#include "cupsd.h"
#include <grp.h>
#ifdef HAVE_LIBSSL
# include <openssl/err.h>
# include <openssl/ssl.h>
# include <openssl/rand.h>
#endif
static int check_if_modified(client_t *con,
struct stat *filestats);
static void decode_auth(client_t *con);
static char *get_file(client_t *con, struct stat *filestats);
static http_status_t install_conf_file(client_t *con);
static int pipe_command(client_t *con, int infile, int *outfile,
char *command, char *options);
void
AcceptClient(listener_t *lis)
{
int i;
int val;
client_t *con;
unsigned address;
struct hostent *host;
LogMessage(L_DEBUG2, "AcceptClient(%p) %d NumClients = %d",
lis, lis->fd, NumClients);
if (NumClients == MaxClients)
return;
con = Clients + NumClients;
memset(con, 0, sizeof(client_t));
con->http.activity = time(NULL);
val = sizeof(struct sockaddr_in);
if ((con->http.fd = accept(lis->fd, (struct sockaddr *)&(con->http.hostaddr),
&val)) < 0)
{
LogMessage(L_ERROR, "Unable to accept client connection - %s.",
strerror(errno));
return;
}
con->http.hostaddr.sin_port = lis->address.sin_port;
address = ntohl(con->http.hostaddr.sin_addr.s_addr);
if (HostNameLookups)
#ifndef __sgi
host = gethostbyaddr((char *)&(con->http.hostaddr.sin_addr),
sizeof(struct in_addr), AF_INET);
#else
host = gethostbyaddr(&(con->http.hostaddr.sin_addr),
sizeof(struct in_addr), AF_INET);
#endif
else
host = NULL;
if (con->http.hostaddr.sin_addr.s_addr == ServerAddr.sin_addr.s_addr)
{
strlcpy(con->http.hostname, ServerName, sizeof(con->http.hostname));
}
else if (host == NULL)
{
sprintf(con->http.hostname, "%d.%d.%d.%d", (address >> 24) & 255,
(address >> 16) & 255, (address >> 8) & 255, address & 255);
if (HostNameLookups == 2)
{
#ifdef WIN32
closesocket(con->http.fd);
#else
close(con->http.fd);
#endif
LogMessage(L_WARN, "Name lookup failed - connection from %s closed!",
con->http.hostname);
return;
}
}
else
strlcpy(con->http.hostname, host->h_name, sizeof(con->http.hostname));
if (HostNameLookups == 2)
{
if ((host = httpGetHostByName(con->http.hostname)) != NULL)
{
if (host->h_length != 4 || host->h_addrtype != AF_INET)
{
host = NULL;
}
else
{
for (i = 0; host->h_addr_list[i]; i ++)
if (memcmp(&(con->http.hostaddr.sin_addr), host->h_addr_list[i], 4) == 0)
break;
if (!host->h_addr_list[i])
host = NULL;
}
}
if (host == NULL)
{
#ifdef WIN32
closesocket(con->http.fd);
#else
close(con->http.fd);
#endif
LogMessage(L_WARN, "IP lookup failed - connection from %s closed!",
con->http.hostname);
return;
}
}
LogMessage(L_DEBUG, "AcceptClient() %d from %s:%d.", con->http.fd,
con->http.hostname, ntohs(con->http.hostaddr.sin_port));
val = 1;
setsockopt(con->http.fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val));
fcntl(con->http.fd, F_SETFD, fcntl(con->http.fd, F_GETFD) | FD_CLOEXEC);
LogMessage(L_DEBUG2, "AcceptClient: Adding fd %d to InputSet...",
con->http.fd);
FD_SET(con->http.fd, &InputSet);
NumClients ++;
if (NumClients == MaxClients)
PauseListening();
#ifdef HAVE_LIBSSL
