From 5c591d5b97e60493c1945376619cd2d2c24471c6 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Sun, 29 Aug 2010 16:45:06 +0200 Subject: [PATCH 01/16] Make libmagic follow symlinks. I could think this should be the default... :) --- src/sendfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sendfile.c b/src/sendfile.c index fbf5f1b..b3797aa 100644 --- a/src/sendfile.c +++ b/src/sendfile.c @@ -102,7 +102,7 @@ static const char *getmimetype(char *file, struct stat *sb) if((ret = attrmimetype(file)) != NULL) return(ret); if(cookie == NULL) { - cookie = magic_open(MAGIC_MIME_TYPE); + cookie = magic_open(MAGIC_MIME_TYPE | MAGIC_SYMLINK); magic_load(cookie, NULL); } if((ret = magic_file(cookie, file)) != NULL) -- 2.11.0 From 8232cebe1da1a5f2341d4acd4b57dc9cbc1bc6b8 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Sun, 29 Aug 2010 23:37:02 +0200 Subject: [PATCH 02/16] dirplex: Added explicit directory matches. --- src/dirplex.c | 48 +++++++++++++++++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 11 deletions(-) diff --git a/src/dirplex.c b/src/dirplex.c index 52313cc..d596df0 100644 --- a/src/dirplex.c +++ b/src/dirplex.c @@ -43,6 +43,9 @@ #define PAT_ALL 2 #define PAT_DEFAULT 3 +#define PT_FILE 0 +#define PT_DIR 1 + struct config { struct config *next, *prev; char *path; @@ -59,6 +62,7 @@ struct rule { struct pattern { struct pattern *next; + int type; char *childnm; char **fchild; struct rule **rules; @@ -169,6 +173,8 @@ static struct pattern *parsepattern(struct cfstate *s) return(NULL); } + if((s->argc > 1) && !strcmp(s->argv[1], "directory")) + pat->type = PT_DIR; sl = s->lno; while(1) { getcfline(s); @@ -355,7 +361,7 @@ static struct child *findchild(char *file, char *name) return(ch); } -static struct pattern *findmatch(char *file, int trydefault) +static struct pattern *findmatch(char *file, int trydefault, int dir) { int i, o, c; char *bn; @@ -370,6 +376,10 @@ static struct pattern *findmatch(char *file, int trydefault) cfs = getconfigs(file); for(c = 0; cfs[c] != NULL; c++) { for(pat = cfs[c]->patterns; pat != NULL; pat = pat->next) { + if(!dir && (pat->type == PT_DIR)) + continue; + if(dir && (pat->type != PT_DIR)) + continue; for(i = 0; (rule = pat->rules[i]) != NULL; i++) { if(rule->type == PAT_BASENAME) { for(o = 0; rule->patterns[o] != NULL; o++) { @@ -395,19 +405,16 @@ static struct pattern *findmatch(char *file, int trydefault) return(pat); } } + if(!trydefault) + return(findmatch(file, 1, dir)); return(NULL); } -static void handlefile(struct hthead *req, int fd, char *path) +static void handle(struct hthead *req, int fd, char *path, struct pattern *pat) { - struct pattern *pat; struct child *ch; headappheader(req, "X-Ash-File", path); - if(((pat = findmatch(path, 0)) == NULL) && ((pat = findmatch(path, 1)) == NULL)) { - simpleerror(fd, 404, "Not Found", "The requested URL has no corresponding resource."); - return; - } if(pat->fchild) { stdforkserve(pat->fchild, req, fd); } else { @@ -421,6 +428,17 @@ static void handlefile(struct hthead *req, int fd, char *path) } } +static void handlefile(struct hthead *req, int fd, char *path) +{ + struct pattern *pat; + + if((pat = findmatch(path, 0, 0)) == NULL) { + simpleerror(fd, 404, "Not Found", "The requested URL has no corresponding resource."); + return; + } + handle(req, fd, path, pat); +} + static void handledir(struct hthead *req, int fd, char *path) { struct config **cfs; @@ -429,8 +447,10 @@ static void handledir(struct hthead *req, int fd, char *path) char *inm, *ipath, *p; DIR *dir; struct dirent *dent; + struct pattern *pat; - cfs = getconfigs(sprintf3("%s/", path)); + path = sprintf2("%s/", path); + cfs = getconfigs(path); for(i = 0; cfs[i] != NULL; i++) { if(cfs[i]->index != NULL) { for(o = 0; cfs[i]->index[o] != NULL; o++) { @@ -439,7 +459,7 @@ static void handledir(struct hthead *req, int fd, char *path) if(!stat(ipath, &sb) && S_ISREG(sb.st_mode)) { handlefile(req, fd, ipath); free(ipath); - return; + goto out; } free(ipath); @@ -463,14 +483,20 @@ static void handledir(struct hthead *req, int fd, char *path) if(ipath != NULL) { handlefile(req, fd, ipath); free(ipath); - return; + goto out; } } break; } } - /* XXX: Directory listings */ + if((pat = findmatch(path, 0, 1)) != NULL) { + handle(req, fd, path, pat); + goto out; + } simpleerror(fd, 403, "Not Authorized", "Will not send listings for this directory."); + +out: + free(path); } static int checkdir(struct hthead *req, int fd, char *path) -- 2.11.0 From 121d8be9d4bdeea6a083d9bf791677e9150e6324 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Sun, 29 Aug 2010 23:37:23 +0200 Subject: [PATCH 03/16] Added a htls program for directory listings. --- lib/resp.h | 1 + src/.gitignore | 1 + src/Makefile.am | 2 +- src/htls.c | 213 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 216 insertions(+), 1 deletion(-) create mode 100644 src/htls.c diff --git a/lib/resp.h b/lib/resp.h index 00f1872..4578b03 100644 --- a/lib/resp.h +++ b/lib/resp.h @@ -3,6 +3,7 @@ #include +char *htmlquote(char *text); void simpleerror(int fd, int code, char *msg, char *fmt, ...); void stdredir(struct hthead *req, int fd, int code, char *dst); char *fmthttpdate(time_t time); diff --git a/src/.gitignore b/src/.gitignore index 4179187..98d71b8 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -5,3 +5,4 @@ /callcgi /patplex /userplex +/htls diff --git a/src/Makefile.am b/src/Makefile.am index fd9c71d..32e50fb 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,4 +1,4 @@ -bin_PROGRAMS = htparser dirplex sendfile callcgi patplex userplex +bin_PROGRAMS = htparser dirplex sendfile callcgi patplex userplex htls noinst_PROGRAMS = debugsink htparser_SOURCES = htparser.c htparser.h plaintcp.c diff --git a/src/htls.c b/src/htls.c new file mode 100644 index 0000000..e16004d --- /dev/null +++ b/src/htls.c @@ -0,0 +1,213 @@ +/* + ashd - A Sane HTTP Daemon + Copyright (C) 2008 Fredrik Tolf + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include + +struct dentry { + char *name; + struct stat sb; + int w, x; +}; + +static int dispmtime = 0; +static int dispsize = 0; + +static void checkcache(struct stat *sb) +{ + char *hdr; + + if((hdr = getenv("REQ_IF_MODIFIED_SINCE")) != NULL) { + if(parsehttpdate(hdr) < sb->st_mtime) + return; + printf("HTTP/1.1 304 Not Modified\n"); + printf("Date: %s\n", fmthttpdate(time(NULL))); + printf("Content-Length: 0\n"); + printf("\n"); + exit(0); + } +} + +static int dcmp(const void *ap, const void *bp) +{ + const struct dentry *a = ap, *b = bp; + + if(S_ISDIR(a->sb.st_mode) && !S_ISDIR(b->sb.st_mode)) + return(-1); + if(!S_ISDIR(a->sb.st_mode) && S_ISDIR(b->sb.st_mode)) + return(1); + return(strcoll(a->name, b->name)); +} + +static void head(char *name, struct charbuf *dst) +{ + char *title; + + bprintf(dst, "\n"); + bprintf(dst, "\n"); + bprintf(dst, "\n"); + bprintf(dst, "\n"); + title = htmlquote(name); + bprintf(dst, "Index of %s\n", title); + bprintf(dst, "\n"); + bprintf(dst, "\n"); + bprintf(dst, "

Index of %s

\n", title); + free(title); +} + +static void foot(struct charbuf *dst) +{ + bprintf(dst, "\n"); + bprintf(dst, "\n"); +} + +static void mkindex(char *name, DIR *dir, struct charbuf *dst) +{ + struct { + struct dentry *b; + size_t s, d; + } dirbuf; + struct dentry f; + struct dirent *dent; + char *fn; + int i; + + bufinit(dirbuf); + while((dent = readdir(dir)) != NULL) { + if(*dent->d_name == '.') + continue; + memset(&f, 0, sizeof(f)); + f.name = sstrdup(dent->d_name); + fn = sprintf3("%s/%s", name, dent->d_name); + if(access(fn, R_OK)) + continue; + if(stat(fn, &f.sb)) + continue; + if(!access(fn, W_OK)) + f.w = 1; + if(!access(fn, X_OK)) + f.x = 1; + else if(S_ISDIR(f.sb.st_mode)) + continue; + bufadd(dirbuf, f); + } + qsort(dirbuf.b, dirbuf.d, sizeof(struct dentry), dcmp); + bprintf(dst, "\n"); + for(i = 0; i < dirbuf.d; i++) { + bprintf(dst, ""); + fn = htmlquote(dirbuf.b[i].name); + bprintf(dst, "", fn, fn); + free(fn); + if(dispsize && !S_ISDIR(dirbuf.b[i].sb.st_mode)) + bprintf(dst, "", (intmax_t)dirbuf.b[i].sb.st_size); + if(dispmtime) + bprintf(dst, "", fmthttpdate(dirbuf.b[i].sb.st_mtime)); + bprintf(dst, "\n"); + free(dirbuf.b[i].name); + } + bprintf(dst, "
%s%ji%s
