Newer
Older
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
}
dst[j++] = '\0';
}
static void send_websocket_handshake(struct mg_connection *conn) {
static const char *magic = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
char buf[100], sha[20], b64_sha[sizeof(sha) * 2];
SHA1_CTX sha_ctx;
mg_snprintf(conn, buf, sizeof(buf), "%s%s",
mg_get_header(conn, "Sec-WebSocket-Key"), magic);
SHA1Init(&sha_ctx);
SHA1Update(&sha_ctx, (unsigned char *) buf, strlen(buf));
SHA1Final((unsigned char *) sha, &sha_ctx);
base64_encode((unsigned char *) sha, sizeof(sha), b64_sha);
mg_printf(conn, "%s%s%s",
"HTTP/1.1 101 Switching Protocols\r\n"
"Upgrade: websocket\r\n"
"Connection: Upgrade\r\n"
"Sec-WebSocket-Accept: ", b64_sha, "\r\n\r\n");
}
static void read_websocket(struct mg_connection *conn) {
// Pointer to the beginning of the portion of the incoming websocket message
// queue. The original websocket upgrade request is never removed,
// so the queue begins after it.
unsigned char *buf = (unsigned char *) conn->buf + conn->request_len;
Sergey Lyubka
committed
size_t i, len, mask_len, data_len, header_len, body_len;
// data points to the place where the message is stored when passed to the
// websocket_data callback. This is either mem on the stack,
// or a dynamically allocated buffer if it is too large.
Sergey Lyubka
committed
assert(conn->content_len == 0);
// Loop continuously, reading messages from the socket, invoking the callback,
// and waiting repeatedly until an error occurs.
while (!stop) {
Sergey Lyubka
committed
header_len = 0;
// body_len is the length of the entire queue in bytes
// len is the length of the current message
// data_len is the length of the current message's data payload
// header_len is the length of the current message's header
if ((body_len = conn->data_len - conn->request_len) >= 2) {
len = buf[1] & 127;
mask_len = buf[1] & 128 ? 4 : 0;
Sergey Lyubka
committed
if (len < 126 && body_len >= mask_len) {
data_len = len;
header_len = 2 + mask_len;
} else if (len == 126 && body_len >= 4 + mask_len) {
header_len = 4 + mask_len;
data_len = ((((int) buf[2]) << 8) + buf[3]);
} else if (body_len >= 10 + mask_len) {
header_len = 10 + mask_len;
data_len = (((uint64_t) htonl(* (uint32_t *) &buf[2])) << 32) +
htonl(* (uint32_t *) &buf[6]);
}
}
// Data layout is as follows:
// conn->buf buf
// v v frame1 | frame2
// |---------------------|----------------|--------------|-------
// | |<--header_len-->|<--data_len-->|
// |<-conn->request_len->|<-----body_len----------->|
// |<-------------------conn->data_len------------->|
Sergey Lyubka
committed
if (header_len > 0) {
// Allocate space to hold websocket payload
data = mem;
if (data_len > sizeof(mem) && (data = malloc(data_len)) == NULL) {
// Allocation failed, exit the loop and then close the connection
// TODO: notify user about the failure
break;
}
// Save mask and bits, otherwise it may be clobbered by memmove below
bits = buf[0];
memcpy(mask, buf + header_len - mask_len, mask_len);
Sergey Lyubka
committed
// Read frame payload into the allocated buffer.
assert(body_len >= header_len);
if (data_len + header_len > body_len) {
len = body_len - header_len;
memcpy(data, buf + header_len, len);
// TODO: handle pull error
pull_all(NULL, conn, data + len, data_len - len);
conn->data_len = conn->request_len;
Sergey Lyubka
committed
} else {
len = data_len + header_len;
memcpy(data, buf + header_len, data_len);
memmove(buf, buf + len, body_len - len);
conn->data_len -= len;
}
// Apply mask if necessary
if (mask_len > 0) {
for (i = 0; i < data_len; i++) {
Sergey Lyubka
committed
}
}
// Exit the loop if callback signalled to exit,
// or "connection close" opcode received.
if ((conn->ctx->callbacks.websocket_data != NULL &&
!conn->ctx->callbacks.websocket_data(conn, bits, data, data_len)) ||
(bits & 0xf) == 8) { // Opcode == 8, connection close
stop = 1;
Sergey Lyubka
committed
}
if (data != mem) {
free(data);
Sergey Lyubka
committed
// Not breaking the loop, process next websocket frame.