if (lis->encryption == HTTP_ENCRYPT_ALWAYS)
{
con->http.encryption = HTTP_ENCRYPT_ALWAYS;
EncryptClient(con);
}
#endif
}
void
CloseAllClients(void)
{
while (NumClients > 0)
CloseClient(Clients);
}
void
CloseClient(client_t *con)
{
int status;
#ifdef HAVE_LIBSSL
SSL_CTX *context;
SSL *conn;
#endif
LogMessage(L_DEBUG, "CloseClient() %d", con->http.fd);
#ifdef HAVE_LIBSSL
if (con->http.tls)
{
conn = (SSL *)(con->http.tls);
context = SSL_get_SSL_CTX(conn);
SSL_shutdown(conn);
SSL_CTX_free(context);
SSL_free(conn);
con->http.tls = NULL;
}
#endif
if (con->http.fd > 0)
{
LogMessage(L_DEBUG2, "CloseClient: Removing fd %d from InputSet and OutputSet...",
con->http.fd);
close(con->http.fd);
FD_CLR(con->http.fd, &InputSet);
FD_CLR(con->http.fd, &OutputSet);
con->http.fd = 0;
}
if (con->pipe_pid != 0)
{
LogMessage(L_DEBUG2, "CloseClient: Removing fd %d from InputSet...",
con->file);
FD_CLR(con->file, &InputSet);
}
if (con->file)
{
if (con->pipe_pid)
{
kill(con->pipe_pid, SIGKILL);
waitpid(con->pipe_pid, &status, WNOHANG);
}
LogMessage(L_DEBUG2, "CloseClient: %d Closing data file %d.",
con->http.fd, con->file);
LogMessage(L_DEBUG2, "CloseClient: %d Removing fd %d from InputSet.",
con->http.fd, con->file);
FD_CLR(con->file, &InputSet);
close(con->file);
con->file = 0;
}
if (con->request)
{
ippDelete(con->request);
con->request = NULL;
}
if (con->response)
{
ippDelete(con->response);
con->response = NULL;
}
if (con->language)
{
cupsLangFree(con->language);
con->language = NULL;
}
if (NumClients == MaxClients)
ResumeListening();
NumClients --;
if (con < (Clients + NumClients))
memcpy(con, con + 1, (Clients + NumClients - con) * sizeof(client_t));
}
int
EncryptClient(client_t *con)
{
#ifdef HAVE_LIBSSL
SSL_CTX *context;
SSL *conn;
unsigned long error;
context = SSL_CTX_new(SSLv23_method());
conn = SSL_new(context);
SSL_use_PrivateKey_file(conn, ServerKey, SSL_FILETYPE_PEM);
SSL_use_certificate_file(conn, ServerCertificate, SSL_FILETYPE_PEM);
SSL_set_fd(conn, con->http.fd);
if (SSL_accept(conn) != 1)
{
while ((error = ERR_get_error()) != 0)
LogMessage(L_ERROR, "EncryptClient: %s", ERR_error_string(error, NULL));
SSL_CTX_free(context);
SSL_free(conn);
return (0);
}
LogMessage(L_DEBUG, "EncryptClient() %d Connection now encrypted.",
con->http.fd);
con->http.tls = conn;
return (1);
#else
return (0);
#endif
}
int
ReadClient(client_t *con)
{
char line[32768],
operation[64],
version[64];
int major, minor;
http_status_t status;
ipp_state_t ipp_state;
int bytes;
char *filename;
struct stat filestats;
mime_type_t *type;
printer_t *p;
location_t *best;
static unsigned request_id = 0;
status = HTTP_CONTINUE;
switch (con->http.state)
{
case HTTP_WAITING :
if (httpGets(line, sizeof(line) - 1, HTTP(con)) == NULL)
{
CloseClient(con);
return (0);
}
if (line[0] == '\0')
break;
httpClearFields(HTTP(con));
con->http.activity = time(NULL);
con->http.version = HTTP_1_0;
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
con->http.data_encoding = HTTP_ENCODE_LENGTH;
