You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1084 lines
40 KiB

  1. #include <config.h>
  2. #include <apt-pkg/cmndline.h>
  3. #include <apt-pkg/configuration.h>
  4. #include <apt-pkg/error.h>
  5. #include <apt-pkg/fileutl.h>
  6. #include <apt-pkg/strutl.h>
  7. #include "teestream.h"
  8. #include <dirent.h>
  9. #include <errno.h>
  10. #include <netinet/in.h>
  11. #include <regex.h>
  12. #include <signal.h>
  13. #include <stddef.h>
  14. #include <stdlib.h>
  15. #include <string.h>
  16. #include <sys/socket.h>
  17. #include <sys/stat.h>
  18. #include <time.h>
  19. #include <unistd.h>
  20. #include <algorithm>
  21. #include <fstream>
  22. #include <iostream>
  23. #include <list>
  24. #include <sstream>
  25. #include <string>
  26. #include <thread>
  27. #include <unordered_map>
  28. #include <vector>
  29. static std::string HTMLEncode(std::string encode) /*{{{*/
  30. {
  31. constexpr std::array<std::array<char const *,2>,6> htmlencode = {{
  32. {{ "&", "&amp;" }},
  33. {{ "<", "&lt;" }},
  34. {{ ">", "&gt;" }},
  35. {{ "\"", "&quot;" }},
  36. {{ "'", "&#x27;" }},
  37. {{ "/", "&#x2F;" }},
  38. }};
  39. for (auto &&h: htmlencode)
  40. encode = SubstVar(encode, h[0], h[1]);
  41. return encode;
  42. }
  43. /*}}}*/
  44. static std::string httpcodeToStr(int const httpcode) /*{{{*/
  45. {
  46. switch (httpcode)
  47. {
  48. // Informational 1xx
  49. case 100: return _config->Find("aptwebserver::httpcode::100", "100 Continue");
  50. case 101: return _config->Find("aptwebserver::httpcode::101", "101 Switching Protocols");
  51. // Successful 2xx
  52. case 200: return _config->Find("aptwebserver::httpcode::200", "200 OK");
  53. case 201: return _config->Find("aptwebserver::httpcode::201", "201 Created");
  54. case 202: return _config->Find("aptwebserver::httpcode::202", "202 Accepted");
  55. case 203: return _config->Find("aptwebserver::httpcode::203", "203 Non-Authoritative Information");
  56. case 204: return _config->Find("aptwebserver::httpcode::204", "204 No Content");
  57. case 205: return _config->Find("aptwebserver::httpcode::205", "205 Reset Content");
  58. case 206: return _config->Find("aptwebserver::httpcode::206", "206 Partial Content");
  59. // Redirections 3xx
  60. case 300: return _config->Find("aptwebserver::httpcode::300", "300 Multiple Choices");
  61. case 301: return _config->Find("aptwebserver::httpcode::301", "301 Moved Permanently");
  62. case 302: return _config->Find("aptwebserver::httpcode::302", "302 Found");
  63. case 303: return _config->Find("aptwebserver::httpcode::303", "303 See Other");
  64. case 304: return _config->Find("aptwebserver::httpcode::304", "304 Not Modified");
  65. case 305: return _config->Find("aptwebserver::httpcode::305", "305 Use Proxy");
  66. case 307: return _config->Find("aptwebserver::httpcode::307", "307 Temporary Redirect");
  67. case 308: return _config->Find("aptwebserver::httpcode::308", "308 Permanent Redirect");
  68. // Client errors 4xx
  69. case 400: return _config->Find("aptwebserver::httpcode::400", "400 Bad Request");
  70. case 401: return _config->Find("aptwebserver::httpcode::401", "401 Unauthorized");
  71. case 402: return _config->Find("aptwebserver::httpcode::402", "402 Payment Required");
  72. case 403: return _config->Find("aptwebserver::httpcode::403", "403 Forbidden");
  73. case 404: return _config->Find("aptwebserver::httpcode::404", "404 Not Found");
  74. case 405: return _config->Find("aptwebserver::httpcode::405", "405 Method Not Allowed");
  75. case 406: return _config->Find("aptwebserver::httpcode::406", "406 Not Acceptable");
  76. case 407: return _config->Find("aptwebserver::httpcode::407", "407 Proxy Authentication Required");
  77. case 408: return _config->Find("aptwebserver::httpcode::408", "408 Request Time-out");
  78. case 409: return _config->Find("aptwebserver::httpcode::409", "409 Conflict");
  79. case 410: return _config->Find("aptwebserver::httpcode::410", "410 Gone");
  80. case 411: return _config->Find("aptwebserver::httpcode::411", "411 Length Required");
  81. case 412: return _config->Find("aptwebserver::httpcode::412", "412 Precondition Failed");
  82. case 413: return _config->Find("aptwebserver::httpcode::413", "413 Request Entity Too Large");
  83. case 414: return _config->Find("aptwebserver::httpcode::414", "414 Request-URI Too Large");
  84. case 415: return _config->Find("aptwebserver::httpcode::415", "415 Unsupported Media Type");
  85. case 416: return _config->Find("aptwebserver::httpcode::416", "416 Requested range not satisfiable");
  86. case 417: return _config->Find("aptwebserver::httpcode::417", "417 Expectation Failed");
  87. case 418: return _config->Find("aptwebserver::httpcode::418", "418 I'm a teapot");
  88. // Server error 5xx
  89. case 500: return _config->Find("aptwebserver::httpcode::500", "500 Internal Server Error");
  90. case 501: return _config->Find("aptwebserver::httpcode::501", "501 Not Implemented");
  91. case 502: return _config->Find("aptwebserver::httpcode::502", "502 Bad Gateway");
  92. case 503: return _config->Find("aptwebserver::httpcode::503", "503 Service Unavailable");
  93. case 504: return _config->Find("aptwebserver::httpcode::504", "504 Gateway Time-out");