Sergey Lyubka
committed
// Buffering websocket request
if ((n = pull(NULL, conn, conn->buf + conn->data_len,
conn->buf_size - conn->data_len)) <= 0) {
break;
}
conn->data_len += n;
}
}
}
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
int mg_websocket_write(struct mg_connection* conn, int opcode,
const char *data, size_t data_len) {
unsigned char *copy;
size_t copy_len = 0;
int retval = -1;
if ((copy = (unsigned char *) malloc(data_len + 10)) == NULL) {
return -1;
}
copy[0] = 0x80 + (opcode & 0x0f);
// Frame format: http://tools.ietf.org/html/rfc6455#section-5.2
if (data_len < 126) {
// Inline 7-bit length field
copy[1] = data_len;
memcpy(copy + 2, data, data_len);
copy_len = 2 + data_len;
} else if (data_len <= 0xFFFF) {
// 16-bit length field
copy[1] = 126;
* (uint16_t *) (copy + 2) = htons(data_len);
memcpy(copy + 4, data, data_len);
copy_len = 4 + data_len;
} else {
// 64-bit length field
copy[1] = 127;
* (uint32_t *) (copy + 2) = htonl((uint64_t) data_len >> 32);
* (uint32_t *) (copy + 6) = htonl(data_len & 0xffffffff);
memcpy(copy + 10, data, data_len);
copy_len = 10 + data_len;
}
// Not thread safe
if (copy_len > 0) {
retval = mg_write(conn, copy, copy_len);
}
free(copy);
return retval;
}
static void handle_websocket_request(struct mg_connection *conn) {
const char *version = mg_get_header(conn, "Sec-WebSocket-Version");
if (version == NULL || strcmp(version, "13") != 0) {
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
send_http_error(conn, 426, "Upgrade Required", "%s", "Upgrade Required");
} else if (conn->ctx->callbacks.websocket_connect != NULL &&
conn->ctx->callbacks.websocket_connect(conn) != 0) {
// Callback has returned non-zero, do not proceed with handshake
} else {
send_websocket_handshake(conn);
if (conn->ctx->callbacks.websocket_ready != NULL) {
conn->ctx->callbacks.websocket_ready(conn);
}
read_websocket(conn);
}
}
static int is_websocket_request(const struct mg_connection *conn) {
const char *host, *upgrade, *connection, *version, *key;
host = mg_get_header(conn, "Host");
upgrade = mg_get_header(conn, "Upgrade");
connection = mg_get_header(conn, "Connection");
key = mg_get_header(conn, "Sec-WebSocket-Key");
version = mg_get_header(conn, "Sec-WebSocket-Version");
return host != NULL && upgrade != NULL && connection != NULL &&
key != NULL && version != NULL &&
mg_strcasestr(upgrade, "websocket") != NULL &&
mg_strcasestr(connection, "Upgrade") != NULL;
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
}
#endif // !USE_WEBSOCKET
static int isbyte(int n) {
return n >= 0 && n <= 255;
}
static int parse_net(const char *spec, uint32_t *net, uint32_t *mask) {
int n, a, b, c, d, slash = 32, len = 0;
if ((sscanf(spec, "%d.%d.%d.%d/%d%n", &a, &b, &c, &d, &slash, &n) == 5 ||
sscanf(spec, "%d.%d.%d.%d%n", &a, &b, &c, &d, &n) == 4) &&
isbyte(a) && isbyte(b) && isbyte(c) && isbyte(d) &&
slash >= 0 && slash < 33) {
len = n;
*net = ((uint32_t)a << 24) | ((uint32_t)b << 16) | ((uint32_t)c << 8) | d;
*mask = slash ? 0xffffffffU << (32 - slash) : 0;
}
return len;
}
static int set_throttle(const char *spec, uint32_t remote_ip, const char *uri) {
int throttle = 0;
struct vec vec, val;
uint32_t net, mask;
char mult;
double v;
while ((spec = next_option(spec, &vec, &val)) != NULL) {
mult = ',';
if (sscanf(val.ptr, "%lf%c", &v, &mult) < 1 || v < 0 ||
(lowercase(&mult) != 'k' && lowercase(&mult) != 'm' && mult != ',')) {
continue;
}
v *= lowercase(&mult) == 'k' ? 1024 : lowercase(&mult) == 'm' ? 1048576 : 1;
if (vec.len == 1 && vec.ptr[0] == '*') {
throttle = (int) v;
} else if (parse_net(vec.ptr, &net, &mask) > 0) {
if ((remote_ip & mask) == net) {
throttle = (int) v;
}
} else if (match_prefix(vec.ptr, vec.len, uri) > 0) {
throttle = (int) v;
}
}
return throttle;
}
static uint32_t get_remote_ip(const struct mg_connection *conn) {
return ntohl(* (uint32_t *) &conn->client.rsa.sin.sin_addr);
}
#ifdef USE_LUA
Sergey Lyubka
committed
#include "mod_lua.c"
#endif // USE_LUA
int mg_upload(struct mg_connection *conn, const char *destination_dir) {
