/*
* This file is part of DisOrder.
- * Copyright (C) 2004, 2005, 2007 Richard Kettlewell
+ * Copyright (C) 2004, 2005, 2007, 2008 Richard Kettlewell
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*/
+/** @file server/cgimain.c
+ * @brief DisOrder CGI
+ */
#include <config.h>
#include "types.h"
#include "client.h"
#include "sink.h"
-#include "cgi.h"
-#include "dcgi.h"
+#include "server-cgi.h"
#include "mem.h"
#include "log.h"
#include "configuration.h"
#include "api-client.h"
#include "mime.h"
#include "printf.h"
+#include "dcgi.h"
+#include "url.h"
+
+#include "macros.h"
+#include "macros-disorder.h"
-/** @brief Infer the base URL for the web interface if it's not set
+/** @brief Return true if @p a is better than @p b
*
- * See <a href="http://tools.ietf.org/html/rfc3875">RFC 3875</a>.
+ * NB. We don't bother checking if the path is right, we merely check for the
+ * longest path. This isn't a security hole: if the browser wants to send us
+ * bad cookies it's quite capable of sending just the right path anyway. The
+ * point of choosing the longest path is to avoid using a cookie set by another
+ * CGI script which shares a path prefix with us, which would allow it to
+ * maliciously log users out.
+ *
+ * Such a script could still "maliciously" log someone in, if it had acquired a
+ * suitable cookie. But it could just log in directly if it had that, so there
+ * is no obvious vulnerability here either.
*/
-static void infer_url(void) {
- if(!config->url) {
- const char *scheme = "http", *server, *script, *e;
- int port;
-
- /* Figure out the server. 'MUST' be set and we don't cope if it
- * is not. */
- if(!(server = getenv("SERVER_NAME")))
- fatal(0, "SERVER_NAME is not set");
- server = xstrdup(server);
-
- /* Figure out the port. 'MUST' be set but we cope if it is not. */
- if((e = getenv("SERVER_PORT")))
- port = atoi(e);
- else
- port = 80;
-
- /* Figure out path to ourselves */
- if(!(script = getenv("SCRIPT_NAME")))
- fatal(0, "SCRIPT_NAME is not set");
- if(script[0] != '/')
- fatal(0, "SCRIPT_NAME does not start with a '/'");
- script = xstrdup(script);
-
- if(port == 80)
- byte_xasprintf(&config->url, "%s://%s%s",
- scheme, server, script);
- else
- byte_xasprintf(&config->url, "%s://%s:%d%s",
- scheme, server, port, script);
- }
+static int better_cookie(const struct cookie *a, const struct cookie *b) {
+ if(a->path && b->path)
+ /* If both have a path then the one with the longest path is best */
+ return strlen(a->path) > strlen(b->path);
+ else if(a->path)
+ /* If only @p a has a path then it is better */
+ return 1;
+ else
+ /* If neither have a path, or if only @p b has a path, then @p b is
+ * better */
+ return 0;
}
int main(int argc, char **argv) {
dcgi_global g;
dcgi_state s;
cgi_sink output;
- int n;
+ int n, best_cookie;
struct cookiedata cd;
- if(argc > 0) progname = argv[0];
+ if(argc > 0)
+ progname = argv[0];
+ /* RFC 3875 s8.2 recommends rejecting PATH_INFO if we don't make use of
+ * it. */
+ if(getenv("PATH_INFO")) {
+ /* TODO it might be nice to link back to the right place... */
+ printf("Content-Type: text/html\n");
+ printf("Status: 404\n");
+ printf("\n");
+ printf("<p>Sorry, PATH_INFO not supported.</p>\n");
+ exit(0);
+ }
cgi_parse();
- if((conf = getenv("DISORDER_CONFIG"))) configfile = xstrdup(conf);
- if(getenv("DISORDER_DEBUG")) debugging = 1;
- if(config_read(0)) exit(EXIT_FAILURE);
- infer_url();
+ /* We allow various things to be overridden from the environment. This is
+ * intended for debugging and is not a documented feature. */
+ if((conf = getenv("DISORDER_CONFIG")))
+ configfile = xstrdup(conf);
+ if(getenv("DISORDER_DEBUG"))
+ debugging = 1;
+ if(config_read(0))
+ exit(EXIT_FAILURE);
+ /* Figure out our URL. This can still be overridden from the config file if
+ * necessary but it shouldn't be necessary in ordinary installations. */
+ if(!config->url)
+ config->url = infer_url();
memset(&g, 0, sizeof g);
memset(&s, 0, sizeof s);
s.g = &g;
if(cookie_env) {
/* This will be an HTTP header */
if(!parse_cookie(cookie_env, &cd)) {
- for(n = 0; n < cd.ncookies
- && strcmp(cd.cookies[n].name, "disorder"); ++n)
- ;
- if(n < cd.ncookies)
- login_cookie = cd.cookies[n].value;
- }
- }
- /* Log in with the cookie if possible otherwise as guest */
- if(disorder_connect_cookie(g.client, login_cookie)) {
- disorder_cgi_error(&output, &s, "connect");
- return 0;
+ /* Pick the best available cookie from all those offered */
+ best_cookie = -1;
+ for(n = 0; n < cd.ncookies; ++n) {
+ /* Is this the right cookie? */
+ if(strcmp(cd.cookies[n].name, "disorder"))
+ continue;
+ /* Is it better than anything we've seen so far? */
+ if(best_cookie < 0
+ || better_cookie(&cd.cookies[n], &cd.cookies[best_cookie]))
+ best_cookie = n;
+ }
+ if(best_cookie != -1)
+ login_cookie = cd.cookies[best_cookie].value;
+ } else
+ error(0, "could not parse cookie field '%s'", cookie_env);
}
- /* If there was a cookie but it went bad, we forget it */
- if(login_cookie && !strcmp(disorder_user(g.client), "guest"))
- login_cookie = 0;
- /* TODO RFC 3875 s8.2 recommendations e.g. concerning PATH_INFO */
+ /* Register expansions */
+ mx_register_builtin();
+ register_disorder_expansions();
+ /* Update search path. We look in the config directory first and the data
+ * directory second, so that the latter overrides the former. */
+ mx_search_path(pkgconfdir);
+ mx_search_path(pkgdatadir);
+ /* Create the initial connection, trying the cookie if we found a suitable
+ * one. */
+ disorder_cgi_login(&s, &output);
+ /* The main program... */
disorder_cgi(&output, &s);
- if(fclose(stdout) < 0) fatal(errno, "error closing stdout");
+ /* In practice if a write fails that probably means the web server went away,
+ * but we log it anyway. */
+ if(fclose(stdout) < 0)
+ fatal(errno, "error closing stdout");
return 0;
}
Local Variables:
c-basic-offset:2
comment-column:40
+fill-column:79
+indent-tabs-mode:nil
End:
*/
~mdw / disorder / blobdiff