Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / busybox / d5bfe26c457a97a8b525b6c27f5498525a5829bf / . / networking / httpd.c
blob: 1757e09c958dcbc59abb77b60166bae6e0214df5 [file] [log] [blame]
Bernhard Reutner-Fischer2c998512006-04-12 18:09:26 +0000[diff] [blame]1/* vi: set sw=4 ts=4: */
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2/*
3 * httpd implementation for busybox
4 *
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]5 * Copyright (C) 2002,2003 Glenn Engel <glenne@engel.org>
"Vladimir N. Oleynik"79af7d52006-01-26 10:58:12 +0000[diff] [blame]6 * Copyright (C) 2003-2006 Vladimir Oleynik <dzo@simtreas.ru>
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]7 *
Denys Vlasenko0ef64bd2010-08-16 20:14:46 +0200[diff] [blame]8 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]9 *
10 *****************************************************************************
11 *
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]12 * Typical usage:
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]13 * For non root user:
14 * httpd -p 8080 -h $HOME/public_html
15 * For daemon start from rc script with uid=0:
16 * httpd -u www
17 * which is equivalent to (assuming user www has uid 80):
18 * httpd -p 80 -u 80 -h $PWD -c /etc/httpd.conf -r "Web Server Authentication"
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]19 *
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]20 * When an url starts with "/cgi-bin/" it is assumed to be a cgi script.
21 * The server changes directory to the location of the script and executes it
Glenn L McGrath1dc0cca2003-10-03 10:50:56 +0000[diff] [blame]22 * after setting QUERY_STRING and other environment variables.
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]23 *
Denys Vlasenkod277f552011-04-10 03:08:22 +0200[diff] [blame]24 * If directory URL is given, no index.html is found and CGI support is enabled,
25 * cgi-bin/index.cgi will be run. Directory to list is ../$QUERY_STRING.
26 * See httpd_indexcgi.c for an example GCI code.
27 *
Denis Vlasenko8b458372006-11-21 21:23:21 +0000[diff] [blame]28 * Doc:
29 * "CGI Environment Variables": http://hoohoo.ncsa.uiuc.edu/cgi/env.html
30 *
Denys Vlasenko33d8d082009-09-10 01:46:02 +0200[diff] [blame]31 * The applet can also be invoked as an url arg decoder and html text encoder
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]32 * as follows:
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]33 * foo=`httpd -d $foo` # decode "Hello%20World" as "Hello World"
34 * bar=`httpd -e "<Hello World>"` # encode as "&#60Hello&#32World&#62"
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]35 * Note that url encoding for arguments is not the same as html encoding for
Bernhard Reutner-Fischer62851172009-05-03 18:53:22 +0200[diff] [blame]36 * presentation. -d decodes an url-encoded argument while -e encodes in html
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]37 * for page display.
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]38 *
39 * httpd.conf has the following format:
Eric Andersenc7bda1c2004-03-15 08:29:22 +0000[diff] [blame]40 *
Denis Vlasenko395410b2008-07-20 23:25:32 +0000[diff] [blame]41 * H:/serverroot # define the server root. It will override -h
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]42 * A:172.20. # Allow address from 172.20.0.0/16
43 * A:10.0.0.0/25 # Allow any address from 10.0.0.0-10.0.0.127
44 * A:10.0.0.0/255.255.255.128 # Allow any address that previous set
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]45 * A:127.0.0.1 # Allow local loopback connections
46 * D:* # Deny from other IP connections
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]47 * E404:/path/e404.html # /path/e404.html is the 404 (not found) error page
Denis Vlasenkofcd878e2007-12-29 02:16:23 +0000[diff] [blame]48 * I:index.html # Show index.html when a directory is requested
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]49 *
50 * P:/url:[http://]hostname[:port]/new/path
51 * # When /urlXXXXXX is requested, reverse proxy
52 * # it to http://hostname[:port]/new/pathXXXXXX
53 *
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]54 * /cgi-bin:foo:bar # Require user foo, pwd bar on urls starting with /cgi-bin/
55 * /adm:admin:setup # Require user admin, pwd setup on urls starting with /adm/
56 * /adm:toor:PaSsWd # or user toor, pwd PaSsWd on urls starting with /adm/
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]57 * /adm:root:* # or user root, pwd from /etc/passwd on urls starting with /adm/
58 * /wiki:*:* # or any user from /etc/passwd with according pwd on urls starting with /wiki/
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]59 * .au:audio/basic # additional mime type for audio.au files
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]60 * *.php:/path/php # run xxx.php through an interpreter
Eric Andersenc7bda1c2004-03-15 08:29:22 +0000[diff] [blame]61 *
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]62 * A/D may be as a/d or allow/deny - only first char matters.
63 * Deny/Allow IP logic:
64 * - Default is to allow all (Allow all (A:*) is a no-op).
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]65 * - Deny rules take precedence over allow rules.
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]66 * - "Deny all" rule (D:*) is applied last.
Eric Andersenc7bda1c2004-03-15 08:29:22 +0000[diff] [blame]67 *
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]68 * Example:
69 * 1. Allow only specified addresses
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]70 * A:172.20 # Allow any address that begins with 172.20.
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]71 * A:10.10. # Allow any address that begins with 10.10.
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]72 * A:127.0.0.1 # Allow local loopback connections
73 * D:* # Deny from other IP connections
Eric Andersenc7bda1c2004-03-15 08:29:22 +0000[diff] [blame]74 *
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]75 * 2. Only deny specified addresses
76 * D:1.2.3. # deny from 1.2.3.0 - 1.2.3.255
77 * D:2.3.4. # deny from 2.3.4.0 - 2.3.4.255
78 * A:* # (optional line added for clarity)
Eric Andersenc7bda1c2004-03-15 08:29:22 +0000[diff] [blame]79 *
Denys Vlasenkod277f552011-04-10 03:08:22 +0200[diff] [blame]80 * If a sub directory contains config file, it is parsed and merged with
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]81 * any existing settings as if it was appended to the original configuration.
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]82 *
83 * subdir paths are relative to the containing subdir and thus cannot
84 * affect the parent rules.
85 *
86 * Note that since the sub dir is parsed in the forked thread servicing the
87 * subdir http request, any merge is discarded when the process exits. As a
88 * result, the subdir settings only have a lifetime of a single request.
89 *
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]90 * Custom error pages can contain an absolute path or be relative to
91 * 'home_httpd'. Error pages are to be static files (no CGI or script). Error
92 * page can only be defined in the root configuration file and are not taken
93 * into account in local (directories) config files.
Eric Andersenc7bda1c2004-03-15 08:29:22 +0000[diff] [blame]94 *
95 * If -c is not set, an attempt will be made to open the default
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]96 * root configuration file. If -c is set and the file is not found, the
97 * server exits with an error.
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]98 */
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]99//config:config HTTPD
Denys Vlasenko4eed2c62017-07-18 22:01:24 +0200[diff] [blame]100//config: bool "httpd (32 kb)"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]101//config: default y
102//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]103//config: HTTP server.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]104//config:
105//config:config FEATURE_HTTPD_RANGES
106//config: bool "Support 'Ranges:' header"
107//config: default y
108//config: depends on HTTPD
109//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]110//config: Makes httpd emit "Accept-Ranges: bytes" header and understand
111//config: "Range: bytes=NNN-[MMM]" header. Allows for resuming interrupted
112//config: downloads, seeking in multimedia players etc.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]113//config:
114//config:config FEATURE_HTTPD_SETUID
115//config: bool "Enable -u <user> option"
116//config: default y
117//config: depends on HTTPD
118//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]119//config: This option allows the server to run as a specific user
120//config: rather than defaulting to the user that starts the server.
121//config: Use of this option requires special privileges to change to a
122//config: different user.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]123//config:
124//config:config FEATURE_HTTPD_BASIC_AUTH
Denys Vlasenko1d8df522017-07-27 13:34:51 +0200[diff] [blame]125//config: bool "Enable HTTP authentication"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]126//config: default y
127//config: depends on HTTPD
128//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]129//config: Utilizes password settings from /etc/httpd.conf for basic
130//config: authentication on a per url basis.
131//config: Example for httpd.conf file:
132//config: /adm:toor:PaSsWd
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]133//config:
134//config:config FEATURE_HTTPD_AUTH_MD5
Denys Vlasenko1d8df522017-07-27 13:34:51 +0200[diff] [blame]135//config: bool "Support MD5-encrypted passwords in HTTP authentication"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]136//config: default y
137//config: depends on FEATURE_HTTPD_BASIC_AUTH
138//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]139//config: Enables encrypted passwords, and wildcard user/passwords
140//config: in httpd.conf file.
141//config: User '*' means 'any system user name is ok',
142//config: password of '*' means 'use system password for this user'
143//config: Examples:
144//config: /adm:toor:$1$P/eKnWXS$aI1aPGxT.dJD5SzqAKWrF0
145//config: /adm:root:*
146//config: /wiki:*:*
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]147//config:
148//config:config FEATURE_HTTPD_CGI
149//config: bool "Support Common Gateway Interface (CGI)"
150//config: default y
151//config: depends on HTTPD
152//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]153//config: This option allows scripts and executables to be invoked
154//config: when specific URLs are requested.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]155//config:
156//config:config FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
Denys Vlasenkof5604222017-01-10 14:58:54 +0100[diff] [blame]157//config: bool "Support running scripts through an interpreter"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]158//config: default y
159//config: depends on FEATURE_HTTPD_CGI
160//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]161//config: This option enables support for running scripts through an
162//config: interpreter. Turn this on if you want PHP scripts to work
163//config: properly. You need to supply an additional line in your
164//config: httpd.conf file:
165//config: *.php:/path/to/your/php
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]166//config:
167//config:config FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV
168//config: bool "Set REMOTE_PORT environment variable for CGI"
169//config: default y
170//config: depends on FEATURE_HTTPD_CGI
171//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]172//config: Use of this option can assist scripts in generating
173//config: references that contain a unique port number.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]174//config:
175//config:config FEATURE_HTTPD_ENCODE_URL_STR
176//config: bool "Enable -e option (useful for CGIs written as shell scripts)"
177//config: default y
178//config: depends on HTTPD
179//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]180//config: This option allows html encoding of arbitrary strings for display
181//config: by the browser. Output goes to stdout.
182//config: For example, httpd -e "<Hello World>" produces
183//config: "&#60Hello&#32World&#62".
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]184//config:
185//config:config FEATURE_HTTPD_ERROR_PAGES
Denys Vlasenkof5604222017-01-10 14:58:54 +0100[diff] [blame]186//config: bool "Support custom error pages"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]187//config: default y
188//config: depends on HTTPD
189//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]190//config: This option allows you to define custom error pages in
191//config: the configuration file instead of the default HTTP status
192//config: error pages. For instance, if you add the line:
193//config: E404:/path/e404.html
194//config: in the config file, the server will respond the specified
195//config: '/path/e404.html' file instead of the terse '404 NOT FOUND'
196//config: message.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]197//config:
198//config:config FEATURE_HTTPD_PROXY
Denys Vlasenkof5604222017-01-10 14:58:54 +0100[diff] [blame]199//config: bool "Support reverse proxy"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]200//config: default y
201//config: depends on HTTPD
202//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]203//config: This option allows you to define URLs that will be forwarded
204//config: to another HTTP server. To setup add the following line to the
205//config: configuration file
206//config: P:/url/:http://hostname[:port]/new/path/
207//config: Then a request to /url/myfile will be forwarded to
208//config: http://hostname[:port]/new/path/myfile.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]209//config:
210//config:config FEATURE_HTTPD_GZIP
Denys Vlasenkof5604222017-01-10 14:58:54 +0100[diff] [blame]211//config: bool "Support GZIP content encoding"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]212//config: default y
213//config: depends on HTTPD
214//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]215//config: Makes httpd send files using GZIP content encoding if the
216//config: client supports it and a pre-compressed <file>.gz exists.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100[diff] [blame]217
218//applet:IF_HTTPD(APPLET(httpd, BB_DIR_USR_SBIN, BB_SUID_DROP))
219
220//kbuild:lib-$(CONFIG_HTTPD) += httpd.o
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]221
Pere Orga5bc8c002011-04-11 03:29:49 +0200[diff] [blame]222//usage:#define httpd_trivial_usage
223//usage: "[-ifv[v]]"
224//usage: " [-c CONFFILE]"
225//usage: " [-p [IP:]PORT]"
226//usage: IF_FEATURE_HTTPD_SETUID(" [-u USER[:GRP]]")
227//usage: IF_FEATURE_HTTPD_BASIC_AUTH(" [-r REALM]")
228//usage: " [-h HOME]\n"
229//usage: "or httpd -d/-e" IF_FEATURE_HTTPD_AUTH_MD5("/-m") " STRING"
230//usage:#define httpd_full_usage "\n\n"
231//usage: "Listen for incoming HTTP requests\n"
Pere Orga5bc8c002011-04-11 03:29:49 +0200[diff] [blame]232//usage: "\n -i Inetd mode"
233//usage: "\n -f Don't daemonize"
234//usage: "\n -v[v] Verbose"
235//usage: "\n -p [IP:]PORT Bind to IP:PORT (default *:80)"
236//usage: IF_FEATURE_HTTPD_SETUID(
237//usage: "\n -u USER[:GRP] Set uid/gid after binding to port")
238//usage: IF_FEATURE_HTTPD_BASIC_AUTH(
239//usage: "\n -r REALM Authentication Realm for Basic Authentication")
240//usage: "\n -h HOME Home directory (default .)"
241//usage: "\n -c FILE Configuration file (default {/etc,HOME}/httpd.conf)"
242//usage: IF_FEATURE_HTTPD_AUTH_MD5(
243//usage: "\n -m STRING MD5 crypt STRING")
244//usage: "\n -e STRING HTML encode STRING"
245//usage: "\n -d STRING URL decode STRING"
246
Denys Vlasenko51792e12019-04-14 19:57:13 +0200[diff] [blame]247/* TODO: use TCP_CORK, parse_config() */
248
Denis Vlasenkob6adbf12007-05-26 19:00:18 +0000[diff] [blame]249#include "libbb.h"
Denys Vlasenkoe6a2f4c2016-04-21 16:26:30 +0200[diff] [blame]250#include "common_bufsiz.h"
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]251#if ENABLE_PAM
252/* PAM may include <locale.h>. We may need to undefine bbox's stub define: */
253# undef setlocale
254/* For some obscure reason, PAM is not in pam/xxx, but in security/xxx.
