1 // Slightly modified version of Mongoose, by Wildfire Games, for 0 A.D.
2 // Diff against mongoose_original.c (from Hg rev 77615121d235) to see the changes.
4 // Motivation for changes:
5 // * For simplicity and consistency with the rest of the codebase, we compile
6 // as C++ instead of C, requiring a few compatibility fixes.
7 // * For quietness with our default warning flags, some warnings are
8 // explicitly disabled.
9 // * CGI and SSL are disabled since they're not needed.
10 // * ws2_32 is linked explicitly here, instead of requiring more complexity
11 // in the build system.
12 // * To avoid debug spew, we disable DEBUG.
13 // * Use memcopy to get rid of strict-aliasing warning
14 // * Remove use of deprecated 'register' storage class
16 #define __STDC_LIMIT_MACROS
19 # pragma warning(disable:4127) // conditional expression is constant
20 # pragma warning(disable:4100) // unreferenced formal parameter
21 # pragma warning(disable:4245) // signed/unsigned mismatch
22 # pragma warning(disable:4505) // unreferenced local function has been removed
23 # pragma warning(disable:4365) // signed unsigned mismatch
24 # pragma warning(disable:4191) // unsafe conversion
25 # pragma warning(disable:4820) // incorrect padding
26 # pragma warning(disable:4668) // macro error
27 # pragma warning(disable:4710) // function not inlined
28 # pragma warning(disable:4711) // selected for automatic inline expansion
29 # pragma comment(lib, "ws2_32.lib")
33 # pragma GCC diagnostic ignored "-Wunused-function"
35 # pragma GCC diagnostic ignored "-Wunused-but-set-variable"
44 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
45 // Fix undefined PF_INET on FreeBSD
46 #include <sys/socket.h>
49 // Copyright (c) 2004-2011 Sergey Lyubka
51 // Permission is hereby granted, free of charge, to any person obtaining a copy
52 // of this software and associated documentation files (the "Software"), to deal
53 // in the Software without restriction, including without limitation the rights
54 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
55 // copies of the Software, and to permit persons to whom the Software is
56 // furnished to do so, subject to the following conditions:
58 // The above copyright notice and this permission notice shall be included in
59 // all copies or substantial portions of the Software.
61 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
62 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
63 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
64 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
65 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
66 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
70 #define _CRT_SECURE_NO_WARNINGS // Disable deprecation warning in VS2005
72 #define _XOPEN_SOURCE 600 // For flockfile() on Linux
73 #define _LARGEFILE_SOURCE // Enable 64-bit file offsets
74 #define __STDC_FORMAT_MACROS // <inttypes.h> wants this for C++
77 #if defined(__SYMBIAN32__)
78 #define NO_SSL // SSL is not supported
79 #define NO_CGI // CGI is not supported
80 #define PATH_MAX FILENAME_MAX
81 #endif // __SYMBIAN32__
83 #ifndef _WIN32_WCE // Some ANSI #includes are not available on Windows CE
84 #include <sys/types.h>
101 #if defined(_WIN32) && !defined(__SYMBIAN32__) // Windows specific
102 #define _WIN32_WINNT 0x0400 // To make it link in VS2005
106 #define PATH_MAX MAX_PATH
114 #include <winsock2.h>
115 #define NO_CGI // WinCE has no pipes
120 #define errno GetLastError()
121 #define strerror(x) _ultoa(x, (char *) _alloca(sizeof(x) *3 ), 10)
124 #define MAKEUQUAD(lo, hi) ((uint64_t)(((uint32_t)(lo)) | \
125 ((uint64_t)((uint32_t)(hi))) << 32))
126 #define RATE_DIFF 10000000 // 100 nsecs
127 #define EPOCH_DIFF MAKEUQUAD(0xd53e8000, 0x019db1de)
128 #define SYS2UNIX_TIME(lo, hi) \
129 (time_t) ((MAKEUQUAD((lo), (hi)) - EPOCH_DIFF) / RATE_DIFF)
131 // Visual Studio 6 does not know __func__ or __FUNCTION__
132 // The rest of MS compilers use __FUNCTION__, not C99 __func__
133 // Also use _strtoui64 on modern M$ compilers
134 #if defined(_MSC_VER) && _MSC_VER < 1300
136 #define STR(x) STRX(x)
137 #define __func__ "line " STR(__LINE__)
138 #define strtoull(x, y, z) strtoul(x, y, z)
139 #define strtoll(x, y, z) strtol(x, y, z)
141 #define __func__ __FUNCTION__
142 #define strtoull(x, y, z) _strtoui64(x, y, z)
143 #define strtoll(x, y, z) _strtoi64(x, y, z)
146 #define ERRNO GetLastError()
148 #define SSL_LIB "ssleay32.dll"
149 #define CRYPTO_LIB "libeay32.dll"
151 #define IS_DIRSEP_CHAR(c) ((c) == '/' || (c) == '\\')
153 #if !defined(EWOULDBLOCK)
154 #define EWOULDBLOCK WSAEWOULDBLOCK
155 #endif // !EWOULDBLOCK
157 #define INT64_FMT "I64d"
159 #define WINCDECL __cdecl
161 #define snprintf _snprintf
162 #define vsnprintf _vsnprintf
163 #define sleep(x) Sleep((x) * 1000)
165 #define pipe(x) _pipe(x, BUFSIZ, _O_BINARY)
166 #define popen(x, y) _popen(x, y)
167 #define pclose(x) _pclose(x)
168 #define close(x) _close(x)
169 #define dlsym(x,y) GetProcAddress((HINSTANCE) (x), (y))
171 #define fseeko(x, y, z) fseek((x), (y), (z))
172 #define fdopen(x, y) _fdopen((x), (y))
173 #define write(x, y, z) _write((x), (y), (unsigned) z)
174 #define read(x, y, z) _read((x), (y), (unsigned) z)
175 #define flockfile(x) (void) 0
176 #define funlockfile(x) (void) 0
179 #define fileno(x) _fileno(x)
180 #endif // !fileno MINGW #defines fileno
182 typedef HANDLE pthread_mutex_t
;
183 typedef struct {HANDLE signal
, broadcast
;} pthread_cond_t
;
184 typedef DWORD pthread_t
;
185 #define pid_t HANDLE // MINGW typedefs pid_t to int. Using #define here.
194 static int pthread_mutex_lock(pthread_mutex_t
*);
195 static int pthread_mutex_unlock(pthread_mutex_t
*);
196 static FILE *mg_fopen(const char *path
, const char *mode
);
198 #if defined(HAVE_STDINT)
201 typedef unsigned int uint32_t;
202 typedef unsigned short uint16_t;
203 typedef unsigned __int64
uint64_t;
204 typedef __int64
int64_t;
205 #define INT64_MAX 9223372036854775807
206 #endif // HAVE_STDINT
208 // POSIX dirent interface
210 char d_name
[PATH_MAX
];
215 WIN32_FIND_DATAW info
;
216 struct dirent result
;
219 #else // UNIX specific
220 #include <sys/wait.h>
221 #include <sys/socket.h>
222 #include <sys/select.h>
223 #include <netinet/in.h>
224 #include <arpa/inet.h>
225 #include <sys/time.h>
227 #include <inttypes.h>
233 #if !defined(NO_SSL_DL) && !defined(NO_SSL)
237 #if defined(__MACH__)
238 #define SSL_LIB "libssl.dylib"
239 #define CRYPTO_LIB "libcrypto.dylib"
241 #if !defined(SSL_LIB)
242 #define SSL_LIB "libssl.so"
244 #if !defined(CRYPTO_LIB)
245 #define CRYPTO_LIB "libcrypto.so"
249 #define IS_DIRSEP_CHAR(c) ((c) == '/')
253 #define closesocket(a) close(a)
254 #define mg_fopen(x, y) fopen(x, y)
255 #define mg_mkdir(x, y) mkdir(x, y)
256 #define mg_remove(x) remove(x)
257 #define mg_rename(x, y) rename(x, y)
259 #define INVALID_SOCKET (-1)
260 #define INT64_FMT PRId64
264 #endif // End of Windows and UNIX specific includes
266 #include "mongoose.h"
268 #define MONGOOSE_VERSION "3.1"
269 #define PASSWORDS_FILE_NAME ".htpasswd"
270 #define CGI_ENVIRONMENT_SIZE 4096
271 #define MAX_CGI_ENVIR_VARS 64
272 #define ARRAY_SIZE(array) (sizeof(array) / sizeof(array[0]))
275 static pthread_t
pthread_self(void) {
276 return GetCurrentThreadId();
281 #define DEBUG_TRACE(x) do { \
283 printf("*** %lu.%p.%s.%d: ", \
284 (unsigned long) time(NULL), (void *) pthread_self(), \
285 __func__, __LINE__); \
289 funlockfile(stdout); \
292 #define DEBUG_TRACE(x)
295 // Darwin prior to 7.0 and Win32 do not have socklen_t
297 typedef int socklen_t
;
298 #endif // NO_SOCKLEN_T
300 typedef void * (*mg_thread_func_t
)(void *);
302 static const char *http_500_error
= "Internal Server Error";
304 // Snatched from OpenSSL includes. I put the prototypes here to be independent
305 // from the OpenSSL source installation. Having this, mongoose + SSL can be
306 // built on any system with binary SSL libraries installed.
307 typedef struct ssl_st SSL
;
308 typedef struct ssl_method_st SSL_METHOD
;
309 typedef struct ssl_ctx_st SSL_CTX
;
311 #define SSL_ERROR_WANT_READ 2
312 #define SSL_ERROR_WANT_WRITE 3
313 #define SSL_FILETYPE_PEM 1
314 #define CRYPTO_LOCK 1
316 #if defined(NO_SSL_DL)
317 extern void SSL_free(SSL
*);
318 extern int SSL_accept(SSL
*);
319 extern int SSL_connect(SSL
*);
320 extern int SSL_read(SSL
*, void *, int);
321 extern int SSL_write(SSL
*, const void *, int);
322 extern int SSL_get_error(const SSL
*, int);
323 extern int SSL_set_fd(SSL
*, int);
324 extern SSL
*SSL_new(SSL_CTX
*);
325 extern SSL_CTX
*SSL_CTX_new(SSL_METHOD
*);
326 extern SSL_METHOD
*SSLv23_server_method(void);
327 extern int SSL_library_init(void);
328 extern void SSL_load_error_strings(void);
329 extern int SSL_CTX_use_PrivateKey_file(SSL_CTX
*, const char *, int);
330 extern int SSL_CTX_use_certificate_file(SSL_CTX
*, const char *, int);
331 extern int SSL_CTX_use_certificate_chain_file(SSL_CTX
*, const char *);
332 extern void SSL_CTX_set_default_passwd_cb(SSL_CTX
*, mg_callback_t
);
333 extern void SSL_CTX_free(SSL_CTX
*);
334 extern unsigned long ERR_get_error(void);
335 extern char *ERR_error_string(unsigned long, char *);
336 extern int CRYPTO_num_locks(void);
337 extern void CRYPTO_set_locking_callback(void (*)(int, int, const char *, int));
338 extern void CRYPTO_set_id_callback(unsigned long (*)(void));
340 // Dynamically loaded SSL functionality
342 const char *name
; // SSL function name
343 void (*ptr
)(void); // Function pointer
346 #define SSL_free (* (void (*)(SSL *)) ssl_sw[0].ptr)
347 #define SSL_accept (* (int (*)(SSL *)) ssl_sw[1].ptr)
348 #define SSL_connect (* (int (*)(SSL *)) ssl_sw[2].ptr)
349 #define SSL_read (* (int (*)(SSL *, void *, int)) ssl_sw[3].ptr)
350 #define SSL_write (* (int (*)(SSL *, const void *,int)) ssl_sw[4].ptr)
351 #define SSL_get_error (* (int (*)(SSL *, int)) ssl_sw[5].ptr)
352 #define SSL_set_fd (* (int (*)(SSL *, SOCKET)) ssl_sw[6].ptr)
353 #define SSL_new (* (SSL * (*)(SSL_CTX *)) ssl_sw[7].ptr)
354 #define SSL_CTX_new (* (SSL_CTX * (*)(SSL_METHOD *)) ssl_sw[8].ptr)
355 #define SSLv23_server_method (* (SSL_METHOD * (*)(void)) ssl_sw[9].ptr)
356 #define SSL_library_init (* (int (*)(void)) ssl_sw[10].ptr)
357 #define SSL_CTX_use_PrivateKey_file (* (int (*)(SSL_CTX *, \
358 const char *, int)) ssl_sw[11].ptr)
359 #define SSL_CTX_use_certificate_file (* (int (*)(SSL_CTX *, \
360 const char *, int)) ssl_sw[12].ptr)
361 #define SSL_CTX_set_default_passwd_cb \
362 (* (void (*)(SSL_CTX *, mg_callback_t)) ssl_sw[13].ptr)
363 #define SSL_CTX_free (* (void (*)(SSL_CTX *)) ssl_sw[14].ptr)
364 #define SSL_load_error_strings (* (void (*)(void)) ssl_sw[15].ptr)
365 #define SSL_CTX_use_certificate_chain_file \
366 (* (int (*)(SSL_CTX *, const char *)) ssl_sw[16].ptr)
368 #define CRYPTO_num_locks (* (int (*)(void)) crypto_sw[0].ptr)
369 #define CRYPTO_set_locking_callback \
370 (* (void (*)(void (*)(int, int, const char *, int))) crypto_sw[1].ptr)
371 #define CRYPTO_set_id_callback \
372 (* (void (*)(unsigned long (*)(void))) crypto_sw[2].ptr)
373 #define ERR_get_error (* (unsigned long (*)(void)) crypto_sw[3].ptr)
374 #define ERR_error_string (* (char * (*)(unsigned long,char *)) crypto_sw[4].ptr)
376 // set_ssl_option() function updates this array.
377 // It loads SSL library dynamically and changes NULLs to the actual addresses
378 // of respective functions. The macros above (like SSL_connect()) are really
379 // just calling these functions indirectly via the pointer.
380 static struct ssl_func ssl_sw
[] = {
382 {"SSL_accept", NULL
},
383 {"SSL_connect", NULL
},
386 {"SSL_get_error", NULL
},
387 {"SSL_set_fd", NULL
},
389 {"SSL_CTX_new", NULL
},
390 {"SSLv23_server_method", NULL
},
391 {"SSL_library_init", NULL
},
392 {"SSL_CTX_use_PrivateKey_file", NULL
},
393 {"SSL_CTX_use_certificate_file",NULL
},
394 {"SSL_CTX_set_default_passwd_cb",NULL
},
395 {"SSL_CTX_free", NULL
},
396 {"SSL_load_error_strings", NULL
},
397 {"SSL_CTX_use_certificate_chain_file", NULL
},
401 // Similar array as ssl_sw. These functions could be located in different lib.
402 static struct ssl_func crypto_sw
[] = {
403 {"CRYPTO_num_locks", NULL
},
404 {"CRYPTO_set_locking_callback", NULL
},
405 {"CRYPTO_set_id_callback", NULL
},
406 {"ERR_get_error", NULL
},
407 {"ERR_error_string", NULL
},
412 static const char *month_names
[] = {
413 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
414 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
417 // Unified socket address. For IPv6 support, add IPv6 address structure
423 struct sockaddr_in sin
;
427 // Describes a string (chunk of memory).
433 // Structure used by mg_stat() function. Uses 64 bit file length.
435 int is_directory
; // Directory marker
436 int64_t size
; // File size
437 time_t mtime
; // Modification time
440 // Describes listening socket, or socket which was accept()-ed by the master
441 // thread and queued for future handling by the worker thread.
443 struct socket
*next
; // Linkage
444 SOCKET sock
; // Listening socket
445 struct usa lsa
; // Local socket address
446 struct usa rsa
; // Remote socket address
447 int is_ssl
; // Is socket SSL-ed
452 CGI_EXTENSIONS
, CGI_ENVIRONMENT
, PUT_DELETE_PASSWORDS_FILE
, CGI_INTERPRETER
,
453 PROTECT_URI
, AUTHENTICATION_DOMAIN
, SSI_EXTENSIONS
, ACCESS_LOG_FILE
,
454 SSL_CHAIN_FILE
, ENABLE_DIRECTORY_LISTING
, ERROR_LOG_FILE
,
455 GLOBAL_PASSWORDS_FILE
, INDEX_FILES
,
456 ENABLE_KEEP_ALIVE
, ACCESS_CONTROL_LIST
, MAX_REQUEST_SIZE
,
457 EXTRA_MIME_TYPES
, LISTENING_PORTS
,
458 DOCUMENT_ROOT
, SSL_CERTIFICATE
, NUM_THREADS
, RUN_AS_USER
,
462 static const char *config_options
[] = {
463 "C", "cgi_extensions", ".cgi,.pl,.php",
464 "E", "cgi_environment", NULL
,
465 "G", "put_delete_passwords_file", NULL
,
466 "I", "cgi_interpreter", NULL
,
467 "P", "protect_uri", NULL
,
468 "R", "authentication_domain", "mydomain.com",
469 "S", "ssi_extensions", ".shtml,.shtm",
470 "a", "access_log_file", NULL
,
471 "c", "ssl_chain_file", NULL
,
472 "d", "enable_directory_listing", "yes",
473 "e", "error_log_file", NULL
,
474 "g", "global_passwords_file", NULL
,
475 "i", "index_files", "index.html,index.htm,index.cgi",
476 "k", "enable_keep_alive", "no",
477 "l", "access_control_list", NULL
,
478 "M", "max_request_size", "16384",
479 "m", "extra_mime_types", NULL
,
480 "p", "listening_ports", "8080",
481 "r", "document_root", ".",
482 "s", "ssl_certificate", NULL
,
483 "t", "num_threads", "10",
484 "u", "run_as_user", NULL
,
487 #define ENTRIES_PER_CONFIG_OPTION 3
490 volatile int stop_flag
; // Should we stop event loop
491 SSL_CTX
*ssl_ctx
; // SSL context
492 char *config
[NUM_OPTIONS
]; // Mongoose configuration parameters
493 mg_callback_t user_callback
; // User-defined callback function
494 void *user_data
; // User-defined data
496 struct socket
*listening_sockets
;
498 volatile int num_threads
; // Number of threads
499 pthread_mutex_t mutex
; // Protects (max|num)_threads
500 pthread_cond_t cond
; // Condvar for tracking workers terminations
502 struct socket queue
[20]; // Accepted sockets
503 volatile int sq_head
; // Head of the socket queue
504 volatile int sq_tail
; // Tail of the socket queue
505 pthread_cond_t sq_full
; // Singaled when socket is produced
506 pthread_cond_t sq_empty
; // Signaled when socket is consumed
509 struct mg_connection
{
510 struct mg_connection
*peer
; // Remote target in proxy mode
511 struct mg_request_info request_info
;
512 struct mg_context
*ctx
;
513 SSL
*ssl
; // SSL descriptor
514 struct socket client
; // Connected client
515 time_t birth_time
; // Time connection was accepted
516 int64_t num_bytes_sent
; // Total bytes sent to client
517 int64_t content_len
; // Content-Length header value
518 int64_t consumed_content
; // How many bytes of content is already read
519 char *buf
; // Buffer for received data
520 int buf_size
; // Buffer size
521 int request_len
; // Size of the request + headers in a buffer
522 int data_len
; // Total size of data in a buffer
525 const char **mg_get_valid_option_names(void) {
526 return config_options
;
529 static void *call_user(struct mg_connection
*conn
, enum mg_event event
) {
530 conn
->request_info
.user_data
= conn
->ctx
->user_data
;
531 return conn
->ctx
->user_callback
== NULL
? NULL
:
532 conn
->ctx
->user_callback(event
, conn
, &conn
->request_info
);
535 static int get_option_index(const char *name
) {
538 for (i
= 0; config_options
[i
] != NULL
; i
+= ENTRIES_PER_CONFIG_OPTION
) {
539 if (strcmp(config_options
[i
], name
) == 0 ||
540 strcmp(config_options
[i
+ 1], name
) == 0) {
541 return i
/ ENTRIES_PER_CONFIG_OPTION
;
547 const char *mg_get_option(const struct mg_context
*ctx
, const char *name
) {
549 if ((i
= get_option_index(name
)) == -1) {
551 } else if (ctx
->config
[i
] == NULL
) {
554 return ctx
->config
[i
];
558 // Print error message to the opened error log stream.
