blob: d301d598dcfbe9ab878377c780191301373dcba1
1 | /* vi: set sw=4 ts=4: */ |
2 | /* |
3 | * httpd implementation for busybox |
4 | * |
5 | * Copyright (C) 2002,2003 Glenn Engel <glenne@engel.org> |
6 | * Copyright (C) 2003-2006 Vladimir Oleynik <dzo@simtreas.ru> |
7 | * |
8 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. |
9 | * |
10 | ***************************************************************************** |
11 | * |
12 | * Typical usage: |
13 | * For non root user: |
14 | * httpd -p 8080 -h $HOME/public_html |
15 | * For daemon start from rc script with uid=0: |
16 | * httpd -u www |
17 | * which is equivalent to (assuming user www has uid 80): |
18 | * httpd -p 80 -u 80 -h $PWD -c /etc/httpd.conf -r "Web Server Authentication" |
19 | * |
20 | * When an url starts with "/cgi-bin/" it is assumed to be a cgi script. |
21 | * The server changes directory to the location of the script and executes it |
22 | * after setting QUERY_STRING and other environment variables. |
23 | * |
24 | * If directory URL is given, no index.html is found and CGI support is enabled, |
25 | * cgi-bin/index.cgi will be run. Directory to list is ../$QUERY_STRING. |
26 | * See httpd_indexcgi.c for an example GCI code. |
27 | * |
28 | * Doc: |
29 | * "CGI Environment Variables": http://hoohoo.ncsa.uiuc.edu/cgi/env.html |
30 | * |
31 | * The applet can also be invoked as an url arg decoder and html text encoder |
32 | * as follows: |
33 | * foo=`httpd -d $foo` # decode "Hello%20World" as "Hello World" |
34 | * bar=`httpd -e "<Hello World>"` # encode as "<Hello World>" |
35 | * Note that url encoding for arguments is not the same as html encoding for |
36 | * presentation. -d decodes an url-encoded argument while -e encodes in html |
37 | * for page display. |
38 | * |
39 | * httpd.conf has the following format: |
40 | * |
41 | * H:/serverroot # define the server root. It will override -h |
42 | * A:172.20. # Allow address from 172.20.0.0/16 |
43 | * A:10.0.0.0/25 # Allow any address from 10.0.0.0-10.0.0.127 |
44 | * A:10.0.0.0/255.255.255.128 # Allow any address that previous set |
45 | * A:127.0.0.1 # Allow local loopback connections |
46 | * D:* # Deny from other IP connections |
47 | * E404:/path/e404.html # /path/e404.html is the 404 (not found) error page |
48 | * I:index.html # Show index.html when a directory is requested |
49 | * |
50 | * P:/url:[http://]hostname[:port]/new/path |
51 | * # When /urlXXXXXX is requested, reverse proxy |
52 | * # it to http://hostname[:port]/new/pathXXXXXX |
53 | * |
54 | * /cgi-bin:foo:bar # Require user foo, pwd bar on urls starting with /cgi-bin/ |
55 | * /adm:admin:setup # Require user admin, pwd setup on urls starting with /adm/ |
56 | * /adm:toor:PaSsWd # or user toor, pwd PaSsWd on urls starting with /adm/ |
57 | * /adm:root:* # or user root, pwd from /etc/passwd on urls starting with /adm/ |
58 | * /wiki:*:* # or any user from /etc/passwd with according pwd on urls starting with /wiki/ |
59 | * .au:audio/basic # additional mime type for audio.au files |
60 | * *.php:/path/php # run xxx.php through an interpreter |
61 | * |
62 | * A/D may be as a/d or allow/deny - only first char matters. |
63 | * Deny/Allow IP logic: |
64 | * - Default is to allow all (Allow all (A:*) is a no-op). |
65 | * - Deny rules take precedence over allow rules. |
66 | * - "Deny all" rule (D:*) is applied last. |
67 | * |
68 | * Example: |
69 | * 1. Allow only specified addresses |
70 | * A:172.20 # Allow any address that begins with 172.20. |
71 | * A:10.10. # Allow any address that begins with 10.10. |
72 | * A:127.0.0.1 # Allow local loopback connections |
73 | * D:* # Deny from other IP connections |
74 | * |
75 | * 2. Only deny specified addresses |
76 | * D:1.2.3. # deny from 1.2.3.0 - 1.2.3.255 |
77 | * D:2.3.4. # deny from 2.3.4.0 - 2.3.4.255 |
78 | * A:* # (optional line added for clarity) |
79 | * |
80 | * If a sub directory contains config file, it is parsed and merged with |
81 | * any existing settings as if it was appended to the original configuration. |
82 | * |
83 | * subdir paths are relative to the containing subdir and thus cannot |
84 | * affect the parent rules. |
85 | * |
86 | * Note that since the sub dir is parsed in the forked thread servicing the |
87 | * subdir http request, any merge is discarded when the process exits. As a |
88 | * result, the subdir settings only have a lifetime of a single request. |
89 | * |
90 | * Custom error pages can contain an absolute path or be relative to |
91 | * 'home_httpd'. Error pages are to be static files (no CGI or script). Error |
92 | * page can only be defined in the root configuration file and are not taken |
93 | * into account in local (directories) config files. |
94 | * |
95 | * If -c is not set, an attempt will be made to open the default |
96 | * root configuration file. If -c is set and the file is not found, the |
97 | * server exits with an error. |
98 | * |
99 | */ |
100 | /* TODO: use TCP_CORK, parse_config() */ |
101 | //config:config HTTPD |
102 | //config: bool "httpd" |
103 | //config: default y |
104 | //config: help |
105 | //config: Serve web pages via an HTTP server. |
106 | //config: |
107 | //config:config FEATURE_HTTPD_RANGES |
108 | //config: bool "Support 'Ranges:' header" |
109 | //config: default y |
110 | //config: depends on HTTPD |
111 | //config: help |
112 | //config: Makes httpd emit "Accept-Ranges: bytes" header and understand |
113 | //config: "Range: bytes=NNN-[MMM]" header. Allows for resuming interrupted |
114 | //config: downloads, seeking in multimedia players etc. |
115 | //config: |
116 | //config:config FEATURE_HTTPD_SETUID |
117 | //config: bool "Enable -u <user> option" |
118 | //config: default y |
119 | //config: depends on HTTPD |
120 | //config: help |
121 | //config: This option allows the server to run as a specific user |
122 | //config: rather than defaulting to the user that starts the server. |
123 | //config: Use of this option requires special privileges to change to a |
124 | //config: different user. |
125 | //config: |
126 | //config:config FEATURE_HTTPD_BASIC_AUTH |
127 | //config: bool "Enable Basic http Authentication" |
128 | //config: default y |
129 | //config: depends on HTTPD |
130 | //config: help |
131 | //config: Utilizes password settings from /etc/httpd.conf for basic |
132 | //config: authentication on a per url basis. |
133 | //config: Example for httpd.conf file: |
134 | //config: /adm:toor:PaSsWd |
135 | //config: |
136 | //config:config FEATURE_HTTPD_AUTH_MD5 |
137 | //config: bool "Support MD5 crypted passwords for http Authentication" |
138 | //config: default y |
139 | //config: depends on FEATURE_HTTPD_BASIC_AUTH |
140 | //config: help |
141 | //config: Enables encrypted passwords, and wildcard user/passwords |
142 | //config: in httpd.conf file. |
143 | //config: User '*' means 'any system user name is ok', |
144 | //config: password of '*' means 'use system password for this user' |
145 | //config: Examples: |
146 | //config: /adm:toor:$1$P/eKnWXS$aI1aPGxT.dJD5SzqAKWrF0 |
147 | //config: /adm:root:* |
148 | //config: /wiki:*:* |
149 | //config: |
150 | //config:config FEATURE_HTTPD_CGI |
151 | //config: bool "Support Common Gateway Interface (CGI)" |
152 | //config: default y |
153 | //config: depends on HTTPD |
154 | //config: help |
155 | //config: This option allows scripts and executables to be invoked |
156 | //config: when specific URLs are requested. |
157 | //config: |
158 | //config:config FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
159 | //config: bool "Support for running scripts through an interpreter" |
160 | //config: default y |
161 | //config: depends on FEATURE_HTTPD_CGI |
162 | //config: help |
163 | //config: This option enables support for running scripts through an |
164 | //config: interpreter. Turn this on if you want PHP scripts to work |
165 | //config: properly. You need to supply an additional line in your |
166 | //config: httpd.conf file: |
167 | //config: *.php:/path/to/your/php |
168 | //config: |
169 | //config:config FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV |
170 | //config: bool "Set REMOTE_PORT environment variable for CGI" |
171 | //config: default y |
172 | //config: depends on FEATURE_HTTPD_CGI |
173 | //config: help |
174 | //config: Use of this option can assist scripts in generating |
175 | //config: references that contain a unique port number. |
176 | //config: |
177 | //config:config FEATURE_HTTPD_ENCODE_URL_STR |
178 | //config: bool "Enable -e option (useful for CGIs written as shell scripts)" |
179 | //config: default y |
180 | //config: depends on HTTPD |
181 | //config: help |
182 | //config: This option allows html encoding of arbitrary strings for display |
183 | //config: by the browser. Output goes to stdout. |
184 | //config: For example, httpd -e "<Hello World>" produces |
185 | //config: "<Hello World>". |
186 | //config: |
187 | //config:config FEATURE_HTTPD_ERROR_PAGES |
188 | //config: bool "Support for custom error pages" |
189 | //config: default y |
190 | //config: depends on HTTPD |
191 | //config: help |
192 | //config: This option allows you to define custom error pages in |
193 | //config: the configuration file instead of the default HTTP status |
194 | //config: error pages. For instance, if you add the line: |
195 | //config: E404:/path/e404.html |
196 | //config: in the config file, the server will respond the specified |
197 | //config: '/path/e404.html' file instead of the terse '404 NOT FOUND' |
198 | //config: message. |
199 | //config: |
200 | //config:config FEATURE_HTTPD_PROXY |
201 | //config: bool "Support for reverse proxy" |
202 | //config: default y |
203 | //config: depends on HTTPD |
204 | //config: help |
205 | //config: This option allows you to define URLs that will be forwarded |
206 | //config: to another HTTP server. To setup add the following line to the |
207 | //config: configuration file |
208 | //config: P:/url/:http://hostname[:port]/new/path/ |
209 | //config: Then a request to /url/myfile will be forwarded to |
210 | //config: http://hostname[:port]/new/path/myfile. |
211 | //config: |
212 | //config:config FEATURE_HTTPD_GZIP |
213 | //config: bool "Support for GZIP content encoding" |
214 | //config: default y |
215 | //config: depends on HTTPD |
216 | //config: help |
217 | //config: Makes httpd send files using GZIP content encoding if the |
218 | //config: client supports it and a pre-compressed <file>.gz exists. |
219 | |
220 | //applet:IF_HTTPD(APPLET(httpd, BB_DIR_USR_SBIN, BB_SUID_DROP)) |
221 | |
222 | //kbuild:lib-$(CONFIG_HTTPD) += httpd.o |
223 | |
224 | //usage:#define httpd_trivial_usage |
225 | //usage: "[-ifv[v]]" |
226 | //usage: " [-c CONFFILE]" |
227 | //usage: " [-p [IP:]PORT]" |
228 | //usage: IF_FEATURE_HTTPD_SETUID(" [-u USER[:GRP]]") |
229 | //usage: IF_FEATURE_HTTPD_BASIC_AUTH(" [-r REALM]") |
230 | //usage: " [-h HOME]\n" |
231 | //usage: "or httpd -d/-e" IF_FEATURE_HTTPD_AUTH_MD5("/-m") " STRING" |
232 | //usage:#define httpd_full_usage "\n\n" |
233 | //usage: "Listen for incoming HTTP requests\n" |
234 | //usage: "\n -i Inetd mode" |
235 | //usage: "\n -f Don't daemonize" |
236 | //usage: "\n -v[v] Verbose" |
237 | //usage: "\n -p [IP:]PORT Bind to IP:PORT (default *:80)" |
238 | //usage: IF_FEATURE_HTTPD_SETUID( |
239 | //usage: "\n -u USER[:GRP] Set uid/gid after binding to port") |
240 | //usage: IF_FEATURE_HTTPD_BASIC_AUTH( |
241 | //usage: "\n -r REALM Authentication Realm for Basic Authentication") |
242 | //usage: "\n -h HOME Home directory (default .)" |
243 | //usage: "\n -c FILE Configuration file (default {/etc,HOME}/httpd.conf)" |
244 | //usage: IF_FEATURE_HTTPD_AUTH_MD5( |
245 | //usage: "\n -m STRING MD5 crypt STRING") |
246 | //usage: "\n -e STRING HTML encode STRING" |
247 | //usage: "\n -d STRING URL decode STRING" |
248 | |
249 | #include "libbb.h" |
250 | #include "common_bufsiz.h" |
251 | #if ENABLE_PAM |
252 | /* PAM may include <locale.h>. We may need to undefine bbox's stub define: */ |
253 | # undef setlocale |
254 | /* For some obscure reason, PAM is not in pam/xxx, but in security/xxx. |
