Contents of /trunk/mkinitrd-magellan/busybox/networking/httpd.c
Parent Directory | Revision Log
Revision 1123 -
(show annotations)
(download)
Wed Aug 18 21:56:57 2010 UTC (14 years, 1 month ago) by niro
File MIME type: text/plain
File size: 67984 byte(s)
Wed Aug 18 21:56:57 2010 UTC (14 years, 1 month ago) by niro
File MIME type: text/plain
File size: 67984 byte(s)
-updated to busybox-1.17.1
1 | /* vi: set sw=4 ts=4: */ |
2 | /* |
3 | * httpd implementation for busybox |
4 | * |
5 | * Copyright (C) 2002,2003 Glenn Engel <glenne@engel.org> |
6 | * Copyright (C) 2003-2006 Vladimir Oleynik <dzo@simtreas.ru> |
7 | * |
8 | * simplify patch stolen from libbb without using strdup |
9 | * |
10 | * Licensed under GPLv2 or later, see file LICENSE in this tarball for details. |
11 | * |
12 | ***************************************************************************** |
13 | * |
14 | * Typical usage: |
15 | * for non root user |
16 | * httpd -p 8080 -h $HOME/public_html |
17 | * or for daemon start from rc script with uid=0: |
18 | * httpd -u www |
19 | * This is equivalent if www user have uid=80 to |
20 | * httpd -p 80 -u 80 -h /www -c /etc/httpd.conf -r "Web Server Authentication" |
21 | * |
22 | * |
23 | * When an url starts by "/cgi-bin/" it is assumed to be a cgi script. The |
24 | * server changes directory to the location of the script and executes it |
25 | * after setting QUERY_STRING and other environment variables. |
26 | * |
27 | * Doc: |
28 | * "CGI Environment Variables": http://hoohoo.ncsa.uiuc.edu/cgi/env.html |
29 | * |
30 | * The applet can also be invoked as an url arg decoder and html text encoder |
31 | * as follows: |
32 | * foo=`httpd -d $foo` # decode "Hello%20World" as "Hello World" |
33 | * bar=`httpd -e "<Hello World>"` # encode as "<Hello World>" |
34 | * Note that url encoding for arguments is not the same as html encoding for |
35 | * presentation. -d decodes an url-encoded argument while -e encodes in html |
36 | * for page display. |
37 | * |
38 | * httpd.conf has the following format: |
39 | * |
40 | * H:/serverroot # define the server root. It will override -h |
41 | * A:172.20. # Allow address from 172.20.0.0/16 |
42 | * A:10.0.0.0/25 # Allow any address from 10.0.0.0-10.0.0.127 |
43 | * A:10.0.0.0/255.255.255.128 # Allow any address that previous set |
44 | * A:127.0.0.1 # Allow local loopback connections |
45 | * D:* # Deny from other IP connections |
46 | * E404:/path/e404.html # /path/e404.html is the 404 (not found) error page |
47 | * I:index.html # Show index.html when a directory is requested |
48 | * |
49 | * P:/url:[http://]hostname[:port]/new/path |
50 | * # When /urlXXXXXX is requested, reverse proxy |
51 | * # it to http://hostname[:port]/new/pathXXXXXX |
52 | * |
53 | * /cgi-bin:foo:bar # Require user foo, pwd bar on urls starting with /cgi-bin/ |
54 | * /adm:admin:setup # Require user admin, pwd setup on urls starting with /adm/ |
55 | * /adm:toor:PaSsWd # or user toor, pwd PaSsWd on urls starting with /adm/ |
56 | * .au:audio/basic # additional mime type for audio.au files |
57 | * *.php:/path/php # run xxx.php through an interpreter |
58 | * |
59 | * A/D may be as a/d or allow/deny - only first char matters. |
60 | * Deny/Allow IP logic: |
61 | * - Default is to allow all (Allow all (A:*) is a no-op). |
62 | * - Deny rules take precedence over allow rules. |
63 | * - "Deny all" rule (D:*) is applied last. |
64 | * |
65 | * Example: |
66 | * 1. Allow only specified addresses |
67 | * A:172.20 # Allow any address that begins with 172.20. |
68 | * A:10.10. # Allow any address that begins with 10.10. |
69 | * A:127.0.0.1 # Allow local loopback connections |
70 | * D:* # Deny from other IP connections |
71 | * |
72 | * 2. Only deny specified addresses |
73 | * D:1.2.3. # deny from 1.2.3.0 - 1.2.3.255 |
74 | * D:2.3.4. # deny from 2.3.4.0 - 2.3.4.255 |
75 | * A:* # (optional line added for clarity) |
76 | * |
77 | * If a sub directory contains a config file it is parsed and merged with |
78 | * any existing settings as if it was appended to the original configuration. |
79 | * |
80 | * subdir paths are relative to the containing subdir and thus cannot |
81 | * affect the parent rules. |
82 | * |
83 | * Note that since the sub dir is parsed in the forked thread servicing the |
84 | * subdir http request, any merge is discarded when the process exits. As a |
85 | * result, the subdir settings only have a lifetime of a single request. |
86 | * |
87 | * Custom error pages can contain an absolute path or be relative to |
88 | * 'home_httpd'. Error pages are to be static files (no CGI or script). Error |
89 | * page can only be defined in the root configuration file and are not taken |
90 | * into account in local (directories) config files. |
91 | * |
92 | * If -c is not set, an attempt will be made to open the default |
93 | * root configuration file. If -c is set and the file is not found, the |
94 | * server exits with an error. |
95 | * |
96 | */ |
97 | /* TODO: use TCP_CORK, parse_config() */ |
98 | |
99 | #include "libbb.h" |
100 | #if ENABLE_FEATURE_HTTPD_USE_SENDFILE |
101 | # include <sys/sendfile.h> |
102 | #endif |
103 | |
104 | #define DEBUG 0 |
105 | |
106 | #define IOBUF_SIZE 8192 /* IO buffer */ |
107 | |
108 | /* amount of buffering in a pipe */ |
109 | #ifndef PIPE_BUF |
110 | # define PIPE_BUF 4096 |
111 | #endif |
112 | #if PIPE_BUF >= IOBUF_SIZE |
113 | # error "PIPE_BUF >= IOBUF_SIZE" |
114 | #endif |
115 | |
116 | #define HEADER_READ_TIMEOUT 60 |
117 | |
118 | static const char DEFAULT_PATH_HTTPD_CONF[] ALIGN1 = "/etc"; |
119 | static const char HTTPD_CONF[] ALIGN1 = "httpd.conf"; |
120 | static const char HTTP_200[] ALIGN1 = "HTTP/1.0 200 OK\r\n"; |
121 | |
122 | typedef struct has_next_ptr { |
123 | struct has_next_ptr *next; |
124 | } has_next_ptr; |
125 | |
126 | /* Must have "next" as a first member */ |
127 | typedef struct Htaccess { |
128 | struct Htaccess *next; |
129 | char *after_colon; |
130 | char before_colon[1]; /* really bigger, must be last */ |
131 | } Htaccess; |
132 | |
133 | /* Must have "next" as a first member */ |
134 | typedef struct Htaccess_IP { |
135 | struct Htaccess_IP *next; |
136 | unsigned ip; |
137 | unsigned mask; |
138 | int allow_deny; |
139 | } Htaccess_IP; |
140 | |
141 | /* Must have "next" as a first member */ |
142 | typedef struct Htaccess_Proxy { |
143 | struct Htaccess_Proxy *next; |
144 | char *url_from; |
145 | char *host_port; |
146 | char *url_to; |
147 | } Htaccess_Proxy; |
148 | |
149 | enum { |
150 | HTTP_OK = 200, |
151 | HTTP_PARTIAL_CONTENT = 206, |
152 | HTTP_MOVED_TEMPORARILY = 302, |
153 | HTTP_BAD_REQUEST = 400, /* malformed syntax */ |
154 | HTTP_UNAUTHORIZED = 401, /* authentication needed, respond with auth hdr */ |
155 | HTTP_NOT_FOUND = 404, |
156 | HTTP_FORBIDDEN = 403, |
157 | HTTP_REQUEST_TIMEOUT = 408, |
158 | HTTP_NOT_IMPLEMENTED = 501, /* used for unrecognized requests */ |
159 | HTTP_INTERNAL_SERVER_ERROR = 500, |
160 | HTTP_CONTINUE = 100, |
161 | #if 0 /* future use */ |
162 | HTTP_SWITCHING_PROTOCOLS = 101, |
163 | HTTP_CREATED = 201, |
164 | HTTP_ACCEPTED = 202, |
165 | HTTP_NON_AUTHORITATIVE_INFO = 203, |
166 | HTTP_NO_CONTENT = 204, |
167 | HTTP_MULTIPLE_CHOICES = 300, |
168 | HTTP_MOVED_PERMANENTLY = 301, |
169 | HTTP_NOT_MODIFIED = 304, |
170 | HTTP_PAYMENT_REQUIRED = 402, |
171 | HTTP_BAD_GATEWAY = 502, |
172 | HTTP_SERVICE_UNAVAILABLE = 503, /* overload, maintenance */ |
173 | HTTP_RESPONSE_SETSIZE = 0xffffffff |
174 | #endif |
175 | }; |
176 | |
177 | static const uint16_t http_response_type[] ALIGN2 = { |
178 | HTTP_OK, |
179 | #if ENABLE_FEATURE_HTTPD_RANGES |
180 | HTTP_PARTIAL_CONTENT, |
181 | #endif |
182 | HTTP_MOVED_TEMPORARILY, |
183 | HTTP_REQUEST_TIMEOUT, |
184 | HTTP_NOT_IMPLEMENTED, |
185 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
186 | HTTP_UNAUTHORIZED, |
187 | #endif |
188 | HTTP_NOT_FOUND, |
189 | HTTP_BAD_REQUEST, |
190 | HTTP_FORBIDDEN, |
191 | HTTP_INTERNAL_SERVER_ERROR, |
192 | #if 0 /* not implemented */ |
193 | HTTP_CREATED, |
194 | HTTP_ACCEPTED, |
195 | HTTP_NO_CONTENT, |
196 | HTTP_MULTIPLE_CHOICES, |
197 | HTTP_MOVED_PERMANENTLY, |
198 | HTTP_NOT_MODIFIED, |
199 | HTTP_BAD_GATEWAY, |
200 | HTTP_SERVICE_UNAVAILABLE, |
201 | #endif |
202 | }; |
203 | |
204 | static const struct { |
205 | const char *name; |
206 | const char *info; |
207 | } http_response[ARRAY_SIZE(http_response_type)] = { |
208 | { "OK", NULL }, |
209 | #if ENABLE_FEATURE_HTTPD_RANGES |
210 | { "Partial Content", NULL }, |
211 | #endif |
212 | { "Found", NULL }, |
213 | { "Request Timeout", "No request appeared within 60 seconds" }, |
214 | { "Not Implemented", "The requested method is not recognized" }, |
215 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
216 | { "Unauthorized", "" }, |
217 | #endif |
218 | { "Not Found", "The requested URL was not found" }, |
219 | { "Bad Request", "Unsupported method" }, |
220 | { "Forbidden", "" }, |
221 | { "Internal Server Error", "Internal Server Error" }, |
222 | #if 0 /* not implemented */ |
223 | { "Created" }, |
224 | { "Accepted" }, |
225 | { "No Content" }, |
226 | { "Multiple Choices" }, |
227 | { "Moved Permanently" }, |
228 | { "Not Modified" }, |
229 | { "Bad Gateway", "" }, |
230 | { "Service Unavailable", "" }, |
231 | #endif |
232 | }; |
233 | |
234 | static const char index_html[] ALIGN1 = "index.html"; |
235 | |
236 | |
237 | struct globals { |
238 | int verbose; /* must be int (used by getopt32) */ |
239 | smallint flg_deny_all; |
240 | |
241 | unsigned rmt_ip; /* used for IP-based allow/deny rules */ |
242 | time_t last_mod; |
243 | char *rmt_ip_str; /* for $REMOTE_ADDR and $REMOTE_PORT */ |
244 | const char *bind_addr_or_port; |
245 | |
246 | const char *g_query; |
247 | const char *opt_c_configFile; |
248 | const char *home_httpd; |
249 | const char *index_page; |
250 | |
251 | const char *found_mime_type; |
252 | const char *found_moved_temporarily; |
253 | Htaccess_IP *ip_a_d; /* config allow/deny lines */ |
254 | |
255 | IF_FEATURE_HTTPD_BASIC_AUTH(const char *g_realm;) |
256 | IF_FEATURE_HTTPD_BASIC_AUTH(char *remoteuser;) |
257 | IF_FEATURE_HTTPD_CGI(char *referer;) |
258 | IF_FEATURE_HTTPD_CGI(char *user_agent;) |
259 | IF_FEATURE_HTTPD_CGI(char *host;) |
260 | IF_FEATURE_HTTPD_CGI(char *http_accept;) |
261 | IF_FEATURE_HTTPD_CGI(char *http_accept_language;) |
262 | |
263 | off_t file_size; /* -1 - unknown */ |
264 | #if ENABLE_FEATURE_HTTPD_RANGES |
265 | off_t range_start; |
