diff options
Diffstat (limited to 'libs/luci-lib-nixio/axTLS/httpd')
-rw-r--r-- | libs/luci-lib-nixio/axTLS/httpd/Config.in | 163 | ||||
-rw-r--r-- | libs/luci-lib-nixio/axTLS/httpd/Makefile | 127 | ||||
-rw-r--r-- | libs/luci-lib-nixio/axTLS/httpd/axhttp.h | 154 | ||||
-rw-r--r-- | libs/luci-lib-nixio/axTLS/httpd/axhttpd.c | 604 | ||||
-rw-r--r-- | libs/luci-lib-nixio/axTLS/httpd/htpasswd.c | 136 | ||||
-rwxr-xr-x | libs/luci-lib-nixio/axTLS/httpd/kepler-1.1-snapshot-20070521-1825.tar.gz | bin | 0 -> 768249 bytes | |||
-rw-r--r-- | libs/luci-lib-nixio/axTLS/httpd/kepler.patch | 64 | ||||
-rw-r--r-- | libs/luci-lib-nixio/axTLS/httpd/proc.c | 1238 | ||||
-rw-r--r-- | libs/luci-lib-nixio/axTLS/httpd/tdate_parse.c | 119 |
9 files changed, 2605 insertions, 0 deletions
diff --git a/libs/luci-lib-nixio/axTLS/httpd/Config.in b/libs/luci-lib-nixio/axTLS/httpd/Config.in new file mode 100644 index 0000000000..513d57ae30 --- /dev/null +++ b/libs/luci-lib-nixio/axTLS/httpd/Config.in @@ -0,0 +1,163 @@ +# +# For a description of the syntax of this configuration file, +# see scripts/config/Kconfig-language.txt +# + +menu "Axhttpd Configuration" +depends on CONFIG_AXHTTPD + +config CONFIG_HTTP_STATIC_BUILD + bool "Static Build" + default n + help + Select y if you want axhttpd to be a static build (i.e. don't use the + axtls shared library or dll). + +config CONFIG_HTTP_PORT + int "HTTP port" + default 80 + help + The port number of the normal HTTP server. + + You must be a root user in order to use the default port. + +config CONFIG_HTTP_HTTPS_PORT + int "HTTPS port" + default 443 + help + The port number of the HTTPS server. + + You must be a root user in order to use the default port. + +config CONFIG_HTTP_SESSION_CACHE_SIZE + int "SSL session cache size" + default 5 + help + The size of the SSL session cache. + + This is not actually related to the number of concurrent users, but + for optimum performance they should be the same (with a penalty + in memory usage). + +config CONFIG_HTTP_WEBROOT + string "Web root location" + default "../www" if !CONFIG_PLATFORM_WIN32 + default "..\\www" if CONFIG_PLATFORM_WIN32 + help + The location of the web root in relation to axhttpd. This is + the directory where index.html lives. + +config CONFIG_HTTP_TIMEOUT + int "Timeout" + default 300 + help + Set the timeout of a connection in seconds. + +menu "CGI" +depends on !CONFIG_PLATFORM_WIN32 + +config CONFIG_HTTP_HAS_CGI + bool "Enable CGI" + default y + depends on !CONFIG_PLATFORM_WIN32 + help + Enable the CGI capability. Not available on Win32 platforms. + +config CONFIG_HTTP_CGI_EXTENSIONS + string "CGI File Extension(s)" + default ".lua,.lp" + depends on CONFIG_HTTP_HAS_CGI + help + Tell axhhtpd what file extension(s) are used for CGI. + + This is a comma separated list - e.g. ".php,.pl" etc + +config CONFIG_HTTP_ENABLE_LUA + bool "Enable Lua" + default y + depends on CONFIG_HTTP_HAS_CGI + help + Lua is a powerful, fast, light-weight, embeddable scripting language. + + See http://www.lua.org for details. + +config CONFIG_HTTP_LUA_PREFIX + string "Lua's Installation Prefix" + default "/usr/local" + depends on CONFIG_HTTP_ENABLE_LUA + + help + The location of Lua's installation prefix. This is also necessary for + Lua's cgi launcher application. + +config CONFIG_HTTP_LUA_CGI_LAUNCHER + string "CGI launcher location" + default "/bin/cgi.exe" if CONFIG_PLATFORM_CYGWIN + default "/bin/cgi" if !CONFIG_PLATFORM_CYGWIN + depends on CONFIG_HTTP_ENABLE_LUA + help + The location of LUA's CGI launcher application (after + the CONFIG_HTTP_LUA_PREFIX) + +config CONFIG_HTTP_BUILD_LUA + bool "Build Lua" + default n + depends on CONFIG_HTTP_ENABLE_LUA + help + Build Lua and install in /usr/local/bin + +endmenu + +config CONFIG_HTTP_DIRECTORIES + bool "Enable Directory Listing" + default y + help + Enable directory listing. + +config CONFIG_HTTP_HAS_AUTHORIZATION + bool "Enable authorization" + default y + help + Pages/directories can have passwords associated with them. + +config CONFIG_HTTP_HAS_IPV6 + bool "Enable IPv6" + default n + depends on !CONFIG_PLATFORM_WIN32 + help + Use IPv6 instead of IPv4. + + Does not work under Win32 + +config CONFIG_HTTP_ENABLE_DIFFERENT_USER + bool "Enable different user" + default n + depends on !CONFIG_PLATFORM_WIN32 + help + Allow the web server to be run as a different user + +config CONFIG_HTTP_USER + string "As User" + default "nobody" + depends on CONFIG_HTTP_ENABLE_DIFFERENT_USER + help + The user name that will be used to run axhttpd. + +config CONFIG_HTTP_VERBOSE + bool "Verbose Mode" + default y if CONFIG_SSL_FULL_MODE + default n if !CONFIG_SSL_FULL_MODE + help + Enable extra statements used when using axhttpd. + +config CONFIG_HTTP_IS_DAEMON + bool "Run as a daemon" + default n + depends on !CONFIG_PLATFORM_WIN32 + help + Run axhttpd as a background process. + + Does not work under Win32 + +endmenu + diff --git a/libs/luci-lib-nixio/axTLS/httpd/Makefile b/libs/luci-lib-nixio/axTLS/httpd/Makefile new file mode 100644 index 0000000000..b8c18d2445 --- /dev/null +++ b/libs/luci-lib-nixio/axTLS/httpd/Makefile @@ -0,0 +1,127 @@ +# +# Copyright (c) 2007, Cameron Rich +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the axTLS project nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY +# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +all : web_server lua + +AXTLS_HOME=.. + +include $(AXTLS_HOME)/config/.config +include $(AXTLS_HOME)/config/makefile.conf + +ifndef CONFIG_PLATFORM_WIN32 + +ifdef CONFIG_PLATFORM_CYGWIN +TARGET=$(AXTLS_HOME)/$(STAGE)/axhttpd.exe +TARGET2=$(AXTLS_HOME)/$(STAGE)/htpasswd.exe +else +TARGET=$(AXTLS_HOME)/$(STAGE)/axhttpd +TARGET2=$(AXTLS_HOME)/$(STAGE)/htpasswd +endif + +ifdef CONFIG_HTTP_STATIC_BUILD +LIBS=$(AXTLS_HOME)/$(STAGE)/libaxtls.a +else +LIBS=-L$(AXTLS_HOME)/$(STAGE) -laxtls +endif + +ifdef CONFIG_HTTP_BUILD_LUA +lua: kepler-1.1 + +kepler-1.1: + @tar xvfz kepler-1.1-snapshot-20070521-1825.tar.gz + @cat kepler.patch | patch -p0 + cd kepler-1.1; ./configure --prefix=$(CONFIG_HTTP_LUA_PREFIX) --launcher=cgi --lua-suffix= ; make install +else +lua: +endif + +else # win32 build +lua: + +TARGET=$(AXTLS_HOME)/$(STAGE)/axhttpd.exe +TARGET2=$(AXTLS_HOME)/$(STAGE)/htpasswd.exe + +ifdef CONFIG_HTTP_STATIC_BUILD +LIBS=$(AXTLS_HOME)/$(STAGE)/axtls.static.lib $(AXTLS_HOME)\\config\\axtls.res +else +LIBS=$(AXTLS_HOME)/$(STAGE)/axtls.lib $(AXTLS_HOME)\\config\\axtls.res +endif +endif + +ifndef CONFIG_AXHTTPD +web_server: +else + +web_server :: $(TARGET) + +ifdef CONFIG_HTTP_HAS_AUTHORIZATION +web_server :: $(TARGET2) +endif + +OBJ= \ + axhttpd.o \ + proc.o \ + tdate_parse.o + +include $(AXTLS_HOME)/config/makefile.post + +ifndef CONFIG_PLATFORM_WIN32 + +$(TARGET): $(OBJ) $(AXTLS_HOME)/$(STAGE)/libaxtls.a + $(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS) +ifdef CONFIG_STRIP_UNWANTED_SECTIONS + $(STRIP) --remove-section=.comment $(TARGET) +endif + +$(TARGET2): htpasswd.o $(AXTLS_HOME)/$(STAGE)/libaxtls.a + $(LD) $(LDFLAGS) -o $@ htpasswd.o $(LIBS) + +else # Win32 + +OBJ:=$(OBJ:.o=.obj) +%.obj : %.c + $(CC) $(CFLAGS) $< + +htpasswd.obj : htpasswd.c + $(CC) $(CFLAGS) $? + +$(TARGET): $(OBJ) + $(LD) $(LDFLAGS) /out:$@ $(LIBS) $? + +$(TARGET2): htpasswd.obj + $(LD) $(LDFLAGS) /out:$@ $(LIBS) $? +endif + +endif # CONFIG_AXHTTPD + +clean:: + -@rm -f $(TARGET)* + -@rm -fr kepler-1.1 + diff --git a/libs/luci-lib-nixio/axTLS/httpd/axhttp.h b/libs/luci-lib-nixio/axTLS/httpd/axhttp.h new file mode 100644 index 0000000000..73c299fb14 --- /dev/null +++ b/libs/luci-lib-nixio/axTLS/httpd/axhttp.h @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2007, Cameron Rich + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the axTLS project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "ssl.h" + +#define BACKLOG 15 +#define VERSION "1.0.0" +#ifdef CONFIG_HTTP_HAS_IPV6 +#define HAVE_IPV6 +#endif + +#define MAXPOSTDATASIZE 30000 +#define MAXREQUESTLENGTH 256 +#define BLOCKSIZE 4096 + +#define INITIAL_CONNECTION_SLOTS 10 +#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS SSL_DISPLAY_CERTS + +#define STATE_WANT_TO_READ_HEAD 1 +#define STATE_WANT_TO_SEND_HEAD 2 +#define STATE_WANT_TO_READ_FILE 3 +#define STATE_WANT_TO_SEND_FILE 4 +#define STATE_DOING_DIR 5 + +enum +{ + TYPE_GET, + TYPE_HEAD, + TYPE_POST +}; + +struct connstruct +{ + struct connstruct *next; + int state; + int reqtype; + int networkdesc; + int filedesc; + SSL *ssl; + +#if defined(CONFIG_HTTP_DIRECTORIES) +#ifdef WIN32 + HANDLE dirp; + WIN32_FIND_DATA file_data; +#else + DIR *dirp; +#endif +#endif + + time_t timeout; + char actualfile[MAXREQUESTLENGTH]; + char filereq[MAXREQUESTLENGTH]; + char dirname[MAXREQUESTLENGTH]; + char server_name[MAXREQUESTLENGTH]; + int numbytes; + char databuf[BLOCKSIZE]; + uint8_t is_ssl; + uint8_t close_when_done; + time_t if_modified_since; + +#if defined(CONFIG_HTTP_HAS_CGI) + uint8_t is_cgi; +#ifdef CONFIG_HTTP_ENABLE_LUA + uint8_t is_lua; +#endif + int content_length; + char remote_addr[MAXREQUESTLENGTH]; + char uri_request[MAXREQUESTLENGTH]; + char uri_path_info[MAXREQUESTLENGTH]; + char uri_query[MAXREQUESTLENGTH]; + char cookie[MAXREQUESTLENGTH]; +#endif +#if defined(CONFIG_HTTP_HAS_AUTHORIZATION) + char authorization[MAXREQUESTLENGTH]; +#endif + int post_read; + int post_state; + char *post_data; +}; + +struct serverstruct +{ + struct serverstruct *next; + int sd; + int is_ssl; + SSL_CTX *ssl_ctx; +}; + +#if defined(CONFIG_HTTP_HAS_CGI) +struct cgiextstruct +{ + struct cgiextstruct *next; + char *ext; +}; +#endif + +/* global prototypes */ +extern struct serverstruct *servers; +extern struct connstruct *usedconns; +extern struct connstruct *freeconns; +extern const char * const server_version; + +#if defined(CONFIG_HTTP_HAS_CGI) +extern struct cgiextstruct *cgiexts; +#endif + +/* conn.c prototypes */ +void removeconnection(struct connstruct *cn); + +/* proc.c prototypes */ +void procdodir(struct connstruct *cn); +void procreadhead(struct connstruct *cn); +void procsendhead(struct connstruct *cn); +void procreadfile(struct connstruct *cn); +void procsendfile(struct connstruct *cn); +#if defined(CONFIG_HTTP_HAS_CGI) +void read_post_data(struct connstruct *cn); +#endif + +/* misc.c prototypes */ +char *my_strncpy(char *dest, const char *src, size_t n); +int isdir(const char *name); + +/* tdate prototypes */ +void tdate_init(void); +time_t tdate_parse(const char* str); + diff --git a/libs/luci-lib-nixio/axTLS/httpd/axhttpd.c b/libs/luci-lib-nixio/axTLS/httpd/axhttpd.c new file mode 100644 index 0000000000..35d36f64c1 --- /dev/null +++ b/libs/luci-lib-nixio/axTLS/httpd/axhttpd.c @@ -0,0 +1,604 @@ +/* + * Copyright (c) 2007, Cameron Rich + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the axTLS project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <signal.h> +#include <stdlib.h> +#include <sys/stat.h> +#include <pwd.h> +#include "axhttp.h" + +struct serverstruct *servers; +struct connstruct *usedconns; +struct connstruct *freeconns; +const char * const server_version = "axhttpd/"AXTLS_VERSION; + +static void addtoservers(int sd); +static int openlistener(int port); +static void handlenewconnection(int listenfd, int is_ssl); +static void addconnection(int sd, char *ip, int is_ssl); +static void ax_chdir(void); + +#if defined(CONFIG_HTTP_HAS_CGI) +struct cgiextstruct *cgiexts; +static void addcgiext(const char *tp); + +#if !defined(WIN32) +static void reaper(int sigtype) +{ + wait3(NULL, WNOHANG, NULL); +} +#endif +#endif + +#ifdef CONFIG_HTTP_VERBOSE /* should really be in debug mode or something */ +/* clean up memory for valgrind */ +static void sigint_cleanup(int sig) +{ + struct serverstruct *sp; + struct connstruct *tp; + + while (servers != NULL) + { + if (servers->is_ssl) + ssl_ctx_free(servers->ssl_ctx); + + sp = servers->next; + free(servers); + servers = sp; + } + + while (freeconns != NULL) + { + tp = freeconns->next; + free(freeconns); + freeconns = tp; + } + + while (usedconns != NULL) + { + tp = usedconns->next; + free(usedconns); + usedconns = tp; + } + +#if defined(CONFIG_HTTP_HAS_CGI) + while (cgiexts) + { + struct cgiextstruct *cp = cgiexts->next; + if (cp == NULL) /* last entry */ + free(cgiexts->ext); + free(cgiexts); + cgiexts = cp; + } +#endif + + exit(0); +} + +static void die(int sigtype) +{ + exit(0); +} +#endif + +int main(int argc, char *argv[]) +{ + fd_set rfds, wfds; + struct connstruct *tp, *to; + struct serverstruct *sp; + int rnum, wnum, active; + int i; + time_t currtime; + +#ifdef WIN32 + WORD wVersionRequested = MAKEWORD(2, 2); + WSADATA wsaData; + WSAStartup(wVersionRequested,&wsaData); +#else + signal(SIGPIPE, SIG_IGN); +#if defined(CONFIG_HTTP_HAS_CGI) + signal(SIGCHLD, reaper); +#endif +#ifdef CONFIG_HTTP_VERBOSE + signal(SIGQUIT, die); +#endif +#endif + +#ifdef CONFIG_HTTP_VERBOSE + signal(SIGTERM, die); + signal(SIGINT, sigint_cleanup); +#endif + tdate_init(); + + for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) + { + tp = freeconns; + freeconns = (struct connstruct *)calloc(1, sizeof(struct connstruct)); + freeconns->next = tp; + } + + if ((active = openlistener(CONFIG_HTTP_PORT)) == -1) + { +#ifdef CONFIG_HTTP_VERBOSE + fprintf(stderr, "ERR: Couldn't bind to port %d\n", + CONFIG_HTTP_PORT); +#endif + exit(1); + } + + addtoservers(active); + + if ((active = openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) + { +#ifdef CONFIG_HTTP_VERBOSE + fprintf(stderr, "ERR: Couldn't bind to port %d\n", + CONFIG_HTTP_HTTPS_PORT); +#endif + exit(1); + } + + addtoservers(active); + servers->ssl_ctx = ssl_ctx_new(CONFIG_HTTP_DEFAULT_SSL_OPTIONS, + CONFIG_HTTP_SESSION_CACHE_SIZE); + servers->is_ssl = 1; + +#if defined(CONFIG_HTTP_HAS_CGI) + addcgiext(CONFIG_HTTP_CGI_EXTENSIONS); +#endif + +#if defined(CONFIG_HTTP_VERBOSE) +#if defined(CONFIG_HTTP_HAS_CGI) + printf("addcgiext %s\n", CONFIG_HTTP_CGI_EXTENSIONS); +#endif + printf("%s: listening on ports %d (http) and %d (https)\n", + server_version, CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT); + TTY_FLUSH(); +#endif + + ax_chdir(); + +#ifdef CONFIG_HTTP_ENABLE_DIFFERENT_USER + { + struct passwd *pd = getpwnam(CONFIG_HTTP_USER); + + if (pd != NULL) + { + int res = setuid(pd->pw_uid); + res |= setgid(pd->pw_gid); + +#if defined(CONFIG_HTTP_VERBOSE) + if (res == 0) + { + printf("change to '%s' successful\n", CONFIG_HTTP_USER); + TTY_FLUSH(); + } +#endif + } + + } +#endif + + +#ifndef WIN32 +#ifdef CONFIG_HTTP_IS_DAEMON + if (fork() > 0) /* parent will die */ + exit(0); + + setsid(); +#endif +#endif + + /* main loop */ + while (1) + { + FD_ZERO(&rfds); + FD_ZERO(&wfds); + rnum = wnum = -1; + sp = servers; + + while (sp != NULL) /* read each server port */ + { + FD_SET(sp->sd, &rfds); + + if (sp->sd > rnum) + rnum = sp->sd; + sp = sp->next; + } + + /* Add the established sockets */ + tp = usedconns; + currtime = time(NULL); + + while (tp != NULL) + { + if (currtime > tp->timeout) /* timed out? Kill it. */ + { + to = tp; + tp = tp->next; + removeconnection(to); + continue; + } + + if (tp->state == STATE_WANT_TO_READ_HEAD) + { + FD_SET(tp->networkdesc, &rfds); + if (tp->networkdesc > rnum) + rnum = tp->networkdesc; + } + + if (tp->state == STATE_WANT_TO_SEND_HEAD) + { + FD_SET(tp->networkdesc, &wfds); + if (tp->networkdesc > wnum) + wnum = tp->networkdesc; + } + + if (tp->state == STATE_WANT_TO_READ_FILE) + { + FD_SET(tp->filedesc, &rfds); + if (tp->filedesc > rnum) + rnum = tp->filedesc; + } + + if (tp->state == STATE_WANT_TO_SEND_FILE) + { + FD_SET(tp->networkdesc, &wfds); + if (tp->networkdesc > wnum) + wnum = tp->networkdesc; + } + +#if defined(CONFIG_HTTP_DIRECTORIES) + if (tp->state == STATE_DOING_DIR) + { + FD_SET(tp->networkdesc, &wfds); + if (tp->networkdesc > wnum) + wnum = tp->networkdesc; + } +#endif + tp = tp->next; + } + + active = select(wnum > rnum ? wnum+1 : rnum+1, + rnum != -1 ? &rfds : NULL, + wnum != -1 ? &wfds : NULL, + NULL, NULL); + + /* New connection? */ + sp = servers; + while (active > 0 && sp != NULL) + { + if (FD_ISSET(sp->sd, &rfds)) + { + handlenewconnection(sp->sd, sp->is_ssl); + active--; + } + + sp = sp->next; + } + + /* Handle the established sockets */ + tp = usedconns; + + while (active > 0 && tp != NULL) + { + to = tp; + tp = tp->next; + + if (to->state == STATE_WANT_TO_READ_HEAD && + FD_ISSET(to->networkdesc, &rfds)) + { + active--; +#if defined(CONFIG_HTTP_HAS_CGI) + if (to->post_state) + read_post_data(to); + else +#endif + procreadhead(to); + } + + if (to->state == STATE_WANT_TO_SEND_HEAD && + FD_ISSET(to->networkdesc, &wfds)) + { + active--; + procsendhead(to); + } + + if (to->state == STATE_WANT_TO_READ_FILE && + FD_ISSET(to->filedesc, &rfds)) + { + active--; + procreadfile(to); + } + + if (to->state == STATE_WANT_TO_SEND_FILE && + FD_ISSET(to->networkdesc, &wfds)) + { + active--; + procsendfile(to); + } + +#if defined(CONFIG_HTTP_DIRECTORIES) + if (to->state == STATE_DOING_DIR && + FD_ISSET(to->networkdesc, &wfds)) + { + active--; + procdodir(to); + } +#endif + } + } + + return 0; +} + +#if defined(CONFIG_HTTP_HAS_CGI) +static void addcgiext(const char *cgi_exts) +{ + char *cp = strdup(cgi_exts); + + /* extenstions are comma separated */ + do + { + struct cgiextstruct *ex = (struct cgiextstruct *) + malloc(sizeof(struct cgiextstruct)); + ex->ext = cp; + ex->next = cgiexts; + cgiexts = ex; + if ((cp = strchr(cp, ',')) != NULL) + *cp++ = 0; + } while (cp != NULL); +} +#endif + +static void addtoservers(int sd) +{ + struct serverstruct *tp = (struct serverstruct *) + calloc(1, sizeof(struct serverstruct)); + tp->next = servers; + tp->sd = sd; + servers = tp; +} + +#ifdef HAVE_IPV6 +static void handlenewconnection(int listenfd, int is_ssl) +{ + struct sockaddr_in6 their_addr; + int tp = sizeof(their_addr); + char ipbuf[100]; + int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp); + + if (tp == sizeof(struct sockaddr_in6)) + inet_ntop(AF_INET6, &their_addr.sin6_addr, ipbuf, sizeof(ipbuf)); + else if (tp == sizeof(struct sockaddr_in)) + inet_ntop(AF_INET, &(((struct sockaddr_in *)&their_addr)->sin_addr), + ipbuf, sizeof(ipbuf)); + else + *ipbuf = '\0'; + + addconnection(connfd, ipbuf, is_ssl); +} + +#else +static void handlenewconnection(int listenfd, int is_ssl) +{ + struct sockaddr_in their_addr; + socklen_t tp = sizeof(struct sockaddr_in); + int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp); + addconnection(connfd, inet_ntoa(their_addr.sin_addr), is_ssl); +} +#endif + +static int openlistener(int port) +{ + int sd; +#ifdef WIN32 + char tp = 1; +#else + int tp = 1; +#endif +#ifndef HAVE_IPV6 + struct sockaddr_in my_addr; + + if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) + return -1; + + memset(&my_addr, 0, sizeof(my_addr)); + my_addr.sin_family = AF_INET; + my_addr.sin_port = htons((short)port); + my_addr.sin_addr.s_addr = INADDR_ANY; +#else + struct sockaddr_in6 my_addr; + + if ((sd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) + return -1; + + memset(&my_addr, 0, sizeof(my_addr)); + my_addr.sin6_family = AF_INET6; + my_addr.sin6_port = htons(port); + my_addr.sin6_addr.s_addr = INADDR_ANY; +#endif + + setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp)); + if (bind(sd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) + { + close(sd); + return -1; + } + + listen(sd, BACKLOG); + return sd; +} + +/* Wrapper function for strncpy() that guarantees + a null-terminated string. This is to avoid any possible + issues due to strncpy()'s behaviour. + */ +char *my_strncpy(char *dest, const char *src, size_t n) +{ + strncpy(dest, src, n); + dest[n-1] = '\0'; + return dest; +} + +int isdir(const char *tpbuf) +{ + struct stat st; + char path[MAXREQUESTLENGTH]; + strcpy(path, tpbuf); + +#ifdef WIN32 /* win32 stat() can't handle trailing '\' */ + if (path[strlen(path)-1] == '\\') + path[strlen(path)-1] = 0; +#endif + + if (stat(path, &st) == -1) + return 0; + + if ((st.st_mode & S_IFMT) == S_IFDIR) + return 1; + + return 0; +} + +static void addconnection(int sd, char *ip, int is_ssl) +{ + struct connstruct *tp; + + /* Get ourselves a connstruct */ + if (freeconns == NULL) + tp = (struct connstruct *)calloc(1, sizeof(struct connstruct)); + else + { + tp = freeconns; + freeconns = tp->next; + } + + /* Attach it to the used list */ + tp->next = usedconns; + usedconns = tp; + tp->networkdesc = sd; + + if (is_ssl) + tp->ssl = ssl_server_new(servers->ssl_ctx, sd); + + tp->is_ssl = is_ssl; + tp->filedesc = -1; +#if defined(CONFIG_HTTP_HAS_DIRECTORIES) + tp->dirp = NULL; +#endif + *tp->actualfile = '\0'; + *tp->filereq = '\0'; + tp->state = STATE_WANT_TO_READ_HEAD; + tp->reqtype = TYPE_GET; + tp->close_when_done = 0; + tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT; +#if defined(CONFIG_HTTP_HAS_CGI) + strcpy(tp->remote_addr, ip); +#endif +} + +void removeconnection(struct connstruct *cn) +{ + struct connstruct *tp; + int shouldret = 0; + + tp = usedconns; + + if (tp == NULL || cn == NULL) + shouldret = 1; + else if (tp == cn) + usedconns = tp->next; + else + { + while (tp != NULL) + { + if (tp->next == cn) + { + tp->next = (tp->next)->next; + shouldret = 0; + break; + } + + tp = tp->next; + shouldret = 1; + } + } + + if (shouldret) + return; + + /* If we did, add it to the free list */ + cn->next = freeconns; + freeconns = cn; + + /* Close it all down */ + if (cn->networkdesc != -1) + { + if (cn->is_ssl) + { + ssl_free(cn->ssl); + cn->ssl = NULL; + } + + SOCKET_CLOSE(cn->networkdesc); + } + + if (cn->filedesc != -1) + close(cn->filedesc); + +#if defined(CONFIG_HTTP_HAS_DIRECTORIES) + if (cn->dirp != NULL) +#ifdef WIN32 + FindClose(cn->dirp); +#else + closedir(cn->dirp); +#endif +#endif +} + +/* + * Change directories one way or the other. + */ +static void ax_chdir(void) +{ + static char *webroot = CONFIG_HTTP_WEBROOT; + + if (chdir(webroot)) + { +#ifdef CONFIG_HTTP_VERBOSE + fprintf(stderr, "'%s' is not a directory\n", webroot); +#endif + exit(1); + } +} + diff --git a/libs/luci-lib-nixio/axTLS/httpd/htpasswd.c b/libs/luci-lib-nixio/axTLS/httpd/htpasswd.c new file mode 100644 index 0000000000..1a7a2311f8 --- /dev/null +++ b/libs/luci-lib-nixio/axTLS/httpd/htpasswd.c @@ -0,0 +1,136 @@ +/* + * Copyright (c) 2007, Cameron Rich + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the axTLS project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include "ssl.h" + +int tfd; + +void base64_encode(const uint8_t *in, size_t inlen, char *out, size_t outlen) +{ + static const char b64str[64] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + + while (inlen && outlen) + { + *out++ = b64str[(in[0] >> 2) & 0x3f]; + if (!--outlen) + break; + + *out++ = b64str[((in[0] << 4) + + (--inlen ? in[1] >> 4 : 0)) & 0x3f]; + if (!--outlen) + break; + *out++ = (inlen + ? b64str[((in[1] << 2) + + (--inlen ? in[2] >> 6 : 0)) + & 0x3f] + : '='); + if (!--outlen) + break; + *out++ = inlen ? b64str[in[2] & 0x3f] : '='; + if (!--outlen) + break; + if (inlen) + inlen--; + if (inlen) + in += 3; + } + + if (outlen) + *out = '\0'; +} + +static void usage(void) +{ + fprintf(stderr,"Usage: htpasswd username\n"); + exit(1); +} + +#ifdef WIN32 +static char * getpass(const char *prompt) +{ + static char buf[127]; + FILE *fp = stdin; + + printf(prompt); TTY_FLUSH(); +#if 0 + fp = fopen("/dev/tty", "w"); + if (fp == NULL) + { + printf("null\n"); TTY_FLUSH(); + fp = stdin; + } +#endif + + fgets(buf, sizeof(buf), fp); + while (buf[strlen(buf)-1] < ' ') + buf[strlen(buf)-1] = '\0'; + + //if (fp != stdin) + // fclose(fp); + return buf; +} +#endif + +int main(int argc, char *argv[]) +{ + char* pw; + uint8_t md5_salt[MD5_SIZE], md5_pass[MD5_SIZE]; + char b64_salt[MD5_SIZE+10], b64_pass[MD5_SIZE+10]; + MD5_CTX ctx; + + if (argc != 2) + usage(); + + pw = strdup(getpass("New password:")); + if (strcmp(pw, getpass("Re-type new password:")) != 0) + { + fprintf(stderr, "They don't match, sorry.\n" ); + exit(1); + } + + RNG_initialize((uint8_t *)pw, sizeof(pw)); + get_random(MD5_SIZE, md5_salt); + RNG_terminate(); + base64_encode(md5_salt, MD5_SIZE, b64_salt, sizeof(b64_salt)); + + MD5_Init(&ctx); + MD5_Update(&ctx, md5_salt, MD5_SIZE); + MD5_Update(&ctx, (uint8_t *)pw, strlen(pw)); + MD5_Final(md5_pass, &ctx); + base64_encode(md5_pass, MD5_SIZE, b64_pass, sizeof(b64_pass)); + + printf("Add the following to your '.htpasswd' file\n"); + printf("%s:%s$%s\n", argv[1], b64_salt, b64_pass); + return 0; +} diff --git a/libs/luci-lib-nixio/axTLS/httpd/kepler-1.1-snapshot-20070521-1825.tar.gz b/libs/luci-lib-nixio/axTLS/httpd/kepler-1.1-snapshot-20070521-1825.tar.gz Binary files differnew file mode 100755 index 0000000000..d1caec5a53 --- /dev/null +++ b/libs/luci-lib-nixio/axTLS/httpd/kepler-1.1-snapshot-20070521-1825.tar.gz diff --git a/libs/luci-lib-nixio/axTLS/httpd/kepler.patch b/libs/luci-lib-nixio/axTLS/httpd/kepler.patch new file mode 100644 index 0000000000..dbab7e501c --- /dev/null +++ b/libs/luci-lib-nixio/axTLS/httpd/kepler.patch @@ -0,0 +1,64 @@ +diff -Naur kepler-1.1/launcher/cgi/Makefile kepler-1.1.new/launcher/cgi/Makefile +--- kepler-1.1/launcher/cgi/Makefile 2007-04-21 06:41:49.000000000 +1000 ++++ kepler-1.1.new/launcher/cgi/Makefile 2007-05-16 22:13:38.750000000 +1000 +@@ -16,7 +16,7 @@ + + + $T: $(CH) $(OBJS) +- $(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) ++ $(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) -L../../lua-5.1.2/src -llua + + build: $T + +diff -Naur kepler-1.1/luafilesystem/Makefile kepler-1.1.new/luafilesystem/Makefile +--- kepler-1.1/luafilesystem/Makefile 2007-04-21 06:41:49.000000000 +1000 ++++ kepler-1.1.new/luafilesystem/Makefile 2007-05-16 22:06:25.546875000 +1000 +@@ -12,7 +12,7 @@ + lib: src/$(LIBNAME) + + src/$(LIBNAME): $(OBJS) +- export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS) ++ export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS) -L../lua-5.1.2/src -llua + + install: src/$(LIBNAME) + mkdir -p $(LUA_LIBDIR) +diff -Naur kepler-1.1/luasocket-2.0.1/src/makefile kepler-1.1.new/luasocket-2.0.1/src/makefile +--- kepler-1.1/luasocket-2.0.1/src/makefile 2007-04-21 06:41:49.000000000 +1000 ++++ kepler-1.1.new/luasocket-2.0.1/src/makefile 2007-05-16 22:36:37.125000000 +1000 +@@ -47,10 +47,10 @@ + all: $(SOCKET_SO) $(MIME_SO) + + $(SOCKET_SO): $(SOCKET_OBJS) +- $(LD) $(LDFLAGS) -o $@ $(SOCKET_OBJS) ++ $(LD) $(LDFLAGS) -o $@ $(SOCKET_OBJS) -L../../lua-5.1.2/src -llua + + $(MIME_SO): $(MIME_OBJS) +- $(LD) $(LDFLAGS) -o $@ $(MIME_OBJS) ++ $(LD) $(LDFLAGS) -o $@ $(MIME_OBJS) -L../../lua-5.1.2/src -llua + + $(UNIX_SO): $(UNIX_OBJS) + $(LD) $(LDFLAGS) -o $@ $(UNIX_OBJS) +diff -Naur kepler-1.1/md5/Makefile kepler-1.1.new/md5/Makefile +--- kepler-1.1/md5/Makefile 2007-04-21 06:41:49.000000000 +1000 ++++ kepler-1.1.new/md5/Makefile 2007-05-16 22:06:44.593750000 +1000 +@@ -15,7 +15,7 @@ + + + src/$(LIBNAME) : $(OBJS) +- export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS) ++ export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS) -L../lua-5.1.2/src -llua + + $(COMPAT_DIR)/compat-5.1.o: $(COMPAT_DIR)/compat-5.1.c + $(CC) -c $(CFLAGS) -o $@ $(COMPAT_DIR)/compat-5.1.c +diff -Naur kepler-1.1/rings/Makefile kepler-1.1.new/rings/Makefile +--- kepler-1.1/rings/Makefile 2007-04-21 06:41:49.000000000 +1000 ++++ kepler-1.1.new/rings/Makefile 2007-05-16 22:05:28.765625000 +1000 +@@ -10,7 +10,7 @@ + OBJS= src/rings.o + + src/$(LIBNAME) : $(OBJS) +- export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS) ++ export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS) -L../lua-5.1.2/src -llua + + install: + mkdir -p $(LUA_LIBDIR) diff --git a/libs/luci-lib-nixio/axTLS/httpd/proc.c b/libs/luci-lib-nixio/axTLS/httpd/proc.c new file mode 100644 index 0000000000..3c897c98b0 --- /dev/null +++ b/libs/luci-lib-nixio/axTLS/httpd/proc.c @@ -0,0 +1,1238 @@ +/* + * Copyright (c) 2007-2008, Cameron Rich + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the axTLS project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <ctype.