255 | * Apparently they like to confuse people. */ |
256 | # include <security/pam_appl.h> |
257 | # include <security/pam_misc.h> |
258 | #endif |
259 | #if ENABLE_FEATURE_USE_SENDFILE |
260 | # include <sys/sendfile.h> |
261 | #endif |
262 | /* amount of buffering in a pipe */ |
263 | #ifndef PIPE_BUF |
264 | # define PIPE_BUF 4096 |
265 | #endif |
266 | |
267 | #define DEBUG 0 |
268 | |
269 | #define IOBUF_SIZE 8192 |
270 | #if PIPE_BUF >= IOBUF_SIZE |
271 | # error "PIPE_BUF >= IOBUF_SIZE" |
272 | #endif |
273 | |
274 | #define HEADER_READ_TIMEOUT 60 |
275 | |
276 | static const char DEFAULT_PATH_HTTPD_CONF[] ALIGN1 = "/etc"; |
277 | static const char HTTPD_CONF[] ALIGN1 = "httpd.conf"; |
278 | static const char HTTP_200[] ALIGN1 = "HTTP/1.0 200 OK\r\n"; |
279 | static const char index_html[] ALIGN1 = "index.html"; |
280 | |
281 | typedef struct has_next_ptr { |
282 | struct has_next_ptr *next; |
283 | } has_next_ptr; |
284 | |
285 | /* Must have "next" as a first member */ |
286 | typedef struct Htaccess { |
287 | struct Htaccess *next; |
288 | char *after_colon; |
289 | char before_colon[1]; /* really bigger, must be last */ |
290 | } Htaccess; |
291 | |
292 | /* Must have "next" as a first member */ |
293 | typedef struct Htaccess_IP { |
294 | struct Htaccess_IP *next; |
295 | unsigned ip; |
296 | unsigned mask; |
297 | int allow_deny; |
298 | } Htaccess_IP; |
299 | |
300 | /* Must have "next" as a first member */ |
301 | typedef struct Htaccess_Proxy { |
302 | struct Htaccess_Proxy *next; |
303 | char *url_from; |
304 | char *host_port; |
305 | char *url_to; |
306 | } Htaccess_Proxy; |
307 | |
308 | enum { |
309 | HTTP_OK = 200, |
310 | HTTP_PARTIAL_CONTENT = 206, |
311 | HTTP_MOVED_TEMPORARILY = 302, |
312 | HTTP_BAD_REQUEST = 400, /* malformed syntax */ |
313 | HTTP_UNAUTHORIZED = 401, /* authentication needed, respond with auth hdr */ |
314 | HTTP_NOT_FOUND = 404, |
315 | HTTP_FORBIDDEN = 403, |
316 | HTTP_REQUEST_TIMEOUT = 408, |
317 | HTTP_NOT_IMPLEMENTED = 501, /* used for unrecognized requests */ |
318 | HTTP_INTERNAL_SERVER_ERROR = 500, |
319 | HTTP_CONTINUE = 100, |
320 | #if 0 /* future use */ |
321 | HTTP_SWITCHING_PROTOCOLS = 101, |
322 | HTTP_CREATED = 201, |
323 | HTTP_ACCEPTED = 202, |
324 | HTTP_NON_AUTHORITATIVE_INFO = 203, |
325 | HTTP_NO_CONTENT = 204, |
326 | HTTP_MULTIPLE_CHOICES = 300, |
327 | HTTP_MOVED_PERMANENTLY = 301, |
328 | HTTP_NOT_MODIFIED = 304, |
329 | HTTP_PAYMENT_REQUIRED = 402, |
330 | HTTP_BAD_GATEWAY = 502, |
331 | HTTP_SERVICE_UNAVAILABLE = 503, /* overload, maintenance */ |
332 | #endif |
333 | }; |
334 | |
335 | static const uint16_t http_response_type[] ALIGN2 = { |
336 | HTTP_OK, |
337 | #if ENABLE_FEATURE_HTTPD_RANGES |
338 | HTTP_PARTIAL_CONTENT, |
339 | #endif |
340 | HTTP_MOVED_TEMPORARILY, |
341 | HTTP_REQUEST_TIMEOUT, |
342 | HTTP_NOT_IMPLEMENTED, |
343 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
344 | HTTP_UNAUTHORIZED, |
345 | #endif |
346 | HTTP_NOT_FOUND, |
347 | HTTP_BAD_REQUEST, |
348 | HTTP_FORBIDDEN, |
349 | HTTP_INTERNAL_SERVER_ERROR, |
350 | #if 0 /* not implemented */ |
351 | HTTP_CREATED, |
352 | HTTP_ACCEPTED, |
353 | HTTP_NO_CONTENT, |
354 | HTTP_MULTIPLE_CHOICES, |
355 | HTTP_MOVED_PERMANENTLY, |
356 | HTTP_NOT_MODIFIED, |
357 | HTTP_BAD_GATEWAY, |
358 | HTTP_SERVICE_UNAVAILABLE, |
359 | #endif |
360 | }; |
361 | |
362 | static const struct { |
363 | const char *name; |
364 | const char *info; |
365 | } http_response[ARRAY_SIZE(http_response_type)] = { |
366 | { "OK", NULL }, |
367 | #if ENABLE_FEATURE_HTTPD_RANGES |
368 | { "Partial Content", NULL }, |
369 | #endif |
370 | { "Found", NULL }, |
371 | { "Request Timeout", "No request appeared within 60 seconds" }, |
372 | { "Not Implemented", "The requested method is not recognized" }, |
373 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
374 | { "Unauthorized", "" }, |
375 | #endif |
376 | { "Not Found", "The requested URL was not found" }, |
377 | { "Bad Request", "Unsupported method" }, |
378 | { "Forbidden", "" }, |
379 | { "Internal Server Error", "Internal Server Error" }, |
380 | #if 0 /* not implemented */ |
381 | { "Created" }, |
382 | { "Accepted" }, |
383 | { "No Content" }, |
384 | { "Multiple Choices" }, |
385 | { "Moved Permanently" }, |
386 | { "Not Modified" }, |
387 | { "Bad Gateway", "" }, |
388 | { "Service Unavailable", "" }, |
389 | #endif |
390 | }; |
391 | |
392 | struct globals { |
393 | int verbose; /* must be int (used by getopt32) */ |
394 | smallint flg_deny_all; |
395 | |
396 | unsigned rmt_ip; /* used for IP-based allow/deny rules */ |
397 | time_t last_mod; |
398 | char *rmt_ip_str; /* for $REMOTE_ADDR and $REMOTE_PORT */ |
399 | const char *bind_addr_or_port; |
400 | |
401 | const char *g_query; |
402 | const char *opt_c_configFile; |
403 | const char *home_httpd; |
404 | const char *index_page; |
405 | |
406 | const char *found_mime_type; |
407 | const char *found_moved_temporarily; |
408 | Htaccess_IP *ip_a_d; /* config allow/deny lines */ |
409 | |
410 | IF_FEATURE_HTTPD_BASIC_AUTH(const char *g_realm;) |
411 | IF_FEATURE_HTTPD_BASIC_AUTH(char *remoteuser;) |
412 | IF_FEATURE_HTTPD_CGI(char *referer;) |
413 | IF_FEATURE_HTTPD_CGI(char *user_agent;) |
414 | IF_FEATURE_HTTPD_CGI(char *host;) |
415 | IF_FEATURE_HTTPD_CGI(char *http_accept;) |
416 | IF_FEATURE_HTTPD_CGI(char *http_accept_language;) |
417 | |
418 | off_t file_size; /* -1 - unknown */ |
419 | #if ENABLE_FEATURE_HTTPD_RANGES |
420 | off_t range_start; |
421 | off_t range_end; |
422 | off_t range_len; |
423 | #endif |
424 | |
425 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
426 | Htaccess *g_auth; /* config user:password lines */ |
427 | #endif |
428 | Htaccess *mime_a; /* config mime types */ |
429 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
430 | Htaccess *script_i; /* config script interpreters */ |
431 | #endif |
432 | char *iobuf; /* [IOBUF_SIZE] */ |
433 | #define hdr_buf bb_common_bufsiz1 |
434 | #define sizeof_hdr_buf COMMON_BUFSIZE |
435 | char *hdr_ptr; |
436 | int hdr_cnt; |
437 | #if ENABLE_FEATURE_HTTPD_ERROR_PAGES |
438 | const char *http_error_page[ARRAY_SIZE(http_response_type)]; |
439 | #endif |
440 | #if ENABLE_FEATURE_HTTPD_PROXY |
441 | Htaccess_Proxy *proxy; |
442 | #endif |
443 | #if ENABLE_FEATURE_HTTPD_GZIP |
444 | /* client can handle gzip / we are going to send gzip */ |
445 | smallint content_gzip; |
446 | #endif |
447 | }; |
448 | #define G (*ptr_to_globals) |
449 | #define verbose (G.verbose ) |
450 | #define flg_deny_all (G.flg_deny_all ) |
451 | #define rmt_ip (G.rmt_ip ) |
452 | #define bind_addr_or_port (G.bind_addr_or_port) |
453 | #define g_query (G.g_query ) |
454 | #define opt_c_configFile (G.opt_c_configFile ) |
455 | #define home_httpd (G.home_httpd ) |
456 | #define index_page (G.index_page ) |
457 | #define found_mime_type (G.found_mime_type ) |
458 | #define found_moved_temporarily (G.found_moved_temporarily) |
459 | #define last_mod (G.last_mod ) |
460 | #define ip_a_d (G.ip_a_d ) |
461 | #define g_realm (G.g_realm ) |
462 | #define remoteuser (G.remoteuser ) |
463 | #define referer (G.referer ) |
464 | #define user_agent (G.user_agent ) |
465 | #define host (G.host ) |
466 | #define http_accept (G.http_accept ) |
467 | #define http_accept_language (G.http_accept_language) |
468 | #define file_size (G.file_size ) |
469 | #if ENABLE_FEATURE_HTTPD_RANGES |
470 | #define range_start (G.range_start ) |
471 | #define range_end (G.range_end ) |
472 | #define range_len (G.range_len ) |
473 | #else |
474 | enum { |
475 | range_start = -1, |
476 | range_end = MAXINT(off_t) - 1, |
477 | range_len = MAXINT(off_t), |
478 | }; |
479 | #endif |
480 | #define rmt_ip_str (G.rmt_ip_str ) |
481 | #define g_auth (G.g_auth ) |
482 | #define mime_a (G.mime_a ) |
483 | #define script_i (G.script_i ) |
484 | #define iobuf (G.iobuf ) |
485 | #define hdr_ptr (G.hdr_ptr ) |
486 | #define hdr_cnt (G.hdr_cnt ) |
487 | #define http_error_page (G.http_error_page ) |
488 | #define proxy (G.proxy ) |
489 | #if ENABLE_FEATURE_HTTPD_GZIP |
490 | # define content_gzip (G.content_gzip ) |
491 | #else |
492 | # define content_gzip 0 |
493 | #endif |
494 | #define INIT_G() do { \ |
495 | setup_common_bufsiz(); \ |
496 | SET_PTR_TO_GLOBALS(xzalloc(sizeof(G))); \ |
497 | IF_FEATURE_HTTPD_BASIC_AUTH(g_realm = "Web Server Authentication";) \ |
498 | IF_FEATURE_HTTPD_RANGES(range_start = -1;) \ |
499 | bind_addr_or_port = "80"; \ |
500 | index_page = index_html; \ |
501 | file_size = -1; \ |
502 | } while (0) |
503 | |
504 | |
505 | #define STRNCASECMP(a, str) strncasecmp((a), (str), sizeof(str)-1) |
506 | |
507 | /* Prototypes */ |
508 | enum { |
509 | SEND_HEADERS = (1 << 0), |
510 | SEND_BODY = (1 << 1), |
511 | SEND_HEADERS_AND_BODY = SEND_HEADERS + SEND_BODY, |
512 | }; |
513 | static void send_file_and_exit(const char *url, int what) NORETURN; |
514 | |
515 | static void free_llist(has_next_ptr **pptr) |
516 | { |
517 | has_next_ptr *cur = *pptr; |
518 | while (cur) { |
519 | has_next_ptr *t = cur; |
520 | cur = cur->next; |
521 | free(t); |
522 | } |
523 | *pptr = NULL; |
524 | } |
525 | |
526 | static ALWAYS_INLINE void free_Htaccess_list(Htaccess **pptr) |
527 | { |
528 | free_llist((has_next_ptr**)pptr); |
529 | } |
530 | |
531 | static ALWAYS_INLINE void free_Htaccess_IP_list(Htaccess_IP **pptr) |
532 | { |
533 | free_llist((has_next_ptr**)pptr); |
534 | } |
535 | |
536 | /* Returns presumed mask width in bits or < 0 on error. |
537 | * Updates strp, stores IP at provided pointer */ |
538 | static int scan_ip(const char **strp, unsigned *ipp, unsigned char endc) |
539 | { |
540 | const char *p = *strp; |
541 | int auto_mask = 8; |
542 | unsigned ip = 0; |
543 | int j; |
544 | |
545 | if (*p == '/') |
546 | return -auto_mask; |
547 | |
548 | for (j = 0; j < 4; j++) { |
549 | unsigned octet; |
550 | |
551 | if ((*p < '0' || *p > '9') && *p != '/' && *p) |
552 | return -auto_mask; |
553 | octet = 0; |
554 | while (*p >= '0' && *p <= '9') { |
555 | octet *= 10; |
556 | octet += *p - '0'; |
557 | if (octet > 255) |
558 | return -auto_mask; |
559 | p++; |
560 | } |
561 | if (*p == '.') |
562 | p++; |
563 | if (*p != '/' && *p) |
564 | auto_mask += 8; |
565 | ip = (ip << 8) | octet; |
566 | } |
567 | if (*p) { |
568 | if (*p != endc) |
569 | return -auto_mask; |
570 | p++; |
571 | if (*p == '\0') |
572 | return -auto_mask; |
573 | } |
574 | *ipp = ip; |
575 | *strp = p; |
576 | return auto_mask; |
577 | } |
578 | |
579 | /* Returns 0 on success. Stores IP and mask at provided pointers */ |
580 | static int scan_ip_mask(const char *str, unsigned *ipp, unsigned *maskp) |
581 | { |
582 | int i; |
583 | unsigned mask; |
584 | char *p; |
585 | |
586 | i = scan_ip(&str, ipp, '/'); |
587 | if (i < 0) |
588 | return i; |
589 | |
590 | if (*str) { |
591 | /* there is /xxx after dotted-IP address */ |
592 | i = bb_strtou(str, &p, 10); |
593 | if (*p == '.') { |
594 | /* 'xxx' itself is dotted-IP mask, parse it */ |
595 | /* (return 0 (success) only if it has N.N.N.N form) */ |
596 | return scan_ip(&str, maskp, '\0') - 32; |
597 | } |
598 | if (*p) |
599 | return -1; |
600 | } |
601 | |
602 | if (i > 32) |
603 | return -1; |
604 | |
605 | if (sizeof(unsigned) == 4 && i == 32) { |
606 | /* mask >>= 32 below may not work */ |
607 | mask = 0; |
608 | } else { |
609 | mask = 0xffffffff; |
610 | mask >>= i; |
611 | } |
612 | /* i == 0 -> *maskp = 0x00000000 |
613 | * i == 1 -> *maskp = 0x80000000 |
614 | * i == 4 -> *maskp = 0xf0000000 |
615 | * i == 31 -> *maskp = 0xfffffffe |
616 | * i == 32 -> *maskp = 0xffffffff */ |
617 | *maskp = (uint32_t)(~mask); |
618 | return 0; |
619 | } |
620 | |
621 | /* |
622 | * Parse configuration file into in-memory linked list. |
623 | * |
624 | * Any previous IP rules are discarded. |
625 | * If the flag argument is not SUBDIR_PARSE then all /path and mime rules |
626 | * are also discarded. That is, previous settings are retained if flag is |
627 | * SUBDIR_PARSE. |
628 | * Error pages are only parsed on the main config file. |
629 | * |
630 | * path Path where to look for httpd.conf (without filename). |
