summaryrefslogtreecommitdiff
path: root/source4/web_server/http.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/web_server/http.c')
-rw-r--r--source4/web_server/http.c1030
1 files changed, 0 insertions, 1030 deletions
diff --git a/source4/web_server/http.c b/source4/web_server/http.c
deleted file mode 100644
index bd6efa9262..0000000000
--- a/source4/web_server/http.c
+++ /dev/null
@@ -1,1030 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- http handling code
-
- Copyright (C) Andrew Tridgell 2005
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "smbd/service_task.h"
-#include "web_server/web_server.h"
-#include "smbd/service_stream.h"
-#include "smbd/service.h"
-#include "lib/events/events.h"
-#include "system/time.h"
-#include "system/wait.h"
-#include "lib/appweb/esp/esp.h"
-#include "lib/appweb/ejs/ejsInternal.h"
-#include "lib/util/dlinklist.h"
-#include "lib/tls/tls.h"
-#include "scripting/ejs/smbcalls.h"
-#include "param/param.h"
-
-#define SAMBA_SESSION_KEY "SambaSessionId"
-#define HTTP_PREAUTH_URI "/scripting/preauth.esp"
-
-/* state of the esp subsystem for a specific request */
-struct esp_state {
- struct websrv_context *web;
- struct EspRequest *req;
- struct MprVar variables[ESP_OBJ_MAX];
- struct session_data *session;
-};
-
-/*
- output the http headers
-*/
-static void http_output_headers(struct websrv_context *web)
-{
- int i;
- char *s;
- DATA_BLOB b;
- uint32_t content_length = 0;
- const char *response_string = "Unknown Code";
- const struct {
- unsigned code;
- const char *response_string;
- } codes[] = {
- { 200, "OK" },
- { 301, "Moved" },
- { 302, "Found" },
- { 303, "Method" },
- { 304, "Not Modified" },
- { 400, "Bad request" },
- { 401, "Unauthorized" },
- { 403, "Forbidden" },
- { 404, "Not Found" },
- { 500, "Internal Server Error" },
- { 501, "Not implemented" }
- };
- for (i=0;i<ARRAY_SIZE(codes);i++) {
- if (codes[i].code == web->output.response_code) {
- response_string = codes[i].response_string;
- }
- }
-
- if (web->output.headers == NULL) return;
- s = talloc_asprintf(web, "HTTP/1.0 %u %s\r\n",
- web->output.response_code, response_string);
- if (s == NULL) return;
- for (i=0;web->output.headers[i];i++) {
- s = talloc_asprintf_append_buffer(s, "%s\r\n", web->output.headers[i]);
- }
-
- /* work out the content length */
- content_length = web->output.content.length;
- if (web->output.fd != -1) {
- struct stat st;
- fstat(web->output.fd, &st);
- content_length += st.st_size;
- }
- s = talloc_asprintf_append_buffer(s, "Content-Length: %u\r\n\r\n", content_length);
- if (s == NULL) return;
-
- b = web->output.content;
- web->output.content = data_blob_string_const(s);
- data_blob_append(web, &web->output.content, b.data, b.length);
- data_blob_free(&b);
-}
-
-/*
- return the local path for a URL
-*/
-static const char *http_local_path(struct websrv_context *web,
- const char *url,
- const char *base_dir)
-{
- int i;
- char *path;
-
- /* check that the url is OK */
- if (url[0] != '/') return NULL;
-
- for (i=0;url[i];i++) {
- if ((!isalnum((unsigned char)url[i]) && !strchr("./_-", url[i])) ||
- (url[i] == '.' && strchr("/.", url[i+1]))) {
- return NULL;
- }
- }
-
- path = talloc_asprintf(web, "%s/%s", base_dir, url+1);
- if (path == NULL) return NULL;
-
- if (directory_exist(path)) {
- path = talloc_asprintf_append_buffer(path, "/index.esp");
- }
- return path;
-}
-
-/*
- called when esp wants to read a file to support include() calls
-*/
-static int http_readFile(EspHandle handle,
- char **buf,
- int *len,
- const char *path,
- const char *base_dir)
-{
- struct websrv_context *web = talloc_get_type(handle,
- struct websrv_context);
- int fd = -1;
