460b9539 |
1 | /* |
2 | * This file is part of DisOrder. |
3 | * Copyright (C) 2004, 2005, 2006 Richard Kettlewell |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License as published by |
7 | * the Free Software Foundation; either version 2 of the License, or |
8 | * (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, but |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 | * General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public License |
16 | * along with this program; if not, write to the Free Software |
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 |
18 | * USA |
19 | */ |
20 | |
21 | #include <config.h> |
22 | #include "types.h" |
23 | |
24 | #include <string.h> |
25 | #include <stdio.h> |
26 | #include <unistd.h> |
27 | #include <stdlib.h> |
28 | #include <errno.h> |
29 | #include <sys/stat.h> |
30 | #include <stddef.h> |
31 | #include <fcntl.h> |
32 | #include <unistd.h> |
33 | #include <pcre.h> |
34 | #include <limits.h> |
35 | #include <fnmatch.h> |
36 | #include <ctype.h> |
37 | |
38 | #include "mem.h" |
39 | #include "log.h" |
40 | #include "hex.h" |
41 | #include "charset.h" |
42 | #include "configuration.h" |
43 | #include "table.h" |
44 | #include "syscalls.h" |
45 | #include "kvp.h" |
46 | #include "vector.h" |
47 | #include "split.h" |
48 | #include "inputline.h" |
49 | #include "regsub.h" |
50 | #include "defs.h" |
51 | #include "sink.h" |
52 | #include "cgi.h" |
53 | #include "printf.h" |
54 | #include "mime.h" |
55 | #include "utf8.h" |
56 | |
57 | struct kvp *cgi_args; |
58 | |
59 | /* options */ |
60 | struct column { |
61 | struct column *next; |
62 | char *name; |
63 | int ncolumns; |
64 | char **columns; |
65 | }; |
66 | |
67 | #define RELIST(x) struct re *x, **x##_tail = &x |
68 | |
69 | static int have_read_options; |
70 | static struct kvp *labels; |
71 | static struct column *columns; |
72 | |
73 | static void include_options(const char *name); |
74 | |
75 | static void cgi_parse_get(void) { |
76 | const char *q; |
77 | |
78 | if(!(q = getenv("QUERY_STRING"))) fatal(0, "QUERY_STRING not set"); |
79 | cgi_args = kvp_urldecode(q, strlen(q)); |
80 | } |
81 | |
82 | static void cgi_input(char **ptrp, size_t *np) { |
83 | const char *cl; |
84 | char *q; |
85 | size_t n, m = 0; |
86 | int r; |
87 | |
88 | if(!(cl = getenv("CONTENT_LENGTH"))) fatal(0, "CONTENT_LENGTH not set"); |
89 | n = atol(cl); |
90 | q = xmalloc_noptr(n + 1); |
91 | while(m < n) { |
92 | r = read(0, q + m, n - m); |
93 | if(r > 0) |
94 | m += r; |
95 | else if(r == 0) |
96 | fatal(0, "unexpected end of file reading request body"); |
97 | else switch(errno) { |
98 | case EINTR: break; |
99 | default: fatal(errno, "error reading request body"); |
100 | } |
101 | } |
102 | if(memchr(q, 0, n)) fatal(0, "null character in request body"); |
103 | q[n + 1] = 0; |
104 | *ptrp = q; |
105 | if(np) *np = n; |
106 | } |
107 | |
108 | static int cgi_field_callback(const char *name, const char *value, |
109 | void *u) { |
110 | char *disposition, *pname, *pvalue; |
111 | char **namep = u; |
112 | |
113 | if(!strcmp(name, "content-disposition")) { |
114 | if(mime_rfc2388_content_disposition(value, |
115 | &disposition, |
116 | &pname, |
117 | &pvalue)) |
118 | fatal(0, "error parsing Content-Disposition field"); |
119 | if(!strcmp(disposition, "form-data") |
120 | && pname |
121 | && !strcmp(pname, "name")) { |
122 | if(*namep) |
123 | fatal(0, "duplicate Content-Disposition field"); |
124 | *namep = pvalue; |
125 | } |
126 | } |
127 | return 0; |
128 | } |
129 | |
130 | static int cgi_part_callback(const char *s, |
131 | void attribute((unused)) *u) { |
