static int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) {
const char *servername;
connection *con = (connection *) SSL_get_app_data(ssl);
UNUSED(al);
buffer_copy_string(con->uri.scheme, "https");
if (NULL == (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
#if 0
/* this "error" just means the client didn't support it */
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
"failed to get TLS server name");
#endif
return SSL_TLSEXT_ERR_NOACK;
}
buffer_copy_string(con->tlsext_server_name, servername);
buffer_to_lower(con->tlsext_server_name);
/* Sometimes this is still set, confusing COMP_HTTP_HOST */
buffer_reset(con->uri.authority);
config_cond_cache_reset(srv, con);
config_setup_connection(srv, con);
config_patch_connection(srv, con, COMP_SERVER_SOCKET);
config_patch_connection(srv, con, COMP_HTTP_SCHEME);
config_patch_connection(srv, con, COMP_HTTP_HOST);
if (NULL == con->conf.ssl_ctx) {
/* ssl_ctx <=> pemfile was set <=> ssl_ctx got patched: so this should never happen */
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
"null SSL_CTX for TLS server name", con->tlsext_server_name);
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
/* switch to new SSL_CTX in reaction to a client's server_name extension */
if (con->conf.ssl_ctx != SSL_set_SSL_CTX(ssl, con->conf.ssl_ctx)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
"failed to set SSL_CTX for TLS server name", con->tlsext_server_name);
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
return SSL_TLSEXT_ERR_OK;
}
handler_t http_response_prepare(server *srv, connection *con) {
handler_t r;
Cdbg(DBE, "enter http_response_prepare..mode=[%d], status=[%d][%s]", con->mode, con->http_status, connection_get_state(con->http_status));
/* looks like someone has already done a decision */
if ( (con->mode == DIRECT || con->mode == SMB_BASIC || con->mode == SMB_NTLM) &&
(con->http_status != 0 && con->http_status != 200)) {
/* remove a packets in the queue */
if (con->file_finished == 0) {
chunkqueue_reset(con->write_queue);
}
return HANDLER_FINISHED;
}
/* no decision yet, build conf->filename */
if ( (con->mode == DIRECT || con->mode == SMB_BASIC || con->mode == SMB_NTLM) && con->physical.path->used == 0) {
char *qstr;
/* we only come here when we have the parse the full request again
*
* a HANDLER_COMEBACK from mod_rewrite and mod_fastcgi might be a
* problem here as mod_setenv might get called multiple times
*
* fastcgi-auth might lead to a COMEBACK too
* fastcgi again dead server too
*
* mod_compress might add headers twice too
*
* */
config_cond_cache_reset(srv, con);
config_setup_connection(srv, con); /* Perhaps this could be removed at other places. */
if (con->conf.log_condition_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "run condition");
}
config_patch_connection(srv, con, COMP_SERVER_SOCKET); /* SERVERsocket */
/**
* prepare strings
*
* - uri.path_raw
* - uri.path (secure)
* - uri.query
*
*/
/**
* Name according to RFC 2396
*
* - scheme
* - authority
* - path
* - query
*
* (scheme)://(authority)(path)?(query)#fragment
*
*
*/
if (con->conf.is_ssl) {
buffer_copy_string_len(con->uri.scheme, CONST_STR_LEN("https"));
} else {
buffer_copy_string_len(con->uri.scheme, CONST_STR_LEN("http"));
}
buffer_copy_string_buffer(con->uri.authority, con->request.http_host);
buffer_to_lower(con->uri.authority);
config_patch_connection(srv, con, COMP_HTTP_SCHEME); /* Scheme: */
config_patch_connection(srv, con, COMP_HTTP_HOST); /* Host: */
config_patch_connection(srv, con, COMP_HTTP_REMOTE_IP); /* Client-IP */
config_patch_connection(srv, con, COMP_HTTP_REFERER); /* Referer: */
config_patch_connection(srv, con, COMP_HTTP_USER_AGENT);/* User-Agent: */
config_patch_connection(srv, con, COMP_HTTP_LANGUAGE); /* Accept-Language: */
config_patch_connection(srv, con, COMP_HTTP_COOKIE); /* Cookie: */
config_patch_connection(srv, con, COMP_HTTP_REQUEST_METHOD); /* REQUEST_METHOD */
/** their might be a fragment which has to be cut away */
if (NULL != (qstr = strchr(con->request.uri->ptr, '#'))) {
con->request.uri->used = qstr - con->request.uri->ptr;
con->request.uri->ptr[con->request.uri->used++] = '\0';
}
/** extract query string from request.uri */
if (NULL != (qstr = strchr(con->request.uri->ptr, '?'))) {
buffer_copy_string(con->uri.query, qstr + 1);
buffer_copy_string_len(con->uri.path_raw, con->request.uri->ptr, qstr - con->request.uri->ptr);
} else {
buffer_reset(con->uri.query);