559 static void cry(struct mg_connection
*conn
, const char *fmt
, ...) {
566 (void) vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
569 // Do not lock when getting the callback value, here and below.
570 // I suppose this is fine, since function cannot disappear in the
571 // same way string option can.
572 conn
->request_info
.log_message
= buf
;
573 if (call_user(conn
, MG_EVENT_LOG
) == NULL
) {
574 fp
= conn
->ctx
->config
[ERROR_LOG_FILE
] == NULL
? NULL
:
575 mg_fopen(conn
->ctx
->config
[ERROR_LOG_FILE
], "a+");
579 timestamp
= time(NULL
);
582 "[%010lu] [error] [client %s] ",
583 (unsigned long) timestamp
,
584 inet_ntoa(conn
->client
.rsa
.u
.sin
.sin_addr
));
586 if (conn
->request_info
.request_method
!= NULL
) {
587 (void) fprintf(fp
, "%s %s: ",
588 conn
->request_info
.request_method
,
589 conn
->request_info
.uri
);
592 (void) fprintf(fp
, "%s", buf
);
600 conn
->request_info
.log_message
= NULL
;
603 // Return OpenSSL error message
604 static const char *ssl_error(void) {
606 err
= ERR_get_error();
607 return err
== 0 ? "" : ERR_error_string(err
, NULL
);
610 // Return fake connection structure. Used for logging, if connection
611 // is not applicable at the moment of logging.
612 static struct mg_connection
*fc(struct mg_context
*ctx
) {
613 static struct mg_connection fake_connection
;
614 fake_connection
.ctx
= ctx
;
615 return &fake_connection
;
618 const char *mg_version(void) {
619 return MONGOOSE_VERSION
;
622 static void mg_strlcpy(char *dst
, const char *src
, size_t n
) {
623 for (; *src
!= '\0' && n
> 1; n
--) {
629 static int lowercase(const char *s
) {
630 return tolower(* (const unsigned char *) s
);
633 static int mg_strncasecmp(const char *s1
, const char *s2
, size_t len
) {
638 diff
= lowercase(s1
++) - lowercase(s2
++);
639 } while (diff
== 0 && s1
[-1] != '\0' && --len
> 0);
644 static int mg_strcasecmp(const char *s1
, const char *s2
) {
648 diff
= lowercase(s1
++) - lowercase(s2
++);
649 } while (diff
== 0 && s1
[-1] != '\0');
654 static char * mg_strndup(const char *ptr
, size_t len
) {
657 if ((p
= (char *) malloc(len
+ 1)) != NULL
) {
658 mg_strlcpy(p
, ptr
, len
+ 1);
664 static char * mg_strdup(const char *str
) {
665 return mg_strndup(str
, strlen(str
));
668 // Like snprintf(), but never returns negative value, or the value
669 // that is larger than a supplied buffer.
670 // Thanks to Adam Zeldis to pointing snprintf()-caused vulnerability
671 // in his audit report.
672 static int mg_vsnprintf(struct mg_connection
*conn
, char *buf
, size_t buflen
,
673 const char *fmt
, va_list ap
) {
679 n
= vsnprintf(buf
, buflen
, fmt
, ap
);
682 cry(conn
, "vsnprintf error");
684 } else if (n
>= (int) buflen
) {
685 cry(conn
, "truncating vsnprintf buffer: [%.*s]",
686 n
> 200 ? 200 : n
, buf
);
687 n
= (int) buflen
- 1;
694 static int mg_snprintf(struct mg_connection
*conn
, char *buf
, size_t buflen
,
695 const char *fmt
, ...) {
700 n
= mg_vsnprintf(conn
, buf
, buflen
, fmt
, ap
);
706 // Skip the characters until one of the delimiters characters found.
707 // 0-terminate resulting word. Skip the delimiter and following whitespaces if any.
708 // Advance pointer to buffer to the next word. Return found 0-terminated word.
709 // Delimiters can be quoted with quotechar.
710 static char *skip_quoted(char **buf
, const char *delimiters
, const char *whitespace
, char quotechar
) {
711 char *p
, *begin_word
, *end_word
, *end_whitespace
;
714 end_word
= begin_word
+ strcspn(begin_word
, delimiters
);
716 // Check for quotechar
717 if (end_word
> begin_word
) {
719 while (*p
== quotechar
) {
720 // If there is anything beyond end_word, copy it
721 if (*end_word
== '\0') {
725 size_t end_off
= strcspn(end_word
+ 1, delimiters
);
726 memmove (p
, end_word
, end_off
+ 1);
727 p
+= end_off
; // p must correspond to end_word - 1
728 end_word
+= end_off
+ 1;
731 for (p
++; p
< end_word
; p
++) {
736 if (*end_word
== '\0') {
739 end_whitespace
= end_word
+ 1 + strspn(end_word
+ 1, whitespace
);
741 for (p
= end_word
; p
< end_whitespace
; p
++) {
745 *buf
= end_whitespace
;
751 // Simplified version of skip_quoted without quote char
752 // and whitespace == delimiters
753 static char *skip(char **buf
, const char *delimiters
) {
754 return skip_quoted(buf
, delimiters
, delimiters
, 0);
758 // Return HTTP header value, or NULL if not found.
759 static const char *get_header(const struct mg_request_info
*ri
,
763 for (i
= 0; i
< ri
->num_headers
; i
++)
764 if (!mg_strcasecmp(name
, ri
->http_headers
[i
].name
))
765 return ri
->http_headers
[i
].value
;
770 const char *mg_get_header(const struct mg_connection
*conn
, const char *name
) {
771 return get_header(&conn
->request_info
, name
);
774 // A helper function for traversing comma separated list of values.
775 // It returns a list pointer shifted to the next value, of NULL if the end
776 // of the list found.
777 // Value is stored in val vector. If value has form "x=y", then eq_val
778 // vector is initialized to point to the "y" part, and val vector length
779 // is adjusted to point only to "x".
780 static const char *next_option(const char *list
, struct vec
*val
,
781 struct vec
*eq_val
) {
782 if (list
== NULL
|| *list
== '\0') {
787 if ((list
= strchr(val
->ptr
, ',')) != NULL
) {
788 // Comma found. Store length and shift the list ptr
789 val
->len
= list
- val
->ptr
;
792 // This value is the last one
793 list
= val
->ptr
+ strlen(val
->ptr
);
794 val
->len
= list
- val
->ptr
;
797 if (eq_val
!= NULL
) {
798 // Value has form "x=y", adjust pointers and lengths
799 // so that val points to "x", and eq_val points to "y".
801 eq_val
->ptr
= (const char *) memchr(val
->ptr
, '=', val
->len
);
802 if (eq_val
->ptr
!= NULL
) {
803 eq_val
->ptr
++; // Skip over '=' character
804 eq_val
->len
= val
->ptr
+ val
->len
- eq_val
->ptr
;
805 val
->len
= (eq_val
->ptr
- val
->ptr
) - 1;
813 static int match_extension(const char *path
, const char *ext_list
) {
817 path_len
= strlen(path
);
819 while ((ext_list
= next_option(ext_list
, &ext_vec
, NULL
)) != NULL
)
820 if (ext_vec
.len
< path_len
&&
821 mg_strncasecmp(path
+ path_len
- ext_vec
.len
,
822 ext_vec
.ptr
, ext_vec
.len
) == 0)
828 // HTTP 1.1 assumes keep alive if "Connection:" header is not set
829 // This function must tolerate situations when connection info is not
830 // set up, for example if request parsing failed.
831 static int should_keep_alive(const struct mg_connection
*conn
) {
832 const char *http_version
= conn
->request_info
.http_version
;
833 const char *header
= mg_get_header(conn
, "Connection");
834 return (header
== NULL
&& http_version
&& !strcmp(http_version
, "1.1")) ||
835 (header
!= NULL
&& !mg_strcasecmp(header
, "keep-alive"));
838 static const char *suggest_connection_header(const struct mg_connection
*conn
) {
839 return should_keep_alive(conn
) ? "keep-alive" : "close";
842 static void send_http_error(struct mg_connection
*conn
, int status
,
843 const char *reason
, const char *fmt
, ...) {
848 conn
->request_info
.status_code
= status
;
850 if (call_user(conn
, MG_HTTP_ERROR
) == NULL
) {
854 // Errors 1xx, 204 and 304 MUST NOT send a body
855 if (status
> 199 && status
!= 204 && status
!= 304) {
856 len
= mg_snprintf(conn
, buf
, sizeof(buf
), "Error %d: %s", status
, reason
);
857 cry(conn
, "%s", buf
);
861 len
+= mg_vsnprintf(conn
, buf
+ len
, sizeof(buf
) - len
, fmt
, ap
);
864 DEBUG_TRACE(("[%s]", buf
));
866 mg_printf(conn
, "HTTP/1.1 %d %s\r\n"
867 "Content-Type: text/plain\r\n"
868 "Content-Length: %d\r\n"
869 "Connection: %s\r\n\r\n", status
, reason
, len
,
870 suggest_connection_header(conn
));
871 conn
->num_bytes_sent
+= mg_printf(conn
, "%s", buf
);
875 #if defined(_WIN32) && !defined(__SYMBIAN32__)
876 static int pthread_mutex_init(pthread_mutex_t
*mutex
, void *unused
) {
878 *mutex
= CreateMutex(NULL
, FALSE
, NULL
);
879 return *mutex
== NULL
? -1 : 0;
882 static int pthread_mutex_destroy(pthread_mutex_t
*mutex
) {
883 return CloseHandle(*mutex
) == 0 ? -1 : 0;
886 static int pthread_mutex_lock(pthread_mutex_t
*mutex
) {
887 return WaitForSingleObject(*mutex
, INFINITE
) == WAIT_OBJECT_0
? 0 : -1;
890 static int pthread_mutex_unlock(pthread_mutex_t
*mutex
) {
891 return ReleaseMutex(*mutex
) == 0 ? -1 : 0;
894 static int pthread_cond_init(pthread_cond_t
*cv
, const void *unused
) {
896 cv
->signal
= CreateEvent(NULL
, FALSE
, FALSE
, NULL
);
897 cv
->broadcast
= CreateEvent(NULL
, TRUE
, FALSE
, NULL
);
898 return cv
->signal
!= NULL
&& cv
->broadcast
!= NULL
? 0 : -1;
901 static int pthread_cond_wait(pthread_cond_t
*cv
, pthread_mutex_t
*mutex
) {
902 HANDLE handles
[] = {cv
->signal
, cv
->broadcast
};
903 ReleaseMutex(*mutex
);
904 WaitForMultipleObjects(2, handles
, FALSE
, INFINITE
);
905 return WaitForSingleObject(*mutex
, INFINITE
) == WAIT_OBJECT_0
? 0 : -1;
908 static int pthread_cond_signal(pthread_cond_t
*cv
) {
909 return SetEvent(cv
->signal
) == 0 ? -1 : 0;
912 static int pthread_cond_broadcast(pthread_cond_t
*cv
) {
913 // Implementation with PulseEvent() has race condition, see
914 // http://www.cs.wustl.edu/~schmidt/win32-cv-1.html
915 return PulseEvent(cv
->broadcast
) == 0 ? -1 : 0;
918 static int pthread_cond_destroy(pthread_cond_t
*cv
) {
919 return CloseHandle(cv
->signal
) && CloseHandle(cv
->broadcast
) ? 0 : -1;
922 // For Windows, change all slashes to backslashes in path names.
923 static void change_slashes_to_backslashes(char *path
) {
926 for (i
= 0; path
[i
] != '\0'; i
++) {
929 // i > 0 check is to preserve UNC paths, like \\server\file.txt
930 if (path
[i
] == '\\' && i
> 0)
931 while (path
[i
+ 1] == '\\' || path
[i
+ 1] == '/')
932 (void) memmove(path
+ i
+ 1,
933 path
+ i
+ 2, strlen(path
+ i
+ 1));
937 // Encode 'path' which is assumed UTF-8 string, into UNICODE string.
938 // wbuf and wbuf_len is a target buffer and its length.
939 static void to_unicode(const char *path
, wchar_t *wbuf
, size_t wbuf_len
) {
940 char buf
[PATH_MAX
], buf2
[PATH_MAX
], *p
;
942 mg_strlcpy(buf
, path
, sizeof(buf
));
943 change_slashes_to_backslashes(buf
);
945 // Point p to the end of the file name
946 p
= buf
+ strlen(buf
) - 1;
948 // Trim trailing backslash character
949 while (p
> buf
&& *p
== '\\' && p
[-1] != ':') {
953 // Protect from CGI code disclosure.
954 // This is very nasty hole. Windows happily opens files with
955 // some garbage in the end of file name. So fopen("a.cgi ", "r")
956 // actually opens "a.cgi", and does not return an error!
957 if (*p
== 0x20 || // No space at the end
958 (*p
== 0x2e && p
> buf
) || // No '.' but allow '.' as full path
959 *p
== 0x2b || // No '+'
960 (*p
& ~0x7f)) { // And generally no non-ascii chars
961 (void) fprintf(stderr
, "Rejecting suspicious path: [%s]", buf
);
964 // Convert to Unicode and back. If doubly-converted string does not
965 // match the original, something is fishy, reject.
966 MultiByteToWideChar(CP_UTF8
, 0, buf
, -1, wbuf
, (int) wbuf_len
);
967 WideCharToMultiByte(CP_UTF8
, 0, wbuf
, (int) wbuf_len
, buf2
, sizeof(buf2
),
969 if (strcmp(buf
, buf2
) != 0) {
975 #if defined(_WIN32_WCE)
976 static time_t time(time_t *ptime
) {
982 SystemTimeToFileTime(&st
, &ft
);
983 t
= SYS2UNIX_TIME(ft
.dwLowDateTime
, ft
.dwHighDateTime
);
992 static struct tm
*localtime(const time_t *ptime
, struct tm
*ptm
) {
993 int64_t t
= ((int64_t) *ptime
) * RATE_DIFF
+ EPOCH_DIFF
;
996 TIME_ZONE_INFORMATION tzinfo
;
1002 * (int64_t *) &ft
= t
;
1003 FileTimeToLocalFileTime(&ft
, &lft
);
1004 FileTimeToSystemTime(&lft
, &st
);
1005 ptm
->tm_year
= st
.wYear
- 1900;
1006 ptm
->tm_mon
= st
.wMonth
- 1;
1007 ptm
->tm_wday
= st
.wDayOfWeek
;
1008 ptm
->tm_mday
= st
.wDay
;
1009 ptm
->tm_hour
= st
.wHour
;
1010 ptm
->tm_min
= st
.wMinute
;
1011 ptm
->tm_sec
= st
.wSecond
;
1012 ptm
->tm_yday
= 0; // hope nobody uses this
1014 GetTimeZoneInformation(&tzinfo
) == TIME_ZONE_ID_DAYLIGHT
? 1 : 0;
1019 static struct tm
*gmtime(const time_t *ptime
, struct tm
*ptm
) {
1020 // FIXME(lsm): fix this.
1021 return localtime(ptime
, ptm
);
1024 static size_t strftime(char *dst
, size_t dst_size
, const char *fmt
,
1025 const struct tm
*tm
) {
1026 (void) snprintf(dst
, dst_size
, "implement strftime() for WinCE");
1031 static int mg_rename(const char* oldname
, const char* newname
) {
1032 wchar_t woldbuf
[PATH_MAX
];
1033 wchar_t wnewbuf
[PATH_MAX
];
1035 to_unicode(oldname
, woldbuf
, ARRAY_SIZE(woldbuf
));
1036 to_unicode(newname
, wnewbuf
, ARRAY_SIZE(wnewbuf
));
1038 return MoveFileW(woldbuf
, wnewbuf
) ? 0 : -1;
1042 static FILE *mg_fopen(const char *path
, const char *mode
) {
1043 wchar_t wbuf
[PATH_MAX
], wmode
[20];
1045 to_unicode(path
, wbuf
, ARRAY_SIZE(wbuf
));
1046 MultiByteToWideChar(CP_UTF8
, 0, mode
, -1, wmode
, ARRAY_SIZE(wmode
));
1048 return _wfopen(wbuf
, wmode
);
1051 static int mg_stat(const char *path
, struct mgstat
*stp
) {
1052 int ok
= -1; // Error
1053 wchar_t wbuf
[PATH_MAX
];
1054 WIN32_FILE_ATTRIBUTE_DATA info
;
1056 to_unicode(path
, wbuf
, ARRAY_SIZE(wbuf
));
1058 if (GetFileAttributesExW(wbuf
, GetFileExInfoStandard
, &info
) != 0) {
1059 stp
->size
= MAKEUQUAD(info
.nFileSizeLow
, info
.nFileSizeHigh
);
1060 stp
->mtime
= SYS2UNIX_TIME(info
.ftLastWriteTime
.dwLowDateTime
,
1061 info
.ftLastWriteTime
.dwHighDateTime
);
1063 info
.dwFileAttributes
& FILE_ATTRIBUTE_DIRECTORY
;
1070 static int mg_remove(const char *path
) {
1071 wchar_t wbuf
[PATH_MAX
];
1072 to_unicode(path
, wbuf
, ARRAY_SIZE(wbuf
));
1073 return DeleteFileW(wbuf
) ? 0 : -1;
1076 static int mg_mkdir(const char *path
, int mode
) {
1078 wchar_t wbuf
[PATH_MAX
];
1081 mg_strlcpy(buf
, path
, sizeof(buf
));
1082 change_slashes_to_backslashes(buf
);
1084 (void) MultiByteToWideChar(CP_UTF8
, 0, buf
, -1, wbuf
, sizeof(wbuf
));
1086 return CreateDirectoryW(wbuf
, NULL
) ? 0 : -1;
1089 // Implementation of POSIX opendir/closedir/readdir for Windows.
1090 static DIR * opendir(const char *name
) {
1092 wchar_t wpath
[PATH_MAX
];
1096 SetLastError(ERROR_BAD_ARGUMENTS
);
1097 } else if ((dir
= (DIR *) malloc(sizeof(*dir
))) == NULL
) {
1098 SetLastError(ERROR_NOT_ENOUGH_MEMORY
);
1100 to_unicode(name
, wpath
, ARRAY_SIZE(wpath
));
1101 attrs
= GetFileAttributesW(wpath
);
1102 if (attrs
!= 0xFFFFFFFF &&
1103 ((attrs
& FILE_ATTRIBUTE_DIRECTORY
) == FILE_ATTRIBUTE_DIRECTORY
)) {
1104 (void) wcscat(wpath
, L
"\\*");
1105 dir
->handle
= FindFirstFileW(wpath
, &dir
->info
);
1106 dir
->result
.d_name
[0] = '\0';
1116 static int closedir(DIR *dir
) {
1120 if (dir
->handle
!= INVALID_HANDLE_VALUE
)
1121 result
= FindClose(dir
->handle
) ? 0 : -1;
1126 SetLastError(ERROR_BAD_ARGUMENTS
);
1132 struct dirent
* readdir(DIR *dir
) {
1133 struct dirent
*result
= 0;
1136 if (dir
->handle
!= INVALID_HANDLE_VALUE
) {
1137 result
= &dir
->result
;
1138 (void) WideCharToMultiByte(CP_UTF8
, 0,
1139 dir
->info
.cFileName
, -1, result
->d_name
,
1140 sizeof(result
->d_name
), NULL
, NULL
);
1142 if (!FindNextFileW(dir
->handle
, &dir
->info
)) {
1143 (void) FindClose(dir
->handle
);
1144 dir
->handle
= INVALID_HANDLE_VALUE
;
1148 SetLastError(ERROR_FILE_NOT_FOUND
);
1151 SetLastError(ERROR_BAD_ARGUMENTS
);
1157 #define set_close_on_exec(fd) // No FD_CLOEXEC on Windows
1159 static int start_thread(struct mg_context
*ctx
, mg_thread_func_t f
, void *p
) {
1160 return _beginthread((void (__cdecl
*)(void *)) f
, 0, p
) == -1L ? -1 : 0;
1163 static HANDLE
dlopen(const char *dll_name
, int flags
) {
1164 wchar_t wbuf
[PATH_MAX
];
1165 flags
= 0; // Unused
1166 to_unicode(dll_name
, wbuf
, ARRAY_SIZE(wbuf
));
1167 return LoadLibraryW(wbuf
);
1170 #if !defined(NO_CGI)
1172 static int kill(pid_t pid
, int sig_num
) {
1173 (void) TerminateProcess(pid
, sig_num
);
1174 (void) CloseHandle(pid
);
1178 static pid_t
spawn_process(struct mg_connection
*conn
, const char *prog
,
1179 char *envblk
, char *envp
[], int fd_stdin
,
1180 int fd_stdout
, const char *dir
) {
1182 char *p
, *interp
, cmdline
[PATH_MAX
], buf
[PATH_MAX
];
1185 PROCESS_INFORMATION pi
;
1187 envp
= NULL
; // Unused
1189 (void) memset(&si
, 0, sizeof(si
));
1190 (void) memset(&pi
, 0, sizeof(pi
));
1192 // TODO(lsm): redirect CGI errors to the error log file
1194 si
.dwFlags
= STARTF_USESTDHANDLES
| STARTF_USESHOWWINDOW
;
1195 si
.wShowWindow
= SW_HIDE
;
1197 me
= GetCurrentProcess();
1198 (void) DuplicateHandle(me
, (HANDLE
) _get_osfhandle(fd_stdin
), me
,
1199 &si
.hStdInput
, 0, TRUE
, DUPLICATE_SAME_ACCESS
);
1200 (void) DuplicateHandle(me
, (HANDLE
) _get_osfhandle(fd_stdout
), me
,
1201 &si
.hStdOutput
, 0, TRUE
, DUPLICATE_SAME_ACCESS
);
1203 // If CGI file is a script, try to read the interpreter line
1204 interp
= conn
->ctx
->config
[CGI_INTERPRETER
];
1205 if (interp
== NULL
) {
1207 mg_snprintf(conn
, cmdline
, sizeof(cmdline
), "%s%c%s", dir
, DIRSEP
, prog
);
1208 if ((fp
= fopen(cmdline
, "r")) != NULL
) {
1209 (void) fgets(buf
, sizeof(buf
), fp
);
1210 if (buf
[0] != '#' || buf
[1] != '!') {
1211 // First line does not start with "#!". Do not set interpreter.