132 | char *name = 0; |
133 | struct kvp *k; |
134 | |
135 | if(!(s = mime_parse(s, cgi_field_callback, &name))) |
136 | fatal(0, "error parsing part header"); |
137 | if(!name) fatal(0, "no name found"); |
138 | k = xmalloc(sizeof *k); |
139 | k->next = cgi_args; |
140 | k->name = name; |
141 | k->value = s; |
142 | cgi_args = k; |
143 | return 0; |
144 | } |
145 | |
146 | static void cgi_parse_multipart(const char *boundary) { |
147 | char *q; |
148 | |
149 | cgi_input(&q, 0); |
150 | if(mime_multipart(q, cgi_part_callback, boundary, 0)) |
151 | fatal(0, "invalid multipart object"); |
152 | } |
153 | |
154 | static void cgi_parse_post(void) { |
155 | const char *ct; |
156 | char *q, *type, *pname, *pvalue; |
157 | size_t n; |
158 | |
159 | if(!(ct = getenv("CONTENT_TYPE"))) |
160 | ct = "application/x-www-form-urlencoded"; |
161 | if(mime_content_type(ct, &type, &pname, &pvalue)) |
162 | fatal(0, "invalid content type '%s'", ct); |
163 | if(!strcmp(type, "application/x-www-form-urlencoded")) { |
164 | cgi_input(&q, &n); |
165 | cgi_args = kvp_urldecode(q, n); |
166 | return; |
167 | } |
168 | if(!strcmp(type, "multipart/form-data")) { |
169 | if(!pname || strcmp(pname, "boundary")) |
170 | fatal(0, "expected a boundary parameter, found %s", |
171 | pname ? pname : "nothing"); |
172 | cgi_parse_multipart(pvalue); |
173 | return; |
174 | } |
175 | fatal(0, "unrecognized content type '%s'", type); |
176 | } |
177 | |
178 | void cgi_parse(void) { |
179 | const char *p; |
180 | struct kvp *k; |
181 | |
182 | if(!(p = getenv("REQUEST_METHOD"))) fatal(0, "REQUEST_METHOD not set"); |
183 | if(!strcmp(p, "GET")) |
184 | cgi_parse_get(); |
185 | else if(!strcmp(p, "POST")) |
186 | cgi_parse_post(); |
187 | else |
188 | fatal(0, "unknown request method %s", p); |
189 | for(k = cgi_args; k; k = k->next) |
190 | if(!validutf8(k->name) |
191 | || !validutf8(k->value)) |
192 | fatal(0, "invalid UTF-8 sequence in cgi argument"); |
193 | } |
194 | |
195 | const char *cgi_get(const char *name) { |
196 | return kvp_get(cgi_args, name); |
197 | } |
198 | |
199 | void cgi_output(cgi_sink *output, const char *fmt, ...) { |
200 | va_list ap; |
201 | int n; |
202 | char *r; |
203 | |
204 | va_start(ap, fmt); |
205 | n = byte_vasprintf(&r, fmt, ap); |
206 | if(n < 0) |
207 | fatal(errno, "error calling byte_vasprintf"); |
208 | if(output->quote) |
209 | r = cgi_sgmlquote(r, 0); |
210 | output->sink->write(output->sink, r, strlen(r)); |
211 | va_end(ap); |
212 | } |
213 | |
214 | void cgi_header(struct sink *output, const char *name, const char *value) { |
215 | sink_printf(output, "%s: %s\r\n", name, value); |
216 | } |
217 | |
218 | void cgi_body(struct sink *output) { |
219 | sink_printf(output, "\r\n"); |
220 | } |
221 | |
222 | char *cgi_sgmlquote(const char *s, int raw) { |
223 | uint32_t *ucs, *p, c; |
224 | char *b, *bp; |
225 | int n; |
226 | |
227 | if(!raw) { |
228 | if(!(ucs = utf82ucs4(s))) exit(EXIT_FAILURE); |
229 | } else { |
230 | ucs = xmalloc_noptr((strlen(s) + 1) * sizeof(uint32_t)); |
231 | for(n = 0; s[n]; ++n) |
232 | ucs[n] = (unsigned char)s[n]; |
233 | ucs[n] = 0; |
234 | } |
235 | |
236 | n = 1; |
237 | /* estimate the length we'll need */ |
238 | for(p = ucs; (c = *p); ++p) { |
239 | switch(c) { |
240 | default: |
241 | if(c > 127 || c < 32) { |
242 | case '"': |
243 | case '&': |
244 | case '<': |
245 | case '>': |
246 | n += 12; |
247 | break; |
248 | } else |
249 | n++; |
250 | } |
251 | } |
252 | /* format the string */ |
253 | b = bp = xmalloc_noptr(n); |
254 | for(p = ucs; (c = *p); ++p) { |
255 | switch(c) { |
256 | default: |
257 | if(*p > 127 || *p < 32) { |