631 | * flag Type of the parse request. |
632 | */ |
633 | /* flag param: */ |
634 | enum { |
635 | FIRST_PARSE = 0, /* path will be "/etc" */ |
636 | SIGNALED_PARSE = 1, /* path will be "/etc" */ |
637 | SUBDIR_PARSE = 2, /* path will be derived from URL */ |
638 | }; |
639 | static void parse_conf(const char *path, int flag) |
640 | { |
641 | /* internally used extra flag state */ |
642 | enum { TRY_CURDIR_PARSE = 3 }; |
643 | |
644 | FILE *f; |
645 | const char *filename; |
646 | char buf[160]; |
647 | |
648 | /* discard old rules */ |
649 | free_Htaccess_IP_list(&ip_a_d); |
650 | flg_deny_all = 0; |
651 | /* retain previous auth and mime config only for subdir parse */ |
652 | if (flag != SUBDIR_PARSE) { |
653 | free_Htaccess_list(&mime_a); |
654 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
655 | free_Htaccess_list(&g_auth); |
656 | #endif |
657 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
658 | free_Htaccess_list(&script_i); |
659 | #endif |
660 | } |
661 | |
662 | filename = opt_c_configFile; |
663 | if (flag == SUBDIR_PARSE || filename == NULL) { |
664 | filename = alloca(strlen(path) + sizeof(HTTPD_CONF) + 2); |
665 | sprintf((char *)filename, "%s/%s", path, HTTPD_CONF); |
666 | } |
667 | |
668 | while ((f = fopen_for_read(filename)) == NULL) { |
669 | if (flag >= SUBDIR_PARSE) { /* SUBDIR or TRY_CURDIR */ |
670 | /* config file not found, no changes to config */ |
671 | return; |
672 | } |
673 | if (flag == FIRST_PARSE) { |
674 | /* -c CONFFILE given, but CONFFILE doesn't exist? */ |
675 | if (opt_c_configFile) |
676 | bb_simple_perror_msg_and_die(opt_c_configFile); |
677 | /* else: no -c, thus we looked at /etc/httpd.conf, |
678 | * and it's not there. try ./httpd.conf: */ |
679 | } |
680 | flag = TRY_CURDIR_PARSE; |
681 | filename = HTTPD_CONF; |
682 | } |
683 | |
684 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
685 | /* in "/file:user:pass" lines, we prepend path in subdirs */ |
686 | if (flag != SUBDIR_PARSE) |
687 | path = ""; |
688 | #endif |
689 | /* The lines can be: |
690 | * |
691 | * I:default_index_file |
692 | * H:http_home |
693 | * [AD]:IP[/mask] # allow/deny, * for wildcard |
694 | * Ennn:error.html # error page for status nnn |
695 | * P:/url:[http://]hostname[:port]/new/path # reverse proxy |
696 | * .ext:mime/type # mime type |
697 | * *.php:/path/php # run xxx.php through an interpreter |
698 | * /file:user:pass # username and password |
699 | */ |
700 | while (fgets(buf, sizeof(buf), f) != NULL) { |
701 | unsigned strlen_buf; |
702 | unsigned char ch; |
703 | char *after_colon; |
704 | |
705 | { /* remove all whitespace, and # comments */ |
706 | char *p, *p0; |
707 | |
708 | p0 = buf; |
709 | /* skip non-whitespace beginning. Often the whole line |
710 | * is non-whitespace. We want this case to work fast, |
711 | * without needless copying, therefore we don't merge |
712 | * this operation into next while loop. */ |
713 | while ((ch = *p0) != '\0' && ch != '\n' && ch != '#' |
714 | && ch != ' ' && ch != '\t' |
715 | ) { |
716 | p0++; |
717 | } |
718 | p = p0; |
719 | /* if we enter this loop, we have some whitespace. |
720 | * discard it */ |
721 | while (ch != '\0' && ch != '\n' && ch != '#') { |
722 | if (ch != ' ' && ch != '\t') { |
723 | *p++ = ch; |
724 | } |
725 | ch = *++p0; |
726 | } |
727 | *p = '\0'; |
728 | strlen_buf = p - buf; |
729 | if (strlen_buf == 0) |
730 | continue; /* empty line */ |
731 | } |
732 | |
733 | after_colon = strchr(buf, ':'); |
734 | /* strange line? */ |
735 | if (after_colon == NULL || *++after_colon == '\0') |
736 | goto config_error; |
737 | |
738 | ch = (buf[0] & ~0x20); /* toupper if it's a letter */ |
739 | |
740 | if (ch == 'I') { |
741 | if (index_page != index_html) |
742 | free((char*)index_page); |
743 | index_page = xstrdup(after_colon); |
744 | continue; |
745 | } |
746 | |
747 | /* do not allow jumping around using H in subdir's configs */ |
748 | if (flag == FIRST_PARSE && ch == 'H') { |
749 | home_httpd = xstrdup(after_colon); |
750 | xchdir(home_httpd); |
751 | continue; |
752 | } |
753 | |
754 | if (ch == 'A' || ch == 'D') { |
755 | Htaccess_IP *pip; |
756 | |
757 | if (*after_colon == '*') { |
758 | if (ch == 'D') { |
759 | /* memorize "deny all" */ |
760 | flg_deny_all = 1; |
761 | } |
762 | /* skip assumed "A:*", it is a default anyway */ |
763 | continue; |
764 | } |
765 | /* store "allow/deny IP/mask" line */ |
766 | pip = xzalloc(sizeof(*pip)); |
767 | if (scan_ip_mask(after_colon, &pip->ip, &pip->mask)) { |
768 | /* IP{/mask} syntax error detected, protect all */ |
769 | ch = 'D'; |
770 | pip->mask = 0; |
771 | } |
772 | pip->allow_deny = ch; |
773 | if (ch == 'D') { |
774 | /* Deny:from_IP - prepend */ |
775 | pip->next = ip_a_d; |
776 | ip_a_d = pip; |
777 | } else { |
778 | /* A:from_IP - append (thus all D's precedes A's) */ |
779 | Htaccess_IP *prev_IP = ip_a_d; |
780 | if (prev_IP == NULL) { |
781 | ip_a_d = pip; |
782 | } else { |
783 | while (prev_IP->next) |
784 | prev_IP = prev_IP->next; |
785 | prev_IP->next = pip; |
786 | } |
787 | } |
788 | continue; |
789 | } |
790 | |
791 | #if ENABLE_FEATURE_HTTPD_ERROR_PAGES |
792 | if (flag == FIRST_PARSE && ch == 'E') { |
793 | unsigned i; |
794 | int status = atoi(buf + 1); /* error status code */ |
795 | |
796 | if (status < HTTP_CONTINUE) { |
797 | goto config_error; |
798 | } |
799 | /* then error page; find matching status */ |
800 | for (i = 0; i < ARRAY_SIZE(http_response_type); i++) { |
801 | if (http_response_type[i] == status) { |
802 | /* We chdir to home_httpd, thus no need to |
803 | * concat_path_file(home_httpd, after_colon) |
804 | * here */ |
805 | http_error_page[i] = xstrdup(after_colon); |
806 | break; |
807 | } |
808 | } |
809 | continue; |
810 | } |
811 | #endif |
812 | |
813 | #if ENABLE_FEATURE_HTTPD_PROXY |
814 | if (flag == FIRST_PARSE && ch == 'P') { |
815 | /* P:/url:[http://]hostname[:port]/new/path */ |
816 | char *url_from, *host_port, *url_to; |
817 | Htaccess_Proxy *proxy_entry; |
818 | |
819 | url_from = after_colon; |
820 | host_port = strchr(after_colon, ':'); |
821 | if (host_port == NULL) { |
822 | goto config_error; |
823 | } |
824 | *host_port++ = '\0'; |
825 | if (is_prefixed_with(host_port, "http://")) |
826 | host_port += 7; |
827 | if (*host_port == '\0') { |
828 | goto config_error; |
829 | } |
830 | url_to = strchr(host_port, '/'); |
831 | if (url_to == NULL) { |
832 | goto config_error; |
833 | } |
834 | *url_to = '\0'; |
835 | proxy_entry = xzalloc(sizeof(*proxy_entry)); |
836 | proxy_entry->url_from = xstrdup(url_from); |
837 | proxy_entry->host_port = xstrdup(host_port); |
838 | *url_to = '/'; |
839 | proxy_entry->url_to = xstrdup(url_to); |
840 | proxy_entry->next = proxy; |
841 | proxy = proxy_entry; |
842 | continue; |
843 | } |
844 | #endif |
845 | /* the rest of directives are non-alphabetic, |
846 | * must avoid using "toupper'ed" ch */ |
847 | ch = buf[0]; |
848 | |
849 | if (ch == '.' /* ".ext:mime/type" */ |
850 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
851 | || (ch == '*' && buf[1] == '.') /* "*.php:/path/php" */ |
852 | #endif |
853 | ) { |
854 | char *p; |
855 | Htaccess *cur; |
856 | |
857 | cur = xzalloc(sizeof(*cur) /* includes space for NUL */ + strlen_buf); |
858 | strcpy(cur->before_colon, buf); |
859 | p = cur->before_colon + (after_colon - buf); |
860 | p[-1] = '\0'; |
861 | cur->after_colon = p; |
862 | if (ch == '.') { |
863 | /* .mime line: prepend to mime_a list */ |
864 | cur->next = mime_a; |
865 | mime_a = cur; |
866 | } |
867 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
868 | else { |
869 | /* script interpreter line: prepend to script_i list */ |
870 | cur->next = script_i; |
871 | script_i = cur; |
872 | } |
873 | #endif |
874 | continue; |
875 | } |
876 | |
877 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
878 | if (ch == '/') { /* "/file:user:pass" */ |
879 | char *p; |
880 | Htaccess *cur; |
881 | unsigned file_len; |
882 | |
883 | /* note: path is "" unless we are in SUBDIR parse, |
884 | * otherwise it does NOT start with "/" */ |
885 | cur = xzalloc(sizeof(*cur) /* includes space for NUL */ |
886 | + 1 + strlen(path) |
887 | + strlen_buf |
888 | ); |
889 | /* form "/path/file" */ |
890 | sprintf(cur->before_colon, "/%s%.*s", |
891 | path, |
892 | (int) (after_colon - buf - 1), /* includes "/", but not ":" */ |
893 | buf); |
894 | /* canonicalize it */ |
895 | p = bb_simplify_abs_path_inplace(cur->before_colon); |
896 | file_len = p - cur->before_colon; |
897 | /* add "user:pass" after NUL */ |
898 | strcpy(++p, after_colon); |
899 | cur->after_colon = p; |
900 | |
901 | /* insert cur into g_auth */ |
902 | /* g_auth is sorted by decreased filename length */ |
903 | { |
904 | Htaccess *auth, **authp; |
905 | |
906 | authp = &g_auth; |
907 | while ((auth = *authp) != NULL) { |
908 | if (file_len >= strlen(auth->before_colon)) { |
909 | /* insert cur before auth */ |
910 | cur->next = auth; |
911 | break; |
912 | } |
913 | authp = &auth->next; |
914 | } |
915 | *authp = cur; |
916 | } |
917 | continue; |
918 | } |
919 | #endif /* BASIC_AUTH */ |
920 | |
921 | /* the line is not recognized */ |
922 | config_error: |
923 | bb_error_msg("config error '%s' in '%s'", buf, filename); |
924 | } /* while (fgets) */ |
925 | |
926 | fclose(f); |
927 | } |
928 | |
929 | #if ENABLE_FEATURE_HTTPD_ENCODE_URL_STR |
930 | /* |
931 | * Given a string, html-encode special characters. |
932 | * This is used for the -e command line option to provide an easy way |
933 | * for scripts to encode result data without confusing browsers. The |
934 | * returned string pointer is memory allocated by malloc(). |
935 | * |
936 | * Returns a pointer to the encoded string (malloced). |
937 | */ |
938 | static char *encodeString(const char *string) |
939 | { |
940 | /* take the simple route and encode everything */ |
941 | /* could possibly scan once to get length. */ |
942 | int len = strlen(string); |
943 | char *out = xmalloc(len * 6 + 1); |
944 | char *p = out; |
945 | char ch; |
946 | |
947 | while ((ch = *string++) != '\0') { |
948 | /* very simple check for what to encode */ |
949 | if (isalnum(ch)) |
950 | *p++ = ch; |
951 | else |
952 | p += sprintf(p, "&#%d;", (unsigned char) ch); |
953 | } |
954 | *p = '\0'; |
955 | return out; |
956 | } |
957 | #endif |
958 | |
959 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
960 | /* |
961 | * Decode a base64 data stream as per rfc1521. |
962 | * Note that the rfc states that non base64 chars are to be ignored. |
963 | * Since the decode always results in a shorter size than the input, |
964 | * it is OK to pass the input arg as an output arg. |
965 | * Parameter: a pointer to a base64 encoded string. |
966 | * Decoded data is stored in-place. |
967 | */ |
968 | static void decodeBase64(char *Data) |
969 | { |
970 | const unsigned char *in = (const unsigned char *)Data; |
971 | /* The decoded size will be at most 3/4 the size of the encoded */ |
972 | unsigned ch = 0; |
973 | int i = 0; |
974 | |
975 | while (*in) { |
976 | int t = *in++; |
977 | |
978 | if (t >= '0' && t <= '9') |
979 | t = t - '0' + 52; |
980 | else if (t >= 'A' && t <= 'Z') |
981 | t = t - 'A'; |
982 | else if (t >= 'a' && t <= 'z') |
983 | t = t - 'a' + 26; |
984 | else if (t == '+') |
985 | t = 62; |
986 | else if (t == '/') |
987 | t = 63; |
988 | else if (t == '=') |
989 | t = 0; |
990 | else |
991 | continue; |
992 | |
993 | ch = (ch << 6) | t; |
994 | i++; |
995 | if (i == 4) { |
996 | *Data++ = (char) (ch >> 16); |
997 | *Data++ = (char) (ch >> 8); |
998 | *Data++ = (char) ch; |
999 | i = 0; |
1000 | } |
1001 | } |
1002 | *Data = '\0'; |
1003 | } |
1004 | #endif |
1005 | |
1006 | /* |
1007 | * Create a listen server socket on the designated port. |
1008 | */ |
1009 | static int openServer(void) |
1010 | { |
1011 | unsigned n = bb_strtou(bind_addr_or_port, NULL, 10); |
1012 | if (!errno && n && n <= 0xffff) |
1013 | n = create_and_bind_stream_or_die(NULL, n); |
1014 | else |
1015 | n = create_and_bind_stream_or_die(bind_addr_or_port, 80); |
1016 | xlisten(n, 9); |
1017 | return n; |