255 * Apparently they like to confuse people. */
256# include <security/pam_appl.h>
257# include <security/pam_misc.h>
258#endif
Bartosz Golaszewski8d75d792014-11-27 13:20:24 +0100[diff] [blame]259#if ENABLE_FEATURE_USE_SENDFILE
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]260# include <sys/sendfile.h>
Denis Vlasenko1b9064d2007-08-12 21:05:49 +0000[diff] [blame]261#endif
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]262
263#define DEBUG 0
264
265#define IOBUF_SIZE 8192
Denys Vlasenko1c356942019-04-19 14:19:41 +0200[diff] [blame]266#define MAX_HTTP_HEADERS_SIZE (32*1024)
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]267
268#define HEADER_READ_TIMEOUT 60
269
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]270static const char DEFAULT_PATH_HTTPD_CONF[] ALIGN1 = "/etc";
271static const char HTTPD_CONF[] ALIGN1 = "httpd.conf";
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]272static const char HTTP_200[] ALIGN1 = "HTTP/1.0 200 OK\r\n";
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]273static const char index_html[] ALIGN1 = "index.html";
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]274
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]275typedef struct has_next_ptr {
276 struct has_next_ptr *next;
277} has_next_ptr;
Eric Andersen07f2fea2004-10-08 08:03:29 +0000[diff] [blame]278
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]279/* Must have "next" as a first member */
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]280typedef struct Htaccess {
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]281 struct Htaccess *next;
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]282 char *after_colon;
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]283 char before_colon[1]; /* really bigger, must be last */
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]284} Htaccess;
285
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]286/* Must have "next" as a first member */
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]287typedef struct Htaccess_IP {
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]288 struct Htaccess_IP *next;
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]289 unsigned ip;
290 unsigned mask;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]291 int allow_deny;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]292} Htaccess_IP;
293
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]294/* Must have "next" as a first member */
295typedef struct Htaccess_Proxy {
296 struct Htaccess_Proxy *next;
297 char *url_from;
298 char *host_port;
299 char *url_to;
300} Htaccess_Proxy;
301
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]302typedef enum CGI_type {
303 CGI_NONE = 0,
304 CGI_NORMAL,
305 CGI_INDEX,
306 CGI_INTERPRETER,
307} CGI_type;
308
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]309enum {
310 HTTP_OK = 200,
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]311 HTTP_PARTIAL_CONTENT = 206,
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]312 HTTP_MOVED_TEMPORARILY = 302,
313 HTTP_BAD_REQUEST = 400, /* malformed syntax */
314 HTTP_UNAUTHORIZED = 401, /* authentication needed, respond with auth hdr */
315 HTTP_NOT_FOUND = 404,
316 HTTP_FORBIDDEN = 403,
317 HTTP_REQUEST_TIMEOUT = 408,
318 HTTP_NOT_IMPLEMENTED = 501, /* used for unrecognized requests */
319 HTTP_INTERNAL_SERVER_ERROR = 500,
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]320 HTTP_ENTITY_TOO_LARGE = 413,
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]321 HTTP_CONTINUE = 100,
322#if 0 /* future use */
323 HTTP_SWITCHING_PROTOCOLS = 101,
324 HTTP_CREATED = 201,
325 HTTP_ACCEPTED = 202,
326 HTTP_NON_AUTHORITATIVE_INFO = 203,
327 HTTP_NO_CONTENT = 204,
328 HTTP_MULTIPLE_CHOICES = 300,
329 HTTP_MOVED_PERMANENTLY = 301,
330 HTTP_NOT_MODIFIED = 304,
331 HTTP_PAYMENT_REQUIRED = 402,
332 HTTP_BAD_GATEWAY = 502,
333 HTTP_SERVICE_UNAVAILABLE = 503, /* overload, maintenance */
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]334#endif
335};
336
Denis Vlasenko72b6a652007-08-21 11:18:25 +0000[diff] [blame]337static const uint16_t http_response_type[] ALIGN2 = {
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]338 HTTP_OK,
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]339#if ENABLE_FEATURE_HTTPD_RANGES
340 HTTP_PARTIAL_CONTENT,
341#endif
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]342 HTTP_MOVED_TEMPORARILY,
343 HTTP_REQUEST_TIMEOUT,
344 HTTP_NOT_IMPLEMENTED,
Denis Vlasenko3f5fdc72007-10-14 04:55:59 +0000[diff] [blame]345#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]346 HTTP_UNAUTHORIZED,
347#endif
348 HTTP_NOT_FOUND,
349 HTTP_BAD_REQUEST,
350 HTTP_FORBIDDEN,
351 HTTP_INTERNAL_SERVER_ERROR,
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]352 HTTP_ENTITY_TOO_LARGE,
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]353#if 0 /* not implemented */
354 HTTP_CREATED,
355 HTTP_ACCEPTED,
356 HTTP_NO_CONTENT,
357 HTTP_MULTIPLE_CHOICES,
358 HTTP_MOVED_PERMANENTLY,
359 HTTP_NOT_MODIFIED,
360 HTTP_BAD_GATEWAY,
361 HTTP_SERVICE_UNAVAILABLE,
362#endif
363};
364
365static const struct {
366 const char *name;
367 const char *info;
368} http_response[ARRAY_SIZE(http_response_type)] = {
369 { "OK", NULL },
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]370#if ENABLE_FEATURE_HTTPD_RANGES
371 { "Partial Content", NULL },
372#endif
373 { "Found", NULL },
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]374 { "Request Timeout", "No request appeared within 60 seconds" },
375 { "Not Implemented", "The requested method is not recognized" },
376#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
377 { "Unauthorized", "" },
378#endif
379 { "Not Found", "The requested URL was not found" },
380 { "Bad Request", "Unsupported method" },
381 { "Forbidden", "" },
382 { "Internal Server Error", "Internal Server Error" },
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]383 { "Entity Too Large", "Entity Too Large" },
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]384#if 0 /* not implemented */
385 { "Created" },
386 { "Accepted" },
387 { "No Content" },
388 { "Multiple Choices" },
389 { "Moved Permanently" },
390 { "Not Modified" },
391 { "Bad Gateway", "" },
392 { "Service Unavailable", "" },
393#endif
394};
395
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]396struct globals {
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]397 int verbose; /* must be int (used by getopt32) */
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]398 smallint flg_deny_all;
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]399#if ENABLE_FEATURE_HTTPD_GZIP
400 /* client can handle gzip / we are going to send gzip */
401 smallint content_gzip;
402#endif
Denis Vlasenko37c33162007-08-19 18:54:22 +0000[diff] [blame]403 time_t last_mod;
Denis Vlasenko37c33162007-08-19 18:54:22 +0000[diff] [blame]404 char *rmt_ip_str; /* for $REMOTE_ADDR and $REMOTE_PORT */
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]405 const char *bind_addr_or_port;
406
Denys Vlasenko2efa7262019-04-16 13:35:56 +0200[diff] [blame]407 char *g_query;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]408 const char *opt_c_configFile;
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]409 const char *home_httpd;
Denis Vlasenkofcd878e2007-12-29 02:16:23 +0000[diff] [blame]410 const char *index_page;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]411
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]412 const char *found_mime_type;
413 const char *found_moved_temporarily;
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]414 Htaccess_IP *ip_a_d; /* config allow/deny lines */
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]415
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]416 IF_FEATURE_HTTPD_BASIC_AUTH(const char *g_realm;)
417 IF_FEATURE_HTTPD_BASIC_AUTH(char *remoteuser;)
Glenn L McGrath1dc0cca2003-10-03 10:50:56 +0000[diff] [blame]418
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]419 off_t file_size; /* -1 - unknown */
420#if ENABLE_FEATURE_HTTPD_RANGES
421 off_t range_start;
422 off_t range_end;
423 off_t range_len;
424#endif
425
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]426#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]427 Htaccess *g_auth; /* config user:password lines */
Glenn L McGrathc9163fe2003-05-13 16:20:11 +0000[diff] [blame]428#endif
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]429 Htaccess *mime_a; /* config mime types */
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]430#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]431 Htaccess *script_i; /* config script interpreters */
"Vladimir N. Oleynik"4333a092006-01-31 13:53:30 +0000[diff] [blame]432#endif
Denys Vlasenkofb132e42010-10-29 11:46:52 +0200[diff] [blame]433 char *iobuf; /* [IOBUF_SIZE] */
Denys Vlasenkoe6a2f4c2016-04-21 16:26:30 +0200[diff] [blame]434#define hdr_buf bb_common_bufsiz1
435#define sizeof_hdr_buf COMMON_BUFSIZE
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]436 char *hdr_ptr;
437 int hdr_cnt;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]438#if ENABLE_FEATURE_HTTPD_ERROR_PAGES
439 const char *http_error_page[ARRAY_SIZE(http_response_type)];
440#endif
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]441#if ENABLE_FEATURE_HTTPD_PROXY
442 Htaccess_Proxy *proxy;
443#endif
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]444};
445#define G (*ptr_to_globals)
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]446#define verbose (G.verbose )
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]447#define flg_deny_all (G.flg_deny_all )
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]448#if ENABLE_FEATURE_HTTPD_GZIP
449# define content_gzip (G.content_gzip )
450#else
451# define content_gzip 0
452#endif
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]453#define bind_addr_or_port (G.bind_addr_or_port)
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]454#define g_query (G.g_query )
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]455#define opt_c_configFile (G.opt_c_configFile )
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]456#define home_httpd (G.home_httpd )
Denis Vlasenkofcd878e2007-12-29 02:16:23 +0000[diff] [blame]457#define index_page (G.index_page )
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]458#define found_mime_type (G.found_mime_type )
459#define found_moved_temporarily (G.found_moved_temporarily)
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]460#define last_mod (G.last_mod )
461#define ip_a_d (G.ip_a_d )
462#define g_realm (G.g_realm )
463#define remoteuser (G.remoteuser )
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]464#define file_size (G.file_size )
465#if ENABLE_FEATURE_HTTPD_RANGES
466#define range_start (G.range_start )
467#define range_end (G.range_end )
468#define range_len (G.range_len )
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]469#else
470enum {
Denys Vlasenko8cce1b32012-02-19 17:18:45 +0100[diff] [blame]471 range_start = -1,
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]472 range_end = MAXINT(off_t) - 1,
473 range_len = MAXINT(off_t),
474};
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]475#endif
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]476#define rmt_ip_str (G.rmt_ip_str )
477#define g_auth (G.g_auth )
478#define mime_a (G.mime_a )
479#define script_i (G.script_i )
480#define iobuf (G.iobuf )
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]481#define hdr_ptr (G.hdr_ptr )
482#define hdr_cnt (G.hdr_cnt )
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]483#define http_error_page (G.http_error_page )
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]484#define proxy (G.proxy )
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]485#define INIT_G() do { \
Denys Vlasenko9de2e5a2016-04-21 18:38:51 +0200[diff] [blame]486 setup_common_bufsiz(); \
Denis Vlasenko574f2f42008-02-27 18:41:59 +0000[diff] [blame]487 SET_PTR_TO_GLOBALS(xzalloc(sizeof(G))); \
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]488 IF_FEATURE_HTTPD_BASIC_AUTH(g_realm = "Web Server Authentication";) \
Denys Vlasenko8cce1b32012-02-19 17:18:45 +0100[diff] [blame]489 IF_FEATURE_HTTPD_RANGES(range_start = -1;) \
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]490 bind_addr_or_port = "80"; \
Denys Vlasenko108b8c52009-09-08 21:17:49 +0200[diff] [blame]491 index_page = index_html; \
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]492 file_size = -1; \
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]493} while (0)
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]494
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]495
Denis Vlasenko0bb993f2006-11-21 00:06:28 +0000[diff] [blame]496#define STRNCASECMP(a, str) strncasecmp((a), (str), sizeof(str)-1)
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]497
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]498/* Prototypes */
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000[diff] [blame]499enum {
500 SEND_HEADERS = (1 << 0),
501 SEND_BODY = (1 << 1),
502 SEND_HEADERS_AND_BODY = SEND_HEADERS + SEND_BODY,
503};
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +0000[diff] [blame]504static void send_file_and_exit(const char *url, int what) NORETURN;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]505
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]506static void free_llist(has_next_ptr **pptr)
507{
508 has_next_ptr *cur = *pptr;
509 while (cur) {
510 has_next_ptr *t = cur;
511 cur = cur->next;
512 free(t);
513 }
514 *pptr = NULL;
515}
516
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]517static ALWAYS_INLINE void free_Htaccess_list(Htaccess **pptr)
518{
519 free_llist((has_next_ptr**)pptr);
520}
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]521
522static ALWAYS_INLINE void free_Htaccess_IP_list(Htaccess_IP **pptr)
523{
524 free_llist((has_next_ptr**)pptr);
525}
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]526
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]527/* Returns presumed mask width in bits or < 0 on error.
528 * Updates strp, stores IP at provided pointer */
529static int scan_ip(const char **strp, unsigned *ipp, unsigned char endc)
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]530{
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]531 const char *p = *strp;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]532 int auto_mask = 8;
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]533 unsigned ip = 0;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]534 int j;
Glenn L McGrathc9163fe2003-05-13 16:20:11 +0000[diff] [blame]535
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]536 if (*p == '/')
537 return -auto_mask;
538
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]539 for (j = 0; j < 4; j++) {
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]540 unsigned octet;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]541
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]542 if ((*p < '0' || *p > '9') && *p != '/' && *p)
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]543 return -auto_mask;
544 octet = 0;
545 while (*p >= '0' && *p <= '9') {
546 octet *= 10;
547 octet += *p - '0';
548 if (octet > 255)
549 return -auto_mask;
550 p++;
551 }
552 if (*p == '.')
553 p++;
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]554 if (*p != '/' && *p)
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]555 auto_mask += 8;
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]556 ip = (ip << 8) | octet;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]557 }
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]558 if (*p) {
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]559 if (*p != endc)
560 return -auto_mask;
561 p++;
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]562 if (*p == '\0')
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]563 return -auto_mask;
564 }
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]565 *ipp = ip;
566 *strp = p;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]567 return auto_mask;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]568}
569
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]570/* Returns 0 on success. Stores IP and mask at provided pointers */
571static int scan_ip_mask(const char *str, unsigned *ipp, unsigned *maskp)
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]572{
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]573 int i;
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]574 unsigned mask;
575 char *p;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]576
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]577 i = scan_ip(&str, ipp, '/');
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]578 if (i < 0)
579 return i;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]580
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]581 if (*str) {
582 /* there is /xxx after dotted-IP address */
583 i = bb_strtou(str, &p, 10);
584 if (*p == '.') {
585 /* 'xxx' itself is dotted-IP mask, parse it */
586 /* (return 0 (success) only if it has N.N.N.N form) */
587 return scan_ip(&str, maskp, '\0') - 32;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]588 }
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]589 if (*p)
590 return -1;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]591 }
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]592
593 if (i > 32)
Denis Vlasenko92758142006-10-03 19:56:34 +0000[diff] [blame]594 return -1;
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]595
596 if (sizeof(unsigned) == 4 && i == 32) {
597 /* mask >>= 32 below may not work */
598 mask = 0;
599 } else {
600 mask = 0xffffffff;
601 mask >>= i;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]602 }
Denis Vlasenkod867f322007-08-19 21:15:42 +0000[diff] [blame]603 /* i == 0 -> *maskp = 0x00000000
604 * i == 1 -> *maskp = 0x80000000
605 * i == 4 -> *maskp = 0xf0000000
606 * i == 31 -> *maskp = 0xfffffffe
607 * i == 32 -> *maskp = 0xffffffff */
608 *maskp = (uint32_t)(~mask);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]609 return 0;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]610}
611
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]612/*
613 * Parse configuration file into in-memory linked list.
Eric Andersenc7bda1c2004-03-15 08:29:22 +0000[diff] [blame]614 *
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]615 * Any previous IP rules are discarded.
616 * If the flag argument is not SUBDIR_PARSE then all /path and mime rules
617 * are also discarded. That is, previous settings are retained if flag is
618 * SUBDIR_PARSE.
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]619 * Error pages are only parsed on the main config file.
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000[diff] [blame]620 *
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]621 * path Path where to look for httpd.conf (without filename).
622 * flag Type of the parse request.
623 */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]624/* flag param: */
625enum {
626 FIRST_PARSE = 0, /* path will be "/etc" */
627 SIGNALED_PARSE = 1, /* path will be "/etc" */
628 SUBDIR_PARSE = 2, /* path will be derived from URL */
629};
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]630static void parse_conf(const char *path, int flag)
631{
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]632 /* internally used extra flag state */
633 enum { TRY_CURDIR_PARSE = 3 };
634
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]635 FILE *f;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]636 const char *filename;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]637 char buf[160];
Glenn L McGrathc9163fe2003-05-13 16:20:11 +0000[diff] [blame]638
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]639 /* discard old rules */
640 free_Htaccess_IP_list(&ip_a_d);
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]641 flg_deny_all = 0;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]642 /* retain previous auth and mime config only for subdir parse */
643 if (flag != SUBDIR_PARSE) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]644 free_Htaccess_list(&mime_a);
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]645#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]646 free_Htaccess_list(&g_auth);
Glenn L McGrathc9163fe2003-05-13 16:20:11 +0000[diff] [blame]647#endif
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]648#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]649 free_Htaccess_list(&script_i);
"Vladimir N. Oleynik"4333a092006-01-31 13:53:30 +0000[diff] [blame]650#endif
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]651 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]652
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]653 filename = opt_c_configFile;
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]654 if (flag == SUBDIR_PARSE || filename == NULL) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]655 filename = alloca(strlen(path) + sizeof(HTTPD_CONF) + 2);
656 sprintf((char *)filename, "%s/%s", path, HTTPD_CONF);
Glenn L McGrath393183d2003-05-26 14:07:50 +0000[diff] [blame]657 }
658
Denis Vlasenko5415c852008-07-21 23:05:26 +0000[diff] [blame]659 while ((f = fopen_for_read(filename)) == NULL) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]660 if (flag >= SUBDIR_PARSE) { /* SUBDIR or TRY_CURDIR */
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]661 /* config file not found, no changes to config */
662 return;
663 }
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]664 if (flag == FIRST_PARSE) {
665 /* -c CONFFILE given, but CONFFILE doesn't exist? */
666 if (opt_c_configFile)
667 bb_simple_perror_msg_and_die(opt_c_configFile);
668 /* else: no -c, thus we looked at /etc/httpd.conf,
669 * and it's not there. try ./httpd.conf: */
670 }
671 flag = TRY_CURDIR_PARSE;
672 filename = HTTPD_CONF;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]673 }
674
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]675#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]676 /* in "/file:user:pass" lines, we prepend path in subdirs */
677 if (flag != SUBDIR_PARSE)
678 path = "";
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]679#endif
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]680 /* The lines can be:
681 *
682 * I:default_index_file
683 * H:http_home
684 * [AD]:IP[/mask] # allow/deny, * for wildcard
685 * Ennn:error.html # error page for status nnn
686 * P:/url:[http://]hostname[:port]/new/path # reverse proxy
687 * .ext:mime/type # mime type
688 * *.php:/path/php # run xxx.php through an interpreter
689 * /file:user:pass # username and password
690 */
691 while (fgets(buf, sizeof(buf), f) != NULL) {
692 unsigned strlen_buf;
693 unsigned char ch;
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200[diff] [blame]694 char *after_colon;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]695
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]696 { /* remove all whitespace, and # comments */
697 char *p, *p0;
698
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200[diff] [blame]699 p0 = buf;
700 /* skip non-whitespace beginning. Often the whole line
701 * is non-whitespace. We want this case to work fast,
702 * without needless copying, therefore we don't merge
703 * this operation into next while loop. */
704 while ((ch = *p0) != '\0' && ch != '\n' && ch != '#'
705 && ch != ' ' && ch != '\t'
706 ) {
707 p0++;
708 }
709 p = p0;
710 /* if we enter this loop, we have some whitespace.