const char *content_type_header, *boundary_start;
char buf[MG_BUF_LEN], path[PATH_MAX], fname[1024], boundary[100], *s;
FILE *fp;
int bl, n, i, j, headers_len, boundary_len, eof,
len = 0, num_uploaded_files = 0;
// Request looks like this:
//
// POST /upload HTTP/1.1
// Host: 127.0.0.1:8080
// Content-Length: 244894
// Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryRVr
//
// ------WebKitFormBoundaryRVr
// Content-Disposition: form-data; name="file"; filename="accum.png"
// Content-Type: image/png
//
// <89>PNG
// <PNG DATA>
// ------WebKitFormBoundaryRVr
// Extract boundary string from the Content-Type header
if ((content_type_header = mg_get_header(conn, "Content-Type")) == NULL ||
(boundary_start = mg_strcasestr(content_type_header,
"boundary=")) == NULL ||
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
(sscanf(boundary_start, "boundary=\"%99[^\"]\"", boundary) == 0 &&
sscanf(boundary_start, "boundary=%99s", boundary) == 0) ||
boundary[0] == '\0') {
return num_uploaded_files;
}
boundary_len = strlen(boundary);
bl = boundary_len + 4; // \r\n--<boundary>
for (;;) {
// Pull in headers
assert(len >= 0 && len <= (int) sizeof(buf));
while ((n = mg_read(conn, buf + len, sizeof(buf) - len)) > 0) {
len += n;
}
if ((headers_len = get_request_len(buf, len)) <= 0) {
break;
}
// Fetch file name.
fname[0] = '\0';
for (i = j = 0; i < headers_len; i++) {
if (buf[i] == '\r' && buf[i + 1] == '\n') {
buf[i] = buf[i + 1] = '\0';
// TODO(lsm): don't expect filename to be the 3rd field,
// parse the header properly instead.
sscanf(&buf[j], "Content-Disposition: %*s %*s filename=\"%1023[^\"]",
fname);
j = i + 2;
}
}
// Give up if the headers are not what we expect
if (fname[0] == '\0') {
break;
}
// Move data to the beginning of the buffer
assert(len >= headers_len);
memmove(buf, &buf[headers_len], len - headers_len);
len -= headers_len;
// We open the file with exclusive lock held. This guarantee us
// there is no other thread can save into the same file simultaneously.
fp = NULL;
// Construct destination file name. Do not allow paths to have slashes.
if ((s = strrchr(fname, '/')) == NULL &&
(s = strrchr(fname, '\\')) == NULL) {
s = fname;
// Open file in binary mode. TODO: set an exclusive lock.
snprintf(path, sizeof(path), "%s/%s", destination_dir, s);
if ((fp = fopen(path, "wb")) == NULL) {
break;
}
// Read POST data, write into file until boundary is found.
do {
len += n;
for (i = 0; i < len - bl; i++) {
if (!memcmp(&buf[i], "\r\n--", 4) &&
!memcmp(&buf[i + 4], boundary, boundary_len)) {
// Found boundary, that's the end of file data.
fwrite(buf, 1, i, fp);
memmove(buf, &buf[i + bl], len - (i + bl));
len -= i + bl;
break;
}
}
if (!eof && len > bl) {
fwrite(buf, 1, len - bl, fp);
memmove(buf, &buf[len - bl], bl);
len = bl;
}
} while (!eof && (n = mg_read(conn, buf + len, sizeof(buf) - len)) > 0);
if (eof) {
num_uploaded_files++;
if (conn->ctx->callbacks.upload != NULL) {
conn->ctx->callbacks.upload(conn, path);
}
}
}
return num_uploaded_files;
}
static int is_put_or_delete_request(const struct mg_connection *conn) {
const char *s = conn->request_info.request_method;
return s != NULL && (!strcmp(s, "PUT") ||
!strcmp(s, "DELETE") ||
!strcmp(s, "MKCOL"));
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
}
static int get_first_ssl_listener_index(const struct mg_context *ctx) {
int i, index = -1;
for (i = 0; index == -1 && i < ctx->num_listening_sockets; i++) {
index = ctx->listening_sockets[i].is_ssl ? i : -1;
}
return index;
}
static void redirect_to_https_port(struct mg_connection *conn, int ssl_index) {
char host[1025];
const char *host_header;
if ((host_header = mg_get_header(conn, "Host")) == NULL ||
sscanf(host_header, "%1024[^:]", host) == 0) {
// Cannot get host from the Host: header. Fallback to our IP address.
sockaddr_to_string(host, sizeof(host), &conn->client.lsa);
}
mg_printf(conn, "HTTP/1.1 302 Found\r\nLocation: https://%s:%d%s\r\n\r\n",
host, (int) ntohs(conn->ctx->listening_sockets[ssl_index].
lsa.sin.sin_port), conn->request_info.uri);
}
// This is the heart of the Mongoose's logic.
