|
@@ -0,0 +1,305 @@
|
|
|
+#include <u.h>
|
|
|
+#include <libc.h>
|
|
|
+#include <ctype.h>
|
|
|
+#include <bio.h>
|
|
|
+#include <regexp.h>
|
|
|
+#include <fcall.h>
|
|
|
+#include "httpd.h"
|
|
|
+#include "httpsrv.h"
|
|
|
+
|
|
|
+static Hio *hout;
|
|
|
+static Hio houtb;
|
|
|
+static HConnect *connect;
|
|
|
+static int vermaj, gidwidth, uidwidth, lenwidth, devwidth;
|
|
|
+static Biobuf *aio, *dio;
|
|
|
+
|
|
|
+static void
|
|
|
+doctype(void)
|
|
|
+{
|
|
|
+ hprint(hout, "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n");
|
|
|
+ hprint(hout, " \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n");
|
|
|
+}
|
|
|
+
|
|
|
+void
|
|
|
+error(char *title, char *fmt, ...)
|
|
|
+{
|
|
|
+ va_list arg;
|
|
|
+ char buf[1024], *out;
|
|
|
+
|
|
|
+ va_start(arg, fmt);
|
|
|
+ out = vseprint(buf, buf+sizeof(buf), fmt, arg);
|
|
|
+ va_end(arg);
|
|
|
+ *out = 0;
|
|
|
+
|
|
|
+ hprint(hout, "%s 404 %s\r\n", hversion, title);
|
|
|
+ hprint(hout, "Date: %D\r\n", time(nil));
|
|
|
+ hprint(hout, "Server: Plan9\r\n");
|
|
|
+ hprint(hout, "Content-type: text/html\r\n");
|
|
|
+ hprint(hout, "\r\n");
|
|
|
+ doctype();
|
|
|
+ hprint(hout, "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n");
|
|
|
+ hprint(hout, "<head><title>%s</title></head>\n", title);
|
|
|
+ hprint(hout, "<body>\n");
|
|
|
+ hprint(hout, "<h1>%s</h1>\n", title);
|
|
|
+ hprint(hout, "%s\n", buf);
|
|
|
+ hprint(hout, "</body>\n");
|
|
|
+ hprint(hout, "</html>\n");
|
|
|
+ hflush(hout);
|
|
|
+ writelog(connect, "Reply: 404\nReason: %s\n", title);
|
|
|
+ exits(nil);
|
|
|
+}
|
|
|
+
|
|
|
+/*
|
|
|
+ * Are we actually allowed to look in here?
|
|
|
+ *
|
|
|
+ * Rules:
|
|
|
+ * 1) If neither allowed nor denied files exist, access is granted.
|
|
|
+ * 2) If allowed exists and denied does not, dir *must* be in allowed
|
|
|
+ * for access to be granted, otherwise, access is denied.
|
|
|
+ * 3) If denied exists and allowed does not, dir *must not* be in
|
|
|
+ * denied for access to be granted, otherwise, access is enied.
|
|
|
+ * 4) If both exist, okay if either (a) file is not in denied, or
|
|
|
+ * (b) in denied and in allowed. Otherwise, access is denied.
|
|
|
+ */
|
|
|
+static Reprog *
|
|
|
+getre(Biobuf *buf)
|
|
|
+{
|
|
|
+ Reprog *re;
|
|
|
+ char *p, *t;
|
|
|
+
|
|
|
+ if (buf == nil)
|
|
|
+ return(nil);
|
|
|
+ for ( ; ; free(p)) {
|
|
|
+ p = Brdstr(buf, '\n', 0);
|
|
|
+ if (p == nil)
|
|
|
+ return(nil);
|
|
|
+ t = strchr(p, '#');
|
|
|
+ if (t != nil)
|
|
|
+ *t = '\0';
|
|
|
+ t = p + strlen(p);
|
|
|
+ while (--t > p && isspace(*t))
|
|
|
+ *t = '\0';
|
|
|
+ if (strlen(p) == 0)
|
|
|
+ continue;
|
|
|
+ re = regcomp(p);
|
|
|
+ if (re == nil)
|
|
|
+ continue;
|
|
|
+ free(p);
|
|
|
+ return(re);
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+static int
|
|
|
+allowed(char *dir)
|
|
|
+{
|
|
|
+ Reprog *re;
|
|
|
+ int okay;
|
|
|
+ Resub match;
|
|
|
+
|
|
|
+ if (strcmp(dir, "..") == 0 || strncmp(dir, "../", 3) == 0)
|
|
|
+ return(0);
|
|
|
+ if (aio == nil && dio == nil)
|
|
|
+ return(1);
|
|
|
+ if (aio != nil)
|
|
|
+ Bseek(aio, 0, 0);
|
|
|
+ if (dio != nil)
|
|
|
+ Bseek(dio, 0, 0);
|
|
|
+
|
|
|
+ okay = (dio != nil);
|
|
|
+ while (okay && (re = getre(dio)) != nil) {
|
|
|
+ memset(&match, 0, sizeof(match));
|
|
|
+ okay = (regexec(re, dir, &match, 1) != 1);
|
|
|
+ free(re);
|
|
|
+ }
|
|
|
+ if (aio == nil)
|
|
|
+ return(okay);
|
|
|
+ while (!okay && (re = getre(aio)) != nil) {
|
|
|
+ memset(&match, 0, sizeof(match));
|
|
|
+ okay = (regexec(re, dir, &match, 1) == 1);
|
|
|
+ free(re);
|
|
|
+ }
|
|
|
+ return(okay);
|
|
|
+}
|
|
|
+
|
|
|
+/*
|
|
|
+ * Comparison routine for sorting the directory.