1018 | } |
1019 | |
1020 | /* |
1021 | * Log the connection closure and exit. |
1022 | */ |
1023 | static void log_and_exit(void) NORETURN; |
1024 | static void log_and_exit(void) |
1025 | { |
1026 | /* Paranoia. IE said to be buggy. It may send some extra data |
1027 | * or be confused by us just exiting without SHUT_WR. Oh well. */ |
1028 | shutdown(1, SHUT_WR); |
1029 | /* Why?? |
1030 | (this also messes up stdin when user runs httpd -i from terminal) |
1031 | ndelay_on(0); |
1032 | while (read(STDIN_FILENO, iobuf, IOBUF_SIZE) > 0) |
1033 | continue; |
1034 | */ |
1035 | |
1036 | if (verbose > 2) |
1037 | bb_error_msg("closed"); |
1038 | _exit(xfunc_error_retval); |
1039 | } |
1040 | |
1041 | /* |
1042 | * Create and send HTTP response headers. |
1043 | * The arguments are combined and sent as one write operation. Note that |
1044 | * IE will puke big-time if the headers are not sent in one packet and the |
1045 | * second packet is delayed for any reason. |
1046 | * responseNum - the result code to send. |
1047 | */ |
1048 | static void send_headers(int responseNum) |
1049 | { |
1050 | static const char RFC1123FMT[] ALIGN1 = "%a, %d %b %Y %H:%M:%S GMT"; |
1051 | /* Fixed size 29-byte string. Example: Sun, 06 Nov 1994 08:49:37 GMT */ |
1052 | char date_str[40]; /* using a bit larger buffer to paranoia reasons */ |
1053 | |
1054 | const char *responseString = ""; |
1055 | const char *infoString = NULL; |
1056 | #if ENABLE_FEATURE_HTTPD_ERROR_PAGES |
1057 | const char *error_page = NULL; |
1058 | #endif |
1059 | unsigned i; |
1060 | time_t timer = time(NULL); |
1061 | int len; |
1062 | |
1063 | for (i = 0; i < ARRAY_SIZE(http_response_type); i++) { |
1064 | if (http_response_type[i] == responseNum) { |
1065 | responseString = http_response[i].name; |
1066 | infoString = http_response[i].info; |
1067 | #if ENABLE_FEATURE_HTTPD_ERROR_PAGES |
1068 | error_page = http_error_page[i]; |
1069 | #endif |
1070 | break; |
1071 | } |
1072 | } |
1073 | |
1074 | if (verbose) |
1075 | bb_error_msg("response:%u", responseNum); |
1076 | |
1077 | /* We use sprintf, not snprintf (it's less code). |
1078 | * iobuf[] is several kbytes long and all headers we generate |
1079 | * always fit into those kbytes. |
1080 | */ |
1081 | |
1082 | strftime(date_str, sizeof(date_str), RFC1123FMT, gmtime(&timer)); |
1083 | len = sprintf(iobuf, |
1084 | "HTTP/1.0 %d %s\r\n" |
1085 | "Content-type: %s\r\n" |
1086 | "Date: %s\r\n" |
1087 | "Connection: close\r\n", |
1088 | responseNum, responseString, |
1089 | /* if it's error message, then it's HTML */ |
1090 | (responseNum == HTTP_OK ? found_mime_type : "text/html"), |
1091 | date_str |
1092 | ); |
1093 | |
1094 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
1095 | if (responseNum == HTTP_UNAUTHORIZED) { |
1096 | len += sprintf(iobuf + len, |
1097 | "WWW-Authenticate: Basic realm=\"%.999s\"\r\n", |
1098 | g_realm /* %.999s protects from overflowing iobuf[] */ |
1099 | ); |
1100 | } |
1101 | #endif |
1102 | if (responseNum == HTTP_MOVED_TEMPORARILY) { |
1103 | /* Responding to "GET /dir" with |
1104 | * "HTTP/1.0 302 Found" "Location: /dir/" |
1105 | * - IOW, asking them to repeat with a slash. |
1106 | * Here, overflow IS possible, can't use sprintf: |
1107 | * mkdir test |
1108 | * python -c 'print("get /test?" + ("x" * 8192))' | busybox httpd -i -h . |
1109 | */ |
1110 | len += snprintf(iobuf + len, IOBUF_SIZE-3 - len, |
1111 | "Location: %s/%s%s\r\n", |
1112 | found_moved_temporarily, |
1113 | (g_query ? "?" : ""), |
1114 | (g_query ? g_query : "") |
1115 | ); |
1116 | if (len > IOBUF_SIZE-3) |
1117 | len = IOBUF_SIZE-3; |
1118 | } |
1119 | |
1120 | #if ENABLE_FEATURE_HTTPD_ERROR_PAGES |
1121 | if (error_page && access(error_page, R_OK) == 0) { |
1122 | iobuf[len++] = '\r'; |
1123 | iobuf[len++] = '\n'; |
1124 | if (DEBUG) { |
1125 | iobuf[len] = '\0'; |
1126 | fprintf(stderr, "headers: '%s'\n", iobuf); |
1127 | } |
1128 | full_write(STDOUT_FILENO, iobuf, len); |
1129 | if (DEBUG) |
1130 | fprintf(stderr, "writing error page: '%s'\n", error_page); |
1131 | return send_file_and_exit(error_page, SEND_BODY); |
1132 | } |
1133 | #endif |
1134 | |
1135 | if (file_size != -1) { /* file */ |
1136 | strftime(date_str, sizeof(date_str), RFC1123FMT, gmtime(&last_mod)); |
1137 | #if ENABLE_FEATURE_HTTPD_RANGES |
1138 | if (responseNum == HTTP_PARTIAL_CONTENT) { |
1139 | len += sprintf(iobuf + len, |
1140 | "Content-Range: bytes %"OFF_FMT"u-%"OFF_FMT"u/%"OFF_FMT"u\r\n", |
1141 | range_start, |
1142 | range_end, |
1143 | file_size |
1144 | ); |
1145 | file_size = range_end - range_start + 1; |
1146 | } |
1147 | #endif |
1148 | len += sprintf(iobuf + len, |
1149 | #if ENABLE_FEATURE_HTTPD_RANGES |
1150 | "Accept-Ranges: bytes\r\n" |
1151 | #endif |
1152 | "Last-Modified: %s\r\n" |
1153 | "%s %"OFF_FMT"u\r\n", |
1154 | date_str, |
1155 | content_gzip ? "Transfer-length:" : "Content-length:", |
1156 | file_size |
1157 | ); |
1158 | } |
1159 | |
1160 | if (content_gzip) |
1161 | len += sprintf(iobuf + len, "Content-Encoding: gzip\r\n"); |
1162 | |
1163 | iobuf[len++] = '\r'; |
1164 | iobuf[len++] = '\n'; |
1165 | if (infoString) { |
1166 | len += sprintf(iobuf + len, |
1167 | "<HTML><HEAD><TITLE>%d %s</TITLE></HEAD>\n" |
1168 | "<BODY><H1>%d %s</H1>\n" |
1169 | "%s\n" |
1170 | "</BODY></HTML>\n", |
1171 | responseNum, responseString, |
1172 | responseNum, responseString, |
1173 | infoString |
1174 | ); |
1175 | } |
1176 | if (DEBUG) { |
1177 | iobuf[len] = '\0'; |
1178 | fprintf(stderr, "headers: '%s'\n", iobuf); |
1179 | } |
1180 | if (full_write(STDOUT_FILENO, iobuf, len) != len) { |
1181 | if (verbose > 1) |
1182 | bb_perror_msg("error"); |
1183 | log_and_exit(); |
1184 | } |
1185 | } |
1186 | |
1187 | static void send_headers_and_exit(int responseNum) NORETURN; |
1188 | static void send_headers_and_exit(int responseNum) |
1189 | { |
1190 | IF_FEATURE_HTTPD_GZIP(content_gzip = 0;) |
1191 | send_headers(responseNum); |
1192 | log_and_exit(); |
1193 | } |
1194 | |
1195 | /* |
1196 | * Read from the socket until '\n' or EOF. '\r' chars are removed. |
1197 | * '\n' is replaced with NUL. |
1198 | * Return number of characters read or 0 if nothing is read |
1199 | * ('\r' and '\n' are not counted). |
1200 | * Data is returned in iobuf. |
1201 | */ |
1202 | static int get_line(void) |
1203 | { |
1204 | int count = 0; |
1205 | char c; |
1206 | |
1207 | alarm(HEADER_READ_TIMEOUT); |
1208 | while (1) { |
1209 | if (hdr_cnt <= 0) { |
1210 | hdr_cnt = safe_read(STDIN_FILENO, hdr_buf, sizeof_hdr_buf); |
1211 | if (hdr_cnt <= 0) |
1212 | break; |
1213 | hdr_ptr = hdr_buf; |
1214 | } |
1215 | iobuf[count] = c = *hdr_ptr++; |
1216 | hdr_cnt--; |
1217 | |
1218 | if (c == '\r') |
1219 | continue; |
1220 | if (c == '\n') { |
1221 | iobuf[count] = '\0'; |
1222 | break; |
1223 | } |
1224 | if (count < (IOBUF_SIZE - 1)) /* check overflow */ |
1225 | count++; |
1226 | } |
1227 | return count; |
1228 | } |
1229 | |
1230 | #if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY |
1231 | |
1232 | /* gcc 4.2.1 fares better with NOINLINE */ |
1233 | static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post_len) NORETURN; |
1234 | static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post_len) |
1235 | { |
1236 | enum { FROM_CGI = 1, TO_CGI = 2 }; /* indexes in pfd[] */ |
1237 | struct pollfd pfd[3]; |
1238 | int out_cnt; /* we buffer a bit of initial CGI output */ |
1239 | int count; |
1240 | |
1241 | /* iobuf is used for CGI -> network data, |
1242 | * hdr_buf is for network -> CGI data (POSTDATA) */ |
1243 | |
1244 | /* If CGI dies, we still want to correctly finish reading its output |
1245 | * and send it to the peer. So please no SIGPIPEs! */ |
1246 | signal(SIGPIPE, SIG_IGN); |
1247 | |
1248 | // We inconsistently handle a case when more POSTDATA from network |
1249 | // is coming than we expected. We may give *some part* of that |
1250 | // extra data to CGI. |
1251 | |
1252 | //if (hdr_cnt > post_len) { |
1253 | // /* We got more POSTDATA from network than we expected */ |
1254 | // hdr_cnt = post_len; |
1255 | //} |
1256 | post_len -= hdr_cnt; |
1257 | /* post_len - number of POST bytes not yet read from network */ |
1258 | |
1259 | /* NB: breaking out of this loop jumps to log_and_exit() */ |
1260 | out_cnt = 0; |
1261 | pfd[FROM_CGI].fd = fromCgi_rd; |
1262 | pfd[FROM_CGI].events = POLLIN; |
1263 | pfd[TO_CGI].fd = toCgi_wr; |
1264 | while (1) { |
1265 | /* Note: even pfd[0].events == 0 won't prevent |
1266 | * revents == POLLHUP|POLLERR reports from closed stdin. |
1267 | * Setting fd to -1 works: */ |
1268 | pfd[0].fd = -1; |
1269 | pfd[0].events = POLLIN; |
1270 | pfd[0].revents = 0; /* probably not needed, paranoia */ |
1271 | |
1272 | /* We always poll this fd, thus kernel always sets revents: */ |
1273 | /*pfd[FROM_CGI].events = POLLIN; - moved out of loop */ |
1274 | /*pfd[FROM_CGI].revents = 0; - not needed */ |
1275 | |
1276 | /* gcc-4.8.0 still doesnt fill two shorts with one insn :( */ |
1277 | /* http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47059 */ |
1278 | /* hopefully one day it will... */ |
1279 | pfd[TO_CGI].events = POLLOUT; |
1280 | pfd[TO_CGI].revents = 0; /* needed! */ |
1281 | |
1282 | if (toCgi_wr && hdr_cnt <= 0) { |
1283 | if (post_len > 0) { |
1284 | /* Expect more POST data from network */ |
1285 | pfd[0].fd = 0; |
1286 | } else { |
1287 | /* post_len <= 0 && hdr_cnt <= 0: |
1288 | * no more POST data to CGI, |
1289 | * let CGI see EOF on CGI's stdin */ |
1290 | if (toCgi_wr != fromCgi_rd) |
1291 | close(toCgi_wr); |
1292 | toCgi_wr = 0; |
1293 | } |
1294 | } |
1295 | |
1296 | /* Now wait on the set of sockets */ |
1297 | count = safe_poll(pfd, hdr_cnt > 0 ? TO_CGI+1 : FROM_CGI+1, -1); |
1298 | if (count <= 0) { |
1299 | #if 0 |
1300 | if (safe_waitpid(pid, &status, WNOHANG) <= 0) { |
1301 | /* Weird. CGI didn't exit and no fd's |
1302 | * are ready, yet poll returned?! */ |
1303 | continue; |
1304 | } |
1305 | if (DEBUG && WIFEXITED(status)) |
1306 | bb_error_msg("CGI exited, status=%d", WEXITSTATUS(status)); |
1307 | if (DEBUG && WIFSIGNALED(status)) |
1308 | bb_error_msg("CGI killed, signal=%d", WTERMSIG(status)); |
1309 | #endif |
1310 | break; |
1311 | } |
1312 | |
1313 | if (pfd[TO_CGI].revents) { |
1314 | /* hdr_cnt > 0 here due to the way poll() called */ |
1315 | /* Have data from peer and can write to CGI */ |
1316 | count = safe_write(toCgi_wr, hdr_ptr, hdr_cnt); |
1317 | /* Doesn't happen, we dont use nonblocking IO here |
1318 | *if (count < 0 && errno == EAGAIN) { |
1319 | * ... |
1320 | *} else */ |
1321 | if (count > 0) { |
1322 | hdr_ptr += count; |
1323 | hdr_cnt -= count; |
1324 | } else { |
1325 | /* EOF/broken pipe to CGI, stop piping POST data */ |
1326 | hdr_cnt = post_len = 0; |
1327 | } |
1328 | } |
1329 | |
1330 | if (pfd[0].revents) { |
1331 | /* post_len > 0 && hdr_cnt == 0 here */ |
1332 | /* We expect data, prev data portion is eaten by CGI |
1333 | * and there *is* data to read from the peer |
1334 | * (POSTDATA) */ |
1335 | //count = post_len > (int)sizeof_hdr_buf ? (int)sizeof_hdr_buf : post_len; |
1336 | //count = safe_read(STDIN_FILENO, hdr_buf, count); |
1337 | count = safe_read(STDIN_FILENO, hdr_buf, sizeof_hdr_buf); |
1338 | if (count > 0) { |
1339 | hdr_cnt = count; |
1340 | hdr_ptr = hdr_buf; |
1341 | post_len -= count; |
1342 | } else { |
1343 | /* no more POST data can be read */ |
1344 | post_len = 0; |
1345 | } |
1346 | } |
1347 | |
1348 | if (pfd[FROM_CGI].revents) { |
1349 | /* There is something to read from CGI */ |
1350 | char *rbuf = iobuf; |
1351 | |
1352 | /* Are we still buffering CGI output? */ |
1353 | if (out_cnt >= 0) { |
1354 | /* HTTP_200[] has single "\r\n" at the end. |
1355 | * According to http://hoohoo.ncsa.uiuc.edu/cgi/out.html, |
1356 | * CGI scripts MUST send their own header terminated by |
1357 | * empty line, then data. That's why we have only one |
1358 | * <cr><lf> pair here. We will output "200 OK" line |
1359 | * if needed, but CGI still has to provide blank line |
1360 | * between header and body */ |
1361 | |
1362 | /* Must use safe_read, not full_read, because |
