search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
validate return values from strtol, strtoul (fixes #2564)
[lighttpd.git] / src / mod_webdav.c
blobc9365cd328de875fbd44273dbe7ddd9c72148b28
1 #include "first.h"
2
3 #include "base.h"
4 #include "log.h"
5 #include "buffer.h"
6 #include "response.h"
7
8 #include "plugin.h"
9
10 #include "stream.h"
11 #include "stat_cache.h"
12
13 #include "sys-mmap.h"
14
15 #include <sys/types.h>
16 #include <sys/stat.h>
17 #include <ctype.h>
18 #include <stdlib.h>
19 #include <string.h>
20 #include <errno.h>
21 #include <fcntl.h>
22 #include <stdio.h>
23 #include <assert.h>
24
25 #include <unistd.h>
26 #include <dirent.h>
27
28 #if defined(HAVE_LIBXML_H) && defined(HAVE_SQLITE3_H)
29 #define USE_PROPPATCH
30 #include <libxml/tree.h>
31 #include <libxml/parser.h>
32
33 #include <sqlite3.h>
34 #endif
35
36 #if defined(HAVE_LIBXML_H) && defined(HAVE_SQLITE3_H) && defined(HAVE_UUID_UUID_H)
37 #define USE_LOCKS
38 #include <uuid/uuid.h>
39 #endif
40
41 /**
42 * this is a webdav for a lighttpd plugin
43 *
44 * at least a very basic one.
45 * - for now it is read-only and we only support PROPFIND
46 *
47 */
48
49 #define WEBDAV_FILE_MODE S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH
50 #define WEBDAV_DIR_MODE S_IRWXU | S_IRWXG | S_IRWXO
51
52 /* plugin config for all request/connections */
53
54 typedef struct {
55 unsigned short enabled;
56 unsigned short is_readonly;
57 unsigned short log_xml;
58
59 buffer *sqlite_db_name;
60 #ifdef USE_PROPPATCH
61 sqlite3 *sql;
62 sqlite3_stmt *stmt_update_prop;
63 sqlite3_stmt *stmt_delete_prop;
64 sqlite3_stmt *stmt_select_prop;
65 sqlite3_stmt *stmt_select_propnames;
66
67 sqlite3_stmt *stmt_delete_uri;
68 sqlite3_stmt *stmt_move_uri;
69 sqlite3_stmt *stmt_copy_uri;
70
71 sqlite3_stmt *stmt_remove_lock;
72 sqlite3_stmt *stmt_create_lock;
73 sqlite3_stmt *stmt_read_lock;
74 sqlite3_stmt *stmt_read_lock_by_uri;
75 sqlite3_stmt *stmt_refresh_lock;
76 #endif
77 } plugin_config;
78
79 typedef struct {
80 PLUGIN_DATA;
81
82 buffer *tmp_buf;
83 request_uri uri;
84 physical physical;
85
86 plugin_config **config_storage;
87
88 plugin_config conf;
89 } plugin_data;
90
91 /* init the plugin data */
92 INIT_FUNC(mod_webdav_init) {
93 plugin_data *p;
94
95 p = calloc(1, sizeof(*p));
96
97 p->tmp_buf = buffer_init();
98
99 p->uri.scheme = buffer_init();
100 p->uri.path_raw = buffer_init();
101 p->uri.path = buffer_init();
102 p->uri.authority = buffer_init();
103
104 p->physical.path = buffer_init();
105 p->physical.rel_path = buffer_init();
106 p->physical.doc_root = buffer_init();
107 p->physical.basedir = buffer_init();
108
109 return p;
110 }
111
112 /* detroy the plugin data */
113 FREE_FUNC(mod_webdav_free) {
114 plugin_data *p = p_d;
115
116 UNUSED(srv);
117
118 if (!p) return HANDLER_GO_ON;
119
120 if (p->config_storage) {
121 size_t i;
122 for (i = 0; i < srv->config_context->used; i++) {
123 plugin_config *s = p->config_storage[i];
124
125 if (NULL == s) continue;
126
127 buffer_free(s->sqlite_db_name);
128 #ifdef USE_PROPPATCH
129 if (s->sql) {
130 sqlite3_finalize(s->stmt_delete_prop);
131 sqlite3_finalize(s->stmt_delete_uri);
132 sqlite3_finalize(s->stmt_copy_uri);
133 sqlite3_finalize(s->stmt_move_uri);
134 sqlite3_finalize(s->stmt_update_prop);
135 sqlite3_finalize(s->stmt_select_prop);
136 sqlite3_finalize(s->stmt_select_propnames);
137
138 sqlite3_finalize(s->stmt_read_lock);
139 sqlite3_finalize(s->stmt_read_lock_by_uri);
140 sqlite3_finalize(s->stmt_create_lock);
141 sqlite3_finalize(s->stmt_remove_lock);
142 sqlite3_finalize(s->stmt_refresh_lock);
143 sqlite3_close(s->sql);
144 }
145 #endif
146 free(s);
147 }
148 free(p->config_storage);
149 }
150
151 buffer_free(p->uri.scheme);
152 buffer_free(p->uri.path_raw);
153 buffer_free(p->uri.path);
154 buffer_free(p->uri.authority);
155
156 buffer_free(p->physical.path);
157 buffer_free(p->physical.rel_path);
158 buffer_free(p->physical.doc_root);
159 buffer_free(p->physical.basedir);
160
161 buffer_free(p->tmp_buf);
162
163 free(p);
164
165 return HANDLER_GO_ON;
166 }
167
168 /* handle plugin config and check values */
169
170 SETDEFAULTS_FUNC(mod_webdav_set_defaults) {
171 plugin_data *p = p_d;
172 size_t i = 0;
173
174 config_values_t cv[] = {
175 { "webdav.activate", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
176 { "webdav.is-readonly", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
177 { "webdav.sqlite-db-name", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
178 { "webdav.log-xml", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 3 */
179 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
180 };
181
182 if (!p) return HANDLER_ERROR;
183
184 p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *));
185
186 for (i = 0; i < srv->config_context->used; i++) {
187 data_config const* config = (data_config const*)srv->config_context->data[i];
188 plugin_config *s;
189
190 s = calloc(1, sizeof(plugin_config));
191 s->sqlite_db_name = buffer_init();
192
193 cv[0].destination = &(s->enabled);
194 cv[1].destination = &(s->is_readonly);
195 cv[2].destination = s->sqlite_db_name;
196 cv[3].destination = &(s->log_xml);
197
198 p->config_storage[i] = s;
199
200 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
201 return HANDLER_ERROR;
202 }
203
204 if (!buffer_string_is_empty(s->sqlite_db_name)) {
205 #ifdef USE_PROPPATCH
206 const char *next_stmt;
207 char *err;
208
209 if (SQLITE_OK != sqlite3_open(s->sqlite_db_name->ptr, &(s->sql))) {
210 log_error_write(srv, __FILE__, __LINE__, "sbs", "sqlite3_open failed for",
211 s->sqlite_db_name,
212 sqlite3_errmsg(s->sql));
213 return HANDLER_ERROR;
214 }
215
216 if (SQLITE_OK != sqlite3_exec(s->sql,
217 "CREATE TABLE properties ("
218 " resource TEXT NOT NULL,"
219 " prop TEXT NOT NULL,"
220 " ns TEXT NOT NULL,"
221 " value TEXT NOT NULL,"
222 " PRIMARY KEY(resource, prop, ns))",
223 NULL, NULL, &err)) {
224
225 if (0 != strcmp(err, "table properties already exists")) {
226 log_error_write(srv, __FILE__, __LINE__, "ss", "can't open transaction:", err);
227 sqlite3_free(err);
228
229 return HANDLER_ERROR;
230 }
231 sqlite3_free(err);
232 }
233
234 if (SQLITE_OK != sqlite3_prepare(s->sql,
235 CONST_STR_LEN("SELECT value FROM properties WHERE resource = ? AND prop = ? AND ns = ?"),
236 &(s->stmt_select_prop), &next_stmt)) {
237 /* prepare failed */
238
239 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed:", sqlite3_errmsg(s->sql));
240 return HANDLER_ERROR;
241 }
242
243 if (SQLITE_OK != sqlite3_prepare(s->sql,
244 CONST_STR_LEN("SELECT ns, prop FROM properties WHERE resource = ?"),
245 &(s->stmt_select_propnames), &next_stmt)) {
246 /* prepare failed */
247
248 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed:", sqlite3_errmsg(s->sql));
249 return HANDLER_ERROR;
250 }
251
252
253 if (SQLITE_OK != sqlite3_prepare(s->sql,
254 CONST_STR_LEN("REPLACE INTO properties (resource, prop, ns, value) VALUES (?, ?, ?, ?)"),
255 &(s->stmt_update_prop), &next_stmt)) {
256 /* prepare failed */
257
258 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed:", sqlite3_errmsg(s->sql));
259 return HANDLER_ERROR;
260 }
261
262 if (SQLITE_OK != sqlite3_prepare(s->sql,
263 CONST_STR_LEN("DELETE FROM properties WHERE resource = ? AND prop = ? AND ns = ?"),
264 &(s->stmt_delete_prop), &next_stmt)) {
265 /* prepare failed */
266 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
267
268 return HANDLER_ERROR;
269 }
270
271 if (SQLITE_OK != sqlite3_prepare(s->sql,
272 CONST_STR_LEN("DELETE FROM properties WHERE resource = ?"),
273 &(s->stmt_delete_uri), &next_stmt)) {
274 /* prepare failed */
275 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
276
277 return HANDLER_ERROR;
278 }
279
280 if (SQLITE_OK != sqlite3_prepare(s->sql,
281 CONST_STR_LEN("INSERT INTO properties SELECT ?, prop, ns, value FROM properties WHERE resource = ?"),
282 &(s->stmt_copy_uri), &next_stmt)) {
283 /* prepare failed */
284 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
285
286 return HANDLER_ERROR;
287 }
288
289 if (SQLITE_OK != sqlite3_prepare(s->sql,
290 CONST_STR_LEN("UPDATE properties SET resource = ? WHERE resource = ?"),
291 &(s->stmt_move_uri), &next_stmt)) {
292 /* prepare failed */
293 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
294
295 return HANDLER_ERROR;
296 }
297
298 /* LOCKS */
299
300 if (SQLITE_OK != sqlite3_exec(s->sql,
301 "CREATE TABLE locks ("
302 " locktoken TEXT NOT NULL,"
303 " resource TEXT NOT NULL,"
304 " lockscope TEXT NOT NULL,"
305 " locktype TEXT NOT NULL,"
