* server changes directory to the location of the script and executes it
* after setting QUERY_STRING and other environment variables.
*
+ * Doc:
+ * "CGI Environment Variables": http://hoohoo.ncsa.uiuc.edu/cgi/env.html
+ *
* The server can also be invoked as a url arg decoder and html text encoder
* as follows:
* foo=`httpd -d $foo` # decode "Hello%20World" as "Hello World"
#endif
unsigned port; /* server initial port and for
set env REMOTE_PORT */
- union HTTPD_FOUND {
- const char *found_mime_type;
- const char *found_moved_temporarily;
- } httpd_found;
+ const char *found_mime_type;
+ const char *found_moved_temporarily;
off_t ContentLength; /* -1 - unknown */
time_t last_mod;
Htaccess *mime_a; /* config mime types */
#endif
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
int server_socket;
int accepted_socket;
-# define a_c_r config->accepted_socket
-# define a_c_w config->accepted_socket
-#else
-# define a_c_r 0
-# define a_c_w 1
-#endif
volatile int alarm_signaled;
#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
static const char RFC1123FMT[] = "%a, %d %b %Y %H:%M:%S GMT";
-static const char Content_length[] = "Content-length:";
+
+
+#define STRNCASECMP(a, str) strncasecmp((a), (str), sizeof(str)-1)
static int scan_ip(const char **ep, unsigned int *ip, unsigned char endc)
*p = 0;
return out;
}
-#endif /* CONFIG_FEATURE_HTTPD_ENCODE_URL_STR */
+#endif /* FEATURE_HTTPD_ENCODE_URL_STR */
/****************************************************************************
*
#endif
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
/****************************************************************************
*
> $Function: openServer()
signal(SIGCHLD, SIG_IGN); /* prevent zombie (defunct) processes */
return fd;
}
-#endif /* CONFIG_FEATURE_HTTPD_WITHOUT_INETD */
/****************************************************************************
*
time_t timer = time(0);
char timeStr[80];
int len;
+ enum {
+ numNames = sizeof(httpResponseNames) / sizeof(httpResponseNames[0])
+ };
- for (i = 0;
- i < (sizeof(httpResponseNames)/sizeof(httpResponseNames[0])); i++) {
+ for (i = 0; i < numNames; i++) {
if (httpResponseNames[i].type == responseNum) {
responseString = httpResponseNames[i].name;
infoString = httpResponseNames[i].info;
}
/* error message is HTML */
mime_type = responseNum == HTTP_OK ?
- config->httpd_found.found_mime_type : "text/html";
+ config->found_mime_type : "text/html";
/* emit the current date */
strftime(timeStr, sizeof(timeStr), RFC1123FMT, gmtime(&timer));
#endif
if (responseNum == HTTP_MOVED_TEMPORARILY) {
len += sprintf(buf+len, "Location: %s/%s%s\r\n",
- config->httpd_found.found_moved_temporarily,
+ config->found_moved_temporarily,
(config->query ? "?" : ""),
(config->query ? config->query : ""));
}
if (config->ContentLength != -1) { /* file */
strftime(timeStr, sizeof(timeStr), RFC1123FMT, gmtime(&config->last_mod));
len += sprintf(buf+len, "Last-Modified: %s\r\n%s %"OFF_FMT"\r\n",
- timeStr, Content_length, (off_t) config->ContentLength);
+ timeStr, "Content-length:", (off_t) config->ContentLength);
}
strcat(buf, "\r\n");
len += 2;
responseNum, responseString,
responseNum, responseString, infoString);
}
-#if DEBUG
- fprintf(stderr, "Headers: '%s'", buf);
-#endif
- return full_write(a_c_w, buf, len);
+ if (DEBUG)
+ fprintf(stderr, "headers: '%s'\n", buf);
+ return full_write(config->accepted_socket, buf, len);
}
/****************************************************************************
int count = 0;
char *buf = config->buf;
- while (read(a_c_r, buf + count, 1) == 1) {
+ while (read(config->accepted_socket, buf + count, 1) == 1) {
if (buf[count] == '\r') continue;
if (buf[count] == '\n') {
buf[count] = 0;
int inFd;
int outFd;
int firstLine = 1;
+ int status;
+ size_t post_readed_size, post_readed_idx;
- do {
- if (pipe(fromCgi) != 0) {
- break;
- }
- if (pipe(toCgi) != 0) {
- break;
- }
+ if (pipe(fromCgi) != 0)
+ return 0;
+ if (pipe(toCgi) != 0)
+ return 0;
- pid = fork();
- if (pid < 0) {
- pid = 0;
- break;
- }
+ pid = fork();
+ if (pid < 0)
+ return 0;
+
+ if (!pid) {
+ /* child process */
+ char *script;
+ char *purl = strdup(url);
+ char realpath_buff[MAXPATHLEN];
+
+ if (purl == NULL)
+ _exit(242);
- if (!pid) {
- /* child process */
- char *script;
- char *purl = strdup(url);
- char realpath_buff[MAXPATHLEN];
+ inFd = toCgi[0];
+ outFd = fromCgi[1];
- if (purl == NULL)
- _exit(242);
+ dup2(inFd, 0); // replace stdin with the pipe
+ dup2(outFd, 1); // replace stdout with the pipe
+ if (!DEBUG)
+ dup2(outFd, 2); // replace stderr with the pipe
- inFd = toCgi[0];
- outFd = fromCgi[1];
+ close(toCgi[0]);
+ close(toCgi[1]);
+ close(fromCgi[0]);
+ close(fromCgi[1]);
- dup2(inFd, 0); // replace stdin with the pipe
- dup2(outFd, 1); // replace stdout with the pipe
- if (!DEBUG)
- dup2(outFd, 2); // replace stderr with the pipe
-
- close(toCgi[0]);
- close(toCgi[1]);
- close(fromCgi[0]);
- close(fromCgi[1]);
-
- close(config->accepted_socket);
- close(config->server_socket);
-
- /*
- * Find PATH_INFO.
