Commit | Line | Data |
---|---|---|
460b9539 | 1 | /* |
2 | * This file is part of DisOrder. | |
3 | * Copyright (C) 2004, 2005, 2006 Richard Kettlewell | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License as published by | |
7 | * the Free Software Foundation; either version 2 of the License, or | |
8 | * (at your option) any later version. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | * General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU General Public License | |
16 | * along with this program; if not, write to the Free Software | |
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 | |
18 | * USA | |
19 | */ | |
20 | ||
21 | #include <config.h> | |
22 | #include "types.h" | |
23 | ||
24 | #include <string.h> | |
25 | #include <stdio.h> | |
26 | #include <unistd.h> | |
27 | #include <stdlib.h> | |
28 | #include <errno.h> | |
29 | #include <sys/stat.h> | |
30 | #include <stddef.h> | |
31 | #include <fcntl.h> | |
32 | #include <unistd.h> | |
33 | #include <pcre.h> | |
34 | #include <limits.h> | |
35 | #include <fnmatch.h> | |
36 | #include <ctype.h> | |
37 | ||
38 | #include "mem.h" | |
39 | #include "log.h" | |
40 | #include "hex.h" | |
41 | #include "charset.h" | |
42 | #include "configuration.h" | |
43 | #include "table.h" | |
44 | #include "syscalls.h" | |
45 | #include "kvp.h" | |
46 | #include "vector.h" | |
47 | #include "split.h" | |
48 | #include "inputline.h" | |
49 | #include "regsub.h" | |
50 | #include "defs.h" | |
51 | #include "sink.h" | |
52 | #include "cgi.h" | |
53 | #include "printf.h" | |
54 | #include "mime.h" | |
18cda350 | 55 | #include "unicode.h" |
460b9539 | 56 | |
57 | struct kvp *cgi_args; | |
58 | ||
59 | /* options */ | |
60 | struct column { | |
61 | struct column *next; | |
62 | char *name; | |
63 | int ncolumns; | |
64 | char **columns; | |
65 | }; | |
66 | ||
67 | #define RELIST(x) struct re *x, **x##_tail = &x | |
68 | ||
69 | static int have_read_options; | |
70 | static struct kvp *labels; | |
71 | static struct column *columns; | |
72 | ||
73 | static void include_options(const char *name); | |
74 | ||
75 | static void cgi_parse_get(void) { | |
76 | const char *q; | |
77 | ||
78 | if(!(q = getenv("QUERY_STRING"))) fatal(0, "QUERY_STRING not set"); | |
79 | cgi_args = kvp_urldecode(q, strlen(q)); | |
80 | } | |
81 | ||
82 | static void cgi_input(char **ptrp, size_t *np) { | |
83 | const char *cl; | |
84 | char *q; | |
85 | size_t n, m = 0; | |
86 | int r; | |
87 | ||
88 | if(!(cl = getenv("CONTENT_LENGTH"))) fatal(0, "CONTENT_LENGTH not set"); | |
89 | n = atol(cl); | |
90 | q = xmalloc_noptr(n + 1); | |
91 | while(m < n) { | |
92 | r = read(0, q + m, n - m); | |
93 | if(r > 0) | |
94 | m += r; | |
95 | else if(r == 0) | |
96 | fatal(0, "unexpected end of file reading request body"); | |
97 | else switch(errno) { | |
98 | case EINTR: break; | |
99 | default: fatal(errno, "error reading request body"); | |
100 | } | |
101 | } | |
102 | if(memchr(q, 0, n)) fatal(0, "null character in request body"); | |
103 | q[n + 1] = 0; | |
104 | *ptrp = q; | |
105 | if(np) *np = n; | |
106 | } | |
107 | ||
108 | static int cgi_field_callback(const char *name, const char *value, | |
109 | void *u) { | |
110 | char *disposition, *pname, *pvalue; | |
