void check_timeouts(void)
{
int n;
time_t t;
/* check the timeouts of all 3 phases */
t=time(NULL);
for (n=0;n<maxusers;n++) {
if (pchild[n]->sock) {
switch (pchild[n]->state) {
case USR_ONLINE:
if (pchild[n]->pid==0 || waitpid(pchild[n]->pid,NULL,WNOHANG)<0) {
pchild[n]->pid=0;
if (t-pchild[n]->idletime>=idletimeout) {
handle_timeout(n);
}
} else pchild[n]->idletime=t;
break;
case USR_USER:
case USR_PASS:
if (t-pchild[n]->idletime>=logintimeout) handle_timeout(n);
break;
default: /* better */
handle_suspects(n);
break;
}
}
}
}
int main(int argc, char* argv[])
{
unsigned short port = 12345; // default port
if (argc == 2) {
port = atoi(argv[1]);
}
if ((epollfd = epoll_create(MAX_EVENTS)) < 0) {
perror("epoll_create");
exit(1);
}
if (poll_connection(epollfd, EPOLLIN, make_listen_connection(port)) < 0) {
exit(2);
}
struct epoll_event events[MAX_EVENTS];
while (1) {
int timeout = handle_timeout();
int n = epoll_wait(epollfd, events, MAX_EVENTS, timeout);
if (n < 0) {
perror("epoll_pwait");
exit(3);
}
int i;
for (i = 0; i < n; i++) {
handle_events(&events[i]);
}
}
return 0;
}
void send_request_impl(string_type /*unused*/const& method,
basic_request<Tag> const& request_,
body_generator_function_type generator) {
boost::asio::streambuf request_buffer;
linearize(
request_, method, version_major, version_minor,
std::ostreambuf_iterator<typename char_<Tag>::type>(&request_buffer));
connection_base::send_request_impl(socket_, method, request_buffer);
if (generator) {
string_type chunk;
while (generator(chunk)) {
std::copy(chunk.begin(), chunk.end(),
std::ostreambuf_iterator<typename char_<Tag>::type>(
&request_buffer));
chunk.clear();
connection_base::send_request_impl(socket_, method, request_buffer);
}
}
if (timeout_ > 0) {
timer_.expires_from_now(boost::posix_time::seconds(timeout_));
auto self = this->shared_from_this();
timer_.async_wait([=] (boost::system::error_code const &ec) {
self->handle_timeout(ec);
});
}
}
explicit echo_server(int port)
: m_acc(m_disp, ranger::event::endpoint(port)) {
m_acc.set_event_handler([this] (ranger::event::tcp_acceptor& acc, int fd) {
ranger::event::tcp_connection conn(m_disp, fd);
conn.set_event_handler([this] (ranger::event::tcp_connection& conn, ranger::event::tcp_connection::event_code what) {
switch (what) {
case ranger::event::tcp_connection::event_code::read:
handle_read(conn, conn.read_buffer());
break;
case ranger::event::tcp_connection::event_code::timeout:
handle_timeout(conn);
break;
case ranger::event::tcp_connection::event_code::error:
handle_error(conn);
break;
case ranger::event::tcp_connection::event_code::eof:
handle_eof(conn);
break;
default:
break;
}
});
auto local_ep = acc.local_endpoint();
auto remote_ep = conn.remote_endpoint();
std::cout << "acceptor[" << local_ep << "]" << " accept connection[" << remote_ep << "]." << std::endl;
m_conn_set.emplace(std::move(conn));
return true;
});
}
void take_fd(int fd)
{
ranger::util::scope_guard fd_guard([fd] { ranger::event::tcp_connection::file_descriptor_close(fd); });
ranger::event::tcp_connection conn(m_disp, fd);
conn.set_event_handler([this] (ranger::event::tcp_connection& conn, ranger::event::tcp_connection::event_code what)
{
switch (what)
{
case ranger::event::tcp_connection::event_code::read:
handle_read(conn, conn.read_buffer());
break;
case ranger::event::tcp_connection::event_code::timeout:
handle_timeout(conn);
break;
case ranger::event::tcp_connection::event_code::error:
handle_error(conn);
break;
case ranger::event::tcp_connection::event_code::eof:
handle_eof(conn);
break;
default:
break;
}
});
fd_guard.dismiss();
auto remote_ep = conn.remote_endpoint();