258 | case '"': |
259 | case '&': |
260 | case '<': |
261 | case '>': |
262 | bp += sprintf(bp, "&#%lu;", (unsigned long)c); |
263 | break; |
264 | } else |
265 | *bp++ = c; |
266 | } |
267 | } |
268 | *bp = 0; |
269 | return b; |
270 | } |
271 | |
272 | void cgi_attr(struct sink *output, const char *name, const char *value) { |
273 | if(!value[strspn(value, "abcdefghijklmnopqrstuvwxyz" |
274 | "ABCDEFGHIJKLMNOPQRSTUVWXYZ" |
275 | "0123456789")]) |
276 | sink_printf(output, "%s=%s", name, value); |
277 | else |
278 | sink_printf(output, "%s=\"%s\"", name, cgi_sgmlquote(value, 0)); |
279 | } |
280 | |
281 | void cgi_opentag(struct sink *output, const char *name, ...) { |
282 | va_list ap; |
283 | const char *n, *v; |
284 | |
285 | sink_printf(output, "<%s", name); |
286 | va_start(ap, name); |
287 | while((n = va_arg(ap, const char *))) { |
288 | sink_printf(output, " "); |
289 | v = va_arg(ap, const char *); |
290 | if(v) |
291 | cgi_attr(output, n, v); |
292 | else |
293 | sink_printf(output, n); |
294 | } |
295 | sink_printf(output, ">"); |
296 | } |
297 | |
298 | void cgi_closetag(struct sink *output, const char *name) { |
299 | sink_printf(output, "</%s>", name); |
300 | } |
301 | |
302 | static int template_open(const char *name, |
303 | const char *ext, |
304 | const char **filenamep) { |
305 | const char *dirs[2]; |
306 | int fd = -1, n; |
307 | char *fullpath; |
308 | |
309 | dirs[0] = pkgconfdir; |
310 | dirs[1] = pkgdatadir; |
311 | if(name[0] == '/') { |
312 | if((fd = open(name, O_RDONLY)) < 0) fatal(0, "cannot open %s", name); |
313 | *filenamep = name; |
314 | } else { |
315 | for(n = 0; n < config->templates.n + (int)(sizeof dirs / sizeof *dirs); ++n) { |
316 | byte_xasprintf(&fullpath, "%s/%s%s", |
317 | n < config->templates.n ? config->templates.s[n] |
318 | : dirs[n - config->templates.n], |
319 | name, ext); |
320 | if((fd = open(fullpath, O_RDONLY)) >= 0) break; |
321 | } |
322 | if(fd < 0) error(0, "cannot find %s%s in template path", name, ext); |
323 | *filenamep = fullpath; |
324 | } |
325 | return fd; |
326 | } |
327 | |
328 | static int valid_template_name(const char *name) { |
329 | if(strchr(name, '/') || name[0] == '.') |
330 | return 0; |
331 | return 1; |
332 | } |
333 | |
334 | void cgi_expand(const char *template, |
335 | const struct cgi_expansion *expansions, |
336 | size_t nexpansions, |
337 | cgi_sink *output, |
338 | void *u) { |
339 | int fd = -1; |
340 | int n; |
341 | off_t m; |
342 | char *b; |
343 | struct stat sb; |
344 | |
345 | if(!valid_template_name(template)) |
346 | fatal(0, "invalid template name '%s'", template); |
347 | if((fd = template_open(template, ".html", &template)) < 0) |
348 | exitfn(EXIT_FAILURE); |
349 | if(fstat(fd, &sb) < 0) fatal(errno, "cannot stat %s", template); |
350 | m = 0; |
351 | b = xmalloc_noptr(sb.st_size + 1); |
352 | while(m < sb.st_size) { |
353 | n = read(fd, b + m, sb.st_size - m); |
354 | if(n > 0) m += n; |
355 | else if(n == 0) fatal(0, "unexpected EOF reading %s", template); |
356 | else if(errno != EINTR) fatal(errno, "error reading %s", template); |
357 | } |
358 | b[sb.st_size] = 0; |
359 | xclose(fd); |
360 | cgi_expand_string(template, b, expansions, nexpansions, output, u); |
361 | } |
362 | |
363 | void cgi_expand_string(const char *name, |
364 | const char *template, |
365 | const struct cgi_expansion *expansions, |
366 | size_t nexpansions, |
367 | cgi_sink *output, |
368 | void *u) { |
369 | int braces, n, m, line = 1, sline; |
370 | char *argname; |
371 | const char *p; |
372 | struct vector v; |
373 | struct dynstr d; |
374 | cgi_sink parameter_output; |
375 | |
