Snort_AIPreproc/webserv.c

461 lines
13 KiB
C
Raw Normal View History

2010-10-07 12:19:21 +02:00
/*
* =====================================================================================
*
* Filename: webserv.c
*
* Description: Web server for managing the web interface of the module
*
* Version: 0.1
* Created: 05/10/2010 14:12:24
* Revision: none
* Compiler: gcc
*
* Author: BlackLight (http://0x00.ath.cx), <blacklight@autistici.org>
* Licence: GNU GPL v.3
* Company: DO WHAT YOU WANT CAUSE A PIRATE IS FREE, YOU ARE A PIRATE!
*
* =====================================================================================
*/
#include "spp_ai.h"
#include <alloca.h>
#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <time.h>
#include <unistd.h>
/** \defgroup webserv Web server managing the web interface of the module
* @{ */
#define HTTP_RESPONSE_HEADERS_FORMAT "%s %d %s\r\n" \
"Date: %s\r\n" \
"Server: %s\r\n" \
"Content-Type: %s\r\n" \
"Content-Length: %u\r\n\r\n"
#define HTTP_ERR_RESPONSE_FORMAT "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n" \
"<html><head>\n" \
"<title>%u %s</title>\n" \
"</head><body>\n" \
"<h1>%s</h1>\n" \
"<p>%s</p>\n" \
"<hr>\n" \
"<i>%s</i>\n" \
"</body></html>\n\n"
/**
* \brief Escape a string to be used or included in an URL
* \param str String to be escaped
* \param out Pointer to the string containing the output (its length must be at least 3*length(str) + 2)
* \param str_len Length of the input string
* \return The length of the output string after the operation
*/
size_t
__AI_url_escape ( char *str, char **out, size_t str_len )
{
char escape_seq[5] = { 0 };
size_t i,
out_len = 0;
for ( i=0; i < str_len; i++ )
{
if (
( str[i] >= 'a' && str[i] <= 'z' ) ||
( str[i] >= 'A' && str[i] <= 'Z' ) ||
( str[i] >= '0' && str[i] <= '9' ) ||
str[i] == '_' || str[i] == '.' || str[i] == '/' ||
str[i] == '?' || str[i] == '=' )
{
(*out)[out_len++] = str[i];
} else {
snprintf ( escape_seq, sizeof ( escape_seq ), "%%%.2X", str[i] );
(*out)[out_len++] = escape_seq[0];
(*out)[out_len++] = escape_seq[1];
(*out)[out_len++] = escape_seq[2];
}
}
(*out)[out_len] = 0;
return out_len;
} /* ----- end of function __AI_url_escape ----- */
/**
* \brief Unescape a string in URL format
* \param str String to be unescaped
* \param out Pointer to the string containing the output (its length must be at least the same of str + 1)
* \param str_len Length of the input string
* \return The length of the output string after the operation
*/
PRIVATE size_t
__AI_url_unescape ( char *str, char **out, size_t str_len )
{
char escape_seq[5] = { 0 };
size_t i,
out_len = 0;
for ( i=0; i < str_len; i++ )
{
if ( str[i] == '%' && i < str_len-2 )
{
if (
(( str[i+1] >= '0' && str[i+1] <= '9' ) ||
( str[i+1] >= 'a' && str[i+1] <= 'z' ) ||
( str[i+1] >= 'A' && str[i+1] <= 'Z' )) &&
(( str[i+2] >= '0' && str[i+2] <= '9' ) ||
( str[i+2] >= 'a' && str[i+2] <= 'z' ) ||
( str[i+2] >= 'A' && str[i+2] <= 'Z' )))
{
escape_seq[0] = str[i+1];
escape_seq[1] = str[i+2];
escape_seq[2] = 0;
(*out)[out_len++] = (char) strtoul ( escape_seq, NULL, 16 );
i += 2;
continue;
}
}
(*out)[out_len++] = str[i];
}
(*out)[out_len] = 0;
return out_len;
} /* ----- end of function __AI_url_unescape ----- */
/**
* \brief Read a line from a file descriptor
* \param fp FILE descriptor
* \return A char* pointer to the read line (to be free-ed!!!)
