Loading...
Searching...
No Matches
#include <sys/types.h>#include <sys/stat.h>#include <errno.h>#include <signal.h>#include <fcntl.h>#include <time.h>#include <stdlib.h>#include <stdarg.h>#include <assert.h>#include <string.h>#include <ctype.h>#include <limits.h>#include <stddef.h>#include <stdio.h>#include <sys/wait.h>#include <sys/socket.h>#include <sys/poll.h>#include <netinet/in.h>#include <arpa/inet.h>#include <sys/time.h>#include <stdint.h>#include <inttypes.h>#include <netdb.h>#include <pwd.h>#include <unistd.h>#include <dirent.h>#include <pthread.h>#include "mongoose4.h"#include <openssl/ssl.h>#include <openssl/err.h>
Include dependency graph for mongoose4.cxx:
Go to the source code of this file.
Classes | |
| union | usa |
| struct | vec |
| struct | file |
| struct | socket |
| struct | mg_context |
| struct | mg_connection |
| struct | de |
| struct | MD5Context |
| struct | ah |
| struct | dir_scan_data |
| struct | cgi_env_block |
Typedefs | |
| typedef int | SOCKET |
| typedef struct MD5Context | MD5_CTX |
Enumerations | |
| enum | { CGI_EXTENSIONS , CGI_ENVIRONMENT , PUT_DELETE_PASSWORDS_FILE , CGI_INTERPRETER , PROTECT_URI , AUTHENTICATION_DOMAIN , SSI_EXTENSIONS , THROTTLE , ACCESS_LOG_FILE , ENABLE_DIRECTORY_LISTING , ERROR_LOG_FILE , GLOBAL_PASSWORDS_FILE , INDEX_FILES , ENABLE_KEEP_ALIVE , ACCESS_CONTROL_LIST , EXTRA_MIME_TYPES , LISTENING_PORTS , DOCUMENT_ROOT , SSL_CERTIFICATE , NUM_THREADS , RUN_AS_USER , REWRITE , HIDE_FILES , REQUEST_TIMEOUT , NUM_OPTIONS } |
Variables | ||
| static const char * | http_500_error = "Internal Server Error" | |
| static const char * | month_names [] | |
| static const char * | config_options [] | |
| static pthread_mutex_t * | ssl_mutexes | |
| struct { | ||
| const char * extension | ||
| size_t ext_len | ||
| const char * mime_type | ||
| } | builtin_mime_types [] | |
Macro Definition Documentation
◆ __STDC_FORMAT_MACROS
| #define __STDC_FORMAT_MACROS |
Definition at line 41 of file mongoose4.cxx.
◆ __STDC_LIMIT_MACROS
| #define __STDC_LIMIT_MACROS |
Definition at line 42 of file mongoose4.cxx.
◆ _DARWIN_UNLIMITED_SELECT
| #define _DARWIN_UNLIMITED_SELECT |
Definition at line 293 of file mongoose4.cxx.
◆ _LARGEFILE_SOURCE
| #define _LARGEFILE_SOURCE |
Definition at line 39 of file mongoose4.cxx.
◆ ARRAY_SIZE
Definition at line 267 of file mongoose4.cxx.
◆ CGI_ENVIRONMENT_SIZE
| #define CGI_ENVIRONMENT_SIZE 4096 |
Definition at line 263 of file mongoose4.cxx.
◆ closesocket
| #define closesocket | ( | a | ) | close(a) |
Definition at line 247 of file mongoose4.cxx.
◆ CRYPTO_LIB
| #define CRYPTO_LIB "libcrypto.so" |
Definition at line 241 of file mongoose4.cxx.
◆ DEBUG_TRACE
| #define DEBUG_TRACE | ( | x | ) |
Definition at line 285 of file mongoose4.cxx.
◆ ERRNO
Definition at line 251 of file mongoose4.cxx.
◆ EXTRA_HTTP_HEADERS
| #define EXTRA_HTTP_HEADERS "" |
Definition at line 316 of file mongoose4.cxx.
◆ F1
◆ F2
◆ F3
Definition at line 908 of file mongoose4.cxx.
◆ F4
Definition at line 909 of file mongoose4.cxx.
◆ HEXTOI
◆ INT64_FMT
Definition at line 253 of file mongoose4.cxx.
◆ INVALID_SOCKET
| #define INVALID_SOCKET (-1) |
Definition at line 252 of file mongoose4.cxx.
◆ IP_ADDR_STR_LEN
| #define IP_ADDR_STR_LEN 50 |
Definition at line 295 of file mongoose4.cxx.
◆ MAX_CGI_ENVIR_VARS
| #define MAX_CGI_ENVIR_VARS 64 |
Definition at line 264 of file mongoose4.cxx.
◆ MAX_REQUEST_SIZE
| #define MAX_REQUEST_SIZE 16384 |
Definition at line 266 of file mongoose4.cxx.
◆ MD5STEP
Definition at line 911 of file mongoose4.cxx.
915 {
916 ctx->buf[0] = 0x67452301;
917 ctx->buf[1] = 0xefcdab89;
918 ctx->buf[2] = 0x98badcfe;
919 ctx->buf[3] = 0x10325476;
920
921 ctx->bits[0] = 0;
922 ctx->bits[1] = 0;
923}
924
927
928 a = buf[0];
929 b = buf[1];
930 c = buf[2];
931 d = buf[3];
932
949
966
983
1000
1001 buf[0] += a;
1002 buf[1] += b;
1003 buf[2] += c;
1004 buf[3] += d;
1005}
1006
1008 uint32_t t;
1009
1010 t = ctx->bits[0];
1012 ctx->bits[1]++;
1013 ctx->bits[1] += len >> 29;
1014
1015 t = (t >> 3) & 0x3f;
1016
1017 if (t) {
1019
1020 t = 64 - t;
1021 if (len < t) {
1022 memcpy(p, buf, len);
1023 return;
1024 }
1025 memcpy(p, buf, t);
1028 buf += t;
1029 len -= t;
1030 }
1031
1032 while (len >= 64) {
1036 buf += 64;
1037 len -= 64;
1038 }
1039
1041}
1042
1045 unsigned char *p;
1046 uint32_t *a;
1047
1049
1051 *p++ = 0x80;
1058 } else {
1060 }
1062
1064 a[14] = ctx->bits[0];
1065 a[15] = ctx->bits[1];
1066
1071}
1072#endif // !HAVE_MD5
1073
1074
1075
1076// Stringify binary data. Output buffer must be twice as big as input,
1077// because each byte takes 2 bytes in string representation
1080
1081 for (; len--; p++) {
1084 }
1086}
1087
1088// Return stringified MD5 hash for list of strings. Buffer must be 33 bytes.
1091 const char *p;
1093 MD5_CTX ctx;
1094
1095 MD5Init(&ctx);
1096
1097 va_start(ap, buf);
1100 }
1101 va_end(ap);
1102
1105 return buf;
1106}
1107
1108// Check the user's password, return 1 if OK
1110 const char *nonce, const char *nc, const char *cnonce,
1113
1114 // Some of the parameters may be NULL
1117 return 0;
1118 }
1119
1120 // NOTE(lsm): due to a bug in MSIE, we do not compare the URI
1121 // TODO(lsm): check for authentication timeout
1122 if (// strcmp(dig->uri, c->ouri) != 0 ||
1124 // || now - strtoul(dig->nonce, NULL, 10) > 3600
1125 ) {
1126 return 0;
1127 }
1128
1132
1134}
1135
1136// Use the global passwords file, if specified by auth_gpass option,
1137// or search for .htpasswd in the requested directory.
1143
1145 // Use global passwords file
1147 // Important: using local struct file to test path for is_directory flag.
1148 // If filep is used, mg_stat() makes it appear as if auth file was opened.
1153 } else {
1154 // Try to find .htpasswd in requested directory.
1157 break;
1161 }
1162
1164}
1165
1166// Parsed Authorization header
1169};
1170
1171// Return 1 on success. Always initializes the ah structure.
1176
1180 return 0;
1181 }
1182
1183 // Make modifiable copy of the auth header
1185 s = buf;
1186
1187 // Parse authorization header
1188 for (;;) {
1189 // Gobble initial spaces
1191 s++;
1192 }
1194 // Value is either quote-delimited, or ends at first comma or space.
1195 if (s[0] == '\"') {
1196 s++;
1198 if (s[0] == ',') {
1199 s++;
1200 }
1201 } else {
1203 }
1205 break;
1206 }
1207
1222 }
1223 }
1224
1225 // CGI needs it as REMOTE_USER
1228 } else {
1229 return 0;
1230 }
1231
1232 return 1;
1233}
1234
1235// Authorize against the opened passwords file. Return 1 if authorized.
1239
1241 return 0;
1242 }
1243
1244 // Loop over passwords file
1247 continue;
1248 }
1249
1254 }
1255
1256 return 0;
1257}
1258
1259// Return 1 if request is authorised, 0 otherwise.
1266
1273 break;
1274 }
1275 }
1276
1279 }
1280
1284 }
1285
1287}
1288
1290 conn->status_code = 401;
1291 mg_printf(conn,
1292 "HTTP/1.1 401 Unauthorized\r\n"
1293 "Content-Length: 0\r\n"
1294 "WWW-Authenticate: Digest qop=\"auth\", "
1295 "realm=\"%s\", nonce=\"%lu\"\r\n\r\n",
1298}
1299
1303 int ret = 0;
1304
1308 }
1309
1310 return ret;
1311}
1312
1318
1319 found = 0;
1321
1322 // Regard empty password as no password - remove user record.
1325 }
1326
1328
1329 // Create the file if does not exist
1332 }
1333
1334 // Open the given file and temporary file
1336 return 0;
1339 return 0;
1340 }
1341
1342 // Copy the stuff to temporary file
1345 continue;
1346 }
1347
1349 found++;
1353 }
1354 } else {
1356 }
1357 }
1358
1359 // If new user, just add it
1363 }
1364
1365 // Close files
1368
1369 // Put the temp file in place of real file
1372
1373 return 1;
1374}
1375
1376#if defined(_WIN32)
1379}
1380
1382 (void) unused;
1385}
1386
1389}
1390
1393}
1394
1397}
1398
1400 (void) unused;
1404}
1405
1408 ReleaseMutex(*mutex);
1411}
1412
1415}
1416
1418 // Implementation with PulseEvent() has race condition, see
1419 // http://www.cs.wustl.edu/~schmidt/win32-cv-1.html
1421}
1422
1425}
1426
1427// For Windows, change all slashes to backslashes in path names.
1430
1434 // i > 0 check is to preserve UNC paths, like \\server\file.txt
1439 }
1440}
1441
1442// Encode 'path' which is assumed UTF-8 string, into UNICODE string.
1443// wbuf and wbuf_len is a target buffer and its length.
1446
1448 change_slashes_to_backslashes(buf);
1449
1450 // Convert to Unicode and back. If doubly-converted string does not
1451 // match the original, something is fishy, reject.
1458 }
1459}
1460
1461#if defined(_WIN32_WCE)
1463 time_t t;
1466
1470
1472 *ptime = t;
1473 }
1474
1475 return t;
1476}
1477
1483
1486 }
1487
1499 ptm->tm_isdst =
1501
1503}
1504
1506 // FIXME(lsm): fix this.
1508}
1509
1513 return 0;
1514}
1515#endif
1516
1517// Windows happily opens files with some garbage at the end of file name.
1518// For example, fopen("a.cgi ", "r") on Windows successfully opens
1519// "a.cgi", despite one would expect an error back.
1520// This function returns non-0 if path ends with some garbage.
1525}
1526
1530
1531 filep->modification_time = 0;
1536 info.ftLastWriteTime.dwLowDateTime,
1537 info.ftLastWriteTime.dwHighDateTime);
1539 // If file name is fishy, reset the file structure and return error.
1540 // Note it is important to reset, not just return the error, cause
1541 // functions like is_file_opened() check the struct.
1544 }
1545 }
1546
1548}
1549
1554}
1555
1559
1562 change_slashes_to_backslashes(buf);
1563
1565
1567}
1568
1569// Implementation of POSIX opendir/closedir/readdir for Windows.
1574
1579 } else {
1586 dir->result.d_name[0] = '\0';
1587 } else {
1588 free(dir);
1589 dir = NULL;
1590 }
1591 }
1592
1593 return dir;
1594}
1595
1597 int result = 0;
1598
1601 result = FindClose(dir->handle) ? 0 : -1;
1602
1603 free(dir);
1604 } else {
1605 result = -1;
1607 }
1608
1609 return result;
1610}
1611
1614
1615 if (dir) {
1617 result = &dir->result;
1619 dir->info.cFileName, -1, result->d_name,
1621
1624 dir->handle = INVALID_HANDLE_VALUE;
1625 }
1626
1627 } else {
1629 }
1630 } else {
1632 }
1633
1634 return result;
1635}
1636
1637#ifndef HAVE_POLL
1643
1647
1651
1654 }
1655 }
1656
1661 }
1662 }
1663 }
1664
1665 return result;
1666}
1667#endif // HAVE_POLL
1668
1671}
1672
1675}
1676
1679 (void) flags;
1682}
1683
1684#if !defined(NO_CGI)
1685#define SIGKILL 0
1689 return 0;
1690}
1691
1696 }
1697}
1698
1708
1710
1713
1714 // TODO(lsm): redirect CGI errors to the error log file
1717
1723
1724 // If CGI file is a script, try to read the interpreter line
1727 buf[0] = buf[1] = '\0';
1728
1729 // Read the first line of the script into the buffer
1734 buf[sizeof(buf) - 1] = '\0';
1735 }
1736
1737 if (buf[0] == '#' && buf[1] == '!') {
1738 trim_trailing_whitespaces(buf + 2);
1739 } else {
1740 buf[2] = '\0';
1741 }
1742 interp = buf + 2;
1743 }
1744
1748 }
1750
1753
1760 }
1761
1765
1767}
1768#endif // !NO_CGI
1769
1773}
1774#endif
1775
1776#if !defined(_WIN32)
1779
1785
1786 // See https://github.com/cesanta/mongoose/issues/109
1787 // Some filesystems report modification time as 0. Artificially
1788 // bump it up to mark mg_stat() success.
1791 }
1792 }
1793
1795}
1796
1799}
1800
1802 pthread_t thread_id;
1804 int result;
1805
1808
1809#if USE_STACK_SIZE > 1
1810 // Compile-time option to control stack size, e.g. -DUSE_STACK_SIZE=16384
1812#endif
1813
1816
1817 return result;
1818}
1819
1820#ifndef NO_CGI
1824 pid_t pid;
1826
1828
1830 // Parent
1832 } else if (pid == 0) {
1833 // Child
1840 } else {
1841 // Not redirecting stderr to stdout, to avoid output being littered
1842 // with the error messages.
1845
1846 // After exec, all signal handlers are restored to their default values,
1847 // with one exception of SIGCHLD. According to POSIX.1-2001 and Linux's
1848 // implementation, SIGCHLD's handler will leave unchanged after exec
1849 // if it was set to be ignored. Restore it to default action.
1851
1856 } else {
1860 }
1861 }
1862 exit(EXIT_FAILURE);
1863 }
1864
1865 return pid;
1866}
1867#endif // !NO_CGI
1868
1870 int flags;
1871
1874
1875 return 0;
1876}
1877#endif // _WIN32
1878
1879
1880// Print message to buffer. If buffer is large enough to hold the message,
1881// return buffer. If buffer is to small, allocate large enough buffer on heap,
1882// and return allocated buffer.
1885 int len;
1886
1887 // Windows is not standard-compliant, and vsnprintf() returns -1 if
1888 // buffer is too small. Also, older versions of msvcrt.dll do not have
1889 // _vscprintf(). However, if size is 0, vsnprintf() behaves correctly.
1890 // Therefore, we make two passes: on first pass, get required message length.
1891 // On second pass, actually print the message.
1894
1895 if (len > (int) size &&
1896 (size = len + 1) > 0 &&
1898 len = -1; // Allocation failed, mark failure
1899 } else {
1902 }
1903
1904 return len;
1905}
1906
1909 int len;
1910
1913 }
1915 free(buf);
1916 }
1917
1918 return len;
1919}
1920
1923 va_start(ap, fmt);
1925}
1926
1929 int len;
1930
1932 va_start(ap, fmt);
1935 }
1936
1938 free(buf);
1939 }
1940
1941 return len;
1942}
1943
1944
1945
1946#if !defined(NO_SSL)
1947
1948#if !defined(NO_SSL_DL)
1949// set_ssl_option() function updates this array.
1950// It loads SSL library dynamically and changes NULLs to the actual addresses
1951// of respective functions. The macros above (like SSL_connect()) are really
1952// just calling these functions indirectly via the pointer.
1981};
1982
1983// Similar array as ssl_sw. These functions could be located in different lib.
1991};
1992#endif
1993
1995
1999 func(conn->ssl) == 1;
2000}
2001
2002// Return OpenSSL error message
2004 unsigned long err;
2005 err = ERR_get_error();
2007}
2008
2010 int line) {
2011 (void) line;
2013
2016 } else {
2018 }
2019}
2020
2023}
2024
2025#if !defined(NO_SSL_DL)
2031
2034 return 0;
2035 }
2036
2038#ifdef _WIN32
2039 // GetProcAddress() returns pointer to function
2041#else
2042 // dlsym() on UNIX returns void *. ISO C forbids casts of data pointers to
2043 // function pointers. We need to use a union to make a cast.
