blob: d44ec271ab53ad7b7290ccfbda8e38d9d6b7c583 [file] [log] [blame]
Bernhard Reutner-Fischer2c998512006-04-12 18:09:26 +00001/* vi: set sw=4 ts=4: */
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002/*
3 * httpd implementation for busybox
4 *
Glenn L McGrath06e95652003-02-09 06:51:14 +00005 * Copyright (C) 2002,2003 Glenn Engel <glenne@engel.org>
"Vladimir N. Oleynik"79af7d52006-01-26 10:58:12 +00006 * Copyright (C) 2003-2006 Vladimir Oleynik <dzo@simtreas.ru>
Glenn L McGrath58c708a2003-01-05 04:01:56 +00007 *
Denys Vlasenko0ef64bd2010-08-16 20:14:46 +02008 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
Glenn L McGrath58c708a2003-01-05 04:01:56 +00009 *
10 *****************************************************************************
11 *
Glenn L McGrath06e95652003-02-09 06:51:14 +000012 * Typical usage:
Denys Vlasenko535ce1d2010-07-25 03:20:25 +020013 * For non root user:
14 * httpd -p 8080 -h $HOME/public_html
15 * For daemon start from rc script with uid=0:
16 * httpd -u www
17 * which is equivalent to (assuming user www has uid 80):
18 * httpd -p 80 -u 80 -h $PWD -c /etc/httpd.conf -r "Web Server Authentication"
Glenn L McGrath06e95652003-02-09 06:51:14 +000019 *
Denys Vlasenko535ce1d2010-07-25 03:20:25 +020020 * When an url starts with "/cgi-bin/" it is assumed to be a cgi script.
21 * The server changes directory to the location of the script and executes it
Glenn L McGrath1dc0cca2003-10-03 10:50:56 +000022 * after setting QUERY_STRING and other environment variables.
Glenn L McGrath58c708a2003-01-05 04:01:56 +000023 *
Denys Vlasenkod277f552011-04-10 03:08:22 +020024 * If directory URL is given, no index.html is found and CGI support is enabled,
25 * cgi-bin/index.cgi will be run. Directory to list is ../$QUERY_STRING.
26 * See httpd_indexcgi.c for an example GCI code.
27 *
Denis Vlasenko8b458372006-11-21 21:23:21 +000028 * Doc:
29 * "CGI Environment Variables": http://hoohoo.ncsa.uiuc.edu/cgi/env.html
30 *
Denys Vlasenko33d8d082009-09-10 01:46:02 +020031 * The applet can also be invoked as an url arg decoder and html text encoder
Glenn L McGrath58c708a2003-01-05 04:01:56 +000032 * as follows:
Denys Vlasenko535ce1d2010-07-25 03:20:25 +020033 * foo=`httpd -d $foo` # decode "Hello%20World" as "Hello World"
34 * bar=`httpd -e "<Hello World>"` # encode as "&#60Hello&#32World&#62"
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000035 * Note that url encoding for arguments is not the same as html encoding for
Bernhard Reutner-Fischer62851172009-05-03 18:53:22 +020036 * presentation. -d decodes an url-encoded argument while -e encodes in html
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000037 * for page display.
Glenn L McGrath58c708a2003-01-05 04:01:56 +000038 *
39 * httpd.conf has the following format:
Eric Andersenc7bda1c2004-03-15 08:29:22 +000040 *
Denis Vlasenko395410b2008-07-20 23:25:32 +000041 * H:/serverroot # define the server root. It will override -h
Glenn L McGrathb65422c2003-09-08 10:59:27 +000042 * A:172.20. # Allow address from 172.20.0.0/16
43 * A:10.0.0.0/25 # Allow any address from 10.0.0.0-10.0.0.127
44 * A:10.0.0.0/255.255.255.128 # Allow any address that previous set
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000045 * A:127.0.0.1 # Allow local loopback connections
46 * D:* # Deny from other IP connections
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +000047 * E404:/path/e404.html # /path/e404.html is the 404 (not found) error page
Denis Vlasenkofcd878e2007-12-29 02:16:23 +000048 * I:index.html # Show index.html when a directory is requested
Denis Vlasenkof74194e2007-10-18 12:54:39 +000049 *
50 * P:/url:[http://]hostname[:port]/new/path
51 * # When /urlXXXXXX is requested, reverse proxy
52 * # it to http://hostname[:port]/new/pathXXXXXX
53 *
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000054 * /cgi-bin:foo:bar # Require user foo, pwd bar on urls starting with /cgi-bin/
55 * /adm:admin:setup # Require user admin, pwd setup on urls starting with /adm/
56 * /adm:toor:PaSsWd # or user toor, pwd PaSsWd on urls starting with /adm/
Pascal Bellard72917552011-11-29 13:51:11 +010057 * /adm:root:* # or user root, pwd from /etc/passwd on urls starting with /adm/
58 * /wiki:*:* # or any user from /etc/passwd with according pwd on urls starting with /wiki/
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000059 * .au:audio/basic # additional mime type for audio.au files
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +000060 * *.php:/path/php # run xxx.php through an interpreter
Eric Andersenc7bda1c2004-03-15 08:29:22 +000061 *
Denis Vlasenko0eb406c2008-06-13 09:53:06 +000062 * A/D may be as a/d or allow/deny - only first char matters.
63 * Deny/Allow IP logic:
64 * - Default is to allow all (Allow all (A:*) is a no-op).
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000065 * - Deny rules take precedence over allow rules.
Denis Vlasenko0eb406c2008-06-13 09:53:06 +000066 * - "Deny all" rule (D:*) is applied last.
Eric Andersenc7bda1c2004-03-15 08:29:22 +000067 *
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000068 * Example:
69 * 1. Allow only specified addresses
Glenn L McGrathb65422c2003-09-08 10:59:27 +000070 * A:172.20 # Allow any address that begins with 172.20.
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000071 * A:10.10. # Allow any address that begins with 10.10.
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000072 * A:127.0.0.1 # Allow local loopback connections
73 * D:* # Deny from other IP connections
Eric Andersenc7bda1c2004-03-15 08:29:22 +000074 *
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000075 * 2. Only deny specified addresses
76 * D:1.2.3. # deny from 1.2.3.0 - 1.2.3.255
77 * D:2.3.4. # deny from 2.3.4.0 - 2.3.4.255
78 * A:* # (optional line added for clarity)
Eric Andersenc7bda1c2004-03-15 08:29:22 +000079 *
Denys Vlasenkod277f552011-04-10 03:08:22 +020080 * If a sub directory contains config file, it is parsed and merged with
Glenn L McGrathb65422c2003-09-08 10:59:27 +000081 * any existing settings as if it was appended to the original configuration.
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000082 *
83 * subdir paths are relative to the containing subdir and thus cannot
84 * affect the parent rules.
85 *
86 * Note that since the sub dir is parsed in the forked thread servicing the
87 * subdir http request, any merge is discarded when the process exits. As a
88 * result, the subdir settings only have a lifetime of a single request.
89 *
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +000090 * Custom error pages can contain an absolute path or be relative to
91 * 'home_httpd'. Error pages are to be static files (no CGI or script). Error
92 * page can only be defined in the root configuration file and are not taken
93 * into account in local (directories) config files.
Eric Andersenc7bda1c2004-03-15 08:29:22 +000094 *
95 * If -c is not set, an attempt will be made to open the default
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +000096 * root configuration file. If -c is set and the file is not found, the
97 * server exits with an error.
Denis Vlasenko073214f2007-08-17 19:20:07 +000098 */
Denys Vlasenko47367e12016-11-23 09:05:14 +010099//config:config HTTPD
Denys Vlasenko4eed2c62017-07-18 22:01:24 +0200100//config: bool "httpd (32 kb)"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100101//config: default y
102//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200103//config: HTTP server.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100104//config:
105//config:config FEATURE_HTTPD_RANGES
106//config: bool "Support 'Ranges:' header"
107//config: default y
108//config: depends on HTTPD
109//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200110//config: Makes httpd emit "Accept-Ranges: bytes" header and understand
111//config: "Range: bytes=NNN-[MMM]" header. Allows for resuming interrupted
112//config: downloads, seeking in multimedia players etc.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100113//config:
114//config:config FEATURE_HTTPD_SETUID
115//config: bool "Enable -u <user> option"
116//config: default y
117//config: depends on HTTPD
118//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200119//config: This option allows the server to run as a specific user
120//config: rather than defaulting to the user that starts the server.
121//config: Use of this option requires special privileges to change to a
122//config: different user.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100123//config:
124//config:config FEATURE_HTTPD_BASIC_AUTH
Denys Vlasenko1d8df522017-07-27 13:34:51 +0200125//config: bool "Enable HTTP authentication"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100126//config: default y
127//config: depends on HTTPD
128//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200129//config: Utilizes password settings from /etc/httpd.conf for basic
130//config: authentication on a per url basis.
131//config: Example for httpd.conf file:
132//config: /adm:toor:PaSsWd
Denys Vlasenko47367e12016-11-23 09:05:14 +0100133//config:
134//config:config FEATURE_HTTPD_AUTH_MD5
Denys Vlasenko1d8df522017-07-27 13:34:51 +0200135//config: bool "Support MD5-encrypted passwords in HTTP authentication"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100136//config: default y
137//config: depends on FEATURE_HTTPD_BASIC_AUTH
138//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200139//config: Enables encrypted passwords, and wildcard user/passwords
140//config: in httpd.conf file.
141//config: User '*' means 'any system user name is ok',
142//config: password of '*' means 'use system password for this user'
143//config: Examples:
144//config: /adm:toor:$1$P/eKnWXS$aI1aPGxT.dJD5SzqAKWrF0
145//config: /adm:root:*
146//config: /wiki:*:*
Denys Vlasenko47367e12016-11-23 09:05:14 +0100147//config:
148//config:config FEATURE_HTTPD_CGI
149//config: bool "Support Common Gateway Interface (CGI)"
150//config: default y
151//config: depends on HTTPD
152//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200153//config: This option allows scripts and executables to be invoked
154//config: when specific URLs are requested.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100155//config:
156//config:config FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
Denys Vlasenkof5604222017-01-10 14:58:54 +0100157//config: bool "Support running scripts through an interpreter"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100158//config: default y
159//config: depends on FEATURE_HTTPD_CGI
160//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200161//config: This option enables support for running scripts through an
162//config: interpreter. Turn this on if you want PHP scripts to work
163//config: properly. You need to supply an additional line in your
164//config: httpd.conf file:
165//config: *.php:/path/to/your/php
Denys Vlasenko47367e12016-11-23 09:05:14 +0100166//config:
167//config:config FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV
168//config: bool "Set REMOTE_PORT environment variable for CGI"
169//config: default y
170//config: depends on FEATURE_HTTPD_CGI
171//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200172//config: Use of this option can assist scripts in generating
173//config: references that contain a unique port number.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100174//config:
175//config:config FEATURE_HTTPD_ENCODE_URL_STR
176//config: bool "Enable -e option (useful for CGIs written as shell scripts)"
177//config: default y
178//config: depends on HTTPD
179//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200180//config: This option allows html encoding of arbitrary strings for display
181//config: by the browser. Output goes to stdout.
182//config: For example, httpd -e "<Hello World>" produces
183//config: "&#60Hello&#32World&#62".
Denys Vlasenko47367e12016-11-23 09:05:14 +0100184//config:
185//config:config FEATURE_HTTPD_ERROR_PAGES
Denys Vlasenkof5604222017-01-10 14:58:54 +0100186//config: bool "Support custom error pages"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100187//config: default y
188//config: depends on HTTPD
189//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200190//config: This option allows you to define custom error pages in
191//config: the configuration file instead of the default HTTP status
192//config: error pages. For instance, if you add the line:
193//config: E404:/path/e404.html
194//config: in the config file, the server will respond the specified
195//config: '/path/e404.html' file instead of the terse '404 NOT FOUND'
196//config: message.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100197//config:
198//config:config FEATURE_HTTPD_PROXY
Denys Vlasenkof5604222017-01-10 14:58:54 +0100199//config: bool "Support reverse proxy"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100200//config: default y
201//config: depends on HTTPD
202//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200203//config: This option allows you to define URLs that will be forwarded
204//config: to another HTTP server. To setup add the following line to the
205//config: configuration file
206//config: P:/url/:http://hostname[:port]/new/path/
207//config: Then a request to /url/myfile will be forwarded to
208//config: http://hostname[:port]/new/path/myfile.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100209//config:
210//config:config FEATURE_HTTPD_GZIP
Denys Vlasenkof5604222017-01-10 14:58:54 +0100211//config: bool "Support GZIP content encoding"
Denys Vlasenko47367e12016-11-23 09:05:14 +0100212//config: default y
213//config: depends on HTTPD
214//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200215//config: Makes httpd send files using GZIP content encoding if the
216//config: client supports it and a pre-compressed <file>.gz exists.
Denys Vlasenko47367e12016-11-23 09:05:14 +0100217
218//applet:IF_HTTPD(APPLET(httpd, BB_DIR_USR_SBIN, BB_SUID_DROP))
219
220//kbuild:lib-$(CONFIG_HTTPD) += httpd.o
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000221
Pere Orga5bc8c002011-04-11 03:29:49 +0200222//usage:#define httpd_trivial_usage
223//usage: "[-ifv[v]]"
224//usage: " [-c CONFFILE]"
225//usage: " [-p [IP:]PORT]"
226//usage: IF_FEATURE_HTTPD_SETUID(" [-u USER[:GRP]]")
227//usage: IF_FEATURE_HTTPD_BASIC_AUTH(" [-r REALM]")
228//usage: " [-h HOME]\n"
229//usage: "or httpd -d/-e" IF_FEATURE_HTTPD_AUTH_MD5("/-m") " STRING"
230//usage:#define httpd_full_usage "\n\n"
231//usage: "Listen for incoming HTTP requests\n"
Pere Orga5bc8c002011-04-11 03:29:49 +0200232//usage: "\n -i Inetd mode"
233//usage: "\n -f Don't daemonize"
234//usage: "\n -v[v] Verbose"
235//usage: "\n -p [IP:]PORT Bind to IP:PORT (default *:80)"
236//usage: IF_FEATURE_HTTPD_SETUID(
237//usage: "\n -u USER[:GRP] Set uid/gid after binding to port")
238//usage: IF_FEATURE_HTTPD_BASIC_AUTH(
239//usage: "\n -r REALM Authentication Realm for Basic Authentication")
240//usage: "\n -h HOME Home directory (default .)"
241//usage: "\n -c FILE Configuration file (default {/etc,HOME}/httpd.conf)"
242//usage: IF_FEATURE_HTTPD_AUTH_MD5(
243//usage: "\n -m STRING MD5 crypt STRING")
244//usage: "\n -e STRING HTML encode STRING"
245//usage: "\n -d STRING URL decode STRING"
246
Denys Vlasenko51792e12019-04-14 19:57:13 +0200247/* TODO: use TCP_CORK, parse_config() */
248
Denis Vlasenkob6adbf12007-05-26 19:00:18 +0000249#include "libbb.h"
Denys Vlasenkoe6a2f4c2016-04-21 16:26:30 +0200250#include "common_bufsiz.h"
Pascal Bellard72917552011-11-29 13:51:11 +0100251#if ENABLE_PAM
252/* PAM may include <locale.h>. We may need to undefine bbox's stub define: */
253# undef setlocale
254/* For some obscure reason, PAM is not in pam/xxx, but in security/xxx.