- */
- script = purl;
- while ((script = strchr(script + 1, '/')) != NULL) {
- /* have script.cgi/PATH_INFO or dirs/script.cgi[/PATH_INFO] */
- struct stat sb;
-
- *script = '\0';
- if (is_directory(purl + 1, 1, &sb) == 0) {
- /* not directory, found script.cgi/PATH_INFO */
- *script = '/';
- break;
- }
- *script = '/'; /* is directory, find next '/' */
- }
- setenv1("PATH_INFO", script); /* set /PATH_INFO or "" */
- setenv1("PATH", getenv("PATH")); /* Huh?? */
- setenv1("REQUEST_METHOD", request);
- if (config->query) {
- char *uri = alloca(strlen(purl) + 2 + strlen(config->query));
- if (uri)
- sprintf(uri, "%s?%s", purl, config->query);
- setenv1("REQUEST_URI", uri);
- } else {
- setenv1("REQUEST_URI", purl);
+ close(config->accepted_socket);
+ close(config->server_socket);
+
+ /*
+ * Find PATH_INFO.
+ */
+ script = purl;
+ while ((script = strchr(script + 1, '/')) != NULL) {
+ /* have script.cgi/PATH_INFO or dirs/script.cgi[/PATH_INFO] */
+ struct stat sb;
+
+ *script = '\0';
+ if (is_directory(purl + 1, 1, &sb) == 0) {
+ /* not directory, found script.cgi/PATH_INFO */
+ *script = '/';
+ break;
}
- if (script != NULL)
- *script = '\0'; /* reduce /PATH_INFO */
- /* SCRIPT_FILENAME required by PHP in CGI mode */
- if (realpath(purl + 1, realpath_buff))
- setenv1("SCRIPT_FILENAME", realpath_buff);
- else
- *realpath_buff = '\0';
- /* set SCRIPT_NAME as full path: /cgi-bin/dirs/script.cgi */
- setenv1("SCRIPT_NAME", purl);
- setenv1("QUERY_STRING", config->query);
- setenv1("SERVER_SOFTWARE", httpdVersion);
- putenv("SERVER_PROTOCOL=HTTP/1.0");
- putenv("GATEWAY_INTERFACE=CGI/1.1");
- setenv1("REMOTE_ADDR", config->rmt_ip_str);
+ *script = '/'; /* is directory, find next '/' */
+ }
+ setenv1("PATH_INFO", script); /* set /PATH_INFO or "" */
+ /* setenv1("PATH", getenv("PATH")); redundant */
+ setenv1("REQUEST_METHOD", request);
+ if (config->query) {
+ char *uri = alloca(strlen(purl) + 2 + strlen(config->query));
+ if (uri)
+ sprintf(uri, "%s?%s", purl, config->query);
+ setenv1("REQUEST_URI", uri);
+ } else {
+ setenv1("REQUEST_URI", purl);
+ }
+ if (script != NULL)
+ *script = '\0'; /* cut off /PATH_INFO */
+ /* SCRIPT_FILENAME required by PHP in CGI mode */
+ if (!realpath(purl + 1, realpath_buff))
+ goto error_execing_cgi;
+ setenv1("SCRIPT_FILENAME", realpath_buff);
+ /* set SCRIPT_NAME as full path: /cgi-bin/dirs/script.cgi */
+ setenv1("SCRIPT_NAME", purl);
+ /* http://hoohoo.ncsa.uiuc.edu/cgi/env.html:
+ * QUERY_STRING: The information which follows the ? in the URL
+ * which referenced this script. This is the query information.
+ * It should not be decoded in any fashion. This variable
+ * should always be set when there is query information,
+ * regardless of command line decoding. */
+ /* (Older versions of bbox seemed to do some decoding) */
+ setenv1("QUERY_STRING", config->query);
+ setenv1("SERVER_SOFTWARE", httpdVersion);
+ putenv("SERVER_PROTOCOL=HTTP/1.0");
+ putenv("GATEWAY_INTERFACE=CGI/1.1");
+ setenv1("REMOTE_ADDR", config->rmt_ip_str);
#if ENABLE_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV
- setenv_long("REMOTE_PORT", config->port);
-#endif
- if (bodyLen) {
- setenv_long("CONTENT_LENGTH", bodyLen);
- }
- if (cookie)
- setenv1("HTTP_COOKIE", cookie);
- if (content_type)
- setenv1("CONTENT_TYPE", content_type);
+ setenv_long("REMOTE_PORT", config->port);
+#endif
+ if (bodyLen)
+ setenv_long("CONTENT_LENGTH", bodyLen);
+ if (cookie)
+ setenv1("HTTP_COOKIE", cookie);
+ if (content_type)
+ setenv1("CONTENT_TYPE", content_type);
#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
- if (config->remoteuser) {
- setenv1("REMOTE_USER", config->remoteuser);
- putenv("AUTH_TYPE=Basic");
- }
-#endif
- if (config->referer)
- setenv1("HTTP_REFERER", config->referer);
-
- /* set execve argp[0] without path */
- argp[0] = strrchr(purl, '/') + 1;
- /* but script argp[0] must have absolute path and chdiring to this */
- if (*realpath_buff) {
- script = strrchr(realpath_buff, '/');
- if (script) {
- *script = '\0';
- if (chdir(realpath_buff) == 0) {
- // now run the program. If it fails,
- // use _exit() so no destructors
- // get called and make a mess.