2045#endif // _WIN32
2048 return 0;
2049 } else {
2051 }
2052 }
2053
2054 return 1;
2055}
2056#endif // NO_SSL_DL
2057
2058// Dynamically load SSL library. Set up ctx->ssl_ctx pointer.
2064
2065 // If PEM file is not specified and the init_ssl callback
2066 // is not specified, skip SSL initialization.
2068 // MG_INIT_SSL
2069 // ctx->callbacks.init_ssl == NULL) {
2070 return 1;
2071 }
2072
2073#if !defined(NO_SSL_DL)
2076 return 0;
2077 }
2078#endif // NO_SSL_DL
2079
2080 // Initialize SSL library
2081 SSL_library_init();
2082 SSL_load_error_strings();
2083
2086 return 0;
2087 }
2088
2091
2092#if 0
2093 {
2094 //
2095 // enable Diffie-Hellman key exchange - the DHE series of ciphers
2096 //
2097 // this code is from here:
2098 // https://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html
2099 // to generate the pem file: openssl dhparam -out dh_param_2048.pem 2048
2100
2101 /* Set up ephemeral DH parameters. */
2108 } else {
2109 /* Error. */
2110 }
2112 /* Error. */
2113 }
2115 /* Error. */
2116 }
2117 }
2118#endif
2119
2120#ifdef OPENSSL_EC_NAMED_CURVE
2121 {
2122 //
2123 // enable Elliptic Curve Diffie-Hellman key exchange - the ECDHE series of ciphers
2124 //
2125
2128 cry(fc(ctx), "%s: EC_KEY_new_by_curve_name (NID_X9_62_prime256v1) failed: %s", __func__, ssl_error());
2129 } else {
2131 cry(fc(ctx), "%s: SSL_CTX_set_tmp_ecdh (ctx->ssl_ctx, ecdh) failed: %s", __func__, ssl_error());
2132 }
2134 ecdh_enabled = 1;
2135 }
2136 }
2137#else
2138#warning Very old openssl, no EC_KEY, no ECDH for modern criptography!
2139#endif
2140
2143
2144 // get cipher list
2145
2146 {
2152 break;
2153 //printf("priority %d cipher list: %s\n", priority, available_cipher_list);
2155 ecdh_available = 1;
2156 }
2157 SSL_free(ssl);
2158 }
2159
2162 }
2163
2164 // disable weak ciphers
2165 const char* cipher_list = "ALL:!RC4:!DES-CBC-SHA:!DES:!DES-CBC3-SHA:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW";
2166
2167 // enable only "modern cryptography" ciphers if ECDHE ciphers available
2169 cipher_list = "ALL:!AECDH:!RC4:!DES-CBC-SHA:!DES:!AES128-SHA+RSA:!AES256-SHA+RSA:!DES-CBC3-SHA:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW";
2170
2172
2173 // If user callback returned non-NULL, that means that user callback has
2174 // set up certificate itself. In this case, skip sertificate setting.
2175 // MG_INIT_SSL
2179 return 0;
2180 }
2181
2184 }
2185
2186 // Initialize locking callbacks, needed for thread safety.
2187 // http://www.openssl.org/support/faq.html#PROG1
2191 return 0;
2192 }
2193
2196 }
2197
2200
2201 return 1;
2202}
2203
2210 }
2213 }
2214}
2215#endif // !NO_SSL
2216
2222
2224
2227#ifndef NO_SSL
2230 // TODO(lsm): use something threadsafe instead of gethostbyname()
2231#endif
2236 } else {
2237 set_close_on_exec(sock);
2238 sin.sin_family = AF_INET;
2244 closesocket(sock);
2245 sock = INVALID_SOCKET;
2246 }
2247 }
2248 return sock;
2249}
2250
2256
2262#ifndef NO_SSL
2267 free(conn);
2268 conn = NULL;
2269#endif // NO_SSL
2270 } else {
2278#ifndef NO_SSL
2280 // SSL_CTX_set_verify call is needed to switch off server certificate
2281 // checking, which is off by default in OpenSSL and on in yaSSL.
2284 }
2285#endif
2286 }
2287
2288 return conn;
2289}
2290
2293 const char *fmt, ...) {
2296
2297 va_start(ap, fmt);
2302 } else {
2304 }
2306 mg_close_connection(conn);
2307 conn = NULL;
2308 }
2309
2310 return conn;
2311}
2312
2313// Return number of bytes left to read for this connection
2316}
2317
2325 }
2328}
2329
2331#ifdef _WIN32
2336#else
2338#endif
2339}
2340
2344#if defined(USE_IPV6)
2348#elif defined(_WIN32)
2349 // Only Windoze Vista (and newer) have inet_ntop()
2351#else
2353#endif
2354}
2355
2356// Print error message to the opened error log stream.
2361 time_t timestamp;
2362
2363 va_start(ap, fmt);
2365 va_end(ap);
2366
2367 // Do not lock when getting the callback value, here and below.
2368 // I suppose this is fine, since function cannot disappear in the
2369 // same way string option can.
2373
2376 timestamp = time(NULL);
2377
2380 src_addr);
2381
2385 }
2386
2391 }
2392 }
2393}
2394
2397}
2398
2399// HTTP 1.1 assumes keep alive if "Connection:" header is not set
2400// This function must tolerate situations when connection info is not
2401// set up, for example if request parsing failed.
2406 conn->status_code == 401 ||
2410 return 0;
2411 }
2412 return 1;
2413}
2414
2417}
2418
2423 int len = 0;
2424
2427
2428 // Errors 1xx, 204 and 304 MUST NOT send a body
2432
2433 va_start(ap, fmt);
2435 va_end(ap);
2436 }
2438
2441 "Content-Length: %d\r\n"
2443 suggest_connection_header(conn));
2445 }
2446}
2447
2448// Write data to the IO channel - opened file descriptor, socket or SSL
2449// descriptor. Return number of bytes written.
2451 int64_t len) {
2452 int64_t sent;
2454
2456 sent = 0;
2457 while (sent < len) {
2458
2459 // How many bytes we send in this iteration
2461
2462#if !defined(NO_SSL)
2465 } else
2466#endif
2470 n = -1;
2471 } else {
2473 }
2474
2476 break;
2477
2478 sent += n;
2479 }
2480
2481 return sent;
2482}
2483
2484// Read from IO channel - opened file descriptor, socket, or SSL descriptor.
2485// Return negative value on error, or number of bytes read on success.
2488
2489 if (len <= 0) return 0;
2491 // Use read() instead of fread(), because if we're reading from the CGI
2492 // pipe, fread() may block until IO buffer is filled up. We cannot afford
2493 // to block and must pass all read bytes immediately to the client.
2495#ifndef NO_SSL
2498#endif
2499 } else {
2501 }
2504 }
2505
2507}
2508
2511
2516 break;
2518 break; // No more data to read
2519 } else {
2521 len -= n;
2522 }
2523 }
2524
2526}
2527
2531
2533 return 0;
2534 }
2535
2536 // conn->buf body
2537 // |=================|==========|===============|
2538 // |<--request_len-->| |
2539 // |<-----------data_len------->| conn->buf + conn->buf_size
2540
2541 // First, check for data buffered in conn->buf by read_request().
2546
2550 len -= buffered_len;
2553 }
2554
2555 // Read data from the socket.
2559 }
2562 }
2563
2565}
2566
2570
2574 conn->last_throttle_bytes = 0;
2575 }
2578 allowed = len;
2579 }
2589 break;
2590 }
2591 sleep(1);
2596 }
2597 }
2598 } else {
2600 (int64_t) len);
2601 }
2603}
2604
2608#define HEXTOI(x) (isdigit(x) ? x - '0' : x - 'W')
2609
2617 i += 2;
2620 } else {
2622 }
2623 }
2624
2626
2628}
2629
2633 size_t name_len;
2634 int len;
2635
2637 len = -2;
2639 len = -1;
2640 dst[0] = '\0';
2641 } else {
2644 len = -1;
2645 dst[0] = '\0';
2646
2647 // data is "var1=val1&var2=val2...". Find variable first
2651
2652 // Point p to variable value
2653 p += name_len + 1;
2654
2655 // Point s to the end of the value
2658 s = e;
2659 }
2660 assert(s >= p);
2661
2662 // Decode variable into destination buffer
2664
2665 // Redirect error code from -1 to -2 (destination buffer too small).
2666 if (len == -1) {
2667 len = -2;
2668 }
2669 break;
2670 }
2671 }
2672 }
2673
2674 return len;
2675}
2676
2680 int name_len, len = -1;
2681
2683 len = -2;
2685 len = -1;
2686 dst[0] = '\0';
2687 } else {
2690 dst[0] = '\0';
2691
2693 if (s[name_len] == '=') {
2694 s += name_len + 1;
2696 p = end;
2697 if (p[-1] == ';')
2698 p--;
2699 if (*s == '"' && p[-1] == '"' && p > s + 1) {
2700 s++;
2701 p--;
2702 }
2704 len = p - s;
2706 } else {
2707 len = -3;
2708 }
2709 break;
2710 }
2711 }
2712 }
2713 return len;
2714}
2715
2716// Return 1 if real file has been found, 0 otherwise
2722 char *p;
2726
2727 // No filesystem access
2729 return 0;
2730 }
2731
2732 // Using buf_len - 1 because memmove() for PATH_INFO may shift part
2733 // of the path one byte on the right.
2734 // If document_root is NULL, leave the file empty.
2736
2741 uri + match_len);
2742 break;
2743 }
2744 }
2745
2747 return 1;
2748 }
2749
2750 // if we can't find the actual file, look for the file
2751 // with the same name but a .gz extension. If we find it,
2752 // use that and set the gzipped flag in the file struct
2753 // to indicate that the response need to have the content-
2754 // encoding: gzip header
2755 // we can only do this if the browser declares support
2760 filep->gzipped = 1;
2761 return 1;
2762 }
2763 }
2764 }
2765
2766 // Support PATH_INFO for CGI scripts.
2768 if (*p == '/') {
2769 *p = '\0';
2773 // Shift PATH_INFO block one character right, e.g.
2774 // "/x.cgi/foo/bar\x00" => "/x.cgi\x00/foo/bar\x00"
2775 // conn->path_info is pointing to the local variable "path" declared
2776 // in handle_request(), so PATH_INFO is not valid after
2777 // handle_request returns.
2778 conn->path_info = p + 1;
2780 p[1] = '/';
2781 return 1;
2782 } else {
2783 *p = '/';
2784 }
2785 }
2786 }
2787
2788 return 0;
2789}
2790
2791// Check whether full request is buffered. Return:
2792// -1 if request is malformed
2793// 0 if request is not yet fully buffered
2794// >0 actual request length, including last \r\n\r\n
2797
2799 // Control characters are not allowed but >=128 is.
2800 // Abort scan as soon as one malformed character is found;
2801 // don't let subsequent \r\n\r\n win us over anyhow
2804 return -1;
2810 }
2811 }
2812
2813 return 0;
2814}
2815
2816// Protect against directory disclosure attack by removing '..',
2817// excessive '/' and '\' characters
2819 char *p = s;
2820
2821 while (*s != '\0') {
2822 *p++ = *s++;
2823 if (s[-1] == '/' || s[-1] == '\\') {
2824 // Skip all following slashes, backslashes and double-dots
2825 while (s[0] != '\0') {
2826 if (s[0] == '/' || s[0] == '\\') {
2827 s++;
2828 } else if (s[0] == '.' && s[1] == '.') {
2829 s += 2;
2830 } else {
2831 break;
2832 }
2833 }
2834 }
2835 }
2836 *p = '\0';
2837}
2838
2839static const struct {
2843} builtin_mime_types[] = {
2844 {".html", 5, "text/html"},
2845 {".htm", 4, "text/html"},
2846 {".shtm", 5, "text/html"},
2847 {".shtml", 6, "text/html"},
2848 {".css", 4, "text/css"},
2849 {".js", 3, "application/x-javascript"},
2850 {".ico", 4, "image/x-icon"},
2851 {".gif", 4, "image/gif"},
2852 {".jpg", 4, "image/jpeg"},
2853 {".jpeg", 5, "image/jpeg"},
2854 {".png", 4, "image/png"},
2855 {".svg", 4, "image/svg+xml"},
2856 {".txt", 4, "text/plain"},
2857 {".torrent", 8, "application/x-bittorrent"},
2858 {".wav", 4, "audio/x-wav"},
2859 {".mp3", 4, "audio/x-mp3"},
2860 {".mid", 4, "audio/mid"},
2861 {".m3u", 4, "audio/x-mpegurl"},
2862 {".ogg", 4, "application/ogg"},
2863 {".ram", 4, "audio/x-pn-realaudio"},
2864 {".xml", 4, "text/xml"},
2865 {".json", 5, "text/json"},
2866 {".xslt", 5, "application/xml"},
2867 {".xsl", 4, "application/xml"},
2868 {".ra", 3, "audio/x-pn-realaudio"},
2869 {".doc", 4, "application/msword"},
2870 {".exe", 4, "application/octet-stream"},
2871 {".zip", 4, "application/x-zip-compressed"},
2872 {".xls", 4, "application/excel"},
2873 {".tgz", 4, "application/x-tar-gz"},
2874 {".tar", 4, "application/x-tar"},
2875 {".gz", 3, "application/x-gunzip"},
2876 {".arj", 4, "application/x-arj-compressed"},
2877 {".rar", 4, "application/x-arj-compressed"},
2878 {".rtf", 4, "application/rtf"},
2879 {".pdf", 4, "application/pdf"},
2880 {".swf", 4, "application/x-shockwave-flash"},
2881 {".mpg", 4, "video/mpeg"},
2882 {".webm", 5, "video/webm"},
2883 {".mpeg", 5, "video/mpeg"},
2884 {".mov", 4, "video/quicktime"},
2885 {".mp4", 4, "video/mp4"},
2886 {".m4v", 4, "video/x-m4v"},
2887 {".asf", 4, "video/x-ms-asf"},
2888 {".avi", 4, "video/x-msvideo"},
2889 {".bmp", 4, "image/bmp"},
2890 {".ttf", 4, "application/x-font-ttf"},
2892};
2893
2895 const char *ext;
2897
2899
2905 }
2906 }
2907
2908 return "text/plain";
2909}
2910
2911// Look at the "path" extension and figure what mime type it has.
2912// Store mime type in the vector.
2918
2920
2921 // Scan user-defined mime types first, in case user wants to
2922 // override default mime types.
2925 // ext now points to the path suffix
2929 return;
2930 }
2931 }
2932
2935}
2936
2941
2945 *dst = *src;
2947 dst[0] = '%';
2950 dst += 2;
2951 }
2952 }
2953
2954 *dst = '\0';
2955}
2956
2960
2963 } else {
2964 // We use (signed) cast below because MSVC 6 compiler cannot
2965 // convert unsigned __int64 to double. Sigh.
2974 } else {
2977 }
2978 }
2983 "<tr><td><a href=\"%s%s%s\">%s%s</a></td>"
2984 "<td> %s</td><td> %s</td></tr>\n",
2986}
2987
2988// This function is called from send_directory() and used for
2989// sorting directory entries by size, or name, or modification time.
2990// On windows, __cdecl specification is needed in case if project is built
2991// with __stdcall convention. qsort always requires __cdels callback.
2996
2998 query_string = "na";
2999 }
3000
3002 return -1; // Always put directories on top
3004 return 1; // Always put directories on top
3005 } else if (*query_string == 'n') {
3007 } else if (*query_string == 's') {
3010 } else if (*query_string == 'd') {
3013 }
3014
3016}
3017
3023}
3024
3031
3033 return 0;
3034 } else {
3036
3038 // Do not show current dir and hidden files
3042 continue;
3043 }
3044
3046
3047 // If we don't memset stat structure to zero, mtime will have
3048 // garbage and strftime() will segfault later on in
3049 // print_dir_entry(). memset is required only if mg_stat()
3050 // fails. For more details, see
3051 // http://code.google.com/p/mongoose/issues/detail?id=79
3054
3057 }
3059 }
3060 return 1;
3061}
3062
3068
3070 return 0;
3071 } else {
3073
3075 // Do not show current dir, but show hidden files
3078 continue;
3079 }
3080
3082
3083 // If we don't memset stat structure to zero, mtime will have
3084 // garbage and strftime() will segfault later on in
3085 // print_dir_entry(). memset is required only if mg_stat()
3086 // fails. For more details, see
3087 // http://code.google.com/p/mongoose/issues/detail?id=79
3093 } else {
3094 mg_remove(path);
3095 }
3096 }
3097
3098 }
3100
3101 rmdir(dir);
3102 }
3103
3104 return 1;
3105}
3106
3111};
3112
3113// Behaves like realloc(), but frees original pointer on failure
3117 free(ptr);
3118 }
3120}
3121
3124
3129 }
3131 // TODO(lsm): propagate an error to the caller
3132 dsd->num_entries = 0;
3133 } else {
3137 dsd->num_entries++;
3138 }
3139}
3140
3142 const char *dir) {
3145
3149 return;
3150 }
3151
3154
3155 conn->must_close = 1;
3157 "HTTP/1.1 200 OK\r\n"
3158 "Transfer-Encoding: Chunked\r\n"
3159 "Content-Type: text/html; charset=utf-8\r\n\r\n");
3160
3162 "<html><head><title>Index of %s</title>"
3163 "<style>th {text-align: left;}</style></head>"
3164 "<body><h1>Index of %s</h1><pre><table cellpadding=\"0\">"
3165 "<tr><th><a href=\"?n%c\">Name</a></th>"
3166 "<th><a href=\"?d%c\">Modified</a></th>"
3167 "<th><a href=\"?s%c\">Size</a></th></tr>"
3168 "<tr><td colspan=\"3\"><hr></td></tr>",
3171
3172 // Print first entry - link to a parent directory
3174 "<tr><td><a href=\"%s%s\">%s</a></td>"
3175 "<td> %s</td><td> %s</td></tr>\n",
3177
3178 // Sort and print directory entries
3180 compare_dir_entries);
3184 }
3185 free(data.entries);
3186
3188 "</table></body></html>");
3190 conn->status_code = 200;
3191}
3192
3193// Send len bytes from the opened file to the client.
