/*
 * Copyright (c) 2007-2008, Cameron Rich
 * 
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met:
 *
 * * Redistributions of source code must retain the above copyright notice, 
 *   this list of conditions and the following disclaimer.
 * * Redistributions in binary form must reproduce the above copyright notice, 
 *   this list of conditions and the following disclaimer in the documentation 
 *   and/or other materials provided with the distribution.
 * * Neither the name of the axTLS project nor the names of its contributors 
 *   may be used to endorse or promote products derived from this software 
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <time.h>
#include <string.h>
#include "axhttp.h"

#define HTTP_VERSION        "HTTP/1.1"

static const char * index_file = "index.html";

static int special_read(struct connstruct *cn, void *buf, size_t count);
static int special_write(struct connstruct *cn, 
                                        const char *buf, size_t count);
static void send_error(struct connstruct *cn, int err);
static int hexit(char c);
static void urldecode(char *buf);
static void buildactualfile(struct connstruct *cn);
static int sanitizefile(const char *buf);
static int sanitizehost(char *buf);
static int htaccess_check(struct connstruct *cn);
static const char *getmimetype(const char *name);

#if defined(CONFIG_HTTP_DIRECTORIES)
static void urlencode(const uint8_t *s, char *t);
static void procdirlisting(struct connstruct *cn);
#endif
#if defined(CONFIG_HTTP_HAS_CGI)
static void proccgi(struct connstruct *cn);
static void decode_path_info(struct connstruct *cn, char *path_info);
static int init_read_post_data(char *buf, char *data, struct connstruct *cn, int old_rv);
#endif
#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
static int auth_check(struct connstruct *cn);
#endif

#if AXDEBUG
#define AXDEBUGSTART \
	{ \
		FILE *axdout; \
		axdout = fopen("/var/log/axdebug", "a"); \
	
#define AXDEBUGEND \
		fclose(axdout); \
	}
#else /* AXDEBUG */
#define AXDEBUGSTART
#define AXDEBUGEND
#endif /* AXDEBUG */

/* Returns 1 if elems should continue being read, 0 otherwise */
static int procheadelem(struct connstruct *cn, char *buf) 
{
    char *delim, *value;

    if ((delim = strchr(buf, ' ')) == NULL)
        return 0;

    *delim = 0;
    value = delim+1;

    if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 ||
                                            strcmp(buf, "POST") == 0) 
    {
        if (buf[0] == 'H') 
            cn->reqtype = TYPE_HEAD;
        else if (buf[0] == 'P') 
            cn->reqtype = TYPE_POST;

        if ((delim = strchr(value, ' ')) == NULL)       /* expect HTTP type */
            return 0;

        *delim = 0;
        urldecode(value);

        if (sanitizefile(value) == 0) 
        {
            send_error(cn, 403);
            return 0;
        }

#if defined(CONFIG_HTTP_HAS_CGI)
        decode_path_info(cn, value);
#else
        my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
#endif
        cn->if_modified_since = -1;
    } 
    else if (strcmp(buf, "Host:") == 0) 
    {
        if (sanitizehost(value) == 0) 
        {
            removeconnection(cn);
            return 0;
        }

        my_strncpy(cn->server_name, value, MAXREQUESTLENGTH);
    } 
    else if (strcmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0) 
    {
        cn->close_when_done = 1;
    } 
    else if (strcmp(buf, "If-Modified-Since:") == 0) 
    {
        cn->if_modified_since = tdate_parse(value);
    }
    else if (strcmp(buf, "Expect:") == 0)
    {
        send_error(cn, 417); /* expectation failed */
        return 0;
    }
#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
    else if (strcmp(buf, "Authorization:") == 0 &&
                                    strncmp(value, "Basic ", 6) == 0)
    {
        int size;
        if (base64_decode(&value[6], strlen(&value[6]), 
                                        (uint8_t *)cn->authorization, &size))
            cn->authorization[0] = 0;   /* error */
        else
            cn->authorization[size] = 0;
    }
#endif
#if defined(CONFIG_HTTP_HAS_CGI)
    else if (strcmp(buf, "Content-Length:") == 0)
    {
        sscanf(value, "%d", &cn->content_length);
    }
    else if (strcmp(buf, "Cookie:") == 0)
    {
        my_strncpy(cn->cookie, value, MAXREQUESTLENGTH);
    }
#endif