|
|
|
+ */
|
|
|
+static int
|
|
|
+compar(Dir *a, Dir *b)
|
|
|
+{
|
|
|
+ return(strcmp(a->name, b->name));
|
|
|
+}
|
|
|
+
|
|
|
+/*
|
|
|
+ * These is for formating; how wide are variable-length
|
|
|
+ * fields?
|
|
|
+ */
|
|
|
+static void
|
|
|
+maxwidths(Dir *dp, long n)
|
|
|
+{
|
|
|
+ long i;
|
|
|
+ char scratch[64];
|
|
|
+
|
|
|
+ for (i = 0; i < n; i++) {
|
|
|
+ if (snprint(scratch, sizeof scratch, "%ud", dp[i].dev) > devwidth)
|
|
|
+ devwidth = strlen(scratch);
|
|
|
+ if (strlen(dp[i].uid) > uidwidth)
|
|
|
+ uidwidth = strlen(dp[i].uid);
|
|
|
+ if (strlen(dp[i].gid) > gidwidth)
|
|
|
+ gidwidth = strlen(dp[i].gid);
|
|
|
+ if (snprint(scratch, sizeof scratch, "%lld", dp[i].length) > lenwidth)
|
|
|
+ lenwidth = strlen(scratch);
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+/*
|
|
|
+ * Do an actual directory listing.
|
|
|
+ * asciitime is lifted directly out of ls.
|
|
|
+ */
|
|
|
+char *
|
|
|
+asciitime(long l)
|
|
|
+{
|
|
|
+ ulong clk;
|
|
|
+ static char buf[32];
|
|
|
+ char *t;
|
|
|
+
|
|
|
+ clk = time(nil);
|
|
|
+ t = ctime(l);
|
|
|
+ /* 6 months in the past or a day in the future */
|
|
|
+ if(l<clk-180L*24*60*60 || clk+24L*60*60<l){
|
|
|
+ memmove(buf, t+4, 7); /* month and day */
|
|
|
+ memmove(buf+7, t+23, 5); /* year */
|
|
|
+ }else
|
|
|
+ memmove(buf, t+4, 12); /* skip day of week */
|
|
|
+ buf[12] = 0;
|
|
|
+ return buf;
|
|
|
+}
|
|
|
+
|
|
|
+static void
|
|
|
+dols(char *dir)
|
|
|
+{
|
|
|
+ Dir *d;
|
|
|
+ char *f, *p;
|
|
|
+ long i, n;
|
|
|
+ int fd;
|
|
|
+
|
|
|
+ cleanname(dir);
|
|
|
+ if (!allowed(dir)) {
|
|
|
+ error("Permission denied", "<p>Cannot list directory %s: Access prohibited</p>", dir);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ fd = open(dir, OREAD);
|
|
|
+ if (fd < 0) {
|
|
|
+ error("Cannot read directory", "<p>Cannot read directory %s: %r</p>", dir);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ if (vermaj) {
|
|
|
+ hokheaders(connect);
|
|
|
+ hprint(hout, "Content-type: text/html\r\n");
|
|
|
+ hprint(hout, "\r\n");
|
|
|
+ }
|
|
|
+ doctype();
|
|
|
+ hprint(hout, "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n");
|
|
|
+ hprint(hout, "<head><title>Index of %s</title></head>\n", dir);
|
|
|
+ hprint(hout, "<body>\n");
|
|
|
+ hprint(hout, "<h1>Index of %s</h1>\n", dir);
|
|
|
+ n = dirreadall(fd, &d);
|
|
|
+ close(fd);
|
|
|
+ maxwidths(d, n);
|
|
|
+ qsort(d, n, sizeof(Dir), (int (*)(void *, void *))compar);
|
|
|
+ hprint(hout, "<pre>\n");
|
|
|
+ for (i = 0; i < n; i++) {
|
|
|
+ f = smprint("%s/%s", dir, d[i].name);
|
|
|
+ cleanname(f);
|
|
|
+ if (d[i].mode & DMDIR) {
|
|
|
