search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[core] extend dir redirection to take HTTP status
[lighttpd.git] / src / mod_webdav.c
blob7d0e422946c564ebfaa4bbf061034513cd9fe6e2
1 #include "first.h"
2
3 #include "base.h"
4 #include "log.h"
5 #include "buffer.h"
6 #include "fdevent.h"
7 #include "http_header.h"
8 #include "response.h"
9 #include "connections.h"
10
11 #include "plugin.h"
12
13 #include "stat_cache.h"
14
15 #include "sys-mmap.h"
16
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <errno.h>
23 #include <fcntl.h>
24
25 #include <unistd.h>
26 #include <dirent.h>
27
28 #if defined(HAVE_LIBXML_H) && defined(HAVE_SQLITE3_H)
29 #define USE_PROPPATCH
30 #include <libxml/tree.h>
31 #include <libxml/parser.h>
32
33 #include <sqlite3.h>
34 #endif
35
36 #if defined(HAVE_LIBXML_H) && defined(HAVE_SQLITE3_H) \
37 && defined(HAVE_UUID) && defined(HAVE_UUID_UUID_H)
38 #define USE_LOCKS
39 #include <uuid/uuid.h>
40 #endif
41
42 /**
43 * this is a webdav for a lighttpd plugin
44 *
45 * at least a very basic one.
46 * - for now it is read-only and we only support PROPFIND
47 *
48 */
49
50 #define WEBDAV_FILE_MODE S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH
51 #define WEBDAV_DIR_MODE S_IRWXU | S_IRWXG | S_IRWXO
52
53 /* plugin config for all request/connections */
54
55 typedef struct {
56 unsigned short enabled;
57 unsigned short is_readonly;
58 unsigned short log_xml;
59
60 buffer *sqlite_db_name;
61 #ifdef USE_PROPPATCH
62 sqlite3 *sql;
63 sqlite3_stmt *stmt_update_prop;
64 sqlite3_stmt *stmt_delete_prop;
65 sqlite3_stmt *stmt_select_prop;
66 sqlite3_stmt *stmt_select_propnames;
67
68 sqlite3_stmt *stmt_delete_uri;
69 sqlite3_stmt *stmt_move_uri;
70 sqlite3_stmt *stmt_copy_uri;
71
72 sqlite3_stmt *stmt_remove_lock;
73 sqlite3_stmt *stmt_create_lock;
74 sqlite3_stmt *stmt_read_lock;
75 sqlite3_stmt *stmt_read_lock_by_uri;
76 sqlite3_stmt *stmt_refresh_lock;
77 #endif
78 } plugin_config;
79
80 typedef struct {
81 PLUGIN_DATA;
82
83 buffer *tmp_buf;
84 request_uri uri;
85 physical physical;
86
87 plugin_config **config_storage;
88
89 plugin_config conf;
90 } plugin_data;
91
92 typedef struct {
93 plugin_config conf;
94 } handler_ctx;
95
96 /* init the plugin data */
97 INIT_FUNC(mod_webdav_init) {
98 plugin_data *p;
99
100 p = calloc(1, sizeof(*p));
101
102 p->tmp_buf = buffer_init();
103
104 p->uri.scheme = buffer_init();
105 p->uri.path = buffer_init();
106 p->uri.authority = buffer_init();
107
108 p->physical.path = buffer_init();
109 p->physical.rel_path = buffer_init();
110 p->physical.doc_root = buffer_init();
111 p->physical.basedir = buffer_init();
112
113 return p;
114 }
115
116 /* detroy the plugin data */
117 FREE_FUNC(mod_webdav_free) {
118 plugin_data *p = p_d;
119
120 UNUSED(srv);
121
122 if (!p) return HANDLER_GO_ON;
123
124 if (p->config_storage) {
125 size_t i;
126 for (i = 0; i < srv->config_context->used; i++) {
127 plugin_config *s = p->config_storage[i];
128
129 if (NULL == s) continue;
130
131 buffer_free(s->sqlite_db_name);
132 #ifdef USE_PROPPATCH
133 if (s->sql) {
134 sqlite3_finalize(s->stmt_delete_prop);
135 sqlite3_finalize(s->stmt_delete_uri);
136 sqlite3_finalize(s->stmt_copy_uri);
137 sqlite3_finalize(s->stmt_move_uri);
138 sqlite3_finalize(s->stmt_update_prop);
139 sqlite3_finalize(s->stmt_select_prop);
140 sqlite3_finalize(s->stmt_select_propnames);
141
142 sqlite3_finalize(s->stmt_read_lock);
143 sqlite3_finalize(s->stmt_read_lock_by_uri);
144 sqlite3_finalize(s->stmt_create_lock);
145 sqlite3_finalize(s->stmt_remove_lock);
146 sqlite3_finalize(s->stmt_refresh_lock);
147 sqlite3_close(s->sql);
148 }
149 #endif
150 free(s);
151 }
152 free(p->config_storage);
153 }
154
155 buffer_free(p->uri.scheme);
156 buffer_free(p->uri.path);
157 buffer_free(p->uri.authority);
158
159 buffer_free(p->physical.path);
160 buffer_free(p->physical.rel_path);
161 buffer_free(p->physical.doc_root);
162 buffer_free(p->physical.basedir);
163
164 buffer_free(p->tmp_buf);
165
166 free(p);
167
168 return HANDLER_GO_ON;
169 }
170
171 /* handle plugin config and check values */
172
173 SETDEFAULTS_FUNC(mod_webdav_set_defaults) {
174 plugin_data *p = p_d;
175 size_t i = 0;
176
177 config_values_t cv[] = {
178 { "webdav.activate", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
179 { "webdav.is-readonly", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
180 { "webdav.sqlite-db-name", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
181 { "webdav.log-xml", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 3 */
182 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
183 };
184
185 if (!p) return HANDLER_ERROR;
186
187 p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *));
188
189 for (i = 0; i < srv->config_context->used; i++) {
190 data_config const* config = (data_config const*)srv->config_context->data[i];
191 plugin_config *s;
192
193 s = calloc(1, sizeof(plugin_config));
194 s->sqlite_db_name = buffer_init();
195
196 cv[0].destination = &(s->enabled);
197 cv[1].destination = &(s->is_readonly);
198 cv[2].destination = s->sqlite_db_name;
199 cv[3].destination = &(s->log_xml);
200
201 p->config_storage[i] = s;
202
203 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
204 return HANDLER_ERROR;
205 }
206
207 if (!buffer_string_is_empty(s->sqlite_db_name)) {
208 #ifdef USE_PROPPATCH
209 const char *next_stmt;
210 char *err;
211
212 if (SQLITE_OK != sqlite3_open(s->sqlite_db_name->ptr, &(s->sql))) {
213 log_error_write(srv, __FILE__, __LINE__, "sbs", "sqlite3_open failed for",
214 s->sqlite_db_name,
215 sqlite3_errmsg(s->sql));
216 return HANDLER_ERROR;
217 }
218
219 if (SQLITE_OK != sqlite3_exec(s->sql,
220 "CREATE TABLE IF NOT EXISTS properties ("
221 " resource TEXT NOT NULL,"
222 " prop TEXT NOT NULL,"
223 " ns TEXT NOT NULL,"
224 " value TEXT NOT NULL,"
225 " PRIMARY KEY(resource, prop, ns))",
226 NULL, NULL, &err)) {
227
228 if (0 != strcmp(err, "table properties already exists")) {
229 log_error_write(srv, __FILE__, __LINE__, "ss", "can't open transaction:", err);
230 sqlite3_free(err);
231
232 return HANDLER_ERROR;
233 }
234 sqlite3_free(err);
235 }
236
237 if (SQLITE_OK != sqlite3_exec(s->sql,
238 "CREATE TABLE IF NOT EXISTS locks ("
239 " locktoken TEXT NOT NULL,"
240 " resource TEXT NOT NULL,"
241 " lockscope TEXT NOT NULL,"
242 " locktype TEXT NOT NULL,"
243 " owner TEXT NOT NULL,"
244 " depth INT NOT NULL,"
245 " timeout TIMESTAMP NOT NULL,"
246 " PRIMARY KEY(locktoken))",
247 NULL, NULL, &err)) {
248
249 if (0 != strcmp(err, "table locks already exists")) {
250 log_error_write(srv, __FILE__, __LINE__, "ss", "can't open transaction:", err);
251 sqlite3_free(err);
252
253 return HANDLER_ERROR;
254 }
255 sqlite3_free(err);
256 }
257
258 if (SQLITE_OK != sqlite3_prepare(s->sql,
259 CONST_STR_LEN("SELECT value FROM properties WHERE resource = ? AND prop = ? AND ns = ?"),
260 &(s->stmt_select_prop), &next_stmt)) {
261 /* prepare failed */
262
263 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed:", sqlite3_errmsg(s->sql));
264 return HANDLER_ERROR;
265 }
266
267 if (SQLITE_OK != sqlite3_prepare(s->sql,
268 CONST_STR_LEN("SELECT ns, prop FROM properties WHERE resource = ?"),
269 &(s->stmt_select_propnames), &next_stmt)) {
270 /* prepare failed */
271
272 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed:", sqlite3_errmsg(s->sql));
273 return HANDLER_ERROR;
274 }
275
276
277 if (SQLITE_OK != sqlite3_prepare(s->sql,
278 CONST_STR_LEN("REPLACE INTO properties (resource, prop, ns, value) VALUES (?, ?, ?, ?)"),
279 &(s->stmt_update_prop), &next_stmt)) {
280 /* prepare failed */
281
282 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed:", sqlite3_errmsg(s->sql));
283 return HANDLER_ERROR;
284 }
285
286 if (SQLITE_OK != sqlite3_prepare(s->sql,
287 CONST_STR_LEN("DELETE FROM properties WHERE resource = ? AND prop = ? AND ns = ?"),
288 &(s->stmt_delete_prop), &next_stmt)) {
289 /* prepare failed */
290 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
291
292 return HANDLER_ERROR;
293 }
294
295 if (SQLITE_OK != sqlite3_prepare(s->sql,
296 CONST_STR_LEN("DELETE FROM properties WHERE resource = ?"),
297 &(s->stmt_delete_uri), &next_stmt)) {
298 /* prepare failed */
299 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
300
301 return HANDLER_ERROR;
302 }
303
304 if (SQLITE_OK != sqlite3_prepare(s->sql,
305 CONST_STR_LEN("INSERT INTO properties SELECT ?, prop, ns, value FROM properties WHERE resource = ?"),
306 &(s->stmt_copy_uri), &next_stmt)) {
307 /* prepare failed */
308 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
309
310 return HANDLER_ERROR;
311 }
312
313 if (SQLITE_OK != sqlite3_prepare(s->sql,
314 CONST_STR_LEN("UPDATE OR REPLACE properties SET resource = ? WHERE resource = ?"),
315 &(s->stmt_move_uri), &next_stmt)) {
316 /* prepare failed */
317 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
318
319 return HANDLER_ERROR;
320 }
321
322 /* LOCKS */
323
324 if (SQLITE_OK != sqlite3_prepare(s->sql,
325 CONST_STR_LEN("INSERT INTO locks (locktoken, resource, lockscope, locktype, owner, depth, timeout) VALUES (?,?,?,?,?,?, CURRENT_TIME + 600)"),
326 &(s->stmt_create_lock), &next_stmt)) {
327 /* prepare failed */
328 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
329
330 return HANDLER_ERROR;
331 }
332
333 if (SQLITE_OK != sqlite3_prepare(s->sql,
334 CONST_STR_LEN("DELETE FROM locks WHERE locktoken = ?"),
335 &(s->stmt_remove_lock), &next_stmt)) {
336 /* prepare failed */
337 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
338
339 return HANDLER_ERROR;
340 }
341
342 if (SQLITE_OK != sqlite3_prepare(s->sql,
343 CONST_STR_LEN("SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout-CURRENT_TIME FROM locks WHERE locktoken = ?"),
344 &(s->stmt_read_lock), &next_stmt)) {
345 /* prepare failed */
346 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
347
348 return HANDLER_ERROR;
349 }
350
351 if (SQLITE_OK != sqlite3_prepare(s->sql,
352 CONST_STR_LEN("SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout-CURRENT_TIME FROM locks WHERE resource = ?"),
353 &(s->stmt_read_lock_by_uri), &next_stmt)) {
354 /* prepare failed */
355 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
356
357 return HANDLER_ERROR;
358 }
359
360 if (SQLITE_OK != sqlite3_prepare(s->sql,
361 CONST_STR_LEN("UPDATE locks SET timeout = CURRENT_TIME + 600 WHERE locktoken = ?"),
362 &(s->stmt_refresh_lock), &next_stmt)) {
363 /* prepare failed */
364 log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql));
365
366 return HANDLER_ERROR;
367 }
368
369
370 #else
371 log_error_write(srv, __FILE__, __LINE__, "s", "Sorry, no sqlite3 and libxml2 support include, compile with --with-webdav-props");
372 return HANDLER_ERROR;
373 #endif
374 }
375 }
376
377 return HANDLER_GO_ON;
378 }
379
380 #define PATCH_OPTION(x) \