266 | off_t range_end; |
267 | off_t range_len; |
268 | #endif |
269 | |
270 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
271 | Htaccess *g_auth; /* config user:password lines */ |
272 | #endif |
273 | Htaccess *mime_a; /* config mime types */ |
274 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
275 | Htaccess *script_i; /* config script interpreters */ |
276 | #endif |
277 | char *iobuf; /* [IOBUF_SIZE] */ |
278 | #define hdr_buf bb_common_bufsiz1 |
279 | char *hdr_ptr; |
280 | int hdr_cnt; |
281 | #if ENABLE_FEATURE_HTTPD_ERROR_PAGES |
282 | const char *http_error_page[ARRAY_SIZE(http_response_type)]; |
283 | #endif |
284 | #if ENABLE_FEATURE_HTTPD_PROXY |
285 | Htaccess_Proxy *proxy; |
286 | #endif |
287 | }; |
288 | #define G (*ptr_to_globals) |
289 | #define verbose (G.verbose ) |
290 | #define flg_deny_all (G.flg_deny_all ) |
291 | #define rmt_ip (G.rmt_ip ) |
292 | #define bind_addr_or_port (G.bind_addr_or_port) |
293 | #define g_query (G.g_query ) |
294 | #define opt_c_configFile (G.opt_c_configFile ) |
295 | #define home_httpd (G.home_httpd ) |
296 | #define index_page (G.index_page ) |
297 | #define found_mime_type (G.found_mime_type ) |
298 | #define found_moved_temporarily (G.found_moved_temporarily) |
299 | #define last_mod (G.last_mod ) |
300 | #define ip_a_d (G.ip_a_d ) |
301 | #define g_realm (G.g_realm ) |
302 | #define remoteuser (G.remoteuser ) |
303 | #define referer (G.referer ) |
304 | #define user_agent (G.user_agent ) |
305 | #define host (G.host ) |
306 | #define http_accept (G.http_accept ) |
307 | #define http_accept_language (G.http_accept_language) |
308 | #define file_size (G.file_size ) |
309 | #if ENABLE_FEATURE_HTTPD_RANGES |
310 | #define range_start (G.range_start ) |
311 | #define range_end (G.range_end ) |
312 | #define range_len (G.range_len ) |
313 | #else |
314 | enum { |
315 | range_start = 0, |
316 | range_end = MAXINT(off_t) - 1, |
317 | range_len = MAXINT(off_t), |
318 | }; |
319 | #endif |
320 | #define rmt_ip_str (G.rmt_ip_str ) |
321 | #define g_auth (G.g_auth ) |
322 | #define mime_a (G.mime_a ) |
323 | #define script_i (G.script_i ) |
324 | #define iobuf (G.iobuf ) |
325 | #define hdr_ptr (G.hdr_ptr ) |
326 | #define hdr_cnt (G.hdr_cnt ) |
327 | #define http_error_page (G.http_error_page ) |
328 | #define proxy (G.proxy ) |
329 | #define INIT_G() do { \ |
330 | SET_PTR_TO_GLOBALS(xzalloc(sizeof(G))); \ |
331 | IF_FEATURE_HTTPD_BASIC_AUTH(g_realm = "Web Server Authentication";) \ |
332 | bind_addr_or_port = "80"; \ |
333 | index_page = index_html; \ |
334 | file_size = -1; \ |
335 | } while (0) |
336 | |
337 | |
338 | #define STRNCASECMP(a, str) strncasecmp((a), (str), sizeof(str)-1) |
339 | |
340 | /* Prototypes */ |
341 | enum { |
342 | SEND_HEADERS = (1 << 0), |
343 | SEND_BODY = (1 << 1), |
344 | SEND_HEADERS_AND_BODY = SEND_HEADERS + SEND_BODY, |
345 | }; |
346 | static void send_file_and_exit(const char *url, int what) NORETURN; |
347 | |
348 | static void free_llist(has_next_ptr **pptr) |
349 | { |
350 | has_next_ptr *cur = *pptr; |
351 | while (cur) { |
352 | has_next_ptr *t = cur; |
353 | cur = cur->next; |
354 | free(t); |
355 | } |
356 | *pptr = NULL; |
357 | } |
358 | |
359 | static ALWAYS_INLINE void free_Htaccess_list(Htaccess **pptr) |
360 | { |
361 | free_llist((has_next_ptr**)pptr); |
362 | } |
363 | |
364 | static ALWAYS_INLINE void free_Htaccess_IP_list(Htaccess_IP **pptr) |
365 | { |
366 | free_llist((has_next_ptr**)pptr); |
367 | } |
368 | |
369 | /* Returns presumed mask width in bits or < 0 on error. |
370 | * Updates strp, stores IP at provided pointer */ |
371 | static int scan_ip(const char **strp, unsigned *ipp, unsigned char endc) |
372 | { |
373 | const char *p = *strp; |
374 | int auto_mask = 8; |
375 | unsigned ip = 0; |
376 | int j; |
377 | |
378 | if (*p == '/') |
379 | return -auto_mask; |
380 | |
381 | for (j = 0; j < 4; j++) { |
382 | unsigned octet; |
383 | |
384 | if ((*p < '0' || *p > '9') && *p != '/' && *p) |
385 | return -auto_mask; |
386 | octet = 0; |
387 | while (*p >= '0' && *p <= '9') { |
388 | octet *= 10; |
389 | octet += *p - '0'; |
390 | if (octet > 255) |
391 | return -auto_mask; |
392 | p++; |
393 | } |
394 | if (*p == '.') |
395 | p++; |
396 | if (*p != '/' && *p) |
397 | auto_mask += 8; |
398 | ip = (ip << 8) | octet; |
399 | } |
400 | if (*p) { |
401 | if (*p != endc) |
402 | return -auto_mask; |
403 | p++; |
404 | if (*p == '\0') |
405 | return -auto_mask; |
406 | } |
407 | *ipp = ip; |
408 | *strp = p; |
409 | return auto_mask; |
410 | } |
411 | |
412 | /* Returns 0 on success. Stores IP and mask at provided pointers */ |
413 | static int scan_ip_mask(const char *str, unsigned *ipp, unsigned *maskp) |
414 | { |
415 | int i; |
416 | unsigned mask; |
417 | char *p; |
418 | |
419 | i = scan_ip(&str, ipp, '/'); |
420 | if (i < 0) |
421 | return i; |
422 | |
423 | if (*str) { |
424 | /* there is /xxx after dotted-IP address */ |
425 | i = bb_strtou(str, &p, 10); |
426 | if (*p == '.') { |
427 | /* 'xxx' itself is dotted-IP mask, parse it */ |
428 | /* (return 0 (success) only if it has N.N.N.N form) */ |
429 | return scan_ip(&str, maskp, '\0') - 32; |
430 | } |
431 | if (*p) |
432 | return -1; |
433 | } |
434 | |
435 | if (i > 32) |
436 | return -1; |
437 | |
438 | if (sizeof(unsigned) == 4 && i == 32) { |
439 | /* mask >>= 32 below may not work */ |
440 | mask = 0; |
441 | } else { |
442 | mask = 0xffffffff; |
443 | mask >>= i; |
444 | } |
445 | /* i == 0 -> *maskp = 0x00000000 |
446 | * i == 1 -> *maskp = 0x80000000 |
447 | * i == 4 -> *maskp = 0xf0000000 |
448 | * i == 31 -> *maskp = 0xfffffffe |
449 | * i == 32 -> *maskp = 0xffffffff */ |
450 | *maskp = (uint32_t)(~mask); |
451 | return 0; |
452 | } |
453 | |
454 | /* |
455 | * Parse configuration file into in-memory linked list. |
456 | * |
457 | * Any previous IP rules are discarded. |
458 | * If the flag argument is not SUBDIR_PARSE then all /path and mime rules |
459 | * are also discarded. That is, previous settings are retained if flag is |
460 | * SUBDIR_PARSE. |
461 | * Error pages are only parsed on the main config file. |
462 | * |
463 | * path Path where to look for httpd.conf (without filename). |
464 | * flag Type of the parse request. |
465 | */ |
466 | /* flag param: */ |
467 | enum { |
468 | FIRST_PARSE = 0, /* path will be "/etc" */ |
469 | SIGNALED_PARSE = 1, /* path will be "/etc" */ |
470 | SUBDIR_PARSE = 2, /* path will be derived from URL */ |
471 | }; |
472 | static void parse_conf(const char *path, int flag) |
473 | { |
474 | /* internally used extra flag state */ |
475 | enum { TRY_CURDIR_PARSE = 3 }; |
476 | |
477 | FILE *f; |
478 | const char *filename; |
479 | char buf[160]; |
480 | |
481 | /* discard old rules */ |
482 | free_Htaccess_IP_list(&ip_a_d); |
483 | flg_deny_all = 0; |
484 | /* retain previous auth and mime config only for subdir parse */ |
485 | if (flag != SUBDIR_PARSE) { |
486 | free_Htaccess_list(&mime_a); |
487 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
488 | free_Htaccess_list(&g_auth); |
489 | #endif |
490 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
491 | free_Htaccess_list(&script_i); |
492 | #endif |
493 | } |
494 | |
495 | filename = opt_c_configFile; |
496 | if (flag == SUBDIR_PARSE || filename == NULL) { |
497 | filename = alloca(strlen(path) + sizeof(HTTPD_CONF) + 2); |
498 | sprintf((char *)filename, "%s/%s", path, HTTPD_CONF); |
499 | } |
500 | |
501 | while ((f = fopen_for_read(filename)) == NULL) { |
502 | if (flag >= SUBDIR_PARSE) { /* SUBDIR or TRY_CURDIR */ |
503 | /* config file not found, no changes to config */ |
504 | return; |
505 | } |
506 | if (flag == FIRST_PARSE) { |
507 | /* -c CONFFILE given, but CONFFILE doesn't exist? */ |
508 | if (opt_c_configFile) |
509 | bb_simple_perror_msg_and_die(opt_c_configFile); |
510 | /* else: no -c, thus we looked at /etc/httpd.conf, |
511 | * and it's not there. try ./httpd.conf: */ |
512 | } |
513 | flag = TRY_CURDIR_PARSE; |
514 | filename = HTTPD_CONF; |
515 | } |
516 | |
517 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
518 | /* in "/file:user:pass" lines, we prepend path in subdirs */ |
519 | if (flag != SUBDIR_PARSE) |
520 | path = ""; |
521 | #endif |
522 | /* The lines can be: |
523 | * |
524 | * I:default_index_file |
525 | * H:http_home |
526 | * [AD]:IP[/mask] # allow/deny, * for wildcard |
527 | * Ennn:error.html # error page for status nnn |
528 | * P:/url:[http://]hostname[:port]/new/path # reverse proxy |
529 | * .ext:mime/type # mime type |
530 | * *.php:/path/php # run xxx.php through an interpreter |
531 | * /file:user:pass # username and password |
532 | */ |
533 | while (fgets(buf, sizeof(buf), f) != NULL) { |
534 | unsigned strlen_buf; |
535 | unsigned char ch; |
536 | char *after_colon; |
537 | |
538 | { /* remove all whitespace, and # comments */ |
539 | char *p, *p0; |
540 | |
541 | p0 = buf; |
542 | /* skip non-whitespace beginning. Often the whole line |
543 | * is non-whitespace. We want this case to work fast, |
544 | * without needless copying, therefore we don't merge |
545 | * this operation into next while loop. */ |
546 | while ((ch = *p0) != '\0' && ch != '\n' && ch != '#' |
547 | && ch != ' ' && ch != '\t' |
548 | ) { |
549 | p0++; |
550 | } |
551 | p = p0; |
552 | /* if we enter this loop, we have some whitespace. |
553 | * discard it */ |
554 | while (ch != '\0' && ch != '\n' && ch != '#') { |
555 | if (ch != ' ' && ch != '\t') { |
556 | *p++ = ch; |
557 | } |
558 | ch = *++p0; |
559 | } |
560 | *p = '\0'; |
561 | strlen_buf = p - buf; |
562 | if (strlen_buf == 0) |
563 | continue; /* empty line */ |
564 | } |
565 | |
566 | after_colon = strchr(buf, ':'); |
567 | /* strange line? */ |
568 | if (after_colon == NULL || *++after_colon == '\0') |
569 | goto config_error; |
570 | |
571 | ch = (buf[0] & ~0x20); /* toupper if it's a letter */ |
572 | |
573 | if (ch == 'I') { |
574 | if (index_page != index_html) |
575 | free((char*)index_page); |
576 | index_page = xstrdup(after_colon); |
577 | continue; |
578 | } |
579 | |
580 | /* do not allow jumping around using H in subdir's configs */ |
581 | if (flag == FIRST_PARSE && ch == 'H') { |
582 | home_httpd = xstrdup(after_colon); |
583 | xchdir(home_httpd); |
584 | continue; |
585 | } |
586 | |
587 | if (ch == 'A' || ch == 'D') { |
588 | Htaccess_IP *pip; |
589 | |
590 | if (*after_colon == '*') { |
591 | if (ch == 'D') { |
592 | /* memorize "deny all" */ |
593 | flg_deny_all = 1; |
594 | } |
