Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/libexec/httpd * add CGI support for ~user translation (-E sw...
details: https://anonhg.NetBSD.org/src/rev/eb67231c43fa
branches: trunk
changeset: 341257:eb67231c43fa
user: shm <shm%NetBSD.org@localhost>
date: Wed Oct 28 09:20:15 2015 +0000
description:
* add CGI support for ~user translation (-E switch)
* add redirects to ~user translation
* fix bugs around ~user translation
* add schema detection for absolute redirects
* fixed few memory leaks
* bunch of minor tweaks
* removed -r support
* smarter redirects
OK mrg@
diffstat:
libexec/httpd/CHANGES | 10 +
libexec/httpd/auth-bozo.c | 5 +-
libexec/httpd/bozohttpd.8 | 39 ++-
libexec/httpd/bozohttpd.c | 405 ++++++++++++++++++++------------------
libexec/httpd/bozohttpd.h | 15 +-
libexec/httpd/cgi-bozo.c | 9 +-
libexec/httpd/dir-index-bozo.c | 22 +-
libexec/httpd/lua/bozo.lua | 5 +-
libexec/httpd/main.c | 36 ++-
libexec/httpd/tilde-luzah-bozo.c | 46 +--
10 files changed, 330 insertions(+), 262 deletions(-)
diffs (truncated from 1118 to 300 lines):
diff -r c016da0764d2 -r eb67231c43fa libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES Wed Oct 28 08:15:53 2015 +0000
+++ b/libexec/httpd/CHANGES Wed Oct 28 09:20:15 2015 +0000
@@ -1,5 +1,15 @@
$eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $
+changes in bozohttpd 20151028:
+ o add CGI support for ~user translation (-E switch)
+ o add redirects to ~user translation
+ o fix bugs around ~user translation
+ o add schema detection for absolute redirects
+ o fixed few memory leaks
+ o bunch of minor tweaks
+ o removed -r support
+ o smarter redirects
+
changes in bozohttpd 20150320:
o fix redirection handling
o support transport stream (.ts) and video object (.vob) files
diff -r c016da0764d2 -r eb67231c43fa libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Wed Oct 28 08:15:53 2015 +0000
+++ b/libexec/httpd/auth-bozo.c Wed Oct 28 09:20:15 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-bozo.c,v 1.16 2014/12/26 19:52:00 mrg Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.17 2015/10/28 09:20:15 shm Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
@@ -190,8 +190,7 @@
if (code == 401)
bozo_printf(httpd,
"WWW-Authenticate: Basic realm=\"%s\"\r\n",
- (request && request->hr_authrealm) ?
- request->hr_authrealm : "default realm");
+ request->hr_authrealm ? request->hr_authrealm : "default realm");
}
#ifndef NO_CGIBIN_SUPPORT
diff -r c016da0764d2 -r eb67231c43fa libexec/httpd/bozohttpd.8
--- a/libexec/httpd/bozohttpd.8 Wed Oct 28 08:15:53 2015 +0000
+++ b/libexec/httpd/bozohttpd.8 Wed Oct 28 09:20:15 2015 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: bozohttpd.8,v 1.53 2015/08/13 12:30:08 wiz Exp $
+.\" $NetBSD: bozohttpd.8,v 1.54 2015/10/28 09:20:15 shm Exp $
.\"
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
@@ -111,9 +111,11 @@
directory.
In other words, all CGI URL's must begin with
.Em \%/cgi-bin/ .
-Note that the CGI/1.1 interface is not available with
+Note that the CGI/1.1 interface is available with
.Em ~user
-translation.
+translation using
+.Fl E
+switch.
.It Fl e
Causes
.Nm
@@ -223,15 +225,6 @@
.Dq public_html
to
.Ar pubdir .
-.It Fl r
-Forces pages besides the
-.Dq index.html
-(see the
-.Fl X
-option) page to require that the Referrer: header be present and
-refer to this web server, otherwise a redirect to the
-.Dq index.html
-page will be returned instead.
.It Fl S Ar server_software
Sets the internal server version to
.Ar server_software .
@@ -270,6 +263,12 @@
(but see the
.Fl p
option above).
+.It Fl E
+Enables CGI/1.1 interface for
+.Em ~user
+translation.
+Note that enabling this support implies that users can run
+commands as web server user, this may have security implications.
.It Fl V
Sets the default virtual host directory to
.Ar slashdir .
@@ -462,12 +461,23 @@
.Nm
will perform a smart redirect to the target of this symlink.
The target is assumed to live on the same server.
+If target starts with slash then absolute redirection is performed,
+otherwise it's handled as relative.
If a
.Pa .bzabsredirect
symbolic link is found,
.Nm
will redirect to the absolute url pointed to by this symlink.
This is useful to redirect to different servers.
+Two forms of redirection are supported - symbolic link without schema will use
+.Em http://
+as default i.e. link to
+.Em NetBSD.org
+will redirect to
+.Em http://NetBSD.org/
+Otherwise provided schema will be used i.e. symbolic link to
+.Em ftp://NetBSD.org/
+will redirect to provided the URL.
.Sh EXAMPLES
To configure set of virtual hosts, one would use an
.Xr inetd.conf 5
@@ -613,7 +623,7 @@
.Aq Mt jmmv%NetBSD.org@localhost
Added the
.Fl P
-option.
+option (pidfile support) and provided some man page fixes.