111 | char **namep = u; | |
112 | ||
113 | if(!strcmp(name, "content-disposition")) { | |
114 | if(mime_rfc2388_content_disposition(value, | |
115 | &disposition, | |
116 | &pname, | |
117 | &pvalue)) | |
118 | fatal(0, "error parsing Content-Disposition field"); | |
119 | if(!strcmp(disposition, "form-data") | |
120 | && pname | |
121 | && !strcmp(pname, "name")) { | |
122 | if(*namep) | |
123 | fatal(0, "duplicate Content-Disposition field"); | |
124 | *namep = pvalue; | |
125 | } | |
126 | } | |
127 | return 0; | |
128 | } | |
129 | ||
130 | static int cgi_part_callback(const char *s, | |
131 | void attribute((unused)) *u) { | |
132 | char *name = 0; | |
133 | struct kvp *k; | |
134 | ||
135 | if(!(s = mime_parse(s, cgi_field_callback, &name))) | |
136 | fatal(0, "error parsing part header"); | |
137 | if(!name) fatal(0, "no name found"); | |
138 | k = xmalloc(sizeof *k); | |
139 | k->next = cgi_args; | |
140 | k->name = name; | |
141 | k->value = s; | |
142 | cgi_args = k; | |
143 | return 0; | |
144 | } | |
145 | ||
146 | static void cgi_parse_multipart(const char *boundary) { | |
147 | char *q; | |
148 | ||
149 | cgi_input(&q, 0); | |
150 | if(mime_multipart(q, cgi_part_callback, boundary, 0)) | |
151 | fatal(0, "invalid multipart object"); | |
152 | } | |
153 | ||
154 | static void cgi_parse_post(void) { | |
155 | const char *ct; | |
156 | char *q, *type, *pname, *pvalue; | |
157 | size_t n; | |
158 | ||
159 | if(!(ct = getenv("CONTENT_TYPE"))) | |
160 | ct = "application/x-www-form-urlencoded"; | |
161 | if(mime_content_type(ct, &type, &pname, &pvalue)) | |
162 | fatal(0, "invalid content type '%s'", ct); | |
163 | if(!strcmp(type, "application/x-www-form-urlencoded")) { | |
164 | cgi_input(&q, &n); | |
165 | cgi_args = kvp_urldecode(q, n); | |
166 | return; | |
167 | } | |
168 | if(!strcmp(type, "multipart/form-data")) { | |
169 | if(!pname || strcmp(pname, "boundary")) | |
170 | fatal(0, "expected a boundary parameter, found %s", | |
171 | pname ? pname : "nothing"); | |
172 | cgi_parse_multipart(pvalue); | |
173 | return; | |
174 | } | |
175 | fatal(0, "unrecognized content type '%s'", type); | |
176 | } | |
177 | ||
178 | void cgi_parse(void) { | |
179 | const char *p; | |
180 | struct kvp *k; | |
181 | ||
182 | if(!(p = getenv("REQUEST_METHOD"))) fatal(0, "REQUEST_METHOD not set"); | |
183 | if(!strcmp(p, "GET")) | |
184 | cgi_parse_get(); | |
185 | else if(!strcmp(p, "POST")) | |
186 | cgi_parse_post(); | |
187 | else | |
188 | fatal(0, "unknown request method %s", p); | |
189 | for(k = cgi_args; k; k = k->next) | |
18cda350 RK |
190 | if(!utf8_valid(k->name, strlen(k->name)) |
191 | || !utf8_valid(k->value, strlen(k->value))) | |
460b9539 | 192 | fatal(0, "invalid UTF-8 sequence in cgi argument"); |
193 | } | |
194 | ||
195 | const char *cgi_get(const char *name) { | |
196 | return kvp_get(cgi_args, name); | |
197 | } | |
198 | ||
199 | void cgi_output(cgi_sink *output, const char *fmt, ...) { | |
200 | va_list ap; | |
201 | int n; | |
202 | char *r; | |
203 | ||
204 | va_start(ap, fmt); | |
205 | n = byte_vasprintf(&r, fmt, ap); | |
206 | if(n < 0) | |
207 | fatal(errno, "error calling byte_vasprintf"); | |
208 | if(output->quote) | |