    return 1;
}

#if defined(CONFIG_HTTP_DIRECTORIES)
static void procdirlisting(struct connstruct *cn)
{
    char buf[MAXREQUESTLENGTH];
    char actualfile[1024];

    if (cn->reqtype == TYPE_HEAD) 
    {
        snprintf(buf, sizeof(buf), HTTP_VERSION
                " 200 OK\nContent-Type: text/html\n\n");
        write(cn->networkdesc, buf, strlen(buf));
        removeconnection(cn);
        return;
    }

    strcpy(actualfile, cn->actualfile);

#ifdef WIN32
    strcat(actualfile, "*");
    cn->dirp = FindFirstFile(actualfile, &cn->file_data);

    if (cn->dirp == INVALID_HANDLE_VALUE) 
    {
        send_error(cn, 404);
        return;
    }
#else
    if ((cn->dirp = opendir(actualfile)) == NULL) 
    {
        send_error(cn, 404);
        return;
    }
#endif

    snprintf(buf, sizeof(buf), HTTP_VERSION
            " 200 OK\nContent-Type: text/html\n\n"
            "<html><body>\n<title>Directory Listing</title>\n"
            "<h3>Directory listing of %s://%s%s</h3><br />\n", 
            cn->is_ssl ? "https" : "http", cn->server_name, cn->filereq);
    special_write(cn, buf, strlen(buf));
    cn->state = STATE_DOING_DIR;
}

void procdodir(struct connstruct *cn) 
{
#ifndef WIN32
    struct dirent *dp;
#endif
    char buf[MAXREQUESTLENGTH];
    char encbuf[1024];
    char *file;

    do 
    {
       buf[0] = 0;

#ifdef WIN32
        if (!FindNextFile(cn->dirp, &cn->file_data)) 
#else
        if ((dp = readdir(cn->dirp)) == NULL)  
#endif
        {
            snprintf(buf, sizeof(buf), "</body></html>\n");
            special_write(cn, buf, strlen(buf));
            removeconnection(cn);
#ifndef WIN32
            closedir(cn->dirp);
#endif
            return;
        }

#ifdef WIN32
        file = cn->file_data.cFileName;
#else
        file = dp->d_name;
#endif

        /* if no index file, don't display the ".." directory */
        if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
                strcmp(file, "..") == 0) 
            continue;

        /* don't display files beginning with "." */
        if (file[0] == '.' && file[1] != '.')
            continue;

        /* make sure a '/' is at the end of a directory */
        if (cn->filereq[strlen(cn->filereq)-1] != '/')
            strcat(cn->filereq, "/");

        /* see if the dir + file is another directory */
        snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
        if (isdir(buf))
            strcat(file, "/");

        urlencode((uint8_t *)file, encbuf);
        snprintf(buf, sizeof(buf), "<a href=\"%s%s\">%s</a><br />\n",
                cn->filereq, encbuf, file);
    } while (special_write(cn, buf, strlen(buf)));
}

/* Encode funny chars -> %xx in newly allocated storage */
/* (preserves '/' !) */
static void urlencode(const uint8_t *s, char *t) 
{
    const uint8_t *p = s;
    char *tp = t;

    for (; *p; p++) 
    {
        if ((*p > 0x00 && *p < ',') ||
                (*p > '9' && *p < 'A') ||
                (*p > 'Z' && *p < '_') ||
                (*p > '_' && *p < 'a') ||
                (*p > 'z' && *p < 0xA1)) 
        {
            sprintf((char *)tp, "%%%02X", *p);
            tp += 3; 
        } 
        else 
        {
            *tp = *p;
            tp++;
        }
    }

    *tp='\0';
}

#endif

void procreadhead(struct connstruct *cn) 
{
    char buf[MAXREQUESTLENGTH*4], *tp, *next;
    int rv;

    memset(buf, 0, MAXREQUESTLENGTH*4);
    rv = special_read(cn, buf, sizeof(buf)-1);
    if (rv <= 0) 
    {
        if (rv < 0) /* really dead? */
            removeconnection(cn);
        return;
    }

    buf[rv] = '\0';
    next = tp = buf;