255 * Apparently they like to confuse people. */
256# include <security/pam_appl.h>
257# include <security/pam_misc.h>
258#endif
Bartosz Golaszewski8d75d792014-11-27 13:20:24 +0100259#if ENABLE_FEATURE_USE_SENDFILE
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000260# include <sys/sendfile.h>
Denis Vlasenko1b9064d2007-08-12 21:05:49 +0000261#endif
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200262
263#define DEBUG 0
264
265#define IOBUF_SIZE 8192
Denys Vlasenko1c356942019-04-19 14:19:41 +0200266#define MAX_HTTP_HEADERS_SIZE (32*1024)
Denis Vlasenko073214f2007-08-17 19:20:07 +0000267
268#define HEADER_READ_TIMEOUT 60
269
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000270static const char DEFAULT_PATH_HTTPD_CONF[] ALIGN1 = "/etc";
271static const char HTTPD_CONF[] ALIGN1 = "httpd.conf";
Denis Vlasenko52e15dc2007-08-19 18:53:43 +0000272static const char HTTP_200[] ALIGN1 = "HTTP/1.0 200 OK\r\n";
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200273static const char index_html[] ALIGN1 = "index.html";
Glenn L McGrath06e95652003-02-09 06:51:14 +0000274
Denis Vlasenko073214f2007-08-17 19:20:07 +0000275typedef struct has_next_ptr {
276 struct has_next_ptr *next;
277} has_next_ptr;
Eric Andersen07f2fea2004-10-08 08:03:29 +0000278
Denis Vlasenko073214f2007-08-17 19:20:07 +0000279/* Must have "next" as a first member */
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000280typedef struct Htaccess {
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000281 struct Htaccess *next;
Denis Vlasenko073214f2007-08-17 19:20:07 +0000282 char *after_colon;
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000283 char before_colon[1]; /* really bigger, must be last */
Glenn L McGrath06e95652003-02-09 06:51:14 +0000284} Htaccess;
285
Denis Vlasenko073214f2007-08-17 19:20:07 +0000286/* Must have "next" as a first member */
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000287typedef struct Htaccess_IP {
Denis Vlasenko073214f2007-08-17 19:20:07 +0000288 struct Htaccess_IP *next;
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000289 unsigned ip;
290 unsigned mask;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000291 int allow_deny;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000292} Htaccess_IP;
293
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000294/* Must have "next" as a first member */
295typedef struct Htaccess_Proxy {
296 struct Htaccess_Proxy *next;
297 char *url_from;
298 char *host_port;
299 char *url_to;
300} Htaccess_Proxy;
301
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200302typedef enum CGI_type {
303 CGI_NONE = 0,
304 CGI_NORMAL,
305 CGI_INDEX,
306 CGI_INTERPRETER,
307} CGI_type;
308
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000309enum {
310 HTTP_OK = 200,
Denis Vlasenkof4310172007-09-21 22:35:18 +0000311 HTTP_PARTIAL_CONTENT = 206,
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000312 HTTP_MOVED_TEMPORARILY = 302,
313 HTTP_BAD_REQUEST = 400, /* malformed syntax */
314 HTTP_UNAUTHORIZED = 401, /* authentication needed, respond with auth hdr */
315 HTTP_NOT_FOUND = 404,
316 HTTP_FORBIDDEN = 403,
317 HTTP_REQUEST_TIMEOUT = 408,
318 HTTP_NOT_IMPLEMENTED = 501, /* used for unrecognized requests */
319 HTTP_INTERNAL_SERVER_ERROR = 500,
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200320 HTTP_ENTITY_TOO_LARGE = 413,
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000321 HTTP_CONTINUE = 100,
322#if 0 /* future use */
323 HTTP_SWITCHING_PROTOCOLS = 101,
324 HTTP_CREATED = 201,
325 HTTP_ACCEPTED = 202,
326 HTTP_NON_AUTHORITATIVE_INFO = 203,
327 HTTP_NO_CONTENT = 204,
328 HTTP_MULTIPLE_CHOICES = 300,
329 HTTP_MOVED_PERMANENTLY = 301,
330 HTTP_NOT_MODIFIED = 304,
331 HTTP_PAYMENT_REQUIRED = 402,
332 HTTP_BAD_GATEWAY = 502,
333 HTTP_SERVICE_UNAVAILABLE = 503, /* overload, maintenance */
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000334#endif
335};
336
Denis Vlasenko72b6a652007-08-21 11:18:25 +0000337static const uint16_t http_response_type[] ALIGN2 = {
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000338 HTTP_OK,
Denis Vlasenkof4310172007-09-21 22:35:18 +0000339#if ENABLE_FEATURE_HTTPD_RANGES
340 HTTP_PARTIAL_CONTENT,
341#endif
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000342 HTTP_MOVED_TEMPORARILY,
343 HTTP_REQUEST_TIMEOUT,
344 HTTP_NOT_IMPLEMENTED,
Denis Vlasenko3f5fdc72007-10-14 04:55:59 +0000345#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000346 HTTP_UNAUTHORIZED,
347#endif
348 HTTP_NOT_FOUND,
349 HTTP_BAD_REQUEST,
350 HTTP_FORBIDDEN,
351 HTTP_INTERNAL_SERVER_ERROR,
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200352 HTTP_ENTITY_TOO_LARGE,
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000353#if 0 /* not implemented */
354 HTTP_CREATED,
355 HTTP_ACCEPTED,
356 HTTP_NO_CONTENT,
357 HTTP_MULTIPLE_CHOICES,
358 HTTP_MOVED_PERMANENTLY,
359 HTTP_NOT_MODIFIED,
360 HTTP_BAD_GATEWAY,
361 HTTP_SERVICE_UNAVAILABLE,
362#endif
363};
364
365static const struct {
366 const char *name;
367 const char *info;
368} http_response[ARRAY_SIZE(http_response_type)] = {
369 { "OK", NULL },
Denis Vlasenkof4310172007-09-21 22:35:18 +0000370#if ENABLE_FEATURE_HTTPD_RANGES
371 { "Partial Content", NULL },
372#endif
373 { "Found", NULL },
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000374 { "Request Timeout", "No request appeared within 60 seconds" },
375 { "Not Implemented", "The requested method is not recognized" },
376#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
377 { "Unauthorized", "" },
378#endif
379 { "Not Found", "The requested URL was not found" },
380 { "Bad Request", "Unsupported method" },
381 { "Forbidden", "" },
382 { "Internal Server Error", "Internal Server Error" },
Denys Vlasenkofba665a2019-04-16 11:37:02 +0200383 { "Entity Too Large", "Entity Too Large" },
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000384#if 0 /* not implemented */
385 { "Created" },
386 { "Accepted" },
387 { "No Content" },
388 { "Multiple Choices" },
389 { "Moved Permanently" },
390 { "Not Modified" },
391 { "Bad Gateway", "" },
392 { "Service Unavailable", "" },
393#endif
394};
395
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000396struct globals {
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000397 int verbose; /* must be int (used by getopt32) */
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000398 smallint flg_deny_all;
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200399#if ENABLE_FEATURE_HTTPD_GZIP
400 /* client can handle gzip / we are going to send gzip */
401 smallint content_gzip;
402#endif
Denis Vlasenko37c33162007-08-19 18:54:22 +0000403 time_t last_mod;
Denis Vlasenko37c33162007-08-19 18:54:22 +0000404 char *rmt_ip_str; /* for $REMOTE_ADDR and $REMOTE_PORT */
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000405 const char *bind_addr_or_port;
406
Denys Vlasenko2efa7262019-04-16 13:35:56 +0200407 char *g_query;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000408 const char *opt_c_configFile;
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000409 const char *home_httpd;
Denis Vlasenkofcd878e2007-12-29 02:16:23 +0000410 const char *index_page;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000411
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000412 const char *found_mime_type;
413 const char *found_moved_temporarily;
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000414 Htaccess_IP *ip_a_d; /* config allow/deny lines */
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000415
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000416 IF_FEATURE_HTTPD_BASIC_AUTH(const char *g_realm;)
417 IF_FEATURE_HTTPD_BASIC_AUTH(char *remoteuser;)
Glenn L McGrath1dc0cca2003-10-03 10:50:56 +0000418
Denis Vlasenkof4310172007-09-21 22:35:18 +0000419 off_t file_size; /* -1 - unknown */
420#if ENABLE_FEATURE_HTTPD_RANGES
421 off_t range_start;
422 off_t range_end;
423 off_t range_len;
424#endif
425
Denis Vlasenko55a99402006-09-30 20:41:44 +0000426#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000427 Htaccess *g_auth; /* config user:password lines */
Glenn L McGrathc9163fe2003-05-13 16:20:11 +0000428#endif
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000429 Htaccess *mime_a; /* config mime types */
Denis Vlasenko55a99402006-09-30 20:41:44 +0000430#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000431 Htaccess *script_i; /* config script interpreters */
"Vladimir N. Oleynik"4333a092006-01-31 13:53:30 +0000432#endif
Denys Vlasenkofb132e42010-10-29 11:46:52 +0200433 char *iobuf; /* [IOBUF_SIZE] */
Denys Vlasenkoe6a2f4c2016-04-21 16:26:30 +0200434#define hdr_buf bb_common_bufsiz1
435#define sizeof_hdr_buf COMMON_BUFSIZE
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000436 char *hdr_ptr;
437 int hdr_cnt;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000438#if ENABLE_FEATURE_HTTPD_ERROR_PAGES
439 const char *http_error_page[ARRAY_SIZE(http_response_type)];
440#endif
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000441#if ENABLE_FEATURE_HTTPD_PROXY
442 Htaccess_Proxy *proxy;
443#endif
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000444};
445#define G (*ptr_to_globals)
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000446#define verbose (G.verbose )
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000447#define flg_deny_all (G.flg_deny_all )
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200448#if ENABLE_FEATURE_HTTPD_GZIP
449# define content_gzip (G.content_gzip )
450#else
451# define content_gzip 0
452#endif
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000453#define bind_addr_or_port (G.bind_addr_or_port)
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000454#define g_query (G.g_query )
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000455#define opt_c_configFile (G.opt_c_configFile )
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000456#define home_httpd (G.home_httpd )
Denis Vlasenkofcd878e2007-12-29 02:16:23 +0000457#define index_page (G.index_page )
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000458#define found_mime_type (G.found_mime_type )
459#define found_moved_temporarily (G.found_moved_temporarily)
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000460#define last_mod (G.last_mod )
461#define ip_a_d (G.ip_a_d )
462#define g_realm (G.g_realm )
463#define remoteuser (G.remoteuser )
Denis Vlasenkof4310172007-09-21 22:35:18 +0000464#define file_size (G.file_size )
465#if ENABLE_FEATURE_HTTPD_RANGES
466#define range_start (G.range_start )
467#define range_end (G.range_end )
468#define range_len (G.range_len )
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000469#else
470enum {
Denys Vlasenko8cce1b32012-02-19 17:18:45 +0100471 range_start = -1,
Denis Vlasenko1cbfd982009-02-04 23:43:44 +0000472 range_end = MAXINT(off_t) - 1,
473 range_len = MAXINT(off_t),
474};
Denis Vlasenkof4310172007-09-21 22:35:18 +0000475#endif
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000476#define rmt_ip_str (G.rmt_ip_str )
477#define g_auth (G.g_auth )
478#define mime_a (G.mime_a )
479#define script_i (G.script_i )
480#define iobuf (G.iobuf )
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000481#define hdr_ptr (G.hdr_ptr )
482#define hdr_cnt (G.hdr_cnt )
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000483#define http_error_page (G.http_error_page )
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000484#define proxy (G.proxy )
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000485#define INIT_G() do { \
Denys Vlasenko9de2e5a2016-04-21 18:38:51 +0200486 setup_common_bufsiz(); \
Denis Vlasenko574f2f42008-02-27 18:41:59 +0000487 SET_PTR_TO_GLOBALS(xzalloc(sizeof(G))); \
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000488 IF_FEATURE_HTTPD_BASIC_AUTH(g_realm = "Web Server Authentication";) \
Denys Vlasenko8cce1b32012-02-19 17:18:45 +0100489 IF_FEATURE_HTTPD_RANGES(range_start = -1;) \
Denis Vlasenko0372f0f2007-08-14 16:50:01 +0000490 bind_addr_or_port = "80"; \
Denys Vlasenko108b8c52009-09-08 21:17:49 +0200491 index_page = index_html; \
Denis Vlasenkof4310172007-09-21 22:35:18 +0000492 file_size = -1; \
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000493} while (0)
Glenn L McGrath06e95652003-02-09 06:51:14 +0000494
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +0000495
Denis Vlasenko0bb993f2006-11-21 00:06:28 +0000496#define STRNCASECMP(a, str) strncasecmp((a), (str), sizeof(str)-1)
Glenn L McGrath06e95652003-02-09 06:51:14 +0000497
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000498/* Prototypes */
Denis Vlasenko2f518b02008-02-21 00:12:07 +0000499enum {
500 SEND_HEADERS = (1 << 0),
501 SEND_BODY = (1 << 1),
502 SEND_HEADERS_AND_BODY = SEND_HEADERS + SEND_BODY,
503};
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +0000504static void send_file_and_exit(const char *url, int what) NORETURN;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000505
Denis Vlasenko073214f2007-08-17 19:20:07 +0000506static void free_llist(has_next_ptr **pptr)
507{
508 has_next_ptr *cur = *pptr;
509 while (cur) {
510 has_next_ptr *t = cur;
511 cur = cur->next;
512 free(t);
513 }
514 *pptr = NULL;
515}
516
Denis Vlasenko073214f2007-08-17 19:20:07 +0000517static ALWAYS_INLINE void free_Htaccess_list(Htaccess **pptr)
518{
519 free_llist((has_next_ptr**)pptr);
520}
Denis Vlasenko073214f2007-08-17 19:20:07 +0000521
522static ALWAYS_INLINE void free_Htaccess_IP_list(Htaccess_IP **pptr)
523{
524 free_llist((has_next_ptr**)pptr);
525}
Glenn L McGrath06e95652003-02-09 06:51:14 +0000526
Denis Vlasenkod867f322007-08-19 21:15:42 +0000527/* Returns presumed mask width in bits or < 0 on error.
528 * Updates strp, stores IP at provided pointer */
529static int scan_ip(const char **strp, unsigned *ipp, unsigned char endc)
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000530{
Denis Vlasenkod867f322007-08-19 21:15:42 +0000531 const char *p = *strp;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000532 int auto_mask = 8;
Denis Vlasenkod867f322007-08-19 21:15:42 +0000533 unsigned ip = 0;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000534 int j;
Glenn L McGrathc9163fe2003-05-13 16:20:11 +0000535
Denis Vlasenkod867f322007-08-19 21:15:42 +0000536 if (*p == '/')
537 return -auto_mask;
538
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000539 for (j = 0; j < 4; j++) {
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000540 unsigned octet;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000541
Denis Vlasenkod867f322007-08-19 21:15:42 +0000542 if ((*p < '0' || *p > '9') && *p != '/' && *p)
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000543 return -auto_mask;
544 octet = 0;
545 while (*p >= '0' && *p <= '9') {
546 octet *= 10;
547 octet += *p - '0';
548 if (octet > 255)
549 return -auto_mask;
550 p++;
551 }
552 if (*p == '.')
553 p++;
Denis Vlasenkod867f322007-08-19 21:15:42 +0000554 if (*p != '/' && *p)
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000555 auto_mask += 8;
Denis Vlasenkod867f322007-08-19 21:15:42 +0000556 ip = (ip << 8) | octet;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000557 }
Denis Vlasenkod867f322007-08-19 21:15:42 +0000558 if (*p) {
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000559 if (*p != endc)
560 return -auto_mask;
561 p++;
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +0000562 if (*p == '\0')
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000563 return -auto_mask;
564 }
Denis Vlasenkod867f322007-08-19 21:15:42 +0000565 *ipp = ip;
566 *strp = p;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000567 return auto_mask;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000568}
569
Denis Vlasenkod867f322007-08-19 21:15:42 +0000570/* Returns 0 on success. Stores IP and mask at provided pointers */
571static int scan_ip_mask(const char *str, unsigned *ipp, unsigned *maskp)
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000572{
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000573 int i;
Denis Vlasenkod867f322007-08-19 21:15:42 +0000574 unsigned mask;
575 char *p;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000576
Denis Vlasenkod867f322007-08-19 21:15:42 +0000577 i = scan_ip(&str, ipp, '/');
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000578 if (i < 0)
579 return i;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000580
Denis Vlasenkod867f322007-08-19 21:15:42 +0000581 if (*str) {
582 /* there is /xxx after dotted-IP address */
583 i = bb_strtou(str, &p, 10);
584 if (*p == '.') {
585 /* 'xxx' itself is dotted-IP mask, parse it */
586 /* (return 0 (success) only if it has N.N.N.N form) */
587 return scan_ip(&str, maskp, '\0') - 32;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000588 }
Denis Vlasenkod867f322007-08-19 21:15:42 +0000589 if (*p)
590 return -1;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000591 }
Denis Vlasenkod867f322007-08-19 21:15:42 +0000592
593 if (i > 32)
Denis Vlasenko92758142006-10-03 19:56:34 +0000594 return -1;
Denis Vlasenkod867f322007-08-19 21:15:42 +0000595
596 if (sizeof(unsigned) == 4 && i == 32) {
597 /* mask >>= 32 below may not work */
598 mask = 0;
599 } else {
600 mask = 0xffffffff;
601 mask >>= i;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000602 }
Denis Vlasenkod867f322007-08-19 21:15:42 +0000603 /* i == 0 -> *maskp = 0x00000000
604 * i == 1 -> *maskp = 0x80000000
605 * i == 4 -> *maskp = 0xf0000000
606 * i == 31 -> *maskp = 0xfffffffe
607 * i == 32 -> *maskp = 0xffffffff */
608 *maskp = (uint32_t)(~mask);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000609 return 0;
Glenn L McGrathb65422c2003-09-08 10:59:27 +0000610}
611
Denis Vlasenko073214f2007-08-17 19:20:07 +0000612/*
613 * Parse configuration file into in-memory linked list.
Eric Andersenc7bda1c2004-03-15 08:29:22 +0000614 *
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000615 * Any previous IP rules are discarded.
616 * If the flag argument is not SUBDIR_PARSE then all /path and mime rules
617 * are also discarded. That is, previous settings are retained if flag is
618 * SUBDIR_PARSE.
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000619 * Error pages are only parsed on the main config file.
Glenn L McGrath4fe3ff82003-05-19 05:56:16 +0000620 *
Denis Vlasenko073214f2007-08-17 19:20:07 +0000621 * path Path where to look for httpd.conf (without filename).
622 * flag Type of the parse request.
623 */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000624/* flag param: */
625enum {
626 FIRST_PARSE = 0, /* path will be "/etc" */
627 SIGNALED_PARSE = 1, /* path will be "/etc" */
628 SUBDIR_PARSE = 2, /* path will be derived from URL */
629};
Glenn L McGrath06e95652003-02-09 06:51:14 +0000630static void parse_conf(const char *path, int flag)
631{
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000632 /* internally used extra flag state */
633 enum { TRY_CURDIR_PARSE = 3 };
634
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000635 FILE *f;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000636 const char *filename;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000637 char buf[160];
Glenn L McGrathc9163fe2003-05-13 16:20:11 +0000638
Denis Vlasenko073214f2007-08-17 19:20:07 +0000639 /* discard old rules */
640 free_Htaccess_IP_list(&ip_a_d);
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000641 flg_deny_all = 0;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000642 /* retain previous auth and mime config only for subdir parse */
643 if (flag != SUBDIR_PARSE) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000644 free_Htaccess_list(&mime_a);
Denis Vlasenko55a99402006-09-30 20:41:44 +0000645#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenko073214f2007-08-17 19:20:07 +0000646 free_Htaccess_list(&g_auth);
Glenn L McGrathc9163fe2003-05-13 16:20:11 +0000647#endif
Denis Vlasenko55a99402006-09-30 20:41:44 +0000648#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
Denis Vlasenko073214f2007-08-17 19:20:07 +0000649 free_Htaccess_list(&script_i);
"Vladimir N. Oleynik"4333a092006-01-31 13:53:30 +0000650#endif
Glenn L McGrath06e95652003-02-09 06:51:14 +0000651 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000652
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000653 filename = opt_c_configFile;
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000654 if (flag == SUBDIR_PARSE || filename == NULL) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000655 filename = alloca(strlen(path) + sizeof(HTTPD_CONF) + 2);
656 sprintf((char *)filename, "%s/%s", path, HTTPD_CONF);
Glenn L McGrath393183d2003-05-26 14:07:50 +0000657 }
658
Denis Vlasenko5415c852008-07-21 23:05:26 +0000659 while ((f = fopen_for_read(filename)) == NULL) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000660 if (flag >= SUBDIR_PARSE) { /* SUBDIR or TRY_CURDIR */
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000661 /* config file not found, no changes to config */
662 return;
663 }
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000664 if (flag == FIRST_PARSE) {
665 /* -c CONFFILE given, but CONFFILE doesn't exist? */
666 if (opt_c_configFile)
667 bb_simple_perror_msg_and_die(opt_c_configFile);
668 /* else: no -c, thus we looked at /etc/httpd.conf,
669 * and it's not there. try ./httpd.conf: */
670 }
671 flag = TRY_CURDIR_PARSE;
672 filename = HTTPD_CONF;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000673 }
674
Denis Vlasenko55a99402006-09-30 20:41:44 +0000675#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000676 /* in "/file:user:pass" lines, we prepend path in subdirs */
677 if (flag != SUBDIR_PARSE)
678 path = "";
Glenn L McGrath06e95652003-02-09 06:51:14 +0000679#endif
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000680 /* The lines can be:
681 *
682 * I:default_index_file
683 * H:http_home
684 * [AD]:IP[/mask] # allow/deny, * for wildcard
685 * Ennn:error.html # error page for status nnn
686 * P:/url:[http://]hostname[:port]/new/path # reverse proxy
687 * .ext:mime/type # mime type
688 * *.php:/path/php # run xxx.php through an interpreter
689 * /file:user:pass # username and password
690 */
691 while (fgets(buf, sizeof(buf), f) != NULL) {
692 unsigned strlen_buf;
693 unsigned char ch;
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200694 char *after_colon;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000695
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000696 { /* remove all whitespace, and # comments */
697 char *p, *p0;
698
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200699 p0 = buf;
700 /* skip non-whitespace beginning. Often the whole line
701 * is non-whitespace. We want this case to work fast,
702 * without needless copying, therefore we don't merge
703 * this operation into next while loop. */
704 while ((ch = *p0) != '\0' && ch != '\n' && ch != '#'
705 && ch != ' ' && ch != '\t'
706 ) {
707 p0++;
708 }
709 p = p0;
710 /* if we enter this loop, we have some whitespace.