381 p->conf.x = s->x;
382 static int mod_webdav_patch_connection(server *srv, connection *con, plugin_data *p) {
383 size_t i, j;
384 plugin_config *s = p->config_storage[0];
385
386 PATCH_OPTION(enabled);
387 PATCH_OPTION(is_readonly);
388 PATCH_OPTION(log_xml);
389
390 #ifdef USE_PROPPATCH
391 PATCH_OPTION(sql);
392 PATCH_OPTION(stmt_update_prop);
393 PATCH_OPTION(stmt_delete_prop);
394 PATCH_OPTION(stmt_select_prop);
395 PATCH_OPTION(stmt_select_propnames);
396
397 PATCH_OPTION(stmt_delete_uri);
398 PATCH_OPTION(stmt_move_uri);
399 PATCH_OPTION(stmt_copy_uri);
400
401 PATCH_OPTION(stmt_remove_lock);
402 PATCH_OPTION(stmt_refresh_lock);
403 PATCH_OPTION(stmt_create_lock);
404 PATCH_OPTION(stmt_read_lock);
405 PATCH_OPTION(stmt_read_lock_by_uri);
406 #endif
407 /* skip the first, the global context */
408 for (i = 1; i < srv->config_context->used; i++) {
409 data_config *dc = (data_config *)srv->config_context->data[i];
410 s = p->config_storage[i];
411
412 /* condition didn't match */
413 if (!config_check_cond(srv, con, dc)) continue;
414
415 /* merge config */
416 for (j = 0; j < dc->value->used; j++) {
417 data_unset *du = dc->value->data[j];
418
419 if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.activate"))) {
420 PATCH_OPTION(enabled);
421 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.is-readonly"))) {
422 PATCH_OPTION(is_readonly);
423 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.log-xml"))) {
424 PATCH_OPTION(log_xml);
425 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.sqlite-db-name"))) {
426 #ifdef USE_PROPPATCH
427 PATCH_OPTION(sql);
428 PATCH_OPTION(stmt_update_prop);
429 PATCH_OPTION(stmt_delete_prop);
430 PATCH_OPTION(stmt_select_prop);
431 PATCH_OPTION(stmt_select_propnames);
432
433 PATCH_OPTION(stmt_delete_uri);
434 PATCH_OPTION(stmt_move_uri);
435 PATCH_OPTION(stmt_copy_uri);
436
437 PATCH_OPTION(stmt_remove_lock);
438 PATCH_OPTION(stmt_refresh_lock);
439 PATCH_OPTION(stmt_create_lock);
440 PATCH_OPTION(stmt_read_lock);
441 PATCH_OPTION(stmt_read_lock_by_uri);
442 #endif
443 }
444 }
445 }
446
447 return 0;
448 }
449
450 URIHANDLER_FUNC(mod_webdav_uri_handler) {
451 plugin_data *p = p_d;
452
453 UNUSED(srv);
454
455 if (buffer_is_empty(con->uri.path)) return HANDLER_GO_ON;
456
457 mod_webdav_patch_connection(srv, con, p);
458
459 if (!p->conf.enabled) return HANDLER_GO_ON;
460
461 switch (con->request.http_method) {
462 case HTTP_METHOD_OPTIONS:
463 /* we fake a little bit but it makes MS W2k happy and it let's us mount the volume */
464 http_header_response_set(con, HTTP_HEADER_OTHER, CONST_STR_LEN("DAV"), CONST_STR_LEN("1,2"));
465 http_header_response_set(con, HTTP_HEADER_OTHER, CONST_STR_LEN("MS-Author-Via"), CONST_STR_LEN("DAV"));
466
467 if (p->conf.is_readonly) {
468 http_header_response_append(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Allow"), CONST_STR_LEN("PROPFIND"));
469 } else {
470 http_header_response_append(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Allow"), CONST_STR_LEN("PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK, UNLOCK"));
471 }
472 break;
473 default:
474 break;
475 }
476
477 /* not found */
478 return HANDLER_GO_ON;
479 }
480 static int webdav_gen_prop_tag(server *srv, connection *con,
481 char *prop_name,
482 char *prop_ns,
483 char *value,
484 buffer *b) {
485
486 UNUSED(srv);
487 UNUSED(con);
488
489 if (value) {
490 buffer_append_string_len(b,CONST_STR_LEN("<"));
491 buffer_append_string(b, prop_name);
492 buffer_append_string_len(b, CONST_STR_LEN(" xmlns=\""));
493 buffer_append_string(b, prop_ns);
494 buffer_append_string_len(b, CONST_STR_LEN("\">"));
495
496 buffer_append_string(b, value);
497
498 buffer_append_string_len(b,CONST_STR_LEN("</"));
499 buffer_append_string(b, prop_name);
500 buffer_append_string_len(b, CONST_STR_LEN(">"));
501 } else {
502 buffer_append_string_len(b,CONST_STR_LEN("<"));
503 buffer_append_string(b, prop_name);
504 buffer_append_string_len(b, CONST_STR_LEN(" xmlns=\""));
505 buffer_append_string(b, prop_ns);
506 buffer_append_string_len(b, CONST_STR_LEN("\"/>"));
507 }
508
509 return 0;
510 }
511
512
513 static int webdav_gen_response_status_tag(server *srv, connection *con, physical *dst, int status, buffer *b) {
514 UNUSED(srv);
515
516 buffer_append_string_len(b,CONST_STR_LEN("<D:response xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n"));
517
518 buffer_append_string_len(b,CONST_STR_LEN("<D:href>\n"));
519 buffer_append_string_buffer(b, dst->rel_path);
520 buffer_append_string_len(b,CONST_STR_LEN("</D:href>\n"));
521 buffer_append_string_len(b,CONST_STR_LEN("<D:status>\n"));
522
523 if (con->request.http_version == HTTP_VERSION_1_1) {
524 buffer_copy_string_len(b, CONST_STR_LEN("HTTP/1.1 "));
525 } else {
526 buffer_copy_string_len(b, CONST_STR_LEN("HTTP/1.0 "));
527 }
528 http_status_append(b, status);
529
530 buffer_append_string_len(b,CONST_STR_LEN("</D:status>\n"));
531 buffer_append_string_len(b,CONST_STR_LEN("</D:response>\n"));
532
533 return 0;
534 }
535
536 static int webdav_delete_file(server *srv, connection *con, handler_ctx *hctx, physical *dst, buffer *b) {
537 int status = 0;
538
539 /* try to unlink it */
540 if (-1 == unlink(dst->path->ptr)) {
541 switch(errno) {
542 case EACCES:
543 case EPERM:
544 /* 403 */
545 status = 403;
546 break;
547 default:
548 status = 501;
549 break;
550 }
551 webdav_gen_response_status_tag(srv, con, dst, status, b);
552 } else {
553 #ifdef USE_PROPPATCH
554 sqlite3_stmt *stmt = hctx->conf.stmt_delete_uri;
555
556 if (!stmt) {
557 status = 403;
558 webdav_gen_response_status_tag(srv, con, dst, status, b);
559 } else {
560 sqlite3_reset(stmt);
561
562 /* bind the values to the insert */
563
564 sqlite3_bind_text(stmt, 1,
565 CONST_BUF_LEN(dst->rel_path),
566 SQLITE_TRANSIENT);
567
568 if (SQLITE_DONE != sqlite3_step(stmt)) {
569 /* */
570 }
571 }
572 #else
573 UNUSED(hctx);
574 #endif
575 }
576
577 return (status != 0);
578 }
579
580 static int webdav_delete_dir(server *srv, connection *con, handler_ctx *hctx, physical *dst, buffer *b) {
581 DIR *dir;
582 int have_multi_status = 0;
583 physical d;
584
585 d.path = buffer_init();
586 d.rel_path = buffer_init();
587
588 if (NULL != (dir = opendir(dst->path->ptr))) {
589 struct dirent *de;
590
591 while(NULL != (de = readdir(dir))) {
592 struct stat st;
593 size_t nlen;
594
595 if ((de->d_name[0] == '.' && de->d_name[1] == '\0') ||
596 (de->d_name[0] == '.' && de->d_name[1] == '.' && de->d_name[2] == '\0')) {
597 continue;
598 /* ignore the parent dir */
599 }
600
601 nlen = strlen(de->d_name);
602 buffer_copy_buffer(d.path, dst->path);
603 buffer_append_path_len(d.path, de->d_name, nlen);
604
605 buffer_copy_buffer(d.rel_path, dst->rel_path);
606 buffer_append_path_len(d.rel_path, de->d_name, nlen);
607
608 /* stat and unlink afterwards */
609 if (-1 == stat(d.path->ptr, &st)) {
610 /* don't about it yet, rmdir will fail too */
611 } else if (S_ISDIR(st.st_mode)) {
612 have_multi_status = webdav_delete_dir(srv, con, hctx, &d, b);
613
614 /* try to unlink it */
615 if (-1 == rmdir(d.path->ptr)) {
616 int status;
617 switch(errno) {
618 case EACCES:
619 case EPERM:
620 /* 403 */
621 status = 403;
622 break;
623 default:
624 status = 501;
625 break;
626 }
627 have_multi_status = 1;
628
629 webdav_gen_response_status_tag(srv, con, &d, status, b);
630 } else {
631 #ifdef USE_PROPPATCH
632 sqlite3_stmt *stmt = hctx->conf.stmt_delete_uri;
633
634 if (stmt) {
635 sqlite3_reset(stmt);
636
637 /* bind the values to the insert */
638
639 sqlite3_bind_text(stmt, 1,
640 CONST_BUF_LEN(d.rel_path),
641 SQLITE_TRANSIENT);
642
643 if (SQLITE_DONE != sqlite3_step(stmt)) {
644 /* */
645 }
646 }
647 #endif
648 }
649 } else {
650 have_multi_status = webdav_delete_file(srv, con, hctx, &d, b);
651 }
652 }
653 closedir(dir);
654
655 buffer_free(d.path);
656 buffer_free(d.rel_path);
657 }
658
659 return have_multi_status;
660 }
661
662 /* don't want to block when open()ing a fifo */
663 #if defined(O_NONBLOCK)
664 # define FIFO_NONBLOCK O_NONBLOCK
665 #else
666 # define FIFO_NONBLOCK 0
667 #endif
668
669 #ifndef O_BINARY
670 #define O_BINARY 0
671 #endif
672
673 static int webdav_copy_file(server *srv, connection *con, handler_ctx *hctx, physical *src, physical *dst, int overwrite) {
674 char *data;
675 ssize_t rd, wr, offset;
676 int status = 0, ifd, ofd;
677 UNUSED(srv);
678 UNUSED(con);
679
680 if (-1 == (ifd = open(src->path->ptr, O_RDONLY | O_BINARY | FIFO_NONBLOCK))) {
681 return 403;
682 }
683
684 if (-1 == (ofd = open(dst->path->ptr, O_WRONLY|O_TRUNC|O_CREAT|(overwrite ? 0 : O_EXCL), WEBDAV_FILE_MODE))) {
685 /* opening the destination failed for some reason */
686 switch(errno) {
687 case EEXIST:
688 status = 412;
689 break;
690 case EISDIR:
691 status = 409;
692 break;
693 case ENOENT:
694 /* at least one part in the middle wasn't existing */
695 status = 409;
696 break;
697 default:
698 status = 403;
699 break;
700 }
701 close(ifd);
702 return status;
703 }
704
705 data = malloc(131072);
706 force_assert(data);
707
708 while (0 < (rd = read(ifd, data, 131072))) {
709 offset = 0;
710 do {
711 wr = write(ofd, data+offset, (size_t)(rd-offset));
712 } while (wr >= 0 ? (offset += wr) != rd : (errno == EINTR));
713 if (-1 == wr) {
714 status = (errno == ENOSPC) ? 507 : 403;
715 break;
716 }
717
718 }
719 if (0 != rd && 0 == status) status = 403;
720
721 free(data);
722 close(ifd);
723 if (0 != close(ofd)) {
724 if (0 == status) status = (errno == ENOSPC) ? 507 : 403;
725 log_error_write(srv, __FILE__, __LINE__, "sbss",
726 "close ", dst->path, "failed: ", strerror(errno));
727 }
728
729 #ifdef USE_PROPPATCH
730 if (0 == status) {
731 /* copy worked fine, copy connected properties */
732 sqlite3_stmt *stmt = hctx->conf.stmt_copy_uri;
733
734 if (stmt) {
735 sqlite3_reset(stmt);
736
737 /* bind the values to the insert */
738 sqlite3_bind_text(stmt, 1,
739 CONST_BUF_LEN(dst->rel_path),
740 SQLITE_TRANSIENT);
741
742 sqlite3_bind_text(stmt, 2,
743 CONST_BUF_LEN(src->rel_path),
744 SQLITE_TRANSIENT);
745
746 if (SQLITE_DONE != sqlite3_step(stmt)) {
747 /* */
748 }
749 }
750 }
751 #else
752 UNUSED(hctx);
753 #endif
754 return status;
755 }
756
757 static int webdav_copy_dir(server *srv, connection *con, handler_ctx *hctx, physical *src, physical *dst, int overwrite) {
758 DIR *srcdir;
759 int status = 0;
760
761 if (NULL != (srcdir = opendir(src->path->ptr))) {
762 struct dirent *de;
763 physical s, d;
764
765 s.path = buffer_init();
766 s.rel_path = buffer_init();
767
768 d.path = buffer_init();
769 d.rel_path = buffer_init();
770
771 while (NULL != (de = readdir(srcdir))) {
772 struct stat st;
773 size_t nlen;
774
775 if ((de->d_name[0] == '.' && de->d_name[1] == '\0')
776 || (de->d_name[0] == '.' && de->d_name[1] == '.' && de->d_name[2] == '\0')) {
777 continue;
778 }