711 * discard it */
712 while (ch != '\0' && ch != '\n' && ch != '#') {
713 if (ch != ' ' && ch != '\t') {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]714 *p++ = ch;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]715 }
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200[diff] [blame]716 ch = *++p0;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]717 }
718 *p = '\0';
719 strlen_buf = p - buf;
Denis Vlasenko00643ca2009-04-22 13:52:22 +0000[diff] [blame]720 if (strlen_buf == 0)
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200[diff] [blame]721 continue; /* empty line */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]722 }
723
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200[diff] [blame]724 after_colon = strchr(buf, ':');
Denis Vlasenko00643ca2009-04-22 13:52:22 +0000[diff] [blame]725 /* strange line? */
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200[diff] [blame]726 if (after_colon == NULL || *++after_colon == '\0')
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]727 goto config_error;
728
729 ch = (buf[0] & ~0x20); /* toupper if it's a letter */
730
731 if (ch == 'I') {
Denys Vlasenko108b8c52009-09-08 21:17:49 +0200[diff] [blame]732 if (index_page != index_html)
733 free((char*)index_page);
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]734 index_page = xstrdup(after_colon);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]735 continue;
736 }
737
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]738 /* do not allow jumping around using H in subdir's configs */
739 if (flag == FIRST_PARSE && ch == 'H') {
740 home_httpd = xstrdup(after_colon);
741 xchdir(home_httpd);
742 continue;
743 }
744
745 if (ch == 'A' || ch == 'D') {
746 Htaccess_IP *pip;
747
748 if (*after_colon == '*') {
749 if (ch == 'D') {
750 /* memorize "deny all" */
751 flg_deny_all = 1;
752 }
753 /* skip assumed "A:*", it is a default anyway */
754 continue;
755 }
756 /* store "allow/deny IP/mask" line */
757 pip = xzalloc(sizeof(*pip));
758 if (scan_ip_mask(after_colon, &pip->ip, &pip->mask)) {
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]759 /* IP{/mask} syntax error detected, protect all */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]760 ch = 'D';
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]761 pip->mask = 0;
762 }
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]763 pip->allow_deny = ch;
764 if (ch == 'D') {
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]765 /* Deny:from_IP - prepend */
766 pip->next = ip_a_d;
767 ip_a_d = pip;
768 } else {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]769 /* A:from_IP - append (thus all D's precedes A's) */
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]770 Htaccess_IP *prev_IP = ip_a_d;
771 if (prev_IP == NULL) {
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]772 ip_a_d = pip;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]773 } else {
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]774 while (prev_IP->next)
775 prev_IP = prev_IP->next;
776 prev_IP->next = pip;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]777 }
778 }
779 continue;
780 }
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]781
782#if ENABLE_FEATURE_HTTPD_ERROR_PAGES
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]783 if (flag == FIRST_PARSE && ch == 'E') {
Denis Vlasenko6b06cb82008-05-15 21:30:45 +0000[diff] [blame]784 unsigned i;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]785 int status = atoi(buf + 1); /* error status code */
786
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]787 if (status < HTTP_CONTINUE) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]788 goto config_error;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]789 }
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]790 /* then error page; find matching status */
791 for (i = 0; i < ARRAY_SIZE(http_response_type); i++) {
792 if (http_response_type[i] == status) {
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]793 /* We chdir to home_httpd, thus no need to
794 * concat_path_file(home_httpd, after_colon)
795 * here */
796 http_error_page[i] = xstrdup(after_colon);
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]797 break;
798 }
799 }
800 continue;
801 }
802#endif
803
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]804#if ENABLE_FEATURE_HTTPD_PROXY
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]805 if (flag == FIRST_PARSE && ch == 'P') {
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]806 /* P:/url:[http://]hostname[:port]/new/path */
807 char *url_from, *host_port, *url_to;
808 Htaccess_Proxy *proxy_entry;
809
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]810 url_from = after_colon;
811 host_port = strchr(after_colon, ':');
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]812 if (host_port == NULL) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]813 goto config_error;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]814 }
815 *host_port++ = '\0';
Denys Vlasenko8dff01d2015-03-12 17:48:34 +0100[diff] [blame]816 if (is_prefixed_with(host_port, "http://"))
Denis Vlasenko78ee7c82007-10-21 23:24:42 +0000[diff] [blame]817 host_port += 7;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]818 if (*host_port == '\0') {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]819 goto config_error;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]820 }
821 url_to = strchr(host_port, '/');
822 if (url_to == NULL) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]823 goto config_error;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]824 }
825 *url_to = '\0';
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]826 proxy_entry = xzalloc(sizeof(*proxy_entry));
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]827 proxy_entry->url_from = xstrdup(url_from);
828 proxy_entry->host_port = xstrdup(host_port);
829 *url_to = '/';
830 proxy_entry->url_to = xstrdup(url_to);
831 proxy_entry->next = proxy;
832 proxy = proxy_entry;
833 continue;
834 }
835#endif
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]836 /* the rest of directives are non-alphabetic,
837 * must avoid using "toupper'ed" ch */
838 ch = buf[0];
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]839
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]840 if (ch == '.' /* ".ext:mime/type" */
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]841#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]842 || (ch == '*' && buf[1] == '.') /* "*.php:/path/php" */
843#endif
844 ) {
845 char *p;
846 Htaccess *cur;
847
848 cur = xzalloc(sizeof(*cur) /* includes space for NUL */ + strlen_buf);
849 strcpy(cur->before_colon, buf);
850 p = cur->before_colon + (after_colon - buf);
851 p[-1] = '\0';
852 cur->after_colon = p;
853 if (ch == '.') {
854 /* .mime line: prepend to mime_a list */
855 cur->next = mime_a;
856 mime_a = cur;
857 }
858#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
859 else {
860 /* script interpreter line: prepend to script_i list */
861 cur->next = script_i;
862 script_i = cur;
863 }
864#endif
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]865 continue;
866 }
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]867
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]868#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
869 if (ch == '/') { /* "/file:user:pass" */
870 char *p;
871 Htaccess *cur;
872 unsigned file_len;
873
874 /* note: path is "" unless we are in SUBDIR parse,
Denis Vlasenkoc8d71092009-04-22 14:16:59 +0000[diff] [blame]875 * otherwise it does NOT start with "/" */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]876 cur = xzalloc(sizeof(*cur) /* includes space for NUL */
Denis Vlasenkoc8d71092009-04-22 14:16:59 +0000[diff] [blame]877 + 1 + strlen(path)
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]878 + strlen_buf
879 );
880 /* form "/path/file" */
Denis Vlasenkoc8d71092009-04-22 14:16:59 +0000[diff] [blame]881 sprintf(cur->before_colon, "/%s%.*s",
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]882 path,
Denys Vlasenkoa4bcbd02009-06-09 23:01:24 +0200[diff] [blame]883 (int) (after_colon - buf - 1), /* includes "/", but not ":" */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]884 buf);
885 /* canonicalize it */
886 p = bb_simplify_abs_path_inplace(cur->before_colon);
887 file_len = p - cur->before_colon;
888 /* add "user:pass" after NUL */
889 strcpy(++p, after_colon);
890 cur->after_colon = p;
891
892 /* insert cur into g_auth */
893 /* g_auth is sorted by decreased filename length */
894 {
895 Htaccess *auth, **authp;
896
897 authp = &g_auth;
898 while ((auth = *authp) != NULL) {
899 if (file_len >= strlen(auth->before_colon)) {
900 /* insert cur before auth */
901 cur->next = auth;
902 break;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]903 }
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]904 authp = &auth->next;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]905 }
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]906 *authp = cur;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]907 }
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]908 continue;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]909 }
910#endif /* BASIC_AUTH */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]911
912 /* the line is not recognized */
913 config_error:
914 bb_error_msg("config error '%s' in '%s'", buf, filename);
Denys Vlasenko69675782013-01-14 01:34:48 +0100[diff] [blame]915 } /* while (fgets) */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]916
Denys Vlasenko69675782013-01-14 01:34:48 +0100[diff] [blame]917 fclose(f);
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]918}
919
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]920#if ENABLE_FEATURE_HTTPD_ENCODE_URL_STR
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]921/*
922 * Given a string, html-encode special characters.
923 * This is used for the -e command line option to provide an easy way
924 * for scripts to encode result data without confusing browsers. The
925 * returned string pointer is memory allocated by malloc().
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]926 *
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]927 * Returns a pointer to the encoded string (malloced).
928 */
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]929static char *encodeString(const char *string)
930{
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]931 /* take the simple route and encode everything */
932 /* could possibly scan once to get length. */
933 int len = strlen(string);
Denis Vlasenkoab2aea42007-01-29 22:51:58 +0000[diff] [blame]934 char *out = xmalloc(len * 6 + 1);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]935 char *p = out;
936 char ch;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]937
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]938 while ((ch = *string++) != '\0') {
Denis Vlasenko72b6a652007-08-21 11:18:25 +0000[diff] [blame]939 /* very simple check for what to encode */
940 if (isalnum(ch))
941 *p++ = ch;
942 else
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]943 p += sprintf(p, "&#%u;", (unsigned char) ch);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]944 }
Denis Vlasenkoab2aea42007-01-29 22:51:58 +0000[diff] [blame]945 *p = '\0';
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]946 return out;
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]947}
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]948#endif
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]949
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]950#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]951/*
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]952 * Decode a base64 data stream as per rfc1521.
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]953 * Note that the rfc states that non base64 chars are to be ignored.
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]954 * Since the decode always results in a shorter size than the input,
955 * it is OK to pass the input arg as an output arg.
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]956 * Parameter: a pointer to a base64 encoded string.
957 * Decoded data is stored in-place.
958 */
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]959static void decodeBase64(char *Data)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]960{
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]961 const unsigned char *in = (const unsigned char *)Data;
Denis Vlasenko37c33162007-08-19 18:54:22 +0000[diff] [blame]962 /* The decoded size will be at most 3/4 the size of the encoded */
Denis Vlasenko088b9592007-04-18 21:14:46 +0000[diff] [blame]963 unsigned ch = 0;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]964 int i = 0;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]965
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]966 while (*in) {
967 int t = *in++;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]968
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]969 if (t >= '0' && t <= '9')
970 t = t - '0' + 52;
971 else if (t >= 'A' && t <= 'Z')
972 t = t - 'A';
973 else if (t >= 'a' && t <= 'z')
974 t = t - 'a' + 26;
975 else if (t == '+')
976 t = 62;
977 else if (t == '/')
978 t = 63;
979 else if (t == '=')
980 t = 0;
981 else
982 continue;
Glenn L McGrath874e3382003-05-14 12:11:36 +0000[diff] [blame]983
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]984 ch = (ch << 6) | t;
985 i++;
986 if (i == 4) {
987 *Data++ = (char) (ch >> 16);
988 *Data++ = (char) (ch >> 8);
989 *Data++ = (char) ch;
990 i = 0;
991 }
992 }
Denis Vlasenko088b9592007-04-18 21:14:46 +0000[diff] [blame]993 *Data = '\0';
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]994}
995#endif
996
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]997/*
998 * Create a listen server socket on the designated port.
999 */
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]1000static int openServer(void)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1001{
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]1002 unsigned n = bb_strtou(bind_addr_or_port, NULL, 10);
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]1003 if (!errno && n && n <= 0xffff)
1004 n = create_and_bind_stream_or_die(NULL, n);
1005 else
1006 n = create_and_bind_stream_or_die(bind_addr_or_port, 80);
1007 xlisten(n, 9);
1008 return n;
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1009}
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1010
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]1011/*
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1012 * Log the connection closure and exit.
1013 */
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +0000[diff] [blame]1014static void log_and_exit(void) NORETURN;
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1015static void log_and_exit(void)
1016{
Denis Vlasenko921799d2007-08-19 19:28:09 +0000[diff] [blame]1017 /* Paranoia. IE said to be buggy. It may send some extra data
1018 * or be confused by us just exiting without SHUT_WR. Oh well. */
1019 shutdown(1, SHUT_WR);
Denis Vlasenkofaf334a2008-05-18 15:14:36 +0000[diff] [blame]1020 /* Why??
1021 (this also messes up stdin when user runs httpd -i from terminal)
Denis Vlasenko921799d2007-08-19 19:28:09 +0000[diff] [blame]1022 ndelay_on(0);
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +0000[diff] [blame]1023 while (read(STDIN_FILENO, iobuf, IOBUF_SIZE) > 0)
Denis Vlasenko921799d2007-08-19 19:28:09 +0000[diff] [blame]1024 continue;
Denis Vlasenkofaf334a2008-05-18 15:14:36 +0000[diff] [blame]1025 */
Denis Vlasenko921799d2007-08-19 19:28:09 +0000[diff] [blame]1026
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1027 if (verbose > 2)
James Byrne69374872019-07-02 11:35:03 +0200[diff] [blame]1028 bb_simple_error_msg("closed");
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1029 _exit(xfunc_error_retval);
1030}
1031
1032/*
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]1033 * Create and send HTTP response headers.
1034 * The arguments are combined and sent as one write operation. Note that
1035 * IE will puke big-time if the headers are not sent in one packet and the
1036 * second packet is delayed for any reason.
1037 * responseNum - the result code to send.
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]1038 */
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]1039static void send_headers(unsigned responseNum)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1040{
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]1041 static const char RFC1123FMT[] ALIGN1 = "%a, %d %b %Y %H:%M:%S GMT";
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1042 /* Fixed size 29-byte string. Example: Sun, 06 Nov 1994 08:49:37 GMT */
1043 char date_str[40]; /* using a bit larger buffer to paranoia reasons */
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]1044
Denys Vlasenkoe1b1b792018-03-06 18:11:47 +0100[diff] [blame]1045 struct tm tm;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1046 const char *responseString = "";
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]1047 const char *infoString = NULL;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]1048#if ENABLE_FEATURE_HTTPD_ERROR_PAGES
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000[diff] [blame]1049 const char *error_page = NULL;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]1050#endif
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]1051 unsigned len;
Denis Vlasenkob64eed62007-01-14 17:06:11 +0000[diff] [blame]1052 unsigned i;
Denis Vlasenko04158e02009-02-02 10:48:06 +0000[diff] [blame]1053 time_t timer = time(NULL);
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]1054
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]1055 for (i = 0; i < ARRAY_SIZE(http_response_type); i++) {
1056 if (http_response_type[i] == responseNum) {
1057 responseString = http_response[i].name;
1058 infoString = http_response[i].info;
1059#if ENABLE_FEATURE_HTTPD_ERROR_PAGES
1060 error_page = http_error_page[i];
1061#endif
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]1062 break;
1063 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1064 }
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1065
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]1066 if (verbose)
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1067 bb_error_msg("response:%u", responseNum);
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]1068
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1069 /* We use sprintf, not snprintf (it's less code).
1070 * iobuf[] is several kbytes long and all headers we generate
1071 * always fit into those kbytes.
1072 */
1073
Denys Vlasenkoe1b1b792018-03-06 18:11:47 +0100[diff] [blame]1074 strftime(date_str, sizeof(date_str), RFC1123FMT, gmtime_r(&timer, &tm));
1075 /* ^^^ using gmtime_r() instead of gmtime() to not use static data */
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]1076 len = sprintf(iobuf,
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]1077 "HTTP/1.0 %u %s\r\n"
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1078 "Date: %s\r\n"
1079 "Connection: close\r\n",
1080 responseNum, responseString,
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1081 date_str
1082 );
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1083
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]1084 if (responseNum != HTTP_OK || found_mime_type) {
1085 len += sprintf(iobuf + len,
1086 "Content-type: %s\r\n",
1087 /* if it's error message, then it's HTML */
1088 (responseNum != HTTP_OK ? "text/html" : found_mime_type)
1089 );
1090 }
1091
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]1092#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1093 if (responseNum == HTTP_UNAUTHORIZED) {
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]1094 len += sprintf(iobuf + len,
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1095 "WWW-Authenticate: Basic realm=\"%.999s\"\r\n",
1096 g_realm /* %.999s protects from overflowing iobuf[] */
1097 );
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1098 }
Glenn L McGrath3d2405c2003-02-10 22:28:21 +0000[diff] [blame]1099#endif
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1100 if (responseNum == HTTP_MOVED_TEMPORARILY) {
Denys Vlasenko59f84752015-10-23 11:49:04 +0200[diff] [blame]1101 /* Responding to "GET /dir" with
1102 * "HTTP/1.0 302 Found" "Location: /dir/"
1103 * - IOW, asking them to repeat with a slash.
1104 * Here, overflow IS possible, can't use sprintf:
1105 * mkdir test
1106 * python -c 'print("get /test?" + ("x" * 8192))' | busybox httpd -i -h .
1107 */
1108 len += snprintf(iobuf + len, IOBUF_SIZE-3 - len,
1109 "Location: %s/%s%s\r\n",
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]1110 found_moved_temporarily,
1111 (g_query ? "?" : ""),
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1112 (g_query ? g_query : "")
1113 );
Denys Vlasenko59f84752015-10-23 11:49:04 +0200[diff] [blame]1114 if (len > IOBUF_SIZE-3)
1115 len = IOBUF_SIZE-3;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1116 }
Eric Andersen07f2fea2004-10-08 08:03:29 +0000[diff] [blame]1117
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]1118#if ENABLE_FEATURE_HTTPD_ERROR_PAGES
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1119 if (error_page && access(error_page, R_OK) == 0) {
Denys Vlasenko59f84752015-10-23 11:49:04 +0200[diff] [blame]1120 iobuf[len++] = '\r';
1121 iobuf[len++] = '\n';
1122 if (DEBUG) {
1123 iobuf[len] = '\0';
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]1124 fprintf(stderr, "headers: '%s'\n", iobuf);
Denys Vlasenko59f84752015-10-23 11:49:04 +0200[diff] [blame]1125 }
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +0000[diff] [blame]1126 full_write(STDOUT_FILENO, iobuf, len);
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]1127 if (DEBUG)
1128 fprintf(stderr, "writing error page: '%s'\n", error_page);
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000[diff] [blame]1129 return send_file_and_exit(error_page, SEND_BODY);
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]1130 }
1131#endif
1132
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1133 if (file_size != -1) { /* file */
Denys Vlasenkoe1b1b792018-03-06 18:11:47 +0100[diff] [blame]1134 strftime(date_str, sizeof(date_str), RFC1123FMT, gmtime_r(&last_mod, &tm));
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1135#if ENABLE_FEATURE_HTTPD_RANGES
1136 if (responseNum == HTTP_PARTIAL_CONTENT) {
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1137 len += sprintf(iobuf + len,
1138 "Content-Range: bytes %"OFF_FMT"u-%"OFF_FMT"u/%"OFF_FMT"u\r\n",
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1139 range_start,
1140 range_end,
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1141 file_size
1142 );
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1143 file_size = range_end - range_start + 1;
1144 }
1145#endif
Alexander Vickberg210b5242019-04-17 11:34:21 +0200[diff] [blame]1146
1147//RFC 2616 4.4 Message Length
1148// The transfer-length of a message is the length of the message-body as
1149// it appears in the message; that is, after any transfer-codings have
1150// been applied. When a message-body is included with a message, the
1151// transfer-length of that body is determined by one of the following
1152// (in order of precedence):
1153// 1.Any response message which "MUST NOT" include a message-body (such
1154// as the 1xx, 204, and 304 responses and any response to a HEAD
1155// request) is always terminated by the first empty line after the
1156// header fields, regardless of the entity-header fields present in
1157// the message.
1158// 2.If a Transfer-Encoding header field (section 14.41) is present and
1159// has any value other than "identity", then the transfer-length is
1160// defined by use of the "chunked" transfer-coding (section 3.6),
1161// unless the message is terminated by closing the connection.
1162// 3.If a Content-Length header field (section 14.13) is present, its
1163// decimal value in OCTETs represents both the entity-length and the
1164// transfer-length. The Content-Length header field MUST NOT be sent
1165// if these two lengths are different (i.e., if a Transfer-Encoding
1166// header field is present). If a message is received with both a
1167// Transfer-Encoding header field and a Content-Length header field,
1168// the latter MUST be ignored.
1169// 4.If the message uses the media type "multipart/byteranges" ...
1170// 5.By the server closing the connection.
1171//
1172// (NB: standards do not define "Transfer-Length:" _header_,
1173// transfer-length above is just a concept).
