shellinabox/shellinabox/externalfile.c
zodiac 11d1a710f2 Work-around for compilers that turn on "-Wformat=2" by default. This is an
ill-advised choice, as this particular compiler options has a tendency to
generate a lot of false positives.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@62 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-02-15 20:01:53 +00:00

265 lines
9 KiB
C

// externalfile.h -- Serve static files through HTTP/HTTPS
// Copyright (C) 2008-2009 Markus Gutschke <markus@shellinabox.com>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// In addition to these license terms, the author grants the following
// additional rights:
//
// If you modify this program, or any covered work, by linking or
// combining it with the OpenSSL project's OpenSSL library (or a
// modified version of that library), containing parts covered by the
// terms of the OpenSSL or SSLeay licenses, the author
// grants you additional permission to convey the resulting work.
// Corresponding Source for a non-source form of such a combination
// shall include the source code for the parts of OpenSSL used as well
// as that of the covered work.
//
// You may at your option choose to remove this additional permission from
// the work, or from any part of it.
//
// It is possible to build this program in a way that it loads OpenSSL
// libraries at run-time. If doing so, the following notices are required
// by the OpenSSL and SSLeay licenses:
//
// This product includes software developed by the OpenSSL Project
// for use in the OpenSSL Toolkit. (http://www.openssl.org/)
//
// This product includes cryptographic software written by Eric Young
// (eay@cryptsoft.com)
//
//
// The most up-to-date version of this program is always available from
// http://shellinabox.com
#define _GNU_SOURCE
#include "config.h"
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "shellinabox/externalfile.h"
#include "shellinabox/service.h"
#include "shellinabox/session.h"
#include "libhttp/server.h"
#include "logging/logging.h"
static int externalFileHttpHandler(HttpConnection *http, void *arg,
const char *buf, int len) {
checkGraveyard();
struct ExternalFileState *state
= (struct ExternalFileState *)httpGetPrivate(http);
if (!state) {
// Normalize the path info
URL *url = newURL(http, buf, len);
const char *pathInfo = urlGetPathInfo(url);
while (*pathInfo == '/') {
pathInfo++;
}
// Compute file name of external file
char *fn;
check(fn = malloc(strlen((char *)arg) +
(*pathInfo ? strlen(pathInfo) + 1 : 0) + 1));
strcpy(fn, (char *)arg);
if (*pathInfo) {
// Append pathInfo, if available
strcat(fn, "/");
const char *ptr = pathInfo;
while (*ptr == '/') {
ptr++;
}
strcat(fn, ptr);
// Any files/directories starting with a dot are inaccessible to us
do {
if (*ptr == '.') {
deleteURL(url);
free(fn);
httpSendReply(http, 404, "File not found", NO_MSG);
return HTTP_DONE;
}
ptr = strchr(ptr + 1, '/');
} while (ptr);
}
// Open file for reading
#ifndef O_LARGEFILE
#define O_LARGEFILE 0
#endif
int fd = NOINTR(open(fn, O_RDONLY|O_LARGEFILE));
// Recognize a couple of common MIME types
static const struct {
const char *suffix, *mimeType;
} mimeTypes[] = { { "html", "text/html; charset=utf-8" },
{ "txt", "text/plain; charset=utf-8" },
{ "js", "text/javascript; charset=utf-8" },
{ "css", "text/css; charset=utf-8" },
{ "ico", "image/x-icon" },
{ "jpg", "image/jpeg" },
{ "gif", "image/gif" },
{ "png", "image/png" },
{ "wav", "audio/x-wav" },
{ "mp3", "audio/mpeg" },
{ "au", "audio/basic" },
{ "mid", "audio/midi" },
{ NULL, NULL } };
const char *mimeType = "application/octet-stream";
char *suffix = strrchr(fn, '.');
if (!suffix) {
suffix = strrchr(urlGetPath(url), '.');
}
if (suffix) {
suffix++;
for (int i = 0; mimeTypes[i].suffix; i++) {
if (!strcmp(suffix, mimeTypes[i].suffix)) {
mimeType = mimeTypes[i].mimeType;
break;
}
}
}
deleteURL(url);
if (fd < 0) {
free(fn);
httpSendReply(http, 404, "File not found", NO_MSG);
return HTTP_DONE;
}
// We only serve regular files, and restrict the file size to 100MB.