- struct stat st;
- *buf = NULL;
-
- path = http_local_path(web, path, base_dir);
- if (path == NULL) goto failed;
-
- fd = open(path, O_RDONLY);
- if (fd == -1 || fstat(fd, &st) != 0 || !S_ISREG(st.st_mode)) goto failed;
-
- *buf = talloc_array(handle, char, st.st_size+1);
- if (*buf == NULL) goto failed;
-
- if (read(fd, *buf, st.st_size) != st.st_size) goto failed;
-
- (*buf)[st.st_size] = 0;
-
- close(fd);
- *len = st.st_size;
- return 0;
-
-failed:
- DEBUG(0,("Failed to read file %s - %s\n", path, strerror(errno)));
- if (fd != -1) close(fd);
- talloc_free(*buf);
- *buf = NULL;
- return -1;
-}
-
-static int http_readFileFromSwatDir(EspHandle handle, char **buf, int *len,
- const char *path)
-{
- return http_readFile(handle, buf, len, path,
- lp_swat_directory(global_loadparm));
-}
-
-
-
-/*
- called when esp wants to find the real path of a file
-*/
-static int http_mapToStorage(EspHandle handle, char *path, int len, const char *uri, int flags)
-{
- if (uri == NULL || strlen(uri) >= len) return -1;
- strncpy(path, uri, len);
- return 0;
-}
-
-/*
- called when esp wants to output something
-*/
-static int http_writeBlock(EspHandle handle, const char *buf, int size)
-{
- struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
- if (!data_blob_append(web, &web->output.content, buf, size))
- return -1;
- return size;
-}
-
-
-/*
- set a http header
-*/
-static void http_setHeader(EspHandle handle, const char *value, bool allowMultiple)
-{
- struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
- char *p = strchr(value, ':');
-
- if (p && !allowMultiple && web->output.headers) {
- int i;
- for (i=0;web->output.headers[i];i++) {
- if (strncmp(web->output.headers[i], value, (p+1)-value) == 0) {
- web->output.headers[i] = talloc_strdup(web, value);
- return;
- }
- }
- }
-
- web->output.headers = str_list_add(web->output.headers, value);
- talloc_steal(web, web->output.headers);
-}
-
-/*
- set a http response code
-*/
-static void http_setResponseCode(EspHandle handle, int code)
-{
- struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
- web->output.response_code = code;
-}
-
-/*
- redirect to another web page
- */
-static void http_redirect(EspHandle handle, int code, char *url)
-{
- struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
- const char *host = web->input.host;
-
- /* form the full url, unless it already looks like a url */
- if (strchr(url, ':') == NULL) {
- if (host == NULL) {
- struct socket_address *socket_address = socket_get_my_addr(web->conn->socket, web);
- if (socket_address == NULL) goto internal_error;
- host = talloc_asprintf(web, "%s:%u",
- socket_address->addr, socket_address->port);
- }
- if (host == NULL) goto internal_error;
- if (url[0] != '/') {
- char *p = strrchr(web->input.url, '/');
- if (p == web->input.url) {
- url = talloc_asprintf(web, "http%s://%s/%s",
- tls_enabled(web->conn->socket)?"s":"",
- host, url);
- } else {
- int dirlen = p - web->input.url;
- url = talloc_asprintf(web, "http%s://%s%*.*s/%s",
- tls_enabled(web->conn->socket)?"s":"",
- host,
- dirlen, dirlen, web->input.url,
- url);
- }
- if (url == NULL) goto internal_error;
- }
- }
-
- http_setHeader(handle, talloc_asprintf(web, "Location: %s", url), 0);
-
- /* make sure we give a valid redirect code */
- if (code >= 300 && code < 400) {
- http_setResponseCode(handle, code);
- } else {
- http_setResponseCode(handle, 302);
- }
- return;
-
-internal_error:
- http_error(web, 500, "Internal server error");
-}
-
-
-/*
- setup a cookie
-*/
-static void http_setCookie(EspHandle handle, const char *name, const char *value,
- int lifetime, const char *path, bool secure)
-{
- struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
- char *buf;
-
- if (lifetime > 0) {
- buf = talloc_asprintf(web, "Set-Cookie: %s=%s; path=%s; Expires=%s; %s",
- name, value, path?path:"/",
- http_timestring(web, time(NULL)+lifetime),
- secure?"secure":"");
- } else {
- buf = talloc_asprintf(web, "Set-Cookie: %s=%s; path=%s; %s",
- name, value, path?path:"/",
- secure?"secure":"");
- }
- http_setHeader(handle, "Cache-control: no-cache=\"set-cookie\"", 0);
- http_setHeader(handle, buf, 0);
- talloc_free(buf);
-}
-
-/*
- return the session id
-*/
-static const char *http_getSessionId(EspHandle handle)
-{
- struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
- return web->session->id;
-}
-
-/*
- setup a session
-*/
-static void http_createSession(EspHandle handle, int timeout)
-{
- struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
- if (web->session) {
- web->session->lifetime = timeout;
- http_setCookie(web, SAMBA_SESSION_KEY, web->session->id,
- web->session->lifetime, "/", 0);
- }
-}
-
-/*
- destroy a session
-*/
-static void http_destroySession(EspHandle handle)
-{
- struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
- talloc_free(web->session);
- web->session = NULL;
-}
-
-
-/*
- setup for a raw http level error
-*/
-void http_error(struct websrv_context *web, int code, const char *info)
-{
- char *s;
- s = talloc_asprintf(web,"<HTML><HEAD><TITLE>Error %u</TITLE></HEAD><BODY><H1>Error %u</H1><pre>%s</pre><p></BODY></HTML>\r\n\r\n",
- code, code, info);
- if (s == NULL) {
- stream_terminate_connection(web->conn, "http_error: out of memory");
- return;
- }
- http_writeBlock(web, s, strlen(s));
- http_setResponseCode(web, code);
- http_output_headers(web);
- EVENT_FD_NOT_READABLE(web->conn->event.fde);
- EVENT_FD_WRITEABLE(web->conn->event.fde);
- web->output.output_pending = true;
-}
-
-/*
- map a unix error code to a http error
-*/
-void http_error_unix(struct websrv_context *web, const char *info)
-{
- int code = 500;
- switch (errno) {
- case ENOENT:
- case EISDIR:
- code = 404;
- break;
- case EACCES:
- code = 403;
- break;
- }
- info = talloc_asprintf(web, "%s<p>%s<p>\n", info, strerror(errno));
- http_error(web, code, info);
-}
-
-
-/*
- a simple file request
-*/
-static void http_simple_request(struct websrv_context *web)
-{
- const char *url = web->input.url;
- const char *path;
- struct stat st;
-
- path = http_local_path(web, url, lp_swat_directory(web->task->lp_ctx));
- if (path == NULL) goto invalid;
-
- /* looks ok */
- web->output.fd = open(path, O_RDONLY);
- if (web->output.fd == -1) {
- DEBUG(0,("Failed to read file %s - %s\n", path, strerror(errno)));
- http_error_unix(web, path);
- return;
- }
-
- if (fstat(web->output.fd, &st) != 0 || !S_ISREG(st.st_mode)) {
- close(web->output.fd);
- goto invalid;
- }
-
- return;
-
-invalid:
- http_error(web, 400, "Malformed URL");
-}
-
-/*
- setup the standard ESP arrays
-*/
-static void http_setup_arrays(struct esp_state *esp)
-{
- struct websrv_context *web = esp->web;
- struct esp_data *edata = talloc_get_type(web->task->private, struct esp_data);
- struct EspRequest *req = esp->req;
- struct socket_address *socket_address = socket_get_my_addr(web->conn->socket, esp);
- struct socket_address *peer_address = socket_get_peer_addr(web->conn->socket, esp);
- char *p;
-
-#define SETVAR(type, name, value) do { \
- const char *v = value; \
- if (v) espSetStringVar(req, type, name, v); \
-} while (0)
-
- SETVAR(ESP_REQUEST_OBJ, "CONTENT_LENGTH",
- talloc_asprintf(esp, "%u", web->input.content_length));
- SETVAR(ESP_REQUEST_OBJ, "QUERY_STRING", web->input.query_string);
- SETVAR(ESP_REQUEST_OBJ, "POST_DATA",
- talloc_strndup(esp,