306 " owner TEXT NOT NULL,"
307 " depth INT NOT NULL,"
308 " timeout TIMESTAMP NOT NULL,"
309 " PRIMARY KEY(locktoken))",
310 NULL, NULL, &err)) {
311
312 if (0 != strcmp(err, "table locks already exists")) {
313 log_error_write(srv, __FILE__, __LINE__, "ss", "can't open transaction:", err);
314 sqlite3_free(err);
315
316 return HANDLER_ERROR;
317 }
318 sqlite3_free(err);
319 }
320
321 if (SQLITE_OK != sqlite3_prepare(s->sql,
322 CONST_STR_LEN("INSERT INTO locks (locktoken, resource, lockscope, locktype, owner, depth, timeout) VALUES (?,?,?,?,?,?, CURRENT_TIME + 600)"),
323 &(s->stmt_create_lock), &next_stmt)) {
324 /* prepare failed */
325 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
326
327 return HANDLER_ERROR;
328 }
329
330 if (SQLITE_OK != sqlite3_prepare(s->sql,
331 CONST_STR_LEN("DELETE FROM locks WHERE locktoken = ?"),
332 &(s->stmt_remove_lock), &next_stmt)) {
333 /* prepare failed */
334 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
335
336 return HANDLER_ERROR;
337 }
338
339 if (SQLITE_OK != sqlite3_prepare(s->sql,
340 CONST_STR_LEN("SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout FROM locks WHERE locktoken = ?"),
341 &(s->stmt_read_lock), &next_stmt)) {
342 /* prepare failed */
343 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
344
345 return HANDLER_ERROR;
346 }
347
348 if (SQLITE_OK != sqlite3_prepare(s->sql,
349 CONST_STR_LEN("SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout FROM locks WHERE resource = ?"),
350 &(s->stmt_read_lock_by_uri), &next_stmt)) {
351 /* prepare failed */
352 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
353
354 return HANDLER_ERROR;
355 }
356
357 if (SQLITE_OK != sqlite3_prepare(s->sql,
358 CONST_STR_LEN("UPDATE locks SET timeout = CURRENT_TIME + 600 WHERE locktoken = ?"),
359 &(s->stmt_refresh_lock), &next_stmt)) {
360 /* prepare failed */
361 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
362
363 return HANDLER_ERROR;
364 }
365
366
367 #else
368 log_error_write(srv, __FILE__, __LINE__, "s", "Sorry, no sqlite3 and libxml2 support include, compile with --with-webdav-props");
369 return HANDLER_ERROR;
370 #endif
371 }
372 }
373
374 return HANDLER_GO_ON;
375 }
376
377 #define PATCH_OPTION(x) \
378 p->conf.x = s->x;
379 static int mod_webdav_patch_connection(server *srv, connection *con, plugin_data *p) {
380 size_t i, j;
381 plugin_config *s = p->config_storage[0];
382
383 PATCH_OPTION(enabled);
384 PATCH_OPTION(is_readonly);
385 PATCH_OPTION(log_xml);
386
387 #ifdef USE_PROPPATCH
388 PATCH_OPTION(sql);
389 PATCH_OPTION(stmt_update_prop);
390 PATCH_OPTION(stmt_delete_prop);
391 PATCH_OPTION(stmt_select_prop);
392 PATCH_OPTION(stmt_select_propnames);
393
394 PATCH_OPTION(stmt_delete_uri);
395 PATCH_OPTION(stmt_move_uri);
396 PATCH_OPTION(stmt_copy_uri);
397
398 PATCH_OPTION(stmt_remove_lock);
399 PATCH_OPTION(stmt_refresh_lock);
400 PATCH_OPTION(stmt_create_lock);
401 PATCH_OPTION(stmt_read_lock);
402 PATCH_OPTION(stmt_read_lock_by_uri);
403 #endif
404 /* skip the first, the global context */
405 for (i = 1; i < srv->config_context->used; i++) {
406 data_config *dc = (data_config *)srv->config_context->data[i];
407 s = p->config_storage[i];
408
409 /* condition didn't match */
410 if (!config_check_cond(srv, con, dc)) continue;
411
412 /* merge config */
413 for (j = 0; j < dc->value->used; j++) {
414 data_unset *du = dc->value->data[j];
415
416 if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.activate"))) {
417 PATCH_OPTION(enabled);
418 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.is-readonly"))) {
419 PATCH_OPTION(is_readonly);
420 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.log-xml"))) {
421 PATCH_OPTION(log_xml);
422 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.sqlite-db-name"))) {
423 #ifdef USE_PROPPATCH
424 PATCH_OPTION(sql);
425 PATCH_OPTION(stmt_update_prop);
426 PATCH_OPTION(stmt_delete_prop);
427 PATCH_OPTION(stmt_select_prop);
428 PATCH_OPTION(stmt_select_propnames);
429
430 PATCH_OPTION(stmt_delete_uri);
431 PATCH_OPTION(stmt_move_uri);
432 PATCH_OPTION(stmt_copy_uri);
433
434 PATCH_OPTION(stmt_remove_lock);
435 PATCH_OPTION(stmt_refresh_lock);
436 PATCH_OPTION(stmt_create_lock);
437 PATCH_OPTION(stmt_read_lock);
438 PATCH_OPTION(stmt_read_lock_by_uri);
439 #endif
440 }
441 }
442 }
443
444 return 0;
445 }
446
447 URIHANDLER_FUNC(mod_webdav_uri_handler) {
448 plugin_data *p = p_d;
449
450 UNUSED(srv);
451
452 if (buffer_is_empty(con->uri.path)) return HANDLER_GO_ON;
453
454 mod_webdav_patch_connection(srv, con, p);
455
456 if (!p->conf.enabled) return HANDLER_GO_ON;
457
458 switch (con->request.http_method) {
459 case HTTP_METHOD_OPTIONS:
460 /* we fake a little bit but it makes MS W2k happy and it let's us mount the volume */
461 response_header_overwrite(srv, con, CONST_STR_LEN("DAV"), CONST_STR_LEN("1,2"));
462 response_header_overwrite(srv, con, CONST_STR_LEN("MS-Author-Via"), CONST_STR_LEN("DAV"));
463
464 if (p->conf.is_readonly) {
465 response_header_insert(srv, con, CONST_STR_LEN("Allow"), CONST_STR_LEN("PROPFIND"));
466 } else {
467 response_header_insert(srv, con, CONST_STR_LEN("Allow"), CONST_STR_LEN("PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK, UNLOCK"));
468 }
469 break;
470 default:
471 break;
472 }
473
474 /* not found */
475 return HANDLER_GO_ON;
476 }
477 static int webdav_gen_prop_tag(server *srv, connection *con,
478 char *prop_name,
479 char *prop_ns,
480 char *value,
481 buffer *b) {
482
483 UNUSED(srv);
484 UNUSED(con);
485
486 if (value) {
487 buffer_append_string_len(b,CONST_STR_LEN("<"));
488 buffer_append_string(b, prop_name);
489 buffer_append_string_len(b, CONST_STR_LEN(" xmlns=\""));
490 buffer_append_string(b, prop_ns);
491 buffer_append_string_len(b, CONST_STR_LEN("\">"));
492
493 buffer_append_string(b, value);
494
495 buffer_append_string_len(b,CONST_STR_LEN("</"));
496 buffer_append_string(b, prop_name);
497 buffer_append_string_len(b, CONST_STR_LEN(">"));
498 } else {
499 buffer_append_string_len(b,CONST_STR_LEN("<"));
500 buffer_append_string(b, prop_name);
501 buffer_append_string_len(b, CONST_STR_LEN(" xmlns=\""));
502 buffer_append_string(b, prop_ns);
503 buffer_append_string_len(b, CONST_STR_LEN("\"/>"));
504 }
505
506 return 0;
507 }
508
509
510 static int webdav_gen_response_status_tag(server *srv, connection *con, physical *dst, int status, buffer *b) {
511 UNUSED(srv);
512
513 buffer_append_string_len(b,CONST_STR_LEN("<D:response xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n"));
514
515 buffer_append_string_len(b,CONST_STR_LEN("<D:href>\n"));
516 buffer_append_string_buffer(b, dst->rel_path);
517 buffer_append_string_len(b,CONST_STR_LEN("</D:href>\n"));
518 buffer_append_string_len(b,CONST_STR_LEN("<D:status>\n"));
519
520 if (con->request.http_version == HTTP_VERSION_1_1) {
521 buffer_copy_string_len(b, CONST_STR_LEN("HTTP/1.1 "));
522 } else {
523 buffer_copy_string_len(b, CONST_STR_LEN("HTTP/1.0 "));
524 }
525 buffer_append_int(b, status);
526 buffer_append_string_len(b, CONST_STR_LEN(" "));
527 buffer_append_string(b, get_http_status_name(status));
528
529 buffer_append_string_len(b,CONST_STR_LEN("</D:status>\n"));
530 buffer_append_string_len(b,CONST_STR_LEN("</D:response>\n"));
531
532 return 0;
533 }
534
535 static int webdav_delete_file(server *srv, connection *con, plugin_data *p, physical *dst, buffer *b) {
536 int status = 0;
537
538 /* try to unlink it */
539 if (-1 == unlink(dst->path->ptr)) {
540 switch(errno) {
541 case EACCES:
542 case EPERM:
543 /* 403 */
544 status = 403;
545 break;
546 default:
547 status = 501;
548 break;
549 }
550 webdav_gen_response_status_tag(srv, con, dst, status, b);
551 } else {
552 #ifdef USE_PROPPATCH
553 sqlite3_stmt *stmt = p->conf.stmt_delete_uri;
554
555 if (!stmt) {
556 status = 403;
557 webdav_gen_response_status_tag(srv, con, dst, status, b);
558 } else {
559 sqlite3_reset(stmt);
560
561 /* bind the values to the insert */
562
563 sqlite3_bind_text(stmt, 1,
564 CONST_BUF_LEN(dst->rel_path),
565 SQLITE_TRANSIENT);
566
567 if (SQLITE_DONE != sqlite3_step(stmt)) {
568 /* */
569 }
570 }
571 #else
572 UNUSED(p);
573 #endif
574 }
575
576 return (status != 0);
577 }
578
579 static int webdav_delete_dir(server *srv, connection *con, plugin_data *p, physical *dst, buffer *b) {
580 DIR *dir;
581 int have_multi_status = 0;
582 physical d;
583
584 d.path = buffer_init();
585 d.rel_path = buffer_init();
586
587 if (NULL != (dir = opendir(dst->path->ptr))) {
588 struct dirent *de;
589
590 while(NULL != (de = readdir(dir))) {