779
780 nlen = strlen(de->d_name);
781 buffer_copy_buffer(s.path, src->path);
782 buffer_append_path_len(s.path, de->d_name, nlen);
783
784 buffer_copy_buffer(d.path, dst->path);
785 buffer_append_path_len(d.path, de->d_name, nlen);
786
787 buffer_copy_buffer(s.rel_path, src->rel_path);
788 buffer_append_path_len(s.rel_path, de->d_name, nlen);
789
790 buffer_copy_buffer(d.rel_path, dst->rel_path);
791 buffer_append_path_len(d.rel_path, de->d_name, nlen);
792
793 if (-1 == stat(s.path->ptr, &st)) {
794 /* why ? */
795 } else if (S_ISDIR(st.st_mode)) {
796 /* a directory */
797 if (-1 == mkdir(d.path->ptr, WEBDAV_DIR_MODE) &&
798 errno != EEXIST) {
799 /* WTH ? */
800 } else {
801 #ifdef USE_PROPPATCH
802 sqlite3_stmt *stmt = hctx->conf.stmt_copy_uri;
803
804 if (0 != (status = webdav_copy_dir(srv, con, hctx, &s, &d, overwrite))) {
805 break;
806 }
807 /* directory is copied, copy the properties too */
808
809 if (stmt) {
810 sqlite3_reset(stmt);
811
812 /* bind the values to the insert */
813 sqlite3_bind_text(stmt, 1,
814 CONST_BUF_LEN(dst->rel_path),
815 SQLITE_TRANSIENT);
816
817 sqlite3_bind_text(stmt, 2,
818 CONST_BUF_LEN(src->rel_path),
819 SQLITE_TRANSIENT);
820
821 if (SQLITE_DONE != sqlite3_step(stmt)) {
822 /* */
823 }
824 }
825 #endif
826 }
827 } else if (S_ISREG(st.st_mode)) {
828 /* a plain file */
829 if (0 != (status = webdav_copy_file(srv, con, hctx, &s, &d, overwrite))) {
830 break;
831 }
832 }
833 }
834
835 buffer_free(s.path);
836 buffer_free(s.rel_path);
837 buffer_free(d.path);
838 buffer_free(d.rel_path);
839
840 closedir(srcdir);
841 }
842
843 return status;
844 }
845
846 #ifdef USE_LOCKS
847 static void webdav_activelock(buffer *b,
848 const buffer *locktoken, const char *lockscope, const char *locktype, int depth, int timeout) {
849 buffer_append_string_len(b, CONST_STR_LEN("<D:activelock>\n"));
850
851 buffer_append_string_len(b, CONST_STR_LEN("<D:lockscope>"));
852 buffer_append_string_len(b, CONST_STR_LEN("<D:"));
853 buffer_append_string(b, lockscope);
854 buffer_append_string_len(b, CONST_STR_LEN("/>"));
855 buffer_append_string_len(b, CONST_STR_LEN("</D:lockscope>\n"));
856
857 buffer_append_string_len(b, CONST_STR_LEN("<D:locktype>"));
858 buffer_append_string_len(b, CONST_STR_LEN("<D:"));
859 buffer_append_string(b, locktype);
860 buffer_append_string_len(b, CONST_STR_LEN("/>"));
861 buffer_append_string_len(b, CONST_STR_LEN("</D:locktype>\n"));
862
863 buffer_append_string_len(b, CONST_STR_LEN("<D:depth>"));
864 buffer_append_string(b, depth == 0 ? "0" : "infinity");
865 buffer_append_string_len(b, CONST_STR_LEN("</D:depth>\n"));
866
867 buffer_append_string_len(b, CONST_STR_LEN("<D:timeout>"));
868 buffer_append_string_len(b, CONST_STR_LEN("Second-"));
869 buffer_append_int(b, timeout);
870 buffer_append_string_len(b, CONST_STR_LEN("</D:timeout>\n"));
871
872 buffer_append_string_len(b, CONST_STR_LEN("<D:owner>"));
873 buffer_append_string_len(b, CONST_STR_LEN("</D:owner>\n"));
874
875 buffer_append_string_len(b, CONST_STR_LEN("<D:locktoken>"));
876 buffer_append_string_len(b, CONST_STR_LEN("<D:href>"));
877 buffer_append_string_buffer(b, locktoken);
878 buffer_append_string_len(b, CONST_STR_LEN("</D:href>"));
879 buffer_append_string_len(b, CONST_STR_LEN("</D:locktoken>\n"));
880
881 buffer_append_string_len(b, CONST_STR_LEN("</D:activelock>\n"));
882 }
883
884 static void webdav_get_live_property_lockdiscovery(server *srv, connection *con, handler_ctx *hctx, physical *dst, buffer *b) {
885
886 sqlite3_stmt *stmt = hctx->conf.stmt_read_lock_by_uri;
887 if (!stmt) { /*(should not happen)*/
888 buffer_append_string_len(b, CONST_STR_LEN("<D:lockdiscovery>\n</D:lockdiscovery>\n"));
889 return;
890 }
891 UNUSED(srv);
892 UNUSED(con);
893
894 /* SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout
895 * FROM locks
896 * WHERE resource = ? */
897
898 sqlite3_reset(stmt);
899
900 sqlite3_bind_text(stmt, 1,
901 CONST_BUF_LEN(dst->rel_path),
902 SQLITE_TRANSIENT);
903
904 buffer_append_string_len(b, CONST_STR_LEN("<D:lockdiscovery>\n"));
905 while (SQLITE_ROW == sqlite3_step(stmt)) {
906 const char *lockscope = (const char *)sqlite3_column_text(stmt, 2);
907 const char *locktype = (const char *)sqlite3_column_text(stmt, 3);
908 const int depth = sqlite3_column_int(stmt, 5);
909 const int timeout = sqlite3_column_int(stmt, 6);
910 buffer locktoken = { NULL, 0, 0 };
911 locktoken.ptr = (char *)sqlite3_column_text(stmt, 0);
912 locktoken.used = sqlite3_column_bytes(stmt, 0);
913 if (locktoken.used) ++locktoken.used;
914 locktoken.size = locktoken.used;
915
916 if (timeout > 0) {
917 webdav_activelock(b, &locktoken, lockscope, locktype, depth, timeout);
918 }
919 }
920 buffer_append_string_len(b, CONST_STR_LEN("</D:lockdiscovery>\n"));
921 }
922 #endif
923
924 static int webdav_get_live_property(server *srv, connection *con, handler_ctx *hctx, physical *dst, char *prop_name, buffer *b) {
925 stat_cache_entry *sce = NULL;
926 int found = 0;
927
928 UNUSED(hctx);
929
930 if (HANDLER_ERROR != (stat_cache_get_entry(srv, con, dst->path, &sce))) {
931 char ctime_buf[] = "2005-08-18T07:27:16Z";
932 char mtime_buf[] = "Thu, 18 Aug 2005 07:27:16 GMT";
933
934 if (0 == strcmp(prop_name, "resourcetype")) {
935 if (S_ISDIR(sce->st.st_mode)) {
936 buffer_append_string_len(b, CONST_STR_LEN("<D:resourcetype><D:collection/></D:resourcetype>"));
937 } else {
938 buffer_append_string_len(b, CONST_STR_LEN("<D:resourcetype/>"));
939 }
940 found = 1;
941 } else if (0 == strcmp(prop_name, "getcontenttype")) {
942 if (S_ISDIR(sce->st.st_mode)) {
943 buffer_append_string_len(b, CONST_STR_LEN("<D:getcontenttype>httpd/unix-directory</D:getcontenttype>"));
944 found = 1;
945 } else if(S_ISREG(sce->st.st_mode)) {
946 const buffer *type = stat_cache_mimetype_by_ext(con, CONST_BUF_LEN(dst->path));
947 if (NULL != type) {
948 buffer_append_string_len(b, CONST_STR_LEN("<D:getcontenttype>"));
949 buffer_append_string_buffer(b, type);
950 buffer_append_string_len(b, CONST_STR_LEN("</D:getcontenttype>"));
951 found = 1;
952 }
953 }
954 } else if (0 == strcmp(prop_name, "creationdate")) {
955 buffer_append_string_len(b, CONST_STR_LEN("<D:creationdate ns0:dt=\"dateTime.tz\">"));
956 strftime(ctime_buf, sizeof(ctime_buf), "%Y-%m-%dT%H:%M:%SZ", gmtime(&(sce->st.st_ctime)));
957 buffer_append_string(b, ctime_buf);
958 buffer_append_string_len(b, CONST_STR_LEN("</D:creationdate>"));
959 found = 1;
960 } else if (0 == strcmp(prop_name, "getlastmodified")) {
961 buffer_append_string_len(b,CONST_STR_LEN("<D:getlastmodified ns0:dt=\"dateTime.rfc1123\">"));
962 strftime(mtime_buf, sizeof(mtime_buf), "%a, %d %b %Y %H:%M:%S GMT", gmtime(&(sce->st.st_mtime)));
963 buffer_append_string(b, mtime_buf);
964 buffer_append_string_len(b, CONST_STR_LEN("</D:getlastmodified>"));
965 found = 1;
966 } else if (0 == strcmp(prop_name, "getcontentlength")) {
967 buffer_append_string_len(b,CONST_STR_LEN("<D:getcontentlength>"));
968 buffer_append_int(b, sce->st.st_size);
969 buffer_append_string_len(b, CONST_STR_LEN("</D:getcontentlength>"));
970 found = 1;
971 } else if (0 == strcmp(prop_name, "getcontentlanguage")) {
972 buffer_append_string_len(b,CONST_STR_LEN("<D:getcontentlanguage>"));
973 buffer_append_string_len(b, CONST_STR_LEN("en"));
974 buffer_append_string_len(b, CONST_STR_LEN("</D:getcontentlanguage>"));
975 found = 1;
976 } else if (0 == strcmp(prop_name, "getetag")) {
977 etag_create(con->physical.etag, &sce->st, con->etag_flags);
978 etag_mutate(con->physical.etag, con->physical.etag);
979 buffer_append_string_len(b, CONST_STR_LEN("<D:getetag>"));
980 buffer_append_string_buffer(b, con->physical.etag);
981 buffer_append_string_len(b, CONST_STR_LEN("</D:getetag>"));
982 buffer_clear(con->physical.etag);
983 found = 1;
984 #ifdef USE_LOCKS
985 } else if (0 == strcmp(prop_name, "lockdiscovery")) {
986 webdav_get_live_property_lockdiscovery(srv, con, hctx, dst, b);
987 found = 1;
988 } else if (0 == strcmp(prop_name, "supportedlock")) {
989 buffer_append_string_len(b,CONST_STR_LEN("<D:supportedlock>"));
990 buffer_append_string_len(b,CONST_STR_LEN("<D:lockentry>"));
991 buffer_append_string_len(b,CONST_STR_LEN("<D:lockscope><D:exclusive/></D:lockscope>"));
992 buffer_append_string_len(b,CONST_STR_LEN("<D:locktype><D:write/></D:locktype>"));
993 buffer_append_string_len(b,CONST_STR_LEN("</D:lockentry>"));
994 buffer_append_string_len(b, CONST_STR_LEN("</D:supportedlock>"));
995 found = 1;
996 #endif
997 }
998 }
999
1000 return found ? 0 : -1;
1001 }
1002
1003 static int webdav_get_property(server *srv, connection *con, handler_ctx *hctx, physical *dst, char *prop_name, char *prop_ns, buffer *b) {
1004 if (0 == strcmp(prop_ns, "DAV:")) {
1005 /* a local 'live' property */
1006 return webdav_get_live_property(srv, con, hctx, dst, prop_name, b);
1007 } else {
1008 int found = 0;
1009 #ifdef USE_PROPPATCH
1010 sqlite3_stmt *stmt = hctx->conf.stmt_select_prop;
1011
1012 if (stmt) {
1013 /* perhaps it is in sqlite3 */
1014 sqlite3_reset(stmt);
1015
1016 /* bind the values to the insert */
1017
1018 sqlite3_bind_text(stmt, 1,
1019 CONST_BUF_LEN(dst->rel_path),
1020 SQLITE_TRANSIENT);
1021 sqlite3_bind_text(stmt, 2,
1022 prop_name,
1023 strlen(prop_name),
1024 SQLITE_TRANSIENT);
1025 sqlite3_bind_text(stmt, 3,
1026 prop_ns,
1027 strlen(prop_ns),
1028 SQLITE_TRANSIENT);
1029
1030 /* it is the PK */
1031 while (SQLITE_ROW == sqlite3_step(stmt)) {
1032 /* there is a row for us, we only expect a single col 'value' */
1033 webdav_gen_prop_tag(srv, con, prop_name, prop_ns, (char *)sqlite3_column_text(stmt, 0), b);
1034 found = 1;
1035 }
1036 }
1037 #endif
1038 return found ? 0 : -1;
1039 }
1040
1041 /* not found */
1042 return -1;
1043 }
1044
1045 typedef struct {
1046 char *ns;
1047 char *prop;
1048 } webdav_property;
1049
1050 static webdav_property live_properties[] = {
1051 { "DAV:", "creationdate" },
1052 /*{ "DAV:", "displayname" },*//*(not implemented)*/
1053 { "DAV:", "getcontentlanguage" },
1054 { "DAV:", "getcontentlength" },
1055 { "DAV:", "getcontenttype" },
1056 { "DAV:", "getetag" },
1057 { "DAV:", "getlastmodified" },
1058 { "DAV:", "resourcetype" },
1059 /*{ "DAV:", "source" },*//*(not implemented)*/
1060 #ifdef USE_LOCKS
1061 { "DAV:", "lockdiscovery" },
1062 { "DAV:", "supportedlock" },
1063 #endif
1064
1065 { NULL, NULL }
1066 };
1067
1068 typedef struct {
1069 webdav_property **ptr;
1070
1071 size_t used;
1072 size_t size;
1073 } webdav_properties;
1074
1075 static int webdav_get_props(server *srv, connection *con, handler_ctx *hctx, physical *dst, webdav_properties *props, buffer *b_200, buffer *b_404) {
1076 size_t i;
1077
1078 if (props && props->used) {
1079 for (i = 0; i < props->used; i++) {
1080 webdav_property *prop;
1081
1082 prop = props->ptr[i];
1083
1084 if (0 != webdav_get_property(srv, con, hctx,