// As a special-case, we also allow access to /dev/null.
struct stat sb = { 0 };
if (strcmp(fn, "/dev/null") &&
(fstat(fd, &sb) ||
!S_ISREG(sb.st_mode) ||
sb.st_size > (100 << 20))) {
free(fn);
NOINTR(close(fd));
httpSendReply(http, 404, "File not found", NO_MSG);
return HTTP_DONE;
}
free(fn);
// Set up response header
char *response = stringPrintf(NULL,
"HTTP/1.1 200 OK\r\n"
"Content-Type: %s\r\n"
"Content-Length: %d\r\n"
"\r\n",
mimeType, (int)sb.st_size);
int respLen = strlen(response);
ssize_t bytes = -1;
if (strcmp(httpGetMethod(http), "HEAD")) {
// Read at most 64kB in one go
ssize_t dataLen = 65536;
if (dataLen > sb.st_size) {
dataLen = sb.st_size;
}
check(response = realloc(response, respLen + dataLen + 1));
bytes = NOINTR(read(fd, response + respLen, dataLen));
if (bytes < 0) {
free(response);
NOINTR(close(fd));
httpSendReply(http, 404, "File not found", NO_MSG);
return HTTP_DONE;
}
}
if (bytes < 0 || bytes == sb.st_size) {
// Read entire file. Transmit it in one go.
httpTransfer(http, response,
respLen + (bytes > 0 ? bytes : 0));
NOINTR(close(fd));
return HTTP_DONE;
} else {
// Transmit partial reply and store state for future calls into the
// handler.
httpTransferPartialReply(http, response, respLen + bytes);
check(state = malloc(sizeof(struct ExternalFileState)));
state->fd = fd;
state->totalSize = sb.st_size;
state->partialSize = bytes;
httpSetPrivate(http, state);
return HTTP_PARTIAL_REPLY;
}
} else {
// We get called again, because all previously read partial data has now
// been sent to the peer.
int rc = HTTP_DONE;
// If the connection was closed unexpectedly, clean up now
if (!buf) {
done:
NOINTR(close(state->fd));
free(state);
httpSetPrivate(http, NULL);
return rc;
} else {
ssize_t dataLen = 65536;
if (dataLen > state->totalSize - state->partialSize) {
dataLen = state->totalSize - state->partialSize;
}
char *buf;
check(buf = malloc(dataLen));
ssize_t bytes = NOINTR(read(state->fd, buf, dataLen));
if (bytes < 0) {
free(buf);
rc = HTTP_ERROR;
goto done;
}
state->partialSize += bytes;
if (state->partialSize >= state->totalSize) {
// Done serving the entire file
httpTransfer(http, buf, bytes);
goto done;
} else {
// More partial data pending
httpTransferPartialReply(http, buf, bytes);
return HTTP_PARTIAL_REPLY;
}
}
}
}
int registerExternalFiles(void *arg, const char *key, char **value) {
Server *server = (Server *)arg;
if (*key == '/') {
// Absolute URL paths get registered for this particular path, only
serverRegisterHttpHandler(server, key, externalFileHttpHandler, *value);
} else {
// Relative URL paths get registered for each of the services
for (int i = 0; i < numServices; i++) {
char *path;
check(path = malloc(strlen(services[i]->path) + strlen(key) + 2));
strcpy(path, services[i]->path);
if (!*services[i]->path ||
strrchr(services[i]->path, '\000')[-1] != '/') {
strcat(path, "/");
}
strcat(path, key);
serverRegisterHttpHandler(server, path, externalFileHttpHandler, *value);
free(path);
}
}
return 1;
}