void ejCloseEngine(int eid) { ej_t *ep; int i; if ((ep = ejPtr(eid)) == NULL) { return; } #ifdef EMF ejEmfClose(eid); #endif bfreeSafe(B_L, ep->error); ep->error = NULL; bfreeSafe(B_L, ep->result); ep->result = NULL; ejLexClose(ep); for (i = ep->variableMax - 1; i >= 0; i--) { if (ep->flags & FLAGS_VARIABLES) { symClose(ep->variables[i] - EJ_OFFSET); } ep->variableMax = hFree((void***) &ep->variables, i); } if (ep->flags & FLAGS_FUNCTIONS) { symClose(ep->functions); } ejMax = hFree((void***) &ejHandles, ep->eid); bfree(B_L, ep); }
char_t *websCalcDigest(webs_t wp) { #ifdef DIGEST_ACCESS_SUPPORT char_t *digest, *a1, *a1prime, *a2, *a2prime, *preDigest, *method; a_assert(wp); digest = NULL; /* * Calculate first portion of digest H(A1) */ a1 = NULL; fmtAlloc(&a1, 255, T("%s:%s:%s"), wp->userName, wp->realm, wp->password); a_assert(a1); a1prime = websMD5(a1); bfreeSafe(B_L, a1); /* * Calculate second portion of digest H(A2) */ method = websGetVar(wp, T("REQUEST_METHOD"), NULL); a_assert(method); a2 = NULL; fmtAlloc(&a2, 255, T("%s:%s"), method, wp->uri); a_assert(a2); a2prime = websMD5(a2); bfreeSafe(B_L, a2); /* * Construct final digest KD(H(A1):nonce:H(A2)) */ a_assert(a1prime); a_assert(a2prime); a_assert(wp->nonce); preDigest = NULL; if (!wp->qop) { fmtAlloc(&preDigest, 255, T("%s:%s:%s"), a1prime, wp->nonce, a2prime); } else { fmtAlloc(&preDigest, 255, T("%s:%s:%s:%s:%s:%s"), a1prime, wp->nonce, wp->nc, wp->cnonce, wp->qop, a2prime); } a_assert(preDigest); digest = websMD5(preDigest); /* * Now clean up */ bfreeSafe(B_L, a1prime); bfreeSafe(B_L, a2prime); bfreeSafe(B_L, preDigest); return digest; #else return NULL; #endif /* DIGEST_ACCESS_SUPPORT */ }
char_t *websCalcUrlDigest(webs_t wp) { char_t *digest, *a1, *a1prime, *a2, *a2prime, *preDigest, *method; a_assert(wp); digest = NULL; /* * Calculate first portion of digest H(A1) */ a1 = NULL; fmtAlloc(&a1, 255, T("%s:%s:%s"), wp->userName, wp->realm, wp->password); a_assert(a1); a1prime = websMD5(a1); bfreeSafe(B_L, a1); /* * Calculate second portion of digest H(A2) */ method = websGetVar(wp, T("REQUEST_METHOD"), NULL); a_assert(method); /* Fixes by Richard Laing, 2003/7/15 */ a2 = balloc(B_L, (gstrlen(method) +2 + gstrlen(wp->url) ) * sizeof(char_t)); a_assert(a2); gsprintf(a2, T("%s:%s"), method, wp->url); a2prime = websMD5(a2); bfreeSafe(B_L, a2); /* * Construct final digest KD(H(A1):nonce:H(A2)) */ a_assert(a1prime); a_assert(a2prime); a_assert(wp->nonce); preDigest = NULL; if (!wp->qop) { fmtAlloc(&preDigest, 255, T("%s:%s:%s"), a1prime, wp->nonce, a2prime); } else { fmtAlloc(&preDigest, 255, T("%s:%s:%s:%s:%s:%s"), a1prime, wp->nonce, wp->nc, wp->cnonce, wp->qop, a2prime); } a_assert(preDigest); digest = websMD5(preDigest); /* * Now clean up */ bfreeSafe(B_L, a1prime); bfreeSafe(B_L, a2prime); bfreeSafe(B_L, preDigest); return digest; }
void dbClose(int did) { int table, column; dbTable_t *pTable; /* * Before doing anything, delete all the contents of the database */ dbZero(did); /* * Now delete the tables */ for (table = 0; table < dbMaxTables; table++) { pTable = dbListTables[table]; if (pTable != NULL) { /* * Delete the table schema */ if (pTable->nColumns) { for (column = 0; column < pTable->nColumns; column++) { bfreeSafe(B_L, pTable->columnNames[column]); } bfreeSafe(B_L, pTable->columnNames); bfreeSafe(B_L, pTable->columnTypes); } /* * Delete the table name */ bfreeSafe(B_L, pTable->name); /* * Free the table */ bfreeSafe(B_L, pTable); hFree((void ***) &dbListTables, table); } } if (dbListTables) { bfree(B_L, dbListTables); } /* * Set the global table list to a safe value */ dbListTables = NULL; dbMaxTables = 0; }
void dbZero(int did) { int table, row, column, nRows, nColumns; int *pRow; dbTable_t *pTable; /* * Delete all data from all tables */ for (table = 0; table < dbMaxTables; table++) { pTable = dbListTables[table]; /* * Delete the row data contained within the schema */ if (pTable) { nColumns = pTable->nColumns; nRows = pTable->nRows; for (row = 0; row < nRows; row++) { pRow = pTable->rows[row]; if (pRow) { /* * Only delete the contents of rows not previously deleted! */ for (column = 0; column < nColumns; column++) { if (pTable->columnTypes[column] == T_STRING) { bfreeSafe(B_L, (char_t *)(pRow[column])); pRow[column] = (int)NULL; } } bfreeSafe(B_L, pRow); hFree((void ***) &pTable->rows, row); } } pTable->rows = NULL; pTable->nRows = 0; } } }