1085 dst, prop->prop, prop->ns, b_200)) {
1086 webdav_gen_prop_tag(srv, con, prop->prop, prop->ns, NULL, b_404);
1087 }
1088 }
1089 } else {
1090 for (i = 0; live_properties[i].prop; i++) {
1091 /* a local 'live' property */
1092 webdav_get_live_property(srv, con, hctx, dst, live_properties[i].prop, b_200);
1093 }
1094 }
1095
1096 return 0;
1097 }
1098
1099 #ifdef USE_PROPPATCH
1100 static int webdav_parse_chunkqueue(server *srv, connection *con, handler_ctx *hctx, chunkqueue *cq, xmlDoc **ret_xml) {
1101 xmlParserCtxtPtr ctxt;
1102 xmlDoc *xml;
1103 int res;
1104 int err;
1105
1106 chunk *c;
1107
1108 UNUSED(con);
1109
1110 /* read the chunks in to the XML document */
1111 ctxt = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL);
1112
1113 for (c = cq->first; cq->bytes_out != cq->bytes_in; c = cq->first) {
1114 size_t weWant = cq->bytes_out - cq->bytes_in;
1115 size_t weHave;
1116 int mapped;
1117 void *data;
1118
1119 switch(c->type) {
1120 case FILE_CHUNK:
1121 weHave = c->file.length - c->offset;
1122
1123 if (weHave > weWant) weHave = weWant;
1124
1125 /* xml chunks are always memory, mmap() is our friend */
1126 mapped = (c->file.mmap.start != MAP_FAILED);
1127 if (mapped) {
1128 data = c->file.mmap.start + c->offset;
1129 } else {
1130 if (-1 == c->file.fd && /* open the file if not already open */
1131 -1 == (c->file.fd = fdevent_open_cloexec(c->mem->ptr, con->conf.follow_symlink, O_RDONLY, 0))) {
1132 log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno));
1133
1134 return -1;
1135 }
1136
1137 if (MAP_FAILED != (c->file.mmap.start = mmap(0, c->file.length, PROT_READ, MAP_PRIVATE, c->file.fd, 0))) {
1138 /* chunk_reset() or chunk_free() will cleanup for us */
1139 c->file.mmap.length = c->file.length;
1140 data = c->file.mmap.start + c->offset;
1141 mapped = 1;
1142 } else {
1143 ssize_t rd;
1144 if (weHave > 65536) weHave = 65536;
1145 data = malloc(weHave);
1146 force_assert(data);
1147 if (-1 == lseek(c->file.fd, c->file.start + c->offset, SEEK_SET)
1148 || 0 > (rd = read(c->file.fd, data, weHave))) {
1149 log_error_write(srv, __FILE__, __LINE__, "ssbd", "lseek/read failed: ",
1150 strerror(errno), c->mem, c->file.fd);
1151 free(data);
1152 return -1;
1153 }
1154 weHave = (size_t)rd;
1155 }
1156 }
1157
1158 if (XML_ERR_OK != (err = xmlParseChunk(ctxt, data, weHave, 0))) {
1159 log_error_write(srv, __FILE__, __LINE__, "sodd", "xmlParseChunk failed at:", cq->bytes_out, weHave, err);
1160 }
1161
1162 chunkqueue_mark_written(cq, weHave);
1163
1164 if (!mapped) free(data);
1165 break;
1166 case MEM_CHUNK:
1167 /* append to the buffer */
1168 weHave = buffer_string_length(c->mem) - c->offset;
1169
1170 if (weHave > weWant) weHave = weWant;
1171
1172 if (hctx->conf.log_xml) {
1173 log_error_write(srv, __FILE__, __LINE__, "ss", "XML-request-body:", c->mem->ptr + c->offset);
1174 }
1175
1176 if (XML_ERR_OK != (err = xmlParseChunk(ctxt, c->mem->ptr + c->offset, weHave, 0))) {
1177 log_error_write(srv, __FILE__, __LINE__, "sodd", "xmlParseChunk failed at:", cq->bytes_out, weHave, err);
1178 }
1179
1180 chunkqueue_mark_written(cq, weHave);
1181
1182 break;
1183 }
1184 }
1185
1186 switch ((err = xmlParseChunk(ctxt, 0, 0, 1))) {
1187 case XML_ERR_DOCUMENT_END:
1188 case XML_ERR_OK:
1189 break;
1190 default:
1191 log_error_write(srv, __FILE__, __LINE__, "sd", "xmlParseChunk failed at final packet:", err);
1192 break;
1193 }
1194
1195 xml = ctxt->myDoc;
1196 res = ctxt->wellFormed;
1197 xmlFreeParserCtxt(ctxt);
1198
1199 if (res == 0) {
1200 xmlFreeDoc(xml);
1201 } else {
1202 *ret_xml = xml;
1203 }
1204
1205 return res;
1206 }
1207 #endif
1208
1209 #ifdef USE_LOCKS
1210 static int webdav_lockdiscovery(connection *con, buffer *locktoken, const char *lockscope, const char *locktype, int depth) {
1211
1212 buffer *b = chunkqueue_append_buffer_open(con->write_queue);
1213
1214 http_header_response_set(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Lock-Token"), CONST_BUF_LEN(locktoken));
1215
1216 http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE,
1217 CONST_STR_LEN("Content-Type"),
1218 CONST_STR_LEN("text/xml; charset=\"utf-8\""));
1219
1220 buffer_copy_string_len(b, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"));
1221
1222 buffer_append_string_len(b,CONST_STR_LEN("<D:prop xmlns:D=\"DAV:\" xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n"));
1223 buffer_append_string_len(b,CONST_STR_LEN("<D:lockdiscovery>\n"));
1224 webdav_activelock(b, locktoken, lockscope, locktype, depth, 600);
1225 buffer_append_string_len(b,CONST_STR_LEN("</D:lockdiscovery>\n"));
1226 buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
1227
1228 chunkqueue_append_buffer_commit(con->write_queue);
1229
1230 return 0;
1231 }
1232 #endif
1233
1234 /**
1235 * check if resource is having the right locks to access to resource
1236 *
1237 *
1238 *
1239 */
1240 static int webdav_has_lock(server *srv, connection *con, handler_ctx *hctx, buffer *uri) {
1241 int has_lock = 1;
1242
1243 #ifdef USE_LOCKS
1244 buffer *vb;
1245 UNUSED(srv);
1246
1247 /**
1248 * This implementation is more fake than real
1249 * we need a parser for the If: header to really handle the full scope
1250 *
1251 * X-Litmus: locks: 11 (owner_modify)
1252 * If: <http://127.0.0.1:1025/dav/litmus/lockme> (<opaquelocktoken:2165478d-0611-49c4-be92-e790d68a38f1>)
1253 * - a tagged check:
1254 * if http://127.0.0.1:1025/dav/litmus/lockme is locked with
1255 * opaquelocktoken:2165478d-0611-49c4-be92-e790d68a38f1, go on
1256 *
1257 * X-Litmus: locks: 16 (fail_cond_put)
1258 * If: (<DAV:no-lock> ["-1622396671"])
1259 * - untagged:
1260 * go on if the resource has the etag [...] and the lock
1261 */
1262 if (NULL != (vb = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("If")))) {
1263 /* Ooh, ooh. A if tag, now the fun begins.
1264 *
1265 * this can only work with a real parser
1266 **/
1267 } else {
1268 /* we didn't provided a lock-token -> */
1269 /* if the resource is locked -> 423 */
1270
1271 sqlite3_stmt *stmt = hctx->conf.stmt_read_lock_by_uri;
1272
1273 sqlite3_reset(stmt);
1274
1275 sqlite3_bind_text(stmt, 1,
1276 CONST_BUF_LEN(uri),
1277 SQLITE_TRANSIENT);
1278
1279 while (SQLITE_ROW == sqlite3_step(stmt)) {
1280 has_lock = 0;
1281 }
1282 }
1283 #else
1284 UNUSED(srv);
1285 UNUSED(con);
1286 UNUSED(hctx);
1287 UNUSED(uri);
1288 #endif
1289
1290 return has_lock;
1291 }
1292
1293 static int mod_webdav_depth(connection *con) {
1294 buffer *b =
1295 http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Depth"));
1296 if (NULL != b && 1 == buffer_string_length(b)) {
1297 if (b->ptr[0] == '0') return 0;
1298 if (b->ptr[0] == '1') return 1;
1299 }
1300 return -1; /* (Depth: infinity) */
1301 }
1302
1303 static handler_t mod_webdav_propfind(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) {
1304 buffer *b;
1305 DIR *dir;
1306 int depth = mod_webdav_depth(con);
1307 struct stat st;
1308 buffer *prop_200;
1309 buffer *prop_404;
1310 webdav_properties *req_props;
1311 stat_cache_entry *sce = NULL;
1312
1313 /* they want to know the properties of the directory */
1314 req_props = NULL;
1315
1316 /* is there a content-body ? */
1317
1318 switch (stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
1319 case HANDLER_ERROR:
1320 if (errno == ENOENT) {
1321 con->http_status = 404;
1322 return HANDLER_FINISHED;
1323 }
1324 else if (errno == EACCES) {
1325 con->http_status = 403;
1326 return HANDLER_FINISHED;
1327 }
1328 else {
1329 con->http_status = 500;
1330 return HANDLER_FINISHED;
1331 }
1332 break;
1333 default:
1334 break;
1335 }
1336
1337 if (S_ISDIR(sce->st.st_mode) && con->physical.path->ptr[buffer_string_length(con->physical.path)-1] != '/') {
1338 http_response_redirect_to_directory(srv, con, 308);
1339 return HANDLER_FINISHED;
1340 }
1341
1342 #ifdef USE_PROPPATCH
1343 /* any special requests or just allprop ? */
1344 if (con->request.content_length) {
1345 xmlDocPtr xml;
1346
1347 if (con->state == CON_STATE_READ_POST) {
1348 handler_t r = connection_handle_read_post_state(srv, con);
1349 if (r != HANDLER_GO_ON) return r;
1350 }
1351
1352 if (1 == webdav_parse_chunkqueue(srv, con, hctx, con->request_content_queue, &xml)) {
1353 xmlNode *rootnode = xmlDocGetRootElement(xml);
1354
1355 force_assert(rootnode);
1356
1357 if (0 == xmlStrcmp(rootnode->name, BAD_CAST "propfind")) {
1358 xmlNode *cmd;
1359
1360 req_props = calloc(1, sizeof(*req_props));
1361
1362 for (cmd = rootnode->children; cmd; cmd = cmd->next) {
1363
1364 if (0 == xmlStrcmp(cmd->name, BAD_CAST "prop")) {
1365 /* get prop by name */
1366 xmlNode *prop;
1367
1368 for (prop = cmd->children; prop; prop = prop->next) {
1369 if (prop->type == XML_TEXT_NODE) continue; /* ignore WS */
1370
1371 if (prop->ns &&
1372 (0 == xmlStrcmp(prop->ns->href, BAD_CAST "")) &&
1373 (0 != xmlStrcmp(prop->ns->prefix, BAD_CAST ""))) {
1374 size_t i;
1375 log_error_write(srv, __FILE__, __LINE__, "ss",
1376 "no name space for:",
1377 prop->name);
1378
1379 xmlFreeDoc(xml);
1380
1381 for (i = 0; i < req_props->used; i++) {
1382 free(req_props->ptr[i]->ns);
1383 free(req_props->ptr[i]->prop);
1384 free(req_props->ptr[i]);
1385 }
1386 free(req_props->ptr);
1387 free(req_props);
1388
1389 con->http_status = 400;
1390 return HANDLER_FINISHED;
1391 }
1392
1393 /* add property to requested list */
1394 if (req_props->used == req_props->size) {
1395 req_props->size += 16;
1396 req_props->ptr = realloc(req_props->ptr, sizeof(*(req_props->ptr)) * req_props->size);
1397 }
1398
1399 req_props->ptr[req_props->used] = malloc(sizeof(webdav_property));
1400 req_props->ptr[req_props->used]->ns = (char *)xmlStrdup(prop->ns ? prop->ns->href : (xmlChar *)"");
1401 req_props->ptr[req_props->used]->prop = (char *)xmlStrdup(prop->name);
1402 req_props->used++;
1403 }
1404 } else if (0 == xmlStrcmp(cmd->name, BAD_CAST "propname")) {
1405 sqlite3_stmt *stmt = p->conf.stmt_select_propnames;
1406
1407 if (stmt) {
1408 /* get all property names (EMPTY) */
1409 sqlite3_reset(stmt);
1410 /* bind the values to the insert */
1411
1412 sqlite3_bind_text(stmt, 1,
1413 CONST_BUF_LEN(con->uri.path),
1414 SQLITE_TRANSIENT);
1415
1416 if (SQLITE_DONE != sqlite3_step(stmt)) {
1417 }
1418 }
1419 } else if (0 == xmlStrcmp(cmd->name, BAD_CAST "allprop")) {
1420 /* get all properties (EMPTY) */
1421 }
1422 }
1423 }
1424
1425 xmlFreeDoc(xml);
1426 } else {
1427 con->http_status = 400;
1428 return HANDLER_FINISHED;
1429 }
1430 }
1431 #endif
1432 con->http_status = 207;
1433
1434 http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/xml; charset=\"utf-8\""));
1435
1436 b = chunkqueue_append_buffer_open(con->write_queue);
1437
1438 buffer_copy_string_len(b, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"));
1439
1440 buffer_append_string_len(b,CONST_STR_LEN("<D:multistatus xmlns:D=\"DAV:\" xmlns:ns0=\"urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/\">\n"));