// This function is called when the request is read, parsed and validated,
// and Mongoose must decide what action to take: serve a file, or
// a directory, or call embedded function, etcetera.
static void handle_request(struct mg_connection *conn) {
struct mg_request_info *ri = &conn->request_info;
char path[PATH_MAX];
int uri_len, ssl_index;
struct file file = STRUCT_FILE_INITIALIZER;
if ((conn->request_info.query_string = strchr(ri->uri, '?')) != NULL) {
* ((char *) conn->request_info.query_string++) = '\0';
}
uri_len = (int) strlen(ri->uri);
mg_url_decode(ri->uri, uri_len, (char *) ri->uri, uri_len + 1, 0);
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
remove_double_dots_and_double_slashes((char *) ri->uri);
convert_uri_to_file_name(conn, path, sizeof(path), &file);
conn->throttle = set_throttle(conn->ctx->config[THROTTLE],
get_remote_ip(conn), ri->uri);
DEBUG_TRACE(("%s", ri->uri));
// Perform redirect and auth checks before calling begin_request() handler.
// Otherwise, begin_request() would need to perform auth checks and redirects.
if (!conn->client.is_ssl && conn->client.ssl_redir &&
(ssl_index = get_first_ssl_listener_index(conn->ctx)) > -1) {
redirect_to_https_port(conn, ssl_index);
} else if (!is_put_or_delete_request(conn) &&
!check_authorization(conn, path)) {
send_authorization_request(conn);
} else if (conn->ctx->callbacks.begin_request != NULL &&
conn->ctx->callbacks.begin_request(conn)) {
// Do nothing, callback has served the request
#if defined(USE_WEBSOCKET)
} else if (is_websocket_request(conn)) {
handle_websocket_request(conn);
#endif
} else if (!strcmp(ri->request_method, "OPTIONS")) {
send_options(conn);
} else if (conn->ctx->config[DOCUMENT_ROOT] == NULL) {
send_http_error(conn, 404, "Not Found", "Not Found");
} else if (is_put_or_delete_request(conn) &&
send_authorization_request(conn);
} else if (!strcmp(ri->request_method, "PUT")) {
put_file(conn, path);
} else if (!strcmp(ri->request_method, "MKCOL")) {
mkcol(conn, path);
} else if (!strcmp(ri->request_method, "DELETE")) {
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
struct de de;
memset(&de.file, 0, sizeof(de.file));
if(!mg_stat(conn, path, &de.file)) {
send_http_error(conn, 404, "Not Found", "%s", "File not found");
} else {
if(de.file.modification_time) {
if(de.file.is_directory) {
remove_directory(conn, path);
send_http_error(conn, 204, "No Content", "%s", "");
} else if (mg_remove(path) == 0) {
send_http_error(conn, 204, "No Content", "%s", "");
} else {
send_http_error(conn, 423, "Locked", "remove(%s): %s", path,
strerror(ERRNO));
}
}
else {
send_http_error(conn, 500, http_500_error, "remove(%s): %s", path,
strerror(ERRNO));
}
}
} else if ((file.membuf == NULL && file.modification_time == (time_t) 0) ||
must_hide_file(conn, path)) {
send_http_error(conn, 404, "Not Found", "%s", "File not found");
} else if (file.is_directory && ri->uri[uri_len - 1] != '/') {
mg_printf(conn, "HTTP/1.1 301 Moved Permanently\r\n"
"Location: %s/\r\n\r\n", ri->uri);
} else if (!strcmp(ri->request_method, "PROPFIND")) {
handle_propfind(conn, path, &file);
} else if (file.is_directory &&
!substitute_index_file(conn, path, sizeof(path), &file)) {
if (!mg_strcasecmp(conn->ctx->config[ENABLE_DIRECTORY_LISTING], "yes")) {
handle_directory_request(conn, path);
} else {
send_http_error(conn, 403, "Directory Listing Denied",
"Directory listing denied");
}
#ifdef USE_LUA
} else if (match_prefix("**.lp$", 6, path) > 0) {
handle_lsp_request(conn, path, &file, NULL);
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
