+static bool parseFirstLine(int const client, std::string const &request,/*{{{*/
+ std::string &filename, std::string ¶ms, bool &sendContent,
+ bool &closeConnection, std::list<std::string> &headers)
+{
+ if (strncmp(request.c_str(), "HEAD ", 5) == 0)
+ sendContent = false;
+ if (strncmp(request.c_str(), "GET ", 4) != 0)
+ {
+ sendError(client, 501, request, true, "", headers);
+ return false;
+ }
+
+ size_t const lineend = request.find('\n');
+ size_t filestart = request.find(' ');
+ for (; request[filestart] == ' '; ++filestart);
+ size_t fileend = request.rfind(' ', lineend);
+ if (lineend == std::string::npos || filestart == std::string::npos ||
+ fileend == std::string::npos || filestart == fileend)
+ {
+ sendError(client, 500, request, sendContent, "Filename can't be extracted", headers);
+ return false;
+ }
+
+ size_t httpstart = fileend;
+ for (; request[httpstart] == ' '; ++httpstart);
+ if (strncmp(request.c_str() + httpstart, "HTTP/1.1\r", 9) == 0)
+ closeConnection = strcasecmp(LookupTag(request, "Connection", "Keep-Alive").c_str(), "Keep-Alive") != 0;
+ else if (strncmp(request.c_str() + httpstart, "HTTP/1.0\r", 9) == 0)
+ closeConnection = strcasecmp(LookupTag(request, "Connection", "Keep-Alive").c_str(), "close") == 0;
+ else
+ {
+ sendError(client, 500, request, sendContent, "Not a HTTP/1.{0,1} request", headers);
+ return false;
+ }
+
+ filename = request.substr(filestart, fileend - filestart);
+ if (filename.find(' ') != std::string::npos)
+ {
+ sendError(client, 500, request, sendContent, "Filename contains an unencoded space", headers);
+ return false;
+ }
+
+ std::string host = LookupTag(request, "Host", "");
+ if (host.empty() == true)
+ {
+ // RFC 2616 ยง14.23 requires Host
+ sendError(client, 400, request, sendContent, "Host header is required", headers);
+ return false;
+ }
+ host = "http://" + host;
+
+ // Proxies require absolute uris, so this is a simple proxy-fake option
+ std::string const absolute = _config->Find("aptwebserver::request::absolute", "uri,path");
+ if (strncmp(host.c_str(), filename.c_str(), host.length()) == 0 && APT::String::Startswith(filename, "/_config/") == false)
+ {
+ if (absolute.find("uri") == std::string::npos)
+ {
+ sendError(client, 400, request, sendContent, "Request is absoluteURI, but configured to not accept that", headers);
+ return false;
+ }
+
+ // strip the host from the request to make it an absolute path
+ filename.erase(0, host.length());
+
+ std::string const authConf = _config->Find("aptwebserver::proxy-authorization", "");
+ std::string auth = LookupTag(request, "Proxy-Authorization", "");
+ if (authConf.empty() != auth.empty())
+ {
+ if (auth.empty())
+ sendError(client, 407, request, sendContent, "Proxy requires authentication", headers);
+ else
+ sendError(client, 407, request, sendContent, "Client wants to authenticate to proxy, but proxy doesn't need it", headers);
+ return false;
+ }
+ if (authConf.empty() == false)
+ {
+ char const * const basic = "Basic ";
+ if (strncmp(auth.c_str(), basic, strlen(basic)) == 0)
+ {
+ auth.erase(0, strlen(basic));
+ if (auth != authConf)
+ {
+ sendError(client, 407, request, sendContent, "Proxy-Authentication doesn't match", headers);
+ return false;
+ }
+ }
+ else
+ {
+ std::list<std::string> headers;
+ headers.push_back("Proxy-Authenticate: Basic");
+ sendError(client, 407, request, sendContent, "Unsupported Proxy-Authentication Scheme", headers);
+ return false;
+ }
+ }
+ }
+ else if (absolute.find("path") == std::string::npos && APT::String::Startswith(filename, "/_config/") == false)
+ {