3198
3199 // If offset is beyond file boundaries, don't send anything
3201 return;
3202 }
3203
3204 while (len > 0) {
3205 // Calculate how much to read from the file in the buffer
3209 }
3210
3211 // Read from file, exit the loop on error
3213 break;
3214 }
3215
3216 // Send read bytes to the client, exit the loop on error
3218 break;
3219 }
3220
3221 // Both read and were successful, adjust counters
3223 len -= num_written;
3224 }
3225}
3226
3229}
3230
3233}
3234
3239}
3240
3243#ifndef _WIN32
3245#endif
3246 }
3247}
3248
3260
3262 cl = filep->size;
3263 conn->status_code = 200;
3264 range[0] = '\0';
3265
3266 // if this file is in fact a pre-gzipped file, rewrite its filename
3267 // it's important to rewrite the filename after resolving
3268 // the mime type from it, to preserve the actual file's type
3271 path = gz_path;
3273 }
3274
3278 return;
3279 }
3280
3282
3283 // If Range: header specified, act accordingly
3288 // actually, range requests don't play well with a pre-gzipped
3289 // file (since the range is specified in the uncmpressed space)
3292 "range requests in gzipped files are not supported");
3293 return;
3294 }
3295 conn->status_code = 206;
3298 "Content-Range: bytes "
3302 msg = "Partial Content";
3303 }
3304
3305 // Prepare Etag, Date, Last-Modified headers. Must be in UTC, according to
3306 // http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3
3310
3312 "HTTP/1.1 %d %s\r\n"
3313 "Date: %s\r\n"
3314 "Last-Modified: %s\r\n"
3315 "Etag: %s\r\n"
3316 "Content-Type: %.*s\r\n"
3318 "Connection: %s\r\n"
3319 "Accept-Ranges: bytes\r\n"
3320 "%s%s%s\r\n",
3323 EXTRA_HTTP_HEADERS);
3324
3327 }
3329}
3330
3335 } else {
3337 }
3338}
3339
3340
3341// Parse HTTP headers from the given buffer, advance buffer to the point
3342// where parsing stopped.
3345
3350 break;
3352 }
3353}
3354
3361 ;
3362}
3363
3364// Parse HTTP request, fill in mg_request_info structure.
3365// This function modifies the buffer by NUL-terminating
3366// HTTP request components, header names and header values.
3370 // Reset attributes. DO NOT TOUCH is_ssl, remote_ip, remote_port
3372 ri->num_headers = 0;
3373
3375
3376 // RFC says that all initial whitespaces should be ingored
3378 buf++;
3379 }
3383
3384 // HTTP message could be either HTTP request or HTTP response, e.g.
3385 // "GET / HTTP/1.0 ...." or "HTTP/1.0 200 OK ..."
3389 request_length = -1;
3390 } else {
3392 ri->http_version += 5;
3393 }
3395 }
3396 }
3398}
3399
3400// Keep reading the input (either opened file descriptor fd, or socket sock,
3401// or SSL descriptor ssl) into buffer buf, until \r\n\r\n appears in the
3402// buffer (which marks the end of HTTP request). Buffer buf may already
3403// have some data. The length of the data is stored in nread.
3404// Upon every read operation, increase nread by the number of bytes read.
3408
3412 request_len == 0 &&
3417 }
3418
3420}
3421
3422// For given directory path, substitute it to valid index file.
3423// Return 0 if index file has been found, -1 if not found.
3424// If the file is found, it's stats is returned in stp.
3432
3433 // The 'path' given to us points to the directory. Remove all trailing
3434 // directory separator characters from the end of the path, and
3435 // then append single directory separator character.
3437 n--;
3438 }
3440
3441 // Traverse index files list. For each entry, append it to the given
3442 // path and see if the file exists. If it exists, break the loop
3444
3445 // Ignore too long entries that may overflow path buffer
3447 continue;
3448
3449 // Prepare full path to the index file
3451
3452 // Does it exist?
3454 // Yes it does, break the loop
3456 found = 1;
3457 break;
3458 }
3459 }
3460
3461 // If no index file exists, restore directory path
3464 }
3465
3467}
3468
3469// Return True if we should reply 304 Not Modified.
3478}
3479
3486
3489
3494 } else {
3497 }
3498
3501 assert(buffered_len >= 0);
3502
3506 }
3510 }
3511
3512 nread = 0;
3517 }
3520 break;
3521 }
3522 }
3523
3526 }
3527
3528 // Each error code path in this function must send an error
3531 }
3532 }
3533
3535}
3536
3537#if !defined(NO_CGI)
3538// This structure helps to create an environment for the spawned CGI program.
3539// Environment is an array of "VARIABLE=VALUE\0" ASCIIZ strings,
3540// last element must be NULL.
3541// However, on Windows there is a requirement that all these VARIABLE=VALUE\0
3542// strings must reside in a contiguous buffer. The end of the buffer is
3543// marked by two '\0' characters.
3544// We satisfy both worlds: we create an envp array (which is vars), all
3545// entries are actually pointers inside buf.
3552};
3553
3556 PRINTF_ARGS(2, 3);
3557
3558// Append VARIABLE=VALUE\0 string to the buffer, and add a respective
3559// pointer into the vars array.
3564
3565 // Calculate how much space is left in the buffer
3567 assert(space >= 0);
3568
3569 // Make a pointer to the free space int the buffer
3571
3572 // Copy VARIABLE=VALUE\0 string into the free space
3573 va_start(ap, fmt);
3575 va_end(ap);
3576
3577 // Make sure we do not overflow buffer and the envp array
3580 // Append a pointer to the added string into the envp array
3582 // Bump up used length counter. Include \0 terminator
3584 } else {
3586 }
3587
3589}
3590
3599
3601 blk->conn = conn;
3603
3608
3609 // Prepare the environment block
3613
3614 // TODO(lsm): fix this for IPv6 case
3616
3623
3624 // SCRIPT_NAME
3629 } else {
3635 }
3636
3640
3643
3646 }
3647
3650
3653
3654#if defined(_WIN32)
3657 }
3660 }
3663 }
3666 }
3669 }
3672 }
3673#else
3676#endif // _WIN32
3677
3680
3684 }
3685
3686 // Add all headers as HTTP_* variables
3690
3691 // Convert variable name into uppercase, and change - to _
3692 for (; *p != '=' && *p != '\0'; p++) {
3693 if (*p == '-')
3694 *p = '_';
3696 }
3697 }
3698
3699 // Add user-specified variables
3703 }
3704
3707
3709 assert(blk->len > 0);
3711}
3712
3721
3723
3724 // CGI must be executed in its own directory. 'dir' must point to the
3725 // directory containing executable program, 'p' must point to the
3726 // executable program name relative to 'dir'.
3729 *p++ = '\0';
3730 } else {
3731 dir[0] = '.', dir[1] = '\0';
3733 }
3734
3739 }
3740
3746 }
3747
3748 // Make sure child closes all pipe descriptors. It must dup them to 0,1
3753
3754 // Parent closes only one side of the pipes.
3755 // If we don't mark them as closed, close() attempt before
3756 // return from this function throws an exception on Windows.
3757 // Windows does not like when closed descriptor is closed again.
3761
3762
3768 }
3769
3772
3773 // Send POST data to the CGI process if needed
3777 }
3778
3779 // Close so child gets an EOF.
3780 fclose(in);
3781 in = NULL;
3782 fdin[1] = -1;
3783
3784 // Now read CGI reply into a buffer. We need to set correct
3785 // status code, thus we need to see all HTTP headers first.
3786 // Do not send anything back to client, until we buffer in all
3787 // HTTP headers.
3788 data_len = 0;
3792 "CGI program sent malformed or too big (>%u bytes) "
3793 "HTTP headers: [%.*s]",
3796 }
3800
3801 // Make up and send the status line
3807 status_text++;
3808 }
3811 } else {
3813 }
3817 }
3819 status_text);
3820
3821 // Send headers
3825 }
3827
3828 // Send chunk of data that may have been read after the headers
3831
3832 // Read the rest of CGI output and send to the client
3834
3835done:
3838 }
3840 close(fdin[0]);
3841 }
3843 close(fdout[1]);
3844 }
3845
3847 fclose(in);
3849 close(fdin[1]);
3850 }
3851
3855 close(fdout[0]);
3856 }
3857}
3858#endif // !NO_CGI
3859
3860// For a given PUT path, create all intermediate subdirectories
3861// for given path. Return 0 if the path itself is a directory,
3862// or -1 on error, 1 if OK.
3865 const char *s, *p;
3868
3870 len = p - path;
3871 if (len >= (int) sizeof(buf)) {
3872 res = -1;
3873 break;
3874 }
3875 memcpy(buf, path, len);
3876 buf[len] = '\0';
3877
3878 // Try to create intermediate directory
3881 res = -1;
3882 break;
3883 }
3884
3885 // Is path itself a directory?
3886 if (p[1] == '\0') {
3887 res = 0;
3888 }
3889 }
3890
3892}
3893
3897
3900
3904 return;
3905 }
3906
3908 if(body_len > 0) {
3911 return;
3912 }
3913
3915
3929 else
3932 }
3933}
3934
3938 const char *range;
3941
3943
3953 } else {
3958 conn->status_code = 206;
3960 }
3962 conn->status_code = 500;
3963 }
3965 conn->status_code);
3967 }
3968}
3969
3975
3976 // sscanf() is safe here, since send_ssi_file() also uses buffer
3977 // of size MG_BUF_LEN to get the tag. So strlen(tag) is always < MG_BUF_LEN.
3979 // File name is relative to the webserver root
3983 // File name is relative to the webserver working directory
3984 // or it is absolute system path
3988 // File name is relative to the currect document
3991 p[1] = '\0';
3992 }
3995 } else {
3997 return;
3998 }
3999
4003 } else {
4008 } else {
4010 }
4012 }
4013}
4014
4015#if !defined(NO_POPEN)
4019
4024 } else {
4027 }
4028}
4029#endif // !NO_POPEN
4030
4035
4038 return;
4039 }
4040
4044 in_ssi_tag = 0;
4046 buf[len] = '\0';
4047 assert(len <= (int) sizeof(buf));
4049 // Not an SSI tag, pass it
4051 } else {
4054#if !defined(NO_POPEN)
4056 do_ssi_exec(conn, buf + 9);
4057#endif // !NO_POPEN
4058 } else {
4060 }
4061 }
4062 len = 0;
4065 // Not an SSI tag
4066 in_ssi_tag = 0;
4067 } else if (len == (int) sizeof(buf) - 2) {
4069 len = 0;
4070 }
4071 buf[len++] = ch & 0xff;
4073 in_ssi_tag = 1;
4074 if (len > 0) {
4076 }
4077 len = 0;
4078 buf[len++] = ch & 0xff;
4079 } else {
4080 buf[len++] = ch & 0xff;
4081 if (len == (int) sizeof(buf)) {
4083 len = 0;
4084 }
4085 }
4086 }
4087
4088 // Send the rest of buffered data
4089 if (len > 0) {
4091 }
4092}
4093
4095 const char *path) {
4098
4102 } else {
4103 conn->must_close = 1;
4107 "Content-Type: %.*s\r\n"
4108 "Connection: close\r\n\r\n",
4112 }
4113}
4114
4117 "Allow: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS, PROPFIND, MKCOL\r\n"
4118 "DAV: 1\r\n\r\n";
4119
4120 conn->status_code = 200;
4122}
4123
4124// Writes PROPFIND properties for a collection element
4130 "<d:response>"
4131 "<d:href>%s</d:href>"
4132 "<d:propstat>"
4133 "<d:prop>"
4134 "<d:resourcetype>%s</d:resourcetype>"
4136 "<d:getlastmodified>%s</d:getlastmodified>"
4137 "</d:prop>"
4138 "<d:status>HTTP/1.1 200 OK</d:status>"
4139 "</d:propstat>"
4140 "</d:response>\n",
4141 uri,
4143 filep->size,
4144 mtime);
4145}
4146
4155}
4156
4160
4161 conn->must_close = 1;
4162 conn->status_code = 207;
4164 "Connection: close\r\n"
4165 "Content-Type: text/xml; charset=utf-8\r\n\r\n");
4166
4168 "<?xml version=\"1.0\" encoding=\"utf-8\"?>"
4169 "<d:multistatus xmlns:d='DAV:'>\n");
4170
4171 // Print properties for the requested resource itself
4173
4174 // If it is a directory, print directory entries too if Depth is not 0
4179 }
4180
4182}
4183
4184#if defined(USE_WEBSOCKET)
4185
4186// START OF SHA-1 code
4187// Copyright(c) By Steve Reid <steve@edmweb.com>
4188#define SHA1HANDSOFF
4189#if defined(__sun)
4190#include "solarisfixes.h"
4191#endif
4192
4194
4195#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
4196
4198 // Forrest: SHA expect BIG_ENDIAN, swap if LITTLE_ENDIAN
4202 }
4204}
4205
4206#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
4207 ^block->l[(i+2)&15]^block->l[i&15],1))
4208#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(block, i)+0x5A827999+rol(v,5);w=rol(w,30);
4209#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
4210#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
4211#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
4212#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
4213
4214typedef struct {
4217 unsigned char buffer[64];
4218} SHA1_CTX;
4219
4223
4225 a = state[0];
4226 b = state[1];
4250 state[0] += a;
4251 state[1] += b;
4257}
4258
4260 context->state[0] = 0x67452301;
4261 context->state[1] = 0xEFCDAB89;
4262 context->state[2] = 0x98BADCFE;
4263 context->state[3] = 0x10325476;
4264 context->state[4] = 0xC3D2E1F0;
4265 context->count[0] = context->count[1] = 0;
4266}
4267
4269 uint32_t len) {
4271
4272 j = context->count[0];
4274 context->count[1]++;
4275 context->count[1] += (len>>29);
4279 SHA1Transform(context->state, context->buffer);
4282 }
4283 j = 0;
4284 }
4287}
4288
4292
4295 >> ((3-(i & 3)) * 8) ) & 255);
4296 }
4297 c = 0200;
4299 while ((context->count[0] & 504) != 448) {
4300 c = 0000;
4302 }
4307 }
4310}
4311// END OF SHA1 CODE
4312
4315 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
4317
4319 a = src[i];
4322
4327 }
4330 }
4331 }
4334 }
4336}
4337
4342
4350 "HTTP/1.1 101 Switching Protocols\r\n"
4351 "Upgrade: websocket\r\n"
4352 "Connection: Upgrade\r\n"
4354}
4355
4357 // Pointer to the beginning of the portion of the incoming websocket message
4358 // queue. The original websocket upgrade request is never removed,
4359 // so the queue begins after it.
4364
4365 assert(conn->content_len == 0);
4366
4367 // Loop continuously, reading messages from the socket, invoking the callback,
4368 // and waiting repeatedly until an error occurs.
4370 header_len = 0;
4371 // body_len is the length of the entire queue in bytes
4372 // len is the length of the current message
4373 // data_len is the length of the current message's data payload
4374 // header_len is the length of the current message's header
4376 len = buf[1] & 127;
4377 mask_len = buf[1] & 128 ? 4 : 0;
4379 data_len = len;
4383 data_len = ((((int) buf[2]) << 8) + buf[3]);
4388 }
4389 }
4390
4391 // Data layout is as follows:
4392 // conn->buf buf
4393 // v v frame1 | frame2
4394 // |---------------------|----------------|--------------|-------
4395 // | |<--header_len-->|<--data_len-->|
4396 // |<-conn->request_len->|<-----body_len----------->|
4397 // |<-------------------conn->data_len------------->|
4398
4400 // Allocate space to hold websocket payload
4402 // Allocation failed, exit the loop and then close the connection
4403 // TODO: notify user about the failure
4404 data_len = 0;
4405 break;
4406 }
4407
4408 // Save mask and bits, otherwise it may be clobbered by memmove below
4409 *bits = buf[0];
4411
4412 // Read frame payload into the allocated buffer.