1174
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1175 len += sprintf(iobuf + len,
1176#if ENABLE_FEATURE_HTTPD_RANGES
1177 "Accept-Ranges: bytes\r\n"
1178#endif
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1179 "Last-Modified: %s\r\n"
Alexander Vickberg210b5242019-04-17 11:34:21 +0200[diff] [blame]1180 /* Because of 4.4 (5), we can forgo sending of "Content-Length"
1181 * since we close connection afterwards, but it helps clients
1182 * to e.g. estimate download times, show progress bars etc.
1183 * Theoretically we should not send it if page is compressed,
1184 * but de-facto standard is to send it (see comment below).
1185 */
1186 "Content-Length: %"OFF_FMT"u\r\n",
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1187 date_str,
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1188 file_size
1189 );
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1190 }
Peter Korsgaard7a2ba322010-07-25 03:20:53 +0200[diff] [blame]1191
Alexander Vickberg210b5242019-04-17 11:34:21 +0200[diff] [blame]1192 /* This should be "Transfer-Encoding", not "Content-Encoding":
1193 * "data is compressed for transfer", not "data is an archive".
1194 * But many clients were not handling "Transfer-Encoding" correctly
1195 * (they were not uncompressing gzipped pages, tried to show
1196 * raw compressed data), and servers worked around it by using
1197 * "Content-Encoding" instead... and this become de-facto standard.
1198 * https://bugzilla.mozilla.org/show_bug.cgi?id=68517
1199 * https://bugs.chromium.org/p/chromium/issues/detail?id=94730
1200 */
Peter Korsgaard7a2ba322010-07-25 03:20:53 +0200[diff] [blame]1201 if (content_gzip)
1202 len += sprintf(iobuf + len, "Content-Encoding: gzip\r\n");
1203
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1204 iobuf[len++] = '\r';
1205 iobuf[len++] = '\n';
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1206 if (infoString) {
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]1207 len += sprintf(iobuf + len,
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]1208 "<HTML><HEAD><TITLE>%u %s</TITLE></HEAD>\n"
1209 "<BODY><H1>%u %s</H1>\n"
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1210 "%s\n"
1211 "</BODY></HTML>\n",
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1212 responseNum, responseString,
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +0100[diff] [blame]1213 responseNum, responseString,
1214 infoString
1215 );
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1216 }
Denys Vlasenko59f84752015-10-23 11:49:04 +0200[diff] [blame]1217 if (DEBUG) {
1218 iobuf[len] = '\0';
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]1219 fprintf(stderr, "headers: '%s'\n", iobuf);
Denys Vlasenko59f84752015-10-23 11:49:04 +0200[diff] [blame]1220 }
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +0000[diff] [blame]1221 if (full_write(STDOUT_FILENO, iobuf, len) != len) {
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1222 if (verbose > 1)
James Byrne69374872019-07-02 11:35:03 +0200[diff] [blame]1223 bb_simple_perror_msg("error");
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1224 log_and_exit();
1225 }
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1226}
1227
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +0000[diff] [blame]1228static void send_headers_and_exit(int responseNum) NORETURN;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]1229static void send_headers_and_exit(int responseNum)
Denis Vlasenkoe45af732007-08-17 19:19:15 +0000[diff] [blame]1230{
Peter Korsgaard95755182011-03-25 13:38:52 +0100[diff] [blame]1231 IF_FEATURE_HTTPD_GZIP(content_gzip = 0;)
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1232 send_headers(responseNum);
1233 log_and_exit();
Denis Vlasenkoe45af732007-08-17 19:19:15 +0000[diff] [blame]1234}
1235
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]1236/*
Denys Vlasenkod0ae4102019-04-16 11:07:37 +0200[diff] [blame]1237 * Read from the socket until '\n' or EOF.
1238 * '\r' chars are removed.
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]1239 * '\n' is replaced with NUL.
1240 * Return number of characters read or 0 if nothing is read
1241 * ('\r' and '\n' are not counted).
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]1242 * Data is returned in iobuf.
1243 */
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]1244static unsigned get_line(void)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1245{
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]1246 unsigned count;
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]1247 char c;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]1248
Denys Vlasenkod0ae4102019-04-16 11:07:37 +0200[diff] [blame]1249 count = 0;
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]1250 while (1) {
1251 if (hdr_cnt <= 0) {
Denys Vlasenkoaf6012a2019-04-19 14:03:37 +0200[diff] [blame]1252 alarm(HEADER_READ_TIMEOUT);
Denys Vlasenkoe6a2f4c2016-04-21 16:26:30 +0200[diff] [blame]1253 hdr_cnt = safe_read(STDIN_FILENO, hdr_buf, sizeof_hdr_buf);
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]1254 if (hdr_cnt <= 0)
Denys Vlasenkod0ae4102019-04-16 11:07:37 +0200[diff] [blame]1255 goto ret;
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]1256 hdr_ptr = hdr_buf;
1257 }
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]1258 hdr_cnt--;
Denys Vlasenkod0ae4102019-04-16 11:07:37 +0200[diff] [blame]1259 c = *hdr_ptr++;
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]1260 if (c == '\r')
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]1261 continue;
Denys Vlasenkod0ae4102019-04-16 11:07:37 +0200[diff] [blame]1262 if (c == '\n')
Denis Vlasenko2ca84f62009-02-05 12:38:21 +0000[diff] [blame]1263 break;
Denys Vlasenkod0ae4102019-04-16 11:07:37 +0200[diff] [blame]1264 iobuf[count] = c;
Denis Vlasenko921799d2007-08-19 19:28:09 +0000[diff] [blame]1265 if (count < (IOBUF_SIZE - 1)) /* check overflow */
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1266 count++;
1267 }
Denys Vlasenkod0ae4102019-04-16 11:07:37 +0200[diff] [blame]1268 ret:
1269 iobuf[count] = '\0';
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]1270 return count;
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1271}
1272
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]1273#if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1274
1275/* gcc 4.2.1 fares better with NOINLINE */
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +0000[diff] [blame]1276static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post_len) NORETURN;
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1277static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post_len)
1278{
1279 enum { FROM_CGI = 1, TO_CGI = 2 }; /* indexes in pfd[] */
1280 struct pollfd pfd[3];
1281 int out_cnt; /* we buffer a bit of initial CGI output */
1282 int count;
1283
1284 /* iobuf is used for CGI -> network data,
1285 * hdr_buf is for network -> CGI data (POSTDATA) */
1286
1287 /* If CGI dies, we still want to correctly finish reading its output
1288 * and send it to the peer. So please no SIGPIPEs! */
1289 signal(SIGPIPE, SIG_IGN);
1290
Denis Vlasenko4a457562007-10-14 02:34:20 +0000[diff] [blame]1291 // We inconsistently handle a case when more POSTDATA from network
1292 // is coming than we expected. We may give *some part* of that
1293 // extra data to CGI.
1294
1295 //if (hdr_cnt > post_len) {
1296 // /* We got more POSTDATA from network than we expected */
1297 // hdr_cnt = post_len;
1298 //}
1299 post_len -= hdr_cnt;
1300 /* post_len - number of POST bytes not yet read from network */
1301
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1302 /* NB: breaking out of this loop jumps to log_and_exit() */
1303 out_cnt = 0;
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +0200[diff] [blame]1304 pfd[FROM_CGI].fd = fromCgi_rd;
1305 pfd[FROM_CGI].events = POLLIN;
1306 pfd[TO_CGI].fd = toCgi_wr;
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1307 while (1) {
Denys Vlasenkofbe250d2013-09-11 14:59:21 +0200[diff] [blame]1308 /* Note: even pfd[0].events == 0 won't prevent
1309 * revents == POLLHUP|POLLERR reports from closed stdin.
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +0200[diff] [blame]1310 * Setting fd to -1 works: */
Denys Vlasenkofbe250d2013-09-11 14:59:21 +0200[diff] [blame]1311 pfd[0].fd = -1;
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +0200[diff] [blame]1312 pfd[0].events = POLLIN;
1313 pfd[0].revents = 0; /* probably not needed, paranoia */
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1314
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +0200[diff] [blame]1315 /* We always poll this fd, thus kernel always sets revents: */
1316 /*pfd[FROM_CGI].events = POLLIN; - moved out of loop */
1317 /*pfd[FROM_CGI].revents = 0; - not needed */
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1318
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +0200[diff] [blame]1319 /* gcc-4.8.0 still doesnt fill two shorts with one insn :( */
1320 /* http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47059 */
1321 /* hopefully one day it will... */
Denys Vlasenkofbe250d2013-09-11 14:59:21 +0200[diff] [blame]1322 pfd[TO_CGI].events = POLLOUT;
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +0200[diff] [blame]1323 pfd[TO_CGI].revents = 0; /* needed! */
Denys Vlasenkofbe250d2013-09-11 14:59:21 +0200[diff] [blame]1324
1325 if (toCgi_wr && hdr_cnt <= 0) {
1326 if (post_len > 0) {
1327 /* Expect more POST data from network */
1328 pfd[0].fd = 0;
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1329 } else {
1330 /* post_len <= 0 && hdr_cnt <= 0:
1331 * no more POST data to CGI,
1332 * let CGI see EOF on CGI's stdin */
Denys Vlasenko8fc9e6a2010-04-02 10:40:58 +0200[diff] [blame]1333 if (toCgi_wr != fromCgi_rd)
1334 close(toCgi_wr);
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1335 toCgi_wr = 0;
1336 }
1337 }
1338
1339 /* Now wait on the set of sockets */
Denys Vlasenkofbe250d2013-09-11 14:59:21 +0200[diff] [blame]1340 count = safe_poll(pfd, hdr_cnt > 0 ? TO_CGI+1 : FROM_CGI+1, -1);
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1341 if (count <= 0) {
1342#if 0
Denis Vlasenkofb0eba72008-01-02 19:55:04 +0000[diff] [blame]1343 if (safe_waitpid(pid, &status, WNOHANG) <= 0) {
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1344 /* Weird. CGI didn't exit and no fd's
1345 * are ready, yet poll returned?! */
1346 continue;
1347 }
1348 if (DEBUG && WIFEXITED(status))
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]1349 bb_error_msg("CGI exited, status=%u", WEXITSTATUS(status));
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1350 if (DEBUG && WIFSIGNALED(status))
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]1351 bb_error_msg("CGI killed, signal=%u", WTERMSIG(status));
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1352#endif
1353 break;
1354 }
1355
Denys Vlasenko88aa5582010-03-02 15:02:45 +0100[diff] [blame]1356 if (pfd[TO_CGI].revents) {
Denys Vlasenkofbe250d2013-09-11 14:59:21 +0200[diff] [blame]1357 /* hdr_cnt > 0 here due to the way poll() called */
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1358 /* Have data from peer and can write to CGI */
1359 count = safe_write(toCgi_wr, hdr_ptr, hdr_cnt);
1360 /* Doesn't happen, we dont use nonblocking IO here
1361 *if (count < 0 && errno == EAGAIN) {
1362 * ...
1363 *} else */
1364 if (count > 0) {
1365 hdr_ptr += count;
1366 hdr_cnt -= count;
1367 } else {
1368 /* EOF/broken pipe to CGI, stop piping POST data */
1369 hdr_cnt = post_len = 0;
1370 }
1371 }
1372
Denys Vlasenko88aa5582010-03-02 15:02:45 +0100[diff] [blame]1373 if (pfd[0].revents) {
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1374 /* post_len > 0 && hdr_cnt == 0 here */
1375 /* We expect data, prev data portion is eaten by CGI
1376 * and there *is* data to read from the peer
1377 * (POSTDATA) */
Denys Vlasenkoe6a2f4c2016-04-21 16:26:30 +0200[diff] [blame]1378 //count = post_len > (int)sizeof_hdr_buf ? (int)sizeof_hdr_buf : post_len;
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +0000[diff] [blame]1379 //count = safe_read(STDIN_FILENO, hdr_buf, count);
Denys Vlasenkoe6a2f4c2016-04-21 16:26:30 +0200[diff] [blame]1380 count = safe_read(STDIN_FILENO, hdr_buf, sizeof_hdr_buf);
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1381 if (count > 0) {
1382 hdr_cnt = count;
1383 hdr_ptr = hdr_buf;
1384 post_len -= count;
1385 } else {
1386 /* no more POST data can be read */
1387 post_len = 0;
1388 }
1389 }
1390
Denys Vlasenko88aa5582010-03-02 15:02:45 +0100[diff] [blame]1391 if (pfd[FROM_CGI].revents) {
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1392 /* There is something to read from CGI */
1393 char *rbuf = iobuf;
1394
1395 /* Are we still buffering CGI output? */
1396 if (out_cnt >= 0) {
1397 /* HTTP_200[] has single "\r\n" at the end.
1398 * According to http://hoohoo.ncsa.uiuc.edu/cgi/out.html,
1399 * CGI scripts MUST send their own header terminated by
1400 * empty line, then data. That's why we have only one
1401 * <cr><lf> pair here. We will output "200 OK" line
1402 * if needed, but CGI still has to provide blank line
1403 * between header and body */
1404
1405 /* Must use safe_read, not full_read, because
1406 * CGI may output a few first bytes and then wait
1407 * for POSTDATA without closing stdout.
1408 * With full_read we may wait here forever. */
Denys Vlasenko1c356942019-04-19 14:19:41 +0200[diff] [blame]1409 count = safe_read(fromCgi_rd, rbuf + out_cnt, IOBUF_SIZE - 8);
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1410 if (count <= 0) {
1411 /* eof (or error) and there was no "HTTP",
Denys Vlasenko1c356942019-04-19 14:19:41 +0200[diff] [blame]1412 * send "HTTP/1.0 200 OK\r\n", then send received data */
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1413 if (out_cnt) {
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +0000[diff] [blame]1414 full_write(STDOUT_FILENO, HTTP_200, sizeof(HTTP_200)-1);
1415 full_write(STDOUT_FILENO, rbuf, out_cnt);
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1416 }
1417 break; /* CGI stdout is closed, exiting */
1418 }
1419 out_cnt += count;
1420 count = 0;
1421 /* "Status" header format is: "Status: 302 Redirected\r\n" */
Denys Vlasenko94aaf4b2017-09-01 17:06:12 +0200[diff] [blame]1422 if (out_cnt >= 8 && memcmp(rbuf, "Status: ", 8) == 0) {
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1423 /* send "HTTP/1.0 " */
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +0000[diff] [blame]1424 if (full_write(STDOUT_FILENO, HTTP_200, 9) != 9)
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1425 break;
Denys Vlasenko94aaf4b2017-09-01 17:06:12 +0200[diff] [blame]1426 /* skip "Status: " (including space, sending "HTTP/1.0 NNN" is wrong) */
1427 rbuf += 8;
1428 count = out_cnt - 8;
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1429 out_cnt = -1; /* buffering off */
1430 } else if (out_cnt >= 4) {
1431 /* Did CGI add "HTTP"? */
1432 if (memcmp(rbuf, HTTP_200, 4) != 0) {
1433 /* there is no "HTTP", do it ourself */
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +0000[diff] [blame]1434 if (full_write(STDOUT_FILENO, HTTP_200, sizeof(HTTP_200)-1) != sizeof(HTTP_200)-1)
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1435 break;
1436 }
1437 /* Commented out:
1438 if (!strstr(rbuf, "ontent-")) {
1439 full_write(s, "Content-type: text/plain\r\n\r\n", 28);
1440 }
1441 * Counter-example of valid CGI without Content-type:
1442 * echo -en "HTTP/1.0 302 Found\r\n"
1443 * echo -en "Location: http://www.busybox.net\r\n"
1444 * echo -en "\r\n"
1445 */
1446 count = out_cnt;
1447 out_cnt = -1; /* buffering off */
1448 }
1449 } else {
Denys Vlasenko1c356942019-04-19 14:19:41 +0200[diff] [blame]1450 count = safe_read(fromCgi_rd, rbuf, IOBUF_SIZE);
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1451 if (count <= 0)
1452 break; /* eof (or error) */
1453 }
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +0000[diff] [blame]1454 if (full_write(STDOUT_FILENO, rbuf, count) != count)
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1455 break;
1456 if (DEBUG)
1457 fprintf(stderr, "cgi read %d bytes: '%.*s'\n", count, count, rbuf);
1458 } /* if (pfd[FROM_CGI].revents) */
1459 } /* while (1) */
1460 log_and_exit();
1461}
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]1462#endif
1463
1464#if ENABLE_FEATURE_HTTPD_CGI
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1465
Denis Vlasenko921799d2007-08-19 19:28:09 +0000[diff] [blame]1466static void setenv1(const char *name, const char *value)
1467{
1468 setenv(name, value ? value : "", 1);
1469}
1470
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1471/*
1472 * Spawn CGI script, forward CGI's stdin/out <=> network
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1473 *
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1474 * Environment variables are set up and the script is invoked with pipes
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1475 * for stdin/stdout. If a POST is being done the script is fed the POST
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1476 * data in addition to setting the QUERY_STRING variable (for GETs or POSTs).
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1477 *
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1478 * Parameters:
1479 * const char *url The requested URL (with leading /).
Denys Vlasenko03419aa2011-12-19 12:30:34 +0100[diff] [blame]1480 * const char *orig_uri The original URI before rewriting (if any)
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1481 * int post_len Length of the POST body.
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1482 */
1483static void send_cgi_and_exit(
1484 const char *url,
Denys Vlasenko03419aa2011-12-19 12:30:34 +0100[diff] [blame]1485 const char *orig_uri,
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1486 const char *request,
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]1487 int post_len) NORETURN;
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1488static void send_cgi_and_exit(
1489 const char *url,
Denys Vlasenko03419aa2011-12-19 12:30:34 +0100[diff] [blame]1490 const char *orig_uri,
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1491 const char *request,
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]1492 int post_len)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1493{
Denis Vlasenko37188322008-02-16 13:20:56 +0000[diff] [blame]1494 struct fd_pair fromCgi; /* CGI -> httpd pipe */
1495 struct fd_pair toCgi; /* httpd -> CGI pipe */
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +0100[diff] [blame]1496 char *script, *last_slash;
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1497 int pid;
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1498
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1499 /* Make a copy. NB: caller guarantees:
1500 * url[0] == '/', url[1] != '/' */
1501 url = xstrdup(url);
1502
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1503 /*
1504 * We are mucking with environment _first_ and then vfork/exec,
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1505 * this allows us to use vfork safely. Parent doesn't care about
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1506 * these environment changes anyway.