+ sendError(client, 400, request, sendContent, "Request is absolutePath, but configured to not accept that", headers);
+ return false;
+ }
+
+ if (APT::String::Startswith(filename, "/_config/") == false)
+ {
+ std::string const authConf = _config->Find("aptwebserver::authorization", "");
+ std::string auth = LookupTag(request, "Authorization", "");
+ if (authConf.empty() != auth.empty())
+ {
+ if (auth.empty())
+ sendError(client, 401, request, sendContent, "Server requires authentication", headers);
+ else
+ sendError(client, 401, request, sendContent, "Client wants to authenticate to server, but server doesn't need it", headers);
+ return false;
+ }
+ if (authConf.empty() == false)
+ {
+ char const * const basic = "Basic ";
+ if (strncmp(auth.c_str(), basic, strlen(basic)) == 0)
+ {
+ auth.erase(0, strlen(basic));
+ if (auth != authConf)
+ {
+ sendError(client, 401, request, sendContent, "Authentication doesn't match", headers);
+ return false;
+ }
+ }
+ else
+ {
+ headers.push_back("WWW-Authenticate: Basic");
+ sendError(client, 401, request, sendContent, "Unsupported Authentication Scheme", headers);
+ return false;
+ }
+ }
+ }
+
+ size_t paramspos = filename.find('?');
+ if (paramspos != std::string::npos)
+ {
+ params = filename.substr(paramspos + 1);
+ filename.erase(paramspos);
+ }
+
+ filename = DeQuoteString(filename);
+
+ // this is not a secure server, but at least prevent the obvious โฆ
+ if (filename.empty() == true || filename[0] != '/' ||
+ strncmp(filename.c_str(), "//", 2) == 0 ||
+ filename.find_first_of("\r\n\t\f\v") != std::string::npos ||
+ filename.find("/../") != std::string::npos)
+ {
+ std::list<std::string> headers;
+ sendError(client, 400, request, sendContent, "Filename contains illegal character (sequence)", headers);
+ return false;
+ }
+
+ // nuke the first character which is a / as we assured above
+ filename.erase(0, 1);
+ if (filename.empty() == true)
+ filename = "./";
+ // support ~user/ uris to refer to /home/user/public_html/ as a kind-of special directory
+ else if (filename[0] == '~')
+ {
+ // /home/user is actually not entirely correct, but good enough for now
+ size_t dashpos = filename.find('/');
+ if (dashpos != std::string::npos)
+ {
+ std::string home = filename.substr(1, filename.find('/') - 1);
+ std::string pubhtml = filename.substr(filename.find('/') + 1);
+ filename = "/home/" + home + "/public_html/" + pubhtml;
+ }
+ else
+ filename = "/home/" + filename.substr(1) + "/public_html/";
+ }
+
+ // if no filename is given, but a valid directory see if we can use an index or
+ // have to resort to a autogenerated directory listing later on
+ if (DirectoryExists(filename) == true)
+ {
+ std::string const directoryIndex = _config->Find("aptwebserver::directoryindex");
+ if (directoryIndex.empty() == false && directoryIndex == flNotDir(directoryIndex) &&
+ RealFileExists(filename + directoryIndex) == true)
+ filename += directoryIndex;
+ }
+
+ return true;
+}
+ /*}}}*/
+static bool handleOnTheFlyReconfiguration(int const client, std::string const &request,/*{{{*/
+ std::vector<std::string> parts, std::list<std::string> &headers)
+{
+ size_t const pcount = parts.size();
+ for (size_t i = 0; i < pcount; ++i)
+ parts[i] = DeQuoteString(parts[i]);
+ if (pcount == 4 && parts[1] == "set")
+ {
+ _config->Set(parts[2], parts[3]);
+ sendSuccess(client, request, true, "Option '" + parts[2] + "' was set to '" + parts[3] + "'!", headers);
+ return true;
+ }
+ else if (pcount == 4 && parts[1] == "find")
+ {
+ std::string response = _config->Find(parts[2], parts[3]);