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <time.h> +#include <string.h> +#include "axhttp.h" + +#define HTTP_VERSION "HTTP/1.1" + +static const char * index_file = "index.html"; + +static int special_read(struct connstruct *cn, void *buf, size_t count); +static int special_write(struct connstruct *cn, + const char *buf, size_t count); +static void send_error(struct connstruct *cn, int err); +static int hexit(char c); +static void urldecode(char *buf); +static void buildactualfile(struct connstruct *cn); +static int sanitizefile(const char *buf); +static int sanitizehost(char *buf); +static int htaccess_check(struct connstruct *cn); +static const char *getmimetype(const char *name); + +#if defined(CONFIG_HTTP_DIRECTORIES) +static void urlencode(const uint8_t *s, char *t); +static void procdirlisting(struct connstruct *cn); +#endif +#if defined(CONFIG_HTTP_HAS_CGI) +static void proccgi(struct connstruct *cn); +static void decode_path_info(struct connstruct *cn, char *path_info); +static int init_read_post_data(char *buf, char *data, struct connstruct *cn, int old_rv); +#endif +#ifdef CONFIG_HTTP_HAS_AUTHORIZATION +static int auth_check(struct connstruct *cn); +#endif + +#if AXDEBUG +#define AXDEBUGSTART \ + { \ + FILE *axdout; \ + axdout = fopen("/var/log/axdebug", "a"); \ + +#define AXDEBUGEND \ + fclose(axdout); \ + } +#else /* AXDEBUG */ +#define AXDEBUGSTART +#define AXDEBUGEND +#endif /* AXDEBUG */ + +/* Returns 1 if elems should continue being read, 0 otherwise */ +static int procheadelem(struct connstruct *cn, char *buf) +{ + char *delim, *value; + + if ((delim = strchr(buf, ' ')) == NULL) + return 0; + + *delim = 0; + value = delim+1; + + if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 || + strcmp(buf, "POST") == 0) + { + if (buf[0] == 'H') + cn->reqtype = TYPE_HEAD; + else if (buf[0] == 'P') + cn->reqtype = TYPE_POST; + + if ((delim = strchr(value, ' ')) == NULL) /* expect HTTP type */ + return 0; + + *delim = 0; + urldecode(value); + + if (sanitizefile(value) == 0) + { + send_error(cn, 403); + return 0; + } + +#if defined(CONFIG_HTTP_HAS_CGI) + decode_path_info(cn, value); +#else + my_strncpy(cn->filereq, value, MAXREQUESTLENGTH); +#endif + cn->if_modified_since = -1; + } + else if (strcmp(buf, "Host:") == 0) + { + if (sanitizehost(value) == 0) + { + removeconnection(cn); + return 0; + } + + my_strncpy(cn->server_name, value, MAXREQUESTLENGTH); + } + else if (strcmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0) + { + cn->close_when_done = 1; + } + else if (strcmp(buf, "If-Modified-Since:") == 0) + { + cn->if_modified_since = tdate_parse(value); + } + else if (strcmp(buf, "Expect:") == 0) + { + send_error(cn, 417); /* expectation failed */ + return 0; + } +#ifdef CONFIG_HTTP_HAS_AUTHORIZATION + else if (strcmp(buf, "Authorization:") == 0 && + strncmp(value, "Basic ", 6) == 0) + { + int size; + if (base64_decode(&value[6], strlen(&value[6]), + (uint8_t *)cn->authorization, &size)) + cn->authorization[0] = 0; /* error */ + else + cn->authorization[size] = 0; + } +#endif +#if defined(CONFIG_HTTP_HAS_CGI) + else if (strcmp(buf, "Content-Length:") == 0) + { + sscanf(value, "%d", &cn->content_length); + } + else if (strcmp(buf, "Cookie:") == 0) + { + my_strncpy(cn->cookie, value, MAXREQUESTLENGTH); + } +#endif + + return 1; +} + +#if defined(CONFIG_HTTP_DIRECTORIES) +static void procdirlisting(struct connstruct *cn) +{ + char buf[MAXREQUESTLENGTH]; + char actualfile[1024]; + + if (cn->reqtype == TYPE_HEAD) + { + snprintf(buf, sizeof(buf), HTTP_VERSION + " 200 OK\nContent-Type: text/html\n\n"); + write(cn->networkdesc, buf, strlen(buf)); + removeconnection(cn); + return; + } + + strcpy(actualfile, cn->actualfile); + +#ifdef WIN32 + strcat(actualfile, "*"); + cn->dirp = FindFirstFile(actualfile, &cn->file_data); + + if (cn->dirp == INVALID_HANDLE_VALUE) + { + send_error(cn, 404); + return; + } +#else + if ((cn->dirp = opendir(actualfile)) == NULL) + { + send_error(cn, 404); + return; + } +#endif + + snprintf(buf, sizeof(buf), HTTP_VERSION + " 200 OK\nContent-Type: text/html\n\n" + "<html><body>\n<title>Directory Listing</title>\n" + "<h3>Directory listing of %s://%s%s</h3><br />\n", + cn->is_ssl ? "https" : "http", cn->server_name, cn->filereq); + special_write(cn, buf, strlen(buf)); + cn->state = STATE_DOING_DIR; +} + +void procdodir(struct connstruct *cn) +{ +#ifndef WIN32 + struct dirent *dp; +#endif + char buf[MAXREQUESTLENGTH]; + char encbuf[1024]; + char *file; + + do + { + buf[0] = 0; + +#ifdef WIN32 + if (!FindNextFile(cn->dirp, &cn->file_data)) +#else + if ((dp = readdir(cn->dirp)) == NULL) +#endif + { + snprintf(buf, sizeof(buf), "</body></html>\n"); + special_write(cn, buf, strlen(buf)); + removeconnection(cn); +#ifndef WIN32 + closedir(cn->dirp); +#endif + return; + } + +#ifdef WIN32 + file = cn->file_data.cFileName; +#else + file = dp->d_name; +#endif + + /* if no index file, don't display the ".." directory */ + if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' && + strcmp(file, "..") == 0) + continue; + + /* don't display files beginning with "." */ + if (file[0] == '.' && file[1] != '.') + continue; + + /* make sure a '/' is at the end of a directory */ + if (cn->filereq[strlen(cn->filereq)-1] != '/') + strcat(cn->filereq, "/"); + + /* see if the dir + file is another directory */ + snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file); + if (isdir(buf)) + strcat(file, "/"); + + urlencode((uint8_t *)file, encbuf); + snprintf(buf, sizeof(buf), "<a href=\"%s%s\">%s</a><br />\n", + cn->filereq, encbuf, file); + } while (special_write(cn, buf, strlen(buf))); +} + +/* Encode funny chars -> %xx in newly allocated storage */ +/* (preserves '/' !) */ +static void urlencode(const uint8_t *s, char *t) +{ + const uint8_t *p = s; + char *tp = t; + + for (; *p; p++) + { + if ((*p > 0x00 && *p < ',') || + (*p > '9' && *p < 'A') || + (*p > 'Z' && *p < '_') || + (*p > '_' && *p < 'a') || + (*p > 'z' && *p < 0xA1)) + { + sprintf((char *)tp, "%%%02X", *p); + tp += 3; + } + else + { + *tp = *p; + tp++; + } + } + + *tp='\0'; +} + +#endif + +void procreadhead(struct connstruct *cn) +{ + char buf[MAXREQUESTLENGTH*4], *tp, *next; + int rv; + + memset(buf, 0, MAXREQUESTLENGTH*4); + rv = special_read(cn, buf, sizeof(buf)-1); + if (rv <= 0) + { + if (rv < 0) /* really dead? */ + removeconnection(cn); + return; + } + + buf[rv] = '\0'; + next = tp = buf; + +#ifdef CONFIG_HTTP_HAS_AUTHORIZATION + cn->authorization[0] = 0; +#endif + + /* Split up lines and send to procheadelem() */ + while (*next != '\0') + { + /* If we have a blank line, advance to next stage */ + if (*next == '\r' || *next == '\n') + { +#if defined(CONFIG_HTTP_HAS_CGI) + if (cn->reqtype == TYPE_POST && cn->content_length > 0) + { + if (init_read_post_data(buf,next,cn,rv) == 0) + return; + } +#endif + + buildactualfile(cn); + cn->state = STATE_WANT_TO_SEND_HEAD; + return; + } + + while (*next != '\r' && *next != '\n' && *next != '\0') + next++; + + if (*next == '\r') + { + *next = '\0'; + next += 2; + } + else if (*next == '\n') + *next++ = '\0'; + + if (procheadelem(cn, tp) == 0) + return; + + tp = next; + } +} + +/* In this function we assume that the file has been checked for + * maliciousness (".."s, etc) and has been decoded + */ +void procsendhead(struct connstruct *cn) +{ + char buf[MAXREQUESTLENGTH]; + struct stat stbuf; + time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT; + char date[32]; + int file_exists; + + /* are we trying to access a file over the HTTP connection instead of a + * HTTPS connection? Or is this directory disabled? */ + if (htaccess_check(cn)) + { + send_error(cn, 403); + return; + } + +#ifdef CONFIG_HTTP_HAS_AUTHORIZATION + if (auth_check(cn)) /* see if there is a '.htpasswd' file */ + { +#ifdef