std::cout << "thread[" << std::this_thread::get_id() << "] " << "accept connection[" << remote_ep << "]." << std::endl;
m_conn_set.emplace(std::move(conn));
}
/* ***************************************************
* Function: control_loop
* ***************************************************
* control_loop() is the main STCP loop; it repeatedly waits for one of the
* following to happen:
* - incoming data from the peer
* - new data from the application (via mywrite())
* - the socket to be closed (via myclose())
* - a timeout
*/
static void control_loop(mysocket_t sd, context_t *ctx)
{
assert(ctx);
unsigned int event = 0;
bool fin_retry = false; /* TRUE = APP_CLOSE_REQUESTED but window was full */
while (!ctx->done)
{
size_t bytes_in_transit = ctx->nxt_seq_num - ctx->seq_base;
size_t win_space = ctx->recv_win - bytes_in_transit;
event = control_wait(sd, ctx, fin_retry);
if (event & NETWORK_DATA) {
handle_network_data(sd, ctx);
}
if ((event & APP_DATA) && !fin_retry) {
handle_app_data(sd, ctx);
}
if (event == TIMEOUT){
handle_timeout(sd, ctx);
}
if ((event & APP_CLOSE_REQUESTED) || fin_retry) {
if (win_space>0){
send_fin(sd, ctx);
fin_retry = false;
}
else {
our_dprintf("App requested FIN but window is full\n");
fin_retry = true;
}
}
}
}
mcast_sender::mcast_sender( boost::asio::io_service& io_service
, const boost::asio::ip::address& mcast_address )
: endpoint_( mcast_address, multicast_port )
, socket_( io_service, endpoint_.protocol() )
, timer_( io_service )
, message_count_(0)
{
// force sendto data
handle_timeout( boost::system::error_code() );
}
int
DataLink::handle_close(ACE_HANDLE h, ACE_Reactor_Mask m)
{
if (h == ACE_INVALID_HANDLE && m == TIMER_MASK) {
// Reactor is shutting down with this timer still pending.
// Take the same cleanup actions as if the timeout had expired.
handle_timeout(ACE_Time_Value::zero, 0);
}
return 0;
}
static int8_t loader_handler( void *state, Message *msg )
{
switch (msg->type){
case MSG_TIMER_TIMEOUT:
{ return handle_timeout( msg ); }
case MSG_VERSION_ADV:
{
msg_version_adv_t *pkt = (msg_version_adv_t *) msg->data;
pkt->version = version_ntoh(pkt->version);
if(pkt->version >= st.version_data->version) {
st.recent_neighbor = msg->saddr;
}
return handle_version_adv( msg );
}
case MSG_VERSION_DATA:
{
msg_version_data_t *pkt = (msg_version_data_t *) msg->data;
pkt->version = version_ntoh(pkt->version);
if(pkt->version >= st.version_data->version) {
st.recent_neighbor = msg->saddr;
}
return handle_version_data( msg );
}
case MSG_LOADER_LS_ON_NODE:
{
return handle_loader_ls_on_node( msg );
}
case MSG_FETCHER_DONE:
{
return handle_fetcher_done( msg );
}
case MSG_INIT:
{
#ifdef LOADER_NET_EXPERIMENT
handle_init();
if( ker_id() == 0 ) {
start_experiment(EXPERIMENT_SIZE);
}
#else
return handle_init();
#endif
}
default:
return -EINVAL;
}
return SOS_OK;
}
static uword
perfmon_periodic_process (vlib_main_t * vm,
vlib_node_runtime_t * rt, vlib_frame_t * f)
{
perfmon_main_t *pm = &perfmon_main;
f64 now;
uword *event_data = 0;
uword event_type;
int i;
while (1)
{
if (pm->state == PERFMON_STATE_RUNNING)
vlib_process_wait_for_event_or_clock (vm, pm->timeout_interval);
else
vlib_process_wait_for_event (vm);
now = vlib_time_now (vm);
event_type = vlib_process_get_events (vm, (uword **) & event_data);
switch (event_type)
{
case PERFMON_START:
for (i = 0; i < vec_len (event_data); i++)
start_event (pm, now, event_data[i]);
break;
/* Handle timeout */
case ~0:
handle_timeout (vm, pm, now);
break;
default:
clib_warning ("Unexpected event %d", event_type);
break;
}
vec_reset_length (event_data);
}
return 0; /* or not */
}
// Timer lists A&B.