buffer_copy_string_buffer(con->uri.path_raw, con->request.uri);
}
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- splitting Request-URI");
log_error_write(srv, __FILE__, __LINE__, "sb", "Request-URI : ", con->request.uri);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-scheme : ", con->uri.scheme);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-authority: ", con->uri.authority);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path_raw);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-query : ", con->uri.query);
}
/**
*
* call plugins
*
* - based on the raw URL
*
*/
switch(r = plugins_call_handle_uri_raw(srv, con)) {
case HANDLER_GO_ON:
break;
case HANDLER_FINISHED:
case HANDLER_COMEBACK:
case HANDLER_WAIT_FOR_EVENT:
case HANDLER_ERROR:
return r;
default:
log_error_write(srv, __FILE__, __LINE__, "sd", "handle_uri_raw: unknown return value", r);
break;
}
/* build filename
*
* - decode url-encodings (e.g. %20 -> ' ')
* - remove path-modifiers (e.g. /../)
*/
if (con->request.http_method == HTTP_METHOD_OPTIONS &&
con->uri.path_raw->ptr[0] == '*' && con->uri.path_raw->ptr[1] == '\0') {
/* OPTIONS * ... */
buffer_copy_string_buffer(con->uri.path, con->uri.path_raw);
} else {
buffer_copy_string_buffer(srv->tmp_buf, con->uri.path_raw);
buffer_urldecode_path(srv->tmp_buf);
buffer_path_simplify(con->uri.path, srv->tmp_buf);
}
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- sanatising URI");
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-path : ", con->uri.path);
}
#ifdef USE_OPENSSL
if (con->conf.is_ssl && con->conf.ssl_verifyclient) {
https_add_ssl_entries(con);
}
#endif
/**
*
* call plugins
*
* - based on the clean URL
*
*/
config_patch_connection(srv, con, COMP_HTTP_URL); /* HTTPurl */
config_patch_connection(srv, con, COMP_HTTP_QUERY_STRING); /* HTTPqs */
/* do we have to downgrade to 1.0 ? */
if (!con->conf.allow_http11) {
con->request.http_version = HTTP_VERSION_1_0;
}
switch(r = plugins_call_handle_uri_clean(srv, con)) {
case HANDLER_GO_ON:
break;
case HANDLER_FINISHED:
case HANDLER_COMEBACK:
case HANDLER_WAIT_FOR_EVENT:
case HANDLER_ERROR:
return r;
default:
log_error_write(srv, __FILE__, __LINE__, "");
break;
}
if (con->request.http_method == HTTP_METHOD_OPTIONS &&
con->uri.path->ptr[0] == '*' && con->uri.path_raw->ptr[1] == '\0') {
/* option requests are handled directly without checking of the path */
response_header_insert(srv, con, CONST_STR_LEN("Allow"), CONST_STR_LEN("OPTIONS, GET, HEAD, POST"));
con->http_status = 200;
con->file_finished = 1;
return HANDLER_FINISHED;
}
/***
*
* border
*
* logical filename (URI) becomes a physical filename here
*
*
*
*/
/* 1. stat()
* ... ISREG() -> ok, go on
* ... ISDIR() -> index-file -> redirect
*
* 2. pathinfo()
* ... ISREG()
*
* 3. -> 404
*
*/
/*
* SEARCH DOCUMENT ROOT
*/
/* set a default */
buffer_copy_string_buffer(con->physical.doc_root, con->conf.document_root);
buffer_copy_string_buffer(con->physical.rel_path, con->uri.path);
#if defined(__WIN32) || defined(__CYGWIN__)
/* strip dots from the end and spaces
*
* windows/dos handle those filenames as the same file
*
* foo == foo. == foo..... == "foo... " == "foo.. ./"
*
* This will affect in some cases PATHINFO
*
* on native windows we could prepend the filename with \\?\ to circumvent
* this behaviour. I have no idea how to push this through cygwin
*
* */
if (con->physical.rel_path->used > 1) {
buffer *b = con->physical.rel_path;
size_t i;
if (b->used > 2 &&
b->ptr[b->used-2] == '/' &&
(b->ptr[b->used-3] == ' ' ||
b->ptr[b->used-3] == '.')) {
b->ptr[b->used--] = '\0';
}
for (i = b->used - 2; b->used > 1; i--) {
if (b->ptr[i] == ' ' ||
b->ptr[i] == '.') {
b->ptr[b->used--] = '\0';
} else {
break;
}
}
}
#endif
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- before doc_root");
log_error_write(srv, __FILE__, __LINE__, "sb", "Doc-Root :", con->physical.doc_root);
log_error_write(srv, __FILE__, __LINE__, "sb", "Rel-Path :", con->physical.rel_path);
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
/* the docroot plugin should set the doc_root and might also set the physical.path
* for us (all vhost-plugins are supposed to set the doc_root)
* */
switch(r = plugins_call_handle_docroot(srv, con)) {
case HANDLER_GO_ON:
break;
case HANDLER_FINISHED:
case HANDLER_COMEBACK:
case HANDLER_WAIT_FOR_EVENT:
case HANDLER_ERROR:
return r;
default:
log_error_write(srv, __FILE__, __LINE__, "");
break;
}
/* MacOS X and Windows can't distiguish between upper and lower-case