1507 */
1508
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1509 /* Check for [dirs/]script.cgi/PATH_INFO */
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +0100[diff] [blame]1510 last_slash = script = (char*)url;
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1511 while ((script = strchr(script + 1, '/')) != NULL) {
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +0100[diff] [blame]1512 int dir;
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1513 *script = '\0';
Denys Vlasenkof282c6b2011-12-18 03:27:46 +0100[diff] [blame]1514 dir = is_directory(url + 1, /*followlinks:*/ 1);
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +0100[diff] [blame]1515 *script = '/';
1516 if (!dir) {
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1517 /* not directory, found script.cgi/PATH_INFO */
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1518 break;
1519 }
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +0100[diff] [blame]1520 /* is directory, find next '/' */
1521 last_slash = script;
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1522 }
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1523 setenv1("PATH_INFO", script); /* set to /PATH_INFO or "" */
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1524 setenv1("REQUEST_METHOD", request);
1525 if (g_query) {
Denys Vlasenko03419aa2011-12-19 12:30:34 +0100[diff] [blame]1526 putenv(xasprintf("%s=%s?%s", "REQUEST_URI", orig_uri, g_query));
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1527 } else {
Denys Vlasenko03419aa2011-12-19 12:30:34 +0100[diff] [blame]1528 setenv1("REQUEST_URI", orig_uri);
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1529 }
1530 if (script != NULL)
1531 *script = '\0'; /* cut off /PATH_INFO */
1532
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1533 /* SCRIPT_FILENAME is required by PHP in CGI mode */
1534 if (home_httpd[0] == '/') {
1535 char *fullpath = concat_path_file(home_httpd, url);
1536 setenv1("SCRIPT_FILENAME", fullpath);
1537 }
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1538 /* set SCRIPT_NAME as full path: /cgi-bin/dirs/script.cgi */
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1539 setenv1("SCRIPT_NAME", url);
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1540 /* http://hoohoo.ncsa.uiuc.edu/cgi/env.html:
1541 * QUERY_STRING: The information which follows the ? in the URL
1542 * which referenced this script. This is the query information.
1543 * It should not be decoded in any fashion. This variable
1544 * should always be set when there is query information,
1545 * regardless of command line decoding. */
1546 /* (Older versions of bbox seem to do some decoding) */
1547 setenv1("QUERY_STRING", g_query);
1548 putenv((char*)"SERVER_SOFTWARE=busybox httpd/"BB_VER);
1549 putenv((char*)"SERVER_PROTOCOL=HTTP/1.0");
1550 putenv((char*)"GATEWAY_INTERFACE=CGI/1.1");
1551 /* Having _separate_ variables for IP and port defeats
1552 * the purpose of having socket abstraction. Which "port"
1553 * are you using on Unix domain socket?
1554 * IOW - REMOTE_PEER="1.2.3.4:56" makes much more sense.
1555 * Oh well... */
1556 {
1557 char *p = rmt_ip_str ? rmt_ip_str : (char*)"";
1558 char *cp = strrchr(p, ':');
1559 if (ENABLE_FEATURE_IPV6 && cp && strchr(cp, ']'))
1560 cp = NULL;
1561 if (cp) *cp = '\0'; /* delete :PORT */
1562 setenv1("REMOTE_ADDR", p);
Denis Vlasenko37c33162007-08-19 18:54:22 +0000[diff] [blame]1563 if (cp) {
1564 *cp = ':';
1565#if ENABLE_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV
1566 setenv1("REMOTE_PORT", cp + 1);
1567#endif
1568 }
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1569 }
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1570 if (post_len)
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]1571 putenv(xasprintf("CONTENT_LENGTH=%u", post_len));
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1572#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
1573 if (remoteuser) {
1574 setenv1("REMOTE_USER", remoteuser);
1575 putenv((char*)"AUTH_TYPE=Basic");
1576 }
1577#endif
Denis Vlasenkocbb4e612009-03-18 20:00:46 +0000[diff] [blame]1578 /* setenv1("SERVER_NAME", safe_gethostname()); - don't do this,
1579 * just run "env SERVER_NAME=xyz httpd ..." instead */
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]1580
Denis Vlasenko37188322008-02-16 13:20:56 +0000[diff] [blame]1581 xpiped_pair(fromCgi);
1582 xpiped_pair(toCgi);
Denis Vlasenkoa3ee69f2006-11-21 00:07:31 +0000[diff] [blame]1583
Denis Vlasenko80281fe2007-03-07 22:16:38 +0000[diff] [blame]1584 pid = vfork();
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1585 if (pid < 0) {
1586 /* TODO: log perror? */
1587 log_and_exit();
1588 }
Denis Vlasenkof7996f32007-01-11 17:20:00 +0000[diff] [blame]1589
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +0100[diff] [blame]1590 if (pid == 0) {
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1591 /* Child process */
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1592 char *argv[3];
1593
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1594 xfunc_error_retval = 242;
1595
Denis Vlasenko284d0fa2008-02-16 13:18:17 +0000[diff] [blame]1596 /* NB: close _first_, then move fds! */
1597 close(toCgi.wr);
1598 close(fromCgi.rd);
Denis Vlasenkoe5d37cc2007-08-11 20:20:02 +0000[diff] [blame]1599 xmove_fd(toCgi.rd, 0); /* replace stdin with the pipe */
1600 xmove_fd(fromCgi.wr, 1); /* replace stdout with the pipe */
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1601 /* User seeing stderr output can be a security problem.
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1602 * If CGI really wants that, it can always do dup itself. */
Denis Vlasenko1ec15cd2007-08-11 20:20:43 +0000[diff] [blame]1603 /* dup2(1, 2); */
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]1604
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1605 /* Chdiring to script's dir */
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +0100[diff] [blame]1606 script = last_slash;
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1607 if (script != url) { /* paranoia */
1608 *script = '\0';
1609 if (chdir(url + 1) != 0) {
Pascal Bellard70fc8c12012-06-12 13:21:02 +0200[diff] [blame]1610 bb_perror_msg("can't change directory to '%s'", url + 1);
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1611 goto error_execing_cgi;
1612 }
1613 // not needed: *script = '/';
1614 }
1615 script++;
Denis Vlasenkoa3ee69f2006-11-21 00:07:31 +0000[diff] [blame]1616
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1617 /* set argv[0] to name without path */
1618 argv[0] = script;
1619 argv[1] = NULL;
Denis Vlasenkofc213052008-02-11 16:26:22 +0000[diff] [blame]1620
1621#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1622 {
1623 char *suffix = strrchr(script, '.');
Denis Vlasenkofc213052008-02-11 16:26:22 +0000[diff] [blame]1624
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1625 if (suffix) {
1626 Htaccess *cur;
1627 for (cur = script_i; cur; cur = cur->next) {
1628 if (strcmp(cur->before_colon + 1, suffix) == 0) {
1629 /* found interpreter name */
1630 argv[0] = cur->after_colon;
1631 argv[1] = script;
1632 argv[2] = NULL;
1633 break;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1634 }
1635 }
Denis Vlasenkoa3ee69f2006-11-21 00:07:31 +0000[diff] [blame]1636 }
Denis Vlasenkoa3ee69f2006-11-21 00:07:31 +0000[diff] [blame]1637 }
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1638#endif
1639 /* restore default signal dispositions for CGI process */
1640 bb_signals(0
1641 | (1 << SIGCHLD)
1642 | (1 << SIGPIPE)
1643 | (1 << SIGHUP)
1644 , SIG_DFL);
1645
1646 /* _NOT_ execvp. We do not search PATH. argv[0] is a filename
1647 * without any dir components and will only match a file
1648 * in the current directory */
1649 execv(argv[0], argv);
1650 if (verbose)
Denys Vlasenko31c3dad2010-06-27 16:57:55 +0200[diff] [blame]1651 bb_perror_msg("can't execute '%s'", argv[0]);
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]1652 error_execing_cgi:
Denis Vlasenkoe45af732007-08-17 19:19:15 +0000[diff] [blame]1653 /* send to stdout
1654 * (we are CGI here, our stdout is pumped to the net) */
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1655 send_headers_and_exit(HTTP_NOT_FOUND);
Denis Vlasenkoa3ee69f2006-11-21 00:07:31 +0000[diff] [blame]1656 } /* end child */
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1657
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1658 /* Parent process */
1659
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1660 /* Restore variables possibly changed by child */
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1661 xfunc_error_retval = 0;
Denis Vlasenkob98c26a2007-08-17 19:21:12 +0000[diff] [blame]1662
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1663 /* Pump data */
Denis Vlasenkoe5d37cc2007-08-11 20:20:02 +0000[diff] [blame]1664 close(fromCgi.wr);
1665 close(toCgi.rd);
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1666 cgi_io_loop_and_exit(fromCgi.rd, toCgi.wr, post_len);
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1667}
Denis Vlasenko32a471e2007-09-23 13:56:57 +0000[diff] [blame]1668
Denis Vlasenkob3a07152006-11-16 18:04:43 +0000[diff] [blame]1669#endif /* FEATURE_HTTPD_CGI */
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1670
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1671/*
1672 * Send a file response to a HTTP request, and exit
Denis Vlasenko3f5fdc72007-10-14 04:55:59 +0000[diff] [blame]1673 *
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]1674 * Parameters:
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000[diff] [blame]1675 * const char *url The requested URL (with leading /).
1676 * what What to send (headers/body/both).
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1677 */
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1678static NOINLINE void send_file_and_exit(const char *url, int what)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1679{
Denis Vlasenko1b9064d2007-08-12 21:05:49 +0000[diff] [blame]1680 char *suffix;
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1681 int fd;
Denis Vlasenko1b9064d2007-08-12 21:05:49 +0000[diff] [blame]1682 ssize_t count;
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1683
Peter Korsgaard7a2ba322010-07-25 03:20:53 +0200[diff] [blame]1684 if (content_gzip) {
1685 /* does <url>.gz exist? Then use it instead */
1686 char *gzurl = xasprintf("%s.gz", url);
1687 fd = open(gzurl, O_RDONLY);
1688 free(gzurl);
1689 if (fd != -1) {
1690 struct stat sb;
1691 fstat(fd, &sb);
1692 file_size = sb.st_size;
Denys Vlasenko8030a142011-01-11 17:59:45 +0100[diff] [blame]1693 last_mod = sb.st_mtime;
Peter Korsgaard7a2ba322010-07-25 03:20:53 +0200[diff] [blame]1694 } else {
1695 IF_FEATURE_HTTPD_GZIP(content_gzip = 0;)
1696 fd = open(url, O_RDONLY);
1697 }
1698 } else {
1699 fd = open(url, O_RDONLY);
1700 }
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1701 if (fd < 0) {
1702 if (DEBUG)
1703 bb_perror_msg("can't open '%s'", url);
1704 /* Error pages are sent by using send_file_and_exit(SEND_BODY).
1705 * IOW: it is unsafe to call send_headers_and_exit
1706 * if what is SEND_BODY! Can recurse! */
1707 if (what != SEND_BODY)
1708 send_headers_and_exit(HTTP_NOT_FOUND);
1709 log_and_exit();
1710 }
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000[diff] [blame]1711 /* If you want to know about EPIPE below
1712 * (happens if you abort downloads from local httpd): */
1713 signal(SIGPIPE, SIG_IGN);
1714
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]1715 /* If not found, default is to not send "Content-type:" */
1716 /*found_mime_type = NULL; - already is */
Denys Vlasenko33d8d082009-09-10 01:46:02 +0200[diff] [blame]1717 suffix = strrchr(url, '.');
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1718 if (suffix) {
Denys Vlasenko33d8d082009-09-10 01:46:02 +0200[diff] [blame]1719 static const char suffixTable[] ALIGN1 =
1720 /* Shorter suffix must be first:
1721 * ".html.htm" will fail for ".htm"
1722 */
1723 ".txt.h.c.cc.cpp\0" "text/plain\0"
1724 /* .htm line must be after .h line */
1725 ".htm.html\0" "text/html\0"
1726 ".jpg.jpeg\0" "image/jpeg\0"
1727 ".gif\0" "image/gif\0"
1728 ".png\0" "image/png\0"
Vicente Jimenez Aguilar09b25ec2019-06-06 17:12:55 +0200[diff] [blame]1729 ".svg\0" "image/svg+xml\0"
Denys Vlasenko33d8d082009-09-10 01:46:02 +0200[diff] [blame]1730 /* .css line must be after .c line */
1731 ".css\0" "text/css\0"
Denys Vlasenko1230aec2019-06-07 12:32:30 +0200[diff] [blame]1732 ".js\0" "application/javascript\0"
Denys Vlasenko33d8d082009-09-10 01:46:02 +0200[diff] [blame]1733 ".wav\0" "audio/wav\0"
1734 ".avi\0" "video/x-msvideo\0"
1735 ".qt.mov\0" "video/quicktime\0"
1736 ".mpe.mpeg\0" "video/mpeg\0"
1737 ".mid.midi\0" "audio/midi\0"
1738 ".mp3\0" "audio/mpeg\0"
1739#if 0 /* unpopular */
1740 ".au\0" "audio/basic\0"
1741 ".pac\0" "application/x-ns-proxy-autoconfig\0"
1742 ".vrml.wrl\0" "model/vrml\0"
1743#endif
1744 /* compiler adds another "\0" here */
1745 ;
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]1746 Htaccess *cur;
Denys Vlasenko33d8d082009-09-10 01:46:02 +0200[diff] [blame]1747
1748 /* Examine built-in table */
1749 const char *table = suffixTable;
1750 const char *table_next;
1751 for (; *table; table = table_next) {
1752 const char *try_suffix;
1753 const char *mime_type;
1754 mime_type = table + strlen(table) + 1;
1755 table_next = mime_type + strlen(mime_type) + 1;
1756 try_suffix = strstr(table, suffix);
1757 if (!try_suffix)
1758 continue;
1759 try_suffix += strlen(suffix);
1760 if (*try_suffix == '\0' || *try_suffix == '.') {
1761 found_mime_type = mime_type;
1762 break;
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]1763 }
Denys Vlasenko33d8d082009-09-10 01:46:02 +0200[diff] [blame]1764 /* Example: strstr(table, ".av") != NULL, but it
1765 * does not match ".avi" after all and we end up here.
1766 * The table is arranged so that in this case we know
1767 * that it can't match anything in the following lines,
1768 * and we stop the search: */
1769 break;
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]1770 }
Denys Vlasenko33d8d082009-09-10 01:46:02 +0200[diff] [blame]1771 /* ...then user's table */
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]1772 for (cur = mime_a; cur; cur = cur->next) {
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1773 if (strcmp(cur->before_colon, suffix) == 0) {
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]1774 found_mime_type = cur->after_colon;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1775 break;
1776 }
1777 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1778 }
Bernhard Reutner-Fischer62851172009-05-03 18:53:22 +0200[diff] [blame]1779
1780 if (DEBUG)
1781 bb_error_msg("sending file '%s' content-type: %s",
1782 url, found_mime_type);
1783
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1784#if ENABLE_FEATURE_HTTPD_RANGES
Peter Korsgaard7a2ba322010-07-25 03:20:53 +0200[diff] [blame]1785 if (what == SEND_BODY /* err pages and ranges don't mix */
1786 || content_gzip /* we are sending compressed page: can't do ranges */ ///why?