int dbDeleteRow(int did, char_t *tablename, int row) { int tid, nColumns, nRows; dbTable_t *pTable; a_assert(tablename); tid = dbGetTableId(0, tablename); a_assert(tid >= 0); if ((tid >= 0) && (tid < dbMaxTables) && (dbListTables[tid] != NULL)) { pTable = dbListTables[tid]; } else { return DB_ERR_TABLE_NOT_FOUND; } nColumns = pTable->nColumns; nRows = pTable->nRows; if ((row >= 0) && (row < nRows)) { int *pRow = pTable->rows[row]; if (pRow) { int column = 0; /* * Free up any allocated strings */ while (column < nColumns) { if (pRow[column] && (pTable->columnTypes[column] == T_STRING)) { bfree(B_L, (char_t *)pRow[column]); } column++; } /* * Zero out the row for safety */ memset(pRow, 0, nColumns * max(sizeof(int), sizeof(char_t *))); bfreeSafe(B_L, pRow); pTable->nRows = hFree((void ***)&pTable->rows, row); trace(5, T("DB: Deleted row <%d> from table <%s>\n"), row, tablename); } return 0; } else { trace(3, T("DB: Unable to delete row <%d> from table <%s>\n"), row, tablename); } return -1; }
char_t *websCalcNonce(webs_t wp) { char_t *nonce, *prenonce; time_t longTime; #if defined(WIN32) char_t buf[26]; errno_t error; struct tm newtime; #else struct tm *newtime; #endif a_assert(wp); /* * Get time as long integer. */ time(&longTime); /* * Convert to local time. */ #if !defined(WIN32) newtime = localtime(&longTime); #else error = localtime_s(&newtime, &longTime); #endif /* * Create prenonce string. */ #if !defined(WIN32) prenonce = NULL; fmtAlloc(&prenonce, 256, T("%s:%s:%s"), RANDOMKEY, gasctime(newtime), wp->realm); #else asctime_s(buf, elementsof(buf), &newtime); fmtAlloc(&prenonce, 256, T("%s:%s:%s"), RANDOMKEY, buf, RANDOMKEY); #endif a_assert(prenonce); /* * Create the nonce */ nonce = websMD5(prenonce); /* * Cleanup */ bfreeSafe(B_L, prenonce); return nonce; }
void trace(int level, char_t *fmt, ...) { va_list args; char_t *buf; va_start(args, fmt); fmtValloc(&buf, VALUE_MAX_STRING, fmt, args); if (traceHandler) { traceHandler(level, buf); } bfreeSafe(B_L, buf); va_end(args); }
int socketWriteString(int sid, char_t *buf) { #ifdef UNICODE char *byteBuf; int r, len; len = gstrlen(buf); byteBuf = ballocUniToAsc(buf, len); r = socketWrite(sid, byteBuf, len); bfreeSafe(B_L, byteBuf); return r; #else return socketWrite(sid, buf, strlen(buf)); #endif /* UNICODE */ }
void error( E_ARGS_DEC, int etype, char_t* fmt, ... ) { va_list args; char_t* fmtBuf, *buf; va_start( args, fmt ); fmtValloc( &fmtBuf, E_MAX_ERROR, fmt, args ); if ( etype == E_LOG ) { fmtAlloc( &buf, E_MAX_ERROR, T( "%s\n" ), fmtBuf ); /*#ifdef DEV*/ } else if ( etype == E_ASSERT ) { fmtAlloc( &buf, E_MAX_ERROR, T( "Assertion %s, failed at %s %d\n" ), fmtBuf, E_ARGS ); /*#endif*/ } else if ( etype == E_USER ) { fmtAlloc( &buf, E_MAX_ERROR, T( "%s\n" ), fmtBuf ); } /* * bugfix -- if etype is not E_LOG, E_ASSERT, or E_USER, the call to * bfreeSafe(B_L, buf) below will fail, because 'buf' is randomly * initialized. To be nice, we format a message saying that this is an * unknown message type, and in doing so give buf a valid value. Thanks * to Simon Byholm. */ else { fmtAlloc( &buf, E_MAX_ERROR, T( "Unknown error" ) ); } va_end( args ); bfree( B_L, fmtBuf ); if ( errorHandler ) { errorHandler( etype, buf ); } bfreeSafe( B_L, buf ); }
char_t *websCalcNonce(webs_t wp) { char_t *nonce, *prenonce; struct tm *newtime; time_t longTime; a_assert(wp); /* * Get time as long integer. */ time(&longTime); /* * Convert to local time. */ newtime = localtime(&longTime); /* * Create prenonce string. */ prenonce = NULL; #ifdef DIGEST_ACCESS_SUPPORT fmtAlloc(&prenonce, 256, T("%s:%s:%s"), RANDOMKEY, gasctime(newtime), wp->realm); #else fmtAlloc(&prenonce, 256, T("%s:%s:%s"), RANDOMKEY, gasctime(newtime), RANDOMKEY); #endif a_assert(prenonce); /* * Create the nonce */ nonce = websMD5(prenonce); /* * Cleanup */ bfreeSafe(B_L, prenonce); return nonce; }