// One acts as a shadow to the other always. On every timer update event,
// the current list is operated on, while the shadow list keeps getting updates
void soft_tmr_handler ()
{
int i;
int* tmrshadow;
int curactive = 0;
tmrshadow = get_tmr_list_shadow(active_tmrs); // Get the list that can act as a shadow to the current list
for (i=0; i < nactive; i++) {
soft_tmrs[active_tmrs[i]].timeout--;
if (soft_tmrs[active_tmrs[i]].timeout == 0) { // Timer expired. Unblock the process
handle_timeout (soft_tmrs[active_tmrs[i]].pid);
soft_tmrs[active_tmrs[i]].pid = -1;
}
else {
tmrshadow[curactive] = active_tmrs[i]; // Append timer id to newly formed list
curactive++;
}
}
active_tmrs = tmrshadow;
nactive = curactive;
}
/* Driver */
void isrv_run(
int listen_fd,
int (*new_peer)(isrv_state_t *state, int fd),
int (*do_rd)(int fd, void **),
int (*do_wr)(int fd, void **),
int (*do_timeout)(void **),
int timeout,
int linger_timeout)
{
isrv_state_t *state = xzalloc(sizeof(*state));
state->new_peer = new_peer;
state->timeout = timeout;
/* register "peer" #0 - it will accept new connections */
isrv_register_peer(state, NULL);
isrv_register_fd(state, /*peer:*/ 0, listen_fd);
isrv_want_rd(state, listen_fd);
/* remember flags to make blocking<->nonblocking switch faster */
/* (suppress gcc warning "cast from ptr to int of different size") */
PARAM_TBL[0] = (void*)(ptrdiff_t)(fcntl(listen_fd, F_GETFL));
while (1) {
struct timeval tv;
fd_set rd;
fd_set wr;
fd_set *wrp = NULL;
int n;
tv.tv_sec = timeout;
if (PEER_COUNT <= 1)
tv.tv_sec = linger_timeout;
tv.tv_usec = 0;
rd = state->rd;
if (WR_COUNT) {
wr = state->wr;
wrp = ≀
}
DPRINTF("run: select(FD_COUNT:%d,timeout:%d)...",
FD_COUNT, (int)tv.tv_sec);
n = select(FD_COUNT, &rd, wrp, NULL, tv.tv_sec ? &tv : NULL);
DPRINTF("run: ...select:%d", n);
if (n < 0) {
if (errno != EINTR)
bb_perror_msg("select");
continue;
}
if (n == 0 && linger_timeout && PEER_COUNT <= 1)
break;
if (timeout) {
time_t t = monotonic_sec();
if (t != CURTIME) {
CURTIME = t;
handle_timeout(state, do_timeout);
}
}
if (n > 0) {
handle_fd_set(state, &rd, do_rd);
if (wrp)
handle_fd_set(state, wrp, do_wr);
}
}
DPRINTF("run: bailout");
/* NB: accept socket is not closed. Caller is to decide what to do */
}
void Gps::handle_poll_timeout()
{
handle_timeout();
}
/* Serve the client that connected to the webserver
*/
static int serve_client(t_session *session) {
int result, length, auth_result;
char *qmark, chr, *header;
t_host *host_record;
t_access access;
t_deny_body *deny_body;
t_req_method request_method;
t_ip_addr ip_addr;
#ifdef ENABLE_XSLT
char *xslt_file;
#endif
#ifdef ENABLE_TOOLKIT
int i;
t_toolkit_options toolkit_options;
#endif
#ifdef ENABLE_RPROXY
t_rproxy *rproxy;
#endif
#ifdef ENABLE_DEBUG
session->current_task = "fetch & parse request";
#endif
if ((result = fetch_request(session)) != 200) {
session->request_method = GET;
return result;
} else if ((result = parse_request(session, session->header_length + session->content_length)) != 200) {
session->request_method = GET;
return result;
}
#ifdef ENABLE_DEBUG
session->current_task = "serve client";
#endif
session->time = time(NULL);
/* Hide reverse proxies
*/
if (in_iplist(session->config->hide_proxy, &(session->ip_address))) {
if (last_forwarded_ip(session->http_headers, &ip_addr) == 0) {
if (reposition_client(session, &ip_addr) != -1) {
copy_ip(&(session->ip_address), &ip_addr);
}
}
}
/* SSH tunneling
*/
#ifdef ENABLE_RPROXY
if (session->request_method == CONNECT) {
if (in_iplist(session->config->tunnel_ssh, &(session->ip_address)) == false) {
return 405;
}
#ifdef ENABLE_SSL
if (session->binding->use_ssl) {
return 405;
}
#endif
if (strcmp(session->request_uri, "localhost:22") != 0) {
if (strcmp(session->request_uri, "127.0.0.1:22") != 0) {
if (strcmp(session->request_uri, "::1.22") != 0) {
return 403;
}
}
}
log_system(session, "SSH tunnel requested");
if (tunnel_ssh_connection(session->client_socket) != 0) {
log_system(session, "SSH tunnel failed");
} else {
log_system(session, "SSH tunnel terminated");
}
session->keep_alive = false;
return 200;
}
#endif
/* Find host record
*/
if (session->hostname != NULL) {
if (remove_port_from_hostname(session) == -1) {
log_error(session, "error removing port from hostname");
return 500;
}
if ((host_record = get_hostrecord(session->config->first_host, session->hostname, session->binding)) != NULL) {