591 struct stat st;
592 int status = 0;
593
594 if ((de->d_name[0] == '.' && de->d_name[1] == '\0') ||
595 (de->d_name[0] == '.' && de->d_name[1] == '.' && de->d_name[2] == '\0')) {
596 continue;
597 /* ignore the parent dir */
598 }
599
600 buffer_copy_buffer(d.path, dst->path);
601 buffer_append_slash(d.path);
602 buffer_append_string(d.path, de->d_name);
603
604 buffer_copy_buffer(d.rel_path, dst->rel_path);
605 buffer_append_slash(d.rel_path);
606 buffer_append_string(d.rel_path, de->d_name);
607
608 /* stat and unlink afterwards */
609 if (-1 == stat(d.path->ptr, &st)) {
610 /* don't about it yet, rmdir will fail too */
611 } else if (S_ISDIR(st.st_mode)) {
612 have_multi_status = webdav_delete_dir(srv, con, p, &d, b);
613
614 /* try to unlink it */
615 if (-1 == rmdir(d.path->ptr)) {
616 switch(errno) {
617 case EACCES:
618 case EPERM:
619 /* 403 */
620 status = 403;
621 break;
622 default:
623 status = 501;
624 break;
625 }
626 have_multi_status = 1;
627
628 webdav_gen_response_status_tag(srv, con, &d, status, b);
629 } else {
630 #ifdef USE_PROPPATCH
631 sqlite3_stmt *stmt = p->conf.stmt_delete_uri;
632
633 status = 0;
634
635 if (stmt) {
636 sqlite3_reset(stmt);
637
638 /* bind the values to the insert */
639
640 sqlite3_bind_text(stmt, 1,
641 CONST_BUF_LEN(d.rel_path),
642 SQLITE_TRANSIENT);
643
644 if (SQLITE_DONE != sqlite3_step(stmt)) {
645 /* */
646 }
647 }
648 #endif
649 }
650 } else {
651 have_multi_status = webdav_delete_file(srv, con, p, &d, b);
652 }
653 }
654 closedir(dir);
655
656 buffer_free(d.path);
657 buffer_free(d.rel_path);
658 }
659
660 return have_multi_status;
661 }
662
663 static int webdav_copy_file(server *srv, connection *con, plugin_data *p, physical *src, physical *dst, int overwrite) {
664 stream s;
665 int status = 0, ofd;
666 UNUSED(srv);
667 UNUSED(con);
668
669 if (stream_open(&s, src->path)) {
670 return 403;
671 }
672
673 if (-1 == (ofd = open(dst->path->ptr, O_WRONLY|O_TRUNC|O_CREAT|(overwrite ? 0 : O_EXCL), WEBDAV_FILE_MODE))) {
674 /* opening the destination failed for some reason */
675 switch(errno) {
676 case EEXIST:
677 status = 412;
678 break;
679 case EISDIR:
680 status = 409;
681 break;
682 case ENOENT:
683 /* at least one part in the middle wasn't existing */
684 status = 409;
685 break;
686 default:
687 status = 403;
688 break;
689 }
690 stream_close(&s);
691 return status;
692 }
693
694 if (-1 == write(ofd, s.start, s.size)) {
695 switch(errno) {
696 case ENOSPC:
697 status = 507;
698 break;
699 default:
700 status = 403;
701 break;
702 }
703 }
704
705 stream_close(&s);
706 close(ofd);
707
708 #ifdef USE_PROPPATCH
709 if (0 == status) {
710 /* copy worked fine, copy connected properties */
711 sqlite3_stmt *stmt = p->conf.stmt_copy_uri;
712
713 if (stmt) {
714 sqlite3_reset(stmt);
715
716 /* bind the values to the insert */
717 sqlite3_bind_text(stmt, 1,
718 CONST_BUF_LEN(dst->rel_path),
719 SQLITE_TRANSIENT);
720
721 sqlite3_bind_text(stmt, 2,
722 CONST_BUF_LEN(src->rel_path),
723 SQLITE_TRANSIENT);
724
725 if (SQLITE_DONE != sqlite3_step(stmt)) {
726 /* */
727 }
728 }
729 }
730 #else
731 UNUSED(p);
732 #endif
733 return status;
734 }
735
736 static int webdav_copy_dir(server *srv, connection *con, plugin_data *p, physical *src, physical *dst, int overwrite) {
737 DIR *srcdir;
738 int status = 0;
739
740 if (NULL != (srcdir = opendir(src->path->ptr))) {
741 struct dirent *de;
742 physical s, d;
743
744 s.path = buffer_init();
745 s.rel_path = buffer_init();
746
747 d.path = buffer_init();
748 d.rel_path = buffer_init();
749
750 while (NULL != (de = readdir(srcdir))) {
751 struct stat st;
752
753 if ((de->d_name[0] == '.' && de->d_name[1] == '\0')
754 || (de->d_name[0] == '.' && de->d_name[1] == '.' && de->d_name[2] == '\0')) {
755 continue;
756 }
757
758 buffer_copy_buffer(s.path, src->path);
759 buffer_append_slash(s.path);
760 buffer_append_string(s.path, de->d_name);
761
762 buffer_copy_buffer(d.path, dst->path);
763 buffer_append_slash(d.path);
764 buffer_append_string(d.path, de->d_name);
765
766 buffer_copy_buffer(s.rel_path, src->rel_path);
767 buffer_append_slash(s.rel_path);
768 buffer_append_string(s.rel_path, de->d_name);
769
770 buffer_copy_buffer(d.rel_path, dst->rel_path);
771 buffer_append_slash(d.rel_path);
772 buffer_append_string(d.rel_path, de->d_name);
773
774 if (-1 == stat(s.path->ptr, &st)) {
775 /* why ? */
776 } else if (S_ISDIR(st.st_mode)) {
777 /* a directory */
778 if (-1 == mkdir(d.path->ptr, WEBDAV_DIR_MODE) &&
779 errno != EEXIST) {
780 /* WTH ? */
781 } else {
782 #ifdef USE_PROPPATCH
783 sqlite3_stmt *stmt = p->conf.stmt_copy_uri;
784
785 if (0 != (status = webdav_copy_dir(srv, con, p, &s, &d, overwrite))) {
786 break;
787 }
788 /* directory is copied, copy the properties too */
789
790 if (stmt) {
791 sqlite3_reset(stmt);
792
793 /* bind the values to the insert */
794 sqlite3_bind_text(stmt, 1,
795 CONST_BUF_LEN(dst->rel_path),
796 SQLITE_TRANSIENT);
797
798 sqlite3_bind_text(stmt, 2,
799 CONST_BUF_LEN(src->rel_path),
800 SQLITE_TRANSIENT);
801
802 if (SQLITE_DONE != sqlite3_step(stmt)) {
803 /* */
804 }
805 }
806 #endif
807 }
808 } else if (S_ISREG(st.st_mode)) {
809 /* a plain file */
810 if (0 != (status = webdav_copy_file(srv, con, p, &s, &d, overwrite))) {
811 break;
812 }
813 }
814 }
815
816 buffer_free(s.path);
817 buffer_free(s.rel_path);
818 buffer_free(d.path);
819 buffer_free(d.rel_path);
820
821 closedir(srcdir);
822 }
823
824 return status;
825 }
826
827 static int webdav_get_live_property(server *srv, connection *con, plugin_data *p, physical *dst, char *prop_name, buffer *b) {
828 stat_cache_entry *sce = NULL;
829 int found = 0;
830
831 UNUSED(p);
832
833 if (HANDLER_ERROR != (stat_cache_get_entry(srv, con, dst->path, &sce))) {
834 char ctime_buf[] = "2005-08-18T07:27:16Z";
835 char mtime_buf[] = "Thu, 18 Aug 2005 07:27:16 GMT";
836 size_t k;
837
838 if (0 == strcmp(prop_name, "resourcetype")) {
839 if (S_ISDIR(sce->st.st_mode)) {
840 buffer_append_string_len(b, CONST_STR_LEN("<D:resourcetype><D:collection/></D:resourcetype>"));
841 found = 1;
842 }
843 } else if (0 == strcmp(prop_name, "getcontenttype")) {
844 if (S_ISDIR(sce->st.st_mode)) {
845 buffer_append_string_len(b, CONST_STR_LEN("<D:getcontenttype>httpd/unix-directory</D:getcontenttype>"));
846 found = 1;
847 } else if(S_ISREG(sce->st.st_mode)) {
848 for (k = 0; k < con->conf.mimetypes->used; k++) {
849 data_string *ds = (data_string *)con->conf.mimetypes->data[k];
850
851 if (buffer_is_empty(ds->key)) continue;
852
853 if (buffer_is_equal_right_len(dst->path, ds->key, buffer_string_length(ds->key))) {
854 buffer_append_string_len(b,CONST_STR_LEN("<D:getcontenttype>"));
855 buffer_append_string_buffer(b, ds->value);
856 buffer_append_string_len(b, CONST_STR_LEN("</D:getcontenttype>"));
857 found = 1;
858
859 break;
860 }
861 }
862 }
863 } else if (0 == strcmp(prop_name, "creationdate")) {
864 buffer_append_string_len(b, CONST_STR_LEN("<D:creationdate ns0:dt=\"dateTime.tz\">"));
865 strftime(ctime_buf, sizeof(ctime_buf), "%Y-%m-%dT%H:%M:%SZ", gmtime(&(sce->st.st_ctime)));
866 buffer_append_string(b, ctime_buf);
867 buffer_append_string_len(b, CONST_STR_LEN("</D:creationdate>"));
868 found = 1;
869 } else if (0 == strcmp(prop_name, "getlastmodified")) {
870 buffer_append_string_len(b,CONST_STR_LEN("<D:getlastmodified ns0:dt=\"dateTime.rfc1123\">"));
871 strftime(mtime_buf, sizeof(mtime_buf), "%a, %d %b %Y %H:%M:%S GMT", gmtime(&(sce->st.st_mtime)));
872 buffer_append_string(b, mtime_buf);
873 buffer_append_string_len(b, CONST_STR_LEN("</D:getlastmodified>"));
874 found = 1;
875 } else if (0 == strcmp(prop_name, "getcontentlength")) {
876 buffer_append_string_len(b,CONST_STR_LEN("<D:getcontentlength>"));
877 buffer_append_int(b, sce->st.st_size);
878 buffer_append_string_len(b, CONST_STR_LEN("</D:getcontentlength>"));
879 found = 1;
880 } else if (0 == strcmp(prop_name, "getcontentlanguage")) {
881 buffer_append_string_len(b,CONST_STR_LEN("<D:getcontentlanguage>"));
882 buffer_append_string_len(b, CONST_STR_LEN("en"));
883 buffer_append_string_len(b, CONST_STR_LEN("</D:getcontentlanguage>"));
884 found = 1;
885 }
886 }
887
888 return found ? 0 : -1;
889 }
890
891 static int webdav_get_property(server *srv, connection *con, plugin_data *p, physical *dst, char *prop_name, char *prop_ns, buffer *b) {
892 if (0 == strcmp(prop_ns, "DAV:")) {
893 /* a local 'live' property */
894 return webdav_get_live_property(srv, con, p, dst, prop_name, b);
895 } else {
896 int found = 0;
897 #ifdef USE_PROPPATCH