1214 // Trim whitespaces in interpreter name
1215 for (p
= &buf
[strlen(buf
) - 1]; p
> buf
&& isspace(*p
); p
--) {
1224 (void) mg_snprintf(conn
, cmdline
, sizeof(cmdline
), "%s%s%s%c%s",
1225 interp
, interp
[0] == '\0' ? "" : " ", dir
, DIRSEP
, prog
);
1227 DEBUG_TRACE(("Running [%s]", cmdline
));
1228 if (CreateProcessA(NULL
, cmdline
, NULL
, NULL
, TRUE
,
1229 CREATE_NEW_PROCESS_GROUP
, envblk
, dir
, &si
, &pi
) == 0) {
1230 cry(conn
, "%s: CreateProcess(%s): %d",
1231 __func__
, cmdline
, ERRNO
);
1232 pi
.hProcess
= (pid_t
) -1;
1234 (void) close(fd_stdin
);
1235 (void) close(fd_stdout
);
1238 (void) CloseHandle(si
.hStdOutput
);
1239 (void) CloseHandle(si
.hStdInput
);
1240 (void) CloseHandle(pi
.hThread
);
1242 return (pid_t
) pi
.hProcess
;
1246 static int set_non_blocking_mode(SOCKET sock
) {
1247 unsigned long on
= 1;
1248 return ioctlsocket(sock
, FIONBIO
, &on
);
1252 static int mg_stat(const char *path
, struct mgstat
*stp
) {
1256 if (stat(path
, &st
) == 0) {
1258 stp
->size
= st
.st_size
;
1259 stp
->mtime
= st
.st_mtime
;
1260 stp
->is_directory
= S_ISDIR(st
.st_mode
);
1268 static void set_close_on_exec(int fd
) {
1269 (void) fcntl(fd
, F_SETFD
, FD_CLOEXEC
);
1272 static int start_thread(struct mg_context
*ctx
, mg_thread_func_t func
,
1274 pthread_t thread_id
;
1275 pthread_attr_t attr
;
1278 (void) pthread_attr_init(&attr
);
1279 (void) pthread_attr_setdetachstate(&attr
, PTHREAD_CREATE_DETACHED
);
1280 // TODO(lsm): figure out why mongoose dies on Linux if next line is enabled
1281 // (void) pthread_attr_setstacksize(&attr, sizeof(struct mg_connection) * 5);
1283 if ((retval
= pthread_create(&thread_id
, &attr
, func
, param
)) != 0) {
1284 cry(fc(ctx
), "%s: %s", __func__
, strerror(retval
));
1291 static pid_t
spawn_process(struct mg_connection
*conn
, const char *prog
,
1292 char *envblk
, char *envp
[], int fd_stdin
,
1293 int fd_stdout
, const char *dir
) {
1297 envblk
= NULL
; // Unused
1299 if ((pid
= fork()) == -1) {
1301 send_http_error(conn
, 500, http_500_error
, "fork(): %s", strerror(ERRNO
));
1302 } else if (pid
== 0) {
1304 if (chdir(dir
) != 0) {
1305 cry(conn
, "%s: chdir(%s): %s", __func__
, dir
, strerror(ERRNO
));
1306 } else if (dup2(fd_stdin
, 0) == -1) {
1307 cry(conn
, "%s: dup2(%d, 0): %s", __func__
, fd_stdin
, strerror(ERRNO
));
1308 } else if (dup2(fd_stdout
, 1) == -1) {
1309 cry(conn
, "%s: dup2(%d, 1): %s", __func__
, fd_stdout
, strerror(ERRNO
));
1311 (void) dup2(fd_stdout
, 2);
1312 (void) close(fd_stdin
);
1313 (void) close(fd_stdout
);
1315 // Execute CGI program. No need to lock: new process
1316 interp
= conn
->ctx
->config
[CGI_INTERPRETER
];
1317 if (interp
== NULL
) {
1318 (void) execle(prog
, prog
, NULL
, envp
);
1319 cry(conn
, "%s: execle(%s): %s", __func__
, prog
, strerror(ERRNO
));
1321 (void) execle(interp
, interp
, prog
, NULL
, envp
);
1322 cry(conn
, "%s: execle(%s %s): %s", __func__
, interp
, prog
,
1328 // Parent. Close stdio descriptors
1329 (void) close(fd_stdin
);
1330 (void) close(fd_stdout
);
1337 static int set_non_blocking_mode(SOCKET sock
) {
1340 flags
= fcntl(sock
, F_GETFL
, 0);
1341 (void) fcntl(sock
, F_SETFL
, flags
| O_NONBLOCK
);
1347 // Write data to the IO channel - opened file descriptor, socket or SSL
1348 // descriptor. Return number of bytes written.
1349 static int64_t push(FILE *fp
, SOCKET sock
, SSL
*ssl
, const char *buf
,
1355 while (sent
< len
) {
1357 // How many bytes we send in this iteration
1358 k
= len
- sent
> INT_MAX
? INT_MAX
: (int) (len
- sent
);
1361 n
= SSL_write(ssl
, buf
+ sent
, k
);
1362 } else if (fp
!= NULL
) {
1363 n
= fwrite(buf
+ sent
, 1, (size_t)k
, fp
);
1367 n
= send(sock
, buf
+ sent
, (size_t)k
, 0);
1379 // Read from IO channel - opened file descriptor, socket, or SSL descriptor.
1380 // Return number of bytes read.
1381 static int pull(FILE *fp
, SOCKET sock
, SSL
*ssl
, char *buf
, int len
) {
1385 nread
= SSL_read(ssl
, buf
, len
);
1386 } else if (fp
!= NULL
) {
1387 // Use read() instead of fread(), because if we're reading from the CGI
1388 // pipe, fread() may block until IO buffer is filled up. We cannot afford
1389 // to block and must pass all read bytes immediately to the client.
1390 nread
= read(fileno(fp
), buf
, (size_t) len
);
1394 nread
= recv(sock
, buf
, (size_t) len
, 0);
1400 int mg_read(struct mg_connection
*conn
, void *buf
, size_t len
) {
1401 int n
, buffered_len
, nread
;
1402 const char *buffered
;
1404 assert((conn
->content_len
== -1 && conn
->consumed_content
== 0) ||
1405 conn
->consumed_content
<= conn
->content_len
);
1406 DEBUG_TRACE(("%p %zu %lld %lld", buf
, len
,
1407 conn
->content_len
, conn
->consumed_content
));
1409 if (conn
->consumed_content
< conn
->content_len
) {
1411 // Adjust number of bytes to read.
1412 int64_t to_read
= conn
->content_len
- conn
->consumed_content
;
1413 if (to_read
< (int64_t) len
) {
1414 len
= (int) to_read
;
1417 // How many bytes of data we have buffered in the request buffer?
1418 buffered
= conn
->buf
+ conn
->request_len
+ conn
->consumed_content
;
1419 buffered_len
= conn
->data_len
- conn
->request_len
;
1420 assert(buffered_len
>= 0);
1422 // Return buffered data back if we haven't done that yet.
1423 if (conn
->consumed_content
< (int64_t) buffered_len
) {
1424 buffered_len
-= (int) conn
->consumed_content
;
1425 if (len
< (size_t) buffered_len
) {
1428 memcpy(buf
, buffered
, (size_t)buffered_len
);
1429 len
-= buffered_len
;
1430 buf
= (char *) buf
+ buffered_len
;
1431 conn
->consumed_content
+= buffered_len
;
1432 nread
= buffered_len
;
1435 // We have returned all buffered data. Read new data from the remote socket.
1437 n
= pull(NULL
, conn
->client
.sock
, conn
->ssl
, (char *) buf
, (int) len
);
1441 buf
= (char *) buf
+ n
;
1442 conn
->consumed_content
+= n
;
1450 int mg_write(struct mg_connection
*conn
, const void *buf
, size_t len
) {
1451 return (int) push(NULL
, conn
->client
.sock
, conn
->ssl
,
1452 (const char *) buf
, (int64_t) len
);
1455 int mg_printf(struct mg_connection
*conn
, const char *fmt
, ...) {
1461 len
= mg_vsnprintf(conn
, buf
, sizeof(buf
), fmt
, ap
);
1464 return mg_write(conn
, buf
, (size_t)len
);
1467 // URL-decode input buffer into destination buffer.
1468 // 0-terminate the destination buffer. Return the length of decoded data.
1469 // form-url-encoded data differs from URI encoding in a way that it
1470 // uses '+' as character for space, see RFC 1866 section 8.2.1
1471 // http://ftp.ics.uci.edu/pub/ietf/html/rfc1866.txt
1472 static size_t url_decode(const char *src
, size_t src_len
, char *dst
,
1473 size_t dst_len
, int is_form_url_encoded
) {
1476 #define HEXTOI(x) (isdigit(x) ? x - '0' : x - 'W')
1478 for (i
= j
= 0; i
< src_len
&& j
< dst_len
- 1; i
++, j
++) {
1479 if (src
[i
] == '%' &&
1480 isxdigit(* (const unsigned char *) (src
+ i
+ 1)) &&
1481 isxdigit(* (const unsigned char *) (src
+ i
+ 2))) {
1482 a
= tolower(* (const unsigned char *) (src
+ i
+ 1));
1483 b
= tolower(* (const unsigned char *) (src
+ i
+ 2));
1484 dst
[j
] = (char) ((HEXTOI(a
) << 4) | HEXTOI(b
));
1486 } else if (is_form_url_encoded
&& src
[i
] == '+') {
1493 dst
[j
] = '\0'; // Null-terminate the destination
1498 // Scan given buffer and fetch the value of the given variable.
1499 // It can be specified in query string, or in the POST data.
1500 // Return NULL if the variable not found, or allocated 0-terminated value.
1501 // It is caller's responsibility to free the returned value.
1502 int mg_get_var(const char *buf
, size_t buf_len
, const char *name
,
1503 char *dst
, size_t dst_len
) {
1504 const char *p
, *e
, *s
;
1505 size_t name_len
, len
;
1507 name_len
= strlen(name
);
1512 // buf is "var1=val1&var2=val2...". Find variable first
1513 for (p
= buf
; p
!= NULL
&& p
+ name_len
< e
; p
++) {
1514 if ((p
== buf
|| p
[-1] == '&') && p
[name_len
] == '=' &&
1515 !mg_strncasecmp(name
, p
, name_len
)) {
1517 // Point p to variable value
1520 // Point s to the end of the value
1521 s
= (const char *) memchr(p
, '&', (size_t)(e
- p
));
1527 // Decode variable into destination buffer
1528 if ((size_t) (s
- p
) < dst_len
) {
1529 len
= url_decode(p
, (size_t)(s
- p
), dst
, dst_len
, 1);
1538 int mg_get_cookie(const struct mg_connection
*conn
, const char *cookie_name
,
1539 char *dst
, size_t dst_size
) {
1540 const char *s
, *p
, *end
;
1541 int name_len
, len
= -1;
1544 if ((s
= mg_get_header(conn
, "Cookie")) == NULL
) {
1548 name_len
= strlen(cookie_name
);
1549 end
= s
+ strlen(s
);
1551 for (; (s
= strstr(s
, cookie_name
)) != NULL
; s
+= name_len
)
1552 if (s
[name_len
] == '=') {
1554 if ((p
= strchr(s
, ' ')) == NULL
)
1558 if (*s
== '"' && p
[-1] == '"' && p
> s
+ 1) {
1562 if ((size_t) (p
- s
) < dst_size
) {
1564 mg_strlcpy(dst
, s
, (size_t)len
);
1572 // Mongoose allows to specify multiple directories to serve,
1573 // like /var/www,/~bob=/home/bob. That means that root directory depends on URI.
1574 // This function returns root dir for given URI.
1575 static int get_document_root(const struct mg_connection
*conn
,
1576 struct vec
*document_root
) {
1577 const char *root
, *uri
;
1578 int len_of_matched_uri
;
1579 struct vec uri_vec
, path_vec
;
1581 uri
= conn
->request_info
.uri
;
1582 len_of_matched_uri
= 0;
1583 root
= next_option(conn
->ctx
->config
[DOCUMENT_ROOT
], document_root
, NULL
);
1585 while ((root
= next_option(root
, &uri_vec
, &path_vec
)) != NULL
) {
1586 if (memcmp(uri
, uri_vec
.ptr
, uri_vec
.len
) == 0) {
1587 *document_root
= path_vec
;
1588 len_of_matched_uri
= uri_vec
.len
;
1593 return len_of_matched_uri
;
1596 static void convert_uri_to_file_name(struct mg_connection
*conn
,
1597 const char *uri
, char *buf
,
1599 struct vec vec
= {0};
1602 match_len
= get_document_root(conn
, &vec
);
1603 mg_snprintf(conn
, buf
, buf_len
, "%.*s%s", (int) vec
.len
, vec
.ptr
, uri
+ match_len
);
1605 #if defined(_WIN32) && !defined(__SYMBIAN32__)
1606 change_slashes_to_backslashes(buf
);
1609 DEBUG_TRACE(("[%s] -> [%s], [%.*s]", uri
, buf
, (int) vec
.len
, vec
.ptr
));
1612 static int sslize(struct mg_connection
*conn
, int (*func
)(SSL
*)) {
1613 return (conn
->ssl
= SSL_new(conn
->ctx
->ssl_ctx
)) != NULL
&&
1614 SSL_set_fd(conn
->ssl
, conn
->client
.sock
) == 1 &&
1615 func(conn
->ssl
) == 1;
1618 static struct mg_connection
*mg_connect(struct mg_connection
*conn
,
1619 const char *host
, int port
, int use_ssl
) {
1620 struct mg_connection
*newconn
= NULL
;
1621 struct sockaddr_in sin
;
1625 if (conn
->ctx
->ssl_ctx
== NULL
&& use_ssl
) {
1626 cry(conn
, "%s: SSL is not initialized", __func__
);
1627 } else if ((he
= gethostbyname(host
)) == NULL
) {
1628 cry(conn
, "%s: gethostbyname(%s): %s", __func__
, host
, strerror(ERRNO
));
1629 } else if ((sock
= socket(PF_INET
, SOCK_STREAM
, 0)) == INVALID_SOCKET
) {
1630 cry(conn
, "%s: socket: %s", __func__
, strerror(ERRNO
));
1632 sin
.sin_family
= AF_INET
;
1633 sin
.sin_port
= htons((uint16_t) port
);
1634 sin
.sin_addr
= * (struct in_addr
*) he
->h_addr_list
[0];
1635 if (connect(sock
, (struct sockaddr
*) &sin
, sizeof(sin
)) != 0) {
1636 cry(conn
, "%s: connect(%s:%d): %s", __func__
, host
, port
,
1639 } else if ((newconn
= (struct mg_connection
*)
1640 calloc(1, sizeof(*newconn
))) == NULL
) {
1641 cry(conn
, "%s: calloc: %s", __func__
, strerror(ERRNO
));
1644 newconn
->client
.sock
= sock
;
1645 newconn
->client
.rsa
.u
.sin
= sin
;
1647 sslize(newconn
, SSL_connect
);
1655 // Check whether full request is buffered. Return:
1656 // -1 if request is malformed
1657 // 0 if request is not yet fully buffered
1658 // >0 actual request length, including last \r\n\r\n
1659 static int get_request_len(const char *buf
, int buflen
) {
1663 DEBUG_TRACE(("buf: %p, len: %d", buf
, buflen
));
1664 for (s
= buf
, e
= s
+ buflen
- 1; len
<= 0 && s
< e
; s
++)
1665 // Control characters are not allowed but >=128 is.
1666 if (!isprint(* (const unsigned char *) s
) && *s
!= '\r' &&
1667 *s
!= '\n' && * (const unsigned char *) s
< 128) {
1669 } else if (s
[0] == '\n' && s
[1] == '\n') {
1670 len
= (int) (s
- buf
) + 2;
1671 } else if (s
[0] == '\n' && &s
[1] < e
&&
1672 s
[1] == '\r' && s
[2] == '\n') {
1673 len
= (int) (s
- buf
) + 3;
1679 // Convert month to the month number. Return -1 on error, or month number
1680 static int get_month_index(const char *s
) {
1683 for (i
= 0; i
< ARRAY_SIZE(month_names
); i
++)
1684 if (!strcmp(s
, month_names
[i
]))
1690 // Parse UTC date-time string, and return the corresponding time_t value.