void websDefaultClose() { #ifdef WEBS_WHITELIST_SUPPORT #ifdef WEBS_SSL_SUPPORT sslList_t *l; while (sslList != NULL) { l = sslList; sslList = sslList->next; bfreeSafe(B_L, l->url); bfree(B_L, l); } #endif websDeleteWhitelist(); #endif /* WEBS_WHITELIST_SUPPORT */ if (websDefaultPage) { bfree(B_L, websDefaultPage); websDefaultPage = NULL; } if (websDefaultDir) { bfree(B_L, websDefaultDir); websDefaultDir = NULL; } }
int websDefaultHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int arg, char_t *url, char_t *path, char_t *query) { websStatType sbuf; char_t *lpath, *tmp, *date; int bytes, flags, nchars; a_assert(websValid(wp)); a_assert(url && *url); a_assert(path); a_assert(query); /* * Validate the URL and ensure that ".."s don't give access to unwanted files */ flags = websGetRequestFlags(wp); if (websValidateUrl(wp, path) < 0) { websError(wp, 500, T("Invalid URL %s"), url); return 1; } lpath = websGetRequestLpath(wp); nchars = gstrlen(lpath) - 1; if (lpath[nchars] == '/' || lpath[nchars] == '\\') { lpath[nchars] = '\0'; } /* * If the file is a directory, redirect using the nominated default page */ if (websPageIsDirectory(lpath)) { nchars = gstrlen(path); if (path[nchars-1] == '/' || path[nchars-1] == '\\') { path[--nchars] = '\0'; } nchars += gstrlen(websDefaultPage) + 2; fmtAlloc(&tmp, nchars, T("%s/%s"), path, websDefaultPage); websRedirect(wp, tmp); bfreeSafe(B_L, tmp); return 1; } /* * Open the document. Stat for later use. */ if (websPageOpen(wp, lpath, path, SOCKET_RDONLY | SOCKET_BINARY, 0666) < 0) { websError(wp, 400, T("Cannot open URL <b>%s</b>"), url); return 1; } if (websPageStat(wp, lpath, path, &sbuf) < 0) { websError(wp, 400, T("Cannot stat page for URL <b>%s</b>"), url); return 1; } /* * If the page has not been modified since the user last received it and it * is not dynamically generated each time (ASP), then optimize request by * sending a 304 Use local copy response */ websStats.localHits++; #ifdef WEBS_IF_MODIFIED_SUPPORT if (flags & WEBS_IF_MODIFIED && !(flags & WEBS_ASP)) { if (sbuf.mtime <= wp->since) { websWrite(wp, T("HTTP/1.0 304 Use local copy\r\n")); /* * by license terms the following line of code must * not be modified. */ websWrite(wp, T("Server: %s\r\n"), WEBS_NAME); if (flags & WEBS_KEEP_ALIVE) { websWrite(wp, T("Connection: keep-alive\r\n")); } websWrite(wp, T("\r\n")); websSetRequestFlags(wp, flags |= WEBS_HEADER_DONE); websDone(wp, 304); return 1; } } #endif /* * Output the normal HTTP response header */ if ((date = websGetDateString(NULL)) != NULL) { websWrite(wp, T("HTTP/1.0 200 OK\r\nDate: %s\r\n"), date); /* * By license terms the following line of code must not be modified. */ websWrite(wp, T("Server: %s\r\n"), WEBS_NAME); bfree(B_L, date); } flags |= WEBS_HEADER_DONE; /* * If this is an ASP request, ensure the remote browser doesn't cache it. * Send back both HTTP/1.0 and HTTP/1.1 cache control directives */ if (flags & WEBS_ASP) { bytes = 0; websWrite(wp, T("Pragma: no-cache\r\nCache-Control: no-cache\r\n")); } else { if ((date = websGetDateString(&sbuf)) != NULL) { websWrite(wp, T("Last-modified: %s\r\n"), date); bfree(B_L, date); } bytes = sbuf.size; } if (bytes) { websWrite(wp, T("Content-length: %d\r\n"), bytes); websSetRequestBytes(wp, bytes); } websWrite(wp, T("Content-type: %s\r\n"), websGetRequestType(wp)); if ((flags & WEBS_KEEP_ALIVE) && !(flags & WEBS_ASP)) { websWrite(wp, T("Connection: keep-alive\r\n")); } websWrite(wp, T("\r\n")); /* * All done if the browser did a HEAD request */ if (flags & WEBS_HEAD_REQUEST) { websDone(wp, 200); return 1; } /* * Evaluate ASP requests */ if (flags & WEBS_ASP) { if (websAspRequest(wp, lpath) < 0) { return 1; } websDone(wp, 200); return 1; } #ifdef WEBS_SSL_SUPPORT if (wp->flags & WEBS_SECURE) { websDefaultWriteEvent(wp); } else { websSetRequestSocketHandler(wp, SOCKET_WRITABLE, websDefaultWriteEvent); } #else /* * For normal web documents, return the data via background write */ websSetRequestSocketHandler(wp, SOCKET_WRITABLE, websDefaultWriteEvent); #endif return 1; }
int websDefaultHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int arg, char_t *url, char_t *path, char_t *query) { websStatType sbuf; char_t *lpath, *tmp, *date; int bytes, flags, nchars, rc; a_assert(websValid(wp)); a_assert(url && *url); a_assert(path); a_assert(query); flags = websGetRequestFlags(wp); /* * We do whitelist validation in addition to standard URL validation. * The whitelist should really catch anything invalid first. * If the whitelist check fails, rebuild the list and try again. * Also validate if we are not on a secure connection, but the whitelist * entry has the SSL flag set, do not serve the page. */ #ifdef WEBS_WHITELIST_SUPPORT printf ("wp->url: (%s)\n", wp->url); if ((rc = websWhitelistCheck(wp->url)) < 0) { websBuildWhitelist(); if ((rc = websWhitelistCheck(wp->url)) < 0) { websError(wp, 404, T("Cannot open URL: type 1")); return 1; } } if (!(flags & WEBS_SECURE) && (rc & WHITELIST_SSL)) { websError(wp, 500, T("HTTPS access required")); return 1; } #endif /* WEBS_WHITELIST_SUPPORT */ /* * Validate the URL and ensure that ".."s don't give access to unwanted files */ if (websValidateUrl(wp, path) < 0) { /* * preventing a cross-site scripting exploit -- you may restore the * following line of code to revert to the original behavior... websError(wp, 500, T("Invalid URL %s"), url); */ websError(wp, 500, T("Invalid URL")); websBuildWhitelist(); return 1; } lpath = websGetRequestLpath(wp); nchars = gstrlen(lpath) - 1; if (lpath[nchars] == '/' || lpath[nchars] == '\\') { lpath[nchars] = '\0'; } /* * If the file is a directory, redirect using the nominated default page */ if (websPageIsDirectory(lpath)) { nchars = gstrlen(path); if (path[nchars-1] == '/' || path[nchars-1] == '\\') { path[--nchars] = '\0'; } nchars += gstrlen(websDefaultPage) + 2; fmtAlloc(&tmp, nchars, T("%s/%s"), path, websDefaultPage); printf ("websDefaultHandler: tmp(%s)\n", tmp); websRedirect(wp, tmp); bfreeSafe(B_L, tmp); return 1; } printf ("we now open the web pages\n"); printf ("lpath(%s), path(%s)\n", lpath, path); /* * Open the document. Stat for later use. */ if (websPageOpen(wp, lpath, path, O_RDONLY | O_BINARY, 0666) < 0) { /* 10 Dec 02 BgP -- according to * <http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html>, * the proper code to return here is NOT 400 (old code), which is used * to indicate a malformed request. Here, the request is good, but the * error we need to tell the client about is 404 (Not Found). */ /* * 17 Mar 03 BgP -- prevent a cross-site scripting exploit websError(wp, 404, T("Cannot open URL %s"), url); */ websError(wp, 404, T("Cannot open URL, type 2")); websBuildWhitelist(); return 1; } printf ("lpath(%s), path(%s)\n", lpath, path); if (websPageStat(wp, lpath, path, &sbuf) < 0) { /* * 17 Mar 03 BgP * prevent a cross-site scripting exploit websError(wp, 400, T("Cannot stat page for URL %s"), url); */ websError(wp, 400, T("Cannot stat page for URL")); websBuildWhitelist(); return 1; } /* * If the page has not been modified since the user last received it and it * is not dynamically generated each time (ASP), then optimize request by * sending a 304 Use local copy response */ websStats.localHits++; #ifdef WEBS_IF_MODIFIED_SUPPORT if (flags & WEBS_IF_MODIFIED && !(flags & WEBS_ASP)) { if (sbuf.mtime <= wp->since) { websWrite(wp, T("HTTP/1.0 304 Use local copy\r\n")); /* * by license terms the following line of code must * not be modified. */ websWrite(wp, T("Server: %s\r\n"), WEBS_NAME); if (flags & WEBS_KEEP_ALIVE) { websWrite(wp, T("Connection: keep-alive\r\n")); } websWrite(wp, T("\r\n")); websSetRequestFlags(wp, flags |= WEBS_HEADER_DONE); websDone(wp, 304); return 1; } } #endif /* * Output the normal HTTP response header */ if ((date = websGetDateString(NULL)) != NULL) { websWrite(wp, T("HTTP/1.0 200 OK\r\nDate: %s\r\n"), date); /* * The Server HTTP header below must not be modified unless * explicitly allowed by licensing terms. */ #ifdef WEBS_SSL_SUPPORT websWrite(wp, T("Server: %s/%s %s/%s\r\n"), WEBS_NAME, WEBS_VERSION, SSL_NAME, SSL_VERSION); #else websWrite(wp, T("Server: %s/%s\r\n"), WEBS_NAME, WEBS_VERSION); #endif