- web->input.partial.data,
- web->input.partial.length));
- SETVAR(ESP_REQUEST_OBJ, "REQUEST_METHOD", web->input.post_request?"POST":"GET");
- SETVAR(ESP_REQUEST_OBJ, "REQUEST_URI", web->input.url);
- p = strrchr(web->input.url, '/');
- SETVAR(ESP_REQUEST_OBJ, "SCRIPT_NAME", p+1);
- SETVAR(ESP_REQUEST_OBJ, "SCRIPT_FILENAME", web->input.url);
- if (peer_address) {
- struct MprVar mpv = mprObject("socket_address");
- mprSetPtrChild(&mpv, "socket_address", peer_address);
- espSetVar(req, ESP_REQUEST_OBJ, "REMOTE_SOCKET_ADDRESS", mpv);
- SETVAR(ESP_REQUEST_OBJ, "REMOTE_ADDR", peer_address->addr);
- }
- p = socket_get_peer_name(web->conn->socket, esp);
- SETVAR(ESP_REQUEST_OBJ, "REMOTE_HOST", p);
- SETVAR(ESP_REQUEST_OBJ, "REMOTE_USER", "");
- SETVAR(ESP_REQUEST_OBJ, "CONTENT_TYPE", web->input.content_type);
- if (web->session) {
- SETVAR(ESP_REQUEST_OBJ, "SESSION_ID", web->session->id);
- }
- SETVAR(ESP_REQUEST_OBJ, "COOKIE_SUPPORT", web->input.cookie?"true":"false");
-
- SETVAR(ESP_HEADERS_OBJ, "HTTP_REFERER", web->input.referer);
- SETVAR(ESP_HEADERS_OBJ, "HOST", web->input.host);
- SETVAR(ESP_HEADERS_OBJ, "ACCEPT_ENCODING", web->input.accept_encoding);
- SETVAR(ESP_HEADERS_OBJ, "ACCEPT_LANGUAGE", web->input.accept_language);
- SETVAR(ESP_HEADERS_OBJ, "ACCEPT_CHARSET", web->input.accept_charset);
- SETVAR(ESP_HEADERS_OBJ, "COOKIE", web->input.cookie);
- SETVAR(ESP_HEADERS_OBJ, "USER_AGENT", web->input.user_agent);
-
- if (socket_address) {
- SETVAR(ESP_SERVER_OBJ, "SERVER_ADDR", socket_address->addr);
- SETVAR(ESP_SERVER_OBJ, "SERVER_NAME", socket_address->addr);
- SETVAR(ESP_SERVER_OBJ, "SERVER_HOST", socket_address->addr);
- SETVAR(ESP_SERVER_OBJ, "SERVER_PORT",
- talloc_asprintf(esp, "%u", socket_address->port));
- }
-
- SETVAR(ESP_SERVER_OBJ, "DOCUMENT_ROOT", lp_swat_directory(esp->web->task->lp_ctx));
- SETVAR(ESP_SERVER_OBJ, "SERVER_PROTOCOL", tls_enabled(web->conn->socket)?"https":"http");
- SETVAR(ESP_SERVER_OBJ, "SERVER_SOFTWARE", "SAMBA");
- SETVAR(ESP_SERVER_OBJ, "GATEWAY_INTERFACE", "CGI/1.1");
- SETVAR(ESP_SERVER_OBJ, "TLS_SUPPORT", tls_support(edata->tls_params)?"true":"false");
-}
-
-#if HAVE_SETJMP_H
-/* the esp scripting lirary generates exceptions when
- it hits a major error. We need to catch these and
- report a internal server error via http
-*/
-static jmp_buf ejs_exception_buf;
-static const char *exception_reason;
-
-static void web_server_ejs_exception(const char *reason)
-{
- Ejs *ep = ejsPtr(0);
- if (ep) {
- ejsSetErrorMsg(0, "%s", reason);
- exception_reason = ep->error;
- } else {
- exception_reason = reason;
- }
- DEBUG(0,("%s", exception_reason));
- longjmp(ejs_exception_buf, -1);
-}
-#else
-static void web_server_ejs_exception(const char *reason)
-{
- DEBUG(0,("%s", reason));
- smb_panic(reason);
-}
-#endif
-
-/*
- process a esp request
-*/
-static void esp_request(struct esp_state *esp, const char *url)
-{
- struct websrv_context *web = esp->web;
- int size;
- int res;
- char *emsg = NULL, *buf;
-
- if (http_readFile(web, &buf, &size, url, lp_swat_directory(esp->web->task->lp_ctx)) != 0) {
- http_error_unix(web, url);
- return;
- }
-
-#if HAVE_SETJMP_H
- if (setjmp(ejs_exception_buf) != 0) {
- http_error(web, 500, exception_reason);
- return;
- }
-#endif
-
- res = espProcessRequest(esp->req, url, buf, &emsg);
- if (res != 0 && emsg) {
- http_writeBlock(web, "<pre>", 5);
- http_writeBlock(web, emsg, strlen(emsg));
- http_writeBlock(web, "</pre>", 6);
- }
- talloc_free(buf);
-}
-
-/*
- perform pre-authentication on every page if /scripting/preauth.esp
- exists. If this script generates any non-whitepace output at all,
- then we don't run the requested URL.