\n"); +} + +static void usage(void) +{ + flog(LOG_ERR, "usage: htls [-hms] METHOD URL REST"); +} + +int main(int argc, char **argv) +{ + int c; + char *dname; + DIR *dir; + struct charbuf buf; + struct stat sb; + + setlocale(LC_ALL, ""); + while((c = getopt(argc, argv, "hms")) >= 0) { + switch(c) { + case 'h': + usage(); + exit(0); + case 'm': + dispmtime = 1; + break; + case 's': + dispsize = 1; + break; + default: + usage(); + exit(1); + } + } + if(argc - optind < 3) { + usage(); + exit(1); + } + if((dname = getenv("REQ_X_ASH_FILE")) == NULL) { + flog(LOG_ERR, "htls: needs to be called with the X-Ash-File header"); + exit(1); + } + if(*argv[optind + 2]) { + simpleerror(1, 404, "Not Found", "The requested URL has no corresponding resource."); + exit(0); + } + + if(stat(dname, &sb) || ((dir = opendir(dname)) == NULL)) { + flog(LOG_ERR, "htls: could not open directory `%s': %s", dname, strerror(errno)); + simpleerror(1, 500, "Server Error", "Could not produce directory index."); + exit(1); + } + checkcache(&sb); + + bufinit(buf); + head(argv[optind + 1], &buf); + mkindex(dname, dir, &buf); + foot(&buf); + closedir(dir); + + printf("HTTP/1.1 200 OK\n"); + printf("Content-Type: text/html; charset=UTF-8\n"); + printf("Last-Modified: %s\n", fmthttpdate(sb.st_mtime)); + printf("Content-Length: %zi\n", buf.d); + printf("\n"); + fwrite(buf.b, 1, buf.d, stdout); + buffree(buf); + return(0); +} -- 2.11.0 From 3095582d21be4087f774f5a68a2a9abfa37dd1ff Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Mon, 30 Aug 2010 00:56:57 +0200 Subject: [PATCH 04/16] Beautified the directory listings. --- lib/resp.c | 48 +++++++++++++++++++++++++++++++++++++++++------- lib/resp.h | 1 + src/htls.c | 46 ++++++++++++++++++++++++++++++++++------------ 3 files changed, 76 insertions(+), 19 deletions(-) diff --git a/lib/resp.c b/lib/resp.c index 9d7325b..1b08b00 100644 --- a/lib/resp.c +++ b/lib/resp.c @@ -30,10 +30,45 @@ #include #include +static char safechars[128] = { + /* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, + 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, + 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, +}; + +char *urlquote(char *text) +{ + static char *ret = NULL; + struct charbuf buf; + unsigned char c; + + if(ret != NULL) + free(ret); + bufinit(buf); + for(; *text; text++) { + c = *text; + if(!c < 128 && safechars[(int)c]) + bufadd(buf, *text); + else + bprintf(&buf, "%%%02X", (int)c); + } + bufadd(buf, 0); + return(ret = buf.b); +} + char *htmlquote(char *text) { + static char *ret = NULL; struct charbuf buf; + if(ret != NULL) + free(ret); bufinit(buf); for(; *text; text++) { if(*text == '<') @@ -42,25 +77,25 @@ char *htmlquote(char *text) bufcatstr(buf, ">"); else if(*text == '&') bufcatstr(buf, "&"); + else if(*text == '\"') + bufcatstr(buf, """); else bufadd(buf, *text); } bufadd(buf, 0); - return(buf.b); + return(ret = buf.b); } void simpleerror(int fd, int code, char *msg, char *fmt, ...) { struct charbuf buf; - char *tmp1, *tmp2; + char *tmp; va_list args; FILE *out; va_start(args, fmt); - tmp1 = vsprintf2(fmt, args); + tmp = vsprintf2(fmt, args); va_end(args); - tmp2 = htmlquote(tmp1); - free(tmp1); bufinit(buf); bufcatstr(buf, "\r\n"); bufcatstr(buf, "\r\n"); @@ -70,10 +105,9 @@ void simpleerror(int fd, int code, char *msg, char *fmt, ...) bufcatstr(buf, "\r\n"); bufcatstr(buf, "\r\n"); bprintf(&buf, "

%s

\r\n", msg); - bprintf(&buf, "

%s

\r\n", tmp2); + bprintf(&buf, "

%s

\r\n", htmlquote(tmp)); bufcatstr(buf, "\r\n"); bufcatstr(buf, "\r\n"); - free(tmp2); out = fdopen(dup(fd), "w"); fprintf(out, "HTTP/1.1 %i %s\n", code, msg); fprintf(out, "Content-Type: text/html\n"); diff --git a/lib/resp.h b/lib/resp.h index 4578b03..8f18f87 100644 --- a/lib/resp.h +++ b/lib/resp.h @@ -3,6 +3,7 @@ #include +char *urlquote(char *text); char *htmlquote(char *text); void simpleerror(int fd, int code, char *msg, char *fmt, ...); void stdredir(struct hthead *req, int fd, int code, char *dst); diff --git a/src/htls.c b/src/htls.c index e16004d..060d1bf 100644 --- a/src/htls.c +++ b/src/htls.c @@ -43,6 +43,7 @@ struct dentry { static int dispmtime = 0; static int dispsize = 0; +static char *stylesheet = NULL; static void checkcache(struct stat *sb) { @@ -72,14 +73,27 @@ static int dcmp(const void *ap, const void *bp) static void head(char *name, struct charbuf *dst) { - char *title; + char *title, *tmp; + title = sstrdup(htmlquote(name)); bprintf(dst, "\n"); bprintf(dst, "\n"); bprintf(dst, "\n"); bprintf(dst, "\n"); - title = htmlquote(name); bprintf(dst, "Index of %s\n", title); + if(stylesheet) { + bprintf(dst, "\n", htmlquote(tmp)); + } else { + bprintf(dst, "\n"); + } bprintf(dst, "\n"); bprintf(dst, "\n"); bprintf(dst, "