1441
1442 /* allprop */
1443
1444 prop_200 = buffer_init();
1445 prop_404 = buffer_init();
1446
1447 {
1448 /* Depth: 0 or Depth: 1 */
1449 webdav_get_props(srv, con, hctx, &(con->physical), req_props, prop_200, prop_404);
1450
1451 buffer_append_string_len(b,CONST_STR_LEN("<D:response>\n"));
1452 buffer_append_string_len(b,CONST_STR_LEN("<D:href>"));
1453 buffer_append_string_buffer(b, con->uri.scheme);
1454 buffer_append_string_len(b,CONST_STR_LEN("://"));
1455 buffer_append_string_buffer(b, con->uri.authority);
1456 buffer_append_string_encoded(b, CONST_BUF_LEN(con->uri.path), ENCODING_REL_URI);
1457 buffer_append_string_len(b,CONST_STR_LEN("</D:href>\n"));
1458
1459 if (!buffer_string_is_empty(prop_200)) {
1460 buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
1461 buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
1462
1463 buffer_append_string_buffer(b, prop_200);
1464
1465 buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
1466
1467 buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 200 OK</D:status>\n"));
1468
1469 buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
1470 }
1471 if (!buffer_string_is_empty(prop_404)) {
1472 buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
1473 buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
1474
1475 buffer_append_string_buffer(b, prop_404);
1476
1477 buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
1478
1479 buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 404 Not Found</D:status>\n"));
1480
1481 buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
1482 }
1483
1484 buffer_append_string_len(b,CONST_STR_LEN("</D:response>\n"));
1485 }
1486
1487 if (depth == 1) {
1488
1489 if (NULL != (dir = opendir(con->physical.path->ptr))) {
1490 struct dirent *de;
1491 physical d;
1492 physical *dst = &(con->physical);
1493
1494 d.path = buffer_init();
1495 d.rel_path = buffer_init();
1496
1497 while(NULL != (de = readdir(dir))) {
1498 size_t nlen;
1499 if (de->d_name[0] == '.' && (de->d_name[1] == '\0' || (de->d_name[1] == '.' && de->d_name[2] == '\0'))) {
1500 continue;
1501 /* ignore the parent and target dir */
1502 }
1503
1504 nlen = strlen(de->d_name);
1505 buffer_copy_buffer(d.path, dst->path);
1506 buffer_append_path_len(d.path, de->d_name, nlen);
1507
1508 buffer_copy_buffer(d.rel_path, dst->rel_path);
1509 buffer_append_path_len(d.rel_path, de->d_name, nlen);
1510
1511 buffer_clear(prop_200);
1512 buffer_clear(prop_404);
1513
1514 webdav_get_props(srv, con, hctx, &d, req_props, prop_200, prop_404);
1515
1516 buffer_append_string_len(b,CONST_STR_LEN("<D:response>\n"));
1517 buffer_append_string_len(b,CONST_STR_LEN("<D:href>"));
1518 buffer_append_string_buffer(b, con->uri.scheme);
1519 buffer_append_string_len(b,CONST_STR_LEN("://"));
1520 buffer_append_string_buffer(b, con->uri.authority);
1521 buffer_append_string_encoded(b, CONST_BUF_LEN(d.rel_path), ENCODING_REL_URI);
1522 if (0 == stat(d.path->ptr, &st) && S_ISDIR(st.st_mode)) {
1523 /* Append a '/' on subdirectories */
1524 buffer_append_string_len(b,CONST_STR_LEN("/"));
1525 }
1526 buffer_append_string_len(b,CONST_STR_LEN("</D:href>\n"));
1527
1528 if (!buffer_string_is_empty(prop_200)) {
1529 buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
1530 buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
1531
1532 buffer_append_string_buffer(b, prop_200);
1533
1534 buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
1535
1536 buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 200 OK</D:status>\n"));
1537
1538 buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
1539 }
1540 if (!buffer_string_is_empty(prop_404)) {
1541 buffer_append_string_len(b,CONST_STR_LEN("<D:propstat>\n"));
1542 buffer_append_string_len(b,CONST_STR_LEN("<D:prop>\n"));
1543
1544 buffer_append_string_buffer(b, prop_404);
1545
1546 buffer_append_string_len(b,CONST_STR_LEN("</D:prop>\n"));
1547
1548 buffer_append_string_len(b,CONST_STR_LEN("<D:status>HTTP/1.1 404 Not Found</D:status>\n"));
1549
1550 buffer_append_string_len(b,CONST_STR_LEN("</D:propstat>\n"));
1551 }
1552
1553 buffer_append_string_len(b,CONST_STR_LEN("</D:response>\n"));
1554 }
1555 closedir(dir);
1556 buffer_free(d.path);
1557 buffer_free(d.rel_path);
1558 }
1559
1560 }
1561
1562 if (req_props) {
1563 size_t i;
1564 for (i = 0; i < req_props->used; i++) {
1565 free(req_props->ptr[i]->ns);
1566 free(req_props->ptr[i]->prop);
1567 free(req_props->ptr[i]);
1568 }
1569 free(req_props->ptr);
1570 free(req_props);
1571 }
1572
1573 buffer_free(prop_200);
1574 buffer_free(prop_404);
1575
1576 buffer_append_string_len(b,CONST_STR_LEN("</D:multistatus>\n"));
1577
1578 if (p->conf.log_xml) {
1579 log_error_write(srv, __FILE__, __LINE__, "sb", "XML-response-body:", b);
1580 }
1581
1582 chunkqueue_append_buffer_commit(con->write_queue);
1583
1584 con->file_finished = 1;
1585
1586 return HANDLER_FINISHED;
1587 }
1588
1589 static handler_t mod_webdav_mkcol(connection *con, plugin_data *p) {
1590 if (p->conf.is_readonly) {
1591 con->http_status = 403;
1592 return HANDLER_FINISHED;
1593 }
1594
1595 if (con->request.content_length != 0) {
1596 /* we don't support MKCOL with a body */
1597 con->http_status = 415;
1598
1599 return HANDLER_FINISHED;
1600 }
1601
1602 /* let's create the directory */
1603
1604 if (-1 == mkdir(con->physical.path->ptr, WEBDAV_DIR_MODE)) {
1605 switch(errno) {
1606 case EPERM:
1607 con->http_status = 403;
1608 break;
1609 case ENOENT:
1610 case ENOTDIR:
1611 con->http_status = 409;
1612 break;
1613 case EEXIST:
1614 default:
1615 con->http_status = 405; /* not allowed */
1616 break;
1617 }
1618 } else {
1619 con->http_status = 201;
1620 con->file_finished = 1;
1621 }
1622
1623 return HANDLER_FINISHED;
1624 }
1625
1626 static handler_t mod_webdav_delete(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) {
1627 struct stat st;
1628
1629 if (p->conf.is_readonly) {
1630 con->http_status = 403;
1631 return HANDLER_FINISHED;
1632 }
1633
1634 /* does the client have a lock for this connection ? */
1635 if (!webdav_has_lock(srv, con, hctx, con->uri.path)) {
1636 con->http_status = 423;
1637 return HANDLER_FINISHED;
1638 }
1639
1640 /* stat and unlink afterwards */
1641 if (-1 == stat(con->physical.path->ptr, &st)) {
1642 /* don't about it yet, unlink will fail too */
1643 switch(errno) {
1644 case ENOENT:
1645 con->http_status = 404;
1646 break;
1647 default:
1648 con->http_status = 403;
1649 break;
1650 }
1651 } else if (S_ISDIR(st.st_mode)) {
1652 buffer *multi_status_resp;
1653
1654 if (con->physical.path->ptr[buffer_string_length(con->physical.path)-1] != '/') {
1655 http_response_redirect_to_directory(srv, con, 308);
1656 return HANDLER_FINISHED;
1657 }
1658
1659 multi_status_resp = buffer_init();
1660
1661 if (webdav_delete_dir(srv, con, hctx, &(con->physical), multi_status_resp)) {
1662 /* we got an error somewhere in between, build a 207 */
1663 buffer *b;
1664 http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/xml; charset=\"utf-8\""));
1665
1666 b = chunkqueue_append_buffer_open(con->write_queue);
1667
1668 buffer_copy_string_len(b, CONST_STR_LEN("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"));
1669
1670 buffer_append_string_len(b,CONST_STR_LEN("<D:multistatus xmlns:D=\"DAV:\">\n"));
1671
1672 buffer_append_string_buffer(b, multi_status_resp);
1673
1674 buffer_append_string_len(b,CONST_STR_LEN("</D:multistatus>\n"));
1675
1676 if (p->conf.log_xml) {
1677 log_error_write(srv, __FILE__, __LINE__, "sb", "XML-response-body:", b);
1678 }
1679
1680 chunkqueue_append_buffer_commit(con->write_queue);
1681
1682 con->http_status = 207;
1683 con->file_finished = 1;
1684 } else {
1685 /* everything went fine, remove the directory */
1686
1687 if (-1 == rmdir(con->physical.path->ptr)) {
1688 switch(errno) {
1689 case EPERM:
1690 con->http_status = 403;
1691 break;
1692 case ENOENT:
1693 con->http_status = 404;
1694 break;
1695 default:
1696 con->http_status = 501;
1697 break;
1698 }
1699 } else {
1700 con->http_status = 204;
1701 }
1702 }
1703
1704 buffer_free(multi_status_resp);
1705 } else if (-1 == unlink(con->physical.path->ptr)) {
1706 switch(errno) {
1707 case EPERM:
1708 con->http_status = 403;
1709 break;
1710 case ENOENT:
1711 con->http_status = 404;
1712 break;
1713 default:
1714 con->http_status = 501;
1715 break;
1716 }
1717 } else {
1718 con->http_status = 204;
1719 }
1720 return HANDLER_FINISHED;
1721 }
1722
1723 static handler_t mod_webdav_put(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) {
1724 buffer *b;
1725 int fd;
1726 chunkqueue *cq = con->request_content_queue;
1727 chunk *c;
1728
1729 if (p->conf.is_readonly) {
1730 con->http_status = 403;
1731 return HANDLER_FINISHED;
1732 }
1733
1734 /* is a exclusive lock set on the source */
1735 /* (check for lock once before potentially reading large input) */
1736 if (0 == cq->bytes_in && !webdav_has_lock(srv, con, hctx, con->uri.path)) {
1737 con->http_status = 423;
1738 return HANDLER_FINISHED;
1739 }
1740
1741 if (con->state == CON_STATE_READ_POST) {
1742 handler_t r = connection_handle_read_post_state(srv, con);
1743 if (r != HANDLER_GO_ON) return r;
1744 }
1745
1746 /* RFC2616 Section 9.6 PUT requires us to send 501 on all Content-* we don't support
1747 * - most important Content-Range
1748 *
1749 *
1750 * Example: Content-Range: bytes 100-1037/1038 */
1751
1752 if (NULL != (b = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Content-Range")))) {
1753 const char *num = b->ptr;
1754 off_t offset;
1755 char *err = NULL;
1756
1757 if (0 != strncmp(num, "bytes ", 6)) {
1758 con->http_status = 501; /* not implemented */
1759
1760 return HANDLER_FINISHED;
1761 }
1762
1763 /* we only support <num>- ... */
1764
1765 num += 6;
1766
1767 /* skip WS */
1768 while (*num == ' ' || *num == '\t') num++;
1769
1770 if (*num == '\0') {
1771 con->http_status = 501; /* not implemented */
1772
1773 return HANDLER_FINISHED;
1774 }
1775
1776 offset = strtoll(num, &err, 10);
1777
1778 if (*err != '-' || offset < 0) {
1779 con->http_status = 501; /* not implemented */
1780
1781 return HANDLER_FINISHED;
1782 }
1783
1784 if (-1 == (fd = open(con->physical.path->ptr, O_WRONLY, WEBDAV_FILE_MODE))) {
1785 switch (errno) {
1786 case ENOENT:
1787 con->http_status = 404; /* not found */
1788 break;
1789 default:
1790 con->http_status = 403; /* not found */
1791 break;
1792 }
1793 return HANDLER_FINISHED;
1794 }
1795
1796 if (-1 == lseek(fd, offset, SEEK_SET)) {
1797 con->http_status = 501; /* not implemented */
1798
1799 close(fd);
1800
1801 return HANDLER_FINISHED;
1802 }
1803 con->http_status = 200; /* modified */
1804 } else {
1805 /* take what we have in the request-body and write it to a file */
1806
1807 /* if the file doesn't exist, create it */