*/
PRIVATE char*
__AI_getline ( FILE *fp )
{
char ch;
char *line = NULL;
int nbytes = 1;
if ( !feof ( fp ))
{
while (( ch = fgetc ( fp )) != '\n' && ch != '\0' && !feof ( fp ))
{
if ( ch == '\r' )
continue;
if ( !( line = (char*) realloc ( line, ++nbytes )))
{
AI_fatal_err ( "Fatal dynamic memory allocation", __FILE__, __LINE__ );
}
line[ nbytes - 2 ] = ch;
}
}
if ( nbytes > 1 )
{
line[ nbytes - 1 ] = 0;
}
return line;
} /* ----- end of function __AI_getline ----- */
/**
* \brief Manage a client connection
* \param arg void* reference to the client socket
*/
PRIVATE void*
__AI_webservlet_thread ( void *arg )
{
time_t ltime = time ( NULL );
struct stat st;
FILE *sock = NULL,
*fp = NULL;
int i,
*sd = (int*) arg,
nlines = 0,
nmatches = 0,
max_content_length = 0,
max_headers_length = 0,
req_file_absolute_path_size = 0;
char *line = NULL,
*unescaped = NULL,
*http_response = NULL,
*http_headers = NULL,
*strtime = NULL,
**matches = NULL,
*req_file_absolute_path = NULL,
content_type[108] = { 0 },
extension[100] = { 0 },
http_ver[10] = { 0 },
req_file[1024] = { 0 };
max_content_length = strlen ( HTTP_ERR_RESPONSE_FORMAT ) + strlen ( config->webserv_banner ) + 1000;
max_headers_length = strlen ( HTTP_RESPONSE_HEADERS_FORMAT ) + strlen ( config->webserv_banner ) + 1000;
if ( !( http_response = (char*) alloca ( max_content_length )))
{
pthread_exit ((void*) 0);
return (void*) 0;
}
if ( !( http_headers = (char*) alloca ( max_headers_length )))
{
pthread_exit ((void*) 0);
return (void*) 0;
}
if ( !( sock = fdopen ( *sd, "r+" )))
{
pthread_exit ((void*) 0);
return (void*) 0;
}
req_file_absolute_path_size = sizeof ( req_file ) + strlen ( config->webserv_dir ) + 1;
if ( !( req_file_absolute_path = (char*) alloca ( req_file_absolute_path_size )))
{
pthread_exit ((void*) 0);
return (void*) 0;
}
for ( nlines=0; ( line = __AI_getline ( sock )); nlines++ )
{
if ( preg_match ( "^\\s*GET\\s+(/[^ ]*)\\s*(HTTP/[0-9]\\.[0-9])?", line, &matches, &nmatches ) > 0 )
{
if ( strlen ( matches[1] ) > 0 )
{
strncpy ( http_ver, matches[1], sizeof ( http_ver ));
} else {
strncpy ( http_ver, "HTTP/1.0", sizeof ( http_ver ));
}
if ( !strcmp ( matches[0], "/" ))
{
free ( matches[0] );
matches[0] = strdup ( "/index.html" );
}
snprintf ( req_file_absolute_path, req_file_absolute_path_size, "%s%s", config->webserv_dir, matches[0] );
if ( strcmp ( http_ver, "HTTP/1.0" ) && strcmp ( http_ver, "HTTP/1.1" ))
{
snprintf ( http_response, max_content_length, HTTP_ERR_RESPONSE_FORMAT,
400, "Bad Request", "Bad Request",
"The request could not be understood by the server due to malformed syntax",
config->webserv_banner );
ltime = time ( NULL );
strtime = strdup ( ctime ( &ltime ));
strtime [ strlen(strtime) - 1 ] = 0;
snprintf ( http_headers, max_headers_length, HTTP_RESPONSE_HEADERS_FORMAT,
"HTTP/1.1", 400, "Bad Request", strtime,
config->webserv_banner, "text/html", strlen ( http_response ));
free ( strtime );
free ( line );
line = NULL;
continue;
}
for ( i=0; i < nmatches; i++ )
{
free ( matches[i] );
}
free ( matches );
matches = NULL;
if ( !( unescaped = (char*) alloca ( strlen ( req_file_absolute_path ) + 2 )))
{
pthread_exit ((void*) 0);
return (void*) 0;
}
/* Avoid directory traversal */
__AI_url_unescape ( req_file_absolute_path, &unescaped, strlen ( req_file_absolute_path ));
unescaped = str_replace_all ( unescaped, "../", "" );
strncpy ( req_file_absolute_path, unescaped, req_file_absolute_path_size );
free ( unescaped );
if ( stat ( req_file_absolute_path, &st ) < 0 )
{
snprintf ( http_response, max_content_length, HTTP_ERR_RESPONSE_FORMAT,
404, "Not Found", "Not Found",
"The requested resource was not found on the server",
config->webserv_banner );
ltime = time ( NULL );
strtime = strdup ( ctime ( &ltime ));
strtime [ strlen(strtime) - 1 ] = 0;
snprintf ( http_headers, max_headers_length, HTTP_RESPONSE_HEADERS_FORMAT,
http_ver, 404, "Not Found", strtime,
config->webserv_banner, "text/html", strlen ( http_response ));
free ( strtime );
free ( line );
line = NULL;
continue;
}
if ( !( fp = fopen ( req_file_absolute_path, "r" ))) {
snprintf ( http_response, max_content_length, HTTP_ERR_RESPONSE_FORMAT,
403, "Forbidden", "Forbidden",