Index of %s

\n", title); @@ -123,32 +137,37 @@ static void mkindex(char *name, DIR *dir, struct charbuf *dst) bufadd(dirbuf, f); } qsort(dirbuf.b, dirbuf.d, sizeof(struct dentry), dcmp); - bprintf(dst, "\n"); + bprintf(dst, "
\n"); for(i = 0; i < dirbuf.d; i++) { bprintf(dst, ""); fn = htmlquote(dirbuf.b[i].name); bprintf(dst, "", fn, fn); - free(fn); - if(dispsize && !S_ISDIR(dirbuf.b[i].sb.st_mode)) - bprintf(dst, "", (intmax_t)dirbuf.b[i].sb.st_size); + if(dispsize) { + bprintf(dst, ""); + } if(dispmtime) bprintf(dst, "", fmthttpdate(dirbuf.b[i].sb.st_mtime)); bprintf(dst, "\n"); free(dirbuf.b[i].name); } - bprintf(dst, "
%s%ji"); + if(!S_ISDIR(dirbuf.b[i].sb.st_mode)) + bprintf(dst, "%ji", (intmax_t)dirbuf.b[i].sb.st_size); + bprintf(dst, "%s
\n"); + bprintf(dst, "\n"); } static void usage(void) { - flog(LOG_ERR, "usage: htls [-hms] METHOD URL REST"); + flog(LOG_ERR, "usage: htls [-hms] [-c STYLESHEET] METHOD URL REST"); } int main(int argc, char **argv) @@ -160,7 +179,7 @@ int main(int argc, char **argv) struct stat sb; setlocale(LC_ALL, ""); - while((c = getopt(argc, argv, "hms")) >= 0) { + while((c = getopt(argc, argv, "hmsc:")) >= 0) { switch(c) { case 'h': usage(); @@ -171,6 +190,9 @@ int main(int argc, char **argv) case 's': dispsize = 1; break; + case 'c': + stylesheet = optarg; + break; default: usage(); exit(1); -- 2.11.0 From 060376d428e8693e817ac0eae4710ce222d14e07 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Mon, 30 Aug 2010 03:50:06 +0200 Subject: [PATCH 05/16] Fixed htls bug. --- src/htls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/htls.c b/src/htls.c index 060d1bf..907187c 100644 --- a/src/htls.c +++ b/src/htls.c @@ -73,7 +73,7 @@ static int dcmp(const void *ap, const void *bp) static void head(char *name, struct charbuf *dst) { - char *title, *tmp; + char *title; title = sstrdup(htmlquote(name)); bprintf(dst, "\n"); @@ -82,7 +82,7 @@ static void head(char *name, struct charbuf *dst) bprintf(dst, "\n"); bprintf(dst, "Index of %s\n", title); if(stylesheet) { - bprintf(dst, "\n", htmlquote(tmp)); + bprintf(dst, "\n", htmlquote(stylesheet)); } else { bprintf(dst, "\n"); } -- 2.11.0 From 41fe6c390c31ccb7f70d26a13418bd772fc7b5e4 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Tue, 31 Aug 2010 15:42:44 +0200 Subject: [PATCH 10/16] Fixed plaintcp bug. --- src/plaintcp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/plaintcp.c b/src/plaintcp.c index d1d5969..864efe1 100644 --- a/src/plaintcp.c +++ b/src/plaintcp.c @@ -186,6 +186,9 @@ void handleplain(int argc, char **argp, char **argv) exit(1); } } else { - mustart(listenloop, fd, port); + omalloc(tcp); + tcp->fd = fd; + tcp->sport = port; + mustart(listenloop, tcp); } } -- 2.11.0 From 6ca53b2e5e3b76345fd709a3e9d32aee69889054 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Tue, 31 Aug 2010 17:28:16 +0200 Subject: [PATCH 11/16] Added an initial implementation of HTTPS. Should be complemented with some output of certificate information in the request. --- configure.in | 22 ++++ src/Makefile.am | 4 +- src/htparser.c | 6 +- src/htparser.h | 5 + src/plaintcp.c | 7 +- src/ssl-gnutls.c | 320 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 359 insertions(+), 5 deletions(-) create mode 100644 src/ssl-gnutls.c diff --git a/configure.in b/configure.in index 2e274a2..fd42fd9 100644 --- a/configure.in +++ b/configure.in @@ -32,6 +32,28 @@ if test "$HAS_XATTR" = yes; then fi AC_SUBST(XATTR_LIBS) +AH_TEMPLATE(HAVE_GNUTLS, [define to use the GnuTLS library for SSL support]) +AC_ARG_WITH(gnutls, [ --with-gnutls Enable SSL support with the GnuTLS library]) +HAS_GNUTLS="" +if test "$with_gnutls" = no; then HAS_GNUTLS=no; fi +if test -z "$HAS_GNUTLS"; then + AC_CHECK_LIB(gnutls, gnutls_global_init, [:], [HAS_GNUTLS=no]) +fi +if test -z "$HAS_GNUTLS"; then + AC_CHECK_HEADER(gnutls/gnutls.h, [], [HAS_GNUTLS=no]) +fi +if