#include <config.h>
-#include <apt-pkg/strutl.h>
-#include <apt-pkg/fileutl.h>
-#include <apt-pkg/error.h>
#include <apt-pkg/cmndline.h>
#include <apt-pkg/configuration.h>
-#include <apt-pkg/init.h>
-
-#include <vector>
-#include <string>
-#include <list>
-#include <sstream>
+#include <apt-pkg/error.h>
+#include <apt-pkg/fileutl.h>
+#include <apt-pkg/strutl.h>
+#include <dirent.h>
+#include <errno.h>
+#include <netinet/in.h>
+#include <pthread.h>
+#include <regex.h>
+#include <signal.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
#include <sys/socket.h>
-#include <sys/types.h>
#include <sys/stat.h>
-#include <netinet/in.h>
-#include <unistd.h>
-#include <errno.h>
#include <time.h>
-#include <stdlib.h>
-#include <dirent.h>
-#include <signal.h>
+#include <unistd.h>
+#include <iostream>
+#include <sstream>
+#include <list>
+#include <string>
+#include <vector>
-char const * const httpcodeToStr(int const httpcode) /*{{{*/
+static char const * httpcodeToStr(int const httpcode) /*{{{*/
{
switch (httpcode)
{
return NULL;
}
/*}}}*/
-void addFileHeaders(std::list<std::string> &headers, FileFd &data) /*{{{*/
+static void addFileHeaders(std::list<std::string> &headers, FileFd &data)/*{{{*/
{
std::ostringstream contentlength;
contentlength << "Content-Length: " << data.FileSize();
headers.push_back(lastmodified);
}
/*}}}*/
-void addDataHeaders(std::list<std::string> &headers, std::string &data) /*{{{*/
+static void addDataHeaders(std::list<std::string> &headers, std::string &data)/*{{{*/
{
std::ostringstream contentlength;
contentlength << "Content-Length: " << data.size();
headers.push_back(contentlength.str());
}
/*}}}*/
-bool sendHead(int const client, int const httpcode, std::list<std::string> &headers)/*{{{*/
+static bool sendHead(int const client, int const httpcode, std::list<std::string> &headers)/*{{{*/
{
std::string response("HTTP/1.1 ");
response.append(httpcodeToStr(httpcode));
return Success;
}
/*}}}*/
-bool sendFile(int const client, FileFd &data) /*{{{*/
+static bool sendFile(int const client, FileFd &data) /*{{{*/
{
bool Success = true;
char buffer[500];
return Success;
}
/*}}}*/
-bool sendData(int const client, std::string const &data) /*{{{*/
+static bool sendData(int const client, std::string const &data) /*{{{*/
{
if (FileFd::Write(client, data.c_str(), data.size()) == false)
{
return true;
}
/*}}}*/
-void sendError(int const client, int const httpcode, std::string const &request,/*{{{*/
- bool content, std::string const &error = "")
+static void sendError(int const client, int const httpcode, std::string const &request,/*{{{*/
+ bool content, std::string const &error = "", std::list<std::string> headers = std::list<std::string>())
{
- std::list<std::string> headers;
std::string response("<html><head><title>");
response.append(httpcodeToStr(httpcode)).append("</title></head>");
response.append("<body><h1>").append(httpcodeToStr(httpcode)).append("</h1>");
if (content == true)
sendData(client, response);
}
-void sendSuccess(int const client, std::string const &request,
+static void sendSuccess(int const client, std::string const &request,
bool content, std::string const &error = "")
{
sendError(client, 200, request, content, error);
}
/*}}}*/
-void sendRedirect(int const client, int const httpcode, std::string const &uri,/*{{{*/
+static void sendRedirect(int const client, int const httpcode, std::string const &uri,/*{{{*/
std::string const &request, bool content)
{
std::list<std::string> headers;
response.append(request).append("</pre></body></html>");
addDataHeaders(headers, response);
std::string location("Location: ");
- if (strncmp(uri.c_str(), "http://", 7) != 0)
+ if (strncmp(uri.c_str(), "http://", 7) != 0 && strncmp(uri.c_str(), "https://", 8) != 0)
{
- location.append("http://").append(LookupTag(request, "Host")).append("/");
+ std::string const host = LookupTag(request, "Host");
+ if (host.find(":4433") != std::string::npos)
+ location.append("https://");
+ else
+ location.append("http://");
+ location.append(host).append("/");
if (strncmp("/home/", uri.c_str(), strlen("/home/")) == 0 && uri.find("/public_html/") != std::string::npos)
{
std::string homeuri = SubstVar(uri, "/home/", "~");
sendData(client, response);
}
/*}}}*/
-int filter_hidden_files(const struct dirent *a) /*{{{*/
+static int filter_hidden_files(const struct dirent *a) /*{{{*/
{
if (a->d_name[0] == '.')
