int LOOKUP_ACCOUNT_OP::do_rpc(ACCOUNT_IN& ai) {
int retval;
string url;
string parameter;
url = ai.url;
canonicalize_master_url(url);
url += "lookup_account.php?email_addr=";
parameter = ai.email_addr;
escape_url(parameter);
url += parameter;
url += "&passwd_hash=";
parameter = ai.passwd_hash;
escape_url(parameter);
url += parameter;
retval = gui_http->do_rpc(this, (char*)url.c_str(), LOOKUP_ACCOUNT_FILENAME);
if (retval) {
error_num = retval;
} else {
error_num = ERR_IN_PROGRESS;
}
return retval;
}
int process_redirect(struct request *r)
{
char buf[STRLEN];
char *c;
FILE *fp;
if (r->method != M_GET && r->method != M_HEAD) {
r->error = "invalid method for redirect";
return 405;
}
fp = fopen(r->path_translated, "r");
if (fp == 0) {
lerror("fopen");
r->error = "cannot open redirect file";
return 500;
}
fgets(buf, STRLEN, fp);
fclose(fp);
c = strchr(buf, '\n');
if (c)
*c = 0;
else {
r->error = "redirect url too long";
return 500;
}
escape_url(buf, r->newloc);
r->location = r->newloc;
return 302;
}
char *
Module::Port::generate_osc_path ()
{
const Port *p = this;
char *path = NULL;
// /strip/STRIPNAME/MODULENAME/CONTROLNAME
if ( ! p->hints.visible )
{
return NULL;
}
int n = module()->chain()->get_module_instance_number( module() );
if ( n > 0 )
asprintf( &path, "/strip/%s/%s.%i/%s", module()->chain()->name(), p->module()->label(), n, p->name() );
else
asprintf( &path, "/strip/%s/%s/%s", module()->chain()->name(), p->module()->label(), p->name() );
char *s = escape_url( path );
free( path );
path = s;
return path;
}
int CREATE_ACCOUNT_OP::do_rpc(ACCOUNT_IN& ai) {
int retval;
string url;
string parameter;
url = ai.url;
canonicalize_master_url(url);
url += "create_account.php?email_addr=";
parameter = ai.email_addr;
escape_url(parameter);
url += parameter;
url += "&passwd_hash=";
parameter = ai.passwd_hash;
escape_url(parameter);
url += parameter;
url += "&user_name=";
parameter = ai.user_name;
escape_url(parameter);
url += parameter;
if (!ai.team_name.empty()) {
url += "&team_name=";
parameter = ai.team_name;
escape_url(parameter);
url += parameter;
}
retval = gui_http->do_rpc(
this, (char*)url.c_str(), CREATE_ACCOUNT_FILENAME, false
);
if (retval) {
error_num = retval;
} else {
error_num = ERR_IN_PROGRESS;
}
return retval;
}
// Like escape_url but don't encode "/".