209 | r = cgi_sgmlquote(r, 0); | |
210 | output->sink->write(output->sink, r, strlen(r)); | |
211 | va_end(ap); | |
212 | } | |
213 | ||
214 | void cgi_header(struct sink *output, const char *name, const char *value) { | |
215 | sink_printf(output, "%s: %s\r\n", name, value); | |
216 | } | |
217 | ||
218 | void cgi_body(struct sink *output) { | |
219 | sink_printf(output, "\r\n"); | |
220 | } | |
221 | ||
222 | char *cgi_sgmlquote(const char *s, int raw) { | |
223 | uint32_t *ucs, *p, c; | |
224 | char *b, *bp; | |
225 | int n; | |
226 | ||
227 | if(!raw) { | |
caecd4f4 | 228 | if(!(ucs = utf8_to_utf32(s, strlen(s), 0))) exit(EXIT_FAILURE); |
460b9539 | 229 | } else { |
230 | ucs = xmalloc_noptr((strlen(s) + 1) * sizeof(uint32_t)); | |
231 | for(n = 0; s[n]; ++n) | |
232 | ucs[n] = (unsigned char)s[n]; | |
233 | ucs[n] = 0; | |
234 | } | |
235 | ||
236 | n = 1; | |
237 | /* estimate the length we'll need */ | |
238 | for(p = ucs; (c = *p); ++p) { | |
239 | switch(c) { | |
240 | default: | |
241 | if(c > 127 || c < 32) { | |
242 | case '"': | |
243 | case '&': | |
244 | case '<': | |
245 | case '>': | |
246 | n += 12; | |
247 | break; | |
248 | } else | |
249 | n++; | |
250 | } | |
251 | } | |
252 | /* format the string */ | |
253 | b = bp = xmalloc_noptr(n); | |
254 | for(p = ucs; (c = *p); ++p) { | |
255 | switch(c) { | |
256 | default: | |
257 | if(*p > 127 || *p < 32) { | |
258 | case '"': | |
259 | case '&': | |
260 | case '<': | |
261 | case '>': | |
262 | bp += sprintf(bp, "&#%lu;", (unsigned long)c); | |
263 | break; | |
264 | } else | |
265 | *bp++ = c; | |
266 | } | |
267 | } | |
268 | *bp = 0; | |
269 | return b; | |
270 | } | |
271 | ||
272 | void cgi_attr(struct sink *output, const char *name, const char *value) { | |
273 | if(!value[strspn(value, "abcdefghijklmnopqrstuvwxyz" | |
274 | "ABCDEFGHIJKLMNOPQRSTUVWXYZ" | |
275 | "0123456789")]) | |
276 | sink_printf(output, "%s=%s", name, value); | |
277 | else | |
278 | sink_printf(output, "%s=\"%s\"", name, cgi_sgmlquote(value, 0)); | |
279 | } | |
280 | ||
281 | void cgi_opentag(struct sink *output, const char *name, ...) { | |
282 | va_list ap; | |
283 | const char *n, *v; | |
284 | ||
285 | sink_printf(output, "<%s", name); | |
286 | va_start(ap, name); | |
287 | while((n = va_arg(ap, const char *))) { | |
288 | sink_printf(output, " "); | |
289 | v = va_arg(ap, const char *); | |
290 | if(v) | |
291 | cgi_attr(output, n, v); | |
292 | else | |
293 | sink_printf(output, n); | |
294 | } | |
295 | sink_printf(output, ">"); | |
296 | } | |
297 | ||
298 | void cgi_closetag(struct sink *output, const char *name) { | |
299 | sink_printf(output, "</%s>", name); | |
300 | } | |
301 | ||
302 | static int template_open(const char *name, | |
303 | const char *ext, | |
304 | const char **filenamep) { | |
305 | const char *dirs[2]; | |
306 | int fd = -1, n; | |
307 | char *fullpath; | |
308 | ||
309 | dirs[0] = pkgconfdir; | |
310 | dirs[1] = pkgdatadir; | |
311 | if(name[0] == '/') { | |
312 | if((fd = open(name, O_RDONLY)) < 0) fatal(0, "cannot open %s", name); | |
313 | *filenamep = name; | |
314 | } else { | |
315 | for(n = 0; n < config->templates.n + (int)(sizeof dirs / sizeof *dirs); ++n) { | |
316 | byte_xasprintf(&fullpath, "%s/%s%s", | |