bfree(B_L, date); } flags |= WEBS_HEADER_DONE; /* * If this is an ASP request, ensure the remote browser doesn't cache it. * Send back both HTTP/1.0 and HTTP/1.1 cache control directives */ if (flags & WEBS_ASP) { bytes = 0; websWrite(wp, T("Pragma: no-cache\r\nCache-Control: no-cache\r\n")); } else { if ((date = websGetDateString(&sbuf)) != NULL) { websWrite(wp, T("Last-modified: %s\r\n"), date); bfree(B_L, date); } bytes = sbuf.size; } if (bytes) { websWrite(wp, T("Content-length: %d\r\n"), bytes); websSetRequestBytes(wp, bytes); } websWrite(wp, T("Content-type: %s\r\n"), websGetRequestType(wp)); if ((flags & WEBS_KEEP_ALIVE) && !(flags & WEBS_ASP)) { websWrite(wp, T("Connection: keep-alive\r\n")); } websWrite(wp, T("\r\n")); /* * All done if the browser did a HEAD request */ if (flags & WEBS_HEAD_REQUEST) { websDone(wp, 200); return 1; } /* * Evaluate ASP requests */ if (flags & WEBS_ASP) { if (websAspRequest(wp, lpath) < 0) { return 1; } websDone(wp, 200); return 1; } /* * Return the data via background write */ websSetRequestSocketHandler(wp, SOCKET_WRITABLE, websDefaultWriteEvent); return 1; }
/* * Process a form request. Returns 1 always to indicate it handled the URL */ int websCgiHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int arg, char_t *url, char_t *path, char_t* query) { cgiRec *cgip; sym_t *s; char_t cgiBuf[FNAMESIZE], *stdIn, *stdOut, cwd[FNAMESIZE]; char_t *cp, *cgiName, *cgiPath, **argp, **envp, **ep; int n, envpsize, argpsize, pHandle, cid; a_assert(websValid(wp)); a_assert(url && *url); a_assert(path && *path == '/'); websStats.cgiHits++; /* * Extract the form name and then build the full path name. The form * name will follow the first '/' in path. */ gstrncpy(cgiBuf, path, TSZ(cgiBuf)); if ((cgiName = gstrchr(&cgiBuf[1], '/')) == NULL) { websError(wp, 200, T("Missing CGI name")); return 1; } cgiName++; if ((cp = gstrchr(cgiName, '/')) != NULL) { *cp = '\0'; } fmtAlloc(&cgiPath, FNAMESIZE, T("%s/%s/%s"), websGetDefaultDir(), CGI_BIN, cgiName); #ifndef VXWORKS /* * See if the file exists and is executable. If not error out. * Don't do this step for VxWorks, since the module may already * be part of the OS image, rather than in the file system. */ { gstat_t sbuf; if (gstat(cgiPath, &sbuf) != 0 || (sbuf.st_mode & S_IFREG) == 0) { websError(wp, 200, T("CGI process file does not exist")); bfree(B_L, cgiPath); return 1; } #if (defined (WIN) || defined (CE)) if (gstrstr(cgiPath, T(".exe")) == NULL && gstrstr(cgiPath, T(".bat")) == NULL) { #elif (defined (NW)) if (gstrstr(cgiPath, T(".nlm")) == NULL) { #else if (gaccess(cgiPath, X_OK) != 0) { #endif /* WIN || CE */ websError(wp, 200, T("CGI process file is not executable")); bfree(B_L, cgiPath); return 1; } } #endif /* ! VXWORKS */ /* * Get the CWD for resetting after launching the child process CGI */ ggetcwd(cwd, FNAMESIZE); /* * Retrieve the directory of the child process CGI */ if ((cp = gstrrchr(cgiPath, '/')) != NULL) { *cp = '\0'; gchdir(cgiPath); *cp = '/'; } /* * Build command line arguments. Only used if there is no non-encoded * = character. This is indicative of a ISINDEX query. POST separators * are & and others are +. argp will point to a balloc'd array of * pointers. Each pointer will point to substring within the * query string. This array of string pointers is how the spawn or * exec routines expect command line arguments to be passed. Since * we don't know ahead of time how many individual items there are in * the query string, the for loop includes logic to grow the array * size via brealloc. */ argpsize = 10; argp = balloc(B_L, argpsize * sizeof(char_t *)); *argp = cgiPath; n = 1; if (gstrchr(query, '=') == NULL) { websDecodeUrl(query, query, gstrlen(query)); for (cp = gstrtok(query, T(" ")); cp != NULL; ) { *(argp+n) = cp; n++; if (n >= argpsize) { argpsize *= 2; argp = brealloc(B_L, argp, argpsize * sizeof(char_t *)); } cp = gstrtok(NULL, T(" ")); } } *(argp+n) = NULL; /* * Add all CGI variables to the environment strings to be passed * to the spawned CGI process. This includes a few we don't * already have in the symbol table, plus all those that