1787 ) {
Denys Vlasenko8cce1b32012-02-19 17:18:45 +0100[diff] [blame]1788 range_start = -1;
Peter Korsgaard7a2ba322010-07-25 03:20:53 +0200[diff] [blame]1789 }
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1790 range_len = MAXINT(off_t);
Denys Vlasenko8cce1b32012-02-19 17:18:45 +0100[diff] [blame]1791 if (range_start >= 0) {
Rob Walker7a426932012-04-03 08:09:28 +0200[diff] [blame]1792 if (!range_end || range_end > file_size - 1) {
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1793 range_end = file_size - 1;
1794 }
1795 if (range_end < range_start
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1796 || lseek(fd, range_start, SEEK_SET) != range_start
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1797 ) {
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1798 lseek(fd, 0, SEEK_SET);
Denys Vlasenko8cce1b32012-02-19 17:18:45 +0100[diff] [blame]1799 range_start = -1;
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1800 } else {
1801 range_len = range_end - range_start + 1;
1802 send_headers(HTTP_PARTIAL_CONTENT);
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000[diff] [blame]1803 what = SEND_BODY;
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1804 }
1805 }
1806#endif
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000[diff] [blame]1807 if (what & SEND_HEADERS)
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000[diff] [blame]1808 send_headers(HTTP_OK);
Bartosz Golaszewski8d75d792014-11-27 13:20:24 +0100[diff] [blame]1809#if ENABLE_FEATURE_USE_SENDFILE
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1810 {
1811 off_t offset = range_start;
1812 while (1) {
1813 /* sz is rounded down to 64k */
1814 ssize_t sz = MAXINT(ssize_t) - 0xffff;
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]1815 IF_FEATURE_HTTPD_RANGES(if (sz > range_len) sz = range_len;)
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1816 count = sendfile(STDOUT_FILENO, fd, &offset, sz);
1817 if (count < 0) {
1818 if (offset == range_start)
1819 break; /* fall back to read/write loop */
1820 goto fin;
1821 }
Denys Vlasenkoef43bea2012-02-04 21:37:17 +0100[diff] [blame]1822 IF_FEATURE_HTTPD_RANGES(range_len -= count;)
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1823 if (count == 0 || range_len == 0)
1824 log_and_exit();
Denis Vlasenko1b9064d2007-08-12 21:05:49 +0000[diff] [blame]1825 }
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1826 }
Denis Vlasenko1b9064d2007-08-12 21:05:49 +0000[diff] [blame]1827#endif
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1828 while ((count = safe_read(fd, iobuf, IOBUF_SIZE)) > 0) {
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1829 ssize_t n;
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]1830 IF_FEATURE_HTTPD_RANGES(if (count > range_len) count = range_len;)
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +0000[diff] [blame]1831 n = full_write(STDOUT_FILENO, iobuf, count);
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]1832 if (count != n)
Denis Vlasenko1b9064d2007-08-12 21:05:49 +0000[diff] [blame]1833 break;
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]1834 IF_FEATURE_HTTPD_RANGES(range_len -= count;)
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1835 if (range_len == 0)
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]1836 break;
Denis Vlasenko1b9064d2007-08-12 21:05:49 +0000[diff] [blame]1837 }
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1838 if (count < 0) {
Bartosz Golaszewski8d75d792014-11-27 13:20:24 +0100[diff] [blame]1839 IF_FEATURE_USE_SENDFILE(fin:)
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1840 if (verbose > 1)
James Byrne69374872019-07-02 11:35:03 +0200[diff] [blame]1841 bb_simple_perror_msg("error");
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]1842 }
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1843 log_and_exit();
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1844}
1845
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]1846static void if_ip_denied_send_HTTP_FORBIDDEN_and_exit(unsigned remote_ip)
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]1847{
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]1848 Htaccess_IP *cur;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]1849
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]1850 for (cur = ip_a_d; cur; cur = cur->next) {
Denis Vlasenkob64eed62007-01-14 17:06:11 +0000[diff] [blame]1851#if DEBUG
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]1852 fprintf(stderr,
1853 "checkPermIP: '%s' ? '%u.%u.%u.%u/%u.%u.%u.%u'\n",
1854 rmt_ip_str,
Denis Vlasenko6536a9b2007-01-12 10:35:23 +0000[diff] [blame]1855 (unsigned char)(cur->ip >> 24),
1856 (unsigned char)(cur->ip >> 16),
1857 (unsigned char)(cur->ip >> 8),
1858 (unsigned char)(cur->ip),
1859 (unsigned char)(cur->mask >> 24),
1860 (unsigned char)(cur->mask >> 16),
1861 (unsigned char)(cur->mask >> 8),
1862 (unsigned char)(cur->mask)
1863 );
Denis Vlasenko3bba5452006-12-30 17:57:03 +0000[diff] [blame]1864#endif
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]1865 if ((remote_ip & cur->mask) == cur->ip) {
Denys Vlasenko51792e12019-04-14 19:57:13 +0200[diff] [blame]1866 if (cur->allow_deny == 'A')
1867 return;
1868 send_headers_and_exit(HTTP_FORBIDDEN);
Denys Vlasenkoff36bec2019-04-16 10:14:50 +0200[diff] [blame]1869 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1870 }
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]1871
Denys Vlasenko51792e12019-04-14 19:57:13 +0200[diff] [blame]1872 if (flg_deny_all) /* depends on whether we saw "D:*" */
1873 send_headers_and_exit(HTTP_FORBIDDEN);
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000[diff] [blame]1874}
1875
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]1876#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]1877
Denys Vlasenko8cab6672012-04-20 14:48:00 +0200[diff] [blame]1878# if ENABLE_PAM
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]1879struct pam_userinfo {
1880 const char *name;
1881 const char *pw;
1882};
1883
1884static int pam_talker(int num_msg,
1885 const struct pam_message **msg,
1886 struct pam_response **resp,
1887 void *appdata_ptr)
1888{
1889 int i;
1890 struct pam_userinfo *userinfo = (struct pam_userinfo *) appdata_ptr;
1891 struct pam_response *response;
1892
1893 if (!resp || !msg || !userinfo)
1894 return PAM_CONV_ERR;
1895
1896 /* allocate memory to store response */
1897 response = xzalloc(num_msg * sizeof(*response));
1898
1899 /* copy values */
1900 for (i = 0; i < num_msg; i++) {
1901 const char *s;
1902
1903 switch (msg[i]->msg_style) {
1904 case PAM_PROMPT_ECHO_ON:
1905 s = userinfo->name;
1906 break;
1907 case PAM_PROMPT_ECHO_OFF:
1908 s = userinfo->pw;
1909 break;
Denys Vlasenko69675782013-01-14 01:34:48 +0100[diff] [blame]1910 case PAM_ERROR_MSG:
Denys Vlasenko982e87f2013-07-30 11:52:58 +0200[diff] [blame]1911 case PAM_TEXT_INFO:
1912 s = "";
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]1913 break;
1914 default:
1915 free(response);
1916 return PAM_CONV_ERR;
1917 }
1918 response[i].resp = xstrdup(s);
1919 if (PAM_SUCCESS != 0)
1920 response[i].resp_retcode = PAM_SUCCESS;
1921 }
1922 *resp = response;
1923 return PAM_SUCCESS;
1924}
1925# endif
1926
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]1927/*
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]1928 * Config file entries are of the form "/<path>:<user>:<passwd>".
1929 * If config file has no prefix match for path, access is allowed.
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1930 *
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]1931 * path The file path
1932 * user_and_passwd "user:passwd" to validate
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1933 *
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]1934 * Returns 1 if user_and_passwd is OK.
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]1935 */
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]1936static int check_user_passwd(const char *path, char *user_and_passwd)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1937{
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]1938 Htaccess *cur;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]1939 const char *prev = NULL;
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]1940
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]1941 for (cur = g_auth; cur; cur = cur->next) {
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]1942 const char *dir_prefix;
1943 size_t len;
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]1944 int r;
Denis Vlasenkob3a07152006-11-16 18:04:43 +0000[diff] [blame]1945
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]1946 dir_prefix = cur->before_colon;
1947
1948 /* WHY? */
1949 /* If already saw a match, don't accept other different matches */
1950 if (prev && strcmp(prev, dir_prefix) != 0)
1951 continue;
1952
Denis Vlasenkob3a07152006-11-16 18:04:43 +0000[diff] [blame]1953 if (DEBUG)
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]1954 fprintf(stderr, "checkPerm: '%s' ? '%s'\n", dir_prefix, user_and_passwd);
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]1955
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]1956 /* If it's not a prefix match, continue searching */
1957 len = strlen(dir_prefix);
1958 if (len != 1 /* dir_prefix "/" matches all, don't need to check */
1959 && (strncmp(dir_prefix, path, len) != 0
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]1960 || (path[len] != '/' && path[len] != '\0')
1961 )
Denis Vlasenkob3a07152006-11-16 18:04:43 +0000[diff] [blame]1962 ) {
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]1963 continue;
1964 }
Glenn L McGrath1dc0cca2003-10-03 10:50:56 +0000[diff] [blame]1965
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]1966 /* Path match found */
1967 prev = dir_prefix;
Eric Andersen35e643b2003-07-28 07:40:39 +0000[diff] [blame]1968
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]1969 if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]1970 char *colon_after_user;
1971 const char *passwd;
Pascal Bellard0fa3e5f2011-11-29 20:54:30 +0100[diff] [blame]1972# if ENABLE_FEATURE_SHADOWPASSWDS && !ENABLE_PAM
1973 char sp_buf[256];
1974# endif
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]1975
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]1976 colon_after_user = strchr(user_and_passwd, ':');
1977 if (!colon_after_user)
1978 goto bad_input;
Denys Vlasenko35def512012-02-01 02:42:54 +0100[diff] [blame]1979
1980 /* compare "user:" */
1981 if (cur->after_colon[0] != '*'
1982 && strncmp(cur->after_colon, user_and_passwd,
1983 colon_after_user - user_and_passwd + 1) != 0
1984 ) {
1985 continue;
1986 }
1987 /* this cfg entry is '*' or matches username from peer */
1988
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]1989 passwd = strchr(cur->after_colon, ':');
1990 if (!passwd)
1991 goto bad_input;
1992 passwd++;
1993 if (passwd[0] == '*') {
1994# if ENABLE_PAM
1995 struct pam_userinfo userinfo;
1996 struct pam_conv conv_info = { &pam_talker, (void *) &userinfo };
1997 pam_handle_t *pamh;
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]1998
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]1999 *colon_after_user = '\0';
2000 userinfo.name = user_and_passwd;
2001 userinfo.pw = colon_after_user + 1;
Pascal Bellard0fa3e5f2011-11-29 20:54:30 +0100[diff] [blame]2002 r = pam_start("httpd", user_and_passwd, &conv_info, &pamh) != PAM_SUCCESS;
2003 if (r == 0) {
2004 r = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS
2005 || pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS
2006 ;
2007 pam_end(pamh, PAM_SUCCESS);
2008 }
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2009 *colon_after_user = ':';
2010 goto end_check_passwd;
2011# else
2012# if ENABLE_FEATURE_SHADOWPASSWDS
2013 /* Using _r function to avoid pulling in static buffers */
2014 struct spwd spw;
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2015# endif
2016 struct passwd *pw;
Denis Vlasenkob3a07152006-11-16 18:04:43 +0000[diff] [blame]2017
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2018 *colon_after_user = '\0';
2019 pw = getpwnam(user_and_passwd);
2020 *colon_after_user = ':';
2021 if (!pw || !pw->pw_passwd)
2022 continue;
2023 passwd = pw->pw_passwd;
2024# if ENABLE_FEATURE_SHADOWPASSWDS
2025 if ((passwd[0] == 'x' || passwd[0] == '*') && !passwd[1]) {
2026 /* getspnam_r may return 0 yet set result to NULL.
2027 * At least glibc 2.4 does this. Be extra paranoid here. */
2028 struct spwd *result = NULL;
Pascal Bellard0fa3e5f2011-11-29 20:54:30 +0100[diff] [blame]2029 r = getspnam_r(pw->pw_name, &spw, sp_buf, sizeof(sp_buf), &result);
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2030 if (r == 0 && result)
2031 passwd = result->sp_pwdp;
2032 }
2033# endif
Denys Vlasenko35def512012-02-01 02:42:54 +0100[diff] [blame]2034 /* In this case, passwd is ALWAYS encrypted:
2035 * it came from /etc/passwd or /etc/shadow!
2036 */
2037 goto check_encrypted;
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2038# endif /* ENABLE_PAM */
2039 }
Denys Vlasenko35def512012-02-01 02:42:54 +0100[diff] [blame]2040 /* Else: passwd is from httpd.conf, it is either plaintext or encrypted */
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2041
Denys Vlasenko35def512012-02-01 02:42:54 +0100[diff] [blame]2042 if (passwd[0] == '$' && isdigit(passwd[1])) {
2043 char *encrypted;
Denys Vlasenko8cab6672012-04-20 14:48:00 +0200[diff] [blame]2044# if !ENABLE_PAM
Denys Vlasenko35def512012-02-01 02:42:54 +0100[diff] [blame]2045 check_encrypted:
Denys Vlasenko8cab6672012-04-20 14:48:00 +0200[diff] [blame]2046# endif
Denys Vlasenko35def512012-02-01 02:42:54 +0100[diff] [blame]2047 /* encrypt pwd from peer and check match with local one */
2048 encrypted = pw_encrypt(
2049 /* pwd (from peer): */ colon_after_user + 1,
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2050 /* salt: */ passwd,
2051 /* cleanup: */ 0
2052 );
2053 r = strcmp(encrypted, passwd);
2054 free(encrypted);
Denys Vlasenko35def512012-02-01 02:42:54 +0100[diff] [blame]2055 } else {
2056 /* local passwd is from httpd.conf and it's plaintext */
2057 r = strcmp(colon_after_user + 1, passwd);
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2058 }
Denys Vlasenko35def512012-02-01 02:42:54 +0100[diff] [blame]2059 goto end_check_passwd;
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]2060 }
Denys Vlasenko35def512012-02-01 02:42:54 +0100[diff] [blame]2061 bad_input:
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]2062 /* Comparing plaintext "user:pass" in one go */
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2063 r = strcmp(cur->after_colon, user_and_passwd);
2064 end_check_passwd:
2065 if (r == 0) {
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]2066 remoteuser = xstrndup(user_and_passwd,
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2067 strchrnul(user_and_passwd, ':') - user_and_passwd
2068 );
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]2069 return 1; /* Ok */
Glenn L McGrath1dc0cca2003-10-03 10:50:56 +0000[diff] [blame]2070 }
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2071 } /* for */
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2072
Denis Vlasenko25b46302008-06-13 09:55:13 +0000[diff] [blame]2073 /* 0(bad) if prev is set: matches were found but passwd was wrong */
2074 return (prev == NULL);
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2075}
Denis Vlasenkob3a07152006-11-16 18:04:43 +0000[diff] [blame]2076#endif /* FEATURE_HTTPD_BASIC_AUTH */
Glenn L McGrathc9163fe2003-05-13 16:20:11 +0000[diff] [blame]2077
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]2078#if ENABLE_FEATURE_HTTPD_PROXY
2079static Htaccess_Proxy *find_proxy_entry(const char *url)
2080{
2081 Htaccess_Proxy *p;
2082 for (p = proxy; p; p = p->next) {
Denys Vlasenko8dff01d2015-03-12 17:48:34 +0100[diff] [blame]2083 if (is_prefixed_with(url, p->url_from))
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]2084 return p;
2085 }
2086 return NULL;
2087}
2088#endif
2089
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]2090/*
2091 * Handle timeouts
2092 */
Denis Vlasenko2ca84f62009-02-05 12:38:21 +0000[diff] [blame]2093static void send_REQUEST_TIMEOUT_and_exit(int sig) NORETURN;
2094static void send_REQUEST_TIMEOUT_and_exit(int sig UNUSED_PARAM)
Eric Andersen07f2fea2004-10-08 08:03:29 +0000[diff] [blame]2095{
Denis Vlasenkoe45af732007-08-17 19:19:15 +0000[diff] [blame]2096 send_headers_and_exit(HTTP_REQUEST_TIMEOUT);
Eric Andersen07f2fea2004-10-08 08:03:29 +0000[diff] [blame]2097}
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2098
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]2099/*
2100 * Handle an incoming http request and exit.