  94. case 505: return _config->Find("aptwebserver::httpcode::505", "505 HTTP Version not supported");
  95. }
  96. std::string codeconf, code;
  97. strprintf(codeconf, "aptwebserver::httpcode::%i", httpcode);
  98. strprintf(code, "%i Unknown HTTP code", httpcode);
  99. return _config->Find(codeconf, code);
  100. }
  101. /*}}}*/
  102. static bool chunkedTransferEncoding(std::list<std::string> const &headers)/*{{{*/
  103. {
  104. if (std::find(headers.begin(), headers.end(), "Transfer-Encoding: chunked") != headers.end())
  105. return true;
  106. if (_config->FindB("aptwebserver::chunked-transfer-encoding", false) == true)
  107. return true;
  108. return false;
  109. }
  110. /*}}}*/
  111. static bool contentTypeSet(std::list<std::string> const &headers) /*{{{*/
  112. {
  113. return std::any_of(headers.begin(), headers.end(), [](std::string const &h) { return APT::String::Startswith(h, "Content-Type:"); });
  114. }
  115. /*}}}*/
  116. // contentTypeFromExtension /*{{{*/
  117. static std::string contentTypeFromExtension(std::string const &ext)
  118. {
  119. auto t = _config->Find(std::string("aptwebserver::content-type::by-extension::").append(ext));
  120. if (APT::String::Startswith(t, "text/"))
  121. return t.append("; charset=utf-8");
  122. return t;
  123. }
  124. /*}}}*/
  125. static void addFileHeaders(std::list<std::string> &headers, FileFd &data)/*{{{*/
  126. {
  127. if (chunkedTransferEncoding(headers) == false)
  128. {
  129. std::ostringstream contentlength;
  130. contentlength << "Content-Length: " << data.FileSize();
  131. headers.push_back(contentlength.str());
  132. }
  133. if (_config->FindB("aptwebserver::support::last-modified", true) == true)
  134. {
  135. std::string lastmodified("Last-Modified: ");
  136. lastmodified.append(TimeRFC1123(data.ModificationTime(), false));
  137. headers.push_back(lastmodified);
  138. }
  139. if (_config->FindB("aptwebserver::content-type::guess", true) &&
  140. data.FileSize() != 0 &&
  141. contentTypeSet(headers) == false)
  142. {
  143. std::string const name = data.Name();
  144. std::string ext = flExtension(name);
  145. if (name.empty() == false && ext.empty() == false && name != ext)
  146. {
  147. std::transform(ext.begin(), ext.end(), ext.begin(), ::tolower);
  148. auto const type = contentTypeFromExtension(ext);
  149. if (type.empty() == false)
  150. headers.push_back(std::string("Content-Type: ").append(type));
  151. }
  152. }
  153. }
  154. /*}}}*/
  155. static void addDataHeaders(std::list<std::string> &headers, std::string &data)/*{{{*/
  156. {
  157. if (chunkedTransferEncoding(headers) == false)
  158. {
  159. std::ostringstream contentlength;
  160. contentlength << "Content-Length: " << data.size();
  161. headers.push_back(contentlength.str());
  162. }
  163. }
  164. /*}}}*/
  165. static bool sendHead(std::ostream &log, int const client, int const httpcode, std::list<std::string> &headers)/*{{{*/
  166. {
  167. std::string response("HTTP/1.1 ");
  168. response.append(httpcodeToStr(httpcode));
  169. headers.push_front(response);
  170. _config->Set("APTWebserver::Last-Status-Code", httpcode);
  171. std::stringstream buffer;
  172. auto const empties = _config->FindVector("aptwebserver::empty-response-header");
  173. for (auto const &e: empties)
  174. buffer << e << ":" << std::endl;
  175. _config->Dump(buffer, "aptwebserver::response-header", "%t: %v%n", false);
  176. std::vector<std::string> addheaders = VectorizeString(buffer.str(), '\n');
  177. for (std::vector<std::string>::const_iterator h = addheaders.begin(); h != addheaders.end(); ++h)
  178. headers.push_back(*h);
  179. std::string date("Date: ");
  180. date.append(TimeRFC1123(time(NULL), false));
  181. headers.push_back(date);
  182. if (chunkedTransferEncoding(headers) == true)
  183. headers.push_back("Transfer-Encoding: chunked");
  184. log << ">>> RESPONSE to " << client << " >>>" << std::endl;
  185. bool Success = true;
  186. for (std::list<std::string>::const_iterator h = headers.begin();
  187. Success == true && h != headers.end(); ++h)
  188. {
  189. Success &= FileFd::Write(client, h->c_str(), h->size());
  190. if (Success == true)
  191. Success &= FileFd::Write(client, "\r\n", 2);
  192. log << *h << std::endl;
  193. }
  194. if (Success == true)
  195. Success &= FileFd::Write(client, "\r\n", 2);
  196. log << "<<<<<<<<<<<<<<<<" << std::endl;
  197. return Success;
  198. }
  199. /*}}}*/
  200. static bool sendFile(int const client, std::list<std::string> const &headers, FileFd &data)/*{{{*/
  201. {
  202. bool Success = true;
  203. bool const chunked = chunkedTransferEncoding(headers);
  204. char buffer[500];
  205. unsigned long long actual = 0;
  206. while ((Success &= data.Read(buffer, sizeof(buffer), &actual)) == true)
  207. {
  208. if (actual == 0)
  209. break;
  210. if (chunked == true)
  211. {
  212. std::string size;
  213. strprintf(size, "%llX\r\n", actual);
  214. Success &= FileFd::Write(client, size.c_str(), size.size());
  215. Success &= FileFd::Write(client, buffer, actual);
  216. Success &= FileFd::Write(client, "\r\n", strlen("\r\n"));
  217. }
  218. else
  219. Success &= FileFd::Write(client, buffer, actual);