898 sqlite3_stmt *stmt = p->conf.stmt_select_prop;
899
900 if (stmt) {
901 /* perhaps it is in sqlite3 */
902 sqlite3_reset(stmt);
903
904 /* bind the values to the insert */
905
906 sqlite3_bind_text(stmt, 1,
907 CONST_BUF_LEN(dst->rel_path),
908 SQLITE_TRANSIENT);
909 sqlite3_bind_text(stmt, 2,
910 prop_name,
911 strlen(prop_name),
912 SQLITE_TRANSIENT);
913 sqlite3_bind_text(stmt, 3,
914 prop_ns,
915 strlen(prop_ns),
916 SQLITE_TRANSIENT);
917
918 /* it is the PK */
919 while (SQLITE_ROW == sqlite3_step(stmt)) {
920 /* there is a row for us, we only expect a single col 'value' */
921 webdav_gen_prop_tag(srv, con, prop_name, prop_ns, (char *)sqlite3_column_text(stmt, 0), b);
922 found = 1;
923 }
924 }
925 #endif
926 return found ? 0 : -1;
927 }
928
929 /* not found */
930 return -1;
931 }
932
933 typedef struct {
934 char *ns;
935 char *prop;
936 } webdav_property;
937
938 static webdav_property live_properties[] = {
939 { "DAV:", "creationdate" },
940 { "DAV:", "displayname" },
941 { "DAV:", "getcontentlanguage" },
942 { "DAV:", "getcontentlength" },
943 { "DAV:", "getcontenttype" },
944 { "DAV:", "getetag" },
945 { "DAV:", "getlastmodified" },
946 { "DAV:", "resourcetype" },
947 { "DAV:", "lockdiscovery" },
948 { "DAV:", "source" },
949 { "DAV:", "supportedlock" },
950
951 { NULL, NULL }
952 };
953
954 typedef struct {
955 webdav_property **ptr;
956
957 size_t used;
958 size_t size;
959 } webdav_properties;
960
961 static int webdav_get_props(server *srv, connection *con, plugin_data *p, physical *dst, webdav_properties *props, buffer *b_200, buffer *b_404) {
962 size_t i;
963
964 if (props) {
965 for (i = 0; i < props->used; i++) {
966 webdav_property *prop;
967
968 prop = props->ptr[i];
969
970 if (0 != webdav_get_property(srv, con, p,
971 dst, prop->prop, prop->ns, b_200)) {
972 webdav_gen_prop_tag(srv, con, prop->prop, prop->ns, NULL, b_404);
973 }
974 }
975 } else {
976 for (i = 0; live_properties[i].prop; i++) {
977 /* a local 'live' property */
978 webdav_get_live_property(srv, con, p, dst, live_properties[i].prop, b_200);
979 }
980 }
981
982 return 0;
983 }
984
985 #ifdef USE_PROPPATCH
986 static int webdav_parse_chunkqueue(server *srv, connection *con, plugin_data *p, chunkqueue *cq, xmlDoc **ret_xml) {
987 xmlParserCtxtPtr ctxt;
988 xmlDoc *xml;
989 int res;
990 int err;
991
992 chunk *c;
993
994 UNUSED(con);
995
996 /* read the chunks in to the XML document */
997 ctxt = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL);
998
999 for (c = cq->first; cq->bytes_out != cq->bytes_in; c = cq->first) {
1000 size_t weWant = cq->bytes_out - cq->bytes_in;
1001 size_t weHave;
1002
1003 switch(c->type) {
1004 case FILE_CHUNK:
1005 weHave = c->file.length - c->offset;
1006
1007 if (weHave > weWant) weHave = weWant;
1008
1009 /* xml chunks are always memory, mmap() is our friend */
1010 if (c->file.mmap.start == MAP_FAILED) {
1011 if (-1 == c->file.fd && /* open the file if not already open */
1012 -1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
1013 log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno));
1014
1015 return -1;
1016 }
1017
1018 if (MAP_FAILED == (c->file.mmap.start = mmap(0, c->file.length, PROT_READ, MAP_SHARED, c->file.fd, 0))) {
1019 log_error_write(srv, __FILE__, __LINE__, "ssbd", "mmap failed: ",
1020 strerror(errno), c->file.name, c->file.fd);
1021 close(c->file.fd);
1022 c->file.fd = -1;
1023
1024 return -1;
1025 }
1026
1027 close(c->file.fd);
1028 c->file.fd = -1;
1029
1030 c->file.mmap.length = c->file.length;
1031
1032 /* chunk_reset() or chunk_free() will cleanup for us */
1033 }
1034
1035 if (XML_ERR_OK != (err = xmlParseChunk(ctxt, c->file.mmap.start + c->offset, weHave, 0))) {
1036 log_error_write(srv, __FILE__, __LINE__, "sodd", "xmlParseChunk failed at:", cq->bytes_out, weHave, err);
1037 }
1038
1039 chunkqueue_mark_written(cq, weHave);
1040
1041 break;
1042 case MEM_CHUNK:
1043 /* append to the buffer */
1044 weHave = buffer_string_length(c->mem) - c->offset;
1045
1046 if (weHave > weWant) weHave = weWant;
1047
1048 if (p->conf.log_xml) {
1049 log_error_write(srv, __FILE__, __LINE__, "ss", "XML-request-body:", c->mem->ptr + c->offset);
1050 }
1051
1052 if (XML_ERR_OK != (err = xmlParseChunk(ctxt, c->mem->ptr + c->offset, weHave, 0))) {
1053 log_error_write(srv, __FILE__, __LINE__, "sodd", "xmlParseChunk failed at:", cq->bytes_out, weHave, err);
1054 }
1055
1056 chunkqueue_mark_written(cq, weHave);
1057
1058 break;
1059 }
1060 }
1061
1062 switch ((err = xmlParseChunk(ctxt, 0, 0, 1))) {
1063 case XML_ERR_DOCUMENT_END:
1064 case XML_ERR_OK:
1065 break;
1066 default:
1067 log_error_write(srv, __FILE__, __LINE__, "sd", "xmlParseChunk failed at final packet:", err);
1068 break;
1069 }
1070
1071 xml = ctxt->myDoc;
1072 res = ctxt->wellFormed;
1073 xmlFreeParserCtxt(ctxt);
1074
1075 if (res == 0) {
1076 xmlFreeDoc(xml);
1077 } else {
1078 *ret_xml = xml;
1079 }
1080
1081 return res;
1082 }
1083 #endif
1084
1085 #ifdef USE_LOCKS
1086 static int webdav_lockdiscovery(server *srv, connection *con,
1087 buffer *locktoken, const char *lockscope, const char *locktype, int depth) {
1088
1089 buffer *b = buffer_init();
1090
1091 response_header_overwrite(srv, con, CONST_STR_LEN("Lock-Token"), CONST_BUF_LEN(locktoken));
1092
1093 response_header_overwrite(srv, con,
1094 CONST_STR_LEN("Content-Type"),
1095 CONST_STR_LEN("text/xml; charset=\"utf-8\""));
1096
1097 buffer_copy_string_len(b, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"));
1098
1099 buffer_append_string_len(b,CONST_STR_LEN("<D:prop xmlns:D=\"DAV:\" xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n"));
1100 buffer_append_string_len(b,CONST_STR_LEN("<D:lockdiscovery>\n"));
1101 buffer_append_string_len(b,CONST_STR_LEN("<D:activelock>\n"));
1102
1103 buffer_append_string_len(b,CONST_STR_LEN("<D:lockscope>"));
1104 buffer_append_string_len(b,CONST_STR_LEN("<D:"));
1105 buffer_append_string(b, lockscope);
1106 buffer_append_string_len(b, CONST_STR_LEN("/>"));
1107 buffer_append_string_len(b,CONST_STR_LEN("</D:lockscope>\n"));
1108
1109 buffer_append_string_len(b,CONST_STR_LEN("<D:locktype>"));
1110 buffer_append_string_len(b,CONST_STR_LEN("<D:"));
1111 buffer_append_string(b, locktype);
1112 buffer_append_string_len(b, CONST_STR_LEN("/>"));
1113 buffer_append_string_len(b,CONST_STR_LEN("</D:locktype>\n"));
1114
1115 buffer_append_string_len(b,CONST_STR_LEN("<D:depth>"));
1116 buffer_append_string(b, depth == 0 ? "0" : "infinity");
1117 buffer_append_string_len(b,CONST_STR_LEN("</D:depth>\n"));
1118
1119 buffer_append_string_len(b,CONST_STR_LEN("<D:timeout>"));
1120 buffer_append_string_len(b, CONST_STR_LEN("Second-600"));
1121 buffer_append_string_len(b,CONST_STR_LEN("</D:timeout>\n"));
1122
1123 buffer_append_string_len(b,CONST_STR_LEN("<D:owner>"));
1124 buffer_append_string_len(b,CONST_STR_LEN("</D:owner>\n"));
1125
1126 buffer_append_string_len(b,CONST_STR_LEN("<D:locktoken>"));
1127 buffer_append_string_len(b, CONST_STR_LEN("<D:href>"));
1128 buffer_append_string_buffer(b, locktoken);
1129 buffer_append_string_len(b, CONST_STR_LEN("</D:href>"));
1130 buffer_append_string_len(b,CONST_STR_LEN("</D:locktoken>\n"));
1131
1132 buffer_append_string_len(b,CONST_STR_LEN("</D:activelock>\n"));
1133 buffer_append_string_len(b,CONST_STR_LEN("</D:lockdiscovery>\n"));
1134 buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
1135
1136 chunkqueue_append_buffer(con->write_queue, b);
1137 buffer_free(b);
1138
1139 return 0;
1140 }
1141 #endif
1142
1143 /**
1144 * check if resource is having the right locks to access to resource
1145 *
1146 *
1147 *
1148 */
1149 static int webdav_has_lock(server *srv, connection *con, plugin_data *p, buffer *uri) {
1150 int has_lock = 1;
1151
1152 #ifdef USE_LOCKS
1153 data_string *ds;
1154 UNUSED(srv);
1155
1156 /**
1157 * This implementation is more fake than real
1158 * we need a parser for the If: header to really handle the full scope
1159 *
1160 * X-Litmus: locks: 11 (owner_modify)
1161 * If: <http://127.0.0.1:1025/dav/litmus/lockme> (<opaquelocktoken:2165478d-0611-49c4-be92-e790d68a38f1>)
1162 * - a tagged check:
1163 * if http://127.0.0.1:1025/dav/litmus/lockme is locked with
1164 * opaquelocktoken:2165478d-0611-49c4-be92-e790d68a38f1, go on
1165 *
1166 * X-Litmus: locks: 16 (fail_cond_put)
1167 * If: (<DAV:no-lock> ["-1622396671"])
1168 * - untagged:
1169 * go on if the resource has the etag [...] and the lock
1170 */
1171 if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "If"))) {
1172 /* Ooh, ooh. A if tag, now the fun begins.