con->http.data_remaining = 0;
con->operation = HTTP_WAITING;
con->bytes = 0;
con->file = 0;
con->pipe_pid = 0;
con->command[0] = '\0';
con->username[0] = '\0';
con->password[0] = '\0';
con->uri[0] = '\0';
if (con->language != NULL)
{
cupsLangFree(con->language);
con->language = NULL;
}
switch (sscanf(line, "%63s%1023s%63s", operation, con->uri, version))
{
case 1 :
SendError(con, HTTP_BAD_REQUEST);
CloseClient(con);
return (0);
case 2 :
con->http.version = HTTP_0_9;
break;
case 3 :
if (sscanf(version, "HTTP/%d.%d", &major, &minor) != 2)
{
SendError(con, HTTP_BAD_REQUEST);
CloseClient(con);
return (0);
}
if (major < 2)
{
con->http.version = (http_version_t)(major * 100 + minor);
if (con->http.version == HTTP_1_1 && KeepAlive)
con->http.keep_alive = HTTP_KEEPALIVE_ON;
else
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
}
else
{
SendError(con, HTTP_NOT_SUPPORTED);
CloseClient(con);
return (0);
}
break;
}
if (strcmp(operation, "GET") == 0)
con->http.state = HTTP_GET;
else if (strcmp(operation, "PUT") == 0)
con->http.state = HTTP_PUT;
else if (strcmp(operation, "POST") == 0)
con->http.state = HTTP_POST;
else if (strcmp(operation, "DELETE") == 0)
con->http.state = HTTP_DELETE;
else if (strcmp(operation, "TRACE") == 0)
con->http.state = HTTP_TRACE;
else if (strcmp(operation, "OPTIONS") == 0)
con->http.state = HTTP_OPTIONS;
else if (strcmp(operation, "HEAD") == 0)
con->http.state = HTTP_HEAD;
else
{
SendError(con, HTTP_BAD_REQUEST);
CloseClient(con);
return (0);
}
con->start = time(NULL);
con->operation = con->http.state;
LogMessage(L_DEBUG, "ReadClient() %d %s %s HTTP/%d.%d", con->http.fd,
operation, con->uri,
con->http.version / 100, con->http.version % 100);
con->http.status = HTTP_OK;
case HTTP_OPTIONS :
case HTTP_DELETE :
case HTTP_GET :
case HTTP_HEAD :
case HTTP_POST :
case HTTP_PUT :
case HTTP_TRACE :
status = httpUpdate(HTTP(con));
if (status != HTTP_OK && status != HTTP_CONTINUE)
{
SendError(con, HTTP_BAD_REQUEST);
CloseClient(con);
return (0);
}
break;
default :
break;
}
if (status == HTTP_OK)
{
con->language = cupsLangGet(con->http.fields[HTTP_FIELD_ACCEPT_LANGUAGE]);
decode_auth(con);
if (strncmp(con->http.fields[HTTP_FIELD_CONNECTION], "Keep-Alive", 10) == 0 &&
KeepAlive)
con->http.keep_alive = HTTP_KEEPALIVE_ON;
if (con->http.fields[HTTP_FIELD_HOST][0] == '\0' &&
con->http.version >= HTTP_1_1)
{
if (!SendError(con, HTTP_BAD_REQUEST))
{
CloseClient(con);
return (0);
}
}
else if (con->operation == HTTP_OPTIONS)
{
if ((best = FindBest(con->uri, con->http.state)) != NULL &&
best->type != AUTH_NONE)
{
if (!SendHeader(con, HTTP_UNAUTHORIZED, NULL))
{
CloseClient(con);
return (0);
}
}
if (strcasecmp(con->http.fields[HTTP_FIELD_CONNECTION], "Upgrade") == 0 &&
con->http.tls == NULL)
{
#ifdef HAVE_LIBSSL
if (!SendHeader(con, HTTP_SWITCHING_PROTOCOLS, NULL))
{
CloseClient(con);
return (0);
}
httpPrintf(HTTP(con), "Connection: Upgrade\r\n");
httpPrintf(HTTP(con), "Upgrade: TLS/1.0,HTTP/1.1\r\n");
httpPrintf(HTTP(con), "Content-Length: 0\r\n");