317 | n < config->templates.n ? config->templates.s[n] | |
318 | : dirs[n - config->templates.n], | |
319 | name, ext); | |
320 | if((fd = open(fullpath, O_RDONLY)) >= 0) break; | |
321 | } | |
322 | if(fd < 0) error(0, "cannot find %s%s in template path", name, ext); | |
323 | *filenamep = fullpath; | |
324 | } | |
325 | return fd; | |
326 | } | |
327 | ||
328 | static int valid_template_name(const char *name) { | |
329 | if(strchr(name, '/') || name[0] == '.') | |
330 | return 0; | |
331 | return 1; | |
332 | } | |
333 | ||
334 | void cgi_expand(const char *template, | |
335 | const struct cgi_expansion *expansions, | |
336 | size_t nexpansions, | |
337 | cgi_sink *output, | |
338 | void *u) { | |
339 | int fd = -1; | |
340 | int n; | |
341 | off_t m; | |
342 | char *b; | |
343 | struct stat sb; | |
344 | ||
345 | if(!valid_template_name(template)) | |
346 | fatal(0, "invalid template name '%s'", template); | |
347 | if((fd = template_open(template, ".html", &template)) < 0) | |
348 | exitfn(EXIT_FAILURE); | |
349 | if(fstat(fd, &sb) < 0) fatal(errno, "cannot stat %s", template); | |
350 | m = 0; | |
351 | b = xmalloc_noptr(sb.st_size + 1); | |
352 | while(m < sb.st_size) { | |
353 | n = read(fd, b + m, sb.st_size - m); | |
354 | if(n > 0) m += n; | |
355 | else if(n == 0) fatal(0, "unexpected EOF reading %s", template); | |
356 | else if(errno != EINTR) fatal(errno, "error reading %s", template); | |
357 | } | |
358 | b[sb.st_size] = 0; | |
359 | xclose(fd); | |
360 | cgi_expand_string(template, b, expansions, nexpansions, output, u); | |
361 | } | |
362 | ||
363 | void cgi_expand_string(const char *name, | |
364 | const char *template, | |
365 | const struct cgi_expansion *expansions, | |
366 | size_t nexpansions, | |
367 | cgi_sink *output, | |
368 | void *u) { | |
369 | int braces, n, m, line = 1, sline; | |
370 | char *argname; | |
371 | const char *p; | |
372 | struct vector v; | |
373 | struct dynstr d; | |
374 | cgi_sink parameter_output; | |
375 | ||
376 | while(*template) { | |
377 | if(*template != '@') { | |
378 | p = template; | |
379 | while(*p && *p != '@') { | |
380 | if(*p == '\n') ++line; | |
381 | ++p; | |
382 | } | |
383 | output->sink->write(output->sink, template, p - template); | |
384 | template = p; | |
385 | continue; | |
386 | } | |
387 | vector_init(&v); | |
388 | braces = 0; | |
389 | ++template; | |
390 | sline = line; | |
391 | while(*template != '@') { | |
392 | dynstr_init(&d); | |
393 | if(*template == '{') { | |
394 | /* bracketed arg */ | |
395 | ++template; | |
396 | while(*template && (*template != '}' || braces > 0)) { | |
397 | switch(*template) { | |
398 | case '{': ++braces; break; | |
399 | case '}': --braces; break; | |
400 | case '\n': ++line; break; | |
401 | } | |
402 | dynstr_append(&d, *template++); | |
403 | } | |
404 | if(!*template) fatal(0, "%s:%d: unterminated expansion", name, sline); | |
405 | ++template; | |
406 | /* skip whitespace after closing bracket */ | |
407 | while(isspace((unsigned char)*template)) | |
408 | ++template; | |
409 | } else { | |
410 | /* unbracketed arg */ | |
411 | /* leading whitespace is not significant in unquoted args */ | |
412 | while(isspace((unsigned char)*template)) | |
413 | ++template; | |