711 * discard it */
712 while (ch != '\0' && ch != '\n' && ch != '#') {
713 if (ch != ' ' && ch != '\t') {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000714 *p++ = ch;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000715 }
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200716 ch = *++p0;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000717 }
718 *p = '\0';
719 strlen_buf = p - buf;
Denis Vlasenko00643ca2009-04-22 13:52:22 +0000720 if (strlen_buf == 0)
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200721 continue; /* empty line */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000722 }
723
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200724 after_colon = strchr(buf, ':');
Denis Vlasenko00643ca2009-04-22 13:52:22 +0000725 /* strange line? */
Denys Vlasenko48a29de2009-05-02 00:50:38 +0200726 if (after_colon == NULL || *++after_colon == '\0')
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000727 goto config_error;
728
729 ch = (buf[0] & ~0x20); /* toupper if it's a letter */
730
731 if (ch == 'I') {
Denys Vlasenko108b8c52009-09-08 21:17:49 +0200732 if (index_page != index_html)
733 free((char*)index_page);
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000734 index_page = xstrdup(after_colon);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000735 continue;
736 }
737
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000738 /* do not allow jumping around using H in subdir's configs */
739 if (flag == FIRST_PARSE && ch == 'H') {
740 home_httpd = xstrdup(after_colon);
741 xchdir(home_httpd);
742 continue;
743 }
744
745 if (ch == 'A' || ch == 'D') {
746 Htaccess_IP *pip;
747
748 if (*after_colon == '*') {
749 if (ch == 'D') {
750 /* memorize "deny all" */
751 flg_deny_all = 1;
752 }
753 /* skip assumed "A:*", it is a default anyway */
754 continue;
755 }
756 /* store "allow/deny IP/mask" line */
757 pip = xzalloc(sizeof(*pip));
758 if (scan_ip_mask(after_colon, &pip->ip, &pip->mask)) {
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000759 /* IP{/mask} syntax error detected, protect all */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000760 ch = 'D';
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000761 pip->mask = 0;
762 }
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000763 pip->allow_deny = ch;
764 if (ch == 'D') {
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000765 /* Deny:from_IP - prepend */
766 pip->next = ip_a_d;
767 ip_a_d = pip;
768 } else {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000769 /* A:from_IP - append (thus all D's precedes A's) */
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000770 Htaccess_IP *prev_IP = ip_a_d;
771 if (prev_IP == NULL) {
Denis Vlasenko77e44d62007-06-09 23:49:05 +0000772 ip_a_d = pip;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000773 } else {
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000774 while (prev_IP->next)
775 prev_IP = prev_IP->next;
776 prev_IP->next = pip;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000777 }
778 }
779 continue;
780 }
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000781
782#if ENABLE_FEATURE_HTTPD_ERROR_PAGES
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000783 if (flag == FIRST_PARSE && ch == 'E') {
Denis Vlasenko6b06cb82008-05-15 21:30:45 +0000784 unsigned i;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000785 int status = atoi(buf + 1); /* error status code */
786
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000787 if (status < HTTP_CONTINUE) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000788 goto config_error;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000789 }
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000790 /* then error page; find matching status */
791 for (i = 0; i < ARRAY_SIZE(http_response_type); i++) {
792 if (http_response_type[i] == status) {
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000793 /* We chdir to home_httpd, thus no need to
794 * concat_path_file(home_httpd, after_colon)
795 * here */
796 http_error_page[i] = xstrdup(after_colon);
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +0000797 break;
798 }
799 }
800 continue;
801 }
802#endif
803
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000804#if ENABLE_FEATURE_HTTPD_PROXY
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000805 if (flag == FIRST_PARSE && ch == 'P') {
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000806 /* P:/url:[http://]hostname[:port]/new/path */
807 char *url_from, *host_port, *url_to;
808 Htaccess_Proxy *proxy_entry;
809
Denis Vlasenko0eb406c2008-06-13 09:53:06 +0000810 url_from = after_colon;
811 host_port = strchr(after_colon, ':');
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000812 if (host_port == NULL) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000813 goto config_error;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000814 }
815 *host_port++ = '\0';
Denys Vlasenko8dff01d2015-03-12 17:48:34 +0100816 if (is_prefixed_with(host_port, "http://"))
Denis Vlasenko78ee7c82007-10-21 23:24:42 +0000817 host_port += 7;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000818 if (*host_port == '\0') {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000819 goto config_error;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000820 }
821 url_to = strchr(host_port, '/');
822 if (url_to == NULL) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000823 goto config_error;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000824 }
825 *url_to = '\0';
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000826 proxy_entry = xzalloc(sizeof(*proxy_entry));
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000827 proxy_entry->url_from = xstrdup(url_from);
828 proxy_entry->host_port = xstrdup(host_port);
829 *url_to = '/';
830 proxy_entry->url_to = xstrdup(url_to);
831 proxy_entry->next = proxy;
832 proxy = proxy_entry;
833 continue;
834 }
835#endif
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000836 /* the rest of directives are non-alphabetic,
837 * must avoid using "toupper'ed" ch */
838 ch = buf[0];
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000839
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000840 if (ch == '.' /* ".ext:mime/type" */
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000841#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000842 || (ch == '*' && buf[1] == '.') /* "*.php:/path/php" */
843#endif
844 ) {
845 char *p;
846 Htaccess *cur;
847
848 cur = xzalloc(sizeof(*cur) /* includes space for NUL */ + strlen_buf);
849 strcpy(cur->before_colon, buf);
850 p = cur->before_colon + (after_colon - buf);
851 p[-1] = '\0';
852 cur->after_colon = p;
853 if (ch == '.') {
854 /* .mime line: prepend to mime_a list */
855 cur->next = mime_a;
856 mime_a = cur;
857 }
858#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
859 else {
860 /* script interpreter line: prepend to script_i list */
861 cur->next = script_i;
862 script_i = cur;
863 }
864#endif
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000865 continue;
866 }
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000867
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000868#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
869 if (ch == '/') { /* "/file:user:pass" */
870 char *p;
871 Htaccess *cur;
872 unsigned file_len;
873
874 /* note: path is "" unless we are in SUBDIR parse,
Denis Vlasenkoc8d71092009-04-22 14:16:59 +0000875 * otherwise it does NOT start with "/" */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000876 cur = xzalloc(sizeof(*cur) /* includes space for NUL */
Denis Vlasenkoc8d71092009-04-22 14:16:59 +0000877 + 1 + strlen(path)
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000878 + strlen_buf
879 );
880 /* form "/path/file" */
Denis Vlasenkoc8d71092009-04-22 14:16:59 +0000881 sprintf(cur->before_colon, "/%s%.*s",
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000882 path,
Denys Vlasenkoa4bcbd02009-06-09 23:01:24 +0200883 (int) (after_colon - buf - 1), /* includes "/", but not ":" */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000884 buf);
885 /* canonicalize it */
886 p = bb_simplify_abs_path_inplace(cur->before_colon);
887 file_len = p - cur->before_colon;
888 /* add "user:pass" after NUL */
889 strcpy(++p, after_colon);
890 cur->after_colon = p;
891
892 /* insert cur into g_auth */
893 /* g_auth is sorted by decreased filename length */
894 {
895 Htaccess *auth, **authp;
896
897 authp = &g_auth;
898 while ((auth = *authp) != NULL) {
899 if (file_len >= strlen(auth->before_colon)) {
900 /* insert cur before auth */
901 cur->next = auth;
902 break;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000903 }
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000904 authp = &auth->next;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000905 }
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000906 *authp = cur;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000907 }
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000908 continue;
Denis Vlasenkof74194e2007-10-18 12:54:39 +0000909 }
910#endif /* BASIC_AUTH */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000911
912 /* the line is not recognized */
913 config_error:
914 bb_error_msg("config error '%s' in '%s'", buf, filename);
Denys Vlasenko69675782013-01-14 01:34:48 +0100915 } /* while (fgets) */
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +0000916
Denys Vlasenko69675782013-01-14 01:34:48 +0100917 fclose(f);
Glenn L McGrath06e95652003-02-09 06:51:14 +0000918}
919
Denis Vlasenko55a99402006-09-30 20:41:44 +0000920#if ENABLE_FEATURE_HTTPD_ENCODE_URL_STR
Denis Vlasenko073214f2007-08-17 19:20:07 +0000921/*
922 * Given a string, html-encode special characters.
923 * This is used for the -e command line option to provide an easy way
924 * for scripts to encode result data without confusing browsers. The
925 * returned string pointer is memory allocated by malloc().
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000926 *
Denis Vlasenko073214f2007-08-17 19:20:07 +0000927 * Returns a pointer to the encoded string (malloced).
928 */
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000929static char *encodeString(const char *string)
930{
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000931 /* take the simple route and encode everything */
932 /* could possibly scan once to get length. */
933 int len = strlen(string);
Denis Vlasenkoab2aea42007-01-29 22:51:58 +0000934 char *out = xmalloc(len * 6 + 1);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000935 char *p = out;
936 char ch;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000937
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200938 while ((ch = *string++) != '\0') {
Denis Vlasenko72b6a652007-08-21 11:18:25 +0000939 /* very simple check for what to encode */
940 if (isalnum(ch))
941 *p++ = ch;
942 else
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +0200943 p += sprintf(p, "&#%u;", (unsigned char) ch);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000944 }
Denis Vlasenkoab2aea42007-01-29 22:51:58 +0000945 *p = '\0';
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000946 return out;
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000947}
Denys Vlasenko535ce1d2010-07-25 03:20:25 +0200948#endif
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000949
Denis Vlasenko55a99402006-09-30 20:41:44 +0000950#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000951/*
Denis Vlasenko073214f2007-08-17 19:20:07 +0000952 * Decode a base64 data stream as per rfc1521.
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000953 * Note that the rfc states that non base64 chars are to be ignored.
Denis Vlasenko073214f2007-08-17 19:20:07 +0000954 * Since the decode always results in a shorter size than the input,
955 * it is OK to pass the input arg as an output arg.
Denis Vlasenko384b1d12007-08-14 16:55:01 +0000956 * Parameter: a pointer to a base64 encoded string.
957 * Decoded data is stored in-place.
958 */
Glenn L McGrath06e95652003-02-09 06:51:14 +0000959static void decodeBase64(char *Data)
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000960{
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000961 const unsigned char *in = (const unsigned char *)Data;
Denis Vlasenko37c33162007-08-19 18:54:22 +0000962 /* The decoded size will be at most 3/4 the size of the encoded */
Denis Vlasenko088b9592007-04-18 21:14:46 +0000963 unsigned ch = 0;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000964 int i = 0;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000965
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000966 while (*in) {
967 int t = *in++;
Glenn L McGrath06e95652003-02-09 06:51:14 +0000968
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000969 if (t >= '0' && t <= '9')
970 t = t - '0' + 52;
971 else if (t >= 'A' && t <= 'Z')
972 t = t - 'A';
973 else if (t >= 'a' && t <= 'z')
974 t = t - 'a' + 26;
975 else if (t == '+')
976 t = 62;
977 else if (t == '/')
978 t = 63;
979 else if (t == '=')
980 t = 0;
981 else
982 continue;
Glenn L McGrath874e3382003-05-14 12:11:36 +0000983
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +0000984 ch = (ch << 6) | t;
985 i++;
986 if (i == 4) {
987 *Data++ = (char) (ch >> 16);
988 *Data++ = (char) (ch >> 8);
989 *Data++ = (char) ch;
990 i = 0;
991 }
992 }
Denis Vlasenko088b9592007-04-18 21:14:46 +0000993 *Data = '\0';
Glenn L McGrath58c708a2003-01-05 04:01:56 +0000994}
995#endif
996
Denis Vlasenko073214f2007-08-17 19:20:07 +0000997/*
998 * Create a listen server socket on the designated port.
999 */
Glenn L McGrath06e95652003-02-09 06:51:14 +00001000static int openServer(void)
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001001{
Denis Vlasenkof74194e2007-10-18 12:54:39 +00001002 unsigned n = bb_strtou(bind_addr_or_port, NULL, 10);
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00001003 if (!errno && n && n <= 0xffff)
1004 n = create_and_bind_stream_or_die(NULL, n);
1005 else
1006 n = create_and_bind_stream_or_die(bind_addr_or_port, 80);
1007 xlisten(n, 9);
1008 return n;
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001009}
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001010
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00001011/*
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00001012 * Log the connection closure and exit.
1013 */
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +00001014static void log_and_exit(void) NORETURN;
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00001015static void log_and_exit(void)
1016{
Denis Vlasenko921799d2007-08-19 19:28:09 +00001017 /* Paranoia. IE said to be buggy. It may send some extra data
1018 * or be confused by us just exiting without SHUT_WR. Oh well. */
1019 shutdown(1, SHUT_WR);
Denis Vlasenkofaf334a2008-05-18 15:14:36 +00001020 /* Why??
1021 (this also messes up stdin when user runs httpd -i from terminal)
Denis Vlasenko921799d2007-08-19 19:28:09 +00001022 ndelay_on(0);
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +00001023 while (read(STDIN_FILENO, iobuf, IOBUF_SIZE) > 0)
Denis Vlasenko921799d2007-08-19 19:28:09 +00001024 continue;
Denis Vlasenkofaf334a2008-05-18 15:14:36 +00001025 */
Denis Vlasenko921799d2007-08-19 19:28:09 +00001026
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00001027 if (verbose > 2)
1028 bb_error_msg("closed");
1029 _exit(xfunc_error_retval);
1030}
1031
1032/*
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00001033 * Create and send HTTP response headers.
1034 * The arguments are combined and sent as one write operation. Note that
1035 * IE will puke big-time if the headers are not sent in one packet and the
1036 * second packet is delayed for any reason.
1037 * responseNum - the result code to send.
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00001038 */
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02001039static void send_headers(unsigned responseNum)
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001040{
Denis Vlasenko073214f2007-08-17 19:20:07 +00001041 static const char RFC1123FMT[] ALIGN1 = "%a, %d %b %Y %H:%M:%S GMT";
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001042 /* Fixed size 29-byte string. Example: Sun, 06 Nov 1994 08:49:37 GMT */
1043 char date_str[40]; /* using a bit larger buffer to paranoia reasons */
Denis Vlasenko073214f2007-08-17 19:20:07 +00001044
Denys Vlasenkoe1b1b792018-03-06 18:11:47 +01001045 struct tm tm;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001046 const char *responseString = "";
Denis Vlasenko384b1d12007-08-14 16:55:01 +00001047 const char *infoString = NULL;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +00001048#if ENABLE_FEATURE_HTTPD_ERROR_PAGES
Denis Vlasenko2f518b02008-02-21 00:12:07 +00001049 const char *error_page = NULL;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +00001050#endif
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02001051 unsigned len;
Denis Vlasenkob64eed62007-01-14 17:06:11 +00001052 unsigned i;
Denis Vlasenko04158e02009-02-02 10:48:06 +00001053 time_t timer = time(NULL);
Glenn L McGrath06e95652003-02-09 06:51:14 +00001054
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +00001055 for (i = 0; i < ARRAY_SIZE(http_response_type); i++) {
1056 if (http_response_type[i] == responseNum) {
1057 responseString = http_response[i].name;
1058 infoString = http_response[i].info;
1059#if ENABLE_FEATURE_HTTPD_ERROR_PAGES
1060 error_page = http_error_page[i];
1061#endif
Glenn L McGrath06e95652003-02-09 06:51:14 +00001062 break;
1063 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001064 }
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001065
Denis Vlasenko384b1d12007-08-14 16:55:01 +00001066 if (verbose)
Denis Vlasenko241b1562007-08-17 19:18:47 +00001067 bb_error_msg("response:%u", responseNum);
Denis Vlasenko384b1d12007-08-14 16:55:01 +00001068
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001069 /* We use sprintf, not snprintf (it's less code).
1070 * iobuf[] is several kbytes long and all headers we generate
1071 * always fit into those kbytes.
1072 */
1073
Denys Vlasenkoe1b1b792018-03-06 18:11:47 +01001074 strftime(date_str, sizeof(date_str), RFC1123FMT, gmtime_r(&timer, &tm));
1075 /* ^^^ using gmtime_r() instead of gmtime() to not use static data */
Denis Vlasenko384b1d12007-08-14 16:55:01 +00001076 len = sprintf(iobuf,
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02001077 "HTTP/1.0 %u %s\r\n"
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001078 "Date: %s\r\n"
1079 "Connection: close\r\n",
1080 responseNum, responseString,
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001081 date_str
1082 );
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001083
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02001084 if (responseNum != HTTP_OK || found_mime_type) {
1085 len += sprintf(iobuf + len,
1086 "Content-type: %s\r\n",
1087 /* if it's error message, then it's HTML */
1088 (responseNum != HTTP_OK ? "text/html" : found_mime_type)
1089 );
1090 }
1091
Denis Vlasenko55a99402006-09-30 20:41:44 +00001092#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001093 if (responseNum == HTTP_UNAUTHORIZED) {
Denis Vlasenko384b1d12007-08-14 16:55:01 +00001094 len += sprintf(iobuf + len,
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001095 "WWW-Authenticate: Basic realm=\"%.999s\"\r\n",
1096 g_realm /* %.999s protects from overflowing iobuf[] */
1097 );
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001098 }
Glenn L McGrath3d2405c2003-02-10 22:28:21 +00001099#endif
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001100 if (responseNum == HTTP_MOVED_TEMPORARILY) {
Denys Vlasenko59f84752015-10-23 11:49:04 +02001101 /* Responding to "GET /dir" with
1102 * "HTTP/1.0 302 Found" "Location: /dir/"
1103 * - IOW, asking them to repeat with a slash.
1104 * Here, overflow IS possible, can't use sprintf:
1105 * mkdir test
1106 * python -c 'print("get /test?" + ("x" * 8192))' | busybox httpd -i -h .
1107 */
1108 len += snprintf(iobuf + len, IOBUF_SIZE-3 - len,
1109 "Location: %s/%s%s\r\n",
Denis Vlasenko77e44d62007-06-09 23:49:05 +00001110 found_moved_temporarily,
1111 (g_query ? "?" : ""),
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001112 (g_query ? g_query : "")
1113 );
Denys Vlasenko59f84752015-10-23 11:49:04 +02001114 if (len > IOBUF_SIZE-3)
1115 len = IOBUF_SIZE-3;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001116 }
Eric Andersen07f2fea2004-10-08 08:03:29 +00001117
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +00001118#if ENABLE_FEATURE_HTTPD_ERROR_PAGES
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001119 if (error_page && access(error_page, R_OK) == 0) {
Denys Vlasenko59f84752015-10-23 11:49:04 +02001120 iobuf[len++] = '\r';
1121 iobuf[len++] = '\n';
1122 if (DEBUG) {
1123 iobuf[len] = '\0';
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +00001124 fprintf(stderr, "headers: '%s'\n", iobuf);
Denys Vlasenko59f84752015-10-23 11:49:04 +02001125 }
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +00001126 full_write(STDOUT_FILENO, iobuf, len);
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +00001127 if (DEBUG)
1128 fprintf(stderr, "writing error page: '%s'\n", error_page);
Denis Vlasenko2f518b02008-02-21 00:12:07 +00001129 return send_file_and_exit(error_page, SEND_BODY);
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +00001130 }
1131#endif
1132
Denis Vlasenkof4310172007-09-21 22:35:18 +00001133 if (file_size != -1) { /* file */
Denys Vlasenkoe1b1b792018-03-06 18:11:47 +01001134 strftime(date_str, sizeof(date_str), RFC1123FMT, gmtime_r(&last_mod, &tm));
Denis Vlasenkof4310172007-09-21 22:35:18 +00001135#if ENABLE_FEATURE_HTTPD_RANGES
1136 if (responseNum == HTTP_PARTIAL_CONTENT) {
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001137 len += sprintf(iobuf + len,
1138 "Content-Range: bytes %"OFF_FMT"u-%"OFF_FMT"u/%"OFF_FMT"u\r\n",
Denis Vlasenkof4310172007-09-21 22:35:18 +00001139 range_start,
1140 range_end,
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001141 file_size
1142 );
Denis Vlasenkof4310172007-09-21 22:35:18 +00001143 file_size = range_end - range_start + 1;
1144 }
1145#endif
Alexander Vickberg210b5242019-04-17 11:34:21 +02001146
1147//RFC 2616 4.4 Message Length
1148// The transfer-length of a message is the length of the message-body as
1149// it appears in the message; that is, after any transfer-codings have
1150// been applied. When a message-body is included with a message, the
1151// transfer-length of that body is determined by one of the following
1152// (in order of precedence):
1153// 1.Any response message which "MUST NOT" include a message-body (such
1154// as the 1xx, 204, and 304 responses and any response to a HEAD
1155// request) is always terminated by the first empty line after the
1156// header fields, regardless of the entity-header fields present in
1157// the message.