4413 assert(body_len >= header_len);
4415 len = body_len - header_len;
4417 // TODO: handle pull error
4420 } else {
4421 len = data_len + header_len;
4423 memmove(buf, buf + len, body_len - len);
4424 conn->data_len -= len;
4425 }
4426
4427 // Apply mask if necessary
4431 }
4432 }
4433
4434 return data_len;
4435 } else {
4436 // Buffering websocket request
4439 break;
4440 }
4442 }
4443 }
4444
4445 return 0;
4446}
4447
4450 unsigned char *copy;
4453
4455 return -1;
4456 }
4457
4458 copy[0] = 0x80 + (opcode & 0x0f);
4459
4460 // Frame format: http://tools.ietf.org/html/rfc6455#section-5.2
4461 if (data_len < 126) {
4462 // Inline 7-bit length field
4463 copy[1] = data_len;
4465 copy_len = 2 + data_len;
4467 // 16-bit length field
4468 copy[1] = 126;
4471 copy_len = 4 + data_len;
4472 } else {
4473 // 64-bit length field
4474 copy[1] = 127;
4478 copy_len = 10 + data_len;
4479 }
4480
4481 // Not thread safe
4484 }
4485 free(copy);
4486
4488}
4489#endif // !USE_WEBSOCKET
4490
4493}
4494
4497
4502 len = n;
4505 }
4506
4507 return len;
4508}
4509
4511 int throttle = 0;
4514 char mult;
4515 double v;
4516
4518 mult = ',';
4521 continue;
4522 }
4525 throttle = (int) v;
4528 throttle = (int) v;
4529 }
4531 throttle = (int) v;
4532 }
4533 }
4534
4535 return throttle;
4536}
4537
4540}
4541
4548
4549 // Request looks like this:
4550 //
4551 // POST /upload HTTP/1.1
4552 // Host: 127.0.0.1:8080
4553 // Content-Length: 244894
4554 // Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryRVr
4555 //
4556 // ------WebKitFormBoundaryRVr
4557 // Content-Disposition: form-data; name="file"; filename="accum.png"
4558 // Content-Type: image/png
4559 //
4560 // <89>PNG
4561 // <PNG DATA>
4562 // ------WebKitFormBoundaryRVr
4563
4564 // Extract boundary string from the Content-Type header
4570 boundary[0] == '\0') {
4572 }
4573
4574 boundary_len = strlen(boundary);
4576
4577 // buf
4578 // conn->buf |<--------- buf_len ------>|
4579 // |=================|==========|===============|
4580 // |<--request_len-->|<--len--->| |
4581 // |<-----------data_len------->| conn->buf + conn->buf_size
4582
4586
4587 for (;;) {
4588 // Pull in headers
4593 }
4597 }
4599 break;
4600 }
4601
4602 // Fetch file name.
4607 // TODO(lsm): don't expect filename to be the 3rd field,
4608 // parse the header properly instead.
4610 fname);
4612 }
4613 }
4614
4615 // Give up if the headers are not what we expect
4617 break;
4618 }
4619
4620 // Move data to the beginning of the buffer
4625
4626 // We open the file with exclusive lock held. This guarantee us
4627 // there is no other thread can save into the same file simultaneously.
4629
4630 // Construct destination file name. Do not allow paths to have slashes.
4633 s = fname;
4634 }
4635
4636 // Open file in binary mode. TODO: set an exclusive lock.
4639 break;
4640 }
4641
4642 // Read POST data, write into file until boundary is found.
4644 do {
4649 // Found boundary, that's the end of file data.
4651 eof = 1;
4654 break;
4655 }
4656 }
4661 }
4665 }
4668
4672 } else {
4674 }
4675 }
4676
4678}
4679
4685}
4686
4691 }
4693}
4694
4696 char host[1025];
4698
4701 // Cannot get host from the Host: header. Fallback to our IP address.
4703 }
4704
4708}
4709
4711 const char *path) {
4713
4720 remove_directory(conn, path);
4724 } else {
4727 }
4728}
4729
4730// This is the heart of the Mongoose's logic.
4731// This function is called when the request is read, parsed and validated,
4732// and Mongoose must decide what action to take: serve a file, or
4733// a directory, or call embedded function, etcetera.
4739
4742 }
4748 path[0] = '\0';
4750
4751 // Perform redirect and auth checks before calling begin_request() handler.
4752 // Otherwise, begin_request() would need to perform auth checks and redirects.
4756 } else if (!strcmp(ri->request_method, "OPTIONS") && (call_user(MG_REQUEST_BEGIN, conn, (void *) ri->uri) == 1)) {
4757 // CORS "pre-flight" "OPTIONS" requests are sent without authentication, duh!
4759 !check_authorization(conn, path)) {
4760 send_authorization_request(conn);
4762 // Do nothing, callback has served the request
4764 handle_options_request(conn);
4768 (is_authorized_for_put(conn) != 1)) {
4769 send_authorization_request(conn);
4771 put_file(conn, path);
4773 mkcol(conn, path);
4775 handle_delete_request(conn, path);
4777 must_hide_file(conn, path)) {
4787 handle_directory_request(conn, path);
4788 } else {
4790 "Directory listing denied");
4791 }
4792#ifdef USE_LUA
4795#endif
4796#if !defined(NO_CGI)
4799 path) > 0) {
4805 } else {
4806 handle_cgi_request(conn, path);
4807 }
4808#endif // !NO_CGI
4811 path) > 0) {
4812 handle_ssi_file_request(conn, path);
4815 } else {
4817 }
4818}
4819
4824 }
4825 free(ctx->listening_sockets);
4826}
4827
4829 return port > 0 && port < 0xffff;
4830}
4831
4832// Valid listening port specification is: [ip_address:]port[s]
4833// Examples: 80, 443s, 127.0.0.1:3128, 1.2.3.4:8080s
4834// TODO(lsm): add parsing of the IPv6 address
4837 int len;
4838#if defined(USE_IPV6)
4839 char buf[100];
4840#endif
4841
4842 // MacOS needs that. If we do not zero it, subsequent bind() will fail.
4843 // Also, all-zeroes in the socket address means binding to all addresses
4844 // for both IPv4 and IPv6 (INADDR_ANY and IN6ADDR_ANY_INIT).
4847
4849 // Bind to a specific IPv4 address, e.g. 192.168.1.5:8080
4852#if defined(USE_IPV6)
4853
4856 // IPv6 address, e.g. [3ffe:2a00:100:7031::1]:8080
4859#endif
4861 // If only port is specified, bind to IPv4, INADDR_ANY
4863 } else {
4864 port = len = 0; // Parsing failure. Make port invalid.
4865 }
4866
4870
4871 // Make sure the port is valid and vector ends with 's', 'r' or ','
4874}
4875
4879#if defined(USE_IPV6)
4881#endif
4884
4889 success = 0;
4892 success = 0;
4894 INVALID_SOCKET ||
4895 // On Windows, SO_REUSEADDR is recommended only for
4896 // broadcast UDP sockets
4903#endif
4910 success = 0;
4912 (ctx->num_listening_sockets + 1) *
4915 success = 0;
4916 } else {
4918 ctx->listening_sockets = ptr;
4920 ctx->num_listening_sockets++;
4921 }
4922 }
4923
4925 close_all_listening_sockets(ctx);
4926 }
4927
4929}
4930
4934
4937 } else {
4939 }
4940}
4941
4946
4949
4951 return;
4952
4955
4958
4964 conn->status_code, conn->num_bytes_sent);
4969
4972}
4973
4974// Verify given socket address against the ACL.
4975// Return -1 if ACL is malformed, 0 if address is disallowed, 1 if allowed.
4981
4982 // If any ACL is set, deny by default
4984
4990 return -1;
4991 }
4992
4995 }
4996 }
4997
4999}
5000
5001#if !defined(_WIN32)
5006
5008 success = 1;
5009 } else {
5016 } else {
5017 success = 1;
5018 }
5019 }
5020
5022}
5023#endif // !_WIN32
5024
5030 return 0;
5031 }
5032 return 1;
5033}
5034
5037}
5038
5042 conn->status_code = -1;
5044}
5045
5047#if defined(_WIN32)
5050#endif
5052
5053 // Set linger option to avoid socket hanging out after close. This prevent
5054 // ephemeral port exhaust problem under high QPS.
5055 linger.l_onoff = 1;
5056 linger.l_linger = 1;
5059
5060 // Send FIN to the client
5063
5064#if defined(_WIN32)
5065 // Read and discard pending incoming data. If we do not do that and close the
5066 // socket, the data in the send buffer may be discarded. This
5067 // behaviour is seen on Windows, when client keeps sending data
5068 // when server decides to close the connection; then when client
5069 // does recv() it gets no data back.
5070 do {
5073#endif
5074
5075 // Now we know that our FIN is ACK-ed, safe to close
5077}
5078
5080 conn->must_close = 1;
5081
5082#ifndef NO_SSL
5084 // Run SSL_shutdown twice to ensure completly close SSL connection
5088 }
5089#endif
5091 close_socket_gracefully(conn);
5093 }
5094}
5095
5097#ifndef NO_SSL
5100 }
5101#endif
5102 close_connection(conn);
5103 free(conn);
5104}
5105
5107 // Conform to http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
5108 // URI can be an asterisk (*) or should start with slash.
5109 return uri[0] == '/' || (uri[0] == '*' && uri[1] == '\0');
5110}
5111
5113 const char *cl;
5114
5116 reset_per_request_attributes(conn);
5118 &conn->data_len);
5120
5126 &conn->request_info) <= 0) {
5128 } else {
5129 // Request is valid. Set content_len attribute by parsing Content-Length
5130 // If Content-Length is absent, set content_len to 0 if request is GET,
5131 // and set it to INT64_MAX otherwise. Setting to INT64_MAX instructs
5132 // mg_read() to read from the socket until socket is closed.
5133 // The reason for treating GET and POST/PUT differently is that libraries
5134 // like jquery do not set Content-Length in GET requests, and we don't
5135 // want mg_read() to hang waiting until socket is timed out.
5136 // See https://github.com/cesanta/mongoose/pull/121 for more.
5139 conn->content_len = 0;
5140 }
5143 }
5145 }
5147}
5148
5153
5155 keep_alive = 0;
5156
5157 // Important: on new connection, reset the receiving buffer. Credit goes
5158 // to crule42.
5159 conn->data_len = 0;
5160 do {
5163 conn->must_close = 1;
5171 }
5172
5174 handle_request(conn);
5176 log_access(conn);
5177 }
5180 // Important! When having connections with and without auth
5181 // would cause double free and then crash
5183 }
5184
5185 // NOTE(lsm): order is important here. should_keep_alive() call
5186 // is using parsed request, which will be invalid after memmove's below.
5187 // Therefore, memorize should_keep_alive() result now for later use
5188 // in loop exit condition.
5191
5192 // Discard all buffered data for this request
5196 assert(discard_len >= 0);
5199 assert(conn->data_len >= 0);
5201 } while (keep_alive);
5202}
5203
5204// Worker threads take accepted socket from the queue
5208
5209 // If the queue is empty, wait. We're idle at this point.
5212 }
5213
5214 // If we're stopping, sq_head may be equal to sq_tail.
5216 // Copy socket from the queue and increment tail
5218 ctx->sq_tail++;
5220
5221 // Wrap pointers if needed
5225 }
5226 }
5227
5230
5232}
5233
5237
5241 } else {
5246
5248
5249 // Call consume_socket() even when ctx->stop_flag > 0, to let it signal
5250 // sq_empty condvar to wake up the master waiting in produce_socket()
5253
5254 // Fill in IP, port info early so even if SSL setup below fails,
5255 // error handler would have the corresponding info.
5256 // Thanks to Johannes Winkelmann for the patch.
5257 // TODO(lsm): Fix IPv6 case
5263
5267#endif
5268 ) {
5269 process_new_connection(conn);
5270 }
5271
5272 close_connection(conn);
5273 }
5275 free(conn);
5276 }
5277
5278 // Signal master that we're done with connection and exiting
5284
5287}
5288
5289// Master thread adds accepted socket to a queue
5292
5293 // If the queue is full, wait
5297 }
5298
5300 // Copy socket to the queue and increment head
5304 }
5305
5308}
5309
5311#ifdef _WIN32
5313#else
5315 t.tv_sec = milliseconds / 1000;
5316 t.tv_usec = (milliseconds * 1000) % 1000000;
5317#endif
5320}
5321
5329
5331 } else if ((!check_acl(ctx, ntohl(* (uint32_t *) &so.rsa.sin.sin_addr))) || (!check_midas_acl(&so.rsa.sa, len))) {
5335 } else {
5336 // Put so socket structure into the queue
5342 // Set TCP keep-alive. This is needed because if HTTP-level keep-alive
5343 // is enabled, and client resets the connection, server won't get
5344 // TCP FIN or RST and will keep the connection open forever. With TCP
5345 // keep-alive, next keep-alive handshake will figure out that the client
5346 // is down and will close the server end.
5347 // Thanks to Igor Klopov who suggested the patch.
5351 }
5352}
5353
5358
5359 // Increase priority of the master thread
5360#if defined(_WIN32)
5362#endif
5363
5364#if defined(ISSUE_317)
5368#endif
5369
5371
5377 }
5378
5381 // NOTE(lsm): on QNX, poll() returns POLLRDNORM after the
5382 // successfull poll, and POLLIN is defined as (POLLRDNORM | POLLRDBAND)
5383 // Therefore, we're checking pfd[i].revents & POLLIN, not
5384 // pfd[i].revents == POLLIN.
5387 }
5388 }
5389 }
5390 }
5391 free(pfd);
5393
5394 // Stop signal received: somebody called mg_stop. Quit.
5395 close_all_listening_sockets(ctx);
5396
5397 // Wakeup workers that are waiting for connections to handle.
5399
5400 // Wait until all threads finish
5404 }
5406
5407 // All threads exited, no sync is needed. Destroy mutex and condvars
5412
5413#if !defined(NO_SSL)
5414 uninitialize_ssl(ctx);
5415#endif
5417
5419
5420 // Signal mg_stop() that we're done.
5421 // WARNING: This must be the very last thing this
5422 // thread does, as ctx becomes invalid after this line.
5423 ctx->stop_flag = 2;
5425}
5426
5429
5430 // Deallocate config parameters
5434 }
5435
5436#ifndef NO_SSL
5437 // Deallocate SSL context
5440 }
5442 free(ssl_mutexes);
5444 }
5445#endif // !NO_SSL
5446
5447 // Deallocate context itself
5448 free(ctx);
5449}
5450
5452 ctx->stop_flag = 1;
5453
5454 // Wait until mg_fini() stops
5457 }
5458 free_context(ctx);
5459
5460#if defined(_WIN32) && !defined(__SYMBIAN32__)
5462#endif // _WIN32
5463}
5464
5466 mg_event_handler_t func,
5471
5472#if defined(_WIN32) && !defined(__SYMBIAN32__)
5475#endif // _WIN32
5476
5477 // Allocate context and initialize reasonable general case defaults.
5478 // TODO(lsm): do proper error handling here.
5481 }
5482 ctx->event_handler = func;
5484
5488 free_context(ctx);
5492 free_context(ctx);
5494 }
5498 }
5501 }
5502
5503 // Set default value if needed
5508 }
5509 }
5510
5511 // NOTE(lsm): order is important here. SSL certificates must
5512 // be initialized before listening ports. UID must be set last.
5515 !set_ssl_option(ctx) ||
5516#endif
5517 !set_ports_option(ctx) ||
5519 !set_uid_option(ctx) ||
5520#endif
5521 !set_acl_option(ctx)) {
5522 free_context(ctx);
5524 }
5525
5526#if !defined(_WIN32) && !defined(__SYMBIAN32__)
5527 // Ignore SIGPIPE signal, so if browser cancels the request, it
5528 // won't kill the whole process.
5530#endif // !_WIN32
5531
5536
5537 // Start master (listening) thread
5539
5540 // Start worker threads
5544 } else {
5545 ctx->num_threads++;
5546 }
5547 }
5548
5549 return ctx;
5550}
5551
5552#ifdef USE_LUA
5553#ifdef _WIN32
5560 return p;
5561}
5562#define munmap(x, y) UnmapViewOfFile(x)
5563#define MAP_FAILED NULL
5564#define MAP_PRIVATE 0
5565#define PROT_READ 0
5566#else
5567#include <sys/mman.h>
5568#endif
5569
5571
5572// Forward declarations
5575
5580}
5581
5586}
5587
5594}
5595
5600 } else {
5602 }
5603 return 1;
5604}
5605
5607 char buf[2000];
5609
5615 } else {
5617 }
5618 } else {
5620 }
5621 return 1;
5622}
5623
5625 const char *buf;
5626 size_t len, sent = 0;
5628
5633 while (sent < len) {
5635 break;
5636 }
5637 sent += n;
5638 }
5640 } else {
5642 }
5643 return 1;
5644}
5645
5651};
5652
5655 SOCKET sock;
5656
5662 } else {
5668 }
5669 } else {
5671 }
5672 return 1;
5673}
5674
5680 return 0;
5681}
5682
5683// Silently stop processing chunks.
