1 | /* |
---|
2 | * default.c -- Default URL handler. Includes support for ASP. |
---|
3 | * |
---|
4 | * Copyright (c) GoAhead Software Inc., 1995-2000. All Rights Reserved. |
---|
5 | * |
---|
6 | * See the file "license.txt" for usage and redistribution license requirements |
---|
7 | * |
---|
8 | * $Id$ |
---|
9 | */ |
---|
10 | |
---|
11 | /******************************** Description *********************************/ |
---|
12 | |
---|
13 | /* |
---|
14 | * This module provides default URL handling and Active Server Page support. |
---|
15 | * |
---|
16 | * In many cases we don't check the return code of calls to websWrite as |
---|
17 | * it is easier, smaller and non-fatal to continue even when the requesting |
---|
18 | * browser has gone away. |
---|
19 | */ |
---|
20 | |
---|
21 | /********************************* Includes ***********************************/ |
---|
22 | |
---|
23 | #include "wsIntrn.h" |
---|
24 | |
---|
25 | /*********************************** Locals ***********************************/ |
---|
26 | |
---|
27 | static char_t *websDefaultPage; /* Default page name */ |
---|
28 | static char_t *websDefaultDir; /* Default Web page directory */ |
---|
29 | |
---|
30 | /**************************** Forward Declarations ****************************/ |
---|
31 | |
---|
32 | static void websDefaultWriteEvent(webs_t wp); |
---|
33 | |
---|
34 | /*********************************** Code *************************************/ |
---|
35 | /* |
---|
36 | * Process a default URL request. This will validate the URL and handle "../" |
---|
37 | * and will provide support for Active Server Pages. As the handler is the |
---|
38 | * last handler to run, it always indicates that it has handled the URL |
---|
39 | * by returning 1. |
---|
40 | */ |
---|
41 | |
---|
42 | int websDefaultHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int arg, |
---|
43 | char_t *url, char_t *path, char_t *query) |
---|
44 | { |
---|
45 | websStatType sbuf; |
---|
46 | char_t *lpath, *tmp, *date; |
---|
47 | int bytes, flags, nchars; |
---|
48 | |
---|
49 | a_assert(websValid(wp)); |
---|
50 | a_assert(url && *url); |
---|
51 | a_assert(path); |
---|
52 | a_assert(query); |
---|
53 | |
---|
54 | /* |
---|
55 | * Validate the URL and ensure that ".."s don't give access to unwanted files |
---|
56 | */ |
---|
57 | flags = websGetRequestFlags(wp); |
---|
58 | |
---|
59 | if (websValidateUrl(wp, path) < 0) { |
---|
60 | websError(wp, 500, T("Invalid URL %s"), url); |
---|
61 | return 1; |
---|
62 | } |
---|
63 | lpath = websGetRequestLpath(wp); |
---|
64 | nchars = gstrlen(lpath) - 1; |
---|
65 | if (lpath[nchars] == '/' || lpath[nchars] == '\\') { |
---|
66 | lpath[nchars] = '\0'; |
---|
67 | } |
---|
68 | |
---|
69 | /* |
---|
70 | * If the file is a directory, redirect using the nominated default page |
---|
71 | */ |
---|
72 | if (websPageIsDirectory(lpath)) { |
---|
73 | nchars = gstrlen(path); |
---|
74 | if (path[nchars-1] == '/' || path[nchars-1] == '\\') { |
---|
75 | path[--nchars] = '\0'; |
---|
76 | } |
---|
77 | nchars += gstrlen(websDefaultPage) + 2; |
---|
78 | fmtAlloc(&tmp, nchars, T("%s/%s"), path, websDefaultPage); |
---|
79 | websRedirect(wp, tmp); |
---|
80 | bfreeSafe(B_L, tmp); |
---|
81 | return 1; |
---|
82 | } |
---|
83 | |
---|
84 | /* |
---|
85 | * Open the document. Stat for later use. |
---|
86 | */ |
---|
87 | if (websPageOpen(wp, lpath, path, SOCKET_RDONLY | SOCKET_BINARY, |
---|
88 | 0666) < 0) { |
---|
89 | websError(wp, 400, T("Cannot open URL <b>%s</b>"), url); |
---|
90 | return 1; |
---|
91 | } |
---|
92 | |
---|
93 | if (websPageStat(wp, lpath, path, &sbuf) < 0) { |
---|
94 | websError(wp, 400, T("Cannot stat page for URL <b>%s</b>"), url); |
---|
95 | return 1; |
---|
96 | } |
---|
97 | |
---|
98 | /* |
---|
99 | * If the page has not been modified since the user last received it and it |