1158// 2.If a Transfer-Encoding header field (section 14.41) is present and
1159// has any value other than "identity", then the transfer-length is
1160// defined by use of the "chunked" transfer-coding (section 3.6),
1161// unless the message is terminated by closing the connection.
1162// 3.If a Content-Length header field (section 14.13) is present, its
1163// decimal value in OCTETs represents both the entity-length and the
1164// transfer-length. The Content-Length header field MUST NOT be sent
1165// if these two lengths are different (i.e., if a Transfer-Encoding
1166// header field is present). If a message is received with both a
1167// Transfer-Encoding header field and a Content-Length header field,
1168// the latter MUST be ignored.
1169// 4.If the message uses the media type "multipart/byteranges" ...
1170// 5.By the server closing the connection.
1171//
1172// (NB: standards do not define "Transfer-Length:" _header_,
1173// transfer-length above is just a concept).
1174
Denis Vlasenkof4310172007-09-21 22:35:18 +00001175 len += sprintf(iobuf + len,
1176#if ENABLE_FEATURE_HTTPD_RANGES
1177 "Accept-Ranges: bytes\r\n"
1178#endif
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001179 "Last-Modified: %s\r\n"
Alexander Vickberg210b5242019-04-17 11:34:21 +02001180 /* Because of 4.4 (5), we can forgo sending of "Content-Length"
1181 * since we close connection afterwards, but it helps clients
1182 * to e.g. estimate download times, show progress bars etc.
1183 * Theoretically we should not send it if page is compressed,
1184 * but de-facto standard is to send it (see comment below).
1185 */
1186 "Content-Length: %"OFF_FMT"u\r\n",
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001187 date_str,
Denis Vlasenkof4310172007-09-21 22:35:18 +00001188 file_size
1189 );
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001190 }
Peter Korsgaard7a2ba322010-07-25 03:20:53 +02001191
Alexander Vickberg210b5242019-04-17 11:34:21 +02001192 /* This should be "Transfer-Encoding", not "Content-Encoding":
1193 * "data is compressed for transfer", not "data is an archive".
1194 * But many clients were not handling "Transfer-Encoding" correctly
1195 * (they were not uncompressing gzipped pages, tried to show
1196 * raw compressed data), and servers worked around it by using
1197 * "Content-Encoding" instead... and this become de-facto standard.
1198 * https://bugzilla.mozilla.org/show_bug.cgi?id=68517
1199 * https://bugs.chromium.org/p/chromium/issues/detail?id=94730
1200 */
Peter Korsgaard7a2ba322010-07-25 03:20:53 +02001201 if (content_gzip)
1202 len += sprintf(iobuf + len, "Content-Encoding: gzip\r\n");
1203
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00001204 iobuf[len++] = '\r';
1205 iobuf[len++] = '\n';
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001206 if (infoString) {
Denis Vlasenko384b1d12007-08-14 16:55:01 +00001207 len += sprintf(iobuf + len,
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02001208 "<HTML><HEAD><TITLE>%u %s</TITLE></HEAD>\n"
1209 "<BODY><H1>%u %s</H1>\n"
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001210 "%s\n"
1211 "</BODY></HTML>\n",
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001212 responseNum, responseString,
Denys Vlasenko9f8eb1e2016-11-22 02:23:35 +01001213 responseNum, responseString,
1214 infoString
1215 );
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001216 }
Denys Vlasenko59f84752015-10-23 11:49:04 +02001217 if (DEBUG) {
1218 iobuf[len] = '\0';
Denis Vlasenko384b1d12007-08-14 16:55:01 +00001219 fprintf(stderr, "headers: '%s'\n", iobuf);
Denys Vlasenko59f84752015-10-23 11:49:04 +02001220 }
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +00001221 if (full_write(STDOUT_FILENO, iobuf, len) != len) {
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00001222 if (verbose > 1)
1223 bb_perror_msg("error");
1224 log_and_exit();
1225 }
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001226}
1227
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +00001228static void send_headers_and_exit(int responseNum) NORETURN;
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +00001229static void send_headers_and_exit(int responseNum)
Denis Vlasenkoe45af732007-08-17 19:19:15 +00001230{
Peter Korsgaard95755182011-03-25 13:38:52 +01001231 IF_FEATURE_HTTPD_GZIP(content_gzip = 0;)
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00001232 send_headers(responseNum);
1233 log_and_exit();
Denis Vlasenkoe45af732007-08-17 19:19:15 +00001234}
1235
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00001236/*
Denys Vlasenkod0ae4102019-04-16 11:07:37 +02001237 * Read from the socket until '\n' or EOF.
1238 * '\r' chars are removed.
Denis Vlasenko384b1d12007-08-14 16:55:01 +00001239 * '\n' is replaced with NUL.
1240 * Return number of characters read or 0 if nothing is read
1241 * ('\r' and '\n' are not counted).
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00001242 * Data is returned in iobuf.
1243 */
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02001244static unsigned get_line(void)
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001245{
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02001246 unsigned count;
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +00001247 char c;
Glenn L McGrath06e95652003-02-09 06:51:14 +00001248
Denys Vlasenkod0ae4102019-04-16 11:07:37 +02001249 count = 0;
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +00001250 while (1) {
1251 if (hdr_cnt <= 0) {
Denys Vlasenkoaf6012a2019-04-19 14:03:37 +02001252 alarm(HEADER_READ_TIMEOUT);
Denys Vlasenkoe6a2f4c2016-04-21 16:26:30 +02001253 hdr_cnt = safe_read(STDIN_FILENO, hdr_buf, sizeof_hdr_buf);
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +00001254 if (hdr_cnt <= 0)
Denys Vlasenkod0ae4102019-04-16 11:07:37 +02001255 goto ret;
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +00001256 hdr_ptr = hdr_buf;
1257 }
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +00001258 hdr_cnt--;
Denys Vlasenkod0ae4102019-04-16 11:07:37 +02001259 c = *hdr_ptr++;
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +00001260 if (c == '\r')
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00001261 continue;
Denys Vlasenkod0ae4102019-04-16 11:07:37 +02001262 if (c == '\n')
Denis Vlasenko2ca84f62009-02-05 12:38:21 +00001263 break;
Denys Vlasenkod0ae4102019-04-16 11:07:37 +02001264 iobuf[count] = c;
Denis Vlasenko921799d2007-08-19 19:28:09 +00001265 if (count < (IOBUF_SIZE - 1)) /* check overflow */
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001266 count++;
1267 }
Denys Vlasenkod0ae4102019-04-16 11:07:37 +02001268 ret:
1269 iobuf[count] = '\0';
Denis Vlasenko384b1d12007-08-14 16:55:01 +00001270 return count;
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001271}
1272
Denis Vlasenkof74194e2007-10-18 12:54:39 +00001273#if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001274
1275/* gcc 4.2.1 fares better with NOINLINE */
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +00001276static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post_len) NORETURN;
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001277static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post_len)
1278{
1279 enum { FROM_CGI = 1, TO_CGI = 2 }; /* indexes in pfd[] */
1280 struct pollfd pfd[3];
1281 int out_cnt; /* we buffer a bit of initial CGI output */
1282 int count;
1283
1284 /* iobuf is used for CGI -> network data,
1285 * hdr_buf is for network -> CGI data (POSTDATA) */
1286
1287 /* If CGI dies, we still want to correctly finish reading its output
1288 * and send it to the peer. So please no SIGPIPEs! */
1289 signal(SIGPIPE, SIG_IGN);
1290
Denis Vlasenko4a457562007-10-14 02:34:20 +00001291 // We inconsistently handle a case when more POSTDATA from network
1292 // is coming than we expected. We may give *some part* of that
1293 // extra data to CGI.
1294
1295 //if (hdr_cnt > post_len) {
1296 // /* We got more POSTDATA from network than we expected */
1297 // hdr_cnt = post_len;
1298 //}
1299 post_len -= hdr_cnt;
1300 /* post_len - number of POST bytes not yet read from network */
1301
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001302 /* NB: breaking out of this loop jumps to log_and_exit() */
1303 out_cnt = 0;
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +02001304 pfd[FROM_CGI].fd = fromCgi_rd;
1305 pfd[FROM_CGI].events = POLLIN;
1306 pfd[TO_CGI].fd = toCgi_wr;
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001307 while (1) {
Denys Vlasenkofbe250d2013-09-11 14:59:21 +02001308 /* Note: even pfd[0].events == 0 won't prevent
1309 * revents == POLLHUP|POLLERR reports from closed stdin.
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +02001310 * Setting fd to -1 works: */
Denys Vlasenkofbe250d2013-09-11 14:59:21 +02001311 pfd[0].fd = -1;
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +02001312 pfd[0].events = POLLIN;
1313 pfd[0].revents = 0; /* probably not needed, paranoia */
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001314
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +02001315 /* We always poll this fd, thus kernel always sets revents: */
1316 /*pfd[FROM_CGI].events = POLLIN; - moved out of loop */
1317 /*pfd[FROM_CGI].revents = 0; - not needed */
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001318
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +02001319 /* gcc-4.8.0 still doesnt fill two shorts with one insn :( */
1320 /* http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47059 */
1321 /* hopefully one day it will... */
Denys Vlasenkofbe250d2013-09-11 14:59:21 +02001322 pfd[TO_CGI].events = POLLOUT;
Denys Vlasenkoa6ed6a32013-09-18 12:08:41 +02001323 pfd[TO_CGI].revents = 0; /* needed! */
Denys Vlasenkofbe250d2013-09-11 14:59:21 +02001324
1325 if (toCgi_wr && hdr_cnt <= 0) {
1326 if (post_len > 0) {
1327 /* Expect more POST data from network */
1328 pfd[0].fd = 0;
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001329 } else {
1330 /* post_len <= 0 && hdr_cnt <= 0:
1331 * no more POST data to CGI,
1332 * let CGI see EOF on CGI's stdin */
Denys Vlasenko8fc9e6a2010-04-02 10:40:58 +02001333 if (toCgi_wr != fromCgi_rd)
1334 close(toCgi_wr);
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001335 toCgi_wr = 0;
1336 }
1337 }
1338
1339 /* Now wait on the set of sockets */
Denys Vlasenkofbe250d2013-09-11 14:59:21 +02001340 count = safe_poll(pfd, hdr_cnt > 0 ? TO_CGI+1 : FROM_CGI+1, -1);
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001341 if (count <= 0) {
1342#if 0
Denis Vlasenkofb0eba72008-01-02 19:55:04 +00001343 if (safe_waitpid(pid, &status, WNOHANG) <= 0) {
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001344 /* Weird. CGI didn't exit and no fd's
1345 * are ready, yet poll returned?! */
1346 continue;
1347 }
1348 if (DEBUG && WIFEXITED(status))
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02001349 bb_error_msg("CGI exited, status=%u", WEXITSTATUS(status));
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001350 if (DEBUG && WIFSIGNALED(status))
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02001351 bb_error_msg("CGI killed, signal=%u", WTERMSIG(status));
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001352#endif
1353 break;
1354 }
1355
Denys Vlasenko88aa5582010-03-02 15:02:45 +01001356 if (pfd[TO_CGI].revents) {
Denys Vlasenkofbe250d2013-09-11 14:59:21 +02001357 /* hdr_cnt > 0 here due to the way poll() called */
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001358 /* Have data from peer and can write to CGI */
1359 count = safe_write(toCgi_wr, hdr_ptr, hdr_cnt);
1360 /* Doesn't happen, we dont use nonblocking IO here
1361 *if (count < 0 && errno == EAGAIN) {
1362 * ...
1363 *} else */
1364 if (count > 0) {
1365 hdr_ptr += count;
1366 hdr_cnt -= count;
1367 } else {
1368 /* EOF/broken pipe to CGI, stop piping POST data */
1369 hdr_cnt = post_len = 0;
1370 }
1371 }
1372
Denys Vlasenko88aa5582010-03-02 15:02:45 +01001373 if (pfd[0].revents) {
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001374 /* post_len > 0 && hdr_cnt == 0 here */
1375 /* We expect data, prev data portion is eaten by CGI
1376 * and there *is* data to read from the peer
1377 * (POSTDATA) */
Denys Vlasenkoe6a2f4c2016-04-21 16:26:30 +02001378 //count = post_len > (int)sizeof_hdr_buf ? (int)sizeof_hdr_buf : post_len;
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +00001379 //count = safe_read(STDIN_FILENO, hdr_buf, count);
Denys Vlasenkoe6a2f4c2016-04-21 16:26:30 +02001380 count = safe_read(STDIN_FILENO, hdr_buf, sizeof_hdr_buf);
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001381 if (count > 0) {
1382 hdr_cnt = count;
1383 hdr_ptr = hdr_buf;
1384 post_len -= count;
1385 } else {
1386 /* no more POST data can be read */
1387 post_len = 0;
1388 }
1389 }
1390
Denys Vlasenko88aa5582010-03-02 15:02:45 +01001391 if (pfd[FROM_CGI].revents) {
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001392 /* There is something to read from CGI */
1393 char *rbuf = iobuf;
1394
1395 /* Are we still buffering CGI output? */
1396 if (out_cnt >= 0) {
1397 /* HTTP_200[] has single "\r\n" at the end.
1398 * According to http://hoohoo.ncsa.uiuc.edu/cgi/out.html,
1399 * CGI scripts MUST send their own header terminated by
1400 * empty line, then data. That's why we have only one
1401 * <cr><lf> pair here. We will output "200 OK" line
1402 * if needed, but CGI still has to provide blank line
1403 * between header and body */
1404
1405 /* Must use safe_read, not full_read, because
1406 * CGI may output a few first bytes and then wait
1407 * for POSTDATA without closing stdout.
1408 * With full_read we may wait here forever. */
Denys Vlasenko1c356942019-04-19 14:19:41 +02001409 count = safe_read(fromCgi_rd, rbuf + out_cnt, IOBUF_SIZE - 8);
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001410 if (count <= 0) {
1411 /* eof (or error) and there was no "HTTP",
Denys Vlasenko1c356942019-04-19 14:19:41 +02001412 * send "HTTP/1.0 200 OK\r\n", then send received data */
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001413 if (out_cnt) {
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +00001414 full_write(STDOUT_FILENO, HTTP_200, sizeof(HTTP_200)-1);
1415 full_write(STDOUT_FILENO, rbuf, out_cnt);
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001416 }
1417 break; /* CGI stdout is closed, exiting */
1418 }
1419 out_cnt += count;
1420 count = 0;
1421 /* "Status" header format is: "Status: 302 Redirected\r\n" */
Denys Vlasenko94aaf4b2017-09-01 17:06:12 +02001422 if (out_cnt >= 8 && memcmp(rbuf, "Status: ", 8) == 0) {
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001423 /* send "HTTP/1.0 " */
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +00001424 if (full_write(STDOUT_FILENO, HTTP_200, 9) != 9)
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001425 break;
Denys Vlasenko94aaf4b2017-09-01 17:06:12 +02001426 /* skip "Status: " (including space, sending "HTTP/1.0 NNN" is wrong) */
1427 rbuf += 8;
1428 count = out_cnt - 8;
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001429 out_cnt = -1; /* buffering off */
1430 } else if (out_cnt >= 4) {
1431 /* Did CGI add "HTTP"? */
1432 if (memcmp(rbuf, HTTP_200, 4) != 0) {
1433 /* there is no "HTTP", do it ourself */
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +00001434 if (full_write(STDOUT_FILENO, HTTP_200, sizeof(HTTP_200)-1) != sizeof(HTTP_200)-1)
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001435 break;
1436 }
1437 /* Commented out:
1438 if (!strstr(rbuf, "ontent-")) {
1439 full_write(s, "Content-type: text/plain\r\n\r\n", 28);
1440 }
1441 * Counter-example of valid CGI without Content-type:
1442 * echo -en "HTTP/1.0 302 Found\r\n"
1443 * echo -en "Location: http://www.busybox.net\r\n"
1444 * echo -en "\r\n"
1445 */
1446 count = out_cnt;
1447 out_cnt = -1; /* buffering off */
1448 }
1449 } else {
Denys Vlasenko1c356942019-04-19 14:19:41 +02001450 count = safe_read(fromCgi_rd, rbuf, IOBUF_SIZE);
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001451 if (count <= 0)
1452 break; /* eof (or error) */
1453 }
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +00001454 if (full_write(STDOUT_FILENO, rbuf, count) != count)
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001455 break;
1456 if (DEBUG)
1457 fprintf(stderr, "cgi read %d bytes: '%.*s'\n", count, count, rbuf);
1458 } /* if (pfd[FROM_CGI].revents) */
1459 } /* while (1) */
1460 log_and_exit();
1461}
Denis Vlasenkof74194e2007-10-18 12:54:39 +00001462#endif
1463
1464#if ENABLE_FEATURE_HTTPD_CGI
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001465
Denis Vlasenko921799d2007-08-19 19:28:09 +00001466static void setenv1(const char *name, const char *value)
1467{
1468 setenv(name, value ? value : "", 1);
1469}
1470
Denis Vlasenko241b1562007-08-17 19:18:47 +00001471/*
1472 * Spawn CGI script, forward CGI's stdin/out <=> network
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001473 *
Denis Vlasenko241b1562007-08-17 19:18:47 +00001474 * Environment variables are set up and the script is invoked with pipes
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001475 * for stdin/stdout. If a POST is being done the script is fed the POST
Denis Vlasenko241b1562007-08-17 19:18:47 +00001476 * data in addition to setting the QUERY_STRING variable (for GETs or POSTs).
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001477 *
Denis Vlasenko241b1562007-08-17 19:18:47 +00001478 * Parameters:
1479 * const char *url The requested URL (with leading /).
Denys Vlasenko03419aa2011-12-19 12:30:34 +01001480 * const char *orig_uri The original URI before rewriting (if any)
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001481 * int post_len Length of the POST body.
Denis Vlasenko241b1562007-08-17 19:18:47 +00001482 */
1483static void send_cgi_and_exit(
1484 const char *url,
Denys Vlasenko03419aa2011-12-19 12:30:34 +01001485 const char *orig_uri,
Denis Vlasenko241b1562007-08-17 19:18:47 +00001486 const char *request,
Denys Vlasenkofba665a2019-04-16 11:37:02 +02001487 int post_len) NORETURN;
Denis Vlasenko241b1562007-08-17 19:18:47 +00001488static void send_cgi_and_exit(
1489 const char *url,
Denys Vlasenko03419aa2011-12-19 12:30:34 +01001490 const char *orig_uri,
Denis Vlasenko241b1562007-08-17 19:18:47 +00001491 const char *request,
Denys Vlasenkofba665a2019-04-16 11:37:02 +02001492 int post_len)
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001493{
Denis Vlasenko37188322008-02-16 13:20:56 +00001494 struct fd_pair fromCgi; /* CGI -> httpd pipe */
1495 struct fd_pair toCgi; /* httpd -> CGI pipe */
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +01001496 char *script, *last_slash;
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001497 int pid;
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001498
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001499 /* Make a copy. NB: caller guarantees:
1500 * url[0] == '/', url[1] != '/' */
1501 url = xstrdup(url);
1502
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001503 /*
1504 * We are mucking with environment _first_ and then vfork/exec,
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001505 * this allows us to use vfork safely. Parent doesn't care about
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001506 * these environment changes anyway.
