chiark / gitweb /
The Login page now includes a form to request a password reminder
[disorder] / server / cgi.c
CommitLineData
460b9539 1/*
2 * This file is part of DisOrder.
8f9616f1 3 * Copyright (C) 2004, 2005, 2006, 2008 Richard Kettlewell
460b9539 4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
18 * USA
19 */
20
21#include <config.h>
22#include "types.h"
23
24#include <string.h>
25#include <stdio.h>
26#include <unistd.h>
27#include <stdlib.h>
28#include <errno.h>
29#include <sys/stat.h>
30#include <stddef.h>
31#include <fcntl.h>
32#include <unistd.h>
33#include <pcre.h>
34#include <limits.h>
35#include <fnmatch.h>
36#include <ctype.h>
37
38#include "mem.h"
39#include "log.h"
40#include "hex.h"
41#include "charset.h"
42#include "configuration.h"
43#include "table.h"
44#include "syscalls.h"
45#include "kvp.h"
46#include "vector.h"
47#include "split.h"
48#include "inputline.h"
49#include "regsub.h"
50#include "defs.h"
51#include "sink.h"
52#include "cgi.h"
53#include "printf.h"
54#include "mime.h"
18cda350 55#include "unicode.h"
460b9539 56
57struct kvp *cgi_args;
58
59/* options */
60struct column {
61 struct column *next;
62 char *name;
63 int ncolumns;
64 char **columns;
65};
66
67#define RELIST(x) struct re *x, **x##_tail = &x
68
69static int have_read_options;
70static struct kvp *labels;
71static struct column *columns;
72
73static void include_options(const char *name);
74
75static void cgi_parse_get(void) {
76 const char *q;
77
78 if(!(q = getenv("QUERY_STRING"))) fatal(0, "QUERY_STRING not set");
79 cgi_args = kvp_urldecode(q, strlen(q));
80}
81
82static void cgi_input(char **ptrp, size_t *np) {
83 const char *cl;
84 char *q;
85 size_t n, m = 0;
86 int r;
87
88 if(!(cl = getenv("CONTENT_LENGTH"))) fatal(0, "CONTENT_LENGTH not set");
89 n = atol(cl);
90 q = xmalloc_noptr(n + 1);
91 while(m < n) {
92 r = read(0, q + m, n - m);
93 if(r > 0)
94 m += r;
95 else if(r == 0)
96 fatal(0, "unexpected end of file reading request body");
97 else switch(errno) {
98 case EINTR: break;
99 default: fatal(errno, "error reading request body");
100 }
101 }
102 if(memchr(q, 0, n)) fatal(0, "null character in request body");
103 q[n + 1] = 0;
104 *ptrp = q;
105 if(np) *np = n;
106}
107
108static int cgi_field_callback(const char *name, const char *value,
109 void *u) {
110 char *disposition, *pname, *pvalue;
111 char **namep = u;
112
113 if(!strcmp(name, "content-disposition")) {
114 if(mime_rfc2388_content_disposition(value,
115 &disposition,
116 &pname,
117 &pvalue))
118 fatal(0, "error parsing Content-Disposition field");
119 if(!strcmp(disposition, "form-data")
120 && pname
121 && !strcmp(pname, "name")) {
122 if(*namep)
123 fatal(0, "duplicate Content-Disposition field");
124 *namep = pvalue;
125 }
126 }
127 return 0;
128}
129
130static int cgi_part_callback(const char *s,
131 void attribute((unused)) *u) {
132 char *name = 0;
133 struct kvp *k;
134
135 if(!(s = mime_parse(s, cgi_field_callback, &name)))
136 fatal(0, "error parsing part header");
137 if(!name) fatal(0, "no name found");
138 k = xmalloc(sizeof *k);
139 k->next = cgi_args;
140 k->name = name;
141 k->value = s;
142 cgi_args = k;
143 return 0;
144}
145
146static void cgi_parse_multipart(const char *boundary) {