5692}
5693
5698
5706
5711 // Syntax error or OOM. Error message is pushed on stack.
5713 } else {
5714 // Success loading chunk. Call it.
5716 }
5717
5718 pos = j + 2;
5719 i = pos - 1;
5720 break;
5721 }
5722 }
5725 lualines = 0;
5726 }
5727 }
5728 }
5729
5732 }
5733
5734 return 0;
5735}
5736
5740 size_t size;
5742
5748 }
5749 }
5750
5751 return 0;
5752}
5753
5758
5759 if (len <= 0) return 0;
5761
5762 return 1;
5763}
5764
5765// mg.include: Include another .lp file
5770 // handle_lsp_request returned an error code, meaning an error occured in
5771 // the included page and mg.onerror returned non-zero. Stop processing.
5773 }
5774 return 0;
5775}
5776
5777// mg.cry: Log an error. Default value for mg.onerror.
5781 return 0;
5782}
5783
5784// mg.redirect: Redirect the request (internally).
5788 handle_request(conn);
5790 return 0;
5791}
5792
5797
5799#ifdef USE_LUA_SQLITE3
5801#endif
5802
5809
5811
5812 // Register mg module
5814
5821
5822 // Export request_info
5836 }
5839
5841
5842 // Register default mg.onerror function
5844 "debug.traceback(e, 1)) end");
5845}
5846
5849
5857 } else {
5860 }
5861 // TODO(lsm): leave the stack balanced
5862
5863 return 0;
5864}
5865
5870
5874
5881 }
5882 }
5883
5886 }
5889 }
5890}
5891
5893 const char *fmt, ...) {
5896
5897 va_start(ap, fmt);
5899 va_end(ap);
5900
5903 } else {
5906 }
5907}
5908
5914 int error = 1;
5915
5916 // We need both mg_stat to get file size, and mg_fopen to get fd
5925 } else {
5926 // We're not sending HTTP headers here, Lua page must do it.
5929 }
5931 }
5932
5936
5937 return error;
5938}
5939#endif // USE_LUA
int mg_modify_passwords_file(const char *fname, const char *domain, const char *user, const char *pass)
Definition mongoose4.cxx:1314
int mg_websocket_read(struct mg_connection *, int *bits, char **data)
void mg_close_connection(struct mg_connection *conn)
Definition mongoose4.cxx:5097
int mg_websocket_write(struct mg_connection *conn, int opcode, const char *data, size_t data_len)
const char * mg_get_header(const struct mg_connection *conn, const char *name)
Definition mongoose4.cxx:693
int mg_get_var(const char *data, size_t data_len, const char *name, char *dst, size_t dst_len)
Definition mongoose4.cxx:2631
struct mg_context * mg_start(const char **options, mg_event_handler_t func, void *user_data)
Definition mongoose4.cxx:5466
int mg_url_decode(const char *src, int src_len, char *dst, int dst_len, int is_form_url_encoded)
Definition mongoose4.cxx:2606
int mg_write(struct mg_connection *conn, const void *buf, int len)
Definition mongoose4.cxx:2568
const char * mg_get_builtin_mime_type(const char *path)
Definition mongoose4.cxx:2895
FILE * mg_upload(struct mg_connection *conn, const char *destination_dir, char *path, int path_len)
Definition mongoose4.cxx:4543
void mg_send_file(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:3332
int mg_get_cookie(const char *cookie_header, const char *var_name, char *dst, size_t dst_size)
Definition mongoose4.cxx:2678
void mg_websocket_handshake(struct mg_connection *)
int mg_vprintf(struct mg_connection *conn, const char *fmt, va_list ap)
Definition mongoose4.cxx:1908
int mg_printf(struct mg_connection *conn, const char *fmt,...)
Definition mongoose4.cxx:1922
static int is_put_or_delete_request(const struct mg_connection *conn)
Definition mongoose4.cxx:4681
static void process_new_connection(struct mg_connection *conn)
Definition mongoose4.cxx:5150
static int mg_strncasecmp(const char *s1, const char *s2, size_t len)
Definition mongoose4.cxx:544
static int is_authorized_for_put(struct mg_connection *conn)
Definition mongoose4.cxx:1301
static void sockaddr_to_string(char *buf, size_t len, const union usa *usa)
Definition mongoose4.cxx:2342
static int consume_socket(struct mg_context *ctx, struct socket *sp)
Definition mongoose4.cxx:5206
static int check_authorization(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:1261
#define HEXTOI(x)
static int check_acl(struct mg_context *ctx, uint32_t remote_ip)
Definition mongoose4.cxx:4977
static int64_t left_to_read(const struct mg_connection *conn)
Definition mongoose4.cxx:2315
static void ssl_locking_callback(int mode, int mutex_num, const char *file, int line)
Definition mongoose4.cxx:2010
static void put_file(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:3936
static void do_ssi_exec(struct mg_connection *conn, char *tag)
Definition mongoose4.cxx:4017
static void mg_strlcpy(register char *dst, register const char *src, size_t n)
Definition mongoose4.cxx:533
void mg_url_encode(const char *src, char *dst, size_t dst_len)
Definition mongoose4.cxx:2938
static int set_sock_timeout(SOCKET sock, int milliseconds)
Definition mongoose4.cxx:5311
static void send_http_error(struct mg_connection *, int, const char *, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(4
static int set_throttle(const char *spec, uint32_t remote_ip, const char *uri)
Definition mongoose4.cxx:4511
static int WINCDECL compare_dir_entries(const void *p1, const void *p2)
Definition mongoose4.cxx:2993
static int should_keep_alive(const struct mg_connection *conn)
Definition mongoose4.cxx:2403
static SOCKET conn2(const char *host, int port, int use_ssl, char *ebuf, size_t ebuf_len)
Definition mongoose4.cxx:2218
static void handle_file_request(struct mg_connection *conn, const char *path, struct file *filep)
Definition mongoose4.cxx:3250
static int must_hide_file(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:3019
static int parse_net(const char *spec, uint32_t *net, uint32_t *mask)
Definition mongoose4.cxx:4496
static int substitute_index_file(struct mg_connection *conn, char *path, size_t path_len, struct file *filep)
Definition mongoose4.cxx:3426
static void close_all_listening_sockets(struct mg_context *ctx)
Definition mongoose4.cxx:4821
static void prepare_cgi_environment(struct mg_connection *conn, const char *prog, struct cgi_env_block *blk)
Definition mongoose4.cxx:3592
static int check_password(const char *method, const char *ha1, const char *uri, const char *nonce, const char *nc, const char *cnonce, const char *qop, const char *response)
Definition mongoose4.cxx:1110
static const char * get_header(const struct mg_request_info *ri, const char *name)
Definition mongoose4.cxx:682
static int mg_chunked_printf(struct mg_connection *conn, const char *fmt,...)
Definition mongoose4.cxx:1928
static void print_dav_dir_entry(struct de *de, void *data)
Definition mongoose4.cxx:4148
static void dir_scan_callback(struct de *de, void *data)
Definition mongoose4.cxx:3123
static void remove_double_dots_and_double_slashes(char *s)
Definition mongoose4.cxx:2819
static void reset_per_request_attributes(struct mg_connection *conn)
Definition mongoose4.cxx:5040
static int alloc_vprintf(char **buf, size_t size, const char *fmt, va_list ap)
Definition mongoose4.cxx:1884
static int is_not_modified(const struct mg_connection *conn, const struct file *filep)
Definition mongoose4.cxx:3471
static void print_props(struct mg_connection *conn, const char *uri, struct file *filep)
Definition mongoose4.cxx:4126
static void handle_propfind(struct mg_connection *conn, const char *path, struct file *filep)
Definition mongoose4.cxx:4158
static void accept_new_connection(const struct socket *listener, struct mg_context *ctx)
Definition mongoose4.cxx:5323
struct mg_connection * mg_download(const char *host, int port, int use_ssl, char *ebuf, size_t ebuf_len, const char *fmt,...)
Definition mongoose4.cxx:2292
static void parse_http_headers(char **buf, struct mg_request_info *ri)
Definition mongoose4.cxx:3344
static void get_mime_type(struct mg_context *ctx, const char *path, struct vec *vec)
Definition mongoose4.cxx:2914
static void MD5Transform(uint32_t buf[4], uint32_t const in[16])
Definition mongoose4.cxx:926
static int64_t push(FILE *fp, SOCKET sock, SSL *ssl, const char *buf, int64_t len)
Definition mongoose4.cxx:2451
static char * skip_quoted(char **buf, const char *delimiters, const char *whitespace, char quotechar)
Definition mongoose4.cxx:632
static FILE * open_auth_file(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:1139
static int forward_body_data(struct mg_connection *conn, FILE *fp, SOCKET sock, SSL *ssl)
Definition mongoose4.cxx:3481
static int sslize(struct mg_connection *conn, SSL_CTX *s, int(*func)(SSL *))
Definition mongoose4.cxx:1997
static void MD5Update(MD5_CTX *ctx, unsigned char const *buf, unsigned len)
Definition mongoose4.cxx:1008
static int get_first_ssl_listener_index(const struct mg_context *ctx)
Definition mongoose4.cxx:4688
static void log_header(const struct mg_connection *conn, const char *header, FILE *fp)
Definition mongoose4.cxx:4932
static uint32_t get_remote_ip(const struct mg_connection *conn)
Definition mongoose4.cxx:4539
static void handle_directory_request(struct mg_connection *conn, const char *dir)
Definition mongoose4.cxx:3142
static void gmt_time_string(char *buf, size_t buf_len, time_t *t)
Definition mongoose4.cxx:3232
static const char * mg_strcasestr(const char *big_str, const char *small_str)
Definition mongoose4.cxx:579
static int pull_all(FILE *fp, struct mg_connection *conn, char *buf, int len)
Definition mongoose4.cxx:2510
static void send_file_data(struct mg_connection *conn, FILE *fp, int64_t offset, int64_t len)
Definition mongoose4.cxx:3195
static void bin2str(char *to, const unsigned char *p, size_t len)
Definition mongoose4.cxx:1079
static void handle_options_request(struct mg_connection *conn)
Definition mongoose4.cxx:4116
static const char * next_option(const char *list, struct vec *val, struct vec *eq_val)
Definition mongoose4.cxx:703
static const char * suggest_connection_header(const struct mg_connection *conn)
Definition mongoose4.cxx:2416
static void do_ssi_include(struct mg_connection *conn, const char *ssi, char *tag, int include_level)
Definition mongoose4.cxx:3972
static int read_request(FILE *fp, struct mg_connection *conn, char *buf, int bufsiz, int *nread)
Definition mongoose4.cxx:3406
static void handle_ssi_file_request(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:4095
static int parse_range_header(const char *header, int64_t *a, int64_t *b)
Definition mongoose4.cxx:3228
static pid_t spawn_process(struct mg_connection *conn, const char *prog, char *envblk, char *envp[], int fdin, int fdout, const char *dir)
Definition mongoose4.cxx:1822
static void handle_delete_request(struct mg_connection *conn, const char *path)
Definition mongoose4.cxx:4711
static int parse_auth_header(struct mg_connection *conn, char *buf, size_t buf_size, struct ah *ah)
Definition mongoose4.cxx:1173
struct mg_connection * mg_connect(const char *host, int port, int use_ssl, char *ebuf, size_t ebuf_len)
Definition mongoose4.cxx:2252
static void construct_etag(char *buf, size_t buf_len, const struct file *filep)
Definition mongoose4.cxx:3236
static void send_ssi_file(struct mg_connection *, const char *, FILE *, int)
Definition mongoose4.cxx:4032
static int scan_directory(struct mg_connection *conn, const char *dir, void *data, void(*cb)(struct de *, void *))
Definition mongoose4.cxx:3026
static void produce_socket(struct mg_context *ctx, const struct socket *sp)
Definition mongoose4.cxx:5291
static void send_authorization_request(struct mg_connection *conn)
Definition mongoose4.cxx:1290
static int convert_uri_to_file_name(struct mg_connection *conn, char *buf, size_t buf_len, struct file *filep)
Definition mongoose4.cxx:2718
static int parse_port_string(const struct vec *vec, struct socket *so)
Definition mongoose4.cxx:4836
static char * addenv(struct cgi_env_block *block, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(2
static const struct @22 builtin_mime_types[]
static int match_prefix(const char *pattern, int pattern_len, const char *str)
Definition mongoose4.cxx:737
static int remove_directory(struct mg_connection *conn, const char *dir)
Definition mongoose4.cxx:3064
static int get_request_len(const char *buf, int buf_len)
Definition mongoose4.cxx:2796
static int mg_vsnprintf(char *buf, size_t buflen, const char *fmt, va_list ap)
Definition mongoose4.cxx:595
static void handle_cgi_request(struct mg_connection *conn, const char *prog)
Definition mongoose4.cxx:3714
static void static void static int getreq(struct mg_connection *conn, char *ebuf, size_t ebuf_len)
Definition mongoose4.cxx:5113
static int mg_snprintf(char *buf, size_t buflen, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(3
static void static void cry(struct mg_connection *conn, PRINTF_FORMAT_STRING(const char *fmt),...) PRINTF_ARGS(2
static void close_socket_gracefully(struct mg_connection *conn)
Definition mongoose4.cxx:5047
static int call_user(int type, struct mg_connection *conn, void *p)
Definition mongoose4.cxx:2319
static int parse_http_message(char *buf, int len, struct mg_request_info *ri)
Definition mongoose4.cxx:3368
static void close_connection(struct mg_connection *conn)
Definition mongoose4.cxx:5080
static int pull(FILE *fp, struct mg_connection *conn, char *buf, int len)
Definition mongoose4.cxx:2487
static void redirect_to_https_port(struct mg_connection *conn, int ssl_index)
Definition mongoose4.cxx:4696
static int is_valid_http_method(const char *method)
Definition mongoose4.cxx:3356
const char * inet_ntop(int af, const void *src, char *dst, socklen_t size)
Definition mongoose614.cxx:14300
static int expect(struct frozen *f, const char *s, int len, enum json_type t)
Definition mongoose6.cxx:807
TH1X EXPRT * h1_book(const char *name, const char *title, int bins, double min, double max)
Definition rmidas.h:24
Definition mongoose6.h:930
Definition mongoose4.cxx:1168
Definition mongoose4.cxx:3547
Definition mongoose4.cxx:502
Definition mongoose4.cxx:3108
Definition mongoose4.cxx:426
Definition mongoose6.h:1246
Definition mongoose4.cxx:457
Definition mongoose4.h:36
Definition mongoose4.cxx:438
Definition tinyexpr.c:70
Definition mongoose4.cxx:421
Definition mongoose6.cxx:1511
Definition mongoose4.cxx:412
◆ MG_BUF_LEN
| #define MG_BUF_LEN 8192 |
Definition at line 265 of file mongoose4.cxx.
◆ mg_mkdir
Definition at line 248 of file mongoose4.cxx.
◆ mg_remove
Definition at line 249 of file mongoose4.cxx.
◆ mg_sleep
Definition at line 250 of file mongoose4.cxx.
◆ MGSQLEN
| #define MGSQLEN 20 |
Definition at line 311 of file mongoose4.cxx.
◆ MONGOOSE_VERSION
| #define MONGOOSE_VERSION "4.2" |
Definition at line 261 of file mongoose4.cxx.
◆ MSG_NOSIGNAL
| #define MSG_NOSIGNAL 0 |
Definition at line 298 of file mongoose4.cxx.
◆ NO_SSL_DL
| #define NO_SSL_DL 1 |
Definition at line 19 of file mongoose4.cxx.
◆ O_BINARY
| #define O_BINARY 0 |
Definition at line 245 of file mongoose4.cxx.
◆ PASSWORDS_FILE_NAME
| #define PASSWORDS_FILE_NAME ".htpasswd" |
Definition at line 262 of file mongoose4.cxx.
◆ PATH_MAX
| #define PATH_MAX 4096 |
Definition at line 306 of file mongoose4.cxx.
◆ SOMAXCONN
| #define SOMAXCONN 100 |
Definition at line 302 of file mongoose4.cxx.
◆ SSL_LIB
| #define SSL_LIB "libssl.so" |
Definition at line 238 of file mongoose4.cxx.
◆ STRUCT_FILE_INITIALIZER
| #define STRUCT_FILE_INITIALIZER { 0, 0, 0, 0 } |
Definition at line 434 of file mongoose4.cxx.
◆ WINCDECL
| #define WINCDECL |
Definition at line 255 of file mongoose4.cxx.
Typedef Documentation
◆ MD5_CTX
◆ SOCKET
Definition at line 254 of file mongoose4.cxx.
Enumeration Type Documentation
◆ anonymous enum
Definition at line 447 of file mongoose4.cxx.
Function Documentation
◆ accept_new_connection()
|
static |
Definition at line 5323 of file mongoose4.cxx.
5324 {
5330
5332 } else if ((!check_acl(ctx, ntohl(* (uint32_t *) &so.rsa.sin.sin_addr))) || (!check_midas_acl(&so.rsa.sa, len))) {
5336 } else {
5337 // Put so socket structure into the queue
5343 // Set TCP keep-alive. This is needed because if HTTP-level keep-alive
5344 // is enabled, and client resets the connection, server won't get
5345 // TCP FIN or RST and will keep the connection open forever. With TCP
5346 // keep-alive, next keep-alive handshake will figure out that the client
5347 // is down and will close the server end.