httpPrintf(HTTP(con), "\r\n");
EncryptClient(con);
#else
if (!SendError(con, HTTP_NOT_IMPLEMENTED))
{
CloseClient(con);
return (0);
}
#endif
}
if (!SendHeader(con, HTTP_OK, NULL))
{
CloseClient(con);
return (0);
}
httpPrintf(HTTP(con), "Allow: GET, HEAD, OPTIONS, POST, PUT\r\n");
httpPrintf(HTTP(con), "Content-Length: 0\r\n");
httpPrintf(HTTP(con), "\r\n");
}
else if (strstr(con->uri, "..") != NULL)
{
if (!SendError(con, HTTP_FORBIDDEN))
{
CloseClient(con);
return (0);
}
}
else if (con->uri[0] != '/')
{
if (!SendError(con, HTTP_METHOD_NOT_ALLOWED))
{
CloseClient(con);
return (0);
}
}
else
{
if (strcasecmp(con->http.fields[HTTP_FIELD_CONNECTION], "Upgrade") == 0 &&
con->http.tls == NULL)
{
#ifdef HAVE_LIBSSL
if (!SendHeader(con, HTTP_SWITCHING_PROTOCOLS, NULL))
{
CloseClient(con);
return (0);
}
httpPrintf(HTTP(con), "Connection: Upgrade\r\n");
httpPrintf(HTTP(con), "Upgrade: TLS/1.0,HTTP/1.1\r\n");
httpPrintf(HTTP(con), "Content-Length: 0\r\n");
httpPrintf(HTTP(con), "\r\n");
EncryptClient(con);
#else
if (!SendError(con, HTTP_NOT_IMPLEMENTED))
{
CloseClient(con);
return (0);
}
#endif
}
if ((status = IsAuthorized(con)) != HTTP_OK)
{
SendError(con, status);
CloseClient(con);
return (0);
}
switch (con->http.state)
{
case HTTP_GET_SEND :
if (strncmp(con->uri, "/printers/", 10) == 0 &&
strcmp(con->uri + strlen(con->uri) - 4, ".ppd") == 0)
{
con->uri[strlen(con->uri) - 4] = '\0';
if ((p = FindPrinter(con->uri + 10)) != NULL)
snprintf(con->uri, sizeof(con->uri), "/ppd/%s.ppd", p->name);
else
{
if (!SendError(con, HTTP_NOT_FOUND))
{
CloseClient(con);
return (0);
}
break;
}
}
if ((strncmp(con->uri, "/admin", 6) == 0 &&
strncmp(con->uri, "/admin/conf/", 12) != 0) ||
strncmp(con->uri, "/printers", 9) == 0 ||
strncmp(con->uri, "/classes", 8) == 0 ||
strncmp(con->uri, "/jobs", 5) == 0)
{
if (strncmp(con->uri, "/admin", 6) == 0)
{
snprintf(con->command, sizeof(con->command),
"%s/cgi-bin/admin.cgi", ServerBin);
con->options = con->uri + 6;
}
else if (strncmp(con->uri, "/printers", 9) == 0)
{
snprintf(con->command, sizeof(con->command),
"%s/cgi-bin/printers.cgi", ServerBin);
con->options = con->uri + 9;
}
else if (strncmp(con->uri, "/classes", 8) == 0)
{
snprintf(con->command, sizeof(con->command),
"%s/cgi-bin/classes.cgi", ServerBin);
con->options = con->uri + 8;
}
else
{
snprintf(con->command, sizeof(con->command),
"%s/cgi-bin/jobs.cgi", ServerBin);
con->options = con->uri + 5;
}
if (con->options[0] == '/')
con->options ++;
if (!SendCommand(con, con->command, con->options))
{
if (!SendError(con, HTTP_NOT_FOUND))
{
CloseClient(con);
return (0);
}
}
else
LogRequest(con, HTTP_OK);
if (con->http.version <= HTTP_1_0)
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
}
else if (strncmp(con->uri, "/admin/conf/", 12) == 0 &&
(strchr(con->uri + 12, '/') != NULL ||
strlen(con->uri) == 12))
{
if (!SendError(con, HTTP_FORBIDDEN))
{
CloseClient(con);
return (0);
}
break;
}
else
{
if ((filename = get_file(con, &filestats)) == NULL)