"The client does not have enough permissions for accessing the requested resource on the server",
config->webserv_banner );
ltime = time ( NULL );
strtime = strdup ( ctime ( &ltime ));
strtime [ strlen(strtime) - 1 ] = 0;
snprintf ( http_headers, max_headers_length, HTTP_RESPONSE_HEADERS_FORMAT,
http_ver, 403, "Forbidden", strtime,
config->webserv_banner, "text/html", strlen ( http_response ));
free ( strtime );
free ( line );
line = NULL;
continue;
}
if ( preg_match ( "\\.([a-zA-Z0-9]+)$", req_file_absolute_path, &matches, &nmatches ) > 0 )
{
if ( strlen ( matches[0] ) < sizeof ( extension ))
{
strncpy ( extension, matches[0], sizeof ( extension ));
}
}
if ( !strcasecmp ( extension, "html" ))
{
strncpy ( content_type, "text/html", sizeof ( content_type ));
} else if ( !strcasecmp ( extension, "css" ))
{
strncpy ( content_type, "text/css", sizeof ( content_type ));
} else if ( !strcasecmp ( extension, "js" ))
{
strncpy ( content_type, "application/x-javascript", sizeof ( content_type ));
} else if ( !strcasecmp ( extension, "jpg" ) || !strcasecmp ( extension, "jpeg" )) {
strncpy ( content_type, "image/jpeg", sizeof ( content_type ));
} else if ( !strcasecmp ( extension, "gif" ) || !strcasecmp ( extension, "png" ) ||
!strcasecmp ( extension, "bmp" ) || !strcasecmp ( extension, "tif" ) ||
!strcasecmp ( extension, "ppm" )) {
snprintf ( content_type, sizeof ( content_type ),
"image/%s", extension );
} else {
strncpy ( content_type, "text/plain", sizeof ( content_type ));
}
if ( !( http_response = (char*) alloca ( st.st_size + 2 )))
{
pthread_exit ((void*) 0);
return (void*) 0;
}
memset ( http_response, 0, st.st_size + 2 );
fread ( http_response, st.st_size, 1, fp );
fclose ( fp );
ltime = time ( NULL );
strtime = strdup ( ctime ( &ltime ));
strtime [ strlen(strtime) - 1 ] = 0;
snprintf ( http_headers, max_headers_length, HTTP_RESPONSE_HEADERS_FORMAT,
http_ver, 200, "Found", strtime, config->webserv_banner,
content_type, strlen ( http_response ));
free ( strtime );
free ( line );
line = NULL;
continue;
} else if ( nlines == 0 ) {
snprintf ( http_response, max_content_length, HTTP_ERR_RESPONSE_FORMAT,
405, "Method Not Allowed", "Method Not Allowed",
"The requested HTTP method is not allowed",
config->webserv_banner );
ltime = time ( NULL );
strtime = strdup ( ctime ( &ltime ));
strtime [ strlen(strtime) - 1 ] = 0;
snprintf ( http_headers, max_headers_length, HTTP_RESPONSE_HEADERS_FORMAT,
"HTTP/1.1", 405, "Method Not Allowed", strtime, "text/html",
config->webserv_banner, strlen ( http_response ));
free ( strtime );
free ( line );
line = NULL;
continue;
}
free ( line );
line = NULL;
}
fprintf ( sock, "%s%s", http_headers, http_response );
fclose ( sock );
close ( *sd );
pthread_exit ( 0 );
} /* ----- end of function __AI_webservlet_thread ----- */
/**
* \brief Thread running the code of the web server for the web interface of the module
*/
void*
AI_webserv_thread ( void *arg )
{
int on = 1,
sd,
client_sd;
struct sockaddr_in addr;
pthread_t servlet_thread;
pthread_attr_t attr;
if (( sd = socket ( AF_INET, SOCK_STREAM, 0 )) < 0 )
{
AI_fatal_err ( "Error while creating webserver socket", __FILE__, __LINE__ );
}
if ( setsockopt ( sd, SOL_SOCKET, SO_REUSEADDR, (void*) &on, sizeof ( on )) < 0 )
{
AI_fatal_err ( "Error while setting SO_REUSEADDR on the socket", __FILE__, __LINE__ );
}
memset ( &addr, 0, sizeof ( struct sockaddr_in ));
addr.sin_family = AF_INET;
addr.sin_port = htons ( config->webserv_port );
addr.sin_addr.s_addr = INADDR_ANY;
if ( bind ( sd, (struct sockaddr*) &addr, sizeof ( addr )) < 0 )
{
AI_fatal_err ( "Error while binding socket", __FILE__, __LINE__ );
}
if ( listen ( sd, 10 ) < 0 )
{
AI_fatal_err ( "Error while setting the socket in listen mode", __FILE__, __LINE__ );
}
pthread_attr_init ( &attr );
pthread_attr_setdetachstate ( &attr, PTHREAD_CREATE_DETACHED );
while ( 1 )
{
if (( client_sd = accept ( sd, NULL, NULL )) < 0 )
continue;
if ( pthread_create ( &servlet_thread, &attr, __AI_webservlet_thread, (void*) &client_sd ) != 0 )
{
AI_fatal_err ( "Error while creating the webservlet thread", __FILE__, __LINE__ );
}
}
close ( sd );
pthread_exit ((void*) 0);
return (void*) 0;
} /* ----- end of function AI_webserv_thread ----- */
/** @} */