1808 if (-1 == (fd = open(con->physical.path->ptr, O_WRONLY|O_TRUNC, WEBDAV_FILE_MODE))) {
1809 if (errno != ENOENT ||
1810 -1 == (fd = open(con->physical.path->ptr, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, WEBDAV_FILE_MODE))) {
1811 /* we can't open the file */
1812 con->http_status = 403;
1813
1814 return HANDLER_FINISHED;
1815 } else {
1816 con->http_status = 201; /* created */
1817 }
1818 } else {
1819 con->http_status = 200; /* modified */
1820 }
1821 }
1822
1823 con->file_finished = 1;
1824
1825 for (c = cq->first; c; c = cq->first) {
1826 int r = 0;
1827 int mapped;
1828 void *data;
1829 size_t dlen;
1830
1831 /* copy all chunks */
1832 switch(c->type) {
1833 case FILE_CHUNK:
1834
1835 mapped = (c->file.mmap.start != MAP_FAILED);
1836 dlen = c->file.length - c->offset;
1837 if (mapped) {
1838 data = c->file.mmap.start + c->offset;
1839 } else {
1840 if (-1 == c->file.fd && /* open the file if not already open */
1841 -1 == (c->file.fd = fdevent_open_cloexec(c->mem->ptr, con->conf.follow_symlink, O_RDONLY, 0))) {
1842 log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno));
1843 close(fd);
1844 return HANDLER_ERROR;
1845 }
1846
1847 if (MAP_FAILED != (c->file.mmap.start = mmap(NULL, c->file.length, PROT_READ, MAP_PRIVATE, c->file.fd, 0))) {
1848 /* chunk_reset() or chunk_free() will cleanup for us */
1849 c->file.mmap.length = c->file.length;
1850 data = c->file.mmap.start + c->offset;
1851 mapped = 1;
1852 } else {
1853 ssize_t rd;
1854 if (dlen > 65536) dlen = 65536;
1855 data = malloc(dlen);
1856 force_assert(data);
1857 if (-1 == lseek(c->file.fd, c->file.start + c->offset, SEEK_SET)
1858 || 0 > (rd = read(c->file.fd, data, dlen))) {
1859 log_error_write(srv, __FILE__, __LINE__, "ssbd", "lseek/read failed: ",
1860 strerror(errno), c->mem, c->file.fd);
1861 free(data);
1862 close(fd);
1863 return HANDLER_ERROR;
1864 }
1865 dlen = (size_t)rd;
1866 }
1867
1868 }
1869
1870 if ((r = write(fd, data, dlen)) < 0) {
1871 switch(errno) {
1872 case ENOSPC:
1873 con->http_status = 507;
1874
1875 break;
1876 default:
1877 con->http_status = 403;
1878 break;
1879 }
1880 }
1881
1882 if (!mapped) free(data);
1883 break;
1884 case MEM_CHUNK:
1885 if ((r = write(fd, c->mem->ptr + c->offset, buffer_string_length(c->mem) - c->offset)) < 0) {
1886 switch(errno) {
1887 case ENOSPC:
1888 con->http_status = 507;
1889
1890 break;
1891 default:
1892 con->http_status = 403;
1893 break;
1894 }
1895 }
1896 break;
1897 }
1898
1899 if (r > 0) {
1900 chunkqueue_mark_written(cq, r);
1901 } else {
1902 break;
1903 }
1904 }
1905 if (0 != close(fd)) {
1906 log_error_write(srv, __FILE__, __LINE__, "sbss",
1907 "close ", con->physical.path, "failed: ", strerror(errno));
1908 return HANDLER_ERROR;
1909 }
1910
1911 return HANDLER_FINISHED;
1912 }
1913
1914 static handler_t mod_webdav_copymove(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) {
1915 buffer *b;
1916 struct stat st;
1917 buffer *destination = NULL;
1918 char *sep, *sep2, *start;
1919 int overwrite = 1;
1920
1921 if (p->conf.is_readonly) {
1922 con->http_status = 403;
1923 return HANDLER_FINISHED;
1924 }
1925
1926 /* is a exclusive lock set on the source */
1927 if (con->request.http_method == HTTP_METHOD_MOVE) {
1928 if (!webdav_has_lock(srv, con, hctx, con->uri.path)) {
1929 con->http_status = 423;
1930 return HANDLER_FINISHED;
1931 }
1932 }
1933
1934 if (NULL == (destination = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Destination")))) {
1935 con->http_status = 400;
1936 return HANDLER_FINISHED;
1937 }
1938
1939 if (NULL != (b = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Overwrite")))) {
1940 if (buffer_string_length(b) != 1 ||
1941 (b->ptr[0] != 'F' &&
1942 b->ptr[0] != 'T') ) {
1943 con->http_status = 400;
1944 return HANDLER_FINISHED;
1945 }
1946 overwrite = (b->ptr[0] == 'F' ? 0 : 1);
1947 }
1948 /* let's parse the Destination
1949 *
1950 * http://127.0.0.1:1025/dav/litmus/copydest
1951 *
1952 * - host has to be the same as the Host: header we got
1953 * - we have to stay inside the document root
1954 * - the query string is thrown away
1955 * */
1956
1957 start = destination->ptr;
1958 sep = start + buffer_string_length(con->uri.scheme);
1959
1960 if (0 != strncmp(start, con->uri.scheme->ptr, sep - start)
1961 || sep[0] != ':' || sep[1] != '/' || sep[2] != '/') {
1962 con->http_status = 400;
1963 return HANDLER_FINISHED;
1964 }
1965 buffer_copy_buffer(p->uri.scheme, con->uri.scheme); /*(unused?)*/
1966
1967 start = sep + 3;
1968
1969 if (NULL == (sep = strchr(start, '/'))) {
1970 con->http_status = 400;
1971 return HANDLER_FINISHED;
1972 }
1973 if (NULL != (sep2 = memchr(start, '@', sep - start))) {
1974 /* skip login information */
1975 start = sep2 + 1;
1976 }
1977 buffer_copy_string_len(p->uri.authority, start, sep - start);
1978
1979 start = sep + 1;
1980
1981 if (NULL == (sep = strchr(start, '?'))) {
1982 /* no query string, good */
1983 buffer_copy_string(p->uri.path, start);
1984 } else {
1985 buffer_copy_string_len(p->uri.path, start, sep - start);
1986 }
1987
1988 if (!buffer_is_equal(p->uri.authority, con->uri.authority)) {
1989 /* not the same host */
1990 con->http_status = 502;
1991 return HANDLER_FINISHED;
1992 }
1993
1994 buffer_urldecode_path(p->uri.path);
1995 if (!buffer_is_valid_UTF8(p->uri.path)) {
1996 /* invalid UTF-8 after url-decode */
1997 con->http_status = 400;
1998 return HANDLER_FINISHED;
1999 }
2000 buffer_path_simplify(p->uri.path, p->uri.path);
2001
2002 if (buffer_string_is_empty(p->uri.path) || p->uri.path->ptr[0] != '/') {
2003 con->http_status = 400;
2004 return HANDLER_FINISHED;
2005 }
2006
2007 /* we now have a URI which is clean. transform it into a physical path */
2008 buffer_copy_buffer(p->physical.doc_root, con->physical.doc_root);
2009 buffer_copy_buffer(p->physical.rel_path, p->uri.path);
2010
2011 if (con->conf.force_lowercase_filenames) {
2012 buffer_to_lower(p->physical.rel_path);
2013 }
2014
2015 /* Destination physical path
2016 * src con->physical.path might have been remapped with mod_alias.
2017 * (but mod_alias does not modify con->physical.rel_path)
2018 * Find matching prefix to support use of mod_alias to remap webdav root.
2019 * Aliasing of paths underneath the webdav root might not work.
2020 * Likewise, mod_rewrite URL rewriting might thwart this comparison.
2021 * Use mod_redirect instead of mod_alias to remap paths *under* webdav root.
2022 * Use mod_redirect instead of mod_rewrite on *any* parts of path to webdav.
2023 * (Related, use mod_auth to protect webdav root, but avoid attempting to
2024 * use mod_auth on paths underneath webdav root, as Destination is not
2025 * validated with mod_auth)
2026 *
2027 * tl;dr: webdav paths and webdav properties are managed by mod_webdav,
2028 * so do not modify paths externally or else undefined behavior
2029 * or corruption may occur
2030 */
2031 {
2032 /* find matching URI prefix
2033 * check if remaining con->physical.rel_path matches suffix
2034 * of con->physical.basedir so that we can use it to
2035 * remap Destination physical path */
2036 size_t i, remain;
2037 sep = con->uri.path->ptr;
2038 sep2 = p->uri.path->ptr;
2039 for (i = 0; sep[i] && sep[i] == sep2[i]; ++i) ;
2040 if (sep[i] == '\0' && (sep2[i] == '\0' || sep2[i] == '/' || (i > 0 && sep[i-1] == '/'))) {
2041 /* src and dst URI match or dst is nested inside src; invalid COPY or MOVE */
2042 con->http_status = 403;
2043 return HANDLER_FINISHED;
2044 }
2045 while (i != 0 && sep[--i] != '/') ; /* find matching directory path */
2046 remain = buffer_string_length(con->uri.path) - i;
2047 if (!con->conf.force_lowercase_filenames
2048 ? buffer_is_equal_right_len(con->physical.path, con->physical.rel_path, remain)
2049 :(buffer_string_length(con->physical.path) >= remain
2050 && 0 == strncasecmp(con->physical.path->ptr+buffer_string_length(con->physical.path)-remain, con->physical.rel_path->ptr+i, remain))) {
2051 /* (at this point, p->physical.rel_path is identical to (or lowercased version of) p->uri.path) */
2052 buffer_copy_string_len(p->physical.path, con->physical.path->ptr, buffer_string_length(con->physical.path)-remain);
2053 buffer_append_string_len(p->physical.path, p->physical.rel_path->ptr+i, buffer_string_length(p->physical.rel_path)-i);
2054
2055 buffer_copy_buffer(p->physical.basedir, con->physical.basedir);
2056 buffer_append_slash(p->physical.basedir);
2057 } else {
2058 /* unable to perform physical path remap here;
2059 * assume doc_root/rel_path and no remapping */
2060 buffer_copy_buffer(p->physical.path, p->physical.doc_root);
2061 buffer_append_slash(p->physical.path);
2062 buffer_copy_buffer(p->physical.basedir, p->physical.path);
2063 buffer_append_path_len(p->physical.path, CONST_BUF_LEN(p->physical.rel_path));
2064 }
2065 }
2066
2067 /* let's see if the source is a directory
2068 * if yes, we fail with 501 */
2069
2070 if (-1 == stat(con->physical.path->ptr, &st)) {
2071 /* don't about it yet, unlink will fail too */
2072 switch(errno) {
2073 case ENOENT:
2074 con->http_status = 404;
2075 break;
2076 default:
2077 con->http_status = 403;
2078 break;
2079 }
2080 } else if (S_ISDIR(st.st_mode)) {
2081 int r;
2082 int created = 0;
2083 /* src is a directory */
2084
2085 if (con->physical.path->ptr[buffer_string_length(con->physical.path)-1] != '/') {
2086 http_response_redirect_to_directory(srv, con, 308);
2087 return HANDLER_FINISHED;
2088 }
2089
2090 if (-1 == stat(p->physical.path->ptr, &st)) {
2091 if (-1 == mkdir(p->physical.path->ptr, WEBDAV_DIR_MODE)) {
2092 con->http_status = 403;
2093 return HANDLER_FINISHED;
2094 }
2095 created = 1;
2096 } else if (!S_ISDIR(st.st_mode)) {
2097 if (overwrite == 0) {
2098 /* copying into a non-dir ? */
2099 con->http_status = 409;
2100 return HANDLER_FINISHED;
2101 } else {
2102 unlink(p->physical.path->ptr);
2103 if (-1 == mkdir(p->physical.path->ptr, WEBDAV_DIR_MODE)) {
2104 con->http_status = 403;
2105 return HANDLER_FINISHED;
2106 }
2107 created = 1;
2108 }
2109 }
2110
2111 /* copy the content of src to dest */
2112 if (0 != (r = webdav_copy_dir(srv, con, hctx, &(con->physical), &(p->physical), overwrite))) {
2113 con->http_status = r;
2114 return HANDLER_FINISHED;
2115 }
2116 if (con->request.http_method == HTTP_METHOD_MOVE) {
2117 b = buffer_init();
2118 webdav_delete_dir(srv, con, hctx, &(con->physical), b); /* content */
2119 buffer_free(b);
2120
2121 rmdir(con->physical.path->ptr);
2122 }
2123 con->http_status = created ? 201 : 204;
2124 con->file_finished = 1;
2125 } else {
2126 /* it is just a file, good */
2127 int r;
2128 int destdir = 0;
2129
2130 /* does the client have a lock for this connection ? */
2131 if (!webdav_has_lock(srv, con, hctx, p->uri.path)) {
2132 con->http_status = 423;
2133 return HANDLER_FINISHED;
2134 }
2135
2136 /* destination exists */