2101 */
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +0000[diff] [blame]2102static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) NORETURN;
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2103static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2104{
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2105 static const char request_GET[] ALIGN1 = "GET";
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2106 struct stat sb;
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2107 char *urlcopy;
2108 char *urlp;
2109 char *tptr;
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]2110 unsigned remote_ip;
2111#if ENABLE_FEATURE_HTTPD_CGI
2112 unsigned total_headers_len;
2113#endif
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]2114#if ENABLE_FEATURE_HTTPD_CGI
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000[diff] [blame]2115 static const char request_HEAD[] ALIGN1 = "HEAD";
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2116 const char *prequest;
Denis Vlasenko0bb993f2006-11-21 00:06:28 +0000[diff] [blame]2117 unsigned long length = 0;
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]2118 enum CGI_type cgi_type = CGI_NONE;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]2119#elif ENABLE_FEATURE_HTTPD_PROXY
2120#define prequest request_GET
2121 unsigned long length = 0;
2122#endif
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]2123#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
2124 smallint authorized = -1;
2125#endif
Denys Vlasenkoc69f6482019-04-16 12:45:26 +0200[diff] [blame]2126 char *HTTP_slash;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2127
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]2128 /* Allocation of iobuf is postponed until now
2129 * (IOW, server process doesn't need to waste 8k) */
Denis Vlasenko921799d2007-08-19 19:28:09 +0000[diff] [blame]2130 iobuf = xmalloc(IOBUF_SIZE);
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000[diff] [blame]2131
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]2132 remote_ip = 0;
Bernhard Reutner-Fischer8c69afd2008-01-29 10:33:34 +0000[diff] [blame]2133 if (fromAddr->u.sa.sa_family == AF_INET) {
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]2134 remote_ip = ntohl(fromAddr->u.sin.sin_addr.s_addr);
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2135 }
Denis Vlasenko35465a32007-09-25 11:58:33 +0000[diff] [blame]2136#if ENABLE_FEATURE_IPV6
Bernhard Reutner-Fischer8c69afd2008-01-29 10:33:34 +0000[diff] [blame]2137 if (fromAddr->u.sa.sa_family == AF_INET6
2138 && fromAddr->u.sin6.sin6_addr.s6_addr32[0] == 0
2139 && fromAddr->u.sin6.sin6_addr.s6_addr32[1] == 0
2140 && ntohl(fromAddr->u.sin6.sin6_addr.s6_addr32[2]) == 0xffff)
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]2141 remote_ip = ntohl(fromAddr->u.sin6.sin6_addr.s6_addr32[3]);
Denis Vlasenko35465a32007-09-25 11:58:33 +0000[diff] [blame]2142#endif
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2143 if (ENABLE_FEATURE_HTTPD_CGI || DEBUG || verbose) {
Denis Vlasenkofaf334a2008-05-18 15:14:36 +0000[diff] [blame]2144 /* NB: can be NULL (user runs httpd -i by hand?) */
Bernhard Reutner-Fischer8c69afd2008-01-29 10:33:34 +0000[diff] [blame]2145 rmt_ip_str = xmalloc_sockaddr2dotted(&fromAddr->u.sa);
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2146 }
2147 if (verbose) {
2148 /* this trick makes -v logging much simpler */
Denis Vlasenkofaf334a2008-05-18 15:14:36 +0000[diff] [blame]2149 if (rmt_ip_str)
2150 applet_name = rmt_ip_str;
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2151 if (verbose > 2)
James Byrne69374872019-07-02 11:35:03 +0200[diff] [blame]2152 bb_simple_error_msg("connected");
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2153 }
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]2154 if_ip_denied_send_HTTP_FORBIDDEN_and_exit(remote_ip);
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2155
Denis Vlasenko2ca84f62009-02-05 12:38:21 +0000[diff] [blame]2156 /* Install timeout handler. get_line() needs it. */
2157 signal(SIGALRM, send_REQUEST_TIMEOUT_and_exit);
Eric Andersen07f2fea2004-10-08 08:03:29 +0000[diff] [blame]2158
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2159 if (!get_line()) /* EOF or error or empty line */
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]2160 send_headers_and_exit(HTTP_BAD_REQUEST);
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2161
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2162 /* Determine type of request (GET/POST) */
Denys Vlasenko85daa672013-03-25 23:27:00 +0100[diff] [blame]2163 // rfc2616: method and URI is separated by exactly one space
2164 //urlp = strpbrk(iobuf, " \t"); - no, tab isn't allowed
2165 urlp = strchr(iobuf, ' ');
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2166 if (urlp == NULL)
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2167 send_headers_and_exit(HTTP_BAD_REQUEST);
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2168 *urlp++ = '\0';
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]2169#if ENABLE_FEATURE_HTTPD_CGI
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2170 prequest = request_GET;
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2171 if (strcasecmp(iobuf, prequest) != 0) {
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000[diff] [blame]2172 prequest = request_HEAD;
2173 if (strcasecmp(iobuf, prequest) != 0) {
2174 prequest = "POST";
2175 if (strcasecmp(iobuf, prequest) != 0)
2176 send_headers_and_exit(HTTP_NOT_IMPLEMENTED);
2177 }
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2178 }
2179#else
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2180 if (strcasecmp(iobuf, request_GET) != 0)
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2181 send_headers_and_exit(HTTP_NOT_IMPLEMENTED);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2182#endif
Denys Vlasenko85daa672013-03-25 23:27:00 +0100[diff] [blame]2183 // rfc2616: method and URI is separated by exactly one space
2184 //urlp = skip_whitespace(urlp); - should not be necessary
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2185 if (urlp[0] != '/')
2186 send_headers_and_exit(HTTP_BAD_REQUEST);
2187
Denys Vlasenkoad29ba72019-04-19 13:59:58 +0200[diff] [blame]2188 /* Find end of URL */
2189 HTTP_slash = strchr(urlp, ' ');
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2190 /* Is it " HTTP/"? */
Denys Vlasenkoad29ba72019-04-19 13:59:58 +0200[diff] [blame]2191 if (!HTTP_slash || strncmp(HTTP_slash + 1, HTTP_200, 5) != 0)
2192 send_headers_and_exit(HTTP_BAD_REQUEST);
2193 *HTTP_slash++ = '\0';
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2194
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2195 /* Copy URL from after "GET "/"POST " to stack-allocated char[] */
Denys Vlasenkoc69f6482019-04-16 12:45:26 +0200[diff] [blame]2196 urlcopy = alloca((HTTP_slash - urlp) + 2 + strlen(index_page));
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2197 /*if (urlcopy == NULL)
2198 * send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);*/
2199 strcpy(urlcopy, urlp);
2200 /* NB: urlcopy ptr is never changed after this */
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2201
Denys Vlasenkobae8f7e2019-04-16 10:00:06 +0200[diff] [blame]2202#if ENABLE_FEATURE_HTTPD_PROXY
Denys Vlasenkobae8f7e2019-04-16 10:00:06 +0200[diff] [blame]2203 {
Denys Vlasenkoc69f6482019-04-16 12:45:26 +0200[diff] [blame]2204 int proxy_fd;
2205 len_and_sockaddr *lsa;
2206 Htaccess_Proxy *proxy_entry = find_proxy_entry(urlcopy);
2207
2208 if (proxy_entry) {
Denys Vlasenkoad29ba72019-04-19 13:59:58 +0200[diff] [blame]2209 if (verbose > 1)
2210 bb_error_msg("proxy:%s", urlcopy);
Denys Vlasenkoc69f6482019-04-16 12:45:26 +0200[diff] [blame]2211 lsa = host2sockaddr(proxy_entry->host_port, 80);
2212 if (!lsa)
2213 send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);
2214 proxy_fd = socket(lsa->u.sa.sa_family, SOCK_STREAM, 0);
2215 if (proxy_fd < 0)
2216 send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);
2217 if (connect(proxy_fd, &lsa->u.sa, lsa->len) < 0)
2218 send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);
Denys Vlasenkoe49a5722019-04-19 14:24:57 +0200[diff] [blame]2219 /* Disable peer header reading timeout */
2220 alarm(0);
Denys Vlasenkoc69f6482019-04-16 12:45:26 +0200[diff] [blame]2221 /* Config directive was of the form:
2222 * P:/url:[http://]hostname[:port]/new/path
2223 * When /urlSFX is requested, reverse proxy it
2224 * to http://hostname[:port]/new/pathSFX
2225 */
Denys Vlasenko2efa7262019-04-16 13:35:56 +0200[diff] [blame]2226 fdprintf(proxy_fd, "%s %s%s %s\r\n",
Denys Vlasenkoc69f6482019-04-16 12:45:26 +0200[diff] [blame]2227 prequest, /* "GET" or "POST" */
2228 proxy_entry->url_to, /* "/new/path" */
2229 urlcopy + strlen(proxy_entry->url_from), /* "SFX" */
Denys Vlasenkoad29ba72019-04-19 13:59:58 +0200[diff] [blame]2230 HTTP_slash /* "HTTP/xyz" */
Denys Vlasenkoc69f6482019-04-16 12:45:26 +0200[diff] [blame]2231 );
2232 cgi_io_loop_and_exit(proxy_fd, proxy_fd, /*max POST length:*/ INT_MAX);
Denys Vlasenkobae8f7e2019-04-16 10:00:06 +0200[diff] [blame]2233 }
Denys Vlasenkoc69f6482019-04-16 12:45:26 +0200[diff] [blame]2234 }
2235#endif
2236
Denys Vlasenko2efa7262019-04-16 13:35:56 +0200[diff] [blame]2237 /* Extract url args if present */
2238 g_query = strchr(urlcopy, '?');
2239 if (g_query)
2240 *g_query++ = '\0';
2241
Denys Vlasenkoc69f6482019-04-16 12:45:26 +0200[diff] [blame]2242 /* Decode URL escape sequences */
2243 tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1);
2244 if (tptr == NULL)
2245 send_headers_and_exit(HTTP_BAD_REQUEST);
2246 if (tptr == urlcopy + 1) {
2247 /* '/' or NUL is encoded */
2248 send_headers_and_exit(HTTP_NOT_FOUND);
Denys Vlasenkobae8f7e2019-04-16 10:00:06 +0200[diff] [blame]2249 }
2250
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2251 /* Canonicalize path */
2252 /* Algorithm stolen from libbb bb_simplify_path(),
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]2253 * but don't strdup, retain trailing slash, protect root */
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2254 urlp = tptr = urlcopy;
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +0100[diff] [blame]2255 for (;;) {
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2256 if (*urlp == '/') {
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2257 /* skip duplicate (or initial) slash */
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2258 if (*tptr == '/') {
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +0100[diff] [blame]2259 goto next_char;
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2260 }
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2261 if (*tptr == '.') {
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +0100[diff] [blame]2262 if (tptr[1] == '.' && (tptr[2] == '/' || tptr[2] == '\0')) {
2263 /* "..": be careful */
2264 /* protect root */
2265 if (urlp == urlcopy)
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2266 send_headers_and_exit(HTTP_BAD_REQUEST);
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +0100[diff] [blame]2267 /* omit previous dir */
2268 while (*--urlp != '/')
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2269 continue;
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +0100[diff] [blame]2270 /* skip to "./" or ".<NUL>" */
2271 tptr++;
2272 }
2273 if (tptr[1] == '/' || tptr[1] == '\0') {
2274 /* skip extra "/./" */
2275 goto next_char;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2276 }
2277 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2278 }
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2279 *++urlp = *tptr;
Denys Vlasenkobae8f7e2019-04-16 10:00:06 +0200[diff] [blame]2280 if (*tptr == '\0')
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +0100[diff] [blame]2281 break;
2282 next_char:
2283 tptr++;
2284 }
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2285
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2286 /* If URL is a directory, add '/' */
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]2287 if (urlp[-1] != '/') {
Denys Vlasenkof282c6b2011-12-18 03:27:46 +0100[diff] [blame]2288 if (is_directory(urlcopy + 1, /*followlinks:*/ 1)) {
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2289 found_moved_temporarily = urlcopy;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2290 }
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2291 }
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2292
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2293 /* Log it */
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2294 if (verbose > 1)
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2295 bb_error_msg("url:%s", urlcopy);
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2296
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2297 tptr = urlcopy;
Denys Vlasenko51792e12019-04-14 19:57:13 +0200[diff] [blame]2298 while ((tptr = strchr(tptr + 1, '/')) != NULL) {
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2299 /* have path1/path2 */
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2300 *tptr = '\0';
Denys Vlasenkof282c6b2011-12-18 03:27:46 +0100[diff] [blame]2301 if (is_directory(urlcopy + 1, /*followlinks:*/ 1)) {
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]2302 /* may have subdir config */
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2303 parse_conf(urlcopy + 1, SUBDIR_PARSE);
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]2304 if_ip_denied_send_HTTP_FORBIDDEN_and_exit(remote_ip);
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2305 }
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2306 *tptr = '/';
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2307 }
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]2308
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]2309 tptr = urlcopy + 1; /* skip first '/' */
2310
2311#if ENABLE_FEATURE_HTTPD_CGI
2312 if (is_prefixed_with(tptr, "cgi-bin/")) {
2313 if (tptr[8] == '\0') {
2314 /* protect listing "cgi-bin/" */
2315 send_headers_and_exit(HTTP_FORBIDDEN);
2316 }
2317 cgi_type = CGI_NORMAL;
2318 }
2319#endif
2320
2321 if (urlp[-1] == '/') {
2322 /* When index_page string is appended to <dir>/ URL, it overwrites
2323 * the query string. If we fall back to call /cgi-bin/index.cgi,
2324 * query string would be lost and not available to the CGI.
2325 * Work around it by making a deep copy.
2326 */
2327 if (ENABLE_FEATURE_HTTPD_CGI)
2328 g_query = xstrdup(g_query); /* ok for NULL too */
2329 strcpy(urlp, index_page);
2330 }
2331 if (stat(tptr, &sb) == 0) {
2332#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
2333 char *suffix = strrchr(tptr, '.');
2334 if (suffix) {
2335 Htaccess *cur;
2336 for (cur = script_i; cur; cur = cur->next) {
2337 if (strcmp(cur->before_colon + 1, suffix) == 0) {
2338 cgi_type = CGI_INTERPRETER;
2339 break;
2340 }
2341 }
2342 }
2343#endif
2344 if (!found_moved_temporarily) {
2345 file_size = sb.st_size;
2346 last_mod = sb.st_mtime;
2347 }
2348 }
2349#if ENABLE_FEATURE_HTTPD_CGI
2350 else if (urlp[-1] == '/') {
2351 /* It's a dir URL and there is no index.html
2352 * Try cgi-bin/index.cgi */
2353 if (access("/cgi-bin/index.cgi"+1, X_OK) == 0) {
2354 cgi_type = CGI_INDEX;
2355 }
2356 }
2357#endif
2358 urlp[0] = '\0';
2359
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]2360#if ENABLE_FEATURE_HTTPD_CGI
2361 total_headers_len = 0;
2362#endif
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2363
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2364 /* Read until blank line */
2365 while (1) {
2366 unsigned iobuf_len = get_line();
2367 if (!iobuf_len)
2368 break; /* EOF or error or empty line */
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]2369#if ENABLE_FEATURE_HTTPD_CGI
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2370 /* Prevent unlimited growth of HTTP_xyz envvars */
2371 total_headers_len += iobuf_len;
2372 if (total_headers_len >= MAX_HTTP_HEADERS_SIZE)
2373 send_headers_and_exit(HTTP_ENTITY_TOO_LARGE);
Denys Vlasenko62ba9e52019-04-16 13:18:12 +0200[diff] [blame]2374#endif
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2375 if (DEBUG)
2376 bb_error_msg("header: '%s'", iobuf);
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]2377#if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2378 /* Try and do our best to parse more lines */
2379 if (STRNCASECMP(iobuf, "Content-Length:") == 0) {
2380 /* extra read only for POST */
2381 if (prequest != request_GET
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]2382# if ENABLE_FEATURE_HTTPD_CGI
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2383 && prequest != request_HEAD
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]2384# endif
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2385 ) {
2386 tptr = skip_whitespace(iobuf + sizeof("Content-Length:") - 1);
2387 if (!tptr[0])
2388 send_headers_and_exit(HTTP_BAD_REQUEST);
2389 /* not using strtoul: it ignores leading minus! */
2390 length = bb_strtou(tptr, NULL, 10);
2391 /* length is "ulong", but we need to pass it to int later */
2392 if (errno || length > INT_MAX)
2393 send_headers_and_exit(HTTP_BAD_REQUEST);
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2394 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2395 continue;
2396 }
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2397#endif
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]2398#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2399 if (STRNCASECMP(iobuf, "Authorization:") == 0) {
2400 /* We only allow Basic credentials.
2401 * It shows up as "Authorization: Basic <user>:<passwd>" where
2402 * "<user>:<passwd>" is base64 encoded.
2403 */
2404 tptr = skip_whitespace(iobuf + sizeof("Authorization:")-1);
2405 if (STRNCASECMP(tptr, "Basic") == 0) {
2406 tptr += sizeof("Basic")-1;
2407 /* decodeBase64() skips whitespace itself */
2408 decodeBase64(tptr);
2409 authorized = check_user_passwd(urlcopy, tptr);
2410 continue;
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2411 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2412 }
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]2413#endif
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]2414#if ENABLE_FEATURE_HTTPD_RANGES
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2415 if (STRNCASECMP(iobuf, "Range:") == 0) {
2416 /* We know only bytes=NNN-[MMM] */
2417 char *s = skip_whitespace(iobuf + sizeof("Range:")-1);
2418 if (is_prefixed_with(s, "bytes=")) {
2419 s += sizeof("bytes=")-1;
2420 range_start = BB_STRTOOFF(s, &s, 10);
2421 if (s[0] != '-' || range_start < 0) {
2422 range_start = -1;
2423 } else if (s[1]) {
2424 range_end = BB_STRTOOFF(s+1, NULL, 10);
2425 if (errno || range_end < range_start)
Denys Vlasenko8cce1b32012-02-19 17:18:45 +0100[diff] [blame]2426 range_start = -1;
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]2427 }
2428 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2429 continue;
2430 }
Denis Vlasenkof4310172007-09-21 22:35:18 +0000[diff] [blame]2431#endif
Peter Korsgaard7a2ba322010-07-25 03:20:53 +0200[diff] [blame]2432#if ENABLE_FEATURE_HTTPD_GZIP
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2433 if (STRNCASECMP(iobuf, "Accept-Encoding:") == 0) {
2434 /* Note: we do not support "gzip;q=0"
2435 * method of _disabling_ gzip
2436 * delivery. No one uses that, though */
2437 const char *s = strstr(iobuf, "gzip");
2438 if (s) {
2439 // want more thorough checks?
2440 //if (s[-1] == ' '
2441 // || s[-1] == ','
2442 // || s[-1] == ':'
2443 //) {
2444 content_gzip = 1;
2445 //}
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]2446 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2447 continue;
2448 }
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]2449#endif
2450#if ENABLE_FEATURE_HTTPD_CGI
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2451 if (cgi_type != CGI_NONE) {
2452 bool ct = (STRNCASECMP(iobuf, "Content-Type:") == 0);
2453 char *cp;
2454 char *colon = strchr(iobuf, ':');
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]2455
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2456 if (!colon)
2457 continue;
2458 cp = iobuf;
2459 while (cp < colon) {
2460 /* a-z => A-Z, not-alnum => _ */
2461 char c = (*cp & ~0x20); /* toupper for A-Za-z, undef for others */
2462 if ((unsigned)(c - 'A') <= ('Z' - 'A')) {
2463 *cp++ = c;
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]2464 continue;
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]2465 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2466 if (!isdigit(*cp))
2467 *cp = '_';
2468 cp++;
Peter Korsgaard7a2ba322010-07-25 03:20:53 +0200[diff] [blame]2469 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2470 /* "Content-Type:" gets no HTTP_ prefix, all others do */
2471 cp = xasprintf(ct ? "HTTP_%.*s=%s" + 5 : "HTTP_%.*s=%s",
2472 (int)(colon - iobuf), iobuf,
2473 skip_whitespace(colon + 1)
2474 );
2475 putenv(cp);
2476 }
Peter Korsgaard7a2ba322010-07-25 03:20:53 +0200[diff] [blame]2477#endif
Denys Vlasenkobca888a2019-04-19 14:02:51 +0200[diff] [blame]2478 } /* while extra header reading */
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2479
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]2480 /* We are done reading headers, disable peer timeout */
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2481 alarm(0);
2482
Denys Vlasenko51792e12019-04-14 19:57:13 +0200[diff] [blame]2483 if (strcmp(bb_basename(urlcopy), HTTPD_CONF) == 0) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]2484 /* protect listing [/path]/httpd.conf or IP deny */
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2485 send_headers_and_exit(HTTP_FORBIDDEN);
2486 }
2487
2488#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2489 /* Case: no "Authorization:" was seen, but page might require passwd.
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000[diff] [blame]2490 * Check that with dummy user:pass */
Denis Vlasenko7504f2f2008-06-13 13:20:38 +0000[diff] [blame]2491 if (authorized < 0)
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2492 authorized = check_user_passwd(urlcopy, (char *) "");
Denis Vlasenko7504f2f2008-06-13 13:20:38 +0000[diff] [blame]2493 if (!authorized)
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2494 send_headers_and_exit(HTTP_UNAUTHORIZED);
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2495#endif
2496
2497 if (found_moved_temporarily) {
2498 send_headers_and_exit(HTTP_MOVED_TEMPORARILY);
2499 }
2500
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000[diff] [blame]2501 tptr = urlcopy + 1; /* skip first '/' */
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2502
2503#if ENABLE_FEATURE_HTTPD_CGI
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]2504 if (cgi_type != CGI_NONE) {
2505 send_cgi_and_exit(
2506 (cgi_type == CGI_INDEX) ? "/cgi-bin/index.cgi"
2507 /*CGI_NORMAL or CGI_INTERPRETER*/ : urlcopy,
2508 urlcopy, prequest, length
2509 );
Denis Vlasenko91adf7d2007-08-17 19:19:42 +0000[diff] [blame]2510 }
Denys Vlasenko108b8c52009-09-08 21:17:49 +0200[diff] [blame]2511#endif
2512
Denys Vlasenko03419aa2011-12-19 12:30:34 +0100[diff] [blame]2513 if (urlp[-1] == '/') {
Denys Vlasenko108b8c52009-09-08 21:17:49 +0200[diff] [blame]2514 strcpy(urlp, index_page);
Denys Vlasenko03419aa2011-12-19 12:30:34 +0100[diff] [blame]2515 }
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2516
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200[diff] [blame]2517#if ENABLE_FEATURE_HTTPD_CGI
Denys Vlasenko108b8c52009-09-08 21:17:49 +0200[diff] [blame]2518 if (prequest != request_GET && prequest != request_HEAD) {
2519 /* POST for files does not make sense */
2520 send_headers_and_exit(HTTP_NOT_IMPLEMENTED);
2521 }
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000[diff] [blame]2522 send_file_and_exit(tptr,
Denis Vlasenko85c24712008-03-17 09:04:04 +0000[diff] [blame]2523 (prequest != request_HEAD ? SEND_HEADERS_AND_BODY : SEND_HEADERS)
Denis Vlasenko85c24712008-03-17 09:04:04 +0000[diff] [blame]2524 );
Denys Vlasenko108b8c52009-09-08 21:17:49 +0200[diff] [blame]2525#else
2526 send_file_and_exit(tptr, SEND_HEADERS_AND_BODY);
2527#endif
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2528}
2529
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]2530/*
2531 * The main http server function.
