X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/ceafe8a6edc815df2923ba892894617829e9d3c2..70aa55819c08ec979f50400d159daadbfb5c7f54:/test/interactive-helper/aptwebserver.cc

diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc
index 9c67b67e4..4b98cbd7c 100644
--- a/test/interactive-helper/aptwebserver.cc
+++ b/test/interactive-helper/aptwebserver.cc
@@ -6,6 +6,8 @@
 #include <apt-pkg/fileutl.h>
 #include <apt-pkg/strutl.h>
 
+#include "teestream.h"
+
 #include <dirent.h>
 #include <errno.h>
 #include <netinet/in.h>
@@ -22,63 +24,65 @@
 
 #include <algorithm>
 #include <iostream>
+#include <fstream>
 #include <sstream>
 #include <list>
 #include <string>
+#include <thread>
 #include <vector>
 
-static char const * httpcodeToStr(int const httpcode)		/*{{{*/
+static std::string httpcodeToStr(int const httpcode)			/*{{{*/
 {
    switch (httpcode)
    {
       // Informational 1xx
-      case 100: return "100 Continue";
-      case 101: return "101 Switching Protocols";
+      case 100: return _config->Find("aptwebserver::httpcode::100", "100 Continue");
+      case 101: return _config->Find("aptwebserver::httpcode::101", "101 Switching Protocols");
       // Successful 2xx
-      case 200: return "200 OK";
-      case 201: return "201 Created";
-      case 202: return "202 Accepted";
-      case 203: return "203 Non-Authoritative Information";
-      case 204: return "204 No Content";
-      case 205: return "205 Reset Content";
-      case 206: return "206 Partial Content";
+      case 200: return _config->Find("aptwebserver::httpcode::200", "200 OK");
+      case 201: return _config->Find("aptwebserver::httpcode::201", "201 Created");
+      case 202: return _config->Find("aptwebserver::httpcode::202", "202 Accepted");
+      case 203: return _config->Find("aptwebserver::httpcode::203", "203 Non-Authoritative Information");
+      case 204: return _config->Find("aptwebserver::httpcode::204", "204 No Content");
+      case 205: return _config->Find("aptwebserver::httpcode::205", "205 Reset Content");
+      case 206: return _config->Find("aptwebserver::httpcode::206", "206 Partial Content");
       // Redirections 3xx
-      case 300: return "300 Multiple Choices";
-      case 301: return "301 Moved Permanently";
-      case 302: return "302 Found";
-      case 303: return "303 See Other";
-      case 304: return "304 Not Modified";
-      case 305: return "304 Use Proxy";
-      case 307: return "307 Temporary Redirect";
+      case 300: return _config->Find("aptwebserver::httpcode::300", "300 Multiple Choices");
+      case 301: return _config->Find("aptwebserver::httpcode::301", "301 Moved Permanently");
+      case 302: return _config->Find("aptwebserver::httpcode::302", "302 Found");
+      case 303: return _config->Find("aptwebserver::httpcode::303", "303 See Other");
+      case 304: return _config->Find("aptwebserver::httpcode::304", "304 Not Modified");
+      case 305: return _config->Find("aptwebserver::httpcode::305", "305 Use Proxy");
+      case 307: return _config->Find("aptwebserver::httpcode::307", "307 Temporary Redirect");
       // Client errors 4xx
-      case 400: return "400 Bad Request";
-      case 401: return "401 Unauthorized";
-      case 402: return "402 Payment Required";
-      case 403: return "403 Forbidden";
-      case 404: return "404 Not Found";
-      case 405: return "405 Method Not Allowed";
-      case 406: return "406 Not Acceptable";
-      case 407: return "407 Proxy Authentication Required";
-      case 408: return "408 Request Time-out";
-      case 409: return "409 Conflict";
-      case 410: return "410 Gone";
-      case 411: return "411 Length Required";
-      case 412: return "412 Precondition Failed";
-      case 413: return "413 Request Entity Too Large";
-      case 414: return "414 Request-URI Too Large";
-      case 415: return "415 Unsupported Media Type";
-      case 416: return "416 Requested range not satisfiable";
-      case 417: return "417 Expectation Failed";
-      case 418: return "418 I'm a teapot";
+      case 400: return _config->Find("aptwebserver::httpcode::400", "400 Bad Request");