session->host = host_record;
#ifdef ENABLE_TOMAHAWK
session->last_host = host_record;
#endif
}
}
session->host->access_time = session->time;
#ifdef ENABLE_SSL
/* SSL client authentication
*/
if (session->binding->use_ssl) {
if ((session->host->ca_certificate != NULL) && (ssl_has_peer_cert(&(session->ssl_context)) == false)) {
log_error(session, "Missing client SSL certificate");
return 440;
}
}
#endif
/* Enforce usage of first hostname
*/
if (session->host->enforce_first_hostname && (session->hostname != NULL)) {
if (**(session->host->hostname.item) != '*') {
if (strcmp(session->hostname, *(session->host->hostname.item)) != 0) {
session->cause_of_301 = enforce_first_hostname;
return 301;
}
}
}
/* Enforce usage of SSL
*/
#ifdef ENABLE_SSL
if (session->host->require_ssl && (session->binding->use_ssl == false)) {
if ((qmark = strchr(session->uri, '?')) != NULL) {
*qmark = '\0';
session->vars = qmark + 1;
session->uri_len = strlen(session->uri);
}
session->cause_of_301 = require_ssl;
return 301;
}
#endif
/* Deny matching bodies
*/
if (session->body != NULL) {
chr = *(session->body + session->content_length);
*(session->body + session->content_length) = '\0';
deny_body = session->host->deny_body;
while (deny_body != NULL) {
if (strpcmp(session->body, &(deny_body->pattern)) == 0) {
if ((session->config->ban_on_denied_body > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_denied_body, session->config->kick_on_ban);
log_system(session, "Client banned because of denied body");
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
log_exploit_attempt(session, "denied body", session->body);
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_exploit(session);
monitor_event("Request body denied for %s", session->host->hostname.item[0]);
}
#endif
*(session->body + session->content_length) = chr;
return 403;
}
deny_body = deny_body->next;
}
*(session->body + session->content_length) = chr;
}
/* Websocket
*/
if (session->request_method == GET) {
if ((header = get_http_header("Connection:", session->http_headers)) != NULL) {
if (strcasestr(header, "upgrade") != NULL) {
if ((header = get_http_header("Upgrade:", session->http_headers)) != NULL) {
if (strcasecmp(header, "websocket") == 0) {
switch (access = allow_client(session)) {
case deny:
log_error(session, fb_accesslist);
return 403;
case allow:
break;
case pwd:
case unspecified:
if ((auth_result = http_authentication_result(session, access == unspecified)) != 200) {
return auth_result;
}
}
session->keep_alive = false;
if (forward_to_websocket(session) == -1) {
return 500;
}
return 200;
}
}
}
}
}
#ifdef ENABLE_RPROXY
/* Reverse proxy
*/
rproxy = session->host->rproxy;
while (rproxy != NULL) {
if (rproxy_match(rproxy, session->request_uri)) {
if (rproxy_loop_detected(session->http_headers)) {
return 508;
}
if ((qmark = strchr(session->uri, '?')) != NULL) {
*qmark = '\0';
session->vars = qmark + 1;
}
if (validate_url(session) == false) {
return -1;
}
if ((session->vars != NULL) && (session->host->secure_url)) {
if (forbidden_chars_present(session->vars)) {
log_error(session, "URL contains forbidden characters");
return 403;
}
}
if (duplicate_host(session) == false) {
log_error(session, "duplicate_host() error");
return 500;
}
if ((result = uri_to_path(session)) != 200) {
return result;
}
if (session->host->ignore_dot_hiawatha == false) {
if (load_user_config(session) == -1) {
return 500;
}
}
if ((result = copy_directory_settings(session)) != 200) {
return result;
}
switch (access = allow_client(session)) {
case deny:
log_error(session, fb_accesslist);
return 403;
case allow:
break;
case pwd:
case unspecified:
if ((auth_result = http_authentication_result(session, access == unspecified)) != 200) {
return auth_result;
}
}
/* Prevent SQL injection
*/
if (session->host->prevent_sqli) {
result = prevent_sqli(session);
if (result == 1) {
session->error_cause = ec_SQL_INJECTION;
}
if (result != 0) {
return -1;
}
}
/* Prevent Cross-site Scripting
*/
if (session->host->prevent_xss != p_no) {
if (prevent_xss(session) > 0) {
if (session->host->prevent_xss == p_block) {
session->error_cause = ec_XSS;
return -1;
}
}
}
/* Prevent Cross-site Request Forgery
*/
if (session->host->prevent_csrf != p_no) {
if (prevent_csrf(session) > 0) {
if (session->host->prevent_csrf == p_block) {
session->error_cause = ec_CSRF;
return -1;