  220. }
  221. if (chunked == true)
  222. {
  223. char const * const finish = "0\r\n\r\n";
  224. Success &= FileFd::Write(client, finish, strlen(finish));
  225. }
  226. if (Success == false)
  227. std::cerr << "SENDFILE:" << (chunked ? " CHUNKED" : "") << " READ/WRITE ERROR to " << client << std::endl;
  228. return Success;
  229. }
  230. /*}}}*/
  231. static bool sendData(int const client, std::list<std::string> const &headers, std::string const &data)/*{{{*/
  232. {
  233. if (chunkedTransferEncoding(headers) == true)
  234. {
  235. unsigned long long const ullsize = data.length();
  236. std::string size;
  237. strprintf(size, "%llX\r\n", ullsize);
  238. char const * const finish = "\r\n0\r\n\r\n";
  239. if (FileFd::Write(client, size.c_str(), size.length()) == false ||
  240. FileFd::Write(client, data.c_str(), ullsize) == false ||
  241. FileFd::Write(client, finish, strlen(finish)) == false)
  242. {
  243. std::cerr << "SENDDATA: CHUNK WRITE ERROR to " << client << std::endl;
  244. return false;
  245. }
  246. }
  247. else if (FileFd::Write(client, data.c_str(), data.size()) == false)
  248. {
  249. std::cerr << "SENDDATA: WRITE ERROR to " << client << std::endl;
  250. return false;
  251. }
  252. return true;
  253. }
  254. /*}}}*/
  255. static void sendError(std::ostream &log, int const client, int const httpcode, std::string const &request,/*{{{*/
  256. bool const content, std::string const &error, std::list<std::string> &headers)
  257. {
  258. auto const quotedCode = HTMLEncode(httpcodeToStr(httpcode));
  259. std::string response("<!doctype html><html><head><title>");
  260. response.append(quotedCode).append("</title><meta charset=\"utf-8\" /></head>");
  261. response.append("<body><h1>").append(quotedCode).append("</h1>");
  262. if (httpcode != 200)
  263. response.append("<p><em>Error</em>: ");
  264. else
  265. response.append("<p><em>Success</em>: ");
  266. if (error.empty() == false)
  267. response.append(HTMLEncode(error));
  268. else
  269. response.append(quotedCode);
  270. if (httpcode != 200)
  271. response.append("</p>This error is a result of the request: <pre>");
  272. else
  273. response.append("The successfully executed operation was requested by: <pre>");
  274. response.append(HTMLEncode(request)).append("</pre></body></html>");
  275. if (httpcode != 200)
  276. {
  277. if (_config->FindB("aptwebserver::closeOnError", false) == true)
  278. headers.push_back("Connection: close");
  279. }
  280. addDataHeaders(headers, response);
  281. if (contentTypeSet(headers) == false)
  282. headers.push_back("Content-Type: text/html; charset=utf-8");
  283. sendHead(log, client, httpcode, headers);
  284. if (content == true)
  285. sendData(client, headers, response);
  286. }
  287. static void sendSuccess(std::ostream &log, int const client, std::string const &request,
  288. bool const content, std::string const &error, std::list<std::string> &headers)
  289. {
  290. sendError(log, client, 200, request, content, error, headers);
  291. }
  292. /*}}}*/
  293. static void sendRedirect(std::ostream &log, int const client, int const httpcode,/*{{{*/
  294. std::string const &uri, std::string const &request, bool content)
  295. {
  296. std::list<std::string> headers;
  297. auto const quotedCode = HTMLEncode(httpcodeToStr(httpcode));
  298. std::string response("<!doctype html><html><head><title>");
  299. response.append(quotedCode).append("</title><meta charset=\"utf-8\" /></head>");
  300. response.append("<body><h1>").append(quotedCode).append("</h1");
  301. response.append("<p>You should be redirected to <em>").append(HTMLEncode(uri)).append("</em></p>");
  302. response.append("This page is a result of the request: <pre>");
  303. response.append(HTMLEncode(request)).append("</pre></body></html>");
  304. addDataHeaders(headers, response);
  305. std::string location("Location: ");
  306. if (strncmp(uri.c_str(), "http://", 7) != 0 && strncmp(uri.c_str(), "https://", 8) != 0)
  307. {
  308. std::string const host = LookupTag(request, "Host");
  309. unsigned int const httpsport = _config->FindI("aptwebserver::port::https", 4433);
  310. std::string hosthttpsport;
  311. strprintf(hosthttpsport, ":%u", httpsport);
  312. if (host.find(hosthttpsport) != std::string::npos)
  313. location.append("https://");
  314. else
  315. location.append("http://");
  316. location.append(host).append("/");
  317. if (strncmp("/home/", uri.c_str(), strlen("/home/")) == 0 && uri.find("/public_html/") != std::string::npos)
  318. {
  319. std::string homeuri = SubstVar(uri, "/home/", "~");
  320. homeuri = SubstVar(homeuri, "/public_html/", "/");
  321. location.append(homeuri);
  322. }
  323. else
  324. location.append(uri);
  325. }
  326. else
  327. location.append(uri);
  328. headers.push_back(location);
  329. if (contentTypeSet(headers) == false)
  330. headers.push_back("Content-Type: text/html; charset=utf-8");
  331. sendHead(log, client, httpcode, headers);
  332. if (content == true)
  333. sendData(client, headers, response);
  334. }
  335. /*}}}*/
  336. static int filter_hidden_files(const struct dirent *a) /*{{{*/
  337. {
  338. if (a->d_name[0] == '.')