*
* convert to lower-case
*/
if (con->conf.force_lowercase_filenames) {
buffer_to_lower(con->physical.rel_path);
}
/* the docroot plugins might set the servername, if they don't we take http-host */
if (buffer_is_empty(con->server_name)) {
buffer_copy_string_buffer(con->server_name, con->uri.authority);
}
/**
* create physical filename
* -> physical.path = docroot + rel_path
*
*/
buffer_copy_string_buffer(con->physical.path, con->physical.doc_root);
BUFFER_APPEND_SLASH(con->physical.path);
buffer_copy_string_buffer(con->physical.basedir, con->physical.path);
if (con->physical.rel_path->used &&
con->physical.rel_path->ptr[0] == '/') {
buffer_append_string_len(con->physical.path, con->physical.rel_path->ptr + 1, con->physical.rel_path->used - 2);
//buffer_append_string_encoded(con->physical.path, con->physical.rel_path->ptr + 1, con->physical.rel_path->used - 2, ENCODING_REL_URI);
//Cdbg(1,"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa %s", con->physical.path->ptr);
} else {
buffer_append_string_buffer(con->physical.path, con->physical.rel_path);
}
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- after doc_root");
log_error_write(srv, __FILE__, __LINE__, "sb", "Doc-Root :", con->physical.doc_root);
log_error_write(srv, __FILE__, __LINE__, "sb", "Rel-Path :", con->physical.rel_path);
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
switch(r = plugins_call_handle_physical(srv, con)) {
case HANDLER_GO_ON:
break;
case HANDLER_FINISHED:
case HANDLER_COMEBACK:
case HANDLER_WAIT_FOR_EVENT:
case HANDLER_ERROR:
return r;
default:
log_error_write(srv, __FILE__, __LINE__, "");
break;
}
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- logical -> physical");
log_error_write(srv, __FILE__, __LINE__, "sb", "Doc-Root :", con->physical.doc_root);
log_error_write(srv, __FILE__, __LINE__, "sb", "Rel-Path :", con->physical.rel_path);
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
}
/*
* Noone catched away the file from normal path of execution yet (like mod_access)
*
* Go on and check of the file exists at all
*/
if (con->mode == DIRECT || con->mode == SMB_BASIC || con->mode == SMB_NTLM) {
char *slash = NULL;
char *pathinfo = NULL;
int found = 0;
stat_cache_entry *sce = NULL;
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- handling physical path");
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
if ( HANDLER_ERROR != stat_cache_get_entry(srv, con, smbc_wrapper_physical_url_path(srv, con), &sce)) {
/* file exists */
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- file found");
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
#ifdef HAVE_LSTAT
if ((sce->is_symlink != 0) && !con->conf.follow_symlink) {
con->http_status = 403;
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- access denied due symlink restriction");
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
buffer_reset(con->physical.path);
return HANDLER_FINISHED;
};
#endif
if (S_ISDIR(sce->st.st_mode)) {
if (con->uri.path->ptr[con->uri.path->used - 2] != '/') {
/* redirect to .../ */
http_response_redirect_to_directory(srv, con);
return HANDLER_FINISHED;
}
#ifdef HAVE_LSTAT
} else if (!S_ISREG(sce->st.st_mode) && !sce->is_symlink) {
#else
} else if (!S_ISREG(sce->st.st_mode)) {
#endif
/* any special handling of non-reg files ?*/
}
}
else {
switch (errno) {
case EACCES:
con->http_status = 403;
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- access denied");
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
buffer_reset(con->physical.path);
return HANDLER_FINISHED;
case ENOENT:
con->http_status = 404;
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- file not found");
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
buffer_reset(con->physical.path);
return HANDLER_FINISHED;
case ENOTDIR:
/* PATH_INFO ! :) */
break;
default:
/* we have no idea what happend. let's tell the user so. */
con->http_status = 500;
buffer_reset(con->physical.path);
log_error_write(srv, __FILE__, __LINE__, "ssbsb",
"file not found ... or so: ", strerror(errno),
con->uri.path,
"->", con->physical.path);
return HANDLER_FINISHED;
}
/* not found, perhaps PATHINFO */
buffer_copy_string_buffer(srv->tmp_buf, con->physical.path);
do {
if (slash) {
buffer_copy_string_len(con->physical.path, srv->tmp_buf->ptr, slash - srv->tmp_buf->ptr);
} else {
buffer_copy_string_buffer(con->physical.path, srv->tmp_buf);
}
if (HANDLER_ERROR != stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