are in * the cgiVars symbol table. envp will point to a balloc'd array of * pointers. Each pointer will point to a balloc'd string containing * the keyword value pair in the form keyword=value. Since we don't * know ahead of time how many environment strings there will be the * for loop includes logic to grow the array size via brealloc. */ envpsize = WEBS_SYM_INIT; envp = balloc(B_L, envpsize * sizeof(char_t *)); n = 0; fmtAlloc(envp+n, FNAMESIZE, T("%s=%s"),T("PATH_TRANSLATED"), cgiPath); n++; fmtAlloc(envp+n, FNAMESIZE, T("%s=%s/%s"),T("SCRIPT_NAME"), CGI_BIN, cgiName); n++; fmtAlloc(envp+n, FNAMESIZE, T("%s=%s"),T("REMOTE_USER"), wp->userName); n++; fmtAlloc(envp+n, FNAMESIZE, T("%s=%s"),T("AUTH_TYPE"), wp->authType); n++; for (s = symFirst(wp->cgiVars); s != NULL; s = symNext(wp->cgiVars)) { if (s->content.valid && s->content.type == string && gstrcmp(s->name.value.string, T("REMOTE_HOST")) != 0 && gstrcmp(s->name.value.string, T("HTTP_AUTHORIZATION")) != 0) { fmtAlloc(envp+n, FNAMESIZE, T("%s=%s"), s->name.value.string, s->content.value.string); n++; if (n >= envpsize) { envpsize *= 2; envp = brealloc(B_L, envp, envpsize * sizeof(char_t *)); } } } if (wp->flags & WEBS_CGI_UPLOAD){ // set filename into enviornment variables fmtAlloc(envp+n, FNAMESIZE, T("%s=%s"), T("UPLOAD_FILENAME"), wp->cgiStdin); n++; } *(envp+n) = NULL; /* * Create temporary file name(s) for the child's stdin and stdout. * For POST data the stdin temp file (and name) should already exist. */ if (wp->cgiStdin == NULL) { wp->cgiStdin = websGetCgiCommName(wp); } stdIn = wp->cgiStdin; stdOut = websGetCgiCommName(wp); /* * Now launch the process. If not successful, do the cleanup of resources. * If successful, the cleanup will be done after the process completes. */ if ((pHandle = websLaunchCgiProc(cgiPath, argp, envp, stdIn, stdOut)) == -1) { websError(wp, 200, T("failed to spawn CGI task")); for (ep = envp; *ep != NULL; ep++) { bfreeSafe(B_L, *ep); } bfreeSafe(B_L, cgiPath); bfreeSafe(B_L, argp); bfreeSafe(B_L, envp); bfreeSafe(B_L, stdOut); } else { /* * If the spawn was successful, put this wp on a queue to be * checked for completion. */ cid = hAllocEntry((void***) &cgiList, &cgiMax, sizeof(cgiRec)); cgip = cgiList[cid]; cgip->handle = pHandle; cgip->stdIn = stdIn; cgip->stdOut = stdOut; cgip->cgiPath = cgiPath; cgip->argp = argp; cgip->envp = envp; cgip->wp = wp; cgip->fplacemark = 0; websTimeoutCancel(wp); } /* * Restore the current working directory after spawning child CGI */ gchdir(cwd); return 1; } /******************************************************************************/ /* * Any entry in the cgiList need to be checked to see if it has */ void websCgiGatherOutput (cgiRec *cgip) { gstat_t sbuf; char_t cgiBuf[FNAMESIZE]; if ((gstat(cgip->stdOut, &sbuf) == 0) && (sbuf.st_size > cgip->fplacemark)) { int fdout; fdout = gopen(cgip->stdOut, O_RDONLY | O_BINARY, 0444 ); /* * Check to see if any data is available in the * output file and send its contents to the socket. */ if (fdout >= 0) { webs_t wp = cgip->wp; int nRead; /* * Write the HTTP header on our first pass */ if (cgip->fplacemark == 0) { websWrite(wp, T("HTTP/1.0 200 OK\r\n")); } glseek(fdout, cgip->fplacemark, SEEK_SET); while ((nRead = gread(fdout, cgiBuf, FNAMESIZE)) > 0) { websWriteBlock(wp, cgiBuf, nRead); cgip->fplacemark += nRead; } gclose(fdout); } } } /******************************************************************************/ /* * Any entry in the cgiList need to be checked to see if it has * completed, and if so, process its output and clean up. */ void websCgiCleanup() { cgiRec *cgip; webs_t wp; char_t **ep; int cid, nTries; for (cid = 0; cid < cgiMax; cid++) { if ((cgip = cgiList[cid]) != NULL) { int exit_status; wp = cgip->wp; websCgiGatherOutput (cgip); if ( websCheckCgiProc(cgip->handle, &exit_status) == 0) { /* * We get here if the CGI process has terminated. Clean up. */ nTries = 0; /* * Make sure we didn't miss something during a task switch. * Maximum wait is 100 times 10 msecs (1 second). */ while ((cgip->fplacemark == 0) && (nTries < 100)) { websCgiGatherOutput(cgip); /* * There