/* * Entry point for WebCit transaction */ void session_loop(void) { int xhttp; StrBuf *Buf; /* * We stuff these with the values coming from the client cookies, * so we can use them to reconnect a timed out session if we have to. */ wcsession *WCC; WCC= WC; WCC->upload_length = 0; WCC->upload = NULL; WCC->Hdr->nWildfireHeaders = 0; if (WCC->Hdr->HR.ContentLength > 0) { if (ReadPostData() < 0) { return; } } Buf = NewStrBuf(); WCC->trailing_javascript = NewStrBuf(); /* Convert base64-encoded URL's back to plain text */ if (!strncmp(ChrPtr(WCC->Hdr->this_page), "/B64", 4)) { StrBufCutLeft(WCC->Hdr->this_page, 4); StrBufDecodeBase64(WCC->Hdr->this_page); http_redirect(ChrPtr(WCC->Hdr->this_page)); goto SKIP_ALL_THIS_CRAP; } /* If there are variables in the URL, we must grab them now */ if (WCC->Hdr->PlainArgs != NULL) ParseURLParams(WCC->Hdr->PlainArgs); /* If the client sent a nonce that is incorrect, kill the request. */ if (havebstr("nonce")) { if (verbose) syslog(LOG_DEBUG, "Comparing supplied nonce %s to session nonce %d", bstr("nonce"), WCC->nonce ); if (ibstr("nonce") != WCC->nonce) { syslog(LOG_INFO, "Ignoring request with mismatched nonce."); hprintf("HTTP/1.1 404 Security check failed\r\n"); hprintf("Content-Type: text/plain\r\n"); begin_burst(); wc_printf("Security check failed.\r\n"); end_burst(); goto SKIP_ALL_THIS_CRAP; } } /* * If we're not connected to a Citadel server, try to hook up the connection now. */ if (!WCC->connected) { if (GetConnected()) { hprintf("HTTP/1.1 503 Service Unavailable\r\n"); hprintf("Content-Type: text/html\r\n"); begin_burst(); wc_printf("<html><head><title>503 Service Unavailable</title></head><body>\n"); wc_printf(_("This program was unable to connect or stay " "connected to the Citadel server. Please report " "this problem to your system administrator.") ); wc_printf("<br>"); wc_printf("<a href=\"http://www.citadel.org/doku.php/" "faq:generalquestions:webcit_unable_to_connect\">%s</a>", _("Read More...") ); wc_printf("</body></html>\n"); end_burst(); goto SKIP_ALL_THIS_CRAP; } } /* * If we're not logged in, but we have authentication data (either from * a cookie or from http-auth), try logging in to Citadel using that. */ if ( (!WCC->logged_in) && (StrLength(WCC->Hdr->c_username) > 0) && (StrLength(WCC->Hdr->c_password) > 0) ) { long Status; FlushStrBuf(Buf); serv_printf("USER %s", ChrPtr(WCC->Hdr->c_username)); StrBuf_ServGetln(Buf); if (GetServerStatus(Buf, &Status) == 3) { serv_printf("PASS %s", ChrPtr(WCC->Hdr->c_password)); StrBuf_ServGetln(Buf); if (GetServerStatus(Buf, NULL) == 2) { become_logged_in(WCC->Hdr->c_username, WCC->Hdr->c_password, Buf); } else { /* Should only display when password is wrong */ WCC->ImportantMsg = NewStrBufPlain(ChrPtr(Buf) + 4, StrLength(Buf) - 4); authorization_required(); FreeStrBuf(&Buf); goto SKIP_ALL_THIS_CRAP; } } else if (Status == 541) { WCC->logged_in = 1; } } xhttp = (WCC->Hdr->HR.eReqType != eGET) && (WCC->Hdr->HR.eReqType != ePOST) && (WCC->Hdr->HR.eReqType != eHEAD); /* * If a 'go' (or 'gotofirst') parameter has been