-
- note that the preauth is run even for static pages such as images
-*/
-static bool http_preauth(struct esp_state *esp)
-{
- const char *path = http_local_path(esp->web,
- HTTP_PREAUTH_URI,
- lp_swat_directory(esp->web->task->lp_ctx));
- int i;
- if (path == NULL) {
- http_error(esp->web, 500, "Internal server error");
- return false;
- }
- if (!file_exist(path)) {
- /* if the preath script is not installed then allow access */
- return true;
- }
- esp_request(esp, HTTP_PREAUTH_URI);
- for (i=0;i<esp->web->output.content.length;i++) {
- if (!isspace(esp->web->output.content.data[i])) {
- /* if the preauth has generated content, then force it
- to be html, so that we can show the login page for
- failed access to images */
- http_setHeader(esp->web, "Content-Type: text/html", 0);
- return false;
- }
- }
- data_blob_free(&esp->web->output.content);
- return true;
-}
-
-
-/*
- handling of + and % escapes in http variables
-*/
-static const char *http_unescape(TALLOC_CTX *mem_ctx, const char *p)
-{
- char *s0 = talloc_strdup(mem_ctx, p);
- char *s = s0;
- if (s == NULL) return NULL;
-
- while (*s) {
- unsigned v;
- if (*s == '+') *s = ' ';
- if (*s == '%' && sscanf(s+1, "%02x", &v) == 1) {
- *s = (char)v;
- memmove(s+1, s+3, strlen(s+3)+1);
- }
- s++;
- }
-
- return s0;
-}
-
-/*
- set a form or GET variable
-*/
-static void esp_putvar(struct esp_state *esp, const char *var, const char *value)
-{
- if (strcasecmp(var, SAMBA_SESSION_KEY) == 0) {
- /* special case support for browsers without cookie
- support */
- esp->web->input.session_key = talloc_strdup(esp, value);
- } else {
- mprSetPropertyValue(&esp->variables[ESP_FORM_OBJ],
- http_unescape(esp, var),
- mprCreateStringVar(http_unescape(esp, value), 0));
- }
-}
-
-
-/*
- parse the variables in a POST style request
-*/
-static NTSTATUS http_parse_post(struct esp_state *esp)
-{
- DATA_BLOB b = esp->web->input.partial;
-
- while (b.length) {
- char *p, *line;
- size_t len;
-
- p = memchr(b.data, '&', b.length);
- if (p == NULL) {
- len = b.length;
- } else {
- len = p - (char *)b.data;
- }
- line = talloc_strndup(esp, (char *)b.data, len);
- NT_STATUS_HAVE_NO_MEMORY(line);
-
- p = strchr(line,'=');
- if (p) {
- *p = 0;
- esp_putvar(esp, line, p+1);
- }
- talloc_free(line);
- b.length -= len;
- b.data += len;
- if (b.length > 0) {
- b.length--;
- b.data++;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-/*
- parse the variables in a GET style request
-*/
-static NTSTATUS http_parse_get(struct esp_state *esp)
-{
- struct websrv_context *web = esp->web;
- char *p, *s, *tok;
- char *pp;
-
- p = strchr(web->input.url, '?');
- web->input.query_string = p+1;
- *p = 0;
-
- s = talloc_strdup(esp, esp->web->input.query_string);
- NT_STATUS_HAVE_NO_MEMORY(s);
-
- for (tok=strtok_r(s,"&;", &pp);tok;tok=strtok_r(NULL,"&;", &pp)) {
- p = strchr(tok,'=');
- if (p) {
- *p = 0;
- esp_putvar(esp, tok, p+1);
- }
- }
- return NT_STATUS_OK;
-}
-
-/*
- called when a session times out
-*/
-static void session_timeout(struct event_context *ev, struct timed_event *te,
- struct timeval t, void *private)
-{