1363 | * CGI may output a few first bytes and then wait |
1364 | * for POSTDATA without closing stdout. |
1365 | * With full_read we may wait here forever. */ |
1366 | count = safe_read(fromCgi_rd, rbuf + out_cnt, PIPE_BUF - 8); |
1367 | if (count <= 0) { |
1368 | /* eof (or error) and there was no "HTTP", |
1369 | * so write it, then write received data */ |
1370 | if (out_cnt) { |
1371 | full_write(STDOUT_FILENO, HTTP_200, sizeof(HTTP_200)-1); |
1372 | full_write(STDOUT_FILENO, rbuf, out_cnt); |
1373 | } |
1374 | break; /* CGI stdout is closed, exiting */ |
1375 | } |
1376 | out_cnt += count; |
1377 | count = 0; |
1378 | /* "Status" header format is: "Status: 302 Redirected\r\n" */ |
1379 | if (out_cnt >= 7 && memcmp(rbuf, "Status:", 7) == 0) { |
1380 | /* send "HTTP/1.0 " */ |
1381 | if (full_write(STDOUT_FILENO, HTTP_200, 9) != 9) |
1382 | break; |
1383 | rbuf += 7; /* skip "Status:" */ |
1384 | count = out_cnt - 7; |
1385 | out_cnt = -1; /* buffering off */ |
1386 | } else if (out_cnt >= 4) { |
1387 | /* Did CGI add "HTTP"? */ |
1388 | if (memcmp(rbuf, HTTP_200, 4) != 0) { |
1389 | /* there is no "HTTP", do it ourself */ |
1390 | if (full_write(STDOUT_FILENO, HTTP_200, sizeof(HTTP_200)-1) != sizeof(HTTP_200)-1) |
1391 | break; |
1392 | } |
1393 | /* Commented out: |
1394 | if (!strstr(rbuf, "ontent-")) { |
1395 | full_write(s, "Content-type: text/plain\r\n\r\n", 28); |
1396 | } |
1397 | * Counter-example of valid CGI without Content-type: |
1398 | * echo -en "HTTP/1.0 302 Found\r\n" |
1399 | * echo -en "Location: http://www.busybox.net\r\n" |
1400 | * echo -en "\r\n" |
1401 | */ |
1402 | count = out_cnt; |
1403 | out_cnt = -1; /* buffering off */ |
1404 | } |
1405 | } else { |
1406 | count = safe_read(fromCgi_rd, rbuf, PIPE_BUF); |
1407 | if (count <= 0) |
1408 | break; /* eof (or error) */ |
1409 | } |
1410 | if (full_write(STDOUT_FILENO, rbuf, count) != count) |
1411 | break; |
1412 | if (DEBUG) |
1413 | fprintf(stderr, "cgi read %d bytes: '%.*s'\n", count, count, rbuf); |
1414 | } /* if (pfd[FROM_CGI].revents) */ |
1415 | } /* while (1) */ |
1416 | log_and_exit(); |
1417 | } |
1418 | #endif |
1419 | |
1420 | #if ENABLE_FEATURE_HTTPD_CGI |
1421 | |
1422 | static void setenv1(const char *name, const char *value) |
1423 | { |
1424 | setenv(name, value ? value : "", 1); |
1425 | } |
1426 | |
1427 | /* |
1428 | * Spawn CGI script, forward CGI's stdin/out <=> network |
1429 | * |
1430 | * Environment variables are set up and the script is invoked with pipes |
1431 | * for stdin/stdout. If a POST is being done the script is fed the POST |
1432 | * data in addition to setting the QUERY_STRING variable (for GETs or POSTs). |
1433 | * |
1434 | * Parameters: |
1435 | * const char *url The requested URL (with leading /). |
1436 | * const char *orig_uri The original URI before rewriting (if any) |
1437 | * int post_len Length of the POST body. |
1438 | * const char *cookie For set HTTP_COOKIE. |
1439 | * const char *content_type For set CONTENT_TYPE. |
1440 | */ |
1441 | static void send_cgi_and_exit( |
1442 | const char *url, |
1443 | const char *orig_uri, |
1444 | const char *request, |
1445 | int post_len, |
1446 | const char *cookie, |
1447 | const char *content_type) NORETURN; |
1448 | static void send_cgi_and_exit( |
1449 | const char *url, |
1450 | const char *orig_uri, |
1451 | const char *request, |
1452 | int post_len, |
1453 | const char *cookie, |
1454 | const char *content_type) |
1455 | { |
1456 | struct fd_pair fromCgi; /* CGI -> httpd pipe */ |
1457 | struct fd_pair toCgi; /* httpd -> CGI pipe */ |
1458 | char *script, *last_slash; |
1459 | int pid; |
1460 | |
1461 | /* Make a copy. NB: caller guarantees: |
1462 | * url[0] == '/', url[1] != '/' */ |
1463 | url = xstrdup(url); |
1464 | |
1465 | /* |
1466 | * We are mucking with environment _first_ and then vfork/exec, |
1467 | * this allows us to use vfork safely. Parent doesn't care about |
1468 | * these environment changes anyway. |
1469 | */ |
1470 | |
1471 | /* Check for [dirs/]script.cgi/PATH_INFO */ |
1472 | last_slash = script = (char*)url; |
1473 | while ((script = strchr(script + 1, '/')) != NULL) { |
1474 | int dir; |
1475 | *script = '\0'; |
1476 | dir = is_directory(url + 1, /*followlinks:*/ 1); |
1477 | *script = '/'; |
1478 | if (!dir) { |
1479 | /* not directory, found script.cgi/PATH_INFO */ |
1480 | break; |
1481 | } |
1482 | /* is directory, find next '/' */ |
1483 | last_slash = script; |
1484 | } |
1485 | setenv1("PATH_INFO", script); /* set to /PATH_INFO or "" */ |
1486 | setenv1("REQUEST_METHOD", request); |
1487 | if (g_query) { |
1488 | putenv(xasprintf("%s=%s?%s", "REQUEST_URI", orig_uri, g_query)); |
1489 | } else { |
1490 | setenv1("REQUEST_URI", orig_uri); |
1491 | } |
1492 | if (script != NULL) |
1493 | *script = '\0'; /* cut off /PATH_INFO */ |
1494 | |
1495 | /* SCRIPT_FILENAME is required by PHP in CGI mode */ |
1496 | if (home_httpd[0] == '/') { |
1497 | char *fullpath = concat_path_file(home_httpd, url); |
1498 | setenv1("SCRIPT_FILENAME", fullpath); |
1499 | } |
1500 | /* set SCRIPT_NAME as full path: /cgi-bin/dirs/script.cgi */ |
1501 | setenv1("SCRIPT_NAME", url); |
1502 | /* http://hoohoo.ncsa.uiuc.edu/cgi/env.html: |
1503 | * QUERY_STRING: The information which follows the ? in the URL |
1504 | * which referenced this script. This is the query information. |
1505 | * It should not be decoded in any fashion. This variable |
1506 | * should always be set when there is query information, |
1507 | * regardless of command line decoding. */ |
1508 | /* (Older versions of bbox seem to do some decoding) */ |
1509 | setenv1("QUERY_STRING", g_query); |
1510 | putenv((char*)"SERVER_SOFTWARE=busybox httpd/"BB_VER); |
1511 | putenv((char*)"SERVER_PROTOCOL=HTTP/1.0"); |
1512 | putenv((char*)"GATEWAY_INTERFACE=CGI/1.1"); |
1513 | /* Having _separate_ variables for IP and port defeats |
1514 | * the purpose of having socket abstraction. Which "port" |
1515 | * are you using on Unix domain socket? |
1516 | * IOW - REMOTE_PEER="1.2.3.4:56" makes much more sense. |
1517 | * Oh well... */ |
1518 | { |
1519 | char *p = rmt_ip_str ? rmt_ip_str : (char*)""; |
1520 | char *cp = strrchr(p, ':'); |
1521 | if (ENABLE_FEATURE_IPV6 && cp && strchr(cp, ']')) |
1522 | cp = NULL; |
1523 | if (cp) *cp = '\0'; /* delete :PORT */ |
1524 | setenv1("REMOTE_ADDR", p); |
1525 | if (cp) { |
1526 | *cp = ':'; |
1527 | #if ENABLE_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV |
1528 | setenv1("REMOTE_PORT", cp + 1); |
1529 | #endif |
1530 | } |
1531 | } |
1532 | setenv1("HTTP_USER_AGENT", user_agent); |
1533 | if (http_accept) |
1534 | setenv1("HTTP_ACCEPT", http_accept); |
1535 | if (http_accept_language) |
1536 | setenv1("HTTP_ACCEPT_LANGUAGE", http_accept_language); |
1537 | if (post_len) |
1538 | putenv(xasprintf("CONTENT_LENGTH=%d", post_len)); |
1539 | if (cookie) |
1540 | setenv1("HTTP_COOKIE", cookie); |
1541 | if (content_type) |
1542 | setenv1("CONTENT_TYPE", content_type); |
1543 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
1544 | if (remoteuser) { |
1545 | setenv1("REMOTE_USER", remoteuser); |
1546 | putenv((char*)"AUTH_TYPE=Basic"); |
1547 | } |
1548 | #endif |
1549 | if (referer) |
1550 | setenv1("HTTP_REFERER", referer); |
1551 | setenv1("HTTP_HOST", host); /* set to "" if NULL */ |
1552 | /* setenv1("SERVER_NAME", safe_gethostname()); - don't do this, |
1553 | * just run "env SERVER_NAME=xyz httpd ..." instead */ |
1554 | |
1555 | xpiped_pair(fromCgi); |
1556 | xpiped_pair(toCgi); |
1557 | |
1558 | pid = vfork(); |
1559 | if (pid < 0) { |
1560 | /* TODO: log perror? */ |
1561 | log_and_exit(); |
1562 | } |
1563 | |
1564 | if (pid == 0) { |
1565 | /* Child process */ |
1566 | char *argv[3]; |
1567 | |
1568 | xfunc_error_retval = 242; |
1569 | |
1570 | /* NB: close _first_, then move fds! */ |
1571 | close(toCgi.wr); |
1572 | close(fromCgi.rd); |
1573 | xmove_fd(toCgi.rd, 0); /* replace stdin with the pipe */ |
1574 | xmove_fd(fromCgi.wr, 1); /* replace stdout with the pipe */ |
1575 | /* User seeing stderr output can be a security problem. |
1576 | * If CGI really wants that, it can always do dup itself. */ |
1577 | /* dup2(1, 2); */ |
1578 | |
1579 | /* Chdiring to script's dir */ |
1580 | script = last_slash; |
1581 | if (script != url) { /* paranoia */ |
1582 | *script = '\0'; |
1583 | if (chdir(url + 1) != 0) { |
1584 | bb_perror_msg("can't change directory to '%s'", url + 1); |
1585 | goto error_execing_cgi; |
1586 | } |
1587 | // not needed: *script = '/'; |
1588 | } |
1589 | script++; |
1590 | |
1591 | /* set argv[0] to name without path */ |
1592 | argv[0] = script; |
1593 | argv[1] = NULL; |
1594 | |
1595 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
1596 | { |
1597 | char *suffix = strrchr(script, '.'); |
1598 | |
1599 | if (suffix) { |
1600 | Htaccess *cur; |
1601 | for (cur = script_i; cur; cur = cur->next) { |
1602 | if (strcmp(cur->before_colon + 1, suffix) == 0) { |
1603 | /* found interpreter name */ |
1604 | argv[0] = cur->after_colon; |
1605 | argv[1] = script; |
1606 | argv[2] = NULL; |
1607 | break; |
1608 | } |
1609 | } |
1610 | } |
1611 | } |
1612 | #endif |
1613 | /* restore default signal dispositions for CGI process */ |
1614 | bb_signals(0 |
1615 | | (1 << SIGCHLD) |
1616 | | (1 << SIGPIPE) |
1617 | | (1 << SIGHUP) |
1618 | , SIG_DFL); |
1619 | |
1620 | /* _NOT_ execvp. We do not search PATH. argv[0] is a filename |
1621 | * without any dir components and will only match a file |
1622 | * in the current directory */ |
1623 | execv(argv[0], argv); |
1624 | if (verbose) |
1625 | bb_perror_msg("can't execute '%s'", argv[0]); |
1626 | error_execing_cgi: |
1627 | /* send to stdout |
1628 | * (we are CGI here, our stdout is pumped to the net) */ |
1629 | send_headers_and_exit(HTTP_NOT_FOUND); |
1630 | } /* end child */ |
1631 | |
1632 | /* Parent process */ |
1633 | |
1634 | /* Restore variables possibly changed by child */ |
1635 | xfunc_error_retval = 0; |
1636 | |
1637 | /* Pump data */ |
1638 | close(fromCgi.wr); |
1639 | close(toCgi.rd); |
1640 | cgi_io_loop_and_exit(fromCgi.rd, toCgi.wr, post_len); |
1641 | } |
1642 | |
1643 | #endif /* FEATURE_HTTPD_CGI */ |
1644 | |
1645 | /* |
1646 | * Send a file response to a HTTP request, and exit |
1647 | * |
1648 | * Parameters: |
1649 | * const char *url The requested URL (with leading /). |
1650 | * what What to send (headers/body/both). |
1651 | */ |
1652 | static NOINLINE void send_file_and_exit(const char *url, int what) |
1653 | { |
1654 | char *suffix; |
1655 | int fd; |
1656 | ssize_t count; |
1657 | |
1658 | if (content_gzip) { |
1659 | /* does <url>.gz exist? Then use it instead */ |
1660 | char *gzurl = xasprintf("%s.gz", url); |
1661 | fd = open(gzurl, O_RDONLY); |
1662 | free(gzurl); |
1663 | if (fd != -1) { |
1664 | struct stat sb; |
1665 | fstat(fd, &sb); |
1666 | file_size = sb.st_size; |
1667 | last_mod = sb.st_mtime; |
1668 | } else { |
1669 | IF_FEATURE_HTTPD_GZIP(content_gzip = 0;) |
1670 | fd = open(url, O_RDONLY); |
1671 | } |
1672 | } else { |
1673 | fd = open(url, O_RDONLY); |
1674 | } |
1675 | if (fd < 0) { |
1676 | if (DEBUG) |
1677 | bb_perror_msg("can't open '%s'", url); |
1678 | /* Error pages are sent by using send_file_and_exit(SEND_BODY). |
1679 | * IOW: it is unsafe to call send_headers_and_exit |
1680 | * if what is SEND_BODY! Can recurse! */ |
1681 | if (what != SEND_BODY) |
1682 | send_headers_and_exit(HTTP_NOT_FOUND); |
1683 | log_and_exit(); |
1684 | } |
1685 | /* If you want to know about EPIPE below |
1686 | * (happens if you abort downloads from local httpd): */ |
1687 | signal(SIGPIPE, SIG_IGN); |
1688 | |
1689 | /* If not found, default is "application/octet-stream" */ |
1690 | found_mime_type = "application/octet-stream"; |
1691 | suffix = strrchr(url, '.'); |
1692 | if (suffix) { |
1693 | static const char suffixTable[] ALIGN1 = |
1694 | /* Shorter suffix must be first: |
1695 | * ".html.htm" will fail for ".htm" |
1696 | */ |
1697 | ".txt.h.c.cc.cpp\0" "text/plain\0" |
1698 | /* .htm line must be after .h line */ |
1699 | ".htm.html\0" "text/html\0" |
1700 | ".jpg.jpeg\0" "image/jpeg\0" |