2137 if (0 == (r = stat(p->physical.path->ptr, &st))) {
2138 if (S_ISDIR(st.st_mode)) {
2139 /* file to dir/
2140 * append basename to physical path */
2141 destdir = 1;
2142
2143 if (NULL != (sep = strrchr(con->physical.path->ptr, '/'))) {
2144 buffer_append_string(p->physical.path, sep);
2145 r = stat(p->physical.path->ptr, &st);
2146 }
2147 }
2148 }
2149
2150 if (-1 == r) {
2151 con->http_status = destdir ? 204 : 201; /* we will create a new one */
2152 con->file_finished = 1;
2153
2154 switch(errno) {
2155 case ENOTDIR:
2156 con->http_status = 409;
2157 return HANDLER_FINISHED;
2158 }
2159 } else if (overwrite == 0) {
2160 /* destination exists, but overwrite is not set */
2161 con->http_status = 412;
2162 return HANDLER_FINISHED;
2163 } else {
2164 con->http_status = 204; /* resource already existed */
2165 }
2166
2167 if (con->request.http_method == HTTP_METHOD_MOVE) {
2168 /* try a rename */
2169
2170 if (0 == rename(con->physical.path->ptr, p->physical.path->ptr)) {
2171 #ifdef USE_PROPPATCH
2172 sqlite3_stmt *stmt;
2173
2174 stmt = p->conf.stmt_move_uri;
2175 if (stmt) {
2176
2177 sqlite3_reset(stmt);
2178
2179 /* bind the values to the insert */
2180 sqlite3_bind_text(stmt, 1,
2181 CONST_BUF_LEN(p->uri.path),
2182 SQLITE_TRANSIENT);
2183
2184 sqlite3_bind_text(stmt, 2,
2185 CONST_BUF_LEN(con->uri.path),
2186 SQLITE_TRANSIENT);
2187
2188 if (SQLITE_DONE != sqlite3_step(stmt)) {
2189 log_error_write(srv, __FILE__, __LINE__, "ss", "sql-move failed:", sqlite3_errmsg(p->conf.sql));
2190 }
2191 }
2192 #endif
2193 return HANDLER_FINISHED;
2194 }
2195
2196 /* rename failed, fall back to COPY + DELETE */
2197 }
2198
2199 if (0 != (r = webdav_copy_file(srv, con, hctx, &(con->physical), &(p->physical), overwrite))) {
2200 con->http_status = r;
2201
2202 return HANDLER_FINISHED;
2203 }
2204
2205 if (con->request.http_method == HTTP_METHOD_MOVE) {
2206 b = buffer_init();
2207 webdav_delete_file(srv, con, hctx, &(con->physical), b);
2208 buffer_free(b);
2209 }
2210 }
2211
2212 return HANDLER_FINISHED;
2213 }
2214
2215 static handler_t mod_webdav_proppatch(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) {
2216 struct stat st;
2217 if (p->conf.is_readonly) {
2218 con->http_status = 403;
2219 return HANDLER_FINISHED;
2220 }
2221
2222 if (!webdav_has_lock(srv, con, hctx, con->uri.path)) {
2223 con->http_status = 423;
2224 return HANDLER_FINISHED;
2225 }
2226
2227 /* check if destination exists */
2228 if (-1 == stat(con->physical.path->ptr, &st)) {
2229 switch(errno) {
2230 case ENOENT:
2231 con->http_status = 404;
2232 break;
2233 default:
2234 con->http_status = 403;
2235 break;
2236 }
2237 return HANDLER_FINISHED;
2238 }
2239
2240 if (S_ISDIR(st.st_mode) && con->physical.path->ptr[buffer_string_length(con->physical.path)-1] != '/') {
2241 http_response_redirect_to_directory(srv, con, 308);
2242 return HANDLER_FINISHED;
2243 }
2244
2245 #ifdef USE_PROPPATCH
2246 if (con->request.content_length) {
2247 xmlDocPtr xml;
2248
2249 if (con->state == CON_STATE_READ_POST) {
2250 handler_t r = connection_handle_read_post_state(srv, con);
2251 if (r != HANDLER_GO_ON) return r;
2252 }
2253
2254 if (1 == webdav_parse_chunkqueue(srv, con, hctx, con->request_content_queue, &xml)) {
2255 xmlNode *rootnode = xmlDocGetRootElement(xml);
2256
2257 if (0 == xmlStrcmp(rootnode->name, BAD_CAST "propertyupdate")) {
2258 xmlNode *cmd;
2259 char *err = NULL;
2260 int empty_ns = 0; /* send 400 on a empty namespace attribute */
2261
2262 /* start response */
2263
2264 if (SQLITE_OK != sqlite3_exec(p->conf.sql, "BEGIN TRANSACTION", NULL, NULL, &err)) {
2265 log_error_write(srv, __FILE__, __LINE__, "ss", "can't open transaction:", err);
2266 sqlite3_free(err);
2267
2268 goto propmatch_cleanup;
2269 }
2270
2271 /* a UPDATE request, we know 'set' and 'remove' */
2272 for (cmd = rootnode->children; cmd; cmd = cmd->next) {
2273 xmlNode *props;
2274 /* either set or remove */
2275
2276 if ((0 == xmlStrcmp(cmd->name, BAD_CAST "set")) ||
2277 (0 == xmlStrcmp(cmd->name, BAD_CAST "remove"))) {
2278
2279 sqlite3_stmt *stmt;
2280
2281 stmt = (0 == xmlStrcmp(cmd->name, BAD_CAST "remove")) ?
2282 p->conf.stmt_delete_prop : p->conf.stmt_update_prop;
2283
2284 for (props = cmd->children; props; props = props->next) {
2285 if (0 == xmlStrcmp(props->name, BAD_CAST "prop")) {
2286 xmlNode *prop;
2287 char *propval = NULL;
2288 int r;
2289
2290 prop = props->children;
2291
2292 if (prop->ns &&
2293 (0 == xmlStrcmp(prop->ns->href, BAD_CAST "")) &&
2294 (0 != xmlStrcmp(prop->ns->prefix, BAD_CAST ""))) {
2295 log_error_write(srv, __FILE__, __LINE__, "ss",
2296 "no name space for:",
2297 prop->name);
2298
2299 empty_ns = 1;
2300 break;
2301 }
2302
2303 sqlite3_reset(stmt);
2304
2305 /* bind the values to the insert */
2306
2307 sqlite3_bind_text(stmt, 1,
2308 CONST_BUF_LEN(con->uri.path),
2309 SQLITE_TRANSIENT);
2310 sqlite3_bind_text(stmt, 2,
2311 (char *)prop->name,
2312 strlen((char *)prop->name),
2313 SQLITE_TRANSIENT);
2314 if (prop->ns) {
2315 sqlite3_bind_text(stmt, 3,
2316 (char *)prop->ns->href,
2317 strlen((char *)prop->ns->href),
2318 SQLITE_TRANSIENT);
2319 } else {
2320 sqlite3_bind_text(stmt, 3,
2321 "",
2322 0,
2323 SQLITE_TRANSIENT);
2324 }
2325 if (stmt == p->conf.stmt_update_prop) {
2326 propval = prop->children
2327 ? (char *)xmlNodeListGetString(xml, prop->children, 0)
2328 : NULL;
2329
2330 sqlite3_bind_text(stmt, 4,
2331 propval ? propval : "",
2332 propval ? strlen(propval) : 0,
2333 SQLITE_TRANSIENT);
2334 }
2335
2336 if (SQLITE_DONE != (r = sqlite3_step(stmt))) {
2337 log_error_write(srv, __FILE__, __LINE__, "ss",
2338 "sql-set failed:", sqlite3_errmsg(p->conf.sql));
2339 }
2340
2341 if (propval) xmlFree(propval);
2342 }
2343 }
2344 if (empty_ns) break;
2345 }
2346 }
2347
2348 if (empty_ns) {
2349 if (SQLITE_OK != sqlite3_exec(p->conf.sql, "ROLLBACK", NULL, NULL, &err)) {
2350 log_error_write(srv, __FILE__, __LINE__, "ss", "can't rollback transaction:", err);
2351 sqlite3_free(err);
2352
2353 goto propmatch_cleanup;
2354 }
2355
2356 con->http_status = 400;
2357 } else {
2358 if (SQLITE_OK != sqlite3_exec(p->conf.sql, "COMMIT", NULL, NULL, &err)) {
2359 log_error_write(srv, __FILE__, __LINE__, "ss", "can't commit transaction:", err);
2360 sqlite3_free(err);
2361
2362 goto propmatch_cleanup;
2363 }
2364 con->http_status = 200;
2365 }
2366 con->file_finished = 1;
2367
2368 xmlFreeDoc(xml);
2369 return HANDLER_FINISHED;
2370 }
2371
2372 propmatch_cleanup:
2373
2374 xmlFreeDoc(xml);
2375 } else {
2376 con->http_status = 400;
2377 return HANDLER_FINISHED;
2378 }
2379 }
2380 #endif
2381 con->http_status = 501;
2382 return HANDLER_FINISHED;
2383 }
2384
2385 #ifdef USE_LOCKS
2386 static handler_t mod_webdav_lock(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) {
2387 /**
2388 * a mac wants to write
2389 *
2390 * LOCK /dav/expire.txt HTTP/1.1\r\n
2391 * User-Agent: WebDAVFS/1.3 (01308000) Darwin/8.1.0 (Power Macintosh)\r\n
2392 * Accept: * / *\r\n
2393 * Depth: 0\r\n
2394 * Timeout: Second-600\r\n
2395 * Content-Type: text/xml; charset=\"utf-8\"\r\n
2396 * Content-Length: 229\r\n
2397 * Connection: keep-alive\r\n
2398 * Host: 192.168.178.23:1025\r\n
2399 * \r\n
2400 * <?xml version=\"1.0\" encoding=\"utf-8\"?>\n
2401 * <D:lockinfo xmlns:D=\"DAV:\">\n
2402 * <D:lockscope><D:exclusive/></D:lockscope>\n
2403 * <D:locktype><D:write/></D:locktype>\n
2404 * <D:owner>\n
2405 * <D:href>http://www.apple.com/webdav_fs/</D:href>\n
2406 * </D:owner>\n
2407 * </D:lockinfo>\n
2408 */
2409
2410 int depth = mod_webdav_depth(con);
2411 if (depth != 0 && depth != -1) {
2412 con->http_status = 400;
2413
2414 return HANDLER_FINISHED;
2415 }
2416
2417 if (con->request.content_length) {
2418 xmlDocPtr xml;
2419 buffer *hdr_if = NULL;
2420 int created = 0;
2421 struct stat st;
2422
2423 if (con->state == CON_STATE_READ_POST) {
2424 handler_t r = connection_handle_read_post_state(srv, con);
2425 if (r != HANDLER_GO_ON) return r;
2426 }
2427
2428 hdr_if = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("If"));
2429
2430 if (0 != stat(con->physical.path->ptr, &st)) {
2431 if (errno == ENOENT) {
2432 int fd = open(con->physical.path->ptr, O_WRONLY|O_CREAT|O_APPEND|O_BINARY|FIFO_NONBLOCK, WEBDAV_FILE_MODE);
2433 if (fd >= 0) {
2434 close(fd);
2435 created = 1;
2436 } else {
2437 log_error_write(srv, __FILE__, __LINE__, "sBss",
2438 "create file", con->physical.path, ":", strerror(errno));
2439 con->http_status = 403; /* Forbidden */
2440
2441 return HANDLER_FINISHED;
2442 }
2443 }
2444 else {
2445 log_error_write(srv, __FILE__, __LINE__, "sBss",
2446 "stat", con->physical.path, ":", strerror(errno));
2447 con->http_status = 403; /* Forbidden */
2448 return HANDLER_FINISHED;
2449 }
2450 } else if (hdr_if == NULL && depth == -1) {
2451 /* we don't support Depth: Infinity on directories */
2452 if (S_ISDIR(st.st_mode)) {
2453 con->http_status = 409; /* Conflict */
2454
2455 return HANDLER_FINISHED;
2456 }
2457 }
2458
2459 if (1 == webdav_parse_chunkqueue(srv, con, hctx, con->request_content_queue, &xml)) {
2460 xmlNode *rootnode = xmlDocGetRootElement(xml);
2461
2462 force_assert(rootnode);
2463
2464 if (0 == xmlStrcmp(rootnode->name, BAD_CAST "lockinfo")) {
2465 xmlNode *lockinfo;
2466 const xmlChar *lockscope = NULL, *locktype = NULL; /* TODO: compiler says unused: *owner = NULL; */
2467
2468 for (lockinfo = rootnode->children; lockinfo; lockinfo = lockinfo->next) {
2469 if (0 == xmlStrcmp(lockinfo->name, BAD_CAST "lockscope")) {
2470 xmlNode *value;
2471 for (value = lockinfo->children; value; value = value->next) {
2472 if ((0 == xmlStrcmp(value->name, BAD_CAST "exclusive")) ||
2473 (0 == xmlStrcmp(value->name, BAD_CAST "shared"))) {
2474 lockscope = value->name;
2475 } else {
2476 con->http_status = 400;
2477
2478 xmlFreeDoc(xml);
2479 return HANDLER_FINISHED;
2480 }
2481 }
2482 } else if (0 == xmlStrcmp(lockinfo->name, BAD_CAST "locktype")) {
2483 xmlNode *value;
2484 for (value = lockinfo->children; value; value = value->next) {
2485 if ((0 == xmlStrcmp(value->name, BAD_CAST "write"))) {
2486 locktype = value->name;
2487 } else {
2488 con->http_status = 400;
2489
2490 xmlFreeDoc(xml);
2491 return HANDLER_FINISHED;
2492 }
2493 }
2494
2495 } else if (0 == xmlStrcmp(lockinfo->name, BAD_CAST "owner")) {
2496 }
2497 }
2498
2499 if (lockscope && locktype) {
2500 sqlite3_stmt *stmt = p->conf.stmt_read_lock_by_uri;
2501
2502 /* is this resourse already locked ? */
2503
2504 /* SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout
2505 * FROM locks
2506 * WHERE resource = ? */
2507
2508 if (stmt) {
2509
2510 sqlite3_reset(stmt);
2511
2512 sqlite3_bind_text(stmt, 1,
2513 CONST_BUF_LEN(con->uri.path),
2514 SQLITE_TRANSIENT);
2515
2516 /* it is the PK */
2517 while (SQLITE_ROW == sqlite3_step(stmt)) {
2518 /* we found a lock
2519 * 1. is it compatible ?