return 0;
#endif
return 1;
}
-int grouped_alpha_case_sort(const struct dirent **a, const struct dirent **b) {
+static int grouped_alpha_case_sort(const struct dirent **a, const struct dirent **b) {
#ifdef _DIRENT_HAVE_D_TYPE
if ((*a)->d_type == DT_DIR && (*b)->d_type == DT_DIR);
else if ((*a)->d_type == DT_DIR && (*b)->d_type == DT_REG)
return strcasecmp((*a)->d_name, (*b)->d_name);
}
/*}}}*/
-void sendDirectoryListing(int const client, std::string const &dir, /*{{{*/
+static void sendDirectoryListing(int const client, std::string const &dir,/*{{{*/
std::string const &request, bool content)
{
std::list<std::string> headers;
sendData(client, response);
}
/*}}}*/
-bool parseFirstLine(int const client, std::string const &request, /*{{{*/
+static bool parseFirstLine(int const client, std::string const &request,/*{{{*/
std::string &filename, std::string ¶ms, bool &sendContent,
bool &closeConnection)
{
// Proxies require absolute uris, so this is a simple proxy-fake option
std::string const absolute = _config->Find("aptwebserver::request::absolute", "uri,path");
- if (strncmp(host.c_str(), filename.c_str(), host.length()) == 0)
+ if (strncmp(host.c_str(), filename.c_str(), host.length()) == 0 && APT::String::Startswith(filename, "/_config/") == false)
{
if (absolute.find("uri") == std::string::npos)
{
sendError(client, 400, request, sendContent, "Request is absoluteURI, but configured to not accept that");
return false;
}
+
// strip the host from the request to make it an absolute path
filename.erase(0, host.length());
+
+ std::string const authConf = _config->Find("aptwebserver::proxy-authorization", "");
+ std::string auth = LookupTag(request, "Proxy-Authorization", "");
+ if (authConf.empty() != auth.empty())
+ {
+ if (auth.empty())
+ sendError(client, 407, request, sendContent, "Proxy requires authentication");
+ else
+ sendError(client, 407, request, sendContent, "Client wants to authenticate to proxy, but proxy doesn't need it");
+ return false;
+ }
+ if (authConf.empty() == false)
+ {
+ char const * const basic = "Basic ";
+ if (strncmp(auth.c_str(), basic, strlen(basic)) == 0)
+ {
+ auth.erase(0, strlen(basic));
+ if (auth != authConf)
+ {
+ sendError(client, 407, request, sendContent, "Proxy-Authentication doesn't match");
+ return false;
+ }
+ }
+ else
+ {
+ std::list<std::string> headers;
+ headers.push_back("Proxy-Authenticate: Basic");
+ sendError(client, 407, request, sendContent, "Unsupported Proxy-Authentication Scheme", headers);
+ return false;
+ }
+ }
}
- else if (absolute.find("path") == std::string::npos)
+ else if (absolute.find("path") == std::string::npos && APT::String::Startswith(filename, "/_config/") == false)
{
sendError(client, 400, request, sendContent, "Request is absolutePath, but configured to not accept that");
return false;
}
+ if (APT::String::Startswith(filename, "/_config/") == false)
+ {
+ std::string const authConf = _config->Find("aptwebserver::authorization", "");
+ std::string auth = LookupTag(request, "Authorization", "");
+ if (authConf.empty() != auth.empty())
+ {
+ if (auth.empty())
+ sendError(client, 401, request, sendContent, "Server requires authentication");
+ else
+ sendError(client, 401, request, sendContent, "Client wants to authenticate to server, but server doesn't need it");
+ return false;
+ }
+ if (authConf.empty() == false)
+ {
+ char const * const basic = "Basic ";
+ if (strncmp(auth.c_str(), basic, strlen(basic)) == 0)
+ {
+ auth.erase(0, strlen(basic));
+ if (auth != authConf)
+ {
+ sendError(client, 401, request, sendContent, "Authentication doesn't match");
+ return false;
+ }
+ }
+ else
+ {
+ std::list<std::string> headers;
+ headers.push_back("WWW-Authenticate: Basic");
+ sendError(client, 401, request, sendContent, "Unsupported Authentication Scheme", headers);
+ return false;
+ }
+ }
+ }
+
size_t paramspos = filename.find('?');
if (paramspos != std::string::npos)
{
return true;
}
/*}}}*/
-bool handleOnTheFlyReconfiguration(int const client, std::string const &request, std::vector<std::string> const &parts)/*{{{*/
+static bool handleOnTheFlyReconfiguration(int const client, std::string const &request, std::vector<std::string> parts)/*{{{*/
{
size_t const pcount = parts.size();
+ for (size_t i = 0; i < pcount; ++i)
+ parts[i] = DeQuoteString(parts[i]);
if (pcount == 4 && parts[1] == "set")
{
_config->Set(parts[2], parts[3]);
return false;
}
/*}}}*/
-void * handleClient(void * voidclient) /*{{{*/
+static void * handleClient(void * voidclient) /*{{{*/
{
int client = *((int*)(voidclient));
std::clog << "ACCEPT client " << client << std::endl;
std::string redirect = "/" + filename;
for (::Configuration::Item *I = Replaces->Child; I != NULL; I = I->Next)
redirect = SubstVar(redirect, I->Tag, I->Value);
- redirect.erase(0,1);
+ if (redirect.empty() == false && redirect[0] == '/')
+ redirect.erase(0,1);
if (redirect != filename)
{
sendRedirect(client, 301, redirect, *m, sendContent);
}
// deal with the request
- if (RealFileExists(filename) == true)
+ if (_config->FindB("aptwebserver::support::http", true) == false &&
+ LookupTag(*m, "Host").find(":4433") == std::string::npos)
+ {
+ sendError(client, 400, *m, sendContent, "HTTP disabled, all requests must be HTTPS");
+ continue;
+ }
+ else if (RealFileExists(filename) == true)
{
FileFd data(filename, FileFd::ReadOnly);
std::string condition = LookupTag(*m, "If-Modified-Since", "");
CommandLine::Args Args[] = {
{0, "port", "aptwebserver::port", CommandLine::HasArg},
{0, "request-absolute", "aptwebserver::request::absolute", CommandLine::HasArg},
+ {0, "authorization", "aptwebserver::authorization", CommandLine::HasArg},
+ {0, "proxy-authorization", "aptwebserver::proxy-authorization", CommandLine::HasArg},
{'c',"config-file",0,CommandLine::ConfigFile},
{'o',"option",0,CommandLine::ArbItem},
{0,0,0,0}
projects / apt.git / blobdiff