Loading...
Searching...
No Matches
#include <sys/types.h>#include <sys/stat.h>#include <errno.h>#include <signal.h>#include <fcntl.h>#include <time.h>#include <stdlib.h>#include <stdarg.h>#include <assert.h>#include <string.h>#include <ctype.h>#include <limits.h>#include <stddef.h>#include <stdio.h>#include <sys/wait.h>#include <sys/socket.h>#include <sys/poll.h>#include <netinet/in.h>#include <arpa/inet.h>#include <sys/time.h>#include <stdint.h>#include <inttypes.h>#include <netdb.h>#include <pwd.h>#include <unistd.h>#include <dirent.h>#include <pthread.h>#include "mongoose4.h"#include <openssl/ssl.h>#include <openssl/err.h>
Include dependency graph for mongoose4.cxx:
Go to the source code of this file.
Classes | |
| union | usa |
| struct | vec |
| struct | file |
| struct | socket |
| struct | mg_context |
| struct | mg_connection |
| struct | de |
| struct | MD5Context |
| struct | ah |
| struct | dir_scan_data |
| struct | cgi_env_block |
Macros | |
| #define | NO_SSL_DL 1 |
| #define | _LARGEFILE_SOURCE |
| #define | __STDC_FORMAT_MACROS |
| #define | __STDC_LIMIT_MACROS |
| #define | SSL_LIB "libssl.so" |
| #define | CRYPTO_LIB "libcrypto.so" |
| #define | O_BINARY 0 |
| #define | closesocket(a) close(a) |
| #define | mg_mkdir(x, y) mkdir(x, y) |
| #define | mg_remove(x) remove(x) |
| #define | mg_sleep(x) usleep((x) * 1000) |
| #define | ERRNO errno |
| #define | INVALID_SOCKET (-1) |
| #define | INT64_FMT PRId64 |
| #define | WINCDECL |
| #define | MONGOOSE_VERSION "4.2" |
| #define | PASSWORDS_FILE_NAME ".htpasswd" |
| #define | CGI_ENVIRONMENT_SIZE 4096 |
| #define | MAX_CGI_ENVIR_VARS 64 |
| #define | MG_BUF_LEN 8192 |
| #define | MAX_REQUEST_SIZE 16384 |
| #define | ARRAY_SIZE(array) (sizeof(array) / sizeof(array[0])) |
| #define | DEBUG_TRACE(x) |
| #define | _DARWIN_UNLIMITED_SELECT |
| #define | IP_ADDR_STR_LEN 50 |
| #define | MSG_NOSIGNAL 0 |
| #define | SOMAXCONN 100 |
| #define | PATH_MAX 4096 |
| #define | MGSQLEN 20 |
| #define | EXTRA_HTTP_HEADERS "" |
| #define | STRUCT_FILE_INITIALIZER { 0, 0, 0, 0 } |
| #define | F1(x, y, z) (z ^ (x & (y ^ z))) |
| #define | F2(x, y, z) F1(z, x, y) |
| #define | F3(x, y, z) (x ^ y ^ z) |
| #define | F4(x, y, z) (y ^ (x | ~z)) |
| #define | MD5STEP(f, w, x, y, z, data, s) ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x ) |
| #define | HEXTOI(x) (isdigit(x) ? x - '0' : x - 'W') |
Typedefs | |
| typedef int | SOCKET |
| typedef struct MD5Context | MD5_CTX |
Enumerations | |
| enum | { CGI_EXTENSIONS , CGI_ENVIRONMENT , PUT_DELETE_PASSWORDS_FILE , CGI_INTERPRETER , PROTECT_URI , AUTHENTICATION_DOMAIN , SSI_EXTENSIONS , THROTTLE , ACCESS_LOG_FILE , ENABLE_DIRECTORY_LISTING , ERROR_LOG_FILE , GLOBAL_PASSWORDS_FILE , INDEX_FILES , ENABLE_KEEP_ALIVE , ACCESS_CONTROL_LIST , EXTRA_MIME_TYPES , LISTENING_PORTS , DOCUMENT_ROOT , SSL_CERTIFICATE , NUM_THREADS , RUN_AS_USER , REWRITE , HIDE_FILES , REQUEST_TIMEOUT , NUM_OPTIONS } |
Functions | |
| static FILE * | mg_fopen (const char *path, const char *mode) |
| static int | mg_stat (const char *path, struct file *filep) |
| static void | send_http_error (struct mg_connection *, int, const char *, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(4 |
| static void static void | cry (struct mg_connection *conn, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(2 |
| static void static void static int | getreq (struct mg_connection *conn, char *ebuf, size_t ebuf_len) |
| static struct mg_connection * | fc (struct mg_context *ctx) |
| static void | mg_strlcpy (register char *dst, register const char *src, size_t n) |
| static int | lowercase (const char *s) |
| static int | mg_strncasecmp (const char *s1, const char *s2, size_t len) |
| static int | mg_strcasecmp (const char *s1, const char *s2) |
| static char * | mg_strndup (const char *ptr, size_t len) |
| static char * | mg_strdup (const char *str) |
| static const char * | mg_strcasestr (const char *big_str, const char *small_str) |
| static int | mg_vsnprintf (char *buf, size_t buflen, const char *fmt, va_list ap) |
| static int | mg_snprintf (char *buf, size_t buflen, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(3 |
| static int static int | mg_snprintf (char *buf, size_t buflen, const char *fmt,...) |
| static char * | skip_quoted (char **buf, const char *delimiters, const char *whitespace, char quotechar) |
| static char * | skip (char **buf, const char *delimiters) |
| static const char * | get_header (const struct mg_request_info *ri, const char *name) |
| const char * | mg_get_header (const struct mg_connection *conn, const char *name) |
| static const char * | next_option (const char *list, struct vec *val, struct vec *eq_val) |
| static int | match_prefix (const char *pattern, int pattern_len, const char *str) |
| static int | get_month_index (const char *s) |
| static int | num_leap_years (int year) |
| static time_t | parse_date_string (const char *datetime) |
| const char ** | mg_get_valid_option_names (void) |
| static int | get_option_index (const char *name) |
| const char * | mg_get_option (const struct mg_context *ctx, const char *name) |
| static int | is_big_endian (void) |
| static void | byteReverse (unsigned char *buf, unsigned longs) |
| static void | MD5Init (MD5_CTX *ctx) |
| static void | MD5Transform (uint32_t buf[4], uint32_t const in[16]) |
| static void | MD5Update (MD5_CTX *ctx, unsigned char const *buf, unsigned len) |
| static void | MD5Final (unsigned char digest[16], MD5_CTX *ctx) |
| static void | bin2str (char *to, const unsigned char *p, size_t len) |
| char * | mg_md5 (char buf[33],...) |
| static int | check_password (const char *method, const char *ha1, const char *uri, const char *nonce, const char *nc, const char *cnonce, const char *qop, const char *response) |
| static FILE * | open_auth_file (struct mg_connection *conn, const char *path) |
| static int | parse_auth_header (struct mg_connection *conn, char *buf, size_t buf_size, struct ah *ah) |
| static int | authorize (struct mg_connection *conn, FILE *fp) |
| static int | check_authorization (struct mg_connection *conn, const char *path) |
| static void | send_authorization_request (struct mg_connection *conn) |
| static int | is_authorized_for_put (struct mg_connection *conn) |
| int | mg_modify_passwords_file (const char *fname, const char *domain, const char *user, const char *pass) |
| static void | set_close_on_exec (int fd) |
| int | mg_start_thread (mg_thread_func_t func, void *param) |
| static pid_t | spawn_process (struct mg_connection *conn, const char *prog, char *envblk, char *envp[], int fdin, int fdout, const char *dir) |
| static int | set_non_blocking_mode (SOCKET sock) |
| static int | alloc_vprintf (char **buf, size_t size, const char *fmt, va_list ap) |
| int | mg_vprintf (struct mg_connection *conn, const char *fmt, va_list ap) |
| int | mg_printf (struct mg_connection *conn, const char *fmt,...) |
| static int | mg_chunked_printf (struct mg_connection *conn, const char *fmt,...) |
| static int | sslize (struct mg_connection *conn, SSL_CTX *s, int(*func)(SSL *)) |
| static const char * | ssl_error (void) |
| static void | ssl_locking_callback (int mode, int mutex_num, const char *file, int line) |
| static unsigned long | ssl_id_callback (void) |
| static int | set_ssl_option (struct mg_context *ctx) |
| static void | uninitialize_ssl (struct mg_context *ctx) |
| static SOCKET | conn2 (const char *host, int port, int use_ssl, char *ebuf, size_t ebuf_len) |
| struct mg_connection * | mg_connect (const char *host, int port, int use_ssl, char *ebuf, size_t ebuf_len) |
| struct mg_connection * | mg_download (const char *host, int port, int use_ssl, char *ebuf, size_t ebuf_len, const char *fmt,...) |
| static int64_t | left_to_read (const struct mg_connection *conn) |
| static int | call_user (int type, struct mg_connection *conn, void *p) |
| static void | sockaddr_to_string (char *buf, size_t len, const union usa *usa) |
| static void | cry (struct mg_connection *conn, const char *fmt,...) |
| const char * | mg_version (void) |
| static int | should_keep_alive (const struct mg_connection *conn) |
| static const char * | suggest_connection_header (const struct mg_connection *conn) |
| static void | send_http_error (struct mg_connection *conn, int status, const char *reason, const char *fmt,...) |
| static int64_t | push (FILE *fp, SOCKET sock, SSL *ssl, const char *buf, int64_t len) |
| static int | pull (FILE *fp, struct mg_connection *conn, char *buf, int len) |
| static int | pull_all (FILE *fp, struct mg_connection *conn, char *buf, int len) |
| int | mg_read (struct mg_connection *conn, void *buf, int len) |
| int | mg_write (struct mg_connection *conn, const void *buf, int len) |
| int | mg_url_decode (const char *src, int src_len, char *dst, int dst_len, int is_form_url_encoded) |
| int | mg_get_var (const char *data, size_t data_len, const char *name, char *dst, size_t dst_len) |
| int | mg_get_cookie (const char *cookie_header, const char *var_name, char *dst, size_t dst_size) |
| static int | convert_uri_to_file_name (struct mg_connection *conn, char *buf, size_t buf_len, struct file *filep) |
| static int | get_request_len (const char *buf, int buf_len) |
| static void | remove_double_dots_and_double_slashes (char *s) |
| const char * | mg_get_builtin_mime_type (const char *path) |
| static void | get_mime_type (struct mg_context *ctx, const char *path, struct vec *vec) |
| void | mg_url_encode (const char *src, char *dst, size_t dst_len) |
| static void | print_dir_entry (const struct de *de) |
| static int WINCDECL | compare_dir_entries (const void *p1, const void *p2) |
| static int | must_hide_file (struct mg_connection *conn, const char *path) |
| static int | scan_directory (struct mg_connection *conn, const char *dir, void *data, void(*cb)(struct de *, void *)) |
| static int | remove_directory (struct mg_connection *conn, const char *dir) |
| static void * | realloc2 (void *ptr, size_t size) |
| static void | dir_scan_callback (struct de *de, void *data) |
| static void | handle_directory_request (struct mg_connection *conn, const char *dir) |
| static void | send_file_data (struct mg_connection *conn, FILE *fp, int64_t offset, int64_t len) |
| static int | parse_range_header (const char *header, int64_t *a, int64_t *b) |
| static void | gmt_time_string (char *buf, size_t buf_len, time_t *t) |
| static void | construct_etag (char *buf, size_t buf_len, const struct file *filep) |
| static void | fclose_on_exec (FILE *fp) |
| static void | handle_file_request (struct mg_connection *conn, const char *path, struct file *filep) |
| void | mg_send_file (struct mg_connection *conn, const char *path) |
| static void | parse_http_headers (char **buf, struct mg_request_info *ri) |
| static int | is_valid_http_method (const char *method) |
| static int | parse_http_message (char *buf, int len, struct mg_request_info *ri) |
| static int | read_request (FILE *fp, struct mg_connection *conn, char *buf, int bufsiz, int *nread) |
| static int | substitute_index_file (struct mg_connection *conn, char *path, size_t path_len, struct file *filep) |
| static int | is_not_modified (const struct mg_connection *conn, const struct file *filep) |
| static int | forward_body_data (struct mg_connection *conn, FILE *fp, SOCKET sock, SSL *ssl) |
| static char * | addenv (struct cgi_env_block *block, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(2 |
| static char static char * | addenv (struct cgi_env_block *block, const char *fmt,...) |
| static void | prepare_cgi_environment (struct mg_connection *conn, const char *prog, struct cgi_env_block *blk) |
| static void | handle_cgi_request (struct mg_connection *conn, const char *prog) |
| static int | put_dir (const char *path) |
| static void | mkcol (struct mg_connection *conn, const char *path) |
| static void | put_file (struct mg_connection *conn, const char *path) |
| static void | send_ssi_file (struct mg_connection *, const char *, FILE *, int) |
| static void | do_ssi_include (struct mg_connection *conn, const char *ssi, char *tag, int include_level) |
| static void | do_ssi_exec (struct mg_connection *conn, char *tag) |
| static void | handle_ssi_file_request (struct mg_connection *conn, const char *path) |
| static void | handle_options_request (struct mg_connection *conn) |
| static void | print_props (struct mg_connection *conn, const char *uri, struct file *filep) |
| static void | print_dav_dir_entry (struct de *de, void *data) |
| static void | handle_propfind (struct mg_connection *conn, const char *path, struct file *filep) |
| static int | isbyte (int n) |
| static int | parse_net (const char *spec, uint32_t *net, uint32_t *mask) |
| static int | set_throttle (const char *spec, uint32_t remote_ip, const char *uri) |
| static uint32_t | get_remote_ip (const struct mg_connection *conn) |
| FILE * | mg_upload (struct mg_connection *conn, const char *destination_dir, char *path, int path_len) |
| static int | is_put_or_delete_request (const struct mg_connection *conn) |
| static int | get_first_ssl_listener_index (const struct mg_context *ctx) |
| static void | redirect_to_https_port (struct mg_connection *conn, int ssl_index) |
| static void | handle_delete_request (struct mg_connection *conn, const char *path) |
| static void | handle_request (struct mg_connection *conn) |
| static void | close_all_listening_sockets (struct mg_context *ctx) |
| static int | is_valid_port (unsigned int port) |
| static int | parse_port_string (const struct vec *vec, struct socket *so) |
| static int | set_ports_option (struct mg_context *ctx) |
| static void | log_header (const struct mg_connection *conn, const char *header, FILE *fp) |
| static void | log_access (const struct mg_connection *conn) |
| static int | check_acl (struct mg_context *ctx, uint32_t remote_ip) |
| static int | set_uid_option (struct mg_context *ctx) |
| static int | set_gpass_option (struct mg_context *ctx) |
| static int | set_acl_option (struct mg_context *ctx) |
| static void | reset_per_request_attributes (struct mg_connection *conn) |
| static void | close_socket_gracefully (struct mg_connection *conn) |
| static void | close_connection (struct mg_connection *conn) |
| void | mg_close_connection (struct mg_connection *conn) |
| static int | is_valid_uri (const char *uri) |
| static void | process_new_connection (struct mg_connection *conn) |
| static int | consume_socket (struct mg_context *ctx, struct socket *sp) |
| static void * | worker_thread (void *thread_func_param) |
| static void | produce_socket (struct mg_context *ctx, const struct socket *sp) |
| static int | set_sock_timeout (SOCKET sock, int milliseconds) |
| static void | accept_new_connection (const struct socket *listener, struct mg_context *ctx) |
| static void * | master_thread (void *thread_func_param) |
| static void | free_context (struct mg_context *ctx) |
| void | mg_stop (struct mg_context *ctx) |
| struct mg_context * | mg_start (const char **options, mg_event_handler_t func, void *user_data) |
Variables | ||
| static const char * | http_500_error = "Internal Server Error" | |
| static const char * | month_names [] | |
| static const char * | config_options [] | |
| static pthread_mutex_t * | ssl_mutexes | |
| struct { | ||
| const char * extension | ||
| size_t ext_len | ||
| const char * mime_type | ||
| } | builtin_mime_types [] | |
Macro Definition Documentation
◆ __STDC_FORMAT_MACROS
| #define __STDC_FORMAT_MACROS |
Definition at line 41 of file mongoose4.cxx.
◆ __STDC_LIMIT_MACROS
| #define __STDC_LIMIT_MACROS |
Definition at line 42 of file mongoose4.cxx.
◆ _DARWIN_UNLIMITED_SELECT
| #define _DARWIN_UNLIMITED_SELECT |
Definition at line 293 of file mongoose4.cxx.
◆ _LARGEFILE_SOURCE
| #define _LARGEFILE_SOURCE |
Definition at line 39 of file mongoose4.cxx.
◆ ARRAY_SIZE
| #define ARRAY_SIZE | ( | array | ) | (sizeof(array) / sizeof(array[0])) |
Definition at line 267 of file mongoose4.cxx.
◆ CGI_ENVIRONMENT_SIZE
| #define CGI_ENVIRONMENT_SIZE 4096 |
Definition at line 263 of file mongoose4.cxx.
◆ closesocket
| #define closesocket | ( | a | ) | close(a) |
Definition at line 247 of file mongoose4.cxx.
◆ CRYPTO_LIB
| #define CRYPTO_LIB "libcrypto.so" |
Definition at line 241 of file mongoose4.cxx.
◆ DEBUG_TRACE
| #define DEBUG_TRACE | ( | x | ) |
Definition at line 285 of file mongoose4.cxx.
◆ ERRNO
| #define ERRNO errno |
Definition at line 251 of file mongoose4.cxx.
◆ EXTRA_HTTP_HEADERS
| #define EXTRA_HTTP_HEADERS "" |
Definition at line 316 of file mongoose4.cxx.
◆ F1
| #define F1 | ( | x, | |
| y, | |||
| z | |||
| ) | (z ^ (x & (y ^ z))) |
Definition at line 906 of file mongoose4.cxx.
◆ F2
| #define F2 | ( | x, | |
| y, | |||
| z | |||
| ) | F1(z, x, y) |
Definition at line 907 of file mongoose4.cxx.
◆ F3
| #define F3 | ( | x, | |
| y, | |||
| z | |||
| ) | (x ^ y ^ z) |
Definition at line 908 of file mongoose4.cxx.
◆ F4
| #define F4 | ( | x, | |
| y, | |||
| z | |||
| ) | (y ^ (x | ~z)) |
Definition at line 909 of file mongoose4.cxx.
◆ HEXTOI
| #define HEXTOI | ( | x | ) | (isdigit(x) ? x - '0' : x - 'W') |
◆ INT64_FMT
| #define INT64_FMT PRId64 |
Definition at line 253 of file mongoose4.cxx.
◆ INVALID_SOCKET
| #define INVALID_SOCKET (-1) |
Definition at line 252 of file mongoose4.cxx.
◆ IP_ADDR_STR_LEN
| #define IP_ADDR_STR_LEN 50 |
Definition at line 295 of file mongoose4.cxx.
◆ MAX_CGI_ENVIR_VARS
| #define MAX_CGI_ENVIR_VARS 64 |
Definition at line 264 of file mongoose4.cxx.
◆ MAX_REQUEST_SIZE
| #define MAX_REQUEST_SIZE 16384 |
Definition at line 266 of file mongoose4.cxx.
◆ MD5STEP
Definition at line 911 of file mongoose4.cxx.
915 {
916 ctx->buf[0] = 0x67452301;
917 ctx->buf[1] = 0xefcdab89;
918 ctx->buf[2] = 0x98badcfe;
919 ctx->buf[3] = 0x10325476;
920
921 ctx->bits[0] = 0;
922 ctx->bits[1] = 0;
923}
924
927
928 a = buf[0];
929 b = buf[1];
930 c = buf[2];
931 d = buf[3];
932
949
966
983
1000
1001 buf[0] += a;
1002 buf[1] += b;
1003 buf[2] += c;
1004 buf[3] += d;
1005}
1006
1008 uint32_t t;
1009
1010 t = ctx->bits[0];
1012 ctx->bits[1]++;
1013 ctx->bits[1] += len >> 29;
1014
1015 t = (t >> 3) & 0x3f;
1016
1017 if (t) {
1019
1020 t = 64 - t;
1021 if (len < t) {
1022 memcpy(p, buf, len);
1023 return;
1024 }
1025 memcpy(p, buf, t);
1028 buf += t;
1029 len -= t;
1030 }
1031
1032 while (len >= 64) {
1033 memcpy(ctx->in, buf, 64);
1036 buf += 64;
1037 len -= 64;
1038 }
1039
1040 memcpy(ctx->in, buf, len);
1041}
1042
1045 unsigned char *p;
1046 uint32_t *a;
1047
1049
1051 *p++ = 0x80;
1054 memset(p, 0, count);
1057 memset(ctx->in, 0, 56);
1058 } else {
1059 memset(p, 0, count - 8);
1060 }
1062
1063 a = (uint32_t *)ctx->in;
1064 a[14] = ctx->bits[0];
1065 a[15] = ctx->bits[1];
1066
1069 memcpy(digest, ctx->buf, 16);
1070 memset((char *) ctx, 0, sizeof(*ctx));
1071}
1072#endif // !HAVE_MD5
1073
1074
1075
1076// Stringify binary data. Output buffer must be twice as big as input,
1077// because each byte takes 2 bytes in string representation
1079 static const char *hex = "0123456789abcdef";
1080
1081 for (; len--; p++) {
1082 *to++ = hex[p[0] >> 4];
1083 *to++ = hex[p[0] & 0x0f];
1084 }
1085 *to = '\0';
1086}
1087
1088// Return stringified MD5 hash for list of strings. Buffer must be 33 bytes.
1090 unsigned char hash[16];
1091 const char *p;
1092 va_list ap;
1093 MD5_CTX ctx;
1094
1095 MD5Init(&ctx);
1096
1097 va_start(ap, buf);
1098 while ((p = va_arg(ap, const char *)) != NULL) {
1100 }
1101 va_end(ap);
1102
1103 MD5Final(hash, &ctx);
1105 return buf;
1106}
1107
1108// Check the user's password, return 1 if OK
1110 const char *nonce, const char *nc, const char *cnonce,
1112 char ha2[32 + 1], expected_response[32 + 1];
1113
1114 // Some of the parameters may be NULL
1115 if (method == NULL || nonce == NULL || nc == NULL || cnonce == NULL ||
1116 qop == NULL || response == NULL) {
1117 return 0;
1118 }
1119
1120 // NOTE(lsm): due to a bug in MSIE, we do not compare the URI
1121 // TODO(lsm): check for authentication timeout
1122 if (// strcmp(dig->uri, c->ouri) != 0 ||
1123 strlen(response) != 32
1124 // || now - strtoul(dig->nonce, NULL, 10) > 3600
1125 ) {
1126 return 0;
1127 }
1128
1131 ":", cnonce, ":", qop, ":", ha2, NULL);
1132
1134}
1135
1136// Use the global passwords file, if specified by auth_gpass option,
1137// or search for .htpasswd in the requested directory.
1142 FILE *fp = NULL;
1143
1144 if (gpass != NULL) {
1145 // Use global passwords file
1147 // Important: using local struct file to test path for is_directory flag.
1148 // If filep is used, mg_stat() makes it appear as if auth file was opened.
1153 } else {
1154 // Try to find .htpasswd in requested directory.
1157 break;
1161 }
1162
1164}
1165
1166// Parsed Authorization header
1169};
1170
1171// Return 1 on success. Always initializes the ah structure.
1175 const char *auth_header;
1176
1180 return 0;
1181 }
1182
1183 // Make modifiable copy of the auth header
1184 (void) mg_strlcpy(buf, auth_header + 7, buf_size);
1185 s = buf;
1186
1187 // Parse authorization header
1188 for (;;) {
1189 // Gobble initial spaces
1190 while (isspace(* (unsigned char *) s)) {
1191 s++;
1192 }
1194 // Value is either quote-delimited, or ends at first comma or space.
1195 if (s[0] == '\"') {
1196 s++;
1198 if (s[0] == ',') {
1199 s++;
1200 }
1201 } else {
1203 }
1205 break;
1206 }
1207
1222 }
1223 }
1224
1225 // CGI needs it as REMOTE_USER
1228 } else {
1229 return 0;
1230 }
1231
1232 return 1;
1233}
1234
1235// Authorize against the opened passwords file. Return 1 if authorized.
1239
1241 return 0;
1242 }
1243
1244 // Loop over passwords file
1246 if (sscanf(line, "%[^:]:%[^:]:%s", f_user, f_domain, ha1) != 3) {
1247 continue;
1248 }
1249
1254 }
1255
1256 return 0;
1257}
1258
1259// Return 1 if request is authorised, 0 otherwise.
1264 FILE *fp = NULL;
1265 int authorized = 1;
1266
1271 (int) filename_vec.len, filename_vec.ptr);
1273 break;
1274 }
1275 }
1276
1279 }
1280
1283 fclose(fp);
1284 }
1285
1286 return authorized;
1287}
1288
1290 conn->status_code = 401;
1291 mg_printf(conn,
1292 "HTTP/1.1 401 Unauthorized\r\n"
1293 "Content-Length: 0\r\n"
1294 "WWW-Authenticate: Digest qop=\"auth\", "
1295 "realm=\"%s\", nonce=\"%lu\"\r\n\r\n",
1297 (unsigned long) time(NULL));
1298}
1299
1302 FILE *fp;
1303 int ret = 0;
1304
1307 fclose(fp);
1308 }
1309
1310 return ret;
1311}
1312
1314 const char *user, const char *pass) {
1315 int found;
1317 FILE *fp, *fp2;
1318
1319 found = 0;
1320 fp = fp2 = NULL;
1321
1322 // Regard empty password as no password - remove user record.
1323 if (pass != NULL && pass[0] == '\0') {
1324 pass = NULL;
1325 }
1326
1327 (void) snprintf(tmp, sizeof(tmp), "%s.tmp", fname);
1328
1329 // Create the file if does not exist
1331 fclose(fp);
1332 }
1333
1334 // Open the given file and temporary file
1336 return 0;
1337 } else if ((fp2 = fopen(tmp, "w+")) == NULL) {
1338 fclose(fp);
1339 return 0;
1340 }
1341
1342 // Copy the stuff to temporary file
1345 continue;
1346 }
1347
1349 found++;
1350 if (pass != NULL) {
1352 fprintf(fp2, "%s:%s:%s\n", user, domain, ha1);
1353 }
1354 } else {
1355 fprintf(fp2, "%s", line);
1356 }
1357 }
1358
1359 // If new user, just add it
1360 if (!found && pass != NULL) {
1362 fprintf(fp2, "%s:%s:%s\n", user, domain, ha1);
1363 }
1364
1365 // Close files
1366 fclose(fp);
1367 fclose(fp2);
1368
1369 // Put the temp file in place of real file
1370 remove(fname);
1371 rename(tmp, fname);
1372
1373 return 1;
1374}
1375
1376#if defined(_WIN32)
1377static pthread_t pthread_self(void) {
1378 return GetCurrentThreadId();
1379}
1380
1381static int pthread_mutex_init(pthread_mutex_t *mutex, void *unused) {
1382 (void) unused;
1383 *mutex = CreateMutex(NULL, FALSE, NULL);
1384 return *mutex == NULL ? -1 : 0;
1385}
1386
1387static int pthread_mutex_destroy(pthread_mutex_t *mutex) {
1388 return CloseHandle(*mutex) == 0 ? -1 : 0;
1389}
1390
1391static int pthread_mutex_lock(pthread_mutex_t *mutex) {
1392 return WaitForSingleObject(*mutex, INFINITE) == WAIT_OBJECT_0? 0 : -1;
1393}
1394
1395static int pthread_mutex_unlock(pthread_mutex_t *mutex) {
1396 return ReleaseMutex(*mutex) == 0 ? -1 : 0;
1397}
1398
1399static int pthread_cond_init(pthread_cond_t *cv, const void *unused) {
1400 (void) unused;
1403 return cv->signal != NULL && cv->broadcast != NULL ? 0 : -1;
1404}
1405
1406static int pthread_cond_wait(pthread_cond_t *cv, pthread_mutex_t *mutex) {
1407 HANDLE handles[] = {cv->signal, cv->broadcast};
1408 ReleaseMutex(*mutex);
1409 WaitForMultipleObjects(2, handles, FALSE, INFINITE);
1410 return WaitForSingleObject(*mutex, INFINITE) == WAIT_OBJECT_0? 0 : -1;
1411}
1412
1413static int pthread_cond_signal(pthread_cond_t *cv) {
1414 return SetEvent(cv->signal) == 0 ? -1 : 0;
1415}
1416
1417static int pthread_cond_broadcast(pthread_cond_t *cv) {
1418 // Implementation with PulseEvent() has race condition, see
1419 // http://www.cs.wustl.edu/~schmidt/win32-cv-1.html
1420 return PulseEvent(cv->broadcast) == 0 ? -1 : 0;
1421}
1422
1423static int pthread_cond_destroy(pthread_cond_t *cv) {
1424 return CloseHandle(cv->signal) && CloseHandle(cv->broadcast) ? 0 : -1;
1425}
1426
1427// For Windows, change all slashes to backslashes in path names.