---|
100 | * is not dynamically generated each time (ASP), then optimize request by |
---|
101 | * sending a 304 Use local copy response |
---|
102 | */ |
---|
103 | websStats.localHits++; |
---|
104 | #ifdef WEBS_IF_MODIFIED_SUPPORT |
---|
105 | if (flags & WEBS_IF_MODIFIED && !(flags & WEBS_ASP)) { |
---|
106 | if (sbuf.mtime <= wp->since) { |
---|
107 | websWrite(wp, T("HTTP/1.0 304 Use local copy\r\n")); |
---|
108 | |
---|
109 | /* |
---|
110 | * by license terms the following line of code must |
---|
111 | * not be modified. |
---|
112 | */ |
---|
113 | websWrite(wp, T("Server: %s\r\n"), WEBS_NAME); |
---|
114 | |
---|
115 | if (flags & WEBS_KEEP_ALIVE) { |
---|
116 | websWrite(wp, T("Connection: keep-alive\r\n")); |
---|
117 | } |
---|
118 | websWrite(wp, T("\r\n")); |
---|
119 | websSetRequestFlags(wp, flags |= WEBS_HEADER_DONE); |
---|
120 | websDone(wp, 304); |
---|
121 | return 1; |
---|
122 | } |
---|
123 | } |
---|
124 | #endif |
---|
125 | |
---|
126 | /* |
---|
127 | * Output the normal HTTP response header |
---|
128 | */ |
---|
129 | if ((date = websGetDateString(NULL)) != NULL) { |
---|
130 | websWrite(wp, T("HTTP/1.0 200 OK\r\nDate: %s\r\n"), date); |
---|
131 | |
---|
132 | /* |
---|
133 | * By license terms the following line of code must not be modified. |
---|
134 | */ |
---|
135 | websWrite(wp, T("Server: %s\r\n"), WEBS_NAME); |
---|
136 | bfree(B_L, date); |
---|
137 | } |
---|
138 | flags |= WEBS_HEADER_DONE; |
---|
139 | |
---|
140 | /* |
---|
141 | * If this is an ASP request, ensure the remote browser doesn't cache it. |
---|
142 | * Send back both HTTP/1.0 and HTTP/1.1 cache control directives |
---|
143 | */ |
---|
144 | if (flags & WEBS_ASP) { |
---|
145 | bytes = 0; |
---|
146 | websWrite(wp, T("Pragma: no-cache\r\nCache-Control: no-cache\r\n")); |
---|
147 | |
---|
148 | } else { |
---|
149 | if ((date = websGetDateString(&sbuf)) != NULL) { |
---|
150 | websWrite(wp, T("Last-modified: %s\r\n"), date); |
---|
151 | bfree(B_L, date); |
---|
152 | } |
---|
153 | bytes = sbuf.size; |
---|
154 | } |
---|
155 | |
---|
156 | if (bytes) { |
---|
157 | websWrite(wp, T("Content-length: %d\r\n"), bytes); |
---|
158 | websSetRequestBytes(wp, bytes); |
---|
159 | } |
---|
160 | websWrite(wp, T("Content-type: %s\r\n"), websGetRequestType(wp)); |
---|
161 | |
---|
162 | if ((flags & WEBS_KEEP_ALIVE) && !(flags & WEBS_ASP)) { |
---|
163 | websWrite(wp, T("Connection: keep-alive\r\n")); |
---|
164 | } |
---|
165 | websWrite(wp, T("\r\n")); |
---|
166 | |
---|
167 | /* |
---|
168 | * All done if the browser did a HEAD request |
---|
169 | */ |
---|
170 | if (flags & WEBS_HEAD_REQUEST) { |
---|
171 | websDone(wp, 200); |
---|
172 | return 1; |
---|
173 | } |
---|
174 | |
---|
175 | /* |
---|
176 | * Evaluate ASP requests |
---|
177 | */ |
---|
178 | if (flags & WEBS_ASP) { |
---|
179 | if (websAspRequest(wp, lpath) < 0) { |
---|
180 | return 1; |
---|
181 | } |
---|
182 | websDone(wp, 200); |
---|
183 | return 1; |
---|
184 | } |
---|
185 | |
---|
186 | #ifdef WEBS_SSL_SUPPORT |
---|
187 | if (wp->flags & WEBS_SECURE) { |
---|
188 | websDefaultWriteEvent(wp); |
---|
189 | } else { |
---|
190 | websSetRequestSocketHandler(wp, SOCKET_WRITABLE, websDefaultWriteEvent); |
---|
191 | } |
---|
192 | #else |
---|
193 | /* |
---|
194 | * For normal web documents, return the data via background write |
---|
195 | */ |
---|
196 | websSetRequestSocketHandler(wp, SOCKET_WRITABLE, websDefaultWriteEvent); |
---|
197 | #endif |
---|
198 | return 1; |
---|
199 | } |
---|
200 | |
---|
201 | /******************************************************************************/ |
---|
202 | /* |
---|
203 | * Validate the URL path and process ".." path segments. Return -1 if the URL |
---|
204 | * is bad. |
---|
205 | */ |
---|
206 | |
---|
207 | int websValidateUrl(webs_t wp, char_t *path) |
---|
208 | { |