+ addDataHeaders(headers, response);
+ sendHead(client, 200, headers);
+ sendData(client, headers, response);
+ return true;
+ }
+ else if (pcount == 3 && parts[1] == "find")
+ {
+ if (_config->Exists(parts[2]) == true)
+ {
+ std::string response = _config->Find(parts[2]);
+ addDataHeaders(headers, response);
+ sendHead(client, 200, headers);
+ sendData(client, headers, response);
+ return true;
+ }
+ sendError(client, 404, request, true, "Requested Configuration option doesn't exist", headers);
+ return false;
+ }
+ else if (pcount == 3 && parts[1] == "clear")
+ {
+ _config->Clear(parts[2]);
+ sendSuccess(client, request, true, "Option '" + parts[2] + "' was cleared.", headers);
+ return true;
+ }
+
+ sendError(client, 400, request, true, "Unknown on-the-fly configuration request", headers);
+ return false;
+}
+ /*}}}*/
+static void * handleClient(void * voidclient) /*{{{*/
+{
+ int client = *((int*)(voidclient));
+ std::clog << "ACCEPT client " << client << std::endl;
+ bool closeConnection = false;
+ while (closeConnection == false)
+ {
+ std::vector<std::string> messages;
+ if (ReadMessages(client, messages) == false)
+ break;
+
+ std::list<std::string> headers;
+ for (std::vector<std::string>::const_iterator m = messages.begin();
+ m != messages.end() && closeConnection == false; ++m) {
+ // if we announced a closing in previous response, do the close now
+ if (std::find(headers.begin(), headers.end(), std::string("Connection: close")) != headers.end())
+ {
+ closeConnection = true;
+ break;
+ }
+ headers.clear();
+
+ std::clog << ">>> REQUEST from " << client << " >>>" << std::endl << *m
+ << std::endl << "<<<<<<<<<<<<<<<<" << std::endl;
+ std::string filename;
+ std::string params;
+ bool sendContent = true;
+ if (parseFirstLine(client, *m, filename, params, sendContent, closeConnection, headers) == false)
+ continue;
+
+ // special webserver command request
+ if (filename.length() > 1 && filename[0] == '_')
+ {
+ std::vector<std::string> parts = VectorizeString(filename, '/');
+ if (parts[0] == "_config")
+ {
+ handleOnTheFlyReconfiguration(client, *m, parts, headers);
+ continue;
+ }
+ }
+
+ // string replacements in the requested filename
+ ::Configuration::Item const *Replaces = _config->Tree("aptwebserver::redirect::replace");
+ if (Replaces != NULL)
+ {
+ std::string redirect = "/" + filename;
+ for (::Configuration::Item *I = Replaces->Child; I != NULL; I = I->Next)
+ redirect = SubstVar(redirect, I->Tag, I->Value);
+ if (redirect.empty() == false && redirect[0] == '/')
+ redirect.erase(0,1);
+ if (redirect != filename)
+ {
+ sendRedirect(client, 301, redirect, *m, sendContent);
+ continue;
+ }
+ }
+
+ ::Configuration::Item const *Overwrite = _config->Tree("aptwebserver::overwrite");
+ if (Overwrite != NULL)
+ {
+ for (::Configuration::Item *I = Overwrite->Child; I != NULL; I = I->Next)
+ {
+ regex_t *pattern = new regex_t;
+ int const res = regcomp(pattern, I->Tag.c_str(), REG_EXTENDED | REG_ICASE | REG_NOSUB);
+ if (res != 0)
+ {
+ char error[300];
+ regerror(res, pattern, error, sizeof(error));
+ sendError(client, 500, *m, sendContent, error, headers);
+ continue;
+ }
+ if (regexec(pattern, filename.c_str(), 0, 0, 0) == 0)
+ {
+ filename = _config->Find("aptwebserver::overwrite::" + I->Tag + "::filename", filename);
+ if (filename[0] == '/')
+ filename.erase(0,1);
+ regfree(pattern);
+ break;
+ }
+ regfree(pattern);
+ }
+ }
+
+ // deal with the request
+ unsigned int const httpsport = _config->FindI("aptwebserver::port::https", 4433);
+ std::string hosthttpsport;
+ strprintf(hosthttpsport, ":%u", httpsport);