5348 // Thanks to Igor Klopov who suggested the patch.
5352 }
5353}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ addenv() [1/2]
Definition at line 3561 of file mongoose4.cxx.
3561 {
3565
3566 // Calculate how much space is left in the buffer
3568 assert(space >= 0);
3569
3570 // Make a pointer to the free space int the buffer
3572
3573 // Copy VARIABLE=VALUE\0 string into the free space
3574 va_start(ap, fmt);
3576 va_end(ap);
3577
3578 // Make sure we do not overflow buffer and the envp array
3581 // Append a pointer to the added string into the envp array
3583 // Bump up used length counter. Include \0 terminator
3585 } else {
3587 }
3588
3590}
Here is the call graph for this function:
◆ addenv() [2/2]
|
static |
Here is the caller graph for this function:
◆ alloc_vprintf()
Definition at line 1884 of file mongoose4.cxx.
1884 {
1886 int len;
1887
1888 // Windows is not standard-compliant, and vsnprintf() returns -1 if
1889 // buffer is too small. Also, older versions of msvcrt.dll do not have
1890 // _vscprintf(). However, if size is 0, vsnprintf() behaves correctly.
1891 // Therefore, we make two passes: on first pass, get required message length.
1892 // On second pass, actually print the message.
1895
1896 if (len > (int) size &&
1897 (size = len + 1) > 0 &&
1899 len = -1; // Allocation failed, mark failure
1900 } else {
1903 }
1904
1905 return len;
1906}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ authorize()
|
static |
Definition at line 1237 of file mongoose4.cxx.
1237 {
1240
1242 return 0;
1243 }
1244
1245 // Loop over passwords file
1248 continue;
1249 }
1250
1255 }
1256
1257 return 0;
1258}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ bin2str()
Definition at line 1079 of file mongoose4.cxx.
1079 {
1081
1082 for (; len--; p++) {
1085 }
1087}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ byteReverse()
Definition at line 892 of file mongoose4.cxx.
892 {
893 uint32_t t;
894
895 // Forrest: MD5 expect LITTLE_ENDIAN, swap if BIG_ENDIAN
897 do {
899 ((unsigned) buf[1] << 8 | buf[0]);
900 * (uint32_t *) buf = t;
901 buf += 4;
903 }
904}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ call_user()
Definition at line 2319 of file mongoose4.cxx.
2319 {
2326 }
2329}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ check_acl()
|
static |
Definition at line 4977 of file mongoose4.cxx.
4977 {
4982
4983 // If any ACL is set, deny by default
4985
4991 return -1;
4992 }
4993
4996 }
4997 }
4998
5000}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ check_authorization()
Definition at line 1261 of file mongoose4.cxx.
1261 {
1267
1274 break;
1275 }
1276 }
1277
1280 }
1281
1285 }
1286
1288}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ check_password()
|
static |
Definition at line 1110 of file mongoose4.cxx.
1112 {
1114
1115 // Some of the parameters may be NULL
1118 return 0;
1119 }
1120
1121 // NOTE(lsm): due to a bug in MSIE, we do not compare the URI
1122 // TODO(lsm): check for authentication timeout
1123 if (// strcmp(dig->uri, c->ouri) != 0 ||
1125 // || now - strtoul(dig->nonce, NULL, 10) > 3600
1126 ) {
1127 return 0;
1128 }
1129
1133
1135}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ close_all_listening_sockets()
|
static |
Definition at line 4821 of file mongoose4.cxx.
Here is the caller graph for this function:
◆ close_connection()
|
static |
Definition at line 5080 of file mongoose4.cxx.
5080 {
5081 conn->must_close = 1;
5082
5083#ifndef NO_SSL
5085 // Run SSL_shutdown twice to ensure completly close SSL connection
5089 }
5090#endif
5092 close_socket_gracefully(conn);
5094 }
5095}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ close_socket_gracefully()
|
static |
Definition at line 5047 of file mongoose4.cxx.
5047 {
5048#if defined(_WIN32)
5051#endif
5053
5054 // Set linger option to avoid socket hanging out after close. This prevent
5055 // ephemeral port exhaust problem under high QPS.
5056 linger.l_onoff = 1;
5057 linger.l_linger = 1;
5060
5061 // Send FIN to the client
5064
5065#if defined(_WIN32)
5066 // Read and discard pending incoming data. If we do not do that and close the
5067 // socket, the data in the send buffer may be discarded. This
5068 // behaviour is seen on Windows, when client keeps sending data
5069 // when server decides to close the connection; then when client
5070 // does recv() it gets no data back.
5071 do {
5074#endif
5075
5076 // Now we know that our FIN is ACK-ed, safe to close
5078}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ compare_dir_entries()
Definition at line 2993 of file mongoose4.cxx.
2993 {
2997
2999 query_string = "na";
3000 }
3001
3003 return -1; // Always put directories on top
3005 return 1; // Always put directories on top
3006 } else if (*query_string == 'n') {
3008 } else if (*query_string == 's') {
3011 } else if (*query_string == 'd') {
3014 }
3015
3017}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ conn2()
|
static |
Definition at line 2218 of file mongoose4.cxx.
2219 {
2223
2225
2228#ifndef NO_SSL
2231 // TODO(lsm): use something threadsafe instead of gethostbyname()
2232#endif
2237 } else {
2238 set_close_on_exec(sock);
2239 sin.sin_family = AF_INET;
2245 closesocket(sock);
2246 sock = INVALID_SOCKET;
2247 }
2248 }
2249 return sock;
2250}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ construct_etag()
◆ consume_socket()
Definition at line 5206 of file mongoose4.cxx.
5206 {
5209
5210 // If the queue is empty, wait. We're idle at this point.
5213 }
5214
5215 // If we're stopping, sq_head may be equal to sq_tail.
5217 // Copy socket from the queue and increment tail
5219 ctx->sq_tail++;
5221
5222 // Wrap pointers if needed
5226 }
5227 }
5228
5231
5233}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ convert_uri_to_file_name()
|
static |
Definition at line 2718 of file mongoose4.cxx.
2719 {
2723 char *p;
2727
2728 // No filesystem access
2730 return 0;
2731 }
2732
2733 // Using buf_len - 1 because memmove() for PATH_INFO may shift part
2734 // of the path one byte on the right.
2735 // If document_root is NULL, leave the file empty.
2737
2742 uri + match_len);
2743 break;
2744 }
2745 }
2746
2748 return 1;
2749 }
2750
2751 // if we can't find the actual file, look for the file
2752 // with the same name but a .gz extension. If we find it,
2753 // use that and set the gzipped flag in the file struct
2754 // to indicate that the response need to have the content-
2755 // encoding: gzip header
2756 // we can only do this if the browser declares support
2761 filep->gzipped = 1;
2762 return 1;
2763 }
2764 }
2765 }
2766
2767 // Support PATH_INFO for CGI scripts.
2769 if (*p == '/') {
2770 *p = '\0';
2774 // Shift PATH_INFO block one character right, e.g.
2775 // "/x.cgi/foo/bar\x00" => "/x.cgi\x00/foo/bar\x00"
2776 // conn->path_info is pointing to the local variable "path" declared
2777 // in handle_request(), so PATH_INFO is not valid after
2778 // handle_request returns.
2779 conn->path_info = p + 1;
2781 p[1] = '/';
2782 return 1;
2783 } else {
2784 *p = '/';
2785 }
2786 }
2787 }
2788
2789 return 0;
2790}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ cry() [1/2]
Definition at line 2358 of file mongoose4.cxx.
2358 {
2362 time_t timestamp;
2363
2364 va_start(ap, fmt);
2366 va_end(ap);
2367
2368 // Do not lock when getting the callback value, here and below.
2369 // I suppose this is fine, since function cannot disappear in the
2370 // same way string option can.
2374
2377 timestamp = time(NULL);
2378
2381 src_addr);
2382
2386 }
2387
2392 }
2393 }
2394}
Here is the call graph for this function:
◆ cry() [2/2]
|
static |
Here is the caller graph for this function:
◆ dir_scan_callback()
Definition at line 3123 of file mongoose4.cxx.
3123 {
3125
3130 }
3132 // TODO(lsm): propagate an error to the caller
3133 dsd->num_entries = 0;
3134 } else {
3138 dsd->num_entries++;
3139 }
3140}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ do_ssi_exec()
|
static |
Definition at line 4017 of file mongoose4.cxx.
4017 {
4020
4025 } else {
4028 }
4029}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ do_ssi_include()
|
static |
Definition at line 3972 of file mongoose4.cxx.
3973 {
3976
3977 // sscanf() is safe here, since send_ssi_file() also uses buffer
3978 // of size MG_BUF_LEN to get the tag. So strlen(tag) is always < MG_BUF_LEN.
3980 // File name is relative to the webserver root
3984 // File name is relative to the webserver working directory
3985 // or it is absolute system path
3989 // File name is relative to the currect document
3992 p[1] = '\0';
3993 }
3996 } else {
3998 return;
3999 }
4000
4004 } else {
4009 } else {
4011 }
4013 }
4014}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ fc()
|
static |
Definition at line 525 of file mongoose4.cxx.
525 {
528 // See https://github.com/cesanta/mongoose/issues/236
531}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ fclose_on_exec()
Definition at line 3242 of file mongoose4.cxx.
3242 {
3244#ifndef _WIN32
3246#endif
3247 }
3248}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ forward_body_data()
|
static |
Definition at line 3481 of file mongoose4.cxx.
3482 {
3487
3490
3495 } else {
3498 }
3499
3502 assert(buffered_len >= 0);
3503
3507 }
3511 }
3512
3513 nread = 0;
3518 }
3521 break;
3522 }
3523 }
3524
3527 }
3528
3529 // Each error code path in this function must send an error
3532 }
3533 }
3534
3536}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ free_context()
|
static |
Definition at line 5428 of file mongoose4.cxx.
5428 {
5430
5431 // Deallocate config parameters
5435 }
5436
5437#ifndef NO_SSL
5438 // Deallocate SSL context
5441 }
5443 free(ssl_mutexes);
5445 }
5446#endif // !NO_SSL
5447
5448 // Deallocate context itself
5449 free(ctx);
5450}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ get_first_ssl_listener_index()
|
static |
Definition at line 4688 of file mongoose4.cxx.
4688 {
4692 }
4694}
Here is the caller graph for this function:
◆ get_header()
Definition at line 682 of file mongoose4.cxx.
683 {
685
689
691}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ get_mime_type()
Definition at line 2914 of file mongoose4.cxx.
2915 {
2919
2921
2922 // Scan user-defined mime types first, in case user wants to
2923 // override default mime types.
2926 // ext now points to the path suffix
2930 return;
2931 }
2932 }
2933
2936}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ get_month_index()
Definition at line 783 of file mongoose4.cxx.
783 {
785
789
790 return -1;
791}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ get_option_index()
Definition at line 859 of file mongoose4.cxx.
859 {
861
865 }
866 }
867 return -1;
868}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ get_remote_ip()
|
static |
◆ get_request_len()
Definition at line 2796 of file mongoose4.cxx.
2796 {
2798
2800 // Control characters are not allowed but >=128 is.
2801 // Abort scan as soon as one malformed character is found;
2802 // don't let subsequent \r\n\r\n win us over anyhow
2805 return -1;
2811 }
2812 }
2813
2814 return 0;
2815}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ getreq()
Definition at line 5113 of file mongoose4.cxx.
5113 {
5114 const char *cl;
5115
5117 reset_per_request_attributes(conn);
5119 &conn->data_len);
5121
5127 &conn->request_info) <= 0) {
5129 } else {
5130 // Request is valid. Set content_len attribute by parsing Content-Length
5131 // If Content-Length is absent, set content_len to 0 if request is GET,
5132 // and set it to INT64_MAX otherwise. Setting to INT64_MAX instructs
5133 // mg_read() to read from the socket until socket is closed.
5134 // The reason for treating GET and POST/PUT differently is that libraries
5135 // like jquery do not set Content-Length in GET requests, and we don't
5136 // want mg_read() to hang waiting until socket is timed out.
5137 // See https://github.com/cesanta/mongoose/pull/121 for more.
5140 conn->content_len = 0;
5141 }
5144 }
5146 }
5148}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ gmt_time_string()
Definition at line 3232 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_cgi_request()
Definition at line 3714 of file mongoose4.cxx.
3714 {
3722
3724
3725 // CGI must be executed in its own directory. 'dir' must point to the
3726 // directory containing executable program, 'p' must point to the
3727 // executable program name relative to 'dir'.
3730 *p++ = '\0';
3731 } else {
3732 dir[0] = '.', dir[1] = '\0';
3734 }
3735
3740 }
3741
3747 }
3748
3749 // Make sure child closes all pipe descriptors. It must dup them to 0,1
3754
3755 // Parent closes only one side of the pipes.
3756 // If we don't mark them as closed, close() attempt before
3757 // return from this function throws an exception on Windows.
3758 // Windows does not like when closed descriptor is closed again.
3762
3763
3769 }
3770
3773
3774 // Send POST data to the CGI process if needed
3778 }
3779
3780 // Close so child gets an EOF.
3781 fclose(in);
3782 in = NULL;
3783 fdin[1] = -1;
3784
3785 // Now read CGI reply into a buffer. We need to set correct
3786 // status code, thus we need to see all HTTP headers first.
3787 // Do not send anything back to client, until we buffer in all
3788 // HTTP headers.
3789 data_len = 0;
3793 "CGI program sent malformed or too big (>%u bytes) "
3794 "HTTP headers: [%.*s]",
3797 }
3801
3802 // Make up and send the status line
3808 status_text++;
3809 }
3812 } else {
3814 }
3818 }
3820 status_text);
3821
3822 // Send headers
3826 }
3828
3829 // Send chunk of data that may have been read after the headers
3832
3833 // Read the rest of CGI output and send to the client
3835
3836done:
3839 }
3841 close(fdin[0]);
3842 }
3844 close(fdout[1]);
3845 }
3846
3848 fclose(in);
3850 close(fdin[1]);
3851 }
3852
3856 close(fdout[0]);
3857 }
3858}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_delete_request()
Definition at line 4711 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_directory_request()
Definition at line 3142 of file mongoose4.cxx.
3143 {
3146
3150 return;
3151 }
3152
3155
3156 conn->must_close = 1;
3158 "HTTP/1.1 200 OK\r\n"
3159 "Transfer-Encoding: Chunked\r\n"
3160 "Content-Type: text/html; charset=utf-8\r\n\r\n");
3161
3163 "<html><head><title>Index of %s</title>"
3164 "<style>th {text-align: left;}</style></head>"
3165 "<body><h1>Index of %s</h1><pre><table cellpadding=\"0\">"
3166 "<tr><th><a href=\"?n%c\">Name</a></th>"
3167 "<th><a href=\"?d%c\">Modified</a></th>"
3168 "<th><a href=\"?s%c\">Size</a></th></tr>"
3169 "<tr><td colspan=\"3\"><hr></td></tr>",
3172
3173 // Print first entry - link to a parent directory
3175 "<tr><td><a href=\"%s%s\">%s</a></td>"
3176 "<td> %s</td><td> %s</td></tr>\n",
3178
3179 // Sort and print directory entries
3181 compare_dir_entries);
3185 }
3186 free(data.entries);
3187
3189 "</table></body></html>");
3191 conn->status_code = 200;
3192}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_file_request()
|
static |
Definition at line 3250 of file mongoose4.cxx.
3251 {
3261
3263 cl = filep->size;
3264 conn->status_code = 200;
3265 range[0] = '\0';
3266
3267 // if this file is in fact a pre-gzipped file, rewrite its filename
3268 // it's important to rewrite the filename after resolving
3269 // the mime type from it, to preserve the actual file's type
3272 path = gz_path;
3274 }
3275
3279 return;
3280 }
3281
3283
3284 // If Range: header specified, act accordingly
3289 // actually, range requests don't play well with a pre-gzipped
3290 // file (since the range is specified in the uncmpressed space)
3293 "range requests in gzipped files are not supported");
3294 return;
3295 }
3296 conn->status_code = 206;
3299 "Content-Range: bytes "
3303 msg = "Partial Content";
3304 }
3305
3306 // Prepare Etag, Date, Last-Modified headers. Must be in UTC, according to
3307 // http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3
3311
3313 "HTTP/1.1 %d %s\r\n"
3314 "Date: %s\r\n"
3315 "Last-Modified: %s\r\n"
3316 "Etag: %s\r\n"
3317 "Content-Type: %.*s\r\n"
3319 "Connection: %s\r\n"
3320 "Accept-Ranges: bytes\r\n"
3321 "%s%s%s\r\n",
3324 EXTRA_HTTP_HEADERS);
3325
3328 }
3330}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_options_request()
|
static |
Definition at line 4116 of file mongoose4.cxx.
4116 {
4118 "Allow: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS, PROPFIND, MKCOL\r\n"
4119 "DAV: 1\r\n\r\n";
4120
4121 conn->status_code = 200;
4123}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_propfind()
|
static |
Definition at line 4158 of file mongoose4.cxx.