1428static void change_slashes_to_backslashes(char *path) {
1430
1434 // i > 0 check is to preserve UNC paths, like \\server\file.txt
1437 (void) memmove(path + i + 1,
1439 }
1440}
1441
1442// Encode 'path' which is assumed UTF-8 string, into UNICODE string.
1443// wbuf and wbuf_len is a target buffer and its length.
1444static void to_unicode(const char *path, wchar_t *wbuf, size_t wbuf_len) {
1446
1448 change_slashes_to_backslashes(buf);
1449
1450 // Convert to Unicode and back. If doubly-converted string does not
1451 // match the original, something is fishy, reject.
1452 memset(wbuf, 0, wbuf_len * sizeof(wchar_t));
1453 MultiByteToWideChar(CP_UTF8, 0, buf, -1, wbuf, (int) wbuf_len);
1454 WideCharToMultiByte(CP_UTF8, 0, wbuf, (int) wbuf_len, buf2, sizeof(buf2),
1455 NULL, NULL);
1456 if (strcmp(buf, buf2) != 0) {
1457 wbuf[0] = L'\0';
1458 }
1459}
1460
1461#if defined(_WIN32_WCE)
1462static time_t time(time_t *ptime) {
1463 time_t t;
1464 SYSTEMTIME st;
1465 FILETIME ft;
1466
1467 GetSystemTime(&st);
1468 SystemTimeToFileTime(&st, &ft);
1469 t = SYS2UNIX_TIME(ft.dwLowDateTime, ft.dwHighDateTime);
1470
1471 if (ptime != NULL) {
1472 *ptime = t;
1473 }
1474
1475 return t;
1476}
1477
1479 int64_t t = ((int64_t) *ptime) * RATE_DIFF + EPOCH_DIFF;
1480 FILETIME ft, lft;
1481 SYSTEMTIME st;
1482 TIME_ZONE_INFORMATION tzinfo;
1483
1484 if (ptm == NULL) {
1485 return NULL;
1486 }
1487
1488 * (int64_t *) &ft = t;
1489 FileTimeToLocalFileTime(&ft, &lft);
1490 FileTimeToSystemTime(&lft, &st);
1491 ptm->tm_year = st.wYear - 1900;
1492 ptm->tm_mon = st.wMonth - 1;
1493 ptm->tm_wday = st.wDayOfWeek;
1494 ptm->tm_mday = st.wDay;
1495 ptm->tm_hour = st.wHour;
1496 ptm->tm_min = st.wMinute;
1497 ptm->tm_sec = st.wSecond;
1498 ptm->tm_yday = 0; // hope nobody uses this
1499 ptm->tm_isdst =
1500 GetTimeZoneInformation(&tzinfo) == TIME_ZONE_ID_DAYLIGHT ? 1 : 0;
1501
1502 return ptm;
1503}
1504
1506 // FIXME(lsm): fix this.
1508}
1509
1510static size_t strftime(char *dst, size_t dst_size, const char *fmt,
1512 (void) snprintf(dst, dst_size, "implement strftime() for WinCE");
1513 return 0;
1514}
1515#endif
1516
1517// Windows happily opens files with some garbage at the end of file name.
1518// For example, fopen("a.cgi ", "r") on Windows successfully opens
1519// "a.cgi", despite one would expect an error back.
1520// This function returns non-0 if path ends with some garbage.
1521static int path_cannot_disclose_cgi(const char *path) {
1522 static const char *allowed_last_characters = "_-";
1523 int last = path[strlen(path) - 1];
1524 return isalnum(last) || strchr(allowed_last_characters, last) != NULL;
1525}
1526
1529 WIN32_FILE_ATTRIBUTE_DATA info;
1530
1531 filep->modification_time = 0;
1532 to_unicode(path, wbuf + 4, ARRAY_SIZE(wbuf) - 4);
1535 filep->modification_time = SYS2UNIX_TIME(
1536 info.ftLastWriteTime.dwLowDateTime,
1537 info.ftLastWriteTime.dwHighDateTime);
1539 // If file name is fishy, reset the file structure and return error.
1540 // Note it is important to reset, not just return the error, cause
1541 // functions like is_file_opened() check the struct.
1543 memset(filep, 0, sizeof(*filep));
1544 }
1545 }
1546
1548}
1549
1552 to_unicode(path, wbuf, ARRAY_SIZE(wbuf));
1553 return DeleteFileW(wbuf) ? 0 : -1;
1554}
1555
1559
1560 (void) mode;
1562 change_slashes_to_backslashes(buf);
1563
1564 (void) MultiByteToWideChar(CP_UTF8, 0, buf, -1, wbuf, ARRAY_SIZE(wbuf));
1565
1566 return CreateDirectoryW(wbuf, NULL) ? 0 : -1;
1567}
1568
1569// Implementation of POSIX opendir/closedir/readdir for Windows.
1571 DIR *dir = NULL;
1573 DWORD attrs;
1574
1576 SetLastError(ERROR_BAD_ARGUMENTS);
1578 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1579 } else {
1581 attrs = GetFileAttributesW(wpath);
1582 if (attrs != 0xFFFFFFFF &&
1583 ((attrs & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY)) {
1584 (void) wcscat(wpath, L"\\*");
1585 dir->handle = FindFirstFileW(wpath, &dir->info);
1586 dir->result.d_name[0] = '\0';
1587 } else {
1588 free(dir);
1589 dir = NULL;
1590 }
1591 }
1592
1593 return dir;
1594}
1595
1597 int result = 0;
1598
1599 if (dir != NULL) {
1600 if (dir->handle != INVALID_HANDLE_VALUE)
1601 result = FindClose(dir->handle) ? 0 : -1;
1602
1603 free(dir);
1604 } else {
1605 result = -1;
1606 SetLastError(ERROR_BAD_ARGUMENTS);
1607 }
1608
1609 return result;
1610}
1611
1613 struct dirent *result = 0;
1614
1615 if (dir) {
1616 if (dir->handle != INVALID_HANDLE_VALUE) {
1617 result = &dir->result;
1618 (void) WideCharToMultiByte(CP_UTF8, 0,
1619 dir->info.cFileName, -1, result->d_name,
1620 sizeof(result->d_name), NULL, NULL);
1621
1622 if (!FindNextFileW(dir->handle, &dir->info)) {
1623 (void) FindClose(dir->handle);
1624 dir->handle = INVALID_HANDLE_VALUE;
1625 }
1626
1627 } else {
1628 SetLastError(ERROR_FILE_NOT_FOUND);
1629 }
1630 } else {
1631 SetLastError(ERROR_BAD_ARGUMENTS);
1632 }
1633
1634 return result;
1635}
1636
1637#ifndef HAVE_POLL
1640 fd_set set;
1642 SOCKET maxfd = 0;
1643
1644 tv.tv_sec = milliseconds / 1000;
1645 tv.tv_usec = (milliseconds % 1000) * 1000;
1646 FD_ZERO(&set);
1647
1650 pfd[i].revents = 0;
1651
1653 maxfd = pfd[i].fd;
1654 }
1655 }
1656
1660 pfd[i].revents = POLLIN;
1661 }
1662 }
1663 }
1664
1665 return result;
1666}
1667#endif // HAVE_POLL
1668
1670 (void) SetHandleInformation((HANDLE) sock, HANDLE_FLAG_INHERIT, 0);
1671}
1672
1674 return (long)_beginthread((void (__cdecl *)(void *)) f, 0, p) == -1L ? -1 : 0;
1675}
1676
1677static HANDLE dlopen(const char *dll_name, int flags) {
1679 (void) flags;
1680 to_unicode(dll_name, wbuf, ARRAY_SIZE(wbuf));
1681 return LoadLibraryW(wbuf);
1682}
1683
1684#if !defined(NO_CGI)
1685#define SIGKILL 0
1686static int kill(pid_t pid, int sig_num) {
1687 (void) TerminateProcess(pid, sig_num);
1688 (void) CloseHandle(pid);
1689 return 0;
1690}
1691
1692static void trim_trailing_whitespaces(char *s) {
1696 }
1697}
1698
1700 char *envblk, char *envp[], int fdin,
1701 int fdout, const char *dir) {
1702 HANDLE me;
1705 FILE *fp;
1706 STARTUPINFOA si;
1707 PROCESS_INFORMATION pi = { 0 };
1708
1709 (void) envp;
1710
1711 memset(&si, 0, sizeof(si));
1712 si.cb = sizeof(si);
1713
1714 // TODO(lsm): redirect CGI errors to the error log file
1715 si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
1716 si.wShowWindow = SW_HIDE;
1717
1718 me = GetCurrentProcess();
1719 DuplicateHandle(me, (HANDLE) _get_osfhandle(fdin), me,
1720 &si.hStdInput, 0, TRUE, DUPLICATE_SAME_ACCESS);
1721 DuplicateHandle(me, (HANDLE) _get_osfhandle(fdout), me,
1722 &si.hStdOutput, 0, TRUE, DUPLICATE_SAME_ACCESS);
1723
1724 // If CGI file is a script, try to read the interpreter line
1726 if (interp == NULL) {
1727 buf[0] = buf[1] = '\0';
1728
1729 // Read the first line of the script into the buffer
1730 snprintf(cmdline, sizeof(cmdline), "%s%c%s", dir, '/', prog);
1733 fclose(fp);
1734 buf[sizeof(buf) - 1] = '\0';
1735 }
1736
1737 if (buf[0] == '#' && buf[1] == '!') {
1738 trim_trailing_whitespaces(buf + 2);
1739 } else {
1740 buf[2] = '\0';
1741 }
1742 interp = buf + 2;
1743 }
1744
1745 if (interp[0] != '\0') {
1746 GetFullPathNameA(interp, sizeof(full_interp), full_interp, NULL);
1747 interp = full_interp;
1748 }
1749 GetFullPathNameA(dir, sizeof(full_dir), full_dir, NULL);
1750
1752 interp, interp[0] == '\0' ? "" : " ", full_dir, prog);
1753
1756 CREATE_NEW_PROCESS_GROUP, envblk, NULL, &si, &pi) == 0) {
1758 __func__, cmdline, ERRNO);
1759 pi.hProcess = (pid_t) -1;
1760 }
1761
1762 (void) CloseHandle(si.hStdOutput);
1763 (void) CloseHandle(si.hStdInput);
1764 (void) CloseHandle(pi.hThread);
1765
1767}
1768#endif // !NO_CGI
1769
1771 unsigned long on = 1;
1772 return ioctlsocket(sock, FIONBIO, &on);
1773}
1774#endif
1775
1776#if !defined(_WIN32)
1778 struct stat st;
1779
1780 filep->modification_time = (time_t) 0;
1781 if (stat(path, &st) == 0) {
1782 filep->size = st.st_size;
1783 filep->modification_time = st.st_mtime;
1784 filep->is_directory = S_ISDIR(st.st_mode);
1785
1786 // See https://github.com/cesanta/mongoose/issues/109
1787 // Some filesystems report modification time as 0. Artificially
1788 // bump it up to mark mg_stat() success.
1790 filep->modification_time = (time_t) 1;
1791 }
1792 }
1793
1795}
1796
1798 fcntl(fd, F_SETFD, FD_CLOEXEC);
1799}
1800
1802 pthread_t thread_id;
1803 pthread_attr_t attr;
1804 int result;
1805
1806 (void) pthread_attr_init(&attr);
1807 (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
1808
1809#if USE_STACK_SIZE > 1
1810 // Compile-time option to control stack size, e.g. -DUSE_STACK_SIZE=16384
1811 (void) pthread_attr_setstacksize(&attr, USE_STACK_SIZE);
1812#endif
1813
1814 result = pthread_create(&thread_id, &attr, func, param);
1815 pthread_attr_destroy(&attr);
1816
1817 return result;
1818}
1819
1820#ifndef NO_CGI
1822 char *envblk, char *envp[], int fdin,
1823 int fdout, const char *dir) {
1824 pid_t pid;
1825 const char *interp;
1826
1827 (void) envblk;
1828
1829 if ((pid = fork()) == -1) {
1830 // Parent
1832 } else if (pid == 0) {
1833 // Child
1834 if (chdir(dir) != 0) {
1836 } else if (dup2(fdin, 0) == -1) {
1838 } else if (dup2(fdout, 1) == -1) {
1840 } else {
1841 // Not redirecting stderr to stdout, to avoid output being littered
1842 // with the error messages.
1843 (void) close(fdin);
1844 (void) close(fdout);
1845
1846 // After exec, all signal handlers are restored to their default values,
1847 // with one exception of SIGCHLD. According to POSIX.1-2001 and Linux's
1848 // implementation, SIGCHLD's handler will leave unchanged after exec
1849 // if it was set to be ignored. Restore it to default action.
1850 signal(SIGCHLD, SIG_DFL);
1851
1853 if (interp == NULL) {
1854 (void) execle(prog, prog, NULL, envp);
1856 } else {
1857 (void) execle(interp, interp, prog, NULL, envp);
1859 strerror(ERRNO));
1860 }
1861 }
1862 exit(EXIT_FAILURE);
1863 }
1864
1865 return pid;
1866}
1867#endif // !NO_CGI
1868
1870 int flags;
1871
1872 flags = fcntl(sock, F_GETFL, 0);
1873 (void) fcntl(sock, F_SETFL, flags | O_NONBLOCK);
1874
1875 return 0;
1876}
1877#endif // _WIN32
1878
1879
1880// Print message to buffer. If buffer is large enough to hold the message,
1881// return buffer. If buffer is to small, allocate large enough buffer on heap,
1882// and return allocated buffer.
1884 va_list ap_copy;
1885 int len;
1886
1887 // Windows is not standard-compliant, and vsnprintf() returns -1 if
1888 // buffer is too small. Also, older versions of msvcrt.dll do not have
1889 // _vscprintf(). However, if size is 0, vsnprintf() behaves correctly.
1890 // Therefore, we make two passes: on first pass, get required message length.
1891 // On second pass, actually print the message.
1892 va_copy(ap_copy, ap);
1893 len = vsnprintf(NULL, 0, fmt, ap_copy);
1894
1895 if (len > (int) size &&
1896 (size = len + 1) > 0 &&
1897 (*buf = (char *) malloc(size)) == NULL) {
1898 len = -1; // Allocation failed, mark failure
1899 } else {
1900 va_copy(ap_copy, ap);
1901 vsnprintf(*buf, size, fmt, ap_copy);
1902 }
1903
1904 return len;
1905}
1906
1909 int len;
1910
1913 }
1914 if (buf != mem && buf != NULL) {
1915 free(buf);
1916 }
1917
1918 return len;
1919}
1920
1922 va_list ap;
1923 va_start(ap, fmt);
1925}
1926
1929 int len;
1930
1931 va_list ap;
1932 va_start(ap, fmt);
1935 }
1936
1937 if (buf != mem && buf != NULL) {
1938 free(buf);
1939 }
1940
1941 return len;
1942}
1943
1944
1945
1946#if !defined(NO_SSL)
1947
1948#if !defined(NO_SSL_DL)
1949// set_ssl_option() function updates this array.
1950// It loads SSL library dynamically and changes NULLs to the actual addresses
1951// of respective functions. The macros above (like SSL_connect()) are really
1952// just calling these functions indirectly via the pointer.
1953static struct ssl_func ssl_sw[] = {
1954 {"SSL_free", NULL},
1955 {"SSL_accept", NULL},
1956 {"SSL_connect", NULL},
1957 {"SSL_read", NULL},
1958 {"SSL_write", NULL},
1959 {"SSL_get_error", NULL},
1960 {"SSL_set_fd", NULL},
1961 {"SSL_new", NULL},
1962 {"SSL_CTX_new", NULL},
1963 {"SSLv23_server_method", NULL},
1964 {"SSL_library_init", NULL},
1965 {"SSL_CTX_use_PrivateKey_file", NULL},
1966 {"SSL_CTX_use_certificate_file",NULL},
1967 {"SSL_CTX_set_default_passwd_cb",NULL},
1968 {"SSL_CTX_free", NULL},
1969 {"SSL_load_error_strings", NULL},
1970 {"SSL_CTX_use_certificate_chain_file", NULL},
1971 {"SSLv23_client_method", NULL},
1972 {"SSL_pending", NULL},
1973 {"SSL_CTX_set_verify", NULL},
1974 {"SSL_shutdown", NULL},
1975 {"SSL_CTX_ctrl", NULL},
1976 {"SSL_CTX_set_cipher_list", NULL},
1977 {"EC_KEY_new_by_curve_name", NULL},
1978 {"EC_KEY_free", NULL},
1979 {"SSL_get_cipher_list", NULL},
1980 {NULL, NULL}
1981};
1982
1983// Similar array as ssl_sw. These functions could be located in different lib.
1984static struct ssl_func crypto_sw[] = {
1985 {"CRYPTO_num_locks", NULL},
1986 {"CRYPTO_set_locking_callback", NULL},
1987 {"CRYPTO_set_id_callback", NULL},
1988 {"ERR_get_error", NULL},
1989 {"ERR_error_string", NULL},
1990 {NULL, NULL}
1991};
1992#endif
1993
1995
1999 func(conn->ssl) == 1;
2000}
2001
2002// Return OpenSSL error message
2004 unsigned long err;
2005 err = ERR_get_error();
2006 return err == 0 ? "" : ERR_error_string(err, NULL);
2007}
2008
2010 int line) {
2011 (void) line;
2012 (void) file;
2013
2014 if (mode & 1) { // 1 is CRYPTO_LOCK
2015 (void) pthread_mutex_lock(&ssl_mutexes[mutex_num]);
2016 } else {
2017 (void) pthread_mutex_unlock(&ssl_mutexes[mutex_num]);
2018 }
2019}
2020
2022 return (unsigned long) pthread_self();
2023}
2024
2025#if !defined(NO_SSL_DL)
2027 struct ssl_func *sw) {
2029 void *dll_handle;
2031
2032 if ((dll_handle = dlopen(dll_name, RTLD_LAZY)) == NULL) {
2034 return 0;
2035 }
2036
2038#ifdef _WIN32
2039 // GetProcAddress() returns pointer to function
2040 u.fp = (void (*)(void)) dlsym(dll_handle, fp->name);
2041#else
2042 // dlsym() on UNIX returns void *. ISO C forbids casts of data pointers to
2043 // function pointers. We need to use a union to make a cast.
2044 u.p = dlsym(dll_handle, fp->name);
2045#endif // _WIN32
2046 if (u.fp == NULL) {
2048 return 0;
2049 } else {
2050 fp->ptr = u.fp;
2051 }
2052 }
2053
2054 return 1;
2055}
2056#endif // NO_SSL_DL
2057
2058// Dynamically load SSL library. Set up ctx->ssl_ctx pointer.
2061 const char *pem;
2062 int ecdh_enabled = 0;
2063 int ecdh_available = 0;
2064
2065 // If PEM file is not specified and the init_ssl callback
2066 // is not specified, skip SSL initialization.
2068 // MG_INIT_SSL
2069 // ctx->callbacks.init_ssl == NULL) {
2070 return 1;
2071 }
2072
2073#if !defined(NO_SSL_DL)
2075 !load_dll(ctx, CRYPTO_LIB, crypto_sw)) {
2076 return 0;
2077 }
2078#endif // NO_SSL_DL
2079
2080 // Initialize SSL library
2081 SSL_library_init();
2082 SSL_load_error_strings();
2083
2086 return 0;
2087 }
2088
2089 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
2090 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
2091
2092#if 0
2093 {
2094 //
2095 // enable Diffie-Hellman key exchange - the DHE series of ciphers
2096 //
2097 // this code is from here:
2098 // https://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html
2099 // to generate the pem file: openssl dhparam -out dh_param_2048.pem 2048
2100
2101 /* Set up ephemeral DH parameters. */
2102 void *dh_2048 = NULL;
2103 FILE *paramfile;
2104 paramfile = fopen("dh_param_2048.pem", "r");
2105 if (paramfile) {
2106 dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
2107 fclose(paramfile);
2108 } else {
2109 /* Error. */
2110 }
2111 if (dh_2048 == NULL) {
2112 /* Error. */
2113 }
2115 /* Error. */
2116 }
2117 }
2118#endif
2119
2120#ifdef OPENSSL_EC_NAMED_CURVE
2121 {
2122 //
2123 // enable Elliptic Curve Diffie-Hellman key exchange - the ECDHE series of ciphers
2124 //
2125
2126 EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
2127 if (! ecdh) {
2128 cry(fc(ctx), "%s: EC_KEY_new_by_curve_name (NID_X9_62_prime256v1) failed: %s", __func__, ssl_error());
2129 } else {
2131 cry(fc(ctx), "%s: SSL_CTX_set_tmp_ecdh (ctx->ssl_ctx, ecdh) failed: %s", __func__, ssl_error());
2132 }
2133 EC_KEY_free (ecdh);
2134 ecdh_enabled = 1;
2135 }
2136 }
2137#else
2138#warning Very old openssl, no EC_KEY, no ECDH for modern criptography!
2139#endif
2140
2141 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_DH_USE);
2142 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
2143
2144 // get cipher list
2145
2146 {
2147 int priority;
2149 for (priority=0; 1; priority++) {
2150 const char* available_cipher_list = SSL_get_cipher_list(ssl, priority);
2151 if (available_cipher_list == NULL)
2152 break;
2153 //printf("priority %d cipher list: %s\n", priority, available_cipher_list);
2154 if (strstr(available_cipher_list, "ECDHE") != NULL)
2155 ecdh_available = 1;
2156 }
2157 SSL_free(ssl);
2158 }
2159
2160 if (!ecdh_available || !ecdh_enabled) {
2162 }
2163
2164 // disable weak ciphers
2165 const char* cipher_list = "ALL:!RC4:!DES-CBC-SHA:!DES:!DES-CBC3-SHA:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW";
2166
2167 // enable only "modern cryptography" ciphers if ECDHE ciphers available
2168 if (ecdh_available && ecdh_enabled)
2169 cipher_list = "ALL:!AECDH:!RC4:!DES-CBC-SHA:!DES:!AES128-SHA+RSA:!AES256-SHA+RSA:!DES-CBC3-SHA:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW";
2170
2171 SSL_CTX_set_cipher_list(ctx->ssl_ctx, cipher_list);
2172
2173 // If user callback returned non-NULL, that means that user callback has
2174 // set up certificate itself. In this case, skip sertificate setting.
2175 // MG_INIT_SSL
2177 SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, pem, 1) == 0) {
2179 return 0;
2180 }
2181
2182 if (pem != NULL) {
2183 (void) SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, pem);
2184 }
2185
2186 // Initialize locking callbacks, needed for thread safety.
2187 // http://www.openssl.org/support/faq.html#PROG1
2188 size = sizeof(pthread_mutex_t) * CRYPTO_num_locks();
2191 return 0;
2192 }
2193
2196 }
2197
2198 CRYPTO_set_locking_callback(&ssl_locking_callback);
2199 CRYPTO_set_id_callback(&ssl_id_callback);
2200
2201 return 1;
2202}
2203
2207 CRYPTO_set_locking_callback(NULL);
2210 }
2211 CRYPTO_set_locking_callback(NULL);
2212 CRYPTO_set_id_callback(NULL);
2213 }
2214}
2215#endif // !NO_SSL
2216
2218 char *ebuf, size_t ebuf_len) {
2219 struct sockaddr_in sin;
2220 struct hostent *he = NULL;
2222
2223 (void) use_ssl; // Prevent warning for -DNO_SSL case
2224
2225 if (host == NULL) {
2226 snprintf(ebuf, ebuf_len, "%s", "NULL host");
2227#ifndef NO_SSL
2228 } else if (use_ssl && (void *)SSLv23_client_method == NULL) {
2229 snprintf(ebuf, ebuf_len, "%s", "SSL is not initialized");
2230 // TODO(lsm): use something threadsafe instead of gethostbyname()
2231#endif
2232 } else if ((he = gethostbyname(host)) == NULL) {
2236 } else {
2237 set_close_on_exec(sock);
2238 sin.sin_family = AF_INET;
2239 sin.sin_port = htons((uint16_t) port);
2240 sin.sin_addr = * (struct in_addr *) he->h_addr_list[0];
2241 if (connect(sock, (struct sockaddr *) &sin, sizeof(sin)) != 0) {
2242 snprintf(ebuf, ebuf_len, "connect(%s:%d): %s",
2243 host, port, strerror(ERRNO));
2244 closesocket(sock);
2245 sock = INVALID_SOCKET;
2246 }
2247 }
2248 return sock;
2249}
2250
2252 char *ebuf, size_t ebuf_len) {
2256
2262#ifndef NO_SSL
2264 SSL_CTX_new(SSLv23_client_method())) == NULL) {
2265 snprintf(ebuf, ebuf_len, "SSL_CTX_new error");
2267 free(conn);
2268 conn = NULL;
2269#endif // NO_SSL
2270 } else {
2271 socklen_t len = sizeof(struct sockaddr);
2274 conn->ctx = &fake_ctx;
2278#ifndef NO_SSL
2279 if (use_ssl) {
2280 // SSL_CTX_set_verify call is needed to switch off server certificate
2281 // checking, which is off by default in OpenSSL and on in yaSSL.
2282 SSL_CTX_set_verify(conn->client_ssl_ctx, 0, 0);
2284 }
2285#endif
2286 }
2287
2288 return conn;
2289}
2290
2292 char *ebuf, size_t ebuf_len,
2293 const char *fmt, ...) {
2295 va_list ap;
2296
2297 va_start(ap, fmt);
2298 ebuf[0] = '\0';
2301 snprintf(ebuf, ebuf_len, "%s", "Error sending request");
2302 } else {
2303 getreq(conn, ebuf, ebuf_len);
2304 }
2305 if (ebuf[0] != '\0' && conn != NULL) {
2306 mg_close_connection(conn);
2307 conn = NULL;
2308 }
2309
2310 return conn;
2311}
2312
2313// Return number of bytes left to read for this connection
2316}
2317
2325 }
2328}
2329
2331#ifdef _WIN32
2333 to_unicode(path, wbuf, ARRAY_SIZE(wbuf));
2334 MultiByteToWideChar(CP_UTF8, 0, mode, -1, wmode, ARRAY_SIZE(wmode));
2335 return _wfopen(wbuf, wmode);
2336#else
2337 return fopen(path, mode);
2338#endif
2339}
2340
2344#if defined(USE_IPV6)
2348#elif defined(_WIN32)
2349 // Only Windoze Vista (and newer) have inet_ntop()
2351#else
2353#endif
2354}
2355
2356// Print error message to the opened error log stream.
2359 va_list ap;
2360 FILE *fp;
2361 time_t timestamp;
2362
2363 va_start(ap, fmt);
2365 va_end(ap);
2366
2367 // Do not lock when getting the callback value, here and below.
2368 // I suppose this is fine, since function cannot disappear in the
2369 // same way string option can.
2373
2375 flockfile(fp);
2376 timestamp = time(NULL);
2377
2380 src_addr);
2381
2385 }
2386
2389 funlockfile(fp);
2390 fclose(fp);
2391 }
2392 }
2393}
2394
2397}
2398
2399// HTTP 1.1 assumes keep alive if "Connection:" header is not set
2400// This function must tolerate situations when connection info is not
2401// set up, for example if request parsing failed.