.It
.An Luke Mewburn
.Aq Mt lukem%NetBSD.org@localhost
@@ -666,9 +676,6 @@
provided chroot and change-to-user support, and other various fixes
.It
Coyote Point provided various CGI fixes.
-.It
-.An Julio Merino
-added pidfile support and provided some man page fixes.
.El
.Pp
There are probably others I have forgotten (let me know if you care)
diff -r c016da0764d2 -r eb67231c43fa libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Wed Oct 28 08:15:53 2015 +0000
+++ b/libexec/httpd/bozohttpd.c Wed Oct 28 09:20:15 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.66 2015/07/16 12:19:23 shm Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.67 2015/10/28 09:20:15 shm Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -341,6 +341,7 @@
free(request->hr_oldfile);
free(request->hr_query);
free(request->hr_host);
+ bozo_user_free(request->hr_user);
bozo_auth_cleanup(request);
for (hdr = SIMPLEQ_FIRST(&request->hr_headers); hdr;
hdr = SIMPLEQ_NEXT(hdr, h_next)) {
@@ -851,10 +852,11 @@
/*
* given an url, encode it ala rfc 3986. ie, escape ? and friends.
* note that this function returns a static buffer, and thus needs
- * to be updated for any sort of parallel processing.
+ * to be updated for any sort of parallel processing. escape only
+ * chosen characters for absolute redirects
*/
char *
-bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url)
+bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url, int absolute)
{
static char *buf;
static size_t buflen = 0;
@@ -868,11 +870,6 @@
buf = bozorealloc(httpd, buf, buflen);
}
- if (url == NULL) {
- buf[0] = 0;
- return buf;
- }
-
for (len = 0, s = url, d = buf; *s;) {
if (*s & 0x80)
goto encode_it;
@@ -895,15 +892,18 @@
case ';':
case '=':
case '%':
+ case '"':
+ if (absolute)
+ goto leave_it;
case '\n':
case '\r':
case ' ':
- case '"':
encode_it:
snprintf(d, 4, "%%%02X", *s++);
d += 3;
len += 3;
break;
+ leave_it:
default:
*d++ = *s++;
len++;
@@ -916,56 +916,24 @@
}
/*
- * checks to see if this request has a valid .bzdirect file. returns
- * 0 on failure and 1 on success.
- */
-static int
-check_direct_access(bozo_httpreq_t *request)
-{
- FILE *fp;
- struct stat sb;
- char dir[MAXPATHLEN], dirfile[MAXPATHLEN], *basename;
-
- snprintf(dir, sizeof(dir), "%s", request->hr_file + 1);
- debug((request->hr_httpd, DEBUG_FAT, "check_direct_access: dir %s", dir));
- basename = strrchr(dir, '/');
-
- if ((!basename || basename[1] != '\0') &&
- lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode))
- /* nothing */;
- else if (basename == NULL)
- strcpy(dir, ".");
- else {
- *basename++ = '\0';
- bozo_check_special_files(request, basename);
- }
-
- if ((size_t)snprintf(dirfile, sizeof(dirfile), "%s/%s", dir,
- DIRECT_ACCESS_FILE) >= sizeof(dirfile)) {
- bozo_http_error(request->hr_httpd, 404, request,
- "directfile path too long");
- return 0;
- }
- if (stat(dirfile, &sb) < 0 ||
- (fp = fopen(dirfile, "r")) == NULL)
- return 0;
- fclose(fp);
- return 1;
-}
-
-/*
- * do automatic redirection -- if there are query parameters for the URL
- * we will tack these on to the new (redirected) URL.
+ * do automatic redirection -- if there are query parameters or userdir for
+ * the URL we will tack these on to the new (redirected) URL.
*/
static void
handle_redirect(bozo_httpreq_t *request,
const char *url, int absolute)
{
bozohttpd_t *httpd = request->hr_httpd;
- char *urlbuf;
+ char *finalurl, *urlbuf;
+#ifndef NO_USER_SUPPORT
+ char *userbuf;
+#endif /* !NO_USER_SUPPORT */
char portbuf[20];
const char *hostname = BOZOHOST(httpd, request);
+ size_t finalurl_len;
int query = 0;
+ int absproto = 0; /* absolute redirect provides own schema
+ * eg. https:// */
if (url == NULL) {
if (asprintf(&urlbuf, "/%s/", request->hr_file) < 0)
@@ -973,7 +941,46 @@
url = urlbuf;
} else
urlbuf = NULL;
- url = bozo_escape_rfc3986(request->hr_httpd, url);
+
+#ifndef NO_USER_SUPPORT
+ if (request->hr_user && !absolute) {
+ if (asprintf(&userbuf, "/~%s%s", request->hr_user, url) < 0)
+ bozo_err(httpd, 1, "asprintf");
+ url = userbuf;
+ } else
+ userbuf = NULL;
+#endif /* !NO_USER_SUPPORT */
+
+ if (absolute) {
+ char *sep = NULL;
+ const char *s;
+
+ /*
+ * absolute redirect may specify own protocol i.e. to redirect to
+ * another schema like https:// or ftp://. Details: RFC 3986, section
+ * 3.
+ */
+
+ /* 1. check if url contains :// */
+ sep = strstr(url, "://");
+
+ /*
+ * RFC 3986, section 3.1:
+ * scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+ */
+ if (sep != NULL) {
+ for (s = url; s != sep;) {
+ if (!isalnum((int)*s) && *s != '+' && *s != '-' &&
+ *s != '.')
+ break;
+ if (++s == sep) {
Home |
Main Index |
Thread Index |
Old Index