+      case 401: return _config->Find("aptwebserver::httpcode::401", "401 Unauthorized");
+      case 402: return _config->Find("aptwebserver::httpcode::402", "402 Payment Required");
+      case 403: return _config->Find("aptwebserver::httpcode::403", "403 Forbidden");
+      case 404: return _config->Find("aptwebserver::httpcode::404", "404 Not Found");
+      case 405: return _config->Find("aptwebserver::httpcode::405", "405 Method Not Allowed");
+      case 406: return _config->Find("aptwebserver::httpcode::406", "406 Not Acceptable");
+      case 407: return _config->Find("aptwebserver::httpcode::407", "407 Proxy Authentication Required");
+      case 408: return _config->Find("aptwebserver::httpcode::408", "408 Request Time-out");
+      case 409: return _config->Find("aptwebserver::httpcode::409", "409 Conflict");
+      case 410: return _config->Find("aptwebserver::httpcode::410", "410 Gone");
+      case 411: return _config->Find("aptwebserver::httpcode::411", "411 Length Required");
+      case 412: return _config->Find("aptwebserver::httpcode::412", "412 Precondition Failed");
+      case 413: return _config->Find("aptwebserver::httpcode::413", "413 Request Entity Too Large");
+      case 414: return _config->Find("aptwebserver::httpcode::414", "414 Request-URI Too Large");
+      case 415: return _config->Find("aptwebserver::httpcode::415", "415 Unsupported Media Type");
+      case 416: return _config->Find("aptwebserver::httpcode::416", "416 Requested range not satisfiable");
+      case 417: return _config->Find("aptwebserver::httpcode::417", "417 Expectation Failed");
+      case 418: return _config->Find("aptwebserver::httpcode::418", "418 I'm a teapot");
       // Server error 5xx
-      case 500: return "500 Internal Server Error";
-      case 501: return "501 Not Implemented";
-      case 502: return "502 Bad Gateway";
-      case 503: return "503 Service Unavailable";
-      case 504: return "504 Gateway Time-out";
-      case 505: return "505 HTTP Version not supported";
-   }
-   return NULL;
+      case 500: return _config->Find("aptwebserver::httpcode::500", "500 Internal Server Error");
+      case 501: return _config->Find("aptwebserver::httpcode::501", "501 Not Implemented");
+      case 502: return _config->Find("aptwebserver::httpcode::502", "502 Bad Gateway");
+      case 503: return _config->Find("aptwebserver::httpcode::503", "503 Service Unavailable");
+      case 504: return _config->Find("aptwebserver::httpcode::504", "504 Gateway Time-out");
+      case 505: return _config->Find("aptwebserver::httpcode::505", "505 HTTP Version not supported");
+   }
+   return "";
 }
 									/*}}}*/
 static bool chunkedTransferEncoding(std::list<std::string> const &headers) {
@@ -96,9 +100,12 @@ static void addFileHeaders(std::list<std::string> &headers, FileFd &data)/*{{{*/
       contentlength << "Content-Length: " << data.FileSize();
       headers.push_back(contentlength.str());
    }
-   std::string lastmodified("Last-Modified: ");
-   lastmodified.append(TimeRFC1123(data.ModificationTime()));
-   headers.push_back(lastmodified);
+   if (_config->FindB("aptwebserver::support::last-modified", true) == true)
+   {
+      std::string lastmodified("Last-Modified: ");
+      lastmodified.append(TimeRFC1123(data.ModificationTime(), false));
+      headers.push_back(lastmodified);
+   }
 }
 									/*}}}*/
 static void addDataHeaders(std::list<std::string> &headers, std::string &data)/*{{{*/
@@ -111,7 +118,7 @@ static void addDataHeaders(std::list<std::string> &headers, std::string &data)/*
    }
 }
 									/*}}}*/
-static bool sendHead(int const client, int const httpcode, std::list<std::string> &headers)/*{{{*/
+static bool sendHead(std::ostream &log, int const client, int const httpcode, std::list<std::string> &headers)/*{{{*/
 {
    std::string response("HTTP/1.1 ");
    response.append(httpcodeToStr(httpcode));
@@ -119,19 +126,22 @@ static bool sendHead(int const client, int const httpcode, std::list<std::string
    _config->Set("APTWebserver::Last-Status-Code", httpcode);
 
    std::stringstream buffer;
+   auto const empties = _config->FindVector("aptwebserver::empty-response-header");
+   for (auto && e: empties)
+      buffer << e << ":" << std::endl;
    _config->Dump(buffer, "aptwebserver::response-header", "%t: %v%n", false);
    std::vector<std::string> addheaders = VectorizeString(buffer.str(), '\n');
    for (std::vector<std::string>::const_iterator h = addheaders.begin(); h != addheaders.end(); ++h)
       headers.push_back(*h);
 
    std::string date("Date: ");
-   date.append(TimeRFC1123(time(NULL)));
+   date.append(TimeRFC1123(time(NULL), false));
    headers.push_back(date);
 
    if (chunkedTransferEncoding(headers) == true)
       headers.push_back("Transfer-Encoding: chunked");
 
-   std::clog << ">>> RESPONSE to " << client << " >>>" << std::endl;
+   log << ">>> RESPONSE to " << client << " >>>" << std::endl;
    bool Success = true;
    for (std::list<std::string>::const_iterator h = headers.begin();
 	Success == true && h != headers.end(); ++h)
@@ -139,11 +149,11 @@ static bool sendHead(int const client, int const httpcode, std::list<std::string
       Success &= FileFd::Write(client, h->c_str(), h->size());
       if (Success == true)
 	 Success &= FileFd::Write(client, "\r\n", 2);
-      std::clog << *h << std::endl;
+      log << *h << std::endl;
    }
    if (Success == true)
       Success &= FileFd::Write(client, "\r\n", 2);
-   std::clog << "<<<<<<<<<<<<<<<<" << std::endl;
+   log << "<<<<<<<<<<<<<<<<" << std::endl;
    return Success;
 }
 									/*}}}*/
@@ -203,11 +213,11 @@ static bool sendData(int const client, std::list<std::string> const &headers, st
    return true;
 }
 									/*}}}*/
-static void sendError(int const client, int const httpcode, std::string const &request,/*{{{*/
+static void sendError(std::ostream &log, int const client, int const httpcode, std::string const &request,/*{{{*/
 	       bool const content, std::string const &error, std::list<std::string> &headers)
 {
-   std::string response("<html><head><title>");
-   response.append(httpcodeToStr(httpcode)).append("</title></head>");
+   std::string response("<!doctype html><html><head><title>");
+   response.append(httpcodeToStr(httpcode)).append("</title><meta charset=\"utf-8\" /></head>");
    response.append("<body><h1>").append(httpcodeToStr(httpcode)).append("</h1>");
    if (httpcode != 200)
       response.append("<p><em>Error</em>: ");
@@ -228,22 +238,22 @@ static void sendError(int const client, int const httpcode, std::string const &r
 	 headers.push_back("Connection: close");
    }
    addDataHeaders(headers, response);
-   sendHead(client, httpcode, headers);
+   sendHead(log, client, httpcode, headers);
    if (content == true)
       sendData(client, headers, response);
 }
-static void sendSuccess(int const client, std::string const &request,
+static void sendSuccess(std::ostream &log, int const client, std::string const &request,
 	       bool const content, std::string const &error, std::list<std::string> &headers)
 {
-   sendError(client, 200, request, content, error, headers);
+   sendError(log, client, 200, request, content, error, headers);
 }
 									/*}}}*/
-static void sendRedirect(int const client, int const httpcode, std::string const &uri,/*{{{*/
-		  std::string const &request, bool content)
+static void sendRedirect(std::ostream &log, int const client, int const httpcode,/*{{{*/
+		  std::string const &uri, std::string const &request, bool content)
 {
    std::list<std::string> headers;
-   std::string response("<html><head><title>");
-   response.append(httpcodeToStr(httpcode)).append("</title></head>");
+   std::string response("<!doctype html><html><head><title>");
+   response.append(httpcodeToStr(httpcode)).append("</title><meta charset=\"utf-8\" /></head>");
    response.append("<body><h1>").append(httpcodeToStr(httpcode)).append("</h1");
    response.append("<p>You should be redirected to <em>").append(uri).append("</em></p>");
    response.append("This page is a result of the request: <pre>");
@@ -253,7 +263,10 @@ static void sendRedirect(int const client, int const httpcode, std::string const
    if (strncmp(uri.c_str(), "http://", 7) != 0 && strncmp(uri.c_str(), "https://", 8) != 0)
    {
       std::string const host = LookupTag(request, "Host");
-      if (host.find(":4433") != std::string::npos)
+      unsigned int const httpsport = _config->FindI("aptwebserver::port::https", 4433);
+      std::string hosthttpsport;
+      strprintf(hosthttpsport, ":%u", httpsport);
+      if (host.find(hosthttpsport) != std::string::npos)
 	 location.append("https://");
       else
 	 location.append("http://");
@@ -270,7 +283,7 @@ static void sendRedirect(int const client, int const httpcode, std::string const
    else
       location.append(uri);
    headers.push_back(location);
-   sendHead(client, httpcode, headers);
+   sendHead(log, client, httpcode, headers);
    if (content == true)
       sendData(client, headers, response);
 }
@@ -313,20 +326,19 @@ static int grouped_alpha_case_sort(const struct dirent **a, const struct dirent
    return strcasecmp((*a)->d_name, (*b)->d_name);
 }
 									/*}}}*/
-static void sendDirectoryListing(int const client, std::string const &dir,/*{{{*/
+static void sendDirectoryListing(std::ostream &log, int const client, std::string const &dir,/*{{{*/
 			  std::string const &request, bool content, std::list<std::string> &headers)
 {
-   std::ostringstream listing;
-
    struct dirent **namelist;
    int const counter = scandir(dir.c_str(), &namelist, filter_hidden_files, grouped_alpha_case_sort);
    if (counter == -1)
    {
-      sendError(client, 500, request, content, "scandir failed", headers);
+      sendError(log, client, 500, request, content, "scandir failed", headers);
       return;
    }
 
-   listing << "<html><head><title>Index of " << dir << "</title>"
+   std::ostringstream listing;
+   listing << "<!doctype html><html><head><title>Index of " << dir << "</title><meta charset=\"utf-8\" />"
 	   << "<style type=\"text/css\"><!-- td {padding: 0.02em 0.5em 0.02em 0.5em;}"
 	   << "tr:nth-child(even){background-color:#dfdfdf;}"
 	   << "h1, td:nth-child(3){text-align:center;}"
@@ -353,18 +365,18 @@ static void sendDirectoryListing(int const client, std::string const &dir,/*{{{*
 		 << "<td><a href=\"" << namelist[i]->d_name << "\">" << namelist[i]->d_name << "</a></td>"
 		 << "<td>" << SizeToStr(fs.st_size) << "B</td>";
       }
-      listing << "<td>" << TimeRFC1123(fs.st_mtime) << "</td></tr>" << std::endl;
+      listing << "<td>" << TimeRFC1123(fs.st_mtime, true) << "</td></tr>" << std::endl;
    }
    listing << "</table></body></html>" << std::endl;
 
    std::string response(listing.str());
    addDataHeaders(headers, response);
-   sendHead(client, 200, headers);
+   sendHead(log, client, 200, headers);
    if (content == true)
       sendData(client, headers, response);
 }
 									/*}}}*/
-static bool parseFirstLine(int const client, std::string const &request,/*{{{*/
+static bool parseFirstLine(std::ostream &log, int const client, std::string const &request,/*{{{*/
 		    std::string &filename, std::string &params, bool &sendContent,
 		    bool &closeConnection, std::list<std::string> &headers)
 {
@@ -372,7 +384,7 @@ static bool parseFirstLine(int const client, std::string const &request,/*{{{*/
       sendContent = false;
    if (strncmp(request.c_str(), "GET ", 4) != 0)
    {
-      sendError(client, 501, request, true, "", headers);
+      sendError(log, client, 501, request, true, "", headers);
       return false;
    }
 
@@ -383,7 +395,7 @@ static bool parseFirstLine(int const client, std::string const &request,/*{{{*/
    if (lineend == std::string::npos || filestart == std::string::npos ||
 	 fileend == std::string::npos || filestart == fileend)
    {
-      sendError(client, 500, request, sendContent, "Filename can't be extracted", headers);
+      sendError(log, client, 500, request, sendContent, "Filename can't be extracted", headers);
       return false;
    }
 
@@ -395,14 +407,14 @@ static bool parseFirstLine(int const client, std::string const &request,/*{{{*/
       closeConnection = strcasecmp(LookupTag(request, "Connection", "Keep-Alive").c_str(), "close") == 0;
    else
    {
-      sendError(client, 500, request, sendContent, "Not a HTTP/1.{0,1} request", headers);
+      sendError(log, client, 500, request, sendContent, "Not a HTTP/1.{0,1} request", headers);
       return false;
    }
 
    filename = request.substr(filestart, fileend - filestart);
    if (filename.find(' ') != std::string::npos)
    {
-      sendError(client, 500, request, sendContent, "Filename contains an unencoded space", headers);
+      sendError(log, client, 500, request, sendContent, "Filename contains an unencoded space", headers);
       return false;
    }
 
@@ -410,29 +422,94 @@ static bool parseFirstLine(int const client, std::string const &request,/*{{{*/
    if (host.empty() == true)
    {
       // RFC 2616 §14.23 requires Host
-      sendError(client, 400, request, sendContent, "Host header is required", headers);
+      sendError(log, client, 400, request, sendContent, "Host header is required", headers);
       return false;
    }
    host = "http://" + host;
 
    // Proxies require absolute uris, so this is a simple proxy-fake option
    std::string const absolute = _config->Find("aptwebserver::request::absolute", "uri,path");
-   if (strncmp(host.c_str(), filename.c_str(), host.length()) == 0)
+   if (strncmp(host.c_str(), filename.c_str(), host.length()) == 0 && APT::String::Startswith(filename, "/_config/") == false)
    {
       if (absolute.find("uri") == std::string::npos)
       {
-	 sendError(client, 400, request, sendContent, "Request is absoluteURI, but configured to not accept that", headers);
+	 sendError(log, client, 400, request, sendContent, "Request is absoluteURI, but configured to not accept that", headers);
 	 return false;
       }
+
       // strip the host from the request to make it an absolute path
       filename.erase(0, host.length());
+
+      std::string const authConf = _config->Find("aptwebserver::proxy-authorization", "");
+      std::string auth = LookupTag(request, "Proxy-Authorization", "");
+      if (authConf.empty() != auth.empty())
+      {
+	 if (auth.empty())
+	    sendError(log, client, 407, request, sendContent, "Proxy requires authentication", headers);
+	 else
+	    sendError(log, client, 407, request, sendContent, "Client wants to authenticate to proxy, but proxy doesn't need it", headers);
+	return false;
+      }
+      if (authConf.empty() == false)
+      {
+	 char const * const basic = "Basic ";
+	 if (strncmp(auth.c_str(), basic, strlen(basic)) == 0)
+	 {
+	    auth.erase(0, strlen(basic));
+	    if (auth != authConf)
+	    {
+	       sendError(log, client, 407, request, sendContent, "Proxy-Authentication doesn't match", headers);
+	       return false;
+	    }
+	 }
+	 else
+	 {
+	    std::list<std::string> headers;
+	    headers.push_back("Proxy-Authenticate: Basic");
+	    sendError(log, client, 407, request, sendContent, "Unsupported Proxy-Authentication Scheme", headers);
+	    return false;
+	 }
+      }
    }
-   else if (absolute.find("path") == std::string::npos)
+   else if (absolute.find("path") == std::string::npos && APT::String::Startswith(filename, "/_config/") == false)
    {
-      sendError(client, 400, request, sendContent, "Request is absolutePath, but configured to not accept that", headers);
+      sendError(log, client, 400, request, sendContent, "Request is absolutePath, but configured to not accept that", headers);
       return false;
    }
 
+   if (APT::String::Startswith(filename, "/_config/") == false)
+   {
+      std::string const authConf = _config->Find("aptwebserver::authorization", "");
+      std::string auth = LookupTag(request, "Authorization", "");
+      if (authConf.empty() != auth.empty())
+      {
+	 if (auth.empty())
+	    sendError(log, client, 401, request, sendContent, "Server requires authentication", headers);
+	 else
+	    sendError(log, client, 401, request, sendContent, "Client wants to authenticate to server, but server doesn't need it", headers);
+	 return false;
+      }
+      if (authConf.empty() == false)
+      {
+	 char const * const basic = "Basic ";
+	 if (strncmp(auth.c_str(), basic, strlen(basic)) == 0)
+	 {
+	    auth.erase(0, strlen(basic));
+	    if (auth != authConf)
+	    {
+	       sendError(log, client, 401, request, sendContent, "Authentication doesn't match", headers);
+	       return false;
+	    }
+	 }
+	 else
+	 {
+	    headers.push_back("WWW-Authenticate: Basic");
+	    sendError(log, client, 401, request, sendContent, "Unsupported Authentication Scheme", headers);
+	    return false;
+	 }
+      }
+   }
+
    size_t paramspos = filename.find('?');
    if (paramspos != std::string::npos)
    {
@@ -449,7 +526,7 @@ static bool parseFirstLine(int const client, std::string const &request,/*{{{*/
        filename.find("/../") != std::string::npos)
    {
       std::list<std::string> headers;
-      sendError(client, 400, request, sendContent, "Filename contains illegal character (sequence)", headers);
+      sendError(log, client, 400, request, sendContent, "Filename contains illegal character (sequence)", headers);
       return false;
    }
 
@@ -485,21 +562,23 @@ static bool parseFirstLine(int const client, std::string const &request,/*{{{*/
    return true;
 }
 									/*}}}*/
-static bool handleOnTheFlyReconfiguration(int const client, std::string const &request,/*{{{*/
-      std::vector<std::string> parts, std::list<std::string> &headers)
+static bool handleOnTheFlyReconfiguration(std::ostream &log, int const client,/*{{{*/
+      std::string const &request, std::vector<std::string> parts, std::list<std::string> &headers)
 {
    size_t const pcount = parts.size();
+   for (size_t i = 0; i < pcount; ++i)
+      parts[i] = DeQuoteString(parts[i]);
    if (pcount == 4 && parts[1] == "set")
    {
       _config->Set(parts[2], parts[3]);
-      sendSuccess(client, request, true, "Option '" + parts[2] + "' was set to '" + parts[3] + "'!", headers);
+      sendSuccess(log, client, request, true, "Option '" + parts[2] + "' was set to '" + parts[3] + "'!", headers);
       return true;
    }
    else if (pcount == 4 && parts[1] == "find")
    {
       std::string response = _config->Find(parts[2], parts[3]);
       addDataHeaders(headers, response);
-      sendHead(client, 200, headers);
+      sendHead(log, client, 200, headers);
       sendData(client, headers, response);
       return true;
    }
@@ -509,45 +588,59 @@ static bool handleOnTheFlyReconfiguration(int const client, std::string const &r
       {
 	 std::string response = _config->Find(parts[2]);
 	 addDataHeaders(headers, response);
-	 sendHead(client, 200, headers);
+	 sendHead(log, client, 200, headers);
 	 sendData(client, headers, response);
 	 return true;
       }
-      sendError(client, 404, request, true, "Requested Configuration option doesn't exist", headers);
+      sendError(log, client, 404, request, true, "Requested Configuration option doesn't exist", headers);
       return false;
    }
    else if (pcount == 3 && parts[1] == "clear")
    {
       _config->Clear(parts[2]);
-      sendSuccess(client, request, true, "Option '" + parts[2] + "' was cleared.", headers);
+      sendSuccess(log, client, request, true, "Option '" + parts[2] + "' was cleared.", headers);
       return true;
    }
 
-   sendError(client, 400, request, true, "Unknown on-the-fly configuration request", headers);
+   sendError(log, client, 400, request, true, "Unknown on-the-fly configuration request", headers);
    return false;
 }
 									/*}}}*/
-static void * handleClient(void * voidclient)				/*{{{*/
+static void * handleClient(int const client, size_t const id)		/*{{{*/
 {
-   int client = *((int*)(voidclient));
-   std::clog << "ACCEPT client " << client << std::endl;
-   std::vector<std::string> messages;
+   auto logfilepath = _config->FindFile("aptwebserver::logfiles");
+   if (logfilepath.empty() == false)
+      strprintf(logfilepath, "%s.client-%lu.log", logfilepath.c_str(), id);
+   else
+      logfilepath = "/dev/null";
+   std::ofstream logfile(logfilepath);
+   basic_teeostream<char> log(std::clog, logfile);
+
+   log << "ACCEPT client " << client << std::endl;
    bool closeConnection = false;
-   std::list<std::string> headers;
-   while (closeConnection == false && ReadMessages(client, messages))
+   while (closeConnection == false)
    {
-      // if we announced a closing, do the close
-      if (std::find(headers.begin(), headers.end(), std::string("Connection: close")) != headers.end())
+      std::vector<std::string> messages;
+      if (ReadMessages(client, messages) == false)
 	 break;
-      headers.clear();
+
+      std::list<std::string> headers;
       for (std::vector<std::string>::const_iterator m = messages.begin();
 	    m != messages.end() && closeConnection == false; ++m) {
-	 std::clog << ">>> REQUEST from " << client << " >>>" << std::endl << *m
+	 // if we announced a closing in previous response, do the close now
+	 if (std::find(headers.begin(), headers.end(), std::string("Connection: close")) != headers.end())
+	 {
+	    closeConnection = true;
+	    break;
+	 }
+	 headers.clear();
+
+	 log << ">>> REQUEST from " << client << " >>>" << std::endl << *m
 	    << std::endl << "<<<<<<<<<<<<<<<<" << std::endl;
 	 std::string filename;
 	 std::string params;
 	 bool sendContent = true;
-	 if (parseFirstLine(client, *m, filename, params, sendContent, closeConnection, headers) == false)
+	 if (parseFirstLine(log, client, *m, filename, params, sendContent, closeConnection, headers) == false)
 	    continue;
 
 	 // special webserver command request
@@ -556,7 +649,7 @@ static void * handleClient(void * voidclient)				/*{{{*/
 	    std::vector<std::string> parts = VectorizeString(filename, '/');
 	    if (parts[0] == "_config")
 	    {
-	       handleOnTheFlyReconfiguration(client, *m, parts, headers);
+	       handleOnTheFlyReconfiguration(log, client, *m, parts, headers);
 	       continue;
 	    }
 	 }
@@ -572,7 +665,7 @@ static void * handleClient(void * voidclient)				/*{{{*/
 	       redirect.erase(0,1);
 	    if (redirect != filename)
 	    {
-	       sendRedirect(client, 301, redirect, *m, sendContent);
+	       sendRedirect(log, client, _config->FindI("aptwebserver::redirect::httpcode", 301), redirect, *m, sendContent);
 	       continue;
 	    }
 	 }
@@ -588,7 +681,7 @@ static void * handleClient(void * voidclient)				/*{{{*/
 	       {
 		  char error[300];
 		  regerror(res, pattern, error, sizeof(error));
-		  sendError(client, 500, *m, sendContent, error, headers);
+		  sendError(log, client, 500, *m, sendContent, error, headers);
 		  continue;
 	       }
 	       if (regexec(pattern, filename.c_str(), 0, 0, 0) == 0)
@@ -604,10 +697,13 @@ static void * handleClient(void * voidclient)				/*{{{*/
 	 }
 
 	 // deal with the request
+	 unsigned int const httpsport = _config->FindI("aptwebserver::port::https", 4433);
+	 std::string hosthttpsport;
+	 strprintf(hosthttpsport, ":%u", httpsport);
 	 if (_config->FindB("aptwebserver::support::http", true) == false &&
-	       LookupTag(*m, "Host").find(":4433") == std::string::npos)
+	       LookupTag(*m, "Host").find(hosthttpsport) == std::string::npos)
 	 {
-	    sendError(client, 400, *m, sendContent, "HTTP disabled, all requests must be HTTPS", headers);
+	    sendError(log, client, 400, *m, sendContent, "HTTP disabled, all requests must be HTTPS", headers);
 	    continue;
 	 }
 	 else if (RealFileExists(filename) == true)
@@ -620,7 +716,7 @@ static void * handleClient(void * voidclient)				/*{{{*/
 	       if (RFC1123StrToTime(condition.c_str(), cache) == true &&
 		     cache >= data.ModificationTime())
 	       {
-		  sendHead(client, 304, headers);
+		  sendHead(log, client, 304, headers);
 		  continue;
 	       }
 	    }
@@ -631,6 +727,15 @@ static void * handleClient(void * voidclient)				/*{{{*/
 	       condition.clear();
 	    if (condition.empty() == false && strncmp(condition.c_str(), "bytes=", 6) == 0)
 	    {
+	       std::string ranges = ',' + _config->Find("aptwebserver::response-header::Accept-Ranges") + ',';
+	       ranges.erase(std::remove(ranges.begin(), ranges.end(), ' '), ranges.end());
+	       if (ranges.find(",bytes,") == std::string::npos)
+	       {
+		  // we handle it as an error here because we are a test server - a real one should just ignore it
+		  sendError(log, client, 400, *m, sendContent, "Client does range requests we don't support", headers);
+		  continue;
+	       }
+
 	       time_t cache;
 	       std::string ifrange;
 	       if (_config->FindB("aptwebserver::support::if-range", true) == true)
@@ -654,6 +759,8 @@ static void * handleClient(void * voidclient)				/*{{{*/
 		     if (filesize > filestart)
 		     {
 			data.Skip(filestart);
+                        // make sure to send content-range before conent-length
+                        // as regression test for LP: #1445239
 			std::ostringstream contentrange;
 			contentrange << "Content-Range: bytes " << filestart << "-"
 			   << filesize - 1 << "/" << filesize;
@@ -661,43 +768,53 @@ static void * handleClient(void * voidclient)				/*{{{*/
 			std::ostringstream contentlength;
 			contentlength << "Content-Length: " << (filesize - filestart);
 			headers.push_back(contentlength.str());
-			sendHead(client, 206, headers);
+			sendHead(log, client, 206, headers);
 			if (sendContent == true)
 			   sendFile(client, headers, data);
 			continue;
 		     }
 		     else
 		     {
-			std::ostringstream contentrange;
-			contentrange << "Content-Range: bytes */" << filesize;
-			headers.push_back(contentrange.str());
-			sendError(client, 416, *m, sendContent, "", headers);
-			break;
+			if (_config->FindB("aptwebserver::support::content-range", true) == true)
+			{
+			   std::ostringstream contentrange;
+			   contentrange << "Content-Range: bytes */" << filesize;
+			   headers.push_back(contentrange.str());
+			}
+			sendError(log, client, 416, *m, sendContent, "", headers);
+			continue;
 		     }
 		  }
 	       }
 	    }
 
 	    addFileHeaders(headers, data);
-	    sendHead(client, 200, headers);
+	    sendHead(log, client, 200, headers);
 	    if (sendContent == true)
 	       sendFile(client, headers, data);
 	 }
 	 else if (DirectoryExists(filename) == true)
 	 {
 	    if (filename[filename.length()-1] == '/')
-	       sendDirectoryListing(client, filename, *m, sendContent, headers);
+	       sendDirectoryListing(log, client, filename, *m, sendContent, headers);
 	    else
-	       sendRedirect(client, 301, filename.append("/"), *m, sendContent);
+	       sendRedirect(log, client, 301, filename.append("/"), *m, sendContent);
 	 }
 	 else
-	    sendError(client, 404, *m, sendContent, "", headers);
+	    sendError(log, client, 404, *m, sendContent, "", headers);
       }
+
+      // if we announced a closing in the last response, do the close now
+      if (std::find(headers.begin(), headers.end(), std::string("Connection: close")) != headers.end())
+	 closeConnection = true;
+
+      if (_error->PendingError() == true)
+	 break;
       _error->DumpErrors(std::cerr);
-      messages.clear();
    }
+   _error->DumpErrors(std::cerr);
    close(client);
-   std::clog << "CLOSE client " << client << std::endl;
+   log << "CLOSE client " << client << std::endl;
    return NULL;
 }
 									/*}}}*/
@@ -705,8 +822,11 @@ static void * handleClient(void * voidclient)				/*{{{*/
 int main(int const argc, const char * argv[])
 {
    CommandLine::Args Args[] = {
-      {0, "port", "aptwebserver::port", CommandLine::HasArg},
+      {'p', "port", "aptwebserver::port", CommandLine::HasArg},
       {0, "request-absolute", "aptwebserver::request::absolute", CommandLine::HasArg},
+      {0, "authorization", "aptwebserver::authorization", CommandLine::HasArg},
+      {0, "proxy-authorization", "aptwebserver::proxy-authorization", CommandLine::HasArg},
+      {0, "logfiles", "aptwebserver::logfiles", CommandLine::HasArg},
       {'c',"config-file",0,CommandLine::ConfigFile},
       {'o',"option",0,CommandLine::ArbItem},
       {0,0,0,0}
@@ -733,7 +853,7 @@ int main(int const argc, const char * argv[])
       return 1;
    }
 