-#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
- char *interpr = NULL;
- char *suffix = strrchr(purl, '.');
-
- if (suffix) {
- Htaccess * cur;
- for (cur = config->script_i; cur; cur = cur->next)
- if (strcmp(cur->before_colon + 1, suffix) == 0) {
- interpr = cur->after_colon;
- break;
- }
- }
+ if (config->remoteuser) {
+ setenv1("REMOTE_USER", config->remoteuser);
+ putenv("AUTH_TYPE=Basic");
+ }
#endif
- *script = '/';
+ if (config->referer)
+ setenv1("HTTP_REFERER", config->referer);
+
+ /* set execve argp[0] without path */
+ argp[0] = strrchr(purl, '/') + 1;
+ /* but script argp[0] must have absolute path and chdiring to this */
+ script = strrchr(realpath_buff, '/');
+ if (!script)
+ goto error_execing_cgi;
+ *script = '\0';
+ if (chdir(realpath_buff) == 0) {
+ // now run the program. If it fails,
+ // use _exit() so no destructors
+ // get called and make a mess.
#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
- if (interpr)
- execv(interpr, argp);
- else
-#endif
- execv(realpath_buff, argp);
+ char *interpr = NULL;
+ char *suffix = strrchr(purl, '.');
+
+ if (suffix) {
+ Htaccess *cur;
+ for (cur = config->script_i; cur; cur = cur->next) {
+ if (strcmp(cur->before_colon + 1, suffix) == 0) {
+ interpr = cur->after_colon;
+ break;
}
}
}
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
- config->accepted_socket = 1; /* send to stdout */
#endif
- sendHeaders(HTTP_NOT_FOUND);
- _exit(242);
- } /* end child */
+ *script = '/';
+#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
+ if (interpr)
+ execv(interpr, argp);
+ else
+#endif
+ execv(realpath_buff, argp);
+ }
+ error_execing_cgi:
+ /* send to stdout (even if we are not from inetd) */
+ config->accepted_socket = 1;
+ sendHeaders(HTTP_NOT_FOUND);
+ _exit(242);
+ } /* end child */
- } while (0);
+ /* parent process */
- if (pid) {
- /* parent process */
- int status;
- size_t post_readed_size = 0, post_readed_idx = 0;
+ post_readed_size = 0;
+ post_readed_idx = 0;
+ inFd = fromCgi[0];
+ outFd = toCgi[1];
+ close(fromCgi[1]);
+ close(toCgi[0]);
+ signal(SIGPIPE, SIG_IGN);
- inFd = fromCgi[0];
- outFd = toCgi[1];
- close(fromCgi[1]);
- close(toCgi[0]);
- signal(SIGPIPE, SIG_IGN);
-
- while (1) {
- fd_set readSet;
- fd_set writeSet;
- char wbuf[128];
- int nfound;
- int count;
-
- FD_ZERO(&readSet);
- FD_ZERO(&writeSet);
- FD_SET(inFd, &readSet);
- if (bodyLen > 0 || post_readed_size > 0) {
- FD_SET(outFd, &writeSet);
- nfound = outFd > inFd ? outFd : inFd;
- if (post_readed_size == 0) {
- FD_SET(a_c_r, &readSet);
- if (nfound < a_c_r)
- nfound = a_c_r;
- }
- /* Now wait on the set of sockets! */
- nfound = select(nfound + 1, &readSet, &writeSet, 0, NULL);
- } else {
- if (!bodyLen) {
- close(outFd);
- bodyLen = -1;
- }
- nfound = select(inFd + 1, &readSet, 0, 0, NULL);
+ while (1) {
+ fd_set readSet;
+ fd_set writeSet;
+ char wbuf[128];
+ int nfound;
+ int count;
+
+ FD_ZERO(&readSet);
+ FD_ZERO(&writeSet);
+ FD_SET(inFd, &readSet);
+ if (bodyLen > 0 || post_readed_size > 0) {
+ FD_SET(outFd, &writeSet);
+ nfound = outFd > inFd ? outFd : inFd;
+ if (post_readed_size == 0) {
+ FD_SET(config->accepted_socket, &readSet);
+ if (nfound < config->accepted_socket)
+ nfound = config->accepted_socket;
}
+ /* Now wait on the set of sockets! */
+ nfound = select(nfound + 1, &readSet, &writeSet, 0, NULL);
+ } else {
+ if (!bodyLen) {
+ close(outFd);
+ bodyLen = -1;
+ }
+ nfound = select(inFd + 1, &readSet, 0, 0, NULL);
+ }
- if (nfound <= 0) {
- if (waitpid(pid, &status, WNOHANG) > 0) {
- close(inFd);
-#if DEBUG
- if (WIFEXITED(status))
- bb_error_msg("piped has exited with status=%d", WEXITSTATUS(status));
- if (WIFSIGNALED(status))
- bb_error_msg("piped has exited with signal=%d", WTERMSIG(status));
-#endif
- break;
- }
- } else if (post_readed_size > 0 && FD_ISSET(outFd, &writeSet)) {
- count = full_write(outFd, wbuf + post_readed_idx, post_readed_size);
- if (count > 0) {
- post_readed_size -= count;
- post_readed_idx += count;
- if (post_readed_size == 0)
- post_readed_idx = 0;
- } else {
- post_readed_size = post_readed_idx = bodyLen = 0; /* broken pipe to CGI */
- }
- } else if (bodyLen > 0 && post_readed_size == 0 && FD_ISSET(a_c_r, &readSet)) {
- count = bodyLen > (int)sizeof(wbuf) ? (int)sizeof(wbuf) : bodyLen;