test "$HAS_GNUTLS" != no; then HAS_GNUTLS=yes; fi +if test "$with_gnutls" = yes -a "$HAS_GNUTLS" = no; then + AC_MSG_ERROR([*** cannot find GnuTLS on this system]) +fi +if test "$HAS_GNUTLS" = yes; then + GNUTLS_LIBS=-lgnutls + GNUTLS_CPPFLAGS=-D_GNU_SOURCE + AC_DEFINE(HAVE_GNUTLS) +fi +AC_SUBST(GNUTLS_CPPFLAGS) +AC_SUBST(GNUTLS_LIBS) + AC_OUTPUT([ Makefile src/Makefile diff --git a/src/Makefile.am b/src/Makefile.am index 32e50fb..738d8a1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,11 +1,13 @@ bin_PROGRAMS = htparser dirplex sendfile callcgi patplex userplex htls noinst_PROGRAMS = debugsink -htparser_SOURCES = htparser.c htparser.h plaintcp.c +htparser_SOURCES = htparser.c htparser.h plaintcp.c ssl-gnutls.c dirplex_SOURCES = dirplex.c debugsink_SOURCES = debugsink.c LDADD = $(top_srcdir)/lib/libht.a AM_CPPFLAGS = -I$(top_srcdir)/lib +htparser_CPPFLAGS = $(AM_CPPFLAGS) @GNUTLS_CPPFLAGS@ +htparser_LDADD = $(LDADD) @GNUTLS_LIBS@ sendfile_LDADD = $(LDADD) -lmagic @XATTR_LIBS@ diff --git a/src/htparser.c b/src/htparser.c index 3fcca75..4835549 100644 --- a/src/htparser.c +++ b/src/htparser.c @@ -353,7 +353,7 @@ static void usage(FILE *out) { fprintf(out, "usage: htparser [-hSf] [-u USER] [-r ROOT] PORTSPEC... -- ROOT [ARGS...]\n"); fprintf(out, "\twhere PORTSPEC is HANDLER[:PAR[=VAL][(,PAR[=VAL])...]] (try HANDLER:help)\n"); - fprintf(out, "\tavailable handlers are `plain'.\n"); + fprintf(out, "\tavailable handlers are `plain' and `ssl'.\n"); } static void addport(char *spec) @@ -388,6 +388,10 @@ static void addport(char *spec) /* XXX: It would be nice to decentralize this, but, meh... */ if(!strcmp(nm, "plain")) { handleplain(pars.d, pars.b, vals.b); +#ifdef HAVE_GNUTLS + } else if(!strcmp(nm, "ssl")) { + handlegnussl(pars.d, pars.b, vals.b); +#endif } else { flog(LOG_ERR, "htparser: unknown port handler `%s'", nm); exit(1); diff --git a/src/htparser.h b/src/htparser.h index a84086c..f98624a 100644 --- a/src/htparser.h +++ b/src/htparser.h @@ -8,6 +8,11 @@ struct conn { void serve(FILE *in, struct conn *conn); +int listensock4(int port); +int listensock6(int port); void handleplain(int argc, char **argp, char **argv); +#ifdef HAVE_GNUTLS +void handlegnussl(int argc, char **argp, char **argv); +#endif #endif diff --git a/src/plaintcp.c b/src/plaintcp.c index 864efe1..00b6f3c 100644 --- a/src/plaintcp.c +++ b/src/plaintcp.c @@ -46,7 +46,7 @@ struct tcpconn { struct tcpport *port; }; -static int listensock4(int port) +int listensock4(int port) { struct sockaddr_in name; int fd; @@ -70,7 +70,7 @@ static int listensock4(int port) return(fd); } -static int listensock6(int port) +int listensock6(int port) { struct sockaddr_in6 name; int fd; @@ -163,7 +163,8 @@ void handleplain(int argc, char **argp, char **argv) for(i = 0; i < argc; i++) { if(!strcmp(argp[i], "help")) { printf("plain handler parameters:\n"); - printf("\tport=TCP-PORT (default is 80)\n"); + printf("\tport=TCP-PORT [80]\n"); + printf("\t\tThe TCP port to listen on.\n"); exit(0); } else if(!strcmp(argp[i], "port")) { port = atoi(argv[i]); diff --git a/src/ssl-gnutls.c b/src/ssl-gnutls.c new file mode 100644 index 0000000..bad5f4a --- /dev/null +++ b/src/ssl-gnutls.c @@ -0,0 +1,320 @@ +/* + ashd - A Sane HTTP Daemon + Copyright (C) 2008 Fredrik Tolf + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#include + +#include "htparser.h" + +#ifdef HAVE_GNUTLS + +#include + +struct sslport { + int fd; + int sport; + gnutls_certificate_credentials_t creds; +}; + +struct sslconn { + int fd; + struct sslport *port; + struct sockaddr_storage name; + gnutls_session_t sess; + struct charbuf in; +}; + +static gnutls_dh_params_t dhparams; + +static int tlsblock(int fd, gnutls_session_t sess, time_t to) +{ + if(gnutls_record_get_direction(sess)) + return(block(fd, EV_WRITE, to)); + else + return(block(fd, EV_READ, to)); +} + +static ssize_t sslread(void *cookie, char *buf, size_t len) +{ + struct sslconn *ssl = cookie; + ssize_t xf; + int ret; + + while(ssl->in.d == 0) { + sizebuf(ssl->in, ssl->in.d + 1024); + ret = gnutls_record_recv(ssl->sess, ssl->in.b + ssl->in.d, ssl->in.s - ssl->in.d); + if((ret == GNUTLS_E_INTERRUPTED) || (ret == GNUTLS_E_AGAIN)) { + if(tlsblock(ssl->fd, ssl->sess, 