  339. return 0;
  340. #ifdef _DIRENT_HAVE_D_TYPE
  341. // if we have the d_type check that only files and dirs will be included
  342. if (a->d_type != DT_UNKNOWN &&
  343. a->d_type != DT_REG &&
  344. a->d_type != DT_LNK && // this includes links to regular files
  345. a->d_type != DT_DIR)
  346. return 0;
  347. #endif
  348. return 1;
  349. }
  350. static int grouped_alpha_case_sort(const struct dirent **a, const struct dirent **b) {
  351. #ifdef _DIRENT_HAVE_D_TYPE
  352. if ((*a)->d_type == DT_DIR && (*b)->d_type == DT_DIR);
  353. else if ((*a)->d_type == DT_DIR && (*b)->d_type == DT_REG)
  354. return -1;
  355. else if ((*b)->d_type == DT_DIR && (*a)->d_type == DT_REG)
  356. return 1;
  357. else
  358. #endif
  359. {
  360. struct stat f_prop; //File's property
  361. stat((*a)->d_name, &f_prop);
  362. int const amode = f_prop.st_mode;
  363. stat((*b)->d_name, &f_prop);
  364. int const bmode = f_prop.st_mode;
  365. if (S_ISDIR(amode) && S_ISDIR(bmode));
  366. else if (S_ISDIR(amode))
  367. return -1;
  368. else if (S_ISDIR(bmode))
  369. return 1;
  370. }
  371. return strcasecmp((*a)->d_name, (*b)->d_name);
  372. }
  373. /*}}}*/
  374. static void sendDirectoryListing(std::ostream &log, int const client, std::string const &dir,/*{{{*/
  375. std::string const &request, bool content, std::list<std::string> &headers)
  376. {
  377. struct dirent **namelist;
  378. int const counter = scandir(dir.c_str(), &namelist, filter_hidden_files, grouped_alpha_case_sort);
  379. if (counter == -1)
  380. {
  381. sendError(log, client, 500, request, content, "scandir failed", headers);
  382. return;
  383. }
  384. std::ostringstream listing;
  385. std::string const quotedDir = HTMLEncode(dir);
  386. listing << "<!doctype html><html><head><title>Index of " << quotedDir << "</title><meta charset=\"utf-8\" />"
  387. << "<style type=\"text/css\"><!-- td {padding: 0.02em 0.5em 0.02em 0.5em;}"
  388. << "tr:nth-child(even){background-color:#dfdfdf;}"
  389. << "h1, td:nth-child(3){text-align:center;}"
  390. << "table {margin-left:auto;margin-right:auto;} --></style>"
  391. << "</head>" << std::endl
  392. << "<body><h1>Index of " << quotedDir << "</h1>" << std::endl
  393. << "<table><tr><th>#</th><th>Name</th><th>Size</th><th>Last-Modified</th></tr>" << std::endl;
  394. if (dir != "./")
  395. listing << "<tr><td>d</td><td><a href=\"..\">Parent Directory</a></td><td>-</td><td>-</td></tr>";
  396. for (int i = 0; i < counter; ++i) {
  397. struct stat fs;
  398. std::string filename(dir);
  399. filename.append("/").append(namelist[i]->d_name);
  400. stat(filename.c_str(), &fs);
  401. std::string const quotedHref = QuoteString(namelist[i]->d_name, "\"\\/#?");
  402. std::string const quotedName = HTMLEncode(namelist[i]->d_name);
  403. bool const isDir = S_ISDIR(fs.st_mode);
  404. listing << "<tr><td>" << (isDir ? 'd' : 'f') << "</td>"
  405. << "<td><a href=\"./" << quotedHref << (isDir ? "/" : "") <<"\">" << quotedName << "</a></td>"
  406. << "<td>" << (isDir ? "-" : SizeToStr(fs.st_size).append("B")) << "</td>"
  407. << "<td>" << TimeRFC1123(fs.st_mtime, true) << "</td></tr>\n";
  408. }
  409. listing << "</table></body></html>" << std::endl;
  410. if (contentTypeSet(headers) == false)
  411. headers.push_back("Content-Type: text/html; charset=utf-8");
  412. std::string response(listing.str());
  413. addDataHeaders(headers, response);
  414. sendHead(log, client, 200, headers);
  415. if (content == true)
  416. sendData(client, headers, response);
  417. }
  418. /*}}}*/
  419. static bool parseFirstLine(std::ostream &log, int const client, std::string const &request,/*{{{*/
  420. std::string &filename, std::string &params, bool &sendContent,
  421. bool &closeConnection, std::list<std::string> &headers)
  422. {
  423. if (strncmp(request.c_str(), "HEAD ", 5) == 0)
  424. sendContent = false;
  425. if (strncmp(request.c_str(), "GET ", 4) != 0)
  426. {
  427. sendError(log, client, 501, request, true, "", headers);
  428. return false;
  429. }
  430. size_t const lineend = request.find('\n');
  431. size_t filestart = request.find(' ');
  432. for (; request[filestart] == ' '; ++filestart);
  433. size_t fileend = request.rfind(' ', lineend);
  434. if (lineend == std::string::npos || filestart == std::string::npos ||
  435. fileend == std::string::npos || filestart == fileend)
  436. {
  437. sendError(log, client, 500, request, sendContent, "Filename can't be extracted", headers);
  438. return false;
  439. }
  440. size_t httpstart = fileend;
  441. for (; request[httpstart] == ' '; ++httpstart);
  442. if (strncmp(request.c_str() + httpstart, "HTTP/1.1\r", 9) == 0)
  443. closeConnection = strcasecmp(LookupTag(request, "Connection", "Keep-Alive").c_str(), "Keep-Alive") != 0;
  444. else if (strncmp(request.c_str() + httpstart, "HTTP/1.0\r", 9) == 0)
  445. closeConnection = strcasecmp(LookupTag(request, "Connection", "Keep-Alive").c_str(), "close") == 0;
  446. else
  447. {
  448. sendError(log, client, 500, request, sendContent, "Not an HTTP/1.{0,1} request", headers);
  449. return false;
  450. }
  451. filename = request.substr(filestart, fileend - filestart);
  452. if (filename.find(' ') != std::string::npos)
  453. {
  454. sendError(log, client, 500, request, sendContent, "Filename contains an unencoded space", headers);
  455. return false;
  456. }
  457. std::string host = LookupTag(request, "Host", "");
  458. if (host.empty() == true)
  459. {
  460. // RFC 2616 §14.23 requires Host
  461. sendError(log, client, 400, request, sendContent, "Host header is required", headers);
  462. return false;
  463. }