char* escape_url_extended(const char* url, const char** delimiters, uint32_t num_delimiters) {
gchar** split = g_strsplit(url, delimiters[num_delimiters-1], 0);
gchar** ptr;
gchar* escaped_ptr;
for (ptr = split; *ptr; ptr++) {
if( num_delimiters > 1){
escaped_ptr = escape_url_extended(*ptr, delimiters, num_delimiters-1);
}else{
escaped_ptr = escape_url(*ptr);
}
g_free(*ptr);
*ptr = escaped_ptr;
}
escaped_ptr = g_strjoinv(delimiters[num_delimiters-1], split);
g_strfreev(split);
return escaped_ptr;
}
char *
commandtext(dbref player, char *command, char *text)
{
static char buf[BUFFER_LEN];
char buf2[BUFFER_LEN];
strcpy(buf2, "");
strcpy(buf, text);
if (FLAG2(player) & F2HTML) {
escape_url(buf2, command);
sprintf(buf,
"<a href=\"/webinput?id=%s&muckinput=%s\" target=\"input\">%s</a>",
getidstring(player), buf2, text);
} else if (FLAG2(player) & F2PUEBLO) {
sprintf(buf, "<a xch_cmd=\"%s\">%s</a>", command, text);
}
return (buf);
}
int afp_parse_url(struct afp_url * url, const char * toparse, int verbose)
{
char firstpart[255],secondpart[2048];
char *p, *q;
int firstpartlen;
int skip_earliestpart=0;
int skip_secondpart=0;
char * lastchar;
int foundv6literal=0;
if (verbose) printf("Parsing %s\n",toparse);
url->username[0]='\0';
url->servername[0]='\0';
url->uamname[0]='\0';
url->password[0]='\0';
url->volumename[0]='\0';
url->path[0]='\0';
/* The most complex URL is:
afp://user;AUTH=authType:password@server-name:port/volume-name/path
where the optional parms are user, password, AUTH and port, so the
simplest is:
afp://server-name/volume-name/path
*/
/* if there is a ://, make sure it is preceeded by afp */
if ((p=strstr(toparse,"://"))!=NULL) {
q=p-3;
if (p<toparse) {
if (verbose) printf("URL does not start with afp://\n");
return -1;
}
if (strncmp(q,"afp",3)!=0) {
if (verbose) printf("URL does not start with afp://\n");
return -1;
}
p+=3;
} else {
if (verbose) printf("This isn't a URL at all.\n");
return -1;
}
if (p==NULL) p=(char *)toparse;
/* Now split on the first / */
if (sscanf(p,"%[^/]/%[^$]",
firstpart, secondpart)!=2) {
/* Okay, so there's no volume. */
skip_secondpart=1;
}
firstpartlen=strlen(firstpart);
lastchar=firstpart+firstpartlen-1;
/* First part could be something like:
user;AUTH=authType:password
We'll assume that the breakout is:
user; optional user name
AUTH=authtype:
*/
/* Let's see if there's a ';'. q is the end of the username */
if ((p=escape_strchr(firstpart,'@',"@"))) {
*p='\0';
p++;
} else {
skip_earliestpart=1;
p=firstpart;
}
/* p now points to the start of the server name*/
/* square brackets denote a literal ipv6 address */
if (*p == '[' &&
(q=strchr(p,']'))) {
foundv6literal = 1;
p++;
*q = '\0';
q++;
}
/* see if we have a port number */
if ((foundv6literal && (q=strchr(q,':'))) ||
(!foundv6literal && (q=strchr(p,':'))) ) {
*q='\0';
q++;
if (check_port(q)) return -1;
if ((url->port=atoi(q))==0) {
if (verbose) printf("Port appears to be zero\n");
return -1;
}
}
snprintf(url->servername,strlen(p)+1,"%s", p);