595 | /* skip assumed "A:*", it is a default anyway */ |
596 | continue; |
597 | } |
598 | /* store "allow/deny IP/mask" line */ |
599 | pip = xzalloc(sizeof(*pip)); |
600 | if (scan_ip_mask(after_colon, &pip->ip, &pip->mask)) { |
601 | /* IP{/mask} syntax error detected, protect all */ |
602 | ch = 'D'; |
603 | pip->mask = 0; |
604 | } |
605 | pip->allow_deny = ch; |
606 | if (ch == 'D') { |
607 | /* Deny:from_IP - prepend */ |
608 | pip->next = ip_a_d; |
609 | ip_a_d = pip; |
610 | } else { |
611 | /* A:from_IP - append (thus all D's precedes A's) */ |
612 | Htaccess_IP *prev_IP = ip_a_d; |
613 | if (prev_IP == NULL) { |
614 | ip_a_d = pip; |
615 | } else { |
616 | while (prev_IP->next) |
617 | prev_IP = prev_IP->next; |
618 | prev_IP->next = pip; |
619 | } |
620 | } |
621 | continue; |
622 | } |
623 | |
624 | #if ENABLE_FEATURE_HTTPD_ERROR_PAGES |
625 | if (flag == FIRST_PARSE && ch == 'E') { |
626 | unsigned i; |
627 | int status = atoi(buf + 1); /* error status code */ |
628 | |
629 | if (status < HTTP_CONTINUE) { |
630 | goto config_error; |
631 | } |
632 | /* then error page; find matching status */ |
633 | for (i = 0; i < ARRAY_SIZE(http_response_type); i++) { |
634 | if (http_response_type[i] == status) { |
635 | /* We chdir to home_httpd, thus no need to |
636 | * concat_path_file(home_httpd, after_colon) |
637 | * here */ |
638 | http_error_page[i] = xstrdup(after_colon); |
639 | break; |
640 | } |
641 | } |
642 | continue; |
643 | } |
644 | #endif |
645 | |
646 | #if ENABLE_FEATURE_HTTPD_PROXY |
647 | if (flag == FIRST_PARSE && ch == 'P') { |
648 | /* P:/url:[http://]hostname[:port]/new/path */ |
649 | char *url_from, *host_port, *url_to; |
650 | Htaccess_Proxy *proxy_entry; |
651 | |
652 | url_from = after_colon; |
653 | host_port = strchr(after_colon, ':'); |
654 | if (host_port == NULL) { |
655 | goto config_error; |
656 | } |
657 | *host_port++ = '\0'; |
658 | if (strncmp(host_port, "http://", 7) == 0) |
659 | host_port += 7; |
660 | if (*host_port == '\0') { |
661 | goto config_error; |
662 | } |
663 | url_to = strchr(host_port, '/'); |
664 | if (url_to == NULL) { |
665 | goto config_error; |
666 | } |
667 | *url_to = '\0'; |
668 | proxy_entry = xzalloc(sizeof(*proxy_entry)); |
669 | proxy_entry->url_from = xstrdup(url_from); |
670 | proxy_entry->host_port = xstrdup(host_port); |
671 | *url_to = '/'; |
672 | proxy_entry->url_to = xstrdup(url_to); |
673 | proxy_entry->next = proxy; |
674 | proxy = proxy_entry; |
675 | continue; |
676 | } |
677 | #endif |
678 | /* the rest of directives are non-alphabetic, |
679 | * must avoid using "toupper'ed" ch */ |
680 | ch = buf[0]; |
681 | |
682 | if (ch == '.' /* ".ext:mime/type" */ |
683 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
684 | || (ch == '*' && buf[1] == '.') /* "*.php:/path/php" */ |
685 | #endif |
686 | ) { |
687 | char *p; |
688 | Htaccess *cur; |
689 | |
690 | cur = xzalloc(sizeof(*cur) /* includes space for NUL */ + strlen_buf); |
691 | strcpy(cur->before_colon, buf); |
692 | p = cur->before_colon + (after_colon - buf); |
693 | p[-1] = '\0'; |
694 | cur->after_colon = p; |
695 | if (ch == '.') { |
696 | /* .mime line: prepend to mime_a list */ |
697 | cur->next = mime_a; |
698 | mime_a = cur; |
699 | } |
700 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
701 | else { |
702 | /* script interpreter line: prepend to script_i list */ |
703 | cur->next = script_i; |
704 | script_i = cur; |
705 | } |
706 | #endif |
707 | continue; |
708 | } |
709 | |
710 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
711 | if (ch == '/') { /* "/file:user:pass" */ |
712 | char *p; |
713 | Htaccess *cur; |
714 | unsigned file_len; |
715 | |
716 | /* note: path is "" unless we are in SUBDIR parse, |
717 | * otherwise it does NOT start with "/" */ |
718 | cur = xzalloc(sizeof(*cur) /* includes space for NUL */ |
719 | + 1 + strlen(path) |
720 | + strlen_buf |
721 | ); |
722 | /* form "/path/file" */ |
723 | sprintf(cur->before_colon, "/%s%.*s", |
724 | path, |
725 | (int) (after_colon - buf - 1), /* includes "/", but not ":" */ |
726 | buf); |
727 | /* canonicalize it */ |
728 | p = bb_simplify_abs_path_inplace(cur->before_colon); |
729 | file_len = p - cur->before_colon; |
730 | /* add "user:pass" after NUL */ |
731 | strcpy(++p, after_colon); |
732 | cur->after_colon = p; |
733 | |
734 | /* insert cur into g_auth */ |
735 | /* g_auth is sorted by decreased filename length */ |
736 | { |
737 | Htaccess *auth, **authp; |
738 | |
739 | authp = &g_auth; |
740 | while ((auth = *authp) != NULL) { |
741 | if (file_len >= strlen(auth->before_colon)) { |
742 | /* insert cur before auth */ |
743 | cur->next = auth; |
744 | break; |
745 | } |
746 | authp = &auth->next; |
747 | } |
748 | *authp = cur; |
749 | } |
750 | continue; |
751 | } |
752 | #endif /* BASIC_AUTH */ |
753 | |
754 | /* the line is not recognized */ |
755 | config_error: |
756 | bb_error_msg("config error '%s' in '%s'", buf, filename); |
757 | } /* while (fgets) */ |
758 | |
759 | fclose(f); |
760 | } |
761 | |
762 | #if ENABLE_FEATURE_HTTPD_ENCODE_URL_STR |
763 | /* |
764 | * Given a string, html-encode special characters. |
765 | * This is used for the -e command line option to provide an easy way |
766 | * for scripts to encode result data without confusing browsers. The |
767 | * returned string pointer is memory allocated by malloc(). |
768 | * |
769 | * Returns a pointer to the encoded string (malloced). |
770 | */ |
771 | static char *encodeString(const char *string) |
772 | { |
773 | /* take the simple route and encode everything */ |
774 | /* could possibly scan once to get length. */ |
775 | int len = strlen(string); |
776 | char *out = xmalloc(len * 6 + 1); |
777 | char *p = out; |
778 | char ch; |
779 | |
780 | while ((ch = *string++)) { |
781 | /* very simple check for what to encode */ |
782 | if (isalnum(ch)) |
783 | *p++ = ch; |
784 | else |
785 | p += sprintf(p, "&#%d;", (unsigned char) ch); |
786 | } |
787 | *p = '\0'; |
788 | return out; |
789 | } |
790 | #endif /* FEATURE_HTTPD_ENCODE_URL_STR */ |
791 | |
792 | /* |
793 | * Given a URL encoded string, convert it to plain ascii. |
794 | * Since decoding always makes strings smaller, the decode is done in-place. |
795 | * Thus, callers should xstrdup() the argument if they do not want the |
796 | * argument modified. The return is the original pointer, allowing this |
797 | * function to be easily used as arguments to other functions. |
798 | * |
799 | * string The first string to decode. |
800 | * option_d 1 if called for httpd -d |
801 | * |
802 | * Returns a pointer to the decoded string (same as input). |
803 | */ |
804 | static unsigned hex_to_bin(unsigned char c) |
805 | { |
806 | unsigned v; |
807 | |
808 | v = c - '0'; |
809 | if (v <= 9) |
810 | return v; |
811 | /* c | 0x20: letters to lower case, non-letters |
812 | * to (potentially different) non-letters */ |
813 | v = (unsigned)(c | 0x20) - 'a'; |
814 | if (v <= 5) |
815 | return v + 10; |
816 | return ~0; |
817 | } |
818 | /* For testing: |
819 | void t(char c) { printf("'%c'(%u) %u\n", c, c, hex_to_bin(c)); } |
820 | int main() { t(0x10); t(0x20); t('0'); t('9'); t('A'); t('F'); t('a'); t('f'); |
821 | t('0'-1); t('9'+1); t('A'-1); t('F'+1); t('a'-1); t('f'+1); return 0; } |
822 | */ |
823 | static char *decodeString(char *orig, int option_d) |
824 | { |
825 | /* note that decoded string is always shorter than original */ |
826 | char *string = orig; |
827 | char *ptr = string; |
828 | char c; |
829 | |
830 | while ((c = *ptr++) != '\0') { |
831 | unsigned v; |
832 | |
833 | if (option_d && c == '+') { |
834 | *string++ = ' '; |
835 | continue; |
836 | } |
837 | if (c != '%') { |
838 | *string++ = c; |
839 | continue; |
840 | } |
841 | v = hex_to_bin(ptr[0]); |
842 | if (v > 15) { |
843 | bad_hex: |
844 | if (!option_d) |
845 | return NULL; |
846 | *string++ = '%'; |
847 | continue; |
848 | } |
849 | v = (v * 16) | hex_to_bin(ptr[1]); |
850 | if (v > 255) |
851 | goto bad_hex; |
852 | if (!option_d && (v == '/' || v == '\0')) { |
853 | /* caller takes it as indication of invalid |
854 | * (dangerous wrt exploits) chars */ |
855 | return orig + 1; |
856 | } |
857 | *string++ = v; |
858 | ptr += 2; |
859 | } |
860 | *string = '\0'; |
861 | return orig; |
862 | } |
863 | |
864 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
865 | /* |
866 | * Decode a base64 data stream as per rfc1521. |
867 | * Note that the rfc states that non base64 chars are to be ignored. |
868 | * Since the decode always results in a shorter size than the input, |
869 | * it is OK to pass the input arg as an output arg. |
870 | * Parameter: a pointer to a base64 encoded string. |
871 | * Decoded data is stored in-place. |
872 | */ |
873 | static void decodeBase64(char *Data) |
874 | { |
875 | const unsigned char *in = (const unsigned char *)Data; |
876 | /* The decoded size will be at most 3/4 the size of the encoded */ |
877 | unsigned ch = 0; |
878 | int i = 0; |
879 | |
880 | while (*in) { |
881 | int t = *in++; |
882 | |
883 | if (t >= '0' && t <= '9') |
884 | t = t - '0' + 52; |
885 | else if (t >= 'A' && t <= 'Z') |
886 | t = t - 'A'; |
887 | else if (t >= 'a' && t <= 'z') |
888 | t = t - 'a' + 26; |
889 | else if (t == '+') |
890 | t = 62; |
891 | else if (t == '/') |
892 | t = 63; |
893 | else if (t == '=') |
894 | t = 0; |
895 | else |
896 | continue; |
897 | |
898 | ch = (ch << 6) | t; |
899 | i++; |
900 | if (i == 4) { |
901 | *Data++ = (char) (ch >> 16); |
902 | *Data++ = (char) (ch >> 8); |
903 | *Data++ = (char) ch; |
904 | i = 0; |
905 | } |
906 | } |
907 | *Data = '\0'; |
908 | } |
909 | #endif |
910 | |
911 | /* |
912 | * Create a listen server socket on the designated port. |
913 | */ |
914 | static int openServer(void) |
915 | { |
916 | unsigned n = bb_strtou(bind_addr_or_port, NULL, 10); |
917 | if (!errno && n && n <= 0xffff) |
918 | n = create_and_bind_stream_or_die(NULL, n); |
919 | else |
920 | n = create_and_bind_stream_or_die(bind_addr_or_port, 80); |
921 | xlisten(n, 9); |
922 | return n; |
923 | } |
924 | |
925 | /* |
926 | * Log the connection closure and exit. |
927 | */ |
928 | static void log_and_exit(void) NORETURN; |
929 | static void log_and_exit(void) |
930 | { |
931 | /* Paranoia. IE said to be buggy. It may send some extra data |
932 | * or be confused by us just exiting without SHUT_WR. Oh well. */ |
933 | shutdown(1, SHUT_WR); |
934 | /* Why?? |
935 | (this also messes up stdin when user runs httpd -i from terminal) |