  464. host = "http://" + host;
  465. // Proxies require absolute uris, so this is a simple proxy-fake option
  466. std::string const absolute = _config->Find("aptwebserver::request::absolute", "uri,path");
  467. if (strncmp(host.c_str(), filename.c_str(), host.length()) == 0 && APT::String::Startswith(filename, "/_config/") == false)
  468. {
  469. if (absolute.find("uri") == std::string::npos)
  470. {
  471. sendError(log, client, 400, request, sendContent, "Request is absoluteURI, but configured to not accept that", headers);
  472. return false;
  473. }
  474. // strip the host from the request to make it an absolute path
  475. filename.erase(0, host.length());
  476. std::string const authConf = _config->Find("aptwebserver::proxy-authorization", "");
  477. std::string auth = LookupTag(request, "Proxy-Authorization", "");
  478. if (authConf.empty() != auth.empty())
  479. {
  480. if (auth.empty())
  481. sendError(log, client, 407, request, sendContent, "Proxy requires authentication", headers);
  482. else
  483. sendError(log, client, 407, request, sendContent, "Client wants to authenticate to proxy, but proxy doesn't need it", headers);
  484. return false;
  485. }
  486. if (authConf.empty() == false)
  487. {
  488. char const * const basic = "Basic ";
  489. if (strncmp(auth.c_str(), basic, strlen(basic)) == 0)
  490. {
  491. auth.erase(0, strlen(basic));
  492. if (auth != authConf)
  493. {
  494. sendError(log, client, 407, request, sendContent, "Proxy-Authentication doesn't match", headers);
  495. return false;
  496. }
  497. }
  498. else
  499. {
  500. std::list<std::string> headers;
  501. headers.push_back("Proxy-Authenticate: Basic");
  502. sendError(log, client, 407, request, sendContent, "Unsupported Proxy-Authentication Scheme", headers);
  503. return false;
  504. }
  505. }
  506. }
  507. else if (absolute.find("path") == std::string::npos && APT::String::Startswith(filename, "/_config/") == false)
  508. {
  509. sendError(log, client, 400, request, sendContent, "Request is absolutePath, but configured to not accept that", headers);
  510. return false;
  511. }
  512. if (APT::String::Startswith(filename, "/_config/") == false)
  513. {
  514. std::string const authConf = _config->Find("aptwebserver::authorization", "");
  515. std::string auth = LookupTag(request, "Authorization", "");
  516. if (authConf.empty() != auth.empty())
  517. {
  518. if (auth.empty())
  519. sendError(log, client, 401, request, sendContent, "Server requires authentication", headers);
  520. else
  521. sendError(log, client, 401, request, sendContent, "Client wants to authenticate to server, but server doesn't need it", headers);
  522. return false;
  523. }
  524. if (authConf.empty() == false)
  525. {
  526. char const * const basic = "Basic ";
  527. if (strncmp(auth.c_str(), basic, strlen(basic)) == 0)
  528. {
  529. auth.erase(0, strlen(basic));
  530. if (auth != authConf)
  531. {
  532. sendError(log, client, 401, request, sendContent, "Authentication doesn't match", headers);
  533. return false;
  534. }
  535. }
  536. else
  537. {
  538. headers.push_back("WWW-Authenticate: Basic");
  539. sendError(log, client, 401, request, sendContent, "Unsupported Authentication Scheme", headers);
  540. return false;
  541. }
  542. }
  543. }
  544. size_t paramspos = filename.find('?');
  545. if (paramspos != std::string::npos)
  546. {
  547. params = filename.substr(paramspos + 1);
  548. filename.erase(paramspos);
  549. }
  550. filename = DeQuoteString(filename);
  551. // this is not a secure server, but at least prevent the obvious …
  552. if (filename.empty() == true || filename[0] != '/' ||
  553. strncmp(filename.c_str(), "//", 2) == 0 ||
  554. filename.find_first_of("\r\n\t\f\v") != std::string::npos ||
  555. filename.find("/../") != std::string::npos)
  556. {
  557. std::list<std::string> headers;
  558. sendError(log, client, 400, request, sendContent, "Filename contains illegal character (sequence)", headers);
  559. return false;
  560. }
  561. // nuke the first character which is a / as we assured above
  562. filename.erase(0, 1);
  563. if (filename.empty() == true)
  564. filename = "./";
  565. // support ~user/ uris to refer to /home/user/public_html/ as a kind-of special directory
  566. else if (filename[0] == '~')
  567. {
  568. // /home/user is actually not entirely correct, but good enough for now
  569. size_t dashpos = filename.find('/');
  570. if (dashpos != std::string::npos)
  571. {
  572. std::string home = filename.substr(1, filename.find('/') - 1);
  573. std::string pubhtml = filename.substr(filename.find('/') + 1);
  574. filename = "/home/" + home + "/public_html/" + pubhtml;
  575. }
  576. else
  577. filename = "/home/" + filename.substr(1) + "/public_html/";
  578. }
  579. // if no filename is given, but a valid directory see if we can use an index or
  580. // have to resort to a autogenerated directory listing later on
  581. if (DirectoryExists(filename) == true)
  582. {
  583. std::string const directoryIndex = _config->Find("aptwebserver::directoryindex");
  584. if (directoryIndex.empty() == false && directoryIndex == flNotDir(directoryIndex) &&
  585. RealFileExists(filename + directoryIndex) == true)
  586. filename += directoryIndex;
  587. }
  588. return true;
  589. }
  590. /*}}}*/
  591. static bool handleOnTheFlyReconfiguration(std::ostream &log, int const client,/*{{{*/
  592. std::string const &request, std::vector<std::string> parts, std::list<std::string> &headers)
  593. {
  594. size_t const pcount = parts.size();
  595. for (size_t i = 0; i < pcount; ++i)