2406 conn->status_code == 401 ||
2409 (header == NULL && http_version && strcmp(http_version, "1.1"))) {
2410 return 0;
2411 }
2412 return 1;
2413}
2414
2417}
2418
2420 const char *reason, const char *fmt, ...) {
2422 va_list ap;
2423 int len = 0;
2424
2427
2428 // Errors 1xx, 204 and 304 MUST NOT send a body
2432
2433 va_start(ap, fmt);
2435 va_end(ap);
2436 }
2438
2441 "Content-Length: %d\r\n"
2443 suggest_connection_header(conn));
2445 }
2446}
2447
2448// Write data to the IO channel - opened file descriptor, socket or SSL
2449// descriptor. Return number of bytes written.
2451 int64_t len) {
2452 int64_t sent;
2454
2456 sent = 0;
2457 while (sent < len) {
2458
2459 // How many bytes we send in this iteration
2460 k = len - sent > INT_MAX ? INT_MAX : (int) (len - sent);
2461
2462#if !defined(NO_SSL)
2465 } else
2466#endif
2470 n = -1;
2471 } else {
2473 }
2474
2476 break;
2477
2478 sent += n;
2479 }
2480
2481 return sent;
2482}
2483
2484// Read from IO channel - opened file descriptor, socket, or SSL descriptor.
2485// Return negative value on error, or number of bytes read on success.
2487 int nread;
2488
2489 if (len <= 0) return 0;
2491 // Use read() instead of fread(), because if we're reading from the CGI
2492 // pipe, fread() may block until IO buffer is filled up. We cannot afford
2493 // to block and must pass all read bytes immediately to the client.
2495#ifndef NO_SSL
2498#endif
2499 } else {
2501 }
2502 if (nread > 0) {
2503 conn->num_bytes_read += nread;
2504 }
2505
2507}
2508
2511
2516 break;
2518 break; // No more data to read
2519 } else {
2520 nread += n;
2521 len -= n;
2522 }
2523 }
2524
2525 return nread;
2526}
2527
2530 int64_t left;
2531
2533 return 0;
2534 }
2535
2536 // conn->buf body
2537 // |=================|==========|===============|
2538 // |<--request_len-->| |
2539 // |<-----------data_len------->| conn->buf + conn->buf_size
2540
2541 // First, check for data buffered in conn->buf by read_request().
2544 if (buffered_len > len) buffered_len = len;
2546
2548 memmove(body, body + buffered_len,
2550 len -= buffered_len;
2551 conn->data_len -= buffered_len;
2552 nread += buffered_len;
2553 }
2554
2555 // Read data from the socket.
2558 len = (int) left;
2559 }
2562 }
2563
2564 return nread;
2565}
2566
2568 time_t now;
2570
2573 conn->last_throttle_time = now;
2574 conn->last_throttle_bytes = 0;
2575 }
2577 if (allowed > (int64_t) len) {
2578 allowed = len;
2579 }
2581 (int64_t) allowed)) == allowed) {
2588 (int64_t) allowed)) != allowed) {
2589 break;
2590 }
2591 sleep(1);
2592 conn->last_throttle_bytes = allowed;
2593 conn->last_throttle_time = time(NULL);
2596 }
2597 }
2598 } else {
2600 (int64_t) len);
2601 }
2603}
2604
2606 int dst_len, int is_form_url_encoded) {
2608#define HEXTOI(x) (isdigit(x) ? x - '0' : x - 'W')
2609
2617 i += 2;
2620 } else {
2622 }
2623 }
2624
2626
2628}
2629
2631 char *dst, size_t dst_len) {
2633 size_t name_len;
2634 int len;
2635
2636 if (dst == NULL || dst_len == 0) {
2637 len = -2;
2639 len = -1;
2640 dst[0] = '\0';
2641 } else {
2642 name_len = strlen(name);
2644 len = -1;
2645 dst[0] = '\0';
2646
2647 // data is "var1=val1&var2=val2...". Find variable first
2651
2652 // Point p to variable value
2653 p += name_len + 1;
2654
2655 // Point s to the end of the value
2657 if (s == NULL) {
2658 s = e;
2659 }
2660 assert(s >= p);
2661
2662 // Decode variable into destination buffer
2664
2665 // Redirect error code from -1 to -2 (destination buffer too small).
2666 if (len == -1) {
2667 len = -2;
2668 }
2669 break;
2670 }
2671 }
2672 }
2673
2674 return len;
2675}
2676
2678 char *dst, size_t dst_size) {
2680 int name_len, len = -1;
2681
2682 if (dst == NULL || dst_size == 0) {
2683 len = -2;
2685 len = -1;
2686 dst[0] = '\0';
2687 } else {
2688 name_len = (int) strlen(var_name);
2689 end = s + strlen(s);
2690 dst[0] = '\0';
2691
2693 if (s[name_len] == '=') {
2694 s += name_len + 1;
2695 if ((p = strchr(s, ' ')) == NULL)
2696 p = end;
2697 if (p[-1] == ';')
2698 p--;
2699 if (*s == '"' && p[-1] == '"' && p > s + 1) {
2700 s++;
2701 p--;
2702 }
2703 if ((size_t) (p - s) < dst_size) {
2704 len = p - s;
2706 } else {
2707 len = -3;
2708 }
2709 break;
2710 }
2711 }
2712 }
2713 return len;
2714}
2715
2716// Return 1 if real file has been found, 0 otherwise
2722 char *p;
2723 int match_len;
2725 char const* accept_encoding;
2726
2727 // No filesystem access
2728 if (root == NULL) {
2729 return 0;
2730 }
2731
2732 // Using buf_len - 1 because memmove() for PATH_INFO may shift part
2733 // of the path one byte on the right.
2734 // If document_root is NULL, leave the file empty.
2736
2741 uri + match_len);
2742 break;
2743 }
2744 }
2745
2747 return 1;
2748 }
2749
2750 // if we can't find the actual file, look for the file
2751 // with the same name but a .gz extension. If we find it,
2752 // use that and set the gzipped flag in the file struct
2753 // to indicate that the response need to have the content-
2754 // encoding: gzip header
2755 // we can only do this if the browser declares support
2757 if (strstr(accept_encoding,"gzip") != NULL) {
2758 snprintf(gz_path, sizeof(gz_path), "%s.gz", buf);
2760 filep->gzipped = 1;
2761 return 1;
2762 }
2763 }
2764 }
2765
2766 // Support PATH_INFO for CGI scripts.
2767 for (p = buf + strlen(root == NULL ? "" : root); *p != '\0'; p++) {
2768 if (*p == '/') {
2769 *p = '\0';
2772 mg_stat(buf, filep)) {
2773 // Shift PATH_INFO block one character right, e.g.
2774 // "/x.cgi/foo/bar\x00" => "/x.cgi\x00/foo/bar\x00"
2775 // conn->path_info is pointing to the local variable "path" declared
2776 // in handle_request(), so PATH_INFO is not valid after
2777 // handle_request returns.
2778 conn->path_info = p + 1;
2779 memmove(p + 2, p + 1, strlen(p + 1) + 1); // +1 is for trailing \0
2780 p[1] = '/';
2781 return 1;
2782 } else {
2783 *p = '/';
2784 }
2785 }
2786 }
2787
2788 return 0;
2789}
2790
2791// Check whether full request is buffered. Return:
2792// -1 if request is malformed
2793// 0 if request is not yet fully buffered
2794// >0 actual request length, including last \r\n\r\n
2797
2799 // Control characters are not allowed but >=128 is.
2800 // Abort scan as soon as one malformed character is found;
2801 // don't let subsequent \r\n\r\n win us over anyhow
2804 return -1;
2810 }
2811 }
2812
2813 return 0;
2814}
2815
2816// Protect against directory disclosure attack by removing '..',
2817// excessive '/' and '\' characters
2819 char *p = s;
2820
2821 while (*s != '\0') {
2822 *p++ = *s++;
2823 if (s[-1] == '/' || s[-1] == '\\') {
2824 // Skip all following slashes, backslashes and double-dots
2825 while (s[0] != '\0') {
2826 if (s[0] == '/' || s[0] == '\\') {
2827 s++;
2828 } else if (s[0] == '.' && s[1] == '.') {
2829 s += 2;
2830 } else {
2831 break;
2832 }
2833 }
2834 }
2835 }
2836 *p = '\0';
2837}
2838
2839static const struct {
2843} builtin_mime_types[] = {
2844 {".html", 5, "text/html"},
2845 {".htm", 4, "text/html"},
2846 {".shtm", 5, "text/html"},
2847 {".shtml", 6, "text/html"},
2848 {".css", 4, "text/css"},
2849 {".js", 3, "application/x-javascript"},
2850 {".ico", 4, "image/x-icon"},
2851 {".gif", 4, "image/gif"},
2852 {".jpg", 4, "image/jpeg"},
2853 {".jpeg", 5, "image/jpeg"},
2854 {".png", 4, "image/png"},
2855 {".svg", 4, "image/svg+xml"},
2856 {".txt", 4, "text/plain"},
2857 {".torrent", 8, "application/x-bittorrent"},
2858 {".wav", 4, "audio/x-wav"},
2859 {".mp3", 4, "audio/x-mp3"},
2860 {".mid", 4, "audio/mid"},
2861 {".m3u", 4, "audio/x-mpegurl"},
2862 {".ogg", 4, "application/ogg"},
2863 {".ram", 4, "audio/x-pn-realaudio"},
2864 {".xml", 4, "text/xml"},
2865 {".json", 5, "text/json"},
2866 {".xslt", 5, "application/xml"},
2867 {".xsl", 4, "application/xml"},
2868 {".ra", 3, "audio/x-pn-realaudio"},
2869 {".doc", 4, "application/msword"},
2870 {".exe", 4, "application/octet-stream"},
2871 {".zip", 4, "application/x-zip-compressed"},
2872 {".xls", 4, "application/excel"},
2873 {".tgz", 4, "application/x-tar-gz"},
2874 {".tar", 4, "application/x-tar"},
2875 {".gz", 3, "application/x-gunzip"},
2876 {".arj", 4, "application/x-arj-compressed"},
2877 {".rar", 4, "application/x-arj-compressed"},
2878 {".rtf", 4, "application/rtf"},
2879 {".pdf", 4, "application/pdf"},
2880 {".swf", 4, "application/x-shockwave-flash"},
2881 {".mpg", 4, "video/mpeg"},
2882 {".webm", 5, "video/webm"},
2883 {".mpeg", 5, "video/mpeg"},
2884 {".mov", 4, "video/quicktime"},
2885 {".mp4", 4, "video/mp4"},
2886 {".m4v", 4, "video/x-m4v"},
2887 {".asf", 4, "video/x-ms-asf"},
2888 {".avi", 4, "video/x-msvideo"},
2889 {".bmp", 4, "image/bmp"},
2890 {".ttf", 4, "application/x-font-ttf"},
2891 {NULL, 0, NULL}
2892};
2893
2895 const char *ext;
2897
2898 path_len = strlen(path);
2899
2905 }
2906 }
2907
2908 return "text/plain";
2909}
2910
2911// Look at the "path" extension and figure what mime type it has.
2912// Store mime type in the vector.
2917 size_t path_len;
2918
2919 path_len = strlen(path);
2920
2921 // Scan user-defined mime types first, in case user wants to
2922 // override default mime types.
2925 // ext now points to the path suffix
2926 ext = path + path_len - ext_vec.len;
2928 *vec = mime_vec;
2929 return;
2930 }
2931 }
2932
2935}
2936
2938 static const char *dont_escape = "._-$,;~()";
2939 static const char *hex = "0123456789abcdef";
2941
2943 if (isalnum(*(const unsigned char *) src) ||
2944 strchr(dont_escape, * (const unsigned char *) src) != NULL) {
2945 *dst = *src;
2947 dst[0] = '%';
2948 dst[1] = hex[(* (const unsigned char *) src) >> 4];
2949 dst[2] = hex[(* (const unsigned char *) src) & 0xf];
2950 dst += 2;
2951 }
2952 }
2953
2954 *dst = '\0';
2955}
2956
2960
2963 } else {
2964 // We use (signed) cast below because MSVC 6 compiler cannot
2965 // convert unsigned __int64 to double. Sigh.
2974 } else {
2977 }
2978 }
2979 strftime(mod, sizeof(mod), "%d-%b-%Y %H:%M",
2983 "<tr><td><a href=\"%s%s%s\">%s%s</a></td>"
2984 "<td> %s</td><td> %s</td></tr>\n",
2986}
2987
2988// This function is called from send_directory() and used for
2989// sorting directory entries by size, or name, or modification time.
2990// On windows, __cdecl specification is needed in case if project is built
2991// with __stdcall convention. qsort always requires __cdels callback.
2995 int cmp_result = 0;
2996
2997 if (query_string == NULL) {
2998 query_string = "na";
2999 }
3000
3002 return -1; // Always put directories on top
3004 return 1; // Always put directories on top
3005 } else if (*query_string == 'n') {
3006 cmp_result = strcmp(a->file_name, b->file_name);
3007 } else if (*query_string == 's') {
3010 } else if (*query_string == 'd') {
3013 }
3014
3015 return query_string[1] == 'd' ? -cmp_result : cmp_result;
3016}
3017
3022 (pattern != NULL && match_prefix(pattern, strlen(pattern), path) > 0);
3023}
3024
3028 struct dirent *dp;
3029 DIR *dirp;
3031
3032 if ((dirp = opendir(dir)) == NULL) {
3033 return 0;
3034 } else {
3036
3037 while ((dp = readdir(dirp)) != NULL) {
3038 // Do not show current dir and hidden files
3039 if (!strcmp(dp->d_name, ".") ||
3040 !strcmp(dp->d_name, "..") ||
3042 continue;
3043 }
3044
3046
3047 // If we don't memset stat structure to zero, mtime will have
3048 // garbage and strftime() will segfault later on in
3049 // print_dir_entry(). memset is required only if mg_stat()
3050 // fails. For more details, see
3051 // http://code.google.com/p/mongoose/issues/detail?id=79
3054
3057 }
3058 (void) closedir(dirp);
3059 }
3060 return 1;
3061}
3062
3065 struct dirent *dp;
3066 DIR *dirp;
3068
3069 if ((dirp = opendir(dir)) == NULL) {
3070 return 0;
3071 } else {
3073
3074 while ((dp = readdir(dirp)) != NULL) {
3075 // Do not show current dir, but show hidden files
3076 if (!strcmp(dp->d_name, ".") ||
3077 !strcmp(dp->d_name, "..")) {
3078 continue;
3079 }
3080
3082
3083 // If we don't memset stat structure to zero, mtime will have
3084 // garbage and strftime() will segfault later on in
3085 // print_dir_entry(). memset is required only if mg_stat()
3086 // fails. For more details, see
3087 // http://code.google.com/p/mongoose/issues/detail?id=79
3093 } else {
3094 mg_remove(path);
3095 }
3096 }
3097
3098 }
3099 (void) closedir(dirp);
3100
3101 rmdir(dir);
3102 }
3103
3104 return 1;
3105}
3106
3111};
3112
3113// Behaves like realloc(), but frees original pointer on failure
3115 void *new_ptr = realloc(ptr, size);
3116 if (new_ptr == NULL) {
3117 free(ptr);
3118 }
3119 return new_ptr;
3120}
3121
3124
3126 dsd->arr_size *= 2;
3129 }
3131 // TODO(lsm): propagate an error to the caller
3132 dsd->num_entries = 0;
3133 } else {
3137 dsd->num_entries++;
3138 }
3139}
3140
3142 const char *dir) {
3145
3149 return;
3150 }
3151
3154
3155 conn->must_close = 1;
3157 "HTTP/1.1 200 OK\r\n"
3158 "Transfer-Encoding: Chunked\r\n"
3159 "Content-Type: text/html; charset=utf-8\r\n\r\n");
3160
3162 "<html><head><title>Index of %s</title>"
3163 "<style>th {text-align: left;}</style></head>"
3164 "<body><h1>Index of %s</h1><pre><table cellpadding=\"0\">"
3165 "<tr><th><a href=\"?n%c\">Name</a></th>"
3166 "<th><a href=\"?d%c\">Modified</a></th>"
3167 "<th><a href=\"?s%c\">Size</a></th></tr>"
3168 "<tr><td colspan=\"3\"><hr></td></tr>",
3170 sort_direction, sort_direction, sort_direction);
3171
3172 // Print first entry - link to a parent directory
3174 "<tr><td><a href=\"%s%s\">%s</a></td>"
3175 "<td> %s</td><td> %s</td></tr>\n",
3177
3178 // Sort and print directory entries
3180 compare_dir_entries);
3184 }
3185 free(data.entries);
3186
3188 "</table></body></html>");
3190 conn->status_code = 200;
3191}
3192
3193// Send len bytes from the opened file to the client.
3195 int64_t offset, int64_t len) {
3197 int num_read, num_written, to_read;
3198
3199 // If offset is beyond file boundaries, don't send anything
3201 return;
3202 }
3203
3204 while (len > 0) {
3205 // Calculate how much to read from the file in the buffer
3206 to_read = sizeof(buf);
3207 if ((int64_t) to_read > len) {
3208 to_read = (int) len;
3209 }
3210
3211 // Read from file, exit the loop on error
3213 break;
3214 }
3215
3216 // Send read bytes to the client, exit the loop on error
3218 break;
3219 }
3220
3221 // Both read and were successful, adjust counters
3222 conn->num_bytes_sent += num_written;
3223 len -= num_written;
3224 }
3225}
3226
3229}
3230
3233}
3234
3239}
3240
3243#ifndef _WIN32
3244 fcntl(fileno(fp), F_SETFD, FD_CLOEXEC);
3245#endif
3246 }
3247}
3248
3251 char date[64], lm[64], etag[64], range[64];
3252 const char *msg = "OK", *hdr;
3253 time_t curtime = time(NULL);
3254 int64_t cl, r1, r2;
3258 char const* encoding = "";
3259 FILE *fp;
3260
3262 cl = filep->size;
3263 conn->status_code = 200;
3264 range[0] = '\0';
3265
3266 // if this file is in fact a pre-gzipped file, rewrite its filename
3267 // it's important to rewrite the filename after resolving
3268 // the mime type from it, to preserve the actual file's type
3270 snprintf(gz_path, sizeof(gz_path), "%s.gz", path);
3271 path = gz_path;
3272 encoding = "Content-Encoding: gzip\r\n";
3273 }
3274
3278 return;
3279 }
3280
3282
3283 // If Range: header specified, act accordingly
3284 r1 = r2 = 0;
3287 r1 >= 0 && r2 >= 0) {
3288 // actually, range requests don't play well with a pre-gzipped
3289 // file (since the range is specified in the uncmpressed space)
3292 "range requests in gzipped files are not supported");
3293 return;
3294 }
3295 conn->status_code = 206;
3296 cl = n == 2 ? (r2 > cl ? cl : r2) - r1 + 1: cl - r1;
3298 "Content-Range: bytes "
3301 r1, r1 + cl - 1, filep->size);
3302 msg = "Partial Content";
3303 }
3304
3305 // Prepare Etag, Date, Last-Modified headers. Must be in UTC, according to
3306 // http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3
3310
3311 (void) mg_printf(conn,
3312 "HTTP/1.1 %d %s\r\n"
3313 "Date: %s\r\n"
3314 "Last-Modified: %s\r\n"
3315 "Etag: %s\r\n"
3316 "Content-Type: %.*s\r\n"
3318 "Connection: %s\r\n"
3319 "Accept-Ranges: bytes\r\n"
3320 "%s%s%s\r\n",
3322 mime_vec.ptr, cl, suggest_connection_header(conn), range, encoding,
3323 EXTRA_HTTP_HEADERS);
3324
3327 }
3328 fclose(fp);
3329}
3330
3335 } else {
3337 }
3338}
3339
3340
3341// Parse HTTP headers from the given buffer, advance buffer to the point
3342// where parsing stopped.
3345
3350 break;
3352 }
3353}
3354
3356 return !strcmp(method, "GET") || !strcmp(method, "POST") ||
3357 !strcmp(method, "HEAD") || !strcmp(method, "CONNECT") ||
3358 !strcmp(method, "PUT") || !strcmp(method, "DELETE") ||
3359 !strcmp(method, "OPTIONS") || !strcmp(method, "PROPFIND")
3360 || !strcmp(method, "MKCOL")
3361 ;
3362}
3363
3364// Parse HTTP request, fill in mg_request_info structure.
3365// This function modifies the buffer by NUL-terminating
3366// HTTP request components, header names and header values.
3369 if (request_length > 0) {
3370 // Reset attributes. DO NOT TOUCH is_ssl, remote_ip, remote_port
3372 ri->num_headers = 0;
3373
3374 buf[request_length - 1] = '\0';
3375
3376 // RFC says that all initial whitespaces should be ingored
3377 while (*buf != '\0' && isspace(* (unsigned char *) buf)) {
3378 buf++;
3379 }
3383
3384 // HTTP message could be either HTTP request or HTTP response, e.g.
3385 // "GET / HTTP/1.0 ...." or "HTTP/1.0 200 OK ..."
3389 request_length = -1;
3390 } else {
3391 if (is_request) {
3392 ri->http_version += 5;
3393 }
3394 parse_http_headers(&buf, ri);
3395 }
3396 }
3397 return request_length;
3398}
3399
3400// Keep reading the input (either opened file descriptor fd, or socket sock,
3401// or SSL descriptor ssl) into buffer buf, until \r\n\r\n appears in the
3402// buffer (which marks the end of HTTP request). Buffer buf may already
3403// have some data. The length of the data is stored in nread.
3404// Upon every read operation, increase nread by the number of bytes read.
3406 char *buf, int bufsiz, int *nread) {
3408
3409 request_len = get_request_len(buf, *nread);
3411 *nread < bufsiz &&
3412 request_len == 0 &&
3414 *nread += n;
3415 assert(*nread <= bufsiz);
3416 request_len = get_request_len(buf, *nread);
3417 }
3418
3420}
3421
3422// For given directory path, substitute it to valid index file.
3423// Return 0 if index file has been found, -1 if not found.
3424// If the file is found, it's stats is returned in stp.
3431 int found = 0;
3432
3433 // The 'path' given to us points to the directory. Remove all trailing
3434 // directory separator characters from the end of the path, and
3435 // then append single directory separator character.
3437 n--;
3438 }
3440
3441 // Traverse index files list. For each entry, append it to the given
3442 // path and see if the file exists. If it exists, break the loop
3444
3445 // Ignore too long entries that may overflow path buffer
3447 continue;
3448
3449 // Prepare full path to the index file
3451
3452 // Does it exist?
3454 // Yes it does, break the loop
3455 *filep = file;
3456 found = 1;
3457 break;
3458 }
3459 }
3460
3461 // If no index file exists, restore directory path
3462 if (!found) {
3464 }
3465
3466 return found;
3467}
3468
3469// Return True if we should reply 304 Not Modified.
3472 char etag[64];
3478}
3479
3484 int nread, buffered_len, success = 0;
3485 int64_t left;
3486
3488 assert(fp != NULL);
3489
3494 } else {
3497 }
3498
3501 assert(buffered_len >= 0);
3502
3503 if (buffered_len > 0) {
3505 buffered_len = (int) conn->content_len;
3506 }
3508 memmove((char *) body, body + buffered_len, buffered_len);
3509 conn->data_len -= buffered_len;
3510 }
3511
3512 nread = 0;
3517 }
3520 break;
3521 }
3522 }
3523
3525 success = nread >= 0;
3526 }
3527
3528 // Each error code path in this function must send an error
3529 if (!success) {
3531 }
3532 }
3533
3534 return success;
3535}
3536
3537#if !defined(NO_CGI)
3538// This structure helps to create an environment for the spawned CGI program.
3539// Environment is an array of "VARIABLE=VALUE\0" ASCIIZ strings,
3540// last element must be NULL.
3541// However, on Windows there is a requirement that all these VARIABLE=VALUE\0
3542// strings must reside in a contiguous buffer. The end of the buffer is
3543// marked by two '\0' characters.
3544// We satisfy both worlds: we create an envp array (which is vars), all
3545// entries are actually pointers inside buf.
3552};
3553
3556 PRINTF_ARGS(2, 3);
3557
3558// Append VARIABLE=VALUE\0 string to the buffer, and add a respective
3559// pointer into the vars array.
3562 char *added;
3563 va_list ap;
3564
3565 // Calculate how much space is left in the buffer
3566 space = sizeof(block->buf) - block->len - 2;
3567 assert(space >= 0);
3568
3569 // Make a pointer to the free space int the buffer
3571
3572 // Copy VARIABLE=VALUE\0 string into the free space
3573 va_start(ap, fmt);
3575 va_end(ap);
3576
3577 // Make sure we do not overflow buffer and the envp array
3580 // Append a pointer to the added string into the envp array
3582 // Bump up used length counter. Include \0 terminator
3584 } else {
3586 }
3587
3588 return added;
3589}
3590
3592 const char *prog,
3595 const char *s, *slash;
3599
3601 blk->conn = conn;
3603
3608
3609 // Prepare the environment block
3613
3614 // TODO(lsm): fix this for IPv6 case
3616
3622 ri->query_string == NULL ? "" : ri->query_string);
3623
3624 // SCRIPT_NAME
3629 } else {
3630 s = strrchr(prog, '/');
3633 slash == NULL ? 0 : (int) (slash - ri->uri), ri->uri,
3634 s == NULL ? prog : s);
3635 }
3636
3640
3643
3646 }
3647
3650
3651 if ((s = getenv("PATH")) != NULL)
3653
3654#if defined(_WIN32)
3655 if ((s = getenv("COMSPEC")) != NULL) {
3657 }
3658 if ((s = getenv("SYSTEMROOT")) != NULL) {
3660 }
3661 if ((s = getenv("SystemDrive")) != NULL) {
3663 }
3664 if ((s = getenv("ProgramFiles")) != NULL) {
3666 }
3667 if ((s = getenv("ProgramFiles(x86)")) != NULL) {
3669 }
3670 if ((s = getenv("CommonProgramFiles(x86)")) != NULL) {
3672 }
3673#else
3674 if ((s = getenv("LD_LIBRARY_PATH")) != NULL)
3676#endif // _WIN32
3677
3678 if ((s = getenv("PERLLIB")) != NULL)
3680
3684 }
3685
3686 // Add all headers as HTTP_* variables
3690
3691 // Convert variable name into uppercase, and change - to _
3692 for (; *p != '=' && *p != '\0'; p++) {
3693 if (*p == '-')
3694 *p = '_';
3695 *p = (char) toupper(* (unsigned char *) p);
3696 }
3697 }
3698
3699 // Add user-specified variables
3703 }
3704
3707
3709 assert(blk->len > 0);
3711}
3712
3719 FILE *in = NULL, *out = NULL;
3720 pid_t pid = (pid_t) -1;
3721
3723
3724 // CGI must be executed in its own directory. 'dir' must point to the
3725 // directory containing executable program, 'p' must point to the
3726 // executable program name relative to 'dir'.
3728 if ((p = strrchr(dir, '/')) != NULL) {
3729 *p++ = '\0';
3730 } else {
3731 dir[0] = '.', dir[1] = '\0';
3732 p = (char *) prog;
3733 }
3734
3735 if (pipe(fdin) != 0 || pipe(fdout) != 0) {
3739 }
3740
3742 if (pid == (pid_t) -1) {
3746 }
3747
3748 // Make sure child closes all pipe descriptors. It must dup them to 0,1
3749 set_close_on_exec(fdin[0]);
3750 set_close_on_exec(fdin[1]);
3751 set_close_on_exec(fdout[0]);
3752 set_close_on_exec(fdout[1]);
3753
3754 // Parent closes only one side of the pipes.
3755 // If we don't mark them as closed, close() attempt before
3756 // return from this function throws an exception on Windows.
3757 // Windows does not like when closed descriptor is closed again.
3758 (void) close(fdin[0]);
3759 (void) close(fdout[1]);
3760 fdin[0] = fdout[1] = -1;
3761
3762
3763 if ((in = fdopen(fdin[1], "wb")) == NULL ||
3764 (out = fdopen(fdout[0], "rb")) == NULL) {
3768 }
3769
3770 setbuf(in, NULL);
3771 setbuf(out, NULL);
3772
3773 // Send POST data to the CGI process if needed
3777 }
3778
3779 // Close so child gets an EOF.
3780 fclose(in);
3781 in = NULL;
3782 fdin[1] = -1;
3783
3784 // Now read CGI reply into a buffer. We need to set correct
3785 // status code, thus we need to see all HTTP headers first.