147 char *q;
148
149 cgi_input(&q, 0);
150 if(mime_multipart(q, cgi_part_callback, boundary, 0))
151 fatal(0, "invalid multipart object");
152}
153
154static void cgi_parse_post(void) {
155 const char *ct;
156 char *q, *type, *pname, *pvalue;
157 size_t n;
158
159 if(!(ct = getenv("CONTENT_TYPE")))
160 ct = "application/x-www-form-urlencoded";
161 if(mime_content_type(ct, &type, &pname, &pvalue))
162 fatal(0, "invalid content type '%s'", ct);
163 if(!strcmp(type, "application/x-www-form-urlencoded")) {
164 cgi_input(&q, &n);
165 cgi_args = kvp_urldecode(q, n);
166 return;
167 }
168 if(!strcmp(type, "multipart/form-data")) {
169 if(!pname || strcmp(pname, "boundary"))
170 fatal(0, "expected a boundary parameter, found %s",
171 pname ? pname : "nothing");
172 cgi_parse_multipart(pvalue);
173 return;
174 }
175 fatal(0, "unrecognized content type '%s'", type);
176}
177
178void cgi_parse(void) {
179 const char *p;
180 struct kvp *k;
181
182 if(!(p = getenv("REQUEST_METHOD"))) fatal(0, "REQUEST_METHOD not set");
183 if(!strcmp(p, "GET"))
184 cgi_parse_get();
185 else if(!strcmp(p, "POST"))
186 cgi_parse_post();
187 else
188 fatal(0, "unknown request method %s", p);
189 for(k = cgi_args; k; k = k->next)
18cda350
RK
190 if(!utf8_valid(k->name, strlen(k->name))
191 || !utf8_valid(k->value, strlen(k->value)))
460b9539 192 fatal(0, "invalid UTF-8 sequence in cgi argument");
193}
194
195const char *cgi_get(const char *name) {
196 return kvp_get(cgi_args, name);
197}
198
199void cgi_output(cgi_sink *output, const char *fmt, ...) {
200 va_list ap;
201 int n;
202 char *r;
203
204 va_start(ap, fmt);
205 n = byte_vasprintf(&r, fmt, ap);
206 if(n < 0)
207 fatal(errno, "error calling byte_vasprintf");
208 if(output->quote)
209 r = cgi_sgmlquote(r, 0);
210 output->sink->write(output->sink, r, strlen(r));
211 va_end(ap);
212}
213
214void cgi_header(struct sink *output, const char *name, const char *value) {
215 sink_printf(output, "%s: %s\r\n", name, value);
216}
217
218void cgi_body(struct sink *output) {
219 sink_printf(output, "\r\n");
220}
221
222char *cgi_sgmlquote(const char *s, int raw) {
223 uint32_t *ucs, *p, c;
224 char *b, *bp;
225 int n;
226
227 if(!raw) {
caecd4f4 228 if(!(ucs = utf8_to_utf32(s, strlen(s), 0))) exit(EXIT_FAILURE);
460b9539 229 } else {
230 ucs = xmalloc_noptr((strlen(s) + 1) * sizeof(uint32_t));
231 for(n = 0; s[n]; ++n)
232 ucs[n] = (unsigned char)s[n];
233 ucs[n] = 0;
234 }
235
236 n = 1;
237 /* estimate the length we'll need */
238 for(p = ucs; (c = *p); ++p) {
239 switch(c) {
240 default:
241 if(c > 127 || c < 32) {
242 case '"':
243 case '&':
244 case '<':
245 case '>':
246 n += 12;
247 break;
248 } else
249 n++;
250 }
251 }
252 /* format the string */
253 b = bp = xmalloc_noptr(n);
254 for(p = ucs; (c = *p); ++p) {
255 switch(c) {
256 default:
257 if(*p > 127 || *p < 32) {
258 case '"':
259 case '&':
260 case '<':
261 case '>':
262 bp += sprintf(bp, "&#%lu;", (unsigned long)c);
263 break;
264 } else
265 *bp++ = c;
266 }
267 }
268 *bp = 0;
269 return b;
270}
271
272void cgi_attr(struct sink *output, const char *name, const char *value) {
273 if(!value[strspn(value, "abcdefghijklmnopqrstuvwxyz"