}
}
}
return proxy_request(session, rproxy);
}
rproxy = rproxy->next;
}
#endif
/* Actions based on request method
*/
switch (session->request_method) {
case TRACE:
if (session->binding->enable_trace == false) {
return 501;
}
return handle_trace_request(session);
case PUT:
case DELETE:
if ((session->binding->enable_alter == false) && (session->host->webdav_app == false)) {
return 501;
}
break;
case unknown:
return 400;
case unsupported:
if (session->host->webdav_app == false) {
return 501;
}
break;
default:
break;
}
if (duplicate_host(session) == false) {
log_error(session, "duplicate_host() error");
return 500;
}
#ifdef ENABLE_TOOLKIT
if (session->host->ignore_dot_hiawatha == false) {
if (load_user_root_config(session) == -1) {
return 500;
}
}
/* URL toolkit
*/
init_toolkit_options(&toolkit_options);
toolkit_options.method = session->method;
toolkit_options.website_root = session->host->website_root;
toolkit_options.url_toolkit = session->config->url_toolkit;
toolkit_options.allow_dot_files = session->host->allow_dot_files;
toolkit_options.http_headers = session->http_headers;
#ifdef ENABLE_SSL
toolkit_options.use_ssl = session->binding->use_ssl;
#endif
if (((session->request_method != PUT) && (session->request_method != DELETE)) || session->host->webdav_app) {
for (i = 0; i < session->host->toolkit_rules.size; i++) {
if ((result = use_toolkit(session->uri, session->host->toolkit_rules.item[i], &toolkit_options)) == UT_ERROR) {
return 500;
}
if ((toolkit_options.ban > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), toolkit_options.ban, session->config->kick_on_ban);
log_system(session, "Client banned because of URL match in UrlToolkit rule");
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
return 403;
}
session->toolkit_fastcgi = toolkit_options.fastcgi_server;
if (toolkit_options.new_url != NULL) {
if (register_tempdata(&(session->tempdata), toolkit_options.new_url, tc_data) == -1) {
free(toolkit_options.new_url);
log_error(session, "error registering temporary data");
return 500;
}
session->uri = toolkit_options.new_url;
}
if (result == UT_REDIRECT) {
if ((session->location = strdup(toolkit_options.new_url)) == NULL) {
return -1;
}
session->cause_of_301 = location;
return 301;
}
if (result == UT_DENY_ACCESS) {
log_error(session, "access denied via URL toolkit rule");
return 403;
}
if (toolkit_options.expire > -1) {
session->expires = toolkit_options.expire;
session->caco_private = toolkit_options.caco_private;
}
}
}
#endif
/* Find GET data
*/
if ((qmark = strchr(session->uri, '?')) != NULL) {
*qmark = '\0';
session->vars = qmark + 1;
}
url_decode(session->uri);
session->uri_len = strlen(session->uri);
if ((session->vars != NULL) && (session->host->secure_url)) {
if (forbidden_chars_present(session->vars)) {
log_error(session, "URL contains forbidden characters");
return 403;
}
}
if (validate_url(session) == false) {
return -1;
}
if ((result = uri_to_path(session)) != 200) {
return result;
}
/* Load configfile from directories
*/
if (session->host->ignore_dot_hiawatha == false) {
if (load_user_config(session) == -1) {
return 500;
}
}
if ((result = copy_directory_settings(session)) != 200) {
return result;
}
switch (access = allow_client(session)) {
case deny:
log_error(session, fb_accesslist);
return 403;
case allow:
break;
case pwd:
case unspecified:
if ((auth_result = http_authentication_result(session, access == unspecified)) != 200) {
return auth_result;
}
}
switch (is_directory(session->file_on_disk)) {
case error:
return 500;
case yes:
session->uri_is_dir = true;
break;
case no:
if (((session->request_method != PUT) || session->host->webdav_app) && (session->host->enable_path_info)) {
if ((result = get_path_info(session)) != 200) {
return result;
}
}
break;
case no_access:
log_error(session, fb_filesystem);
return 403;
case not_found:
if (session->request_method == DELETE) {
return 404;
}
}
#ifdef ENABLE_TOOLKIT
if ((session->toolkit_fastcgi == NULL) && session->uri_is_dir) {
#else
if (session->uri_is_dir) {
#endif
length = strlen(session->file_on_disk);
if (*(session->file_on_disk + length - 1) == '/') {
strcpy(session->file_on_disk + length, session->host->start_file);
} else {
return 301;
}
}
if (get_target_extension(session) == -1) {
log_error(session, "error getting extension");
return 500;
}