1701 | ".gif\0" "image/gif\0" |
1702 | ".png\0" "image/png\0" |
1703 | /* .css line must be after .c line */ |
1704 | ".css\0" "text/css\0" |
1705 | ".wav\0" "audio/wav\0" |
1706 | ".avi\0" "video/x-msvideo\0" |
1707 | ".qt.mov\0" "video/quicktime\0" |
1708 | ".mpe.mpeg\0" "video/mpeg\0" |
1709 | ".mid.midi\0" "audio/midi\0" |
1710 | ".mp3\0" "audio/mpeg\0" |
1711 | #if 0 /* unpopular */ |
1712 | ".au\0" "audio/basic\0" |
1713 | ".pac\0" "application/x-ns-proxy-autoconfig\0" |
1714 | ".vrml.wrl\0" "model/vrml\0" |
1715 | #endif |
1716 | /* compiler adds another "\0" here */ |
1717 | ; |
1718 | Htaccess *cur; |
1719 | |
1720 | /* Examine built-in table */ |
1721 | const char *table = suffixTable; |
1722 | const char *table_next; |
1723 | for (; *table; table = table_next) { |
1724 | const char *try_suffix; |
1725 | const char *mime_type; |
1726 | mime_type = table + strlen(table) + 1; |
1727 | table_next = mime_type + strlen(mime_type) + 1; |
1728 | try_suffix = strstr(table, suffix); |
1729 | if (!try_suffix) |
1730 | continue; |
1731 | try_suffix += strlen(suffix); |
1732 | if (*try_suffix == '\0' || *try_suffix == '.') { |
1733 | found_mime_type = mime_type; |
1734 | break; |
1735 | } |
1736 | /* Example: strstr(table, ".av") != NULL, but it |
1737 | * does not match ".avi" after all and we end up here. |
1738 | * The table is arranged so that in this case we know |
1739 | * that it can't match anything in the following lines, |
1740 | * and we stop the search: */ |
1741 | break; |
1742 | } |
1743 | /* ...then user's table */ |
1744 | for (cur = mime_a; cur; cur = cur->next) { |
1745 | if (strcmp(cur->before_colon, suffix) == 0) { |
1746 | found_mime_type = cur->after_colon; |
1747 | break; |
1748 | } |
1749 | } |
1750 | } |
1751 | |
1752 | if (DEBUG) |
1753 | bb_error_msg("sending file '%s' content-type: %s", |
1754 | url, found_mime_type); |
1755 | |
1756 | #if ENABLE_FEATURE_HTTPD_RANGES |
1757 | if (what == SEND_BODY /* err pages and ranges don't mix */ |
1758 | || content_gzip /* we are sending compressed page: can't do ranges */ ///why? |
1759 | ) { |
1760 | range_start = -1; |
1761 | } |
1762 | range_len = MAXINT(off_t); |
1763 | if (range_start >= 0) { |
1764 | if (!range_end || range_end > file_size - 1) { |
1765 | range_end = file_size - 1; |
1766 | } |
1767 | if (range_end < range_start |
1768 | || lseek(fd, range_start, SEEK_SET) != range_start |
1769 | ) { |
1770 | lseek(fd, 0, SEEK_SET); |
1771 | range_start = -1; |
1772 | } else { |
1773 | range_len = range_end - range_start + 1; |
1774 | send_headers(HTTP_PARTIAL_CONTENT); |
1775 | what = SEND_BODY; |
1776 | } |
1777 | } |
1778 | #endif |
1779 | if (what & SEND_HEADERS) |
1780 | send_headers(HTTP_OK); |
1781 | #if ENABLE_FEATURE_USE_SENDFILE |
1782 | { |
1783 | off_t offset = range_start; |
1784 | while (1) { |
1785 | /* sz is rounded down to 64k */ |
1786 | ssize_t sz = MAXINT(ssize_t) - 0xffff; |
1787 | IF_FEATURE_HTTPD_RANGES(if (sz > range_len) sz = range_len;) |
1788 | count = sendfile(STDOUT_FILENO, fd, &offset, sz); |
1789 | if (count < 0) { |
1790 | if (offset == range_start) |
1791 | break; /* fall back to read/write loop */ |
1792 | goto fin; |
1793 | } |
1794 | IF_FEATURE_HTTPD_RANGES(range_len -= count;) |
1795 | if (count == 0 || range_len == 0) |
1796 | log_and_exit(); |
1797 | } |
1798 | } |
1799 | #endif |
1800 | while ((count = safe_read(fd, iobuf, IOBUF_SIZE)) > 0) { |
1801 | ssize_t n; |
1802 | IF_FEATURE_HTTPD_RANGES(if (count > range_len) count = range_len;) |
1803 | n = full_write(STDOUT_FILENO, iobuf, count); |
1804 | if (count != n) |
1805 | break; |
1806 | IF_FEATURE_HTTPD_RANGES(range_len -= count;) |
1807 | if (range_len == 0) |
1808 | break; |
1809 | } |
1810 | if (count < 0) { |
1811 | IF_FEATURE_USE_SENDFILE(fin:) |
1812 | if (verbose > 1) |
1813 | bb_perror_msg("error"); |
1814 | } |
1815 | log_and_exit(); |
1816 | } |
1817 | |
1818 | static int checkPermIP(void) |
1819 | { |
1820 | Htaccess_IP *cur; |
1821 | |
1822 | for (cur = ip_a_d; cur; cur = cur->next) { |
1823 | #if DEBUG |
1824 | fprintf(stderr, |
1825 | "checkPermIP: '%s' ? '%u.%u.%u.%u/%u.%u.%u.%u'\n", |
1826 | rmt_ip_str, |
1827 | (unsigned char)(cur->ip >> 24), |
1828 | (unsigned char)(cur->ip >> 16), |
1829 | (unsigned char)(cur->ip >> 8), |
1830 | (unsigned char)(cur->ip), |
1831 | (unsigned char)(cur->mask >> 24), |
1832 | (unsigned char)(cur->mask >> 16), |
1833 | (unsigned char)(cur->mask >> 8), |
1834 | (unsigned char)(cur->mask) |
1835 | ); |
1836 | #endif |
1837 | if ((rmt_ip & cur->mask) == cur->ip) |
1838 | return (cur->allow_deny == 'A'); /* A -> 1 */ |
1839 | } |
1840 | |
1841 | return !flg_deny_all; /* depends on whether we saw "D:*" */ |
1842 | } |
1843 | |
1844 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
1845 | |
1846 | # if ENABLE_PAM |
1847 | struct pam_userinfo { |
1848 | const char *name; |
1849 | const char *pw; |
1850 | }; |
1851 | |
1852 | static int pam_talker(int num_msg, |
1853 | const struct pam_message **msg, |
1854 | struct pam_response **resp, |
1855 | void *appdata_ptr) |
1856 | { |
1857 | int i; |
1858 | struct pam_userinfo *userinfo = (struct pam_userinfo *) appdata_ptr; |
1859 | struct pam_response *response; |
1860 | |
1861 | if (!resp || !msg || !userinfo) |
1862 | return PAM_CONV_ERR; |
1863 | |
1864 | /* allocate memory to store response */ |
1865 | response = xzalloc(num_msg * sizeof(*response)); |
1866 | |
1867 | /* copy values */ |
1868 | for (i = 0; i < num_msg; i++) { |
1869 | const char *s; |
1870 | |
1871 | switch (msg[i]->msg_style) { |
1872 | case PAM_PROMPT_ECHO_ON: |
1873 | s = userinfo->name; |
1874 | break; |
1875 | case PAM_PROMPT_ECHO_OFF: |
1876 | s = userinfo->pw; |
1877 | break; |
1878 | case PAM_ERROR_MSG: |
1879 | case PAM_TEXT_INFO: |
1880 | s = ""; |
1881 | break; |
1882 | default: |
1883 | free(response); |
1884 | return PAM_CONV_ERR; |
1885 | } |
1886 | response[i].resp = xstrdup(s); |
1887 | if (PAM_SUCCESS != 0) |
1888 | response[i].resp_retcode = PAM_SUCCESS; |
1889 | } |
1890 | *resp = response; |
1891 | return PAM_SUCCESS; |
1892 | } |
1893 | # endif |
1894 | |
1895 | /* |
1896 | * Config file entries are of the form "/<path>:<user>:<passwd>". |
1897 | * If config file has no prefix match for path, access is allowed. |
1898 | * |
1899 | * path The file path |
1900 | * user_and_passwd "user:passwd" to validate |
1901 | * |
1902 | * Returns 1 if user_and_passwd is OK. |
1903 | */ |
1904 | static int check_user_passwd(const char *path, char *user_and_passwd) |
1905 | { |
1906 | Htaccess *cur; |
1907 | const char *prev = NULL; |
1908 | |
1909 | for (cur = g_auth; cur; cur = cur->next) { |
1910 | const char *dir_prefix; |
1911 | size_t len; |
1912 | int r; |
1913 | |
1914 | dir_prefix = cur->before_colon; |
1915 | |
1916 | /* WHY? */ |
1917 | /* If already saw a match, don't accept other different matches */ |
1918 | if (prev && strcmp(prev, dir_prefix) != 0) |
1919 | continue; |
1920 | |
1921 | if (DEBUG) |
1922 | fprintf(stderr, "checkPerm: '%s' ? '%s'\n", dir_prefix, user_and_passwd); |
1923 | |
1924 | /* If it's not a prefix match, continue searching */ |
1925 | len = strlen(dir_prefix); |
1926 | if (len != 1 /* dir_prefix "/" matches all, don't need to check */ |
1927 | && (strncmp(dir_prefix, path, len) != 0 |
1928 | || (path[len] != '/' && path[len] != '\0') |
1929 | ) |
1930 | ) { |
1931 | continue; |
1932 | } |
1933 | |
1934 | /* Path match found */ |
1935 | prev = dir_prefix; |
1936 | |
1937 | if (ENABLE_FEATURE_HTTPD_AUTH_MD5) { |
1938 | char *colon_after_user; |
1939 | const char *passwd; |
1940 | # if ENABLE_FEATURE_SHADOWPASSWDS && !ENABLE_PAM |
1941 | char sp_buf[256]; |
1942 | # endif |
1943 | |
1944 | colon_after_user = strchr(user_and_passwd, ':'); |
1945 | if (!colon_after_user) |
1946 | goto bad_input; |
1947 | |
1948 | /* compare "user:" */ |
1949 | if (cur->after_colon[0] != '*' |
1950 | && strncmp(cur->after_colon, user_and_passwd, |
1951 | colon_after_user - user_and_passwd + 1) != 0 |
1952 | ) { |
1953 | continue; |
1954 | } |
1955 | /* this cfg entry is '*' or matches username from peer */ |
1956 | |
1957 | passwd = strchr(cur->after_colon, ':'); |
1958 | if (!passwd) |
1959 | goto bad_input; |
1960 | passwd++; |
1961 | if (passwd[0] == '*') { |
1962 | # if ENABLE_PAM |
1963 | struct pam_userinfo userinfo; |
1964 | struct pam_conv conv_info = { &pam_talker, (void *) &userinfo }; |
1965 | pam_handle_t *pamh; |
1966 | |
1967 | *colon_after_user = '\0'; |
1968 | userinfo.name = user_and_passwd; |
1969 | userinfo.pw = colon_after_user + 1; |
1970 | r = pam_start("httpd", user_and_passwd, &conv_info, &pamh) != PAM_SUCCESS; |
1971 | if (r == 0) { |
1972 | r = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS |
1973 | || pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS |
1974 | ; |
1975 | pam_end(pamh, PAM_SUCCESS); |
1976 | } |
1977 | *colon_after_user = ':'; |
1978 | goto end_check_passwd; |
1979 | # else |
1980 | # if ENABLE_FEATURE_SHADOWPASSWDS |
1981 | /* Using _r function to avoid pulling in static buffers */ |
1982 | struct spwd spw; |
1983 | # endif |
1984 | struct passwd *pw; |
1985 | |
1986 | *colon_after_user = '\0'; |
1987 | pw = getpwnam(user_and_passwd); |
1988 | *colon_after_user = ':'; |
1989 | if (!pw || !pw->pw_passwd) |
1990 | continue; |
1991 | passwd = pw->pw_passwd; |
1992 | # if ENABLE_FEATURE_SHADOWPASSWDS |
1993 | if ((passwd[0] == 'x' || passwd[0] == '*') && !passwd[1]) { |
1994 | /* getspnam_r may return 0 yet set result to NULL. |
1995 | * At least glibc 2.4 does this. Be extra paranoid here. */ |
1996 | struct spwd *result = NULL; |
1997 | r = getspnam_r(pw->pw_name, &spw, sp_buf, sizeof(sp_buf), &result); |
1998 | if (r == 0 && result) |
1999 | passwd = result->sp_pwdp; |
2000 | } |
2001 | # endif |
2002 | /* In this case, passwd is ALWAYS encrypted: |
2003 | * it came from /etc/passwd or /etc/shadow! |
2004 | */ |
2005 | goto check_encrypted; |
2006 | # endif /* ENABLE_PAM */ |
2007 | } |
2008 | /* Else: passwd is from httpd.conf, it is either plaintext or encrypted */ |
2009 | |
2010 | if (passwd[0] == '$' && isdigit(passwd[1])) { |
2011 | char *encrypted; |
2012 | # if !ENABLE_PAM |
2013 | check_encrypted: |
2014 | # endif |
2015 | /* encrypt pwd from peer and check match with local one */ |
2016 | encrypted = pw_encrypt( |
2017 | /* pwd (from peer): */ colon_after_user + 1, |
2018 | /* salt: */ passwd, |
2019 | /* cleanup: */ 0 |
2020 | ); |
2021 | r = strcmp(encrypted, passwd); |
2022 | free(encrypted); |
2023 | } else { |
2024 | /* local passwd is from httpd.conf and it's plaintext */ |
2025 | r = strcmp(colon_after_user + 1, passwd); |
2026 | } |
2027 | goto end_check_passwd; |
2028 | } |
2029 | bad_input: |
2030 | /* Comparing plaintext "user:pass" in one go */ |
2031 | r = strcmp(cur->after_colon, user_and_passwd); |
2032 | end_check_passwd: |
2033 | if (r == 0) { |
2034 | remoteuser = xstrndup(user_and_passwd, |
2035 | strchrnul(user_and_passwd, ':') - user_and_passwd |
2036 | ); |
2037 | return 1; /* Ok */ |
2038 | } |
2039 | } /* for */ |
2040 | |
2041 | /* 0(bad) if prev is set: matches were found but passwd was wrong */ |
2042 | return (prev == NULL); |
2043 | } |
2044 | #endif /* FEATURE_HTTPD_BASIC_AUTH */ |
2045 | |
2046 | #if ENABLE_FEATURE_HTTPD_PROXY |
2047 | static Htaccess_Proxy *find_proxy_entry(const char *url) |
2048 | { |
2049 | Htaccess_Proxy *p; |
2050 | for (p = proxy; p; p = p->next) { |
2051 | if (is_prefixed_with(url, p->url_from)) |
2052 | return p; |
2053 | } |
2054 | return NULL; |
2055 | } |
2056 | #endif |
2057 | |
2058 | /* |
2059 | * Handle timeouts |
2060 | */ |
2061 | static void send_REQUEST_TIMEOUT_and_exit(int sig) NORETURN; |
2062 | static void send_REQUEST_TIMEOUT_and_exit(int sig UNUSED_PARAM) |
2063 | { |
2064 | send_headers_and_exit(HTTP_REQUEST_TIMEOUT); |
2065 | } |
2066 | |
2067 | /* |
2068 | * Handle an incoming http request and exit. |
2069 | */ |
2070 | static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) NORETURN; |
2071 | static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) |
2072 | { |
