~mdw / sgt / agedu / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fiddle about with the configure script so it notices the need for
[sgt/agedu] / httpd.c
1 /*
2 * httpd.c: implementation of httpd.h.
3 */
4
5 #include "agedu.h"
6 #include "alloc.h"
7 #include "html.h"
8 #include "httpd.h"
9
10 /* --- Logic driving what the web server's responses are. --- */
11
12 enum { /* connctx states */
13 READING_REQ_LINE,
14 READING_HEADERS,
15 DONE
16 };
17
18 struct connctx {
19 const void *t;
20 char *data;
21 int datalen, datasize;
22 char *method, *url, *headers, *auth;
23 int state;
24 };
25
26 /*
27 * Called when a new connection arrives on a listening socket.
28 * Returns a connctx for the new connection.
29 */
30 struct connctx *new_connection(const void *t)
31 {
32 struct connctx *cctx = snew(struct connctx);
33 cctx->t = t;
34 cctx->data = NULL;
35 cctx->datalen = cctx->datasize = 0;
36 cctx->state = READING_REQ_LINE;
37 cctx->method = cctx->url = cctx->headers = cctx->auth = NULL;
38 return cctx;
39 }
40
41 void free_connection(struct connctx *cctx)
42 {
43 sfree(cctx->data);
44 sfree(cctx);
45 }
46
47 static char *http_error(char *code, char *errmsg, char *extraheader,
48 char *errtext, ...)
49 {
50 return dupfmt("HTTP/1.1 %s %s\r\n"
51 "Date: %D\r\n"
52 "Server: " PNAME "\r\n"
53 "Connection: close\r\n"
54 "%s"
55 "Content-Type: text/html; charset=US-ASCII\r\n"
56 "\r\n"
57 "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n"
58 "<HTML><HEAD>\r\n"
59 "<TITLE>%s %s</TITLE>\r\n"
60 "</HEAD><BODY>\r\n"
61 "<H1>%s %s</H1>\r\n"
62 "<P>%s</P>\r\n"
63 "</BODY></HTML>\r\n", code, errmsg,
64 extraheader ? extraheader : "",
65 code, errmsg, code, errmsg, errtext);
66 }
67
68 static char *http_success(char *mimetype, int stuff_cr, char *document)
69 {
70 return dupfmt("HTTP/1.1 200 OK\r\n"
71 "Date: %D\r\n"
72 "Expires: %D\r\n"
73 "Server: " PNAME "\r\n"
74 "Connection: close\r\n"
75 "Content-Type: %s\r\n"
76 "\r\n"
77 "%S", mimetype, stuff_cr, document);
78 }
79
80 /*
81 * Called when data comes in on a connection.
82 *
83 * If this function returns NULL, the platform code continues
84 * reading from the socket. Otherwise, it returns some dynamically
85 * allocated data which the platform code will then write to the
86 * socket before closing it.
87 */
88 char *got_data(struct connctx *ctx, char *data, int length,
89 int magic_access, const char *auth_string,
90 const struct html_config *cfg)
91 {
92 char *line, *p, *q, *r, *z1, *z2, c1, c2;
93 int auth_correct = 0;
94 unsigned long index;
95 char *document, *ret;
96
97 /*
98 * Add the data we've just received to our buffer.
99 */
100 if (ctx->datasize < ctx->datalen + length) {
101 ctx->datasize = (ctx->datalen + length) * 3 / 2 + 4096;
102 ctx->data = sresize(ctx->data, ctx->datasize, char);
103 }
104 memcpy(ctx->data + ctx->datalen, data, length);
105 ctx->datalen += length;
106
107 /*
108 * Gradually process the HTTP request as we receive it.
109 */
110 if (ctx->state == READING_REQ_LINE) {
111 /*
112 * We're waiting for the first line of the input, which
113 * contains the main HTTP request. See if we've got it
114 * yet.
115 */
116
117 line = ctx->data;
118 /*
119 * RFC 2616 section 4.1: `In the interest of robustness,
120 * [...] if the server is reading the protocol stream at
121 * the beginning of a message and receives a CRLF first,
122 * it should ignore the CRLF.'