414 | while(*template | |
415 | && *template != '@' && *template != '{' && *template != ':') { | |
416 | if(*template == '\n') ++line; | |
417 | dynstr_append(&d, *template++); | |
418 | } | |
419 | if(*template == ':') | |
420 | ++template; | |
421 | if(!*template) fatal(0, "%s:%d: unterminated expansion", name, sline); | |
422 | /* trailing whitespace is not significant in unquoted args */ | |
423 | while(d.nvec && (isspace((unsigned char)d.vec[d.nvec - 1]))) | |
424 | --d.nvec; | |
425 | } | |
426 | dynstr_terminate(&d); | |
427 | vector_append(&v, d.vec); | |
428 | } | |
429 | ++template; | |
430 | vector_terminate(&v); | |
431 | /* @@ terminates this file */ | |
432 | if(v.nvec == 0) | |
433 | break; | |
434 | if((n = table_find(expansions, | |
435 | offsetof(struct cgi_expansion, name), | |
436 | sizeof (struct cgi_expansion), | |
437 | nexpansions, | |
438 | v.vec[0])) < 0) | |
439 | fatal(0, "%s:%d: unknown expansion '%s'", name, line, v.vec[0]); | |
440 | if(v.nvec - 1 < expansions[n].minargs) | |
441 | fatal(0, "%s:%d: insufficient arguments to @%s@ (min %d, got %d)", | |
442 | name, line, v.vec[0], expansions[n].minargs, v.nvec - 1); | |
443 | if(v.nvec - 1 > expansions[n].maxargs) | |
444 | fatal(0, "%s:%d: too many arguments to @%s@ (max %d, got %d)", | |
445 | name, line, v.vec[0], expansions[n].maxargs, v.nvec - 1); | |
446 | /* for ordinary expansions, recursively expand the arguments */ | |
447 | if(!(expansions[n].flags & EXP_MAGIC)) { | |
448 | for(m = 1; m < v.nvec; ++m) { | |
449 | dynstr_init(&d); | |
450 | byte_xasprintf(&argname, "<%s:%d arg #%d>", name, sline, m); | |
451 | parameter_output.quote = 0; | |
452 | parameter_output.sink = sink_dynstr(&d); | |
453 | cgi_expand_string(argname, v.vec[m], | |
454 | expansions, nexpansions, | |
455 | ¶meter_output, u); | |
456 | dynstr_terminate(&d); | |
457 | v.vec[m] = d.vec; | |
458 | } | |
459 | } | |
460 | expansions[n].handler(v.nvec - 1, v.vec + 1, output, u); | |
461 | } | |
462 | } | |
463 | ||
464 | char *cgi_makeurl(const char *url, ...) { | |
465 | va_list ap; | |
466 | struct kvp *kvp, *k, **kk = &kvp; | |
467 | struct dynstr d; | |
468 | const char *n, *v; | |
469 | ||
470 | dynstr_init(&d); | |
471 | dynstr_append_string(&d, url); | |
472 | va_start(ap, url); | |
473 | while((n = va_arg(ap, const char *))) { | |
474 | v = va_arg(ap, const char *); | |
475 | *kk = k = xmalloc(sizeof *k); | |
476 | kk = &k->next; | |
477 | k->name = n; | |
478 | k->value = v; | |
479 | } | |
480 | *kk = 0; | |
481 | if(kvp) { | |
482 | dynstr_append(&d, '?'); | |
483 | dynstr_append_string(&d, kvp_urlencode(kvp, 0)); | |
484 | } | |
485 | dynstr_terminate(&d); | |
486 | return d.vec; | |
487 | } | |
488 | ||
489 | void cgi_set_option(const char *name, const char *value) { | |
490 | struct kvp *k = xmalloc(sizeof *k); | |
491 | ||
492 | k->next = labels; | |
493 | k->name = name; | |
494 | k->value = value; | |
495 | labels = k; | |
496 | } | |
497 | ||
498 | static void option_label(int attribute((unused)) nvec, | |
499 | char **vec) { | |
500 | cgi_set_option(vec[0], vec[1]); | |
501 | } | |
502 | ||
503 | static void option_include(int attribute((unused)) nvec, | |
504 | char **vec) { | |
505 | include_options(vec[0]); | |