936 | ndelay_on(0); |
937 | while (read(STDIN_FILENO, iobuf, IOBUF_SIZE) > 0) |
938 | continue; |
939 | */ |
940 | |
941 | if (verbose > 2) |
942 | bb_error_msg("closed"); |
943 | _exit(xfunc_error_retval); |
944 | } |
945 | |
946 | /* |
947 | * Create and send HTTP response headers. |
948 | * The arguments are combined and sent as one write operation. Note that |
949 | * IE will puke big-time if the headers are not sent in one packet and the |
950 | * second packet is delayed for any reason. |
951 | * responseNum - the result code to send. |
952 | */ |
953 | static void send_headers(int responseNum) |
954 | { |
955 | static const char RFC1123FMT[] ALIGN1 = "%a, %d %b %Y %H:%M:%S GMT"; |
956 | |
957 | const char *responseString = ""; |
958 | const char *infoString = NULL; |
959 | const char *mime_type; |
960 | #if ENABLE_FEATURE_HTTPD_ERROR_PAGES |
961 | const char *error_page = NULL; |
962 | #endif |
963 | unsigned i; |
964 | time_t timer = time(NULL); |
965 | char tmp_str[80]; |
966 | int len; |
967 | |
968 | for (i = 0; i < ARRAY_SIZE(http_response_type); i++) { |
969 | if (http_response_type[i] == responseNum) { |
970 | responseString = http_response[i].name; |
971 | infoString = http_response[i].info; |
972 | #if ENABLE_FEATURE_HTTPD_ERROR_PAGES |
973 | error_page = http_error_page[i]; |
974 | #endif |
975 | break; |
976 | } |
977 | } |
978 | /* error message is HTML */ |
979 | mime_type = responseNum == HTTP_OK ? |
980 | found_mime_type : "text/html"; |
981 | |
982 | if (verbose) |
983 | bb_error_msg("response:%u", responseNum); |
984 | |
985 | /* emit the current date */ |
986 | strftime(tmp_str, sizeof(tmp_str), RFC1123FMT, gmtime(&timer)); |
987 | len = sprintf(iobuf, |
988 | "HTTP/1.0 %d %s\r\nContent-type: %s\r\n" |
989 | "Date: %s\r\nConnection: close\r\n", |
990 | responseNum, responseString, mime_type, tmp_str); |
991 | |
992 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
993 | if (responseNum == HTTP_UNAUTHORIZED) { |
994 | len += sprintf(iobuf + len, |
995 | "WWW-Authenticate: Basic realm=\"%s\"\r\n", |
996 | g_realm); |
997 | } |
998 | #endif |
999 | if (responseNum == HTTP_MOVED_TEMPORARILY) { |
1000 | len += sprintf(iobuf + len, "Location: %s/%s%s\r\n", |
1001 | found_moved_temporarily, |
1002 | (g_query ? "?" : ""), |
1003 | (g_query ? g_query : "")); |
1004 | } |
1005 | |
1006 | #if ENABLE_FEATURE_HTTPD_ERROR_PAGES |
1007 | if (error_page && access(error_page, R_OK) == 0) { |
1008 | strcat(iobuf, "\r\n"); |
1009 | len += 2; |
1010 | |
1011 | if (DEBUG) |
1012 | fprintf(stderr, "headers: '%s'\n", iobuf); |
1013 | full_write(STDOUT_FILENO, iobuf, len); |
1014 | if (DEBUG) |
1015 | fprintf(stderr, "writing error page: '%s'\n", error_page); |
1016 | return send_file_and_exit(error_page, SEND_BODY); |
1017 | } |
1018 | #endif |
1019 | |
1020 | if (file_size != -1) { /* file */ |
1021 | strftime(tmp_str, sizeof(tmp_str), RFC1123FMT, gmtime(&last_mod)); |
1022 | #if ENABLE_FEATURE_HTTPD_RANGES |
1023 | if (responseNum == HTTP_PARTIAL_CONTENT) { |
1024 | len += sprintf(iobuf + len, "Content-Range: bytes %"OFF_FMT"u-%"OFF_FMT"u/%"OFF_FMT"u\r\n", |
1025 | range_start, |
1026 | range_end, |
1027 | file_size); |
1028 | file_size = range_end - range_start + 1; |
1029 | } |
1030 | #endif |
1031 | len += sprintf(iobuf + len, |
1032 | #if ENABLE_FEATURE_HTTPD_RANGES |
1033 | "Accept-Ranges: bytes\r\n" |
1034 | #endif |
1035 | "Last-Modified: %s\r\n%s %"OFF_FMT"u\r\n", |
1036 | tmp_str, |
1037 | "Content-length:", |
1038 | file_size |
1039 | ); |
1040 | } |
1041 | iobuf[len++] = '\r'; |
1042 | iobuf[len++] = '\n'; |
1043 | if (infoString) { |
1044 | len += sprintf(iobuf + len, |
1045 | "<HTML><HEAD><TITLE>%d %s</TITLE></HEAD>\n" |
1046 | "<BODY><H1>%d %s</H1>\n%s\n</BODY></HTML>\n", |
1047 | responseNum, responseString, |
1048 | responseNum, responseString, infoString); |
1049 | } |
1050 | if (DEBUG) |
1051 | fprintf(stderr, "headers: '%s'\n", iobuf); |
1052 | if (full_write(STDOUT_FILENO, iobuf, len) != len) { |
1053 | if (verbose > 1) |
1054 | bb_perror_msg("error"); |
1055 | log_and_exit(); |
1056 | } |
1057 | } |
1058 | |
1059 | static void send_headers_and_exit(int responseNum) NORETURN; |
1060 | static void send_headers_and_exit(int responseNum) |
1061 | { |
1062 | send_headers(responseNum); |
1063 | log_and_exit(); |
1064 | } |
1065 | |
1066 | /* |
1067 | * Read from the socket until '\n' or EOF. '\r' chars are removed. |
1068 | * '\n' is replaced with NUL. |
1069 | * Return number of characters read or 0 if nothing is read |
1070 | * ('\r' and '\n' are not counted). |
1071 | * Data is returned in iobuf. |
1072 | */ |
1073 | static int get_line(void) |
1074 | { |
1075 | int count = 0; |
1076 | char c; |
1077 | |
1078 | alarm(HEADER_READ_TIMEOUT); |
1079 | while (1) { |
1080 | if (hdr_cnt <= 0) { |
1081 | hdr_cnt = safe_read(STDIN_FILENO, hdr_buf, sizeof(hdr_buf)); |
1082 | if (hdr_cnt <= 0) |
1083 | break; |
1084 | hdr_ptr = hdr_buf; |
1085 | } |
1086 | iobuf[count] = c = *hdr_ptr++; |
1087 | hdr_cnt--; |
1088 | |
1089 | if (c == '\r') |
1090 | continue; |
1091 | if (c == '\n') { |
1092 | iobuf[count] = '\0'; |
1093 | break; |
1094 | } |
1095 | if (count < (IOBUF_SIZE - 1)) /* check overflow */ |
1096 | count++; |
1097 | } |
1098 | return count; |
1099 | } |
1100 | |
1101 | #if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY |
1102 | |
1103 | /* gcc 4.2.1 fares better with NOINLINE */ |
1104 | static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post_len) NORETURN; |
1105 | static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post_len) |
1106 | { |
1107 | enum { FROM_CGI = 1, TO_CGI = 2 }; /* indexes in pfd[] */ |
1108 | struct pollfd pfd[3]; |
1109 | int out_cnt; /* we buffer a bit of initial CGI output */ |
1110 | int count; |
1111 | |
1112 | /* iobuf is used for CGI -> network data, |
1113 | * hdr_buf is for network -> CGI data (POSTDATA) */ |
1114 | |
1115 | /* If CGI dies, we still want to correctly finish reading its output |
1116 | * and send it to the peer. So please no SIGPIPEs! */ |
1117 | signal(SIGPIPE, SIG_IGN); |
1118 | |
1119 | // We inconsistently handle a case when more POSTDATA from network |
1120 | // is coming than we expected. We may give *some part* of that |
1121 | // extra data to CGI. |
1122 | |
1123 | //if (hdr_cnt > post_len) { |
1124 | // /* We got more POSTDATA from network than we expected */ |
1125 | // hdr_cnt = post_len; |
1126 | //} |
1127 | post_len -= hdr_cnt; |
1128 | /* post_len - number of POST bytes not yet read from network */ |
1129 | |
1130 | /* NB: breaking out of this loop jumps to log_and_exit() */ |
1131 | out_cnt = 0; |
1132 | while (1) { |
1133 | memset(pfd, 0, sizeof(pfd)); |
1134 | |
1135 | pfd[FROM_CGI].fd = fromCgi_rd; |
1136 | pfd[FROM_CGI].events = POLLIN; |
1137 | |
1138 | if (toCgi_wr) { |
1139 | pfd[TO_CGI].fd = toCgi_wr; |
1140 | if (hdr_cnt > 0) { |
1141 | pfd[TO_CGI].events = POLLOUT; |
1142 | } else if (post_len > 0) { |
1143 | pfd[0].events = POLLIN; |
1144 | } else { |
1145 | /* post_len <= 0 && hdr_cnt <= 0: |
1146 | * no more POST data to CGI, |
1147 | * let CGI see EOF on CGI's stdin */ |
1148 | if (toCgi_wr != fromCgi_rd) |
1149 | close(toCgi_wr); |
1150 | toCgi_wr = 0; |
1151 | } |
1152 | } |
1153 | |
1154 | /* Now wait on the set of sockets */ |
1155 | count = safe_poll(pfd, toCgi_wr ? TO_CGI+1 : FROM_CGI+1, -1); |
1156 | if (count <= 0) { |
1157 | #if 0 |
1158 | if (safe_waitpid(pid, &status, WNOHANG) <= 0) { |
1159 | /* Weird. CGI didn't exit and no fd's |
1160 | * are ready, yet poll returned?! */ |
1161 | continue; |
1162 | } |
1163 | if (DEBUG && WIFEXITED(status)) |
1164 | bb_error_msg("CGI exited, status=%d", WEXITSTATUS(status)); |
1165 | if (DEBUG && WIFSIGNALED(status)) |
1166 | bb_error_msg("CGI killed, signal=%d", WTERMSIG(status)); |
1167 | #endif |
1168 | break; |
1169 | } |
1170 | |
1171 | if (pfd[TO_CGI].revents) { |
1172 | /* hdr_cnt > 0 here due to the way pfd[TO_CGI].events set */ |
1173 | /* Have data from peer and can write to CGI */ |
1174 | count = safe_write(toCgi_wr, hdr_ptr, hdr_cnt); |
1175 | /* Doesn't happen, we dont use nonblocking IO here |
1176 | *if (count < 0 && errno == EAGAIN) { |
1177 | * ... |
1178 | *} else */ |
1179 | if (count > 0) { |
1180 | hdr_ptr += count; |
1181 | hdr_cnt -= count; |
1182 | } else { |
1183 | /* EOF/broken pipe to CGI, stop piping POST data */ |
1184 | hdr_cnt = post_len = 0; |
1185 | } |
1186 | } |
1187 | |
1188 | if (pfd[0].revents) { |
1189 | /* post_len > 0 && hdr_cnt == 0 here */ |
1190 | /* We expect data, prev data portion is eaten by CGI |
1191 | * and there *is* data to read from the peer |
1192 | * (POSTDATA) */ |
1193 | //count = post_len > (int)sizeof(hdr_buf) ? (int)sizeof(hdr_buf) : post_len; |
1194 | //count = safe_read(STDIN_FILENO, hdr_buf, count); |
1195 | count = safe_read(STDIN_FILENO, hdr_buf, sizeof(hdr_buf)); |
1196 | if (count > 0) { |
1197 | hdr_cnt = count; |
1198 | hdr_ptr = hdr_buf; |
1199 | post_len -= count; |
1200 | } else { |
1201 | /* no more POST data can be read */ |
1202 | post_len = 0; |
1203 | } |
1204 | } |
1205 | |
1206 | if (pfd[FROM_CGI].revents) { |
1207 | /* There is something to read from CGI */ |
1208 | char *rbuf = iobuf; |
1209 | |
1210 | /* Are we still buffering CGI output? */ |
1211 | if (out_cnt >= 0) { |
1212 | /* HTTP_200[] has single "\r\n" at the end. |
1213 | * According to http://hoohoo.ncsa.uiuc.edu/cgi/out.html, |
1214 | * CGI scripts MUST send their own header terminated by |
1215 | * empty line, then data. That's why we have only one |
1216 | * <cr><lf> pair here. We will output "200 OK" line |
1217 | * if needed, but CGI still has to provide blank line |
1218 | * between header and body */ |
1219 | |
1220 | /* Must use safe_read, not full_read, because |
1221 | * CGI may output a few first bytes and then wait |
1222 | * for POSTDATA without closing stdout. |
1223 | * With full_read we may wait here forever. */ |
1224 | count = safe_read(fromCgi_rd, rbuf + out_cnt, PIPE_BUF - 8); |
1225 | if (count <= 0) { |
1226 | /* eof (or error) and there was no "HTTP", |
1227 | * so write it, then write received data */ |
1228 | if (out_cnt) { |
1229 | full_write(STDOUT_FILENO, HTTP_200, sizeof(HTTP_200)-1); |
1230 | full_write(STDOUT_FILENO, rbuf, out_cnt); |
1231 | } |
1232 | break; /* CGI stdout is closed, exiting */ |
1233 | } |
1234 | out_cnt += count; |
1235 | count = 0; |
1236 | /* "Status" header format is: "Status: 302 Redirected\r\n" */ |