1173 *
1174 * this can only work with a real parser
1175 **/
1176 } else {
1177 /* we didn't provided a lock-token -> */
1178 /* if the resource is locked -> 423 */
1179
1180 sqlite3_stmt *stmt = p->conf.stmt_read_lock_by_uri;
1181
1182 sqlite3_reset(stmt);
1183
1184 sqlite3_bind_text(stmt, 1,
1185 CONST_BUF_LEN(uri),
1186 SQLITE_TRANSIENT);
1187
1188 while (SQLITE_ROW == sqlite3_step(stmt)) {
1189 has_lock = 0;
1190 }
1191 }
1192 #else
1193 UNUSED(srv);
1194 UNUSED(con);
1195 UNUSED(p);
1196 UNUSED(uri);
1197 #endif
1198
1199 return has_lock;
1200 }
1201
1202 URIHANDLER_FUNC(mod_webdav_subrequest_handler) {
1203 plugin_data *p = p_d;
1204 buffer *b;
1205 DIR *dir;
1206 data_string *ds;
1207 int depth = -1; /* (Depth: infinity) */
1208 struct stat st;
1209 buffer *prop_200;
1210 buffer *prop_404;
1211 webdav_properties *req_props;
1212 stat_cache_entry *sce = NULL;
1213
1214 UNUSED(srv);
1215
1216 if (!p->conf.enabled) return HANDLER_GO_ON;
1217 /* physical path is setup */
1218 if (buffer_is_empty(con->physical.path)) return HANDLER_GO_ON;
1219
1220 /* PROPFIND need them */
1221 if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Depth")) && 1 == buffer_string_length(ds->value)) {
1222 if ('0' == *ds->value->ptr) {
1223 depth = 0;
1224 } else if ('1' == *ds->value->ptr) {
1225 depth = 1;
1226 }
1227 } /* else treat as Depth: infinity */
1228
1229 switch (con->request.http_method) {
1230 case HTTP_METHOD_PROPFIND:
1231 /* they want to know the properties of the directory */
1232 req_props = NULL;
1233
1234 /* is there a content-body ? */
1235
1236 switch (stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
1237 case HANDLER_ERROR:
1238 if (errno == ENOENT) {
1239 con->http_status = 404;
1240 return HANDLER_FINISHED;
1241 }
1242 break;
1243 default:
1244 break;
1245 }
1246
1247
1248 #ifdef USE_PROPPATCH
1249 /* any special requests or just allprop ? */
1250 if (con->request.content_length) {
1251 xmlDocPtr xml;
1252
1253 if (1 == webdav_parse_chunkqueue(srv, con, p, con->request_content_queue, &xml)) {
1254 xmlNode *rootnode = xmlDocGetRootElement(xml);
1255
1256 force_assert(rootnode);
1257
1258 if (0 == xmlStrcmp(rootnode->name, BAD_CAST "propfind")) {
1259 xmlNode *cmd;
1260
1261 req_props = calloc(1, sizeof(*req_props));
1262
1263 for (cmd = rootnode->children; cmd; cmd = cmd->next) {
1264
1265 if (0 == xmlStrcmp(cmd->name, BAD_CAST "prop")) {
1266 /* get prop by name */
1267 xmlNode *prop;
1268
1269 for (prop = cmd->children; prop; prop = prop->next) {
1270 if (prop->type == XML_TEXT_NODE) continue; /* ignore WS */
1271
1272 if (prop->ns &&
1273 (0 == xmlStrcmp(prop->ns->href, BAD_CAST "")) &&
1274 (0 != xmlStrcmp(prop->ns->prefix, BAD_CAST ""))) {
1275 size_t i;
1276 log_error_write(srv, __FILE__, __LINE__, "ss",
1277 "no name space for:",
1278 prop->name);
1279
1280 xmlFreeDoc(xml);
1281
1282 for (i = 0; i < req_props->used; i++) {
1283 free(req_props->ptr[i]->ns);
1284 free(req_props->ptr[i]->prop);
1285 free(req_props->ptr[i]);
1286 }
1287 free(req_props->ptr);
1288 free(req_props);
1289
1290 con->http_status = 400;
1291 return HANDLER_FINISHED;
1292 }
1293
1294 /* add property to requested list */
1295 if (req_props->size == 0) {
1296 req_props->size = 16;
1297 req_props->ptr = malloc(sizeof(*(req_props->ptr)) * req_props->size);
1298 } else if (req_props->used == req_props->size) {
1299 req_props->size += 16;
1300 req_props->ptr = realloc(req_props->ptr, sizeof(*(req_props->ptr)) * req_props->size);
1301 }
1302
1303 req_props->ptr[req_props->used] = malloc(sizeof(webdav_property));
1304 req_props->ptr[req_props->used]->ns = (char *)xmlStrdup(prop->ns ? prop->ns->href : (xmlChar *)"");
1305 req_props->ptr[req_props->used]->prop = (char *)xmlStrdup(prop->name);
1306 req_props->used++;
1307 }
1308 } else if (0 == xmlStrcmp(cmd->name, BAD_CAST "propname")) {
1309 sqlite3_stmt *stmt = p->conf.stmt_select_propnames;
1310
1311 if (stmt) {
1312 /* get all property names (EMPTY) */
1313 sqlite3_reset(stmt);
1314 /* bind the values to the insert */
1315
1316 sqlite3_bind_text(stmt, 1,
1317 CONST_BUF_LEN(con->uri.path),
1318 SQLITE_TRANSIENT);
1319
1320 if (SQLITE_DONE != sqlite3_step(stmt)) {
1321 }
1322 }
1323 } else if (0 == xmlStrcmp(cmd->name, BAD_CAST "allprop")) {
1324 /* get all properties (EMPTY) */
1325 }
1326 }
1327 }
1328
1329 xmlFreeDoc(xml);
1330 } else {
1331 con->http_status = 400;
1332 return HANDLER_FINISHED;
1333 }
1334 }
1335 #endif
1336 con->http_status = 207;
1337
1338 response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/xml; charset=\"utf-8\""));
1339
1340 b = buffer_init();
1341
1342 buffer_copy_string_len(b, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"));
1343
1344 buffer_append_string_len(b,CONST_STR_LEN("<D:multistatus xmlns:D=\"DAV:\" xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n"));
1345
1346 /* allprop */
1347
1348 prop_200 = buffer_init();
1349 prop_404 = buffer_init();
1350
1351 switch(depth) {
1352 case 0:
1353 /* Depth: 0 */
1354 webdav_get_props(srv, con, p, &(con->physical), req_props, prop_200, prop_404);
1355
1356 buffer_append_string_len(b,CONST_STR_LEN("<D:response>\n"));
1357 buffer_append_string_len(b,CONST_STR_LEN("<D:href>"));
1358 buffer_append_string_buffer(b, con->uri.scheme);
1359 buffer_append_string_len(b,CONST_STR_LEN("://"));
1360 buffer_append_string_buffer(b, con->uri.authority);
1361 buffer_append_string_encoded(b, CONST_BUF_LEN(con->uri.path), ENCODING_REL_URI);
1362 buffer_append_string_len(b,CONST_STR_LEN("</D:href>\n"));
1363
1364 if (!buffer_string_is_empty(prop_200)) {
1365 buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
1366 buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
1367
1368 buffer_append_string_buffer(b, prop_200);
1369
1370 buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
1371
1372 buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 200 OK</D:status>\n"));
1373
1374 buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
1375 }
1376 if (!buffer_string_is_empty(prop_404)) {
1377 buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
1378 buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
1379
1380 buffer_append_string_buffer(b, prop_404);
1381
1382 buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
1383
1384 buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 404 Not Found</D:status>\n"));
1385
1386 buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
1387 }
1388
1389 buffer_append_string_len(b,CONST_STR_LEN("</D:response>\n"));
1390
1391 break;
1392 case 1:
1393 if (NULL != (dir = opendir(con->physical.path->ptr))) {
1394 struct dirent *de;
1395 physical d;
1396 physical *dst = &(con->physical);
1397
1398 d.path = buffer_init();
1399 d.rel_path = buffer_init();
1400
1401 while(NULL != (de = readdir(dir))) {
1402 if (de->d_name[0] == '.' && de->d_name[1] == '.' && de->d_name[2] == '\0') {
1403 continue;
1404 /* ignore the parent dir */
1405 }
1406
1407 buffer_copy_buffer(d.path, dst->path);
1408 buffer_append_slash(d.path);
1409
1410 buffer_copy_buffer(d.rel_path, dst->rel_path);
1411 buffer_append_slash(d.rel_path);
1412
1413 if (de->d_name[0] == '.' && de->d_name[1] == '\0') {
1414 /* don't append the . */
1415 } else {
1416 buffer_append_string(d.path, de->d_name);
1417 buffer_append_string(d.rel_path, de->d_name);
1418 }
1419
1420 buffer_reset(prop_200);
1421 buffer_reset(prop_404);
1422
1423 webdav_get_props(srv, con, p, &d, req_props, prop_200, prop_404);
1424
1425 buffer_append_string_len(b,CONST_STR_LEN("<D:response>\n"));
1426 buffer_append_string_len(b,CONST_STR_LEN("<D:href>"));
1427 buffer_append_string_buffer(b, con->uri.scheme);
1428 buffer_append_string_len(b,CONST_STR_LEN("://"));
1429 buffer_append_string_buffer(b, con->uri.authority);
1430 buffer_append_string_encoded(b, CONST_BUF_LEN(d.rel_path), ENCODING_REL_URI);
1431 buffer_append_string_len(b,CONST_STR_LEN("</D:href>\n"));
1432
1433 if (!buffer_string_is_empty(prop_200)) {
1434 buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
1435 buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
1436
1437 buffer_append_string_buffer(b, prop_200);
1438
1439 buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
1440
1441 buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 200 OK</D:status>\n"));
1442
1443 buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
1444 }
1445 if (!buffer_string_is_empty(prop_404)) {
1446 buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
1447 buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
1448
1449 buffer_append_string_buffer(b, prop_404);
1450
1451 buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
1452
1453 buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 404 Not Found</D:status>\n"));
1454
1455 buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
1456 }
1457
1458 buffer_append_string_len(b,CONST_STR_LEN("</D:response>\n"));
1459 }
1460 closedir(dir);
1461 buffer_free(d.path);
1462 buffer_free(d.rel_path);
1463 }
1464 break;
1465 }
1466
1467 if (req_props) {
1468 size_t i;
1469 for (i = 0; i < req_props->used; i++) {
1470 free(req_props->ptr[i]->ns);
1471 free(req_props->ptr[i]->prop);
1472 free(req_props->ptr[i]);
1473 }
1474 free(req_props->ptr);