3786 // Do not send anything back to client, until we buffer in all
3787 // HTTP headers.
3788 data_len = 0;
3790 if (headers_len <= 0) {
3792 "CGI program sent malformed or too big (>%u bytes) "
3793 "HTTP headers: [%.*s]",
3796 }
3797 pbuf = buf;
3799 parse_http_headers(&pbuf, &ri);
3800
3801 // Make up and send the status line
3802 status_text = "OK";
3805 status_text = status;
3806 while (isdigit(* (unsigned char *) status_text) || *status_text == ' ') {
3807 status_text++;
3808 }
3811 } else {
3813 }
3817 }
3819 status_text);
3820
3821 // Send headers
3825 }
3827
3828 // Send chunk of data that may have been read after the headers
3830 (size_t)(data_len - headers_len));
3831
3832 // Read the rest of CGI output and send to the client
3834
3835done:
3836 if (pid != (pid_t) -1) {
3837 kill(pid, SIGKILL);
3838 }
3839 if (fdin[0] != -1) {
3840 close(fdin[0]);
3841 }
3842 if (fdout[1] != -1) {
3843 close(fdout[1]);
3844 }
3845
3846 if (in != NULL) {
3847 fclose(in);
3848 } else if (fdin[1] != -1) {
3849 close(fdin[1]);
3850 }
3851
3852 if (out != NULL) {
3853 fclose(out);
3854 } else if (fdout[0] != -1) {
3855 close(fdout[0]);
3856 }
3857}
3858#endif // !NO_CGI
3859
3860// For a given PUT path, create all intermediate subdirectories
3861// for given path. Return 0 if the path itself is a directory,
3862// or -1 on error, 1 if OK.
3865 const char *s, *p;
3867 int len, res = 1;
3868
3869 for (s = p = path + 2; (p = strchr(s, '/')) != NULL; s = ++p) {
3870 len = p - path;
3871 if (len >= (int) sizeof(buf)) {
3872 res = -1;
3873 break;
3874 }
3875 memcpy(buf, path, len);
3876 buf[len] = '\0';
3877
3878 // Try to create intermediate directory
3881 res = -1;
3882 break;
3883 }
3884
3885 // Is path itself a directory?
3886 if (p[1] == '\0') {
3887 res = 0;
3888 }
3889 }
3890
3891 return res;
3892}
3893
3895 int rc, body_len;
3897
3900
3904 return;
3905 }
3906
3908 if(body_len > 0) {
3911 return;
3912 }
3913
3914 rc = mg_mkdir(path, 0755);
3915
3916 if (rc == 0) {
3919 } else if (rc == -1) {
3920 if(errno == EEXIST)
3923 else if(errno == EACCES)
3926 else if(errno == ENOENT)
3929 else
3932 }
3933}
3934
3937 FILE *fp;
3938 const char *range;
3939 int64_t r1, r2;
3940 int rc;
3941
3943
3946 } else if (rc == -1) {
3950 fclose(fp);
3953 } else {
3956 r1 = r2 = 0;
3958 conn->status_code = 206;
3959 fseeko(fp, r1, SEEK_SET);
3960 }
3962 conn->status_code = 500;
3963 }
3965 conn->status_code);
3966 fclose(fp);
3967 }
3968}
3969
3972 char *tag, int include_level) {
3974 FILE *fp;
3975
3976 // sscanf() is safe here, since send_ssi_file() also uses buffer
3977 // of size MG_BUF_LEN to get the tag. So strlen(tag) is always < MG_BUF_LEN.
3979 // File name is relative to the webserver root
3983 // File name is relative to the webserver working directory
3984 // or it is absolute system path
3988 // File name is relative to the currect document
3990 if ((p = strrchr(path, '/')) != NULL) {
3991 p[1] = '\0';
3992 }
3993 (void) mg_snprintf(path + strlen(path),
3995 } else {
3997 return;
3998 }
3999
4002 tag, path, strerror(ERRNO));
4003 } else {
4008 } else {
4010 }
4011 fclose(fp);
4012 }
4013}
4014
4015#if !defined(NO_POPEN)
4018 FILE *fp;
4019
4020 if (sscanf(tag, " \"%[^\"]\"", cmd) != 1) {
4024 } else {
4026 pclose(fp);
4027 }
4028}
4029#endif // !NO_POPEN
4030
4035
4036 if (include_level > 10) {
4038 return;
4039 }
4040
4041 in_ssi_tag = len = offset = 0;
4043 if (in_ssi_tag && ch == '>') {
4044 in_ssi_tag = 0;
4045 buf[len++] = (char) ch;
4046 buf[len] = '\0';
4047 assert(len <= (int) sizeof(buf));
4048 if (len < 6 || memcmp(buf, "<!--#", 5) != 0) {
4049 // Not an SSI tag, pass it
4051 } else {
4052 if (!memcmp(buf + 5, "include", 7)) {
4053 do_ssi_include(conn, path, buf + 12, include_level);
4054#if !defined(NO_POPEN)
4055 } else if (!memcmp(buf + 5, "exec", 4)) {
4056 do_ssi_exec(conn, buf + 9);
4057#endif // !NO_POPEN
4058 } else {
4060 }
4061 }
4062 len = 0;
4063 } else if (in_ssi_tag) {
4064 if (len == 5 && memcmp(buf, "<!--#", 5) != 0) {
4065 // Not an SSI tag
4066 in_ssi_tag = 0;
4067 } else if (len == (int) sizeof(buf) - 2) {
4069 len = 0;
4070 }
4071 buf[len++] = ch & 0xff;
4072 } else if (ch == '<') {
4073 in_ssi_tag = 1;
4074 if (len > 0) {
4076 }
4077 len = 0;
4078 buf[len++] = ch & 0xff;
4079 } else {
4080 buf[len++] = ch & 0xff;
4081 if (len == (int) sizeof(buf)) {
4083 len = 0;
4084 }
4085 }
4086 }
4087
4088 // Send the rest of buffered data
4089 if (len > 0) {
4091 }
4092}
4093
4095 const char *path) {
4097 FILE *fp;
4098
4101 strerror(ERRNO));
4102 } else {
4103 conn->must_close = 1;
4107 "Content-Type: %.*s\r\n"
4108 "Connection: close\r\n\r\n",
4109 (int) mime_vec.len, mime_vec.ptr);
4111 fclose(fp);
4112 }
4113}
4114
4116 static const char reply[] = "HTTP/1.1 200 OK\r\n"
4117 "Allow: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS, PROPFIND, MKCOL\r\n"
4118 "DAV: 1\r\n\r\n";
4119
4120 conn->status_code = 200;
4122}
4123
4124// Writes PROPFIND properties for a collection element
4127 char mtime[64];
4130 "<d:response>"
4131 "<d:href>%s</d:href>"
4132 "<d:propstat>"
4133 "<d:prop>"
4134 "<d:resourcetype>%s</d:resourcetype>"
4136 "<d:getlastmodified>%s</d:getlastmodified>"
4137 "</d:prop>"
4138 "<d:status>HTTP/1.1 200 OK</d:status>"
4139 "</d:propstat>"
4140 "</d:response>\n",
4141 uri,
4143 filep->size,
4144 mtime);
4145}
4146
4155}
4156
4160
4161 conn->must_close = 1;
4162 conn->status_code = 207;
4164 "Connection: close\r\n"
4165 "Content-Type: text/xml; charset=utf-8\r\n\r\n");
4166
4168 "<?xml version=\"1.0\" encoding=\"utf-8\"?>"
4169 "<d:multistatus xmlns:d='DAV:'>\n");
4170
4171 // Print properties for the requested resource itself
4173
4174 // If it is a directory, print directory entries too if Depth is not 0
4177 (depth == NULL || strcmp(depth, "0") != 0)) {
4179 }
4180
4182}
4183
4184#if defined(USE_WEBSOCKET)
4185
4186// START OF SHA-1 code
4187// Copyright(c) By Steve Reid <steve@edmweb.com>
4188#define SHA1HANDSOFF
4189#if defined(__sun)
4190#include "solarisfixes.h"
4191#endif
4192
4194
4195#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
4196
4198 // Forrest: SHA expect BIG_ENDIAN, swap if LITTLE_ENDIAN
4202 }
4204}
4205
4206#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
4207 ^block->l[(i+2)&15]^block->l[i&15],1))
4208#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(block, i)+0x5A827999+rol(v,5);w=rol(w,30);
4209#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
4210#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
4211#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
4212#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
4213
4214typedef struct {
4215 uint32_t state[5];
4216 uint32_t count[2];
4217 unsigned char buffer[64];
4218} SHA1_CTX;
4219
4223
4224 memcpy(block, buffer, 64);
4225 a = state[0];
4226 b = state[1];
4250 state[0] += a;
4251 state[1] += b;
4256 memset(block, '\0', sizeof(block));
4257}
4258
4259static void SHA1Init(SHA1_CTX* context) {
4260 context->state[0] = 0x67452301;
4261 context->state[1] = 0xEFCDAB89;
4262 context->state[2] = 0x98BADCFE;
4263 context->state[3] = 0x10325476;
4264 context->state[4] = 0xC3D2E1F0;
4265 context->count[0] = context->count[1] = 0;
4266}
4267
4269 uint32_t len) {
4271
4272 j = context->count[0];
4274 context->count[1]++;
4275 context->count[1] += (len>>29);
4279 SHA1Transform(context->state, context->buffer);
4282 }
4283 j = 0;
4284 }
4287}
4288
4289static void SHA1Final(unsigned char digest[20], SHA1_CTX* context) {
4292
4295 >> ((3-(i & 3)) * 8) ) & 255);
4296 }
4297 c = 0200;
4298 SHA1Update(context, &c, 1);
4299 while ((context->count[0] & 504) != 448) {
4300 c = 0000;
4301 SHA1Update(context, &c, 1);
4302 }
4303 SHA1Update(context, finalcount, 8);
4307 }
4308 memset(context, '\0', sizeof(*context));
4309 memset(&finalcount, '\0', sizeof(finalcount));
4310}
4311// END OF SHA1 CODE
4312
4314 static const char *b64 =
4315 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
4317
4319 a = src[i];
4322
4323 dst[j++] = b64[a >> 2];
4324 dst[j++] = b64[((a & 3) << 4) | (b >> 4)];
4327 }
4330 }
4331 }
4334 }
4336}
4337
4339 static const char *magic = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
4340 char buf[100], sha[20], b64_sha[sizeof(sha) * 2];
4341 SHA1_CTX sha_ctx;
4342
4345 SHA1Init(&sha_ctx);
4346 SHA1Update(&sha_ctx, (unsigned char *) buf, strlen(buf));
4347 SHA1Final((unsigned char *) sha, &sha_ctx);
4350 "HTTP/1.1 101 Switching Protocols\r\n"
4351 "Upgrade: websocket\r\n"
4352 "Connection: Upgrade\r\n"
4353 "Sec-WebSocket-Accept: ", b64_sha, "\r\n\r\n");
4354}
4355
4357 // Pointer to the beginning of the portion of the incoming websocket message
4358 // queue. The original websocket upgrade request is never removed,
4359 // so the queue begins after it.
4364
4365 assert(conn->content_len == 0);
4366
4367 // Loop continuously, reading messages from the socket, invoking the callback,
4368 // and waiting repeatedly until an error occurs.
4369 while (!stop) {
4370 header_len = 0;
4371 // body_len is the length of the entire queue in bytes
4372 // len is the length of the current message
4373 // data_len is the length of the current message's data payload
4374 // header_len is the length of the current message's header
4376 len = buf[1] & 127;
4377 mask_len = buf[1] & 128 ? 4 : 0;
4378 if (len < 126 && body_len >= mask_len) {
4379 data_len = len;
4380 header_len = 2 + mask_len;
4381 } else if (len == 126 && body_len >= 4 + mask_len) {
4382 header_len = 4 + mask_len;
4383 data_len = ((((int) buf[2]) << 8) + buf[3]);
4384 } else if (body_len >= 10 + mask_len) {
4385 header_len = 10 + mask_len;
4386 data_len = (((uint64_t) htonl(* (uint32_t *) &buf[2])) << 32) +
4387 htonl(* (uint32_t *) &buf[6]);
4388 }
4389 }
4390
4391 // Data layout is as follows:
4392 // conn->buf buf
4393 // v v frame1 | frame2
4394 // |---------------------|----------------|--------------|-------
4395 // | |<--header_len-->|<--data_len-->|
4396 // |<-conn->request_len->|<-----body_len----------->|
4397 // |<-------------------conn->data_len------------->|
4398
4399 if (header_len > 0) {
4400 // Allocate space to hold websocket payload
4402 // Allocation failed, exit the loop and then close the connection
4403 // TODO: notify user about the failure
4404 data_len = 0;
4405 break;
4406 }
4407
4408 // Save mask and bits, otherwise it may be clobbered by memmove below
4409 *bits = buf[0];
4410 memcpy(mask, buf + header_len - mask_len, mask_len);
4411
4412 // Read frame payload into the allocated buffer.
4413 assert(body_len >= header_len);
4414 if (data_len + header_len > body_len) {
4415 len = body_len - header_len;
4416 memcpy(*data, buf + header_len, len);
4417 // TODO: handle pull error
4420 } else {
4421 len = data_len + header_len;
4422 memcpy(*data, buf + header_len, data_len);
4423 memmove(buf, buf + len, body_len - len);
4424 conn->data_len -= len;
4425 }
4426
4427 // Apply mask if necessary
4428 if (mask_len > 0) {
4431 }
4432 }
4433
4434 return data_len;
4435 } else {
4436 // Buffering websocket request
4439 break;
4440 }
4442 }
4443 }
4444
4445 return 0;
4446}
4447
4450 unsigned char *copy;
4451 size_t copy_len = 0;
4452 int retval = -1;
4453
4454 if ((copy = (unsigned char *) malloc(data_len + 10)) == NULL) {
4455 return -1;
4456 }
4457
4458 copy[0] = 0x80 + (opcode & 0x0f);
4459
4460 // Frame format: http://tools.ietf.org/html/rfc6455#section-5.2
4461 if (data_len < 126) {
4462 // Inline 7-bit length field
4463 copy[1] = data_len;
4464 memcpy(copy + 2, data, data_len);
4465 copy_len = 2 + data_len;
4466 } else if (data_len <= 0xFFFF) {
4467 // 16-bit length field
4468 copy[1] = 126;
4469 * (uint16_t *) (copy + 2) = htons(data_len);
4470 memcpy(copy + 4, data, data_len);
4471 copy_len = 4 + data_len;
4472 } else {
4473 // 64-bit length field
4474 copy[1] = 127;
4475 * (uint32_t *) (copy + 2) = htonl((uint64_t) data_len >> 32);
4476 * (uint32_t *) (copy + 6) = htonl(data_len & 0xffffffff);
4477 memcpy(copy + 10, data, data_len);
4478 copy_len = 10 + data_len;
4479 }
4480
4481 // Not thread safe
4482 if (copy_len > 0) {
4483 retval = mg_write(conn, copy, copy_len);
4484 }
4485 free(copy);
4486
4487 return retval;
4488}
4489#endif // !USE_WEBSOCKET
4490
4493}
4494
4497
4501 slash >= 0 && slash < 33) {
4502 len = n;
4504 *mask = slash ? 0xffffffffU << (32 - slash) : 0;
4505 }
4506
4507 return len;
4508}
4509
4511 int throttle = 0;
4513 uint32_t net, mask;
4514 char mult;
4515 double v;
4516
4518 mult = ',';
4519 if (sscanf(val.ptr, "%lf%c", &v, &mult) < 1 || v < 0 ||
4521 continue;
4522 }
4525 throttle = (int) v;
4528 throttle = (int) v;
4529 }
4531 throttle = (int) v;
4532 }
4533 }
4534
4535 return throttle;
4536}
4537
4540}
4541
4543 char *path, int path_len) {
4544 const char *content_type_header, *boundary_start;
4545 char *buf, fname[1024], boundary[100], *s;
4547 FILE *fp;
4548
4549 // Request looks like this:
4550 //
4551 // POST /upload HTTP/1.1
4552 // Host: 127.0.0.1:8080
4553 // Content-Length: 244894
4554 // Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryRVr
4555 //
4556 // ------WebKitFormBoundaryRVr
4557 // Content-Disposition: form-data; name="file"; filename="accum.png"
4558 // Content-Type: image/png
4559 //
4560 // <89>PNG
4561 // <PNG DATA>
4562 // ------WebKitFormBoundaryRVr
4563
4564 // Extract boundary string from the Content-Type header
4566 (boundary_start = mg_strcasestr(content_type_header,
4567 "boundary=")) == NULL ||
4568 (sscanf(boundary_start, "boundary=\"%99[^\"]\"", boundary) == 0 &&
4569 sscanf(boundary_start, "boundary=%99s", boundary) == 0) ||
4570 boundary[0] == '\0') {
4571 return NULL;
4572 }
4573
4574 boundary_len = strlen(boundary);
4576
4577 // buf
4578 // conn->buf |<--------- buf_len ------>|
4579 // |=================|==========|===============|
4580 // |<--request_len-->|<--len--->| |
4581 // |<-----------data_len------->| conn->buf + conn->buf_size
4582
4586
4587 for (;;) {
4588 // Pull in headers
4590 to_read = buf_len - len;
4592 to_read = (int) left_to_read(conn);
4593 }
4597 }
4599 break;
4600 }
4601
4602 // Fetch file name.
4603 fname[0] = '\0';
4607 // TODO(lsm): don't expect filename to be the 3rd field,
4608 // parse the header properly instead.
4610 fname);
4612 }
4613 }
4614
4615 // Give up if the headers are not what we expect
4616 if (fname[0] == '\0') {
4617 break;
4618 }
4619
4620 // Move data to the beginning of the buffer
4621 assert(len >= headers_len);
4622 memmove(buf, &buf[headers_len], len - headers_len);
4623 len -= headers_len;
4625
4626 // We open the file with exclusive lock held. This guarantee us
4627 // there is no other thread can save into the same file simultaneously.
4628 fp = NULL;
4629
4630 // Construct destination file name. Do not allow paths to have slashes.
4631 if ((s = strrchr(fname, '/')) == NULL &&
4632 (s = strrchr(fname, '\\')) == NULL) {
4633 s = fname;
4634 }
4635
4636 // Open file in binary mode. TODO: set an exclusive lock.
4637 snprintf(path, path_len, "%s/%s", destination_dir, s);
4639 break;
4640 }
4641
4642 // Read POST data, write into file until boundary is found.
4643 eof = n = 0;
4644 do {
4648 !memcmp(&buf[i + 4], boundary, boundary_len)) {
4649 // Found boundary, that's the end of file data.
4651 eof = 1;
4654 break;
4655 }
4656 }
4661 }
4662 to_read = buf_len - len;
4664 to_read = (int) left_to_read(conn);
4665 }
4668
4669 if (eof) {
4670 rewind(fp);
4672 } else {
4673 fclose(fp);
4674 }
4675 }
4676
4677 return NULL;
4678}
4679
4682 return s != NULL && (!strcmp(s, "PUT") ||
4683 !strcmp(s, "DELETE") ||
4684 !strcmp(s, "MKCOL"));
4685}
4686
4691 }
4693}
4694
4696 char host[1025];
4697 const char *host_header;
4698
4700 sscanf(host_header, "%1024[^:]", host) == 0) {
4701 // Cannot get host from the Host: header. Fallback to our IP address.
4703 }
4704
4708}
4709
4711 const char *path) {
4713
4718 strerror(ERRNO));
4720 remove_directory(conn, path);
4724 } else {
4726 strerror(ERRNO));
4727 }
4728}
4729
4730// This is the heart of the Mongoose's logic.
4731// This function is called when the request is read, parsed and validated,
4732// and Mongoose must decide what action to take: serve a file, or
4733// a directory, or call embedded function, etcetera.
4737 int uri_len, ssl_index;
4739
4742 }
4743 uri_len = (int) strlen(ri->uri);
4748 path[0] = '\0';
4750
4751 // Perform redirect and auth checks before calling begin_request() handler.
4752 // Otherwise, begin_request() would need to perform auth checks and redirects.
4755 redirect_to_https_port(conn, ssl_index);
4756 } else if (!strcmp(ri->request_method, "OPTIONS") && (call_user(MG_REQUEST_BEGIN, conn, (void *) ri->uri) == 1)) {
4757 // CORS "pre-flight" "OPTIONS" requests are sent without authentication, duh!
4759 !check_authorization(conn, path)) {
4760 send_authorization_request(conn);
4762 // Do nothing, callback has served the request
4764 handle_options_request(conn);
4768 (is_authorized_for_put(conn) != 1)) {
4769 send_authorization_request(conn);
4771 put_file(conn, path);
4773 mkcol(conn, path);
4775 handle_delete_request(conn, path);
4777 must_hide_file(conn, path)) {
4787 handle_directory_request(conn, path);
4788 } else {
4790 "Directory listing denied");
4791 }
4792#ifdef USE_LUA
4794 handle_lsp_request(conn, path, &file, NULL);
4795#endif
4796#if !defined(NO_CGI)
4799 path) > 0) {
4805 } else {
4806 handle_cgi_request(conn, path);
4807 }
4808#endif // !NO_CGI
4811 path) > 0) {
4812 handle_ssi_file_request(conn, path);
4815 } else {
4817 }
4818}
4819
4824 }
4825 free(ctx->listening_sockets);
4826}
4827
4829 return port > 0 && port < 0xffff;
4830}
4831
4832// Valid listening port specification is: [ip_address:]port[s]
4833// Examples: 80, 443s, 127.0.0.1:3128, 1.2.3.4:8080s
4834// TODO(lsm): add parsing of the IPv6 address
4837 int len;
4838#if defined(USE_IPV6)
4839 char buf[100];
4840#endif
4841
4842 // MacOS needs that. If we do not zero it, subsequent bind() will fail.
4843 // Also, all-zeroes in the socket address means binding to all addresses
4844 // for both IPv4 and IPv6 (INADDR_ANY and IN6ADDR_ANY_INIT).
4845 memset(so, 0, sizeof(*so));
4847
4849 // Bind to a specific IPv4 address, e.g. 192.168.1.5:8080
4852#if defined(USE_IPV6)
4853
4856 // IPv6 address, e.g. [3ffe:2a00:100:7031::1]:8080
4857 so->lsa.sin6.sin6_family = AF_INET6;
4858 so->lsa.sin6.sin6_port = htons((uint16_t) port);
4859#endif
4861 // If only port is specified, bind to IPv4, INADDR_ANY
4863 } else {
4864 port = len = 0; // Parsing failure. Make port invalid.
4865 }
4866
4870
4871 // Make sure the port is valid and vector ends with 's', 'r' or ','
4873 (ch == '\0' || ch == 's' || ch == 'r' || ch == ',');
4874}
4875
4878 int on = 1, success = 1;
4879#if defined(USE_IPV6)
4880 int off = 0;
4881#endif
4884
4889 success = 0;
4892 success = 0;
4894 INVALID_SOCKET ||
4895 // On Windows, SO_REUSEADDR is recommended only for
4896 // broadcast UDP sockets
4897 setsockopt(so.sock, SOL_SOCKET, SO_REUSEADDR,
4898 (void *) &on, sizeof(on)) != 0 ||
4899#if defined(USE_IPV6)
4902 sizeof(off)) != 0) ||
4903#endif
4910 success = 0;
4912 (ctx->num_listening_sockets + 1) *
4915 success = 0;
4916 } else {
4918 ctx->listening_sockets = ptr;
4920 ctx->num_listening_sockets++;
4921 }
4922 }
4923
4924 if (!success) {
4925 close_all_listening_sockets(ctx);
4926 }
4927
4928 return success;
4929}
4930
4932 FILE *fp) {
4933 const char *header_value;
4934
4937 } else {
4939 }
4940}
4941
4944 FILE *fp;
4946
4949
4951 return;
4952
4953 strftime(date, sizeof(date), "%d/%b/%Y:%H:%M:%S %z",
4955
4956 ri = &conn->request_info;
4957 flockfile(fp);
4958
4964 conn->status_code, conn->num_bytes_sent);
4968 fflush(fp);
4969
4970 funlockfile(fp);
4971 fclose(fp);
4972}
4973
4974// Verify given socket address against the ACL.
4975// Return -1 if ACL is malformed, 0 if address is disallowed, 1 if allowed.
4977 int allowed, flag;
4978 uint32_t net, mask;
4981
4982 // If any ACL is set, deny by default
4984
4987 if ((flag != '+' && flag != '-') ||
4990 return -1;
4991 }
4992
4994 allowed = flag;
4995 }
4996 }
4997
4998 return allowed == '+';
4999}
5000
5001#if !defined(_WIN32)
5003 struct passwd *pw;
5005 int success = 0;
5006
5007 if (uid == NULL) {
5008 success = 1;
5009 } else {
5010 if ((pw = getpwnam(uid)) == NULL) {
5012 } else if (setgid(pw->pw_gid) == -1) {
5014 } else if (setuid(pw->pw_uid) == -1) {
5016 } else {
5017 success = 1;
5018 }
5019 }
5020
5021 return success;
5022}
5023#endif // !_WIN32
5024
5030 return 0;
5031 }
5032 return 1;
5033}
5034
5037}
5038
5040 conn->path_info = NULL;
5042 conn->status_code = -1;
5044}
5045
5047#if defined(_WIN32)
5050#endif
5051 struct linger linger;
5052
5053 // Set linger option to avoid socket hanging out after close. This prevent
5054 // ephemeral port exhaust problem under high QPS.
5055 linger.l_onoff = 1;
5056 linger.l_linger = 1;
5058 (char *) &linger, sizeof(linger));
5059
5060 // Send FIN to the client
5063
5064#if defined(_WIN32)
5065 // Read and discard pending incoming data. If we do not do that and close the
5066 // socket, the data in the send buffer may be discarded. This
5067 // behaviour is seen on Windows, when client keeps sending data
5068 // when server decides to close the connection; then when client
5069 // does recv() it gets no data back.
5070 do {
5073#endif
5074
5075 // Now we know that our FIN is ACK-ed, safe to close
5077}
5078
5080 conn->must_close = 1;
5081
5082#ifndef NO_SSL
5084 // Run SSL_shutdown twice to ensure completly close SSL connection
5085 SSL_shutdown(conn->ssl);
5086 SSL_free(conn->ssl);
5087 conn->ssl = NULL;
5088 }
5089#endif
5091 close_socket_gracefully(conn);
5093 }
5094}
5095
5097#ifndef NO_SSL
5100 }
5101#endif
5102 close_connection(conn);
5103 free(conn);
5104}
5105
5107 // Conform to http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
5108 // URI can be an asterisk (*) or should start with slash.
5109 return uri[0] == '/' || (uri[0] == '*' && uri[1] == '\0');
5110}
5111
5113 const char *cl;
5114
5115 ebuf[0] = '\0';
5116 reset_per_request_attributes(conn);
5118 &conn->data_len);
5120
5122 snprintf(ebuf, ebuf_len, "%s", "Request Too Large");
5124 snprintf(ebuf, ebuf_len, "%s", "Client closed connection");
5126 &conn->request_info) <= 0) {
5128 } else {
5129 // Request is valid. Set content_len attribute by parsing Content-Length
5130 // If Content-Length is absent, set content_len to 0 if request is GET,
5131 // and set it to INT64_MAX otherwise. Setting to INT64_MAX instructs
5132 // mg_read() to read from the socket until socket is closed.
5133 // The reason for treating GET and POST/PUT differently is that libraries
5134 // like jquery do not set Content-Length in GET requests, and we don't
5135 // want mg_read() to hang waiting until socket is timed out.
5136 // See https://github.com/cesanta/mongoose/pull/121 for more.
5137 conn->content_len = INT64_MAX;
5139 conn->content_len = 0;
5140 }
5142 conn->content_len = strtoll(cl, NULL, 10);
5143 }
5144 conn->birth_time = time(NULL);
5145 }
5146 return ebuf[0] == '\0';
5147}
5148
5151 int keep_alive_enabled, keep_alive, discard_len;
5152 char ebuf[100];
5153
5155 keep_alive = 0;
5156
5157 // Important: on new connection, reset the receiving buffer. Credit goes
5158 // to crule42.