#endif
#if !defined(NO_CGI)
} else if (match_prefix(conn->ctx->config[CGI_EXTENSIONS],
strlen(conn->ctx->config[CGI_EXTENSIONS]),
path) > 0) {
if (strcmp(ri->request_method, "POST") &&
strcmp(ri->request_method, "HEAD") &&
strcmp(ri->request_method, "GET")) {
send_http_error(conn, 501, "Not Implemented",
"Method %s is not implemented", ri->request_method);
} else {
handle_cgi_request(conn, path);
}
#endif // !NO_CGI
} else if (match_prefix(conn->ctx->config[SSI_EXTENSIONS],
strlen(conn->ctx->config[SSI_EXTENSIONS]),
path) > 0) {
handle_ssi_file_request(conn, path);
} else if (is_not_modified(conn, &file)) {
send_http_error(conn, 304, "Not Modified", "%s", "");
} else {
handle_file_request(conn, path, &file);
}
}
static void close_all_listening_sockets(struct mg_context *ctx) {
int i;
for (i = 0; i < ctx->num_listening_sockets; i++) {
closesocket(ctx->listening_sockets[i].sock);
}
free(ctx->listening_sockets);
}
static int is_valid_port(unsigned int port) {
return port > 0 && port < 0xffff;
}
// Valid listening port specification is: [ip_address:]port[s]
// Examples: 80, 443s, 127.0.0.1:3128, 1.2.3.4:8080s
// TODO(lsm): add parsing of the IPv6 address
static int parse_port_string(const struct vec *vec, struct socket *so) {
unsigned int a, b, c, d, ch, len, port;
#if defined(USE_IPV6)
char buf[100];
#endif
// MacOS needs that. If we do not zero it, subsequent bind() will fail.
// Also, all-zeroes in the socket address means binding to all addresses
// for both IPv4 and IPv6 (INADDR_ANY and IN6ADDR_ANY_INIT).
memset(so, 0, sizeof(*so));
if (sscanf(vec->ptr, "%u.%u.%u.%u:%u%n", &a, &b, &c, &d, &port, &len) == 5) {
// Bind to a specific IPv4 address, e.g. 192.168.1.5:8080
so->lsa.sin.sin_addr.s_addr = htonl((a << 24) | (b << 16) | (c << 8) | d);
so->lsa.sin.sin_port = htons((uint16_t) port);
} else if (sscanf(vec->ptr, "[%49[^]]]:%d%n", buf, &port, &len) == 2 &&
inet_pton(AF_INET6, buf, &so->lsa.sin6.sin6_addr)) {
// IPv6 address, e.g. [3ffe:2a00:100:7031::1]:8080
so->lsa.sin6.sin6_family = AF_INET6;
so->lsa.sin6.sin6_port = htons((uint16_t) port);
} else if (sscanf(vec->ptr, "%u%n", &port, &len) == 1) {
// If only port is specified, bind to IPv4, INADDR_ANY
so->lsa.sin.sin_port = htons((uint16_t) port);
} else {
port = len = 0; // Parsing failure. Make port invalid.
}
ch = vec->ptr[len]; // Next character after the port number
so->is_ssl = ch == 's';
so->ssl_redir = ch == 'r';
// Make sure the port is valid and vector ends with 's', 'r' or ','
return is_valid_port(port) &&
(ch == '\0' || ch == 's' || ch == 'r' || ch == ',');
}
static int set_ports_option(struct mg_context *ctx) {
const char *list = ctx->config[LISTENING_PORTS];
int on = 1, success = 1;
#if defined(USE_IPV6)
int off = 0;
#endif
while (success && (list = next_option(list, &vec, NULL)) != NULL) {
if (!parse_port_string(&vec, &so)) {
cry(fc(ctx), "%s: %.*s: invalid port spec. Expecting list of: %s",
__func__, (int) vec.len, vec.ptr, "[IP_ADDRESS:]PORT[s|r]");
success = 0;
} else if (so.is_ssl && ctx->ssl_ctx == NULL) {
cry(fc(ctx), "Cannot add SSL socket, is -ssl_certificate option set?");
success = 0;
} else if ((so.sock = socket(so.lsa.sa.sa_family, SOCK_STREAM, 6)) ==
INVALID_SOCKET ||
// On Windows, SO_REUSEADDR is recommended only for
// broadcast UDP sockets
setsockopt(so.sock, SOL_SOCKET, SO_REUSEADDR,
(void *) &on, sizeof(on)) != 0 ||
(so.lsa.sa.sa_family == AF_INET6 &&
setsockopt(so.sock, IPPROTO_IPV6, IPV6_V6ONLY, (void *) &off,
sizeof(off)) != 0) ||
bind(so.sock, &so.lsa.sa, so.lsa.sa.sa_family == AF_INET ?
