1 #include <u.h>
2 #include <libc.h>
3 #include <bin.h>
4 #include <httpd.h>
5
6 typedef struct Strings Strings;
7
8 struct Strings
9 {
10 char *s1;
11 char *s2;
12 };
13
14 static char* abspath(HConnect *cc, char *origpath, char *curdir);
15 static int getc(HConnect*);
16 static char* getword(HConnect*);
17 static Strings parseuri(HConnect *c, char*);
18 static Strings stripsearch(char*);
19
20 /*
21 * parse the next request line
22 * returns:
23 * 1 ok
24 * 0 eof
25 * -1 error
26 */
27 int
hparsereq(HConnect * c,int timeout)28 hparsereq(HConnect *c, int timeout)
29 {
30 Strings ss;
31 char *vs, *v, *search, *uri, *origuri, *extra;
32
33 if(c->bin != nil){
34 hfail(c, HInternal);
35 return -1;
36 }
37
38 /*
39 * serve requests until a magic request.
40 * later requests have to come quickly.
41 * only works for http/1.1 or later.
42 */
43 if(timeout)
44 alarm(timeout);
45 if(hgethead(c, 0) < 0)
46 return -1;
47 if(timeout)
48 alarm(0);
49 c->reqtime = time(nil);
50 c->req.meth = getword(c);
51 if(c->req.meth == nil){
52 hfail(c, HSyntax);
53 return -1;
54 }
55 uri = getword(c);
56 if(uri == nil || strlen(uri) == 0){
57 hfail(c, HSyntax);
58 return -1;
59 }
60 v = getword(c);
61 if(v == nil){
62 if(strcmp(c->req.meth, "GET") != 0){
63 hfail(c, HUnimp, c->req.meth);
64 return -1;
65 }
66 c->req.vermaj = 0;
67 c->req.vermin = 9;
68 }else{
69 vs = v;
70 if(strncmp(vs, "HTTP/", 5) != 0){
71 hfail(c, HUnkVers, vs);
72 return -1;
73 }
74 vs += 5;
75 c->req.vermaj = strtoul(vs, &vs, 10);
76 if(*vs != '.' || c->req.vermaj != 1){
77 hfail(c, HUnkVers, vs);
78 return -1;
79 }
80 vs++;
81 c->req.vermin = strtoul(vs, &vs, 10);
82 if(*vs != '\0'){
83 hfail(c, HUnkVers, vs);
84 return -1;
85 }
86
87 extra = getword(c);
88 if(extra != nil){
89 hfail(c, HSyntax);
90 return -1;
91 }
92 }
93
94 /*
95 * the fragment is not supposed to be sent
96 * strip it 'cause some clients send it
97 */
98 origuri = uri;
99 uri = strchr(origuri, '#');
100 if(uri != nil)
101 *uri = 0;
102
103 /*
104 * http/1.1 requires the server to accept absolute
105 * or relative uri's. convert to relative with an absolute path
106 */
107 if(http11(c)){
108 ss = parseuri(c, origuri);
109 uri = ss.s1;
110 c->req.urihost = ss.s2;
111 if(uri == nil){
112 hfail(c, HBadReq, uri);
113 return -1;
114 }
115 origuri = uri;
116 }
117
118 /*
119 * munge uri for search, protection, and magic
120 */
121 ss = stripsearch(origuri);
122 origuri = ss.s1;
123 search = ss.s2;
124 uri = hurlunesc(c, origuri);
125 uri = abspath(c, uri, "/");
126 if(uri == nil || uri[0] == '\0'){
127 hfail(c, HNotFound, "no object specified");
128 return -1;
129 }
130
131 c->req.uri = uri;
132 c->req.search = search;
133 if(search)
134 c->req.searchpairs = hparsequery(c, hstrdup(c, search));
135
136 return 1;
137 }
138
139 static Strings
parseuri(HConnect * c,char * uri)140 parseuri(HConnect *c, char *uri)
141 {
142 Strings ss;
143 char *urihost, *p;
144
145 urihost = nil;
146 ss.s1 = ss.s2 = nil;
147 if(uri[0] != '/')
148 if(cistrncmp(uri, "http://", 7) == 0)
149 uri += 5; /* skip http: */
150 else if (cistrncmp(uri, "https://", 8) == 0)
151 uri += 6; /* skip https: */
152 else
153 return ss;
154
155 /*
156 * anything starting with // is a host name or number
157 * hostnames consists of letters, digits, - and .