1237 | if (out_cnt >= 8 && memcmp(rbuf, "Status: ", 8) == 0) { |
1238 | /* send "HTTP/1.0 " */ |
1239 | if (full_write(STDOUT_FILENO, HTTP_200, 9) != 9) |
1240 | break; |
1241 | rbuf += 8; /* skip "Status: " */ |
1242 | count = out_cnt - 8; |
1243 | out_cnt = -1; /* buffering off */ |
1244 | } else if (out_cnt >= 4) { |
1245 | /* Did CGI add "HTTP"? */ |
1246 | if (memcmp(rbuf, HTTP_200, 4) != 0) { |
1247 | /* there is no "HTTP", do it ourself */ |
1248 | if (full_write(STDOUT_FILENO, HTTP_200, sizeof(HTTP_200)-1) != sizeof(HTTP_200)-1) |
1249 | break; |
1250 | } |
1251 | /* Commented out: |
1252 | if (!strstr(rbuf, "ontent-")) { |
1253 | full_write(s, "Content-type: text/plain\r\n\r\n", 28); |
1254 | } |
1255 | * Counter-example of valid CGI without Content-type: |
1256 | * echo -en "HTTP/1.0 302 Found\r\n" |
1257 | * echo -en "Location: http://www.busybox.net\r\n" |
1258 | * echo -en "\r\n" |
1259 | */ |
1260 | count = out_cnt; |
1261 | out_cnt = -1; /* buffering off */ |
1262 | } |
1263 | } else { |
1264 | count = safe_read(fromCgi_rd, rbuf, PIPE_BUF); |
1265 | if (count <= 0) |
1266 | break; /* eof (or error) */ |
1267 | } |
1268 | if (full_write(STDOUT_FILENO, rbuf, count) != count) |
1269 | break; |
1270 | if (DEBUG) |
1271 | fprintf(stderr, "cgi read %d bytes: '%.*s'\n", count, count, rbuf); |
1272 | } /* if (pfd[FROM_CGI].revents) */ |
1273 | } /* while (1) */ |
1274 | log_and_exit(); |
1275 | } |
1276 | #endif |
1277 | |
1278 | #if ENABLE_FEATURE_HTTPD_CGI |
1279 | |
1280 | static void setenv1(const char *name, const char *value) |
1281 | { |
1282 | setenv(name, value ? value : "", 1); |
1283 | } |
1284 | |
1285 | /* |
1286 | * Spawn CGI script, forward CGI's stdin/out <=> network |
1287 | * |
1288 | * Environment variables are set up and the script is invoked with pipes |
1289 | * for stdin/stdout. If a POST is being done the script is fed the POST |
1290 | * data in addition to setting the QUERY_STRING variable (for GETs or POSTs). |
1291 | * |
1292 | * Parameters: |
1293 | * const char *url The requested URL (with leading /). |
1294 | * int post_len Length of the POST body. |
1295 | * const char *cookie For set HTTP_COOKIE. |
1296 | * const char *content_type For set CONTENT_TYPE. |
1297 | */ |
1298 | static void send_cgi_and_exit( |
1299 | const char *url, |
1300 | const char *request, |
1301 | int post_len, |
1302 | const char *cookie, |
1303 | const char *content_type) NORETURN; |
1304 | static void send_cgi_and_exit( |
1305 | const char *url, |
1306 | const char *request, |
1307 | int post_len, |
1308 | const char *cookie, |
1309 | const char *content_type) |
1310 | { |
1311 | struct fd_pair fromCgi; /* CGI -> httpd pipe */ |
1312 | struct fd_pair toCgi; /* httpd -> CGI pipe */ |
1313 | char *script; |
1314 | int pid; |
1315 | |
1316 | /* Make a copy. NB: caller guarantees: |
1317 | * url[0] == '/', url[1] != '/' */ |
1318 | url = xstrdup(url); |
1319 | |
1320 | /* |
1321 | * We are mucking with environment _first_ and then vfork/exec, |
1322 | * this allows us to use vfork safely. Parent doesn't care about |
1323 | * these environment changes anyway. |
1324 | */ |
1325 | |
1326 | /* Check for [dirs/]script.cgi/PATH_INFO */ |
1327 | script = (char*)url; |
1328 | while ((script = strchr(script + 1, '/')) != NULL) { |
1329 | *script = '\0'; |
1330 | if (!is_directory(url + 1, 1, NULL)) { |
1331 | /* not directory, found script.cgi/PATH_INFO */ |
1332 | *script = '/'; |
1333 | break; |
1334 | } |
1335 | *script = '/'; /* is directory, find next '/' */ |
1336 | } |
1337 | setenv1("PATH_INFO", script); /* set to /PATH_INFO or "" */ |
1338 | setenv1("REQUEST_METHOD", request); |
1339 | if (g_query) { |
1340 | putenv(xasprintf("%s=%s?%s", "REQUEST_URI", url, g_query)); |
1341 | } else { |
1342 | setenv1("REQUEST_URI", url); |
1343 | } |
1344 | if (script != NULL) |
1345 | *script = '\0'; /* cut off /PATH_INFO */ |
1346 | |
1347 | /* SCRIPT_FILENAME is required by PHP in CGI mode */ |
1348 | if (home_httpd[0] == '/') { |
1349 | char *fullpath = concat_path_file(home_httpd, url); |
1350 | setenv1("SCRIPT_FILENAME", fullpath); |
1351 | } |
1352 | /* set SCRIPT_NAME as full path: /cgi-bin/dirs/script.cgi */ |
1353 | setenv1("SCRIPT_NAME", url); |
1354 | /* http://hoohoo.ncsa.uiuc.edu/cgi/env.html: |
1355 | * QUERY_STRING: The information which follows the ? in the URL |
1356 | * which referenced this script. This is the query information. |
1357 | * It should not be decoded in any fashion. This variable |
1358 | * should always be set when there is query information, |
1359 | * regardless of command line decoding. */ |
1360 | /* (Older versions of bbox seem to do some decoding) */ |
1361 | setenv1("QUERY_STRING", g_query); |
1362 | putenv((char*)"SERVER_SOFTWARE=busybox httpd/"BB_VER); |
1363 | putenv((char*)"SERVER_PROTOCOL=HTTP/1.0"); |
1364 | putenv((char*)"GATEWAY_INTERFACE=CGI/1.1"); |
1365 | /* Having _separate_ variables for IP and port defeats |
1366 | * the purpose of having socket abstraction. Which "port" |
1367 | * are you using on Unix domain socket? |
1368 | * IOW - REMOTE_PEER="1.2.3.4:56" makes much more sense. |
1369 | * Oh well... */ |
1370 | { |
1371 | char *p = rmt_ip_str ? rmt_ip_str : (char*)""; |
1372 | char *cp = strrchr(p, ':'); |
1373 | if (ENABLE_FEATURE_IPV6 && cp && strchr(cp, ']')) |
1374 | cp = NULL; |
1375 | if (cp) *cp = '\0'; /* delete :PORT */ |
1376 | setenv1("REMOTE_ADDR", p); |
1377 | if (cp) { |
1378 | *cp = ':'; |
1379 | #if ENABLE_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV |
1380 | setenv1("REMOTE_PORT", cp + 1); |
1381 | #endif |
1382 | } |
1383 | } |
1384 | setenv1("HTTP_USER_AGENT", user_agent); |
1385 | if (http_accept) |
1386 | setenv1("HTTP_ACCEPT", http_accept); |
1387 | if (http_accept_language) |
1388 | setenv1("HTTP_ACCEPT_LANGUAGE", http_accept_language); |
1389 | if (post_len) |
1390 | putenv(xasprintf("CONTENT_LENGTH=%d", post_len)); |
1391 | if (cookie) |
1392 | setenv1("HTTP_COOKIE", cookie); |
1393 | if (content_type) |
1394 | setenv1("CONTENT_TYPE", content_type); |
1395 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
1396 | if (remoteuser) { |
1397 | setenv1("REMOTE_USER", remoteuser); |
1398 | putenv((char*)"AUTH_TYPE=Basic"); |
1399 | } |
1400 | #endif |
1401 | if (referer) |
1402 | setenv1("HTTP_REFERER", referer); |
1403 | setenv1("HTTP_HOST", host); /* set to "" if NULL */ |
1404 | /* setenv1("SERVER_NAME", safe_gethostname()); - don't do this, |
1405 | * just run "env SERVER_NAME=xyz httpd ..." instead */ |
1406 | |
1407 | xpiped_pair(fromCgi); |
1408 | xpiped_pair(toCgi); |
1409 | |
1410 | pid = vfork(); |
1411 | if (pid < 0) { |
1412 | /* TODO: log perror? */ |
1413 | log_and_exit(); |
1414 | } |
1415 | |
1416 | if (!pid) { |
1417 | /* Child process */ |
1418 | char *argv[3]; |
1419 | |
1420 | xfunc_error_retval = 242; |
1421 | |
1422 | /* NB: close _first_, then move fds! */ |
1423 | close(toCgi.wr); |
1424 | close(fromCgi.rd); |
1425 | xmove_fd(toCgi.rd, 0); /* replace stdin with the pipe */ |
1426 | xmove_fd(fromCgi.wr, 1); /* replace stdout with the pipe */ |
1427 | /* User seeing stderr output can be a security problem. |
1428 | * If CGI really wants that, it can always do dup itself. */ |
1429 | /* dup2(1, 2); */ |
1430 | |
1431 | /* Chdiring to script's dir */ |
1432 | script = strrchr(url, '/'); |
1433 | if (script != url) { /* paranoia */ |
1434 | *script = '\0'; |
1435 | if (chdir(url + 1) != 0) { |
1436 | bb_perror_msg("chdir(%s)", url + 1); |
1437 | goto error_execing_cgi; |
1438 | } |
1439 | // not needed: *script = '/'; |
1440 | } |
1441 | script++; |
1442 | |
1443 | /* set argv[0] to name without path */ |
1444 | argv[0] = script; |
1445 | argv[1] = NULL; |
1446 | |
1447 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
1448 | { |
1449 | char *suffix = strrchr(script, '.'); |
1450 | |
1451 | if (suffix) { |
1452 | Htaccess *cur; |
1453 | for (cur = script_i; cur; cur = cur->next) { |
1454 | if (strcmp(cur->before_colon + 1, suffix) == 0) { |
1455 | /* found interpreter name */ |
1456 | argv[0] = cur->after_colon; |
1457 | argv[1] = script; |
1458 | argv[2] = NULL; |
1459 | break; |
1460 | } |
1461 | } |
1462 | } |
1463 | } |
1464 | #endif |
1465 | /* restore default signal dispositions for CGI process */ |
1466 | bb_signals(0 |
1467 | | (1 << SIGCHLD) |
1468 | | (1 << SIGPIPE) |
1469 | | (1 << SIGHUP) |
1470 | , SIG_DFL); |
1471 | |
1472 | /* _NOT_ execvp. We do not search PATH. argv[0] is a filename |
1473 | * without any dir components and will only match a file |
1474 | * in the current directory */ |
1475 | execv(argv[0], argv); |
1476 | if (verbose) |
1477 | bb_perror_msg("can't execute '%s'", argv[0]); |
1478 | error_execing_cgi: |
1479 | /* send to stdout |
1480 | * (we are CGI here, our stdout is pumped to the net) */ |
1481 | send_headers_and_exit(HTTP_NOT_FOUND); |
1482 | } /* end child */ |
1483 | |
1484 | /* Parent process */ |
1485 | |
1486 | /* Restore variables possibly changed by child */ |
1487 | xfunc_error_retval = 0; |
1488 | |
1489 | /* Pump data */ |
1490 | close(fromCgi.wr); |
1491 | close(toCgi.rd); |
1492 | cgi_io_loop_and_exit(fromCgi.rd, toCgi.wr, post_len); |
1493 | } |
1494 | |
1495 | #endif /* FEATURE_HTTPD_CGI */ |
1496 | |
1497 | /* |
1498 | * Send a file response to a HTTP request, and exit |
1499 | * |
1500 | * Parameters: |
1501 | * const char *url The requested URL (with leading /). |
1502 | * what What to send (headers/body/both). |
1503 | */ |
1504 | static NOINLINE void send_file_and_exit(const char *url, int what) |
1505 | { |
1506 | char *suffix; |
1507 | int fd; |
1508 | ssize_t count; |
1509 | |
1510 | fd = open(url, O_RDONLY); |
1511 | if (fd < 0) { |
1512 | if (DEBUG) |
1513 | bb_perror_msg("can't open '%s'", url); |
1514 | /* Error pages are sent by using send_file_and_exit(SEND_BODY). |
1515 | * IOW: it is unsafe to call send_headers_and_exit |
1516 | * if what is SEND_BODY! Can recurse! */ |
1517 | if (what != SEND_BODY) |
1518 | send_headers_and_exit(HTTP_NOT_FOUND); |
1519 | log_and_exit(); |
1520 | } |
1521 | /* If you want to know about EPIPE below |
1522 | * (happens if you abort downloads from local httpd): */ |
1523 | signal(SIGPIPE, SIG_IGN); |
1524 | |
1525 | /* If not found, default is "application/octet-stream" */ |
1526 | found_mime_type = "application/octet-stream"; |
1527 | suffix = strrchr(url, '.'); |
1528 | if (suffix) { |
1529 | static const char suffixTable[] ALIGN1 = |
1530 | /* Shorter suffix must be first: |