if (check_servername(url->servername)) {
if (verbose) printf("This isn't a valid servername\n");
return -1;
}
if ((p==NULL) || ((strlen(p)+p-1)==lastchar)) {
/* afp://server */
}
if ((q) && ((strlen(q)+q-1)==lastchar)) {
/* afp://server:port */
}
/* Earliest part */
if (skip_earliestpart) {
p+=strlen(p);
goto parse_secondpart;
}
p=firstpart;
/* Now we're left with something like user[;AUTH=uamname][:password] */
/* Look for :password */
if ((q=escape_strrchr(p,':',":"))) {
*q='\0';
q++;
snprintf(url->password,strlen(q)+1, "%s", q);
if (check_password(url->password)) {
if (verbose) printf("This isn't a valid passwd\n");
return -1;
}
}
/* Now we're down to user[;AUTH=uamname] */
p=firstpart;
if ((q=strstr(p,";AUTH="))) {
*q='\0';
q+=6;
snprintf(url->uamname,strlen(q)+1,"%s", q);
if (check_uamname(url->uamname)) {
if (verbose) printf("This isn't a valid uamname\n");
return -1;
}
}
if (strlen(p)>0) {
snprintf(url->username,strlen(p)+1,"%s", p);
if (check_username(url->username)) {
if (verbose) printf("This isn't a valid username\n");
return -1;
}
}
parse_secondpart:
if (skip_secondpart) goto done;
if (strlen(secondpart)==0) goto done;
if (secondpart[strlen(secondpart)]=='/')
secondpart[strlen(secondpart)]='\0';
p=secondpart;
if ((q=strchr(p,'/'))) {
*q='\0';
q++;
}
snprintf(url->volumename,strlen(p)+1,"%s", p);
if (q) {
url->path[0]='/';
snprintf(url->path+1,strlen(q)+1, "%s", q);
}
done:
escape_url(url);
if (verbose) printf("Successful parsing of URL\n");
return 0;
}
void send_file(per_request *reqInfo, struct stat *fi, char allow_options)
{
FILE *f;
#ifdef BLACKOUT_CODE
int isblack = FALSE;
#endif /* BLACKOUT_CODE */
if ((reqInfo->method != M_GET) && (reqInfo->method != M_HEAD)) {
sprintf(error_msg,"%s to non-script",methods[reqInfo->method]);
die(reqInfo,SC_NOT_IMPLEMENTED,error_msg);
}
set_content_type(reqInfo,reqInfo->filename);
if((allow_options & OPT_INCLUDES) && (!reqInfo->outh_content_encoding[0])) {
#ifdef XBITHACK
if((fi->st_mode & S_IXUSR) ||
(!strcmp(reqInfo->outh_content_type,INCLUDES_MAGIC_TYPE))) {
#else
if(!strcmp(reqInfo->outh_content_type,INCLUDES_MAGIC_TYPE)) {
#endif /* XBITHACK */
reqInfo->bytes_sent = 0;
send_parsed_file(reqInfo, allow_options & OPT_INCNOEXEC);
log_transaction(reqInfo);
return;
}
}
if (reqInfo->path_info[0]) {
strcat(reqInfo->filename,reqInfo->path_info);
strcat(reqInfo->url,reqInfo->path_info);
sprintf(error_msg,"No file matching URL: %s",reqInfo->url);
log_reason(reqInfo, error_msg, reqInfo->filename);
die(reqInfo,SC_NOT_FOUND,reqInfo->url);
}
if(!(f=FOpen(reqInfo->filename,"r"))) {
if (errno == EACCES) {
log_reason(reqInfo,"(1) file permissions deny server access",
reqInfo->filename);
/* we've already established that it exists */
die(reqInfo,SC_FORBIDDEN,reqInfo->url);
} else {
/* We know an error occured, of an unexpected variety.
* This could be due to no more file descriptors. We have this
* child exit after this stage so that errors of state are
* swept under the carpet.