1507 */
1508
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001509 /* Check for [dirs/]script.cgi/PATH_INFO */
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +01001510 last_slash = script = (char*)url;
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001511 while ((script = strchr(script + 1, '/')) != NULL) {
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +01001512 int dir;
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001513 *script = '\0';
Denys Vlasenkof282c6b2011-12-18 03:27:46 +01001514 dir = is_directory(url + 1, /*followlinks:*/ 1);
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +01001515 *script = '/';
1516 if (!dir) {
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001517 /* not directory, found script.cgi/PATH_INFO */
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001518 break;
1519 }
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +01001520 /* is directory, find next '/' */
1521 last_slash = script;
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001522 }
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001523 setenv1("PATH_INFO", script); /* set to /PATH_INFO or "" */
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001524 setenv1("REQUEST_METHOD", request);
1525 if (g_query) {
Denys Vlasenko03419aa2011-12-19 12:30:34 +01001526 putenv(xasprintf("%s=%s?%s", "REQUEST_URI", orig_uri, g_query));
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001527 } else {
Denys Vlasenko03419aa2011-12-19 12:30:34 +01001528 setenv1("REQUEST_URI", orig_uri);
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001529 }
1530 if (script != NULL)
1531 *script = '\0'; /* cut off /PATH_INFO */
1532
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001533 /* SCRIPT_FILENAME is required by PHP in CGI mode */
1534 if (home_httpd[0] == '/') {
1535 char *fullpath = concat_path_file(home_httpd, url);
1536 setenv1("SCRIPT_FILENAME", fullpath);
1537 }
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001538 /* set SCRIPT_NAME as full path: /cgi-bin/dirs/script.cgi */
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001539 setenv1("SCRIPT_NAME", url);
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001540 /* http://hoohoo.ncsa.uiuc.edu/cgi/env.html:
1541 * QUERY_STRING: The information which follows the ? in the URL
1542 * which referenced this script. This is the query information.
1543 * It should not be decoded in any fashion. This variable
1544 * should always be set when there is query information,
1545 * regardless of command line decoding. */
1546 /* (Older versions of bbox seem to do some decoding) */
1547 setenv1("QUERY_STRING", g_query);
1548 putenv((char*)"SERVER_SOFTWARE=busybox httpd/"BB_VER);
1549 putenv((char*)"SERVER_PROTOCOL=HTTP/1.0");
1550 putenv((char*)"GATEWAY_INTERFACE=CGI/1.1");
1551 /* Having _separate_ variables for IP and port defeats
1552 * the purpose of having socket abstraction. Which "port"
1553 * are you using on Unix domain socket?
1554 * IOW - REMOTE_PEER="1.2.3.4:56" makes much more sense.
1555 * Oh well... */
1556 {
1557 char *p = rmt_ip_str ? rmt_ip_str : (char*)"";
1558 char *cp = strrchr(p, ':');
1559 if (ENABLE_FEATURE_IPV6 && cp && strchr(cp, ']'))
1560 cp = NULL;
1561 if (cp) *cp = '\0'; /* delete :PORT */
1562 setenv1("REMOTE_ADDR", p);
Denis Vlasenko37c33162007-08-19 18:54:22 +00001563 if (cp) {
1564 *cp = ':';
1565#if ENABLE_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV
1566 setenv1("REMOTE_PORT", cp + 1);
1567#endif
1568 }
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001569 }
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001570 if (post_len)
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02001571 putenv(xasprintf("CONTENT_LENGTH=%u", post_len));
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001572#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
1573 if (remoteuser) {
1574 setenv1("REMOTE_USER", remoteuser);
1575 putenv((char*)"AUTH_TYPE=Basic");
1576 }
1577#endif
Denis Vlasenkocbb4e612009-03-18 20:00:46 +00001578 /* setenv1("SERVER_NAME", safe_gethostname()); - don't do this,
1579 * just run "env SERVER_NAME=xyz httpd ..." instead */
Glenn L McGrath06e95652003-02-09 06:51:14 +00001580
Denis Vlasenko37188322008-02-16 13:20:56 +00001581 xpiped_pair(fromCgi);
1582 xpiped_pair(toCgi);
Denis Vlasenkoa3ee69f2006-11-21 00:07:31 +00001583
Denis Vlasenko80281fe2007-03-07 22:16:38 +00001584 pid = vfork();
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00001585 if (pid < 0) {
1586 /* TODO: log perror? */
1587 log_and_exit();
1588 }
Denis Vlasenkof7996f32007-01-11 17:20:00 +00001589
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +01001590 if (pid == 0) {
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001591 /* Child process */
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001592 char *argv[3];
1593
Denis Vlasenko241b1562007-08-17 19:18:47 +00001594 xfunc_error_retval = 242;
1595
Denis Vlasenko284d0fa2008-02-16 13:18:17 +00001596 /* NB: close _first_, then move fds! */
1597 close(toCgi.wr);
1598 close(fromCgi.rd);
Denis Vlasenkoe5d37cc2007-08-11 20:20:02 +00001599 xmove_fd(toCgi.rd, 0); /* replace stdin with the pipe */
1600 xmove_fd(fromCgi.wr, 1); /* replace stdout with the pipe */
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001601 /* User seeing stderr output can be a security problem.
Denis Vlasenko241b1562007-08-17 19:18:47 +00001602 * If CGI really wants that, it can always do dup itself. */
Denis Vlasenko1ec15cd2007-08-11 20:20:43 +00001603 /* dup2(1, 2); */
Glenn L McGrath06e95652003-02-09 06:51:14 +00001604
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001605 /* Chdiring to script's dir */
Denys Vlasenkof85bd1a2011-12-18 03:22:36 +01001606 script = last_slash;
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001607 if (script != url) { /* paranoia */
1608 *script = '\0';
1609 if (chdir(url + 1) != 0) {
Pascal Bellard70fc8c12012-06-12 13:21:02 +02001610 bb_perror_msg("can't change directory to '%s'", url + 1);
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001611 goto error_execing_cgi;
1612 }
1613 // not needed: *script = '/';
1614 }
1615 script++;
Denis Vlasenkoa3ee69f2006-11-21 00:07:31 +00001616
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001617 /* set argv[0] to name without path */
1618 argv[0] = script;
1619 argv[1] = NULL;
Denis Vlasenkofc213052008-02-11 16:26:22 +00001620
1621#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001622 {
1623 char *suffix = strrchr(script, '.');
Denis Vlasenkofc213052008-02-11 16:26:22 +00001624
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001625 if (suffix) {
1626 Htaccess *cur;
1627 for (cur = script_i; cur; cur = cur->next) {
1628 if (strcmp(cur->before_colon + 1, suffix) == 0) {
1629 /* found interpreter name */
1630 argv[0] = cur->after_colon;
1631 argv[1] = script;
1632 argv[2] = NULL;
1633 break;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001634 }
1635 }
Denis Vlasenkoa3ee69f2006-11-21 00:07:31 +00001636 }
Denis Vlasenkoa3ee69f2006-11-21 00:07:31 +00001637 }
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001638#endif
1639 /* restore default signal dispositions for CGI process */
1640 bb_signals(0
1641 | (1 << SIGCHLD)
1642 | (1 << SIGPIPE)
1643 | (1 << SIGHUP)
1644 , SIG_DFL);
1645
1646 /* _NOT_ execvp. We do not search PATH. argv[0] is a filename
1647 * without any dir components and will only match a file
1648 * in the current directory */
1649 execv(argv[0], argv);
1650 if (verbose)
Denys Vlasenko31c3dad2010-06-27 16:57:55 +02001651 bb_perror_msg("can't execute '%s'", argv[0]);
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00001652 error_execing_cgi:
Denis Vlasenkoe45af732007-08-17 19:19:15 +00001653 /* send to stdout
1654 * (we are CGI here, our stdout is pumped to the net) */
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00001655 send_headers_and_exit(HTTP_NOT_FOUND);
Denis Vlasenkoa3ee69f2006-11-21 00:07:31 +00001656 } /* end child */
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001657
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001658 /* Parent process */
1659
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001660 /* Restore variables possibly changed by child */
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001661 xfunc_error_retval = 0;
Denis Vlasenkob98c26a2007-08-17 19:21:12 +00001662
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001663 /* Pump data */
Denis Vlasenkoe5d37cc2007-08-11 20:20:02 +00001664 close(fromCgi.wr);
1665 close(toCgi.rd);
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001666 cgi_io_loop_and_exit(fromCgi.rd, toCgi.wr, post_len);
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001667}
Denis Vlasenko32a471e2007-09-23 13:56:57 +00001668
Denis Vlasenkob3a07152006-11-16 18:04:43 +00001669#endif /* FEATURE_HTTPD_CGI */
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001670
Denis Vlasenko241b1562007-08-17 19:18:47 +00001671/*
1672 * Send a file response to a HTTP request, and exit
Denis Vlasenko3f5fdc72007-10-14 04:55:59 +00001673 *
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +00001674 * Parameters:
Denis Vlasenko2f518b02008-02-21 00:12:07 +00001675 * const char *url The requested URL (with leading /).
1676 * what What to send (headers/body/both).
Denis Vlasenko241b1562007-08-17 19:18:47 +00001677 */
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001678static NOINLINE void send_file_and_exit(const char *url, int what)
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001679{
Denis Vlasenko1b9064d2007-08-12 21:05:49 +00001680 char *suffix;
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001681 int fd;
Denis Vlasenko1b9064d2007-08-12 21:05:49 +00001682 ssize_t count;
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001683
Peter Korsgaard7a2ba322010-07-25 03:20:53 +02001684 if (content_gzip) {
1685 /* does <url>.gz exist? Then use it instead */
1686 char *gzurl = xasprintf("%s.gz", url);
1687 fd = open(gzurl, O_RDONLY);
1688 free(gzurl);
1689 if (fd != -1) {
1690 struct stat sb;
1691 fstat(fd, &sb);
1692 file_size = sb.st_size;
Denys Vlasenko8030a142011-01-11 17:59:45 +01001693 last_mod = sb.st_mtime;
Peter Korsgaard7a2ba322010-07-25 03:20:53 +02001694 } else {
1695 IF_FEATURE_HTTPD_GZIP(content_gzip = 0;)
1696 fd = open(url, O_RDONLY);
1697 }
1698 } else {
1699 fd = open(url, O_RDONLY);
1700 }
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001701 if (fd < 0) {
1702 if (DEBUG)
1703 bb_perror_msg("can't open '%s'", url);
1704 /* Error pages are sent by using send_file_and_exit(SEND_BODY).
1705 * IOW: it is unsafe to call send_headers_and_exit
1706 * if what is SEND_BODY! Can recurse! */
1707 if (what != SEND_BODY)
1708 send_headers_and_exit(HTTP_NOT_FOUND);
1709 log_and_exit();
1710 }
Denis Vlasenko2f518b02008-02-21 00:12:07 +00001711 /* If you want to know about EPIPE below
1712 * (happens if you abort downloads from local httpd): */
1713 signal(SIGPIPE, SIG_IGN);
1714
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02001715 /* If not found, default is to not send "Content-type:" */
1716 /*found_mime_type = NULL; - already is */
Denys Vlasenko33d8d082009-09-10 01:46:02 +02001717 suffix = strrchr(url, '.');
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001718 if (suffix) {
Denys Vlasenko33d8d082009-09-10 01:46:02 +02001719 static const char suffixTable[] ALIGN1 =
1720 /* Shorter suffix must be first:
1721 * ".html.htm" will fail for ".htm"
1722 */
1723 ".txt.h.c.cc.cpp\0" "text/plain\0"
1724 /* .htm line must be after .h line */
1725 ".htm.html\0" "text/html\0"
1726 ".jpg.jpeg\0" "image/jpeg\0"
1727 ".gif\0" "image/gif\0"
1728 ".png\0" "image/png\0"
1729 /* .css line must be after .c line */
1730 ".css\0" "text/css\0"
1731 ".wav\0" "audio/wav\0"
1732 ".avi\0" "video/x-msvideo\0"
1733 ".qt.mov\0" "video/quicktime\0"
1734 ".mpe.mpeg\0" "video/mpeg\0"
1735 ".mid.midi\0" "audio/midi\0"
1736 ".mp3\0" "audio/mpeg\0"
1737#if 0 /* unpopular */
1738 ".au\0" "audio/basic\0"
1739 ".pac\0" "application/x-ns-proxy-autoconfig\0"
1740 ".vrml.wrl\0" "model/vrml\0"
1741#endif
1742 /* compiler adds another "\0" here */
1743 ;
Denis Vlasenko073214f2007-08-17 19:20:07 +00001744 Htaccess *cur;
Denys Vlasenko33d8d082009-09-10 01:46:02 +02001745
1746 /* Examine built-in table */
1747 const char *table = suffixTable;
1748 const char *table_next;
1749 for (; *table; table = table_next) {
1750 const char *try_suffix;
1751 const char *mime_type;
1752 mime_type = table + strlen(table) + 1;
1753 table_next = mime_type + strlen(mime_type) + 1;
1754 try_suffix = strstr(table, suffix);
1755 if (!try_suffix)
1756 continue;
1757 try_suffix += strlen(suffix);
1758 if (*try_suffix == '\0' || *try_suffix == '.') {
1759 found_mime_type = mime_type;
1760 break;
Denis Vlasenko073214f2007-08-17 19:20:07 +00001761 }
Denys Vlasenko33d8d082009-09-10 01:46:02 +02001762 /* Example: strstr(table, ".av") != NULL, but it
1763 * does not match ".avi" after all and we end up here.
1764 * The table is arranged so that in this case we know
1765 * that it can't match anything in the following lines,
1766 * and we stop the search: */
1767 break;
Denis Vlasenko073214f2007-08-17 19:20:07 +00001768 }
Denys Vlasenko33d8d082009-09-10 01:46:02 +02001769 /* ...then user's table */
Denis Vlasenko77e44d62007-06-09 23:49:05 +00001770 for (cur = mime_a; cur; cur = cur->next) {
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001771 if (strcmp(cur->before_colon, suffix) == 0) {
Denis Vlasenko77e44d62007-06-09 23:49:05 +00001772 found_mime_type = cur->after_colon;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001773 break;
1774 }
1775 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001776 }
Bernhard Reutner-Fischer62851172009-05-03 18:53:22 +02001777
1778 if (DEBUG)
1779 bb_error_msg("sending file '%s' content-type: %s",
1780 url, found_mime_type);
1781
Denis Vlasenkof4310172007-09-21 22:35:18 +00001782#if ENABLE_FEATURE_HTTPD_RANGES
Peter Korsgaard7a2ba322010-07-25 03:20:53 +02001783 if (what == SEND_BODY /* err pages and ranges don't mix */
1784 || content_gzip /* we are sending compressed page: can't do ranges */ ///why?
1785 ) {
Denys Vlasenko8cce1b32012-02-19 17:18:45 +01001786 range_start = -1;
Peter Korsgaard7a2ba322010-07-25 03:20:53 +02001787 }
Denis Vlasenkof4310172007-09-21 22:35:18 +00001788 range_len = MAXINT(off_t);
Denys Vlasenko8cce1b32012-02-19 17:18:45 +01001789 if (range_start >= 0) {
Rob Walker7a426932012-04-03 08:09:28 +02001790 if (!range_end || range_end > file_size - 1) {
Denis Vlasenkof4310172007-09-21 22:35:18 +00001791 range_end = file_size - 1;
1792 }
1793 if (range_end < range_start
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001794 || lseek(fd, range_start, SEEK_SET) != range_start
Denis Vlasenkof4310172007-09-21 22:35:18 +00001795 ) {
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001796 lseek(fd, 0, SEEK_SET);
Denys Vlasenko8cce1b32012-02-19 17:18:45 +01001797 range_start = -1;
Denis Vlasenkof4310172007-09-21 22:35:18 +00001798 } else {
1799 range_len = range_end - range_start + 1;
1800 send_headers(HTTP_PARTIAL_CONTENT);
Denis Vlasenko2f518b02008-02-21 00:12:07 +00001801 what = SEND_BODY;
Denis Vlasenkof4310172007-09-21 22:35:18 +00001802 }
1803 }
1804#endif
Denis Vlasenko2f518b02008-02-21 00:12:07 +00001805 if (what & SEND_HEADERS)
Denis Vlasenkoe58e8d92007-08-21 10:26:55 +00001806 send_headers(HTTP_OK);
Bartosz Golaszewski8d75d792014-11-27 13:20:24 +01001807#if ENABLE_FEATURE_USE_SENDFILE
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001808 {
1809 off_t offset = range_start;
1810 while (1) {
1811 /* sz is rounded down to 64k */
1812 ssize_t sz = MAXINT(ssize_t) - 0xffff;
Denis Vlasenko5e34ff22009-04-21 11:09:40 +00001813 IF_FEATURE_HTTPD_RANGES(if (sz > range_len) sz = range_len;)
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001814 count = sendfile(STDOUT_FILENO, fd, &offset, sz);
1815 if (count < 0) {
1816 if (offset == range_start)
1817 break; /* fall back to read/write loop */
1818 goto fin;
1819 }
Denys Vlasenkoef43bea2012-02-04 21:37:17 +01001820 IF_FEATURE_HTTPD_RANGES(range_len -= count;)
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001821 if (count == 0 || range_len == 0)
1822 log_and_exit();
Denis Vlasenko1b9064d2007-08-12 21:05:49 +00001823 }
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001824 }
Denis Vlasenko1b9064d2007-08-12 21:05:49 +00001825#endif
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001826 while ((count = safe_read(fd, iobuf, IOBUF_SIZE)) > 0) {
Denis Vlasenkof4310172007-09-21 22:35:18 +00001827 ssize_t n;
Denis Vlasenko5e34ff22009-04-21 11:09:40 +00001828 IF_FEATURE_HTTPD_RANGES(if (count > range_len) count = range_len;)
Bernhard Reutner-Fischer5e25ddb2008-05-19 09:48:17 +00001829 n = full_write(STDOUT_FILENO, iobuf, count);
Denis Vlasenko241b1562007-08-17 19:18:47 +00001830 if (count != n)
Denis Vlasenko1b9064d2007-08-12 21:05:49 +00001831 break;
Denis Vlasenko5e34ff22009-04-21 11:09:40 +00001832 IF_FEATURE_HTTPD_RANGES(range_len -= count;)
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001833 if (range_len == 0)
Denis Vlasenkof4310172007-09-21 22:35:18 +00001834 break;
Denis Vlasenko1b9064d2007-08-12 21:05:49 +00001835 }
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001836 if (count < 0) {
Bartosz Golaszewski8d75d792014-11-27 13:20:24 +01001837 IF_FEATURE_USE_SENDFILE(fin:)
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00001838 if (verbose > 1)
1839 bb_perror_msg("error");
1840 }
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00001841 log_and_exit();
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001842}
1843
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02001844static void if_ip_denied_send_HTTP_FORBIDDEN_and_exit(unsigned remote_ip)
Glenn L McGrathb65422c2003-09-08 10:59:27 +00001845{
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00001846 Htaccess_IP *cur;
Glenn L McGrathb65422c2003-09-08 10:59:27 +00001847
Denis Vlasenko77e44d62007-06-09 23:49:05 +00001848 for (cur = ip_a_d; cur; cur = cur->next) {
Denis Vlasenkob64eed62007-01-14 17:06:11 +00001849#if DEBUG
Denis Vlasenko384b1d12007-08-14 16:55:01 +00001850 fprintf(stderr,
1851 "checkPermIP: '%s' ? '%u.%u.%u.%u/%u.%u.%u.%u'\n",
1852 rmt_ip_str,
Denis Vlasenko6536a9b2007-01-12 10:35:23 +00001853 (unsigned char)(cur->ip >> 24),
1854 (unsigned char)(cur->ip >> 16),
1855 (unsigned char)(cur->ip >> 8),
1856 (unsigned char)(cur->ip),
1857 (unsigned char)(cur->mask >> 24),
1858 (unsigned char)(cur->mask >> 16),
1859 (unsigned char)(cur->mask >> 8),
1860 (unsigned char)(cur->mask)
1861 );
Denis Vlasenko3bba5452006-12-30 17:57:03 +00001862#endif
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02001863 if ((remote_ip & cur->mask) == cur->ip) {
Denys Vlasenko51792e12019-04-14 19:57:13 +02001864 if (cur->allow_deny == 'A')
1865 return;
1866 send_headers_and_exit(HTTP_FORBIDDEN);
Denys Vlasenkoff36bec2019-04-16 10:14:50 +02001867 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001868 }
Glenn L McGrathb65422c2003-09-08 10:59:27 +00001869
Denys Vlasenko51792e12019-04-14 19:57:13 +02001870 if (flg_deny_all) /* depends on whether we saw "D:*" */
1871 send_headers_and_exit(HTTP_FORBIDDEN);
Glenn L McGrathb65422c2003-09-08 10:59:27 +00001872}
1873
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +00001874#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Pascal Bellard72917552011-11-29 13:51:11 +01001875
Denys Vlasenko8cab6672012-04-20 14:48:00 +02001876# if ENABLE_PAM
Pascal Bellard72917552011-11-29 13:51:11 +01001877struct pam_userinfo {
1878 const char *name;
1879 const char *pw;
1880};
1881
1882static int pam_talker(int num_msg,
1883 const struct pam_message **msg,
1884 struct pam_response **resp,
1885 void *appdata_ptr)
1886{
1887 int i;
1888 struct pam_userinfo *userinfo = (struct pam_userinfo *) appdata_ptr;
1889 struct pam_response *response;
1890
1891 if (!resp || !msg || !userinfo)
1892 return PAM_CONV_ERR;
1893
1894 /* allocate memory to store response */
1895 response = xzalloc(num_msg * sizeof(*response));
1896
1897 /* copy values */
1898 for (i = 0; i < num_msg; i++) {
1899 const char *s;
1900
1901 switch (msg[i]->msg_style) {
1902 case PAM_PROMPT_ECHO_ON:
1903 s = userinfo->name;
1904 break;
1905 case PAM_PROMPT_ECHO_OFF:
1906 s = userinfo->pw;
1907 break;
Denys Vlasenko69675782013-01-14 01:34:48 +01001908 case PAM_ERROR_MSG:
Denys Vlasenko982e87f2013-07-30 11:52:58 +02001909 case PAM_TEXT_INFO:
1910 s = "";
Pascal Bellard72917552011-11-29 13:51:11 +01001911 break;
1912 default:
1913 free(response);
1914 return PAM_CONV_ERR;
1915 }
1916 response[i].resp = xstrdup(s);
1917 if (PAM_SUCCESS != 0)
1918 response[i].resp_retcode = PAM_SUCCESS;
1919 }
1920 *resp = response;
1921 return PAM_SUCCESS;
1922}
1923# endif
1924
Denis Vlasenko073214f2007-08-17 19:20:07 +00001925/*
Denis Vlasenko0eb406c2008-06-13 09:53:06 +00001926 * Config file entries are of the form "/<path>:<user>:<passwd>".