#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
    cn->authorization[0] = 0;
#endif

    /* Split up lines and send to procheadelem() */
    while (*next != '\0') 
    {
        /* If we have a blank line, advance to next stage */
        if (*next == '\r' || *next == '\n') 
        {
#if defined(CONFIG_HTTP_HAS_CGI)
            if (cn->reqtype == TYPE_POST && cn->content_length > 0)
            {
                if (init_read_post_data(buf,next,cn,rv) == 0)
                    return;
            }
#endif

            buildactualfile(cn);
            cn->state = STATE_WANT_TO_SEND_HEAD;
            return;
        }

        while (*next != '\r' && *next != '\n' && *next != '\0') 
            next++;

        if (*next == '\r') 
        {
            *next = '\0';
            next += 2;
        }
        else if (*next == '\n') 
            *next++ = '\0';

        if (procheadelem(cn, tp) == 0) 
            return;

        tp = next;
    }
}

/* In this function we assume that the file has been checked for
 * maliciousness (".."s, etc) and has been decoded
 */
void procsendhead(struct connstruct *cn) 
{
    char buf[MAXREQUESTLENGTH];
    struct stat stbuf;
    time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
    char date[32];
    int file_exists;

    /* are we trying to access a file over the HTTP connection instead of a
     * HTTPS connection? Or is this directory disabled? */
    if (htaccess_check(cn))      
    {
        send_error(cn, 403);
        return;
    }

#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
    if (auth_check(cn))     /* see if there is a '.htpasswd' file */
    {
#ifdef CONFIG_HTTP_VERBOSE
        printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
#endif
        removeconnection(cn);
        return;
    }
#endif

    file_exists = stat(cn->actualfile, &stbuf);

#if defined(CONFIG_HTTP_HAS_CGI)

    if (file_exists != -1 && cn->is_cgi)
    {
        if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile))
        {
            /* A non-executable file, or directory? */
            send_error(cn, 403);
        }
        else
            proccgi(cn);

        return;
    }
#endif

    /* look for "index.html"? */
    if (isdir(cn->actualfile))
    {
        char tbuf[MAXREQUESTLENGTH];
        snprintf(tbuf, MAXREQUESTLENGTH, "%s%s", cn->actualfile, index_file);

        if ((file_exists = stat(tbuf, &stbuf)) != -1) 
            my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
        else
        {
#if defined(CONFIG_HTTP_DIRECTORIES)
            /* If not, we do a directory listing of it */
            procdirlisting(cn);
#else
            send_error(cn, 404);
#endif
            return;
        }
    }

    if (file_exists == -1)
    {
        send_error(cn, 404);
        return;
    }

    strcpy(date, ctime(&now));

    /* has the file been read before? */
    if (cn->if_modified_since != -1 && (cn->if_modified_since == 0 || 
                                       cn->if_modified_since >= stbuf.st_mtime))
    {
        snprintf(buf, sizeof(buf), HTTP_VERSION" 304 Not Modified\nServer: "
                "%s\nDate: %s\n", server_version, date);
        special_write(cn, buf, strlen(buf));
        cn->state = STATE_WANT_TO_READ_HEAD;
        return;
    }

    if (cn->reqtype == TYPE_HEAD) 
    {
        removeconnection(cn);
        return;
    } 
    else 
    {
        int flags = O_RDONLY;
#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
        flags |= O_BINARY;
#endif
        cn->filedesc = open(cn->actualfile, flags);

        if (cn->filedesc < 0) 
        {
            send_error(cn, 404);
            return;
        }

        snprintf(buf, sizeof(buf), HTTP_VERSION" 200 OK\nServer: %s\n"
            "Content-Type: %s\nContent-Length: %ld\n"
            "Date: %sLast-Modified: %s\n", server_version,
            getmimetype(cn->actualfile), (long) stbuf.st_size,
            date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */

        special_write(cn, buf, strlen(buf));

#ifdef CONFIG_HTTP_VERBOSE
        printf("axhttpd: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
        TTY_FLUSH();
#endif