506 | } | |
507 | ||
508 | static void option_columns(int nvec, | |
509 | char **vec) { | |
510 | struct column *c = xmalloc(sizeof *c); | |
511 | ||
512 | c->next = columns; | |
513 | c->name = vec[0]; | |
514 | c->ncolumns = nvec - 1; | |
515 | c->columns = &vec[1]; | |
516 | columns = c; | |
517 | } | |
518 | ||
519 | static struct option { | |
520 | const char *name; | |
521 | int minargs, maxargs; | |
522 | void (*handler)(int nvec, char **vec); | |
523 | } options[] = { | |
524 | { "columns", 1, INT_MAX, option_columns }, | |
525 | { "include", 1, 1, option_include }, | |
526 | { "label", 2, 2, option_label }, | |
527 | }; | |
528 | ||
529 | struct read_options_state { | |
530 | const char *name; | |
531 | int line; | |
532 | }; | |
533 | ||
534 | static void read_options_error(const char *msg, | |
535 | void *u) { | |
536 | struct read_options_state *cs = u; | |
537 | ||
538 | error(0, "%s:%d: %s", cs->name, cs->line, msg); | |
539 | } | |
540 | ||
541 | static void include_options(const char *name) { | |
542 | int n, i; | |
543 | int fd; | |
544 | FILE *fp; | |
545 | char **vec, *buffer; | |
546 | struct read_options_state cs; | |
547 | ||
548 | if((fd = template_open(name, "", &cs.name)) < 0) return; | |
549 | if(!(fp = fdopen(fd, "r"))) fatal(errno, "error calling fdopen"); | |
550 | cs.line = 0; | |
551 | while(!inputline(cs.name, fp, &buffer, '\n')) { | |
552 | ++cs.line; | |
553 | if(!(vec = split(buffer, &n, SPLIT_COMMENTS|SPLIT_QUOTES, | |
554 | read_options_error, &cs))) | |
555 | continue; | |
556 | if(!n) continue; | |
557 | if((i = TABLE_FIND(options, struct option, name, vec[0])) == -1) { | |
558 | error(0, "%s:%d: unknown option '%s'", cs.name, cs.line, vec[0]); | |
559 | continue; | |
560 | } | |
561 | ++vec; | |
562 | --n; | |
563 | if(n < options[i].minargs) { | |
564 | error(0, "%s:%d: too few arguments to '%s'", cs.name, cs.line, vec[-1]); | |
565 | continue; | |
566 | } | |
567 | if(n > options[i].maxargs) { | |
568 | error(0, "%s:%d: too many arguments to '%s'", cs.name, cs.line, vec[-1]); | |
569 | continue; | |
570 | } | |
571 | options[i].handler(n, vec); | |
572 | } | |
573 | fclose(fp); | |
574 | } | |
575 | ||
576 | static void read_options(void) { | |
577 | if(!have_read_options) { | |
578 | have_read_options = 1; | |
579 | include_options("options"); | |
580 | } | |
581 | } | |
582 | ||
583 | const char *cgi_label(const char *key) { | |
584 | const char *label; | |
585 | ||
586 | read_options(); | |
587 | if(!(label = kvp_get(labels, key))) { | |
588 | if((label = strchr(key, '.'))) | |
589 | ++label; | |
590 | else | |
591 | label = key; | |
592 | } | |
593 | return label; | |
594 | } | |
595 | ||
596 | char **cgi_columns(const char *name, int *ncolumns) { | |
597 | struct column *c; | |
598 | ||
599 | read_options(); | |
600 | for(c = columns; c && strcmp(name, c->name); c = c->next) | |
601 | ; | |
602 | if(c) { | |
603 | if(ncolumns) | |
604 | *ncolumns = c->ncolumns; | |
605 | return c->columns; | |
606 | } else { | |
607 | if(ncolumns) | |
608 | *ncolumns = 0; | |
609 | return 0; | |
610 | } | |
611 | } | |
612 | ||
613 | /* | |
614 | Local Variables: | |
615 | c-basic-offset:2 | |
616 | comment-column:40 | |
617 | End: | |
618 | */ |