1927 * If config file has no prefix match for path, access is allowed.
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001928 *
Denis Vlasenko0eb406c2008-06-13 09:53:06 +00001929 * path The file path
1930 * user_and_passwd "user:passwd" to validate
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001931 *
Denis Vlasenko0eb406c2008-06-13 09:53:06 +00001932 * Returns 1 if user_and_passwd is OK.
Denis Vlasenko073214f2007-08-17 19:20:07 +00001933 */
Pascal Bellard72917552011-11-29 13:51:11 +01001934static int check_user_passwd(const char *path, char *user_and_passwd)
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001935{
Denis Vlasenko073214f2007-08-17 19:20:07 +00001936 Htaccess *cur;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00001937 const char *prev = NULL;
Glenn L McGrath58c708a2003-01-05 04:01:56 +00001938
Denis Vlasenko77e44d62007-06-09 23:49:05 +00001939 for (cur = g_auth; cur; cur = cur->next) {
Denis Vlasenko25b46302008-06-13 09:55:13 +00001940 const char *dir_prefix;
1941 size_t len;
Pascal Bellard72917552011-11-29 13:51:11 +01001942 int r;
Denis Vlasenkob3a07152006-11-16 18:04:43 +00001943
Denis Vlasenko25b46302008-06-13 09:55:13 +00001944 dir_prefix = cur->before_colon;
1945
1946 /* WHY? */
1947 /* If already saw a match, don't accept other different matches */
1948 if (prev && strcmp(prev, dir_prefix) != 0)
1949 continue;
1950
Denis Vlasenkob3a07152006-11-16 18:04:43 +00001951 if (DEBUG)
Denis Vlasenko25b46302008-06-13 09:55:13 +00001952 fprintf(stderr, "checkPerm: '%s' ? '%s'\n", dir_prefix, user_and_passwd);
Glenn L McGrath06e95652003-02-09 06:51:14 +00001953
Denis Vlasenko25b46302008-06-13 09:55:13 +00001954 /* If it's not a prefix match, continue searching */
1955 len = strlen(dir_prefix);
1956 if (len != 1 /* dir_prefix "/" matches all, don't need to check */
1957 && (strncmp(dir_prefix, path, len) != 0
Pascal Bellard72917552011-11-29 13:51:11 +01001958 || (path[len] != '/' && path[len] != '\0')
1959 )
Denis Vlasenkob3a07152006-11-16 18:04:43 +00001960 ) {
Denis Vlasenko25b46302008-06-13 09:55:13 +00001961 continue;
1962 }
Glenn L McGrath1dc0cca2003-10-03 10:50:56 +00001963
Denis Vlasenko25b46302008-06-13 09:55:13 +00001964 /* Path match found */
1965 prev = dir_prefix;
Eric Andersen35e643b2003-07-28 07:40:39 +00001966
Denis Vlasenko25b46302008-06-13 09:55:13 +00001967 if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
Pascal Bellard72917552011-11-29 13:51:11 +01001968 char *colon_after_user;
1969 const char *passwd;
Pascal Bellard0fa3e5f2011-11-29 20:54:30 +01001970# if ENABLE_FEATURE_SHADOWPASSWDS && !ENABLE_PAM
1971 char sp_buf[256];
1972# endif
Denis Vlasenko25b46302008-06-13 09:55:13 +00001973
Pascal Bellard72917552011-11-29 13:51:11 +01001974 colon_after_user = strchr(user_and_passwd, ':');
1975 if (!colon_after_user)
1976 goto bad_input;
Denys Vlasenko35def512012-02-01 02:42:54 +01001977
1978 /* compare "user:" */
1979 if (cur->after_colon[0] != '*'
1980 && strncmp(cur->after_colon, user_and_passwd,
1981 colon_after_user - user_and_passwd + 1) != 0
1982 ) {
1983 continue;
1984 }
1985 /* this cfg entry is '*' or matches username from peer */
1986
Pascal Bellard72917552011-11-29 13:51:11 +01001987 passwd = strchr(cur->after_colon, ':');
1988 if (!passwd)
1989 goto bad_input;
1990 passwd++;
1991 if (passwd[0] == '*') {
1992# if ENABLE_PAM
1993 struct pam_userinfo userinfo;
1994 struct pam_conv conv_info = { &pam_talker, (void *) &userinfo };
1995 pam_handle_t *pamh;
Denis Vlasenko25b46302008-06-13 09:55:13 +00001996
Pascal Bellard72917552011-11-29 13:51:11 +01001997 *colon_after_user = '\0';
1998 userinfo.name = user_and_passwd;
1999 userinfo.pw = colon_after_user + 1;
Pascal Bellard0fa3e5f2011-11-29 20:54:30 +01002000 r = pam_start("httpd", user_and_passwd, &conv_info, &pamh) != PAM_SUCCESS;
2001 if (r == 0) {
2002 r = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS
2003 || pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS
2004 ;
2005 pam_end(pamh, PAM_SUCCESS);
2006 }
Pascal Bellard72917552011-11-29 13:51:11 +01002007 *colon_after_user = ':';
2008 goto end_check_passwd;
2009# else
2010# if ENABLE_FEATURE_SHADOWPASSWDS
2011 /* Using _r function to avoid pulling in static buffers */
2012 struct spwd spw;
Pascal Bellard72917552011-11-29 13:51:11 +01002013# endif
2014 struct passwd *pw;
Denis Vlasenkob3a07152006-11-16 18:04:43 +00002015
Pascal Bellard72917552011-11-29 13:51:11 +01002016 *colon_after_user = '\0';
2017 pw = getpwnam(user_and_passwd);
2018 *colon_after_user = ':';
2019 if (!pw || !pw->pw_passwd)
2020 continue;
2021 passwd = pw->pw_passwd;
2022# if ENABLE_FEATURE_SHADOWPASSWDS
2023 if ((passwd[0] == 'x' || passwd[0] == '*') && !passwd[1]) {
2024 /* getspnam_r may return 0 yet set result to NULL.
2025 * At least glibc 2.4 does this. Be extra paranoid here. */
2026 struct spwd *result = NULL;
Pascal Bellard0fa3e5f2011-11-29 20:54:30 +01002027 r = getspnam_r(pw->pw_name, &spw, sp_buf, sizeof(sp_buf), &result);
Pascal Bellard72917552011-11-29 13:51:11 +01002028 if (r == 0 && result)
2029 passwd = result->sp_pwdp;
2030 }
2031# endif
Denys Vlasenko35def512012-02-01 02:42:54 +01002032 /* In this case, passwd is ALWAYS encrypted:
2033 * it came from /etc/passwd or /etc/shadow!
2034 */
2035 goto check_encrypted;
Pascal Bellard72917552011-11-29 13:51:11 +01002036# endif /* ENABLE_PAM */
2037 }
Denys Vlasenko35def512012-02-01 02:42:54 +01002038 /* Else: passwd is from httpd.conf, it is either plaintext or encrypted */
Pascal Bellard72917552011-11-29 13:51:11 +01002039
Denys Vlasenko35def512012-02-01 02:42:54 +01002040 if (passwd[0] == '$' && isdigit(passwd[1])) {
2041 char *encrypted;
Denys Vlasenko8cab6672012-04-20 14:48:00 +02002042# if !ENABLE_PAM
Denys Vlasenko35def512012-02-01 02:42:54 +01002043 check_encrypted:
Denys Vlasenko8cab6672012-04-20 14:48:00 +02002044# endif
Denys Vlasenko35def512012-02-01 02:42:54 +01002045 /* encrypt pwd from peer and check match with local one */
2046 encrypted = pw_encrypt(
2047 /* pwd (from peer): */ colon_after_user + 1,
Pascal Bellard72917552011-11-29 13:51:11 +01002048 /* salt: */ passwd,
2049 /* cleanup: */ 0
2050 );
2051 r = strcmp(encrypted, passwd);
2052 free(encrypted);
Denys Vlasenko35def512012-02-01 02:42:54 +01002053 } else {
2054 /* local passwd is from httpd.conf and it's plaintext */
2055 r = strcmp(colon_after_user + 1, passwd);
Pascal Bellard72917552011-11-29 13:51:11 +01002056 }
Denys Vlasenko35def512012-02-01 02:42:54 +01002057 goto end_check_passwd;
Denis Vlasenko25b46302008-06-13 09:55:13 +00002058 }
Denys Vlasenko35def512012-02-01 02:42:54 +01002059 bad_input:
Denis Vlasenko25b46302008-06-13 09:55:13 +00002060 /* Comparing plaintext "user:pass" in one go */
Pascal Bellard72917552011-11-29 13:51:11 +01002061 r = strcmp(cur->after_colon, user_and_passwd);
2062 end_check_passwd:
2063 if (r == 0) {
Denis Vlasenko25b46302008-06-13 09:55:13 +00002064 remoteuser = xstrndup(user_and_passwd,
Pascal Bellard72917552011-11-29 13:51:11 +01002065 strchrnul(user_and_passwd, ':') - user_and_passwd
2066 );
Denis Vlasenko25b46302008-06-13 09:55:13 +00002067 return 1; /* Ok */
Glenn L McGrath1dc0cca2003-10-03 10:50:56 +00002068 }
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002069 } /* for */
Glenn L McGrath06e95652003-02-09 06:51:14 +00002070
Denis Vlasenko25b46302008-06-13 09:55:13 +00002071 /* 0(bad) if prev is set: matches were found but passwd was wrong */
2072 return (prev == NULL);
Glenn L McGrath06e95652003-02-09 06:51:14 +00002073}
Denis Vlasenkob3a07152006-11-16 18:04:43 +00002074#endif /* FEATURE_HTTPD_BASIC_AUTH */
Glenn L McGrathc9163fe2003-05-13 16:20:11 +00002075
Denis Vlasenkof74194e2007-10-18 12:54:39 +00002076#if ENABLE_FEATURE_HTTPD_PROXY
2077static Htaccess_Proxy *find_proxy_entry(const char *url)
2078{
2079 Htaccess_Proxy *p;
2080 for (p = proxy; p; p = p->next) {
Denys Vlasenko8dff01d2015-03-12 17:48:34 +01002081 if (is_prefixed_with(url, p->url_from))
Denis Vlasenkof74194e2007-10-18 12:54:39 +00002082 return p;
2083 }
2084 return NULL;
2085}
2086#endif
2087
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00002088/*
2089 * Handle timeouts
2090 */
Denis Vlasenko2ca84f62009-02-05 12:38:21 +00002091static void send_REQUEST_TIMEOUT_and_exit(int sig) NORETURN;
2092static void send_REQUEST_TIMEOUT_and_exit(int sig UNUSED_PARAM)
Eric Andersen07f2fea2004-10-08 08:03:29 +00002093{
Denis Vlasenkoe45af732007-08-17 19:19:15 +00002094 send_headers_and_exit(HTTP_REQUEST_TIMEOUT);
Eric Andersen07f2fea2004-10-08 08:03:29 +00002095}
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002096
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00002097/*
2098 * Handle an incoming http request and exit.