5159 conn->data_len = 0;
5160 do {
5163 conn->must_close = 1;
5171 }
5172
5173 if (ebuf[0] == '\0') {
5174 handle_request(conn);
5176 log_access(conn);
5177 }
5180 // Important! When having connections with and without auth
5181 // would cause double free and then crash
5182 ri->remote_user = NULL;
5183 }
5184
5185 // NOTE(lsm): order is important here. should_keep_alive() call
5186 // is using parsed request, which will be invalid after memmove's below.
5187 // Therefore, memorize should_keep_alive() result now for later use
5188 // in loop exit condition.
5191
5192 // Discard all buffered data for this request
5196 assert(discard_len >= 0);
5198 conn->data_len -= discard_len;
5199 assert(conn->data_len >= 0);
5201 } while (keep_alive);
5202}
5203
5204// Worker threads take accepted socket from the queue
5206 (void) pthread_mutex_lock(&ctx->mutex);
5208
5209 // If the queue is empty, wait. We're idle at this point.
5212 }
5213
5214 // If we're stopping, sq_head may be equal to sq_tail.
5216 // Copy socket from the queue and increment tail
5218 ctx->sq_tail++;
5220
5221 // Wrap pointers if needed
5225 }
5226 }
5227
5228 (void) pthread_cond_signal(&ctx->sq_empty);
5229 (void) pthread_mutex_unlock(&ctx->mutex);
5230
5232}
5233
5237
5239 if (conn == NULL) {
5241 } else {
5246
5248
5249 // Call consume_socket() even when ctx->stop_flag > 0, to let it signal
5250 // sq_empty condvar to wake up the master waiting in produce_socket()
5252 conn->birth_time = time(NULL);
5253
5254 // Fill in IP, port info early so even if SSL setup below fails,
5255 // error handler would have the corresponding info.
5256 // Thanks to Johannes Winkelmann for the patch.
5257 // TODO(lsm): Fix IPv6 case
5263
5265#ifndef NO_SSL
5267#endif
5268 ) {
5269 process_new_connection(conn);
5270 }
5271
5272 close_connection(conn);
5273 }
5275 free(conn);
5276 }
5277
5278 // Signal master that we're done with connection and exiting
5284
5286 return NULL;
5287}
5288
5289// Master thread adds accepted socket to a queue
5292
5293 // If the queue is full, wait
5297 }
5298
5300 // Copy socket to the queue and increment head
5304 }
5305
5308}
5309
5311#ifdef _WIN32
5312 DWORD t = milliseconds;
5313#else
5314 struct timeval t;
5315 t.tv_sec = milliseconds / 1000;
5316 t.tv_usec = (milliseconds * 1000) % 1000000;
5317#endif
5318 return setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (void *) &t, sizeof(t)) ||
5319 setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (void *) &t, sizeof(t));
5320}
5321
5327 int on = 1;
5328 extern int check_midas_acl(const struct sockaddr *sa, int len);
5329
5331 } else if ((!check_acl(ctx, ntohl(* (uint32_t *) &so.rsa.sin.sin_addr))) || (!check_midas_acl(&so.rsa.sa, len))) {
5335 } else {
5336 // Put so socket structure into the queue
5342 // Set TCP keep-alive. This is needed because if HTTP-level keep-alive
5343 // is enabled, and client resets the connection, server won't get
5344 // TCP FIN or RST and will keep the connection open forever. With TCP
5345 // keep-alive, next keep-alive handshake will figure out that the client
5346 // is down and will close the server end.
5347 // Thanks to Igor Klopov who suggested the patch.
5350 produce_socket(ctx, &so);
5351 }
5352}
5353
5356 struct pollfd *pfd;
5358
5359 // Increase priority of the master thread
5360#if defined(_WIN32)
5361 SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_ABOVE_NORMAL);
5362#endif
5363
5364#if defined(ISSUE_317)
5365 struct sched_param sched_param;
5366 sched_param.sched_priority = sched_get_priority_max(SCHED_RR);
5367 pthread_setschedparam(pthread_self(), SCHED_RR, &sched_param);
5368#endif
5369
5371
5376 pfd[i].events = POLLIN;
5377 }
5378
5381 // NOTE(lsm): on QNX, poll() returns POLLRDNORM after the
5382 // successfull poll, and POLLIN is defined as (POLLRDNORM | POLLRDBAND)
5383 // Therefore, we're checking pfd[i].revents & POLLIN, not
5384 // pfd[i].revents == POLLIN.
5387 }
5388 }
5389 }
5390 }
5391 free(pfd);
5393
5394 // Stop signal received: somebody called mg_stop. Quit.
5395 close_all_listening_sockets(ctx);
5396
5397 // Wakeup workers that are waiting for connections to handle.
5398 pthread_cond_broadcast(&ctx->sq_full);
5399
5400 // Wait until all threads finish
5401 (void) pthread_mutex_lock(&ctx->mutex);
5404 }
5405 (void) pthread_mutex_unlock(&ctx->mutex);
5406
5407 // All threads exited, no sync is needed. Destroy mutex and condvars
5408 (void) pthread_mutex_destroy(&ctx->mutex);
5409 (void) pthread_cond_destroy(&ctx->cond);
5410 (void) pthread_cond_destroy(&ctx->sq_empty);
5411 (void) pthread_cond_destroy(&ctx->sq_full);
5412
5413#if !defined(NO_SSL)
5414 uninitialize_ssl(ctx);
5415#endif
5417
5419
5420 // Signal mg_stop() that we're done.
5421 // WARNING: This must be the very last thing this
5422 // thread does, as ctx becomes invalid after this line.
5423 ctx->stop_flag = 2;
5424 return NULL;
5425}
5426
5429
5430 // Deallocate config parameters
5434 }
5435
5436#ifndef NO_SSL
5437 // Deallocate SSL context
5439 SSL_CTX_free(ctx->ssl_ctx);
5440 }
5442 free(ssl_mutexes);
5443 ssl_mutexes = NULL;
5444 }
5445#endif // !NO_SSL
5446
5447 // Deallocate context itself
5448 free(ctx);
5449}
5450
5452 ctx->stop_flag = 1;
5453
5454 // Wait until mg_fini() stops
5456 (void) mg_sleep(10);
5457 }
5458 free_context(ctx);
5459
5460#if defined(_WIN32) && !defined(__SYMBIAN32__)
5461 (void) WSACleanup();
5462#endif // _WIN32
5463}
5464
5466 mg_event_handler_t func,
5471
5472#if defined(_WIN32) && !defined(__SYMBIAN32__)
5473 WSADATA data;
5474 WSAStartup(MAKEWORD(2,2), &data);
5475#endif // _WIN32
5476
5477 // Allocate context and initialize reasonable general case defaults.
5478 // TODO(lsm): do proper error handling here.
5480 return NULL;
5481 }
5482 ctx->event_handler = func;
5484
5488 free_context(ctx);
5489 return NULL;
5492 free_context(ctx);
5493 return NULL;
5494 }
5498 }
5501 }
5502
5503 // Set default value if needed
5508 }
5509 }
5510
5511 // NOTE(lsm): order is important here. SSL certificates must
5512 // be initialized before listening ports. UID must be set last.
5514#if !defined(NO_SSL)
5515 !set_ssl_option(ctx) ||
5516#endif
5517 !set_ports_option(ctx) ||
5518#if !defined(_WIN32)
5519 !set_uid_option(ctx) ||
5520#endif
5521 !set_acl_option(ctx)) {
5522 free_context(ctx);
5523 return NULL;
5524 }
5525
5526#if !defined(_WIN32) && !defined(__SYMBIAN32__)
5527 // Ignore SIGPIPE signal, so if browser cancels the request, it
5528 // won't kill the whole process.
5529 (void) signal(SIGPIPE, SIG_IGN);
5530#endif // !_WIN32
5531
5532 (void) pthread_mutex_init(&ctx->mutex, NULL);
5533 (void) pthread_cond_init(&ctx->cond, NULL);
5534 (void) pthread_cond_init(&ctx->sq_empty, NULL);
5535 (void) pthread_cond_init(&ctx->sq_full, NULL);
5536
5537 // Start master (listening) thread
5539
5540 // Start worker threads
5544 } else {
5545 ctx->num_threads++;
5546 }
5547 }
5548
5549 return ctx;
5550}
5551
5552#ifdef USE_LUA
5553#ifdef _WIN32
5556 HANDLE fh = (HANDLE) _get_osfhandle(fd);
5557 HANDLE mh = CreateFileMapping(fh, 0, PAGE_READONLY, 0, 0, 0);
5559 CloseHandle(mh);
5560 return p;
5561}
5562#define munmap(x, y) UnmapViewOfFile(x)
5563#define MAP_FAILED NULL
5564#define MAP_PRIVATE 0
5565#define PROT_READ 0
5566#else
5567#include <sys/mman.h>
5568#endif
5569
5570static const char *LUASOCKET = "luasocket";
5571
5572// Forward declarations
5575
5577 lua_pushstring(L, name);
5578 lua_pushstring(L, val);
5579 lua_rawset(L, -3);
5580}
5581
5583 lua_pushstring(L, name);
5584 lua_pushinteger(L, val);
5585 lua_rawset(L, -3);
5586}
5587
5590 lua_pushstring(L, name);
5591 lua_pushlightuserdata(L, conn);
5592 lua_pushcclosure(L, func, 1);
5593 lua_rawset(L, -3);
5594}
5595
5596static int lsp_sock_close(lua_State *L) {
5597 if (lua_gettop(L) > 0 && lua_istable(L, -1)) {
5598 lua_getfield(L, -1, "sock");
5600 } else {
5601 return luaL_error(L, "invalid :close() call");
5602 }
5603 return 1;
5604}
5605
5606static int lsp_sock_recv(lua_State *L) {
5607 char buf[2000];
5609
5610 if (lua_gettop(L) > 0 && lua_istable(L, -1)) {
5611 lua_getfield(L, -1, "sock");
5614 lua_pushnil(L);
5615 } else {
5616 lua_pushlstring(L, buf, n);
5617 }
5618 } else {
5619 return luaL_error(L, "invalid :close() call");
5620 }
5621 return 1;
5622}
5623
5624static int lsp_sock_send(lua_State *L) {
5625 const char *buf;
5626 size_t len, sent = 0;
5628
5629 if (lua_gettop(L) > 1 && lua_istable(L, -2) && lua_isstring(L, -1)) {
5630 buf = lua_tolstring(L, -1, &len);
5631 lua_getfield(L, -2, "sock");
5632 sock = (int) lua_tonumber(L, -1);
5633 while (sent < len) {
5635 break;
5636 }
5637 sent += n;
5638 }
5639 lua_pushnumber(L, n);
5640 } else {
5641 return luaL_error(L, "invalid :close() call");
5642 }
5643 return 1;
5644}
5645
5646static const struct luaL_Reg luasocket_methods[] = {
5647 {"close", lsp_sock_close},
5648 {"send", lsp_sock_send},
5649 {"recv", lsp_sock_recv},
5650 {NULL, NULL}
5651};
5652
5653static int lsp_connect(lua_State *L) {
5654 char ebuf[100];
5655 SOCKET sock;
5656
5657 if (lua_isstring(L, -3) && lua_isnumber(L, -2) && lua_isnumber(L, -1)) {
5659 (int) lua_tonumber(L, -1), ebuf, sizeof(ebuf));
5661 return luaL_error(L, ebuf);
5662 } else {
5663 lua_newtable(L);
5664 reg_int(L, "sock", sock);
5665 reg_string(L, "host", lua_tostring(L, -4));
5666 luaL_getmetatable(L, LUASOCKET);
5667 lua_setmetatable(L, -2);
5668 }
5669 } else {
5670 return luaL_error(L, "connect(host,port,is_ssl): invalid parameter given.");
5671 }
5672 return 1;
5673}
5674
5675static int lsp_error(lua_State *L) {
5676 lua_getglobal(L, "mg");
5677 lua_getfield(L, -1, "onerror");
5678 lua_pushvalue(L, -3);
5679 lua_pcall(L, 1, 0, 0);
5680 return 0;
5681}
5682
5683// Silently stop processing chunks.
5684static void lsp_abort(lua_State *L) {
5685 int top = lua_gettop(L);
5686 lua_getglobal(L, "mg");
5687 lua_pushnil(L);
5688 lua_setfield(L, -2, "onerror");
5689 lua_settop(L, top);
5690 lua_pushstring(L, "aborting");
5691 lua_error(L);
5692}
5693
5695 const char *p, int64_t len, lua_State *L) {
5698
5706
5707 snprintf(chunkname, sizeof(chunkname), "@%s+%i", path, lines);
5708 lua_pushlightuserdata(L, conn);
5709 lua_pushcclosure(L, lsp_error, 1);
5711 // Syntax error or OOM. Error message is pushed on stack.
5712 lua_pcall(L, 1, 0, 0);
5713 } else {
5714 // Success loading chunk. Call it.
5715 lua_pcall(L, 0, 0, 1);
5716 }
5717
5718 pos = j + 2;
5719 i = pos - 1;
5720 break;
5721 }
5722 }
5723 if (lualines > 0) {
5724 lines += lualines;
5725 lualines = 0;
5726 }
5727 }
5728 }
5729
5732 }
5733
5734 return 0;
5735}
5736
5737static int lsp_write(lua_State *L) {
5740 size_t size;
5742
5743 num_args = lua_gettop(L);
5748 }
5749 }
5750
5751 return 0;
5752}
5753
5754static int lsp_read(lua_State *L) {
5758
5759 if (len <= 0) return 0;
5760 lua_pushlstring(L, buf, len);
5761
5762 return 1;
5763}
5764
5765// mg.include: Include another .lp file
5766static int lsp_include(lua_State *L) {
5770 // handle_lsp_request returned an error code, meaning an error occured in
5771 // the included page and mg.onerror returned non-zero. Stop processing.
5772 lsp_abort(L);
5773 }
5774 return 0;
5775}
5776
5777// mg.cry: Log an error. Default value for mg.onerror.
5778static int lsp_cry(lua_State *L){
5781 return 0;
5782}
5783
5784// mg.redirect: Redirect the request (internally).
5785static int lsp_redirect(lua_State *L) {
5788 handle_request(conn);
5789 lsp_abort(L);
5790 return 0;
5791}
5792
5795 extern void luaL_openlibs(lua_State *);
5797
5798 luaL_openlibs(L);
5799#ifdef USE_LUA_SQLITE3
5800 { extern int luaopen_lsqlite3(lua_State *); luaopen_lsqlite3(L); }
5801#endif
5802
5803 luaL_newmetatable(L, LUASOCKET);
5804 lua_pushliteral(L, "__index");
5805 luaL_newlib(L, luasocket_methods);
5806 lua_rawset(L, -3);
5807 lua_pop(L, 1);
5808 lua_register(L, "connect", lsp_connect);
5809
5810 if (conn == NULL) return;
5811
5812 // Register mg module
5813 lua_newtable(L);
5814
5815 reg_function(L, "read", lsp_read, conn);
5816 reg_function(L, "write", lsp_write, conn);
5817 reg_function(L, "cry", lsp_cry, conn);
5818 reg_function(L, "include", lsp_include, conn);
5819 reg_function(L, "redirect", lsp_redirect, conn);
5821
5822 // Export request_info
5823 lua_pushstring(L, "request_info");
5824 lua_newtable(L);
5832 lua_pushstring(L, "http_headers");
5833 lua_newtable(L);
5836 }
5837 lua_rawset(L, -3);
5838 lua_rawset(L, -3);
5839
5840 lua_setglobal(L, "mg");
5841
5842 // Register default mg.onerror function
5843 luaL_dostring(L, "mg.onerror = function(e) mg.write('\\nLua error:\\n', "
5844 "debug.traceback(e, 1)) end");
5845}
5846
5847static int lua_error_handler(lua_State *L) {
5848 const char *error_msg = lua_isstring(L, -1) ? lua_tostring(L, -1) : "?\n";
5849
5850 lua_getglobal(L, "mg");
5851 if (!lua_isnil(L, -1)) {
5852 lua_getfield(L, -1, "write"); // call mg.write()
5853 lua_pushstring(L, error_msg);
5854 lua_pushliteral(L, "\n");
5855 lua_call(L, 2, 0);
5856 luaL_dostring(L, "mg.write(debug.traceback(), '\\n')");
5857 } else {
5858 printf("Lua error: [%s]\n", error_msg);
5859 luaL_dostring(L, "print(debug.traceback(), '\\n')");
5860 }
5861 // TODO(lsm): leave the stack balanced
5862
5863 return 0;
5864}
5865
5867 const void **exports) {
5869 lua_State *L;
5870
5871 if (path != NULL && (L = luaL_newstate()) != NULL) {
5872 prepare_lua_environment(conn, L);
5873 lua_pushcclosure(L, &lua_error_handler, 0);
5874
5875 lua_pushglobaltable(L);
5876 if (exports != NULL) {
5878 lua_pushstring(L, exports[i]);
5879 lua_pushcclosure(L, (lua_CFunction) exports[i + 1], 0);
5880 lua_rawset(L, -3);
5881 }
5882 }
5883
5884 if (luaL_loadfile(L, path) != 0) {
5885 lua_error_handler(L);
5886 }
5887 lua_pcall(L, 0, 0, -2);
5888 lua_close(L);
5889 }
5890}
5891
5893 const char *fmt, ...) {
5895 va_list ap;
5896
5897 va_start(ap, fmt);
5898 vsnprintf(buf, sizeof(buf), fmt, ap);
5899 va_end(ap);
5900
5901 if (L == NULL) {
5903 } else {
5904 lua_pushstring(L, buf);
5905 lua_error(L);
5906 }
5907}
5908
5911 void *p = NULL;
5912 lua_State *L = NULL;
5913 FILE *fp = NULL;
5914 int error = 1;
5915
5916 // We need both mg_stat to get file size, and mg_fopen to get fd
5918 lsp_send_err(conn, ls, "File [%s] not found", path);
5920 fileno(fp), 0)) == MAP_FAILED) {
5922 fileno(fp), strerror(errno));
5923 } else if ((L = ls != NULL ? ls : luaL_newstate()) == NULL) {
5925 } else {
5926 // We're not sending HTTP headers here, Lua page must do it.
5927 if (ls == NULL) {
5928 prepare_lua_environment(conn, L);
5929 }
5930 error = lsp(conn, path, p, filep->size, L);
5931 }
5932
5933 if (L != NULL && ls == NULL) lua_close(L);
5935 fclose(fp);
5936
5937 return error;
5938}
5939#endif // USE_LUA
int mg_modify_passwords_file(const char *fname, const char *domain, const char *user, const char *pass)
Definition mongoose4.cxx:1314
int mg_websocket_read(struct mg_connection *, int *bits, char **data)
void mg_close_connection(struct mg_connection *conn)
Definition mongoose4.cxx:5097
int mg_websocket_write(struct mg_connection *conn, int opcode, const char *data, size_t data_len)
const char * mg_get_header(const struct mg_connection *conn, const char *name)
Definition mongoose4.cxx:693
int mg_get_var(const char *data, size_t data_len, const char *name, char *dst, size_t dst_len)
Definition mongoose4.cxx:2631
struct mg_context * mg_start(const char **options, mg_event_handler_t func, void *user_data)
Definition mongoose4.cxx:5466
int mg_url_decode(const char *src, int src_len, char *dst, int dst_len, int is_form_url_encoded)
Definition mongoose4.cxx:2606
int mg_write(struct mg_connection *conn, const void *buf, int len)
Definition mongoose4.cxx:2568
const char * mg_get_builtin_mime_type(const char *path)
Definition mongoose4.cxx:2895
FILE * mg_upload(struct mg_connection *conn, const char *destination_dir, char *path, int path_len)
Definition mongoose4.cxx:4543
void mg_send_file(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:3332
int mg_get_cookie(const char *cookie_header, const char *var_name, char *dst, size_t dst_size)
Definition mongoose4.cxx:2678
void mg_websocket_handshake(struct mg_connection *)
struct mg_request_info::mg_header http_headers[64]
int mg_vprintf(struct mg_connection *conn, const char *fmt, va_list ap)
Definition mongoose4.cxx:1908
int mg_printf(struct mg_connection *conn, const char *fmt,...)
Definition mongoose4.cxx:1922
static int is_put_or_delete_request(const struct mg_connection *conn)
Definition mongoose4.cxx:4681
static void process_new_connection(struct mg_connection *conn)
Definition mongoose4.cxx:5150
static int mg_strncasecmp(const char *s1, const char *s2, size_t len)
Definition mongoose4.cxx:544
static int is_authorized_for_put(struct mg_connection *conn)
Definition mongoose4.cxx:1301
static void sockaddr_to_string(char *buf, size_t len, const union usa *usa)
Definition mongoose4.cxx:2342
static int consume_socket(struct mg_context *ctx, struct socket *sp)
Definition mongoose4.cxx:5206
static int check_authorization(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:1261
#define HEXTOI(x)
static int check_acl(struct mg_context *ctx, uint32_t remote_ip)
Definition mongoose4.cxx:4977
static int64_t left_to_read(const struct mg_connection *conn)
Definition mongoose4.cxx:2315
static void ssl_locking_callback(int mode, int mutex_num, const char *file, int line)
Definition mongoose4.cxx:2010
static void put_file(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:3936
static void do_ssi_exec(struct mg_connection *conn, char *tag)
Definition mongoose4.cxx:4017
static void mg_strlcpy(register char *dst, register const char *src, size_t n)
Definition mongoose4.cxx:533
void mg_url_encode(const char *src, char *dst, size_t dst_len)
Definition mongoose4.cxx:2938
static int set_sock_timeout(SOCKET sock, int milliseconds)
Definition mongoose4.cxx:5311
static void send_http_error(struct mg_connection *, int, const char *, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(4
static int set_throttle(const char *spec, uint32_t remote_ip, const char *uri)
Definition mongoose4.cxx:4511
static int WINCDECL compare_dir_entries(const void *p1, const void *p2)
Definition mongoose4.cxx:2993
static int should_keep_alive(const struct mg_connection *conn)
Definition mongoose4.cxx:2403
static SOCKET conn2(const char *host, int port, int use_ssl, char *ebuf, size_t ebuf_len)
Definition mongoose4.cxx:2218
static void handle_file_request(struct mg_connection *conn, const char *path, struct file *filep)
Definition mongoose4.cxx:3250
static int must_hide_file(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:3019
static int parse_net(const char *spec, uint32_t *net, uint32_t *mask)
Definition mongoose4.cxx:4496
static int substitute_index_file(struct mg_connection *conn, char *path, size_t path_len, struct file *filep)
Definition mongoose4.cxx:3426
static void close_all_listening_sockets(struct mg_context *ctx)
Definition mongoose4.cxx:4821
static void prepare_cgi_environment(struct mg_connection *conn, const char *prog, struct cgi_env_block *blk)
Definition mongoose4.cxx:3592
static int check_password(const char *method, const char *ha1, const char *uri, const char *nonce, const char *nc, const char *cnonce, const char *qop, const char *response)
Definition mongoose4.cxx:1110
static const char * get_header(const struct mg_request_info *ri, const char *name)
Definition mongoose4.cxx:682
static int mg_chunked_printf(struct mg_connection *conn, const char *fmt,...)
Definition mongoose4.cxx:1928
static void print_dav_dir_entry(struct de *de, void *data)
Definition mongoose4.cxx:4148
static void dir_scan_callback(struct de *de, void *data)
Definition mongoose4.cxx:3123
static void remove_double_dots_and_double_slashes(char *s)
Definition mongoose4.cxx:2819
static void reset_per_request_attributes(struct mg_connection *conn)
Definition mongoose4.cxx:5040
static int alloc_vprintf(char **buf, size_t size, const char *fmt, va_list ap)
Definition mongoose4.cxx:1884
static int is_not_modified(const struct mg_connection *conn, const struct file *filep)
Definition mongoose4.cxx:3471
static void print_props(struct mg_connection *conn, const char *uri, struct file *filep)
Definition mongoose4.cxx:4126
static void handle_propfind(struct mg_connection *conn, const char *path, struct file *filep)
Definition mongoose4.cxx:4158
static void accept_new_connection(const struct socket *listener, struct mg_context *ctx)
Definition mongoose4.cxx:5323
struct mg_connection * mg_download(const char *host, int port, int use_ssl, char *ebuf, size_t ebuf_len, const char *fmt,...)
Definition mongoose4.cxx:2292
static void parse_http_headers(char **buf, struct mg_request_info *ri)
Definition mongoose4.cxx:3344
static void get_mime_type(struct mg_context *ctx, const char *path, struct vec *vec)
Definition mongoose4.cxx:2914
static void MD5Transform(uint32_t buf[4], uint32_t const in[16])
Definition mongoose4.cxx:926
static int64_t push(FILE *fp, SOCKET sock, SSL *ssl, const char *buf, int64_t len)
Definition mongoose4.cxx:2451
static char * skip_quoted(char **buf, const char *delimiters, const char *whitespace, char quotechar)
Definition mongoose4.cxx:632
static FILE * open_auth_file(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:1139
static int forward_body_data(struct mg_connection *conn, FILE *fp, SOCKET sock, SSL *ssl)
Definition mongoose4.cxx:3481
static int sslize(struct mg_connection *conn, SSL_CTX *s, int(*func)(SSL *))
Definition mongoose4.cxx:1997
static void MD5Update(MD5_CTX *ctx, unsigned char const *buf, unsigned len)
Definition mongoose4.cxx:1008
static int get_first_ssl_listener_index(const struct mg_context *ctx)
Definition mongoose4.cxx:4688
static void log_header(const struct mg_connection *conn, const char *header, FILE *fp)
Definition mongoose4.cxx:4932
static uint32_t get_remote_ip(const struct mg_connection *conn)
Definition mongoose4.cxx:4539
static void handle_directory_request(struct mg_connection *conn, const char *dir)
Definition mongoose4.cxx:3142
static void gmt_time_string(char *buf, size_t buf_len, time_t *t)
Definition mongoose4.cxx:3232
static const char * mg_strcasestr(const char *big_str, const char *small_str)
Definition mongoose4.cxx:579
static int pull_all(FILE *fp, struct mg_connection *conn, char *buf, int len)
Definition mongoose4.cxx:2510
static void send_file_data(struct mg_connection *conn, FILE *fp, int64_t offset, int64_t len)
Definition mongoose4.cxx:3195
static void bin2str(char *to, const unsigned char *p, size_t len)
Definition mongoose4.cxx:1079
static void handle_options_request(struct mg_connection *conn)
Definition mongoose4.cxx:4116
static const char * next_option(const char *list, struct vec *val, struct vec *eq_val)
Definition mongoose4.cxx:703
static const char * suggest_connection_header(const struct mg_connection *conn)
Definition mongoose4.cxx:2416
static void do_ssi_include(struct mg_connection *conn, const char *ssi, char *tag, int include_level)
Definition mongoose4.cxx:3972
static int read_request(FILE *fp, struct mg_connection *conn, char *buf, int bufsiz, int *nread)
Definition mongoose4.cxx:3406
static void handle_ssi_file_request(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:4095
static int parse_range_header(const char *header, int64_t *a, int64_t *b)
Definition mongoose4.cxx:3228
static pid_t spawn_process(struct mg_connection *conn, const char *prog, char *envblk, char *envp[], int fdin, int fdout, const char *dir)
Definition mongoose4.cxx:1822
static void handle_delete_request(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:4711
static int parse_auth_header(struct mg_connection *conn, char *buf, size_t buf_size, struct ah *ah)
Definition mongoose4.cxx:1173
struct mg_connection * mg_connect(const char *host, int port, int use_ssl, char *ebuf, size_t ebuf_len)
Definition mongoose4.cxx:2252
static void construct_etag(char *buf, size_t buf_len, const struct file *filep)
Definition mongoose4.cxx:3236
static void send_ssi_file(struct mg_connection *, const char *, FILE *, int)
Definition mongoose4.cxx:4032
static int scan_directory(struct mg_connection *conn, const char *dir, void *data, void(*cb)(struct de *, void *))
Definition mongoose4.cxx:3026
static void produce_socket(struct mg_context *ctx, const struct socket *sp)
Definition mongoose4.cxx:5291
static void send_authorization_request(struct mg_connection *conn)
Definition mongoose4.cxx:1290
static int convert_uri_to_file_name(struct mg_connection *conn, char *buf, size_t buf_len, struct file *filep)
Definition mongoose4.cxx:2718
static int parse_port_string(const struct vec *vec, struct socket *so)
Definition mongoose4.cxx:4836
static char * addenv(struct cgi_env_block *block, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(2
static const struct @22 builtin_mime_types[]
static int match_prefix(const char *pattern, int pattern_len, const char *str)
Definition mongoose4.cxx:737
static int remove_directory(struct mg_connection *conn, const char *dir)
Definition mongoose4.cxx:3064
static int get_request_len(const char *buf, int buf_len)
Definition mongoose4.cxx:2796
static int mg_vsnprintf(char *buf, size_t buflen, const char *fmt, va_list ap)
Definition mongoose4.cxx:595
static void handle_cgi_request(struct mg_connection *conn, const char *prog)
Definition mongoose4.cxx:3714
static void static void static int getreq(struct mg_connection *conn, char *ebuf, size_t ebuf_len)
Definition mongoose4.cxx:5113
static int mg_snprintf(char *buf, size_t buflen, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(3
static void static void cry(struct mg_connection *conn, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(2
static void close_socket_gracefully(struct mg_connection *conn)
Definition mongoose4.cxx:5047
static int call_user(int type, struct mg_connection *conn, void *p)
Definition mongoose4.cxx:2319
static int parse_http_message(char *buf, int len, struct mg_request_info *ri)
Definition mongoose4.cxx:3368
static void close_connection(struct mg_connection *conn)
Definition mongoose4.cxx:5080
static int pull(FILE *fp, struct mg_connection *conn, char *buf, int len)
Definition mongoose4.cxx:2487
static void redirect_to_https_port(struct mg_connection *conn, int ssl_index)
Definition mongoose4.cxx:4696
static int is_valid_http_method(const char *method)
Definition mongoose4.cxx:3356
const char * inet_ntop(int af, const void *src, char *dst, socklen_t size)
Definition mongoose614.cxx:14300
static int expect(struct frozen *f, const char *s, int len, enum json_type t)
Definition mongoose6.cxx:807
Definition mongoose6.h:930
Definition mongoose4.cxx:1168
Definition mongoose4.cxx:3547
Definition mongoose4.cxx:502
Definition mongoose4.cxx:3108
Definition mongoose4.cxx:426
Definition mongoose6.h:1246
Definition mongoose4.cxx:457
Definition mongoose4.h:36
Definition mongoose4.cxx:438
Definition tinyexpr.c:70
Definition mongoose4.cxx:421
Definition mongoose6.cxx:1511
Definition mongoose4.cxx:412
◆ MG_BUF_LEN
| #define MG_BUF_LEN 8192 |
Definition at line 265 of file mongoose4.cxx.