found = S_ISREG(sce->st.st_mode);
break;
}
if (pathinfo != NULL) {
*pathinfo = '\0';
}
slash = strrchr(srv->tmp_buf->ptr, '/');
if (pathinfo != NULL) {
/* restore '/' */
*pathinfo = '/';
}
if (slash) pathinfo = slash;
} while ((found == 0) && (slash != NULL) && ((size_t)(slash - srv->tmp_buf->ptr) > (con->physical.basedir->used - 2)));
if (found == 0) {
/* no it really doesn't exists */
con->http_status = 404;
if (con->conf.log_file_not_found) {
log_error_write(srv, __FILE__, __LINE__, "sbsb",
"file not found:", con->uri.path,
"->", con->physical.path);
}
buffer_reset(con->physical.path);
return HANDLER_FINISHED;
}
#ifdef HAVE_LSTAT
if ((sce->is_symlink != 0) && !con->conf.follow_symlink) {
con->http_status = 403;
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- access denied due symlink restriction");
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
buffer_reset(con->physical.path);
return HANDLER_FINISHED;
};
#endif
/* we have a PATHINFO */
if (pathinfo) {
buffer_copy_string(con->request.pathinfo, pathinfo);
/*
* shorten uri.path
*/
con->uri.path->used -= strlen(pathinfo);
con->uri.path->ptr[con->uri.path->used - 1] = '\0';
}
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- after pathinfo check");
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
log_error_write(srv, __FILE__, __LINE__, "sb", "URI :", con->uri.path);
log_error_write(srv, __FILE__, __LINE__, "sb", "Pathinfo :", con->request.pathinfo);
}
}
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- handling subrequest");
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
/* call the handlers */
switch(r = plugins_call_handle_subrequest_start(srv, con)) {
case HANDLER_GO_ON:
/* request was not handled */
break;
case HANDLER_FINISHED:
default:
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- subrequest finished");
}
/* something strange happend */
return r;
}
/* if we are still here, no one wanted the file, status 403 is ok I think */
if ((con->mode == DIRECT || con->mode == SMB_BASIC || con->mode == SMB_NTLM) && con->http_status == 0) {
switch (con->request.http_method) {
case HTTP_METHOD_OPTIONS:
con->http_status = 200;
break;
default:
con->http_status = 403;
}
return HANDLER_FINISHED;
}
}
switch(r = plugins_call_handle_subrequest(srv, con)) {
case HANDLER_GO_ON:
/* request was not handled, looks like we are done */
return HANDLER_FINISHED;
case HANDLER_FINISHED:
/* request is finished */
default:
/* something strange happend */
return r;
}
/* can't happen */
return HANDLER_COMEBACK;
}
static int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) {
const char *servername;
connection *con = (connection *) SSL_get_app_data(ssl);
UNUSED(al);
buffer_copy_string(con->uri.scheme, "https");
if (NULL == (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
#if 0
/* this "error" just means the client didn't support it */
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
"failed to get TLS server name");
#endif
return SSL_TLSEXT_ERR_NOACK;
}
buffer_copy_string(con->tlsext_server_name, servername);
buffer_to_lower(con->tlsext_server_name);
/* Sometimes this is still set, confusing COMP_HTTP_HOST */
buffer_reset(con->uri.authority);
config_cond_cache_reset(srv, con);
config_setup_connection(srv, con);
con->conditional_is_valid[COMP_SERVER_SOCKET] = 1;
con->conditional_is_valid[COMP_HTTP_SCHEME] = 1;
con->conditional_is_valid[COMP_HTTP_HOST] = 1;
config_patch_connection(srv, con);
if (NULL == con->conf.ssl_pemfile_x509 || NULL == con->conf.ssl_pemfile_pkey) {
/* x509/pkey available <=> pemfile was set <=> pemfile got patched: so this should never happen, unless you nest $SERVER["socket"] */
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
"no certificate/private key for TLS server name", con->tlsext_server_name);
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
/* first set certificate! setting private key checks whether certificate matches it */
if (!SSL_use_certificate(ssl, con->conf.ssl_pemfile_x509)) {
log_error_write(srv, __FILE__, __LINE__, "ssb:s", "SSL:",
"failed to set certificate for TLS server name", con->tlsext_server_name,
ERR_error_string(ERR_get_error(), NULL));
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
if (!SSL_use_PrivateKey(ssl, con->conf.ssl_pemfile_pkey)) {
log_error_write(srv, __FILE__, __LINE__, "ssb:s", "SSL:",
"failed to set private key for TLS server name", con->tlsext_server_name,
ERR_error_string(ERR_get_error(), NULL));