are some cases when we detect app exit * before the file is ready. */ if (cgip->fplacemark == 0) { #ifdef WIN Sleep(10); #endif /* WIN*/ } nTries++; } if (cgip->fplacemark == 0) { websError(wp, 200, T("CGI generated no output")); } else { websDone(wp, 200); } /* * Remove the temporary re-direction files */ gunlink(cgip->stdIn); gunlink(cgip->stdOut); /* * Free all the memory buffers pointed to by cgip. * The stdin file name (wp->cgiStdin) gets freed as * part of websFree(). */ cgiMax = hFree((void***) &cgiList, cid); for (ep = cgip->envp; ep != NULL && *ep != NULL; ep++) { bfreeSafe(B_L, *ep); } bfreeSafe(B_L, cgip->cgiPath); bfreeSafe(B_L, cgip->argp); bfreeSafe(B_L, cgip->envp); bfreeSafe(B_L, cgip->stdOut); bfreeSafe(B_L, cgip); #if 0 //DAVIDM - we do not want this, netflash does it for us if(wp->has_firmware_upload_clean){ if (WIFEXITED(exit_status) && WEXITSTATUS(exit_status) != 0) return; sync(); doSystem("sleep 3 && reboot &"); } #endif } } } }
int websAspRequest(webs_t wp, char_t *lpath) { websStatType sbuf; char *rbuf; char_t *token, *lang, *result, *path, *ep, *cp, *buf, *nextp; char_t *last; int rc, engine, len, ejid; a_assert(websValid(wp)); a_assert(lpath && *lpath); rc = -1; buf = NULL; rbuf = NULL; engine = EMF_SCRIPT_EJSCRIPT; wp->flags |= WEBS_HEADER_DONE; path = websGetRequestPath(wp); /* * Create Ejscript instance in case it is needed */ ejid = ejOpenEngine(wp->cgiVars, websAspFunctions); if (ejid < 0) { websError(wp, 200, T("Can't create Ejscript engine")); goto done; } ejSetUserHandle(ejid, (int) wp); if (websPageStat(wp, lpath, path, &sbuf) < 0) { websError(wp, 200, T("Can't stat %s"), lpath); goto done; } /* * Create a buffer to hold the ASP file in-memory */ len = sbuf.size * sizeof(char); if ((rbuf = balloc(B_L, len + 1)) == NULL) { websError(wp, 200, T("Can't get memory")); goto done; } rbuf[len] = '\0'; if (websPageReadData(wp, rbuf, len) != len) { websError(wp, 200, T("Cant read %s"), lpath); goto done; } websPageClose(wp); /* * Convert to UNICODE if necessary. */ if ((buf = ballocAscToUni(rbuf, len)) == NULL) { websError(wp, 200, T("Can't get memory")); goto done; } /* * Scan for the next "<%" */ last = buf; rc = 0; while (rc == 0 && *last && ((nextp = gstrstr(last, T("<%"))) != NULL)) { websWriteBlock(wp, last, (nextp - last)); nextp = skipWhite(nextp + 2); /* * Decode the language */ token = T("language"); if ((lang = strtokcmp(nextp, token)) != NULL) { if ((cp = strtokcmp(lang, T("=javascript"))) != NULL) { engine = EMF_SCRIPT_EJSCRIPT; } else { cp = nextp; } nextp = cp; } /* * Find tailing bracket and then evaluate the script */ if ((ep = gstrstr(nextp, T("%>"))) != NULL) { *ep = '\0'; last = ep + 2; nextp = skipWhite(nextp); /* * Handle backquoted newlines */ for (cp = nextp; *cp; ) { if (*cp == '\\' && (cp[1] == '\r' || cp[1] == '\n')) { *cp++ = ' '; while (*cp == '\r' || *cp == '\n') { *cp++ = ' '; } } else { cp++; } } /* * Now call the relevant script engine. Output is done directly * by the ASP script procedure by calling websWrite() */ if (*nextp) { result = NULL; if (engine == EMF_SCRIPT_EJSCRIPT) { rc = scriptEval(engine, nextp, &result, ejid); } else { rc = scriptEval(engine, nextp, &result, (int) wp); } if (rc < 0) { /* * On an error, discard all output accumulated so far * and store the error in the result buffer. Be careful if the * user has called websError() already. */ if (websValid(wp)) { if (result) { websWrite(wp, T("<h2><b>ASP Error: %s</b></h2>\n"), result); websWrite(wp, T("<pre>%s</pre>"), nextp); bfree(B_L, result); } else { websWrite(wp, T("<h2><b>ASP Error</b></h2>\n%s\n"), nextp); } websWrite(wp, T("</body></html>\n")); rc = 0; } goto done; } } } else { websError(wp, 200, T("Unterminated script in %s: \n"), lpath); rc = -1; goto done; } } /* * Output any trailing HTML page text */ if (last && *last && rc == 0) { websWriteBlock(wp, last, gstrlen(last)); } rc = 0; /* * Common exit and cleanup */ done: if (websValid(wp)) { websPageClose(wp); if (ejid >= 0) { ejCloseEngine(ejid); } } bfreeSafe(B_L, buf); bfreeSafe(B_L, rbuf); return rc; }