1691 static time_t parse_date_string(const char *datetime
) {
1692 static const unsigned short days_before_month
[] = {
1693 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
1696 int second
, minute
, hour
, day
, month
, year
, leap_days
, days
;
1697 time_t result
= (time_t) 0;
1699 if (((sscanf(datetime
, "%d/%3s/%d %d:%d:%d",
1700 &day
, month_str
, &year
, &hour
, &minute
, &second
) == 6) ||
1701 (sscanf(datetime
, "%d %3s %d %d:%d:%d",
1702 &day
, month_str
, &year
, &hour
, &minute
, &second
) == 6) ||
1703 (sscanf(datetime
, "%*3s, %d %3s %d %d:%d:%d",
1704 &day
, month_str
, &year
, &hour
, &minute
, &second
) == 6) ||
1705 (sscanf(datetime
, "%d-%3s-%d %d:%d:%d",
1706 &day
, month_str
, &year
, &hour
, &minute
, &second
) == 6)) &&
1708 (month
= get_month_index(month_str
)) != -1) {
1710 leap_days
= year
/ 4 - year
/ 100 + year
/ 400;
1711 days
= year
* 365 + days_before_month
[month
] + (day
- 1) + leap_days
;
1712 result
= days
* 24 * 3600 + hour
* 3600 + minute
* 60 + second
;
1718 // Protect against directory disclosure attack by removing '..',
1719 // excessive '/' and '\' characters
1720 static void remove_double_dots_and_double_slashes(char *s
) {
1723 while (*s
!= '\0') {
1725 if (s
[-1] == '/' || s
[-1] == '\\') {
1726 // Skip all following slashes and backslashes
1727 while (*s
== '/' || *s
== '\\') {
1731 // Skip all double-dots
1732 while (*s
== '.' && s
[1] == '.') {
1740 static const struct {
1741 const char *extension
;
1743 const char *mime_type
;
1744 size_t mime_type_len
;
1745 } builtin_mime_types
[] = {
1746 {".html", 5, "text/html", 9},
1747 {".htm", 4, "text/html", 9},
1748 {".shtm", 5, "text/html", 9},
1749 {".shtml", 6, "text/html", 9},
1750 {".css", 4, "text/css", 8},
1751 {".js", 3, "application/x-javascript", 24},
1752 {".ico", 4, "image/x-icon", 12},
1753 {".gif", 4, "image/gif", 9},
1754 {".jpg", 4, "image/jpeg", 10},
1755 {".jpeg", 5, "image/jpeg", 10},
1756 {".png", 4, "image/png", 9},
1757 {".svg", 4, "image/svg+xml", 13},
1758 {".torrent", 8, "application/x-bittorrent", 24},
1759 {".wav", 4, "audio/x-wav", 11},
1760 {".mp3", 4, "audio/x-mp3", 11},
1761 {".mid", 4, "audio/mid", 9},
1762 {".m3u", 4, "audio/x-mpegurl", 15},
1763 {".ram", 4, "audio/x-pn-realaudio", 20},
1764 {".xml", 4, "text/xml", 8},
1765 {".xslt", 5, "application/xml", 15},
1766 {".ra", 3, "audio/x-pn-realaudio", 20},
1767 {".doc", 4, "application/msword", 19},
1768 {".exe", 4, "application/octet-stream", 24},
1769 {".zip", 4, "application/x-zip-compressed", 28},
1770 {".xls", 4, "application/excel", 17},
1771 {".tgz", 4, "application/x-tar-gz", 20},
1772 {".tar", 4, "application/x-tar", 17},
1773 {".gz", 3, "application/x-gunzip", 20},
1774 {".arj", 4, "application/x-arj-compressed", 28},
1775 {".rar", 4, "application/x-arj-compressed", 28},
1776 {".rtf", 4, "application/rtf", 15},
1777 {".pdf", 4, "application/pdf", 15},
1778 {".swf", 4, "application/x-shockwave-flash",29},
1779 {".mpg", 4, "video/mpeg", 10},
1780 {".mpeg", 5, "video/mpeg", 10},
1781 {".mp4", 4, "video/mp4", 9},
1782 {".m4v", 4, "video/x-m4v", 11},
1783 {".asf", 4, "video/x-ms-asf", 14},
1784 {".avi", 4, "video/x-msvideo", 15},
1785 {".bmp", 4, "image/bmp", 9},
1789 // Look at the "path" extension and figure what mime type it has.
1790 // Store mime type in the vector.
1791 static void get_mime_type(struct mg_context
*ctx
, const char *path
,
1793 struct vec ext_vec
, mime_vec
;
1794 const char *list
, *ext
;
1797 path_len
= strlen(path
);
1799 // Scan user-defined mime types first, in case user wants to
1800 // override default mime types.
1801 list
= ctx
->config
[EXTRA_MIME_TYPES
];
1802 while ((list
= next_option(list
, &ext_vec
, &mime_vec
)) != NULL
) {
1803 // ext now points to the path suffix
1804 ext
= path
+ path_len
- ext_vec
.len
;
1805 if (mg_strncasecmp(ext
, ext_vec
.ptr
, ext_vec
.len
) == 0) {
1811 // Now scan built-in mime types
1812 for (i
= 0; builtin_mime_types
[i
].extension
!= NULL
; i
++) {
1813 ext
= path
+ (path_len
- builtin_mime_types
[i
].ext_len
);
1814 if (path_len
> builtin_mime_types
[i
].ext_len
&&
1815 mg_strcasecmp(ext
, builtin_mime_types
[i
].extension
) == 0) {
1816 vec
->ptr
= builtin_mime_types
[i
].mime_type
;
1817 vec
->len
= builtin_mime_types
[i
].mime_type_len
;
1822 // Nothing found. Fall back to "text/plain"
1823 vec
->ptr
= "text/plain";
1828 typedef struct MD5Context
{
1831 unsigned char in
[64];
1834 #if defined(__BYTE_ORDER) && (__BYTE_ORDER == 1234)
1835 #define byteReverse(buf, len) // Do nothing
1837 static void byteReverse(unsigned char *buf
, unsigned longs
) {
1840 t
= (uint32_t) ((unsigned) buf
[3] << 8 | buf
[2]) << 16 |
1841 ((unsigned) buf
[1] << 8 | buf
[0]);
1842 *(uint32_t *) buf
= t
;
1848 #define F1(x, y, z) (z ^ (x & (y ^ z)))
1849 #define F2(x, y, z) F1(z, x, y)
1850 #define F3(x, y, z) (x ^ y ^ z)
1851 #define F4(x, y, z) (y ^ (x | ~z))
1853 #define MD5STEP(f, w, x, y, z, data, s) \
1854 ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
1856 // Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
1857 // initialization constants.
1858 static void MD5Init(MD5_CTX
*ctx
) {
1859 ctx
->buf
[0] = 0x67452301;
1860 ctx
->buf
[1] = 0xefcdab89;
1861 ctx
->buf
[2] = 0x98badcfe;
1862 ctx
->buf
[3] = 0x10325476;
1868 static void MD5Transform(uint32_t buf
[4], uint32_t const in
[16]) {
1869 uint32_t a
, b
, c
, d
;
1876 MD5STEP(F1
, a
, b
, c
, d
, in
[0] + 0xd76aa478, 7);
1877 MD5STEP(F1
, d
, a
, b
, c
, in
[1] + 0xe8c7b756, 12);
1878 MD5STEP(F1
, c
, d
, a
, b
, in
[2] + 0x242070db, 17);
1879 MD5STEP(F1
, b
, c
, d
, a
, in
[3] + 0xc1bdceee, 22);
1880 MD5STEP(F1
, a
, b
, c
, d
, in
[4] + 0xf57c0faf, 7);
1881 MD5STEP(F1
, d
, a
, b
, c
, in
[5] + 0x4787c62a, 12);
1882 MD5STEP(F1
, c
, d
, a
, b
, in
[6] + 0xa8304613, 17);
1883 MD5STEP(F1
, b
, c
, d
, a
, in
[7] + 0xfd469501, 22);
1884 MD5STEP(F1
, a
, b
, c
, d
, in
[8] + 0x698098d8, 7);
1885 MD5STEP(F1
, d
, a
, b
, c
, in
[9] + 0x8b44f7af, 12);
1886 MD5STEP(F1
, c
, d
, a
, b
, in
[10] + 0xffff5bb1, 17);
1887 MD5STEP(F1
, b
, c
, d
, a
, in
[11] + 0x895cd7be, 22);
1888 MD5STEP(F1
, a
, b
, c
, d
, in
[12] + 0x6b901122, 7);
1889 MD5STEP(F1
, d
, a
, b
, c
, in
[13] + 0xfd987193, 12);
1890 MD5STEP(F1
, c
, d
, a
, b
, in
[14] + 0xa679438e, 17);
1891 MD5STEP(F1
, b
, c
, d
, a
, in
[15] + 0x49b40821, 22);
1893 MD5STEP(F2
, a
, b
, c
, d
, in
[1] + 0xf61e2562, 5);
1894 MD5STEP(F2
, d
, a
, b
, c
, in
[6] + 0xc040b340, 9);
1895 MD5STEP(F2
, c
, d
, a
, b
, in
[11] + 0x265e5a51, 14);
1896 MD5STEP(F2
, b
, c
, d
, a
, in
[0] + 0xe9b6c7aa, 20);
1897 MD5STEP(F2
, a
, b
, c
, d
, in
[5] + 0xd62f105d, 5);
1898 MD5STEP(F2
, d
, a
, b
, c
, in
[10] + 0x02441453, 9);
1899 MD5STEP(F2
, c
, d
, a
, b
, in
[15] + 0xd8a1e681, 14);
1900 MD5STEP(F2
, b
, c
, d
, a
, in
[4] + 0xe7d3fbc8, 20);
1901 MD5STEP(F2
, a
, b
, c
, d
, in
[9] + 0x21e1cde6, 5);
1902 MD5STEP(F2
, d
, a
, b
, c
, in
[14] + 0xc33707d6, 9);
1903 MD5STEP(F2
, c
, d
, a
, b
, in
[3] + 0xf4d50d87, 14);
1904 MD5STEP(F2
, b
, c
, d
, a
, in
[8] + 0x455a14ed, 20);
1905 MD5STEP(F2
, a
, b
, c
, d
, in
[13] + 0xa9e3e905, 5);
1906 MD5STEP(F2
, d
, a
, b
, c
, in
[2] + 0xfcefa3f8, 9);
1907 MD5STEP(F2
, c
, d
, a
, b
, in
[7] + 0x676f02d9, 14);
1908 MD5STEP(F2
, b
, c
, d
, a
, in
[12] + 0x8d2a4c8a, 20);
1910 MD5STEP(F3
, a
, b
, c
, d
, in
[5] + 0xfffa3942, 4);
1911 MD5STEP(F3
, d
, a
, b
, c
, in
[8] + 0x8771f681, 11);
1912 MD5STEP(F3
, c
, d
, a
, b
, in
[11] + 0x6d9d6122, 16);
1913 MD5STEP(F3
, b
, c
, d
, a
, in
[14] + 0xfde5380c, 23);
1914 MD5STEP(F3
, a
, b
, c
, d
, in
[1] + 0xa4beea44, 4);
1915 MD5STEP(F3
, d
, a
, b
, c
, in
[4] + 0x4bdecfa9, 11);
1916 MD5STEP(F3
, c
, d
, a
, b
, in
[7] + 0xf6bb4b60, 16);
1917 MD5STEP(F3
, b
, c
, d
, a
, in
[10] + 0xbebfbc70, 23);
1918 MD5STEP(F3
, a
, b
, c
, d
, in
[13] + 0x289b7ec6, 4);
1919 MD5STEP(F3
, d
, a
, b
, c
, in
[0] + 0xeaa127fa, 11);
1920 MD5STEP(F3
, c
, d
, a
, b
, in
[3] + 0xd4ef3085, 16);
1921 MD5STEP(F3
, b
, c
, d
, a
, in
[6] + 0x04881d05, 23);
1922 MD5STEP(F3
, a
, b
, c
, d
, in
[9] + 0xd9d4d039, 4);
1923 MD5STEP(F3
, d
, a
, b
, c
, in
[12] + 0xe6db99e5, 11);
1924 MD5STEP(F3
, c
, d
, a
, b
, in
[15] + 0x1fa27cf8, 16);
1925 MD5STEP(F3
, b
, c
, d
, a
, in
[2] + 0xc4ac5665, 23);
1927 MD5STEP(F4
, a
, b
, c
, d
, in
[0] + 0xf4292244, 6);
1928 MD5STEP(F4
, d
, a
, b
, c
, in
[7] + 0x432aff97, 10);
1929 MD5STEP(F4
, c
, d
, a
, b
, in
[14] + 0xab9423a7, 15);
1930 MD5STEP(F4
, b
, c
, d
, a
, in
[5] + 0xfc93a039, 21);
1931 MD5STEP(F4
, a
, b
, c
, d
, in
[12] + 0x655b59c3, 6);
1932 MD5STEP(F4
, d
, a
, b
, c
, in
[3] + 0x8f0ccc92, 10);
1933 MD5STEP(F4
, c
, d
, a
, b
, in
[10] + 0xffeff47d, 15);
1934 MD5STEP(F4
, b
, c
, d
, a
, in
[1] + 0x85845dd1, 21);
1935 MD5STEP(F4
, a
, b
, c
, d
, in
[8] + 0x6fa87e4f, 6);
1936 MD5STEP(F4
, d
, a
, b
, c
, in
[15] + 0xfe2ce6e0, 10);
1937 MD5STEP(F4
, c
, d
, a
, b
, in
[6] + 0xa3014314, 15);
1938 MD5STEP(F4
, b
, c
, d
, a
, in
[13] + 0x4e0811a1, 21);
1939 MD5STEP(F4
, a
, b
, c
, d
, in
[4] + 0xf7537e82, 6);
1940 MD5STEP(F4
, d
, a
, b
, c
, in
[11] + 0xbd3af235, 10);
1941 MD5STEP(F4
, c
, d
, a
, b
, in
[2] + 0x2ad7d2bb, 15);
1942 MD5STEP(F4
, b
, c
, d
, a
, in
[9] + 0xeb86d391, 21);
1950 static void MD5Update(MD5_CTX
*ctx
, unsigned char const *buf
, unsigned len
) {
1954 if ((ctx
->bits
[0] = t
+ ((uint32_t) len
<< 3)) < t
)
1956 ctx
->bits
[1] += len
>> 29;
1958 t
= (t
>> 3) & 0x3f;
1961 unsigned char *p
= (unsigned char *) ctx
->in
+ t
;
1965 memcpy(p
, buf
, len
);
1969 byteReverse(ctx
->in
, 16);
1970 MD5Transform(ctx
->buf
, (uint32_t *) ctx
->in
);
1976 memcpy(ctx
->in
, buf
, 64);
1977 byteReverse(ctx
->in
, 16);
1978 MD5Transform(ctx
->buf
, (uint32_t *) ctx
->in
);
1983 memcpy(ctx
->in
, buf
, len
);
1986 static void MD5Final(unsigned char digest
[16], MD5_CTX
*ctx
) {
1990 count
= (ctx
->bits
[0] >> 3) & 0x3F;
1992 p
= ctx
->in
+ count
;
1994 count
= 64 - 1 - count
;
1996 memset(p
, 0, count
);
1997 byteReverse(ctx
->in
, 16);
1998 MD5Transform(ctx
->buf
, (uint32_t *) ctx
->in
);
1999 memset(ctx
->in
, 0, 56);
2001 memset(p
, 0, count
- 8);
2003 byteReverse(ctx
->in
, 14);
2005 memcpy(ctx
->in
+ 14 * sizeof(uint32_t), ctx
->bits
, sizeof(ctx
->bits
));
2007 MD5Transform(ctx
->buf
, (uint32_t *) ctx
->in
);
2008 byteReverse((unsigned char *) ctx
->buf
, 4);
2009 memcpy(digest
, ctx
->buf
, 16);
2010 memset((char *) ctx
, 0, sizeof(*ctx
));
2014 // Stringify binary data. Output buffer must be twice as big as input,
2015 // because each byte takes 2 bytes in string representation
2016 static void bin2str(char *to
, const unsigned char *p
, size_t len
) {
2017 static const char *hex
= "0123456789abcdef";
2019 for (; len
--; p
++) {
2020 *to
++ = hex
[p
[0] >> 4];
2021 *to
++ = hex
[p
[0] & 0x0f];
2026 // Return stringified MD5 hash for list of vectors. Buffer must be 33 bytes.
2027 void mg_md5(char *buf
, ...) {
2028 unsigned char hash
[16];
2036 while ((p
= va_arg(ap
, const char *)) != NULL
) {
2037 MD5Update(&ctx
, (const unsigned char *) p
, (unsigned) strlen(p
));
2041 MD5Final(hash
, &ctx
);
2042 bin2str(buf
, hash
, sizeof(hash
));
2045 // Check the user's password, return 1 if OK
2046 static int check_password(const char *method
, const char *ha1
, const char *uri
,
2047 const char *nonce
, const char *nc
, const char *cnonce
,
2048 const char *qop
, const char *response
) {
2049 char ha2
[32 + 1], expected_response
[32 + 1];
2051 // Some of the parameters may be NULL
2052 if (method
== NULL
|| nonce
== NULL
|| nc
== NULL
|| cnonce
== NULL
||
2053 qop
== NULL
|| response
== NULL
) {
2057 // NOTE(lsm): due to a bug in MSIE, we do not compare the URI
2058 // TODO(lsm): check for authentication timeout
2059 if (// strcmp(dig->uri, c->ouri) != 0 ||
2060 strlen(response
) != 32
2061 // || now - strtoul(dig->nonce, NULL, 10) > 3600
2066 mg_md5(ha2
, method
, ":", uri
, NULL
);
2067 mg_md5(expected_response
, ha1
, ":", nonce
, ":", nc
,
2068 ":", cnonce
, ":", qop
, ":", ha2
, NULL
);
2070 return mg_strcasecmp(response
, expected_response
) == 0;
2073 // Use the global passwords file, if specified by auth_gpass option,
2074 // or search for .htpasswd in the requested directory.
2075 static FILE *open_auth_file(struct mg_connection
*conn
, const char *path
) {
2076 struct mg_context
*ctx
= conn
->ctx
;
2077 char name
[PATH_MAX
];
2082 if (ctx
->config
[GLOBAL_PASSWORDS_FILE
] != NULL
) {
2083 // Use global passwords file
2084 fp
= mg_fopen(ctx
->config
[GLOBAL_PASSWORDS_FILE
], "r");
2086 cry(fc(ctx
), "fopen(%s): %s",
2087 ctx
->config
[GLOBAL_PASSWORDS_FILE
], strerror(ERRNO
));
2088 } else if (!mg_stat(path
, &st
) && st
.is_directory
) {
2089 (void) mg_snprintf(conn
, name
, sizeof(name
), "%s%c%s",
2090 path
, DIRSEP
, PASSWORDS_FILE_NAME
);
2091 fp
= mg_fopen(name
, "r");
2093 // Try to find .htpasswd in requested directory.
2094 for (p
= path
, e
= p
+ strlen(p
) - 1; e
> p
; e
--)
2095 if (IS_DIRSEP_CHAR(*e
))
2097 (void) mg_snprintf(conn
, name
, sizeof(name
), "%.*s%c%s",
2098 (int) (e
- p
), p
, DIRSEP
, PASSWORDS_FILE_NAME
);
2099 fp
= mg_fopen(name
, "r");
2105 // Parsed Authorization header
2107 char *user
, *uri
, *cnonce
, *response
, *qop
, *nc
, *nonce
;
2110 static int parse_auth_header(struct mg_connection
*conn
, char *buf
,
2111 size_t buf_size
, struct ah
*ah
) {
2112 char *name
, *value
, *s
;
2113 const char *auth_header
;
2115 if ((auth_header
= mg_get_header(conn
, "Authorization")) == NULL
||
2116 mg_strncasecmp(auth_header
, "Digest ", 7) != 0) {
2120 // Make modifiable copy of the auth header
2121 (void) mg_strlcpy(buf
, auth_header
+ 7, buf_size
);
2124 (void) memset(ah
, 0, sizeof(*ah
));
2126 // Parse authorization header
2128 // Gobble initial spaces
2129 while (isspace(* (unsigned char *) s
)) {
2132 name
= skip_quoted(&s
, "=", " ", 0);
2133 // Value is either quote-delimited, or ends at first comma or space.
2136 value
= skip_quoted(&s
, "\"", " ", '\\');
2141 value
= skip_quoted(&s
, ", ", " ", 0); // IE uses commas, FF uses spaces
2143 if (*name
== '\0') {
2147 if (!strcmp(name
, "username")) {
2149 } else if (!strcmp(name
, "cnonce")) {
2151 } else if (!strcmp(name
, "response")) {
2152 ah
->response
= value
;
2153 } else if (!strcmp(name
, "uri")) {
2155 } else if (!strcmp(name
, "qop")) {
2157 } else if (!strcmp(name
, "nc")) {
2159 } else if (!strcmp(name
, "nonce")) {
2164 // CGI needs it as REMOTE_USER
2165 if (ah
->user
!= NULL
) {
2166 conn
->request_info
.remote_user
= mg_strdup(ah
->user
);
2174 // Authorize against the opened passwords file. Return 1 if authorized.
2175 static int authorize(struct mg_connection
*conn
, FILE *fp
) {
2177 char line
[256], f_user
[256], ha1
[256], f_domain
[256], buf
[BUFSIZ
];
2179 if (!parse_auth_header(conn
, buf
, sizeof(buf
), &ah
)) {
2183 // Loop over passwords file
2184 while (fgets(line
, sizeof(line
), fp
) != NULL
) {
2185 if (sscanf(line
, "%[^:]:%[^:]:%s", f_user
, f_domain
, ha1
) != 3) {
2189 if (!strcmp(ah
.user
, f_user
) &&
2190 !strcmp(conn
->ctx
->config
[AUTHENTICATION_DOMAIN
], f_domain
))
2191 return check_password(
2192 conn
->request_info
.request_method
,
2193 ha1
, ah
.uri
, ah
.nonce
, ah
.nc
, ah
.cnonce
, ah
.qop
,
2200 // Return 1 if request is authorised, 0 otherwise.