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
if (con->conf.ssl_verifyclient) {
if (NULL == con->conf.ssl_ca_file_cert_names) {
log_error_write(srv, __FILE__, __LINE__, "ssb:s", "SSL:",
"can't verify client without ssl.ca-file for TLS server name", con->tlsext_server_name,
ERR_error_string(ERR_get_error(), NULL));
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
SSL_set_client_CA_list(ssl, SSL_dup_CA_list(con->conf.ssl_ca_file_cert_names));
/* forcing verification here is really not that useful - a client could just connect without SNI */
SSL_set_verify(
ssl,
SSL_VERIFY_PEER | (con->conf.ssl_verifyclient_enforce ? SSL_VERIFY_FAIL_IF_NO_PEER_CERT : 0),
NULL
);
SSL_set_verify_depth(ssl, con->conf.ssl_verifyclient_depth);
} else {
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
}
return SSL_TLSEXT_ERR_OK;
}
int connection_reset(server *srv, connection *con) {
plugins_call_connection_reset(srv, con);
connection_response_reset(srv, con);
con->is_readable = 1;
con->bytes_written = 0;
con->bytes_written_cur_second = 0;
con->bytes_read = 0;
con->bytes_header = 0;
con->loops_per_request = 0;
con->request.http_method = HTTP_METHOD_UNSET;
con->request.http_version = HTTP_VERSION_UNSET;
con->request.http_if_modified_since = NULL;
con->request.http_if_none_match = NULL;
#define CLEAN(x) \
if (con->x) buffer_reset(con->x);
CLEAN(request.uri);
CLEAN(request.request_line);
CLEAN(request.pathinfo);
CLEAN(request.request);
/* CLEAN(request.orig_uri); */
CLEAN(uri.scheme);
/* CLEAN(uri.authority); */
/* CLEAN(uri.path); */
CLEAN(uri.path_raw);
/* CLEAN(uri.query); */
CLEAN(parse_request);
CLEAN(server_name);
#if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT
CLEAN(tlsext_server_name);
#endif
#undef CLEAN
#define CLEAN(x) \
if (con->x) con->x->used = 0;
#undef CLEAN
#define CLEAN(x) \
con->request.x = NULL;
CLEAN(http_host);
CLEAN(http_range);
CLEAN(http_content_type);
#undef CLEAN
con->request.content_length = 0;
con->request.te_chunked = 0;
array_reset(con->request.headers);
array_reset(con->environment);
chunkqueue_reset(con->request_content_queue);
/* The cond_cache gets reset in response.c */
/* config_cond_cache_reset(srv, con); */
con->header_len = 0;
con->error_handler_saved_status = 0;
/*con->error_handler_saved_method = HTTP_METHOD_UNSET;*/
/*(error_handler_saved_method value is not valid unless error_handler_saved_status is set)*/
config_setup_connection(srv, con);
return 0;
}
connection *connection_init(server *srv) {
connection *con;
UNUSED(srv);
con = calloc(1, sizeof(*con));
force_assert(NULL != con);
con->fd = 0;
con->ndx = -1;
con->fde_ndx = -1;
con->bytes_written = 0;
con->bytes_read = 0;
con->bytes_header = 0;
con->loops_per_request = 0;
#define CLEAN(x) \
con->x = buffer_init();
CLEAN(request.uri);
CLEAN(request.request_line);
CLEAN(request.request);
CLEAN(request.pathinfo);
CLEAN(request.orig_uri);
CLEAN(uri.scheme);
CLEAN(uri.authority);
CLEAN(uri.path);
CLEAN(uri.path_raw);
CLEAN(uri.query);
CLEAN(physical.doc_root);
CLEAN(physical.path);
CLEAN(physical.basedir);
CLEAN(physical.rel_path);
CLEAN(physical.etag);
CLEAN(parse_request);
CLEAN(server_name);
CLEAN(dst_addr_buf);
#if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT
CLEAN(tlsext_server_name);
#endif
#undef CLEAN
con->write_queue = chunkqueue_init();
con->read_queue = chunkqueue_init();
con->request_content_queue = chunkqueue_init();
con->request.headers = array_init();
con->response.headers = array_init();
con->environment = array_init();
/* init plugin specific connection structures */
con->plugin_ctx = calloc(1, (srv->plugins.used + 1) * sizeof(void *));
force_assert(NULL != con->plugin_ctx);
con->cond_cache = calloc(srv->config_context->used, sizeof(cond_cache_t));
force_assert(NULL != con->cond_cache);
config_setup_connection(srv, con);
return con;
}
int connection_reset(server *srv, connection *con) {
size_t i;
plugins_call_connection_reset(srv, con);
con->is_readable = 1;
con->is_writable = 1;
con->http_status = 0;
con->file_finished = 0;
con->file_started = 0;
con->got_response = 0;
con->parsed_response = 0;
con->bytes_written = 0;
con->bytes_written_cur_second = 0;
con->bytes_read = 0;
con->bytes_header = 0;
con->loops_per_request = 0;
con->request.http_method = HTTP_METHOD_UNSET;
con->request.http_version = HTTP_VERSION_UNSET;
con->request.http_if_modified_since = NULL;
con->request.http_if_none_match = NULL;
con->response.keep_alive = 0;
con->response.content_length = -1;