#ifdef WIN32
        for (;;)
        {
            procreadfile(cn);
            if (cn->filedesc == -1)
                break;

            do 
            {
                procsendfile(cn);
            } while (cn->state != STATE_WANT_TO_READ_FILE);
        }
#else
        cn->state = STATE_WANT_TO_READ_FILE;
#endif
    }
}

void procreadfile(struct connstruct *cn) 
{
    int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);

    if (rv <= 0) 
    {
        close(cn->filedesc);
        cn->filedesc = -1;

        if (cn->close_when_done)        /* close immediately */
            removeconnection(cn);
        else 
        {                               /* keep socket open - HTTP 1.1 */
            cn->state = STATE_WANT_TO_READ_HEAD;
            cn->numbytes = 0;
        }

        return;
    }

    cn->numbytes = rv;
    cn->state = STATE_WANT_TO_SEND_FILE;
}

void procsendfile(struct connstruct *cn) 
{
    int rv = special_write(cn, cn->databuf, cn->numbytes);

    if (rv < 0)
        removeconnection(cn);
    else if (rv == cn->numbytes)
    {
        cn->state = STATE_WANT_TO_READ_FILE;
    }
    else if (rv == 0)
    { 
        /* Do nothing */ 
    }
    else 
    {
        memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
        cn->numbytes -= rv;
    }
}

#if defined(CONFIG_HTTP_HAS_CGI)
/* Should this be a bit more dynamic? It would mean more calls to malloc etc */
#define CGI_ARG_SIZE        17

static void proccgi(struct connstruct *cn) 
{
    int tpipe[2], spipe[2];
    char *myargs[2];
    char cgienv[CGI_ARG_SIZE][MAXREQUESTLENGTH];
    char * cgiptr[CGI_ARG_SIZE+4];
    const char *type = "HEAD";
    int cgi_index = 0, i;
    pid_t pid;
#ifdef WIN32
    int tmp_stdout;
#endif

    snprintf(cgienv[0], MAXREQUESTLENGTH, 
            HTTP_VERSION" 200 OK\nServer: %s\n%s",
            server_version, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
    special_write(cn, cgienv[0], strlen(cgienv[0]));

    if (cn->reqtype == TYPE_HEAD) 
    {
        removeconnection(cn);
        return;
    }

#ifdef CONFIG_HTTP_VERBOSE
        printf("[CGI]: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
        TTY_FLUSH();
#endif

    /* win32 cgi is a bit too painful */
#ifndef WIN32
	/* set up pipe that is used for sending POST query data to CGI script*/
    if (cn->reqtype == TYPE_POST) 
    {
        if (pipe(spipe) == -1)
        {
            printf("[CGI]: could not create pipe");
            TTY_FLUSH();
            return;
        }
    }

	if (pipe(tpipe) == -1)
    {
        printf("[CGI]: could not create pipe");
        TTY_FLUSH();
        return;
    }

    /*
     * use vfork() instead of fork() for performance 
     */
    if ((pid = vfork()) > 0)  /* parent */
    {
        /* Send POST query data to CGI script */
        if ((cn->reqtype == TYPE_POST) && (cn->content_length > 0)) 
        {
            write(spipe[1], cn->post_data, cn->content_length);
            close(spipe[0]);	 
            close(spipe[1]);

            /* free the memory that is allocated in read_post_data() */
            free(cn->post_data); 
            cn->post_data = NULL;
        }

        /* Close the write descriptor */
        close(tpipe[1]);
        cn->filedesc = tpipe[0];
        cn->state = STATE_WANT_TO_READ_FILE;
        cn->close_when_done = 1;
        return;
    }

    if (pid < 0) /* vfork failed */
        exit(1);

    /* The problem child... */

    /* Our stdout/stderr goes to the socket */
    dup2(tpipe[1], 1);
    dup2(tpipe[1], 2);

    /* If it was a POST request, send the socket data to our stdin */
    if (cn->reqtype == TYPE_POST) 
        dup2(spipe[0], 0);  
    else    /* Otherwise we can shutdown the read side of the sock */
        shutdown(cn->networkdesc, 0);

    myargs[0] = cn->actualfile;
    myargs[1] = NULL;