- count = safe_read(a_c_r, wbuf, count);
- if (count > 0) {
- post_readed_size += count;
- bodyLen -= count;
- } else {
- bodyLen = 0; /* closed */
- }
+ if (nfound <= 0) {
+ if (waitpid(pid, &status, WNOHANG) > 0) {
+ close(inFd);
+ if (DEBUG && WIFEXITED(status))
+ bb_error_msg("piped has exited with status=%d", WEXITSTATUS(status));
+ if (DEBUG && WIFSIGNALED(status))
+ bb_error_msg("piped has exited with signal=%d", WTERMSIG(status));
+ break;
+ }
+ } else if (post_readed_size > 0 && FD_ISSET(outFd, &writeSet)) {
+ count = full_write(outFd, wbuf + post_readed_idx, post_readed_size);
+ if (count > 0) {
+ post_readed_size -= count;
+ post_readed_idx += count;
+ if (post_readed_size == 0)
+ post_readed_idx = 0;
+ } else {
+ post_readed_size = post_readed_idx = bodyLen = 0; /* broken pipe to CGI */
}
- if (FD_ISSET(inFd, &readSet)) {
- int s = a_c_w;
- char *rbuf = config->buf;
+ } else if (bodyLen > 0 && post_readed_size == 0 && FD_ISSET(config->accepted_socket, &readSet)) {
+ count = bodyLen > (int)sizeof(wbuf) ? (int)sizeof(wbuf) : bodyLen;
+ count = safe_read(config->accepted_socket, wbuf, count);
+ if (count > 0) {
+ post_readed_size += count;
+ bodyLen -= count;
+ } else {
+ bodyLen = 0; /* closed */
+ }
+ }
+ if (FD_ISSET(inFd, &readSet)) {
+ int s = config->accepted_socket;
+ char *rbuf = config->buf;
#ifndef PIPE_BUF
# define PIPESIZE 4096 /* amount of buffering in a pipe */
# error "PIPESIZE >= MAX_MEMORY_BUFF"
#endif
- // There is something to read
- count = safe_read(inFd, rbuf, PIPESIZE);
- if (count == 0)
- break; /* closed */
- if (count > 0) {
- if (firstLine) {
- rbuf[count] = 0;
- /* check to see if the user script added headers */
- if (strncmp(rbuf, "HTTP/1.0 200 OK\r\n", 4) != 0) {
- full_write(s, "HTTP/1.0 200 OK\r\n", 17);
- }
- if (strstr(rbuf, "ontent-") == 0) {
- full_write(s, "Content-type: text/plain\r\n\r\n", 28);
- }
- firstLine = 0;
+ /* There is something to read */
+ count = safe_read(inFd, rbuf, PIPESIZE);
+ if (count == 0)
+ break; /* closed */
+ if (count > 0) {
+ if (firstLine) {
+ rbuf[count] = 0;
+ /* check to see if the user script added headers */
+ if (strncmp(rbuf, "HTTP/1.0 200 OK\r\n", 4) != 0) {
+ full_write(s, "HTTP/1.0 200 OK\r\n", 17);
}
- if (full_write(s, rbuf, count) != count)
- break;
-
-#if DEBUG
- fprintf(stderr, "cgi read %d bytes\n", count);
-#endif
+ /* Sometimes CGI is writing to pipe in small chunks
+ * and we don't see Content-type (because the read
+ * is too short) and we emit bogus "text/plain"!
+ * Is it a bug or CGI *has to* write it in one piece? */
+ if (strstr(rbuf, "ontent-") == 0) {
+ full_write(s, "Content-type: text/plain\r\n\r\n", 28);
+ }
+ firstLine = 0;
}
+ if (full_write(s, rbuf, count) != count)
+ break;
+
+ if (DEBUG)
+ fprintf(stderr, "cgi read %d bytes: '%.*s'\n", count, count, rbuf);
}
}
}
return 0;
}
-#endif /* CONFIG_FEATURE_HTTPD_CGI */
+#endif /* FEATURE_HTTPD_CGI */
/****************************************************************************
*
break;
}
/* also, if not found, set default as "application/octet-stream"; */
- config->httpd_found.found_mime_type = *(table+1);
+ config->found_mime_type = table[1];
#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_MIME_TYPES
if (suffix) {
Htaccess * cur;
for (cur = config->mime_a; cur; cur = cur->next) {
if (strcmp(cur->before_colon, suffix) == 0) {
- config->httpd_found.found_mime_type = cur->after_colon;
+ config->found_mime_type = cur->after_colon;
break;
}
}
}
-#endif /* CONFIG_FEATURE_HTTPD_CONFIG_WITH_MIME_TYPES */
+#endif /* FEATURE_HTTPD_CONFIG_WITH_MIME_TYPES */
-#if DEBUG
- fprintf(stderr, "Sending file '%s' Content-type: %s\n",
- url, config->httpd_found.found_mime_type);
-#endif
+ if (DEBUG)
+ fprintf(stderr, "sending file '%s' content-type: %s\n",
+ url, config->found_mime_type);
f = open(url, O_RDONLY);
if (f >= 0) {
char *buf = config->buf;
sendHeaders(HTTP_OK);
+ /* TODO: sendfile() */
while ((count = full_read(f, buf, MAX_MEMORY_BUFF)) > 0) {
- if (full_write(a_c_w, buf, count) != count)
+ if (full_write(config->accepted_socket, buf, count) != count)
break;
}
close(f);
} else {
-#if DEBUG
- bb_perror_msg("unable to open '%s'", url);
-#endif
+ if (DEBUG)
+ bb_perror_msg("cannot open '%s'", url);