274 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
275 "0123456789")])
276 sink_printf(output, "%s=%s", name, value);
277 else
278 sink_printf(output, "%s=\"%s\"", name, cgi_sgmlquote(value, 0));
279}
280
281void cgi_opentag(struct sink *output, const char *name, ...) {
282 va_list ap;
283 const char *n, *v;
284
285 sink_printf(output, "<%s", name);
286 va_start(ap, name);
287 while((n = va_arg(ap, const char *))) {
288 sink_printf(output, " ");
289 v = va_arg(ap, const char *);
290 if(v)
291 cgi_attr(output, n, v);
292 else
293 sink_printf(output, n);
294 }
295 sink_printf(output, ">");
296}
297
298void cgi_closetag(struct sink *output, const char *name) {
299 sink_printf(output, "</%s>", name);
300}
301
302static int template_open(const char *name,
303 const char *ext,
304 const char **filenamep) {
305 const char *dirs[2];
306 int fd = -1, n;
307 char *fullpath;
308
309 dirs[0] = pkgconfdir;
310 dirs[1] = pkgdatadir;
311 if(name[0] == '/') {
312 if((fd = open(name, O_RDONLY)) < 0) fatal(0, "cannot open %s", name);
313 *filenamep = name;
314 } else {
315 for(n = 0; n < config->templates.n + (int)(sizeof dirs / sizeof *dirs); ++n) {
316 byte_xasprintf(&fullpath, "%s/%s%s",
317 n < config->templates.n ? config->templates.s[n]
318 : dirs[n - config->templates.n],
319 name, ext);
320 if((fd = open(fullpath, O_RDONLY)) >= 0) break;
321 }
322 if(fd < 0) error(0, "cannot find %s%s in template path", name, ext);
323 *filenamep = fullpath;
324 }
325 return fd;
326}
327
328static int valid_template_name(const char *name) {
329 if(strchr(name, '/') || name[0] == '.')
330 return 0;
331 return 1;
332}
333
334void cgi_expand(const char *template,
335 const struct cgi_expansion *expansions,
336 size_t nexpansions,
337 cgi_sink *output,
338 void *u) {
339 int fd = -1;
340 int n;
341 off_t m;
342 char *b;
343 struct stat sb;
344
345 if(!valid_template_name(template))
346 fatal(0, "invalid template name '%s'", template);
347 if((fd = template_open(template, ".html", &template)) < 0)
348 exitfn(EXIT_FAILURE);
349 if(fstat(fd, &sb) < 0) fatal(errno, "cannot stat %s", template);
350 m = 0;
351 b = xmalloc_noptr(sb.st_size + 1);
352 while(m < sb.st_size) {
353 n = read(fd, b + m, sb.st_size - m);
354 if(n > 0) m += n;
355 else if(n == 0) fatal(0, "unexpected EOF reading %s", template);
356 else if(errno != EINTR) fatal(errno, "error reading %s", template);
357 }
358 b[sb.st_size] = 0;
359 xclose(fd);
360 cgi_expand_string(template, b, expansions, nexpansions, output, u);
361}
362
363void cgi_expand_string(const char *name,
364 const char *template,
365 const struct cgi_expansion *expansions,
366 size_t nexpansions,
367 cgi_sink *output,
368 void *u) {
369 int braces, n, m, line = 1, sline;
370 char *argname;
371 const char *p;
372 struct vector v;
373 struct dynstr d;
374 cgi_sink parameter_output;
375
376 while(*template) {
377 if(*template != '@') {
378 p = template;
379 while(*p && *p != '@') {
380 if(*p == '\n') ++line;
381 ++p;
382 }
383 output->sink->write(output->sink, template, p - template);
384 template = p;
385 continue;
386 }
387 vector_init(&v);
388 braces = 0;
389 ++template;
390 sline = line;
391 while(*template != '@') {
392 dynstr_init(&d);
393 if(*template == '{') {