◆ mg_mkdir
| #define mg_mkdir | ( | x, | |
| y | |||
| ) | mkdir(x, y) |
Definition at line 248 of file mongoose4.cxx.
◆ mg_remove
| #define mg_remove | ( | x | ) | remove(x) |
Definition at line 249 of file mongoose4.cxx.
◆ mg_sleep
| #define mg_sleep | ( | x | ) | usleep((x) * 1000) |
Definition at line 250 of file mongoose4.cxx.
◆ MGSQLEN
| #define MGSQLEN 20 |
Definition at line 311 of file mongoose4.cxx.
◆ MONGOOSE_VERSION
| #define MONGOOSE_VERSION "4.2" |
Definition at line 261 of file mongoose4.cxx.
◆ MSG_NOSIGNAL
| #define MSG_NOSIGNAL 0 |
Definition at line 298 of file mongoose4.cxx.
◆ NO_SSL_DL
| #define NO_SSL_DL 1 |
Definition at line 19 of file mongoose4.cxx.
◆ O_BINARY
| #define O_BINARY 0 |
Definition at line 245 of file mongoose4.cxx.
◆ PASSWORDS_FILE_NAME
| #define PASSWORDS_FILE_NAME ".htpasswd" |
Definition at line 262 of file mongoose4.cxx.
◆ PATH_MAX
| #define PATH_MAX 4096 |
Definition at line 306 of file mongoose4.cxx.
◆ SOMAXCONN
| #define SOMAXCONN 100 |
Definition at line 302 of file mongoose4.cxx.
◆ SSL_LIB
| #define SSL_LIB "libssl.so" |
Definition at line 238 of file mongoose4.cxx.
◆ STRUCT_FILE_INITIALIZER
| #define STRUCT_FILE_INITIALIZER { 0, 0, 0, 0 } |
Definition at line 434 of file mongoose4.cxx.
◆ WINCDECL
| #define WINCDECL |
Definition at line 255 of file mongoose4.cxx.
Typedef Documentation
◆ MD5_CTX
| typedef struct MD5Context MD5_CTX |
◆ SOCKET
| typedef int SOCKET |
Definition at line 254 of file mongoose4.cxx.
Enumeration Type Documentation
◆ anonymous enum
| anonymous enum |
Definition at line 447 of file mongoose4.cxx.
Function Documentation
◆ accept_new_connection()
|
static |
Definition at line 5323 of file mongoose4.cxx.
5324 {
5327 socklen_t len = sizeof(so.rsa);
5328 int on = 1;
5329 extern int check_midas_acl(const struct sockaddr *sa, int len);
5330
5332 } else if ((!check_acl(ctx, ntohl(* (uint32_t *) &so.rsa.sin.sin_addr))) || (!check_midas_acl(&so.rsa.sa, len))) {
5335 closesocket(so.sock);
5336 } else {
5337 // Put so socket structure into the queue
5339 set_close_on_exec(so.sock);
5340 so.is_ssl = listener->is_ssl;
5341 so.ssl_redir = listener->ssl_redir;
5342 getsockname(so.sock, &so.lsa.sa, &len);
5343 // Set TCP keep-alive. This is needed because if HTTP-level keep-alive
5344 // is enabled, and client resets the connection, server won't get
5345 // TCP FIN or RST and will keep the connection open forever. With TCP
5346 // keep-alive, next keep-alive handshake will figure out that the client
5347 // is down and will close the server end.
5348 // Thanks to Igor Klopov who suggested the patch.
5349 setsockopt(so.sock, SOL_SOCKET, SO_KEEPALIVE, (void *) &on, sizeof(on));
5351 produce_socket(ctx, &so);
5352 }
5353}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ addenv() [1/2]
|
static |
Definition at line 3561 of file mongoose4.cxx.
3561 {
3563 char *added;
3564 va_list ap;
3565
3566 // Calculate how much space is left in the buffer
3568 assert(space >= 0);
3569
3570 // Make a pointer to the free space int the buffer
3572
3573 // Copy VARIABLE=VALUE\0 string into the free space
3574 va_start(ap, fmt);
3576 va_end(ap);
3577
3578 // Make sure we do not overflow buffer and the envp array
3581 // Append a pointer to the added string into the envp array
3583 // Bump up used length counter. Include \0 terminator
3585 } else {
3587 }
3588
3589 return added;
3590}
Here is the call graph for this function:
◆ addenv() [2/2]
|
static |
Here is the caller graph for this function:
◆ alloc_vprintf()
|
static |
Definition at line 1884 of file mongoose4.cxx.
1884 {
1885 va_list ap_copy;
1886 int len;
1887
1888 // Windows is not standard-compliant, and vsnprintf() returns -1 if
1889 // buffer is too small. Also, older versions of msvcrt.dll do not have
1890 // _vscprintf(). However, if size is 0, vsnprintf() behaves correctly.
1891 // Therefore, we make two passes: on first pass, get required message length.
1892 // On second pass, actually print the message.
1893 va_copy(ap_copy, ap);
1894 len = vsnprintf(NULL, 0, fmt, ap_copy);
1895
1896 if (len > (int) size &&
1897 (size = len + 1) > 0 &&
1898 (*buf = (char *) malloc(size)) == NULL) {
1899 len = -1; // Allocation failed, mark failure
1900 } else {
1901 va_copy(ap_copy, ap);
1902 vsnprintf(*buf, size, fmt, ap_copy);
1903 }
1904
1905 return len;
1906}
Here is the caller graph for this function:
◆ authorize()
|
static |
Definition at line 1237 of file mongoose4.cxx.
1237 {
1240
1242 return 0;
1243 }
1244
1245 // Loop over passwords file
1247 if (sscanf(line, "%[^:]:%[^:]:%s", f_user, f_domain, ha1) != 3) {
1248 continue;
1249 }
1250
1255 }
1256
1257 return 0;
1258}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ bin2str()
|
static |
Definition at line 1079 of file mongoose4.cxx.
1079 {
1080 static const char *hex = "0123456789abcdef";
1081
1082 for (; len--; p++) {
1083 *to++ = hex[p[0] >> 4];
1084 *to++ = hex[p[0] & 0x0f];
1085 }
1086 *to = '\0';
1087}
Here is the caller graph for this function:
◆ byteReverse()
|
static |
Definition at line 892 of file mongoose4.cxx.
892 {
893 uint32_t t;
894
895 // Forrest: MD5 expect LITTLE_ENDIAN, swap if BIG_ENDIAN
897 do {
898 t = (uint32_t) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
899 ((unsigned) buf[1] << 8 | buf[0]);
900 * (uint32_t *) buf = t;
901 buf += 4;
902 } while (--longs);
903 }
904}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ call_user()
|
static |
Definition at line 2319 of file mongoose4.cxx.
2319 {
2326 }
2329}
Here is the caller graph for this function:
◆ check_acl()
|
static |
Definition at line 4977 of file mongoose4.cxx.
4977 {
4978 int allowed, flag;
4979 uint32_t net, mask;
4982
4983 // If any ACL is set, deny by default
4985
4988 if ((flag != '+' && flag != '-') ||
4991 return -1;
4992 }
4993
4995 allowed = flag;
4996 }
4997 }
4998
4999 return allowed == '+';
5000}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ check_authorization()
|
static |
Definition at line 1261 of file mongoose4.cxx.
1261 {
1265 FILE *fp = NULL;
1266 int authorized = 1;
1267
1272 (int) filename_vec.len, filename_vec.ptr);
1274 break;
1275 }
1276 }
1277
1280 }
1281
1284 fclose(fp);
1285 }
1286
1287 return authorized;
1288}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ check_password()
|
static |
Definition at line 1110 of file mongoose4.cxx.
1112 {
1113 char ha2[32 + 1], expected_response[32 + 1];
1114
1115 // Some of the parameters may be NULL
1116 if (method == NULL || nonce == NULL || nc == NULL || cnonce == NULL ||
1117 qop == NULL || response == NULL) {
1118 return 0;
1119 }
1120
1121 // NOTE(lsm): due to a bug in MSIE, we do not compare the URI
1122 // TODO(lsm): check for authentication timeout
1123 if (// strcmp(dig->uri, c->ouri) != 0 ||
1124 strlen(response) != 32
1125 // || now - strtoul(dig->nonce, NULL, 10) > 3600
1126 ) {
1127 return 0;
1128 }
1129
1132 ":", cnonce, ":", qop, ":", ha2, NULL);
1133
1135}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ close_all_listening_sockets()
|
static |
Definition at line 4821 of file mongoose4.cxx.
Here is the caller graph for this function:
◆ close_connection()
|
static |
Definition at line 5080 of file mongoose4.cxx.
5080 {
5081 conn->must_close = 1;
5082
5083#ifndef NO_SSL
5085 // Run SSL_shutdown twice to ensure completly close SSL connection
5086 SSL_shutdown(conn->ssl);
5087 SSL_free(conn->ssl);
5088 conn->ssl = NULL;
5089 }
5090#endif
5092 close_socket_gracefully(conn);
5094 }
5095}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ close_socket_gracefully()
|
static |
Definition at line 5047 of file mongoose4.cxx.
5047 {
5048#if defined(_WIN32)
5051#endif
5052 struct linger linger;
5053
5054 // Set linger option to avoid socket hanging out after close. This prevent
5055 // ephemeral port exhaust problem under high QPS.
5056 linger.l_onoff = 1;
5057 linger.l_linger = 1;
5059 (char *) &linger, sizeof(linger));
5060
5061 // Send FIN to the client
5064
5065#if defined(_WIN32)
5066 // Read and discard pending incoming data. If we do not do that and close the
5067 // socket, the data in the send buffer may be discarded. This
5068 // behaviour is seen on Windows, when client keeps sending data
5069 // when server decides to close the connection; then when client
5070 // does recv() it gets no data back.
5071 do {
5074#endif
5075
5076 // Now we know that our FIN is ACK-ed, safe to close
5078}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ compare_dir_entries()
|
static |
Definition at line 2993 of file mongoose4.cxx.
2993 {
2996 int cmp_result = 0;
2997
2998 if (query_string == NULL) {
2999 query_string = "na";
3000 }
3001
3003 return -1; // Always put directories on top
3005 return 1; // Always put directories on top
3006 } else if (*query_string == 'n') {
3007 cmp_result = strcmp(a->file_name, b->file_name);
3008 } else if (*query_string == 's') {
3011 } else if (*query_string == 'd') {
3014 }
3015
3016 return query_string[1] == 'd' ? -cmp_result : cmp_result;
3017}
Here is the caller graph for this function:
◆ conn2()
|
static |
Definition at line 2218 of file mongoose4.cxx.
2219 {
2220 struct sockaddr_in sin;
2221 struct hostent *he = NULL;
2223
2224 (void) use_ssl; // Prevent warning for -DNO_SSL case
2225
2226 if (host == NULL) {
2227 snprintf(ebuf, ebuf_len, "%s", "NULL host");
2228#ifndef NO_SSL
2229 } else if (use_ssl && (void *)SSLv23_client_method == NULL) {
2230 snprintf(ebuf, ebuf_len, "%s", "SSL is not initialized");
2231 // TODO(lsm): use something threadsafe instead of gethostbyname()
2232#endif
2233 } else if ((he = gethostbyname(host)) == NULL) {
2237 } else {
2238 set_close_on_exec(sock);
2239 sin.sin_family = AF_INET;
2240 sin.sin_port = htons((uint16_t) port);
2241 sin.sin_addr = * (struct in_addr *) he->h_addr_list[0];
2242 if (connect(sock, (struct sockaddr *) &sin, sizeof(sin)) != 0) {
2243 snprintf(ebuf, ebuf_len, "connect(%s:%d): %s",
2244 host, port, strerror(ERRNO));
2245 closesocket(sock);
2246 sock = INVALID_SOCKET;
2247 }
2248 }
2249 return sock;
2250}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ construct_etag()
|
static |
Definition at line 3236 of file mongoose4.cxx.
3237 {
3240}
Here is the caller graph for this function:
◆ consume_socket()
|
static |
Definition at line 5206 of file mongoose4.cxx.
5206 {
5207 (void) pthread_mutex_lock(&ctx->mutex);
5209
5210 // If the queue is empty, wait. We're idle at this point.
5213 }
5214
5215 // If we're stopping, sq_head may be equal to sq_tail.
5217 // Copy socket from the queue and increment tail
5219 ctx->sq_tail++;
5221
5222 // Wrap pointers if needed
5226 }
5227 }
5228
5229 (void) pthread_cond_signal(&ctx->sq_empty);
5230 (void) pthread_mutex_unlock(&ctx->mutex);
5231
5233}
Here is the caller graph for this function:
◆ convert_uri_to_file_name()
|
static |
Definition at line 2718 of file mongoose4.cxx.
2719 {
2723 char *p;
2724 int match_len;
2726 char const* accept_encoding;
2727
2728 // No filesystem access
2729 if (root == NULL) {
2730 return 0;
2731 }
2732
2733 // Using buf_len - 1 because memmove() for PATH_INFO may shift part
2734 // of the path one byte on the right.
2735 // If document_root is NULL, leave the file empty.
2737
2742 uri + match_len);
2743 break;
2744 }
2745 }
2746
2748 return 1;
2749 }
2750
2751 // if we can't find the actual file, look for the file
2752 // with the same name but a .gz extension. If we find it,
2753 // use that and set the gzipped flag in the file struct
2754 // to indicate that the response need to have the content-
2755 // encoding: gzip header
2756 // we can only do this if the browser declares support
2758 if (strstr(accept_encoding,"gzip") != NULL) {
2759 snprintf(gz_path, sizeof(gz_path), "%s.gz", buf);
2761 filep->gzipped = 1;
2762 return 1;
2763 }
2764 }
2765 }
2766
2767 // Support PATH_INFO for CGI scripts.
2768 for (p = buf + strlen(root == NULL ? "" : root); *p != '\0'; p++) {
2769 if (*p == '/') {
2770 *p = '\0';
2773 mg_stat(buf, filep)) {
2774 // Shift PATH_INFO block one character right, e.g.
2775 // "/x.cgi/foo/bar\x00" => "/x.cgi\x00/foo/bar\x00"
2776 // conn->path_info is pointing to the local variable "path" declared
2777 // in handle_request(), so PATH_INFO is not valid after
2778 // handle_request returns.
2779 conn->path_info = p + 1;
2780 memmove(p + 2, p + 1, strlen(p + 1) + 1); // +1 is for trailing \0
2781 p[1] = '/';
2782 return 1;
2783 } else {
2784 *p = '/';
2785 }
2786 }
2787 }
2788
2789 return 0;
2790}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cry() [1/2]
|
static |
Definition at line 2358 of file mongoose4.cxx.
2358 {
2360 va_list ap;
2361 FILE *fp;
2362 time_t timestamp;
2363
2364 va_start(ap, fmt);
2365 (void) vsnprintf(buf, sizeof(buf), fmt, ap);
2366 va_end(ap);
2367
2368 // Do not lock when getting the callback value, here and below.
2369 // I suppose this is fine, since function cannot disappear in the
2370 // same way string option can.
2374
2376 flockfile(fp);
2377 timestamp = time(NULL);
2378
2381 src_addr);
2382
2386 }
2387
2390 funlockfile(fp);
2391 fclose(fp);
2392 }
2393 }
2394}
Here is the call graph for this function:
◆ cry() [2/2]
|
static |
Here is the caller graph for this function:
◆ dir_scan_callback()
|
static |
Definition at line 3123 of file mongoose4.cxx.
3123 {
3125
3127 dsd->arr_size *= 2;
3130 }
3132 // TODO(lsm): propagate an error to the caller
3133 dsd->num_entries = 0;
3134 } else {
3138 dsd->num_entries++;
3139 }
3140}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ do_ssi_exec()
|
static |
Definition at line 4017 of file mongoose4.cxx.
4017 {
4019 FILE *fp;
4020
4021 if (sscanf(tag, " \"%[^\"]\"", cmd) != 1) {
4025 } else {
4027 pclose(fp);
4028 }
4029}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ do_ssi_include()
|
static |
Definition at line 3972 of file mongoose4.cxx.
3973 {
3975 FILE *fp;
3976
3977 // sscanf() is safe here, since send_ssi_file() also uses buffer
3978 // of size MG_BUF_LEN to get the tag. So strlen(tag) is always < MG_BUF_LEN.
3980 // File name is relative to the webserver root
3984 // File name is relative to the webserver working directory
3985 // or it is absolute system path
3989 // File name is relative to the currect document
3991 if ((p = strrchr(path, '/')) != NULL) {
3992 p[1] = '\0';
3993 }
3994 (void) mg_snprintf(path + strlen(path),
3996 } else {
3998 return;
3999 }
4000
4003 tag, path, strerror(ERRNO));
4004 } else {
4009 } else {
4011 }
4012 fclose(fp);
4013 }
4014}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ fc()
|
static |
Definition at line 525 of file mongoose4.cxx.
525 {
528 // See https://github.com/cesanta/mongoose/issues/236
530 return &fake_connection;
531}
Here is the caller graph for this function:
◆ fclose_on_exec()
|
static |
Definition at line 3242 of file mongoose4.cxx.
Here is the caller graph for this function:
◆ forward_body_data()
|
static |
Definition at line 3481 of file mongoose4.cxx.
3482 {
3485 int nread, buffered_len, success = 0;
3486 int64_t left;
3487
3489 assert(fp != NULL);
3490
3495 } else {
3498 }
3499
3502 assert(buffered_len >= 0);
3503
3504 if (buffered_len > 0) {
3506 buffered_len = (int) conn->content_len;
3507 }
3509 memmove((char *) body, body + buffered_len, buffered_len);
3510 conn->data_len -= buffered_len;
3511 }
3512
3513 nread = 0;
3518 }
3521 break;
3522 }
3523 }
3524
3526 success = nread >= 0;
3527 }
3528
3529 // Each error code path in this function must send an error
3530 if (!success) {
3532 }
3533 }
3534
3535 return success;
3536}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ free_context()
|
static |
Definition at line 5428 of file mongoose4.cxx.
5428 {
5430
5431 // Deallocate config parameters
5435 }
5436
5437#ifndef NO_SSL
5438 // Deallocate SSL context
5440 SSL_CTX_free(ctx->ssl_ctx);
5441 }
5443 free(ssl_mutexes);
5444 ssl_mutexes = NULL;
5445 }
5446#endif // !NO_SSL
5447
5448 // Deallocate context itself
5449 free(ctx);
5450}
Here is the caller graph for this function:
◆ get_first_ssl_listener_index()
|
static |
Definition at line 4688 of file mongoose4.cxx.
4688 {
4692 }
4694}
Here is the caller graph for this function:
◆ get_header()
|
static |
Definition at line 682 of file mongoose4.cxx.
683 {
685
689
690 return NULL;
691}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ get_mime_type()
|
static |
Definition at line 2914 of file mongoose4.cxx.
2915 {
2918 size_t path_len;
2919
2920 path_len = strlen(path);
2921
2922 // Scan user-defined mime types first, in case user wants to
2923 // override default mime types.
2926 // ext now points to the path suffix
2927 ext = path + path_len - ext_vec.len;
2929 *vec = mime_vec;
2930 return;
2931 }
2932 }
2933
2936}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ get_month_index()
|
static |
Definition at line 783 of file mongoose4.cxx.
783 {
785
789
790 return -1;
791}
Here is the caller graph for this function:
◆ get_option_index()
|
static |
Definition at line 859 of file mongoose4.cxx.
859 {
861
865 }
866 }
867 return -1;
868}
Here is the caller graph for this function:
◆ get_remote_ip()
|
static |
◆ get_request_len()
|
static |
Definition at line 2796 of file mongoose4.cxx.
2796 {
2798
2800 // Control characters are not allowed but >=128 is.
2801 // Abort scan as soon as one malformed character is found;
2802 // don't let subsequent \r\n\r\n win us over anyhow
2805 return -1;
2811 }
2812 }
2813
2814 return 0;
2815}
Here is the caller graph for this function:
◆ getreq()
|
static |
Definition at line 5113 of file mongoose4.cxx.
5113 {
5114 const char *cl;
5115
5116 ebuf[0] = '\0';
5117 reset_per_request_attributes(conn);
5119 &conn->data_len);
5121
5123 snprintf(ebuf, ebuf_len, "%s", "Request Too Large");
5125 snprintf(ebuf, ebuf_len, "%s", "Client closed connection");
5127 &conn->request_info) <= 0) {
5129 } else {
5130 // Request is valid. Set content_len attribute by parsing Content-Length
5131 // If Content-Length is absent, set content_len to 0 if request is GET,
5132 // and set it to INT64_MAX otherwise. Setting to INT64_MAX instructs
5133 // mg_read() to read from the socket until socket is closed.
5134 // The reason for treating GET and POST/PUT differently is that libraries
5135 // like jquery do not set Content-Length in GET requests, and we don't
5136 // want mg_read() to hang waiting until socket is timed out.
5137 // See https://github.com/cesanta/mongoose/pull/121 for more.
5138 conn->content_len = INT64_MAX;
5140 conn->content_len = 0;
5141 }
5143 conn->content_len = strtoll(cl, NULL, 10);
5144 }
5145 conn->birth_time = time(NULL);
5146 }
5147 return ebuf[0] == '\0';
5148}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ gmt_time_string()
|
static |
◆ handle_cgi_request()
|
static |
Definition at line 3714 of file mongoose4.cxx.
3714 {
3720 FILE *in = NULL, *out = NULL;
3721 pid_t pid = (pid_t) -1;
3722
3724
3725 // CGI must be executed in its own directory. 'dir' must point to the
3726 // directory containing executable program, 'p' must point to the
3727 // executable program name relative to 'dir'.
3729 if ((p = strrchr(dir, '/')) != NULL) {
3730 *p++ = '\0';
3731 } else {
3732 dir[0] = '.', dir[1] = '\0';
3733 p = (char *) prog;
3734 }
3735
3736 if (pipe(fdin) != 0 || pipe(fdout) != 0) {
3740 }
3741
3743 if (pid == (pid_t) -1) {
3747 }
3748
3749 // Make sure child closes all pipe descriptors. It must dup them to 0,1
3750 set_close_on_exec(fdin[0]);
3751 set_close_on_exec(fdin[1]);
3752 set_close_on_exec(fdout[0]);
3753 set_close_on_exec(fdout[1]);
3754
3755 // Parent closes only one side of the pipes.
3756 // If we don't mark them as closed, close() attempt before
3757 // return from this function throws an exception on Windows.
3758 // Windows does not like when closed descriptor is closed again.
3759 (void) close(fdin[0]);
3760 (void) close(fdout[1]);
3761 fdin[0] = fdout[1] = -1;
3762
3763
3764 if ((in = fdopen(fdin[1], "wb")) == NULL ||
3765 (out = fdopen(fdout[0], "rb")) == NULL) {
3769 }
3770
3771 setbuf(in, NULL);
3772 setbuf(out, NULL);
3773
3774 // Send POST data to the CGI process if needed
3778 }
3779
3780 // Close so child gets an EOF.
3781 fclose(in);
3782 in = NULL;
3783 fdin[1] = -1;
3784
3785 // Now read CGI reply into a buffer. We need to set correct
3786 // status code, thus we need to see all HTTP headers first.
3787 // Do not send anything back to client, until we buffer in all
3788 // HTTP headers.
3789 data_len = 0;
3791 if (headers_len <= 0) {
3793 "CGI program sent malformed or too big (>%u bytes) "
3794 "HTTP headers: [%.*s]",
3797 }
3798 pbuf = buf;
3800 parse_http_headers(&pbuf, &ri);
3801
3802 // Make up and send the status line
3803 status_text = "OK";
3806 status_text = status;
3807 while (isdigit(* (unsigned char *) status_text) || *status_text == ' ') {
3808 status_text++;
3809 }
3812 } else {
3814 }
3818 }
3820 status_text);
3821
3822 // Send headers
3826 }
3828
3829 // Send chunk of data that may have been read after the headers
3831 (size_t)(data_len - headers_len));
3832
3833 // Read the rest of CGI output and send to the client
3835
3836done:
3837 if (pid != (pid_t) -1) {
3838 kill(pid, SIGKILL);
3839 }
3840 if (fdin[0] != -1) {
3841 close(fdin[0]);
3842 }
3843 if (fdout[1] != -1) {
3844 close(fdout[1]);
3845 }
3846
3847 if (in != NULL) {
3848 fclose(in);
3849 } else if (fdin[1] != -1) {
3850 close(fdin[1]);
3851 }
3852
3853 if (out != NULL) {
3854 fclose(out);
3855 } else if (fdout[0] != -1) {
3856 close(fdout[0]);
3857 }
3858}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_delete_request()
|
static |
Definition at line 4711 of file mongoose4.cxx.
4712 {
4714
4719 strerror(ERRNO));
4721 remove_directory(conn, path);
4725 } else {
4727 strerror(ERRNO));
4728 }
4729}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_directory_request()
|
static |
Definition at line 3142 of file mongoose4.cxx.
3143 {
3146
3150 return;
3151 }
3152
3155
3156 conn->must_close = 1;
3158 "HTTP/1.1 200 OK\r\n"
3159 "Transfer-Encoding: Chunked\r\n"
3160 "Content-Type: text/html; charset=utf-8\r\n\r\n");
3161
3163 "<html><head><title>Index of %s</title>"
3164 "<style>th {text-align: left;}</style></head>"
3165 "<body><h1>Index of %s</h1><pre><table cellpadding=\"0\">"
3166 "<tr><th><a href=\"?n%c\">Name</a></th>"
3167 "<th><a href=\"?d%c\">Modified</a></th>"
3168 "<th><a href=\"?s%c\">Size</a></th></tr>"
3169 "<tr><td colspan=\"3\"><hr></td></tr>",
3171 sort_direction, sort_direction, sort_direction);
3172
3173 // Print first entry - link to a parent directory
3175 "<tr><td><a href=\"%s%s\">%s</a></td>"
3176 "<td> %s</td><td> %s</td></tr>\n",
3178
3179 // Sort and print directory entries
3181 compare_dir_entries);
3185 }
3186 free(data.entries);
3187
3189 "</table></body></html>");
3191 conn->status_code = 200;
3192}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_file_request()
|
static |
Definition at line 3250 of file mongoose4.cxx.