---|
209 | char_t *parts[64]; /* Array of ptr's to URL parts */ |
---|
210 | char_t *token, *dir, *lpath; |
---|
211 | int i, len, npart; |
---|
212 | |
---|
213 | a_assert(websValid(wp)); |
---|
214 | a_assert(path); |
---|
215 | |
---|
216 | dir = websGetRequestDir(wp); |
---|
217 | if (dir == NULL || *dir == '\0') { |
---|
218 | return -1; |
---|
219 | } |
---|
220 | |
---|
221 | /* |
---|
222 | * Copy the string so we don't destroy the original |
---|
223 | */ |
---|
224 | path = bstrdup(B_L, path); |
---|
225 | websDecodeUrl(path, path, gstrlen(path)); |
---|
226 | |
---|
227 | len = npart = 0; |
---|
228 | parts[0] = NULL; |
---|
229 | |
---|
230 | /* |
---|
231 | * 22 Jul 02 -- there were reports that a directory traversal exploit was |
---|
232 | * possible in the WebServer running under Windows if directory paths |
---|
233 | * outside the server's specified root web were given by URL-encoding the |
---|
234 | * backslash character, like: |
---|
235 | * |
---|
236 | * GoAhead is vulnerable to a directory traversal bug. A request such as |
---|
237 | * |
---|
238 | * GoAhead-server/../../../../../../../ results in an error message |
---|
239 | * 'Cannot open URL'. |
---|
240 | |
---|
241 | * However, by encoding the '/' character, it is possible to break out of |
---|
242 | * the |
---|
243 | * web root and read arbitrary files from the server. |
---|
244 | * Hence a request like: |
---|
245 | * |
---|
246 | * GoAhead-server/..%5C..%5C..%5C..%5C..%5C..%5C/winnt/win.ini returns the |
---|
247 | * contents of the win.ini file. |
---|
248 | * (Note that the description uses forward slashes (0x2F), but the example |
---|
249 | * uses backslashes (0x5C). In my tests, forward slashes are correctly |
---|
250 | * trapped, but backslashes are not. The code below substitutes forward |
---|
251 | * slashes for backslashes before attempting to validate that there are no |
---|
252 | * unauthorized paths being accessed. |
---|
253 | */ |
---|
254 | token = gstrchr(path, '\\'); |
---|
255 | while (token != NULL) |
---|
256 | { |
---|
257 | *token = '/'; |
---|
258 | token = gstrchr(token, '\\'); |
---|
259 | } |
---|
260 | |
---|
261 | token = gstrtok(path, T("/")); |
---|
262 | |
---|
263 | /* |
---|
264 | * Look at each directory segment and process "." and ".." segments |
---|
265 | * Don't allow the browser to pop outside the root web. |
---|
266 | */ |
---|
267 | while (token != NULL) { |
---|
268 | if (gstrcmp(token, T("..")) == 0) { |
---|
269 | if (npart > 0) { |
---|
270 | npart--; |
---|
271 | } |
---|
272 | |
---|
273 | } else if (gstrcmp(token, T(".")) != 0) { |
---|
274 | parts[npart] = token; |
---|
275 | len += gstrlen(token) + 1; |
---|
276 | npart++; |
---|
277 | } |
---|
278 | token = gstrtok(NULL, T("/")); |
---|
279 | } |
---|
280 | |
---|
281 | /* |
---|
282 | * Create local path for document. Need extra space all "/" and null. |
---|
283 | */ |
---|
284 | if (npart || (gstrcmp(path, T("/")) == 0) || (path[0] == '\0')) { |
---|
285 | lpath = balloc(B_L, (gstrlen(dir) + 1 + len + 1) * sizeof(char_t)); |
---|
286 | gstrcpy(lpath, dir); |
---|
287 | |
---|
288 | for (i = 0; i < npart; i++) { |
---|
289 | gstrcat(lpath, T("/")); |
---|
290 | gstrcat(lpath, parts[i]); |
---|
291 | } |
---|
292 | websSetRequestLpath(wp, lpath); |
---|
293 | bfree(B_L, path); |
---|
294 | bfree(B_L, lpath); |
---|
295 | |
---|
296 | } else { |
---|
297 | bfree(B_L, path); |
---|
298 | return -1; |
---|
299 | } |
---|
300 | return 0; |
---|
301 | } |
---|
302 | |
---|
303 | /******************************************************************************/ |
---|
304 | /* |
---|
305 | * Do output back to the browser in the background. This is a socket |
---|
306 | * write handler. |
---|
307 | */ |
---|
308 | |
---|
309 | static void websDefaultWriteEvent(webs_t wp) |
---|
310 | { |
---|
311 | int len, wrote, flags, bytes, written; |