    /* 
     * set the cgi args. A url is defined by:
     * http://$SERVER_NAME:$SERVER_PORT$SCRIPT_NAME$PATH_INFO?$QUERY_STRING
     * TODO: other CGI parameters?
     */
    sprintf(cgienv[cgi_index++], "SERVER_SOFTWARE=%s", server_version);
    strcpy(cgienv[cgi_index++], "DOCUMENT_ROOT=" CONFIG_HTTP_WEBROOT);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "SERVER_NAME=%s", cn->server_name);
    sprintf(cgienv[cgi_index++], "SERVER_PORT=%d", 
            cn->is_ssl ? CONFIG_HTTP_HTTPS_PORT : CONFIG_HTTP_PORT);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "REQUEST_URI=%s", cn->uri_request);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "SCRIPT_NAME=%s", cn->filereq);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "PATH_INFO=%s", cn->uri_path_info);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "QUERY_STRING=%s", cn->uri_query);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "REMOTE_ADDR=%s", cn->remote_addr);
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "HTTP_COOKIE=%s", cn->cookie);  /* note: small size */
#if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
            "REMOTE_USER=%s", cn->authorization);
#endif

    switch (cn->reqtype)
    {
        case TYPE_GET: 
            type = "GET";
            break;

        case TYPE_POST:
            type = "POST";
            sprintf(cgienv[cgi_index++], 
                        "CONTENT_LENGTH=%d", cn->content_length);
            strcpy(cgienv[cgi_index++],     /* hard-code? */
                        "CONTENT_TYPE=application/x-www-form-urlencoded");
            break;
    }

    sprintf(cgienv[cgi_index++], "REQUEST_METHOD=%s", type);

    if (cn->is_ssl)
        strcpy(cgienv[cgi_index++], "HTTPS=on");

#ifdef CONFIG_PLATFORM_CYGWIN
    /* TODO: find out why Lua needs this */
    strcpy(cgienv[cgi_index++], "PATH=/usr/bin");
#endif

    if (cgi_index >= CGI_ARG_SIZE)
    {
        printf("Content-type: text/plain\n\nToo many CGI args (%d, %d)\n",
                cgi_index, CGI_ARG_SIZE);
        _exit(1);
    }

    /* copy across the pointer indexes */
    for (i = 0; i < cgi_index; i++)
        cgiptr[i] = cgienv[i];

    cgiptr[i++] = "AUTH_TYPE=Basic";
    cgiptr[i++] = "GATEWAY_INTERFACE=CGI/1.1";
    cgiptr[i++] = "SERVER_PROTOCOL="HTTP_VERSION;
    cgiptr[i] = NULL;

    execve(myargs[0], myargs, cgiptr);
    printf("Content-type: text/plain\n\nshouldn't get here\n");
    _exit(1);
#endif
}

static char * cgi_filetype_match(struct connstruct *cn, const char *fn)
{
    struct cgiextstruct *tp = cgiexts;

    while (tp != NULL) 
    {
        char *t;

        if ((t = strstr(fn, tp->ext)) != NULL)
        {
            t += strlen(tp->ext);

            if (*t == '/' || *t == '\0')
            {
#ifdef CONFIG_HTTP_ENABLE_LUA
                if (strcmp(tp->ext, ".lua") == 0 || strcmp(tp->ext, ".lp") == 0)
                    cn->is_lua = 1;
#endif

                return t;
            }
            else
                return NULL;

        }

        tp = tp->next;
    }

    return NULL;
}

static void decode_path_info(struct connstruct *cn, char *path_info)
{
    char *cgi_delim;

    cn->is_cgi = 0;
#ifdef CONFIG_HTTP_ENABLE_LUA
    cn->is_lua = 0;
#endif
    *cn->uri_request = '\0';
    *cn->uri_path_info = '\0';
    *cn->uri_query = '\0';

    my_strncpy(cn->uri_request, path_info, MAXREQUESTLENGTH);