- struct session_data *s = talloc_get_type(private, struct session_data);
- talloc_free(s);
-}
-
-/*
- destroy a session
- */
-static int session_destructor(struct session_data *s)
-{
- DLIST_REMOVE(s->edata->sessions, s);
- return 0;
-}
-
-/*
- setup the session for this request
-*/
-static void http_setup_session(struct esp_state *esp)
-{
- const char *session_key = SAMBA_SESSION_KEY;
- char *p;
- const char *cookie = esp->web->input.cookie;
- const char *key = NULL;
- struct esp_data *edata = talloc_get_type(esp->web->task->private, struct esp_data);
- struct session_data *s;
- bool generated_key = false;
-
- /* look for our session key */
- if (cookie && (p = strstr(cookie, session_key)) &&
- p[strlen(session_key)] == '=') {
- p += strlen(session_key)+1;
- key = talloc_strndup(esp, p, strcspn(p, ";"));
- }
-
- if (key == NULL && esp->web->input.session_key) {
- key = esp->web->input.session_key;
- } else if (key == NULL) {
- key = generate_random_str_list(esp, 16, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ");
- generated_key = true;
- }
-
- /* try to find this session in the existing session list */
- for (s=edata->sessions;s;s=s->next) {
- if (strcmp(key, s->id) == 0) {
- break;
- }
- }
-
- if (s == NULL) {
- /* create a new session */
- s = talloc_zero(edata, struct session_data);
- s->id = talloc_steal(s, key);
- s->data = NULL;
- s->te = NULL;
- s->edata = edata;
- s->lifetime = lp_parm_int(esp->web->task->lp_ctx, NULL, "web", "sessiontimeout", 900);
- DLIST_ADD(edata->sessions, s);
- talloc_set_destructor(s, session_destructor);
- if (!generated_key) {
- mprSetPropertyValue(&esp->variables[ESP_REQUEST_OBJ],
- "SESSION_EXPIRED", mprCreateStringVar("true", 0));
- }
- }
-
- http_setCookie(esp->web, session_key, key, s->lifetime, "/", 0);
-
- if (s->data) {
- mprCopyVar(&esp->variables[ESP_SESSION_OBJ], s->data, MPR_DEEP_COPY);
- }
-
- esp->web->session = s;
-}
-
-
-/* callbacks for esp processing */
-static const struct Esp esp_control = {
- .maxScriptSize = 60000,
- .writeBlock = http_writeBlock,
- .setHeader = http_setHeader,
- .redirect = http_redirect,
- .setResponseCode = http_setResponseCode,
- .readFile = http_readFileFromSwatDir,
- .mapToStorage = http_mapToStorage,
- .setCookie = http_setCookie,
- .createSession = http_createSession,
- .destroySession = http_destroySession,
- .getSessionId = http_getSessionId
-};
-
-/*
- process a complete http request
-*/
-void http_process_input(struct websrv_context *web)
-{
- NTSTATUS status;
- struct esp_state *esp = NULL;
- struct esp_data *edata = talloc_get_type(web->task->private, struct esp_data);
- struct smbcalls_context *smbcalls_ctx;
- char *p;
- void *save_mpr_ctx = mprMemCtx();
- void *ejs_save = ejs_save_state();
- int i;
- const char *file_type = NULL;
- enum page_type {
- page_type_simple,
- page_type_esp
- };
- enum page_type page_type;
- const struct {
- const char *extension;
- const char *mime_type;
- enum page_type page_type;
- } mime_types[] = {
- {"gif", "image/gif"},
- {"png", "image/png"},
- {"jpg", "image/jpeg"},
- {"txt", "text/plain"},
- {"ico", "image/x-icon"},
- {"css", "text/css"},