376 | while(*template) { |
377 | if(*template != '@') { |
378 | p = template; |
379 | while(*p && *p != '@') { |
380 | if(*p == '\n') ++line; |
381 | ++p; |
382 | } |
383 | output->sink->write(output->sink, template, p - template); |
384 | template = p; |
385 | continue; |
386 | } |
387 | vector_init(&v); |
388 | braces = 0; |
389 | ++template; |
390 | sline = line; |
391 | while(*template != '@') { |
392 | dynstr_init(&d); |
393 | if(*template == '{') { |
394 | /* bracketed arg */ |
395 | ++template; |
396 | while(*template && (*template != '}' || braces > 0)) { |
397 | switch(*template) { |
398 | case '{': ++braces; break; |
399 | case '}': --braces; break; |
400 | case '\n': ++line; break; |
401 | } |
402 | dynstr_append(&d, *template++); |
403 | } |
404 | if(!*template) fatal(0, "%s:%d: unterminated expansion", name, sline); |
405 | ++template; |
406 | /* skip whitespace after closing bracket */ |
407 | while(isspace((unsigned char)*template)) |
408 | ++template; |
409 | } else { |
410 | /* unbracketed arg */ |
411 | /* leading whitespace is not significant in unquoted args */ |
412 | while(isspace((unsigned char)*template)) |
413 | ++template; |
414 | while(*template |
415 | && *template != '@' && *template != '{' && *template != ':') { |
416 | if(*template == '\n') ++line; |
417 | dynstr_append(&d, *template++); |
418 | } |
419 | if(*template == ':') |
420 | ++template; |
421 | if(!*template) fatal(0, "%s:%d: unterminated expansion", name, sline); |
422 | /* trailing whitespace is not significant in unquoted args */ |
423 | while(d.nvec && (isspace((unsigned char)d.vec[d.nvec - 1]))) |
424 | --d.nvec; |
425 | } |
426 | dynstr_terminate(&d); |
427 | vector_append(&v, d.vec); |
428 | } |
429 | ++template; |
430 | vector_terminate(&v); |
431 | /* @@ terminates this file */ |
432 | if(v.nvec == 0) |
433 | break; |
434 | if((n = table_find(expansions, |
435 | offsetof(struct cgi_expansion, name), |
436 | sizeof (struct cgi_expansion), |
437 | nexpansions, |
438 | v.vec[0])) < 0) |
439 | fatal(0, "%s:%d: unknown expansion '%s'", name, line, v.vec[0]); |
440 | if(v.nvec - 1 < expansions[n].minargs) |
441 | fatal(0, "%s:%d: insufficient arguments to @%s@ (min %d, got %d)", |
442 | name, line, v.vec[0], expansions[n].minargs, v.nvec - 1); |
443 | if(v.nvec - 1 > expansions[n].maxargs) |
444 | fatal(0, "%s:%d: too many arguments to @%s@ (max %d, got %d)", |
445 | name, line, v.vec[0], expansions[n].maxargs, v.nvec - 1); |
446 | /* for ordinary expansions, recursively expand the arguments */ |
447 | if(!(expansions[n].flags & EXP_MAGIC)) { |
448 | for(m = 1; m < v.nvec; ++m) { |
449 | dynstr_init(&d); |
450 | byte_xasprintf(&argname, "<%s:%d arg #%d>", name, sline, m); |
451 | parameter_output.quote = 0; |
452 | parameter_output.sink = sink_dynstr(&d); |
453 | cgi_expand_string(argname, v.vec[m], |
454 | expansions, nexpansions, |
455 | ¶meter_output, u); |
456 | dynstr_terminate(&d); |
457 | v.vec[m] = d.vec; |
458 | } |
459 | } |
460 | expansions[n].handler(v.nvec - 1, v.vec + 1, output, u); |
461 | } |
462 | } |
463 | |
464 | char *cgi_makeurl(const char *url, ...) { |
465 | va_list ap; |
466 | struct kvp *kvp, *k, **kk = &kvp; |
467 | struct dynstr d; |
468 | const char *n, *v; |
469 | |
470 | dynstr_init(&d); |
471 | dynstr_append_string(&d, url); |
472 | va_start(ap, url); |
473 | while((n = va_arg(ap, const char *))) { |
474 | v = va_arg(ap, const char *); |
475 | *kk = k = xmalloc(sizeof *k); |
476 | kk = &k->next; |
477 | k->name = n; |
478 | k->value = v; |
479 | } |
480 | *kk = 0; |
481 | if(kvp) { |
482 | dynstr_append(&d, '?'); |