2201 static int check_authorization(struct mg_connection
*conn
, const char *path
) {
2203 char fname
[PATH_MAX
];
2204 struct vec uri_vec
, filename_vec
;
2211 list
= conn
->ctx
->config
[PROTECT_URI
];
2212 while ((list
= next_option(list
, &uri_vec
, &filename_vec
)) != NULL
) {
2213 if (!memcmp(conn
->request_info
.uri
, uri_vec
.ptr
, uri_vec
.len
)) {
2214 (void) mg_snprintf(conn
, fname
, sizeof(fname
), "%.*s",
2215 (int) filename_vec
.len
, filename_vec
.ptr
);
2216 if ((fp
= mg_fopen(fname
, "r")) == NULL
) {
2217 cry(conn
, "%s: cannot open %s: %s", __func__
, fname
, strerror(errno
));
2224 fp
= open_auth_file(conn
, path
);
2228 authorized
= authorize(conn
, fp
);
2235 static void send_authorization_request(struct mg_connection
*conn
) {
2236 conn
->request_info
.status_code
= 401;
2237 (void) mg_printf(conn
,
2238 "HTTP/1.1 401 Unauthorized\r\n"
2239 "Content-Length: 0\r\n"
2240 "WWW-Authenticate: Digest qop=\"auth\", "
2241 "realm=\"%s\", nonce=\"%lu\"\r\n\r\n",
2242 conn
->ctx
->config
[AUTHENTICATION_DOMAIN
],
2243 (unsigned long) time(NULL
));
2246 static int is_authorized_for_put(struct mg_connection
*conn
) {
2250 fp
= conn
->ctx
->config
[PUT_DELETE_PASSWORDS_FILE
] == NULL
? NULL
:
2251 mg_fopen(conn
->ctx
->config
[PUT_DELETE_PASSWORDS_FILE
], "r");
2254 ret
= authorize(conn
, fp
);
2261 int mg_modify_passwords_file(const char *fname
, const char *domain
,
2262 const char *user
, const char *pass
) {
2264 char line
[512], u
[512], d
[512], ha1
[33], tmp
[PATH_MAX
];
2270 // Regard empty password as no password - remove user record.
2271 if (pass
!= NULL
&& pass
[0] == '\0') {
2275 (void) snprintf(tmp
, sizeof(tmp
), "%s.tmp", fname
);
2277 // Create the file if does not exist
2278 if ((fp
= mg_fopen(fname
, "a+")) != NULL
) {
2282 // Open the given file and temporary file
2283 if ((fp
= mg_fopen(fname
, "r")) == NULL
) {
2285 } else if ((fp2
= mg_fopen(tmp
, "w+")) == NULL
) {
2290 // Copy the stuff to temporary file
2291 while (fgets(line
, sizeof(line
), fp
) != NULL
) {
2292 if (sscanf(line
, "%[^:]:%[^:]:%*s", u
, d
) != 2) {
2296 if (!strcmp(u
, user
) && !strcmp(d
, domain
)) {
2299 mg_md5(ha1
, user
, ":", domain
, ":", pass
, NULL
);
2300 fprintf(fp2
, "%s:%s:%s\n", user
, domain
, ha1
);
2303 (void) fprintf(fp2
, "%s", line
);
2307 // If new user, just add it
2308 if (!found
&& pass
!= NULL
) {
2309 mg_md5(ha1
, user
, ":", domain
, ":", pass
, NULL
);
2310 (void) fprintf(fp2
, "%s:%s:%s\n", user
, domain
, ha1
);
2317 // Put the temp file in place of real file
2318 (void) mg_remove(fname
);
2319 (void) mg_rename(tmp
, fname
);
2325 struct mg_connection
*conn
;
2330 static void url_encode(const char *src
, char *dst
, size_t dst_len
) {
2331 static const char *dont_escape
= "._-$,;~()";
2332 static const char *hex
= "0123456789abcdef";
2333 const char *end
= dst
+ dst_len
- 1;
2335 for (; *src
!= '\0' && dst
< end
; src
++, dst
++) {
2336 if (isalnum(*(const unsigned char *) src
) ||
2337 strchr(dont_escape
, * (const unsigned char *) src
) != NULL
) {
2339 } else if (dst
+ 2 < end
) {
2341 dst
[1] = hex
[(* (const unsigned char *) src
) >> 4];
2342 dst
[2] = hex
[(* (const unsigned char *) src
) & 0xf];
2350 static void print_dir_entry(struct de
*de
) {
2351 char size
[64], mod
[64], href
[PATH_MAX
];
2353 if (de
->st
.is_directory
) {
2354 (void) mg_snprintf(de
->conn
, size
, sizeof(size
), "%s", "[DIRECTORY]");
2356 // We use (signed) cast below because MSVC 6 compiler cannot
2357 // convert unsigned __int64 to double. Sigh.
2358 if (de
->st
.size
< 1024) {
2359 (void) mg_snprintf(de
->conn
, size
, sizeof(size
),
2360 "%lu", (unsigned long) de
->st
.size
);
2361 } else if (de
->st
.size
< 1024 * 1024) {
2362 (void) mg_snprintf(de
->conn
, size
, sizeof(size
),
2363 "%.1fk", (double) de
->st
.size
/ 1024.0);
2364 } else if (de
->st
.size
< 1024 * 1024 * 1024) {
2365 (void) mg_snprintf(de
->conn
, size
, sizeof(size
),
2366 "%.1fM", (double) de
->st
.size
/ 1048576);
2368 (void) mg_snprintf(de
->conn
, size
, sizeof(size
),
2369 "%.1fG", (double) de
->st
.size
/ 1073741824);
2372 (void) strftime(mod
, sizeof(mod
), "%d-%b-%Y %H:%M", localtime(&de
->st
.mtime
));
2373 url_encode(de
->file_name
, href
, sizeof(href
));
2374 de
->conn
->num_bytes_sent
+= mg_printf(de
->conn
,
2375 "<tr><td><a href=\"%s%s%s\">%s%s</a></td>"
2376 "<td> %s</td><td> %s</td></tr>\n",
2377 de
->conn
->request_info
.uri
, href
, de
->st
.is_directory
? "/" : "",
2378 de
->file_name
, de
->st
.is_directory
? "/" : "", mod
, size
);
2381 // This function is called from send_directory() and used for
2382 // sorting directory entries by size, or name, or modification time.
2383 // On windows, __cdecl specification is needed in case if project is built
2384 // with __stdcall convention. qsort always requires __cdels callback.
2385 static int WINCDECL
compare_dir_entries(const void *p1
, const void *p2
) {
2386 const struct de
*a
= (const struct de
*) p1
, *b
= (const struct de
*) p2
;
2387 const char *query_string
= a
->conn
->request_info
.query_string
;
2390 if (query_string
== NULL
) {
2391 query_string
= "na";
2394 if (a
->st
.is_directory
&& !b
->st
.is_directory
) {
2395 return -1; // Always put directories on top
2396 } else if (!a
->st
.is_directory
&& b
->st
.is_directory
) {
2397 return 1; // Always put directories on top
2398 } else if (*query_string
== 'n') {
2399 cmp_result
= strcmp(a
->file_name
, b
->file_name
);
2400 } else if (*query_string
== 's') {
2401 cmp_result
= a
->st
.size
== b
->st
.size
? 0 :
2402 a
->st
.size
> b
->st
.size
? 1 : -1;
2403 } else if (*query_string
== 'd') {
2404 cmp_result
= a
->st
.mtime
== b
->st
.mtime
? 0 :
2405 a
->st
.mtime
> b
->st
.mtime
? 1 : -1;
2408 return query_string
[1] == 'd' ? -cmp_result
: cmp_result
;
2411 static int scan_directory(struct mg_connection
*conn
, const char *dir
,
2412 void *data
, void (*cb
)(struct de
*, void *)) {
2413 char path
[PATH_MAX
];
2418 if ((dirp
= opendir(dir
)) == NULL
) {
2423 while ((dp
= readdir(dirp
)) != NULL
) {
2424 // Do not show current dir and passwords file
2425 if (!strcmp(dp
->d_name
, ".") ||
2426 !strcmp(dp
->d_name
, "..") ||
2427 !strcmp(dp
->d_name
, PASSWORDS_FILE_NAME
))
2430 mg_snprintf(conn
, path
, sizeof(path
), "%s%c%s", dir
, DIRSEP
, dp
->d_name
);
2432 // If we don't memset stat structure to zero, mtime will have
2433 // garbage and strftime() will segfault later on in
2434 // print_dir_entry(). memset is required only if mg_stat()
2435 // fails. For more details, see
2436 // http://code.google.com/p/mongoose/issues/detail?id=79
2437 if (mg_stat(path
, &de
.st
) != 0) {
2438 memset(&de
.st
, 0, sizeof(de
.st
));
2440 de
.file_name
= dp
->d_name
;
2444 (void) closedir(dirp
);
2449 struct dir_scan_data
{
2455 static void dir_scan_callback(struct de
*de
, void *data
) {
2456 struct dir_scan_data
*dsd
= (struct dir_scan_data
*) data
;
2458 if (dsd
->entries
== NULL
|| dsd
->num_entries
>= dsd
->arr_size
) {
2460 dsd
->entries
= (struct de
*) realloc(dsd
->entries
, dsd
->arr_size
*
2461 sizeof(dsd
->entries
[0]));
2463 if (dsd
->entries
== NULL
) {
2464 // TODO(lsm): propagate an error to the caller
2465 dsd
->num_entries
= 0;
2467 dsd
->entries
[dsd
->num_entries
].file_name
= mg_strdup(de
->file_name
);
2468 dsd
->entries
[dsd
->num_entries
].st
= de
->st
;
2469 dsd
->entries
[dsd
->num_entries
].conn
= de
->conn
;
2474 static void handle_directory_request(struct mg_connection
*conn
,
2476 int i
, sort_direction
;
2477 struct dir_scan_data data
= { NULL
, 0, 128 };
2479 if (!scan_directory(conn
, dir
, &data
, dir_scan_callback
)) {
2480 send_http_error(conn
, 500, "Cannot open directory",
2481 "Error: opendir(%s): %s", dir
, strerror(ERRNO
));
2485 sort_direction
= conn
->request_info
.query_string
!= NULL
&&
2486 conn
->request_info
.query_string
[1] == 'd' ? 'a' : 'd';
2488 mg_printf(conn
, "%s",
2489 "HTTP/1.1 200 OK\r\n"
2490 "Connection: close\r\n"
2491 "Content-Type: text/html; charset=utf-8\r\n\r\n");
2493 conn
->num_bytes_sent
+= mg_printf(conn
,
2494 "<html><head><title>Index of %s</title>"
2495 "<style>th {text-align: left;}</style></head>"
2496 "<body><h1>Index of %s</h1><pre><table cellpadding=\"0\">"
2497 "<tr><th><a href=\"?n%c\">Name</a></th>"
2498 "<th><a href=\"?d%c\">Modified</a></th>"
2499 "<th><a href=\"?s%c\">Size</a></th></tr>"
2500 "<tr><td colspan=\"3\"><hr></td></tr>",
2501 conn
->request_info
.uri
, conn
->request_info
.uri
,
2502 sort_direction
, sort_direction
, sort_direction
);
2504 // Print first entry - link to a parent directory
2505 conn
->num_bytes_sent
+= mg_printf(conn
,
2506 "<tr><td><a href=\"%s%s\">%s</a></td>"
2507 "<td> %s</td><td> %s</td></tr>\n",
2508 conn
->request_info
.uri
, "..", "Parent directory", "-", "-");
2510 // Sort and print directory entries
2511 qsort(data
.entries
, (size_t) data
.num_entries
, sizeof(data
.entries
[0]),
2512 compare_dir_entries
);
2513 for (i
= 0; i
< data
.num_entries
; i
++) {
2514 print_dir_entry(&data
.entries
[i
]);
2515 free(data
.entries
[i
].file_name
);
2519 conn
->num_bytes_sent
+= mg_printf(conn
, "%s", "</table></body></html>");
2520 conn
->request_info
.status_code
= 200;
2523 // Send len bytes from the opened file to the client.
2524 static void send_file_data(struct mg_connection
*conn
, FILE *fp
, int64_t len
) {
2526 int to_read
, num_read
, num_written
;
2529 // Calculate how much to read from the file in the buffer
2530 to_read
= sizeof(buf
);
2531 if ((int64_t) to_read
> len
)
2532 to_read
= (int) len
;
2534 // Read from file, exit the loop on error
2535 if ((num_read
= fread(buf
, 1, (size_t)to_read
, fp
)) == 0)
2538 // Send read bytes to the client, exit the loop on error
2539 if ((num_written
= mg_write(conn
, buf
, (size_t)num_read
)) != num_read
)
2542 // Both read and were successful, adjust counters
2543 conn
->num_bytes_sent
+= num_written
;
2548 static int parse_range_header(const char *header
, int64_t *a
, int64_t *b
) {
2549 return sscanf(header
, "bytes=%" INT64_FMT
"-%" INT64_FMT
, a
, b
);
2552 static void gmt_time_string(char *buf
, size_t buf_len
, time_t *t
) {
2553 strftime(buf
, buf_len
, "%a, %d %b %Y %H:%M:%S GMT", gmtime(t
));
2556 static void handle_file_request(struct mg_connection
*conn
, const char *path
,
2557 struct mgstat
*stp
) {
2558 char date
[64], lm
[64], etag
[64], range
[64];
2559 const char *msg
= "OK", *hdr
;
2560 time_t curtime
= time(NULL
);
2562 struct vec mime_vec
;
2566 get_mime_type(conn
->ctx
, path
, &mime_vec
);
2568 conn
->request_info
.status_code
= 200;
2571 if ((fp
= mg_fopen(path
, "rb")) == NULL
) {
2572 send_http_error(conn
, 500, http_500_error
,
2573 "fopen(%s): %s", path
, strerror(ERRNO
));
2576 set_close_on_exec(fileno(fp
));
2578 // If Range: header specified, act accordingly
2580 hdr
= mg_get_header(conn
, "Range");
2581 if (hdr
!= NULL
&& (n
= parse_range_header(hdr
, &r1
, &r2
)) > 0) {
2582 conn
->request_info
.status_code
= 206;
2583 (void) fseeko(fp
, (off_t
) r1
, SEEK_SET
);
2584 cl
= n
== 2 ? r2
- r1
+ 1: cl
- r1
;
2585 (void) mg_snprintf(conn
, range
, sizeof(range
),
2586 "Content-Range: bytes "
2588 INT64_FMT
"/%" INT64_FMT
"\r\n",
2589 r1
, r1
+ cl
- 1, stp
->size
);
2590 msg
= "Partial Content";
2593 // Prepare Etag, Date, Last-Modified headers. Must be in UTC, according to
2594 // http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3
2595 gmt_time_string(date
, sizeof(date
), &curtime
);
2596 gmt_time_string(lm
, sizeof(lm
), &stp
->mtime
);
2597 (void) mg_snprintf(conn
, etag
, sizeof(etag
), "%lx.%lx",
2598 (unsigned long) stp
->mtime
, (unsigned long) stp
->size
);
2600 (void) mg_printf(conn
,
2601 "HTTP/1.1 %d %s\r\n"
2603 "Last-Modified: %s\r\n"
2605 "Content-Type: %.*s\r\n"
2606 "Content-Length: %" INT64_FMT
"\r\n"
2607 "Connection: %s\r\n"
2608 "Accept-Ranges: bytes\r\n"
2610 conn
->request_info
.status_code
, msg
, date
, lm
, etag
,
2611 (int) mime_vec
.len
, mime_vec
.ptr
, cl
, suggest_connection_header(conn
), range
);
2613 if (strcmp(conn
->request_info
.request_method
, "HEAD") != 0) {
2614 send_file_data(conn
, fp
, cl
);
2619 void mg_send_file(struct mg_connection
*conn
, const char *path
) {
2621 if (mg_stat(path
, &st
) == 0) {
2622 handle_file_request(conn
, path
, &st
);
2624 send_http_error(conn
, 404, "Not Found", "%s", "File not found");
2629 // Parse HTTP headers from the given buffer, advance buffer to the point
2630 // where parsing stopped.
2631 static void parse_http_headers(char **buf
, struct mg_request_info
*ri
) {
2634 for (i
= 0; i
< (int) ARRAY_SIZE(ri
->http_headers
); i
++) {
2635 ri
->http_headers
[i
].name
= skip_quoted(buf
, ":", " ", 0);
2636 ri
->http_headers
[i
].value
= skip(buf
, "\r\n");
2637 if (ri
->http_headers
[i
].name
[0] == '\0')
2639 ri
->num_headers
= i
+ 1;
2643 static int is_valid_http_method(const char *method
) {
2644 return !strcmp(method
, "GET") || !strcmp(method
, "POST") ||
2645 !strcmp(method
, "HEAD") || !strcmp(method
, "CONNECT") ||
2646 !strcmp(method
, "PUT") || !strcmp(method
, "DELETE") ||
2647 !strcmp(method
, "OPTIONS") || !strcmp(method
, "PROPFIND");
2650 // Parse HTTP request, fill in mg_request_info structure.
2651 static int parse_http_request(char *buf
, struct mg_request_info
*ri
) {
2654 // RFC says that all initial whitespaces should be ingored
2655 while (*buf
!= '\0' && isspace(* (unsigned char *) buf
)) {
2659 ri
->request_method
= skip(&buf
, " ");
2660 ri
->uri
= skip(&buf
, " ");
2661 ri
->http_version
= skip(&buf
, "\r\n");
2663 if (is_valid_http_method(ri
->request_method
) &&
2664 strncmp(ri
->http_version
, "HTTP/", 5) == 0) {
2665 ri
->http_version
+= 5; // Skip "HTTP/"
2666 parse_http_headers(&buf
, ri
);
2673 // Keep reading the input (either opened file descriptor fd, or socket sock,
2674 // or SSL descriptor ssl) into buffer buf, until \r\n\r\n appears in the
2675 // buffer (which marks the end of HTTP request). Buffer buf may already
2676 // have some data. The length of the data is stored in nread.
2677 // Upon every read operation, increase nread by the number of bytes read.
2678 static int read_request(FILE *fp
, SOCKET sock
, SSL
*ssl
, char *buf
, int bufsiz
,
2683 while (*nread
< bufsiz
&& request_len
== 0) {
2684 n
= pull(fp
, sock
, ssl
, buf
+ *nread
, bufsiz
- *nread
);
2689 request_len
= get_request_len(buf
, *nread
);
2696 // For given directory path, substitute it to valid index file.
2697 // Return 0 if index file has been found, -1 if not found.
2698 // If the file is found, it's stats is returned in stp.
2699 static int substitute_index_file(struct mg_connection
*conn
, char *path
,
2700 size_t path_len
, struct mgstat
*stp
) {
2701 const char *list
= conn
->ctx
->config
[INDEX_FILES
];
2703 struct vec filename_vec
;
2704 size_t n
= strlen(path
);
2707 // The 'path' given to us points to the directory. Remove all trailing
2708 // directory separator characters from the end of the path, and
2709 // then append single directory separator character.
2710 while (n
> 0 && IS_DIRSEP_CHAR(path
[n
- 1])) {
2715 // Traverse index files list. For each entry, append it to the given
2716 // path and see if the file exists. If it exists, break the loop
2717 while ((list
= next_option(list
, &filename_vec
, NULL
)) != NULL
) {
2719 // Ignore too long entries that may overflow path buffer
2720 if (filename_vec
.len
> path_len
- n
)
2723 // Prepare full path to the index file
2724 (void) mg_strlcpy(path
+ n
+ 1, filename_vec
.ptr
, filename_vec
.len
+ 1);
2727 if (mg_stat(path
, &st
) == 0) {
2728 // Yes it does, break the loop
2735 // If no index file exists, restore directory path
2743 // Return True if we should reply 304 Not Modified.
