diff options
Diffstat (limited to 'source4/web_server/esp.c')
| -rw-r--r-- | source4/web_server/esp.c | 1030 |
1 files changed, 1030 insertions, 0 deletions
diff --git a/source4/web_server/esp.c b/source4/web_server/esp.c new file mode 100644 index 0000000000..901a1558c4 --- /dev/null +++ b/source4/web_server/esp.c @@ -0,0 +1,1030 @@ +/* + Unix SMB/CIFS implementation. + + http handling code + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "smbd/service_task.h" +#include "web_server/web_server.h" +#include "smbd/service_stream.h" +#include "smbd/service.h" +#include "lib/events/events.h" +#include "system/time.h" +#include "system/wait.h" +#include "lib/appweb/esp/esp.h" +#include "lib/appweb/ejs/ejsInternal.h" +#include "lib/util/dlinklist.h" +#include "lib/tls/tls.h" +#include "scripting/ejs/smbcalls.h" +#include "param/param.h" + +#define SAMBA_SESSION_KEY "SambaSessionId" +#define HTTP_PREAUTH_URI "/scripting/preauth.esp" + +/* state of the esp subsystem for a specific request */ +struct esp_state { + struct websrv_context *web; + struct EspRequest *req; + struct MprVar variables[ESP_OBJ_MAX]; + struct session_data *session; +}; + +/* + output the http headers +*/ +static void http_output_headers(struct websrv_context *web) +{ + int i; + char *s; + DATA_BLOB b; + uint32_t content_length = 0; + const char *response_string = "Unknown Code"; + const struct { + unsigned code; + const char *response_string; + } codes[] = { + { 200, "OK" }, + { 301, "Moved" }, + { 302, "Found" }, + { 303, "Method" }, + { 304, "Not Modified" }, + { 400, "Bad request" }, + { 401, "Unauthorized" }, + { 403, "Forbidden" }, + { 404, "Not Found" }, + { 500, "Internal Server Error" }, + { 501, "Not implemented" } + }; + for (i=0;i<ARRAY_SIZE(codes);i++) { + if (codes[i].code == web->output.response_code) { + response_string = codes[i].response_string; + } + } + + if (web->output.headers == NULL) return; + s = talloc_asprintf(web, "HTTP/1.0 %u %s\r\n", + web->output.response_code, response_string); + if (s == NULL) return; + for (i=0;web->output.headers[i];i++) { + s = talloc_asprintf_append_buffer(s, "%s\r\n", web->output.headers[i]); + } + + /* work out the content length */ + content_length = web->output.content.length; + if (web->output.fd != -1) { + struct stat st; + fstat(web->output.fd, &st); + content_length += st.st_size; + } + s = talloc_asprintf_append_buffer(s, "Content-Length: %u\r\n\r\n", content_length); + if (s == NULL) return; + + b = web->output.content; + web->output.content = data_blob_string_const(s); + data_blob_append(web, &web->output.content, b.data, b.length); + data_blob_free(&b); +} + +/* + return the local path for a URL +*/ +static const char *http_local_path(struct websrv_context *web, + const char *url, + const char *base_dir) +{ + int i; + char *path; + + /* check that the url is OK */ + if (url[0] != '/') return NULL; + + for (i=0;url[i];i++) { + if ((!isalnum((unsigned char)url[i]) && !strchr("./_-", url[i])) || + (url[i] == '.' && strchr("/.", url[i+1]))) { + return NULL; + } + } + + path = talloc_asprintf(web, "%s/%s", base_dir, url+1); + if (path == NULL) return NULL; + + if (directory_exist(path)) { + path = talloc_asprintf_append_buffer(path, "/index.esp"); + } + return path; +} + +/* + called when esp wants to read a file to support include() calls +*/ +static int http_readFile(EspHandle handle, + char **buf, + int *len, + const char *path, + const char *base_dir) +{ + struct websrv_context *web = talloc_get_type(handle, + struct websrv_context); + int fd = -1; + struct stat st; + *buf = NULL; + + path = http_local_path(web, path, base_dir); + if (path == NULL) goto failed; + + fd = open(path, O_RDONLY); + if (fd == -1 || fstat(fd, &st) != 0 || !S_ISREG(st.st_mode)) goto failed; + + *buf = talloc_array(handle, char, st.st_size+1); + if (*buf == NULL) goto failed; + + if (read(fd, *buf, st.st_size) != st.st_size) goto failed; + + (*buf)[st.st_size] = 0; + + close(fd); + *len = st.st_size; + return 0; + +failed: + DEBUG(0,("Failed to read file %s - %s\n", path, strerror(errno))); + if (fd != -1) close(fd); + talloc_free(*buf); + *buf = NULL; + return -1; +} + +static int http_readFileFromSwatDir(EspHandle handle, char **buf, int *len, + const char *path) +{ + return http_readFile(handle, buf, len, path, + lp_swat_directory(global_loadparm)); +} + + + +/* + called when esp wants to find the real path of a file +*/ +static int http_mapToStorage(EspHandle handle, char *path, int len, const char *uri, int flags) +{ + if (uri == NULL || strlen(uri) >= len) return -1; + strncpy(path, uri, len); + return 0; +} + +/* + called when esp wants to output something +*/ +static int http_writeBlock(EspHandle handle, const char *buf, int size) +{ + struct websrv_context *web = talloc_get_type(handle, struct websrv_context); + if (!data_blob_append(web, &web->output.content, buf, size)) + return -1; + return size; +} + + +/* + set a http header +*/ +static void http_setHeader(EspHandle handle, const char *value, bool allowMultiple) +{ + struct websrv_context *web = talloc_get_type(handle, struct websrv_context); + char *p = strchr(value, ':'); + + if (p && !allowMultiple && web->output.headers) { + int i; + for (i=0;web->output.headers[i];i++) { + if (strncmp(web->output.headers[i], value, (p+1)-value) == 0) { + web->output.headers[i] = talloc_strdup(web, value); + return; + } + } + } + + web->output.headers = str_list_add(web->output.headers, value); + talloc_steal(web, web->output.headers); +} + +/* + set a http response code +*/ +static void http_setResponseCode(EspHandle handle, int code) +{ + struct websrv_context *web = talloc_get_type(handle, struct websrv_context); + web->output.response_code = code; +} + +/* + redirect to another web page + */ +static void http_redirect(EspHandle handle, int code, char *url) +{ + struct websrv_context *web = talloc_get_type(handle, struct websrv_context); + const char *host = web->input.host; + + /* form the full url, unless it already looks like a url */ + if (strchr(url, ':') == NULL) { + if (host == NULL) { + struct socket_address *socket_address = socket_get_my_addr(web->conn->socket, web); + if (socket_address == NULL) goto internal_error; + host = talloc_asprintf(web, "%s:%u", + socket_address->addr, socket_address->port); + } + if (host == NULL) goto internal_error; + if (url[0] != '/') { + char *p = strrchr(web->input.url, '/'); + if (p == web->input.url) { + url = talloc_asprintf(web, "http%s://%s/%s", + tls_enabled(web->conn->socket)?"s":"", + host, url); + } else { + int dirlen = p - web->input.url; + url = talloc_asprintf(web, "http%s://%s%*.