60) == 0) { + errno = ETIMEDOUT; + return(-1); + } + } else if(ret < 0) { + errno = EIO; + return(-1); + } else if(ret == 0) { + return(0); + } else { + ssl->in.d += ret; + } + } + xf = min(ssl->in.d, len); + memcpy(buf, ssl->in.b, xf); + memmove(ssl->in.b, ssl->in.b + xf, ssl->in.d -= xf); + return(xf); +} + +static ssize_t sslwrite(void *cookie, const char *buf, size_t len) +{ + struct sslconn *ssl = cookie; + int ret; + size_t off; + + off = 0; + while(off < len) { + ret = gnutls_record_send(ssl->sess, buf + off, len - off); + if((ret == GNUTLS_E_INTERRUPTED) || (ret == GNUTLS_E_AGAIN)) { + if(tlsblock(ssl->fd, ssl->sess, 60) == 0) { + if(off == 0) { + errno = ETIMEDOUT; + return(-1); + } + return(off); + } + } else if(ret < 0) { + if(off == 0) { + errno = EIO; + return(-1); + } + return(off); + } else { + off += ret; + } + } + return(off); +} + +static int sslclose(void *cookie) +{ + return(0); +} + +static cookie_io_functions_t iofuns = { + .read = sslread, + .write = sslwrite, + .close = sslclose, +}; + +static int initreq(struct conn *conn, struct hthead *req) +{ + struct sslconn *ssl = conn->pdata; + char nmbuf[256]; + + if(ssl->name.ss_family == AF_INET) { + headappheader(req, "X-Ash-Address", inet_ntop(AF_INET, &((struct sockaddr_in *)&ssl->name)->sin_addr, nmbuf, sizeof(nmbuf))); + headappheader(req, "X-Ash-Port", sprintf3("%i", ntohs(((struct sockaddr_in *)&ssl->name)->sin_port))); + } else if(ssl->name.ss_family == AF_INET6) { + headappheader(req, "X-Ash-Address", inet_ntop(AF_INET6, &((struct sockaddr_in6 *)&ssl->name)->sin6_addr, nmbuf, sizeof(nmbuf))); + headappheader(req, "X-Ash-Port", sprintf3("%i", ntohs(((struct sockaddr_in6 *)&ssl->name)->sin6_port))); + } + headappheader(req, "X-Ash-Server-Port", sprintf3("%i", ssl->port->sport)); + headappheader(req, "X-Ash-Protocol", "https"); + return(0); +} + +static void servessl(struct muth *muth, va_list args) +{ + vavar(int, fd); + vavar(struct sockaddr_storage, name); + vavar(struct sslport *, pd); + struct conn conn; + struct sslconn ssl; + gnutls_session_t sess; + int ret; + FILE *in; + + fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) | O_NONBLOCK); + gnutls_init(&sess, GNUTLS_SERVER); + gnutls_set_default_priority(sess); + gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, pd->creds); + gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST); + gnutls_transport_set_ptr(sess, (gnutls_transport_ptr_t)(intptr_t)fd); + while((ret = gnutls_handshake(sess)) != 0) { + if((ret != GNUTLS_E_INTERRUPTED) && (ret != GNUTLS_E_AGAIN)) + goto out; + if(tlsblock(fd, sess, 60) <= 0) + goto out; + } + memset(&conn, 0, sizeof(conn)); + memset(&ssl, 0, sizeof(ssl)); + conn.pdata = &ssl; + conn.initreq = initreq; + ssl.fd = fd; + ssl.port = pd; + ssl.name = name; + ssl.sess = sess; + bufinit(ssl.in); + in = fopencookie(&ssl, "r+", iofuns); + serve(in, &conn); + +out: + gnutls_deinit(sess); + close(fd); +} + +static void listenloop(struct muth *muth, va_list args) +{ + vavar(struct sslport *, pd); + int ns; + struct sockaddr_storage name; + socklen_t namelen; + + while(1) { + namelen = sizeof(name); + block(pd->fd, EV_READ, 0); + ns = accept(pd->fd, (struct sockaddr *)&name, &namelen); + if(ns < 0) { + flog(LOG_ERR, "accept: %s", strerror(errno)); + goto out; + } + mustart(servessl, ns, name, pd); + } + +out: + close(pd->fd); + free(pd); +} + +static void init(void) +{ + static int inited = 0; + int ret; + + if(inited) + return; + inited = 1; + if((ret = gnutls_global_init()) != 0) { + flog(LOG_ERR, "could not initialize GnuTLS: %s", gnutls_strerror(ret)); + exit(1); + } + if(((ret = gnutls_dh_params_init(&dhparams)) != 0) || + ((ret = gnutls_dh_params_generate2(dhparams, 2048)) != 0)) { + flog(LOG_ERR, "GnuTLS could not generate Diffie-Hellman parameters: %s", gnutls_strerror(ret)); + exit(1); + } +} + +void handlegnussl(int argc, char **argp, char **argv) +{ + int i, ret, port, fd; + gnutls_certificate_credentials_t creds; + struct sslport *pd; + char *crtfile, *keyfile; + + init(); + port = 443; + gnutls_certificate_allocate_credentials(&creds); + keyfile = crtfile = NULL; + for(i = 0; i < argc; i++) { + if(!strcmp(argp[i], "help")) { + printf("ssl handler parameters:\n"); + printf("\tcert=CERT-FILE [mandatory]\n"); + printf("\t\tThe name of the file to read the certificate from.\n"); + printf("\tkey=KEY-FILE [same as CERT-FILE]\n"); + printf("\t\tThe name of the file to read the private key from.\n"); + printf("\ttrust=CA-FILE [no default]\n"); + printf("\t\tThe name of a file to read trusted certificates from.\n"); + printf("\t\tMay be given multiple times.\n"); + printf("\tcrl=CRL-FILE [no default]\n"); + printf("\t\tThe name of a file to read revocation lists from.\n"); + printf("\t\tMay be given multiple times.\n"); + printf("\tport=PORT [443]\n"); + printf("\t\tThe TCP port to listen on.\n"); + printf("\n"); + printf("\tAll X.509 data files must be PEM-encoded.\n"); + exit(0); + } else if(!strcmp(argp[i], "cert")) { + crtfile = argv[i]; + } else if(!strcmp(argp[i], "key")) { + keyfile = argv[i]; + } else if(!strcmp(argp[i], "trust")) { + if((ret = gnutls_certificate_set_x509_trust_file(creds, argv[i], GNUTLS_X509_FMT_PEM)) != 0) { + flog(LOG_ERR, "ssl: could not load trust file `%s': %s", argv[i], gnutls_strerror(ret)); + exit(1); + } + } else if(!strcmp(argp[i], "crl")) { + if((ret = gnutls_certificate_set_x509_crl_file(creds, argv[i], GNUTLS_X509_FMT_PEM)) != 0) { + flog(LOG_ERR, "ssl: could not load CRL file `%s': %s", argv[i], gnutls_strerror(ret)); + exit(1); + } + } else if(!strcmp(argp[i], "port")) { + port = atoi(argv[i]); + } else { + flog(LOG_ERR, "unknown parameter `%s' to ssl handler", argp[i]); + exit(1); + } + } + if(crtfile == NULL) { + flog(LOG_ERR, "ssl: needs certificate file at the very least"); + exit(1); + } + if(keyfile == NULL) + keyfile = crtfile; + if((ret = gnutls_certificate_set_x509_key_file(creds, crtfile, keyfile, GNUTLS_X509_FMT_PEM)) != 0) { + flog(LOG_ERR, "ssl: could not load certificate or key: %s", gnutls_strerror(ret)); + exit(1); + } + gnutls_certificate_set_dh_params(creds, dhparams); + if((fd = listensock6(port)) < 0) { + flog(LOG_ERR, "could not listen on IPv6 port (port %i): %s", port, strerror(errno)); + exit(1); + } + omalloc(pd); + pd->fd = fd; + pd->sport = port; + pd->creds = creds; + mustart(listenloop, pd); + if((fd = listensock6(port)) < 0) { + if(errno != EADDRINUSE) { + flog(LOG_ERR, "could not listen on IPv6 port (port %i): %s", port, strerror(errno)); + exit(1); + } + } else { + omalloc(pd); + pd->fd = fd; + pd->sport = port; + pd->creds = creds; + mustart(listenloop, pd); + } +} + +#endif -- 2.11.0 From f0a758cc8c1337606a392db67e63cec6601d2730 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Tue, 31 Aug 2010 17:39:01 +0200 Subject: [PATCH 12/16] Made callcgi more Apache-compliant. --- src/callcgi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/callcgi.c b/src/callcgi.c index 3ad9721..10bb87c 100644 --- a/src/callcgi.c +++ b/src/callcgi.c @@ -106,7 +106,7 @@ static void forkchild(int inpath, char *prog, char *file, char *method, char *ur if(getenv("REQ_X_ASH_SERVER_PORT")) putenv(sprintf2("SERVER_PORT=%s", getenv("REQ_X_ASH_SERVER_PORT"))); if(getenv("REQ_X_ASH_PROTOCOL") && !strcmp(getenv("REQ_X_ASH_PROTOCOL"), "https")) - putenv("HTTPS=ON"); + putenv("HTTPS=on"); if(getenv("REQ_X_ASH_ADDRESS")) putenv(sprintf2("REMOTE_ADDR=%s", getenv("REQ_X_ASH_ADDRESS"))); if(getenv("REQ_CONTENT_TYPE")) -- 2.11.0 From 9bebca54879412ae5879695800ceac77eb2c805c Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Tue, 31 Aug 2010 21:38:35 +0200 Subject: [PATCH 13/16] dirplex: Fixed up handledir a bit. --- src/dirplex.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/dirplex.c b/src/dirplex.c index 60f0859..8e4ae11 100644 --- a/src/dirplex.c +++ b/src/dirplex.c @@ -444,13 +444,13 @@ static void handledir(struct hthead *req, int fd, char *path) struct config **cfs; int i, o; struct stat sb; - char *inm, *ipath, *p; + char *inm, *ipath, *p, *cpath; DIR *dir; struct dirent *dent; struct pattern *pat; - path = sprintf2("%s/", path); - cfs = getconfigs(path); + cpath = sprintf2("%s/", path); + cfs = getconfigs(cpath); for(i = 0; cfs[i] != NULL; i++) { if(cfs[i]->index != NULL) { for(o = 0; cfs[i]->index[o] != NULL; o++) { @@ -489,14 +489,14 @@ static void handledir(struct hthead *req, int fd, char *path) break; } } - if((pat = findmatch(path, 0, 1)) != NULL) { - handle(req, fd, path, pat); + if((pat = findmatch(cpath, 0, 1)) != NULL) { + handle(req, fd, cpath, pat); goto out; } simpleerror(fd, 403, "Not Authorized", "Will not send listings for this directory."); out: - free(path); + free(cpath); } static int checkdir(struct hthead *req, int fd, char *path) -- 2.11.0 From 3a42b6b1d0b8f9e8ce5c77e838e2573bbfabe593 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Tue, 31 Aug 2010 22:36:33 +0200 Subject: [PATCH 14/16] Added a proper SIGHUP handler to patplex. --- lib/proc.c | 2 +- src/patplex.