2073 | static const char request_GET[] ALIGN1 = "GET"; |
2074 | struct stat sb; |
2075 | char *urlcopy; |
2076 | char *urlp; |
2077 | char *tptr; |
2078 | #if ENABLE_FEATURE_HTTPD_CGI |
2079 | static const char request_HEAD[] ALIGN1 = "HEAD"; |
2080 | const char *prequest; |
2081 | char *cookie = NULL; |
2082 | char *content_type = NULL; |
2083 | unsigned long length = 0; |
2084 | #elif ENABLE_FEATURE_HTTPD_PROXY |
2085 | #define prequest request_GET |
2086 | unsigned long length = 0; |
2087 | #endif |
2088 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
2089 | smallint authorized = -1; |
2090 | #endif |
2091 | smallint ip_allowed; |
2092 | char http_major_version; |
2093 | #if ENABLE_FEATURE_HTTPD_PROXY |
2094 | char http_minor_version; |
2095 | char *header_buf = header_buf; /* for gcc */ |
2096 | char *header_ptr = header_ptr; |
2097 | Htaccess_Proxy *proxy_entry; |
2098 | #endif |
2099 | |
2100 | /* Allocation of iobuf is postponed until now |
2101 | * (IOW, server process doesn't need to waste 8k) */ |
2102 | iobuf = xmalloc(IOBUF_SIZE); |
2103 | |
2104 | rmt_ip = 0; |
2105 | if (fromAddr->u.sa.sa_family == AF_INET) { |
2106 | rmt_ip = ntohl(fromAddr->u.sin.sin_addr.s_addr); |
2107 | } |
2108 | #if ENABLE_FEATURE_IPV6 |
2109 | if (fromAddr->u.sa.sa_family == AF_INET6 |
2110 | && fromAddr->u.sin6.sin6_addr.s6_addr32[0] == 0 |
2111 | && fromAddr->u.sin6.sin6_addr.s6_addr32[1] == 0 |
2112 | && ntohl(fromAddr->u.sin6.sin6_addr.s6_addr32[2]) == 0xffff) |
2113 | rmt_ip = ntohl(fromAddr->u.sin6.sin6_addr.s6_addr32[3]); |
2114 | #endif |
2115 | if (ENABLE_FEATURE_HTTPD_CGI || DEBUG || verbose) { |
2116 | /* NB: can be NULL (user runs httpd -i by hand?) */ |
2117 | rmt_ip_str = xmalloc_sockaddr2dotted(&fromAddr->u.sa); |
2118 | } |
2119 | if (verbose) { |
2120 | /* this trick makes -v logging much simpler */ |
2121 | if (rmt_ip_str) |
2122 | applet_name = rmt_ip_str; |
2123 | if (verbose > 2) |
2124 | bb_error_msg("connected"); |
2125 | } |
2126 | |
2127 | /* Install timeout handler. get_line() needs it. */ |
2128 | signal(SIGALRM, send_REQUEST_TIMEOUT_and_exit); |
2129 | |
2130 | if (!get_line()) /* EOF or error or empty line */ |
2131 | send_headers_and_exit(HTTP_BAD_REQUEST); |
2132 | |
2133 | /* Determine type of request (GET/POST) */ |
2134 | // rfc2616: method and URI is separated by exactly one space |
2135 | //urlp = strpbrk(iobuf, " \t"); - no, tab isn't allowed |
2136 | urlp = strchr(iobuf, ' '); |
2137 | if (urlp == NULL) |
2138 | send_headers_and_exit(HTTP_BAD_REQUEST); |
2139 | *urlp++ = '\0'; |
2140 | #if ENABLE_FEATURE_HTTPD_CGI |
2141 | prequest = request_GET; |
2142 | if (strcasecmp(iobuf, prequest) != 0) { |
2143 | prequest = request_HEAD; |
2144 | if (strcasecmp(iobuf, prequest) != 0) { |
2145 | prequest = "POST"; |
2146 | if (strcasecmp(iobuf, prequest) != 0) |
2147 | send_headers_and_exit(HTTP_NOT_IMPLEMENTED); |
2148 | } |
2149 | } |
2150 | #else |
2151 | if (strcasecmp(iobuf, request_GET) != 0) |
2152 | send_headers_and_exit(HTTP_NOT_IMPLEMENTED); |
2153 | #endif |
2154 | // rfc2616: method and URI is separated by exactly one space |
2155 | //urlp = skip_whitespace(urlp); - should not be necessary |
2156 | if (urlp[0] != '/') |
2157 | send_headers_and_exit(HTTP_BAD_REQUEST); |
2158 | |
2159 | /* Find end of URL and parse HTTP version, if any */ |
2160 | http_major_version = '0'; |
2161 | IF_FEATURE_HTTPD_PROXY(http_minor_version = '0';) |
2162 | tptr = strchrnul(urlp, ' '); |
2163 | /* Is it " HTTP/"? */ |
2164 | if (tptr[0] && strncmp(tptr + 1, HTTP_200, 5) == 0) { |
2165 | http_major_version = tptr[6]; |
2166 | IF_FEATURE_HTTPD_PROXY(http_minor_version = tptr[8];) |
2167 | } |
2168 | *tptr = '\0'; |
2169 | |
2170 | /* Copy URL from after "GET "/"POST " to stack-allocated char[] */ |
2171 | urlcopy = alloca((tptr - urlp) + 2 + strlen(index_page)); |
2172 | /*if (urlcopy == NULL) |
2173 | * send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);*/ |
2174 | strcpy(urlcopy, urlp); |
2175 | /* NB: urlcopy ptr is never changed after this */ |
2176 | |
2177 | /* Extract url args if present */ |
2178 | /* g_query = NULL; - already is */ |
2179 | tptr = strchr(urlcopy, '?'); |
2180 | if (tptr) { |
2181 | *tptr++ = '\0'; |
2182 | g_query = tptr; |
2183 | } |
2184 | |
2185 | /* Decode URL escape sequences */ |
2186 | tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1); |
2187 | if (tptr == NULL) |
2188 | send_headers_and_exit(HTTP_BAD_REQUEST); |
2189 | if (tptr == urlcopy + 1) { |
2190 | /* '/' or NUL is encoded */ |
2191 | send_headers_and_exit(HTTP_NOT_FOUND); |
2192 | } |
2193 | |
2194 | /* Canonicalize path */ |
2195 | /* Algorithm stolen from libbb bb_simplify_path(), |
2196 | * but don't strdup, retain trailing slash, protect root */ |
2197 | urlp = tptr = urlcopy; |
2198 | for (;;) { |
2199 | if (*urlp == '/') { |
2200 | /* skip duplicate (or initial) slash */ |
2201 | if (*tptr == '/') { |
2202 | goto next_char; |
2203 | } |
2204 | if (*tptr == '.') { |
2205 | if (tptr[1] == '.' && (tptr[2] == '/' || tptr[2] == '\0')) { |
2206 | /* "..": be careful */ |
2207 | /* protect root */ |
2208 | if (urlp == urlcopy) |
2209 | send_headers_and_exit(HTTP_BAD_REQUEST); |
2210 | /* omit previous dir */ |
2211 | while (*--urlp != '/') |
2212 | continue; |
2213 | /* skip to "./" or ".<NUL>" */ |
2214 | tptr++; |
2215 | } |
2216 | if (tptr[1] == '/' || tptr[1] == '\0') { |
2217 | /* skip extra "/./" */ |
2218 | goto next_char; |
2219 | } |
2220 | } |
2221 | } |
2222 | *++urlp = *tptr; |
2223 | if (*urlp == '\0') |
2224 | break; |
2225 | next_char: |
2226 | tptr++; |
2227 | } |
2228 | |
2229 | /* If URL is a directory, add '/' */ |
2230 | if (urlp[-1] != '/') { |
2231 | if (is_directory(urlcopy + 1, /*followlinks:*/ 1)) { |
2232 | found_moved_temporarily = urlcopy; |
2233 | } |
2234 | } |
2235 | |
2236 | /* Log it */ |
2237 | if (verbose > 1) |
2238 | bb_error_msg("url:%s", urlcopy); |
2239 | |
2240 | tptr = urlcopy; |
2241 | ip_allowed = checkPermIP(); |
2242 | while (ip_allowed && (tptr = strchr(tptr + 1, '/')) != NULL) { |
2243 | /* have path1/path2 */ |
2244 | *tptr = '\0'; |
2245 | if (is_directory(urlcopy + 1, /*followlinks:*/ 1)) { |
2246 | /* may have subdir config */ |
2247 | parse_conf(urlcopy + 1, SUBDIR_PARSE); |
2248 | ip_allowed = checkPermIP(); |
2249 | } |
2250 | *tptr = '/'; |
2251 | } |
2252 | |
2253 | #if ENABLE_FEATURE_HTTPD_PROXY |
2254 | proxy_entry = find_proxy_entry(urlcopy); |
2255 | if (proxy_entry) |
2256 | header_buf = header_ptr = xmalloc(IOBUF_SIZE); |
2257 | #endif |
2258 | |
2259 | if (http_major_version >= '0') { |
2260 | /* Request was with "... HTTP/nXXX", and n >= 0 */ |
2261 | |
2262 | /* Read until blank line */ |
2263 | while (1) { |
2264 | if (!get_line()) |
2265 | break; /* EOF or error or empty line */ |
2266 | if (DEBUG) |
2267 | bb_error_msg("header: '%s'", iobuf); |
2268 | |
2269 | #if ENABLE_FEATURE_HTTPD_PROXY |
2270 | /* We need 2 more bytes for yet another "\r\n" - |
2271 | * see near fdprintf(proxy_fd...) further below */ |
2272 | if (proxy_entry && (header_ptr - header_buf) < IOBUF_SIZE - 2) { |
2273 | int len = strlen(iobuf); |
2274 | if (len > IOBUF_SIZE - (header_ptr - header_buf) - 4) |
2275 | len = IOBUF_SIZE - (header_ptr - header_buf) - 4; |
2276 | memcpy(header_ptr, iobuf, len); |
2277 | header_ptr += len; |
2278 | header_ptr[0] = '\r'; |
2279 | header_ptr[1] = '\n'; |
2280 | header_ptr += 2; |
2281 | } |
2282 | #endif |
2283 | |
2284 | #if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY |
2285 | /* Try and do our best to parse more lines */ |
2286 | if ((STRNCASECMP(iobuf, "Content-length:") == 0)) { |
2287 | /* extra read only for POST */ |
2288 | if (prequest != request_GET |
2289 | # if ENABLE_FEATURE_HTTPD_CGI |
2290 | && prequest != request_HEAD |
2291 | # endif |
2292 | ) { |
2293 | tptr = skip_whitespace(iobuf + sizeof("Content-length:") - 1); |
2294 | if (!tptr[0]) |
2295 | send_headers_and_exit(HTTP_BAD_REQUEST); |
2296 | /* not using strtoul: it ignores leading minus! */ |
2297 | length = bb_strtou(tptr, NULL, 10); |
2298 | /* length is "ulong", but we need to pass it to int later */ |
2299 | if (errno || length > INT_MAX) |
2300 | send_headers_and_exit(HTTP_BAD_REQUEST); |
2301 | } |
2302 | } |
2303 | #endif |
2304 | #if ENABLE_FEATURE_HTTPD_CGI |
2305 | else if (STRNCASECMP(iobuf, "Cookie:") == 0) { |
2306 | cookie = xstrdup(skip_whitespace(iobuf + sizeof("Cookie:")-1)); |
2307 | } else if (STRNCASECMP(iobuf, "Content-Type:") == 0) { |
2308 | content_type = xstrdup(skip_whitespace(iobuf + sizeof("Content-Type:")-1)); |
2309 | } else if (STRNCASECMP(iobuf, "Referer:") == 0) { |
2310 | referer = xstrdup(skip_whitespace(iobuf + sizeof("Referer:")-1)); |
2311 | } else if (STRNCASECMP(iobuf, "User-Agent:") == 0) { |
2312 | user_agent = xstrdup(skip_whitespace(iobuf + sizeof("User-Agent:")-1)); |
2313 | } else if (STRNCASECMP(iobuf, "Host:") == 0) { |
2314 | host = xstrdup(skip_whitespace(iobuf + sizeof("Host:")-1)); |
2315 | } else if (STRNCASECMP(iobuf, "Accept:") == 0) { |
2316 | http_accept = xstrdup(skip_whitespace(iobuf + sizeof("Accept:")-1)); |
2317 | } else if (STRNCASECMP(iobuf, "Accept-Language:") == 0) { |
2318 | http_accept_language = xstrdup(skip_whitespace(iobuf + sizeof("Accept-Language:")-1)); |
2319 | } |
2320 | #endif |
2321 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
2322 | if (STRNCASECMP(iobuf, "Authorization:") == 0) { |
2323 | /* We only allow Basic credentials. |
2324 | * It shows up as "Authorization: Basic <user>:<passwd>" where |
2325 | * "<user>:<passwd>" is base64 encoded. |
2326 | */ |
2327 | tptr = skip_whitespace(iobuf + sizeof("Authorization:")-1); |
2328 | if (STRNCASECMP(tptr, "Basic") != 0) |
2329 | continue; |
2330 | tptr += sizeof("Basic")-1; |
2331 | /* decodeBase64() skips whitespace itself */ |
2332 | decodeBase64(tptr); |
2333 | authorized = check_user_passwd(urlcopy, tptr); |
2334 | } |
2335 | #endif |
2336 | #if ENABLE_FEATURE_HTTPD_RANGES |
2337 | if (STRNCASECMP(iobuf, "Range:") == 0) { |
2338 | /* We know only bytes=NNN-[MMM] */ |
2339 | char *s = skip_whitespace(iobuf + sizeof("Range:")-1); |
2340 | if (is_prefixed_with(s, "bytes=") == 0) { |
2341 | s += sizeof("bytes=")-1; |
2342 | range_start = BB_STRTOOFF(s, &s, 10); |
2343 | if (s[0] != '-' || range_start < 0) { |
2344 | range_start = -1; |
2345 | } else if (s[1]) { |
2346 | range_end = BB_STRTOOFF(s+1, NULL, 10); |
2347 | if (errno || range_end < range_start) |
2348 | range_start = -1; |
2349 | } |
2350 | } |
2351 | } |
2352 | #endif |
2353 | #if ENABLE_FEATURE_HTTPD_GZIP |
2354 | if (STRNCASECMP(iobuf, "Accept-Encoding:") == 0) { |
2355 | /* Note: we do not support "gzip;q=0" |
2356 | * method of _disabling_ gzip |
2357 | * delivery. No one uses that, though */ |
2358 | const char *s = strstr(iobuf, "gzip"); |
2359 | if (s) { |
2360 | // want more thorough checks? |
2361 | //if (s[-1] == ' ' |
2362 | // || s[-1] == ',' |
2363 | // || s[-1] == ':' |
2364 | //) { |
2365 | content_gzip = 1; |
2366 | //} |
2367 | } |
2368 | } |
2369 | #endif |
2370 | } /* while extra header reading */ |
2371 | } |
2372 | |
2373 | /* We are done reading headers, disable peer timeout */ |
2374 | alarm(0); |
2375 | |
2376 | if (strcmp(bb_basename(urlcopy), HTTPD_CONF) == 0 || !ip_allowed) { |
2377 | /* protect listing [/path]/httpd.conf or IP deny */ |
2378 | send_headers_and_exit(HTTP_FORBIDDEN); |
2379 | } |
2380 | |
2381 | #if ENABLE_FEATURE_HTTPD_BASIC_AUTH |
2382 | /* Case: no "Authorization:" was seen, but page might require passwd. |
2383 | * Check that with dummy user:pass */ |
2384 | if (authorized < 0) |
2385 | authorized = check_user_passwd(urlcopy, (char *) ""); |
2386 | if (!authorized) |
2387 | send_headers_and_exit(HTTP_UNAUTHORIZED); |
2388 | #endif |
2389 | |
2390 | if (found_moved_temporarily) { |
2391 | send_headers_and_exit(HTTP_MOVED_TEMPORARILY); |
2392 | } |
2393 | |
2394 | #if ENABLE_FEATURE_HTTPD_PROXY |
2395 | if (proxy_entry != NULL) { |
2396 | int proxy_fd; |
2397 | len_and_sockaddr *lsa; |
2398 | |
2399 | proxy_fd = socket(AF_INET, SOCK_STREAM, 0); |
2400 | if (proxy_fd < 0) |