1531 | * ".html.htm" will fail for ".htm" |
1532 | */ |
1533 | ".txt.h.c.cc.cpp\0" "text/plain\0" |
1534 | /* .htm line must be after .h line */ |
1535 | ".htm.html\0" "text/html\0" |
1536 | ".jpg.jpeg\0" "image/jpeg\0" |
1537 | ".gif\0" "image/gif\0" |
1538 | ".png\0" "image/png\0" |
1539 | /* .css line must be after .c line */ |
1540 | ".css\0" "text/css\0" |
1541 | ".wav\0" "audio/wav\0" |
1542 | ".avi\0" "video/x-msvideo\0" |
1543 | ".qt.mov\0" "video/quicktime\0" |
1544 | ".mpe.mpeg\0" "video/mpeg\0" |
1545 | ".mid.midi\0" "audio/midi\0" |
1546 | ".mp3\0" "audio/mpeg\0" |
1547 | #if 0 /* unpopular */ |
1548 | ".au\0" "audio/basic\0" |
1549 | ".pac\0" "application/x-ns-proxy-autoconfig\0" |
1550 | ".vrml.wrl\0" "model/vrml\0" |
1551 | #endif |
1552 | /* compiler adds another "\0" here */ |
1553 | ; |
1554 | Htaccess *cur; |
1555 | |
1556 | /* Examine built-in table */ |
1557 | const char *table = suffixTable; |
1558 | const char *table_next; |
1559 | for (; *table; table = table_next) { |
1560 | const char *try_suffix; |
1561 | const char *mime_type; |
1562 | mime_type = table + strlen(table) + 1; |
1563 | table_next = mime_type + strlen(mime_type) + 1; |
1564 | try_suffix = strstr(table, suffix); |
1565 | if (!try_suffix) |
1566 | continue; |
1567 | try_suffix += strlen(suffix); |
1568 | if (*try_suffix == '\0' || *try_suffix == '.') { |
1569 | found_mime_type = mime_type; |
1570 | break; |
1571 | } |
1572 | /* Example: strstr(table, ".av") != NULL, but it |
1573 | * does not match ".avi" after all and we end up here. |
1574 | * The table is arranged so that in this case we know |
1575 | * that it can't match anything in the following lines, |
1576 | * and we stop the search: */ |
1577 | break; |
1578 | } |
1579 | /* ...then user's table */ |
1580 | for (cur = mime_a; cur; cur = cur->next) { |
1581 | if (strcmp(cur->before_colon, suffix) == 0) { |
1582 | found_mime_type = cur->after_colon; |
1583 | break; |
1584 | } |
1585 | } |
1586 | } |
1587 | |
1588 | if (DEBUG) |
1589 | bb_error_msg("sending file '%s' content-type: %s", |
1590 | url, found_mime_type); |
1591 | |
1592 | #if ENABLE_FEATURE_HTTPD_RANGES |
1593 | if (what == SEND_BODY) |
1594 | range_start = 0; /* err pages and ranges don't mix */ |
1595 | range_len = MAXINT(off_t); |
1596 | if (range_start) { |
1597 | if (!range_end) { |
1598 | range_end = file_size - 1; |
1599 | } |
1600 | if (range_end < range_start |
1601 | || lseek(fd, range_start, SEEK_SET) != range_start |
1602 | ) { |
1603 | lseek(fd, 0, SEEK_SET); |
1604 | range_start = 0; |
1605 | } else { |
1606 | range_len = range_end - range_start + 1; |
1607 | send_headers(HTTP_PARTIAL_CONTENT); |
1608 | what = SEND_BODY; |
1609 | } |
1610 | } |
1611 | #endif |
1612 | if (what & SEND_HEADERS) |
1613 | send_headers(HTTP_OK); |
1614 | #if ENABLE_FEATURE_HTTPD_USE_SENDFILE |
1615 | { |
1616 | off_t offset = range_start; |
1617 | while (1) { |
1618 | /* sz is rounded down to 64k */ |
1619 | ssize_t sz = MAXINT(ssize_t) - 0xffff; |
1620 | IF_FEATURE_HTTPD_RANGES(if (sz > range_len) sz = range_len;) |
1621 | count = sendfile(STDOUT_FILENO, fd, &offset, sz); |
1622 | if (count < 0) { |
1623 | if (offset == range_start) |
1624 | break; /* fall back to read/write loop */ |
1625 | goto fin; |
1626 | } |
1627 | IF_FEATURE_HTTPD_RANGES(range_len -= sz;) |
1628 | if (count == 0 || range_len == 0) |
1629 | log_and_exit(); |
1630 | } |
1631 | } |
1632 | #endif |
1633 | while ((count = safe_read(fd, iobuf, IOBUF_SIZE)) > 0) { |
1634 | ssize_t n; |
1635 | IF_FEATURE_HTTPD_RANGES(if (count > range_len) count = range_len;) |
1636 | n = full_write(STDOUT_FILENO, iobuf, count); |
1637 | if (count != n) |
1638 | break; |
1639 | IF_FEATURE_HTTPD_RANGES(range_len -= count;) |
1640 | if (range_len == 0) |
1641 | break; |
1642 | } |
1643 | if (count < 0) { |
1644 | IF_FEATURE_HTTPD_USE_SENDFILE(fin:) |
1645 | if (verbose > 1) |
1646 | bb_perror_msg("error"); |
1647 | } |
1648 | log_and_exit(); |
1649 | } |
1650 | |
1651 | static int checkPermIP(void) |
1652 | { |
1653 | Htaccess_IP *cur; |
1654 | |
1655 | for (cur = ip_a_d; cur; cur = cur->next) { |
1656 | #if DEBUG |
1657 | fprintf(stderr, |
1658 | "checkPermIP: '%s' ? '%u.%u.%u.%u/%u.%u.%u.%u'\n", |
1659 | rmt_ip_str, |
1660 | (unsigned char)(cur->ip >> 24), |
1661 | (unsigned char)(cur->ip >> 16), |
1662 | (unsigned char)(cur->ip >> 8), |
1663 | (unsigned char)(cur->ip), |
1664 | (unsigned char)(cur->mask >> 24), |
1665 | (unsigned char)(cur->mask >> 16), |
1666 | (unsigned char)(cur->mask >> 8), |
1667 | (unsigned char)(cur->mask) |
1668 | ); |
1669 | #endif |
1670 | if ((rmt_ip & cur->mask) == cur->ip) |
1671 | return (cur->allow_deny == 'A'); /* A -> 1 */ |
1672 | } |
1673 | |
1674 | return !flg_deny_all; /* depends on whether we saw "D:*" */ |
1675 | } |
1676 | |
1677 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
1678 | /* |
1679 | * Config file entries are of the form "/<path>:<user>:<passwd>". |
1680 | * If config file has no prefix match for path, access is allowed. |
1681 | * |
1682 | * path The file path |
1683 | * user_and_passwd "user:passwd" to validate |
1684 | * |
1685 | * Returns 1 if user_and_passwd is OK. |
1686 | */ |
1687 | static int check_user_passwd(const char *path, const char *user_and_passwd) |
1688 | { |
1689 | Htaccess *cur; |
1690 | const char *prev = NULL; |
1691 | |
1692 | for (cur = g_auth; cur; cur = cur->next) { |
1693 | const char *dir_prefix; |
1694 | size_t len; |
1695 | |
1696 | dir_prefix = cur->before_colon; |
1697 | |
1698 | /* WHY? */ |
1699 | /* If already saw a match, don't accept other different matches */ |
1700 | if (prev && strcmp(prev, dir_prefix) != 0) |
1701 | continue; |
1702 | |
1703 | if (DEBUG) |
1704 | fprintf(stderr, "checkPerm: '%s' ? '%s'\n", dir_prefix, user_and_passwd); |
1705 | |
1706 | /* If it's not a prefix match, continue searching */ |
1707 | len = strlen(dir_prefix); |
1708 | if (len != 1 /* dir_prefix "/" matches all, don't need to check */ |
1709 | && (strncmp(dir_prefix, path, len) != 0 |
1710 | || (path[len] != '/' && path[len] != '\0')) |
1711 | ) { |
1712 | continue; |
1713 | } |
1714 | |
1715 | /* Path match found */ |
1716 | prev = dir_prefix; |
1717 | |
1718 | if (ENABLE_FEATURE_HTTPD_AUTH_MD5) { |
1719 | char *md5_passwd; |
1720 | |
1721 | md5_passwd = strchr(cur->after_colon, ':'); |
1722 | if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1' |
1723 | && md5_passwd[3] == '$' && md5_passwd[4] |
1724 | ) { |
1725 | char *encrypted; |
1726 | int r, user_len_p1; |
1727 | |
1728 | md5_passwd++; |
1729 | user_len_p1 = md5_passwd - cur->after_colon; |
1730 | /* comparing "user:" */ |
1731 | if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) { |
1732 | continue; |
1733 | } |
1734 | |
1735 | encrypted = pw_encrypt( |
1736 | user_and_passwd + user_len_p1 /* cleartext pwd from user */, |
1737 | md5_passwd /*salt */, 1 /* cleanup */); |
1738 | r = strcmp(encrypted, md5_passwd); |
1739 | free(encrypted); |
1740 | if (r == 0) |
1741 | goto set_remoteuser_var; /* Ok */ |
1742 | continue; |
1743 | } |
1744 | } |
1745 | |
1746 | /* Comparing plaintext "user:pass" in one go */ |
1747 | if (strcmp(cur->after_colon, user_and_passwd) == 0) { |
1748 | set_remoteuser_var: |
1749 | remoteuser = xstrndup(user_and_passwd, |
1750 | strchrnul(user_and_passwd, ':') - user_and_passwd); |
1751 | return 1; /* Ok */ |
1752 | } |
1753 | } /* for */ |
1754 | |
1755 | /* 0(bad) if prev is set: matches were found but passwd was wrong */ |
1756 | return (prev == NULL); |
1757 | } |
1758 | #endif /* FEATURE_HTTPD_BASIC_AUTH */ |
1759 | |
1760 | #if ENABLE_FEATURE_HTTPD_PROXY |
1761 | static Htaccess_Proxy *find_proxy_entry(const char *url) |
1762 | { |
1763 | Htaccess_Proxy *p; |
1764 | for (p = proxy; p; p = p->next) { |
1765 | if (strncmp(url, p->url_from, strlen(p->url_from)) == 0) |
1766 | return p; |
1767 | } |
1768 | return NULL; |
1769 | } |
1770 | #endif |
1771 | |
1772 | /* |
1773 | * Handle timeouts |
1774 | */ |
1775 | static void send_REQUEST_TIMEOUT_and_exit(int sig) NORETURN; |
1776 | static void send_REQUEST_TIMEOUT_and_exit(int sig UNUSED_PARAM) |
1777 | { |
1778 | send_headers_and_exit(HTTP_REQUEST_TIMEOUT); |
1779 | } |
1780 | |
1781 | /* |
1782 | * Handle an incoming http request and exit. |
1783 | */ |
1784 | static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) NORETURN; |
1785 | static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) |
1786 | { |
1787 | static const char request_GET[] ALIGN1 = "GET"; |
1788 | struct stat sb; |
1789 | char *urlcopy; |
1790 | char *urlp; |
1791 | char *tptr; |
1792 | #if ENABLE_FEATURE_HTTPD_CGI |
1793 | static const char request_HEAD[] ALIGN1 = "HEAD"; |
1794 | const char *prequest; |
1795 | char *cookie = NULL; |
1796 | char *content_type = NULL; |
1797 | unsigned long length = 0; |
1798 | #elif ENABLE_FEATURE_HTTPD_PROXY |
1799 | #define prequest request_GET |
1800 | unsigned long length = 0; |
1801 | #endif |
1802 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
1803 | smallint authorized = -1; |
1804 | #endif |
1805 | smallint ip_allowed; |
1806 | char http_major_version; |
1807 | #if ENABLE_FEATURE_HTTPD_PROXY |
1808 | char http_minor_version; |
1809 | char *header_buf = header_buf; /* for gcc */ |
1810 | char *header_ptr = header_ptr; |
1811 | Htaccess_Proxy *proxy_entry; |
1812 | #endif |
1813 | |
1814 | /* Allocation of iobuf is postponed until now |
1815 | * (IOW, server process doesn't need to waste 8k) */ |
1816 | iobuf = xmalloc(IOBUF_SIZE); |
1817 | |
1818 | rmt_ip = 0; |
1819 | if (fromAddr->u.sa.sa_family == AF_INET) { |
1820 | rmt_ip = ntohl(fromAddr->u.sin.sin_addr.s_addr); |
1821 | } |
1822 | #if ENABLE_FEATURE_IPV6 |
1823 | if (fromAddr->u.sa.sa_family == AF_INET6 |
1824 | && fromAddr->u.sin6.sin6_addr.s6_addr32[0] == 0 |
1825 | && fromAddr->u.sin6.sin6_addr.s6_addr32[1] == 0 |
1826 | && ntohl(fromAddr->u.sin6.sin6_addr.s6_addr32[2]) == 0xffff) |
1827 | rmt_ip = ntohl(fromAddr->u.sin6.sin6_addr.s6_addr32[3]); |
1828 | #endif |
1829 | if (ENABLE_FEATURE_HTTPD_CGI || DEBUG || verbose) { |
1830 | /* NB: can be NULL (user runs httpd -i by hand?) */ |
1831 | rmt_ip_str = xmalloc_sockaddr2dotted(&fromAddr->u.sa); |
1832 | } |
1833 | if (verbose) { |
1834 | /* this trick makes -v logging much simpler */ |
1835 | if (rmt_ip_str) |
1836 | applet_name = rmt_ip_str; |
1837 | if (verbose > 2) |
1838 | bb_error_msg("connected"); |
1839 | } |
1840 | |
1841 | /* Install timeout handler. get_line() needs it. */ |