*/
standalone = 0;
sprintf(error_msg,"File Open error, errno=%d",errno);
log_reason(reqInfo,error_msg,reqInfo->filename);
die(reqInfo,SC_SERVER_ERROR,error_msg);
}
}
reqInfo->bytes_sent = 0;
#ifdef BLACKOUT_CODE
if (!strcmp(reqInfo->outh_content_type,BLACKOUT_MAGIC_TYPE)) {
isblack = TRUE;
strcpy(reqInfo->outh_content_type,"text/html");
}
#endif /* BLACKOUT_CODE */
if(reqInfo->http_version != P_HTTP_0_9) {
/* No length dependent headers since black is parsed */
#ifdef BLACKOUT_CODE
if (isblack == FALSE) {
#endif /* BLACKOUT_CODE */
#ifdef CONTENT_MD5
reqInfo->outh_content_md5 = (unsigned char *)md5digest(f);
#endif /* CONTENT_MD5 */
set_content_length(reqInfo,fi->st_size);
if (set_last_modified(reqInfo,fi->st_mtime)) {
FClose(f);
return;
}
}
if (reqInfo->http_version != P_HTTP_0_9) {
send_http_header(reqInfo);
}
#ifdef BLACKOUT_CODE
}
#endif /* BLACKOUT_CODE */
if(reqInfo->method != M_HEAD) {
#ifdef BLACKOUT_CODE
if (isblack == TRUE)
send_fp_black(reqInfo,f,NULL);
else
#endif /* BLACKOUT_CODE */
send_fp(reqInfo,f,NULL);
}
log_transaction(reqInfo);
FClose(f);
}
void send_dir(per_request *reqInfo,struct stat *finfo, char allow_options) {
char *name_ptr, *end_ptr;
char *ifile, *temp_name;
ifile = newString(HUGE_STRING_LEN,STR_TMP);
temp_name = newString(HUGE_STRING_LEN,STR_TMP);
/* Path Alias (pa) array should now have the trailing slash */
/* if (pa[0] != '/') { */
if ((reqInfo->filename[strlen(reqInfo->filename) - 1] != '/') &&
(reqInfo->path_info[0] != '/')) {
strcpy_dir(ifile,reqInfo->url);
construct_url(temp_name,reqInfo->hostInfo,ifile);
escape_url(temp_name);
die(reqInfo,SC_REDIRECT_PERM,temp_name);
}
/* Don't allow PATH_INFO to directory indexes as a compromise for
error messages for files which don't exist */
if ((reqInfo->path_info[0] != '\0') || (strlen(reqInfo->path_info) > 1)) {
strcat(reqInfo->filename,reqInfo->path_info);
strcat(reqInfo->url,reqInfo->path_info);
sprintf(error_msg,"No file matching URL: %s",reqInfo->url);
log_reason(reqInfo, error_msg, reqInfo->filename);
freeString(temp_name);
freeString(ifile);
die(reqInfo,SC_NOT_FOUND,reqInfo->url);
}
strncpy(temp_name, reqInfo->hostInfo->index_names, HUGE_STRING_LEN-1);
end_ptr = name_ptr = temp_name;
while (*name_ptr) {
while (*name_ptr && isspace (*name_ptr)) ++name_ptr;
end_ptr = name_ptr;
if (strchr(end_ptr, ' ') ) {
end_ptr = strchr(name_ptr, ' ');
*end_ptr = '\0';
end_ptr++;
} else
end_ptr += strlen(end_ptr);
make_full_path(reqInfo->filename,name_ptr,ifile);
if(stat(ifile,finfo) == -1) {
if(! *end_ptr && (allow_options & OPT_INDEXES)) {
if (reqInfo->path_info[0]) {
strcat(reqInfo->filename,reqInfo->path_info);
strcat(reqInfo->url,reqInfo->path_info);
log_reason(reqInfo,"file does not exist",reqInfo->filename);
freeString(ifile);
freeString(temp_name);
die(reqInfo,SC_NOT_FOUND,reqInfo->url);
}
if ((reqInfo->method != M_GET) && (reqInfo->method != M_HEAD)) {
sprintf(error_msg,"%s to non-script",methods[reqInfo->method]);
freeString(ifile);
freeString(temp_name);
die(reqInfo,SC_NOT_IMPLEMENTED,error_msg);
}
index_directory(reqInfo);
freeString(ifile);
freeString(temp_name);
return;
} else if (! *end_ptr) {
log_reason(reqInfo,"(2) file permissions deny server access",
reqInfo->filename);
freeString(ifile);
freeString(temp_name);
die(reqInfo,SC_FORBIDDEN,reqInfo->url);
}
} else {
strcpy(reqInfo->filename,ifile);
probe_content_type(reqInfo,reqInfo->filename);
if(!strcmp(reqInfo->outh_content_type,CGI_MAGIC_TYPE))
send_cgi(reqInfo,finfo,allow_options);
else
send_file(reqInfo,finfo,allow_options);
freeString(ifile);
freeString(temp_name);
return;
}
name_ptr = end_ptr;
}
}