con->response.transfer_encoding = 0;
con->mode = DIRECT;
#define CLEAN(x) \
if (con->x) buffer_reset(con->x);
CLEAN(request.uri);
CLEAN(request.request_line);
CLEAN(request.pathinfo);
CLEAN(request.request);
/* CLEAN(request.orig_uri); */
CLEAN(uri.scheme);
/* CLEAN(uri.authority); */
/* CLEAN(uri.path); */
CLEAN(uri.path_raw);
/* CLEAN(uri.query); */
CLEAN(physical.doc_root);
CLEAN(physical.path);
CLEAN(physical.basedir);
CLEAN(physical.rel_path);
CLEAN(physical.etag);
CLEAN(parse_request);
CLEAN(server_name);
CLEAN(error_handler);
#if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT
CLEAN(tlsext_server_name);
#endif
#undef CLEAN
#define CLEAN(x) \
if (con->x) con->x->used = 0;
#undef CLEAN
#define CLEAN(x) \
con->request.x = NULL;
CLEAN(http_host);
CLEAN(http_range);
CLEAN(http_content_type);
#undef CLEAN
con->request.content_length = 0;
array_reset(con->request.headers);
array_reset(con->response.headers);
array_reset(con->environment);
chunkqueue_reset(con->write_queue);
chunkqueue_reset(con->request_content_queue);
/* the plugins should cleanup themself */
for (i = 0; i < srv->plugins.used; i++) {
plugin *p = ((plugin **)(srv->plugins.ptr))[i];
plugin_data *pd = p->data;
if (!pd) continue;
if (con->plugin_ctx[pd->id] != NULL) {
log_error_write(srv, __FILE__, __LINE__, "sb", "missing cleanup in", p->name);
}
con->plugin_ctx[pd->id] = NULL;
}
/* The cond_cache gets reset in response.c */
/* config_cond_cache_reset(srv, con); */
con->header_len = 0;
con->in_error_handler = 0;
config_setup_connection(srv, con);
return 0;
}
connection *connection_init(server *srv) {
connection *con;
UNUSED(srv);
con = calloc(1, sizeof(*con));
con->fd = 0;
con->ndx = -1;
con->fde_ndx = -1;
con->bytes_written = 0;
con->bytes_read = 0;
con->bytes_header = 0;
con->loops_per_request = 0;
#define CLEAN(x) \
con->x = buffer_init();
CLEAN(request.uri);
CLEAN(request.request_line);
CLEAN(request.request);
CLEAN(request.pathinfo);
CLEAN(request.orig_uri);
CLEAN(uri.scheme);
CLEAN(uri.authority);
CLEAN(uri.path);
CLEAN(uri.path_raw);
CLEAN(uri.query);
CLEAN(physical.doc_root);
CLEAN(physical.path);
CLEAN(physical.basedir);
CLEAN(physical.rel_path);
CLEAN(physical.etag);
CLEAN(parse_request);
CLEAN(authed_user);
CLEAN(server_name);
CLEAN(error_handler);
CLEAN(dst_addr_buf);
#undef CLEAN
con->write_queue = chunkqueue_init();
con->read_queue = chunkqueue_init();
con->request_content_queue = chunkqueue_init();
chunkqueue_set_tempdirs(con->request_content_queue, srv->srvconf.upload_tempdirs);
con->request.headers = array_init();
con->response.headers = array_init();
con->environment = array_init();
/* init plugin specific connection structures */
con->plugin_ctx = calloc(1, (srv->plugins.used + 1) * sizeof(void *));
con->cond_cache = calloc(srv->config_context->used, sizeof(cond_cache_t));
config_setup_connection(srv, con);
con->range_offset = 0;
return con;
}
/* 0: everything ok, -1: error, -2: con closed */
static int connection_handle_read(server *srv, connection *con) {
int len;
buffer *b;
int toread, read_offset;
if (con->conf.is_ssl) {
return connection_handle_read_ssl(srv, con);
}
b = (NULL != con->read_queue->last) ? con->read_queue->last->mem : NULL;
/* default size for chunks is 4kb; only use bigger chunks if FIONREAD tells
* us more than 4kb is available
* if FIONREAD doesn't signal a big chunk we fill the previous buffer
* if it has >= 1kb free
*/
#if defined(__WIN32)
if (NULL == b || b->size - b->used < 1024) {
b = chunkqueue_get_append_buffer(con->read_queue);
buffer_prepare_copy(b, 4 * 1024);
}
read_offset = (b->used == 0) ? 0 : b->used - 1;
len = recv(con->fd, b->ptr + read_offset, b->size - 1 - read_offset, 0);
#else
#ifdef HAVE_LIBMTCP
/* toread = MAX_READ_LIMIT; */
if (mtcp_socket_ioctl(srv->mctx, con->fd, FIONREAD, &toread)
|| toread == 0 || toread <= 4*1024) {
#else
if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) {
#endif
if (NULL == b || b->size - b->used < 1024) {
b = chunkqueue_get_append_buffer(con->read_queue);
buffer_prepare_copy(b, 4 * 1024);
}
} else {
if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT;
b = chunkqueue_get_append_buffer(con->read_queue);
buffer_prepare_copy(b, toread + 1);
}
read_offset = (b->used == 0) ? 0 : b->used - 1;
#ifdef HAVE_LIBMTCP
len = mtcp_read(srv->mctx, con->fd, b->ptr + read_offset,
b->size - 1 - read_offset);
#else
len = read(con->fd, b->ptr + read_offset, b->size - 1 - read_offset);
#endif
#endif
if (len < 0) {