1842 | signal(SIGALRM, send_REQUEST_TIMEOUT_and_exit); |
1843 | |
1844 | if (!get_line()) /* EOF or error or empty line */ |
1845 | send_headers_and_exit(HTTP_BAD_REQUEST); |
1846 | |
1847 | /* Determine type of request (GET/POST) */ |
1848 | urlp = strpbrk(iobuf, " \t"); |
1849 | if (urlp == NULL) |
1850 | send_headers_and_exit(HTTP_BAD_REQUEST); |
1851 | *urlp++ = '\0'; |
1852 | #if ENABLE_FEATURE_HTTPD_CGI |
1853 | prequest = request_GET; |
1854 | if (strcasecmp(iobuf, prequest) != 0) { |
1855 | prequest = request_HEAD; |
1856 | if (strcasecmp(iobuf, prequest) != 0) { |
1857 | prequest = "POST"; |
1858 | if (strcasecmp(iobuf, prequest) != 0) |
1859 | send_headers_and_exit(HTTP_NOT_IMPLEMENTED); |
1860 | } |
1861 | } |
1862 | #else |
1863 | if (strcasecmp(iobuf, request_GET) != 0) |
1864 | send_headers_and_exit(HTTP_NOT_IMPLEMENTED); |
1865 | #endif |
1866 | urlp = skip_whitespace(urlp); |
1867 | if (urlp[0] != '/') |
1868 | send_headers_and_exit(HTTP_BAD_REQUEST); |
1869 | |
1870 | /* Find end of URL and parse HTTP version, if any */ |
1871 | http_major_version = '0'; |
1872 | IF_FEATURE_HTTPD_PROXY(http_minor_version = '0';) |
1873 | tptr = strchrnul(urlp, ' '); |
1874 | /* Is it " HTTP/"? */ |
1875 | if (tptr[0] && strncmp(tptr + 1, HTTP_200, 5) == 0) { |
1876 | http_major_version = tptr[6]; |
1877 | IF_FEATURE_HTTPD_PROXY(http_minor_version = tptr[8];) |
1878 | } |
1879 | *tptr = '\0'; |
1880 | |
1881 | /* Copy URL from after "GET "/"POST " to stack-allocated char[] */ |
1882 | urlcopy = alloca((tptr - urlp) + 2 + strlen(index_page)); |
1883 | /*if (urlcopy == NULL) |
1884 | * send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);*/ |
1885 | strcpy(urlcopy, urlp); |
1886 | /* NB: urlcopy ptr is never changed after this */ |
1887 | |
1888 | /* Extract url args if present */ |
1889 | g_query = NULL; |
1890 | tptr = strchr(urlcopy, '?'); |
1891 | if (tptr) { |
1892 | *tptr++ = '\0'; |
1893 | g_query = tptr; |
1894 | } |
1895 | |
1896 | /* Decode URL escape sequences */ |
1897 | tptr = decodeString(urlcopy, 0); |
1898 | if (tptr == NULL) |
1899 | send_headers_and_exit(HTTP_BAD_REQUEST); |
1900 | if (tptr == urlcopy + 1) { |
1901 | /* '/' or NUL is encoded */ |
1902 | send_headers_and_exit(HTTP_NOT_FOUND); |
1903 | } |
1904 | |
1905 | /* Canonicalize path */ |
1906 | /* Algorithm stolen from libbb bb_simplify_path(), |
1907 | * but don't strdup, retain trailing slash, protect root */ |
1908 | urlp = tptr = urlcopy; |
1909 | do { |
1910 | if (*urlp == '/') { |
1911 | /* skip duplicate (or initial) slash */ |
1912 | if (*tptr == '/') { |
1913 | continue; |
1914 | } |
1915 | if (*tptr == '.') { |
1916 | /* skip extra "/./" */ |
1917 | if (tptr[1] == '/' || !tptr[1]) { |
1918 | continue; |
1919 | } |
1920 | /* "..": be careful */ |
1921 | if (tptr[1] == '.' && (tptr[2] == '/' || !tptr[2])) { |
1922 | ++tptr; |
1923 | if (urlp == urlcopy) /* protect root */ |
1924 | send_headers_and_exit(HTTP_BAD_REQUEST); |
1925 | while (*--urlp != '/') /* omit previous dir */; |
1926 | continue; |
1927 | } |
1928 | } |
1929 | } |
1930 | *++urlp = *tptr; |
1931 | } while (*++tptr); |
1932 | *++urlp = '\0'; /* terminate after last character */ |
1933 | |
1934 | /* If URL is a directory, add '/' */ |
1935 | if (urlp[-1] != '/') { |
1936 | if (is_directory(urlcopy + 1, 1, NULL)) { |
1937 | found_moved_temporarily = urlcopy; |
1938 | } |
1939 | } |
1940 | |
1941 | /* Log it */ |
1942 | if (verbose > 1) |
1943 | bb_error_msg("url:%s", urlcopy); |
1944 | |
1945 | tptr = urlcopy; |
1946 | ip_allowed = checkPermIP(); |
1947 | while (ip_allowed && (tptr = strchr(tptr + 1, '/')) != NULL) { |
1948 | /* have path1/path2 */ |
1949 | *tptr = '\0'; |
1950 | if (is_directory(urlcopy + 1, 1, NULL)) { |
1951 | /* may have subdir config */ |
1952 | parse_conf(urlcopy + 1, SUBDIR_PARSE); |
1953 | ip_allowed = checkPermIP(); |
1954 | } |
1955 | *tptr = '/'; |
1956 | } |
1957 | |
1958 | #if ENABLE_FEATURE_HTTPD_PROXY |
1959 | proxy_entry = find_proxy_entry(urlcopy); |
1960 | if (proxy_entry) |
1961 | header_buf = header_ptr = xmalloc(IOBUF_SIZE); |
1962 | #endif |
1963 | |
1964 | if (http_major_version >= '0') { |
1965 | /* Request was with "... HTTP/nXXX", and n >= 0 */ |
1966 | |
1967 | /* Read until blank line for HTTP version specified, else parse immediate */ |
1968 | while (1) { |
1969 | if (!get_line()) |
1970 | break; /* EOF or error or empty line */ |
1971 | if (DEBUG) |
1972 | bb_error_msg("header: '%s'", iobuf); |
1973 | |
1974 | #if ENABLE_FEATURE_HTTPD_PROXY |
1975 | /* We need 2 more bytes for yet another "\r\n" - |
1976 | * see near fdprintf(proxy_fd...) further below */ |
1977 | if (proxy_entry && (header_ptr - header_buf) < IOBUF_SIZE - 2) { |
1978 | int len = strlen(iobuf); |
1979 | if (len > IOBUF_SIZE - (header_ptr - header_buf) - 4) |
1980 | len = IOBUF_SIZE - (header_ptr - header_buf) - 4; |
1981 | memcpy(header_ptr, iobuf, len); |
1982 | header_ptr += len; |
1983 | header_ptr[0] = '\r'; |
1984 | header_ptr[1] = '\n'; |
1985 | header_ptr += 2; |
1986 | } |
1987 | #endif |
1988 | |
1989 | #if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY |
1990 | /* Try and do our best to parse more lines */ |
1991 | if ((STRNCASECMP(iobuf, "Content-length:") == 0)) { |
1992 | /* extra read only for POST */ |
1993 | if (prequest != request_GET |
1994 | #if ENABLE_FEATURE_HTTPD_CGI |
1995 | && prequest != request_HEAD |
1996 | #endif |
1997 | ) { |
1998 | tptr = skip_whitespace(iobuf + sizeof("Content-length:") - 1); |
1999 | if (!tptr[0]) |
2000 | send_headers_and_exit(HTTP_BAD_REQUEST); |
2001 | /* not using strtoul: it ignores leading minus! */ |
2002 | length = bb_strtou(tptr, NULL, 10); |
2003 | /* length is "ulong", but we need to pass it to int later */ |
2004 | if (errno || length > INT_MAX) |
2005 | send_headers_and_exit(HTTP_BAD_REQUEST); |
2006 | } |
2007 | } |
2008 | #endif |
2009 | #if ENABLE_FEATURE_HTTPD_CGI |
2010 | else if (STRNCASECMP(iobuf, "Cookie:") == 0) { |
2011 | cookie = xstrdup(skip_whitespace(iobuf + sizeof("Cookie:")-1)); |
2012 | } else if (STRNCASECMP(iobuf, "Content-Type:") == 0) { |
2013 | content_type = xstrdup(skip_whitespace(iobuf + sizeof("Content-Type:")-1)); |
2014 | } else if (STRNCASECMP(iobuf, "Referer:") == 0) { |
2015 | referer = xstrdup(skip_whitespace(iobuf + sizeof("Referer:")-1)); |
2016 | } else if (STRNCASECMP(iobuf, "User-Agent:") == 0) { |
2017 | user_agent = xstrdup(skip_whitespace(iobuf + sizeof("User-Agent:")-1)); |
2018 | } else if (STRNCASECMP(iobuf, "Host:") == 0) { |
2019 | host = xstrdup(skip_whitespace(iobuf + sizeof("Host:")-1)); |
2020 | } else if (STRNCASECMP(iobuf, "Accept:") == 0) { |
2021 | http_accept = xstrdup(skip_whitespace(iobuf + sizeof("Accept:")-1)); |
2022 | } else if (STRNCASECMP(iobuf, "Accept-Language:") == 0) { |
2023 | http_accept_language = xstrdup(skip_whitespace(iobuf + sizeof("Accept-Language:")-1)); |
2024 | } |
2025 | #endif |
2026 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
2027 | if (STRNCASECMP(iobuf, "Authorization:") == 0) { |
2028 | /* We only allow Basic credentials. |
2029 | * It shows up as "Authorization: Basic <user>:<passwd>" where |
2030 | * "<user>:<passwd>" is base64 encoded. |
2031 | */ |
2032 | tptr = skip_whitespace(iobuf + sizeof("Authorization:")-1); |
2033 | if (STRNCASECMP(tptr, "Basic") != 0) |
2034 | continue; |
2035 | tptr += sizeof("Basic")-1; |
2036 | /* decodeBase64() skips whitespace itself */ |
2037 | decodeBase64(tptr); |
2038 | authorized = check_user_passwd(urlcopy, tptr); |
2039 | } |
2040 | #endif |
2041 | #if ENABLE_FEATURE_HTTPD_RANGES |
2042 | if (STRNCASECMP(iobuf, "Range:") == 0) { |
2043 | /* We know only bytes=NNN-[MMM] */ |
2044 | char *s = skip_whitespace(iobuf + sizeof("Range:")-1); |
2045 | if (strncmp(s, "bytes=", 6) == 0) { |
2046 | s += sizeof("bytes=")-1; |
2047 | range_start = BB_STRTOOFF(s, &s, 10); |
2048 | if (s[0] != '-' || range_start < 0) { |
2049 | range_start = 0; |
2050 | } else if (s[1]) { |
2051 | range_end = BB_STRTOOFF(s+1, NULL, 10); |
2052 | if (errno || range_end < range_start) |
2053 | range_start = 0; |
2054 | } |
2055 | } |
2056 | } |
2057 | #endif |
2058 | } /* while extra header reading */ |
2059 | } |
2060 | |
2061 | /* We are done reading headers, disable peer timeout */ |
2062 | alarm(0); |
2063 | |
2064 | if (strcmp(bb_basename(urlcopy), HTTPD_CONF) == 0 || !ip_allowed) { |
2065 | /* protect listing [/path]/httpd.conf or IP deny */ |
2066 | send_headers_and_exit(HTTP_FORBIDDEN); |
2067 | } |
2068 | |
2069 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
2070 | /* Case: no "Authorization:" was seen, but page does require passwd. |
2071 | * Check that with dummy user:pass */ |
2072 | if (authorized < 0) |
2073 | authorized = check_user_passwd(urlcopy, ":"); |
2074 | if (!authorized) |
2075 | send_headers_and_exit(HTTP_UNAUTHORIZED); |
2076 | #endif |
2077 | |
2078 | if (found_moved_temporarily) { |
2079 | send_headers_and_exit(HTTP_MOVED_TEMPORARILY); |
2080 | } |
2081 | |
2082 | #if ENABLE_FEATURE_HTTPD_PROXY |
2083 | if (proxy_entry != NULL) { |
2084 | int proxy_fd; |
2085 | len_and_sockaddr *lsa; |
2086 | |
2087 | proxy_fd = socket(AF_INET, SOCK_STREAM, 0); |
2088 | if (proxy_fd < 0) |
2089 | send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR); |
2090 | lsa = host2sockaddr(proxy_entry->host_port, 80); |
2091 | if (lsa == NULL) |
2092 | send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR); |
2093 | if (connect(proxy_fd, &lsa->u.sa, lsa->len) < 0) |
2094 | send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR); |
2095 | fdprintf(proxy_fd, "%s %s%s%s%s HTTP/%c.%c\r\n", |
2096 | prequest, /* GET or POST */ |
2097 | proxy_entry->url_to, /* url part 1 */ |
2098 | urlcopy + strlen(proxy_entry->url_from), /* url part 2 */ |
2099 | (g_query ? "?" : ""), /* "?" (maybe) */ |
2100 | (g_query ? g_query : ""), /* query string (maybe) */ |
2101 | http_major_version, http_minor_version); |
2102 | header_ptr[0] = '\r'; |
2103 | header_ptr[1] = '\n'; |
2104 | header_ptr += 2; |
2105 | write(proxy_fd, header_buf, header_ptr - header_buf); |
2106 | free(header_buf); /* on the order of 8k, free it */ |
2107 | cgi_io_loop_and_exit(proxy_fd, proxy_fd, length); |
2108 | } |
2109 | #endif |
2110 | |
2111 | tptr = urlcopy + 1; /* skip first '/' */ |
2112 | |
2113 | #if ENABLE_FEATURE_HTTPD_CGI |
2114 | if (strncmp(tptr, "cgi-bin/", 8) == 0) { |
2115 | if (tptr[8] == '\0') { |
2116 | /* protect listing "cgi-bin/" */ |
2117 | send_headers_and_exit(HTTP_FORBIDDEN); |