*s/%s", + tls_enabled(web->conn->socket)?"s":"", + host, + dirlen, dirlen, web->input.url, + url); + } + if (url == NULL) goto internal_error; + } + } + + http_setHeader(handle, talloc_asprintf(web, "Location: %s", url), 0); + + /* make sure we give a valid redirect code */ + if (code >= 300 && code < 400) { + http_setResponseCode(handle, code); + } else { + http_setResponseCode(handle, 302); + } + return; + +internal_error: + http_error(web, 500, "Internal server error"); +} + + +/* + setup a cookie +*/ +static void http_setCookie(EspHandle handle, const char *name, const char *value, + int lifetime, const char *path, bool secure) +{ + struct websrv_context *web = talloc_get_type(handle, struct websrv_context); + char *buf; + + if (lifetime > 0) { + buf = talloc_asprintf(web, "Set-Cookie: %s=%s; path=%s; Expires=%s; %s", + name, value, path?path:"/", + http_timestring(web, time(NULL)+lifetime), + secure?"secure":""); + } else { + buf = talloc_asprintf(web, "Set-Cookie: %s=%s; path=%s; %s", + name, value, path?path:"/", + secure?"secure":""); + } + http_setHeader(handle, "Cache-control: no-cache=\"set-cookie\"", 0); + http_setHeader(handle, buf, 0); + talloc_free(buf); +} + +/* + return the session id +*/ +static const char *http_getSessionId(EspHandle handle) +{ + struct websrv_context *web = talloc_get_type(handle, struct websrv_context); + return web->session->id; +} + +/* + setup a session +*/ +static void http_createSession(EspHandle handle, int timeout) +{ + struct websrv_context *web = talloc_get_type(handle, struct websrv_context); + if (web->session) { + web->session->lifetime = timeout; + http_setCookie(web, SAMBA_SESSION_KEY, web->session->id, + web->session->lifetime, "/", 0); + } +} + +/* + destroy a session +*/ +static void http_destroySession(EspHandle handle) +{ + struct websrv_context *web = talloc_get_type(handle, struct websrv_context); + talloc_free(web->session); + web->session = NULL; +} + + +/* + setup for a raw http level error +*/ +void http_error(struct websrv_context *web, int code, const char *info) +{ + char *s; + s = talloc_asprintf(web,"<HTML><HEAD><TITLE>Error %u</TITLE></HEAD><BODY><H1>Error %u</H1><pre>%s</pre><p></BODY></HTML>\r\n\r\n", + code, code, info); + if (s == NULL) { + stream_terminate_connection(web->conn, "http_error: out of memory"); + return; + } + http_writeBlock(web, s, strlen(s)); + http_setResponseCode(web, code); + http_output_headers(web); + EVENT_FD_NOT_READABLE(web->conn->event.fde); + EVENT_FD_WRITEABLE(web->conn->event.fde); + web->output.output_pending = true; +} + +/* + map a unix error code to a http error +*/ +void http_error_unix(struct websrv_context *web, const char *info) +{ + int code = 500; + switch (errno) { + case ENOENT: + case EISDIR: + code = 404; + break; + case EACCES: + code = 403; + break; + } + info = talloc_asprintf(web, "%s<p>%s<p>\n", info, strerror(errno)); + http_error(web, code, info); +} + + +/* + a simple file request +*/ +static void http_simple_request(struct websrv_context *web) +{ + const char *url = web->input.url; + const char *path; + struct stat st; + + path = http_local_path(web, url, lp_swat_directory(web->task->lp_ctx)); + if (path == NULL) goto invalid; + + /* looks ok */ + web->output.fd = open(path, O_RDONLY); + if (web->output.fd == -1) { + DEBUG(0,("Failed to read file %s - %s\n", path, strerror(errno))); + http_error_unix(web, path); + return; + } + + if (fstat(web->output.fd, &st) != 0 || !S_ISREG(st.st_mode)) { + close(web->output.fd); + goto invalid; + } + + return; + +invalid: + http_error(web, 400, "Malformed URL"); +} + +/* + setup the standard ESP arrays +*/ +static void http_setup_arrays(struct esp_state *esp) +{ + struct websrv_context *web = esp->web; + struct esp_data *edata = talloc_get_type(web->task->private, struct esp_data); + struct EspRequest *req = esp->req; + struct socket_address *socket_address = socket_get_my_addr(web->conn->socket, esp); + struct socket_address *peer_address = socket_get_peer_addr(web->conn->socket, esp); + char *p; + +#define SETVAR(type, name, value) do { \ + const char *v = value; \ + if (v) espSetStringVar(req, type, name, v); \ +} while (0) + + SETVAR(ESP_REQUEST_OBJ, "CONTENT_LENGTH", + talloc_asprintf(esp, "%u", web->input.content_length)); + SETVAR(ESP_REQUEST_OBJ, "QUERY_STRING", web->input.query_string); + SETVAR(ESP_REQUEST_OBJ, "POST_DATA", + talloc_strndup(esp, + web->input.partial.data, + web->input.partial.length)); + SETVAR(ESP_REQUEST_OBJ, "REQUEST_METHOD", web->input.post_request?"POST":"GET"); + SETVAR(ESP_REQUEST_OBJ, "REQUEST_URI", web->input.url); + p = strrchr(web->input.url, '/'); + SETVAR(ESP_REQUEST_OBJ, "SCRIPT_NAME", p+1); + SETVAR(ESP_REQUEST_OBJ, "SCRIPT_FILENAME", web->input.url); + if (peer_address) { + struct MprVar mpv = mprObject("socket_address"); + mprSetPtrChild(&mpv, "socket_address", peer_address); + espSetVar(req, ESP_REQUEST_OBJ, "REMOTE_SOCKET_ADDRESS", mpv); + SETVAR(ESP_REQUEST_OBJ, "REMOTE_ADDR", peer_address->addr); + } + p = socket_get_peer_name(web->conn->socket, esp); + SETVAR(ESP_REQUEST_OBJ, "REMOTE_HOST", p); + SETVAR(ESP_REQUEST_OBJ, "REMOTE_USER", ""); + SETVAR(ESP_REQUEST_OBJ, "CONTENT_TYPE", web->input.content_type); + if (web->session) { + SETVAR(ESP_REQUEST_OBJ, "SESSION_ID", web->session->id); + } + SETVAR(ESP_REQUEST_OBJ, "COOKIE_SUPPORT", web->input.cookie?"true":"false"); + + SETVAR(ESP_HEADERS_OBJ, "HTTP_REFERER", web->input.referer); + SETVAR(ESP_HEADERS_OBJ, "HOST", web->input.host); + SETVAR(ESP_HEADERS_OBJ, "ACCEPT_ENCODING", web->input.accept_encoding); + SETVAR(ESP_HEADERS_OBJ, "ACCEPT_LANGUAGE", web->input.accept_language); + SETVAR(ESP_HEADERS_OBJ, "ACCEPT_CHARSET", web->input.accept_charset); + SETVAR(ESP_HEADERS_OBJ, "COOKIE", web->input.cookie); + SETVAR(ESP_HEADERS_OBJ, "USER_AGENT", web->input.user_agent); + + if (socket_address) { + SETVAR(ESP_SERVER_OBJ, "SERVER_ADDR", socket_address->addr); + SETVAR(ESP_SERVER_OBJ, "SERVER_NAME", socket_address->addr); + SETVAR(ESP_SERVER_OBJ, "SERVER_HOST", socket_address->addr); + SETVAR(ESP_SERVER_OBJ, "SERVER_PORT", + talloc_asprintf(esp, "%u", socket_address->port)); + } + + SETVAR(ESP_SERVER_OBJ, "DOCUMENT_ROOT", lp_swat_directory(esp->web->task->lp_ctx)); + SETVAR(ESP_SERVER_OBJ, "SERVER_PROTOCOL", tls_enabled(web->conn->socket)?"https":"http"); + SETVAR(ESP_SERVER_OBJ, "SERVER_SOFTWARE", "SAMBA"); + SETVAR(ESP_SERVER_OBJ, "GATEWAY_INTERFACE", "CGI/1.1"); + SETVAR(ESP_SERVER_OBJ, "TLS_SUPPORT", tls_support(edata->tls_params)?"true":"false"); +} + +#if HAVE_SETJMP_H +/* the esp scripting lirary generates exceptions when + it hits a major error. We need to catch these and + report a internal server error via http +*/ +static jmp_buf ejs_exception_buf; +static const char *exception_reason; + +static void web_server_ejs_exception(const char *reason) +{ + Ejs *ep = ejsPtr(0); + if (ep) { + ejsSetErrorMsg(0, "%s", reason); + exception_reason = ep->error; + } else { + exception_reason = reason; + } + DEBUG(0,("%s", exception_reason)); + longjmp(ejs_exception_buf, -1); +} +#else +static void web_server_ejs_exception(const char *reason) +{ + DEBUG(0,("%s", reason)); + smb_panic(reason); +} +#endif + +/* + process a esp request +*/ +static void esp_request(struct esp_state *esp, const char *url) +{ + struct websrv_context *web = esp->web; + int size; + int res; + char *emsg = NULL, *buf; + + if (http_readFile(web, &buf, &size, url, lp_swat_directory(esp->web->task->lp_ctx)) != 0) { + http_error_unix(web, url); + return; + } + +#if HAVE_SETJMP_H + if (setjmp(ejs_exception_buf) != 0) { + http_error(web, 500, exception_reason); + return; + } +#endif + + res = espProcessRequest(esp->req, url, buf, &emsg); + if (res != 0 && emsg) { + http_writeBlock(web, "<pre>", 5); + http_writeBlock(web, emsg, strlen(emsg)); + http_writeBlock(web, "</pre>", 6); + } + talloc_free(buf); +} + +/* + perform pre-authentication on every page if /scripting/preauth.esp + exists. If this script generates any non-whitepace output at all, + then we don't run the requested URL. + + note that the preauth is run even for static pages such as images +*/ +static bool http_preauth(struct esp_state *esp) +{ + const char *path = http_local_path(esp->web, + HTTP_PREAUTH_URI, + lp_swat_directory(esp->web->task->lp_ctx)); + int i; + if (path == NULL) { + http_error(esp->web, 500, "Internal server error"); + return false; + } + if (!file_exist(path)) { + /* if the preath script is not installed then allow access */ + return true; + } + esp_request(esp, HTTP_PREAUTH_URI); + for (i=0;i<esp->web->output.content.length;i++) { + if (!isspace(esp->web->output.content.data[i])) { + /* if the preauth has generated content, then force it + to be html, so that we can show the login page for + failed access to images */ + http_setHeader(esp->web, "Content-Type: text/html", 0); + return false; + } + } + data_blob_free(&esp->web->output.content); + return true; +} + + +/* + handling of + and % escapes in http variables +*/ +static const char *http_unescape(TALLOC_CTX *mem_ctx, const char *p) +{ + char *s0 = talloc_strdup(mem_ctx, p); + char *s = s0; + if (s == NULL) return NULL; + + while (*s) { + unsigned v; + if (*s == '+') *s = ' '; + if (*s == '%' && sscanf(s+1, "%02x", &v) == 1) { + *s = (char)v; + memmove(s+1, s+3, strlen(s+3)+1); + } + s++; + } + + return s0; +} + +/* + set a form or GET variable +*/ +static void esp_putvar(struct esp_state *esp, const char *var, const char *value) +{ + if (strcasecmp(var, SAMBA_SESSION_KEY) == 0) { + /* special case support for browsers without cookie + support */ + esp->web->input.session_key = talloc_strdup(esp, value); + } else { + mprSetPropertyValue(&esp->variables[ESP_FORM_OBJ], + http_unescape(esp, var), + mprCreateStringVar(http_unescape(esp, value), 0)); + } +} + + +/* + parse the variables in a POST style request +*/ +static NTSTATUS http_parse_post(struct esp_state *esp) +{ + DATA_BLOB b = esp->web->input.partial; + + while (b.length) { + char *p, *line; + size_t len; + + p = memchr(b.data, '&', b.length); + if (p == NULL) { + len = b.length; + } else { + len = p - (char *)b.data; + } + line = talloc_strndup(esp, (char *)b.data, len); + NT_STATUS_HAVE_NO_MEMORY(line); + + p = strchr(line,'='); + if (p) { + *p = 0; + esp_putvar(esp, line, p+1); + } + talloc_free(line); + b.length -= len; + b.data += len; + if (b.length > 0) { + b.length--; + b.data++; + } + } + + return NT_STATUS_OK; +} + +/* + parse the variables in a GET style request +*/ +static NTSTATUS http_parse_get(struct esp_state *esp) +{ + struct websrv_context *web = esp->web; + char *p, *s, *tok; + char *pp; + + p = strchr(web->input.url, '?'); + web->input.query_string = p+1; + *p = 0; + + s = talloc_strdup(esp, esp->web->input.query_string); + NT_STATUS_HAVE_NO_MEMORY(s); + + for (tok=strtok_r(s,"&;", &pp);tok;tok=strtok_r(NULL,"&;", &pp)) { + p = strchr(tok,'='); + if (p) { + *p = 0; + esp_putvar(esp, tok, p+1); + } + } + return NT_STATUS_OK; +} + +/* + called when a session times out +*/ +static void session_timeout(struct event_context *ev, struct timed_event *te, + struct timeval t, void *private) +{ + struct session_data *s = talloc_get_type(private, struct session_data); + talloc_free(s); +} + +/* + destroy a session + */ +static int session_destructor(struct session_data *s) +{ + DLIST_REMOVE(s->edata->sessions, s); + return 0; +} + +/* + setup the session for this request +*/ +static void http_setup_session(struct esp_state *esp) +{ + const char *session_key = SAMBA_SESSION_KEY; + char *p; + const char *cookie = esp->web->input.cookie; + const char *key = NULL; + struct esp_data *edata = talloc_get_type(esp->web->task->private, struct esp_data); + struct session_data *s; + bool generated_key = false; + + /* look for our session key */ + if (cookie && (p = strstr(cookie, session_key)) && + p[strlen(session_key)] == '=') { + p += strlen(session_key)+1; + key = talloc_strndup(esp, p, strcspn(p, ";")); + } + + if (key == NULL && esp->web->input.session_key) { + key = esp->web->input.session_key; + } else if (key == NULL) { + key = generate_random_str_list(esp, 16, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"); + generated_key = true; + } + + /* try to find this session in the existing session list */ + for (s=edata->sessions;s;s=s->next) { + if (strcmp(key, s->id) == 0) { + break; + } + } + + if (s == NULL) { + /* create a new session */ + s = talloc_zero(edata, struct session_data); + s->id = talloc_steal(s, key); + s->data = NULL; + s->te = NULL; + s->edata = edata; + s->lifetime = lp_parm_int(esp->web->task->lp_ctx, NULL, "web", "sessiontimeout", 900); + DLIST_ADD(edata->sessions, s); + talloc_set_destructor(s, session_destructor); + if (!generated_key) { + mprSetPropertyValue(&esp->variables[ESP_REQUEST_OBJ], + "SESSION_EXPIRED", mprCreateStringVar("true", 0)); + } + } + + http_setCookie(esp->web, session_key, key, s->lifetime, "/", 0); + + if (s->data) { + mprCopyVar(&esp->variables[ESP_SESSION_OBJ], s->data, MPR_DEEP_COPY); + } + + esp->web->session = s; +} + + +/* callbacks for esp processing */ +static const struct Esp esp_control = { + .maxScriptSize = 60000, + .writeBlock = http_writeBlock, + .setHeader = http_setHeader, + .redirect = http_redirect, + .setResponseCode = http_setResponseCode, + .readFile = http_readFileFromSwatDir, + .mapToStorage = http_mapToStorage, + .setCookie = http_setCookie, + .createSession = http_createSession, + .destroySession = http_destroySession, + .getSessionId = http_getSessionId +}; + +/* + process a complete http request +*/ +void http_process_input(struct websrv_context *web) +{ + NTSTATUS status; + struct esp_state *esp = NULL; + struct esp_data *edata = talloc_get_type(web->task->private, struct esp_data); + struct smbcalls_context *smbcalls_ctx; + char *p; + void *save_mpr_ctx = mprMemCtx(); + void *ejs_save = ejs_save_state(); + int i; + const char *file_type = NULL; + enum page_type { + page_type_simple, + page_type_esp + }; + enum page_type page_type; + const struct { + const char *extension; + const char *mime_type; + enum page_type page_type; + } mime_types[] = { + {"gif", "image/gif"}, + {"png", "image/png"}, + {"jpg", "image/jpeg"}, + {"txt", "text/plain"}, + {"ico", "image/x-icon"}, + {"css", "text/css"}, + {"esp", "text/html", true} + }; + + /* + * give the smbcalls a chance to find the event context + * and messaging context + */ + smbcalls_ctx = talloc(web, struct smbcalls_context); + if (smbcalls_ctx == NULL) goto internal_error; + smbcalls_ctx->event_ctx = web->conn->event.ctx; + smbcalls_ctx->msg_ctx = web->conn->msg_ctx; + + esp = talloc_zero(smbcalls_ctx, struct esp_state); + if (esp == NULL) goto internal_error; + + esp->web = web; + + mprSetCtx(esp); + + if (espOpen(&esp_control) != 0) goto internal_error; + + for (i=0;i<ARRAY_SIZE(esp->variables);i++) { + esp->variables[i] = mprCreateUndefinedVar(); + } + esp->variables[ESP_HEADERS_OBJ] = mprCreateObjVar("headers", ESP_HASH_SIZE); + esp->variables[ESP_FORM_OBJ] = mprCreateObjVar("form", ESP_HASH_SIZE); + esp->variables[ESP_APPLICATION_OBJ] = mprCreateObjVar("application", ESP_HASH_SIZE); + esp->variables[ESP_COOKIES_OBJ] = mprCreateObjVar("cookies", ESP_HASH_SIZE); + esp->variables[ESP_FILES_OBJ] = mprCreateObjVar("files", ESP_HASH_SIZE); + esp->variables[ESP_REQUEST_OBJ] = mprCreateObjVar("request", ESP_HASH_SIZE); + esp->variables[ESP_SERVER_OBJ] = mprCreateObjVar("server", ESP_HASH_SIZE); + esp->variables[ESP_SESSION_OBJ] = mprCreateObjVar("session", ESP_HASH_SIZE); + + if (edata->application_data) { + mprCopyVar(&esp->variables[ESP_APPLICATION_OBJ], + edata->application_data, MPR_DEEP_COPY); + } + + smb_setup_ejs_functions(web_server_ejs_exception); + + if (web->input.url == NULL) { + http_error(web, 400, "You must specify a GET or POST request"); + mprSetCtx(save_mpr_ctx); + ejs_restore_state(ejs_save); + return; + } + + /* parse any form or get variables */ + if (web->input.post_request) { + status = http_parse_post(esp); + if (!NT_STATUS_IS_OK(status)) { + http_error(web, 400, "Malformed POST data"); + mprSetCtx(save_mpr_ctx); + ejs_restore_state(ejs_save); + return; + } + } + if (strchr(web->input.url, '?')) { + status = http_parse_get(esp); + if (!NT_STATUS_IS_OK(status)) { + http_error(web, 400, "Malformed GET data"); + mprSetCtx(save_mpr_ctx); + ejs_restore_state(ejs_save); + return; + } + } + + http_setup_session(esp); + + esp->req = espCreateRequest(web, web->input.url, esp->variables); + if (esp->req == NULL) goto internal_error; + + p = strrchr(web->input.url, '.'); + if (p == NULL) { + page_type = page_type_esp; + file_type = "text/html"; + } + for (i=0;p && i<ARRAY_SIZE(mime_types);i++) { + if (strcmp(mime_types[i].extension, p+1) == 0) { + page_type = mime_types[i].page_type; + file_type = mime_types[i].mime_type; + } + } + if (file_type == NULL) { + page_type = page_type_simple; + file_type = "text/html"; + } + + /* setup basic headers */ + http_setResponseCode(web, 200); + http_setHeader(web, talloc_asprintf(esp, "Date: %s", + http_timestring(esp, time(NULL))), 0); + http_setHeader(web, "Server: Samba", 0); + http_setHeader(web, "Connection: close", 0); + http_setHeader(web, talloc_asprintf(esp, "Content-Type: %s", file_type), 0); + + http_setup_arrays(esp); + + /* + * Do pre-authentication. If pre-authentication succeeds, do + * page-type-specific processing. + */ + switch(page_type) + { + case page_type_simple: + if (http_preauth(esp)) { + http_simple_request(web); + } + break; + + case page_type_esp: + if (http_preauth(esp)) { + esp_request(esp, web->input.url); + } + break; + } + + if (web->conn == NULL) { + /* the connection has been terminated above us, probably + via a timeout */ + goto internal_error; + } + + if (!web->output.output_pending) { + http_output_headers(web); + EVENT_FD_WRITEABLE(web->conn->event.fde); + web->output.output_pending = true; + } + + /* copy any application data to long term storage in edata */ + talloc_free(edata->application_data); + edata->application_data = talloc_zero(edata, struct MprVar); + mprSetCtx(edata->application_data); + mprCopyVar(edata->application_data, &esp->variables[ESP_APPLICATION_OBJ], + MPR_DEEP_COPY); + mprSetCtx(esp); + + /* copy any session data */ + if (web->session) { + talloc_free(web->session->data); + web->session->data = talloc_zero(web->session, struct MprVar); + if (esp->variables[ESP_SESSION_OBJ].properties == NULL || + esp->variables[ESP_SESSION_OBJ].properties[0].numItems == 0) { + talloc_free(web->session); + web->session = NULL; + } else { + mprSetCtx(web->session->data); + mprCopyVar(web->session->data, &esp->variables[ESP_SESSION_OBJ], + MPR_DEEP_COPY); + /* setup the timeout for the session data */ + mprSetCtx(esp); + talloc_free(web->session->te); + web->session->te = event_add_timed(web->conn->event.ctx, web->session, + timeval_current_ofs(web->session->lifetime, 0), + session_timeout, web->session); + } + } + + talloc_free(esp); + mprSetCtx(save_mpr_ctx); + ejs_restore_state(ejs_save); + return; + +internal_error: + mprSetCtx(esp); + talloc_free(esp); + if (web->conn != NULL) { + http_error(web, 500, "Internal server error"); + } + mprSetCtx(save_mpr_ctx); + ejs_restore_state(ejs_save); +} + + +/* + parse one line of header input +*/ +NTSTATUS http_parse_header(struct websrv_context *web, const char *line) +{ + if (line[0] == 0) { + web->input.end_of_headers = true; + } else if (strncasecmp(line,"GET ", 4)==0) { + web->input.url = talloc_strndup(web, &line[4], strcspn(&line[4], " \t")); + } else if (strncasecmp(line,"POST ", 5)==0) { + web->input.post_request = true; + web->input.url = talloc_strndup(web, &line[5], strcspn(&line[5], " \t")); + } else if (strchr(line, ':') == NULL) { + http_error(web, 400, "This server only accepts GET and POST requests"); + return NT_STATUS_INVALID_PARAMETER; + } else if (strncasecmp(line,"Content-Length: ", 16)==0) { + web->input.content_length = strtoul(&line[16], NULL, 10); + } else { +#define PULL_HEADER(v, s) do { \ + if (strncmp(line, s, strlen(s)) == 0) { \ + web->input.v = talloc_strdup(web, &line[strlen(s)]); \ + return NT_STATUS_OK; \ + } \ +} while (0) + PULL_HEADER(content_type, "Content-Type: "); + PULL_HEADER(user_agent, "User-Agent: "); + PULL_HEADER(referer, "Referer: "); + PULL_HEADER(host, "Host: "); + PULL_HEADER(accept_encoding, "Accept-Encoding: "); + PULL_HEADER(accept_language, "Accept-Language: "); + PULL_HEADER(accept_charset, "Accept-Charset: "); + PULL_HEADER(cookie, "Cookie: "); + } + + /* ignore all other headers for now */ + return NT_STATUS_OK; +} + + +/* + setup the esp processor - called at task initialisation +*/ +struct esp_data *http_setup_esp(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +{ + struct esp_data *edata; + + edata = talloc_zero(mem_ctx, struct esp_data); + if (edata == NULL) + return NULL; + + edata->tls_params = tls_initialise(edata, lp_ctx); + if (edata->tls_params == NULL) + return NULL; + + return edata; +} |