1 #include <u.h>
2 #include <libc.h>
3 #include <bin.h>
4 #include <httpd.h>
5
6 typedef struct Strings Strings;
7
8 struct Strings
9 {
10 char *s1;
11 char *s2;
12 };
13
14 static char* abspath(HConnect *cc, char *origpath, char *curdir);
15 static int getc(HConnect*);
16 static char* getword(HConnect*);
17 static Strings parseuri(HConnect *c, char*);
18 static Strings stripsearch(char*);
19
20 int
hparseuri(HConnect * c,char * uri)21 hparseuri(HConnect *c, char *uri)
22 {
23 Strings ss;
24 char *search, *origuri;
25
26 /*
27 * the fragment is not supposed to be sent
28 * strip it 'cause some clients send it
29 */
30 origuri = uri;
31 uri = strchr(origuri, '#');
32 if(uri != nil)
33 *uri = 0;
34
35 /*
36 * http/1.1 requires the server to accept absolute
37 * or relative uri's. convert to relative with an absolute path
38 */
39 if(http11(c)){
40 ss = parseuri(c, origuri);
41 uri = ss.s1;
42 c->req.urihost = ss.s2;
43 if(uri == nil){
44 hfail(c, HBadReq, uri);
45 return -1;
46 }
47 origuri = uri;
48 }
49
50 /*
51 * munge uri for search, protection, and magic
52 */
53 ss = stripsearch(origuri);
54 origuri = ss.s1;
55 search = ss.s2;
56 uri = hurlunesc(c, origuri);
57 uri = abspath(c, uri, "/");
58 if(uri == nil || uri[0] == '\0'){
59 hfail(c, HNotFound, "no object specified");
60 return -1;
61 }
62
63 c->req.uri = uri;
64 c->req.search = search;
65 if(search)
66 c->req.searchpairs = hparsequery(c, hstrdup(c, search));
67
68 return 1;
69 }
70
71 /*
72 * parse the next request line
73 * returns:
74 * 1 ok
75 * 0 eof
76 * -1 error
77 */
78 int
hparsereq(HConnect * c,int timeout)79 hparsereq(HConnect *c, int timeout)
80 {
81 char *vs, *v, *uri, *extra;
82
83 if(c->bin != nil){
84 hfail(c, HInternal);
85 return -1;
86 }
87
88 /*
89 * serve requests until a magic request.
90 * later requests have to come quickly.
91 * only works for http/1.1 or later.
92 */
93 if(timeout)
94 alarm(timeout);
95 if(hgethead(c, 0) < 0)
96 return -1;
97 if(timeout)
98 alarm(0);
99 c->reqtime = time(nil);
100 c->req.meth = getword(c);
101 if(c->req.meth == nil){
102 hfail(c, HSyntax);
103 return -1;
104 }
105 uri = getword(c);
106 if(uri == nil || strlen(uri) == 0){
107 hfail(c, HSyntax);
108 return -1;
109 }
110 v = getword(c);
111 if(v == nil){
112 if(strcmp(c->req.meth, "GET") != 0){
113 hfail(c, HUnimp, c->req.meth);
114 return -1;
115 }
116 c->req.vermaj = 0;
117 c->req.vermin = 9;
118 }else{
119 vs = v;
120 if(strncmp(vs, "HTTP/", 5) != 0){
121 hfail(c, HUnkVers, vs);
122 return -1;
123 }
124 vs += 5;
125 c->req.vermaj = strtoul(vs, &vs, 10);
126 if(*vs != '.' || c->req.vermaj != 1){
127 hfail(c, HUnkVers, vs);
128 return -1;
129 }
130 vs++;
131 c->req.vermin = strtoul(vs, &vs, 10);
132 if(*vs != '\0'){
133 hfail(c, HUnkVers, vs);
134 return -1;
135 }
136
137 extra = getword(c);
138 if(extra != nil){
139 hfail(c, HSyntax);
140 return -1;
141 }
142 }
143 return hparseuri(c, uri);
144 }
145
146 static Strings
parseuri(HConnect * c,char * uri)147 parseuri(HConnect *c, char *uri)
148 {
149 Strings ss;
150 char *urihost, *p;
151
152 urihost = nil;
153 ss.s1 = ss.s2 = nil;
154 if(uri[0] != '/')
155 if(cistrncmp(uri, "http://", 7) == 0)
156 uri += 5; /* skip http: */
157 else if (cistrncmp(uri, "https://", 8) == 0)
158 uri += 6; /* skip https: */
159 else
160 return ss;
161
162 /*
163 * anything starting with // is a host name or number
164 * hostnames consists of letters, digits, - and .