sizeof(so.lsa.sin) : sizeof(so.lsa)) != 0 ||
cry(fc(ctx), "%s: cannot bind to %.*s: %d (%s)", __func__,
(int) vec.len, vec.ptr, ERRNO, strerror(errno));
closesocket(so.sock);
success = 0;
} else if ((ptr = (struct socket *) realloc(ctx->listening_sockets,
(ctx->num_listening_sockets + 1) *
sizeof(ctx->listening_sockets[0]))) == NULL) {
} else {
set_close_on_exec(so.sock);
ctx->listening_sockets = ptr;
ctx->listening_sockets[ctx->num_listening_sockets] = so;
ctx->num_listening_sockets++;
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
}
}
if (!success) {
close_all_listening_sockets(ctx);
}
return success;
}
static void log_header(const struct mg_connection *conn, const char *header,
FILE *fp) {
const char *header_value;
if ((header_value = mg_get_header(conn, header)) == NULL) {
(void) fprintf(fp, "%s", " -");
} else {
(void) fprintf(fp, " \"%s\"", header_value);
}
}
static void log_access(const struct mg_connection *conn) {
const struct mg_request_info *ri;
FILE *fp;
Sergey Lyubka
committed
char date[64], src_addr[IP_ADDR_STR_LEN];
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
fp = conn->ctx->config[ACCESS_LOG_FILE] == NULL ? NULL :
fopen(conn->ctx->config[ACCESS_LOG_FILE], "a+");
if (fp == NULL)
return;
strftime(date, sizeof(date), "%d/%b/%Y:%H:%M:%S %z",
localtime(&conn->birth_time));
ri = &conn->request_info;
flockfile(fp);
sockaddr_to_string(src_addr, sizeof(src_addr), &conn->client.rsa);
fprintf(fp, "%s - %s [%s] \"%s %s HTTP/%s\" %d %" INT64_FMT,
src_addr, ri->remote_user == NULL ? "-" : ri->remote_user, date,
ri->request_method ? ri->request_method : "-",
ri->uri ? ri->uri : "-", ri->http_version,
conn->status_code, conn->num_bytes_sent);
log_header(conn, "Referer", fp);
log_header(conn, "User-Agent", fp);
fputc('\n', fp);
fflush(fp);
funlockfile(fp);
fclose(fp);
}
// Verify given socket address against the ACL.
// Return -1 if ACL is malformed, 0 if address is disallowed, 1 if allowed.
static int check_acl(struct mg_context *ctx, uint32_t remote_ip) {
int allowed, flag;
uint32_t net, mask;
struct vec vec;
const char *list = ctx->config[ACCESS_CONTROL_LIST];
// If any ACL is set, deny by default
allowed = list == NULL ? '+' : '-';
while ((list = next_option(list, &vec, NULL)) != NULL) {
flag = vec.ptr[0];
if ((flag != '+' && flag != '-') ||
parse_net(&vec.ptr[1], &net, &mask) == 0) {
cry(fc(ctx), "%s: subnet must be [+|-]x.x.x.x[/x]", __func__);
return -1;
}
if (net == (remote_ip & mask)) {
allowed = flag;
}
}
return allowed == '+';
}
#if !defined(_WIN32)
static int set_uid_option(struct mg_context *ctx) {
struct passwd *pw;
const char *uid = ctx->config[RUN_AS_USER];
int success = 0;
if (uid == NULL) {
success = 1;
} else {
if ((pw = getpwnam(uid)) == NULL) {
cry(fc(ctx), "%s: unknown user [%s]", __func__, uid);
} else if (setgid(pw->pw_gid) == -1) {
cry(fc(ctx), "%s: setgid(%s): %s", __func__, uid, strerror(errno));
} else if (setuid(pw->pw_uid) == -1) {
cry(fc(ctx), "%s: setuid(%s): %s", __func__, uid, strerror(errno));
} else {
success = 1;
}
}
return success;
}
#endif // !_WIN32
#if !defined(NO_SSL)
static pthread_mutex_t *ssl_mutexes;
static int sslize(struct mg_connection *conn, SSL_CTX *s, int (*func)(SSL *)) {
return (conn->ssl = SSL_new(s)) != NULL &&
SSL_set_fd(conn->ssl, conn->client.sock) == 1 &&
func(conn->ssl) == 1;
}
// Return OpenSSL error message
static const char *ssl_error(void) {
unsigned long err;
err = ERR_get_error();
return err == 0 ? "" : ERR_error_string(err, NULL);
}
static void ssl_locking_callback(int mode, int mutex_num, const char *file,
int line) {
(void) line;
(void) file;
if (mode & 1) { // 1 is CRYPTO_LOCK
(void) pthread_mutex_lock(&ssl_mutexes[mutex_num]);
} else {
(void) pthread_mutex_unlock(&ssl_mutexes[mutex_num]);
}
}
static unsigned long ssl_id_callback(void) {
return (unsigned long) pthread_self();
}
#if !defined(NO_SSL_DL)
static int load_dll(struct mg_context *ctx, const char *dll_name,
struct ssl_func *sw) {
union {void *p; void (*fp)(void);} u;
void *dll_handle;
struct ssl_func *fp;
if ((dll_handle = dlopen(dll_name, RTLD_LAZY)) == NULL) {
cry(fc(ctx), "%s: cannot load %s", __func__, dll_name);
return 0;
}
for (fp = sw; fp->name != NULL; fp++) {
#ifdef _WIN32
// GetProcAddress() returns pointer to function
u.fp = (void (*)(void)) dlsym(dll_handle, fp->name);
#else
// dlsym() on UNIX returns void *. ISO C forbids casts of data pointers to
// function pointers. We need to use a union to make a cast.