2099 */
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +00002100static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) NORETURN;
Denis Vlasenko367960b2007-08-18 14:20:21 +00002101static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002102{
Denis Vlasenko073214f2007-08-17 19:20:07 +00002103 static const char request_GET[] ALIGN1 = "GET";
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002104 struct stat sb;
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002105 char *urlcopy;
2106 char *urlp;
2107 char *tptr;
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02002108 unsigned remote_ip;
2109#if ENABLE_FEATURE_HTTPD_CGI
2110 unsigned total_headers_len;
2111#endif
Denis Vlasenko55a99402006-09-30 20:41:44 +00002112#if ENABLE_FEATURE_HTTPD_CGI
Denis Vlasenko2f518b02008-02-21 00:12:07 +00002113 static const char request_HEAD[] ALIGN1 = "HEAD";
Denis Vlasenko073214f2007-08-17 19:20:07 +00002114 const char *prequest;
Denis Vlasenko0bb993f2006-11-21 00:06:28 +00002115 unsigned long length = 0;
Denys Vlasenkofba665a2019-04-16 11:37:02 +02002116 enum CGI_type cgi_type = CGI_NONE;
Denis Vlasenkof74194e2007-10-18 12:54:39 +00002117#elif ENABLE_FEATURE_HTTPD_PROXY
2118#define prequest request_GET
2119 unsigned long length = 0;
2120#endif
Denis Vlasenko0eb406c2008-06-13 09:53:06 +00002121#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
2122 smallint authorized = -1;
2123#endif
Denys Vlasenkoc69f6482019-04-16 12:45:26 +02002124 char *HTTP_slash;
Glenn L McGrath06e95652003-02-09 06:51:14 +00002125
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +00002126 /* Allocation of iobuf is postponed until now
2127 * (IOW, server process doesn't need to waste 8k) */
Denis Vlasenko921799d2007-08-19 19:28:09 +00002128 iobuf = xmalloc(IOBUF_SIZE);
Denis Vlasenkod6cd9d72007-08-18 14:22:09 +00002129
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02002130 remote_ip = 0;
Bernhard Reutner-Fischer8c69afd2008-01-29 10:33:34 +00002131 if (fromAddr->u.sa.sa_family == AF_INET) {
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02002132 remote_ip = ntohl(fromAddr->u.sin.sin_addr.s_addr);
Denis Vlasenko367960b2007-08-18 14:20:21 +00002133 }
Denis Vlasenko35465a32007-09-25 11:58:33 +00002134#if ENABLE_FEATURE_IPV6
Bernhard Reutner-Fischer8c69afd2008-01-29 10:33:34 +00002135 if (fromAddr->u.sa.sa_family == AF_INET6
2136 && fromAddr->u.sin6.sin6_addr.s6_addr32[0] == 0
2137 && fromAddr->u.sin6.sin6_addr.s6_addr32[1] == 0
2138 && ntohl(fromAddr->u.sin6.sin6_addr.s6_addr32[2]) == 0xffff)
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02002139 remote_ip = ntohl(fromAddr->u.sin6.sin6_addr.s6_addr32[3]);
Denis Vlasenko35465a32007-09-25 11:58:33 +00002140#endif
Denis Vlasenko367960b2007-08-18 14:20:21 +00002141 if (ENABLE_FEATURE_HTTPD_CGI || DEBUG || verbose) {
Denis Vlasenkofaf334a2008-05-18 15:14:36 +00002142 /* NB: can be NULL (user runs httpd -i by hand?) */
Bernhard Reutner-Fischer8c69afd2008-01-29 10:33:34 +00002143 rmt_ip_str = xmalloc_sockaddr2dotted(&fromAddr->u.sa);
Denis Vlasenko367960b2007-08-18 14:20:21 +00002144 }
2145 if (verbose) {
2146 /* this trick makes -v logging much simpler */
Denis Vlasenkofaf334a2008-05-18 15:14:36 +00002147 if (rmt_ip_str)
2148 applet_name = rmt_ip_str;
Denis Vlasenko367960b2007-08-18 14:20:21 +00002149 if (verbose > 2)
2150 bb_error_msg("connected");
2151 }
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02002152 if_ip_denied_send_HTTP_FORBIDDEN_and_exit(remote_ip);
Denis Vlasenko367960b2007-08-18 14:20:21 +00002153
Denis Vlasenko2ca84f62009-02-05 12:38:21 +00002154 /* Install timeout handler. get_line() needs it. */
2155 signal(SIGALRM, send_REQUEST_TIMEOUT_and_exit);
Eric Andersen07f2fea2004-10-08 08:03:29 +00002156
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002157 if (!get_line()) /* EOF or error or empty line */
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00002158 send_headers_and_exit(HTTP_BAD_REQUEST);
Glenn L McGrath06e95652003-02-09 06:51:14 +00002159
Denis Vlasenko073214f2007-08-17 19:20:07 +00002160 /* Determine type of request (GET/POST) */
Denys Vlasenko85daa672013-03-25 23:27:00 +01002161 // rfc2616: method and URI is separated by exactly one space
2162 //urlp = strpbrk(iobuf, " \t"); - no, tab isn't allowed
2163 urlp = strchr(iobuf, ' ');
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002164 if (urlp == NULL)
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002165 send_headers_and_exit(HTTP_BAD_REQUEST);
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002166 *urlp++ = '\0';
Denis Vlasenko55a99402006-09-30 20:41:44 +00002167#if ENABLE_FEATURE_HTTPD_CGI
Denis Vlasenko073214f2007-08-17 19:20:07 +00002168 prequest = request_GET;
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002169 if (strcasecmp(iobuf, prequest) != 0) {
Denis Vlasenko2f518b02008-02-21 00:12:07 +00002170 prequest = request_HEAD;
2171 if (strcasecmp(iobuf, prequest) != 0) {
2172 prequest = "POST";
2173 if (strcasecmp(iobuf, prequest) != 0)
2174 send_headers_and_exit(HTTP_NOT_IMPLEMENTED);
2175 }
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002176 }
2177#else
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002178 if (strcasecmp(iobuf, request_GET) != 0)
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002179 send_headers_and_exit(HTTP_NOT_IMPLEMENTED);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002180#endif
Denys Vlasenko85daa672013-03-25 23:27:00 +01002181 // rfc2616: method and URI is separated by exactly one space
2182 //urlp = skip_whitespace(urlp); - should not be necessary
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002183 if (urlp[0] != '/')
2184 send_headers_and_exit(HTTP_BAD_REQUEST);
2185
Denys Vlasenkoad29ba72019-04-19 13:59:58 +02002186 /* Find end of URL */
2187 HTTP_slash = strchr(urlp, ' ');
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002188 /* Is it " HTTP/"? */
Denys Vlasenkoad29ba72019-04-19 13:59:58 +02002189 if (!HTTP_slash || strncmp(HTTP_slash + 1, HTTP_200, 5) != 0)
2190 send_headers_and_exit(HTTP_BAD_REQUEST);
2191 *HTTP_slash++ = '\0';
Glenn L McGrath06e95652003-02-09 06:51:14 +00002192
Denis Vlasenko073214f2007-08-17 19:20:07 +00002193 /* Copy URL from after "GET "/"POST " to stack-allocated char[] */
Denys Vlasenkoc69f6482019-04-16 12:45:26 +02002194 urlcopy = alloca((HTTP_slash - urlp) + 2 + strlen(index_page));
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002195 /*if (urlcopy == NULL)
2196 * send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);*/
2197 strcpy(urlcopy, urlp);
2198 /* NB: urlcopy ptr is never changed after this */
Denis Vlasenko073214f2007-08-17 19:20:07 +00002199
Denys Vlasenkobae8f7e2019-04-16 10:00:06 +02002200#if ENABLE_FEATURE_HTTPD_PROXY
Denys Vlasenkobae8f7e2019-04-16 10:00:06 +02002201 {
Denys Vlasenkoc69f6482019-04-16 12:45:26 +02002202 int proxy_fd;
2203 len_and_sockaddr *lsa;
2204 Htaccess_Proxy *proxy_entry = find_proxy_entry(urlcopy);
2205
2206 if (proxy_entry) {
Denys Vlasenkoad29ba72019-04-19 13:59:58 +02002207 if (verbose > 1)
2208 bb_error_msg("proxy:%s", urlcopy);
Denys Vlasenkoc69f6482019-04-16 12:45:26 +02002209 lsa = host2sockaddr(proxy_entry->host_port, 80);
2210 if (!lsa)
2211 send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);
2212 proxy_fd = socket(lsa->u.sa.sa_family, SOCK_STREAM, 0);
2213 if (proxy_fd < 0)
2214 send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);
2215 if (connect(proxy_fd, &lsa->u.sa, lsa->len) < 0)
2216 send_headers_and_exit(HTTP_INTERNAL_SERVER_ERROR);
2217 /* Config directive was of the form:
2218 * P:/url:[http://]hostname[:port]/new/path
2219 * When /urlSFX is requested, reverse proxy it
2220 * to http://hostname[:port]/new/pathSFX
2221 */
Denys Vlasenko2efa7262019-04-16 13:35:56 +02002222 fdprintf(proxy_fd, "%s %s%s %s\r\n",
Denys Vlasenkoc69f6482019-04-16 12:45:26 +02002223 prequest, /* "GET" or "POST" */
2224 proxy_entry->url_to, /* "/new/path" */
2225 urlcopy + strlen(proxy_entry->url_from), /* "SFX" */
Denys Vlasenkoad29ba72019-04-19 13:59:58 +02002226 HTTP_slash /* "HTTP/xyz" */
Denys Vlasenkoc69f6482019-04-16 12:45:26 +02002227 );
2228 cgi_io_loop_and_exit(proxy_fd, proxy_fd, /*max POST length:*/ INT_MAX);
Denys Vlasenkobae8f7e2019-04-16 10:00:06 +02002229 }
Denys Vlasenkoc69f6482019-04-16 12:45:26 +02002230 }
2231#endif
2232
Denys Vlasenko2efa7262019-04-16 13:35:56 +02002233 /* Extract url args if present */
2234 g_query = strchr(urlcopy, '?');
2235 if (g_query)
2236 *g_query++ = '\0';
2237
Denys Vlasenkoc69f6482019-04-16 12:45:26 +02002238 /* Decode URL escape sequences */
2239 tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1);
2240 if (tptr == NULL)
2241 send_headers_and_exit(HTTP_BAD_REQUEST);
2242 if (tptr == urlcopy + 1) {
2243 /* '/' or NUL is encoded */
2244 send_headers_and_exit(HTTP_NOT_FOUND);
Denys Vlasenkobae8f7e2019-04-16 10:00:06 +02002245 }
2246
Denis Vlasenko073214f2007-08-17 19:20:07 +00002247 /* Canonicalize path */
2248 /* Algorithm stolen from libbb bb_simplify_path(),
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00002249 * but don't strdup, retain trailing slash, protect root */
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002250 urlp = tptr = urlcopy;
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +01002251 for (;;) {
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002252 if (*urlp == '/') {
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002253 /* skip duplicate (or initial) slash */
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002254 if (*tptr == '/') {
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +01002255 goto next_char;
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002256 }
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002257 if (*tptr == '.') {
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +01002258 if (tptr[1] == '.' && (tptr[2] == '/' || tptr[2] == '\0')) {
2259 /* "..": be careful */
2260 /* protect root */
2261 if (urlp == urlcopy)
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002262 send_headers_and_exit(HTTP_BAD_REQUEST);
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +01002263 /* omit previous dir */
2264 while (*--urlp != '/')
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002265 continue;
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +01002266 /* skip to "./" or ".<NUL>" */
2267 tptr++;
2268 }
2269 if (tptr[1] == '/' || tptr[1] == '\0') {
2270 /* skip extra "/./" */
2271 goto next_char;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002272 }
2273 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002274 }
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002275 *++urlp = *tptr;
Denys Vlasenkobae8f7e2019-04-16 10:00:06 +02002276 if (*tptr == '\0')
Denys Vlasenkob05cd6b2011-12-16 01:37:02 +01002277 break;
2278 next_char:
2279 tptr++;
2280 }
Glenn L McGrath06e95652003-02-09 06:51:14 +00002281
Denis Vlasenko073214f2007-08-17 19:20:07 +00002282 /* If URL is a directory, add '/' */
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00002283 if (urlp[-1] != '/') {
Denys Vlasenkof282c6b2011-12-18 03:27:46 +01002284 if (is_directory(urlcopy + 1, /*followlinks:*/ 1)) {
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002285 found_moved_temporarily = urlcopy;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002286 }
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002287 }
Glenn L McGrath06e95652003-02-09 06:51:14 +00002288
Denis Vlasenko073214f2007-08-17 19:20:07 +00002289 /* Log it */
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002290 if (verbose > 1)
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002291 bb_error_msg("url:%s", urlcopy);
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002292
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002293 tptr = urlcopy;
Denys Vlasenko51792e12019-04-14 19:57:13 +02002294 while ((tptr = strchr(tptr + 1, '/')) != NULL) {
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002295 /* have path1/path2 */
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002296 *tptr = '\0';
Denys Vlasenkof282c6b2011-12-18 03:27:46 +01002297 if (is_directory(urlcopy + 1, /*followlinks:*/ 1)) {
Denis Vlasenko0eb406c2008-06-13 09:53:06 +00002298 /* may have subdir config */
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002299 parse_conf(urlcopy + 1, SUBDIR_PARSE);
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02002300 if_ip_denied_send_HTTP_FORBIDDEN_and_exit(remote_ip);
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002301 }
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002302 *tptr = '/';
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002303 }
Denis Vlasenkof74194e2007-10-18 12:54:39 +00002304
Denys Vlasenkofba665a2019-04-16 11:37:02 +02002305 tptr = urlcopy + 1; /* skip first '/' */
2306
2307#if ENABLE_FEATURE_HTTPD_CGI
2308 if (is_prefixed_with(tptr, "cgi-bin/")) {
2309 if (tptr[8] == '\0') {
2310 /* protect listing "cgi-bin/" */
2311 send_headers_and_exit(HTTP_FORBIDDEN);
2312 }
2313 cgi_type = CGI_NORMAL;
2314 }
2315#endif
2316
2317 if (urlp[-1] == '/') {
2318 /* When index_page string is appended to <dir>/ URL, it overwrites
2319 * the query string. If we fall back to call /cgi-bin/index.cgi,
2320 * query string would be lost and not available to the CGI.
2321 * Work around it by making a deep copy.
2322 */
2323 if (ENABLE_FEATURE_HTTPD_CGI)
2324 g_query = xstrdup(g_query); /* ok for NULL too */
2325 strcpy(urlp, index_page);
2326 }
2327 if (stat(tptr, &sb) == 0) {
2328#if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
2329 char *suffix = strrchr(tptr, '.');
2330 if (suffix) {
2331 Htaccess *cur;
2332 for (cur = script_i; cur; cur = cur->next) {
2333 if (strcmp(cur->before_colon + 1, suffix) == 0) {
2334 cgi_type = CGI_INTERPRETER;
2335 break;
2336 }
2337 }
2338 }
2339#endif
2340 if (!found_moved_temporarily) {
2341 file_size = sb.st_size;
2342 last_mod = sb.st_mtime;
2343 }
2344 }
2345#if ENABLE_FEATURE_HTTPD_CGI
2346 else if (urlp[-1] == '/') {
2347 /* It's a dir URL and there is no index.html
2348 * Try cgi-bin/index.cgi */
2349 if (access("/cgi-bin/index.cgi"+1, X_OK) == 0) {
2350 cgi_type = CGI_INDEX;
2351 }
2352 }
2353#endif
2354 urlp[0] = '\0';
2355
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02002356#if ENABLE_FEATURE_HTTPD_CGI
2357 total_headers_len = 0;
2358#endif
Denis Vlasenko073214f2007-08-17 19:20:07 +00002359
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002360 /* Read until blank line */
2361 while (1) {
2362 unsigned iobuf_len = get_line();
2363 if (!iobuf_len)
2364 break; /* EOF or error or empty line */
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02002365#if ENABLE_FEATURE_HTTPD_CGI
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002366 /* Prevent unlimited growth of HTTP_xyz envvars */
2367 total_headers_len += iobuf_len;
2368 if (total_headers_len >= MAX_HTTP_HEADERS_SIZE)
2369 send_headers_and_exit(HTTP_ENTITY_TOO_LARGE);
Denys Vlasenko62ba9e52019-04-16 13:18:12 +02002370#endif
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002371 if (DEBUG)
2372 bb_error_msg("header: '%s'", iobuf);
Denis Vlasenkof74194e2007-10-18 12:54:39 +00002373#if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002374 /* Try and do our best to parse more lines */
2375 if (STRNCASECMP(iobuf, "Content-Length:") == 0) {
2376 /* extra read only for POST */
2377 if (prequest != request_GET
Denys Vlasenko535ce1d2010-07-25 03:20:25 +02002378# if ENABLE_FEATURE_HTTPD_CGI
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002379 && prequest != request_HEAD
Denys Vlasenko535ce1d2010-07-25 03:20:25 +02002380# endif
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002381 ) {
2382 tptr = skip_whitespace(iobuf + sizeof("Content-Length:") - 1);
2383 if (!tptr[0])
2384 send_headers_and_exit(HTTP_BAD_REQUEST);
2385 /* not using strtoul: it ignores leading minus! */
2386 length = bb_strtou(tptr, NULL, 10);
2387 /* length is "ulong", but we need to pass it to int later */
2388 if (errno || length > INT_MAX)
2389 send_headers_and_exit(HTTP_BAD_REQUEST);
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002390 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002391 continue;
2392 }
Glenn L McGrath06e95652003-02-09 06:51:14 +00002393#endif
Denis Vlasenko55a99402006-09-30 20:41:44 +00002394#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002395 if (STRNCASECMP(iobuf, "Authorization:") == 0) {
2396 /* We only allow Basic credentials.
2397 * It shows up as "Authorization: Basic <user>:<passwd>" where
2398 * "<user>:<passwd>" is base64 encoded.
2399 */
2400 tptr = skip_whitespace(iobuf + sizeof("Authorization:")-1);
2401 if (STRNCASECMP(tptr, "Basic") == 0) {
2402 tptr += sizeof("Basic")-1;
2403 /* decodeBase64() skips whitespace itself */
2404 decodeBase64(tptr);
2405 authorized = check_user_passwd(urlcopy, tptr);
2406 continue;
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002407 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002408 }
Denis Vlasenko0eb406c2008-06-13 09:53:06 +00002409#endif
Denis Vlasenkof4310172007-09-21 22:35:18 +00002410#if ENABLE_FEATURE_HTTPD_RANGES
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002411 if (STRNCASECMP(iobuf, "Range:") == 0) {
2412 /* We know only bytes=NNN-[MMM] */
2413 char *s = skip_whitespace(iobuf + sizeof("Range:")-1);
2414 if (is_prefixed_with(s, "bytes=")) {
2415 s += sizeof("bytes=")-1;
2416 range_start = BB_STRTOOFF(s, &s, 10);
2417 if (s[0] != '-' || range_start < 0) {
2418 range_start = -1;
2419 } else if (s[1]) {
2420 range_end = BB_STRTOOFF(s+1, NULL, 10);
2421 if (errno || range_end < range_start)
Denys Vlasenko8cce1b32012-02-19 17:18:45 +01002422 range_start = -1;
Denis Vlasenkof4310172007-09-21 22:35:18 +00002423 }
2424 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002425 continue;
2426 }
Denis Vlasenkof4310172007-09-21 22:35:18 +00002427#endif
Peter Korsgaard7a2ba322010-07-25 03:20:53 +02002428#if ENABLE_FEATURE_HTTPD_GZIP
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002429 if (STRNCASECMP(iobuf, "Accept-Encoding:") == 0) {
2430 /* Note: we do not support "gzip;q=0"
2431 * method of _disabling_ gzip
2432 * delivery. No one uses that, though */
2433 const char *s = strstr(iobuf, "gzip");
2434 if (s) {
2435 // want more thorough checks?
2436 //if (s[-1] == ' '
2437 // || s[-1] == ','
2438 // || s[-1] == ':'
2439 //) {
2440 content_gzip = 1;
2441 //}
Denys Vlasenkofba665a2019-04-16 11:37:02 +02002442 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002443 continue;
2444 }
Denys Vlasenkofba665a2019-04-16 11:37:02 +02002445#endif
2446#if ENABLE_FEATURE_HTTPD_CGI
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002447 if (cgi_type != CGI_NONE) {
2448 bool ct = (STRNCASECMP(iobuf, "Content-Type:") == 0);
2449 char *cp;
2450 char *colon = strchr(iobuf, ':');
Denys Vlasenkofba665a2019-04-16 11:37:02 +02002451
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002452 if (!colon)
2453 continue;
2454 cp = iobuf;
2455 while (cp < colon) {
2456 /* a-z => A-Z, not-alnum => _ */
2457 char c = (*cp & ~0x20); /* toupper for A-Za-z, undef for others */
2458 if ((unsigned)(c - 'A') <= ('Z' - 'A')) {
2459 *cp++ = c;
Denys Vlasenkofba665a2019-04-16 11:37:02 +02002460 continue;
Denys Vlasenkofba665a2019-04-16 11:37:02 +02002461 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002462 if (!isdigit(*cp))
2463 *cp = '_';
2464 cp++;
Peter Korsgaard7a2ba322010-07-25 03:20:53 +02002465 }
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002466 /* "Content-Type:" gets no HTTP_ prefix, all others do */
2467 cp = xasprintf(ct ? "HTTP_%.*s=%s" + 5 : "HTTP_%.*s=%s",
2468 (int)(colon - iobuf), iobuf,
2469 skip_whitespace(colon + 1)
2470 );
2471 putenv(cp);
2472 }
Peter Korsgaard7a2ba322010-07-25 03:20:53 +02002473#endif
Denys Vlasenkobca888a2019-04-19 14:02:51 +02002474 } /* while extra header reading */
Glenn L McGrath06e95652003-02-09 06:51:14 +00002475
Denis Vlasenkof74194e2007-10-18 12:54:39 +00002476 /* We are done reading headers, disable peer timeout */
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002477 alarm(0);
2478
Denys Vlasenko51792e12019-04-14 19:57:13 +02002479 if (strcmp(bb_basename(urlcopy), HTTPD_CONF) == 0) {
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +00002480 /* protect listing [/path]/httpd.conf or IP deny */
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002481 send_headers_and_exit(HTTP_FORBIDDEN);
2482 }
2483
2484#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
Pascal Bellard72917552011-11-29 13:51:11 +01002485 /* Case: no "Authorization:" was seen, but page might require passwd.
Denis Vlasenko0eb406c2008-06-13 09:53:06 +00002486 * Check that with dummy user:pass */
Denis Vlasenko7504f2f2008-06-13 13:20:38 +00002487 if (authorized < 0)
Pascal Bellard72917552011-11-29 13:51:11 +01002488 authorized = check_user_passwd(urlcopy, (char *) "");
Denis Vlasenko7504f2f2008-06-13 13:20:38 +00002489 if (!authorized)
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002490 send_headers_and_exit(HTTP_UNAUTHORIZED);
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002491#endif
2492
2493 if (found_moved_temporarily) {
2494 send_headers_and_exit(HTTP_MOVED_TEMPORARILY);
2495 }
2496
Denis Vlasenko52e15dc2007-08-19 18:53:43 +00002497 tptr = urlcopy + 1; /* skip first '/' */
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002498
2499#if ENABLE_FEATURE_HTTPD_CGI
Denys Vlasenkofba665a2019-04-16 11:37:02 +02002500 if (cgi_type != CGI_NONE) {
2501 send_cgi_and_exit(
2502 (cgi_type == CGI_INDEX) ? "/cgi-bin/index.cgi"
2503 /*CGI_NORMAL or CGI_INTERPRETER*/ : urlcopy,
2504 urlcopy, prequest, length
2505 );
Denis Vlasenko91adf7d2007-08-17 19:19:42 +00002506 }
Denys Vlasenko108b8c52009-09-08 21:17:49 +02002507#endif
2508
Denys Vlasenko03419aa2011-12-19 12:30:34 +01002509 if (urlp[-1] == '/') {
Denys Vlasenko108b8c52009-09-08 21:17:49 +02002510 strcpy(urlp, index_page);
Denys Vlasenko03419aa2011-12-19 12:30:34 +01002511 }
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002512
Denys Vlasenkofba665a2019-04-16 11:37:02 +02002513#if ENABLE_FEATURE_HTTPD_CGI
Denys Vlasenko108b8c52009-09-08 21:17:49 +02002514 if (prequest != request_GET && prequest != request_HEAD) {
2515 /* POST for files does not make sense */
2516 send_headers_and_exit(HTTP_NOT_IMPLEMENTED);
2517 }
Denis Vlasenko2f518b02008-02-21 00:12:07 +00002518 send_file_and_exit(tptr,
Denis Vlasenko85c24712008-03-17 09:04:04 +00002519 (prequest != request_HEAD ? SEND_HEADERS_AND_BODY : SEND_HEADERS)
Denis Vlasenko85c24712008-03-17 09:04:04 +00002520 );
Denys Vlasenko108b8c52009-09-08 21:17:49 +02002521#else
2522 send_file_and_exit(tptr, SEND_HEADERS_AND_BODY);
2523#endif
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002524}
2525
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00002526/*
2527 * The main http server function.