158 * for now, just ignore any port given
159 */
160 if(uri[0] == '/' && uri[1] == '/'){
161 urihost = uri + 2;
162 p = strchr(urihost, '/');
163 if(p == nil)
164 uri = hstrdup(c, "/");
165 else{
166 uri = hstrdup(c, p);
167 *p = '\0';
168 }
169 p = strchr(urihost, ':');
170 if(p != nil)
171 *p = '\0';
172 }
173
174 if(uri[0] != '/' || uri[1] == '/')
175 return ss;
176
177 ss.s1 = uri;
178 ss.s2 = hlower(urihost);
179 return ss;
180 }
181 static Strings
stripsearch(char * uri)182 stripsearch(char *uri)
183 {
184 Strings ss;
185 char *search;
186
187 search = strchr(uri, '?');
188 if(search != nil)
189 *search++ = 0;
190 ss.s1 = uri;
191 ss.s2 = search;
192 return ss;
193 }
194
195 /*
196 * to circumscribe the accessible files we have to eliminate ..'s
197 * and resolve all names from the root.
198 */
199 static char*
abspath(HConnect * cc,char * origpath,char * curdir)200 abspath(HConnect *cc, char *origpath, char *curdir)
201 {
202 char *p, *sp, *path, *work, *rpath;
203 int len, n, c;
204
205 if(curdir == nil)
206 curdir = "/";
207 if(origpath == nil)
208 origpath = "";
209 work = hstrdup(cc, origpath);
210 path = work;
211
212 /*
213 * remove any really special characters
214 */
215 for(sp = "`;|"; *sp; sp++){
216 p = strchr(path, *sp);
217 if(p)
218 *p = 0;
219 }
220
221 len = strlen(curdir) + strlen(path) + 2 + UTFmax;
222 if(len < 10)
223 len = 10;
224 rpath = halloc(cc, len);
225 if(*path == '/')
226 rpath[0] = 0;
227 else
228 strcpy(rpath, curdir);
229 n = strlen(rpath);
230
231 while(path){
232 p = strchr(path, '/');
233 if(p)
234 *p++ = 0;
235 if(strcmp(path, "..") == 0){
236 while(n > 1){
237 n--;
238 c = rpath[n];
239 rpath[n] = 0;
240 if(c == '/')
241 break;
242 }
243 }else if(strcmp(path, ".") == 0){
244 ;
245 }else if(n == 1)
246 n += snprint(rpath+n, len-n, "%s", path);
247 else
248 n += snprint(rpath+n, len-n, "/%s", path);
249 path = p;
250 }
251
252 if(strncmp(rpath, "/bin/", 5) == 0)
253 strcpy(rpath, "/");
254 return rpath;
255 }
256
257 static char*
getword(HConnect * c)258 getword(HConnect *c)
259 {
260 char *buf;
261 int ch, n;
262
263 while((ch = getc(c)) == ' ' || ch == '\t' || ch == '\r')
264 ;
265 if(ch == '\n')
266 return nil;
267 n = 0;
268 buf = halloc(c, 1);
269 for(;;){
270 switch(ch){
271 case ' ':
272 case '\t':
273 case '\r':
274 case '\n':
275 buf[n] = '\0';
276 return hstrdup(c, buf);
277 }
278
279 if(n < HMaxWord-1){
280 buf = bingrow(&c->bin, buf, n, n + 1, 0);
281 if(buf == nil)
282 return nil;
283 buf[n++] = ch;
284 }
285 ch = getc(c);
286 }
287 }
288
289 static int
getc(HConnect * c)290 getc(HConnect *c)
291 {
292 if(c->hpos < c->hstop)
293 return *c->hpos++;
294 return '\n';
295 }
296