123 */
124 while (line - ctx->data < ctx->datalen &&
125 (*line == '\r' || *line == '\n'))
126 line++;
127 q = line;
128 while (q - ctx->data < ctx->datalen && *q != '\n')
129 q++;
130 if (q - ctx->data >= ctx->datalen)
131 return NULL; /* not got request line yet */
132
133 /*
134 * We've got the first line of the request. Zero-terminate
135 * and parse it into method, URL and optional HTTP
136 * version.
137 */
138 *q = '\0';
139 ctx->headers = q+1;
140 if (q > line && q[-1] == '\r')
141 *--q = '\0';
142 z1 = z2 = q;
143 c1 = c2 = *q;
144 p = line;
145 while (*p && !isspace((unsigned char)*p)) p++;
146 if (*p) {
147 z1 = p++;
148 c1 = *z1;
149 *z1 = '\0';
150 }
151 while (*p && isspace((unsigned char)*p)) p++;
152 q = p;
153 while (*q && !isspace((unsigned char)*q)) q++;
154 z2 = q++;
155 c2 = *z2;
156 *z2 = '\0';
157 while (*q && isspace((unsigned char)*q)) q++;
158
159 /*
160 * Now `line' points at the method name; p points at the
161 * URL, if any; q points at the HTTP version, if any.
162 */
163
164 /*
165 * There should _be_ a URL, on any request type at all.
166 */
167 if (!*p) {
168 char *ret, *text;
169 /* Restore the request to the way we received it. */
170 *z2 = c2;
171 *z1 = c1;
172 text = dupfmt("<code>" PNAME "</code> received the HTTP request"
173 " \"<code>%h</code>\", which contains no URL.",
174 line);
175 ret = http_error("400", "Bad request", NULL, text);
176 sfree(text);
177 return ret;
178 }
179
180 ctx->method = line;
181 ctx->url = p;
182
183 /*
184 * If there was an HTTP version, we might need to see
185 * headers. Otherwise, the request is done.
186 */
187 if (*q) {
188 ctx->state = READING_HEADERS;
189 } else {
190 ctx->state = DONE;
191 }
192 }
193
194 if (ctx->state == READING_HEADERS) {
195 /*
196 * While we're receiving the HTTP request headers, all we
197 * do is to keep scanning to see if we find two newlines
198 * next to each other.
199 */
200 q = ctx->data + ctx->datalen;
201 for (p = ctx->headers; p < q; p++) {
202 if (*p == '\n' &&
203 ((p+1 < q && p[1] == '\n') ||
204 (p+2 < q && p[1] == '\r' && p[2] == '\n'))) {
205 p[1] = '\0';
206 ctx->state = DONE;
207 break;
208 }
209 }
210 }
211
212 if (ctx->state == DONE) {
213 /*
214 * Now we have the entire HTTP request. Decide what to do
215 * with it.
216 */
217 if (auth_string) {
218 /*
219 * Search the request headers for Authorization.
220 */
221 q = ctx->data + ctx->datalen;
222 for (p = ctx->headers; p < q; p++) {
223 const char *hdr = "Authorization:";
224 int i;
225 for (i = 0; hdr[i]; i++) {
226 if (p >= q || tolower((unsigned char)*p) !=
227 tolower((unsigned char)hdr[i]))
228 break;
229 p++;
230 }
231 if (!hdr[i])
232 break; /* found our header */
233 p = memchr(p, '\n', q - p);
234 if (!p)
235 p = q;
236 }
237 if (p < q) {
238 while (p < q && isspace((unsigned char)*p))
239 p++;
240 r = p;
241 while (p < q && !isspace((unsigned char)*p))
242 p++;
243 if (p < q) {
244 *p++ = '\0';
245 if (!strcasecmp(r, "Basic")) {
246 while (p < q && isspace((unsigned char)*p))
247 p++;
248 r = p;
249 while (p < q && !isspace((unsigned char)*p))
250 p++;
251 if (p < q) {
252 *p++ = '\0';
253 if (!strcmp(r, auth_string))
254 auth_correct = 1;
255 }
256 }
257 }
258 }
259 }
260
261 if (!magic_access && !auth_correct) {
262 if (auth_string) {
263 ret = http_error("401", "Unauthorized",
264 "WWW-Authenticate: Basic realm=\""PNAME"\"\r\n",
265 "\nYou must authenticate to view these pages.");
266 } else {
267 ret = http_error("403", "Forbidden", NULL,
268 "This is a restricted-access set of pages.");
269 }
270 } else {