u.p = dlsym(dll_handle, fp->name);
#endif // _WIN32
if (u.fp == NULL) {
cry(fc(ctx), "%s: %s: cannot find %s", __func__, dll_name, fp->name);
return 0;
} else {
fp->ptr = u.fp;
}
}
return 1;
}
#endif // NO_SSL_DL
// Dynamically load SSL library. Set up ctx->ssl_ctx pointer.
static int set_ssl_option(struct mg_context *ctx) {
int i, size;
const char *pem;
// If PEM file is not specified and the init_ssl callback
// is not specified, skip SSL initialization.
if ((pem = ctx->config[SSL_CERTIFICATE]) == NULL &&
ctx->callbacks.init_ssl == NULL) {
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
return 1;
}
#if !defined(NO_SSL_DL)
if (!load_dll(ctx, SSL_LIB, ssl_sw) ||
!load_dll(ctx, CRYPTO_LIB, crypto_sw)) {
return 0;
}
#endif // NO_SSL_DL
// Initialize SSL library
SSL_library_init();
SSL_load_error_strings();
if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
cry(fc(ctx), "SSL_CTX_new (server) error: %s", ssl_error());
return 0;
}
// If user callback returned non-NULL, that means that user callback has
// set up certificate itself. In this case, skip sertificate setting.
if ((ctx->callbacks.init_ssl == NULL ||
!ctx->callbacks.init_ssl(ctx->ssl_ctx, ctx->user_data)) &&
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
(SSL_CTX_use_certificate_file(ctx->ssl_ctx, pem, 1) == 0 ||
SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, pem, 1) == 0)) {
cry(fc(ctx), "%s: cannot open %s: %s", __func__, pem, ssl_error());
return 0;
}
if (pem != NULL) {
(void) SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, pem);
}
// Initialize locking callbacks, needed for thread safety.
// http://www.openssl.org/support/faq.html#PROG1
size = sizeof(pthread_mutex_t) * CRYPTO_num_locks();
if ((ssl_mutexes = (pthread_mutex_t *) malloc((size_t)size)) == NULL) {
cry(fc(ctx), "%s: cannot allocate mutexes: %s", __func__, ssl_error());
return 0;
}
for (i = 0; i < CRYPTO_num_locks(); i++) {
pthread_mutex_init(&ssl_mutexes[i], NULL);
}
CRYPTO_set_locking_callback(&ssl_locking_callback);
CRYPTO_set_id_callback(&ssl_id_callback);
return 1;
}
static void uninitialize_ssl(struct mg_context *ctx) {
int i;
if (ctx->ssl_ctx != NULL) {
CRYPTO_set_locking_callback(NULL);
for (i = 0; i < CRYPTO_num_locks(); i++) {
pthread_mutex_destroy(&ssl_mutexes[i]);
}
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_id_callback(NULL);
}
}
#endif // !NO_SSL
static int set_gpass_option(struct mg_context *ctx) {
struct file file = STRUCT_FILE_INITIALIZER;
const char *path = ctx->config[GLOBAL_PASSWORDS_FILE];
if (path != NULL && !mg_stat(fc(ctx), path, &file)) {
cry(fc(ctx), "Cannot open %s: %s", path, strerror(ERRNO));
return 0;
}
return 1;
}
static int set_acl_option(struct mg_context *ctx) {
return check_acl(ctx, (uint32_t) 0x7f000001UL) != -1;
}
static void reset_per_request_attributes(struct mg_connection *conn) {
conn->path_info = NULL;
conn->num_bytes_sent = conn->consumed_content = 0;
conn->status_code = -1;
conn->must_close = conn->request_len = conn->throttle = 0;
}
static void close_socket_gracefully(struct mg_connection *conn) {
#if defined(_WIN32)
char buf[MG_BUF_LEN];
int n;
#endif
struct linger linger;
// Set linger option to avoid socket hanging out after close. This prevent
// ephemeral port exhaust problem under high QPS.