1475 free(req_props);
1476 }
1477
1478 buffer_free(prop_200);
1479 buffer_free(prop_404);
1480
1481 buffer_append_string_len(b,CONST_STR_LEN("</D:multistatus>\n"));
1482
1483 if (p->conf.log_xml) {
1484 log_error_write(srv, __FILE__, __LINE__, "sb", "XML-response-body:", b);
1485 }
1486
1487 chunkqueue_append_buffer(con->write_queue, b);
1488 buffer_free(b);
1489
1490 con->file_finished = 1;
1491
1492 return HANDLER_FINISHED;
1493 case HTTP_METHOD_MKCOL:
1494 if (p->conf.is_readonly) {
1495 con->http_status = 403;
1496 return HANDLER_FINISHED;
1497 }
1498
1499 if (con->request.content_length != 0) {
1500 /* we don't support MKCOL with a body */
1501 con->http_status = 415;
1502
1503 return HANDLER_FINISHED;
1504 }
1505
1506 /* let's create the directory */
1507
1508 if (-1 == mkdir(con->physical.path->ptr, WEBDAV_DIR_MODE)) {
1509 switch(errno) {
1510 case EPERM:
1511 con->http_status = 403;
1512 break;
1513 case ENOENT:
1514 case ENOTDIR:
1515 con->http_status = 409;
1516 break;
1517 case EEXIST:
1518 default:
1519 con->http_status = 405; /* not allowed */
1520 break;
1521 }
1522 } else {
1523 con->http_status = 201;
1524 con->file_finished = 1;
1525 }
1526
1527 return HANDLER_FINISHED;
1528 case HTTP_METHOD_DELETE:
1529 if (p->conf.is_readonly) {
1530 con->http_status = 403;
1531 return HANDLER_FINISHED;
1532 }
1533
1534 /* does the client have a lock for this connection ? */
1535 if (!webdav_has_lock(srv, con, p, con->uri.path)) {
1536 con->http_status = 423;
1537 return HANDLER_FINISHED;
1538 }
1539
1540 /* stat and unlink afterwards */
1541 if (-1 == stat(con->physical.path->ptr, &st)) {
1542 /* don't about it yet, unlink will fail too */
1543 switch(errno) {
1544 case ENOENT:
1545 con->http_status = 404;
1546 break;
1547 default:
1548 con->http_status = 403;
1549 break;
1550 }
1551 } else if (S_ISDIR(st.st_mode)) {
1552 buffer *multi_status_resp = buffer_init();
1553
1554 if (webdav_delete_dir(srv, con, p, &(con->physical), multi_status_resp)) {
1555 /* we got an error somewhere in between, build a 207 */
1556 response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/xml; charset=\"utf-8\""));
1557
1558 b = buffer_init();
1559
1560 buffer_copy_string_len(b, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"));
1561
1562 buffer_append_string_len(b,CONST_STR_LEN("<D:multistatus xmlns:D=\"DAV:\">\n"));
1563
1564 buffer_append_string_buffer(b, multi_status_resp);
1565
1566 buffer_append_string_len(b,CONST_STR_LEN("</D:multistatus>\n"));
1567
1568 if (p->conf.log_xml) {
1569 log_error_write(srv, __FILE__, __LINE__, "sb", "XML-response-body:", b);
1570 }
1571
1572 chunkqueue_append_buffer(con->write_queue, b);
1573 buffer_free(b);
1574
1575 con->http_status = 207;
1576 con->file_finished = 1;
1577 } else {
1578 /* everything went fine, remove the directory */
1579
1580 if (-1 == rmdir(con->physical.path->ptr)) {
1581 switch(errno) {
1582 case ENOENT:
1583 con->http_status = 404;
1584 break;
1585 default:
1586 con->http_status = 501;
1587 break;
1588 }
1589 } else {
1590 con->http_status = 204;
1591 }
1592 }
1593
1594 buffer_free(multi_status_resp);
1595 } else if (-1 == unlink(con->physical.path->ptr)) {
1596 switch(errno) {
1597 case EPERM:
1598 con->http_status = 403;
1599 break;
1600 case ENOENT:
1601 con->http_status = 404;
1602 break;
1603 default:
1604 con->http_status = 501;
1605 break;
1606 }
1607 } else {
1608 con->http_status = 204;
1609 }
1610 return HANDLER_FINISHED;
1611 case HTTP_METHOD_PUT: {
1612 int fd;
1613 chunkqueue *cq = con->request_content_queue;
1614 chunk *c;
1615 data_string *ds_range;
1616
1617 if (p->conf.is_readonly) {
1618 con->http_status = 403;
1619 return HANDLER_FINISHED;
1620 }
1621
1622 /* is a exclusive lock set on the source */
1623 if (!webdav_has_lock(srv, con, p, con->uri.path)) {
1624 con->http_status = 423;
1625 return HANDLER_FINISHED;
1626 }
1627
1628
1629 assert(chunkqueue_length(cq) == (off_t)con->request.content_length);
1630
1631 /* RFC2616 Section 9.6 PUT requires us to send 501 on all Content-* we don't support
1632 * - most important Content-Range
1633 *
1634 *
1635 * Example: Content-Range: bytes 100-1037/1038 */
1636
1637 if (NULL != (ds_range = (data_string *)array_get_element(con->request.headers, "Content-Range"))) {
1638 const char *num = ds_range->value->ptr;
1639 off_t offset;
1640 char *err = NULL;
1641
1642 if (0 != strncmp(num, "bytes ", 6)) {
1643 con->http_status = 501; /* not implemented */
1644
1645 return HANDLER_FINISHED;
1646 }
1647
1648 /* we only support <num>- ... */
1649
1650 num += 6;
1651
1652 /* skip WS */
1653 while (*num == ' ' || *num == '\t') num++;
1654
1655 if (*num == '\0') {
1656 con->http_status = 501; /* not implemented */
1657
1658 return HANDLER_FINISHED;
1659 }
1660
1661 offset = strtoll(num, &err, 10);
1662
1663 if (*err != '-' || offset < 0) {
1664 con->http_status = 501; /* not implemented */
1665
1666 return HANDLER_FINISHED;
1667 }
1668
1669 if (-1 == (fd = open(con->physical.path->ptr, O_WRONLY, WEBDAV_FILE_MODE))) {
1670 switch (errno) {
1671 case ENOENT:
1672 con->http_status = 404; /* not found */
1673 break;
1674 default:
1675 con->http_status = 403; /* not found */
1676 break;
1677 }
1678 return HANDLER_FINISHED;
1679 }
1680
1681 if (-1 == lseek(fd, offset, SEEK_SET)) {
1682 con->http_status = 501; /* not implemented */
1683
1684 close(fd);
1685
1686 return HANDLER_FINISHED;
1687 }
1688 con->http_status = 200; /* modified */
1689 } else {
1690 /* take what we have in the request-body and write it to a file */
1691
1692 /* if the file doesn't exist, create it */
1693 if (-1 == (fd = open(con->physical.path->ptr, O_WRONLY|O_TRUNC, WEBDAV_FILE_MODE))) {
1694 if (errno != ENOENT ||
1695 -1 == (fd = open(con->physical.path->ptr, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, WEBDAV_FILE_MODE))) {
1696 /* we can't open the file */
1697 con->http_status = 403;
1698
1699 return HANDLER_FINISHED;
1700 } else {
1701 con->http_status = 201; /* created */
1702 }
1703 } else {
1704 con->http_status = 200; /* modified */
1705 }
1706 }
1707
1708 con->file_finished = 1;
1709
1710 for (c = cq->first; c; c = cq->first) {
1711 int r = 0;
1712
1713 /* copy all chunks */
1714 switch(c->type) {
1715 case FILE_CHUNK:
1716
1717 if (c->file.mmap.start == MAP_FAILED) {
1718 if (-1 == c->file.fd && /* open the file if not already open */
1719 -1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
1720 log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno));
1721 close(fd);
1722 return HANDLER_ERROR;
1723 }
1724
1725 if (MAP_FAILED == (c->file.mmap.start = mmap(NULL, c->file.length, PROT_READ, MAP_SHARED, c->file.fd, 0))) {
1726 log_error_write(srv, __FILE__, __LINE__, "ssbd", "mmap failed: ",
1727 strerror(errno), c->file.name, c->file.fd);
1728 close(c->file.fd);
1729 c->file.fd = -1;
1730 close(fd);
1731 return HANDLER_ERROR;
1732 }
1733
1734 c->file.mmap.length = c->file.length;
1735
1736 close(c->file.fd);
1737 c->file.fd = -1;
1738
1739 /* chunk_reset() or chunk_free() will cleanup for us */
1740 }
1741
1742 if ((r = write(fd, c->file.mmap.start + c->offset, c->file.length - c->offset)) < 0) {
1743 switch(errno) {
1744 case ENOSPC:
1745 con->http_status = 507;
1746
1747 break;
1748 default:
1749 con->http_status = 403;
1750 break;
1751 }
1752 }
1753 break;
1754 case MEM_CHUNK:
1755 if ((r = write(fd, c->mem->ptr + c->offset, buffer_string_length(c->mem) - c->offset)) < 0) {
1756 switch(errno) {
1757 case ENOSPC:
1758 con->http_status = 507;
1759
1760 break;
1761 default:
1762 con->http_status = 403;
1763 break;
1764 }
1765 }
1766 break;
1767 }
1768
1769 if (r > 0) {
1770 chunkqueue_mark_written(cq, r);
1771 } else {
1772 break;
1773 }
1774 }
1775 close(fd);
1776
1777 return HANDLER_FINISHED;
1778 }
1779 case HTTP_METHOD_MOVE:
1780 case HTTP_METHOD_COPY: {
1781 buffer *destination = NULL;
1782 char *sep, *sep2, *start;
1783 int overwrite = 1;
1784
1785 if (p->conf.is_readonly) {
1786 con->http_status = 403;
1787 return HANDLER_FINISHED;
1788 }
1789
1790 /* is a exclusive lock set on the source */
1791 if (con->request.http_method == HTTP_METHOD_MOVE) {
1792 if (!webdav_has_lock(srv, con, p, con->uri.path)) {
1793 con->http_status = 423;
1794 return HANDLER_FINISHED;
1795 }
1796 }
1797
1798 if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Destination"))) {
1799 destination = ds->value;
1800 } else {
1801 con->http_status = 400;
1802 return HANDLER_FINISHED;
1803 }
1804
1805 if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Overwrite"))) {
1806 if (buffer_string_length(ds->value) != 1 ||
1807 (ds->value->ptr[0] != 'F' &&
1808 ds->value->ptr[0] != 'T') ) {
1809 con->http_status = 400;
1810 return HANDLER_FINISHED;
1811 }
1812 overwrite = (ds->value->ptr[0] == 'F' ? 0 : 1);
1813 }
1814 /* let's parse the Destination
1815 *
1816 * http://127.0.0.1:1025/dav/litmus/copydest
1817 *
1818 * - host has to be the same as the Host: header we got
1819 * - we have to stay inside the document root
1820 * - the query string is thrown away
1821 * */
1822
1823 buffer_reset(p->uri.scheme);
1824 buffer_reset(p->uri.path_raw);
1825 buffer_reset(p->uri.authority);
1826
1827 start = destination->ptr;
1828
1829 if (NULL == (sep = strstr(start, "://"))) {