{
if (!SendError(con, HTTP_NOT_FOUND))
{
CloseClient(con);
return (0);
}
}
else if (!check_if_modified(con, &filestats))
{
if (!SendError(con, HTTP_NOT_MODIFIED))
{
CloseClient(con);
return (0);
}
}
else
{
type = mimeFileType(MimeDatabase, filename);
if (type == NULL)
strcpy(line, "text/plain");
else
snprintf(line, sizeof(line), "%s/%s", type->super, type->type);
if (!SendFile(con, HTTP_OK, filename, line, &filestats))
{
CloseClient(con);
return (0);
}
}
}
break;
case HTTP_POST_RECV :
LogMessage(L_DEBUG2, "POST %s", con->uri);
LogMessage(L_DEBUG2, "CONTENT_TYPE = %s", con->http.fields[HTTP_FIELD_CONTENT_TYPE]);
if (con->http.fields[HTTP_FIELD_CONTENT_LENGTH][0] &&
atoi(con->http.fields[HTTP_FIELD_CONTENT_LENGTH]) > MaxRequestSize &&
MaxRequestSize > 0)
{
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
{
CloseClient(con);
return (0);
}
break;
}
if (strcmp(con->http.fields[HTTP_FIELD_CONTENT_TYPE], "application/ipp") == 0)
con->request = ippNew();
else if ((strncmp(con->uri, "/admin", 6) == 0 &&
strncmp(con->uri, "/admin/conf/", 12) != 0) ||
strncmp(con->uri, "/printers", 9) == 0 ||
strncmp(con->uri, "/classes", 8) == 0 ||
strncmp(con->uri, "/jobs", 5) == 0)
{
if (strncmp(con->uri, "/admin", 6) == 0)
{
snprintf(con->command, sizeof(con->command),
"%s/cgi-bin/admin.cgi", ServerBin);
con->options = con->uri + 6;
}
else if (strncmp(con->uri, "/printers", 9) == 0)
{
snprintf(con->command, sizeof(con->command),
"%s/cgi-bin/printers.cgi", ServerBin);
con->options = con->uri + 9;
}
else if (strncmp(con->uri, "/classes", 8) == 0)
{
snprintf(con->command, sizeof(con->command),
"%s/cgi-bin/classes.cgi", ServerBin);
con->options = con->uri + 8;
}
else
{
snprintf(con->command, sizeof(con->command),
"%s/cgi-bin/jobs.cgi", ServerBin);
con->options = con->uri + 5;
}
if (con->options[0] == '/')
con->options ++;
LogMessage(L_DEBUG2, "ReadClient() %d command=\"%s\", options = \"%s\"",
con->http.fd, con->command, con->options);
if (con->http.version <= HTTP_1_0)
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
}
else if (!SendError(con, HTTP_UNAUTHORIZED))
{
CloseClient(con);
return (0);
}
break;
case HTTP_PUT_RECV :
if (strncmp(con->uri, "/admin/conf/", 12) != 0 ||
strchr(con->uri + 12, '/') != NULL ||
strlen(con->uri) == 12)
{
if (!SendError(con, HTTP_FORBIDDEN))
{
CloseClient(con);
return (0);
}
break;
}
LogMessage(L_DEBUG2, "PUT %s", con->uri);
LogMessage(L_DEBUG2, "CONTENT_TYPE = %s", con->http.fields[HTTP_FIELD_CONTENT_TYPE]);
if (con->http.fields[HTTP_FIELD_CONTENT_LENGTH][0] &&
atoi(con->http.fields[HTTP_FIELD_CONTENT_LENGTH]) > MaxRequestSize &&
MaxRequestSize > 0)
{
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
{
CloseClient(con);
return (0);
}
break;
}
snprintf(con->filename, sizeof(con->filename), "%s/%08x",
RequestRoot, request_id ++);
con->file = open(con->filename, O_WRONLY | O_CREAT | O_TRUNC, 0640);
fchmod(con->file, 0640);
fchown(con->file, User, Group);
LogMessage(L_DEBUG2, "ReadClient() %d REQUEST %s=%d", con->http.fd,