- {"esp", "text/html", true}
- };
-
- /*
- * give the smbcalls a chance to find the event context
- * and messaging context
- */
- smbcalls_ctx = talloc(web, struct smbcalls_context);
- if (smbcalls_ctx == NULL) goto internal_error;
- smbcalls_ctx->event_ctx = web->conn->event.ctx;
- smbcalls_ctx->msg_ctx = web->conn->msg_ctx;
-
- esp = talloc_zero(smbcalls_ctx, struct esp_state);
- if (esp == NULL) goto internal_error;
-
- esp->web = web;
-
- mprSetCtx(esp);
-
- if (espOpen(&esp_control) != 0) goto internal_error;
-
- for (i=0;i<ARRAY_SIZE(esp->variables);i++) {
- esp->variables[i] = mprCreateUndefinedVar();
- }
- esp->variables[ESP_HEADERS_OBJ] = mprCreateObjVar("headers", ESP_HASH_SIZE);
- esp->variables[ESP_FORM_OBJ] = mprCreateObjVar("form", ESP_HASH_SIZE);
- esp->variables[ESP_APPLICATION_OBJ] = mprCreateObjVar("application", ESP_HASH_SIZE);
- esp->variables[ESP_COOKIES_OBJ] = mprCreateObjVar("cookies", ESP_HASH_SIZE);
- esp->variables[ESP_FILES_OBJ] = mprCreateObjVar("files", ESP_HASH_SIZE);
- esp->variables[ESP_REQUEST_OBJ] = mprCreateObjVar("request", ESP_HASH_SIZE);
- esp->variables[ESP_SERVER_OBJ] = mprCreateObjVar("server", ESP_HASH_SIZE);
- esp->variables[ESP_SESSION_OBJ] = mprCreateObjVar("session", ESP_HASH_SIZE);
-
- if (edata->application_data) {
- mprCopyVar(&esp->variables[ESP_APPLICATION_OBJ],
- edata->application_data, MPR_DEEP_COPY);
- }
-
- smb_setup_ejs_functions(web_server_ejs_exception);
-
- if (web->input.url == NULL) {
- http_error(web, 400, "You must specify a GET or POST request");
- mprSetCtx(save_mpr_ctx);
- ejs_restore_state(ejs_save);
- return;
- }
-
- /* parse any form or get variables */
- if (web->input.post_request) {
- status = http_parse_post(esp);
- if (!NT_STATUS_IS_OK(status)) {
- http_error(web, 400, "Malformed POST data");
- mprSetCtx(save_mpr_ctx);
- ejs_restore_state(ejs_save);
- return;
- }
- }
- if (strchr(web->input.url, '?')) {
- status = http_parse_get(esp);
- if (!NT_STATUS_IS_OK(status)) {
- http_error(web, 400, "Malformed GET data");
- mprSetCtx(save_mpr_ctx);
- ejs_restore_state(ejs_save);
- return;
- }
- }
-
- http_setup_session(esp);
-
- esp->req = espCreateRequest(web, web->input.url, esp->variables);
- if (esp->req == NULL) goto internal_error;
-
- p = strrchr(web->input.url, '.');
- if (p == NULL) {
- page_type = page_type_esp;
- file_type = "text/html";
- }
- for (i=0;p && i<ARRAY_SIZE(mime_types);i++) {
- if (strcmp(mime_types[i].extension, p+1) == 0) {
- page_type = mime_types[i].page_type;
- file_type = mime_types[i].mime_type;
- }
- }
- if (file_type == NULL) {
- page_type = page_type_simple;
- file_type = "text/html";
- }
-
- /* setup basic headers */
- http_setResponseCode(web, 200);
- http_setHeader(web, talloc_asprintf(esp, "Date: %s",
- http_timestring(esp, time(NULL))), 0);
- http_setHeader(web, "Server: Samba", 0);
- http_setHeader(web, "Connection: close", 0);
- http_setHeader(web, talloc_asprintf(esp, "Content-Type: %s", file_type), 0);
-
- http_setup_arrays(esp);
-
- /*
- * Do pre-authentication. If pre-authentication succeeds, do
- * page-type-specific processing.