271 char *q;
272 p = ctx->url;
273 p += strspn(p, "/?");
274 index = strtoul(p, &q, 10);
275 if (*q) {
276 ret = http_error("404", "Not Found", NULL,
277 "This is not a valid pathname index.");
278 } else {
279 document = html_query(ctx->t, index, cfg, 1);
280 if (document) {
281 ret = http_success("text/html", 1, document);
282 sfree(document);
283 } else {
284 ret = http_error("404", "Not Found", NULL,
285 "Pathname index out of range.");
286 }
287 }
288 }
289 return ret;
290 } else
291 return NULL;
292 }
293
294 /* --- Platform support for running a web server. --- */
295
296 enum { FD_CLIENT, FD_LISTENER, FD_CONNECTION };
297
298 struct fd {
299 int fd;
300 int type;
301 int deleted;
302 char *wdata;
303 int wdatalen, wdatapos;
304 int magic_access;
305 struct connctx *cctx;
306 };
307
308 struct fd *fds = NULL;
309 int nfds = 0, fdsize = 0;
310
311 struct fd *new_fdstruct(int fd, int type)
312 {
313 struct fd *ret;
314
315 if (nfds >= fdsize) {
316 fdsize = nfds * 3 / 2 + 32;
317 fds = sresize(fds, fdsize, struct fd);
318 }
319
320 ret = &fds[nfds++];
321
322 ret->fd = fd;
323 ret->type = type;
324 ret->wdata = NULL;
325 ret->wdatalen = ret->wdatapos = 0;
326 ret->cctx = NULL;
327 ret->deleted = 0;
328 ret->magic_access = 0;
329
330 return ret;
331 }
332
333 int check_owning_uid(int fd, int flip)
334 {
335 struct sockaddr_in sock, peer;
336 socklen_t addrlen;
337 char linebuf[4096], matchbuf[80];
338 FILE *fp;
339
340 addrlen = sizeof(sock);
341 if (getsockname(fd, (struct sockaddr *)&sock, &addrlen)) {
342 fprintf(stderr, "getsockname: %s\n", strerror(errno));
343 exit(1);
344 }
345 addrlen = sizeof(peer);
346 if (getpeername(fd, (struct sockaddr *)&peer, &addrlen)) {
347 if (errno == ENOTCONN) {
348 peer.sin_addr.s_addr = htonl(0);
349 peer.sin_port = htons(0);
350 } else {
351 fprintf(stderr, "getpeername: %s\n", strerror(errno));
352 exit(1);
353 }
354 }
355
356 if (flip) {
357 struct sockaddr_in tmp = sock;
358 sock = peer;
359 peer = tmp;
360 }
361
362 sprintf(matchbuf, "%08X:%04X %08X:%04X",
363 peer.sin_addr.s_addr, ntohs(peer.sin_port),
364 sock.sin_addr.s_addr, ntohs(sock.sin_port));
365 fp = fopen("/proc/net/tcp", "r");
366 if (fp) {
367 while (fgets(linebuf, sizeof(linebuf), fp)) {
368 if (strlen(linebuf) >= 75 &&
369 !strncmp(linebuf+6, matchbuf, strlen(matchbuf))) {
370 fclose(fp);
371 return atoi(linebuf + 75);
372 }
373 }
374 fclose(fp);
375 }
376
377 return -1;
378 }
379
380 void check_magic_access(struct fd *fd)
381 {
382 if (check_owning_uid(fd->fd, 0) == getuid())
383 fd->magic_access = 1;
384 }
385
386 static void base64_encode_atom(unsigned char *data, int n, char *out)
387 {
388 static const char base64_chars[] =
389 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
390
391 unsigned word;
392
393 word = data[0] << 16;
394 if (n > 1)
395 word |= data[1] << 8;
396 if (n > 2)
397 word |= data[2];
398 out[0] = base64_chars[(word >> 18) & 0x3F];
399 out[1] = base64_chars[(word >> 12) & 0x3F];
400 if (n > 1)
401 out[2] = base64_chars[(word >> 6) & 0x3F];
402 else
403 out[2] = '=';
404 if (n > 2)
405 out[3] = base64_chars[word & 0x3F];
406 else
407 out[3] = '=';
408 }
409
410 void run_httpd(const void *t, int authmask, const struct httpd_config *dcfg,
411 const struct html_config *incfg)
412 {
413 int fd, ret;
414 int authtype;
415 char *authstring = NULL;
416 struct sockaddr_in addr;
417 socklen_t addrlen;
418 struct html_config cfg = *incfg;
419
420 cfg.format = "%.0lu";
421
422 /*
423 * Establish the listening socket and retrieve its port
424 * number.