if (((session->request_method != PUT) && (session->request_method != DELETE)) || session->host->webdav_app) {
check_target_is_cgi(session);
}
/* Handle request based on request method
*/
request_method = session->request_method;
if (session->host->webdav_app) {
if ((request_method == PUT) || (request_method == DELETE)) {
request_method = POST;
}
}
switch (request_method) {
case GET:
case HEAD:
if (session->cgi_type != no_cgi) {
session->body = NULL;
result = execute_cgi(session);
#ifdef ENABLE_XSLT
} else if ((xslt_file = find_xslt_file(session)) != NULL) {
result = handle_xml_file(session, xslt_file);
free(xslt_file);
#endif
} else {
result = send_file(session);
}
if (result == 404) {
#ifdef ENABLE_XSLT
if ((session->host->show_index != NULL) && (session->uri[session->uri_len - 1] == '/')) {
result = show_index(session);
}
#endif
#ifdef ENABLE_MONITOR
} else if (session->config->monitor_enabled) {
if ((result == 200) && (session->host->monitor_host)) {
unlink(session->file_on_disk);
}
#endif
}
if ((session->request_method == GET) && (session->cgi_type == no_cgi) && (session->directory != NULL)) {
if (session->directory->run_on_download != NULL) {
run_program(session, session->directory->run_on_download, result);
}
}
break;
case POST:
case unsupported:
if (session->cgi_type != no_cgi) {
result = execute_cgi(session);
#ifdef ENABLE_XSLT
} else if ((xslt_file = find_xslt_file(session)) != NULL) {
result = handle_xml_file(session, xslt_file);
free(xslt_file);
#endif
} else {
result = 405;
}
break;
case PUT:
result = handle_put_request(session);
if (((result == 201) || (result == 204)) && (session->host->run_on_alter != NULL)) {
run_program(session, session->host->run_on_alter, result);
}
break;
case DELETE:
result = handle_delete_request(session);
if ((result == 204) && (session->host->run_on_alter != NULL)) {
run_program(session, session->host->run_on_alter, result);
}
break;
case WHEN:
send_code(session);
break;
default:
result = 400;
}
return result;
}
/* Handle timeout upon sending request
*/
static void handle_timeout(t_session *session) {
if ((session->config->ban_on_timeout > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_timeout, session->config->kick_on_ban);
log_system(session, "Client banned because of connection timeout");
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
} else {
log_system(session, "Timeout while waiting for first request");
}
}
/* Request has been handled, handle the return code.
*/
static void handle_request_result(t_session *session, int result) {
char *hostname;
#ifdef ENABLE_DEBUG
session->current_task = "handle request result";
#endif
if (result == -1) switch (session->error_cause) {
case ec_MAX_REQUESTSIZE:
log_system(session, "Maximum request size reached");
session->return_code = 413;
send_code(session);
if ((session->config->ban_on_max_request_size > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_max_request_size, session->config->kick_on_ban);
log_system(session, "Client banned because of sending a too large request");
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
break;
case ec_TIMEOUT:
if (session->kept_alive == 0) {
session->return_code = 408;
send_code(session);
handle_timeout(session);
}
break;
case ec_CLIENT_DISCONNECTED:
if (session->kept_alive == 0) {
log_system(session, "Silent client disconnected");
}
break;
case ec_SOCKET_READ_ERROR:
if (errno != ECONNRESET) {
log_system(session, "Error while reading request");
}
break;
case ec_SOCKET_WRITE_ERROR:
log_request(session);
break;
case ec_FORCE_QUIT:
log_system(session, "Client kicked");
break;
case ec_SQL_INJECTION:
if ((session->config->ban_on_sqli > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_sqli, session->config->kick_on_ban);
hostname = (session->hostname != NULL) ? session->hostname : unknown_host;
log_system(session, "Client banned because of SQL injection on %s", hostname);
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
session->return_code = 441;
send_code(session);
log_request(session);
break;
case ec_XSS:
session->return_code = 442;
send_code(session);
log_request(session);
break;
case ec_CSRF:
session->return_code = 443;
send_code(session);
log_request(session);
break;
case ec_INVALID_URL:
if ((session->config->ban_on_invalid_url > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_invalid_url, session->config->kick_on_ban);
hostname = (session->hostname != NULL) ? session->hostname : unknown_host;