con->is_readable = 0;
if (errno == EAGAIN) return 0;
if (errno == EINTR) {
/* we have been interrupted before we could read */
con->is_readable = 1;
return 0;
}
if (errno != ECONNRESET) {
/* expected for keep-alive */
log_error_write(srv, __FILE__, __LINE__, "ssd", "connection closed - read failed: ", strerror(errno), errno);
}
connection_set_state(srv, con, CON_STATE_ERROR);
return -1;
} else if (len == 0) {
con->is_readable = 0;
/* the other end close the connection -> KEEP-ALIVE */
/* pipelining */
return -2;
} else if ((size_t)len < b->size - 1) {
/* we got less then expected, wait for the next fd-event */
con->is_readable = 0;
}
if (b->used > 0) b->used--;
b->used += len;
b->ptr[b->used++] = '\0';
con->bytes_read += len;
#if 0
dump_packet(b->ptr, len);
#endif
return 0;
}
static int connection_handle_write_prepare(server *srv, connection *con) {
if (con->mode == DIRECT) {
/* static files */
switch(con->request.http_method) {
case HTTP_METHOD_GET:
case HTTP_METHOD_POST:
case HTTP_METHOD_HEAD:
case HTTP_METHOD_PUT:
case HTTP_METHOD_PATCH:
case HTTP_METHOD_MKCOL:
case HTTP_METHOD_DELETE:
case HTTP_METHOD_COPY:
case HTTP_METHOD_MOVE:
case HTTP_METHOD_PROPFIND:
case HTTP_METHOD_PROPPATCH:
case HTTP_METHOD_LOCK:
case HTTP_METHOD_UNLOCK:
break;
case HTTP_METHOD_OPTIONS:
/*
* 400 is coming from the request-parser BEFORE uri.path is set
* 403 is from the response handler when noone else catched it
*
* */
if ((!con->http_status || con->http_status == 200) && con->uri.path->used &&
con->uri.path->ptr[0] != '*') {
response_header_insert(srv, con, CONST_STR_LEN("Allow"), CONST_STR_LEN("OPTIONS, GET, HEAD, POST"));
con->response.transfer_encoding &= ~HTTP_TRANSFER_ENCODING_CHUNKED;
con->parsed_response &= ~HTTP_CONTENT_LENGTH;
con->http_status = 200;
con->file_finished = 1;
chunkqueue_reset(con->write_queue);
}
break;
default:
switch(con->http_status) {
case 400: /* bad request */
case 401: /* authorization required */
case 414: /* overload request header */
case 505: /* unknown protocol */
case 207: /* this was webdav */
break;
default:
con->http_status = 501;
break;
}
break;
}
}
if (con->http_status == 0) {
con->http_status = 403;
}
switch(con->http_status) {
case 204: /* class: header only */
case 205:
case 304:
/* disable chunked encoding again as we have no body */
con->response.transfer_encoding &= ~HTTP_TRANSFER_ENCODING_CHUNKED;
con->parsed_response &= ~HTTP_CONTENT_LENGTH;
chunkqueue_reset(con->write_queue);
con->file_finished = 1;
break;
default: /* class: header + body */
if (con->mode != DIRECT) break;
/* only custom body for 4xx and 5xx */
if (con->http_status < 400 || con->http_status >= 600) break;
con->file_finished = 0;
buffer_reset(con->physical.path);
/* try to send static errorfile */
if (!buffer_is_empty(con->conf.errorfile_prefix)) {
stat_cache_entry *sce = NULL;
buffer_copy_string_buffer(con->physical.path, con->conf.errorfile_prefix);
buffer_append_long(con->physical.path, con->http_status);
buffer_append_string_len(con->physical.path, CONST_STR_LEN(".html"));
if (HANDLER_ERROR != stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
con->file_finished = 1;
http_chunk_append_file(srv, con, con->physical.path, 0, sce->st.st_size);
response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type));
}
}
if (!con->file_finished) {
buffer *b;
buffer_reset(con->physical.path);
con->file_finished = 1;
b = chunkqueue_get_append_buffer(con->write_queue);
/* build default error-page */
buffer_copy_string_len(b, CONST_STR_LEN(
"<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n"
"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n"
" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n"
"<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n"
" <head>\n"
" <title>"));
buffer_append_long(b, con->http_status);
buffer_append_string_len(b, CONST_STR_LEN(" - "));
buffer_append_string(b, get_http_status_name(con->http_status));
buffer_append_string_len(b, CONST_STR_LEN(
"</title>\n"
" </head>\n"
" <body>\n"
" <h1>"));
buffer_append_long(b, con->http_status);
buffer_append_string_len(b, CONST_STR_LEN(" - "));
buffer_append_string(b, get_http_status_name(con->http_status));
buffer_append_string_len(b, CONST_STR_LEN("</h1>\n"
" </body>\n"
"</html>\n"
));
response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/html"));
}
break;
}
if (con->file_finished) {
/* we have all the content and chunked encoding is not used, set a content-length */