425 */
426 fd = socket(PF_INET, SOCK_STREAM, 0);
427 if (fd < 0) {
428 fprintf(stderr, "socket(PF_INET): %s\n", strerror(errno));
429 exit(1);
430 }
431 memset(&addr, 0, sizeof(addr));
432 addr.sin_family = AF_INET;
433 if (!dcfg->address) {
434 #ifdef RANDOM_LOCALHOST
435 unsigned long ipaddr;
436 srand(0L);
437 ipaddr = 0x7f000000;
438 ipaddr += (1 + rand() % 255) << 16;
439 ipaddr += (1 + rand() % 255) << 8;
440 ipaddr += (1 + rand() % 255);
441 addr.sin_addr.s_addr = htonl(ipaddr);
442 #else
443 addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
444 #endif
445 addr.sin_port = htons(0);
446 } else {
447 addr.sin_addr.s_addr = inet_addr(dcfg->address);
448 addr.sin_port = dcfg->port ? htons(dcfg->port) : 0;
449 }
450 addrlen = sizeof(addr);
451 ret = bind(fd, (const struct sockaddr *)&addr, addrlen);
452 #ifdef RANDOM_LOCALHOST
453 if (ret < 0 && errno == EADDRNOTAVAIL && !dcfg->address) {
454 /*
455 * Some systems don't like us binding to random weird
456 * localhost-space addresses. Try again with the official
457 * INADDR_LOOPBACK.
458 */
459 addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
460 addr.sin_port = htons(0);
461 ret = bind(fd, (const struct sockaddr *)&addr, addrlen);
462 }
463 #endif
464 if (ret < 0) {
465 fprintf(stderr, "bind: %s\n", strerror(errno));
466 exit(1);
467 }
468 if (listen(fd, 5) < 0) {
469 fprintf(stderr, "listen: %s\n", strerror(errno));
470 exit(1);
471 }
472 addrlen = sizeof(addr);
473 if (getsockname(fd, (struct sockaddr *)&addr, &addrlen)) {
474 fprintf(stderr, "getsockname: %s\n", strerror(errno));
475 exit(1);
476 }
477 if ((authmask & HTTPD_AUTH_MAGIC) &&
478 (check_owning_uid(fd, 1) == getuid())) {
479 authtype = HTTPD_AUTH_MAGIC;
480 if (authmask != HTTPD_AUTH_MAGIC)
481 printf("Using Linux /proc/net magic authentication\n");
482 } else if ((authmask & HTTPD_AUTH_BASIC)) {
483 char username[128], password[128], userpassbuf[259];
484 const char *userpass;
485 const char *rname;
486 unsigned char passbuf[10];
487 int i, j, k, fd;
488
489 authtype = HTTPD_AUTH_BASIC;
490
491 if (authmask != HTTPD_AUTH_BASIC)
492 printf("Using HTTP Basic authentication\n");
493
494 if (dcfg->basicauthdata) {
495 userpass = dcfg->basicauthdata;
496 } else {
497 strcpy(username, PNAME);
498 rname = "/dev/urandom";
499 fd = open(rname, O_RDONLY);
500 if (fd < 0) {
501 int err = errno;
502 rname = "/dev/random";
503 fd = open(rname, O_RDONLY);
504 if (fd < 0) {
505 int err2 = errno;
506 fprintf(stderr, "/dev/urandom: open: %s\n", strerror(err));
507 fprintf(stderr, "/dev/random: open: %s\n", strerror(err2));
508 exit(1);
509 }
510 }
511 for (i = 0; i < 10 ;) {
512 j = read(fd, passbuf + i, 10 - i);
513 if (j <= 0) {
514 fprintf(stderr, "%s: read: %s\n", rname,
515 j < 0 ? strerror(errno) : "unexpected EOF");
516 exit(1);
517 }
518 i += j;
519 }
520 close(fd);
521 for (i = 0; i < 16; i++) {
522 /*
523 * 32 characters out of the 36 alphanumerics gives
524 * me the latitude to discard i,l,o for being too
525 * numeric-looking, and w because it has two too
526 * many syllables and one too many presidential
527 * associations.