    /* query info? */
    if ((cgi_delim = strchr(path_info, '?')))
    {
        *cgi_delim = '\0';
        my_strncpy(cn->uri_query, cgi_delim+1, MAXREQUESTLENGTH);
    }

    if ((cgi_delim = cgi_filetype_match(cn, path_info)) != NULL)
    {
        cn->is_cgi = 1;     /* definitely a CGI script */

        /* path info? */
        if (*cgi_delim != '\0')
        {
            my_strncpy(cn->uri_path_info, cgi_delim, MAXREQUESTLENGTH);
            *cgi_delim = '\0';
        }
    }

    /* the bit at the start must be the script name */
    my_strncpy(cn->filereq, path_info, MAXREQUESTLENGTH);
}

static int init_read_post_data(char *buf, char *data, 
                                struct connstruct *cn, int old_rv)
{
   char *next = data;
   int rv = old_rv;
   char *post_data;

    /* Too much Post data to send. MAXPOSTDATASIZE should be 
       configured (now it can be chaged in the header file) */
   if (cn->content_length > MAXPOSTDATASIZE) 
   {
       send_error(cn, 418);
       return 0;
   }
   
   /* remove CRLF */
   while ((*next == '\r' || *next == '\n') && (next < &buf[rv])) 
       next++;
   
   if (cn->post_data == NULL)
   {
       cn->post_data = (char *) calloc(1, (cn->content_length + 1)); 
       /* Allocate buffer for the POST data that will be used by proccgi 
          to send POST data to the CGI script */

       if (cn->post_data == NULL)
       {
           printf("axhttpd: could not allocate memory for POST data\n"); 
           TTY_FLUSH();
           send_error(cn, 599);
           return 0;
       }
   }

   cn->post_state = 0;
   cn->post_read = 0;
   post_data = cn->post_data;

   while (next < &buf[rv])
   { 
       /*copy POST data to buffer*/
       *post_data = *next;
       post_data++;
       next++;
       cn->post_read++;
       if (cn->post_read == cn->content_length)
       { 
           /* No more POST data to be copied */
           *post_data = '\0';
           return 1;
       }
   }

   /* More POST data has to be read. read_post_data will continue with that */
   cn->post_state = 1;
   return 0;
}

void read_post_data(struct connstruct *cn)
{
    char buf[MAXREQUESTLENGTH*4], *next;
    char *post_data;
    int rv;

    bzero(buf,MAXREQUESTLENGTH*4);
    rv = special_read(cn, buf, sizeof(buf)-1);
    if (rv <= 0) 
    {
        if (rv < 0) /* really dead? */
            removeconnection(cn);
        return;
    }

    buf[rv] = '\0';
    next = buf;

    post_data = &cn->post_data[cn->post_read];

    while (next < &buf[rv])
    {
        *post_data = *next;
        post_data++;
        next++;
        cn->post_read++;
        if (cn->post_read == cn->content_length)
        {  
            /* No more POST data to be copied */
            *post_data='\0';
            cn->post_state = 0;
            buildactualfile(cn);
            cn->state = STATE_WANT_TO_SEND_HEAD;
            return;
        }
    }

    /* More POST data to read */
}

#endif  /* CONFIG_HTTP_HAS_CGI */

/* Decode string %xx -> char (in place) */
static void urldecode(char *buf) 
{
    int v;
    char *p, *s, *w;

    w = p = buf;

    while (*p) 
    {
        v = 0;

        if (*p == '%') 
        {
            s = p;
            s++;

            if (isxdigit((int) s[0]) && isxdigit((int) s[1]))
            {
                v = hexit(s[0])*16 + hexit(s[1]);

                if (v) 
                { 
                    /* do not decode %00 to null char */
                    *w = (char)v;
                    p = &s[1];
                }
            }

        }

        if (!v) *w=*p;
        p++; 
        w++;
    }

    *w='\0';
}

static int hexit(char c) 
{
    if (c >= '0' && c <= '9')
        return c - '0';
    else if (c >= 'a' && c <= 'f')
        return c - 'a' + 10;
    else if (c >= 'A' && c <= 'F')
        return c - 'A' + 10;
    else
        return 0;
}

static void buildactualfile(struct connstruct *cn)
{
    char *cp;
    snprintf(cn->actualfile, MAXREQUESTLENGTH, ".%s", cn->filereq);