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2532 * Given a socket, listen for new connections and farm out
2533 * the processing as a [v]forked process.
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]2534 * Never returns.
2535 */
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2536#if BB_MMU
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +0000[diff] [blame]2537static void mini_httpd(int server_socket) NORETURN;
Denis Vlasenko9611cb12007-08-18 14:18:43 +0000[diff] [blame]2538static void mini_httpd(int server_socket)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2539{
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2540 /* NB: it's best to not use xfuncs in this loop before fork().
2541 * Otherwise server may die on transient errors (temporary
2542 * out-of-memory condition, etc), which is Bad(tm).
2543 * Try to do any dangerous calls after fork.
2544 */
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2545 while (1) {
Denis Vlasenkoe45af732007-08-17 19:19:15 +0000[diff] [blame]2546 int n;
2547 len_and_sockaddr fromAddr;
Denis Vlasenko3f5fdc72007-10-14 04:55:59 +0000[diff] [blame]2548
Denis Vlasenkoe45af732007-08-17 19:19:15 +0000[diff] [blame]2549 /* Wait for connections... */
2550 fromAddr.len = LSA_SIZEOF_SA;
Bernhard Reutner-Fischer8c69afd2008-01-29 10:33:34 +0000[diff] [blame]2551 n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len);
Denis Vlasenkoe45af732007-08-17 19:19:15 +0000[diff] [blame]2552 if (n < 0)
Denis Vlasenko6c5e5a02006-11-10 23:28:57 +0000[diff] [blame]2553 continue;
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]2554
Denis Vlasenkoe45af732007-08-17 19:19:15 +0000[diff] [blame]2555 /* set the KEEPALIVE option to cull dead connections */
Denys Vlasenkoc52cbea2015-08-24 19:48:03 +0200[diff] [blame]2556 setsockopt_keepalive(n);
Denis Vlasenko04291bc2006-11-21 10:15:25 +0000[diff] [blame]2557
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]2558 if (fork() == 0) {
Denis Vlasenko04291bc2006-11-21 10:15:25 +0000[diff] [blame]2559 /* child */
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]2560 /* Do not reload config on HUP */
Denis Vlasenko6c5e5a02006-11-10 23:28:57 +0000[diff] [blame]2561 signal(SIGHUP, SIG_IGN);
Denis Vlasenko9611cb12007-08-18 14:18:43 +0000[diff] [blame]2562 close(server_socket);
2563 xmove_fd(n, 0);
2564 xdup2(0, 1);
2565
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2566 handle_incoming_and_exit(&fromAddr);
2567 }
2568 /* parent, or fork failed */
2569 close(n);
2570 } /* while (1) */
2571 /* never reached */
2572}
2573#else
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +0000[diff] [blame]2574static void mini_httpd_nommu(int server_socket, int argc, char **argv) NORETURN;
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2575static void mini_httpd_nommu(int server_socket, int argc, char **argv)
2576{
2577 char *argv_copy[argc + 2];
2578
2579 argv_copy[0] = argv[0];
2580 argv_copy[1] = (char*)"-i";
2581 memcpy(&argv_copy[2], &argv[1], argc * sizeof(argv[0]));
2582
2583 /* NB: it's best to not use xfuncs in this loop before vfork().
2584 * Otherwise server may die on transient errors (temporary
2585 * out-of-memory condition, etc), which is Bad(tm).
2586 * Try to do any dangerous calls after fork.
2587 */
2588 while (1) {
2589 int n;
Denis Vlasenko3f5fdc72007-10-14 04:55:59 +0000[diff] [blame]2590
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2591 /* Wait for connections... */
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]2592 n = accept(server_socket, NULL, NULL);
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2593 if (n < 0)
2594 continue;
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200[diff] [blame]2595
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2596 /* set the KEEPALIVE option to cull dead connections */
Denys Vlasenkoc52cbea2015-08-24 19:48:03 +0200[diff] [blame]2597 setsockopt_keepalive(n);
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2598
2599 if (vfork() == 0) {
2600 /* child */
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2601 /* Do not reload config on HUP */
2602 signal(SIGHUP, SIG_IGN);
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2603 close(server_socket);
2604 xmove_fd(n, 0);
2605 xdup2(0, 1);
2606
2607 /* Run a copy of ourself in inetd mode */
2608 re_exec(argv_copy);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2609 }
Denys Vlasenkod2277e22011-11-22 17:19:26 +0100[diff] [blame]2610 argv_copy[0][0] &= 0x7f;
Denis Vlasenko921799d2007-08-19 19:28:09 +0000[diff] [blame]2611 /* parent, or vfork failed */
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2612 close(n);
Denis Vlasenko04291bc2006-11-21 10:15:25 +0000[diff] [blame]2613 } /* while (1) */
Denis Vlasenko241b1562007-08-17 19:18:47 +0000[diff] [blame]2614 /* never reached */
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2615}
Denis Vlasenko56258b62007-06-23 23:14:02 +0000[diff] [blame]2616#endif
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2617
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2618/*
2619 * Process a HTTP connection on stdin/out.
2620 * Never returns.
2621 */
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +0000[diff] [blame]2622static void mini_httpd_inetd(void) NORETURN;
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]2623static void mini_httpd_inetd(void)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2624{
Denis Vlasenkoe45af732007-08-17 19:19:15 +0000[diff] [blame]2625 len_and_sockaddr fromAddr;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2626
Denis Vlasenkofaf334a2008-05-18 15:14:36 +0000[diff] [blame]2627 memset(&fromAddr, 0, sizeof(fromAddr));
Denis Vlasenkoe45af732007-08-17 19:19:15 +0000[diff] [blame]2628 fromAddr.len = LSA_SIZEOF_SA;
Denis Vlasenkofaf334a2008-05-18 15:14:36 +0000[diff] [blame]2629 /* NB: can fail if user runs it by hand and types in http cmds */
Bernhard Reutner-Fischer8c69afd2008-01-29 10:33:34 +0000[diff] [blame]2630 getpeername(0, &fromAddr.u.sa, &fromAddr.len);
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2631 handle_incoming_and_exit(&fromAddr);
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2632}
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2633
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]2634static void sighup_handler(int sig UNUSED_PARAM)
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2635{
Denys Vlasenko51792e12019-04-14 19:57:13 +0200[diff] [blame]2636 int sv = errno;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]2637 parse_conf(DEFAULT_PATH_HTTPD_CONF, SIGNALED_PARSE);
Denys Vlasenko51792e12019-04-14 19:57:13 +0200[diff] [blame]2638 errno = sv;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2639}
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2640
Denis Vlasenko9f609292006-11-05 19:47:33 +0000[diff] [blame]2641enum {
"Vladimir N. Oleynik"9a515402006-02-15 13:27:18 +0000[diff] [blame]2642 c_opt_config_file = 0,
2643 d_opt_decode_url,
2644 h_opt_home_httpd,
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]2645 IF_FEATURE_HTTPD_ENCODE_URL_STR(e_opt_encode_url,)
2646 IF_FEATURE_HTTPD_BASIC_AUTH( r_opt_realm ,)
2647 IF_FEATURE_HTTPD_AUTH_MD5( m_opt_md5 ,)
2648 IF_FEATURE_HTTPD_SETUID( u_opt_setuid ,)
Denis Vlasenko0871bc82006-11-16 16:17:02 +0000[diff] [blame]2649 p_opt_port ,
2650 p_opt_inetd ,
2651 p_opt_foreground,
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]2652 p_opt_verbose ,
Denis Vlasenko9f609292006-11-05 19:47:33 +0000[diff] [blame]2653 OPT_CONFIG_FILE = 1 << c_opt_config_file,
2654 OPT_DECODE_URL = 1 << d_opt_decode_url,
2655 OPT_HOME_HTTPD = 1 << h_opt_home_httpd,
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]2656 OPT_ENCODE_URL = IF_FEATURE_HTTPD_ENCODE_URL_STR((1 << e_opt_encode_url)) + 0,
2657 OPT_REALM = IF_FEATURE_HTTPD_BASIC_AUTH( (1 << r_opt_realm )) + 0,
2658 OPT_MD5 = IF_FEATURE_HTTPD_AUTH_MD5( (1 << m_opt_md5 )) + 0,
2659 OPT_SETUID = IF_FEATURE_HTTPD_SETUID( (1 << u_opt_setuid )) + 0,
Denis Vlasenko0871bc82006-11-16 16:17:02 +0000[diff] [blame]2660 OPT_PORT = 1 << p_opt_port,
2661 OPT_INETD = 1 << p_opt_inetd,
2662 OPT_FOREGROUND = 1 << p_opt_foreground,
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]2663 OPT_VERBOSE = 1 << p_opt_verbose,
"Vladimir N. Oleynik"9a515402006-02-15 13:27:18 +0000[diff] [blame]2664};
Eric Andersena3bb3e62003-06-26 09:05:32 +0000[diff] [blame]2665
Eric Andersena3bb3e62003-06-26 09:05:32 +0000[diff] [blame]2666
Denis Vlasenko9b49a5e2007-10-11 10:05:36 +0000[diff] [blame]2667int httpd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +0000[diff] [blame]2668int httpd_main(int argc UNUSED_PARAM, char **argv)
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2669{
Denis Vlasenko9611cb12007-08-18 14:18:43 +0000[diff] [blame]2670 int server_socket = server_socket; /* for gcc */
Denis Vlasenko67b23e62006-10-03 21:00:06 +0000[diff] [blame]2671 unsigned opt;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2672 char *url_for_decode;
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]2673 IF_FEATURE_HTTPD_ENCODE_URL_STR(const char *url_for_encode;)
2674 IF_FEATURE_HTTPD_SETUID(const char *s_ugid = NULL;)
2675 IF_FEATURE_HTTPD_SETUID(struct bb_uidgid_t ugid;)
2676 IF_FEATURE_HTTPD_AUTH_MD5(const char *pass;)
Eric Andersen35e643b2003-07-28 07:40:39 +0000[diff] [blame]2677
Denis Vlasenko073214f2007-08-17 19:20:07 +0000[diff] [blame]2678 INIT_G();
2679
Denis Vlasenkofcdb00f2006-11-21 00:09:37 +0000[diff] [blame]2680#if ENABLE_LOCALE_SUPPORT
2681 /* Undo busybox.c: we want to speak English in http (dates etc) */
2682 setlocale(LC_TIME, "C");
2683#endif
2684
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]2685 home_httpd = xrealloc_getcwd_or_warn(NULL);
2686 /* We do not "absolutize" path given by -h (home) opt.
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +0000[diff] [blame]2687 * If user gives relative path in -h,
2688 * $SCRIPT_FILENAME will not be set. */
Denys Vlasenko22542ec2017-08-08 21:55:02 +0200[diff] [blame]2689 opt = getopt32(argv, "^"
2690 "c:d:h:"
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]2691 IF_FEATURE_HTTPD_ENCODE_URL_STR("e:")
2692 IF_FEATURE_HTTPD_BASIC_AUTH("r:")
2693 IF_FEATURE_HTTPD_AUTH_MD5("m:")
2694 IF_FEATURE_HTTPD_SETUID("u:")
Denys Vlasenko22542ec2017-08-08 21:55:02 +0200[diff] [blame]2695 "p:ifv"
2696 "\0"
2697 /* -v counts, -i implies -f */
2698 "vv:if",
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]2699 &opt_c_configFile, &url_for_decode, &home_httpd
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]2700 IF_FEATURE_HTTPD_ENCODE_URL_STR(, &url_for_encode)
2701 IF_FEATURE_HTTPD_BASIC_AUTH(, &g_realm)
2702 IF_FEATURE_HTTPD_AUTH_MD5(, &pass)
2703 IF_FEATURE_HTTPD_SETUID(, &s_ugid)
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]2704 , &bind_addr_or_port
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000[diff] [blame]2705 , &verbose
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2706 );
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2707 if (opt & OPT_DECODE_URL) {
Denys Vlasenkodd1061b2011-09-11 21:04:02 +0200[diff] [blame]2708 fputs(percent_decode_in_place(url_for_decode, /*strict:*/ 0), stdout);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2709 return 0;
2710 }
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]2711#if ENABLE_FEATURE_HTTPD_ENCODE_URL_STR
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2712 if (opt & OPT_ENCODE_URL) {
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2713 fputs(encodeString(url_for_encode), stdout);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2714 return 0;
2715 }
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2716#endif
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]2717#if ENABLE_FEATURE_HTTPD_AUTH_MD5
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2718 if (opt & OPT_MD5) {
Denys Vlasenkodbc6a7a2009-12-16 02:28:50 +0100[diff] [blame]2719 char salt[sizeof("$1$XXXXXXXX")];
2720 salt[0] = '$';
2721 salt[1] = '1';
2722 salt[2] = '$';
Denys Vlasenko12a43272011-05-13 03:19:01 +0200[diff] [blame]2723 crypt_make_salt(salt + 3, 4);
Pascal Bellard72917552011-11-29 13:51:11 +0100[diff] [blame]2724 puts(pw_encrypt(pass, salt, /*cleanup:*/ 0));
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2725 return 0;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2726 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2727#endif
Denis Vlasenko55a99402006-09-30 20:41:44 +0000[diff] [blame]2728#if ENABLE_FEATURE_HTTPD_SETUID
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2729 if (opt & OPT_SETUID) {
Bernhard Reutner-Fischerd73cbd32008-07-21 14:41:33 +0000[diff] [blame]2730 xget_uidgid(&ugid, s_ugid);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2731 }
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2732#endif
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2733
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2734#if !BB_MMU
2735 if (!(opt & OPT_FOREGROUND)) {
2736 bb_daemonize_or_rexec(0, argv); /* don't change current directory */
2737 }
2738#endif
2739
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2740 xchdir(home_httpd);
Denis Vlasenko0871bc82006-11-16 16:17:02 +0000[diff] [blame]2741 if (!(opt & OPT_INETD)) {
Denis Vlasenko6536a9b2007-01-12 10:35:23 +0000[diff] [blame]2742 signal(SIGCHLD, SIG_IGN);
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]2743 server_socket = openServer();
Denis Vlasenko0871bc82006-11-16 16:17:02 +0000[diff] [blame]2744#if ENABLE_FEATURE_HTTPD_SETUID
2745 /* drop privileges */
2746 if (opt & OPT_SETUID) {
2747 if (ugid.gid != (gid_t)-1) {
2748 if (setgroups(1, &ugid.gid) == -1)
James Byrne69374872019-07-02 11:35:03 +0200[diff] [blame]2749 bb_simple_perror_msg_and_die("setgroups");
Denis Vlasenko0871bc82006-11-16 16:17:02 +0000[diff] [blame]2750 xsetgid(ugid.gid);
2751 }
2752 xsetuid(ugid.uid);
Denis Vlasenkode59c0f2006-10-05 22:50:22 +0000[diff] [blame]2753 }
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000[diff] [blame]2754#endif
Denis Vlasenko0871bc82006-11-16 16:17:02 +0000[diff] [blame]2755 }
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2756
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]2757#if 0
Denis Vlasenko2535f122007-09-15 13:28:30 +0000[diff] [blame]2758 /* User can do it himself: 'env - PATH="$PATH" httpd'
2759 * We don't do it because we don't want to screw users
2760 * which want to do
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000[diff] [blame]2761 * 'env - VAR1=val1 VAR2=val2 httpd'
Denis Vlasenko2535f122007-09-15 13:28:30 +0000[diff] [blame]2762 * and have VAR1 and VAR2 values visible in their CGIs.
2763 * Besides, it is also smaller. */
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2764 {
2765 char *p = getenv("PATH");
Denis Vlasenkoc4523c22008-03-28 02:24:59 +0000[diff] [blame]2766 /* env strings themself are not freed, no need to xstrdup(p): */
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2767 clearenv();
2768 if (p)
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000[diff] [blame]2769 putenv(p - 5);
Denis Vlasenko9611cb12007-08-18 14:18:43 +0000[diff] [blame]2770// if (!(opt & OPT_INETD))
2771// setenv_long("SERVER_PORT", ???);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000[diff] [blame]2772 }
Glenn L McGrathfe538ba2003-09-10 23:35:45 +0000[diff] [blame]2773#endif
2774
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000[diff] [blame]2775 parse_conf(DEFAULT_PATH_HTTPD_CONF, FIRST_PARSE);
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000[diff] [blame]2776 if (!(opt & OPT_INETD))
2777 signal(SIGHUP, sighup_handler);
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2778
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000[diff] [blame]2779 xfunc_error_retval = 0;
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]2780 if (opt & OPT_INETD)
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200[diff] [blame]2781 mini_httpd_inetd(); /* never returns */
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2782#if BB_MMU
Denis Vlasenko0871bc82006-11-16 16:17:02 +0000[diff] [blame]2783 if (!(opt & OPT_FOREGROUND))
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000[diff] [blame]2784 bb_daemonize(0); /* don't change current directory */
2785 mini_httpd(server_socket); /* never returns */
Denis Vlasenko56258b62007-06-23 23:14:02 +0000[diff] [blame]2786#else
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2787 mini_httpd_nommu(server_socket, argc, argv); /* never returns */
Denis Vlasenko56258b62007-06-23 23:14:02 +0000[diff] [blame]2788#endif
Denis Vlasenko367960b2007-08-18 14:20:21 +0000[diff] [blame]2789 /* return 0; */
Glenn L McGrath06e95652003-02-09 06:51:14 +0000[diff] [blame]2790}