specified, attempt to goto that room * prior to doing anything else. */ if (havebstr("go")) { int ret; if (verbose) syslog(LOG_DEBUG, "Explicit room selection: %s", bstr("go")); ret = gotoroom(sbstr("go")); /* do quietly to avoid session output! */ if ((ret/100) != 2) { if (verbose) syslog(LOG_DEBUG, "Unable to change to [%s]; Reason: %d", bstr("go"), ret); } } else if (havebstr("gotofirst")) { int ret; if (verbose) syslog(LOG_DEBUG, "Explicit room selection: %s", bstr("gotofirst")); ret = gotoroom(sbstr("gotofirst")); /* do quietly to avoid session output! */ if ((ret/100) != 2) { syslog(LOG_INFO, "Unable to change to [%s]; Reason: %d", bstr("gotofirst"), ret); } } /* * If we aren't in any room yet, but we have cookie data telling us where we're * supposed to be, and 'go' was not specified, then go there. */ else if ( (StrLength(WCC->CurRoom.name) == 0) && ( (StrLength(WCC->Hdr->c_roomname) > 0) )) { int ret; if (verbose) syslog(LOG_DEBUG, "We are in '%s' but cookie indicates '%s', going there...", ChrPtr(WCC->CurRoom.name), ChrPtr(WCC->Hdr->c_roomname) ); ret = gotoroom(WCC->Hdr->c_roomname); /* do quietly to avoid session output! */ if ((ret/100) != 2) { if (verbose) syslog(LOG_DEBUG, "COOKIEGOTO: Unable to change to [%s]; Reason: %d", ChrPtr(WCC->Hdr->c_roomname), ret); } } if (WCC->Hdr->HR.Handler != NULL) { if ( (!WCC->logged_in) && ((WCC->Hdr->HR.Handler->Flags & ANONYMOUS) == 0) && (WCC->serv_info != NULL) && (WCC->serv_info->serv_supports_guest == 0) ) { display_login(); } else { if ((WCC->Hdr->HR.Handler->Flags & AJAX) != 0) { begin_ajax_response(); } WCC->Hdr->HR.Handler->F(); if ((WCC->Hdr->HR.Handler->Flags & AJAX) != 0) { end_ajax_response(); } } } /* When all else fails, display the default landing page or a main menu. */ else { /* * ordinary browser users get a nice login screen, DAV etc. requsets * are given a 401 so they can handle it appropriate. */ if (!WCC->logged_in) { if (xhttp) { authorization_required(); } else { display_default_landing_page(); } } /* * Toplevel dav requests? or just a flat browser request? */ else { if (xhttp) { dav_main(); } else { display_main_menu(); } } } SKIP_ALL_THIS_CRAP: FreeStrBuf(&Buf); fflush(stdout); }
/* * The pathname is always going to be /groupdav/room_name/euid */ void dav_delete(void) { wcsession *WCC = WC; char dav_uid[SIZ]; long dav_msgnum = (-1); char buf[SIZ]; int n = 0; StrBuf *dav_roomname = NewStrBuf(); /* Now extract the message euid */ n = StrBufNum_tokens(WCC->Hdr->HR.ReqLine, '/'); extract_token(dav_uid, ChrPtr(WCC->Hdr->HR.ReqLine), n-1, '/', sizeof dav_uid); StrBufExtract_token(dav_roomname, WCC->Hdr->HR.ReqLine, 0, '/'); ///* What's left is the room name. Remove trailing slashes. */ //len = StrLength(WCC->Hdr->HR.ReqLine); //if ((len > 0) && (ChrPtr(WCC->Hdr->HR.ReqLinee)[len-1] == '/')) { // StrBufCutRight(WCC->Hdr->HR.ReqLine, 1); //} //StrBufCutLeft(WCC->Hdr->HR.ReqLine, 1); /* Go to the correct room. */ if (strcasecmp(ChrPtr(WC->CurRoom.name), ChrPtr(dav_roomname))) { gotoroom(dav_roomname); } if (strcasecmp(ChrPtr(WC->CurRoom.name), ChrPtr(dav_roomname))) { hprintf("HTTP/1.1 404 not found\r\n"); dav_common_headers(); hprintf("Content-Length: 0\r\n\r\n"); begin_burst(); end_burst(); FreeStrBuf(&dav_roomname); return; } dav_msgnum = locate_message_by_uid(dav_uid); /* * If no item exists with the requested uid ... simple error. */ if (dav_msgnum < 0L) { hprintf("HTTP/1.1 404 Not Found\r\n"); dav_common_headers(); hprintf("Content-Length: 0\r\n\r\n"); begin_burst(); end_burst(); FreeStrBuf(&dav_roomname); return; } /* * It's there ... check the ETag and make sure it matches * the message number. */ if (StrLength(WCC->Hdr->HR.dav_ifmatch) > 0) { if (StrTol(WCC->Hdr->HR.dav_ifmatch) != dav_msgnum) { hprintf("HTTP/1.1 412 Precondition Failed\r\n"); dav_common_headers(); hprintf("Content-Length: 0\r\n\r\n"); begin_burst(); end_burst(); FreeStrBuf(&dav_roomname); return; } } /* * Ok, attempt to delete the item. */ serv_printf("DELE %ld", dav_msgnum); serv_getln(buf, sizeof buf); if (buf[0] == '2') { hprintf("HTTP/1.1 204 No Content\r\n"); /* success */ dav_common_headers(); hprintf("Content-Length: 0\r\n\r\n"); begin_burst(); end_burst(); } else { hprintf("HTTP/1.1 403 Forbidden\r\n"); /* access denied */ dav_common_headers(); hprintf("Content-Length: 0\r\n\r\n"); begin_burst(); end_burst(); } FreeStrBuf(&dav_roomname); return; }
/* * The pathname is always going to take one of two formats: * [/groupdav/]room_name/euid (GroupDAV) * [/groupdav/]room_name (webcal) */ void dav_put(void) { wcsession *WCC = WC; StrBuf *dav_roomname; StrBuf *dav_uid; long new_msgnum = (-2L); long old_msgnum = (-1L); char buf[SIZ]; int n = 0; if (StrBufNum_tokens(WCC->Hdr->HR.ReqLine, '/') < 2) { hprintf("HTTP/1.1 404 not found\r\n"); dav_common_headers(); hprintf("Content-Type: text/plain\r\n"); begin_burst(); wc_printf("The object you requested was not found.\r\n"); end_burst(); return; } dav_roomname = NewStrBuf();; dav_uid = NewStrBuf();; StrBufExtract_token(dav_roomname, WCC->Hdr->HR.ReqLine, 0, '/'); StrBufExtract_token(dav_uid, WCC->Hdr->HR.ReqLine, 1, '/'); if ((!strcasecmp(ChrPtr(dav_uid), "ics")) || (!strcasecmp(ChrPtr(dav_uid), "calendar.ics"))) { FlushStrBuf(dav_uid); } /* Go to the correct room. */ if (strcasecmp(ChrPtr(WC->CurRoom.name), ChrPtr(dav_roomname))) { gotoroom(dav_roomname); } if (strcasecmp(ChrPtr(WC->CurRoom.name), ChrPtr(dav_roomname))) { hprintf("HTTP/1.1 404 not found\r\n"); dav_common_headers(); hprintf("Content-Type: text/plain\r\n"); begin_burst(); wc_printf("There is no folder called \"%s\" on this server.\r\n", ChrPtr(dav_roomname)); end_burst(); FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); return; } /* * If an HTTP If-Match: header is present, the client is attempting * to replace an existing item. We have to check to see if the * message number associated with the supplied uid matches what the * client is expecting. If not, the server probably contains a newer * version, so we fail... */ if (StrLength(WCC->Hdr->HR.dav_ifmatch) > 0) { syslog(LOG_DEBUG, "dav_ifmatch: %s\n", ChrPtr(WCC->Hdr->HR.dav_ifmatch)); old_msgnum = locate_message_by_uid(ChrPtr(dav_uid)); syslog(LOG_DEBUG, "old_msgnum: %ld\n", old_msgnum); if (StrTol(WCC->Hdr->HR.dav_ifmatch) != old_msgnum) { hprintf("HTTP/1.1 412 Precondition Failed\r\n"); syslog(LOG_INFO, "HTTP/1.1 412 Precondition Failed (ifmatch=%ld, old_msgnum=%ld)\r\n", StrTol(WCC->Hdr->HR.dav_ifmatch), old_msgnum); dav_common_headers(); end_burst(); FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); return; } } /** PUT on the collection itself uploads an ICS of the entire collection. */ if (StrLength(dav_uid) == 0) { dav_put_bigics(); FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); return; } /* * We are cleared for upload! We use the new calling syntax for ENT0 * which allows a confirmation to be sent back to us. That's how we * extract the message ID. */ serv_puts("ENT0 1|||4|||1|"); serv_getln(buf, sizeof buf); if (buf[0] != '8') { hprintf("HTTP/1.1 502 Bad Gateway\r\n"); dav_common_headers(); hprintf("Content-type: text/plain\r\n"); begin_burst(); wc_printf("%s\r\n", &buf[4]); end_burst(); return; } /* Send the content to the Citadel server */ //serv_printf("Content-type: %s\n\n", WCC->upload_content_type); serv_putbuf(WCC->upload); serv_puts("\n000"); /* Fetch the reply from the Citadel server */ n = 0; FlushStrBuf(dav_uid); while (serv_getln(buf, sizeof buf), strcmp(buf, "000")) { switch(n++) { case 0: new_msgnum = atol(buf); break; case 1: syslog(LOG_DEBUG, "new_msgnum=%ld (%s)\n", new_msgnum, buf); break; case 2: StrBufAppendBufPlain(dav_uid, buf, -1, 0); break; default: break; } } /* Tell the client what happened. */ /* Citadel failed in some way? */ if (new_msgnum < 0L) { hprintf("HTTP/1.1 502 Bad Gateway\r\n"); dav_common_headers(); hprintf("Content-type: text/plain\r\n"); begin_burst(); wc_printf("new_msgnum is %ld\r\n" "\r\n", new_msgnum); end_burst(); FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); return; } /* We created this item for the first time. */ if (old_msgnum < 0L) { char escaped_uid[1024]; hprintf("HTTP/1.1 201 Created\r\n"); syslog(LOG_DEBUG, "HTTP/1.1 201 Created\r\n"); dav_common_headers(); hprintf("etag: \"%ld\"\r\n", new_msgnum); hprintf("Location: "); dav_identify_hosthdr(); hprintf("/groupdav/");/* TODO */ hurlescputs(ChrPtr(dav_roomname)); euid_escapize(escaped_uid, ChrPtr(dav_uid)); hprintf("/%s\r\n", escaped_uid); end_burst(); FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); return; } /* We modified an existing item. */ hprintf("HTTP/1.1 204 No Content\r\n"); syslog(LOG_DEBUG, "HTTP/1.1 204 No Content\r\n"); dav_common_headers(); hprintf("Etag: \"%ld\"\r\n", new_msgnum); /* The item we replaced has probably already been deleted by * the Citadel server, but we'll do this anyway, just in case. */ serv_printf("DELE %ld", old_msgnum); serv_getln(buf, sizeof buf); begin_burst(); end_burst(); FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); return; }