3251 {
3252 char date[64], lm[64], etag[64], range[64];
3253 const char *msg = "OK", *hdr;
3254 time_t curtime = time(NULL);
3255 int64_t cl, r1, r2;
3259 char const* encoding = "";
3260 FILE *fp;
3261
3263 cl = filep->size;
3264 conn->status_code = 200;
3265 range[0] = '\0';
3266
3267 // if this file is in fact a pre-gzipped file, rewrite its filename
3268 // it's important to rewrite the filename after resolving
3269 // the mime type from it, to preserve the actual file's type
3271 snprintf(gz_path, sizeof(gz_path), "%s.gz", path);
3272 path = gz_path;
3273 encoding = "Content-Encoding: gzip\r\n";
3274 }
3275
3279 return;
3280 }
3281
3283
3284 // If Range: header specified, act accordingly
3285 r1 = r2 = 0;
3288 r1 >= 0 && r2 >= 0) {
3289 // actually, range requests don't play well with a pre-gzipped
3290 // file (since the range is specified in the uncmpressed space)
3293 "range requests in gzipped files are not supported");
3294 return;
3295 }
3296 conn->status_code = 206;
3297 cl = n == 2 ? (r2 > cl ? cl : r2) - r1 + 1: cl - r1;
3299 "Content-Range: bytes "
3302 r1, r1 + cl - 1, filep->size);
3303 msg = "Partial Content";
3304 }
3305
3306 // Prepare Etag, Date, Last-Modified headers. Must be in UTC, according to
3307 // http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3
3311
3312 (void) mg_printf(conn,
3313 "HTTP/1.1 %d %s\r\n"
3314 "Date: %s\r\n"
3315 "Last-Modified: %s\r\n"
3316 "Etag: %s\r\n"
3317 "Content-Type: %.*s\r\n"
3319 "Connection: %s\r\n"
3320 "Accept-Ranges: bytes\r\n"
3321 "%s%s%s\r\n",
3323 mime_vec.ptr, cl, suggest_connection_header(conn), range, encoding,
3324 EXTRA_HTTP_HEADERS);
3325
3328 }
3329 fclose(fp);
3330}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_options_request()
|
static |
Definition at line 4116 of file mongoose4.cxx.
4116 {
4117 static const char reply[] = "HTTP/1.1 200 OK\r\n"
4118 "Allow: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS, PROPFIND, MKCOL\r\n"
4119 "DAV: 1\r\n\r\n";
4120
4121 conn->status_code = 200;
4123}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_propfind()
|
static |
Definition at line 4158 of file mongoose4.cxx.
4159 {
4161
4162 conn->must_close = 1;
4163 conn->status_code = 207;
4165 "Connection: close\r\n"
4166 "Content-Type: text/xml; charset=utf-8\r\n\r\n");
4167
4169 "<?xml version=\"1.0\" encoding=\"utf-8\"?>"
4170 "<d:multistatus xmlns:d='DAV:'>\n");
4171
4172 // Print properties for the requested resource itself
4174
4175 // If it is a directory, print directory entries too if Depth is not 0
4178 (depth == NULL || strcmp(depth, "0") != 0)) {
4180 }
4181
4183}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_request()
|
static |
Definition at line 4735 of file mongoose4.cxx.
4735 {
4738 int uri_len, ssl_index;
4740
4743 }
4744 uri_len = (int) strlen(ri->uri);
4749 path[0] = '\0';
4751
4752 // Perform redirect and auth checks before calling begin_request() handler.
4753 // Otherwise, begin_request() would need to perform auth checks and redirects.
4756 redirect_to_https_port(conn, ssl_index);
4757 } else if (!strcmp(ri->request_method, "OPTIONS") && (call_user(MG_REQUEST_BEGIN, conn, (void *) ri->uri) == 1)) {
4758 // CORS "pre-flight" "OPTIONS" requests are sent without authentication, duh!
4760 !check_authorization(conn, path)) {
4761 send_authorization_request(conn);
4763 // Do nothing, callback has served the request
4765 handle_options_request(conn);
4769 (is_authorized_for_put(conn) != 1)) {
4770 send_authorization_request(conn);
4772 put_file(conn, path);
4774 mkcol(conn, path);
4776 handle_delete_request(conn, path);
4778 must_hide_file(conn, path)) {
4788 handle_directory_request(conn, path);
4789 } else {
4791 "Directory listing denied");
4792 }
4793#ifdef USE_LUA
4795 handle_lsp_request(conn, path, &file, NULL);
4796#endif
4797#if !defined(NO_CGI)
4800 path) > 0) {
4806 } else {
4807 handle_cgi_request(conn, path);
4808 }
4809#endif // !NO_CGI
4812 path) > 0) {
4813 handle_ssi_file_request(conn, path);
4816 } else {
4818 }
4819}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_ssi_file_request()
|
static |
Definition at line 4095 of file mongoose4.cxx.
4096 {
4098 FILE *fp;
4099
4102 strerror(ERRNO));
4103 } else {
4104 conn->must_close = 1;
4108 "Content-Type: %.*s\r\n"
4109 "Connection: close\r\n\r\n",
4110 (int) mime_vec.len, mime_vec.ptr);
4112 fclose(fp);
4113 }
4114}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ is_authorized_for_put()
|
static |
Definition at line 1301 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ is_big_endian()
|
static |
◆ is_not_modified()
|
static |
Definition at line 3471 of file mongoose4.cxx.
3472 {
3473 char etag[64];
3479}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ is_put_or_delete_request()
|
static |
Definition at line 4681 of file mongoose4.cxx.
4681 {
4683 return s != NULL && (!strcmp(s, "PUT") ||
4684 !strcmp(s, "DELETE") ||
4685 !strcmp(s, "MKCOL"));
4686}
Here is the caller graph for this function:
◆ is_valid_http_method()
|
static |
Definition at line 3356 of file mongoose4.cxx.
3356 {
3357 return !strcmp(method, "GET") || !strcmp(method, "POST") ||
3358 !strcmp(method, "HEAD") || !strcmp(method, "CONNECT") ||
3359 !strcmp(method, "PUT") || !strcmp(method, "DELETE") ||
3360 !strcmp(method, "OPTIONS") || !strcmp(method, "PROPFIND")
3361 || !strcmp(method, "MKCOL")
3362 ;
3363}
Here is the caller graph for this function:
◆ is_valid_port()
|
static |
Definition at line 4829 of file mongoose4.cxx.
4829 {
4830 return port > 0 && port < 0xffff;
4831}
Here is the caller graph for this function:
◆ is_valid_uri()
|
static |
Definition at line 5107 of file mongoose4.cxx.
5107 {
5108 // Conform to http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
5109 // URI can be an asterisk (*) or should start with slash.
5110 return uri[0] == '/' || (uri[0] == '*' && uri[1] == '\0');
5111}
Here is the caller graph for this function:
◆ isbyte()
|
static |
◆ left_to_read()
|
static |
◆ log_access()
|
static |
Definition at line 4943 of file mongoose4.cxx.
4943 {
4945 FILE *fp;
4947
4950
4952 return;
4953
4954 strftime(date, sizeof(date), "%d/%b/%Y:%H:%M:%S %z",
4956
4957 ri = &conn->request_info;
4958 flockfile(fp);
4959
4965 conn->status_code, conn->num_bytes_sent);
4969 fflush(fp);
4970
4971 funlockfile(fp);
4972 fclose(fp);
4973}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ log_header()
|
static |
Definition at line 4932 of file mongoose4.cxx.
4933 {
4934 const char *header_value;
4935
4938 } else {
4940 }
4941}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ lowercase()
|
static |
Definition at line 540 of file mongoose4.cxx.
540 {
541 return tolower(* (const unsigned char *) s);
542}
Here is the caller graph for this function:
◆ master_thread()
|
static |
Definition at line 5355 of file mongoose4.cxx.
5355 {
5357 struct pollfd *pfd;
5359
5360 // Increase priority of the master thread
5361#if defined(_WIN32)
5362 SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_ABOVE_NORMAL);
5363#endif
5364
5365#if defined(ISSUE_317)
5366 struct sched_param sched_param;
5367 sched_param.sched_priority = sched_get_priority_max(SCHED_RR);
5368 pthread_setschedparam(pthread_self(), SCHED_RR, &sched_param);
5369#endif
5370
5372
5377 pfd[i].events = POLLIN;
5378 }
5379
5382 // NOTE(lsm): on QNX, poll() returns POLLRDNORM after the
5383 // successfull poll, and POLLIN is defined as (POLLRDNORM | POLLRDBAND)
5384 // Therefore, we're checking pfd[i].revents & POLLIN, not
5385 // pfd[i].revents == POLLIN.
5388 }
5389 }
5390 }
5391 }
5392 free(pfd);
5394
5395 // Stop signal received: somebody called mg_stop. Quit.
5396 close_all_listening_sockets(ctx);
5397
5398 // Wakeup workers that are waiting for connections to handle.
5399 pthread_cond_broadcast(&ctx->sq_full);
5400
5401 // Wait until all threads finish
5402 (void) pthread_mutex_lock(&ctx->mutex);
5405 }
5406 (void) pthread_mutex_unlock(&ctx->mutex);
5407
5408 // All threads exited, no sync is needed. Destroy mutex and condvars
5409 (void) pthread_mutex_destroy(&ctx->mutex);
5410 (void) pthread_cond_destroy(&ctx->cond);
5411 (void) pthread_cond_destroy(&ctx->sq_empty);
5412 (void) pthread_cond_destroy(&ctx->sq_full);
5413
5414#if !defined(NO_SSL)
5415 uninitialize_ssl(ctx);
5416#endif
5418
5420
5421 // Signal mg_stop() that we're done.
5422 // WARNING: This must be the very last thing this
5423 // thread does, as ctx becomes invalid after this line.
5424 ctx->stop_flag = 2;
5425 return NULL;
5426}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ match_prefix()
|
static |
Definition at line 737 of file mongoose4.cxx.
737 {
738 const char *or_str;
740
741 if ((or_str = (const char *) memchr(pattern, '|', pattern_len)) != NULL) {
743 return res > 0 ? res :
745 }
746
748 res = -1;
751 continue;
755 i++;
757 i++;
759 } else {
761 }
764 }
765 do {
767 } while (res == -1 && len-- > 0);
770 return -1;
771 }
772 }
774}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ MD5Final()
|
static |
Definition at line 1044 of file mongoose4.cxx.
1044 {
1046 unsigned char *p;
1047 uint32_t *a;
1048
1050
1052 *p++ = 0x80;
1055 memset(p, 0, count);
1058 memset(ctx->in, 0, 56);
1059 } else {
1060 memset(p, 0, count - 8);
1061 }
1063
1064 a = (uint32_t *)ctx->in;
1065 a[14] = ctx->bits[0];
1066 a[15] = ctx->bits[1];
1067
1070 memcpy(digest, ctx->buf, 16);
1071 memset((char *) ctx, 0, sizeof(*ctx));
1072}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ MD5Init()
|
static |
◆ MD5Transform()
|
static |
◆ MD5Update()
|
static |
Definition at line 1008 of file mongoose4.cxx.
1008 {
1009 uint32_t t;
1010
1011 t = ctx->bits[0];
1013 ctx->bits[1]++;
1014 ctx->bits[1] += len >> 29;
1015
1016 t = (t >> 3) & 0x3f;
1017
1018 if (t) {
1020
1021 t = 64 - t;
1022 if (len < t) {
1023 memcpy(p, buf, len);
1024 return;
1025 }
1026 memcpy(p, buf, t);
1029 buf += t;
1030 len -= t;
1031 }
1032
1033 while (len >= 64) {
1034 memcpy(ctx->in, buf, 64);
1037 buf += 64;
1038 len -= 64;
1039 }
1040
1041 memcpy(ctx->in, buf, len);
1042}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_chunked_printf()
|
static |
Definition at line 1928 of file mongoose4.cxx.
1928 {
1930 int len;
1931
1932 va_list ap;
1933 va_start(ap, fmt);
1936 }
1937
1938 if (buf != mem && buf != NULL) {
1939 free(buf);
1940 }
1941
1942 return len;
1943}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_connect()
| struct mg_connection * mg_connect | ( | const char * | host, |
| int | port, | ||
| int | use_ssl, | ||
| char * | ebuf, | ||
| size_t | ebuf_len | ||
| ) |
Definition at line 2252 of file mongoose4.cxx.
2253 {
2257
2263#ifndef NO_SSL
2265 SSL_CTX_new(SSLv23_client_method())) == NULL) {
2266 snprintf(ebuf, ebuf_len, "SSL_CTX_new error");
2268 free(conn);
2269 conn = NULL;
2270#endif // NO_SSL
2271 } else {
2272 socklen_t len = sizeof(struct sockaddr);
2275 conn->ctx = &fake_ctx;
2279#ifndef NO_SSL
2280 if (use_ssl) {
2281 // SSL_CTX_set_verify call is needed to switch off server certificate
2282 // checking, which is off by default in OpenSSL and on in yaSSL.
2283 SSL_CTX_set_verify(conn->client_ssl_ctx, 0, 0);
2285 }
2286#endif
2287 }
2288
2289 return conn;
2290}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_download()
| struct mg_connection * mg_download | ( | const char * | host, |
| int | port, | ||
| int | use_ssl, | ||
| char * | ebuf, | ||
| size_t | ebuf_len, | ||
| const char * | fmt, | ||
| ... | |||
| ) |
Definition at line 2292 of file mongoose4.cxx.
2294 {
2296 va_list ap;
2297
2298 va_start(ap, fmt);
2299 ebuf[0] = '\0';
2302 snprintf(ebuf, ebuf_len, "%s", "Error sending request");
2303 } else {
2304 getreq(conn, ebuf, ebuf_len);
2305 }
2306 if (ebuf[0] != '\0' && conn != NULL) {
2307 mg_close_connection(conn);
2308 conn = NULL;
2309 }
2310
2311 return conn;
2312}
Here is the call graph for this function:
◆ mg_fopen()
|
static |
Definition at line 2331 of file mongoose4.cxx.
2331 {
2332#ifdef _WIN32
2334 to_unicode(path, wbuf, ARRAY_SIZE(wbuf));
2335 MultiByteToWideChar(CP_UTF8, 0, mode, -1, wmode, ARRAY_SIZE(wmode));
2336 return _wfopen(wbuf, wmode);
2337#else
2338 return fopen(path, mode);
2339#endif
2340}
Here is the caller graph for this function:
◆ mg_snprintf() [1/2]
|
static |
Definition at line 617 of file mongoose4.cxx.
617 {
618 va_list ap;
620
621 va_start(ap, fmt);
623 va_end(ap);
624
626}
Here is the call graph for this function:
◆ mg_snprintf() [2/2]
|
static |
Here is the caller graph for this function:
◆ mg_stat()
|
static |
Definition at line 1778 of file mongoose4.cxx.
1778 {
1779 struct stat st;
1780
1781 filep->modification_time = (time_t) 0;
1782 if (stat(path, &st) == 0) {
1783 filep->size = st.st_size;
1784 filep->modification_time = st.st_mtime;
1785 filep->is_directory = S_ISDIR(st.st_mode);
1786
1787 // See https://github.com/cesanta/mongoose/issues/109
1788 // Some filesystems report modification time as 0. Artificially
1789 // bump it up to mark mg_stat() success.
1791 filep->modification_time = (time_t) 1;
1792 }
1793 }
1794
1796}
Here is the caller graph for this function:
◆ mg_strcasecmp()
|
static |
Definition at line 555 of file mongoose4.cxx.
555 {
556 int diff;
557
558 do {
560 } while (diff == 0 && s1[-1] != '\0');
561
562 return diff;
563}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_strcasestr()
|
static |
Definition at line 579 of file mongoose4.cxx.
579 {
581
585 }
586 }
587
588 return NULL;
589}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_strdup()
|
static |
Definition at line 575 of file mongoose4.cxx.
575 {
577}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_strlcpy()
|
static |
◆ mg_strncasecmp()
|
static |
Definition at line 544 of file mongoose4.cxx.
544 {
545 int diff = 0;
546
547 if (len > 0)
548 do {
550 } while (diff == 0 && s1[-1] != '\0' && --len > 0);
551
552 return diff;
553}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_strndup()
|
static |
Definition at line 565 of file mongoose4.cxx.
565 {
566 char *p;
567
568 if ((p = (char *) malloc(len + 1)) != NULL) {
569 mg_strlcpy(p, ptr, len + 1);
570 }
571
572 return p;
573}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_url_encode()
| void mg_url_encode | ( | const char * | src, |
| char * | dst, | ||
| size_t | dst_len | ||
| ) |
Definition at line 2938 of file mongoose4.cxx.
2938 {
2939 static const char *dont_escape = "._-$,;~()";
2940 static const char *hex = "0123456789abcdef";
2942
2944 if (isalnum(*(const unsigned char *) src) ||
2945 strchr(dont_escape, * (const unsigned char *) src) != NULL) {
2946 *dst = *src;
2948 dst[0] = '%';
2949 dst[1] = hex[(* (const unsigned char *) src) >> 4];
2950 dst[2] = hex[(* (const unsigned char *) src) & 0xf];
2951 dst += 2;
2952 }
2953 }
2954
2955 *dst = '\0';
2956}
Here is the caller graph for this function:
◆ mg_vsnprintf()
|
static |
Definition at line 595 of file mongoose4.cxx.
595 {
597
598 if (buflen == 0) {
599 return 0;
600 }
601
602 n = vsnprintf(buf, buflen, fmt, ap);
603
605 n = 0;
607 n = (int) buflen - 1;
608 }
610
612}
Here is the caller graph for this function:
◆ mkcol()
|
static |
Definition at line 3895 of file mongoose4.cxx.
3895 {
3896 int rc, body_len;
3898
3901
3905 return;
3906 }
3907
3909 if(body_len > 0) {
3912 return;
3913 }
3914
3915 rc = mg_mkdir(path, 0755);
3916
3917 if (rc == 0) {
3920 } else if (rc == -1) {
3921 if(errno == EEXIST)
3924 else if(errno == EACCES)
3927 else if(errno == ENOENT)
3930 else
3933 }
3934}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ must_hide_file()
|
static |
Definition at line 3019 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ next_option()
Definition at line 703 of file mongoose4.cxx.
704 {
706 // End of the list
707 list = NULL;
708 } else {
711 // Comma found. Store length and shift the list ptr
713 list++;
714 } else {
715 // This value is the last one
718 }
719
720 if (eq_val != NULL) {
721 // Value has form "x=y", adjust pointers and lengths
722 // so that val points to "x", and eq_val points to "y".
723 eq_val->len = 0;
729 }
730 }
731 }
732
734}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ num_leap_years()
|
static |
Definition at line 793 of file mongoose4.cxx.
793 {
794 return year / 4 - year / 100 + year / 400;
795}
Here is the caller graph for this function:
◆ open_auth_file()
|
static |
Definition at line 1139 of file mongoose4.cxx.
1139 {
1143 FILE *fp = NULL;
1144
1145 if (gpass != NULL) {
1146 // Use global passwords file
1148 // Important: using local struct file to test path for is_directory flag.
1149 // If filep is used, mg_stat() makes it appear as if auth file was opened.
1154 } else {
1155 // Try to find .htpasswd in requested directory.
1158 break;
1162 }
1163
1165}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_auth_header()
|
static |
Definition at line 1173 of file mongoose4.cxx.
1174 {
1176 const char *auth_header;
1177
1181 return 0;
1182 }
1183
1184 // Make modifiable copy of the auth header
1185 (void) mg_strlcpy(buf, auth_header + 7, buf_size);
1186 s = buf;
1187
1188 // Parse authorization header
1189 for (;;) {
1190 // Gobble initial spaces
1191 while (isspace(* (unsigned char *) s)) {
1192 s++;
1193 }
1195 // Value is either quote-delimited, or ends at first comma or space.
1196 if (s[0] == '\"') {
1197 s++;
1199 if (s[0] == ',') {
1200 s++;
1201 }
1202 } else {
1204 }
1206 break;
1207 }
1208
1223 }
1224 }
1225
1226 // CGI needs it as REMOTE_USER
1229 } else {
1230 return 0;
1231 }
1232
1233 return 1;
1234}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_date_string()
|
static |
Definition at line 798 of file mongoose4.cxx.
798 {
799 static const unsigned short days_before_month[] = {
800 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
801 };
802 char month_str[32];
803 int second, minute, hour, day, month, year, leap_days, days;
804 time_t result = (time_t) 0;
805
806 if (((sscanf(datetime, "%d/%3s/%d %d:%d:%d",
807 &day, month_str, &year, &hour, &minute, &second) == 6) ||
808 (sscanf(datetime, "%d %3s %d %d:%d:%d",
809 &day, month_str, &year, &hour, &minute, &second) == 6) ||
810 (sscanf(datetime, "%*3s, %d %3s %d %d:%d:%d",
811 &day, month_str, &year, &hour, &minute, &second) == 6) ||
812 (sscanf(datetime, "%d-%3s-%d %d:%d:%d",
813 &day, month_str, &year, &hour, &minute, &second) == 6)) &&
814 year > 1970 &&
815 (month = get_month_index(month_str)) != -1) {
817 year -= 1970;
818 days = year * 365 + days_before_month[month] + (day - 1) + leap_days;
819 result = days * 24 * 3600 + hour * 3600 + minute * 60 + second;
820 }
821
822 return result;
823}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_http_headers()
|
static |
Definition at line 3344 of file mongoose4.cxx.
3344 {
3346
3351 break;
3353 }
3354}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_http_message()
|
static |
Definition at line 3368 of file mongoose4.cxx.
3368 {
3370 if (request_length > 0) {
3371 // Reset attributes. DO NOT TOUCH is_ssl, remote_ip, remote_port
3373 ri->num_headers = 0;
3374
3375 buf[request_length - 1] = '\0';
3376
3377 // RFC says that all initial whitespaces should be ingored
3378 while (*buf != '\0' && isspace(* (unsigned char *) buf)) {
3379 buf++;
3380 }
3384
3385 // HTTP message could be either HTTP request or HTTP response, e.g.
3386 // "GET / HTTP/1.0 ...." or "HTTP/1.0 200 OK ..."
3390 request_length = -1;
3391 } else {
3392 if (is_request) {
3393 ri->http_version += 5;
3394 }
3395 parse_http_headers(&buf, ri);
3396 }
3397 }
3398 return request_length;
3399}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_net()
|
static |
Definition at line 4496 of file mongoose4.cxx.
4496 {
4498
4502 slash >= 0 && slash < 33) {
4503 len = n;
4505 *mask = slash ? 0xffffffffU << (32 - slash) : 0;
4506 }
4507
4508 return len;
4509}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_port_string()
Definition at line 4836 of file mongoose4.cxx.
4836 {
4838 int len;
4839#if defined(USE_IPV6)
4840 char buf[100];
4841#endif
4842
4843 // MacOS needs that. If we do not zero it, subsequent bind() will fail.
4844 // Also, all-zeroes in the socket address means binding to all addresses
4845 // for both IPv4 and IPv6 (INADDR_ANY and IN6ADDR_ANY_INIT).
4846 memset(so, 0, sizeof(*so));
4848
4850 // Bind to a specific IPv4 address, e.g. 192.168.1.5:8080
4853#if defined(USE_IPV6)
4854
4857 // IPv6 address, e.g. [3ffe:2a00:100:7031::1]:8080
4858 so->lsa.sin6.sin6_family = AF_INET6;
4859 so->lsa.sin6.sin6_port = htons((uint16_t) port);
4860#endif
4862 // If only port is specified, bind to IPv4, INADDR_ANY
4864 } else {
4865 port = len = 0; // Parsing failure. Make port invalid.
4866 }
4867
4871
4872 // Make sure the port is valid and vector ends with 's', 'r' or ','
4874 (ch == '\0' || ch == 's' || ch == 'r' || ch == ',');
4875}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_range_header()
|
static |
◆ prepare_cgi_environment()
|
static |
Definition at line 3592 of file mongoose4.cxx.
3594 {
3596 const char *s, *slash;
3600
3602 blk->conn = conn;
3604
3609
3610 // Prepare the environment block
3614
3615 // TODO(lsm): fix this for IPv6 case
3617
3623 ri->query_string == NULL ? "" : ri->query_string);
3624
3625 // SCRIPT_NAME
3630 } else {
3631 s = strrchr(prog, '/');
3634 slash == NULL ? 0 : (int) (slash - ri->uri), ri->uri,
3635 s == NULL ? prog : s);
3636 }
3637
3641
3644
3647 }
3648
3651
3652 if ((s = getenv("PATH")) != NULL)
3654
3655#if defined(_WIN32)
3656 if ((s = getenv("COMSPEC")) != NULL) {
3658 }
3659 if ((s = getenv("SYSTEMROOT")) != NULL) {
3661 }
3662 if ((s = getenv("SystemDrive")) != NULL) {
3664 }
3665 if ((s = getenv("ProgramFiles")) != NULL) {
3667 }
3668 if ((s = getenv("ProgramFiles(x86)")) != NULL) {
3670 }
3671 if ((s = getenv("CommonProgramFiles(x86)")) != NULL) {
3673 }
3674#else
3675 if ((s = getenv("LD_LIBRARY_PATH")) != NULL)
3677#endif // _WIN32
3678
3679 if ((s = getenv("PERLLIB")) != NULL)
3681
3685 }
3686
3687 // Add all headers as HTTP_* variables
3691
3692 // Convert variable name into uppercase, and change - to _
3693 for (; *p != '=' && *p != '\0'; p++) {
3694 if (*p == '-')
3695 *p = '_';
3696 *p = (char) toupper(* (unsigned char *) p);
3697 }
3698 }
3699
3700 // Add user-specified variables
3704 }
3705
3708
3710 assert(blk->len > 0);
3712}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ print_dav_dir_entry()
|
static |
Definition at line 4148 of file mongoose4.cxx.
4148 {
4156}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ print_dir_entry()
|
static |
Definition at line 2958 of file mongoose4.cxx.
2958 {
2961
2964 } else {
2965 // We use (signed) cast below because MSVC 6 compiler cannot
2966 // convert unsigned __int64 to double. Sigh.
2975 } else {
2978 }
2979 }
2980 strftime(mod, sizeof(mod), "%d-%b-%Y %H:%M",
2984 "<tr><td><a href=\"%s%s%s\">%s%s</a></td>"
2985 "<td> %s</td><td> %s</td></tr>\n",
2987}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ print_props()
|
static |
Definition at line 4126 of file mongoose4.cxx.
4127 {
4128 char mtime[64];
4131 "<d:response>"
4132 "<d:href>%s</d:href>"
4133 "<d:propstat>"
4134 "<d:prop>"
4135 "<d:resourcetype>%s</d:resourcetype>"
4137 "<d:getlastmodified>%s</d:getlastmodified>"
4138 "</d:prop>"
4139 "<d:status>HTTP/1.1 200 OK</d:status>"
4140 "</d:propstat>"
4141 "</d:response>\n",
4142 uri,
4144 filep->size,
4145 mtime);
4146}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ process_new_connection()
|
static |
Definition at line 5150 of file mongoose4.cxx.
5150 {
5152 int keep_alive_enabled, keep_alive, discard_len;
5153 char ebuf[100];
5154
5156 keep_alive = 0;
5157
5158 // Important: on new connection, reset the receiving buffer. Credit goes
5159 // to crule42.
5160 conn->data_len = 0;
5161 do {
5164 conn->must_close = 1;
5172 }
5173
5174 if (ebuf[0] == '\0') {
5175 handle_request(conn);
5177 log_access(conn);
5178 }
5181 // Important! When having connections with and without auth
5182 // would cause double free and then crash
5183 ri->remote_user = NULL;
5184 }
5185
5186 // NOTE(lsm): order is important here. should_keep_alive() call
5187 // is using parsed request, which will be invalid after memmove's below.