2744 static int is_not_modified(const struct mg_connection
*conn
,
2745 const struct mgstat
*stp
) {
2746 const char *ims
= mg_get_header(conn
, "If-Modified-Since");
2747 return ims
!= NULL
&& stp
->mtime
<= parse_date_string(ims
);
2750 static int forward_body_data(struct mg_connection
*conn
, FILE *fp
,
2751 SOCKET sock
, SSL
*ssl
) {
2752 const char *expect
, *buffered
;
2754 int to_read
, nread
, buffered_len
, success
= 0;
2756 expect
= mg_get_header(conn
, "Expect");
2759 if (conn
->content_len
== -1) {
2760 send_http_error(conn
, 411, "Length Required", "");
2761 } else if (expect
!= NULL
&& mg_strcasecmp(expect
, "100-continue")) {
2762 send_http_error(conn
, 417, "Expectation Failed", "");
2764 if (expect
!= NULL
) {
2765 (void) mg_printf(conn
, "%s", "HTTP/1.1 100 Continue\r\n\r\n");
2768 buffered
= conn
->buf
+ conn
->request_len
;
2769 buffered_len
= conn
->data_len
- conn
->request_len
;
2770 assert(buffered_len
>= 0);
2771 assert(conn
->consumed_content
== 0);
2773 if (buffered_len
> 0) {
2774 if ((int64_t) buffered_len
> conn
->content_len
) {
2775 buffered_len
= (int) conn
->content_len
;
2777 push(fp
, sock
, ssl
, buffered
, (int64_t) buffered_len
);
2778 conn
->consumed_content
+= buffered_len
;
2781 while (conn
->consumed_content
< conn
->content_len
) {
2782 to_read
= sizeof(buf
);
2783 if ((int64_t) to_read
> conn
->content_len
- conn
->consumed_content
) {
2784 to_read
= (int) (conn
->content_len
- conn
->consumed_content
);
2786 nread
= pull(NULL
, conn
->client
.sock
, conn
->ssl
, buf
, to_read
);
2787 if (nread
<= 0 || push(fp
, sock
, ssl
, buf
, nread
) != nread
) {
2790 conn
->consumed_content
+= nread
;
2793 if (conn
->consumed_content
== conn
->content_len
) {
2797 // Each error code path in this function must send an error
2799 send_http_error(conn
, 577, http_500_error
, "");
2806 #if !defined(NO_CGI)
2807 // This structure helps to create an environment for the spawned CGI program.
2808 // Environment is an array of "VARIABLE=VALUE\0" ASCIIZ strings,
2809 // last element must be NULL.
2810 // However, on Windows there is a requirement that all these VARIABLE=VALUE\0
2811 // strings must reside in a contiguous buffer. The end of the buffer is
2812 // marked by two '\0' characters.
2813 // We satisfy both worlds: we create an envp array (which is vars), all
2814 // entries are actually pointers inside buf.
2815 struct cgi_env_block
{
2816 struct mg_connection
*conn
;
2817 char buf
[CGI_ENVIRONMENT_SIZE
]; // Environment buffer
2818 int len
; // Space taken
2819 char *vars
[MAX_CGI_ENVIR_VARS
]; // char **envp
2820 int nvars
; // Number of variables
2823 // Append VARIABLE=VALUE\0 string to the buffer, and add a respective
2824 // pointer into the vars array.
2825 static char *addenv(struct cgi_env_block
*block
, const char *fmt
, ...) {
2830 // Calculate how much space is left in the buffer
2831 space
= sizeof(block
->buf
) - block
->len
- 2;
2834 // Make a pointer to the free space int the buffer
2835 added
= block
->buf
+ block
->len
;
2837 // Copy VARIABLE=VALUE\0 string into the free space
2839 n
= mg_vsnprintf(block
->conn
, added
, (size_t) space
, fmt
, ap
);
2842 // Make sure we do not overflow buffer and the envp array
2843 if (n
> 0 && n
< space
&&
2844 block
->nvars
< (int) ARRAY_SIZE(block
->vars
) - 2) {
2845 // Append a pointer to the added string into the envp array
2846 block
->vars
[block
->nvars
++] = block
->buf
+ block
->len
;
2847 // Bump up used length counter. Include \0 terminator
2848 block
->len
+= n
+ 1;
2854 static void prepare_cgi_environment(struct mg_connection
*conn
,
2856 struct cgi_env_block
*blk
) {
2857 const char *s
, *slash
;
2858 struct vec var_vec
, root
;
2862 blk
->len
= blk
->nvars
= 0;
2865 get_document_root(conn
, &root
);
2867 addenv(blk
, "SERVER_NAME=%s", conn
->ctx
->config
[AUTHENTICATION_DOMAIN
]);
2868 addenv(blk
, "SERVER_ROOT=%.*s", root
.len
, root
.ptr
);
2869 addenv(blk
, "DOCUMENT_ROOT=%.*s", root
.len
, root
.ptr
);
2871 // Prepare the environment block
2872 addenv(blk
, "%s", "GATEWAY_INTERFACE=CGI/1.1");
2873 addenv(blk
, "%s", "SERVER_PROTOCOL=HTTP/1.1");
2874 addenv(blk
, "%s", "REDIRECT_STATUS=200"); // For PHP
2875 addenv(blk
, "SERVER_PORT=%d", ntohs(conn
->client
.lsa
.u
.sin
.sin_port
));
2876 addenv(blk
, "REQUEST_METHOD=%s", conn
->request_info
.request_method
);
2877 addenv(blk
, "REMOTE_ADDR=%s",
2878 inet_ntoa(conn
->client
.rsa
.u
.sin
.sin_addr
));
2879 addenv(blk
, "REMOTE_PORT=%d", conn
->request_info
.remote_port
);
2880 addenv(blk
, "REQUEST_URI=%s", conn
->request_info
.uri
);
2883 assert(conn
->request_info
.uri
[0] == '/');
2884 slash
= strrchr(conn
->request_info
.uri
, '/');
2885 if ((s
= strrchr(prog
, '/')) == NULL
)
2887 addenv(blk
, "SCRIPT_NAME=%.*s%s", slash
- conn
->request_info
.uri
,
2888 conn
->request_info
.uri
, s
);
2890 addenv(blk
, "SCRIPT_FILENAME=%s", prog
);
2891 addenv(blk
, "PATH_TRANSLATED=%s", prog
);
2892 addenv(blk
, "HTTPS=%s", conn
->ssl
== NULL
? "off" : "on");
2894 if ((s
= mg_get_header(conn
, "Content-Type")) != NULL
)
2895 addenv(blk
, "CONTENT_TYPE=%s", s
);
2897 if (conn
->request_info
.query_string
!= NULL
)
2898 addenv(blk
, "QUERY_STRING=%s", conn
->request_info
.query_string
);
2900 if ((s
= mg_get_header(conn
, "Content-Length")) != NULL
)
2901 addenv(blk
, "CONTENT_LENGTH=%s", s
);
2903 if ((s
= getenv("PATH")) != NULL
)
2904 addenv(blk
, "PATH=%s", s
);
2907 if ((s
= getenv("COMSPEC")) != NULL
)
2908 addenv(blk
, "COMSPEC=%s", s
);
2909 if ((s
= getenv("SYSTEMROOT")) != NULL
)
2910 addenv(blk
, "SYSTEMROOT=%s", s
);
2912 if ((s
= getenv("LD_LIBRARY_PATH")) != NULL
)
2913 addenv(blk
, "LD_LIBRARY_PATH=%s", s
);
2916 if ((s
= getenv("PERLLIB")) != NULL
)
2917 addenv(blk
, "PERLLIB=%s", s
);
2919 if (conn
->request_info
.remote_user
!= NULL
) {
2920 addenv(blk
, "REMOTE_USER=%s", conn
->request_info
.remote_user
);
2921 addenv(blk
, "%s", "AUTH_TYPE=Digest");
2924 // Add all headers as HTTP_* variables
2925 for (i
= 0; i
< conn
->request_info
.num_headers
; i
++) {
2926 p
= addenv(blk
, "HTTP_%s=%s",
2927 conn
->request_info
.http_headers
[i
].name
,
2928 conn
->request_info
.http_headers
[i
].value
);
2930 // Convert variable name into uppercase, and change - to _
2931 for (; *p
!= '=' && *p
!= '\0'; p
++) {
2934 *p
= (char) toupper(* (unsigned char *) p
);
2938 // Add user-specified variables
2939 s
= conn
->ctx
->config
[CGI_ENVIRONMENT
];
2940 while ((s
= next_option(s
, &var_vec
, NULL
)) != NULL
) {
2941 addenv(blk
, "%.*s", var_vec
.len
, var_vec
.ptr
);
2944 blk
->vars
[blk
->nvars
++] = NULL
;
2945 blk
->buf
[blk
->len
++] = '\0';
2947 assert(blk
->nvars
< (int) ARRAY_SIZE(blk
->vars
));
2948 assert(blk
->len
> 0);
2949 assert(blk
->len
< (int) sizeof(blk
->buf
));
2952 static void handle_cgi_request(struct mg_connection
*conn
, const char *prog
) {
2953 int headers_len
, data_len
, i
, fd_stdin
[2], fd_stdout
[2];
2955 char buf
[BUFSIZ
], *pbuf
, dir
[PATH_MAX
], *p
;
2956 struct mg_request_info ri
;
2957 struct cgi_env_block blk
;
2961 prepare_cgi_environment(conn
, prog
, &blk
);
2963 // CGI must be executed in its own directory. 'dir' must point to the
2964 // directory containing executable program, 'p' must point to the
2965 // executable program name relative to 'dir'.
2966 (void) mg_snprintf(conn
, dir
, sizeof(dir
), "%s", prog
);
2967 if ((p
= strrchr(dir
, DIRSEP
)) != NULL
) {
2970 dir
[0] = '.', dir
[1] = '\0';
2975 fd_stdin
[0] = fd_stdin
[1] = fd_stdout
[0] = fd_stdout
[1] = -1;
2978 if (pipe(fd_stdin
) != 0 || pipe(fd_stdout
) != 0) {
2979 send_http_error(conn
, 500, http_500_error
,
2980 "Cannot create CGI pipe: %s", strerror(ERRNO
));
2982 } else if ((pid
= spawn_process(conn
, p
, blk
.buf
, blk
.vars
,
2983 fd_stdin
[0], fd_stdout
[1], dir
)) == (pid_t
) -1) {
2985 } else if ((in
= fdopen(fd_stdin
[1], "wb")) == NULL
||
2986 (out
= fdopen(fd_stdout
[0], "rb")) == NULL
) {
2987 send_http_error(conn
, 500, http_500_error
,
2988 "fopen: %s", strerror(ERRNO
));
2995 // spawn_process() must close those!
2996 // If we don't mark them as closed, close() attempt before
2997 // return from this function throws an exception on Windows.
2998 // Windows does not like when closed descriptor is closed again.
2999 fd_stdin
[0] = fd_stdout
[1] = -1;
3001 // Send POST data to the CGI process if needed
3002 if (!strcmp(conn
->request_info
.request_method
, "POST") &&
3003 !forward_body_data(conn
, in
, INVALID_SOCKET
, NULL
)) {
3007 // Now read CGI reply into a buffer. We need to set correct
3008 // status code, thus we need to see all HTTP headers first.
3009 // Do not send anything back to client, until we buffer in all
3012 headers_len
= read_request(out
, INVALID_SOCKET
, NULL
,
3013 buf
, sizeof(buf
), &data_len
);
3014 if (headers_len
<= 0) {
3015 send_http_error(conn
, 500, http_500_error
,
3016 "CGI program sent malformed HTTP headers: [%.*s]",
3021 buf
[headers_len
- 1] = '\0';
3022 parse_http_headers(&pbuf
, &ri
);
3024 // Make up and send the status line
3025 status
= get_header(&ri
, "Status");
3026 conn
->request_info
.status_code
= status
== NULL
? 200 : atoi(status
);
3027 (void) mg_printf(conn
, "HTTP/1.1 %d OK\r\n", conn
->request_info
.status_code
);
3030 for (i
= 0; i
< ri
.num_headers
; i
++) {
3031 mg_printf(conn
, "%s: %s\r\n",
3032 ri
.http_headers
[i
].name
, ri
.http_headers
[i
].value
);
3034 (void) mg_write(conn
, "\r\n", 2);
3036 // Send chunk of data that may be read after the headers
3037 conn
->num_bytes_sent
+= mg_write(conn
, buf
+ headers_len
,
3038 (size_t)(data_len
- headers_len
));
3040 // Read the rest of CGI output and send to the client
3041 send_file_data(conn
, out
, INT64_MAX
);
3044 if (pid
!= (pid_t
) -1) {
3047 if (fd_stdin
[0] != -1) {
3048 (void) close(fd_stdin
[0]);
3050 if (fd_stdout
[1] != -1) {
3051 (void) close(fd_stdout
[1]);
3056 } else if (fd_stdin
[1] != -1) {
3057 (void) close(fd_stdin
[1]);
3062 } else if (fd_stdout
[0] != -1) {
3063 (void) close(fd_stdout
[0]);
3068 // For a given PUT path, create all intermediate subdirectories
3069 // for given path. Return 0 if the path itself is a directory,
3070 // or -1 on error, 1 if OK.
3071 static int put_dir(const char *path
) {
3077 for (s
= p
= path
+ 2; (p
= strchr(s
, DIRSEP
)) != NULL
; s
= ++p
) {
3079 if (len
>= (int) sizeof(buf
)) {
3083 memcpy(buf
, path
, len
);
3086 // Try to create intermediate directory
3087 DEBUG_TRACE(("mkdir(%s)", buf
));
3088 if (mg_stat(buf
, &st
) == -1 && mg_mkdir(buf
, 0755) != 0) {
3093 // Is path itself a directory?
3102 static void put_file(struct mg_connection
*conn
, const char *path
) {
3109 conn
->request_info
.status_code
= mg_stat(path
, &st
) == 0 ? 200 : 201;
3111 if ((rc
= put_dir(path
)) == 0) {
3112 mg_printf(conn
, "HTTP/1.1 %d OK\r\n\r\n", conn
->request_info
.status_code
);
3113 } else if (rc
== -1) {
3114 send_http_error(conn
, 500, http_500_error
,
3115 "put_dir(%s): %s", path
, strerror(ERRNO
));
3116 } else if ((fp
= mg_fopen(path
, "wb+")) == NULL
) {
3117 send_http_error(conn
, 500, http_500_error
,
3118 "fopen(%s): %s", path
, strerror(ERRNO
));
3120 set_close_on_exec(fileno(fp
));
3121 range
= mg_get_header(conn
, "Content-Range");
3123 if (range
!= NULL
&& parse_range_header(range
, &r1
, &r2
) > 0) {
3124 conn
->request_info
.status_code
= 206;
3125 // TODO(lsm): handle seek error
3126 (void) fseeko(fp
, (off_t
) r1
, SEEK_SET
);
3128 if (forward_body_data(conn
, fp
, INVALID_SOCKET
, NULL
))
3129 (void) mg_printf(conn
, "HTTP/1.1 %d OK\r\n\r\n",
3130 conn
->request_info
.status_code
);
3135 static void send_ssi_file(struct mg_connection
*, const char *, FILE *, int);
3137 static void do_ssi_include(struct mg_connection
*conn
, const char *ssi
,
3138 char *tag
, int include_level
) {
3139 char file_name
[BUFSIZ
], path
[PATH_MAX
], *p
;
3140 struct vec root
= {0};
3144 get_document_root(conn
, &root
);
3146 // sscanf() is safe here, since send_ssi_file() also uses buffer
3147 // of size BUFSIZ to get the tag. So strlen(tag) is always < BUFSIZ.
3148 if (sscanf(tag
, " virtual=\"%[^\"]\"", file_name
) == 1) {
3149 // File name is relative to the webserver root
3150 (void) mg_snprintf(conn
, path
, sizeof(path
), "%.*s%c%s",
3151 (int) root
.len
, root
.ptr
, DIRSEP
, file_name
);
3152 } else if (sscanf(tag
, " file=\"%[^\"]\"", file_name
) == 1) {
3153 // File name is relative to the webserver working directory
3154 // or it is absolute system path
3155 (void) mg_snprintf(conn
, path
, sizeof(path
), "%s", file_name
);
3156 } else if (sscanf(tag
, " \"%[^\"]\"", file_name
) == 1) {
3157 // File name is relative to the currect document
3158 (void) mg_snprintf(conn
, path
, sizeof(path
), "%s", ssi
);
3159 if ((p
= strrchr(path
, DIRSEP
)) != NULL
) {
3162 (void) mg_snprintf(conn
, path
+ strlen(path
),
3163 sizeof(path
) - strlen(path
), "%s", file_name
);
3165 cry(conn
, "Bad SSI #include: [%s]", tag
);
3169 if ((fp
= mg_fopen(path
, "rb")) == NULL
) {
3170 cry(conn
, "Cannot open SSI #include: [%s]: fopen(%s): %s",
3171 tag
, path
, strerror(ERRNO
));
3173 set_close_on_exec(fileno(fp
));
3174 is_ssi
= match_extension(path
, conn
->ctx
->config
[SSI_EXTENSIONS
]);
3176 send_ssi_file(conn
, path
, fp
, include_level
+ 1);
3178 send_file_data(conn
, fp
, INT64_MAX
);
3184 #if !defined(NO_POPEN)
3185 static void do_ssi_exec(struct mg_connection
*conn
, char *tag
) {
3189 if (sscanf(tag
, " \"%[^\"]\"", cmd
) != 1) {
3190 cry(conn
, "Bad SSI #exec: [%s]", tag
);
3191 } else if ((fp
= popen(cmd
, "r")) == NULL
) {
3192 cry(conn
, "Cannot SSI #exec: [%s]: %s", cmd
, strerror(ERRNO
));
3194 send_file_data(conn
, fp
, INT64_MAX
);
3200 static void send_ssi_file(struct mg_connection
*conn
, const char *path
,
3201 FILE *fp
, int include_level
) {
3203 int ch
, len
, in_ssi_tag
;
3205 if (include_level
> 10) {
3206 cry(conn
, "SSI #include level is too deep (%s)", path
);
3213 while ((ch
= fgetc(fp
)) != EOF
) {
3214 if (in_ssi_tag
&& ch
== '>') {
3216 buf
[len
++] = (char) ch
;
3218 assert(len
<= (int) sizeof(buf
));
3219 if (len
< 6 || memcmp(buf
, "<!--#", 5) != 0) {
3220 // Not an SSI tag, pass it
3221 (void) mg_write(conn
, buf
, (size_t)len
);
3223 if (!memcmp(buf
+ 5, "include", 7)) {
3224 do_ssi_include(conn
, path
, buf
+ 12, include_level
);
3225 #if !defined(NO_POPEN)
3226 } else if (!memcmp(buf
+ 5, "exec", 4)) {
3227 do_ssi_exec(conn
, buf
+ 9);
3230 cry(conn
, "%s: unknown SSI " "command: \"%s\"", path
, buf
);
3234 } else if (in_ssi_tag
) {
3235 if (len
== 5 && memcmp(buf
, "<!--#", 5) != 0) {
3238 } else if (len
== (int) sizeof(buf
) - 2) {
3239 cry(conn
, "%s: SSI tag is too large", path
);
3242 buf
[len
++] = ch
& 0xff;
3243 } else if (ch
== '<') {
3246 (void) mg_write(conn
, buf
, (size_t)len
);
3249 buf
[len
++] = ch
& 0xff;
3251 buf
[len
++] = ch
& 0xff;
3252 if (len
== (int) sizeof(buf
)) {
3253 (void) mg_write(conn
, buf
, (size_t)len
);
3259 // Send the rest of buffered data
3261 (void) mg_write(conn
, buf
, (size_t)len
);
3265 static void handle_ssi_file_request(struct mg_connection
*conn
,
3269 if ((fp
= mg_fopen(path
, "rb")) == NULL
) {
3270 send_http_error(conn
, 500, http_500_error
, "fopen(%s): %s", path
,
3273 set_close_on_exec(fileno(fp
));
3274 mg_printf(conn
, "HTTP/1.1 200 OK\r\n"
3275 "Content-Type: text/html\r\nConnection: %s\r\n\r\n",
3276 suggest_connection_header(conn
));
3277 send_ssi_file(conn
, path
, fp
, 0);
3282 static void send_options(struct mg_connection
*conn
) {
3283 conn
->request_info
.status_code
= 200;
3285 (void) mg_printf(conn
,
3286 "HTTP/1.1 200 OK\r\n"
3287 "Allow: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS\r\n"
3291 // Writes PROPFIND properties for a collection element
3292 static void print_props(struct mg_connection
*conn
, const char* uri
,
3293 struct mgstat
* st
) {
3295 gmt_time_string(mtime
, sizeof(mtime
), &st
->mtime
);
3296 conn
->num_bytes_sent
+= mg_printf(conn
,
3298 "<d:href>%s</d:href>"
3301 "<d:resourcetype>%s</d:resourcetype>"
3302 "<d:getcontentlength>%" INT64_FMT
"</d:getcontentlength>"
3303 "<d:getlastmodified>%s</d:getlastmodified>"
3305 "<d:status>HTTP/1.1 200 OK</d:status>"
3309 st
->is_directory
? "<d:collection/>" : "",
3314 static void print_dav_dir_entry(struct de
*de
, void *data
) {
3315 char href
[PATH_MAX
];
3316 struct mg_connection
*conn
= (struct mg_connection
*) data
;
3317 mg_snprintf(conn
, href
, sizeof(href
), "%s%s",
3318 conn
->request_info
.uri
, de
->file_name
);
3319 print_props(conn
, href
, &de
->st
);
3322 static void handle_propfind(struct mg_connection
*conn
, const char* path
,
3323 struct mgstat
* st
) {
3324 const char *depth
= mg_get_header(conn
, "Depth");
3326 conn
->request_info
.status_code
= 207;
3327 mg_printf(conn
, "HTTP/1.1 207 Multi-Status\r\n"
3328 "Connection: close\r\n"
3329 "Content-Type: text/xml; charset=utf-8\r\n\r\n");
3331 conn
->num_bytes_sent
+= mg_printf(conn
,
3332 "<?xml version=\"1.0\" encoding=\"utf-8\"?>"
3333 "<d:multistatus xmlns:d='DAV:'>\n");
3335 // Print properties for the requested resource itself
3336 print_props(conn
, conn
->request_info
.uri
, st
);
3338 // If it is a directory, print directory entries too if Depth is not 0
3339 if (st
->is_directory
&&
3340 !mg_strcasecmp(conn
->ctx
->config
[ENABLE_DIRECTORY_LISTING
], "yes") &&
3341 (depth
== NULL
|| strcmp(depth
, "0") != 0)) {
3342 scan_directory(conn
, path
, conn
, &print_dav_dir_entry
);
3345 conn
->num_bytes_sent
+= mg_printf(conn
, "%s\n", "</d:multistatus>");
3348 // This is the heart of the Mongoose's logic.