/* * The pathname is always going to be /groupdav/room_name/msg_num */ void dav_options(void) { wcsession *WCC = WC; StrBuf *dav_roomname; StrBuf *dav_uid; long dav_msgnum = (-1); char datestring[256]; time_t now; now = time(NULL); http_datestring(datestring, sizeof datestring, now); dav_roomname = NewStrBuf(); dav_uid = NewStrBuf(); StrBufExtract_token(dav_roomname, WCC->Hdr->HR.ReqLine, 0, '/'); StrBufExtract_token(dav_uid, WCC->Hdr->HR.ReqLine, 1, '/'); syslog(LOG_DEBUG, "\033[35m%s (logged_in=%d)\033[0m", ChrPtr(WCC->Hdr->HR.ReqLine), WC->logged_in); /* * If the room name is blank, the client is doing an OPTIONS on the root. */ if (StrLength(dav_roomname) == 0) { syslog(LOG_DEBUG, "\033[36mOPTIONS requested for root\033[0m"); hprintf("HTTP/1.1 200 OK\r\n"); dav_common_headers(); hprintf("Date: %s\r\n", datestring); hprintf("DAV: 1\r\n"); hprintf("Allow: OPTIONS, PROPFIND\r\n"); hprintf("\r\n"); begin_burst(); end_burst(); FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); return; } /* Go to the correct room. */ if (strcasecmp(ChrPtr(WC->CurRoom.name), ChrPtr(dav_roomname))) { gotoroom(dav_roomname); } if (strcasecmp(ChrPtr(WC->CurRoom.name), ChrPtr(dav_roomname))) { syslog(LOG_DEBUG, "\033[36mOPTIONS requested for invalid item\033[0m"); hprintf("HTTP/1.1 404 not found\r\n"); dav_common_headers(); hprintf("Date: %s\r\n", datestring); hprintf( "Content-Type: text/plain\r\n"); begin_burst(); wc_printf( "There is no folder called \"%s\" on this server.\r\n", ChrPtr(dav_roomname) ); end_burst(); FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); return; } /* If dav_uid is non-empty, client is requesting an OPTIONS on * a specific item in the room. */ if (StrLength(dav_uid) != 0) { syslog(LOG_DEBUG, "\033[36mOPTIONS requested for specific item\033[0m"); dav_msgnum = locate_message_by_uid(ChrPtr(dav_uid)); if (dav_msgnum < 0) { hprintf("HTTP/1.1 404 not found\r\n"); dav_common_headers(); hprintf("Content-Type: text/plain\r\n"); begin_burst(); wc_printf( "Object \"%s\" was not found in the \"%s\" folder.\r\n", ChrPtr(dav_uid), ChrPtr(dav_roomname) ); FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); end_burst();return; } hprintf("HTTP/1.1 200 OK\r\n"); dav_common_headers(); hprintf("Date: %s\r\n", datestring); hprintf("DAV: 1\r\n"); hprintf("Allow: OPTIONS, PROPFIND, GET, PUT, DELETE\r\n"); begin_burst(); end_burst(); FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); return; } FreeStrBuf(&dav_roomname); FreeStrBuf(&dav_uid); /* * We got to this point, which means that the client is requesting * an OPTIONS on the room itself. */ syslog(LOG_DEBUG, "\033[36mOPTIONS requested for room '%s' (%slogged in)\033[0m", ChrPtr(WC->CurRoom.name), ((WC->logged_in) ? "" : "not ") ); hprintf("HTTP/1.1 200 OK\r\n"); dav_common_headers(); hprintf("Date: %s\r\n", datestring); /* * Offer CalDAV (RFC 4791) if this is a calendar room */ if ( (WC->CurRoom.view == VIEW_CALENDAR) || (WC->CurRoom.view == VIEW_CALBRIEF) ) { hprintf("DAV: 1, calendar-access\r\n"); syslog(LOG_DEBUG, "\033[36mDAV: 1, calendar-access\033[0m"); } else { hprintf("DAV: 1\r\n"); syslog(LOG_DEBUG, "\033[36mDAV: 1\033[0m"); } hprintf("Allow: OPTIONS, PROPFIND, GET, PUT, REPORT\r\n"); begin_burst(); end_burst(); }