1830 con->http_status = 400;
1831 return HANDLER_FINISHED;
1832 }
1833 buffer_copy_string_len(p->uri.scheme, start, sep - start);
1834
1835 start = sep + 3;
1836
1837 if (NULL == (sep = strchr(start, '/'))) {
1838 con->http_status = 400;
1839 return HANDLER_FINISHED;
1840 }
1841 if (NULL != (sep2 = memchr(start, '@', sep - start))) {
1842 /* skip login information */
1843 start = sep2 + 1;
1844 }
1845 buffer_copy_string_len(p->uri.authority, start, sep - start);
1846
1847 start = sep + 1;
1848
1849 if (NULL == (sep = strchr(start, '?'))) {
1850 /* no query string, good */
1851 buffer_copy_string(p->uri.path_raw, start);
1852 } else {
1853 buffer_copy_string_len(p->uri.path_raw, start, sep - start);
1854 }
1855
1856 if (!buffer_is_equal(p->uri.authority, con->uri.authority)) {
1857 /* not the same host */
1858 con->http_status = 502;
1859 return HANDLER_FINISHED;
1860 }
1861
1862 buffer_copy_buffer(p->tmp_buf, p->uri.path_raw);
1863 buffer_urldecode_path(p->tmp_buf);
1864 buffer_path_simplify(p->uri.path, p->tmp_buf);
1865
1866 /* we now have a URI which is clean. transform it into a physical path */
1867 buffer_copy_buffer(p->physical.doc_root, con->physical.doc_root);
1868 buffer_copy_buffer(p->physical.rel_path, p->uri.path);
1869
1870 if (con->conf.force_lowercase_filenames) {
1871 buffer_to_lower(p->physical.rel_path);
1872 }
1873
1874 buffer_copy_buffer(p->physical.path, p->physical.doc_root);
1875 buffer_append_slash(p->physical.path);
1876 buffer_copy_buffer(p->physical.basedir, p->physical.path);
1877
1878 /* don't add a second / */
1879 if (p->physical.rel_path->ptr[0] == '/') {
1880 buffer_append_string_len(p->physical.path, p->physical.rel_path->ptr + 1, buffer_string_length(p->physical.rel_path) - 1);
1881 } else {
1882 buffer_append_string_buffer(p->physical.path, p->physical.rel_path);
1883 }
1884
1885 /* let's see if the source is a directory
1886 * if yes, we fail with 501 */
1887
1888 if (-1 == stat(con->physical.path->ptr, &st)) {
1889 /* don't about it yet, unlink will fail too */
1890 switch(errno) {
1891 case ENOENT:
1892 con->http_status = 404;
1893 break;
1894 default:
1895 con->http_status = 403;
1896 break;
1897 }
1898 } else if (S_ISDIR(st.st_mode)) {
1899 int r;
1900 /* src is a directory */
1901
1902 if (-1 == stat(p->physical.path->ptr, &st)) {
1903 if (-1 == mkdir(p->physical.path->ptr, WEBDAV_DIR_MODE)) {
1904 con->http_status = 403;
1905 return HANDLER_FINISHED;
1906 }
1907 } else if (!S_ISDIR(st.st_mode)) {
1908 if (overwrite == 0) {
1909 /* copying into a non-dir ? */
1910 con->http_status = 409;
1911 return HANDLER_FINISHED;
1912 } else {
1913 unlink(p->physical.path->ptr);
1914 if (-1 == mkdir(p->physical.path->ptr, WEBDAV_DIR_MODE)) {
1915 con->http_status = 403;
1916 return HANDLER_FINISHED;
1917 }
1918 }
1919 }
1920
1921 /* copy the content of src to dest */
1922 if (0 != (r = webdav_copy_dir(srv, con, p, &(con->physical), &(p->physical), overwrite))) {
1923 con->http_status = r;
1924 return HANDLER_FINISHED;
1925 }
1926 if (con->request.http_method == HTTP_METHOD_MOVE) {
1927 b = buffer_init();
1928 webdav_delete_dir(srv, con, p, &(con->physical), b); /* content */
1929 buffer_free(b);
1930
1931 rmdir(con->physical.path->ptr);
1932 }
1933 con->http_status = 201;
1934 con->file_finished = 1;
1935 } else {
1936 /* it is just a file, good */
1937 int r;
1938
1939 /* does the client have a lock for this connection ? */
1940 if (!webdav_has_lock(srv, con, p, p->uri.path)) {
1941 con->http_status = 423;
1942 return HANDLER_FINISHED;
1943 }
1944
1945 /* destination exists */
1946 if (0 == (r = stat(p->physical.path->ptr, &st))) {
1947 if (S_ISDIR(st.st_mode)) {
1948 /* file to dir/
1949 * append basename to physical path */
1950
1951 if (NULL != (sep = strrchr(con->physical.path->ptr, '/'))) {
1952 buffer_append_string(p->physical.path, sep);
1953 r = stat(p->physical.path->ptr, &st);
1954 }
1955 }
1956 }
1957
1958 if (-1 == r) {
1959 con->http_status = 201; /* we will create a new one */
1960 con->file_finished = 1;
1961
1962 switch(errno) {
1963 case ENOTDIR:
1964 con->http_status = 409;
1965 return HANDLER_FINISHED;
1966 }
1967 } else if (overwrite == 0) {
1968 /* destination exists, but overwrite is not set */
1969 con->http_status = 412;
1970 return HANDLER_FINISHED;
1971 } else {
1972 con->http_status = 204; /* resource already existed */
1973 }
1974
1975 if (con->request.http_method == HTTP_METHOD_MOVE) {
1976 /* try a rename */
1977
1978 if (0 == rename(con->physical.path->ptr, p->physical.path->ptr)) {
1979 #ifdef USE_PROPPATCH
1980 sqlite3_stmt *stmt;
1981
1982 stmt = p->conf.stmt_delete_uri;
1983 if (stmt) {
1984
1985 sqlite3_reset(stmt);
1986
1987 /* bind the values to the insert */
1988 sqlite3_bind_text(stmt, 1,
1989 CONST_BUF_LEN(con->uri.path),
1990 SQLITE_TRANSIENT);
1991
1992 if (SQLITE_DONE != sqlite3_step(stmt)) {
1993 log_error_write(srv, __FILE__, __LINE__, "ss", "sql-move(delete old) failed:", sqlite3_errmsg(p->conf.sql));
1994 }
1995 }
1996
1997 stmt = p->conf.stmt_move_uri;
1998 if (stmt) {
1999
2000 sqlite3_reset(stmt);
2001
2002 /* bind the values to the insert */
2003 sqlite3_bind_text(stmt, 1,
2004 CONST_BUF_LEN(p->uri.path),
2005 SQLITE_TRANSIENT);
2006
2007 sqlite3_bind_text(stmt, 2,
2008 CONST_BUF_LEN(con->uri.path),
2009 SQLITE_TRANSIENT);
2010
2011 if (SQLITE_DONE != sqlite3_step(stmt)) {
2012 log_error_write(srv, __FILE__, __LINE__, "ss", "sql-move failed:", sqlite3_errmsg(p->conf.sql));
2013 }
2014 }
2015 #endif
2016 return HANDLER_FINISHED;
2017 }
2018
2019 /* rename failed, fall back to COPY + DELETE */
2020 }
2021
2022 if (0 != (r = webdav_copy_file(srv, con, p, &(con->physical), &(p->physical), overwrite))) {
2023 con->http_status = r;
2024
2025 return HANDLER_FINISHED;
2026 }
2027
2028 if (con->request.http_method == HTTP_METHOD_MOVE) {
2029 b = buffer_init();
2030 webdav_delete_file(srv, con, p, &(con->physical), b);
2031 buffer_free(b);
2032 }
2033 }
2034
2035 return HANDLER_FINISHED;
2036 }
2037 case HTTP_METHOD_PROPPATCH:
2038 if (p->conf.is_readonly) {
2039 con->http_status = 403;
2040 return HANDLER_FINISHED;
2041 }
2042
2043 if (!webdav_has_lock(srv, con, p, con->uri.path)) {
2044 con->http_status = 423;
2045 return HANDLER_FINISHED;
2046 }
2047
2048 /* check if destination exists */
2049 if (-1 == stat(con->physical.path->ptr, &st)) {
2050 switch(errno) {
2051 case ENOENT:
2052 con->http_status = 404;
2053 break;
2054 }
2055 }
2056
2057 #ifdef USE_PROPPATCH
2058 if (con->request.content_length) {
2059 xmlDocPtr xml;
2060
2061 if (1 == webdav_parse_chunkqueue(srv, con, p, con->request_content_queue, &xml)) {
2062 xmlNode *rootnode = xmlDocGetRootElement(xml);
2063
2064 if (0 == xmlStrcmp(rootnode->name, BAD_CAST "propertyupdate")) {
2065 xmlNode *cmd;
2066 char *err = NULL;
2067 int empty_ns = 0; /* send 400 on a empty namespace attribute */
2068
2069 /* start response */
2070
2071 if (SQLITE_OK != sqlite3_exec(p->conf.sql, "BEGIN TRANSACTION", NULL, NULL, &err)) {
2072 log_error_write(srv, __FILE__, __LINE__, "ss", "can't open transaction:", err);
2073 sqlite3_free(err);
2074
2075 goto propmatch_cleanup;
2076 }
2077
2078 /* a UPDATE request, we know 'set' and 'remove' */
2079 for (cmd = rootnode->children; cmd; cmd = cmd->next) {
2080 xmlNode *props;
2081 /* either set or remove */
2082
2083 if ((0 == xmlStrcmp(cmd->name, BAD_CAST "set")) ||
2084 (0 == xmlStrcmp(cmd->name, BAD_CAST "remove"))) {
2085
2086 sqlite3_stmt *stmt;
2087
2088 stmt = (0 == xmlStrcmp(cmd->name, BAD_CAST "remove")) ?
2089 p->conf.stmt_delete_prop : p->conf.stmt_update_prop;
2090
2091 for (props = cmd->children; props; props = props->next) {
2092 if (0 == xmlStrcmp(props->name, BAD_CAST "prop")) {
2093 xmlNode *prop;
2094 int r;
2095
2096 prop = props->children;
2097
2098 if (prop->ns &&
2099 (0 == xmlStrcmp(prop->ns->href, BAD_CAST "")) &&
2100 (0 != xmlStrcmp(prop->ns->prefix, BAD_CAST ""))) {
2101 log_error_write(srv, __FILE__, __LINE__, "ss",
2102 "no name space for:",
2103 prop->name);
2104
2105 empty_ns = 1;
2106 break;
2107 }
2108
2109 sqlite3_reset(stmt);
2110
2111 /* bind the values to the insert */
2112
2113 sqlite3_bind_text(stmt, 1,
2114 CONST_BUF_LEN(con->uri.path),
2115 SQLITE_TRANSIENT);
2116 sqlite3_bind_text(stmt, 2,
2117 (char *)prop->name,
2118 strlen((char *)prop->name),
2119 SQLITE_TRANSIENT);
2120 if (prop->ns) {
2121 sqlite3_bind_text(stmt, 3,
2122 (char *)prop->ns->href,
2123 strlen((char *)prop->ns->href),
2124 SQLITE_TRANSIENT);
2125 } else {
2126 sqlite3_bind_text(stmt, 3,
2127 "",
2128 0,
2129 SQLITE_TRANSIENT);
2130 }
2131 if (stmt == p->conf.stmt_update_prop) {
2132 sqlite3_bind_text(stmt, 4,
2133 (char *)xmlNodeGetContent(prop),
2134 strlen((char *)xmlNodeGetContent(prop)),
2135 SQLITE_TRANSIENT);
2136 }
2137
2138 if (SQLITE_DONE != (r = sqlite3_step(stmt))) {
2139 log_error_write(srv, __FILE__, __LINE__, "ss",
2140 "sql-set failed:", sqlite3_errmsg(p->conf.sql));
2141 }
2142 }
2143 }
2144 if (empty_ns) break;
2145 }
2146 }
2147
2148 if (empty_ns) {
2149 if (SQLITE_OK != sqlite3_exec(p->conf.sql, "ROLLBACK", NULL, NULL, &err)) {
2150 log_error_write(srv, __FILE__, __LINE__, "ss", "can't rollback transaction:", err);
2151 sqlite3_free(err);
2152