3349 // This function is called when the request is read, parsed and validated,
3350 // and Mongoose must decide what action to take: serve a file, or
3351 // a directory, or call embedded function, etcetera.
3352 static void handle_request(struct mg_connection
*conn
) {
3353 struct mg_request_info
*ri
= &conn
->request_info
;
3354 char path
[PATH_MAX
];
3358 if ((conn
->request_info
.query_string
= strchr(ri
->uri
, '?')) != NULL
) {
3359 * conn
->request_info
.query_string
++ = '\0';
3361 uri_len
= strlen(ri
->uri
);
3362 url_decode(ri
->uri
, (size_t)uri_len
, ri
->uri
, (size_t)(uri_len
+ 1), 0);
3363 remove_double_dots_and_double_slashes(ri
->uri
);
3364 convert_uri_to_file_name(conn
, ri
->uri
, path
, sizeof(path
));
3366 DEBUG_TRACE(("%s", ri
->uri
));
3367 if (!check_authorization(conn
, path
)) {
3368 send_authorization_request(conn
);
3369 } else if (call_user(conn
, MG_NEW_REQUEST
) != NULL
) {
3370 // Do nothing, callback has served the request
3371 } else if (!strcmp(ri
->request_method
, "OPTIONS")) {
3373 } else if (strstr(path
, PASSWORDS_FILE_NAME
)) {
3374 // Do not allow to view passwords files
3375 send_http_error(conn
, 403, "Forbidden", "Access Forbidden");
3376 } else if (conn
->ctx
->config
[DOCUMENT_ROOT
] == NULL
) {
3377 send_http_error(conn
, 404, "Not Found", "Not Found");
3378 } else if ((!strcmp(ri
->request_method
, "PUT") ||
3379 !strcmp(ri
->request_method
, "DELETE")) &&
3380 (conn
->ctx
->config
[PUT_DELETE_PASSWORDS_FILE
] == NULL
||
3381 !is_authorized_for_put(conn
))) {
3382 send_authorization_request(conn
);
3383 } else if (!strcmp(ri
->request_method
, "PUT")) {
3384 put_file(conn
, path
);
3385 } else if (!strcmp(ri
->request_method
, "DELETE")) {
3386 if (mg_remove(path
) == 0) {
3387 send_http_error(conn
, 200, "OK", "");
3389 send_http_error(conn
, 500, http_500_error
, "remove(%s): %s", path
,
3392 } else if (mg_stat(path
, &st
) != 0) {
3393 send_http_error(conn
, 404, "Not Found", "%s", "File not found");
3394 } else if (st
.is_directory
&& ri
->uri
[uri_len
- 1] != '/') {
3395 (void) mg_printf(conn
,
3396 "HTTP/1.1 301 Moved Permanently\r\n"
3397 "Location: %s/\r\n\r\n", ri
->uri
);
3398 } else if (!strcmp(ri
->request_method
, "PROPFIND")) {
3399 handle_propfind(conn
, path
, &st
);
3400 } else if (st
.is_directory
&&
3401 !substitute_index_file(conn
, path
, sizeof(path
), &st
)) {
3402 if (!mg_strcasecmp(conn
->ctx
->config
[ENABLE_DIRECTORY_LISTING
], "yes")) {
3403 handle_directory_request(conn
, path
);
3405 send_http_error(conn
, 403, "Directory Listing Denied",
3406 "Directory listing denied");
3408 #if !defined(NO_CGI)
3409 } else if (match_extension(path
, conn
->ctx
->config
[CGI_EXTENSIONS
])) {
3410 if (strcmp(ri
->request_method
, "POST") &&
3411 strcmp(ri
->request_method
, "GET")) {
3412 send_http_error(conn
, 501, "Not Implemented",
3413 "Method %s is not implemented", ri
->request_method
);
3415 handle_cgi_request(conn
, path
);
3418 } else if (match_extension(path
, conn
->ctx
->config
[SSI_EXTENSIONS
])) {
3419 handle_ssi_file_request(conn
, path
);
3420 } else if (is_not_modified(conn
, &st
)) {
3421 send_http_error(conn
, 304, "Not Modified", "");
3423 handle_file_request(conn
, path
, &st
);
3427 static void close_all_listening_sockets(struct mg_context
*ctx
) {
3428 struct socket
*sp
, *tmp
;
3429 for (sp
= ctx
->listening_sockets
; sp
!= NULL
; sp
= tmp
) {
3431 (void) closesocket(sp
->sock
);
3436 // Valid listening port specification is: [ip_address:]port[s|p]
3437 // Examples: 80, 443s, 127.0.0.1:3128p, 1.2.3.4:8080sp
3438 static int parse_port_string(const struct vec
*vec
, struct socket
*so
) {
3439 struct usa
*usa
= &so
->lsa
;
3440 int a
, b
, c
, d
, port
, len
;
3442 // MacOS needs that. If we do not zero it, subsequent bind() will fail.
3443 memset(so
, 0, sizeof(*so
));
3445 if (sscanf(vec
->ptr
, "%d.%d.%d.%d:%d%n", &a
, &b
, &c
, &d
, &port
, &len
) == 5) {
3446 // IP address to bind to is specified
3447 usa
->u
.sin
.sin_addr
.s_addr
= htonl((a
<< 24) | (b
<< 16) | (c
<< 8) | d
);
3448 } else if (sscanf(vec
->ptr
, "%d%n", &port
, &len
) == 1) {
3449 // Only port number is specified. Bind to all addresses
3450 usa
->u
.sin
.sin_addr
.s_addr
= htonl(INADDR_ANY
);
3454 assert(len
> 0 && len
<= (int) vec
->len
);
3456 if (strchr("sp,", vec
->ptr
[len
]) == NULL
) {
3460 so
->is_ssl
= vec
->ptr
[len
] == 's';
3461 so
->is_proxy
= vec
->ptr
[len
] == 'p';
3462 usa
->len
= sizeof(usa
->u
.sin
);
3463 usa
->u
.sin
.sin_family
= AF_INET
;
3464 usa
->u
.sin
.sin_port
= htons((uint16_t) port
);
3469 static int set_ports_option(struct mg_context
*ctx
) {
3470 const char *list
= ctx
->config
[LISTENING_PORTS
];
3471 int on
= 1, success
= 1;
3474 struct socket so
, *listener
;
3476 while (success
&& (list
= next_option(list
, &vec
, NULL
)) != NULL
) {
3477 if (!parse_port_string(&vec
, &so
)) {
3478 cry(fc(ctx
), "%s: %.*s: invalid port spec. Expecting list of: %s",
3479 __func__
, (int) vec
.len
, vec
.ptr
, "[IP_ADDRESS:]PORT[s|p]");
3481 } else if (so
.is_ssl
&& ctx
->ssl_ctx
== NULL
) {
3482 cry(fc(ctx
), "Cannot add SSL socket, is -ssl_certificate option set?");
3484 } else if ((sock
= socket(PF_INET
, SOCK_STREAM
, 6)) == INVALID_SOCKET
||
3485 #if !defined(_WIN32)
3486 // On Windows, SO_REUSEADDR is recommended only for
3487 // broadcast UDP sockets
3488 setsockopt(sock
, SOL_SOCKET
, SO_REUSEADDR
, &on
,
3491 // Set TCP keep-alive. This is needed because if HTTP-level
3492 // keep-alive is enabled, and client resets the connection,
3493 // server won't get TCP FIN or RST and will keep the connection
3494 // open forever. With TCP keep-alive, next keep-alive
3495 // handshake will figure out that the client is down and
3496 // will close the server end.
3497 // Thanks to Igor Klopov who suggested the patch.
3498 setsockopt(sock
, SOL_SOCKET
, SO_KEEPALIVE
, (const char*) &on
,
3500 bind(sock
, &so
.lsa
.u
.sa
, so
.lsa
.len
) != 0 ||
3501 listen(sock
, 100) != 0) {
3503 cry(fc(ctx
), "%s: cannot bind to %.*s: %s", __func__
,
3504 (int) vec
.len
, vec
.ptr
, strerror(ERRNO
));
3506 } else if ((listener
= (struct socket
*)
3507 calloc(1, sizeof(*listener
))) == NULL
) {
3509 cry(fc(ctx
), "%s: %s", __func__
, strerror(ERRNO
));
3513 listener
->sock
= sock
;
3514 set_close_on_exec(listener
->sock
);
3515 listener
->next
= ctx
->listening_sockets
;
3516 ctx
->listening_sockets
= listener
;
3521 close_all_listening_sockets(ctx
);
3527 static void log_header(const struct mg_connection
*conn
, const char *header
,
3529 const char *header_value
;
3531 if ((header_value
= mg_get_header(conn
, header
)) == NULL
) {
3532 (void) fprintf(fp
, "%s", " -");
3534 (void) fprintf(fp
, " \"%s\"", header_value
);
3538 static void log_access(const struct mg_connection
*conn
) {
3539 const struct mg_request_info
*ri
;
3543 fp
= conn
->ctx
->config
[ACCESS_LOG_FILE
] == NULL
? NULL
:
3544 mg_fopen(conn
->ctx
->config
[ACCESS_LOG_FILE
], "a+");
3549 (void) strftime(date
, sizeof(date
), "%d/%b/%Y:%H:%M:%S %z",
3550 localtime(&conn
->birth_time
));
3552 ri
= &conn
->request_info
;
3557 "%s - %s [%s] \"%s %s HTTP/%s\" %d %" INT64_FMT
,
3558 inet_ntoa(conn
->client
.rsa
.u
.sin
.sin_addr
),
3559 ri
->remote_user
== NULL
? "-" : ri
->remote_user
,
3561 ri
->request_method
? ri
->request_method
: "-",
3562 ri
->uri
? ri
->uri
: "-",
3564 conn
->request_info
.status_code
, conn
->num_bytes_sent
);
3565 log_header(conn
, "Referer", fp
);
3566 log_header(conn
, "User-Agent", fp
);
3567 (void) fputc('\n', fp
);
3574 static int isbyte(int n
) {
3575 return n
>= 0 && n
<= 255;
3578 // Verify given socket address against the ACL.
3579 // Return -1 if ACL is malformed, 0 if address is disallowed, 1 if allowed.
3580 static int check_acl(struct mg_context
*ctx
, const struct usa
*usa
) {
3581 int a
, b
, c
, d
, n
, mask
, allowed
;
3583 uint32_t acl_subnet
, acl_mask
, remote_ip
;
3585 const char *list
= ctx
->config
[ACCESS_CONTROL_LIST
];
3591 (void) memcpy(&remote_ip
, &usa
->u
.sin
.sin_addr
, sizeof(remote_ip
));
3593 // If any ACL is set, deny by default
3596 while ((list
= next_option(list
, &vec
, NULL
)) != NULL
) {
3599 if (sscanf(vec
.ptr
, "%c%d.%d.%d.%d%n", &flag
, &a
, &b
, &c
, &d
, &n
) != 5) {
3600 cry(fc(ctx
), "%s: subnet must be [+|-]x.x.x.x[/x]", __func__
);
3602 } else if (flag
!= '+' && flag
!= '-') {
3603 cry(fc(ctx
), "%s: flag must be + or -: [%s]", __func__
, vec
.ptr
);
3605 } else if (!isbyte(a
)||!isbyte(b
)||!isbyte(c
)||!isbyte(d
)) {
3606 cry(fc(ctx
), "%s: bad ip address: [%s]", __func__
, vec
.ptr
);
3608 } else if (sscanf(vec
.ptr
+ n
, "/%d", &mask
) == 0) {
3609 // Do nothing, no mask specified
3610 } else if (mask
< 0 || mask
> 32) {
3611 cry(fc(ctx
), "%s: bad subnet mask: %d [%s]", __func__
, n
, vec
.ptr
);
3615 acl_subnet
= (a
<< 24) | (b
<< 16) | (c
<< 8) | d
;
3616 acl_mask
= mask
? 0xffffffffU
<< (32 - mask
) : 0;
3618 if (acl_subnet
== (ntohl(remote_ip
) & acl_mask
)) {
3623 return allowed
== '+';
3626 static void add_to_set(SOCKET fd
, fd_set
*set
, int *max_fd
) {
3628 if (fd
> (SOCKET
) *max_fd
) {
3633 #if !defined(_WIN32)
3634 static int set_uid_option(struct mg_context
*ctx
) {
3636 const char *uid
= ctx
->config
[RUN_AS_USER
];
3642 if ((pw
= getpwnam(uid
)) == NULL
) {
3643 cry(fc(ctx
), "%s: unknown user [%s]", __func__
, uid
);
3644 } else if (setgid(pw
->pw_gid
) == -1) {
3645 cry(fc(ctx
), "%s: setgid(%s): %s", __func__
, uid
, strerror(errno
));
3646 } else if (setuid(pw
->pw_uid
) == -1) {
3647 cry(fc(ctx
), "%s: setuid(%s): %s", __func__
, uid
, strerror(errno
));
3657 #if !defined(NO_SSL)
3658 static pthread_mutex_t
*ssl_mutexes
;
3660 static void ssl_locking_callback(int mode
, int mutex_num
, const char *file
,
3663 file
= NULL
; // Unused
3665 if (mode
& CRYPTO_LOCK
) {
3666 (void) pthread_mutex_lock(&ssl_mutexes
[mutex_num
]);
3668 (void) pthread_mutex_unlock(&ssl_mutexes
[mutex_num
]);
3672 static unsigned long ssl_id_callback(void) {
3673 return (unsigned long) pthread_self();
3676 #if !defined(NO_SSL_DL)
3677 static int load_dll(struct mg_context
*ctx
, const char *dll_name
,
3678 struct ssl_func
*sw
) {
3679 union {void *p
; void (*fp
)(void);} u
;
3681 struct ssl_func
*fp
;
3683 if ((dll_handle
= dlopen(dll_name
, RTLD_LAZY
)) == NULL
) {
3684 cry(fc(ctx
), "%s: cannot load %s", __func__
, dll_name
);
3688 for (fp
= sw
; fp
->name
!= NULL
; fp
++) {
3690 // GetProcAddress() returns pointer to function
3691 u
.fp
= (void (*)(void)) dlsym(dll_handle
, fp
->name
);
3693 // dlsym() on UNIX returns void *. ISO C forbids casts of data pointers to
3694 // function pointers. We need to use a union to make a cast.
3695 u
.p
= dlsym(dll_handle
, fp
->name
);
3698 cry(fc(ctx
), "%s: %s: cannot find %s", __func__
, dll_name
, fp
->name
);
3709 // Dynamically load SSL library. Set up ctx->ssl_ctx pointer.
3710 static int set_ssl_option(struct mg_context
*ctx
) {
3711 struct mg_request_info request_info
;
3714 const char *pem
= ctx
->config
[SSL_CERTIFICATE
];
3715 const char *chain
= ctx
->config
[SSL_CHAIN_FILE
];
3721 #if !defined(NO_SSL_DL)
3722 if (!load_dll(ctx
, SSL_LIB
, ssl_sw
) ||
3723 !load_dll(ctx
, CRYPTO_LIB
, crypto_sw
)) {
3728 // Initialize SSL crap
3730 SSL_load_error_strings();
3732 if ((CTX
= SSL_CTX_new(SSLv23_server_method())) == NULL
) {
3733 cry(fc(ctx
), "SSL_CTX_new error: %s", ssl_error());
3734 } else if (ctx
->user_callback
!= NULL
) {
3735 memset(&request_info
, 0, sizeof(request_info
));
3736 request_info
.user_data
= ctx
->user_data
;
3737 ctx
->user_callback(MG_INIT_SSL
, (struct mg_connection
*) CTX
,
3741 if (CTX
!= NULL
&& SSL_CTX_use_certificate_file(CTX
, pem
,
3742 SSL_FILETYPE_PEM
) == 0) {
3743 cry(fc(ctx
), "%s: cannot open %s: %s", __func__
, pem
, ssl_error());
3745 } else if (CTX
!= NULL
&& SSL_CTX_use_PrivateKey_file(CTX
, pem
,
3746 SSL_FILETYPE_PEM
) == 0) {
3747 cry(fc(ctx
), "%s: cannot open %s: %s", NULL
, pem
, ssl_error());
3751 if (CTX
!= NULL
&& chain
!= NULL
&&
3752 SSL_CTX_use_certificate_chain_file(CTX
, chain
) == 0) {
3753 cry(fc(ctx
), "%s: cannot open %s: %s", NULL
, chain
, ssl_error());
3757 // Initialize locking callbacks, needed for thread safety.
3758 // http://www.openssl.org/support/faq.html#PROG1
3759 size
= sizeof(pthread_mutex_t
) * CRYPTO_num_locks();
3760 if ((ssl_mutexes
= (pthread_mutex_t
*) malloc((size_t)size
)) == NULL
) {
3761 cry(fc(ctx
), "%s: cannot allocate mutexes: %s", __func__
, ssl_error());
3765 for (i
= 0; i
< CRYPTO_num_locks(); i
++) {
3766 pthread_mutex_init(&ssl_mutexes
[i
], NULL
);
3769 CRYPTO_set_locking_callback(&ssl_locking_callback
);
3770 CRYPTO_set_id_callback(&ssl_id_callback
);
3772 // Done with everything. Save the context.