Denis Vlasenko367960b2007-08-18 14:20:21 +00002528 * Given a socket, listen for new connections and farm out
2529 * the processing as a [v]forked process.
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00002530 * Never returns.
2531 */
Denis Vlasenko367960b2007-08-18 14:20:21 +00002532#if BB_MMU
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +00002533static void mini_httpd(int server_socket) NORETURN;
Denis Vlasenko9611cb12007-08-18 14:18:43 +00002534static void mini_httpd(int server_socket)
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002535{
Denis Vlasenko073214f2007-08-17 19:20:07 +00002536 /* NB: it's best to not use xfuncs in this loop before fork().
2537 * Otherwise server may die on transient errors (temporary
2538 * out-of-memory condition, etc), which is Bad(tm).
2539 * Try to do any dangerous calls after fork.
2540 */
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002541 while (1) {
Denis Vlasenkoe45af732007-08-17 19:19:15 +00002542 int n;
2543 len_and_sockaddr fromAddr;
Denis Vlasenko3f5fdc72007-10-14 04:55:59 +00002544
Denis Vlasenkoe45af732007-08-17 19:19:15 +00002545 /* Wait for connections... */
2546 fromAddr.len = LSA_SIZEOF_SA;
Bernhard Reutner-Fischer8c69afd2008-01-29 10:33:34 +00002547 n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len);
Denis Vlasenkoe45af732007-08-17 19:19:15 +00002548 if (n < 0)
Denis Vlasenko6c5e5a02006-11-10 23:28:57 +00002549 continue;
Denys Vlasenko535ce1d2010-07-25 03:20:25 +02002550
Denis Vlasenkoe45af732007-08-17 19:19:15 +00002551 /* set the KEEPALIVE option to cull dead connections */
Denys Vlasenkoc52cbea2015-08-24 19:48:03 +02002552 setsockopt_keepalive(n);
Denis Vlasenko04291bc2006-11-21 10:15:25 +00002553
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00002554 if (fork() == 0) {
Denis Vlasenko04291bc2006-11-21 10:15:25 +00002555 /* child */
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00002556 /* Do not reload config on HUP */
Denis Vlasenko6c5e5a02006-11-10 23:28:57 +00002557 signal(SIGHUP, SIG_IGN);
Denis Vlasenko9611cb12007-08-18 14:18:43 +00002558 close(server_socket);
2559 xmove_fd(n, 0);
2560 xdup2(0, 1);
2561
Denis Vlasenko367960b2007-08-18 14:20:21 +00002562 handle_incoming_and_exit(&fromAddr);
2563 }
2564 /* parent, or fork failed */
2565 close(n);
2566 } /* while (1) */
2567 /* never reached */
2568}
2569#else
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +00002570static void mini_httpd_nommu(int server_socket, int argc, char **argv) NORETURN;
Denis Vlasenko367960b2007-08-18 14:20:21 +00002571static void mini_httpd_nommu(int server_socket, int argc, char **argv)
2572{
2573 char *argv_copy[argc + 2];
2574
2575 argv_copy[0] = argv[0];
2576 argv_copy[1] = (char*)"-i";
2577 memcpy(&argv_copy[2], &argv[1], argc * sizeof(argv[0]));
2578
2579 /* NB: it's best to not use xfuncs in this loop before vfork().
2580 * Otherwise server may die on transient errors (temporary
2581 * out-of-memory condition, etc), which is Bad(tm).
2582 * Try to do any dangerous calls after fork.
2583 */
2584 while (1) {
2585 int n;
Denis Vlasenko3f5fdc72007-10-14 04:55:59 +00002586
Denis Vlasenko367960b2007-08-18 14:20:21 +00002587 /* Wait for connections... */
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02002588 n = accept(server_socket, NULL, NULL);
Denis Vlasenko367960b2007-08-18 14:20:21 +00002589 if (n < 0)
2590 continue;
Denys Vlasenko535ce1d2010-07-25 03:20:25 +02002591
Denis Vlasenko367960b2007-08-18 14:20:21 +00002592 /* set the KEEPALIVE option to cull dead connections */
Denys Vlasenkoc52cbea2015-08-24 19:48:03 +02002593 setsockopt_keepalive(n);
Denis Vlasenko367960b2007-08-18 14:20:21 +00002594
2595 if (vfork() == 0) {
2596 /* child */
Denis Vlasenko367960b2007-08-18 14:20:21 +00002597 /* Do not reload config on HUP */
2598 signal(SIGHUP, SIG_IGN);
Denis Vlasenko367960b2007-08-18 14:20:21 +00002599 close(server_socket);
2600 xmove_fd(n, 0);
2601 xdup2(0, 1);
2602
2603 /* Run a copy of ourself in inetd mode */
2604 re_exec(argv_copy);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002605 }
Denys Vlasenkod2277e22011-11-22 17:19:26 +01002606 argv_copy[0][0] &= 0x7f;
Denis Vlasenko921799d2007-08-19 19:28:09 +00002607 /* parent, or vfork failed */
Denis Vlasenko073214f2007-08-17 19:20:07 +00002608 close(n);
Denis Vlasenko04291bc2006-11-21 10:15:25 +00002609 } /* while (1) */
Denis Vlasenko241b1562007-08-17 19:18:47 +00002610 /* never reached */
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002611}
Denis Vlasenko56258b62007-06-23 23:14:02 +00002612#endif
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002613
Denis Vlasenko367960b2007-08-18 14:20:21 +00002614/*
2615 * Process a HTTP connection on stdin/out.
2616 * Never returns.
2617 */
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +00002618static void mini_httpd_inetd(void) NORETURN;
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00002619static void mini_httpd_inetd(void)
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002620{
Denis Vlasenkoe45af732007-08-17 19:19:15 +00002621 len_and_sockaddr fromAddr;
Glenn L McGrath06e95652003-02-09 06:51:14 +00002622
Denis Vlasenkofaf334a2008-05-18 15:14:36 +00002623 memset(&fromAddr, 0, sizeof(fromAddr));
Denis Vlasenkoe45af732007-08-17 19:19:15 +00002624 fromAddr.len = LSA_SIZEOF_SA;
Denis Vlasenkofaf334a2008-05-18 15:14:36 +00002625 /* NB: can fail if user runs it by hand and types in http cmds */
Bernhard Reutner-Fischer8c69afd2008-01-29 10:33:34 +00002626 getpeername(0, &fromAddr.u.sa, &fromAddr.len);
Denis Vlasenko367960b2007-08-18 14:20:21 +00002627 handle_incoming_and_exit(&fromAddr);
Glenn L McGrath06e95652003-02-09 06:51:14 +00002628}
Glenn L McGrath06e95652003-02-09 06:51:14 +00002629
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00002630static void sighup_handler(int sig UNUSED_PARAM)
Glenn L McGrath06e95652003-02-09 06:51:14 +00002631{
Denys Vlasenko51792e12019-04-14 19:57:13 +02002632 int sv = errno;
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +00002633 parse_conf(DEFAULT_PATH_HTTPD_CONF, SIGNALED_PARSE);
Denys Vlasenko51792e12019-04-14 19:57:13 +02002634 errno = sv;
Glenn L McGrath06e95652003-02-09 06:51:14 +00002635}
Glenn L McGrath06e95652003-02-09 06:51:14 +00002636
Denis Vlasenko9f609292006-11-05 19:47:33 +00002637enum {
"Vladimir N. Oleynik"9a515402006-02-15 13:27:18 +00002638 c_opt_config_file = 0,
2639 d_opt_decode_url,
2640 h_opt_home_httpd,
Denis Vlasenko5e34ff22009-04-21 11:09:40 +00002641 IF_FEATURE_HTTPD_ENCODE_URL_STR(e_opt_encode_url,)
2642 IF_FEATURE_HTTPD_BASIC_AUTH( r_opt_realm ,)
2643 IF_FEATURE_HTTPD_AUTH_MD5( m_opt_md5 ,)
2644 IF_FEATURE_HTTPD_SETUID( u_opt_setuid ,)
Denis Vlasenko0871bc82006-11-16 16:17:02 +00002645 p_opt_port ,
2646 p_opt_inetd ,
2647 p_opt_foreground,
Denis Vlasenko384b1d12007-08-14 16:55:01 +00002648 p_opt_verbose ,
Denis Vlasenko9f609292006-11-05 19:47:33 +00002649 OPT_CONFIG_FILE = 1 << c_opt_config_file,
2650 OPT_DECODE_URL = 1 << d_opt_decode_url,
2651 OPT_HOME_HTTPD = 1 << h_opt_home_httpd,
Denis Vlasenko5e34ff22009-04-21 11:09:40 +00002652 OPT_ENCODE_URL = IF_FEATURE_HTTPD_ENCODE_URL_STR((1 << e_opt_encode_url)) + 0,
2653 OPT_REALM = IF_FEATURE_HTTPD_BASIC_AUTH( (1 << r_opt_realm )) + 0,
2654 OPT_MD5 = IF_FEATURE_HTTPD_AUTH_MD5( (1 << m_opt_md5 )) + 0,
2655 OPT_SETUID = IF_FEATURE_HTTPD_SETUID( (1 << u_opt_setuid )) + 0,
Denis Vlasenko0871bc82006-11-16 16:17:02 +00002656 OPT_PORT = 1 << p_opt_port,
2657 OPT_INETD = 1 << p_opt_inetd,
2658 OPT_FOREGROUND = 1 << p_opt_foreground,
Denis Vlasenko384b1d12007-08-14 16:55:01 +00002659 OPT_VERBOSE = 1 << p_opt_verbose,
"Vladimir N. Oleynik"9a515402006-02-15 13:27:18 +00002660};
Eric Andersena3bb3e62003-06-26 09:05:32 +00002661
Eric Andersena3bb3e62003-06-26 09:05:32 +00002662
Denis Vlasenko9b49a5e2007-10-11 10:05:36 +00002663int httpd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
Denis Vlasenkoa60f84e2008-07-05 09:18:54 +00002664int httpd_main(int argc UNUSED_PARAM, char **argv)
Glenn L McGrath06e95652003-02-09 06:51:14 +00002665{
Denis Vlasenko9611cb12007-08-18 14:18:43 +00002666 int server_socket = server_socket; /* for gcc */
Denis Vlasenko67b23e62006-10-03 21:00:06 +00002667 unsigned opt;
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002668 char *url_for_decode;
Denis Vlasenko5e34ff22009-04-21 11:09:40 +00002669 IF_FEATURE_HTTPD_ENCODE_URL_STR(const char *url_for_encode;)
2670 IF_FEATURE_HTTPD_SETUID(const char *s_ugid = NULL;)
2671 IF_FEATURE_HTTPD_SETUID(struct bb_uidgid_t ugid;)
2672 IF_FEATURE_HTTPD_AUTH_MD5(const char *pass;)
Eric Andersen35e643b2003-07-28 07:40:39 +00002673
Denis Vlasenko073214f2007-08-17 19:20:07 +00002674 INIT_G();
2675
Denis Vlasenkofcdb00f2006-11-21 00:09:37 +00002676#if ENABLE_LOCALE_SUPPORT
2677 /* Undo busybox.c: we want to speak English in http (dates etc) */
2678 setlocale(LC_TIME, "C");
2679#endif
2680
Denis Vlasenko77e44d62007-06-09 23:49:05 +00002681 home_httpd = xrealloc_getcwd_or_warn(NULL);
2682 /* We do not "absolutize" path given by -h (home) opt.
Denis Vlasenko6bf05cf2008-05-07 12:18:48 +00002683 * If user gives relative path in -h,
2684 * $SCRIPT_FILENAME will not be set. */
Denys Vlasenko22542ec2017-08-08 21:55:02 +02002685 opt = getopt32(argv, "^"
2686 "c:d:h:"
Denis Vlasenko5e34ff22009-04-21 11:09:40 +00002687 IF_FEATURE_HTTPD_ENCODE_URL_STR("e:")
2688 IF_FEATURE_HTTPD_BASIC_AUTH("r:")
2689 IF_FEATURE_HTTPD_AUTH_MD5("m:")
2690 IF_FEATURE_HTTPD_SETUID("u:")
Denys Vlasenko22542ec2017-08-08 21:55:02 +02002691 "p:ifv"
2692 "\0"
2693 /* -v counts, -i implies -f */
2694 "vv:if",
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +00002695 &opt_c_configFile, &url_for_decode, &home_httpd
Denis Vlasenko5e34ff22009-04-21 11:09:40 +00002696 IF_FEATURE_HTTPD_ENCODE_URL_STR(, &url_for_encode)
2697 IF_FEATURE_HTTPD_BASIC_AUTH(, &g_realm)
2698 IF_FEATURE_HTTPD_AUTH_MD5(, &pass)
2699 IF_FEATURE_HTTPD_SETUID(, &s_ugid)
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00002700 , &bind_addr_or_port
Denis Vlasenko384b1d12007-08-14 16:55:01 +00002701 , &verbose
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002702 );
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002703 if (opt & OPT_DECODE_URL) {
Denys Vlasenkodd1061b2011-09-11 21:04:02 +02002704 fputs(percent_decode_in_place(url_for_decode, /*strict:*/ 0), stdout);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002705 return 0;
2706 }
Denis Vlasenko55a99402006-09-30 20:41:44 +00002707#if ENABLE_FEATURE_HTTPD_ENCODE_URL_STR
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002708 if (opt & OPT_ENCODE_URL) {
Denis Vlasenko367960b2007-08-18 14:20:21 +00002709 fputs(encodeString(url_for_encode), stdout);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002710 return 0;
2711 }
Glenn L McGrath06e95652003-02-09 06:51:14 +00002712#endif
Denis Vlasenko55a99402006-09-30 20:41:44 +00002713#if ENABLE_FEATURE_HTTPD_AUTH_MD5
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002714 if (opt & OPT_MD5) {
Denys Vlasenkodbc6a7a2009-12-16 02:28:50 +01002715 char salt[sizeof("$1$XXXXXXXX")];
2716 salt[0] = '$';
2717 salt[1] = '1';
2718 salt[2] = '$';
Denys Vlasenko12a43272011-05-13 03:19:01 +02002719 crypt_make_salt(salt + 3, 4);
Pascal Bellard72917552011-11-29 13:51:11 +01002720 puts(pw_encrypt(pass, salt, /*cleanup:*/ 0));
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002721 return 0;
Glenn L McGrath06e95652003-02-09 06:51:14 +00002722 }
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002723#endif
Denis Vlasenko55a99402006-09-30 20:41:44 +00002724#if ENABLE_FEATURE_HTTPD_SETUID
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002725 if (opt & OPT_SETUID) {
Bernhard Reutner-Fischerd73cbd32008-07-21 14:41:33 +00002726 xget_uidgid(&ugid, s_ugid);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002727 }
Glenn L McGrath06e95652003-02-09 06:51:14 +00002728#endif
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002729
Denis Vlasenko367960b2007-08-18 14:20:21 +00002730#if !BB_MMU
2731 if (!(opt & OPT_FOREGROUND)) {
2732 bb_daemonize_or_rexec(0, argv); /* don't change current directory */
2733 }
2734#endif
2735
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002736 xchdir(home_httpd);
Denis Vlasenko0871bc82006-11-16 16:17:02 +00002737 if (!(opt & OPT_INETD)) {
Denis Vlasenko6536a9b2007-01-12 10:35:23 +00002738 signal(SIGCHLD, SIG_IGN);
Denis Vlasenko77e44d62007-06-09 23:49:05 +00002739 server_socket = openServer();
Denis Vlasenko0871bc82006-11-16 16:17:02 +00002740#if ENABLE_FEATURE_HTTPD_SETUID
2741 /* drop privileges */
2742 if (opt & OPT_SETUID) {
2743 if (ugid.gid != (gid_t)-1) {
2744 if (setgroups(1, &ugid.gid) == -1)
Denis Vlasenko8e858e22007-03-07 09:35:43 +00002745 bb_perror_msg_and_die("setgroups");
Denis Vlasenko0871bc82006-11-16 16:17:02 +00002746 xsetgid(ugid.gid);
2747 }
2748 xsetuid(ugid.uid);
Denis Vlasenkode59c0f2006-10-05 22:50:22 +00002749 }
Glenn L McGrath58c708a2003-01-05 04:01:56 +00002750#endif
Denis Vlasenko0871bc82006-11-16 16:17:02 +00002751 }
Glenn L McGrath06e95652003-02-09 06:51:14 +00002752
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00002753#if 0
Denis Vlasenko2535f122007-09-15 13:28:30 +00002754 /* User can do it himself: 'env - PATH="$PATH" httpd'
2755 * We don't do it because we don't want to screw users
2756 * which want to do
Denis Vlasenkof74194e2007-10-18 12:54:39 +00002757 * 'env - VAR1=val1 VAR2=val2 httpd'
Denis Vlasenko2535f122007-09-15 13:28:30 +00002758 * and have VAR1 and VAR2 values visible in their CGIs.
2759 * Besides, it is also smaller. */
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002760 {
2761 char *p = getenv("PATH");
Denis Vlasenkoc4523c22008-03-28 02:24:59 +00002762 /* env strings themself are not freed, no need to xstrdup(p): */
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002763 clearenv();
2764 if (p)
Denis Vlasenko77e44d62007-06-09 23:49:05 +00002765 putenv(p - 5);
Denis Vlasenko9611cb12007-08-18 14:18:43 +00002766// if (!(opt & OPT_INETD))
2767// setenv_long("SERVER_PORT", ???);
Denis Vlasenko8b8c75e2006-09-26 10:07:41 +00002768 }
Glenn L McGrathfe538ba2003-09-10 23:35:45 +00002769#endif
2770
Denis Vlasenko1cf4a0e2009-04-22 13:49:16 +00002771 parse_conf(DEFAULT_PATH_HTTPD_CONF, FIRST_PARSE);
Denis Vlasenko1cbfd982009-02-04 23:43:44 +00002772 if (!(opt & OPT_INETD))
2773 signal(SIGHUP, sighup_handler);
Denis Vlasenko367960b2007-08-18 14:20:21 +00002774
Denis Vlasenkofeac3ce2007-08-17 19:20:39 +00002775 xfunc_error_retval = 0;
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00002776 if (opt & OPT_INETD)
Denys Vlasenko9fe8bd82018-04-07 01:13:30 +02002777 mini_httpd_inetd(); /* never returns */
Denis Vlasenko367960b2007-08-18 14:20:21 +00002778#if BB_MMU
Denis Vlasenko0871bc82006-11-16 16:17:02 +00002779 if (!(opt & OPT_FOREGROUND))
Denis Vlasenko0372f0f2007-08-14 16:50:01 +00002780 bb_daemonize(0); /* don't change current directory */
2781 mini_httpd(server_socket); /* never returns */
Denis Vlasenko56258b62007-06-23 23:14:02 +00002782#else
Denis Vlasenko367960b2007-08-18 14:20:21 +00002783 mini_httpd_nommu(server_socket, argc, argv); /* never returns */
Denis Vlasenko56258b62007-06-23 23:14:02 +00002784#endif
Denis Vlasenko367960b2007-08-18 14:20:21 +00002785 /* return 0; */
Glenn L McGrath06e95652003-02-09 06:51:14 +00002786}