } |