status_t HModuleRoster::HandleRequest( RequestPB *pb ) { BEntry entry; BNode node; BNodeInfo info; char mimeType[128], vmimeType[128]; status_t status = B_OK; int32 parentCount = 0; BPath absPath, resourcePath( "/" ); resourcePath.Append( pb->brURI->path ); pb->resourcePath = &resourcePath; pb->mimeType = mimeType; // fix for "hostname//" request crash // wade majors <[email protected] - Mar-09-2001 if (resourcePath.Path() == NULL) { resourcePath.SetTo("null"); pb->resourcePath = &resourcePath; } // VResource *vres = NULL; // ***** // Look for "real" resource // ***** do { // Small optimization... if not done, the path normalizer will // be tickled when a resource does not exit if( (resourcePath.Path())[1] == 0 ) { status = B_ERROR; break; } absPath.SetTo( pb->webDirectory->Path(), resourcePath.Path()+1 ); if( (entry.SetTo( absPath.Path(), true ) == B_OK)&&(node.SetTo( &entry ) == B_OK) &&(info.SetTo( &node ) == B_OK) ) { const char *resMIME; // Cheap hack for directories without a MIME type if(info.GetType( mimeType ) != B_OK) strcpy( mimeType, "application/x-vnd.Be-directory" ); if( (resMIME = pb->vresources->MatchVRes( pb->brURI->path, true, &vres )) ) strcpy( vmimeType, resMIME ); else strcpy( vmimeType, mimeType ); break; } parentCount++; }while( (status = resourcePath.GetParent( &resourcePath )) == B_OK ); entry.Unset(); if( node.InitCheck() ) node.Unset(); // ***** // Look for Virtual Resource if no "real" resource was found. // ***** if( (status != B_OK)||((parentCount != 0)&&(strcmp(mimeType, "application/x-vnd.Be-directory") == 0)) ) { const char *resMIME; if( (resMIME = pb->vresources->MatchVRes( pb->brURI->path, false, &vres )) ) { strcpy( vmimeType, resMIME ); strcpy( mimeType, resMIME ); } else { HTTPResponse response; response.SetHTMLMessage( 404 ); // Not Found pb->request->SendReply( &response ); return B_ERROR; } } // ***** // Find handler module for resource // ***** HModule *module, *prefModule = NULL; int32 priority, highestPriority = 0; for( int32 i=0; (module = (HModule *)moduleList.ItemAt(i)); i++ ) { if( module->CanHandleResource( vmimeType, pb->request->GetMethod(), &priority )&& (priority > highestPriority) ) { highestPriority = priority; prefModule = module; } } // ***** // Setup PB // ***** pb->HandleRequest = HModuleRoster::HandleRequest; pb->Logprintf = log_printf; pb->moduleList = &moduleList; if( vres ) { pb->authenticate = vres->Authenticate(); pb->extras = &vres->extras; } else pb->extras = NULL; // ***** // Invoke Handler Module to handle the request // ***** if( highestPriority > 0 ) { status = prefModule->HandleRequest( pb ); return status; } else // No handler found... send error { HTTPResponse response; response.SetHTMLMessage( 501 ); // Not Implemented pb->request->SendReply( &response ); return B_ERROR; } return B_OK; }
bool RHServer::MessageReceived( HTTPRequest *request ) { if (strlen(request->GetRequestLine()) > 4047) { log_printf( "%ld ABUSE: Client may be attempting to perform overflow exploit, terminating connection\n", sn ); HTTPResponse response; response.SetHTMLMessage( 501 ); // Not Implemented request->SendReply( &response ); return true; } // **** // Make log entry of request and headers // **** //printf ("request: %s\n", request->GetRequestLine()); log_printf( "%ld Request-Line: %s\n", sn, request->GetRequestLine() ); const char *header; for ( int32 i = 0; (header = request->HeaderAt(i)); i++ ) log_printf( "%ld Header: %s\n", sn, header ); // **** // Setup URI // **** // Setup the broken URI brokenURI brURI; request->ParseURI( &brURI ); int32 slength = uri_unescape_str( brURI.path, brURI.path, 4096 ); // **** // Set Web Directory based on the "host" name from "virtual hosts" table. // **** VHost *vhost; BPath webDirectory; const char *webIndex; // Get host_name // If hostName was not found in URI, set to Host header or default if none if( brURI.host[0] == 0 ) { if( !request->FindHeader( kHEAD_HOST, brURI.host, 64 ) ) strcpy( brURI.host, kDEFAULT_HOST ); // Set to default host } // Find Host in virtual hosts table if( (vhost = virtualHosts->FindVHost( brURI.host )) == NULL ) { if( (vhost = virtualHosts->FindVHost( kDEFAULT_HOST )) == NULL ) { // Could not find a default web directory HTTPResponse response; response.SetHTMLMessage( 500, "500 No default web directory!" ); // Internal Server Error request->SendReply( &response ); return false; } } webDirectory.SetTo( vhost->GetWebroot() ); webIndex = ( vhost->GetIndex() ); // this is by default "index.html" if not present in virtual hosts table // **** // Append index to URI and check for security violations // **** // Append index (default file name) from virtual hosts table if not present in path if( ((brURI.path[0] == 0)||(brURI.path[slength-1] == '/'))&&(slength+11<4096) ) strcat( brURI.path, webIndex ); // Have they attempted a security violation? if( strstr( brURI.path, ".." )||strstr( brURI.path, "./" ) ) { HTTPResponse response; response.SetHTMLMessage( 403 ); // Forbidden request->SendReply( &response ); return true; } // **** // Setup PB // **** RequestPB pb; pb.request = request; pb.webDirectory = &webDirectory; pb.vresources = &vhost->vresources; pb.realms = &vhost->realms; pb.brURI = &brURI; pb.environ = environ; pb.authenticate = true; pb.sn = sn; pb.cookie = NULL; // **** // Call hmodule_roster::HandleRequest() to process the request // **** hmodule_roster->HandleRequest( &pb ); return !pb.closeConnection; }
status_t handle_request( RequestPB *pb ) { HTTPResponse response; pb->closeConnection = false; const char *sPtr; // General purpose string pointer // Temporary buffers int32 fieldSize = 1024; char fieldValue[1024]; char headBuffer[1024]; int32 contentLength = 0; // **** // Get PATH_INFO and SCRIPT_NAME from path; Setup absPath of CGI // **** char PATH_INFO[1024]; char SCRIPT_NAME[256]; // Get SCRIPT_NAME strxcpy( SCRIPT_NAME, pb->resourcePath->Path(), 255 ); strxcpy( PATH_INFO, pb->brURI->path+strlen( pb->resourcePath->Path()+1 ), 1023 ); // Make absolute CGI path from web-directory and requested path BPath absPath( pb->webDirectory->Path(), pb->resourcePath->Path()+1 ); // **** // Make sure CGI exists and Check Permission // **** if( pb->authenticate && !pb->realms->Authenticate( pb->request, &response, pb->brURI->path, absPath.Path(), S_IXOTH ) ) { pb->Logprintf( "%ld Status-Line: %s\n", pb->sn, response.GetStatusLine() ); return B_OK; } // **** // Setup meta-variables in new environment // **** char params[2048]; // Should we use the CGI script command line? // This should be done on a GET or HEAD where the URL query string // does not contain any unencoded '=' characters. if( *pb->brURI->query && ((pb->request->GetMethod() == METHOD_GET)||(pb->request->GetMethod() == METHOD_HEAD))&& !strchr( pb->brURI->query, '=' ) ) { uri_unescape_str( params, pb->brURI->query, 2048 ); } else uri_unescape_str( params, pb->brURI->params, 2048 ); // Environment to be used by the CGI Environment env( pb->environ ); // AUTH_TYPE if( pb->request->FindHeader( kHEAD_AUTHORIZATION, fieldValue, fieldSize ) ) { sPtr = fieldValue; sPtr = get_next_token( headBuffer, sPtr, fieldSize ); env.PutEnv( "AUTH_TYPE", headBuffer ); if( strcasecmp( headBuffer, "Basic" ) == 0 ) { // REMOTE_USER sPtr = get_next_token( headBuffer, sPtr, fieldSize ); decode_base64( headBuffer, headBuffer, fieldSize ); sPtr = get_next_token( fieldValue, headBuffer, fieldSize, ":" ); env.PutEnv( "REMOTE_USER", fieldValue ); } } // CONTENT_LENGTH if( pb->request->FindHeader( kHEAD_LENGTH, fieldValue, fieldSize ) ) env.PutEnv( "CONTENT_LENGTH", fieldValue ); // CONTENT_TYPE if( pb->request->FindHeader( kHEAD_TYPE, fieldValue, fieldSize ) ) env.PutEnv( "CONTENT_TYPE", fieldValue ); // GATEWAY_INTERFACE env.PutEnv( "GATEWAY_INTERFACE", "CGI/1.1" ); // HTTP_* for( int i=0; (sPtr = pb->request->HeaderAt( i )); i++ ) { sPtr = get_next_token( fieldValue, sPtr, fieldSize, ":" ); sprintf( headBuffer, "HTTP_%s", http_to_cgi_header( fieldValue ) ); sPtr = get_next_token( fieldValue, sPtr, fieldSize, ":" ); env.PutEnv( headBuffer, fieldValue ); } // PATH_INFO env.PutEnv( "PATH_INFO", PATH_INFO ); // PATH_TRANSLATED if( *PATH_INFO ) { BPath pathTrans( pb->webDirectory->Path(), PATH_INFO+1 ); if( pathTrans.Path() ) env.PutEnv( "PATH_TRANSLATED", pathTrans.Path() ); } // QUERY_STRING env.PutEnv( "QUERY_STRING", pb->brURI->query ); // REMOTE_ADDR env.PutEnv( "REMOTE_ADDR", pb->request->GetRemoteHost() ); // REMOTE_HOST // Ya, right... like were going to waste valuable time with a DNS lookup! env.PutEnv( "REMOTE_HOST", "" ); // REMOTE_IDENT // Ha! Perform an Ident lookup... I don't think so. // REQUEST_METHOD env.PutEnv( "REQUEST_METHOD", http_find_method( pb->request->GetMethod() ) ); // SCRIPT_NAME env.PutEnv( "SCRIPT_NAME", SCRIPT_NAME ); // SERVER_NAME env.PutEnv( "SERVER_NAME", pb->brURI->host ); // SERVER_PORT sprintf( fieldValue, "%u", pb->request->GetPort() ); env.PutEnv( "SERVER_PORT", fieldValue ); // SERVER_PROTOCOL env.PutEnv( "SERVER_PROTOCOL", pb->request->GetVersion() ); // SERVER_SOFTWARE env.PutEnv( "SERVER_SOFTWARE", "RobinHood" ); // PWD BPath PWD( absPath ); PWD.GetParent( &PWD ); env.PutEnv( "PWD", PWD.Path() ); // **** // Create pipes // **** pid_t pid; int ipipe[2], opipe[2]; if( pipe(ipipe) < 0 ) { response.SetHTMLMessage( 500, "Pipe creation failed!" ); pb->request->SendReply( &response ); return B_OK; } if( pipe(opipe) < 0 ) { close( ipipe[0] ); close( ipipe[1] ); response.SetHTMLMessage( 500, "Pipe creation failed!" ); pb->request->SendReply( &response ); return B_OK; } // **** // Setup args for execve() // **** // Setup command string; copy CGI path and append params char command[4096]; sPtr = strxcpy( command, absPath.Path(), 4095 ); // Disabled because of security risk /* if( *params && !strpbrk( params, ";&" ) ) { sPtr = strxcpy( (char *)sPtr, " ", command+4095-sPtr ); strxcpy( (char *)sPtr, params, command+4095-sPtr ); // Append params }*/ char *args[4]; args[0] = "/bin/sh"; args[1] = "-c"; args[2] = command; args[3] = NULL; pb->Logprintf( "%ld Exec: %s\n", pb->sn, command ); // **** // Start sub-process using fork() dup2() and exec() // **** pid = fork(); if( pid == (pid_t)0 ) // If we are the child process... { // Make this process the process group leader setpgid( 0, 0 ); fflush(stdout); // sync stdout... // Set pipes to stdin and stdout if( dup2( opipe[0], STDIN_FILENO ) < 0 ) exit( 0 ); if( dup2( ipipe[1], STDOUT_FILENO ) < 0 ) exit( 0 ); // Close unused ends of pipes close( opipe[1] ); close( ipipe[0] ); // Set Current Working Directory to that of script chdir( PWD.Path() ); // Execute CGI in this process by means of /bin/sh execve( args[0], args, env.GetEnvironment() ); exit( 0 ); // If for some reason execve() fails... } else if( pid < (pid_t)0 ) // Something Bad happened! { close( opipe[0] ); close( opipe[1] ); close( ipipe[0] ); close( ipipe[1] ); response.SetHTMLMessage( 500, "Fork failed!" ); pb->request->SendReply( &response ); return true; } // Close unused ends of pipes close( opipe[0] ); close( ipipe[1] ); // **** // Talk to CGI // **** bool persistant = true; // Defined to make code easier to read int inDes = ipipe[0]; // input file descripter int outDes = opipe[1]; // output file descripter // Make a BDataIO wrapper for the in and out pipes DesIO pipeIO( inDes, outDes ); // If the request contains a content body, feed it into stdin of the CGI script if( pb->request->GetContentLength() > 0 ) pb->request->SendBody( &pipeIO ); // Buffer the response body for better performance response.SetBodyBuffering( true ); // Read first line to detect use of Non-Parsed Header Output io_getline( &pipeIO, headBuffer, fieldSize ); // Strip the '\r' character if there is one int32 size; size = strlen( headBuffer )-1; if( headBuffer[size] == '\r' ) headBuffer[size] = 0; // Is NPH Output? if( strncmp( "HTTP/", headBuffer, 5 ) == 0 ) { DataIOPump ioPump; BufferedIO bufio( pb->request->GetReplyIO() ); bufio.DoAllocate(); io_printf( &bufio, "%s\r\n", headBuffer ); ioPump.StartPump( &pipeIO, &bufio, contentLength ); bufio.Flush(); persistant = false; } else // using Parsed Header Output { // Add Date header time_t now; struct tm *brokentime; now = time( NULL ); brTimeLock.Lock(); brokentime = gmtime( &now ); strftime (fieldValue, 256, kHTTP_DATE, brokentime); brTimeLock.Unlock(); response.AddHeader( kHEAD_DATE, fieldValue ); // Add line used to detect NPH as CGI header response.AddHeader( headBuffer ); // Receive the CGI headers response.ReceiveHeaders( &pipeIO ); // If Location header, don't expect any more headers if( (sPtr = response.FindHeader( "Location", fieldValue, fieldSize )) ) { response.SetStatusLine( 302 ); // 302 Moved Temporarily } else { if( (sPtr = response.FindHeader( "Status", fieldValue, fieldSize )) ) { response.RemoveHeader( (char *)sPtr ); // Don't forward to client response.SetStatusLine( fieldValue ); } else response.SetStatusLine( 200 ); } // Don't cache the response if( !response.FindHeader( "Cache-Control", fieldValue, fieldSize ) ) response.AddHeader( "Cache-Control: no-cache" ); if( !response.FindHeader( "Pragma", fieldValue, fieldSize ) ) response.AddHeader( "Pragma: no-cache" ); // Content-Length header? int32 contentLength = 0; if( (sPtr = response.FindHeader( kHEAD_LENGTH, fieldValue, fieldSize )) ) { contentLength = strtol( fieldValue, (char **)&headBuffer, 10 ); response.SetContentLength( contentLength ); } else // No content-length provided; close connection on return { response.AddHeader( "Connection: close" ); persistant = false; } pb->Logprintf( "%ld Status-Line: %s\n", pb->sn, response.GetStatusLine() ); if( pb->request->GetMethod() != METHOD_HEAD ) response.SetMessageBody( &pipeIO ); pb->request->SendReply( &response ); } // Close remaining ends of pipes close( ipipe[0] ); close( opipe[1] ); pb->closeConnection = !persistant; return B_OK; }