#ifndef WIN32
    /* Add directory slash if not there */
    if (isdir(cn->actualfile) && 
            cn->actualfile[strlen(cn->actualfile)-1] != '/')
        strcat(cn->actualfile, "/");

    /* work out the directory name */
    strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
    if ((cp = strrchr(cn->dirname, '/')) == NULL)
        cn->dirname[0] = 0;
    else
        *cp = 0;
#else
    {
        char curr_dir[MAXREQUESTLENGTH];
        char path[MAXREQUESTLENGTH];
        char *t = cn->actualfile;

        GetCurrentDirectory(MAXREQUESTLENGTH, curr_dir);

        /* convert all the forward slashes to back slashes */
        while ((t = strchr(t, '/')))
            *t++ = '\\';

        snprintf(path, MAXREQUESTLENGTH, "%s%s", curr_dir, cn->actualfile);
        memcpy(cn->actualfile, path, MAXREQUESTLENGTH);

        /* Add directory slash if not there */
        if (isdir(cn->actualfile) && 
                    cn->actualfile[strlen(cn->actualfile)-1] != '\\')
            strcat(cn->actualfile, "\\");

        /* work out the directory name */
        strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
        if ((cp = strrchr(cn->dirname, '\\')) == NULL)
            cn->dirname[0] = 0;
        else
            *cp = 0;
    }
#endif

#if defined(CONFIG_HTTP_ENABLE_LUA)
    /* 
     * Use the lua launcher if this file has a lua extension. Put this at the
     * end as we need the directory name.
     */
    if (cn->is_lua)
        sprintf(cn->actualfile, "%s%s", CONFIG_HTTP_LUA_PREFIX, 
                CONFIG_HTTP_LUA_CGI_LAUNCHER);
#endif
}

static int sanitizefile(const char *buf) 
{
    int len, i;

    /* Don't accept anything not starting with a / */
    if (*buf != '/') 
        return 0;

    len = strlen(buf);
    for (i = 0; i < len; i++) 
    {
        /* Check for "/." i.e. don't send files starting with a . */
        if (buf[i] == '/' && buf[i+1] == '.') 
            return 0;
    }

    return 1;
}

static int sanitizehost(char *buf)
{
    while (*buf != '\0') 
    {
        /* Handle the port */
        if (*buf == ':') 
        {
            *buf = '\0';
            return 1;
        }

        /* Enforce some basic URL rules... */
        if ((isalnum(*buf) == 0 && *buf != '-' && *buf != '.') ||
                (*buf == '.' && *(buf+1) == '.') ||
                (*buf == '.' && *(buf+1) == '-') ||
                (*buf == '-' && *(buf+1) == '.'))
            return 0;

        buf++;
    }

    return 1;
}

static FILE * exist_check(struct connstruct *cn, const char *check_file)
{
    char pathname[MAXREQUESTLENGTH];
    snprintf(pathname, MAXREQUESTLENGTH, "%s/%s", cn->dirname, check_file);
    return fopen(pathname, "r");
}

#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
static void send_authenticate(struct connstruct *cn, const char *realm)
{
    char buf[1024];

    snprintf(buf, sizeof(buf), HTTP_VERSION" 401 Unauthorized\n"
         "WWW-Authenticate: Basic\n"
                 "realm=\"%s\"\n", realm);
    special_write(cn, buf, strlen(buf));
}

static int check_digest(char *salt, const char *msg_passwd)
{
    uint8_t b256_salt[MAXREQUESTLENGTH];
    uint8_t real_passwd[MD5_SIZE];
    int salt_size;
    char *b64_passwd;
    uint8_t md5_result[MD5_SIZE];
    MD5_CTX ctx;

    /* retrieve the salt */
    if ((b64_passwd = strchr(salt, '$')) == NULL)
        return -1;

    *b64_passwd++ = 0;
    if (base64_decode(salt, strlen(salt), b256_salt, &salt_size))
        return -1;

    if (base64_decode(b64_passwd, strlen(b64_passwd), real_passwd, NULL))
        return -1;