2520 * 2. is it ours */
2521 char *sql_lockscope = (char *)sqlite3_column_text(stmt, 2);
2522
2523 if (strcmp(sql_lockscope, "exclusive")) {
2524 con->http_status = 423;
2525 } else if (0 == xmlStrcmp(lockscope, BAD_CAST "exclusive")) {
2526 /* resourse is locked with a shared lock
2527 * client wants exclusive */
2528 con->http_status = 423;
2529 }
2530 }
2531 if (con->http_status == 423) {
2532 xmlFreeDoc(xml);
2533 return HANDLER_FINISHED;
2534 }
2535 }
2536
2537 stmt = p->conf.stmt_create_lock;
2538 if (stmt) {
2539 /* create a lock-token */
2540 uuid_t id;
2541 char uuid[37] /* 36 + \0 */;
2542
2543 uuid_generate(id);
2544 uuid_unparse(id, uuid);
2545
2546 buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("opaquelocktoken:"));
2547 buffer_append_string(p->tmp_buf, uuid);
2548
2549 /* "CREATE TABLE locks ("
2550 * " locktoken TEXT NOT NULL,"
2551 * " resource TEXT NOT NULL,"
2552 * " lockscope TEXT NOT NULL,"
2553 * " locktype TEXT NOT NULL,"
2554 * " owner TEXT NOT NULL,"
2555 * " depth INT NOT NULL,"
2556 */
2557
2558 sqlite3_reset(stmt);
2559
2560 sqlite3_bind_text(stmt, 1,
2561 CONST_BUF_LEN(p->tmp_buf),
2562 SQLITE_TRANSIENT);
2563
2564 sqlite3_bind_text(stmt, 2,
2565 CONST_BUF_LEN(con->uri.path),
2566 SQLITE_TRANSIENT);
2567
2568 sqlite3_bind_text(stmt, 3,
2569 (const char *)lockscope,
2570 xmlStrlen(lockscope),
2571 SQLITE_TRANSIENT);
2572
2573 sqlite3_bind_text(stmt, 4,
2574 (const char *)locktype,
2575 xmlStrlen(locktype),
2576 SQLITE_TRANSIENT);
2577
2578 /* owner */
2579 sqlite3_bind_text(stmt, 5,
2580 "",
2581 0,
2582 SQLITE_TRANSIENT);
2583
2584 /* depth */
2585 sqlite3_bind_int(stmt, 6,
2586 depth);
2587
2588
2589 if (SQLITE_DONE != sqlite3_step(stmt)) {
2590 log_error_write(srv, __FILE__, __LINE__, "ss",
2591 "create lock:", sqlite3_errmsg(p->conf.sql));
2592 }
2593
2594 /* looks like we survived */
2595 webdav_lockdiscovery(con, p->tmp_buf, (const char *)lockscope, (const char *)locktype, depth);
2596
2597 con->http_status = created ? 201 : 200;
2598 con->file_finished = 1;
2599 }
2600 }
2601 }
2602
2603 xmlFreeDoc(xml);
2604 return HANDLER_FINISHED;
2605 } else {
2606 con->http_status = 400;
2607 return HANDLER_FINISHED;
2608 }
2609 } else {
2610 buffer *b;
2611 if (NULL != (b = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("If")))) {
2612 buffer *locktoken = b;
2613 sqlite3_stmt *stmt = p->conf.stmt_refresh_lock;
2614
2615 /* remove the < > around the token */
2616 if (buffer_string_length(locktoken) < 5) {
2617 con->http_status = 400;
2618
2619 return HANDLER_FINISHED;
2620 }
2621
2622 buffer_copy_string_len(p->tmp_buf, locktoken->ptr + 2, buffer_string_length(locktoken) - 4);
2623
2624 sqlite3_reset(stmt);
2625
2626 sqlite3_bind_text(stmt, 1,
2627 CONST_BUF_LEN(p->tmp_buf),
2628 SQLITE_TRANSIENT);
2629
2630 if (SQLITE_DONE != sqlite3_step(stmt)) {
2631 log_error_write(srv, __FILE__, __LINE__, "ss",
2632 "refresh lock:", sqlite3_errmsg(p->conf.sql));
2633 }
2634
2635 webdav_lockdiscovery(con, p->tmp_buf, "exclusive", "write", 0);
2636
2637 con->http_status = 200;
2638 con->file_finished = 1;
2639 return HANDLER_FINISHED;
2640 } else {
2641 /* we need a lock-token to refresh */
2642 con->http_status = 400;
2643
2644 return HANDLER_FINISHED;
2645 }
2646 }
2647 }
2648 #endif
2649
2650 #ifdef USE_LOCKS
2651 static handler_t mod_webdav_unlock(server *srv, connection *con, plugin_data *p) {
2652 buffer *b;
2653 if (NULL != (b = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Lock-Token")))) {
2654 buffer *locktoken = b;
2655 sqlite3_stmt *stmt = p->conf.stmt_remove_lock;
2656
2657 /* remove the < > around the token */
2658 if (buffer_string_length(locktoken) < 3) {
2659 con->http_status = 400;
2660
2661 return HANDLER_FINISHED;
2662 }
2663
2664 /**
2665 * FIXME:
2666 *
2667 * if the resourse is locked:
2668 * - by us: unlock
2669 * - by someone else: 401
2670 * if the resource is not locked:
2671 * - 412
2672 * */
2673
2674 buffer_copy_string_len(p->tmp_buf, locktoken->ptr + 1, buffer_string_length(locktoken) - 2);
2675
2676 sqlite3_reset(stmt);
2677
2678 sqlite3_bind_text(stmt, 1,
2679 CONST_BUF_LEN(p->tmp_buf),
2680 SQLITE_TRANSIENT);
2681
2682 if (SQLITE_DONE != sqlite3_step(stmt)) {
2683 log_error_write(srv, __FILE__, __LINE__, "ss",
2684 "remove lock:", sqlite3_errmsg(p->conf.sql));
2685 }
2686
2687 if (0 == sqlite3_changes(p->conf.sql)) {
2688 con->http_status = 401;
2689 } else {
2690 con->http_status = 204;
2691 }
2692 return HANDLER_FINISHED;
2693 } else {
2694 /* we need a lock-token to unlock */
2695 con->http_status = 400;
2696
2697 return HANDLER_FINISHED;
2698 }
2699 }
2700 #endif
2701
2702 SUBREQUEST_FUNC(mod_webdav_subrequest_handler_huge) {
2703 plugin_data *p = p_d;
2704 handler_ctx *hctx = con->plugin_ctx[p->id];
2705
2706 if (NULL == hctx) return HANDLER_GO_ON;
2707 if (!hctx->conf.enabled) return HANDLER_GO_ON;
2708 /* physical path is setup */
2709 if (buffer_is_empty(con->physical.path)) return HANDLER_GO_ON;
2710
2711 switch (con->request.http_method) {
2712 case HTTP_METHOD_PROPFIND:
2713 return mod_webdav_propfind(srv, con, p, hctx);
2714 case HTTP_METHOD_MKCOL:
2715 return mod_webdav_mkcol(con, p);
2716 case HTTP_METHOD_DELETE:
2717 return mod_webdav_delete(srv, con, p, hctx);
2718 case HTTP_METHOD_PUT:
2719 return mod_webdav_put(srv, con, p, hctx);
2720 case HTTP_METHOD_MOVE:
2721 case HTTP_METHOD_COPY:
2722 return mod_webdav_copymove(srv, con, p, hctx);
2723 case HTTP_METHOD_PROPPATCH:
2724 return mod_webdav_proppatch(srv, con, p, hctx);
2725 #ifdef USE_LOCKS
2726 case HTTP_METHOD_LOCK:
2727 return mod_webdav_lock(srv, con, p, hctx);
2728 case HTTP_METHOD_UNLOCK:
2729 return mod_webdav_unlock(srv, con, p);
2730 #else
2731 case HTTP_METHOD_LOCK:
2732 case HTTP_METHOD_UNLOCK:
2733 con->http_status = 501;
2734 return HANDLER_FINISHED;
2735 #endif
2736 default:
2737 return HANDLER_GO_ON; /* not found */
2738 }
2739 }
2740
2741
2742 SUBREQUEST_FUNC(mod_webdav_subrequest_handler) {
2743 handler_t r;
2744 plugin_data *p = p_d;
2745 if (con->mode != p->id) return HANDLER_GO_ON;
2746
2747 r = mod_webdav_subrequest_handler_huge(srv, con, p_d);
2748 if (con->http_status >= 400) con->mode = DIRECT;
2749 return r;
2750 }
2751
2752
2753 PHYSICALPATH_FUNC(mod_webdav_physical_handler) {
2754 plugin_data *p = p_d;
2755 if (!p->conf.enabled) return HANDLER_GO_ON;
2756
2757 /* physical path is setup */
2758 if (buffer_is_empty(con->physical.path)) return HANDLER_GO_ON;
2759
2760 UNUSED(srv);
2761
2762 switch (con->request.http_method) {
2763 case HTTP_METHOD_PROPFIND:
2764 case HTTP_METHOD_PROPPATCH:
2765 case HTTP_METHOD_PUT:
2766 case HTTP_METHOD_COPY:
2767 case HTTP_METHOD_MOVE:
2768 case HTTP_METHOD_MKCOL:
2769 case HTTP_METHOD_DELETE:
2770 case HTTP_METHOD_LOCK:
2771 case HTTP_METHOD_UNLOCK: {
2772 handler_ctx *hctx = calloc(1, sizeof(*hctx));
2773 memcpy(&hctx->conf, &p->conf, sizeof(plugin_config));
2774 con->plugin_ctx[p->id] = hctx;
2775 con->conf.stream_request_body = 0;
2776 con->mode = p->id;
2777 break;
2778 }
2779 default:
2780 break;
2781 }
2782
2783 return HANDLER_GO_ON;
2784 }
2785
2786 static handler_t mod_webdav_connection_reset(server *srv, connection *con, void *p_d) {
2787 plugin_data *p = p_d;
2788 handler_ctx *hctx = con->plugin_ctx[p->id];
2789 if (hctx) {
2790 free(hctx);
2791 con->plugin_ctx[p->id] = NULL;
2792 }
2793
2794 UNUSED(srv);
2795 return HANDLER_GO_ON;
2796 }
2797
2798
2799 /* this function is called at dlopen() time and inits the callbacks */
2800
2801 int mod_webdav_plugin_init(plugin *p);
2802 int mod_webdav_plugin_init(plugin *p) {
2803 p->version = LIGHTTPD_VERSION_ID;
2804 p->name = buffer_init_string("webdav");
2805
2806 p->init = mod_webdav_init;
2807 p->handle_uri_clean = mod_webdav_uri_handler;
2808 p->handle_physical = mod_webdav_physical_handler;
2809 p->handle_subrequest = mod_webdav_subrequest_handler;
2810 p->connection_reset = mod_webdav_connection_reset;
2811 p->set_defaults = mod_webdav_set_defaults;
2812 p->cleanup = mod_webdav_free;
2813
2814 p->data = NULL;
2815
2816 return 0;
2817 }
A fast webserver with minimal memory-footprint (lighttpd)