3778 static void uninitialize_ssl(struct mg_context
*ctx
) {
3780 if (ctx
->ssl_ctx
!= NULL
) {
3781 CRYPTO_set_locking_callback(NULL
);
3782 for (i
= 0; i
< CRYPTO_num_locks(); i
++) {
3783 pthread_mutex_destroy(&ssl_mutexes
[i
]);
3785 CRYPTO_set_locking_callback(NULL
);
3786 CRYPTO_set_id_callback(NULL
);
3791 static int set_gpass_option(struct mg_context
*ctx
) {
3792 struct mgstat mgstat
;
3793 const char *path
= ctx
->config
[GLOBAL_PASSWORDS_FILE
];
3794 return path
== NULL
|| mg_stat(path
, &mgstat
) == 0;
3797 static int set_acl_option(struct mg_context
*ctx
) {
3799 return check_acl(ctx
, &fake
) != -1;
3802 static void reset_per_request_attributes(struct mg_connection
*conn
) {
3803 struct mg_request_info
*ri
= &conn
->request_info
;
3805 // Reset request info attributes. DO NOT TOUCH is_ssl, remote_ip, remote_port
3806 if (ri
->remote_user
!= NULL
) {
3807 free((void *) ri
->remote_user
);
3809 ri
->remote_user
= ri
->request_method
= ri
->uri
= ri
->http_version
= NULL
;
3810 ri
->num_headers
= 0;
3811 ri
->status_code
= -1;
3813 conn
->num_bytes_sent
= conn
->consumed_content
= 0;
3814 conn
->content_len
= -1;
3815 conn
->request_len
= conn
->data_len
= 0;
3818 static void close_socket_gracefully(SOCKET sock
) {
3820 struct linger linger
;
3823 // Set linger option to avoid socket hanging out after close. This prevent
3824 // ephemeral port exhaust problem under high QPS.
3826 linger
.l_linger
= 1;
3827 setsockopt(sock
, SOL_SOCKET
, SO_LINGER
, (const char *) &linger
, sizeof(linger
));
3829 // Send FIN to the client
3830 (void) shutdown(sock
, SHUT_WR
);
3831 set_non_blocking_mode(sock
);
3833 // Read and discard pending data. If we do not do that and close the
3834 // socket, the data in the send buffer may be discarded. This
3835 // behaviour is seen on Windows, when client keeps sending data
3836 // when server decide to close the connection; then when client
3837 // does recv() it gets no data back.
3839 n
= pull(NULL
, sock
, NULL
, buf
, sizeof(buf
));
3842 // Now we know that our FIN is ACK-ed, safe to close
3843 (void) closesocket(sock
);
3846 static void close_connection(struct mg_connection
*conn
) {
3848 SSL_free(conn
->ssl
);
3852 if (conn
->client
.sock
!= INVALID_SOCKET
) {
3853 close_socket_gracefully(conn
->client
.sock
);
3857 static void discard_current_request_from_buffer(struct mg_connection
*conn
) {
3859 int buffered_len
, body_len
;
3861 buffered
= conn
->buf
+ conn
->request_len
;
3862 buffered_len
= conn
->data_len
- conn
->request_len
;
3863 assert(buffered_len
>= 0);
3865 if (conn
->content_len
== -1) {
3867 } else if (conn
->content_len
< (int64_t) buffered_len
) {
3868 body_len
= (int) conn
->content_len
;
3870 body_len
= buffered_len
;
3873 conn
->data_len
-= conn
->request_len
+ body_len
;
3874 memmove(conn
->buf
, conn
->buf
+ conn
->request_len
+ body_len
,
3875 (size_t) conn
->data_len
);
3878 static int parse_url(const char *url
, char *host
, int *port
) {
3881 if (sscanf(url
, "%*[htps]://%1024[^:]:%d%n", host
, port
, &len
) == 2 ||
3882 sscanf(url
, "%1024[^:]:%d%n", host
, port
, &len
) == 2) {
3883 } else if (sscanf(url
, "%*[htps]://%1024[^/]%n", host
, &len
) == 1) {
3886 sscanf(url
, "%1024[^/]%n", host
, &len
);
3889 DEBUG_TRACE(("Host:%s, port:%d", host
, *port
));
3894 static void handle_proxy_request(struct mg_connection
*conn
) {
3895 struct mg_request_info
*ri
= &conn
->request_info
;
3896 char host
[1025], buf
[BUFSIZ
];
3897 int port
, is_ssl
, len
, i
, n
;
3899 DEBUG_TRACE(("URL: %s", ri
->uri
));
3900 if (ri
->uri
== NULL
||
3901 ri
->uri
[0] == '/' ||
3902 (len
= parse_url(ri
->uri
, host
, &port
)) == 0) {
3906 if (conn
->peer
== NULL
) {
3907 is_ssl
= !strcmp(ri
->request_method
, "CONNECT");
3908 if ((conn
->peer
= mg_connect(conn
, host
, port
, is_ssl
)) == NULL
) {
3911 conn
->peer
->client
.is_ssl
= is_ssl
;
3914 // Forward client's request to the target
3915 mg_printf(conn
->peer
, "%s %s HTTP/%s\r\n", ri
->request_method
, ri
->uri
+ len
,
3918 // And also all headers. TODO(lsm): anonymize!
3919 for (i
= 0; i
< ri
->num_headers
; i
++) {
3920 mg_printf(conn
->peer
, "%s: %s\r\n", ri
->http_headers
[i
].name
,
3921 ri
->http_headers
[i
].value
);
3923 // End of headers, final newline
3924 mg_write(conn
->peer
, "\r\n", 2);
3926 // Read and forward body data if any
3927 if (!strcmp(ri
->request_method
, "POST")) {
3928 forward_body_data(conn
, NULL
, conn
->peer
->client
.sock
, conn
->peer
->ssl
);
3931 // Read data from the target and forward it to the client
3932 while ((n
= pull(NULL
, conn
->peer
->client
.sock
, conn
->peer
->ssl
,
3933 buf
, sizeof(buf
))) > 0) {
3934 if (mg_write(conn
, buf
, (size_t)n
) != n
) {
3939 if (!conn
->peer
->client
.is_ssl
) {
3940 close_connection(conn
->peer
);
3946 static int is_valid_uri(const char *uri
) {
3947 // Conform to http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
3948 // URI can be an asterisk (*) or should start with slash.
3949 return (uri
[0] == '/' || (uri
[0] == '*' && uri
[1] == '\0'));
3952 static void process_new_connection(struct mg_connection
*conn
) {
3953 struct mg_request_info
*ri
= &conn
->request_info
;
3954 int keep_alive_enabled
;
3957 keep_alive_enabled
= !strcmp(conn
->ctx
->config
[ENABLE_KEEP_ALIVE
], "yes");
3960 reset_per_request_attributes(conn
);
3962 // If next request is not pipelined, read it in
3963 if ((conn
->request_len
= get_request_len(conn
->buf
, conn
->data_len
)) == 0) {
3964 conn
->request_len
= read_request(NULL
, conn
->client
.sock
, conn
->ssl
,
3965 conn
->buf
, conn
->buf_size
, &conn
->data_len
);
3967 assert(conn
->data_len
>= conn
->request_len
);
3968 if (conn
->request_len
== 0 && conn
->data_len
== conn
->buf_size
) {
3969 send_http_error(conn
, 413, "Request Too Large", "");
3971 } if (conn
->request_len
<= 0) {
3972 return; // Remote end closed the connection
3975 // Nul-terminate the request cause parse_http_request() uses sscanf
3976 conn
->buf
[conn
->request_len
- 1] = '\0';
3977 if (!parse_http_request(conn
->buf
, ri
) ||
3978 (!conn
->client
.is_proxy
&& !is_valid_uri(ri
->uri
))) {
3979 // Do not put garbage in the access log, just send it back to the client
3980 send_http_error(conn
, 400, "Bad Request",
3981 "Cannot parse HTTP request: [%.*s]", conn
->data_len
, conn
->buf
);
3982 } else if (strcmp(ri
->http_version
, "1.0") &&
3983 strcmp(ri
->http_version
, "1.1")) {
3984 // Request seems valid, but HTTP version is strange
3985 send_http_error(conn
, 505, "HTTP version not supported", "");
3988 // Request is valid, handle it
3989 cl
= get_header(ri
, "Content-Length");
3990 conn
->content_len
= cl
== NULL
? -1 : strtoll(cl
, NULL
, 10);
3991 conn
->birth_time
= time(NULL
);
3992 if (conn
->client
.is_proxy
) {
3993 handle_proxy_request(conn
);
3995 handle_request(conn
);
3998 discard_current_request_from_buffer(conn
);
4000 // conn->peer is not NULL only for SSL-ed proxy connections
4001 } while (conn
->ctx
->stop_flag
== 0 &&
4002 (conn
->peer
|| (keep_alive_enabled
&& should_keep_alive(conn
))));
4005 // Worker threads take accepted socket from the queue
4006 static int consume_socket(struct mg_context
*ctx
, struct socket
*sp
) {
4007 (void) pthread_mutex_lock(&ctx
->mutex
);
4008 DEBUG_TRACE(("going idle"));
4010 // If the queue is empty, wait. We're idle at this point.
4011 while (ctx
->sq_head
== ctx
->sq_tail
&& ctx
->stop_flag
== 0) {
4012 pthread_cond_wait(&ctx
->sq_full
, &ctx
->mutex
);
4015 // If we're stopping, sq_head may be equal to sq_tail.
4016 if (ctx
->sq_head
> ctx
->sq_tail
) {
4017 // Copy socket from the queue and increment tail
4018 *sp
= ctx
->queue
[ctx
->sq_tail
% ARRAY_SIZE(ctx
->queue
)];
4020 DEBUG_TRACE(("grabbed socket %d, going busy", sp
->sock
));
4022 // Wrap pointers if needed
4023 while (ctx
->sq_tail
> (int) ARRAY_SIZE(ctx
->queue
)) {
4024 ctx
->sq_tail
-= ARRAY_SIZE(ctx
->queue
);
4025 ctx
->sq_head
-= ARRAY_SIZE(ctx
->queue
);
4029 (void) pthread_cond_signal(&ctx
->sq_empty
);
4030 (void) pthread_mutex_unlock(&ctx
->mutex
);
4032 return !ctx
->stop_flag
;
4035 static void worker_thread(struct mg_context
*ctx
) {
4036 struct mg_connection
*conn
;
4037 int buf_size
= atoi(ctx
->config
[MAX_REQUEST_SIZE
]);
4039 conn
= (struct mg_connection
*) calloc(1, sizeof(*conn
) + buf_size
);
4040 conn
->buf_size
= buf_size
;
4041 conn
->buf
= (char *) (conn
+ 1);
4042 assert(conn
!= NULL
);
4044 // Call consume_socket() even when ctx->stop_flag > 0, to let it signal
4045 // sq_empty condvar to wake up the master waiting in produce_socket()
4046 while (consume_socket(ctx
, &conn
->client
)) {
4047 conn
->birth_time
= time(NULL
);
4050 // Fill in IP, port info early so even if SSL setup below fails,
4051 // error handler would have the corresponding info.
4052 // Thanks to Johannes Winkelmann for the patch.
4053 conn
->request_info
.remote_port
= ntohs(conn
->client
.rsa
.u
.sin
.sin_port
);
4054 memcpy(&conn
->request_info
.remote_ip
,
4055 &conn
->client
.rsa
.u
.sin
.sin_addr
.s_addr
, 4);
4056 conn
->request_info
.remote_ip
= ntohl(conn
->request_info
.remote_ip
);
4057 conn
->request_info
.is_ssl
= conn
->client
.is_ssl
;
4059 if (!conn
->client
.is_ssl
||
4060 (conn
->client
.is_ssl
&& sslize(conn
, SSL_accept
))) {
4061 process_new_connection(conn
);
4064 close_connection(conn
);
4068 // Signal master that we're done with connection and exiting
4069 (void) pthread_mutex_lock(&ctx
->mutex
);
4071 (void) pthread_cond_signal(&ctx
->cond
);
4072 assert(ctx
->num_threads
>= 0);
4073 (void) pthread_mutex_unlock(&ctx
->mutex
);
4075 DEBUG_TRACE(("exiting"));
4078 // Master thread adds accepted socket to a queue
4079 static void produce_socket(struct mg_context
*ctx
, const struct socket
*sp
) {
4080 (void) pthread_mutex_lock(&ctx
->mutex
);
4082 // If the queue is full, wait
4083 while (ctx
->stop_flag
== 0 &&
4084 ctx
->sq_head
- ctx
->sq_tail
>= (int) ARRAY_SIZE(ctx
->queue
)) {
4085 (void) pthread_cond_wait(&ctx
->sq_empty
, &ctx
->mutex
);
4088 if (ctx
->sq_head
- ctx
->sq_tail
< (int) ARRAY_SIZE(ctx
->queue
)) {
4089 // Copy socket to the queue and increment head
4090 ctx
->queue
[ctx
->sq_head
% ARRAY_SIZE(ctx
->queue
)] = *sp
;
4092 DEBUG_TRACE(("queued socket %d", sp
->sock
));
4095 (void) pthread_cond_signal(&ctx
->sq_full
);
4096 (void) pthread_mutex_unlock(&ctx
->mutex
);
4099 static void accept_new_connection(const struct socket
*listener
,
4100 struct mg_context
*ctx
) {
4101 struct socket accepted
;
4104 accepted
.rsa
.len
= sizeof(accepted
.rsa
.u
.sin
);
4105 accepted
.lsa
= listener
->lsa
;
4106 accepted
.sock
= accept(listener
->sock
, &accepted
.rsa
.u
.sa
, &accepted
.rsa
.len
);
4107 if (accepted
.sock
!= INVALID_SOCKET
) {
4108 allowed
= check_acl(ctx
, &accepted
.rsa
);
4110 // Put accepted socket structure into the queue
4111 DEBUG_TRACE(("accepted socket %d", accepted
.sock
));
4112 accepted
.is_ssl
= listener
->is_ssl
;
4113 accepted
.is_proxy
= listener
->is_proxy
;
4114 produce_socket(ctx
, &accepted
);
4116 cry(fc(ctx
), "%s: %s is not allowed to connect",
4117 __func__
, inet_ntoa(accepted
.rsa
.u
.sin
.sin_addr
));
4118 (void) closesocket(accepted
.sock
);
4123 static void master_thread(struct mg_context
*ctx
) {
4129 while (ctx
->stop_flag
== 0) {
4133 // Add listening sockets to the read set
4134 for (sp
= ctx
->listening_sockets
; sp
!= NULL
; sp
= sp
->next
) {
4135 add_to_set(sp
->sock
, &read_set
, &max_fd
);
4139 tv
.tv_usec
= 200 * 1000;
4141 if (select(max_fd
+ 1, &read_set
, NULL
, NULL
, &tv
) < 0) {
4143 // On windows, if read_set and write_set are empty,
4144 // select() returns "Invalid parameter" error
4145 // (at least on my Windows XP Pro). So in this case, we sleep here.
4149 for (sp
= ctx
->listening_sockets
; sp
!= NULL
; sp
= sp
->next
) {
4150 if (ctx
->stop_flag
== 0 && FD_ISSET(sp
->sock
, &read_set
)) {
4151 accept_new_connection(sp
, ctx
);
4156 DEBUG_TRACE(("stopping workers"));
4158 // Stop signal received: somebody called mg_stop. Quit.
4159 close_all_listening_sockets(ctx
);
4161 // Wakeup workers that are waiting for connections to handle.
4162 pthread_cond_broadcast(&ctx
->sq_full
);
4164 // Wait until all threads finish
4165 (void) pthread_mutex_lock(&ctx
->mutex
);
4166 while (ctx
->num_threads
> 0) {
4167 (void) pthread_cond_wait(&ctx
->cond
, &ctx
->mutex
);
4169 (void) pthread_mutex_unlock(&ctx
->mutex
);
4171 // All threads exited, no sync is needed. Destroy mutex and condvars
4172 (void) pthread_mutex_destroy(&ctx
->mutex
);
4173 (void) pthread_cond_destroy(&ctx
->cond
);
4174 (void) pthread_cond_destroy(&ctx
->sq_empty
);
4175 (void) pthread_cond_destroy(&ctx
->sq_full
);
4177 #if !defined(NO_SSL)
4178 uninitialize_ssl(ctx
);
4181 // Signal mg_stop() that we're done
4184 DEBUG_TRACE(("exiting"));
4187 static void free_context(struct mg_context
*ctx
) {
4190 // Deallocate config parameters
4191 for (i
= 0; i
< NUM_OPTIONS
; i
++) {
4192 if (ctx
->config
[i
] != NULL
)
4193 free(ctx
->config
[i
]);
4196 // Deallocate SSL context
4197 if (ctx
->ssl_ctx
!= NULL
) {
4198 SSL_CTX_free(ctx
->ssl_ctx
);
4201 if (ssl_mutexes
!= NULL
) {
4206 // Deallocate context itself
4210 void mg_stop(struct mg_context
*ctx
) {
4213 // Wait until mg_fini() stops
4214 while (ctx
->stop_flag
!= 2) {
4219 #if defined(_WIN32) && !defined(__SYMBIAN32__)
4220 (void) WSACleanup();
4224 struct mg_context
*mg_start(mg_callback_t user_callback
, void *user_data
,
4225 const char **options
) {
4226 struct mg_context
*ctx
;
4227 const char *name
, *value
, *default_value
;
4230 #if defined(_WIN32) && !defined(__SYMBIAN32__)
4232 WSAStartup(MAKEWORD(2,2), &data
);
4235 // Allocate context and initialize reasonable general case defaults.
4236 // TODO(lsm): do proper error handling here.
4237 ctx
= (struct mg_context
*) calloc(1, sizeof(*ctx
));
4238 ctx
->user_callback
= user_callback
;
4239 ctx
->user_data
= user_data
;
4241 while (options
&& (name
= *options
++) != NULL
) {
4242 if ((i
= get_option_index(name
)) == -1) {
4243 cry(fc(ctx
), "Invalid option: %s", name
);
4246 } else if ((value
= *options
++) == NULL
) {
4247 cry(fc(ctx
), "%s: option value cannot be NULL", name
);
4251 ctx
->config
[i
] = mg_strdup(value
);
4252 DEBUG_TRACE(("[%s] -> [%s]", name
, value
));
4255 // Set default value if needed
4256 for (i
= 0; config_options
[i
* ENTRIES_PER_CONFIG_OPTION
] != NULL
; i
++) {
4257 default_value
= config_options
[i
* ENTRIES_PER_CONFIG_OPTION
+ 2];
4258 if (ctx
->config
[i
] == NULL
&& default_value
!= NULL
) {
4259 ctx
->config
[i
] = mg_strdup(default_value
);
4260 DEBUG_TRACE(("Setting default: [%s] -> [%s]",
4261 config_options
[i
* ENTRIES_PER_CONFIG_OPTION
+ 1],
4266 // NOTE(lsm): order is important here. SSL certificates must
4267 // be initialized before listening ports. UID must be set last.
4268 if (!set_gpass_option(ctx
) ||
4269 #if !defined(NO_SSL)
4270 !set_ssl_option(ctx
) ||
4272 !set_ports_option(ctx
) ||
4273 #if !defined(_WIN32)
4274 !set_uid_option(ctx
) ||
4276 !set_acl_option(ctx
)) {
4281 #if !defined(_WIN32) && !defined(__SYMBIAN32__)
4282 // Ignore SIGPIPE signal, so if browser cancels the request, it
4283 // won't kill the whole process.
4284 (void) signal(SIGPIPE
, SIG_IGN
);
4285 // Also ignoring SIGCHLD to let the OS to reap zombies properly.
4286 (void) signal(SIGCHLD
, SIG_IGN
);
4289 (void) pthread_mutex_init(&ctx
->mutex
, NULL
);
4290 (void) pthread_cond_init(&ctx
->cond
, NULL
);
4291 (void) pthread_cond_init(&ctx
->sq_empty
, NULL
);
4292 (void) pthread_cond_init(&ctx
->sq_full
, NULL
);
4294 // Start master (listening) thread
4295 start_thread(ctx
, (mg_thread_func_t
) master_thread
, ctx
);
4297 // Start worker threads
4298 for (i
= 0; i
< atoi(ctx
->config
[NUM_THREADS
]); i
++) {
4299 if (start_thread(ctx
, (mg_thread_func_t
) worker_thread
, ctx
) != 0) {
4300 cry(fc(ctx
), "Cannot start worker thread: %d", ERRNO
);