394 /* bracketed arg */
395 ++template;
396 while(*template && (*template != '}' || braces > 0)) {
397 switch(*template) {
398 case '{': ++braces; break;
399 case '}': --braces; break;
400 case '\n': ++line; break;
401 }
402 dynstr_append(&d, *template++);
403 }
404 if(!*template) fatal(0, "%s:%d: unterminated expansion", name, sline);
405 ++template;
406 /* skip whitespace after closing bracket */
407 while(isspace((unsigned char)*template))
408 ++template;
409 } else {
410 /* unbracketed arg */
411 /* leading whitespace is not significant in unquoted args */
412 while(isspace((unsigned char)*template))
413 ++template;
414 while(*template
415 && *template != '@' && *template != '{' && *template != ':') {
416 if(*template == '\n') ++line;
417 dynstr_append(&d, *template++);
418 }
419 if(*template == ':')
420 ++template;
421 if(!*template) fatal(0, "%s:%d: unterminated expansion", name, sline);
422 /* trailing whitespace is not significant in unquoted args */
423 while(d.nvec && (isspace((unsigned char)d.vec[d.nvec - 1])))
424 --d.nvec;
425 }
426 dynstr_terminate(&d);
427 vector_append(&v, d.vec);
428 }
429 ++template;
430 vector_terminate(&v);
431 /* @@ terminates this file */
432 if(v.nvec == 0)
433 break;
434 if((n = table_find(expansions,
435 offsetof(struct cgi_expansion, name),
436 sizeof (struct cgi_expansion),
437 nexpansions,
438 v.vec[0])) < 0)
439 fatal(0, "%s:%d: unknown expansion '%s'", name, line, v.vec[0]);
440 if(v.nvec - 1 < expansions[n].minargs)
441 fatal(0, "%s:%d: insufficient arguments to @%s@ (min %d, got %d)",
442 name, line, v.vec[0], expansions[n].minargs, v.nvec - 1);
443 if(v.nvec - 1 > expansions[n].maxargs)
444 fatal(0, "%s:%d: too many arguments to @%s@ (max %d, got %d)",
445 name, line, v.vec[0], expansions[n].maxargs, v.nvec - 1);
446 /* for ordinary expansions, recursively expand the arguments */
447 if(!(expansions[n].flags & EXP_MAGIC)) {
448 for(m = 1; m < v.nvec; ++m) {
449 dynstr_init(&d);
450 byte_xasprintf(&argname, "<%s:%d arg #%d>", name, sline, m);
451 parameter_output.quote = 0;
452 parameter_output.sink = sink_dynstr(&d);
453 cgi_expand_string(argname, v.vec[m],
454 expansions, nexpansions,
455 &parameter_output, u);
456 dynstr_terminate(&d);
457 v.vec[m] = d.vec;
458 }
459 }
460 expansions[n].handler(v.nvec - 1, v.vec + 1, output, u);
461 }
462}
463
464char *cgi_makeurl(const char *url, ...) {
465 va_list ap;
466 struct kvp *kvp, *k, **kk = &kvp;
467 struct dynstr d;
468 const char *n, *v;
469
470 dynstr_init(&d);
471 dynstr_append_string(&d, url);
472 va_start(ap, url);
473 while((n = va_arg(ap, const char *))) {
474 v = va_arg(ap, const char *);
475 *kk = k = xmalloc(sizeof *k);
476 kk = &k->next;
477 k->name = n;
478 k->value = v;
479 }
480 *kk = 0;
481 if(kvp) {
482 dynstr_append(&d, '?');
483 dynstr_append_string(&d, kvp_urlencode(kvp, 0));
484 }
485 dynstr_terminate(&d);
486 return d.vec;
487}
488
489void cgi_set_option(const char *name, const char *value) {
490 struct kvp *k = xmalloc(sizeof *k);
491
492 k->next = labels;
493 k->name = name;
494 k->value = value;
495 labels = k;
496}
497
498static void option_label(int attribute((unused)) nvec,
499 char **vec) {
500 cgi_set_option(vec[0], vec[1]);