165 * for now, just ignore any port given
166 */
167 if(uri[0] == '/' && uri[1] == '/'){
168 urihost = uri + 2;
169 p = strchr(urihost, '/');
170 if(p == nil)
171 uri = hstrdup(c, "/");
172 else{
173 uri = hstrdup(c, p);
174 *p = '\0';
175 }
176 p = strchr(urihost, ':');
177 if(p != nil)
178 *p = '\0';
179 }
180
181 if(uri[0] != '/' || uri[1] == '/')
182 return ss;
183
184 ss.s1 = uri;
185 ss.s2 = hlower(urihost);
186 return ss;
187 }
188 static Strings
stripsearch(char * uri)189 stripsearch(char *uri)
190 {
191 Strings ss;
192 char *search;
193
194 search = strchr(uri, '?');
195 if(search != nil)
196 *search++ = 0;
197 ss.s1 = uri;
198 ss.s2 = search;
199 return ss;
200 }
201
202 /*
203 * to circumscribe the accessible files we have to eliminate ..'s
204 * and resolve all names from the root.
205 */
206 static char*
abspath(HConnect * cc,char * origpath,char * curdir)207 abspath(HConnect *cc, char *origpath, char *curdir)
208 {
209 char *p, *sp, *path, *work, *rpath;
210 int len, n, c;
211
212 if(curdir == nil)
213 curdir = "/";
214 if(origpath == nil)
215 origpath = "";
216 work = hstrdup(cc, origpath);
217 path = work;
218
219 /*
220 * remove any really special characters
221 */
222 for(sp = "`;|"; *sp; sp++){
223 p = strchr(path, *sp);
224 if(p)
225 *p = 0;
226 }
227
228 len = strlen(curdir) + strlen(path) + 2 + UTFmax;
229 if(len < 10)
230 len = 10;
231 rpath = halloc(cc, len);
232 if(*path == '/')
233 rpath[0] = 0;
234 else
235 strcpy(rpath, curdir);
236 n = strlen(rpath);
237
238 while(path){
239 p = strchr(path, '/');
240 if(p)
241 *p++ = 0;
242 if(strcmp(path, "..") == 0){
243 while(n > 1){
244 n--;
245 c = rpath[n];
246 rpath[n] = 0;
247 if(c == '/')
248 break;
249 }
250 }else if(strcmp(path, ".") == 0){
251 ;
252 }else if(n == 1)
253 n += snprint(rpath+n, len-n, "%s", path);
254 else
255 n += snprint(rpath+n, len-n, "/%s", path);
256 path = p;
257 }
258
259 if(strncmp(rpath, "/bin/", 5) == 0)
260 strcpy(rpath, "/");
261 return rpath;
262 }
263
264 static char*
getword(HConnect * c)265 getword(HConnect *c)
266 {
267 char *buf;
268 int ch, n;
269
270 while((ch = getc(c)) == ' ' || ch == '\t' || ch == '\r')
271 ;
272 if(ch == '\n')
273 return nil;
274 n = 0;
275 buf = halloc(c, 1);
276 for(;;){
277 switch(ch){
278 case ' ':
279 case '\t':
280 case '\r':
281 case '\n':
282 buf[n] = '\0';
283 return hstrdup(c, buf);
284 }
285
286 if(n < HMaxWord-1){
287 buf = bingrow(&c->bin, buf, n, n + 1, 0);
288 if(buf == nil)
289 return nil;
290 buf[n++] = ch;
291 }
292 ch = getc(c);
293 }
294 }
295
296 static int
getc(HConnect * c)297 getc(HConnect *c)
298 {
299 if(c->hpos < c->hstop)
300 return *c->hpos++;
301 return '\n';
302 }
303