528 */
529 static const char chars[32] =
530 "0123456789abcdefghjkmnpqrstuvxyz";
531 int v = 0;
532
533 k = i / 8 * 5;
534 for (j = 0; j < 5; j++)
535 v |= ((passbuf[k+j] >> (i%8)) & 1) << j;
536
537 password[i] = chars[v];
538 }
539 password[i] = '\0';
540
541 sprintf(userpassbuf, "%s:%s", username, password);
542 userpass = userpassbuf;
543
544 printf("Username: %s\nPassword: %s\n", username, password);
545 }
546
547 k = strlen(userpass);
548 authstring = snewn(k * 4 / 3 + 16, char);
549 for (i = j = 0; i < k ;) {
550 int s = k-i < 3 ? k-i : 3;
551 base64_encode_atom((unsigned char *)(userpass+i), s, authstring+j);
552 i += s;
553 j += 4;
554 }
555 authstring[j] = '\0';
556 } else if ((authmask & HTTPD_AUTH_NONE)) {
557 authtype = HTTPD_AUTH_NONE;
558 if (authmask != HTTPD_AUTH_NONE)
559 printf("Web server is unauthenticated\n");
560 } else {
561 fprintf(stderr, PNAME ": authentication method not supported\n");
562 exit(1);
563 }
564 if (ntohs(addr.sin_addr.s_addr) == INADDR_ANY) {
565 printf("Server port: %d\n", ntohs(addr.sin_port));
566 } else if (ntohs(addr.sin_port) == 80) {
567 printf("URL: http://%s/\n", inet_ntoa(addr.sin_addr));
568 } else {
569 printf("URL: http://%s:%d/\n",
570 inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
571 }
572
573 /*
574 * Now construct an fd structure to hold it.
575 */
576 new_fdstruct(fd, FD_LISTENER);
577
578 /*
579 * Read from standard input, and treat EOF as a notification
580 * to exit.
581 */
582 new_fdstruct(0, FD_CLIENT);
583
584 /*
585 * Now we're ready to run our main loop. Keep looping round on
586 * select.
587 */
588 while (1) {
589 fd_set rfds, wfds;
590 int i, j;
591 SELECT_TYPE_ARG1 maxfd;
592 int ret;
593
594 #define FD_SET_MAX(fd, set, max) \
595 do { FD_SET((fd),(set)); (max) = ((max)<=(fd)?(fd)+1:(max)); } while(0)
596
597 /*
598 * Loop round the fd list putting fds into our select
599 * sets. Also in this loop we remove any that were marked
600 * as deleted in the previous loop.
601 */
602 FD_ZERO(&rfds);
603 FD_ZERO(&wfds);
604 maxfd = 0;
605 for (i = j = 0; j < nfds; j++) {
606
607 if (fds[j].deleted) {
608 sfree(fds[j].wdata);
609 free_connection(fds[j].cctx);
610 continue;
611 }
612 fds[i] = fds[j];
613
614 switch (fds[i].type) {
615 case FD_CLIENT:
616 FD_SET_MAX(fds[i].fd, &rfds, maxfd);
617 break;
618 case FD_LISTENER:
619 FD_SET_MAX(fds[i].fd, &rfds, maxfd);
620 break;
621 case FD_CONNECTION:
622 /*
623 * Always read from a connection socket. Even
624 * after we've started writing, the peer might
625 * still be sending (e.g. because we shamefully
626 * jumped the gun before waiting for the end of
627 * the HTTP request) and so we should be prepared
628 * to read data and throw it away.