+ p = smprint("/magic/webls?dir=%H", f);
|
|
|
+ free(f);
|
|
|
+ f = p;
|
|
|
+ }
|
|
|
+ hprint(hout, "%M %C %*ud %-*s %-*s %*lld %s <a href=\"%s\">%s</a>\n",
|
|
|
+ d[i].mode, d[i].type,
|
|
|
+ devwidth, d[i].dev,
|
|
|
+ uidwidth, d[i].uid,
|
|
|
+ gidwidth, d[i].gid,
|
|
|
+ lenwidth, d[i].length,
|
|
|
+ asciitime(d[i].mtime), f, d[i].name);
|
|
|
+ free(f);
|
|
|
+ }
|
|
|
+ f = smprint("%s/..", dir);
|
|
|
+ cleanname(f);
|
|
|
+ if (allowed(f))
|
|
|
+ hprint(hout, "\nGo to <a href=\"/magic/webls?dir=%H\">parent</a> directory\n", f);
|
|
|
+ else
|
|
|
+ hprint(hout, "\nEnd of directory listing\n");
|
|
|
+ free(f);
|
|
|
+ hprint(hout, "</pre>\n</body>\n</html>\n");
|
|
|
+ hflush(hout);
|
|
|
+ free(d);
|
|
|
+}
|
|
|
+
|
|
|
+/*
|
|
|
+ * Handle unpacking the request in the URI and
|
|
|
+ * invoking the actual handler.
|
|
|
+ */
|
|
|
+static void
|
|
|
+dosearch(char *search)
|
|
|
+{
|
|
|
+ if (strncmp(search, "dir=", 4) == 0){
|
|
|
+ search = hurlunesc(connect, search+4);
|
|
|
+ dols(search);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
+ /*
|
|
|
+ * Otherwise, we've gotten an illegal request.
|
|
|
+ * spit out a non-apologetic error.
|
|
|
+ */
|
|
|
+ search = hurlunesc(connect, search);
|
|
|
+ error("Bad directory listing request",
|
|
|
+ "<p>Illegal formatted directory listing request:</p>\n"
|
|
|
+ "<p>%H</p>", search);
|
|
|
+}
|
|
|
+
|
|
|
+void
|
|
|
+main(int argc, char **argv)
|
|
|
+{
|
|
|
+ fmtinstall('H', httpfmt);
|
|
|
+ fmtinstall('U', hurlfmt);
|
|
|
+ fmtinstall('M', dirmodefmt);
|
|
|
+
|
|
|
+ aio = Bopen("/sys/lib/webls.allowed", OREAD);
|
|
|
+ dio = Bopen("/sys/lib/webls.denied", OREAD);
|
|
|
+
|
|
|
+ if(argc == 2){
|
|
|
+ hinit(&houtb, 1, Hwrite);
|
|
|
+ hout = &houtb;
|
|
|
+ dols(argv[1]);
|
|
|
+ exits(nil);
|
|
|
+ }
|
|
|
+ close(2);
|
|
|
+
|
|
|
+ connect = init(argc, argv);
|
|
|
+ hout = &connect->hout;
|
|
|
+ vermaj = connect->req.vermaj;
|
|
|
+ if(hparseheaders(connect, HSTIMEOUT) < 0)
|
|
|
+ exits("failed");
|
|
|
+
|
|
|
+ if(strcmp(connect->req.meth, "GET") != 0 && strcmp(connect->req.meth, "HEAD") != 0){
|
|
|
+ hunallowed(connect, "GET, HEAD");
|
|
|
+ exits("not allowed");
|
|
|
+ }
|
|
|
+ if(connect->head.expectother || connect->head.expectcont){
|
|
|
+ hfail(connect, HExpectFail, nil);
|
|
|
+ exits("failed");
|
|
|
+ }
|
|
|
+
|
|
|
+ bind("/usr/web", "/", MREPL);
|
|
|
+
|
|
|
+ if(connect->req.search != nil)
|
|
|
+ dosearch(connect->req.search);
|
|
|
+ else
|
|
|
+ error("Bad argument", "<p>Need a search argument</p>");
|
|
|
+ hflush(hout);
|
|
|
+ writelog(connect, "200 webls %ld %ld\n", hout->seek, hout->seek);
|
|
|
+ exits(nil);
|
|
|
+}
|