  596. parts[i] = DeQuoteString(parts[i]);
  597. if (pcount == 4 && parts[1] == "set")
  598. {
  599. _config->Set(parts[2], parts[3]);
  600. sendSuccess(log, client, request, true, "Option '" + parts[2] + "' was set to '" + parts[3] + "'!", headers);
  601. return true;
  602. }
  603. else if (pcount == 4 && parts[1] == "find")
  604. {
  605. std::string response = _config->Find(parts[2], parts[3]);
  606. addDataHeaders(headers, response);
  607. if (contentTypeSet(headers) == false)
  608. headers.push_back("Content-Type: text/plain; charset=utf-8");
  609. sendHead(log, client, 200, headers);
  610. sendData(client, headers, response);
  611. return true;
  612. }
  613. else if (pcount == 3 && parts[1] == "find")
  614. {
  615. if (_config->Exists(parts[2]) == true)
  616. {
  617. std::string response = _config->Find(parts[2]);
  618. addDataHeaders(headers, response);
  619. if (contentTypeSet(headers) == false)
  620. headers.push_back("Content-Type: text/plain; charset=utf-8");
  621. sendHead(log, client, 200, headers);
  622. sendData(client, headers, response);
  623. return true;
  624. }
  625. sendError(log, client, 404, request, true, "Requested Configuration option doesn't exist", headers);
  626. return false;
  627. }
  628. else if (pcount == 3 && parts[1] == "clear")
  629. {
  630. _config->Clear(parts[2]);
  631. sendSuccess(log, client, request, true, "Option '" + parts[2] + "' was cleared.", headers);
  632. return true;
  633. }
  634. sendError(log, client, 400, request, true, "Unknown on-the-fly configuration request", headers);
  635. return false;
  636. }
  637. /*}}}*/
  638. static void * handleClient(int const client, size_t const id) /*{{{*/
  639. {
  640. auto logfilepath = _config->FindFile("aptwebserver::logfiles");
  641. if (logfilepath.empty() == false)
  642. strprintf(logfilepath, "%s.client-%lu.log", logfilepath.c_str(), id);
  643. else
  644. logfilepath = "/dev/null";
  645. std::ofstream logfile(logfilepath);
  646. basic_teeostream<char> log(std::clog, logfile);
  647. log << "ACCEPT client " << client << std::endl;
  648. bool closeConnection = false;
  649. while (closeConnection == false)
  650. {
  651. std::vector<std::string> messages;
  652. if (ReadMessages(client, messages) == false)
  653. break;
  654. std::list<std::string> headers;
  655. for (std::vector<std::string>::const_iterator m = messages.begin();
  656. m != messages.end() && closeConnection == false; ++m) {
  657. // if we announced a closing in previous response, do the close now
  658. if (std::find(headers.begin(), headers.end(), std::string("Connection: close")) != headers.end())
  659. {
  660. closeConnection = true;
  661. break;
  662. }
  663. headers.clear();
  664. log << ">>> REQUEST from " << client << " >>>" << std::endl << *m
  665. << std::endl << "<<<<<<<<<<<<<<<<" << std::endl;
  666. std::string filename;
  667. std::string params;
  668. bool sendContent = true;
  669. if (parseFirstLine(log, client, *m, filename, params, sendContent, closeConnection, headers) == false)
  670. continue;
  671. // special webserver command request
  672. if (filename.length() > 1 && filename[0] == '_')
  673. {
  674. std::vector<std::string> parts = VectorizeString(filename, '/');
  675. if (parts[0] == "_config")
  676. {
  677. handleOnTheFlyReconfiguration(log, client, *m, parts, headers);
  678. continue;
  679. }
  680. }
  681. // string replacements in the requested filename
  682. ::Configuration::Item const *Replaces = _config->Tree("aptwebserver::redirect::replace");
  683. if (Replaces != NULL)
  684. {
  685. std::string redirect = "/" + filename;
  686. for (::Configuration::Item *I = Replaces->Child; I != NULL; I = I->Next)
  687. redirect = SubstVar(redirect, I->Tag, I->Value);
  688. if (redirect.empty() == false && redirect[0] == '/')
  689. redirect.erase(0,1);
  690. if (redirect != filename)
  691. {
  692. sendRedirect(log, client, _config->FindI("aptwebserver::redirect::httpcode", 301), redirect, *m, sendContent);
  693. continue;
  694. }
  695. }
  696. ::Configuration::Item const *Overwrite = _config->Tree("aptwebserver::overwrite");
  697. if (Overwrite != NULL)
  698. {
  699. for (::Configuration::Item *I = Overwrite->Child; I != NULL; I = I->Next)
  700. {
  701. regex_t *pattern = new regex_t;
  702. int const res = regcomp(pattern, I->Tag.c_str(), REG_EXTENDED | REG_ICASE | REG_NOSUB);
  703. if (res != 0)
  704. {
  705. char error[300];
  706. regerror(res, pattern, error, sizeof(error));
  707. sendError(log, client, 500, *m, sendContent, error, headers);
  708. continue;
  709. }
  710. if (regexec(pattern, filename.c_str(), 0, 0, 0) == 0)
  711. {
  712. filename = _config->Find("aptwebserver::overwrite::" + I->Tag + "::filename", flNotDir(filename));
  713. if (filename.find("/") == std::string::npos)
  714. {
  715. auto directory = _config->Find("aptwebserver::overwrite::" + I->Tag + "::directory", flNotFile(filename));
  716. filename = flCombine(directory, filename);
  717. }
  718. if (filename.empty() == false && filename[0] == '/')
  719. filename.erase(0,1);
  720. if (filename.empty())
  721. filename = "./";
  722. regfree(pattern);
  723. break;
  724. }
  725. regfree(pattern);
  726. }
  727. }
  728. // automatic retry can be tested with this
  729. {
  730. int failrequests = _config->FindI("aptwebserver::failrequest::" + filename, 0);
  731. if (failrequests != 0)
  732. {
  733. --failrequests;
  734. _config->Set(("aptwebserver::failrequest::" + filename).c_str(), failrequests);
  735. sendError(log, client, _config->FindI("aptwebserver::failrequest", 400), *m, sendContent, "Server is configured to fail this file.", headers);