5188 // Therefore, memorize should_keep_alive() result now for later use
5189 // in loop exit condition.
5192
5193 // Discard all buffered data for this request
5197 assert(discard_len >= 0);
5199 conn->data_len -= discard_len;
5200 assert(conn->data_len >= 0);
5202 } while (keep_alive);
5203}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ produce_socket()
|
static |
Definition at line 5291 of file mongoose4.cxx.
5291 {
5292 (void) pthread_mutex_lock(&ctx->mutex);
5293
5294 // If the queue is full, wait
5298 }
5299
5301 // Copy socket to the queue and increment head
5303 ctx->sq_head++;
5305 }
5306
5307 (void) pthread_cond_signal(&ctx->sq_full);
5308 (void) pthread_mutex_unlock(&ctx->mutex);
5309}
Here is the caller graph for this function:
◆ pull()
|
static |
Definition at line 2487 of file mongoose4.cxx.
2487 {
2488 int nread;
2489
2490 if (len <= 0) return 0;
2492 // Use read() instead of fread(), because if we're reading from the CGI
2493 // pipe, fread() may block until IO buffer is filled up. We cannot afford
2494 // to block and must pass all read bytes immediately to the client.
2496#ifndef NO_SSL
2498 nread = SSL_read(conn->ssl, buf, len);
2499#endif
2500 } else {
2502 }
2503 if (nread > 0) {
2504 conn->num_bytes_read += nread;
2505 }
2506
2508}
Here is the caller graph for this function:
◆ pull_all()
|
static |
Definition at line 2510 of file mongoose4.cxx.
2510 {
2512
2517 break;
2519 break; // No more data to read
2520 } else {
2521 nread += n;
2522 len -= n;
2523 }
2524 }
2525
2526 return nread;
2527}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ push()
Definition at line 2451 of file mongoose4.cxx.
2452 {
2453 int64_t sent;
2455
2456 (void) ssl; // Get rid of warning
2457 sent = 0;
2458 while (sent < len) {
2459
2460 // How many bytes we send in this iteration
2461 k = len - sent > INT_MAX ? INT_MAX : (int) (len - sent);
2462
2463#if !defined(NO_SSL)
2464 if (ssl != NULL) {
2466 } else
2467#endif
2471 n = -1;
2472 } else {
2474 }
2475
2477 break;
2478
2479 sent += n;
2480 }
2481
2482 return sent;
2483}
Here is the caller graph for this function:
◆ put_dir()
|
static |
Definition at line 3864 of file mongoose4.cxx.
3864 {
3866 const char *s, *p;
3868 int len, res = 1;
3869
3870 for (s = p = path + 2; (p = strchr(s, '/')) != NULL; s = ++p) {
3871 len = p - path;
3872 if (len >= (int) sizeof(buf)) {
3873 res = -1;
3874 break;
3875 }
3876 memcpy(buf, path, len);
3877 buf[len] = '\0';
3878
3879 // Try to create intermediate directory
3882 res = -1;
3883 break;
3884 }
3885
3886 // Is path itself a directory?
3887 if (p[1] == '\0') {
3888 res = 0;
3889 }
3890 }
3891
3892 return res;
3893}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ put_file()
|
static |
Definition at line 3936 of file mongoose4.cxx.
3936 {
3938 FILE *fp;
3939 const char *range;
3940 int64_t r1, r2;
3941 int rc;
3942
3944
3947 } else if (rc == -1) {
3951 fclose(fp);
3954 } else {
3957 r1 = r2 = 0;
3959 conn->status_code = 206;
3960 fseeko(fp, r1, SEEK_SET);
3961 }
3963 conn->status_code = 500;
3964 }
3966 conn->status_code);
3967 fclose(fp);
3968 }
3969}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ read_request()
|
static |
Definition at line 3406 of file mongoose4.cxx.
3407 {
3409
3410 request_len = get_request_len(buf, *nread);
3412 *nread < bufsiz &&
3413 request_len == 0 &&
3415 *nread += n;
3416 assert(*nread <= bufsiz);
3417 request_len = get_request_len(buf, *nread);
3418 }
3419
3421}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ realloc2()
|
static |
Definition at line 3115 of file mongoose4.cxx.
3115 {
3116 void *new_ptr = realloc(ptr, size);
3117 if (new_ptr == NULL) {
3118 free(ptr);
3119 }
3120 return new_ptr;
3121}
Here is the caller graph for this function:
◆ redirect_to_https_port()
|
static |
Definition at line 4696 of file mongoose4.cxx.
4696 {
4697 char host[1025];
4698 const char *host_header;
4699
4701 sscanf(host_header, "%1024[^:]", host) == 0) {
4702 // Cannot get host from the Host: header. Fallback to our IP address.
4704 }
4705
4709}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ remove_directory()
|
static |
Definition at line 3064 of file mongoose4.cxx.
3064 {
3066 struct dirent *dp;
3067 DIR *dirp;
3069
3070 if ((dirp = opendir(dir)) == NULL) {
3071 return 0;
3072 } else {
3074
3075 while ((dp = readdir(dirp)) != NULL) {
3076 // Do not show current dir, but show hidden files
3077 if (!strcmp(dp->d_name, ".") ||
3078 !strcmp(dp->d_name, "..")) {
3079 continue;
3080 }
3081
3083
3084 // If we don't memset stat structure to zero, mtime will have
3085 // garbage and strftime() will segfault later on in
3086 // print_dir_entry(). memset is required only if mg_stat()
3087 // fails. For more details, see
3088 // http://code.google.com/p/mongoose/issues/detail?id=79
3094 } else {
3095 mg_remove(path);
3096 }
3097 }
3098
3099 }
3100 (void) closedir(dirp);
3101
3102 rmdir(dir);
3103 }
3104
3105 return 1;
3106}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ remove_double_dots_and_double_slashes()
|
static |
Definition at line 2819 of file mongoose4.cxx.
2819 {
2820 char *p = s;
2821
2822 while (*s != '\0') {
2823 *p++ = *s++;
2824 if (s[-1] == '/' || s[-1] == '\\') {
2825 // Skip all following slashes, backslashes and double-dots
2826 while (s[0] != '\0') {
2827 if (s[0] == '/' || s[0] == '\\') {
2828 s++;
2829 } else if (s[0] == '.' && s[1] == '.') {
2830 s += 2;
2831 } else {
2832 break;
2833 }
2834 }
2835 }
2836 }
2837 *p = '\0';
2838}
Here is the caller graph for this function:
◆ reset_per_request_attributes()
|
static |
Definition at line 5040 of file mongoose4.cxx.
Here is the caller graph for this function:
◆ scan_directory()
|
static |
Definition at line 3026 of file mongoose4.cxx.
3027 {
3029 struct dirent *dp;
3030 DIR *dirp;
3032
3033 if ((dirp = opendir(dir)) == NULL) {
3034 return 0;
3035 } else {
3037
3038 while ((dp = readdir(dirp)) != NULL) {
3039 // Do not show current dir and hidden files
3040 if (!strcmp(dp->d_name, ".") ||
3041 !strcmp(dp->d_name, "..") ||
3043 continue;
3044 }
3045
3047
3048 // If we don't memset stat structure to zero, mtime will have
3049 // garbage and strftime() will segfault later on in
3050 // print_dir_entry(). memset is required only if mg_stat()
3051 // fails. For more details, see
3052 // http://code.google.com/p/mongoose/issues/detail?id=79
3055
3058 }
3059 (void) closedir(dirp);
3060 }
3061 return 1;
3062}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ send_authorization_request()
|
static |
Definition at line 1290 of file mongoose4.cxx.
1290 {
1291 conn->status_code = 401;
1292 mg_printf(conn,
1293 "HTTP/1.1 401 Unauthorized\r\n"
1294 "Content-Length: 0\r\n"
1295 "WWW-Authenticate: Digest qop=\"auth\", "
1296 "realm=\"%s\", nonce=\"%lu\"\r\n\r\n",
1298 (unsigned long) time(NULL));
1299}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ send_file_data()
|
static |
Definition at line 3195 of file mongoose4.cxx.
3196 {
3198 int num_read, num_written, to_read;
3199
3200 // If offset is beyond file boundaries, don't send anything
3202 return;
3203 }
3204
3205 while (len > 0) {
3206 // Calculate how much to read from the file in the buffer
3207 to_read = sizeof(buf);
3208 if ((int64_t) to_read > len) {
3209 to_read = (int) len;
3210 }
3211
3212 // Read from file, exit the loop on error
3214 break;
3215 }
3216
3217 // Send read bytes to the client, exit the loop on error
3219 break;
3220 }
3221
3222 // Both read and were successful, adjust counters
3223 conn->num_bytes_sent += num_written;
3224 len -= num_written;
3225 }
3226}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ send_http_error() [1/2]
|
static |
Here is the caller graph for this function:
◆ send_http_error() [2/2]
|
static |
Definition at line 2420 of file mongoose4.cxx.
2421 {
2423 va_list ap;
2424 int len = 0;
2425
2427 buf[0] = '\0';
2428
2429 // Errors 1xx, 204 and 304 MUST NOT send a body
2432 buf[len++] = '\n';
2433
2434 va_start(ap, fmt);
2436 va_end(ap);
2437 }
2439
2442 "Content-Length: %d\r\n"
2444 suggest_connection_header(conn));
2446 }
2447}
Here is the call graph for this function:
◆ send_ssi_file()
|
static |
Definition at line 4032 of file mongoose4.cxx.
4033 {
4036
4037 if (include_level > 10) {
4039 return;
4040 }
4041
4042 in_ssi_tag = len = offset = 0;
4044 if (in_ssi_tag && ch == '>') {
4045 in_ssi_tag = 0;
4046 buf[len++] = (char) ch;
4047 buf[len] = '\0';
4048 assert(len <= (int) sizeof(buf));
4049 if (len < 6 || memcmp(buf, "<!--#", 5) != 0) {
4050 // Not an SSI tag, pass it
4052 } else {
4053 if (!memcmp(buf + 5, "include", 7)) {
4054 do_ssi_include(conn, path, buf + 12, include_level);
4055#if !defined(NO_POPEN)
4056 } else if (!memcmp(buf + 5, "exec", 4)) {
4057 do_ssi_exec(conn, buf + 9);
4058#endif // !NO_POPEN
4059 } else {
4061 }
4062 }
4063 len = 0;
4064 } else if (in_ssi_tag) {
4065 if (len == 5 && memcmp(buf, "<!--#", 5) != 0) {
4066 // Not an SSI tag
4067 in_ssi_tag = 0;
4068 } else if (len == (int) sizeof(buf) - 2) {
4070 len = 0;
4071 }
4072 buf[len++] = ch & 0xff;
4073 } else if (ch == '<') {
4074 in_ssi_tag = 1;
4075 if (len > 0) {
4077 }
4078 len = 0;
4079 buf[len++] = ch & 0xff;
4080 } else {
4081 buf[len++] = ch & 0xff;
4082 if (len == (int) sizeof(buf)) {
4084 len = 0;
4085 }
4086 }
4087 }
4088
4089 // Send the rest of buffered data
4090 if (len > 0) {
4092 }
4093}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_acl_option()
|
static |
Definition at line 5036 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_close_on_exec()
|
static |
Definition at line 1798 of file mongoose4.cxx.
1798 {
1799 fcntl(fd, F_SETFD, FD_CLOEXEC);
1800}
Here is the caller graph for this function:
◆ set_gpass_option()
|
static |
Definition at line 5026 of file mongoose4.cxx.
5026 {
5031 return 0;
5032 }
5033 return 1;
5034}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_non_blocking_mode()
|
static |
Definition at line 1870 of file mongoose4.cxx.
1870 {
1871 int flags;
1872
1873 flags = fcntl(sock, F_GETFL, 0);
1874 (void) fcntl(sock, F_SETFL, flags | O_NONBLOCK);
1875
1876 return 0;
1877}
Here is the caller graph for this function:
◆ set_ports_option()
|
static |
Definition at line 4877 of file mongoose4.cxx.
4877 {
4879 int on = 1, success = 1;
4880#if defined(USE_IPV6)
4881 int off = 0;
4882#endif
4885
4890 success = 0;
4893 success = 0;
4895 INVALID_SOCKET ||
4896 // On Windows, SO_REUSEADDR is recommended only for
4897 // broadcast UDP sockets
4898 setsockopt(so.sock, SOL_SOCKET, SO_REUSEADDR,
4899 (void *) &on, sizeof(on)) != 0 ||
4900#if defined(USE_IPV6)
4901 (so.lsa.sa.sa_family == AF_INET6 &&
4902 setsockopt(so.sock, IPPROTO_IPV6, IPV6_V6ONLY, (void *) &off,
4903 sizeof(off)) != 0) ||
4904#endif
4905 bind(so.sock, &so.lsa.sa, so.lsa.sa.sa_family == AF_INET ?
4910 closesocket(so.sock);
4911 success = 0;
4913 (ctx->num_listening_sockets + 1) *
4915 closesocket(so.sock);
4916 success = 0;
4917 } else {
4918 set_close_on_exec(so.sock);
4919 ctx->listening_sockets = ptr;
4921 ctx->num_listening_sockets++;
4922 }
4923 }
4924
4925 if (!success) {
4926 close_all_listening_sockets(ctx);
4927 }
4928
4929 return success;
4930}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_sock_timeout()
|
static |
Definition at line 5311 of file mongoose4.cxx.
5311 {
5312#ifdef _WIN32
5313 DWORD t = milliseconds;
5314#else
5315 struct timeval t;
5316 t.tv_sec = milliseconds / 1000;
5317 t.tv_usec = (milliseconds * 1000) % 1000000;
5318#endif
5319 return setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (void *) &t, sizeof(t)) ||
5320 setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (void *) &t, sizeof(t));
5321}
Here is the caller graph for this function:
◆ set_ssl_option()
|
static |
Definition at line 2060 of file mongoose4.cxx.
2060 {
2062 const char *pem;
2063 int ecdh_enabled = 0;
2064 int ecdh_available = 0;
2065
2066 // If PEM file is not specified and the init_ssl callback
2067 // is not specified, skip SSL initialization.
2069 // MG_INIT_SSL
2070 // ctx->callbacks.init_ssl == NULL) {
2071 return 1;
2072 }
2073
2074#if !defined(NO_SSL_DL)
2076 !load_dll(ctx, CRYPTO_LIB, crypto_sw)) {
2077 return 0;
2078 }
2079#endif // NO_SSL_DL
2080
2081 // Initialize SSL library
2082 SSL_library_init();
2083 SSL_load_error_strings();
2084
2087 return 0;
2088 }
2089
2090 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
2091 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
2092
2093#if 0
2094 {
2095 //
2096 // enable Diffie-Hellman key exchange - the DHE series of ciphers
2097 //
2098 // this code is from here:
2099 // https://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html
2100 // to generate the pem file: openssl dhparam -out dh_param_2048.pem 2048
2101
2102 /* Set up ephemeral DH parameters. */
2103 void *dh_2048 = NULL;
2104 FILE *paramfile;
2105 paramfile = fopen("dh_param_2048.pem", "r");
2106 if (paramfile) {
2107 dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
2108 fclose(paramfile);
2109 } else {
2110 /* Error. */
2111 }
2112 if (dh_2048 == NULL) {
2113 /* Error. */
2114 }
2116 /* Error. */
2117 }
2118 }
2119#endif
2120
2121#ifdef OPENSSL_EC_NAMED_CURVE
2122 {
2123 //
2124 // enable Elliptic Curve Diffie-Hellman key exchange - the ECDHE series of ciphers
2125 //
2126
2127 EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
2128 if (! ecdh) {
2129 cry(fc(ctx), "%s: EC_KEY_new_by_curve_name (NID_X9_62_prime256v1) failed: %s", __func__, ssl_error());
2130 } else {
2132 cry(fc(ctx), "%s: SSL_CTX_set_tmp_ecdh (ctx->ssl_ctx, ecdh) failed: %s", __func__, ssl_error());
2133 }
2134 EC_KEY_free (ecdh);
2135 ecdh_enabled = 1;
2136 }
2137 }
2138#else
2139#warning Very old openssl, no EC_KEY, no ECDH for modern criptography!
2140#endif
2141
2142 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_DH_USE);
2143 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
2144
2145 // get cipher list
2146
2147 {
2148 int priority;
2150 for (priority=0; 1; priority++) {
2151 const char* available_cipher_list = SSL_get_cipher_list(ssl, priority);
2152 if (available_cipher_list == NULL)
2153 break;
2154 //printf("priority %d cipher list: %s\n", priority, available_cipher_list);
2155 if (strstr(available_cipher_list, "ECDHE") != NULL)
2156 ecdh_available = 1;
2157 }
2158 SSL_free(ssl);
2159 }
2160
2161 if (!ecdh_available || !ecdh_enabled) {
2163 }
2164
2165 // disable weak ciphers
2166 const char* cipher_list = "ALL:!RC4:!DES-CBC-SHA:!DES:!DES-CBC3-SHA:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW";
2167
2168 // enable only "modern cryptography" ciphers if ECDHE ciphers available
2169 if (ecdh_available && ecdh_enabled)
2170 cipher_list = "ALL:!AECDH:!RC4:!DES-CBC-SHA:!DES:!AES128-SHA+RSA:!AES256-SHA+RSA:!DES-CBC3-SHA:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW";
2171
2172 SSL_CTX_set_cipher_list(ctx->ssl_ctx, cipher_list);
2173
2174 // If user callback returned non-NULL, that means that user callback has
2175 // set up certificate itself. In this case, skip sertificate setting.
2176 // MG_INIT_SSL
2178 SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, pem, 1) == 0) {
2180 return 0;
2181 }
2182
2183 if (pem != NULL) {
2184 (void) SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, pem);
2185 }
2186
2187 // Initialize locking callbacks, needed for thread safety.
2188 // http://www.openssl.org/support/faq.html#PROG1
2189 size = sizeof(pthread_mutex_t) * CRYPTO_num_locks();
2192 return 0;
2193 }
2194
2197 }
2198
2199 CRYPTO_set_locking_callback(&ssl_locking_callback);
2200 CRYPTO_set_id_callback(&ssl_id_callback);
2201
2202 return 1;
2203}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_throttle()
|
static |
Definition at line 4511 of file mongoose4.cxx.
4511 {
4512 int throttle = 0;
4514 uint32_t net, mask;
4515 char mult;
4516 double v;
4517
4519 mult = ',';
4520 if (sscanf(val.ptr, "%lf%c", &v, &mult) < 1 || v < 0 ||
4522 continue;
4523 }
4526 throttle = (int) v;
4529 throttle = (int) v;
4530 }
4532 throttle = (int) v;
4533 }
4534 }
4535
4536 return throttle;
4537}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_uid_option()
|
static |
Definition at line 5003 of file mongoose4.cxx.
5003 {
5004 struct passwd *pw;
5006 int success = 0;
5007
5008 if (uid == NULL) {
5009 success = 1;
5010 } else {
5011 if ((pw = getpwnam(uid)) == NULL) {
5013 } else if (setgid(pw->pw_gid) == -1) {
5015 } else if (setuid(pw->pw_uid) == -1) {
5017 } else {
5018 success = 1;
5019 }
5020 }
5021
5022 return success;
5023}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ should_keep_alive()
|
static |
Definition at line 2403 of file mongoose4.cxx.
2403 {
2407 conn->status_code == 401 ||
2410 (header == NULL && http_version && strcmp(http_version, "1.1"))) {
2411 return 0;
2412 }
2413 return 1;
2414}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ skip()
|
static |
Definition at line 676 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ skip_quoted()
|
static |
Definition at line 632 of file mongoose4.cxx.
633 {
634 char *p, *begin_word, *end_word, *end_whitespace;
635
636 begin_word = *buf;
637 end_word = begin_word + strcspn(begin_word, delimiters);
638
639 // Check for quotechar
640 if (end_word > begin_word) {
641 p = end_word - 1;
642 while (*p == quotechar) {
643 // If there is anything beyond end_word, copy it
644 if (*end_word == '\0') {
645 *p = '\0';
646 break;
647 } else {
648 size_t end_off = strcspn(end_word + 1, delimiters);
649 memmove (p, end_word, end_off + 1);
650 p += end_off; // p must correspond to end_word - 1
651 end_word += end_off + 1;
652 }
653 }
654 for (p++; p < end_word; p++) {
655 *p = '\0';
656 }
657 }
658
659 if (*end_word == '\0') {
660 *buf = end_word;
661 } else {
662 end_whitespace = end_word + 1 + strspn(end_word + 1, whitespace);
663
664 for (p = end_word; p < end_whitespace; p++) {
665 *p = '\0';
666 }
667
668 *buf = end_whitespace;
669 }
670
671 return begin_word;
672}
Here is the caller graph for this function:
◆ sockaddr_to_string()
|
static |
Definition at line 2342 of file mongoose4.cxx.
2343 {
2344 buf[0] = '\0';
2345#if defined(USE_IPV6)
2348 (void *) &usa->sin6.sin6_addr, buf, len);
2349#elif defined(_WIN32)
2350 // Only Windoze Vista (and newer) have inet_ntop()
2352#else
2354#endif
2355}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ spawn_process()
|
static |
Definition at line 1822 of file mongoose4.cxx.
1824 {
1825 pid_t pid;
1826 const char *interp;
1827
1828 (void) envblk;
1829
1830 if ((pid = fork()) == -1) {
1831 // Parent
1833 } else if (pid == 0) {
1834 // Child
1835 if (chdir(dir) != 0) {
1837 } else if (dup2(fdin, 0) == -1) {
1839 } else if (dup2(fdout, 1) == -1) {
1841 } else {
1842 // Not redirecting stderr to stdout, to avoid output being littered
1843 // with the error messages.
1844 (void) close(fdin);
1845 (void) close(fdout);
1846
1847 // After exec, all signal handlers are restored to their default values,
1848 // with one exception of SIGCHLD. According to POSIX.1-2001 and Linux's
1849 // implementation, SIGCHLD's handler will leave unchanged after exec
1850 // if it was set to be ignored. Restore it to default action.
1851 signal(SIGCHLD, SIG_DFL);
1852
1854 if (interp == NULL) {
1855 (void) execle(prog, prog, NULL, envp);
1857 } else {
1858 (void) execle(interp, interp, prog, NULL, envp);
1860 strerror(ERRNO));
1861 }
1862 }
1863 exit(EXIT_FAILURE);
1864 }
1865
1866 return pid;
1867}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ ssl_error()
|
static |
Definition at line 2004 of file mongoose4.cxx.
2004 {
2005 unsigned long err;
2006 err = ERR_get_error();
2007 return err == 0 ? "" : ERR_error_string(err, NULL);
2008}
Here is the caller graph for this function:
◆ ssl_id_callback()
|
static |
Definition at line 2022 of file mongoose4.cxx.
2022 {
2023 return (unsigned long) pthread_self();
2024}
Here is the caller graph for this function:
◆ ssl_locking_callback()
|
static |
Definition at line 2010 of file mongoose4.cxx.
2011 {
2012 (void) line;
2013 (void) file;
2014
2015 if (mode & 1) { // 1 is CRYPTO_LOCK
2016 (void) pthread_mutex_lock(&ssl_mutexes[mutex_num]);
2017 } else {
2018 (void) pthread_mutex_unlock(&ssl_mutexes[mutex_num]);
2019 }
2020}
Here is the caller graph for this function:
◆ sslize()
|
static |
◆ substitute_index_file()
|
static |
Definition at line 3426 of file mongoose4.cxx.
3427 {
3432 int found = 0;
3433
3434 // The 'path' given to us points to the directory. Remove all trailing
3435 // directory separator characters from the end of the path, and
3436 // then append single directory separator character.
3438 n--;
3439 }
3441
3442 // Traverse index files list. For each entry, append it to the given
3443 // path and see if the file exists. If it exists, break the loop
3445
3446 // Ignore too long entries that may overflow path buffer
3448 continue;
3449
3450 // Prepare full path to the index file
3452
3453 // Does it exist?
3455 // Yes it does, break the loop
3456 *filep = file;
3457 found = 1;
3458 break;
3459 }
3460 }
3461
3462 // If no index file exists, restore directory path
3463 if (!found) {
3465 }
3466
3467 return found;
3468}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ suggest_connection_header()
|
static |
Definition at line 2416 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ uninitialize_ssl()
|
static |
Definition at line 2205 of file mongoose4.cxx.
2205 {
2208 CRYPTO_set_locking_callback(NULL);
2211 }
2212 CRYPTO_set_locking_callback(NULL);
2213 CRYPTO_set_id_callback(NULL);
2214 }
2215}
Here is the caller graph for this function:
◆ worker_thread()
|
static |
Definition at line 5235 of file mongoose4.cxx.
5235 {
5238
5240 if (conn == NULL) {
5242 } else {
5247
5249
5250 // Call consume_socket() even when ctx->stop_flag > 0, to let it signal
5251 // sq_empty condvar to wake up the master waiting in produce_socket()
5253 conn->birth_time = time(NULL);
5254
5255 // Fill in IP, port info early so even if SSL setup below fails,
5256 // error handler would have the corresponding info.
5257 // Thanks to Johannes Winkelmann for the patch.
5258 // TODO(lsm): Fix IPv6 case
5264
5266#ifndef NO_SSL
5268#endif
5269 ) {
5270 process_new_connection(conn);
5271 }
5272
5273 close_connection(conn);
5274 }
5276 free(conn);
5277 }
5278
5279 // Signal master that we're done with connection and exiting
5285
5287 return NULL;
5288}
Here is the call graph for this function:
Here is the caller graph for this function:
Variable Documentation
◆ [struct]
| const struct { ... } builtin_mime_types[] |
◆ config_options
|
static |
Initial value:
= {
"cgi_pattern", "**.cgi$|**.pl$|**.php$",
"cgi_environment", NULL,
"put_delete_auth_file", NULL,
"cgi_interpreter", NULL,
"protect_uri", NULL,
"authentication_domain", "mydomain.com",
"ssi_pattern", "**.shtml$|**.shtm$",
"throttle", NULL,
"access_log_file", NULL,
"enable_directory_listing", "yes",
"error_log_file", NULL,
"global_auth_file", NULL,
"index_files",
"index.html,index.htm,index.cgi,index.shtml,index.php,index.lp",
"enable_keep_alive", "no",
"access_control_list", NULL,
"extra_mime_types", NULL,
"listening_ports", "8080",
"document_root", NULL,
"ssl_certificate", NULL,
"num_threads", "50",
"run_as_user", NULL,
"url_rewrite_patterns", NULL,
"hide_files_patterns", NULL,
"request_timeout_ms", "30000",
NULL
}
Definition at line 826 of file mongoose4.cxx.
826 {
827 "cgi_pattern", "**.cgi$|**.pl$|**.php$",
828 "cgi_environment", NULL,
829 "put_delete_auth_file", NULL,
830 "cgi_interpreter", NULL,
831 "protect_uri", NULL,
832 "authentication_domain", "mydomain.com",
833 "ssi_pattern", "**.shtml$|**.shtm$",
834 "throttle", NULL,
835 "access_log_file", NULL,
836 "enable_directory_listing", "yes",
837 "error_log_file", NULL,
838 "global_auth_file", NULL,
839 "index_files",
840 "index.html,index.htm,index.cgi,index.shtml,index.php,index.lp",
841 "enable_keep_alive", "no",
842 "access_control_list", NULL,
843 "extra_mime_types", NULL,
844 "listening_ports", "8080",
845 "document_root", NULL,
846 "ssl_certificate", NULL,
847 "num_threads", "50",
848 "run_as_user", NULL,
849 "url_rewrite_patterns", NULL,
850 "hide_files_patterns", NULL,
851 "request_timeout_ms", "30000",
852 NULL
853};
◆ ext_len
| size_t ext_len |
Definition at line 2842 of file mongoose4.cxx.
◆ extension
| const char* extension |
Definition at line 2841 of file mongoose4.cxx.
◆ http_500_error
|
static |
Definition at line 319 of file mongoose4.cxx.
◆ mime_type
| const char* mime_type |
Definition at line 2843 of file mongoose4.cxx.
◆ month_names
|
static |
Initial value:
= {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
}
Definition at line 777 of file mongoose4.cxx.
777 {
778 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
779 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
780};
◆ ssl_mutexes
|
static |
Definition at line 1995 of file mongoose4.cxx.