2401 | send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR); |
2402 | lsa = host2sockaddr(proxy_entry->host_port, 80); |
2403 | if (lsa == NULL) |
2404 | send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR); |
2405 | if (connect(proxy_fd, &lsa->u.sa, lsa->len) < 0) |
2406 | send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR); |
2407 | fdprintf(proxy_fd, "%s %s%s%s%s HTTP/%c.%c\r\n", |
2408 | prequest, /* GET or POST */ |
2409 | proxy_entry->url_to, /* url part 1 */ |
2410 | urlcopy + strlen(proxy_entry->url_from), /* url part 2 */ |
2411 | (g_query ? "?" : ""), /* "?" (maybe) */ |
2412 | (g_query ? g_query : ""), /* query string (maybe) */ |
2413 | http_major_version, http_minor_version); |
2414 | header_ptr[0] = '\r'; |
2415 | header_ptr[1] = '\n'; |
2416 | header_ptr += 2; |
2417 | write(proxy_fd, header_buf, header_ptr - header_buf); |
2418 | free(header_buf); /* on the order of 8k, free it */ |
2419 | cgi_io_loop_and_exit(proxy_fd, proxy_fd, length); |
2420 | } |
2421 | #endif |
2422 | |
2423 | tptr = urlcopy + 1; /* skip first '/' */ |
2424 | |
2425 | #if ENABLE_FEATURE_HTTPD_CGI |
2426 | if (is_prefixed_with(tptr, "cgi-bin/")) { |
2427 | if (tptr[8] == '\0') { |
2428 | /* protect listing "cgi-bin/" */ |
2429 | send_headers_and_exit(HTTP_FORBIDDEN); |
2430 | } |
2431 | send_cgi_and_exit(urlcopy, urlcopy, prequest, length, cookie, content_type); |
2432 | } |
2433 | #endif |
2434 | |
2435 | if (urlp[-1] == '/') { |
2436 | /* When index_page string is appended to <dir>/ URL, it overwrites |
2437 | * the query string. If we fall back to call /cgi-bin/index.cgi, |
2438 | * query string would be lost and not available to the CGI. |
2439 | * Work around it by making a deep copy. |
2440 | */ |
2441 | if (ENABLE_FEATURE_HTTPD_CGI) |
2442 | g_query = xstrdup(g_query); /* ok for NULL too */ |
2443 | strcpy(urlp, index_page); |
2444 | } |
2445 | if (stat(tptr, &sb) == 0) { |
2446 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
2447 | char *suffix = strrchr(tptr, '.'); |
2448 | if (suffix) { |
2449 | Htaccess *cur; |
2450 | for (cur = script_i; cur; cur = cur->next) { |
2451 | if (strcmp(cur->before_colon + 1, suffix) == 0) { |
2452 | send_cgi_and_exit(urlcopy, urlcopy, prequest, length, cookie, content_type); |
2453 | } |
2454 | } |
2455 | } |
2456 | #endif |
2457 | file_size = sb.st_size; |
2458 | last_mod = sb.st_mtime; |
2459 | } |
2460 | #if ENABLE_FEATURE_HTTPD_CGI |
2461 | else if (urlp[-1] == '/') { |
2462 | /* It's a dir URL and there is no index.html |
2463 | * Try cgi-bin/index.cgi */ |
2464 | if (access("/cgi-bin/index.cgi"+1, X_OK) == 0) { |
2465 | urlp[0] = '\0'; /* remove index_page */ |
2466 | send_cgi_and_exit("/cgi-bin/index.cgi", urlcopy, prequest, length, cookie, content_type); |
2467 | } |
2468 | } |
2469 | /* else fall through to send_file, it errors out if open fails: */ |
2470 | |
2471 | if (prequest != request_GET && prequest != request_HEAD) { |
2472 | /* POST for files does not make sense */ |
2473 | send_headers_and_exit(HTTP_NOT_IMPLEMENTED); |
2474 | } |
2475 | send_file_and_exit(tptr, |
2476 | (prequest != request_HEAD ? SEND_HEADERS_AND_BODY : SEND_HEADERS) |
2477 | ); |
2478 | #else |
2479 | send_file_and_exit(tptr, SEND_HEADERS_AND_BODY); |
2480 | #endif |
2481 | } |
2482 | |
2483 | /* |
2484 | * The main http server function. |
2485 | * Given a socket, listen for new connections and farm out |
2486 | * the processing as a [v]forked process. |
2487 | * Never returns. |
2488 | */ |
2489 | #if BB_MMU |
2490 | static void mini_httpd(int server_socket) NORETURN; |
2491 | static void mini_httpd(int server_socket) |
2492 | { |
2493 | /* NB: it's best to not use xfuncs in this loop before fork(). |
2494 | * Otherwise server may die on transient errors (temporary |
2495 | * out-of-memory condition, etc), which is Bad(tm). |
2496 | * Try to do any dangerous calls after fork. |
2497 | */ |
2498 | while (1) { |
2499 | int n; |
2500 | len_and_sockaddr fromAddr; |
2501 | |
2502 | /* Wait for connections... */ |
2503 | fromAddr.len = LSA_SIZEOF_SA; |
2504 | n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len); |
2505 | if (n < 0) |
2506 | continue; |
2507 | |
2508 | /* set the KEEPALIVE option to cull dead connections */ |
2509 | setsockopt_keepalive(n); |
2510 | |
2511 | if (fork() == 0) { |
2512 | /* child */ |
2513 | /* Do not reload config on HUP */ |
2514 | signal(SIGHUP, SIG_IGN); |
2515 | close(server_socket); |
2516 | xmove_fd(n, 0); |
2517 | xdup2(0, 1); |
2518 | |
2519 | handle_incoming_and_exit(&fromAddr); |
2520 | } |
2521 | /* parent, or fork failed */ |
2522 | close(n); |
2523 | } /* while (1) */ |
2524 | /* never reached */ |
2525 | } |
2526 | #else |
2527 | static void mini_httpd_nommu(int server_socket, int argc, char **argv) NORETURN; |
2528 | static void mini_httpd_nommu(int server_socket, int argc, char **argv) |
2529 | { |
2530 | char *argv_copy[argc + 2]; |
2531 | |
2532 | argv_copy[0] = argv[0]; |
2533 | argv_copy[1] = (char*)"-i"; |
2534 | memcpy(&argv_copy[2], &argv[1], argc * sizeof(argv[0])); |
2535 | |
2536 | /* NB: it's best to not use xfuncs in this loop before vfork(). |
2537 | * Otherwise server may die on transient errors (temporary |
2538 | * out-of-memory condition, etc), which is Bad(tm). |
2539 | * Try to do any dangerous calls after fork. |
2540 | */ |
2541 | while (1) { |
2542 | int n; |
2543 | len_and_sockaddr fromAddr; |
2544 | |
2545 | /* Wait for connections... */ |
2546 | fromAddr.len = LSA_SIZEOF_SA; |
2547 | n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len); |
2548 | if (n < 0) |
2549 | continue; |
2550 | |
2551 | /* set the KEEPALIVE option to cull dead connections */ |
2552 | setsockopt_keepalive(n); |
2553 | |
2554 | if (vfork() == 0) { |
2555 | /* child */ |
2556 | /* Do not reload config on HUP */ |
2557 | signal(SIGHUP, SIG_IGN); |
2558 | close(server_socket); |
2559 | xmove_fd(n, 0); |
2560 | xdup2(0, 1); |
2561 | |
2562 | /* Run a copy of ourself in inetd mode */ |
2563 | re_exec(argv_copy); |
2564 | } |
2565 | argv_copy[0][0] &= 0x7f; |
2566 | /* parent, or vfork failed */ |
2567 | close(n); |
2568 | } /* while (1) */ |
2569 | /* never reached */ |
2570 | } |
2571 | #endif |
2572 | |
2573 | /* |
2574 | * Process a HTTP connection on stdin/out. |
2575 | * Never returns. |
2576 | */ |
2577 | static void mini_httpd_inetd(void) NORETURN; |
2578 | static void mini_httpd_inetd(void) |
2579 | { |
2580 | len_and_sockaddr fromAddr; |
2581 | |
2582 | memset(&fromAddr, 0, sizeof(fromAddr)); |
2583 | fromAddr.len = LSA_SIZEOF_SA; |
2584 | /* NB: can fail if user runs it by hand and types in http cmds */ |
2585 | getpeername(0, &fromAddr.u.sa, &fromAddr.len); |
2586 | handle_incoming_and_exit(&fromAddr); |
2587 | } |
2588 | |
2589 | static void sighup_handler(int sig UNUSED_PARAM) |
2590 | { |
2591 | parse_conf(DEFAULT_PATH_HTTPD_CONF, SIGNALED_PARSE); |
2592 | } |
2593 | |
2594 | enum { |
2595 | c_opt_config_file = 0, |
2596 | d_opt_decode_url, |
2597 | h_opt_home_httpd, |
2598 | IF_FEATURE_HTTPD_ENCODE_URL_STR(e_opt_encode_url,) |
2599 | IF_FEATURE_HTTPD_BASIC_AUTH( r_opt_realm ,) |
2600 | IF_FEATURE_HTTPD_AUTH_MD5( m_opt_md5 ,) |
2601 | IF_FEATURE_HTTPD_SETUID( u_opt_setuid ,) |
2602 | p_opt_port , |
2603 | p_opt_inetd , |
2604 | p_opt_foreground, |
2605 | p_opt_verbose , |
2606 | OPT_CONFIG_FILE = 1 << c_opt_config_file, |
2607 | OPT_DECODE_URL = 1 << d_opt_decode_url, |
2608 | OPT_HOME_HTTPD = 1 << h_opt_home_httpd, |
2609 | OPT_ENCODE_URL = IF_FEATURE_HTTPD_ENCODE_URL_STR((1 << e_opt_encode_url)) + 0, |
2610 | OPT_REALM = IF_FEATURE_HTTPD_BASIC_AUTH( (1 << r_opt_realm )) + 0, |
2611 | OPT_MD5 = IF_FEATURE_HTTPD_AUTH_MD5( (1 << m_opt_md5 )) + 0, |
2612 | OPT_SETUID = IF_FEATURE_HTTPD_SETUID( (1 << u_opt_setuid )) + 0, |
2613 | OPT_PORT = 1 << p_opt_port, |
2614 | OPT_INETD = 1 << p_opt_inetd, |
2615 | OPT_FOREGROUND = 1 << p_opt_foreground, |
2616 | OPT_VERBOSE = 1 << p_opt_verbose, |
2617 | }; |
2618 | |
2619 | |
2620 | int httpd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
2621 | int httpd_main(int argc UNUSED_PARAM, char **argv) |
2622 | { |
2623 | int server_socket = server_socket; /* for gcc */ |
2624 | unsigned opt; |
2625 | char *url_for_decode; |
2626 | IF_FEATURE_HTTPD_ENCODE_URL_STR(const char *url_for_encode;) |
2627 | IF_FEATURE_HTTPD_SETUID(const char *s_ugid = NULL;) |
2628 | IF_FEATURE_HTTPD_SETUID(struct bb_uidgid_t ugid;) |
2629 | IF_FEATURE_HTTPD_AUTH_MD5(const char *pass;) |
2630 | |
2631 | INIT_G(); |
2632 | |
2633 | #if ENABLE_LOCALE_SUPPORT |
2634 | /* Undo busybox.c: we want to speak English in http (dates etc) */ |
2635 | setlocale(LC_TIME, "C"); |
2636 | #endif |
2637 | |
2638 | home_httpd = xrealloc_getcwd_or_warn(NULL); |
2639 | /* -v counts, -i implies -f */ |
2640 | opt_complementary = "vv:if"; |
2641 | /* We do not "absolutize" path given by -h (home) opt. |
2642 | * If user gives relative path in -h, |
2643 | * $SCRIPT_FILENAME will not be set. */ |
2644 | opt = getopt32(argv, "c:d:h:" |
2645 | IF_FEATURE_HTTPD_ENCODE_URL_STR("e:") |
2646 | IF_FEATURE_HTTPD_BASIC_AUTH("r:") |
2647 | IF_FEATURE_HTTPD_AUTH_MD5("m:") |
2648 | IF_FEATURE_HTTPD_SETUID("u:") |
2649 | "p:ifv", |
2650 | &opt_c_configFile, &url_for_decode, &home_httpd |
2651 | IF_FEATURE_HTTPD_ENCODE_URL_STR(, &url_for_encode) |
2652 | IF_FEATURE_HTTPD_BASIC_AUTH(, &g_realm) |
2653 | IF_FEATURE_HTTPD_AUTH_MD5(, &pass) |
2654 | IF_FEATURE_HTTPD_SETUID(, &s_ugid) |
2655 | , &bind_addr_or_port |
2656 | , &verbose |
2657 | ); |
2658 | if (opt & OPT_DECODE_URL) { |
2659 | fputs(percent_decode_in_place(url_for_decode, /*strict:*/ 0), stdout); |
2660 | return 0; |
2661 | } |
2662 | #if ENABLE_FEATURE_HTTPD_ENCODE_URL_STR |
2663 | if (opt & OPT_ENCODE_URL) { |
2664 | fputs(encodeString(url_for_encode), stdout); |
2665 | return 0; |
2666 | } |
2667 | #endif |
2668 | #if ENABLE_FEATURE_HTTPD_AUTH_MD5 |
2669 | if (opt & OPT_MD5) { |
2670 | char salt[sizeof("$1$XXXXXXXX")]; |
2671 | salt[0] = '$'; |
2672 | salt[1] = '1'; |
2673 | salt[2] = '$'; |
2674 | crypt_make_salt(salt + 3, 4); |
2675 | puts(pw_encrypt(pass, salt, /*cleanup:*/ 0)); |
2676 | return 0; |
2677 | } |
2678 | #endif |
2679 | #if ENABLE_FEATURE_HTTPD_SETUID |
2680 | if (opt & OPT_SETUID) { |
2681 | xget_uidgid(&ugid, s_ugid); |
2682 | } |
2683 | #endif |
2684 | |
2685 | #if !BB_MMU |
2686 | if (!(opt & OPT_FOREGROUND)) { |
2687 | bb_daemonize_or_rexec(0, argv); /* don't change current directory */ |
2688 | } |
2689 | #endif |
2690 | |
2691 | xchdir(home_httpd); |
2692 | if (!(opt & OPT_INETD)) { |
2693 | signal(SIGCHLD, SIG_IGN); |
2694 | server_socket = openServer(); |
2695 | #if ENABLE_FEATURE_HTTPD_SETUID |
2696 | /* drop privileges */ |
2697 | if (opt & OPT_SETUID) { |
2698 | if (ugid.gid != (gid_t)-1) { |
2699 | if (setgroups(1, &ugid.gid) == -1) |
2700 | bb_perror_msg_and_die("setgroups"); |
2701 | xsetgid(ugid.gid); |
2702 | } |
2703 | xsetuid(ugid.uid); |
2704 | } |
2705 | #endif |
2706 | } |
2707 | |
2708 | #if 0 |
2709 | /* User can do it himself: 'env - PATH="$PATH" httpd' |
2710 | * We don't do it because we don't want to screw users |
2711 | * which want to do |
2712 | * 'env - VAR1=val1 VAR2=val2 httpd' |
2713 | * and have VAR1 and VAR2 values visible in their CGIs. |
2714 | * Besides, it is also smaller. */ |
2715 | { |
2716 | char *p = getenv("PATH"); |
2717 | /* env strings themself are not freed, no need to xstrdup(p): */ |
2718 | clearenv(); |
2719 | if (p) |
2720 | putenv(p - 5); |
2721 | // if (!(opt & OPT_INETD)) |
2722 | // setenv_long("SERVER_PORT", ???); |
2723 | } |
2724 | #endif |
2725 | |
2726 | parse_conf(DEFAULT_PATH_HTTPD_CONF, FIRST_PARSE); |
2727 | if (!(opt & OPT_INETD)) |
2728 | signal(SIGHUP, sighup_handler); |
2729 | |
2730 | xfunc_error_retval = 0; |
2731 | if (opt & OPT_INETD) |
2732 | mini_httpd_inetd(); |
2733 | #if BB_MMU |
2734 | if (!(opt & OPT_FOREGROUND)) |
2735 | bb_daemonize(0); /* don't change current directory */ |
2736 | mini_httpd(server_socket); /* never returns */ |
2737 | #else |
2738 | mini_httpd_nommu(server_socket, argc, argv); /* never returns */ |
2739 | #endif |
2740 | /* return 0; */ |
2741 | } |
2742 |