sendHeaders(HTTP_NOT_FOUND);
}
/* This could stand some work */
for (cur = config->ip_a_d; cur; cur = cur->next) {
-#if DEBUG
- fprintf(stderr, "checkPermIP: '%s' ? ", config->rmt_ip_str);
- fprintf(stderr, "'%u.%u.%u.%u/%u.%u.%u.%u'\n",
+ if (DEBUG)
+ fprintf(stderr, "checkPermIP: '%s' ? ", config->rmt_ip_str);
+ if (DEBUG)
+ fprintf(stderr, "'%u.%u.%u.%u/%u.%u.%u.%u'\n",
(unsigned char)(cur->ip >> 24),
(unsigned char)(cur->ip >> 16),
(unsigned char)(cur->ip >> 8),
- cur->ip & 0xff,
+ cur->ip & 0xff,
(unsigned char)(cur->mask >> 24),
(unsigned char)(cur->mask >> 16),
(unsigned char)(cur->mask >> 8),
- cur->mask & 0xff);
-#endif
+ cur->mask & 0xff);
if ((config->rmt_ip & cur->mask) == cur->ip)
return cur->allow_deny == 'A'; /* Allow/Deny */
}
/* This could stand some work */
for (cur = config->auth; cur; cur = cur->next) {
+ size_t l;
+
p0 = cur->before_colon;
if (prev != NULL && strcmp(prev, p0) != 0)
continue; /* find next identical */
p = cur->after_colon;
-#if DEBUG
- fprintf(stderr, "checkPerm: '%s' ? '%s'\n", p0, request);
-#endif
- {
- size_t l = strlen(p0);
-
- if (strncmp(p0, path, l) == 0 &&
- (l == 1 || path[l] == '/' || path[l] == 0)) {
- char *u;
- /* path match found. Check request */
- /* for check next /path:user:password */
- prev = p0;
- u = strchr(request, ':');
- if (u == NULL) {
- /* bad request, ':' required */
- break;
- }
+ if (DEBUG)
+ fprintf(stderr, "checkPerm: '%s' ? '%s'\n", p0, request);
+
+ l = strlen(p0);
+ if (strncmp(p0, path, l) == 0
+ && (l == 1 || path[l] == '/' || path[l] == '\0')
+ ) {
+ char *u;
+ /* path match found. Check request */
+ /* for check next /path:user:password */
+ prev = p0;
+ u = strchr(request, ':');
+ if (u == NULL) {
+ /* bad request, ':' required */
+ break;
+ }
-#if ENABLE_FEATURE_HTTPD_AUTH_MD5
- {
- char *cipher;
- char *pp;
+ if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
+ char *cipher;
+ char *pp;
if (strncmp(p, request, u-request) != 0) {
- /* user uncompared */
- continue;
- }
- pp = strchr(p, ':');
- if (pp && pp[1] == '$' && pp[2] == '1' &&
- pp[3] == '$' && pp[4]) {
- pp++;
- cipher = pw_encrypt(u+1, pp);
- if (strcmp(cipher, pp) == 0)
- goto set_remoteuser_var; /* Ok */
- /* unauthorized */
- continue;
- }
+ /* user uncompared */
+ continue;
}
-#endif
- if (strcmp(p, request) == 0) {
-#if ENABLE_FEATURE_HTTPD_AUTH_MD5
-set_remoteuser_var:
-#endif
- config->remoteuser = strdup(request);
- if (config->remoteuser)
- config->remoteuser[(u - request)] = 0;
- return 1; /* Ok */
+ pp = strchr(p, ':');
+ if (pp && pp[1] == '$' && pp[2] == '1' &&
+ pp[3] == '$' && pp[4]) {
+ pp++;
+ cipher = pw_encrypt(u+1, pp);
+ if (strcmp(cipher, pp) == 0)
+ goto set_remoteuser_var; /* Ok */
+ /* unauthorized */
+ continue;
}
- /* unauthorized */
}
+
+ if (strcmp(p, request) == 0) {
+set_remoteuser_var:
+ config->remoteuser = strdup(request);
+ if (config->remoteuser)
+ config->remoteuser[(u - request)] = 0;
+ return 1; /* Ok */
+ }
+ /* unauthorized */
}
} /* for */
return prev == NULL;
}
-#endif /* CONFIG_FEATURE_HTTPD_BASIC_AUTH */
+#endif /* FEATURE_HTTPD_BASIC_AUTH */
/****************************************************************************
*
int ip_allowed;
#if ENABLE_FEATURE_HTTPD_CGI
const char *prequest = request_GET;
- long length=0;
+ unsigned long length = 0;
char *cookie = 0;
char *content_type = 0;
#endif
purl = strpbrk(buf, " \t");
if (purl == NULL) {
-BAD_REQUEST:
+ BAD_REQUEST:
sendHeaders(HTTP_BAD_REQUEST);
break;
}
- *purl = 0;
+ *purl = '\0';
#if ENABLE_FEATURE_HTTPD_CGI
if (strcasecmp(buf, prequest) != 0) {
prequest = "POST";
strcpy(url, buf);
/* extract url args if present */
test = strchr(url, '?');
+ config->query = NULL;
if (test) {
- *test++ = 0;
+ *test++ = '\0';
config->query = test;
}
test = decodeString(url, 0);
if (test == NULL)
goto BAD_REQUEST;
+ /* FIXME: bug? should be "url+1"? */
if (test == (buf+1)) {
sendHeaders(HTTP_NOT_FOUND);
break;
}
+
/* algorithm stolen from libbb bb_simplify_path(),
but don't strdup and reducing trailing slash and protect out root */
purl = test = url;
-
do {
if (*purl == '/') {
- if (*test == '/') { /* skip duplicate (or initial) slash */
+ /* skip duplicate (or initial) slash */
+ if (*test == '/') {
continue;
- } else if (*test == '.') {