---|
312 | char *buf; |
---|
313 | |
---|
314 | a_assert(websValid(wp)); |
---|
315 | |
---|
316 | flags = websGetRequestFlags(wp); |
---|
317 | |
---|
318 | websSetTimeMark(wp); |
---|
319 | |
---|
320 | wrote = bytes = 0; |
---|
321 | written = websGetRequestWritten(wp); |
---|
322 | |
---|
323 | /* |
---|
324 | * We only do this for non-ASP documents |
---|
325 | */ |
---|
326 | if ( !(flags & WEBS_ASP)) { |
---|
327 | bytes = websGetRequestBytes(wp); |
---|
328 | /* |
---|
329 | * Note: websWriteDataNonBlock may return less than we wanted. It will |
---|
330 | * return -1 on a socket error |
---|
331 | */ |
---|
332 | if ((buf = balloc(B_L, PAGE_READ_BUFSIZE)) == NULL) { |
---|
333 | websError(wp, 200, T("Can't get memory")); |
---|
334 | } else { |
---|
335 | while ((len = websPageReadData(wp, buf, PAGE_READ_BUFSIZE)) > 0) { |
---|
336 | if ((wrote = websWriteDataNonBlock(wp, buf, len)) < 0) { |
---|
337 | break; |
---|
338 | } |
---|
339 | written += wrote; |
---|
340 | if (wrote != len) { |
---|
341 | websPageSeek(wp, - (len - wrote)); |
---|
342 | break; |
---|
343 | } |
---|
344 | } |
---|
345 | /* |
---|
346 | * Safety. If we are at EOF, we must be done |
---|
347 | */ |
---|
348 | if (len == 0) { |
---|
349 | a_assert(written >= bytes); |
---|
350 | written = bytes; |
---|
351 | } |
---|
352 | bfree(B_L, buf); |
---|
353 | } |
---|
354 | } |
---|
355 | |
---|
356 | /* |
---|
357 | * We're done if an error, or all bytes output |
---|
358 | */ |
---|
359 | websSetRequestWritten(wp, written); |
---|
360 | if (wrote < 0 || written >= bytes) { |
---|
361 | websDone(wp, 200); |
---|
362 | } |
---|
363 | } |
---|
364 | |
---|
365 | /******************************************************************************/ |
---|
366 | /* |
---|
367 | * Closing down. Free resources. |
---|
368 | */ |
---|
369 | |
---|
370 | void websDefaultClose() |
---|
371 | { |
---|
372 | if (websDefaultPage) { |
---|
373 | bfree(B_L, websDefaultPage); |
---|
374 | websDefaultPage = NULL; |
---|
375 | } |
---|
376 | if (websDefaultDir) { |
---|
377 | bfree(B_L, websDefaultDir); |
---|
378 | websDefaultDir = NULL; |
---|
379 | } |
---|
380 | } |
---|
381 | |
---|
382 | /******************************************************************************/ |
---|
383 | /* |
---|
384 | * Get the default page for URL requests ending in "/" |
---|
385 | */ |
---|
386 | |
---|
387 | char_t *websGetDefaultPage() |
---|
388 | { |
---|
389 | return websDefaultPage; |
---|
390 | } |
---|
391 | |
---|
392 | /******************************************************************************/ |
---|
393 | /* |
---|
394 | * Get the default web directory |
---|
395 | */ |
---|
396 | |
---|
397 | char_t *websGetDefaultDir() |
---|
398 | { |
---|
399 | return websDefaultDir; |
---|
400 | } |
---|
401 | |
---|
402 | /******************************************************************************/ |
---|
403 | /* |
---|
404 | * Set the default page for URL requests ending in "/" |
---|
405 | */ |
---|
406 | |
---|
407 | void websSetDefaultPage(char_t *page) |
---|
408 | { |
---|
409 | a_assert(page && *page); |
---|
410 | |
---|
411 | if (websDefaultPage) { |
---|
412 | bfree(B_L, websDefaultPage); |
---|
413 | } |
---|
414 | websDefaultPage = bstrdup(B_L, page); |
---|
415 | } |
---|
416 | |
---|
417 | /******************************************************************************/ |
---|
418 | /* |
---|
419 | * Set the default web directory |
---|
420 | */ |
---|
421 | |
---|
422 | void websSetDefaultDir(char_t *dir) |
---|
423 | { |
---|
424 | a_assert(dir && *dir); |
---|
425 | if (websDefaultDir) { |
---|
426 | bfree(B_L, websDefaultDir); |
---|
427 | } |
---|
428 | websDefaultDir = bstrdup(B_L, dir); |
---|
429 | } |
---|
430 | |
---|
431 | /******************************************************************************/ |
---|
432 | |
---|