  736. continue;
  737. }
  738. }
  739. // deal with the request
  740. unsigned int const httpsport = _config->FindI("aptwebserver::port::https", 4433);
  741. std::string hosthttpsport;
  742. strprintf(hosthttpsport, ":%u", httpsport);
  743. if (_config->FindB("aptwebserver::support::http", true) == false &&
  744. LookupTag(*m, "Host").find(hosthttpsport) == std::string::npos)
  745. {
  746. sendError(log, client, 400, *m, sendContent, "HTTP disabled, all requests must be HTTPS", headers);
  747. continue;
  748. }
  749. else if (RealFileExists(filename) == true)
  750. {
  751. FileFd data(filename, FileFd::ReadOnly);
  752. std::string condition = LookupTag(*m, "If-Modified-Since", "");
  753. if (_config->FindB("aptwebserver::support::modified-since", true) == true && condition.empty() == false)
  754. {
  755. time_t cache;
  756. if (RFC1123StrToTime(condition.c_str(), cache) == true &&
  757. cache >= data.ModificationTime())
  758. {
  759. sendHead(log, client, 304, headers);
  760. continue;
  761. }
  762. }
  763. if (_config->FindB("aptwebserver::support::range", true) == true)
  764. condition = LookupTag(*m, "Range", "");
  765. else
  766. condition.clear();
  767. if (condition.empty() == false && strncmp(condition.c_str(), "bytes=", 6) == 0)
  768. {
  769. std::string ranges = ',' + _config->Find("aptwebserver::response-header::Accept-Ranges") + ',';
  770. ranges.erase(std::remove(ranges.begin(), ranges.end(), ' '), ranges.end());
  771. if (ranges.find(",bytes,") == std::string::npos)
  772. {
  773. // we handle it as an error here because we are a test server - a real one should just ignore it
  774. sendError(log, client, 400, *m, sendContent, "Client does range requests we don't support", headers);
  775. continue;
  776. }
  777. time_t cache;
  778. std::string ifrange;
  779. if (_config->FindB("aptwebserver::support::if-range", true) == true)
  780. ifrange = LookupTag(*m, "If-Range", "");
  781. bool validrange = (ifrange.empty() == true ||
  782. (RFC1123StrToTime(ifrange.c_str(), cache) == true &&
  783. cache <= data.ModificationTime()));
  784. // FIXME: support multiple byte-ranges (APT clients do not do this)
  785. if (condition.find(',') == std::string::npos)
  786. {
  787. size_t start = 6;
  788. unsigned long long filestart = strtoull(condition.c_str() + start, NULL, 10);
  789. // FIXME: no support for last-byte-pos being not the end of the file (APT clients do not do this)
  790. size_t dash = condition.find('-') + 1;
  791. unsigned long long fileend = strtoull(condition.c_str() + dash, NULL, 10);
  792. unsigned long long filesize = data.FileSize();
  793. if ((fileend == 0 || (fileend == filesize && fileend >= filestart)) &&
  794. validrange == true)
  795. {
  796. if (filesize > filestart)
  797. {
  798. data.Skip(filestart);
  799. // make sure to send content-range before conent-length
  800. // as regression test for LP: #1445239
  801. std::ostringstream contentrange;
  802. contentrange << "Content-Range: bytes " << filestart << "-"
  803. << filesize - 1 << "/" << filesize;
  804. headers.push_back(contentrange.str());
  805. std::ostringstream contentlength;
  806. contentlength << "Content-Length: " << (filesize - filestart);
  807. headers.push_back(contentlength.str());
  808. sendHead(log, client, 206, headers);
  809. if (sendContent == true)
  810. sendFile(client, headers, data);
  811. continue;
  812. }
  813. else
  814. {
  815. if (_config->FindB("aptwebserver::support::content-range", true) == true)
  816. {
  817. std::ostringstream contentrange;
  818. contentrange << "Content-Range: bytes */" << filesize;
  819. headers.push_back(contentrange.str());
  820. }
  821. sendError(log, client, 416, *m, sendContent, "", headers);
  822. continue;
  823. }
  824. }
  825. }
  826. }
  827. addFileHeaders(headers, data);
  828. sendHead(log, client, 200, headers);
  829. if (sendContent == true)
  830. sendFile(client, headers, data);
  831. }
  832. else if (DirectoryExists(filename) == true)
  833. {
  834. if (filename[filename.length()-1] == '/')
  835. sendDirectoryListing(log, client, filename, *m, sendContent, headers);
  836. else
  837. sendRedirect(log, client, 301, filename.append("/"), *m, sendContent);
  838. }
  839. else
  840. sendError(log, client, 404, *m, sendContent, "", headers);
  841. }
  842. // if we announced a closing in the last response, do the close now
  843. if (std::find(headers.begin(), headers.end(), std::string("Connection: close")) != headers.end())
  844. closeConnection = true;
  845. if (_error->PendingError() == true)
  846. break;
  847. _error->DumpErrors(std::cerr);
  848. }
  849. _error->DumpErrors(std::cerr);
  850. close(client);
  851. log << "CLOSE client " << client << std::endl;
  852. return NULL;
  853. }
  854. /*}}}*/
  855. static void loadMimeTypesFile(std::string const &filename) /*{{{*/
  856. {
  857. if (FileExists(filename) == false)
  858. return;
  859. std::string line;
  860. FileFd mimetypes(filename, FileFd::ReadOnly);
  861. while (mimetypes.ReadLine(line))
  862. {
  863. if (line.empty() || line[0] == '#' || line.find_first_not_of(" \t\r") == std::string::npos)
  864. continue;
  865. std::transform(line.begin(), line.end(), line.begin(), [](char const c) { return c == ' ' ? '\t' : c; });
  866. auto l = VectorizeString(line, '\t');
  867. l.erase(std::remove_if(l.begin(), l.end(), [](std::string const &f) { return f.empty(); }), l.end());
  868. if (l.size() < 2)
  869. continue;
  870. for (size_t i = 1; i < l.size(); ++i)
  871. if (l[i].empty() == false)