- if (test[1] == '/' || test[1] == 0) { /* skip extra '.' */
+ }
+ if (*test == '.') {
+ /* skip extra '.' */
+ if (test[1] == '/' || test[1] == 0) {
continue;
- } else if ((test[1] == '.') && (test[2] == '/' || test[2] == 0)) {
+ } else
+ /* '..': be careful */
+ if (test[1] == '.' && (test[2] == '/' || test[2] == 0)) {
++test;
if (purl == url) {
/* protect out root */
}
*++purl = *test;
} while (*++test);
-
- *++purl = 0; /* so keep last character */
- test = purl; /* end ptr */
+ *++purl = '\0'; /* so keep last character */
+ test = purl; /* end ptr */
/* If URL is directory, adding '/' */
if (test[-1] != '/') {
if (is_directory(url + 1, 1, &sb)) {
- config->httpd_found.found_moved_temporarily = url;
+ config->found_moved_temporarily = url;
}
}
-#if DEBUG
- fprintf(stderr, "url='%s', args=%s\n", url, config->query);
-#endif
+ if (DEBUG)
+ fprintf(stderr, "url='%s', args=%s\n", url, config->query);
test = url;
ip_allowed = checkPermIP();
*test = '/';
}
if (blank >= 0) {
- // read until blank line for HTTP version specified, else parse immediate
+ /* read until blank line for HTTP version specified, else parse immediate */
while (1) {
alarm(TIMEOUT);
count = getLine();
if (count <= 0)
break;
-#if DEBUG
- fprintf(stderr, "Header: '%s'\n", buf);
-#endif
+ if (DEBUG)
+ fprintf(stderr, "header: '%s'\n", buf);
#if ENABLE_FEATURE_HTTPD_CGI
/* try and do our best to parse more lines */
- if ((strncasecmp(buf, Content_length, 15) == 0)) {
- if (prequest != request_GET)
- length = strtol(buf + 15, 0, 0); // extra read only for POST
- } else if ((strncasecmp(buf, "Cookie:", 7) == 0)) {
- for (test = buf + 7; isspace(*test); test++)
- ;
- cookie = strdup(test);
- } else if ((strncasecmp(buf, "Content-Type:", 13) == 0)) {
- for (test = buf + 13; isspace(*test); test++)
- ;
- content_type = strdup(test);
- } else if ((strncasecmp(buf, "Referer:", 8) == 0)) {
- for (test = buf + 8; isspace(*test); test++)
- ;
- config->referer = strdup(test);
+ if ((STRNCASECMP(buf, "Content-length:") == 0)) {
+ /* extra read only for POST */
+ if (prequest != request_GET) {
+ test = buf + sizeof("Content-length:")-1;
+ if (!test[0]) goto bail_out;
+ errno = 0;
+ /* not using strtoul: it ignores leading munis! */
+ length = strtol(test, &test, 10);
+ /* length is "ulong", but we need to pass it to int later */
+ /* so we check for negative or too large values in one go: */
+ /* (long -> ulong conv caused negatives to be seen as > INT_MAX) */
+ if (test[0] || errno || length > INT_MAX)
+ goto bail_out;
+ }
+ } else if ((STRNCASECMP(buf, "Cookie:") == 0)) {
+ cookie = strdup(skip_whitespace(buf + sizeof("Cookie:")-1));
+ } else if ((STRNCASECMP(buf, "Content-Type:") == 0)) {
+ content_type = strdup(skip_whitespace(buf + sizeof("Content-Type:")-1));
+ } else if ((STRNCASECMP(buf, "Referer:") == 0)) {
+ config->referer = strdup(skip_whitespace(buf + sizeof("Referer:")-1));
}
#endif
#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
- if (strncasecmp(buf, "Authorization:", 14) == 0) {
+ if (STRNCASECMP(buf, "Authorization:") == 0) {
/* We only allow Basic credentials.
* It shows up as "Authorization: Basic <userid:password>" where
* the userid:password is base64 encoded.
*/
- for (test = buf + 14; isspace(*test); test++)
- ;
- if (strncasecmp(test, "Basic", 5) != 0)
+ test = skip_whitespace(buf + sizeof("Authorization:")-1);
+ if (STRNCASECMP(test, "Basic") != 0)
continue;
-
- test += 5; /* decodeBase64() skiping space self */
+ test += sizeof("Basic")-1;
+ /* decodeBase64() skips whitespace itself */
decodeBase64(test);
credentials = checkPerm(url, test);
}
-#endif /* CONFIG_FEATURE_HTTPD_BASIC_AUTH */
+#endif /* FEATURE_HTTPD_BASIC_AUTH */
} /* while extra header reading */
}
- (void) alarm(0);
+ alarm(0);
if (config->alarm_signaled)
break;
if (strcmp(strrchr(url, '/') + 1, httpd_conf) == 0 || ip_allowed == 0) {
- /* protect listing [/path]/httpd_conf or IP deny */
+ /* protect listing [/path]/httpd_conf or IP deny */
#if ENABLE_FEATURE_HTTPD_CGI
-FORBIDDEN: /* protect listing /cgi-bin */
+ FORBIDDEN: /* protect listing /cgi-bin */
#endif
sendHeaders(HTTP_FORBIDDEN);
break;
}
#endif
- if (config->httpd_found.found_moved_temporarily) {
+ if (config->found_moved_temporarily) {
sendHeaders(HTTP_MOVED_TEMPORARILY);
-#if DEBUG