629 */
630 FD_SET_MAX(fds[i].fd, &rfds, maxfd);
631 /*
632 * Also attempt to write, if we have data to write.
633 */
634 if (fds[i].wdatapos < fds[i].wdatalen)
635 FD_SET_MAX(fds[i].fd, &wfds, maxfd);
636 break;
637 }
638
639 i++;
640 }
641 nfds = i;
642
643 ret = select(maxfd, SELECT_TYPE_ARG234 &rfds,
644 SELECT_TYPE_ARG234 &wfds, SELECT_TYPE_ARG234 NULL,
645 SELECT_TYPE_ARG5 NULL);
646 if (ret <= 0) {
647 if (ret < 0 && (errno != EINTR)) {
648 fprintf(stderr, "select: %s", strerror(errno));
649 exit(1);
650 }
651 continue;
652 }
653
654 for (i = 0; i < nfds; i++) {
655 switch (fds[i].type) {
656 case FD_CLIENT:
657 if (FD_ISSET(fds[i].fd, &rfds)) {
658 char buf[4096];
659 int ret = read(fds[i].fd, buf, sizeof(buf));
660 if (ret <= 0) {
661 if (ret < 0) {
662 fprintf(stderr, "standard input: read: %s\n",
663 strerror(errno));
664 exit(1);
665 }
666 return;
667 }
668 }
669 break;
670 case FD_LISTENER:
671 if (FD_ISSET(fds[i].fd, &rfds)) {
672 /*
673 * New connection has come in. Accept it.
674 */
675 struct fd *f;
676 struct sockaddr_in addr;
677 socklen_t addrlen = sizeof(addr);
678 int newfd = accept(fds[i].fd, (struct sockaddr *)&addr,
679 &addrlen);
680 if (newfd < 0)
681 break; /* not sure what happened there */
682
683 f = new_fdstruct(newfd, FD_CONNECTION);
684 f->cctx = new_connection(t);
685 if (authtype == HTTPD_AUTH_MAGIC)
686 check_magic_access(f);
687 }
688 break;
689 case FD_CONNECTION:
690 if (FD_ISSET(fds[i].fd, &rfds)) {
691 /*
692 * There's data to be read.
693 */
694 char readbuf[4096];
695 int ret;
696
697 ret = read(fds[i].fd, readbuf, sizeof(readbuf));
698 if (ret <= 0) {
699 /*
700 * This shouldn't happen in a sensible
701 * HTTP connection, so we abandon the
702 * connection if it does.
703 */
704 close(fds[i].fd);
705 fds[i].deleted = 1;
706 break;
707 } else {
708 if (!fds[i].wdata) {
709 /*
710 * If we haven't got an HTTP response
711 * yet, keep processing data in the
712 * hope of acquiring one.
713 */
714 fds[i].wdata = got_data
715 (fds[i].cctx, readbuf, ret,
716 (authtype == HTTPD_AUTH_NONE ||
717 fds[i].magic_access), authstring, &cfg);
718 if (fds[i].wdata) {
719 fds[i].wdatalen = strlen(fds[i].wdata);
720 fds[i].wdatapos = 0;
721 }
722 } else {
723 /*
724 * Otherwise, just drop our read data
725 * on the floor.
726 */
727 }
728 }
729 }
730 if (FD_ISSET(fds[i].fd, &wfds) &&
731 fds[i].wdatapos < fds[i].wdatalen) {
732 /*
733 * The socket is writable, and we have data to
734 * write. Write it.
735 */
736 int ret = write(fds[i].fd, fds[i].wdata + fds[i].wdatapos,
737 fds[i].wdatalen - fds[i].wdatapos);
738 if (ret <= 0) {
739 /*
740 * Shouldn't happen; abandon the connection.
741 */
742 close(fds[i].fd);
743 fds[i].deleted = 1;
744 break;
745 } else {
746 fds[i].wdatapos += ret;
747 if (fds[i].wdatapos == fds[i].wdatalen) {
748 shutdown(fds[i].fd, SHUT_WR);
749 }
750 }
751 }
752 break;
753 }
754 }
755
756 }
757 }
Simon Tatham's `agedu' utility; import of svn://svn.tartarus.org/sgt/agedu