linger.l_onoff = 1;
linger.l_linger = 1;
setsockopt(conn->client.sock, SOL_SOCKET, SO_LINGER,
(char *) &linger, sizeof(linger));
// Send FIN to the client
shutdown(conn->client.sock, SHUT_WR);
set_non_blocking_mode(conn->client.sock);
#if defined(_WIN32)
// Read and discard pending incoming data. If we do not do that and close the
// socket, the data in the send buffer may be discarded. This
// behaviour is seen on Windows, when client keeps sending data
// when server decides to close the connection; then when client
// does recv() it gets no data back.
do {
n = pull(NULL, conn, buf, sizeof(buf));
} while (n > 0);
#endif
// Now we know that our FIN is ACK-ed, safe to close
closesocket(conn->client.sock);
}
static void close_connection(struct mg_connection *conn) {
conn->must_close = 1;
#ifndef NO_SSL
if (conn->ssl != NULL) {
// Run SSL_shutdown twice to ensure completly close SSL connection
SSL_shutdown(conn->ssl);
if (conn->client.sock != INVALID_SOCKET) {
close_socket_gracefully(conn);
conn->client.sock = INVALID_SOCKET;
}
}
void mg_close_connection(struct mg_connection *conn) {
#ifndef NO_SSL
if (conn->client_ssl_ctx != NULL) {
SSL_CTX_free((SSL_CTX *) conn->client_ssl_ctx);
}
#endif
close_connection(conn);
free(conn);
}
struct mg_connection *mg_connect(const char *host, int port, int use_ssl,
char *ebuf, size_t ebuf_len) {
static struct mg_context fake_ctx;
struct mg_connection *conn = NULL;
if ((sock = conn2(host, port, use_ssl, ebuf, ebuf_len)) == INVALID_SOCKET) {
} else if ((conn = (struct mg_connection *)
calloc(1, sizeof(*conn) + MAX_REQUEST_SIZE)) == NULL) {
snprintf(ebuf, ebuf_len, "calloc(): %s", strerror(ERRNO));
closesocket(sock);
} else if (use_ssl && (conn->client_ssl_ctx =
SSL_CTX_new(SSLv23_client_method())) == NULL) {
snprintf(ebuf, ebuf_len, "SSL_CTX_new error");
closesocket(sock);
free(conn);
conn = NULL;
socklen_t len = sizeof(struct sockaddr);
conn->buf_size = MAX_REQUEST_SIZE;
conn->buf = (char *) (conn + 1);
conn->ctx = &fake_ctx;
conn->client.sock = sock;
getsockname(sock, &conn->client.rsa.sa, &len);
conn->client.is_ssl = use_ssl;
if (use_ssl) {
// SSL_CTX_set_verify call is needed to switch off server certificate
// checking, which is off by default in OpenSSL and on in yaSSL.
SSL_CTX_set_verify(conn->client_ssl_ctx, 0, 0);
sslize(conn, conn->client_ssl_ctx, SSL_connect);
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983
4984
4985
4986
4987
4988
4989
4990
4991
4992
4993
}
return conn;
}
static int is_valid_uri(const char *uri) {
// Conform to http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
// URI can be an asterisk (*) or should start with slash.
return uri[0] == '/' || (uri[0] == '*' && uri[1] == '\0');
}
static int getreq(struct mg_connection *conn, char *ebuf, size_t ebuf_len) {
const char *cl;
ebuf[0] = '\0';
reset_per_request_attributes(conn);
conn->request_len = read_request(NULL, conn, conn->buf, conn->buf_size,
&conn->data_len);
assert(conn->request_len < 0 || conn->data_len >= conn->request_len);
if (conn->request_len == 0 && conn->data_len == conn->buf_size) {
snprintf(ebuf, ebuf_len, "%s", "Request Too Large");
} else if (conn->request_len <= 0) {
snprintf(ebuf, ebuf_len, "%s", "Client closed connection");
} else if (parse_http_message(conn->buf, conn->buf_size,
&conn->request_info) <= 0) {
snprintf(ebuf, ebuf_len, "Bad request: [%.*s]", conn->data_len, conn->buf);
} else {
// Request is valid