log_system(session, "Client banned because of invalid URL on %s", hostname);
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
send_code(session);
break;
default:
if (session->data_sent == false) {
session->return_code = 500;
if (send_code(session) == -1) {
session->keep_alive = false;
}
}
} else switch (result) {
case 200:
break;
case 201:
case 204:
case 304:
case 412:
if (session->data_sent == false) {
session->return_code = result;
if (send_header(session) == -1) {
session->keep_alive = false;
} else if (send_buffer(session, "Content-Length: 0\r\n\r\n", 21) == -1) {
session->keep_alive = false;
}
}
break;
case 411:
case 413:
session->keep_alive = false;
if (session->data_sent == false) {
session->return_code = result;
if (send_header(session) == -1) {
session->keep_alive = false;
} else if (send_buffer(session, "Content-Length: 0\r\n\r\n", 21) == -1) {
session->keep_alive = false;
}
}
break;
case 400:
log_garbage(session);
if (session->data_sent == false) {
session->return_code = 400;
if (send_code(session) == -1) {
session->keep_alive = false;
}
}
if ((session->config->ban_on_garbage > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_garbage, session->config->kick_on_ban);
log_system(session, "Client banned because of sending garbage");
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_bad_request(session);
}
#endif
break;
case 401:
case 403:
case 404:
case 501:
case 503:
if (session->data_sent == false) {
switch (handle_error(session, result)) {
case -1:
session->keep_alive = false;
break;
case 200:
break;
default:
if (session->data_sent == false) {
session->return_code = result;
if (send_code(session) == -1) {
session->keep_alive = false;
}
}
}
}
break;
case 500:
session->keep_alive = false;
default:
if (session->data_sent == false) {
session->return_code = result;
send_code(session);
}
}
if ((result > 0) && (result != 400)) {
log_request(session);
} else {
session->keep_alive = false;
}
}
/* Handle the connection of a client.
*/
static void connection_handler(t_session *session) {
int result;
#ifdef ENABLE_SSL
t_ssl_accept_data sad;
#endif
#ifdef ENABLE_DEBUG
session->current_task = "thread started";
#endif
#ifdef ENABLE_SSL
if (session->binding->use_ssl) {
sad.context = &(session->ssl_context);
sad.client_fd = &(session->client_socket);
sad.private_key = session->binding->private_key;
sad.certificate = session->binding->certificate;
sad.ca_certificate = session->binding->ca_certificate;
sad.ca_crl = session->binding->ca_crl;
sad.timeout = session->kept_alive == 0 ? session->binding->time_for_1st_request : session->binding->time_for_request;
sad.min_ssl_version = session->config->min_ssl_version;
sad.dh_size = session->config->dh_size;
#ifdef ENABLE_DEBUG
sad.thread_id = session->thread_id;
session->current_task = "ssl accept";
#endif
switch (ssl_accept(&sad)) {
case SSL_HANDSHAKE_NO_MATCH:
log_system(session, "No cypher overlap during SSL handshake.");
break;
case SSL_HANDSHAKE_TIMEOUT:
handle_timeout(session);
break;
case SSL_HANDSHAKE_OKE:
session->socket_open = true;
break;
}
} else
#endif
session->socket_open = true;
if (session->socket_open) {
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_connection(session);
}
#endif
do {
result = serve_client(session);
handle_request_result(session, result);
#ifdef ENABLE_TOMAHAWK
if (session->parsing_oke) {
show_request_to_admins(session->method, session->request_uri, session->http_version, &(session->ip_address),
session->http_headers, session->return_code, session->bytes_sent);
}
#endif
#ifdef ENABLE_DEBUG
session->current_task = "request done";
#endif
if (session->socket_open) {
/* Flush the output-buffer
*/
if (send_buffer(session, NULL, 0) == -1) {
session->keep_alive = false;
}
}
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_host(session);
}
#endif
reset_session(session);
#ifdef ENABLE_DEBUG
session->current_task = "session reset";
#endif
if ((session->kept_alive > 0) && (session->config->ban_on_flooding > 0)) {
if (client_is_flooding(session)) {
if (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny) {
ban_ip(&(session->ip_address), session->config->ban_on_flooding, session->config->kick_on_ban);
log_system(session, "Client banned because of flooding");
session->keep_alive = false;
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
}
}