/* clear unforked memory flag */
- config->httpd_found.found_moved_temporarily = NULL;
-#endif
+ config->found_moved_temporarily = NULL;
break;
}
test = url + 1; /* skip first '/' */
#if ENABLE_FEATURE_HTTPD_CGI
- /* if strange Content-Length */
- if (length < 0)
- break;
-
if (strncmp(test, "cgi-bin", 7) == 0) {
if (test[7] == '/' && test[8] == 0)
- goto FORBIDDEN; // protect listing cgi-bin/
+ goto FORBIDDEN; /* protect listing cgi-bin/ */
sendCgi(url, prequest, length, cookie, content_type);
- } else {
- if (prequest != request_GET)
- sendHeaders(HTTP_NOT_IMPLEMENTED);
- else {
-#endif /* CONFIG_FEATURE_HTTPD_CGI */
- if (purl[-1] == '/')
- strcpy(purl, "index.html");
- if (stat(test, &sb) == 0) {
- config->ContentLength = sb.st_size;
- config->last_mod = sb.st_mtime;
- }
- sendFile(test);
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
- /* unset if non inetd looped */
- config->ContentLength = -1;
-#endif
+ break;
+ }
+ if (prequest != request_GET) {
+ sendHeaders(HTTP_NOT_IMPLEMENTED);
+ break;
+ }
+#endif /* FEATURE_HTTPD_CGI */
+ if (purl[-1] == '/')
+ strcpy(purl, "index.html");
+ if (stat(test, &sb) == 0) {
+ /* It's a dir URL and there is index.html */
+ config->ContentLength = sb.st_size;
+ config->last_mod = sb.st_mtime;
+ }
#if ENABLE_FEATURE_HTTPD_CGI
+ else if (purl[-1] == '/') {
+ /* It's a dir URL and there is no index.html
+ * Try cgi-bin/index.cgi */
+ if (access("/cgi-bin/index.cgi"+1, X_OK) == 0) {
+ purl[0] = '\0';
+ config->query = url;
+ sendCgi("/cgi-bin/index.cgi", prequest, length, cookie, content_type);
+ break;
}
}
-#endif
+#endif /* FEATURE_HTTPD_CGI */
+ sendFile(test);
+ config->ContentLength = -1;
} while (0);
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
-/* from inetd don't looping: freeing, closing automatic from exit always */
-# if DEBUG
- fprintf(stderr, "closing socket\n");
-# endif
-# if ENABLE_FEATURE_HTTPD_CGI
+ bail_out:
+
+ if (DEBUG)
+ fprintf(stderr, "closing socket\n\n");
+#if ENABLE_FEATURE_HTTPD_CGI
free(cookie);
free(content_type);
free(config->referer);
-#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
+ config->referer = NULL;
+# if ENABLE_FEATURE_HTTPD_BASIC_AUTH
free(config->remoteuser);
-#endif
+ config->remoteuser = NULL;
# endif
-#endif /* CONFIG_FEATURE_HTTPD_WITHOUT_INETD */
- shutdown(a_c_w, SHUT_WR);
+#endif
+ shutdown(config->accepted_socket, SHUT_WR);
/* Properly wait for remote to closed */
FD_ZERO(&s_fd);
- FD_SET(a_c_r, &s_fd);
+ FD_SET(config->accepted_socket, &s_fd);
do {
tv.tv_sec = 2;
tv.tv_usec = 0;
- retval = select(a_c_r + 1, &s_fd, NULL, NULL, &tv);
- } while (retval > 0 && read(a_c_r, buf, sizeof(config->buf) > 0));
+ retval = select(config->accepted_socket + 1, &s_fd, NULL, NULL, &tv);
+ } while (retval > 0 && read(config->accepted_socket, buf, sizeof(config->buf) > 0));
- shutdown(a_c_r, SHUT_RD);
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
+ shutdown(config->accepted_socket, SHUT_RD);
+ /* In inetd case, we close fd 1 (stdout) here. We will exit soon anyway */
close(config->accepted_socket);
-#endif /* CONFIG_FEATURE_HTTPD_WITHOUT_INETD */
}
/****************************************************************************
* $Return: (int) . . . . Always 0.
*
****************************************************************************/
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
static int miniHttpd(int server)
{
fd_set readfd, portfd;
s = accept(server, (struct sockaddr *)&fromAddr, &fromAddrLen);
if (s < 0)
continue;
-
config->accepted_socket = s;
config->rmt_ip = ntohl(fromAddr.sin_addr.s_addr);
#if ENABLE_FEATURE_HTTPD_CGI || DEBUG
bb_error_msg("connection from IP=%s, port %u",
config->rmt_ip_str, config->port);
#endif
-#endif /* CONFIG_FEATURE_HTTPD_CGI */
+#endif /* FEATURE_HTTPD_CGI */
/* set the KEEPALIVE option to cull dead connections */
on = 1;
setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on));
-#if !DEBUG
- if (fork() == 0)
-#endif
- {
- /* This is the spawned thread */
+
+ if (DEBUG || fork() == 0) {
+ /* child */
#if ENABLE_FEATURE_HTTPD_RELOAD_CONFIG_SIGHUP
/* protect reload config, may be confuse checking */
signal(SIGHUP, SIG_IGN);
#endif
handleIncoming();
-#if !DEBUG
- exit(0);
-#endif
+ if (!DEBUG)
+ exit(0);
}
close(s);
- } // while (1)