-   int const port = _config->FindI("aptwebserver::port", 8080);
+   int port = _config->FindI("aptwebserver::port", 8080);
 
    // ensure that we accept all connections: v4 or v6
    int const iponly = 0;
@@ -755,6 +875,26 @@ int main(int const argc, const char * argv[])
       return 2;
    }
 
+   if (port == 0)
+   {
+      struct sockaddr_in6 addr;
+      socklen_t addrlen = sizeof(sockaddr_in6);
+      if (getsockname(sock, (struct sockaddr*) &addr, &addrlen) != 0)
+	 _error->Errno("getsockname", "Could not get chosen port number");
+      else
+	 port = ntohs(addr.sin6_port);
+   }
+   std::string const portfilename = _config->Find("aptwebserver::portfile", "");
+   if (portfilename.empty() == false)
+   {
+      FileFd portfile(portfilename, FileFd::WriteOnly | FileFd::Create | FileFd::Empty);
+      std::string portcontent;
+      strprintf(portcontent, "%d", port);
+      portfile.Write(portcontent.c_str(), portcontent.size());
+      portfile.Sync();
+   }
+   _config->Set("aptwebserver::port::http", port);
+
    FileFd pidfile;
    if (_config->FindB("aptwebserver::fork", false) == true)
    {
@@ -780,6 +920,7 @@ int main(int const argc, const char * argv[])
 	 std::string pidcontent;
 	 strprintf(pidcontent, "%d", child);
 	 pidfile.Write(pidcontent.c_str(), pidcontent.size());
+	 pidfile.Sync();
 	 if (_error->PendingError() == true)
 	 {
 	    _error->DumpErrors(std::cerr);
@@ -792,7 +933,8 @@ int main(int const argc, const char * argv[])
 
    std::clog << "Serving ANY file on port: " << port << std::endl;
 
-   int const slaves = _config->FindB("aptwebserver::slaves", SOMAXCONN);
+   int const slaves = _config->FindI("aptwebserver::slaves", SOMAXCONN);
+   std::cerr << "SLAVES: " << slaves << std::endl;
    listen(sock, slaves);
    /*}}}*/
 
@@ -800,8 +942,7 @@ int main(int const argc, const char * argv[])
    _config->CndSet("aptwebserver::response-header::Accept-Ranges", "bytes");
    _config->CndSet("aptwebserver::directoryindex", "index.html");
 
-   std::list<int> accepted_clients;
-
+   size_t id = 0;
    while (true)
    {
       int client = accept(sock, NULL, NULL);
@@ -814,25 +955,8 @@ int main(int const argc, const char * argv[])
 	 return 6;
       }
 
-      pthread_attr_t attr;
-      if (pthread_attr_init(&attr) != 0 || pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED) != 0)
-      {
-	 _error->Errno("pthread_attr", "Couldn't set detach attribute for a fresh thread to handle client %d on socket %d", client, sock);
-	 _error->DumpErrors(std::cerr);
-	 close(client);
-	 continue;
-      }
-
-      pthread_t tid;
-      // thats rather dirty, but we need to store the client socket somewhere safe
-      accepted_clients.push_front(client);
-      if (pthread_create(&tid, &attr, &handleClient, &(*accepted_clients.begin())) != 0)
-      {
-	 _error->Errno("pthread_create", "Couldn't create a fresh thread to handle client %d on socket %d", client, sock);
-	 _error->DumpErrors(std::cerr);
-	 close(client);
-	 continue;
-      }
+      std::thread t(handleClient, client, ++id);
+      t.detach();
    }
    pidfile.Close();