- */
- switch(page_type)
- {
- case page_type_simple:
- if (http_preauth(esp)) {
- http_simple_request(web);
- }
- break;
-
- case page_type_esp:
- if (http_preauth(esp)) {
- esp_request(esp, web->input.url);
- }
- break;
- }
-
- if (web->conn == NULL) {
- /* the connection has been terminated above us, probably
- via a timeout */
- goto internal_error;
- }
-
- if (!web->output.output_pending) {
- http_output_headers(web);
- EVENT_FD_WRITEABLE(web->conn->event.fde);
- web->output.output_pending = true;
- }
-
- /* copy any application data to long term storage in edata */
- talloc_free(edata->application_data);
- edata->application_data = talloc_zero(edata, struct MprVar);
- mprSetCtx(edata->application_data);
- mprCopyVar(edata->application_data, &esp->variables[ESP_APPLICATION_OBJ],
- MPR_DEEP_COPY);
- mprSetCtx(esp);
-
- /* copy any session data */
- if (web->session) {
- talloc_free(web->session->data);
- web->session->data = talloc_zero(web->session, struct MprVar);
- if (esp->variables[ESP_SESSION_OBJ].properties == NULL ||
- esp->variables[ESP_SESSION_OBJ].properties[0].numItems == 0) {
- talloc_free(web->session);
- web->session = NULL;
- } else {
- mprSetCtx(web->session->data);
- mprCopyVar(web->session->data, &esp->variables[ESP_SESSION_OBJ],
- MPR_DEEP_COPY);
- /* setup the timeout for the session data */
- mprSetCtx(esp);
- talloc_free(web->session->te);
- web->session->te = event_add_timed(web->conn->event.ctx, web->session,
- timeval_current_ofs(web->session->lifetime, 0),
- session_timeout, web->session);
- }
- }
-
- talloc_free(esp);
- mprSetCtx(save_mpr_ctx);
- ejs_restore_state(ejs_save);
- return;
-
-internal_error:
- mprSetCtx(esp);
- talloc_free(esp);
- if (web->conn != NULL) {
- http_error(web, 500, "Internal server error");
- }
- mprSetCtx(save_mpr_ctx);
- ejs_restore_state(ejs_save);
-}
-
-
-/*
- parse one line of header input
-*/
-NTSTATUS http_parse_header(struct websrv_context *web, const char *line)
-{
- if (line[0] == 0) {
- web->input.end_of_headers = true;
- } else if (strncasecmp(line,"GET ", 4)==0) {
- web->input.url = talloc_strndup(web, &line[4], strcspn(&line[4], " \t"));
- } else if (strncasecmp(line,"POST ", 5)==0) {
- web->input.post_request = true;
- web->input.url = talloc_strndup(web, &line[5], strcspn(&line[5], " \t"));
- } else if (strchr(line, ':') == NULL) {
- http_error(web, 400, "This server only accepts GET and POST requests");
- return NT_STATUS_INVALID_PARAMETER;
- } else if (strncasecmp(line,"Content-Length: ", 16)==0) {
- web->input.content_length = strtoul(&line[16], NULL, 10);
- } else {
-#define PULL_HEADER(v, s) do { \
- if (strncmp(line, s, strlen(s)) == 0) { \
- web->input.v = talloc_strdup(web, &line[strlen(s)]); \
- return NT_STATUS_OK; \
- } \
-} while (0)
- PULL_HEADER(content_type, "Content-Type: ");
- PULL_HEADER(user_agent, "User-Agent: ");
- PULL_HEADER(referer, "Referer: ");
- PULL_HEADER(host, "Host: ");
- PULL_HEADER(accept_encoding, "Accept-Encoding: ");
- PULL_HEADER(accept_language, "Accept-Language: ");
- PULL_HEADER(accept_charset, "Accept-Charset: ");
- PULL_HEADER(cookie, "Cookie: ");
- }
-
- /* ignore all other headers for now */
- return NT_STATUS_OK;
-}
-
-
-/*
- setup the esp processor - called at task initialisation
-*/
-NTSTATUS http_setup_esp(struct task_server *task)
-{
- struct esp_data *edata;
-
- edata = talloc_zero(task, struct esp_data);
- NT_STATUS_HAVE_NO_MEMORY(edata);
-
- task->private = edata;
-
- edata->tls_params = tls_initialise(edata, task->lp_ctx);
- NT_STATUS_HAVE_NO_MEMORY(edata->tls_params);
-
- return NT_STATUS_OK;
-}