2153 goto propmatch_cleanup;
2154 }
2155
2156 con->http_status = 400;
2157 } else {
2158 if (SQLITE_OK != sqlite3_exec(p->conf.sql, "COMMIT", NULL, NULL, &err)) {
2159 log_error_write(srv, __FILE__, __LINE__, "ss", "can't commit transaction:", err);
2160 sqlite3_free(err);
2161
2162 goto propmatch_cleanup;
2163 }
2164 con->http_status = 200;
2165 }
2166 con->file_finished = 1;
2167
2168 return HANDLER_FINISHED;
2169 }
2170
2171 propmatch_cleanup:
2172
2173 xmlFreeDoc(xml);
2174 } else {
2175 con->http_status = 400;
2176 return HANDLER_FINISHED;
2177 }
2178 }
2179 #endif
2180 con->http_status = 501;
2181 return HANDLER_FINISHED;
2182 case HTTP_METHOD_LOCK:
2183 /**
2184 * a mac wants to write
2185 *
2186 * LOCK /dav/expire.txt HTTP/1.1\r\n
2187 * User-Agent: WebDAVFS/1.3 (01308000) Darwin/8.1.0 (Power Macintosh)\r\n
2188 * Accept: * / *\r\n
2189 * Depth: 0\r\n
2190 * Timeout: Second-600\r\n
2191 * Content-Type: text/xml; charset=\"utf-8\"\r\n
2192 * Content-Length: 229\r\n
2193 * Connection: keep-alive\r\n
2194 * Host: 192.168.178.23:1025\r\n
2195 * \r\n
2196 * <?xml version=\"1.0\" encoding=\"utf-8\"?>\n
2197 * <D:lockinfo xmlns:D=\"DAV:\">\n
2198 * <D:lockscope><D:exclusive/></D:lockscope>\n
2199 * <D:locktype><D:write/></D:locktype>\n
2200 * <D:owner>\n
2201 * <D:href>http://www.apple.com/webdav_fs/</D:href>\n
2202 * </D:owner>\n
2203 * </D:lockinfo>\n
2204 */
2205
2206 if (depth != 0 && depth != -1) {
2207 con->http_status = 400;
2208
2209 return HANDLER_FINISHED;
2210 }
2211
2212 #ifdef USE_LOCKS
2213 if (con->request.content_length) {
2214 xmlDocPtr xml;
2215 buffer *hdr_if = NULL;
2216
2217 if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "If"))) {
2218 hdr_if = ds->value;
2219 }
2220
2221 /* we don't support Depth: Infinity on locks */
2222 if (hdr_if == NULL && depth == -1) {
2223 con->http_status = 409; /* Conflict */
2224
2225 return HANDLER_FINISHED;
2226 }
2227
2228 if (1 == webdav_parse_chunkqueue(srv, con, p, con->request_content_queue, &xml)) {
2229 xmlNode *rootnode = xmlDocGetRootElement(xml);
2230
2231 force_assert(rootnode);
2232
2233 if (0 == xmlStrcmp(rootnode->name, BAD_CAST "lockinfo")) {
2234 xmlNode *lockinfo;
2235 const xmlChar *lockscope = NULL, *locktype = NULL; /* TODO: compiler says unused: *owner = NULL; */
2236
2237 for (lockinfo = rootnode->children; lockinfo; lockinfo = lockinfo->next) {
2238 if (0 == xmlStrcmp(lockinfo->name, BAD_CAST "lockscope")) {
2239 xmlNode *value;
2240 for (value = lockinfo->children; value; value = value->next) {
2241 if ((0 == xmlStrcmp(value->name, BAD_CAST "exclusive")) ||
2242 (0 == xmlStrcmp(value->name, BAD_CAST "shared"))) {
2243 lockscope = value->name;
2244 } else {
2245 con->http_status = 400;
2246
2247 xmlFreeDoc(xml);
2248 return HANDLER_FINISHED;
2249 }
2250 }
2251 } else if (0 == xmlStrcmp(lockinfo->name, BAD_CAST "locktype")) {
2252 xmlNode *value;
2253 for (value = lockinfo->children; value; value = value->next) {
2254 if ((0 == xmlStrcmp(value->name, BAD_CAST "write"))) {
2255 locktype = value->name;
2256 } else {
2257 con->http_status = 400;
2258
2259 xmlFreeDoc(xml);
2260 return HANDLER_FINISHED;
2261 }
2262 }
2263
2264 } else if (0 == xmlStrcmp(lockinfo->name, BAD_CAST "owner")) {
2265 }
2266 }
2267
2268 if (lockscope && locktype) {
2269 sqlite3_stmt *stmt = p->conf.stmt_read_lock_by_uri;
2270
2271 /* is this resourse already locked ? */
2272
2273 /* SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout
2274 * FROM locks
2275 * WHERE resource = ? */
2276
2277 if (stmt) {
2278
2279 sqlite3_reset(stmt);
2280
2281 sqlite3_bind_text(stmt, 1,
2282 CONST_BUF_LEN(p->uri.path),
2283 SQLITE_TRANSIENT);
2284
2285 /* it is the PK */
2286 while (SQLITE_ROW == sqlite3_step(stmt)) {
2287 /* we found a lock
2288 * 1. is it compatible ?
2289 * 2. is it ours */
2290 char *sql_lockscope = (char *)sqlite3_column_text(stmt, 2);
2291
2292 if (strcmp(sql_lockscope, "exclusive")) {
2293 con->http_status = 423;
2294 } else if (0 == xmlStrcmp(lockscope, BAD_CAST "exclusive")) {
2295 /* resourse is locked with a shared lock
2296 * client wants exclusive */
2297 con->http_status = 423;
2298 }
2299 }
2300 if (con->http_status == 423) {
2301 xmlFreeDoc(xml);
2302 return HANDLER_FINISHED;
2303 }
2304 }
2305
2306 stmt = p->conf.stmt_create_lock;
2307 if (stmt) {
2308 /* create a lock-token */
2309 uuid_t id;
2310 char uuid[37] /* 36 + \0 */;
2311
2312 uuid_generate(id);
2313 uuid_unparse(id, uuid);
2314
2315 buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("opaquelocktoken:"));
2316 buffer_append_string(p->tmp_buf, uuid);
2317
2318 /* "CREATE TABLE locks ("
2319 * " locktoken TEXT NOT NULL,"
2320 * " resource TEXT NOT NULL,"
2321 * " lockscope TEXT NOT NULL,"
2322 * " locktype TEXT NOT NULL,"
2323 * " owner TEXT NOT NULL,"
2324 * " depth INT NOT NULL,"
2325 */
2326
2327 sqlite3_reset(stmt);
2328
2329 sqlite3_bind_text(stmt, 1,
2330 CONST_BUF_LEN(p->tmp_buf),
2331 SQLITE_TRANSIENT);
2332
2333 sqlite3_bind_text(stmt, 2,
2334 CONST_BUF_LEN(con->uri.path),
2335 SQLITE_TRANSIENT);
2336
2337 sqlite3_bind_text(stmt, 3,
2338 (const char *)lockscope,
2339 xmlStrlen(lockscope),
2340 SQLITE_TRANSIENT);
2341
2342 sqlite3_bind_text(stmt, 4,
2343 (const char *)locktype,
2344 xmlStrlen(locktype),
2345 SQLITE_TRANSIENT);
2346
2347 /* owner */
2348 sqlite3_bind_text(stmt, 5,
2349 "",
2350 0,
2351 SQLITE_TRANSIENT);
2352
2353 /* depth */
2354 sqlite3_bind_int(stmt, 6,
2355 depth);
2356
2357
2358 if (SQLITE_DONE != sqlite3_step(stmt)) {
2359 log_error_write(srv, __FILE__, __LINE__, "ss",
2360 "create lock:", sqlite3_errmsg(p->conf.sql));
2361 }
2362
2363 /* looks like we survived */
2364 webdav_lockdiscovery(srv, con, p->tmp_buf, (const char *)lockscope, (const char *)locktype, depth);
2365
2366 con->http_status = 201;
2367 con->file_finished = 1;
2368 }
2369 }
2370 }
2371
2372 xmlFreeDoc(xml);
2373 return HANDLER_FINISHED;
2374 } else {
2375 con->http_status = 400;
2376 return HANDLER_FINISHED;
2377 }
2378 } else {
2379
2380 if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "If"))) {
2381 buffer *locktoken = ds->value;
2382 sqlite3_stmt *stmt = p->conf.stmt_refresh_lock;
2383
2384 /* remove the < > around the token */
2385 if (buffer_string_length(locktoken) < 5) {
2386 con->http_status = 400;
2387
2388 return HANDLER_FINISHED;
2389 }
2390
2391 buffer_copy_string_len(p->tmp_buf, locktoken->ptr + 2, buffer_string_length(locktoken) - 4);
2392
2393 sqlite3_reset(stmt);
2394
2395 sqlite3_bind_text(stmt, 1,
2396 CONST_BUF_LEN(p->tmp_buf),
2397 SQLITE_TRANSIENT);
2398
2399 if (SQLITE_DONE != sqlite3_step(stmt)) {
2400 log_error_write(srv, __FILE__, __LINE__, "ss",
2401 "refresh lock:", sqlite3_errmsg(p->conf.sql));
2402 }
2403
2404 webdav_lockdiscovery(srv, con, p->tmp_buf, "exclusive", "write", 0);
2405
2406 con->http_status = 200;
2407 con->file_finished = 1;
2408 return HANDLER_FINISHED;
2409 } else {
2410 /* we need a lock-token to refresh */
2411 con->http_status = 400;
2412
2413 return HANDLER_FINISHED;
2414 }
2415 }
2416 break;
2417 #else
2418 con->http_status = 501;
2419 return HANDLER_FINISHED;
2420 #endif
2421 case HTTP_METHOD_UNLOCK:
2422 #ifdef USE_LOCKS
2423 if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Lock-Token"))) {
2424 buffer *locktoken = ds->value;
2425 sqlite3_stmt *stmt = p->conf.stmt_remove_lock;
2426
2427 /* remove the < > around the token */
2428 if (buffer_string_length(locktoken) < 3) {
2429 con->http_status = 400;
2430
2431 return HANDLER_FINISHED;
2432 }
2433
2434 /**
2435 * FIXME:
2436 *
2437 * if the resourse is locked:
2438 * - by us: unlock
2439 * - by someone else: 401
2440 * if the resource is not locked:
2441 * - 412
2442 * */
2443
2444 buffer_copy_string_len(p->tmp_buf, locktoken->ptr + 1, buffer_string_length(locktoken) - 2);
2445
2446 sqlite3_reset(stmt);
2447
2448 sqlite3_bind_text(stmt, 1,
2449 CONST_BUF_LEN(p->tmp_buf),
2450 SQLITE_TRANSIENT);
2451
2452 sqlite3_bind_text(stmt, 2,
2453 CONST_BUF_LEN(con->uri.path),
2454 SQLITE_TRANSIENT);
2455
2456 if (SQLITE_DONE != sqlite3_step(stmt)) {
2457 log_error_write(srv, __FILE__, __LINE__, "ss",
2458 "remove lock:", sqlite3_errmsg(p->conf.sql));
2459 }
2460
2461 if (0 == sqlite3_changes(p->conf.sql)) {
2462 con->http_status = 401;
2463 } else {
2464 con->http_status = 204;
2465 }
2466 return HANDLER_FINISHED;
2467 } else {
2468 /* we need a lock-token to unlock */
2469 con->http_status = 400;
2470
2471 return HANDLER_FINISHED;
2472 }
2473 break;
2474 #else
2475 con->http_status = 501;
2476 return HANDLER_FINISHED;
2477 #endif
2478 default:
2479 break;
2480 }
2481
2482 /* not found */
2483 return HANDLER_GO_ON;
2484 }
2485
2486
2487 /* this function is called at dlopen() time and inits the callbacks */
2488
2489 int mod_webdav_plugin_init(plugin *p);
2490 int mod_webdav_plugin_init(plugin *p) {
2491 p->version = LIGHTTPD_VERSION_ID;
2492 p->name = buffer_init_string("webdav");
2493
2494 p->init = mod_webdav_init;
2495 p->handle_uri_clean = mod_webdav_uri_handler;
2496 p->handle_physical = mod_webdav_subrequest_handler;
2497 p->set_defaults = mod_webdav_set_defaults;
2498 p->cleanup = mod_webdav_free;
2499
2500 p->data = NULL;
2501
2502 return 0;
2503 }
A fast webserver with minimal memory-footprint (lighttpd)