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 55 insertions(+), 2 deletions(-) diff --git a/lib/proc.c b/lib/proc.c index f4611d5..2e61e92 100644 --- a/lib/proc.c +++ b/lib/proc.c @@ -84,7 +84,7 @@ int sendfd(int sock, int fd, char *data, size_t datalen) int recvfd(int sock, char **data, size_t *datalen) { int ret, fd; - char *buf, cbuf[1024];; + char *buf, cbuf[1024]; struct msghdr msg; struct cmsghdr *cmsg; struct iovec bufvec; diff --git a/src/patplex.c b/src/patplex.c index 2ea28d5..3f22d73 100644 --- a/src/patplex.c +++ b/src/patplex.c @@ -64,6 +64,7 @@ struct pattern { }; static struct config *gconfig, *lconfig; +static volatile int reload = 0; static void freepattern(struct pattern *pat) { @@ -83,6 +84,22 @@ static void freepattern(struct pattern *pat) free(pat); } +static void freeconfig(struct config *cf) +{ + struct child *ch, *nch; + struct pattern *pat, *npat; + + for(ch = cf->children; ch != NULL; ch = nch) { + nch = ch->next; + freechild(ch); + } + for(pat = cf->patterns; pat != NULL; pat = npat) { + npat = pat->next; + freepattern(pat); + } + free(cf); +} + static struct child *getchild(struct config *cf, char *name) { struct child *ch; @@ -425,6 +442,34 @@ static void serve(struct hthead *req, int fd) simpleerror(fd, 500, "Server Error", "The request handler crashed."); } +static void reloadconf(char *nm) +{ + struct config *cf; + struct child *ch1, *ch2; + + if((cf = readconfig(nm)) == NULL) { + flog(LOG_WARNING, "could not reload configuration file `%s'", nm); + return; + } + for(ch1 = cf->children; ch1 != NULL; ch1 = ch1->next) { + for(ch2 = lconfig->children; ch2 != NULL; ch2 = ch2->next) { + if(!strcmp(ch1->name, ch2->name)) { + ch1->fd = ch2->fd; + ch2->fd = -1; + break; + } + } + } + freeconfig(lconfig); + lconfig = cf; +} + +static void sighandler(int sig) +{ + if(sig == SIGHUP) + reload = 1; +} + static void usage(FILE *out) { fprintf(out, "usage: patplex [-hN] CONFIGFILE\n"); @@ -462,9 +507,17 @@ int main(int argc, char **argv) free(gcf); } } - lconfig = readconfig(argv[optind]); + if((lconfig = readconfig(argv[optind])) == NULL) { + flog(LOG_ERR, "could not read `%s'", argv[optind]); + exit(1); + } signal(SIGCHLD, SIG_IGN); + signal(SIGHUP, sighandler); while(1) { + if(reload) { + reloadconf(argv[optind]); + reload = 0; + } if((fd = recvreq(0, &req)) < 0) { if(errno != 0) flog(LOG_ERR, "recvreq: %s", strerror(errno)); -- 2.11.0 From 6174a0392d661ea7cba3cd90ff35ced3b518ca87 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Tue, 31 Aug 2010 23:06:47 +0200 Subject: [PATCH 15/16] patplex: Don't quit from recvreq on EINTR. --- src/patplex.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/patplex.c b/src/patplex.c index 3f22d73..d296e04 100644 --- a/src/patplex.c +++ b/src/patplex.c @@ -519,6 +519,8 @@ int main(int argc, char **argv) reload = 0; } if((fd = recvreq(0, &req)) < 0) { + if(errno == EINTR) + continue; if(errno != 0) flog(LOG_ERR, "recvreq: %s", strerror(errno)); break; -- 2.11.0 From 42384d2a2870e2cc119fdaa4db42de9865c6cea1 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Tue, 31 Aug 2010 23:19:28 +0200 Subject: [PATCH 16/16] userplex: Parse command-line arguments properly. --- src/userplex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/userplex.c b/src/userplex.c index 592c1b2..565884d 100644 --- a/src/userplex.c +++ b/src/userplex.c @@ -242,7 +242,7 @@ int main(int argc, char **argv) int fd; struct charvbuf csbuf; - while((c = getopt(argc, argv, "hIg:m:d:")) >= 0) { + while((c = getopt(argc, argv, "+hIg:m:d:")) >= 0) { switch(c) { case 'I': ignore = 1; -- 2.11.0