+ } /* while (1) */
return 0;
}
-#else
- /* from inetd */
-
-static int miniHttpd(void)
+/* from inetd */
+static int miniHttpd_inetd(void)
{
struct sockaddr_in fromAddrLen;
socklen_t sinlen = sizeof(struct sockaddr_in);
(unsigned char)(config->rmt_ip >> 24),
(unsigned char)(config->rmt_ip >> 16),
(unsigned char)(config->rmt_ip >> 8),
- config->rmt_ip & 0xff);
+ config->rmt_ip & 0xff);
#endif
config->port = ntohs(fromAddrLen.sin_port);
handleIncoming();
return 0;
}
-#endif /* CONFIG_FEATURE_HTTPD_WITHOUT_INETD */
#if ENABLE_FEATURE_HTTPD_RELOAD_CONFIG_SIGHUP
static void sighup_handler(int sig)
USE_FEATURE_HTTPD_BASIC_AUTH( r_opt_realm ,)
USE_FEATURE_HTTPD_AUTH_MD5( m_opt_md5 ,)
USE_FEATURE_HTTPD_SETUID( u_opt_setuid ,)
- USE_FEATURE_HTTPD_WITHOUT_INETD( p_opt_port ,)
+ p_opt_port ,
+ p_opt_inetd ,
+ p_opt_foreground,
OPT_CONFIG_FILE = 1 << c_opt_config_file,
OPT_DECODE_URL = 1 << d_opt_decode_url,
OPT_HOME_HTTPD = 1 << h_opt_home_httpd,
OPT_REALM = USE_FEATURE_HTTPD_BASIC_AUTH( (1 << r_opt_realm )) + 0,
OPT_MD5 = USE_FEATURE_HTTPD_AUTH_MD5( (1 << m_opt_md5 )) + 0,
OPT_SETUID = USE_FEATURE_HTTPD_SETUID( (1 << u_opt_setuid )) + 0,
- OPT_PORT = USE_FEATURE_HTTPD_WITHOUT_INETD( (1 << p_opt_port )) + 0,
+ OPT_PORT = 1 << p_opt_port,
+ OPT_INETD = 1 << p_opt_inetd,
+ OPT_FOREGROUND = 1 << p_opt_foreground,
};
static const char httpd_opts[] = "c:d:h:"
USE_FEATURE_HTTPD_BASIC_AUTH("r:")
USE_FEATURE_HTTPD_AUTH_MD5("m:")
USE_FEATURE_HTTPD_SETUID("u:")
- USE_FEATURE_HTTPD_WITHOUT_INETD("p:");
+ "p:if";
int httpd_main(int argc, char *argv[])
const char *home_httpd = home;
char *url_for_decode;
USE_FEATURE_HTTPD_ENCODE_URL_STR(const char *url_for_encode;)
- USE_FEATURE_HTTPD_WITHOUT_INETD(const char *s_port;)
-
+ const char *s_port;
USE_FEATURE_HTTPD_SETUID(const char *s_ugid = NULL;)
USE_FEATURE_HTTPD_SETUID(struct bb_uidgid_t ugid;)
-
USE_FEATURE_HTTPD_AUTH_MD5(const char *pass;)
+#if ENABLE_LOCALE_SUPPORT
+ /* Undo busybox.c: we want to speak English in http (dates etc) */
+ setlocale(LC_TIME, "C");
+#endif
+
config = xzalloc(sizeof(*config));
#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
config->realm = "Web Server Authentication";
#endif
-
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
config->port = 80;
-#endif
-
config->ContentLength = -1;
opt = getopt32(argc, argv, httpd_opts,
USE_FEATURE_HTTPD_BASIC_AUTH(, &(config->realm))
USE_FEATURE_HTTPD_AUTH_MD5(, &pass)
USE_FEATURE_HTTPD_SETUID(, &s_ugid)
- USE_FEATURE_HTTPD_WITHOUT_INETD(, &s_port)
+ , &s_port
);
-
if (opt & OPT_DECODE_URL) {
printf("%s", decodeString(url_for_decode, 1));
return 0;
return 0;
}
#endif
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
if (opt & OPT_PORT)
config->port = xatou16(s_port);
+
#if ENABLE_FEATURE_HTTPD_SETUID
if (opt & OPT_SETUID) {
char *e;
"name '%s'", s_ugid);
}
}
-#endif
#endif
xchdir(home_httpd);
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
- config->server_socket = openServer();
-# if ENABLE_FEATURE_HTTPD_SETUID
- /* drop privileges */
- if (opt & OPT_SETUID) {
- if (ugid.gid != (gid_t)-1) {
- // FIXME: needed?
- //if (setgroups(1, &ugid.gid) == -1)
- // bb_perror_msg_and_die("setgroups");
- xsetgid(ugid.gid);
+ if (!(opt & OPT_INETD)) {
+ config->server_socket = openServer();
+#if ENABLE_FEATURE_HTTPD_SETUID
+ /* drop privileges */
+ if (opt & OPT_SETUID) {
+ if (ugid.gid != (gid_t)-1) {
+ if (setgroups(1, &ugid.gid) == -1)
+ bb_perror_msg_and_die("setgroups");
+ xsetgid(ugid.gid);
+ }
+ xsetuid(ugid.uid);
}
- xsetuid(ugid.uid);
- }
-# endif
#endif
+ }
#if ENABLE_FEATURE_HTTPD_CGI
{
}
clearenv();
if (p)
- setenv("PATH", p, 1);
-# if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
- setenv_long("SERVER_PORT", config->port);
-# endif
+ setenv1("PATH", p);
+ if (!(opt & OPT_INETD))
+ setenv_long("SERVER_PORT", config->port);
}
#endif
parse_conf(default_path_httpd_conf, FIRST_PARSE);
#endif
-#if ENABLE_FEATURE_HTTPD_WITHOUT_INETD
-# if !DEBUG
- xdaemon(1, 0); /* don't change current directory */
-# endif
+ if (opt & OPT_INETD)
+ return miniHttpd_inetd();
+
+ if (!(opt & OPT_FOREGROUND))
+ xdaemon(1, 0); /* don't change current directory */
return miniHttpd(config->server_socket);
-#else
- return miniHttpd();
-#endif
}
projects / oweals / busybox.git / blobdiff