CONFIG_HTTP_VERBOSE + printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH(); +#endif + removeconnection(cn); + return; + } +#endif + + file_exists = stat(cn->actualfile, &stbuf); + +#if defined(CONFIG_HTTP_HAS_CGI) + + if (file_exists != -1 && cn->is_cgi) + { + if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) + { + /* A non-executable file, or directory? */ + send_error(cn, 403); + } + else + proccgi(cn); + + return; + } +#endif + + /* look for "index.html"? */ + if (isdir(cn->actualfile)) + { + char tbuf[MAXREQUESTLENGTH]; + snprintf(tbuf, MAXREQUESTLENGTH, "%s%s", cn->actualfile, index_file); + + if ((file_exists = stat(tbuf, &stbuf)) != -1) + my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH); + else + { +#if defined(CONFIG_HTTP_DIRECTORIES) + /* If not, we do a directory listing of it */ + procdirlisting(cn); +#else + send_error(cn, 404); +#endif + return; + } + } + + if (file_exists == -1) + { + send_error(cn, 404); + return; + } + + strcpy(date, ctime(&now)); + + /* has the file been read before? */ + if (cn->if_modified_since != -1 && (cn->if_modified_since == 0 || + cn->if_modified_since >= stbuf.st_mtime)) + { + snprintf(buf, sizeof(buf), HTTP_VERSION" 304 Not Modified\nServer: " + "%s\nDate: %s\n", server_version, date); + special_write(cn, buf, strlen(buf)); + cn->state = STATE_WANT_TO_READ_HEAD; + return; + } + + if (cn->reqtype == TYPE_HEAD) + { + removeconnection(cn); + return; + } + else + { + int flags = O_RDONLY; +#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN) + flags |= O_BINARY; +#endif + cn->filedesc = open(cn->actualfile, flags); + + if (cn->filedesc < 0) + { + send_error(cn, 404); + return; + } + + snprintf(buf, sizeof(buf), HTTP_VERSION" 200 OK\nServer: %s\n" + "Content-Type: %s\nContent-Length: %ld\n" + "Date: %sLast-Modified: %s\n", server_version, + getmimetype(cn->actualfile), (long) stbuf.st_size, + date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */ + + special_write(cn, buf, strlen(buf)); + +#ifdef CONFIG_HTTP_VERBOSE + printf("axhttpd: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq); + TTY_FLUSH(); +#endif + +#ifdef WIN32 + for (;;) + { + procreadfile(cn); + if (cn->filedesc == -1) + break; + + do + { + procsendfile(cn); + } while (cn->state != STATE_WANT_TO_READ_FILE); + } +#else + cn->state = STATE_WANT_TO_READ_FILE; +#endif + } +} + +void procreadfile(struct connstruct *cn) +{ + int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE); + + if (rv <= 0) + { + close(cn->filedesc); + cn->filedesc = -1; + + if (cn->close_when_done) /* close immediately */ + removeconnection(cn); + else + { /* keep socket open - HTTP 1.1 */ + cn->state = STATE_WANT_TO_READ_HEAD; + cn->numbytes = 0; + } + + return; + } + + cn->numbytes = rv; + cn->state = STATE_WANT_TO_SEND_FILE; +} + +void procsendfile(struct connstruct *cn) +{ + int rv = special_write(cn, cn->databuf, cn->numbytes); + + if (rv < 0) + removeconnection(cn); + else if (rv == cn->numbytes) + { + cn->state = STATE_WANT_TO_READ_FILE; + } + else if (rv == 0) + { + /* Do nothing */ + } + else + { + memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv); + cn->numbytes -= rv; + } +} + +#if defined(CONFIG_HTTP_HAS_CGI) +/* Should this be a bit more dynamic? It would mean more calls to malloc etc */ +#define CGI_ARG_SIZE 17 + +static void proccgi(struct connstruct *cn) +{ + int tpipe[2], spipe[2]; + char *myargs[2]; + char cgienv[CGI_ARG_SIZE][MAXREQUESTLENGTH]; + char * cgiptr[CGI_ARG_SIZE+4]; + const char *type = "HEAD"; + int cgi_index = 0, i; + pid_t pid; +#ifdef WIN32 + int tmp_stdout; +#endif + + snprintf(cgienv[0], MAXREQUESTLENGTH, + HTTP_VERSION" 200 OK\nServer: %s\n%s", + server_version, (cn->reqtype == TYPE_HEAD) ? "\n" : ""); + special_write(cn, cgienv[0], strlen(cgienv[0])); + + if (cn->reqtype == TYPE_HEAD) + { + removeconnection(cn); + return; + } + +#ifdef CONFIG_HTTP_VERBOSE + printf("[CGI]: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq); + TTY_FLUSH(); +#endif + + /* win32 cgi is a bit too painful */ +#ifndef WIN32 + /* set up pipe that is used for sending POST query data to CGI script*/ + if (cn->reqtype == TYPE_POST) + { + if (pipe(spipe) == -1) + { + printf("[CGI]: could not create pipe"); + TTY_FLUSH(); + return; + } + } + + if (pipe(tpipe) == -1) + { + printf("[CGI]: could not create pipe"); + TTY_FLUSH(); + return; + } + + /* + * use vfork() instead of fork() for performance + */ + if ((pid = vfork()) > 0) /* parent */ + { + /* Send POST query data to CGI script */ + if ((cn->reqtype == TYPE_POST) && (cn->content_length > 0)) + { + write(spipe[1], cn->post_data, cn->content_length); + close(spipe[0]); + close(spipe[1]); + + /* free the memory that is allocated in read_post_data() */ + free(cn->post_data); + cn->post_data = NULL; + } + + /* Close the write descriptor */ + close(tpipe[1]); + cn->filedesc = tpipe[0]; + cn->state = STATE_WANT_TO_READ_FILE; + cn->close_when_done = 1; + return; + } + + if (pid < 0) /* vfork failed */ + exit(1); + + /* The problem child... */ + + /* Our stdout/stderr goes to the socket */ + dup2(tpipe[1], 1); + dup2(tpipe[1], 2); + + /* If it was a POST request, send the socket data to our stdin */ + if (cn->reqtype == TYPE_POST) + dup2(spipe[0], 0); + else /* Otherwise we can shutdown the read side of the sock */ + shutdown(cn->networkdesc, 0); + + myargs[0] = cn->actualfile; + myargs[1] = NULL; + + /* + * set the cgi args. A url is defined by: + * http://$SERVER_NAME:$SERVER_PORT$SCRIPT_NAME$PATH_INFO?$QUERY_STRING + * TODO: other CGI parameters? + */ + sprintf(cgienv[cgi_index++], "SERVER_SOFTWARE=%s", server_version); + strcpy(cgienv[cgi_index++], "DOCUMENT_ROOT=" CONFIG_HTTP_WEBROOT); + snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH, + "SERVER_NAME=%s", cn->server_name); + sprintf(cgienv[cgi_index++], "SERVER_PORT=%d", + cn->is_ssl ? CONFIG_HTTP_HTTPS_PORT : CONFIG_HTTP_PORT); + snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH, + "REQUEST_URI=%s", cn->uri_request); + snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH, + "SCRIPT_NAME=%s", cn->filereq); + snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH, + "PATH_INFO=%s", cn->uri_path_info); + snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH, + "QUERY_STRING=%s", cn->uri_query); + snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH, + "REMOTE_ADDR=%s", cn->remote_addr); + snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH, + "HTTP_COOKIE=%s", cn->cookie); /* note: small size */ +#if defined(CONFIG_HTTP_HAS_AUTHORIZATION) + snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH, + "REMOTE_USER=%s", cn->authorization); +#endif + + switch (cn->reqtype) + { + case TYPE_GET: + type = "GET"; + break; + + case TYPE_POST: + type = "POST"; + sprintf(cgienv[cgi_index++], + "CONTENT_LENGTH=%d", cn->content_length); + strcpy(cgienv[cgi_index++], /* hard-code? */ + "CONTENT_TYPE=application/x-www-form-urlencoded"); + break; + } + + sprintf(cgienv[cgi_index++], "REQUEST_METHOD=%s", type); + + if (cn->is_ssl) + strcpy(cgienv[cgi_index++], "HTTPS=on"); + +#ifdef CONFIG_PLATFORM_CYGWIN + /* TODO: find out why Lua needs this */ + strcpy(cgienv[cgi_index++], "PATH=/usr/bin"); +#endif + + if (cgi_index >= CGI_ARG_SIZE) + { + printf("Content-type: text/plain\n\nToo many CGI args (%d, %d)\n", + cgi_index, CGI_ARG_SIZE); + _exit(1); + } + + /* copy across the pointer indexes */ + for (i = 0; i < cgi_index; i++) + cgiptr[i] = cgienv[i]; + + cgiptr[i++] = "AUTH_TYPE=Basic"; + cgiptr[i++] = "GATEWAY_INTERFACE=CGI/1.1"; + cgiptr[i++] = "SERVER_PROTOCOL="HTTP_VERSION; + cgiptr[i] = NULL; + + execve(myargs[0], myargs, cgiptr); + printf("Content-type: text/plain\n\nshouldn't get here\n"); + _exit(1); +#endif +} + +static char * cgi_filetype_match(struct connstruct *cn, const char *fn) +{ + struct cgiextstruct *tp = cgiexts; + + while (tp != NULL) + { + char *t; + + if ((t = strstr(fn, tp->ext)) != NULL) + { + t += strlen(tp->ext); + + if (*t == '/' || *t == '\0') + { +#ifdef CONFIG_HTTP_ENABLE_LUA + if (strcmp(tp->ext, ".lua") == 0 || strcmp(tp->ext, ".lp") == 0) + cn->is_lua = 1; +#endif + + return t; + } + else + return NULL; + + } + + tp = tp->next; + } + + return NULL; +} + +static void decode_path_info(struct connstruct *cn, char *path_info) +{ + char *cgi_delim; + + cn->is_cgi = 0; +#ifdef CONFIG_HTTP_ENABLE_LUA + cn->is_lua = 0; +#endif + *cn->uri_request = '\0'; + *cn->uri_path_info = '\0'; + *cn->uri_query = '\0'; + + my_strncpy(cn->uri_request, path_info, MAXREQUESTLENGTH); + + /* query info? */ + if ((cgi_delim = strchr(path_info, '?'))) + { + *cgi_delim = '\0'; + my_strncpy(cn->uri_query, cgi_delim+1, MAXREQUESTLENGTH); + } + + if ((cgi_delim = cgi_filetype_match(cn, path_info)) != NULL) + { + cn->is_cgi = 1; /* definitely a CGI script */ + + /* path info? */ + if (*cgi_delim != '\0') + { + my_strncpy(cn->uri_path_info, cgi_delim, MAXREQUESTLENGTH); + *cgi_delim = '\0'; + } + } + + /* the bit at the start must be the script name */ + my_strncpy(cn->filereq, path_info, MAXREQUESTLENGTH); +} + +static int init_read_post_data(char *buf, char *data, + struct connstruct *cn, int old_rv) +{ + char *next = data; + int rv = old_rv; + char *post_data; + + /* Too much Post data to send. MAXPOSTDATASIZE should be + configured (now it can be chaged in the header file) */ + if (cn->content_length > MAXPOSTDATASIZE) + { + send_error(cn, 418); + return 0; + } + + /* remove CRLF */ + while ((*next == '\r' || *next == '\n') && (next < &buf[rv])) + next++; + + if (cn->post_data == NULL) + { + cn->post_data = (char *) calloc(1, (cn->content_length + 1)); + /* Allocate buffer for the POST data that will be used by proccgi + to send POST data to the CGI script */ + + if (cn->post_data == NULL) + { + printf("axhttpd: could not allocate memory for POST data\n"); + TTY_FLUSH(); + send_error(cn, 599); + return 0; + } + } + + cn->post_state = 0; + cn->post_read = 0; + post_data = cn->post_data; + + while (next < &buf[rv]) + { + /*copy POST data to buffer*/ + *post_data = *next; + post_data++; + next++; + cn->post_read++; + if (cn->post_read == cn->content_length) + { + /* No more POST data to be copied */ + *post_data = '\0'; + return 1; + } + } + + /* More POST data has to be read. read_post_data will continue with that */ + cn->post_state = 1; + return 0; +} + +void read_post_data(struct connstruct *cn) +{ + char buf[MAXREQUESTLENGTH*4], *next; + char *post_data; + int rv; + + bzero(buf,MAXREQUESTLENGTH*4); + rv = special_read(cn, buf, sizeof(buf)-1); + if (rv <= 0) + { + if (rv < 0) /* really dead? */ + removeconnection(cn); + return; + } + + buf[rv] = '\0'; + next = buf; + + post_data = &cn->post_data[cn->post_read]; + + while (next < &buf[rv]) + { + *post_data = *next; + post_data++; + next++; + cn->post_read++; + if (cn->post_read == cn->content_length) + { + /* No more POST data to be copied */ + *post_data='\0'; + cn->post_state = 0; + buildactualfile(cn); + cn->state = STATE_WANT_TO_SEND_HEAD; + return; + } + } + + /* More POST data to read */ +} + +#endif /* CONFIG_HTTP_HAS_CGI */ + +/* Decode string %xx -> char (in place) */ +static void urldecode(char *buf) +{ + int v; + char *p, *s, *w; + + w = p = buf; + + while (*p) + { + v = 0; + + if (*p == '%') + { + s = p; + s++; + + if (isxdigit((int) s[0]) && isxdigit((int) s[1])) + { + v = hexit(s[0])*16 + hexit(s[1]); + + if (v) + { + /* do not decode %00 to null char */ + *w = (char)v; + p = &s[1]; + } + } + + } + + if (!v) *w=*p; + p++; + w++; + } + + *w='\0'; +} + +static int hexit(char c) +{ + if (c >= '0' && c <= '9') + return c - '0'; + else if (c >= 'a' && c <= 'f') + return c - 'a' + 10; + else if (c >= 'A' && c <= 'F') + return c - 'A' + 10; + else + return 0; +} + +static void buildactualfile(struct connstruct *cn) +{ + char *cp; + snprintf(cn->actualfile, MAXREQUESTLENGTH, ".%s", cn->filereq); + +#ifndef WIN32 + /* Add directory slash if not there */ + if (isdir(cn->actualfile) && + cn->actualfile[strlen(cn->actualfile)-1] != '/') + strcat(cn->actualfile, "/"); + + /* work out the directory name */ + strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH); + if ((cp = strrchr(cn->dirname, '/')) == NULL) + cn->dirname[0] = 0; + else + *cp = 0; +#else + { + char curr_dir[MAXREQUESTLENGTH]; + char path[MAXREQUESTLENGTH]; + char *t = cn->actualfile; + + GetCurrentDirectory(MAXREQUESTLENGTH, curr_dir); + + /* convert all the forward slashes to back slashes */ + while ((t = strchr(t, '/'))) + *t++ = '\\'; + + snprintf(path, MAXREQUESTLENGTH, "%s%s", curr_dir, cn->actualfile); + memcpy(cn->actualfile, path, MAXREQUESTLENGTH); + + /* Add directory slash if not there */ + if (isdir(cn->actualfile) && + cn->actualfile[strlen(cn->actualfile)-1] != '\\') + strcat(cn->actualfile, "\\"); + + /* work out the directory name */ + strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH); + if ((cp = strrchr(cn->dirname, '\\')) == NULL) + cn->dirname[0] = 0; + else + *cp = 0; + } +#endif + +#if defined(CONFIG_HTTP_ENABLE_LUA) + /* + * Use the lua launcher if this file has a lua extension. Put this at the + * end as we need the directory name. + */ + if (cn->is_lua) + sprintf(cn->actualfile, "%s%s", CONFIG_HTTP_LUA_PREFIX, + CONFIG_HTTP_LUA_CGI_LAUNCHER); +#endif +} + +static int sanitizefile(const char *buf) +{ + int len, i; + + /* Don't accept anything not starting with a / */ + if (*buf != '/') + return 0; + + len = strlen(buf); + for (i = 0; i < len; i++) + { + /* Check for "/." i.e. don't send files starting with a . */ + if (buf[i] == '/' && buf[i+1] == '.') + return 0; + } + + return 1; +} + +static int sanitizehost(char *buf) +{ + while (*buf != '\0') + { + /* Handle the port */ + if (*buf == ':') + { + *buf = '\0'; + return 1; + } + + /* Enforce some basic URL rules... */ + if ((isalnum(*buf) == 0 && *buf != '-' && *buf != '.') || + (*buf == '.' && *(buf+1) == '.') || + (*buf == '.' && *(buf+1) == '-') || + (*buf == '-' && *(buf+1) == '.')) + return 0; + + buf++; + } + + return 1; +} + +static FILE * exist_check(struct connstruct *cn, const char *check_file) +{ + char pathname[MAXREQUESTLENGTH]; + snprintf(pathname, MAXREQUESTLENGTH, "%s/%s", cn->dirname, check_file); + return fopen(pathname, "r"); +} + +#ifdef CONFIG_HTTP_HAS_AUTHORIZATION +static void send_authenticate(struct connstruct *cn, const char *realm) +{ + char buf[1024]; + + snprintf(buf, sizeof(buf), HTTP_VERSION" 401 Unauthorized\n" + "WWW-Authenticate: Basic\n" + "realm=\"%s\"\n", realm); + special_write(cn, buf, strlen(buf)); +} + +static int check_digest(char *salt, const char *msg_passwd) +{ + uint8_t b256_salt[MAXREQUESTLENGTH]; + uint8_t real_passwd[MD5_SIZE]; + int salt_size; + char *b64_passwd; + uint8_t md5_result[MD5_SIZE]; + MD5_CTX ctx; + + /* retrieve the salt */ + if ((b64_passwd = strchr(salt, '$')) == NULL) + return -1; + + *b64_passwd++ = 0; + if (base64_decode(salt, strlen(salt), b256_salt, &salt_size)) + return -1; + + if (base64_decode(b64_passwd, strlen(b64_passwd), real_passwd, NULL)) + return -1; + + /* very simple MD5 crypt algorithm, but then the salt we use is large */ + MD5_Init(&ctx); + MD5_Update(&ctx, b256_salt, salt_size); /* process the salt */ + MD5_Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd)); + MD5_Final(md5_result, &ctx); + return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */ +} + +static int auth_check(struct connstruct *cn) +{ + char line[MAXREQUESTLENGTH]; + FILE *fp; + char *cp; + + if ((fp = exist_check(cn, ".htpasswd")) == NULL) + return 0; /* no .htpasswd file, so let though */ + + if (cn->authorization[0] == 0) + goto error; + + /* cn->authorization is in form "username:password" */ + if ((cp = strchr(cn->authorization, ':')) == NULL) + goto error; + else + *cp++ = 0; /* cp becomes the password */ + + while (fgets(line, sizeof(line), fp) != NULL) + { + char *b64_file_passwd; + int l = strlen(line); + + /* nuke newline */ + if (line[l-1] == '\n') + line[l-1] = 0; + + /* line is form "username:salt(b64)$password(b64)" */ + if ((b64_file_passwd = strchr(line, ':')) == NULL) + continue; + + *b64_file_passwd++ = 0; + + if (strcmp(line, cn->authorization)) /* our user? */ + continue; + + if (check_digest(b64_file_passwd, cp) == 0) + { + fclose(fp); + return 0; + } + } + +error: + fclose(fp); + send_authenticate(cn, cn->server_name); + return -1; +} +#endif + +static int htaccess_check(struct connstruct *cn) +{ + char line[MAXREQUESTLENGTH]; + FILE *fp; + int ret = 0; + + if ((fp = exist_check(cn, ".htaccess")) == NULL) + return 0; /* no .htaccess file, so let though */ + + while (fgets(line, sizeof(line), fp) != NULL) + { + if (strstr(line, "Deny all") || /* access to this dir denied */ + /* Access will be denied unless SSL is active */ + (!cn->is_ssl && strstr(line, "SSLRequireSSL")) || + /* Access will be denied if SSL is active */ + (cn->is_ssl && strstr(line, "SSLDenySSL"))) + { + ret = -1; + break; + } + } + + fclose(fp); + return ret; +} + +static void send_error(struct connstruct *cn, int err) +{ + char buf[MAXREQUESTLENGTH]; + char *title; + char *text; + + switch (err) + { + case 403: + title = "Forbidden"; + text = "File is protected"; +#ifdef CONFIG_HTTP_VERBOSE + printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH(); +#endif + break; + + case 404: + title = "Not Found"; + text = title; + break; + + case 418: + title = "POST data size is to large"; + text = title; + break; + + default: + title = "Unknown"; + text = "Unknown"; + break; + } + + snprintf(buf, MAXREQUESTLENGTH, "HTTP/1.1 %d %s\n" + "Content-Type: text/html\n" + "Cache-Control: no-cache,no-store\n" + "Connection: close\n\n" + "<html>\n<head>\n<title>%d %s</title></head>\n" + "<body><h1>%d %s</h1>\n</body></html>\n", + err, title, err, title, err, text); + special_write(cn, buf, strlen(buf)); + removeconnection(cn); +} + +static const char *getmimetype(const char *name) +{ + /* only bother with a few mime types - let the browser figure the rest out */ + if (strstr(name, ".htm")) + return "text/html"; + else if (strstr(name, ".css")) + return "text/css"; + else + return "application/octet-stream"; +} + +static int special_write(struct connstruct *cn, + const char *buf, size_t count) +{ + if (cn->is_ssl) + { + SSL *ssl = cn->ssl; + return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1; + } + else + return SOCKET_WRITE(cn->networkdesc, buf, count); +} + +static int special_read(struct connstruct *cn, void *buf, size_t count) +{ + int res; + + if (cn->is_ssl) + { + uint8_t *read_buf; + if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK) + { + memcpy(buf, read_buf, res > (int)count ? count : res); + } + } + else + res = SOCKET_READ(cn->networkdesc, buf, count); + + return res; +} + diff --git a/libs/luci-lib-nixio/axTLS/httpd/tdate_parse.c b/libs/luci-lib-nixio/axTLS/httpd/tdate_parse.c new file mode 100644 index 0000000000..813bdc578b --- /dev/null +++ b/libs/luci-lib-nixio/axTLS/httpd/tdate_parse.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2007, Cameron Rich + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the axTLS project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <sys/types.h> +#include <ctype.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "axhttp.h" + +struct day_mon_map +{ + const char* s; + uint8_t l; +}; + +static struct day_mon_map wday_tab[] = +{ + { "Sun", 0 }, { "Mon", 1 }, { "Tue", 2 }, { "Wed", 3 }, + { "Thu", 4 }, { "Fri", 5 }, { "Sat", 6 }, +}; + +static struct day_mon_map mon_tab[] = +{ + { "Jan", 0 }, { "Feb", 1 }, { "Mar", 2 }, { "Apr", 3 }, + { "May", 4 }, { "Jun", 5 }, { "Jul", 6 }, { "Aug", 7 }, + { "Sep", 8 }, { "Oct", 9 }, { "Nov", 10 }, { "Dec", 11 }, +}; + +static int day_mon_map_compare(const char *v1, const char *v2) +{ + return strcmp(((struct day_mon_map*)v1)->s, ((struct day_mon_map*)v2)->s); +} + +void tdate_init(void) +{ + qsort(wday_tab, sizeof(wday_tab)/sizeof(struct day_mon_map), + sizeof(struct day_mon_map), + (int (*)(const void *, const void *))day_mon_map_compare); + qsort(mon_tab, sizeof(mon_tab)/sizeof(struct day_mon_map), + sizeof(struct day_mon_map), + (int (*)(const void *, const void *))day_mon_map_compare); +} + +static int8_t day_mon_map_search(const char* str, + const struct day_mon_map* tab, int n) +{ + struct day_mon_map *search = bsearch(&str, tab, n, + sizeof(struct day_mon_map), + (int (*)(const void *, const void *))day_mon_map_compare); + return search ? search->l : -1; +} + +time_t tdate_parse(const char* str) +{ + struct tm tm; + char str_mon[4], str_wday[4]; + int tm_sec, tm_min, tm_hour, tm_mday, tm_year; + + /* Initialize. */ + memset(&tm, 0, sizeof(struct tm)); + + /* wdy, DD mth YY HH:MM:SS GMT */ + if ((sscanf(str, "%3[a-zA-Z], %d %3[a-zA-Z] %d %d:%d:%d GMT", + str_wday, &tm_mday, str_mon, &tm_year, &tm_hour, &tm_min, + &tm_sec) == 7) || + /* wdy mth DD HH:MM:SS YY */ + (sscanf(str, "%3[a-zA-Z] %3[a-zA-Z] %d %d:%d:%d %d", + str_wday, str_mon, &tm_mday, &tm_hour, &tm_min, &tm_sec, + &tm_year) == 7)) + { + int8_t tm_wday = day_mon_map_search(str_wday, wday_tab, + sizeof(wday_tab)/sizeof(struct day_mon_map)); + int8_t tm_mon = day_mon_map_search(str_mon, mon_tab, + sizeof(mon_tab)/sizeof(struct day_mon_map)); + + if (tm_wday < 0 || tm_mon < 0) + return -1; + + tm.tm_wday = tm_wday; + tm.tm_mon = tm_mon; + tm.tm_mday = tm_mday; + tm.tm_hour = tm_hour; + tm.tm_min = tm_min; + tm.tm_sec = tm_sec; + tm.tm_year = tm_year - 1900; + return mktime(&tm); + } + + return -1; /* error */ +} |