4159 {
4161
4162 conn->must_close = 1;
4163 conn->status_code = 207;
4165 "Connection: close\r\n"
4166 "Content-Type: text/xml; charset=utf-8\r\n\r\n");
4167
4169 "<?xml version=\"1.0\" encoding=\"utf-8\"?>"
4170 "<d:multistatus xmlns:d='DAV:'>\n");
4171
4172 // Print properties for the requested resource itself
4174
4175 // If it is a directory, print directory entries too if Depth is not 0
4180 }
4181
4183}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_request()
|
static |
Definition at line 4735 of file mongoose4.cxx.
4735 {
4740
4743 }
4749 path[0] = '\0';
4751
4752 // Perform redirect and auth checks before calling begin_request() handler.
4753 // Otherwise, begin_request() would need to perform auth checks and redirects.
4757 } else if (!strcmp(ri->request_method, "OPTIONS") && (call_user(MG_REQUEST_BEGIN, conn, (void *) ri->uri) == 1)) {
4758 // CORS "pre-flight" "OPTIONS" requests are sent without authentication, duh!
4760 !check_authorization(conn, path)) {
4761 send_authorization_request(conn);
4763 // Do nothing, callback has served the request
4765 handle_options_request(conn);
4769 (is_authorized_for_put(conn) != 1)) {
4770 send_authorization_request(conn);
4772 put_file(conn, path);
4774 mkcol(conn, path);
4776 handle_delete_request(conn, path);
4778 must_hide_file(conn, path)) {
4788 handle_directory_request(conn, path);
4789 } else {
4791 "Directory listing denied");
4792 }
4793#ifdef USE_LUA
4796#endif
4797#if !defined(NO_CGI)
4800 path) > 0) {
4806 } else {
4807 handle_cgi_request(conn, path);
4808 }
4809#endif // !NO_CGI
4812 path) > 0) {
4813 handle_ssi_file_request(conn, path);
4816 } else {
4818 }
4819}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ handle_ssi_file_request()
Definition at line 4095 of file mongoose4.cxx.
4096 {
4099
4103 } else {
4104 conn->must_close = 1;
4108 "Content-Type: %.*s\r\n"
4109 "Connection: close\r\n\r\n",
4113 }
4114}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ is_authorized_for_put()
|
static |
Definition at line 1301 of file mongoose4.cxx.
1301 {
1304 int ret = 0;
1305
1309 }
1310
1311 return ret;
1312}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ is_big_endian()
◆ is_not_modified()
Definition at line 3471 of file mongoose4.cxx.
3472 {
3479}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ is_put_or_delete_request()
|
static |
Definition at line 4681 of file mongoose4.cxx.
4681 {
4686}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ is_valid_http_method()
Definition at line 3356 of file mongoose4.cxx.
3356 {
3362 ;
3363}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ is_valid_port()
Definition at line 4829 of file mongoose4.cxx.
4829 {
4830 return port > 0 && port < 0xffff;
4831}
Here is the caller graph for this function:
◆ is_valid_uri()
Definition at line 5107 of file mongoose4.cxx.
5107 {
5108 // Conform to http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
5109 // URI can be an asterisk (*) or should start with slash.
5110 return uri[0] == '/' || (uri[0] == '*' && uri[1] == '\0');
5111}
Here is the caller graph for this function:
◆ isbyte()
◆ left_to_read()
|
static |
◆ log_access()
|
static |
Definition at line 4943 of file mongoose4.cxx.
4943 {
4947
4950
4952 return;
4953
4956
4959
4965 conn->status_code, conn->num_bytes_sent);
4970
4973}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ log_header()
Definition at line 4932 of file mongoose4.cxx.
4933 {
4935
4938 } else {
4940 }
4941}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ lowercase()
Definition at line 540 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ master_thread()
Definition at line 5355 of file mongoose4.cxx.
5355 {
5359
5360 // Increase priority of the master thread
5361#if defined(_WIN32)
5363#endif
5364
5365#if defined(ISSUE_317)
5369#endif
5370
5372
5378 }
5379
5382 // NOTE(lsm): on QNX, poll() returns POLLRDNORM after the
5383 // successfull poll, and POLLIN is defined as (POLLRDNORM | POLLRDBAND)
5384 // Therefore, we're checking pfd[i].revents & POLLIN, not
5385 // pfd[i].revents == POLLIN.
5388 }
5389 }
5390 }
5391 }
5392 free(pfd);
5394
5395 // Stop signal received: somebody called mg_stop. Quit.
5396 close_all_listening_sockets(ctx);
5397
5398 // Wakeup workers that are waiting for connections to handle.
5400
5401 // Wait until all threads finish
5405 }
5407
5408 // All threads exited, no sync is needed. Destroy mutex and condvars
5413
5414#if !defined(NO_SSL)
5415 uninitialize_ssl(ctx);
5416#endif
5418
5420
5421 // Signal mg_stop() that we're done.
5422 // WARNING: This must be the very last thing this
5423 // thread does, as ctx becomes invalid after this line.
5424 ctx->stop_flag = 2;
5426}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ match_prefix()
Definition at line 737 of file mongoose4.cxx.
737 {
740
745 }
746
748 res = -1;
751 continue;
755 i++;
757 i++;
759 } else {
761 }
764 }
765 do {
770 return -1;
771 }
772 }
774}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ MD5Final()
Definition at line 1044 of file mongoose4.cxx.
1044 {
1046 unsigned char *p;
1047 uint32_t *a;
1048
1050
1052 *p++ = 0x80;
1059 } else {
1061 }
1063
1065 a[14] = ctx->bits[0];
1066 a[15] = ctx->bits[1];
1067
1072}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ MD5Init()
◆ MD5Transform()
Definition at line 926 of file mongoose4.cxx.
926 {
928
929 a = buf[0];
930 b = buf[1];
931 c = buf[2];
932 d = buf[3];
933
950
967
984
1001
1002 buf[0] += a;
1003 buf[1] += b;
1004 buf[2] += c;
1005 buf[3] += d;
1006}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ MD5Update()
Definition at line 1008 of file mongoose4.cxx.
1008 {
1009 uint32_t t;
1010
1011 t = ctx->bits[0];
1013 ctx->bits[1]++;
1014 ctx->bits[1] += len >> 29;
1015
1016 t = (t >> 3) & 0x3f;
1017
1018 if (t) {
1020
1021 t = 64 - t;
1022 if (len < t) {
1023 memcpy(p, buf, len);
1024 return;
1025 }
1026 memcpy(p, buf, t);
1029 buf += t;
1030 len -= t;
1031 }
1032
1033 while (len >= 64) {
1037 buf += 64;
1038 len -= 64;
1039 }
1040
1042}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_chunked_printf()
Definition at line 1928 of file mongoose4.cxx.
1928 {
1930 int len;
1931
1933 va_start(ap, fmt);
1936 }
1937
1939 free(buf);
1940 }
1941
1942 return len;
1943}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_connect()
| struct mg_connection * mg_connect | ( | const char * | host, |
| int | port, | ||
| int | use_ssl, | ||
| char * | ebuf, | ||
| size_t | ebuf_len | ||
| ) |
Definition at line 2252 of file mongoose4.cxx.
2253 {
2257
2263#ifndef NO_SSL
2268 free(conn);
2269 conn = NULL;
2270#endif // NO_SSL
2271 } else {
2279#ifndef NO_SSL
2281 // SSL_CTX_set_verify call is needed to switch off server certificate
2282 // checking, which is off by default in OpenSSL and on in yaSSL.
2285 }
2286#endif
2287 }
2288
2289 return conn;
2290}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_download()
| struct mg_connection * mg_download | ( | const char * | host, |
| int | port, | ||
| int | use_ssl, | ||
| char * | ebuf, | ||
| size_t | ebuf_len, | ||
| const char * | fmt, | ||
| ... | |||
| ) |
Definition at line 2292 of file mongoose4.cxx.
2294 {
2297
2298 va_start(ap, fmt);
2303 } else {
2305 }
2307 mg_close_connection(conn);
2308 conn = NULL;
2309 }
2310
2311 return conn;
2312}
Here is the call graph for this function:
◆ mg_fopen()
Definition at line 2331 of file mongoose4.cxx.
2331 {
2332#ifdef _WIN32
2337#else
2339#endif
2340}
Here is the caller graph for this function:
◆ mg_snprintf() [1/2]
◆ mg_snprintf() [2/2]
|
static |
Here is the caller graph for this function:
◆ mg_stat()
Definition at line 1778 of file mongoose4.cxx.
1778 {
1780
1786
1787 // See https://github.com/cesanta/mongoose/issues/109
1788 // Some filesystems report modification time as 0. Artificially
1789 // bump it up to mark mg_stat() success.
1792 }
1793 }
1794
1796}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_strcasecmp()
◆ mg_strcasestr()
Definition at line 579 of file mongoose4.cxx.
579 {
581
585 }
586 }
587
589}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_strdup()
Definition at line 575 of file mongoose4.cxx.
575 {
577}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_strlcpy()
◆ mg_strncasecmp()
Definition at line 544 of file mongoose4.cxx.
544 {
546
547 if (len > 0)
548 do {
551
553}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_strndup()
Definition at line 565 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_url_encode()
Definition at line 2938 of file mongoose4.cxx.
2938 {
2942
2946 *dst = *src;
2948 dst[0] = '%';
2951 dst += 2;
2952 }
2953 }
2954
2955 *dst = '\0';
2956}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mg_vsnprintf()
Definition at line 595 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ mkcol()
Definition at line 3895 of file mongoose4.cxx.
3895 {
3898
3901
3905 return;
3906 }
3907
3909 if(body_len > 0) {
3912 return;
3913 }
3914
3916
3930 else
3933 }
3934}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ must_hide_file()
Definition at line 3019 of file mongoose4.cxx.
3019 {
3024}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ next_option()
Definition at line 703 of file mongoose4.cxx.
704 {
706 // End of the list
708 } else {
711 // Comma found. Store length and shift the list ptr
713 list++;
714 } else {
715 // This value is the last one
718 }
719
721 // Value has form "x=y", adjust pointers and lengths
722 // so that val points to "x", and eq_val points to "y".
723 eq_val->len = 0;
729 }
730 }
731 }
732
734}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ num_leap_years()
Definition at line 793 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ open_auth_file()
Definition at line 1139 of file mongoose4.cxx.
1139 {
1144
1146 // Use global passwords file
1148 // Important: using local struct file to test path for is_directory flag.
1149 // If filep is used, mg_stat() makes it appear as if auth file was opened.
1154 } else {
1155 // Try to find .htpasswd in requested directory.
1158 break;
1162 }
1163
1165}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_auth_header()
|
static |
Definition at line 1173 of file mongoose4.cxx.
1174 {
1177
1181 return 0;
1182 }
1183
1184 // Make modifiable copy of the auth header
1186 s = buf;
1187
1188 // Parse authorization header
1189 for (;;) {
1190 // Gobble initial spaces
1192 s++;
1193 }
1195 // Value is either quote-delimited, or ends at first comma or space.
1196 if (s[0] == '\"') {
1197 s++;
1199 if (s[0] == ',') {
1200 s++;
1201 }
1202 } else {
1204 }
1206 break;
1207 }
1208
1223 }
1224 }
1225
1226 // CGI needs it as REMOTE_USER
1229 } else {
1230 return 0;
1231 }
1232
1233 return 1;
1234}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_date_string()
Definition at line 798 of file mongoose4.cxx.
798 {
800 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
801 };
805
814 year > 1970 &&
817 year -= 1970;
820 }
821
822 return result;
823}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_http_headers()
|
static |
Definition at line 3344 of file mongoose4.cxx.
3344 {
3346
3351 break;
3353 }
3354}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_http_message()
Definition at line 3368 of file mongoose4.cxx.
3368 {
3371 // Reset attributes. DO NOT TOUCH is_ssl, remote_ip, remote_port
3373 ri->num_headers = 0;
3374
3376
3377 // RFC says that all initial whitespaces should be ingored
3379 buf++;
3380 }
3384
3385 // HTTP message could be either HTTP request or HTTP response, e.g.
3386 // "GET / HTTP/1.0 ...." or "HTTP/1.0 200 OK ..."
3390 request_length = -1;
3391 } else {
3393 ri->http_version += 5;
3394 }
3396 }
3397 }
3399}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_net()
Definition at line 4496 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_port_string()
Definition at line 4836 of file mongoose4.cxx.
4836 {
4838 int len;
4839#if defined(USE_IPV6)
4840 char buf[100];
4841#endif
4842
4843 // MacOS needs that. If we do not zero it, subsequent bind() will fail.
4844 // Also, all-zeroes in the socket address means binding to all addresses
4845 // for both IPv4 and IPv6 (INADDR_ANY and IN6ADDR_ANY_INIT).
4848
4850 // Bind to a specific IPv4 address, e.g. 192.168.1.5:8080
4853#if defined(USE_IPV6)
4854
4857 // IPv6 address, e.g. [3ffe:2a00:100:7031::1]:8080
4860#endif
4862 // If only port is specified, bind to IPv4, INADDR_ANY
4864 } else {
4865 port = len = 0; // Parsing failure. Make port invalid.
4866 }
4867
4871
4872 // Make sure the port is valid and vector ends with 's', 'r' or ','
4875}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_range_header()
Definition at line 3228 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ prepare_cgi_environment()
|
static |
Definition at line 3592 of file mongoose4.cxx.
3594 {
3600
3602 blk->conn = conn;
3604
3609
3610 // Prepare the environment block
3614
3615 // TODO(lsm): fix this for IPv6 case
3617
3624
3625 // SCRIPT_NAME
3630 } else {
3636 }
3637
3641
3644
3647 }
3648
3651
3654
3655#if defined(_WIN32)
3658 }
3661 }
3664 }
3667 }
3670 }
3673 }
3674#else
3677#endif // _WIN32
3678
3681
3685 }
3686
3687 // Add all headers as HTTP_* variables
3691
3692 // Convert variable name into uppercase, and change - to _
3693 for (; *p != '=' && *p != '\0'; p++) {
3694 if (*p == '-')
3695 *p = '_';
3697 }
3698 }
3699
3700 // Add user-specified variables
3704 }
3705
3708
3710 assert(blk->len > 0);
3712}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ print_dav_dir_entry()
Definition at line 4148 of file mongoose4.cxx.
4148 {
4156}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ print_dir_entry()
Definition at line 2958 of file mongoose4.cxx.
2958 {
2961
2964 } else {
2965 // We use (signed) cast below because MSVC 6 compiler cannot
2966 // convert unsigned __int64 to double. Sigh.
2975 } else {
2978 }
2979 }
2984 "<tr><td><a href=\"%s%s%s\">%s%s</a></td>"
2985 "<td> %s</td><td> %s</td></tr>\n",
2987}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ print_props()
|
static |
Definition at line 4126 of file mongoose4.cxx.
4127 {
4131 "<d:response>"
4132 "<d:href>%s</d:href>"
4133 "<d:propstat>"
4134 "<d:prop>"
4135 "<d:resourcetype>%s</d:resourcetype>"
4137 "<d:getlastmodified>%s</d:getlastmodified>"
4138 "</d:prop>"
4139 "<d:status>HTTP/1.1 200 OK</d:status>"
4140 "</d:propstat>"
4141 "</d:response>\n",
4142 uri,
4144 filep->size,
4145 mtime);
4146}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ process_new_connection()
|
static |
Definition at line 5150 of file mongoose4.cxx.
5150 {
5154
5156 keep_alive = 0;
5157
5158 // Important: on new connection, reset the receiving buffer. Credit goes
5159 // to crule42.
5160 conn->data_len = 0;
5161 do {
5164 conn->must_close = 1;
5172 }
5173
5175 handle_request(conn);
5177 log_access(conn);
5178 }
5181 // Important! When having connections with and without auth
5182 // would cause double free and then crash
5184 }
5185
5186 // NOTE(lsm): order is important here. should_keep_alive() call
5187 // is using parsed request, which will be invalid after memmove's below.
5188 // Therefore, memorize should_keep_alive() result now for later use
5189 // in loop exit condition.
5192
5193 // Discard all buffered data for this request
5197 assert(discard_len >= 0);
5200 assert(conn->data_len >= 0);
5202 } while (keep_alive);
5203}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ produce_socket()
Definition at line 5291 of file mongoose4.cxx.
5291 {
5293
5294 // If the queue is full, wait
5298 }
5299
5301 // Copy socket to the queue and increment head
5303 ctx->sq_head++;
5305 }
5306
5309}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ pull()
Definition at line 2487 of file mongoose4.cxx.
2487 {
2489
2490 if (len <= 0) return 0;
2492 // Use read() instead of fread(), because if we're reading from the CGI
2493 // pipe, fread() may block until IO buffer is filled up. We cannot afford
2494 // to block and must pass all read bytes immediately to the client.
2496#ifndef NO_SSL
2499#endif
2500 } else {
2502 }
2505 }
2506
2508}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ pull_all()
Definition at line 2510 of file mongoose4.cxx.
2510 {
2512
2517 break;
2519 break; // No more data to read
2520 } else {
2522 len -= n;
2523 }
2524 }
2525
2527}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ push()
Definition at line 2451 of file mongoose4.cxx.