+ if (_config->FindB("aptwebserver::support::http", true) == false &&
+ LookupTag(*m, "Host").find(hosthttpsport) == std::string::npos)
+ {
+ sendError(client, 400, *m, sendContent, "HTTP disabled, all requests must be HTTPS", headers);
+ continue;
+ }
+ else if (RealFileExists(filename) == true)
+ {
+ FileFd data(filename, FileFd::ReadOnly);
+ std::string condition = LookupTag(*m, "If-Modified-Since", "");
+ if (_config->FindB("aptwebserver::support::modified-since", true) == true && condition.empty() == false)
+ {
+ time_t cache;
+ if (RFC1123StrToTime(condition.c_str(), cache) == true &&
+ cache >= data.ModificationTime())
+ {
+ sendHead(client, 304, headers);
+ continue;
+ }
+ }
+
+ if (_config->FindB("aptwebserver::support::range", true) == true)
+ condition = LookupTag(*m, "Range", "");
+ else
+ condition.clear();
+ if (condition.empty() == false && strncmp(condition.c_str(), "bytes=", 6) == 0)
+ {
+ time_t cache;
+ std::string ifrange;
+ if (_config->FindB("aptwebserver::support::if-range", true) == true)
+ ifrange = LookupTag(*m, "If-Range", "");
+ bool validrange = (ifrange.empty() == true ||
+ (RFC1123StrToTime(ifrange.c_str(), cache) == true &&
+ cache <= data.ModificationTime()));
+
+ // FIXME: support multiple byte-ranges (APT clients do not do this)
+ if (condition.find(',') == std::string::npos)
+ {
+ size_t start = 6;
+ unsigned long long filestart = strtoull(condition.c_str() + start, NULL, 10);
+ // FIXME: no support for last-byte-pos being not the end of the file (APT clients do not do this)
+ size_t dash = condition.find('-') + 1;
+ unsigned long long fileend = strtoull(condition.c_str() + dash, NULL, 10);
+ unsigned long long filesize = data.FileSize();
+ if ((fileend == 0 || (fileend == filesize && fileend >= filestart)) &&
+ validrange == true)
+ {
+ if (filesize > filestart)
+ {
+ data.Skip(filestart);
+ // make sure to send content-range before conent-length
+ // as regression test for LP: #1445239
+ std::ostringstream contentrange;
+ contentrange << "Content-Range: bytes " << filestart << "-"
+ << filesize - 1 << "/" << filesize;
+ headers.push_back(contentrange.str());
+ std::ostringstream contentlength;
+ contentlength << "Content-Length: " << (filesize - filestart);
+ headers.push_back(contentlength.str());
+ sendHead(client, 206, headers);
+ if (sendContent == true)
+ sendFile(client, headers, data);
+ continue;
+ }
+ else
+ {
+ if (_config->FindB("aptwebserver::support::content-range", true) == true)
+ {
+ std::ostringstream contentrange;
+ contentrange << "Content-Range: bytes */" << filesize;
+ headers.push_back(contentrange.str());
+ }
+ sendError(client, 416, *m, sendContent, "", headers);
+ break;
+ }
+ }
+ }
+ }
+
+ addFileHeaders(headers, data);
+ sendHead(client, 200, headers);
+ if (sendContent == true)
+ sendFile(client, headers, data);
+ }
+ else if (DirectoryExists(filename) == true)
+ {
+ if (filename[filename.length()-1] == '/')
+ sendDirectoryListing(client, filename, *m, sendContent, headers);
+ else
+ sendRedirect(client, 301, filename.append("/"), *m, sendContent);
+ }
+ else
+ sendError(client, 404, *m, sendContent, "", headers);
+ }
+
+ // if we announced a closing in the last response, do the close now
+ if (std::find(headers.begin(), headers.end(), std::string("Connection: close")) != headers.end())
+ closeConnection = true;
+
+ if (_error->PendingError() == true)
+ break;
+ _error->DumpErrors(std::cerr);
+ }
+ _error->DumpErrors(std::cerr);
+ close(client);
+ std::clog << "CLOSE client " << client << std::endl;
+ return NULL;
+}
+ /*}}}*/
+