  872. _config->CndSet(std::string("aptwebserver::content-type::by-extension::").append(l[i]).c_str(), l[0]);
  873. }
  874. }
  875. /*}}}*/
  876. int main(int const argc, const char * argv[])
  877. {
  878. CommandLine::Args Args[] = {
  879. {'p', "port", "aptwebserver::port", CommandLine::HasArg},
  880. {0, "request-absolute", "aptwebserver::request::absolute", CommandLine::HasArg},
  881. {0, "authorization", "aptwebserver::authorization", CommandLine::HasArg},
  882. {0, "proxy-authorization", "aptwebserver::proxy-authorization", CommandLine::HasArg},
  883. {0, "logfiles", "aptwebserver::logfiles", CommandLine::HasArg},
  884. {'c',"config-file",0,CommandLine::ConfigFile},
  885. {'o',"option",0,CommandLine::ArbItem},
  886. {0,0,0,0}
  887. };
  888. CommandLine CmdL(Args, _config);
  889. if(CmdL.Parse(argc,argv) == false)
  890. {
  891. _error->DumpErrors();
  892. exit(1);
  893. }
  894. if (_config->FindB("aptwebserver::content-type::mime.types", true))
  895. {
  896. if (_config->FindB("aptwebserver::content-type::mime.types::apt", true))
  897. loadMimeTypesFile("/etc/apt/mime.types");
  898. if (_config->FindB("aptwebserver::content-type::mime.types::home", true))
  899. {
  900. auto const home = getenv("HOME");
  901. if (home != nullptr)
  902. loadMimeTypesFile(flCombine(home, ".mime.types"));
  903. }
  904. if (_config->FindB("aptwebserver::content-type::mime.types::etc", true))
  905. loadMimeTypesFile("/etc/mime.types");
  906. }
  907. // create socket, bind and listen to it {{{
  908. // ignore SIGPIPE, this can happen on write() if the socket closes connection
  909. signal(SIGPIPE, SIG_IGN);
  910. // we don't care for our slaves, so ignore their death
  911. signal(SIGCHLD, SIG_IGN);
  912. int sock = socket(AF_INET6, SOCK_STREAM, 0);
  913. if(sock < 0)
  914. {
  915. _error->Errno("aptwerbserver", "Couldn't create socket");
  916. _error->DumpErrors(std::cerr);
  917. return 1;
  918. }
  919. int port = _config->FindI("aptwebserver::port", 8080);
  920. // ensure that we accept all connections: v4 or v6
  921. int const iponly = 0;
  922. setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &iponly, sizeof(iponly));
  923. // to not linger on an address
  924. int const enable = 1;
  925. setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &enable, sizeof(enable));
  926. struct sockaddr_in6 locAddr;
  927. memset(&locAddr, 0, sizeof(locAddr));
  928. locAddr.sin6_family = AF_INET6;
  929. locAddr.sin6_port = htons(port);
  930. locAddr.sin6_addr = in6addr_any;
  931. if (bind(sock, (struct sockaddr*) &locAddr, sizeof(locAddr)) < 0)
  932. {
  933. _error->Errno("aptwerbserver", "Couldn't bind");
  934. _error->DumpErrors(std::cerr);
  935. return 2;
  936. }
  937. if (port == 0)
  938. {
  939. struct sockaddr_in6 addr;
  940. socklen_t addrlen = sizeof(sockaddr_in6);
  941. if (getsockname(sock, (struct sockaddr*) &addr, &addrlen) != 0)
  942. _error->Errno("getsockname", "Could not get chosen port number");
  943. else
  944. port = ntohs(addr.sin6_port);
  945. }
  946. std::string const portfilename = _config->Find("aptwebserver::portfile", "");
  947. if (portfilename.empty() == false)
  948. {
  949. FileFd portfile(portfilename, FileFd::WriteOnly | FileFd::Create | FileFd::Empty);
  950. std::string portcontent;
  951. strprintf(portcontent, "%d", port);
  952. portfile.Write(portcontent.c_str(), portcontent.size());
  953. portfile.Sync();
  954. }
  955. _config->Set("aptwebserver::port::http", port);
  956. FileFd pidfile;
  957. if (_config->FindB("aptwebserver::fork", false) == true)
  958. {
  959. std::string const pidfilename = _config->Find("aptwebserver::pidfile", "aptwebserver.pid");
  960. int const pidfilefd = GetLock(pidfilename);
  961. if (pidfilefd < 0 || pidfile.OpenDescriptor(pidfilefd, FileFd::WriteOnly) == false)
  962. {
  963. _error->Errno("aptwebserver", "Couldn't acquire lock on pidfile '%s'", pidfilename.c_str());
  964. _error->DumpErrors(std::cerr);
  965. return 3;
  966. }
  967. pid_t child = fork();
  968. if (child < 0)
  969. {
  970. _error->Errno("aptwebserver", "Forking failed");
  971. _error->DumpErrors(std::cerr);
  972. return 4;
  973. }
  974. else if (child != 0)
  975. {
  976. // successfully forked: ready to serve!
  977. std::string pidcontent;
  978. strprintf(pidcontent, "%d", child);
  979. pidfile.Write(pidcontent.c_str(), pidcontent.size());
  980. pidfile.Sync();
  981. if (_error->PendingError() == true)
  982. {
  983. _error->DumpErrors(std::cerr);
  984. return 5;
  985. }
  986. std::cout << "Successfully forked as " << child << std::endl;
  987. return 0;
  988. }
  989. }
  990. std::clog << "Serving ANY file on port: " << port << std::endl;
  991. int const slaves = _config->FindI("aptwebserver::slaves", SOMAXCONN);
  992. std::cerr << "SLAVES: " << slaves << std::endl;
  993. listen(sock, slaves);
  994. /*}}}*/
  995. _config->CndSet("aptwebserver::response-header::Server", "APT webserver");
  996. _config->CndSet("aptwebserver::response-header::Accept-Ranges", "bytes");
  997. _config->CndSet("aptwebserver::directoryindex", "index.html");
  998. APT::Configuration::getCompressors();
  999. size_t id = 0;
  1000. while (true)
  1001. {
  1002. int client = accept(sock, NULL, NULL);
  1003. if (client == -1)
  1004. {
  1005. if (errno == EINTR)
  1006. continue;
  1007. _error->Errno("accept", "Couldn't accept client on socket %d", sock);
  1008. _error->DumpErrors(std::cerr);
  1009. return 6;
  1010. }
  1011. std::thread t(handleClient, client, ++id);
  1012. t.detach();
  1013. }
  1014. pidfile.Close();
  1015. return 0;
  1016. }