2452 {
2453 int64_t sent;
2455
2457 sent = 0;
2458 while (sent < len) {
2459
2460 // How many bytes we send in this iteration
2462
2463#if !defined(NO_SSL)
2466 } else
2467#endif
2471 n = -1;
2472 } else {
2474 }
2475
2477 break;
2478
2479 sent += n;
2480 }
2481
2482 return sent;
2483}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ put_dir()
Definition at line 3864 of file mongoose4.cxx.
3864 {
3866 const char *s, *p;
3869
3871 len = p - path;
3872 if (len >= (int) sizeof(buf)) {
3873 res = -1;
3874 break;
3875 }
3876 memcpy(buf, path, len);
3877 buf[len] = '\0';
3878
3879 // Try to create intermediate directory
3882 res = -1;
3883 break;
3884 }
3885
3886 // Is path itself a directory?
3887 if (p[1] == '\0') {
3888 res = 0;
3889 }
3890 }
3891
3893}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ put_file()
Definition at line 3936 of file mongoose4.cxx.
3936 {
3939 const char *range;
3942
3944
3954 } else {
3959 conn->status_code = 206;
3961 }
3963 conn->status_code = 500;
3964 }
3966 conn->status_code);
3968 }
3969}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ read_request()
|
static |
Definition at line 3406 of file mongoose4.cxx.
3407 {
3409
3413 request_len == 0 &&
3418 }
3419
3421}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ realloc2()
◆ redirect_to_https_port()
|
static |
Definition at line 4696 of file mongoose4.cxx.
4696 {
4697 char host[1025];
4699
4702 // Cannot get host from the Host: header. Fallback to our IP address.
4704 }
4705
4709}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ remove_directory()
Definition at line 3064 of file mongoose4.cxx.
3064 {
3069
3071 return 0;
3072 } else {
3074
3076 // Do not show current dir, but show hidden files
3079 continue;
3080 }
3081
3083
3084 // If we don't memset stat structure to zero, mtime will have
3085 // garbage and strftime() will segfault later on in
3086 // print_dir_entry(). memset is required only if mg_stat()
3087 // fails. For more details, see
3088 // http://code.google.com/p/mongoose/issues/detail?id=79
3094 } else {
3095 mg_remove(path);
3096 }
3097 }
3098
3099 }
3101
3102 rmdir(dir);
3103 }
3104
3105 return 1;
3106}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ remove_double_dots_and_double_slashes()
Definition at line 2819 of file mongoose4.cxx.
2819 {
2820 char *p = s;
2821
2822 while (*s != '\0') {
2823 *p++ = *s++;
2824 if (s[-1] == '/' || s[-1] == '\\') {
2825 // Skip all following slashes, backslashes and double-dots
2826 while (s[0] != '\0') {
2827 if (s[0] == '/' || s[0] == '\\') {
2828 s++;
2829 } else if (s[0] == '.' && s[1] == '.') {
2830 s += 2;
2831 } else {
2832 break;
2833 }
2834 }
2835 }
2836 }
2837 *p = '\0';
2838}
Here is the caller graph for this function:
◆ reset_per_request_attributes()
|
static |
Definition at line 5040 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ scan_directory()
|
static |
Definition at line 3026 of file mongoose4.cxx.
3027 {
3032
3034 return 0;
3035 } else {
3037
3039 // Do not show current dir and hidden files
3043 continue;
3044 }
3045
3047
3048 // If we don't memset stat structure to zero, mtime will have
3049 // garbage and strftime() will segfault later on in
3050 // print_dir_entry(). memset is required only if mg_stat()
3051 // fails. For more details, see
3052 // http://code.google.com/p/mongoose/issues/detail?id=79
3055
3058 }
3060 }
3061 return 1;
3062}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ send_authorization_request()
|
static |
Definition at line 1290 of file mongoose4.cxx.
1290 {
1291 conn->status_code = 401;
1292 mg_printf(conn,
1293 "HTTP/1.1 401 Unauthorized\r\n"
1294 "Content-Length: 0\r\n"
1295 "WWW-Authenticate: Digest qop=\"auth\", "
1296 "realm=\"%s\", nonce=\"%lu\"\r\n\r\n",
1299}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ send_file_data()
|
static |
Definition at line 3195 of file mongoose4.cxx.
3196 {
3199
3200 // If offset is beyond file boundaries, don't send anything
3202 return;
3203 }
3204
3205 while (len > 0) {
3206 // Calculate how much to read from the file in the buffer
3210 }
3211
3212 // Read from file, exit the loop on error
3214 break;
3215 }
3216
3217 // Send read bytes to the client, exit the loop on error
3219 break;
3220 }
3221
3222 // Both read and were successful, adjust counters
3224 len -= num_written;
3225 }
3226}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ send_http_error() [1/2]
|
static |
Here is the caller graph for this function:
◆ send_http_error() [2/2]
|
static |
Definition at line 2420 of file mongoose4.cxx.
2421 {
2424 int len = 0;
2425
2427 buf[0] = '\0';
2428
2429 // Errors 1xx, 204 and 304 MUST NOT send a body
2432 buf[len++] = '\n';
2433
2434 va_start(ap, fmt);
2436 va_end(ap);
2437 }
2439
2442 "Content-Length: %d\r\n"
2444 suggest_connection_header(conn));
2446 }
2447}
Here is the call graph for this function:
◆ send_ssi_file()
|
static |
Definition at line 4032 of file mongoose4.cxx.
4033 {
4036
4039 return;
4040 }
4041
4045 in_ssi_tag = 0;
4047 buf[len] = '\0';
4048 assert(len <= (int) sizeof(buf));
4050 // Not an SSI tag, pass it
4052 } else {
4055#if !defined(NO_POPEN)
4057 do_ssi_exec(conn, buf + 9);
4058#endif // !NO_POPEN
4059 } else {
4061 }
4062 }
4063 len = 0;
4066 // Not an SSI tag
4067 in_ssi_tag = 0;
4068 } else if (len == (int) sizeof(buf) - 2) {
4070 len = 0;
4071 }
4072 buf[len++] = ch & 0xff;
4074 in_ssi_tag = 1;
4075 if (len > 0) {
4077 }
4078 len = 0;
4079 buf[len++] = ch & 0xff;
4080 } else {
4081 buf[len++] = ch & 0xff;
4082 if (len == (int) sizeof(buf)) {
4084 len = 0;
4085 }
4086 }
4087 }
4088
4089 // Send the rest of buffered data
4090 if (len > 0) {
4092 }
4093}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_acl_option()
|
static |
Definition at line 5036 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_close_on_exec()
Definition at line 1798 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_gpass_option()
|
static |
Definition at line 5026 of file mongoose4.cxx.
5026 {
5031 return 0;
5032 }
5033 return 1;
5034}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_non_blocking_mode()
Definition at line 1870 of file mongoose4.cxx.
1870 {
1871 int flags;
1872
1875
1876 return 0;
1877}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_ports_option()
|
static |
Definition at line 4877 of file mongoose4.cxx.
4877 {
4880#if defined(USE_IPV6)
4882#endif
4885
4890 success = 0;
4893 success = 0;
4895 INVALID_SOCKET ||
4896 // On Windows, SO_REUSEADDR is recommended only for
4897 // broadcast UDP sockets
4904#endif
4911 success = 0;
4913 (ctx->num_listening_sockets + 1) *
4916 success = 0;
4917 } else {
4919 ctx->listening_sockets = ptr;
4921 ctx->num_listening_sockets++;
4922 }
4923 }
4924
4926 close_all_listening_sockets(ctx);
4927 }
4928
4930}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_sock_timeout()
Definition at line 5311 of file mongoose4.cxx.
5311 {
5312#ifdef _WIN32
5314#else
5316 t.tv_sec = milliseconds / 1000;
5317 t.tv_usec = (milliseconds * 1000) % 1000000;
5318#endif
5321}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_ssl_option()
|
static |
Definition at line 2060 of file mongoose4.cxx.
2060 {
2065
2066 // If PEM file is not specified and the init_ssl callback
2067 // is not specified, skip SSL initialization.
2069 // MG_INIT_SSL
2070 // ctx->callbacks.init_ssl == NULL) {
2071 return 1;
2072 }
2073
2074#if !defined(NO_SSL_DL)
2077 return 0;
2078 }
2079#endif // NO_SSL_DL
2080
2081 // Initialize SSL library
2082 SSL_library_init();
2083 SSL_load_error_strings();
2084
2087 return 0;
2088 }
2089
2092
2093#if 0
2094 {
2095 //
2096 // enable Diffie-Hellman key exchange - the DHE series of ciphers
2097 //
2098 // this code is from here:
2099 // https://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html
2100 // to generate the pem file: openssl dhparam -out dh_param_2048.pem 2048
2101
2102 /* Set up ephemeral DH parameters. */
2109 } else {
2110 /* Error. */
2111 }
2113 /* Error. */
2114 }
2116 /* Error. */
2117 }
2118 }
2119#endif
2120
2121#ifdef OPENSSL_EC_NAMED_CURVE
2122 {
2123 //
2124 // enable Elliptic Curve Diffie-Hellman key exchange - the ECDHE series of ciphers
2125 //
2126
2129 cry(fc(ctx), "%s: EC_KEY_new_by_curve_name (NID_X9_62_prime256v1) failed: %s", __func__, ssl_error());
2130 } else {
2132 cry(fc(ctx), "%s: SSL_CTX_set_tmp_ecdh (ctx->ssl_ctx, ecdh) failed: %s", __func__, ssl_error());
2133 }
2135 ecdh_enabled = 1;
2136 }
2137 }
2138#else
2139#warning Very old openssl, no EC_KEY, no ECDH for modern criptography!
2140#endif
2141
2144
2145 // get cipher list
2146
2147 {
2153 break;
2154 //printf("priority %d cipher list: %s\n", priority, available_cipher_list);
2156 ecdh_available = 1;
2157 }
2158 SSL_free(ssl);
2159 }
2160
2163 }
2164
2165 // disable weak ciphers
2166 const char* cipher_list = "ALL:!RC4:!DES-CBC-SHA:!DES:!DES-CBC3-SHA:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW";
2167
2168 // enable only "modern cryptography" ciphers if ECDHE ciphers available
2170 cipher_list = "ALL:!AECDH:!RC4:!DES-CBC-SHA:!DES:!AES128-SHA+RSA:!AES256-SHA+RSA:!DES-CBC3-SHA:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW";
2171
2173
2174 // If user callback returned non-NULL, that means that user callback has
2175 // set up certificate itself. In this case, skip sertificate setting.
2176 // MG_INIT_SSL
2180 return 0;
2181 }
2182
2185 }
2186
2187 // Initialize locking callbacks, needed for thread safety.
2188 // http://www.openssl.org/support/faq.html#PROG1
2192 return 0;
2193 }
2194
2197 }
2198
2201
2202 return 1;
2203}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_throttle()
Definition at line 4511 of file mongoose4.cxx.
4511 {
4512 int throttle = 0;
4515 char mult;
4516 double v;
4517
4519 mult = ',';
4522 continue;
4523 }
4526 throttle = (int) v;
4529 throttle = (int) v;
4530 }
4532 throttle = (int) v;
4533 }
4534 }
4535
4536 return throttle;
4537}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ set_uid_option()
|
static |
Definition at line 5003 of file mongoose4.cxx.
5003 {
5007
5009 success = 1;
5010 } else {
5017 } else {
5018 success = 1;
5019 }
5020 }
5021
5023}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ should_keep_alive()
|
static |
Definition at line 2403 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ skip()
Definition at line 676 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ skip_quoted()
|
static |
Definition at line 632 of file mongoose4.cxx.
633 {
635
636 begin_word = *buf;
638
639 // Check for quotechar
641 p = end_word - 1;
643 // If there is anything beyond end_word, copy it
645 *p = '\0';
646 break;
647 } else {
652 }
653 }
655 *p = '\0';
656 }
657 }
658
660 *buf = end_word;
661 } else {
663
665 *p = '\0';
666 }
667
668 *buf = end_whitespace;
669 }
670
672}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ sockaddr_to_string()
Definition at line 2342 of file mongoose4.cxx.
2343 {
2344 buf[0] = '\0';
2345#if defined(USE_IPV6)
2349#elif defined(_WIN32)
2350 // Only Windoze Vista (and newer) have inet_ntop()
2352#else
2354#endif
2355}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ spawn_process()
|
static |
Definition at line 1822 of file mongoose4.cxx.
1824 {
1825 pid_t pid;
1827
1829
1831 // Parent
1833 } else if (pid == 0) {
1834 // Child
1841 } else {
1842 // Not redirecting stderr to stdout, to avoid output being littered
1843 // with the error messages.
1846
1847 // After exec, all signal handlers are restored to their default values,
1848 // with one exception of SIGCHLD. According to POSIX.1-2001 and Linux's
1849 // implementation, SIGCHLD's handler will leave unchanged after exec
1850 // if it was set to be ignored. Restore it to default action.
1852
1857 } else {
1861 }
1862 }
1863 exit(EXIT_FAILURE);
1864 }
1865
1866 return pid;
1867}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ ssl_error()
Definition at line 2004 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ ssl_id_callback()
Definition at line 2022 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ ssl_locking_callback()
Definition at line 2010 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ sslize()
Definition at line 1997 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ substitute_index_file()
|
static |
Definition at line 3426 of file mongoose4.cxx.
3427 {
3433
3434 // The 'path' given to us points to the directory. Remove all trailing
3435 // directory separator characters from the end of the path, and
3436 // then append single directory separator character.
3438 n--;
3439 }
3441
3442 // Traverse index files list. For each entry, append it to the given
3443 // path and see if the file exists. If it exists, break the loop
3445
3446 // Ignore too long entries that may overflow path buffer
3448 continue;
3449
3450 // Prepare full path to the index file
3452
3453 // Does it exist?
3455 // Yes it does, break the loop
3457 found = 1;
3458 break;
3459 }
3460 }
3461
3462 // If no index file exists, restore directory path
3465 }
3466
3468}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ suggest_connection_header()
Definition at line 2416 of file mongoose4.cxx.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ uninitialize_ssl()
|
static |
Definition at line 2205 of file mongoose4.cxx.
2205 {
2211 }
2214 }
2215}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ worker_thread()
Definition at line 5235 of file mongoose4.cxx.
5235 {
5238
5242 } else {
5247
5249
5250 // Call consume_socket() even when ctx->stop_flag > 0, to let it signal
5251 // sq_empty condvar to wake up the master waiting in produce_socket()
5254
5255 // Fill in IP, port info early so even if SSL setup below fails,
5256 // error handler would have the corresponding info.
5257 // Thanks to Johannes Winkelmann for the patch.
5258 // TODO(lsm): Fix IPv6 case
5264
5268#endif
5269 ) {
5270 process_new_connection(conn);
5271 }
5272
5273 close_connection(conn);
5274 }
5276 free(conn);
5277 }
5278
5279 // Signal master that we're done with connection and exiting
5285
5288}
Here is the call graph for this function:
Here is the caller graph for this function:
Variable Documentation
◆ [struct]
| const struct { ... } builtin_mime_types[] |
◆ config_options
Initial value:
= {
"cgi_pattern", "**.cgi$|**.pl$|**.php$",
"cgi_environment", NULL,
"put_delete_auth_file", NULL,
"cgi_interpreter", NULL,
"protect_uri", NULL,
"authentication_domain", "mydomain.com",
"ssi_pattern", "**.shtml$|**.shtm$",
"throttle", NULL,
"access_log_file", NULL,
"enable_directory_listing", "yes",
"error_log_file", NULL,
"global_auth_file", NULL,
"index_files",
"index.html,index.htm,index.cgi,index.shtml,index.php,index.lp",
"enable_keep_alive", "no",
"access_control_list", NULL,
"extra_mime_types", NULL,
"listening_ports", "8080",
"document_root", NULL,
"ssl_certificate", NULL,
"num_threads", "50",
"run_as_user", NULL,
"url_rewrite_patterns", NULL,
"hide_files_patterns", NULL,
"request_timeout_ms", "30000",
}
Definition at line 826 of file mongoose4.cxx.
826 {
827 "cgi_pattern", "**.cgi$|**.pl$|**.php$",
832 "authentication_domain", "mydomain.com",
833 "ssi_pattern", "**.shtml$|**.shtm$",
836 "enable_directory_listing", "yes",
839 "index_files",
840 "index.html,index.htm,index.cgi,index.shtml,index.php,index.lp",
841 "enable_keep_alive", "no",
844 "listening_ports", "8080",
847 "num_threads", "50",
851 "request_timeout_ms", "30000",
852 NULL
853};
◆ ext_len
| size_t ext_len |
Definition at line 2842 of file mongoose4.cxx.
◆ extension
Definition at line 2841 of file mongoose4.cxx.
◆ http_500_error
Definition at line 319 of file mongoose4.cxx.
◆ mime_type
Definition at line 2843 of file mongoose4.cxx.
◆ month_names
Initial value:
= {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
}
Definition at line 777 of file mongoose4.cxx.
777 {
778 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
779 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
780};
◆ ssl_mutexes
|
static |
Definition at line 1995 of file mongoose4.cxx.