if ((!(con->parsed_response & HTTP_CONTENT_LENGTH)) &&
(con->response.transfer_encoding & HTTP_TRANSFER_ENCODING_CHUNKED) == 0) {
off_t qlen = chunkqueue_length(con->write_queue);
/**
* The Content-Length header only can be sent if we have content:
* - HEAD doesn't have a content-body (but have a content-length)
* - 1xx, 204 and 304 don't have a content-body (RFC 2616 Section 4.3)
*
* Otherwise generate a Content-Length header as chunked encoding is not
* available
*/
if ((con->http_status >= 100 && con->http_status < 200) ||
con->http_status == 204 ||
con->http_status == 304) {
data_string *ds;
/* no Content-Body, no Content-Length */
if (NULL != (ds = (data_string*) array_get_element(con->response.headers, "Content-Length"))) {
buffer_reset(ds->value); /* Headers with empty values are ignored for output */
}
} else if (qlen > 0 || con->request.http_method != HTTP_METHOD_HEAD) {
/* qlen = 0 is important for Redirects (301, ...) as they MAY have
* a content. Browsers are waiting for a Content otherwise
*/
buffer_copy_off_t(srv->tmp_buf, qlen);
response_header_overwrite(srv, con, CONST_STR_LEN("Content-Length"), CONST_BUF_LEN(srv->tmp_buf));
}
}
} else {
/**
* the file isn't finished yet, but we have all headers
*
* to get keep-alive we either need:
* - Content-Length: ... (HTTP/1.0 and HTTP/1.0) or
* - Transfer-Encoding: chunked (HTTP/1.1)
*/
if (((con->parsed_response & HTTP_CONTENT_LENGTH) == 0) &&
((con->response.transfer_encoding & HTTP_TRANSFER_ENCODING_CHUNKED) == 0)) {
con->keep_alive = 0;
}
/**
* if the backend sent a Connection: close, follow the wish
*
* NOTE: if the backend sent Connection: Keep-Alive, but no Content-Length, we
* will close the connection. That's fine. We can always decide the close
* the connection
*
* FIXME: to be nice we should remove the Connection: ...
*/
if (con->parsed_response & HTTP_CONNECTION) {
/* a subrequest disable keep-alive although the client wanted it */
if (con->keep_alive && !con->response.keep_alive) {
con->keep_alive = 0;
}
}
}
if (con->request.http_method == HTTP_METHOD_HEAD) {
/**
* a HEAD request has the same as a GET
* without the content
*/
con->file_finished = 1;
chunkqueue_reset(con->write_queue);
con->response.transfer_encoding &= ~HTTP_TRANSFER_ENCODING_CHUNKED;
}
http_response_write_header(srv, con);
return 0;
}
static int connection_handle_write(server *srv, connection *con) {
switch(network_write_chunkqueue(srv, con, con->write_queue, MAX_WRITE_LIMIT)) {
case 0:
con->write_request_ts = srv->cur_ts;
if (con->file_finished) {
connection_set_state(srv, con, CON_STATE_RESPONSE_END);
joblist_append(srv, con);
}
break;
case -1: /* error on our side */
log_error_write(srv, __FILE__, __LINE__, "sd",
"connection closed: write failed on fd", con->fd);
connection_set_state(srv, con, CON_STATE_ERROR);
joblist_append(srv, con);
break;
case -2: /* remote close */
connection_set_state(srv, con, CON_STATE_ERROR);
joblist_append(srv, con);
break;
case 1:
con->write_request_ts = srv->cur_ts;
con->is_writable = 0;
/* not finished yet -> WRITE */
break;
}
return 0;
}
connection *connection_init(server *srv) {
connection *con;
UNUSED(srv);
con = calloc(1, sizeof(*con));
con->fd = 0;
con->ndx = -1;
con->fde_ndx = -1;
con->bytes_written = 0;
con->bytes_read = 0;
con->bytes_header = 0;
con->loops_per_request = 0;
#define CLEAN(x) \
con->x = buffer_init();
CLEAN(request.uri);
CLEAN(request.request_line);
CLEAN(request.request);
CLEAN(request.pathinfo);
CLEAN(request.orig_uri);
CLEAN(uri.scheme);
CLEAN(uri.authority);
CLEAN(uri.path);
CLEAN(uri.path_raw);
CLEAN(uri.query);
CLEAN(physical.doc_root);
CLEAN(physical.path);
CLEAN(physical.basedir);
CLEAN(physical.rel_path);
CLEAN(physical.etag);
CLEAN(parse_request);
CLEAN(authed_user);
CLEAN(server_name);
CLEAN(error_handler);
CLEAN(dst_addr_buf);
#if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT
CLEAN(tlsext_server_name);
#endif
#undef CLEAN
con->write_queue = chunkqueue_init();
con->read_queue = chunkqueue_init();
con->request_content_queue = chunkqueue_init();
chunkqueue_set_tempdirs(con->request_content_queue, srv->srvconf.upload_tempdirs);
con->request.headers = array_init();
con->response.headers = array_init();
con->environment = array_init();
/* init plugin specific connection structures */
con->plugin_ctx = calloc(1, (srv->plugins.used + 1) * sizeof(void *));
con->cond_cache = calloc(srv->config_context->used, sizeof(cond_cache_t));
config_setup_connection(srv, con);
return con;
}