483 | dynstr_append_string(&d, kvp_urlencode(kvp, 0)); |
484 | } |
485 | dynstr_terminate(&d); |
486 | return d.vec; |
487 | } |
488 | |
489 | void cgi_set_option(const char *name, const char *value) { |
490 | struct kvp *k = xmalloc(sizeof *k); |
491 | |
492 | k->next = labels; |
493 | k->name = name; |
494 | k->value = value; |
495 | labels = k; |
496 | } |
497 | |
498 | static void option_label(int attribute((unused)) nvec, |
499 | char **vec) { |
500 | cgi_set_option(vec[0], vec[1]); |
501 | } |
502 | |
503 | static void option_include(int attribute((unused)) nvec, |
504 | char **vec) { |
505 | include_options(vec[0]); |
506 | } |
507 | |
508 | static void option_columns(int nvec, |
509 | char **vec) { |
510 | struct column *c = xmalloc(sizeof *c); |
511 | |
512 | c->next = columns; |
513 | c->name = vec[0]; |
514 | c->ncolumns = nvec - 1; |
515 | c->columns = &vec[1]; |
516 | columns = c; |
517 | } |
518 | |
519 | static struct option { |
520 | const char *name; |
521 | int minargs, maxargs; |
522 | void (*handler)(int nvec, char **vec); |
523 | } options[] = { |
524 | { "columns", 1, INT_MAX, option_columns }, |
525 | { "include", 1, 1, option_include }, |
526 | { "label", 2, 2, option_label }, |
527 | }; |
528 | |
529 | struct read_options_state { |
530 | const char *name; |
531 | int line; |
532 | }; |
533 | |
534 | static void read_options_error(const char *msg, |
535 | void *u) { |
536 | struct read_options_state *cs = u; |
537 | |
538 | error(0, "%s:%d: %s", cs->name, cs->line, msg); |
539 | } |
540 | |
541 | static void include_options(const char *name) { |
542 | int n, i; |
543 | int fd; |
544 | FILE *fp; |
545 | char **vec, *buffer; |
546 | struct read_options_state cs; |
547 | |
548 | if((fd = template_open(name, "", &cs.name)) < 0) return; |
549 | if(!(fp = fdopen(fd, "r"))) fatal(errno, "error calling fdopen"); |
550 | cs.line = 0; |
551 | while(!inputline(cs.name, fp, &buffer, '\n')) { |
552 | ++cs.line; |
553 | if(!(vec = split(buffer, &n, SPLIT_COMMENTS|SPLIT_QUOTES, |
554 | read_options_error, &cs))) |
555 | continue; |
556 | if(!n) continue; |
557 | if((i = TABLE_FIND(options, struct option, name, vec[0])) == -1) { |
558 | error(0, "%s:%d: unknown option '%s'", cs.name, cs.line, vec[0]); |
559 | continue; |
560 | } |
561 | ++vec; |
562 | --n; |
563 | if(n < options[i].minargs) { |
564 | error(0, "%s:%d: too few arguments to '%s'", cs.name, cs.line, vec[-1]); |
565 | continue; |
566 | } |
567 | if(n > options[i].maxargs) { |
568 | error(0, "%s:%d: too many arguments to '%s'", cs.name, cs.line, vec[-1]); |
569 | continue; |
570 | } |
571 | options[i].handler(n, vec); |
572 | } |
573 | fclose(fp); |
574 | } |
575 | |
576 | static void read_options(void) { |
577 | if(!have_read_options) { |
578 | have_read_options = 1; |
579 | include_options("options"); |
580 | } |
581 | } |
582 | |
583 | const char *cgi_label(const char *key) { |
584 | const char *label; |
585 | |
586 | read_options(); |
587 | if(!(label = kvp_get(labels, key))) { |
588 | if((label = strchr(key, '.'))) |
589 | ++label; |
590 | else |
591 | label = key; |
592 | } |
593 | return label; |
594 | } |
595 | |
596 | char **cgi_columns(const char *name, int *ncolumns) { |
597 | struct column *c; |
598 | |
599 | read_options(); |
600 | for(c = columns; c && strcmp(name, c->name); c = c->next) |
601 | ; |
602 | if(c) { |
603 | if(ncolumns) |
604 | *ncolumns = c->ncolumns; |
605 | return c->columns; |
606 | } else { |
607 | if(ncolumns) |
608 | *ncolumns = 0; |
609 | return 0; |
610 | } |
611 | } |
612 | |
613 | /* |
614 | Local Variables: |
615 | c-basic-offset:2 |
616 | comment-column:40 |
617 | End: |
618 | */ |