2118 | } |
2119 | send_cgi_and_exit(urlcopy, prequest, length, cookie, content_type); |
2120 | } |
2121 | #endif |
2122 | |
2123 | if (urlp[-1] == '/') |
2124 | strcpy(urlp, index_page); |
2125 | if (stat(tptr, &sb) == 0) { |
2126 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
2127 | char *suffix = strrchr(tptr, '.'); |
2128 | if (suffix) { |
2129 | Htaccess *cur; |
2130 | for (cur = script_i; cur; cur = cur->next) { |
2131 | if (strcmp(cur->before_colon + 1, suffix) == 0) { |
2132 | send_cgi_and_exit(urlcopy, prequest, length, cookie, content_type); |
2133 | } |
2134 | } |
2135 | } |
2136 | #endif |
2137 | file_size = sb.st_size; |
2138 | last_mod = sb.st_mtime; |
2139 | } |
2140 | #if ENABLE_FEATURE_HTTPD_CGI |
2141 | else if (urlp[-1] == '/') { |
2142 | /* It's a dir URL and there is no index.html |
2143 | * Try cgi-bin/index.cgi */ |
2144 | if (access("/cgi-bin/index.cgi"+1, X_OK) == 0) { |
2145 | urlp[0] = '\0'; |
2146 | g_query = urlcopy; |
2147 | send_cgi_and_exit("/cgi-bin/index.cgi", prequest, length, cookie, content_type); |
2148 | } |
2149 | } |
2150 | /* else fall through to send_file, it errors out if open fails: */ |
2151 | |
2152 | if (prequest != request_GET && prequest != request_HEAD) { |
2153 | /* POST for files does not make sense */ |
2154 | send_headers_and_exit(HTTP_NOT_IMPLEMENTED); |
2155 | } |
2156 | send_file_and_exit(tptr, |
2157 | (prequest != request_HEAD ? SEND_HEADERS_AND_BODY : SEND_HEADERS) |
2158 | ); |
2159 | #else |
2160 | send_file_and_exit(tptr, SEND_HEADERS_AND_BODY); |
2161 | #endif |
2162 | } |
2163 | |
2164 | /* |
2165 | * The main http server function. |
2166 | * Given a socket, listen for new connections and farm out |
2167 | * the processing as a [v]forked process. |
2168 | * Never returns. |
2169 | */ |
2170 | #if BB_MMU |
2171 | static void mini_httpd(int server_socket) NORETURN; |
2172 | static void mini_httpd(int server_socket) |
2173 | { |
2174 | /* NB: it's best to not use xfuncs in this loop before fork(). |
2175 | * Otherwise server may die on transient errors (temporary |
2176 | * out-of-memory condition, etc), which is Bad(tm). |
2177 | * Try to do any dangerous calls after fork. |
2178 | */ |
2179 | while (1) { |
2180 | int n; |
2181 | len_and_sockaddr fromAddr; |
2182 | |
2183 | /* Wait for connections... */ |
2184 | fromAddr.len = LSA_SIZEOF_SA; |
2185 | n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len); |
2186 | |
2187 | if (n < 0) |
2188 | continue; |
2189 | /* set the KEEPALIVE option to cull dead connections */ |
2190 | setsockopt(n, SOL_SOCKET, SO_KEEPALIVE, &const_int_1, sizeof(const_int_1)); |
2191 | |
2192 | if (fork() == 0) { |
2193 | /* child */ |
2194 | /* Do not reload config on HUP */ |
2195 | signal(SIGHUP, SIG_IGN); |
2196 | close(server_socket); |
2197 | xmove_fd(n, 0); |
2198 | xdup2(0, 1); |
2199 | |
2200 | handle_incoming_and_exit(&fromAddr); |
2201 | } |
2202 | /* parent, or fork failed */ |
2203 | close(n); |
2204 | } /* while (1) */ |
2205 | /* never reached */ |
2206 | } |
2207 | #else |
2208 | static void mini_httpd_nommu(int server_socket, int argc, char **argv) NORETURN; |
2209 | static void mini_httpd_nommu(int server_socket, int argc, char **argv) |
2210 | { |
2211 | char *argv_copy[argc + 2]; |
2212 | |
2213 | argv_copy[0] = argv[0]; |
2214 | argv_copy[1] = (char*)"-i"; |
2215 | memcpy(&argv_copy[2], &argv[1], argc * sizeof(argv[0])); |
2216 | |
2217 | /* NB: it's best to not use xfuncs in this loop before vfork(). |
2218 | * Otherwise server may die on transient errors (temporary |
2219 | * out-of-memory condition, etc), which is Bad(tm). |
2220 | * Try to do any dangerous calls after fork. |
2221 | */ |
2222 | while (1) { |
2223 | int n; |
2224 | len_and_sockaddr fromAddr; |
2225 | |
2226 | /* Wait for connections... */ |
2227 | fromAddr.len = LSA_SIZEOF_SA; |
2228 | n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len); |
2229 | |
2230 | if (n < 0) |
2231 | continue; |
2232 | /* set the KEEPALIVE option to cull dead connections */ |
2233 | setsockopt(n, SOL_SOCKET, SO_KEEPALIVE, &const_int_1, sizeof(const_int_1)); |
2234 | |
2235 | if (vfork() == 0) { |
2236 | /* child */ |
2237 | /* Do not reload config on HUP */ |
2238 | signal(SIGHUP, SIG_IGN); |
2239 | close(server_socket); |
2240 | xmove_fd(n, 0); |
2241 | xdup2(0, 1); |
2242 | |
2243 | /* Run a copy of ourself in inetd mode */ |
2244 | re_exec(argv_copy); |
2245 | } |
2246 | /* parent, or vfork failed */ |
2247 | close(n); |
2248 | } /* while (1) */ |
2249 | /* never reached */ |
2250 | } |
2251 | #endif |
2252 | |
2253 | /* |
2254 | * Process a HTTP connection on stdin/out. |
2255 | * Never returns. |
2256 | */ |
2257 | static void mini_httpd_inetd(void) NORETURN; |
2258 | static void mini_httpd_inetd(void) |
2259 | { |
2260 | len_and_sockaddr fromAddr; |
2261 | |
2262 | memset(&fromAddr, 0, sizeof(fromAddr)); |
2263 | fromAddr.len = LSA_SIZEOF_SA; |
2264 | /* NB: can fail if user runs it by hand and types in http cmds */ |
2265 | getpeername(0, &fromAddr.u.sa, &fromAddr.len); |
2266 | handle_incoming_and_exit(&fromAddr); |
2267 | } |
2268 | |
2269 | static void sighup_handler(int sig UNUSED_PARAM) |
2270 | { |
2271 | parse_conf(DEFAULT_PATH_HTTPD_CONF, SIGNALED_PARSE); |
2272 | } |
2273 | |
2274 | enum { |
2275 | c_opt_config_file = 0, |
2276 | d_opt_decode_url, |
2277 | h_opt_home_httpd, |
2278 | IF_FEATURE_HTTPD_ENCODE_URL_STR(e_opt_encode_url,) |
2279 | IF_FEATURE_HTTPD_BASIC_AUTH( r_opt_realm ,) |
2280 | IF_FEATURE_HTTPD_AUTH_MD5( m_opt_md5 ,) |
2281 | IF_FEATURE_HTTPD_SETUID( u_opt_setuid ,) |
2282 | p_opt_port , |
2283 | p_opt_inetd , |
2284 | p_opt_foreground, |
2285 | p_opt_verbose , |
2286 | OPT_CONFIG_FILE = 1 << c_opt_config_file, |
2287 | OPT_DECODE_URL = 1 << d_opt_decode_url, |
2288 | OPT_HOME_HTTPD = 1 << h_opt_home_httpd, |
2289 | OPT_ENCODE_URL = IF_FEATURE_HTTPD_ENCODE_URL_STR((1 << e_opt_encode_url)) + 0, |
2290 | OPT_REALM = IF_FEATURE_HTTPD_BASIC_AUTH( (1 << r_opt_realm )) + 0, |
2291 | OPT_MD5 = IF_FEATURE_HTTPD_AUTH_MD5( (1 << m_opt_md5 )) + 0, |
2292 | OPT_SETUID = IF_FEATURE_HTTPD_SETUID( (1 << u_opt_setuid )) + 0, |
2293 | OPT_PORT = 1 << p_opt_port, |
2294 | OPT_INETD = 1 << p_opt_inetd, |
2295 | OPT_FOREGROUND = 1 << p_opt_foreground, |
2296 | OPT_VERBOSE = 1 << p_opt_verbose, |
2297 | }; |
2298 | |
2299 | |
2300 | int httpd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
2301 | int httpd_main(int argc UNUSED_PARAM, char **argv) |
2302 | { |
2303 | int server_socket = server_socket; /* for gcc */ |
2304 | unsigned opt; |
2305 | char *url_for_decode; |
2306 | IF_FEATURE_HTTPD_ENCODE_URL_STR(const char *url_for_encode;) |
2307 | IF_FEATURE_HTTPD_SETUID(const char *s_ugid = NULL;) |
2308 | IF_FEATURE_HTTPD_SETUID(struct bb_uidgid_t ugid;) |
2309 | IF_FEATURE_HTTPD_AUTH_MD5(const char *pass;) |
2310 | |
2311 | INIT_G(); |
2312 | |
2313 | #if ENABLE_LOCALE_SUPPORT |
2314 | /* Undo busybox.c: we want to speak English in http (dates etc) */ |
2315 | setlocale(LC_TIME, "C"); |
2316 | #endif |
2317 | |
2318 | home_httpd = xrealloc_getcwd_or_warn(NULL); |
2319 | /* -v counts, -i implies -f */ |
2320 | opt_complementary = "vv:if"; |
2321 | /* We do not "absolutize" path given by -h (home) opt. |
2322 | * If user gives relative path in -h, |
2323 | * $SCRIPT_FILENAME will not be set. */ |
2324 | opt = getopt32(argv, "c:d:h:" |
2325 | IF_FEATURE_HTTPD_ENCODE_URL_STR("e:") |
2326 | IF_FEATURE_HTTPD_BASIC_AUTH("r:") |
2327 | IF_FEATURE_HTTPD_AUTH_MD5("m:") |
2328 | IF_FEATURE_HTTPD_SETUID("u:") |
2329 | "p:ifv", |
2330 | &opt_c_configFile, &url_for_decode, &home_httpd |
2331 | IF_FEATURE_HTTPD_ENCODE_URL_STR(, &url_for_encode) |
2332 | IF_FEATURE_HTTPD_BASIC_AUTH(, &g_realm) |
2333 | IF_FEATURE_HTTPD_AUTH_MD5(, &pass) |
2334 | IF_FEATURE_HTTPD_SETUID(, &s_ugid) |
2335 | , &bind_addr_or_port |
2336 | , &verbose |
2337 | ); |
2338 | if (opt & OPT_DECODE_URL) { |
2339 | fputs(decodeString(url_for_decode, 1), stdout); |
2340 | return 0; |
2341 | } |
2342 | #if ENABLE_FEATURE_HTTPD_ENCODE_URL_STR |
2343 | if (opt & OPT_ENCODE_URL) { |
2344 | fputs(encodeString(url_for_encode), stdout); |
2345 | return 0; |
2346 | } |
2347 | #endif |
2348 | #if ENABLE_FEATURE_HTTPD_AUTH_MD5 |
2349 | if (opt & OPT_MD5) { |
2350 | char salt[sizeof("$1$XXXXXXXX")]; |
2351 | salt[0] = '$'; |
2352 | salt[1] = '1'; |
2353 | salt[2] = '$'; |
2354 | crypt_make_salt(salt + 3, 4, 0); |
2355 | puts(pw_encrypt(pass, salt, 1)); |
2356 | return 0; |
2357 | } |
2358 | #endif |
2359 | #if ENABLE_FEATURE_HTTPD_SETUID |
2360 | if (opt & OPT_SETUID) { |
2361 | xget_uidgid(&ugid, s_ugid); |
2362 | } |
2363 | #endif |
2364 | |
2365 | #if !BB_MMU |
2366 | if (!(opt & OPT_FOREGROUND)) { |
2367 | bb_daemonize_or_rexec(0, argv); /* don't change current directory */ |
2368 | } |
2369 | #endif |
2370 | |
2371 | xchdir(home_httpd); |
2372 | if (!(opt & OPT_INETD)) { |
2373 | signal(SIGCHLD, SIG_IGN); |
2374 | server_socket = openServer(); |
2375 | #if ENABLE_FEATURE_HTTPD_SETUID |
2376 | /* drop privileges */ |
2377 | if (opt & OPT_SETUID) { |
2378 | if (ugid.gid != (gid_t)-1) { |
2379 | if (setgroups(1, &ugid.gid) == -1) |
2380 | bb_perror_msg_and_die("setgroups"); |
2381 | xsetgid(ugid.gid); |
2382 | } |
2383 | xsetuid(ugid.uid); |
2384 | } |
2385 | #endif |
2386 | } |
2387 | |
2388 | #if 0 |
2389 | /* User can do it himself: 'env - PATH="$PATH" httpd' |
2390 | * We don't do it because we don't want to screw users |
2391 | * which want to do |
2392 | * 'env - VAR1=val1 VAR2=val2 httpd' |
2393 | * and have VAR1 and VAR2 values visible in their CGIs. |
2394 | * Besides, it is also smaller. */ |
2395 | { |
2396 | char *p = getenv("PATH"); |
2397 | /* env strings themself are not freed, no need to xstrdup(p): */ |
2398 | clearenv(); |
2399 | if (p) |
2400 | putenv(p - 5); |
2401 | // if (!(opt & OPT_INETD)) |
2402 | // setenv_long("SERVER_PORT", ???); |
2403 | } |
2404 | #endif |
2405 | |
2406 | parse_conf(DEFAULT_PATH_HTTPD_CONF, FIRST_PARSE); |
2407 | if (!(opt & OPT_INETD)) |
2408 | signal(SIGHUP, sighup_handler); |
2409 | |
2410 | xfunc_error_retval = 0; |
2411 | if (opt & OPT_INETD) |
2412 | mini_httpd_inetd(); |
2413 | #if BB_MMU |
2414 | if (!(opt & OPT_FOREGROUND)) |
2415 | bb_daemonize(0); /* don't change current directory */ |
2416 | mini_httpd(server_socket); /* never returns */ |
2417 | #else |
2418 | mini_httpd_nommu(server_socket, argc, argv); /* never returns */ |
2419 | #endif |
2420 | /* return 0; */ |
2421 | } |