501}
502
503static void option_include(int attribute((unused)) nvec,
504 char **vec) {
505 include_options(vec[0]);
506}
507
508static void option_columns(int nvec,
509 char **vec) {
510 struct column *c = xmalloc(sizeof *c);
511
512 c->next = columns;
513 c->name = vec[0];
514 c->ncolumns = nvec - 1;
515 c->columns = &vec[1];
516 columns = c;
517}
518
519static struct option {
520 const char *name;
521 int minargs, maxargs;
522 void (*handler)(int nvec, char **vec);
523} options[] = {
524 { "columns", 1, INT_MAX, option_columns },
525 { "include", 1, 1, option_include },
526 { "label", 2, 2, option_label },
527};
528
529struct read_options_state {
530 const char *name;
531 int line;
532};
533
534static void read_options_error(const char *msg,
535 void *u) {
536 struct read_options_state *cs = u;
537
538 error(0, "%s:%d: %s", cs->name, cs->line, msg);
539}
540
541static void include_options(const char *name) {
542 int n, i;
543 int fd;
544 FILE *fp;
545 char **vec, *buffer;
546 struct read_options_state cs;
547
548 if((fd = template_open(name, "", &cs.name)) < 0) return;
549 if(!(fp = fdopen(fd, "r"))) fatal(errno, "error calling fdopen");
550 cs.line = 0;
551 while(!inputline(cs.name, fp, &buffer, '\n')) {
552 ++cs.line;
553 if(!(vec = split(buffer, &n, SPLIT_COMMENTS|SPLIT_QUOTES,
554 read_options_error, &cs)))
555 continue;
556 if(!n) continue;
557 if((i = TABLE_FIND(options, struct option, name, vec[0])) == -1) {
558 error(0, "%s:%d: unknown option '%s'", cs.name, cs.line, vec[0]);
559 continue;
560 }
561 ++vec;
562 --n;
563 if(n < options[i].minargs) {
564 error(0, "%s:%d: too few arguments to '%s'", cs.name, cs.line, vec[-1]);
565 continue;
566 }
567 if(n > options[i].maxargs) {
568 error(0, "%s:%d: too many arguments to '%s'", cs.name, cs.line, vec[-1]);
569 continue;
570 }
571 options[i].handler(n, vec);
572 }
573 fclose(fp);
574}
575
576static void read_options(void) {
577 if(!have_read_options) {
578 have_read_options = 1;
579 include_options("options");
580 }
581}
582
583const char *cgi_label(const char *key) {
584 const char *label;
585
586 read_options();
587 if(!(label = kvp_get(labels, key))) {
5e34540b 588 /* No label found */
589 if(!strncmp(key, "images.", 7)) {
590 static const char *url_static;
591 /* images.X defaults to <url.static>X.png */
592
593 if(!url_static)
594 url_static = cgi_label("url.static");
595 byte_xasprintf((char **)&label, "%s%s.png", url_static, key + 7);
596 } else if((label = strchr(key, '.')))
597 /* X.Y defaults to Y */
460b9539 598 ++label;
599 else
5e34540b 600 /* otherwise default to label name */
460b9539 601 label = key;
602 }
603 return label;
604}
605
8f9616f1
RK
606int cgi_label_exists(const char *key) {
607 read_options();
608 return kvp_get(labels, key) ? 1 : 0;
609}
610
460b9539 611char **cgi_columns(const char *name, int *ncolumns) {
612 struct column *c;
613
614 read_options();
615 for(c = columns; c && strcmp(name, c->name); c = c->next)
616 ;
617 if(c) {
618 if(ncolumns)
619 *ncolumns = c->ncolumns;
620 return c->columns;
621 } else {
622 if(ncolumns)
623 *ncolumns = 0;
624 return 0;
625 }
626}
627
628/*
629Local Variables:
630c-basic-offset:2
631comment-column:40
632End:
633*/