    /* very simple MD5 crypt algorithm, but then the salt we use is large */
    MD5_Init(&ctx);
    MD5_Update(&ctx, b256_salt, salt_size);           /* process the salt */
    MD5_Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd)); 
    MD5_Final(md5_result, &ctx);
    return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
}

static int auth_check(struct connstruct *cn)
{
    char line[MAXREQUESTLENGTH];
    FILE *fp;
    char *cp;

    if ((fp = exist_check(cn, ".htpasswd")) == NULL)
        return 0;               /* no .htpasswd file, so let though */

    if (cn->authorization[0] == 0)
        goto error;

    /* cn->authorization is in form "username:password" */
    if ((cp = strchr(cn->authorization, ':')) == NULL)
        goto error;
    else
        *cp++ = 0;  /* cp becomes the password */

    while (fgets(line, sizeof(line), fp) != NULL)
    {
        char *b64_file_passwd;
        int l = strlen(line);

        /* nuke newline */
        if (line[l-1] == '\n')
            line[l-1] = 0;

        /* line is form "username:salt(b64)$password(b64)" */
        if ((b64_file_passwd = strchr(line, ':')) == NULL)
            continue;

        *b64_file_passwd++ = 0;

        if (strcmp(line, cn->authorization)) /* our user? */
            continue;

        if (check_digest(b64_file_passwd, cp) == 0)
        {
            fclose(fp);
            return 0;
        }
    }

error:
    fclose(fp);
    send_authenticate(cn, cn->server_name);
    return -1;
}
#endif

static int htaccess_check(struct connstruct *cn)
{
    char line[MAXREQUESTLENGTH];
    FILE *fp;
    int ret = 0;

    if ((fp = exist_check(cn, ".htaccess")) == NULL)
        return 0;               /* no .htaccess file, so let though */

    while (fgets(line, sizeof(line), fp) != NULL)
    {
        if (strstr(line, "Deny all") || /* access to this dir denied */
                    /* Access will be denied unless SSL is active */
                    (!cn->is_ssl && strstr(line, "SSLRequireSSL")) ||
                    /* Access will be denied if SSL is active */
                    (cn->is_ssl && strstr(line, "SSLDenySSL")))
        {
            ret = -1;
            break;
        }
    }

    fclose(fp);
    return ret;
}

static void send_error(struct connstruct *cn, int err)
{
    char buf[MAXREQUESTLENGTH];
    char *title;
    char *text;

    switch (err)
    {
        case 403:
            title = "Forbidden";
            text = "File is protected";
#ifdef CONFIG_HTTP_VERBOSE
            printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
#endif
            break;

        case 404:
            title = "Not Found";
            text = title;
            break;

        case 418:
            title = "POST data size is to large";
            text = title;
            break;

        default:
            title = "Unknown";
            text = "Unknown";
            break;
    }

    snprintf(buf, MAXREQUESTLENGTH, "HTTP/1.1 %d %s\n"
            "Content-Type: text/html\n"
            "Cache-Control: no-cache,no-store\n"
            "Connection: close\n\n"
            "<html>\n<head>\n<title>%d %s</title></head>\n"
            "<body><h1>%d %s</h1>\n</body></html>\n", 
            err, title, err, title, err, text);
    special_write(cn, buf, strlen(buf));
    removeconnection(cn);
}

static const char *getmimetype(const char *name)
{
    /* only bother with a few mime types - let the browser figure the rest out */
    if (strstr(name, ".htm"))
        return "text/html";
    else if (strstr(name, ".css"))
        return "text/css"; 
    else
        return "application/octet-stream";
}

static int special_write(struct connstruct *cn, 
                                        const char *buf, size_t count)
{
    if (cn->is_ssl)
    {
        SSL *ssl = cn->ssl;
        return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
    }
    else
        return SOCKET_WRITE(cn->networkdesc, buf, count);
}

static int special_read(struct connstruct *cn, void *buf, size_t count)
{
    int res;

    if (cn->is_ssl)
    {
        uint8_t *read_buf;
        if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
        {
            memcpy(buf, read_buf, res > (int)count ? count : res);
        }
    }
    else
        res = SOCKET_READ(cn->networkdesc, buf, count);

    return res;
}