int dbSave(int did, char_t *filename, int flags) { int row, column, nColumns, nRows, fd, rc; int *colTypes, *pRow, nRet, tid; char_t *path, *tmpFile, *tmpNum; char_t **colNames; dbTable_t *pTable; trace(5, T("DB: About to save database to file\n")); a_assert(dbMaxTables > 0); /* * First write to a temporary file, then switch around later. */ fmtAlloc(&tmpFile, FNAMESIZE, T("%s/data.tmp"), basicGetProductDir()); if ((fd = gopen(tmpFile, O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0) { trace(1, T("WARNING: Failed to open file %s\n"), tmpFile); bfree(B_L, tmpFile); return -1; } nRet = 0; for (tid = 0; (tid < dbMaxTables) && (nRet != -1); tid++) { pTable = dbListTables[tid]; if (pTable) { /* * Print the TABLE=tableName directive to the file */ rc = dbWriteKeyValue(fd, KEYWORD_TABLE, pTable->name); nColumns = pTable->nColumns; nRows = pTable->nRows; for (row = 0; (row < nRows) && (nRet == 0); row++) { pRow = pTable->rows[row]; /* * if row is NULL, the row has been deleted, so don't * write it out. */ if ((pRow == NULL) || (pRow[0] == '\0') || (*(char_t *)(pRow[0]) == '\0')) { continue; } /* * Print the ROW=rowNumber directive to the file */ fmtAlloc(&tmpNum, 20, T("%d"), row); rc = dbWriteKeyValue(fd, KEYWORD_ROW, tmpNum); bfreeSafe(B_L, tmpNum); colNames = pTable->columnNames; colTypes = pTable->columnTypes; /* * Print the key-value pairs (COLUMN=value) for data cells */ for (column = 0; (column < nColumns) && (rc >= 0); column++, colNames++, colTypes++) { if (*colTypes == T_STRING) { rc = dbWriteKeyValue(fd, *colNames, (char_t *)(pRow[column])); } else { fmtAlloc(&tmpNum, 20, T("%d"), pRow[column]); rc = dbWriteKeyValue(fd, *colNames, tmpNum); bfreeSafe(B_L, tmpNum); } } if (rc < 0) { trace(1, T("WARNING: Failed to write to file %s\n"), tmpFile); nRet = -1; } } } } gclose(fd); /* * Replace the existing file with the temporary file, if no errors */ if (nRet == 0) { fmtAlloc(&path, FNAMESIZE, T("%s/%s"), basicGetProductDir(), filename); gunlink(path); if (grename(tmpFile, path) != 0) { trace(1, T("WARNING: Failed to rename %s to %s\n"), tmpFile, path); nRet = -1; } bfree(B_L, path); } bfree(B_L, tmpFile); return nRet; }
int websLaunchCgiProc(char_t *cgiPath, char_t **argp, char_t **envp, char_t *stdIn, char_t *stdOut) { SYM_TYPE ptype; char_t *p, *basename, *pEntry, *pname, *entryAddr, **pp; int priority, rc, fd; /* * Determine the basename, which is without path or the extension. */ if ((int)(p = gstrrchr(cgiPath, '/') + 1) == 1) { p = cgiPath; } basename = bstrdup(B_L, p); if ((p = gstrrchr(basename, '.')) != NULL) { *p = '\0'; } /* * Unload the module, if it is already loaded. Get the current task * priority. */ unld(cgiPath, 0); taskPriorityGet(taskIdSelf(), &priority); rc = fd = -1; /* * Set the entry point symbol name as described above. Look for an already * loaded entry point; if it exists, spawn the task accordingly. */ for (pp = envp, pEntry = NULL; pp != NULL && *pp != NULL; pp++) { if (gstrncmp(*pp, T("cgientry="), 9) == 0) { pEntry = bstrdup(B_L, *pp + 9); break; } } if (pEntry == NULL) { fmtAlloc(&pEntry, LF_PATHSIZE, T("%s_%s"), basename, T("cgientry")); } entryAddr = 0; if (symFindByName(sysSymTbl, pEntry, &entryAddr, &ptype) == -1) { fmtAlloc(&pname, VALUE_MAX_STRING, T("_%s"), pEntry); symFindByName(sysSymTbl, pname, &entryAddr, &ptype); bfreeSafe(B_L, pname); } if (entryAddr != 0) { rc = taskSpawn(pEntry, priority, 0, 20000, (void *)vxWebsCgiEntry, (int)entryAddr, (int)argp, (int)envp, (int)stdIn, (int)stdOut, 0, 0, 0, 0, 0); goto DONE; } /* * Try to load the module. */ if ((fd = gopen(cgiPath, O_RDONLY | O_BINARY, 0666)) < 0 || loadModule(fd, LOAD_GLOBAL_SYMBOLS) == NULL) { goto DONE; } if ((symFindByName(sysSymTbl, pEntry, &entryAddr, &ptype)) == -1) { fmtAlloc(&pname, VALUE_MAX_STRING, T("_%s"), pEntry); symFindByName(sysSymTbl, pname, &entryAddr, &ptype); bfreeSafe(B_L, pname); } if (entryAddr != 0) { rc = taskSpawn(pEntry, priority, 0, 20000, (void *)vxWebsCgiEntry, (int)entryAddr, (int)argp, (int)envp, (int)stdIn, (int)stdOut, 0, 0, 0, 0, 0); } DONE: if (fd != -1) { gclose(fd); } bfree(B_L, basename); bfree(B_L, pEntry); return rc; }