} while (session->keep_alive && session->socket_open);
#ifdef ENABLE_DEBUG
session->current_task = "session done";
#endif
destroy_session(session);
close_socket(session);
} else {
close(session->client_socket);
}
if (session->config->reconnect_delay > 0) {
mark_client_for_removal(session, session->config->reconnect_delay);
} else {
remove_client(session, true);
}
#ifdef ENABLE_DEBUG
/* Show memory usage by thread
*/
memdbg_print_log(false);
#endif
/* Client session ends here
*/
#ifndef ENABLE_THREAD_POOL
pthread_exit(NULL);
#endif
}
static void handle_rrq(tftp_client_state_t *cli)
{
short pak_type;
short *netbuf_shorts = (short *)cli->block_buffer;
sock_errno_e retcode;
if (cli->state_flags & TFTP_SRV_BLKSIZE) {
handle_oack_transmit(cli);
} else {
handle_data_transmit(cli);
}
while (1) {
retcode = receive_packet(cli->client, cli->block_buffer, &cli->block_buffer_size);
switch (retcode) {
case SOCK_ERR_OK:
break;
case SOCK_ERR_TIMEOUT:
if (handle_timeout(cli)) {
continue;
} else {
return;
}
break;
default:
return;
}
pak_type = ntohs(netbuf_shorts[0]);
switch (pak_type) {
case TFTP_ACK:
if (SOCK_ERR_OK == receive_ack(cli->block_buffer, cli->blockid)) {
if (cli->state_flags & TFTP_SRV_LASTACK) {
return;
} else {
handle_data_transmit(cli);
}
}
break;
case TFTP_ERROR:
receive_error(cli->block_buffer);
return;
case TFTP_RRQ:
/* FALLTHRU */
case TFTP_WRQ:
/* FALLTHRU */
case TFTP_DATA:
/* FALLTHRU */
case TFTP_OACK:
tftp_log_message("Unhandled packet type %d in %s\n", pak_type, __FUNCTION__);
break;
default:
tftp_log_message("Unknown packet type %d in %s\n", pak_type, __FUNCTION__);
break;
}
}
}
/* Handle the connection of a client.
*/
static void connection_handler(t_session *session) {
int result;
#ifdef ENABLE_SSL
t_ssl_accept_data sad;
#endif
#ifdef ENABLE_MONITOR
int connections;
#ifdef ENABLE_DEBUG
session->current_task = "thread started";
#endif
connections = ++open_connections;
if (session->config->monitor_enabled) {
if (connections > session->config->monitor_stats.simultaneous_connections) {
session->config->monitor_stats.simultaneous_connections = connections;
}
}
#endif
#ifdef ENABLE_SSL
if (session->binding->use_ssl) {
sad.context = &(session->ssl_context);
sad.client_fd = &(session->client_socket);
sad.private_key = session->binding->private_key;
sad.certificate = session->binding->certificate;
sad.ca_certificate = session->binding->ca_certificate;
sad.ca_crl = session->binding->ca_crl;
sad.timeout = session->kept_alive == 0 ? session->binding->time_for_1st_request : session->binding->time_for_request;
sad.min_ssl_version = session->config->min_ssl_version;
sad.dh_size = session->config->dh_size;
#ifdef ENABLE_DEBUG
session->current_task = "ssl accept";
#endif
switch (ssl_accept(&sad)) {
case -2:
handle_timeout(session);
break;
case 0:
session->socket_open = true;
break;
}
} else
#endif
session->socket_open = true;
if (session->socket_open) {
do {
result = serve_client(session);
handle_request_result(session, result);
#ifdef ENABLE_DEBUG
session->current_task = "request done";
#endif
if (session->socket_open) {
send_buffer(session, NULL, 0); /* Flush the output-buffer */
}
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_counter_request(session);
if (session->host->monitor_requests && (result > 0)) {
monitor_request(session);
}
}
#endif
reset_session(session);
#ifdef ENABLE_DEBUG
session->current_task = "session reset";
#endif
if ((session->kept_alive > 0) && (session->config->ban_on_flooding > 0)) {
if (client_is_flooding(session)) {
if (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny) {
ban_ip(&(session->ip_address), session->config->ban_on_flooding, session->config->kick_on_ban);
log_system(session, "Client banned because of flooding");
session->keep_alive = false;
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_counter_ban(session);
}
#endif
}
}
}
} while (session->keep_alive && session->socket_open);
#ifdef ENABLE_DEBUG
session->current_task = "session done";
#endif
destroy_session(session);
close_socket(session);
} else {
close(session->client_socket);
}
#ifdef ENABLE_MONITOR
open_connections--;
#endif
if (session->config->reconnect_delay > 0) {
mark_client_for_removal(session, session->config->reconnect_delay);
} else {
remove_client(session, true);
}
/* Client session ends here
*/
#ifndef ENABLE_THREAD_POOL
pthread_exit(NULL);
#endif
}