con->filename, con->file);
if (con->file < 0)
{
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
{
CloseClient(con);
return (0);
}
}
break;
case HTTP_DELETE :
case HTTP_TRACE :
SendError(con, HTTP_NOT_IMPLEMENTED);
CloseClient(con);
return (0);
case HTTP_HEAD :
if (strncmp(con->uri, "/printers/", 10) == 0 &&
strcmp(con->uri + strlen(con->uri) - 4, ".ppd") == 0)
{
con->uri[strlen(con->uri) - 4] = '\0';
if ((p = FindPrinter(con->uri + 10)) != NULL)
snprintf(con->uri, sizeof(con->uri), "/ppd/%s.ppd", p->name);
else
{
if (!SendError(con, HTTP_NOT_FOUND))
{
CloseClient(con);
return (0);
}
break;
}
}
if ((strncmp(con->uri, "/admin/", 7) == 0 &&
strncmp(con->uri, "/admin/conf/", 12) != 0) ||
strncmp(con->uri, "/printers/", 10) == 0 ||
strncmp(con->uri, "/classes/", 9) == 0 ||
strncmp(con->uri, "/jobs/", 6) == 0)
{
if (!SendHeader(con, HTTP_OK, "text/html"))
{
CloseClient(con);
return (0);
}
if (httpPrintf(HTTP(con), "\r\n") < 0)
{
CloseClient(con);
return (0);
}
LogRequest(con, HTTP_OK);
}
else if (strncmp(con->uri, "/admin/conf/", 12) == 0 &&
(strchr(con->uri + 12, '/') != NULL ||
strlen(con->uri) == 12))
{
if (!SendError(con, HTTP_FORBIDDEN))
{
CloseClient(con);
return (0);
}
break;
}
else if ((filename = get_file(con, &filestats)) == NULL)
{
if (!SendHeader(con, HTTP_NOT_FOUND, "text/html"))
{
CloseClient(con);
return (0);
}
LogRequest(con, HTTP_NOT_FOUND);
}
else if (!check_if_modified(con, &filestats))
{
if (!SendError(con, HTTP_NOT_MODIFIED))
{
CloseClient(con);
return (0);
}
LogRequest(con, HTTP_NOT_MODIFIED);
}
else
{
type = mimeFileType(MimeDatabase, filename);
if (type == NULL)
strcpy(line, "text/plain");
else
snprintf(line, sizeof(line), "%s/%s", type->super, type->type);
if (!SendHeader(con, HTTP_OK, line))
{
CloseClient(con);
return (0);
}
if (httpPrintf(HTTP(con), "Last-Modified: %s\r\n",
httpGetDateString(filestats.st_mtime)) < 0)
{
CloseClient(con);
return (0);
}
if (httpPrintf(HTTP(con), "Content-Length: %lu\r\n",
(unsigned long)filestats.st_size) < 0)
{
CloseClient(con);
return (0);
}
LogRequest(con, HTTP_OK);
}
if (httpPrintf(HTTP(con), "\r\n") < 0)
{
CloseClient(con);
return (0);
}
con->http.state = HTTP_WAITING;
break;
default :
break;
}
}
}
switch (con->http.state)
{
case HTTP_PUT_RECV :
LogMessage(L_DEBUG2, "ReadClient() %d con->data_encoding = %s, con->data_remaining = %d, con->file = %d",
con->http.fd,
con->http.data_encoding == HTTP_ENCODE_CHUNKED ? "chunked" : "length",
con->http.data_remaining, con->file);
if ((bytes = httpRead(HTTP(con), line, sizeof(line))) < 0)
{
CloseClient(con);
return (0);
}
else if (bytes > 0)
{
con->bytes += bytes;
LogMessage(L_DEBUG2, "ReadClient() %d writing %d bytes to %d",
con->http.fd, bytes, con->file);
if (write(con->file, line, bytes) < bytes)
{
LogMessage(L_ERROR, "ReadClient: Unable to write %d bytes to %s: %s",
bytes, con->filename, strerror(errno));
close(con->file);
con->file = 0;
unlink(con->filename);
con->filename[0] = '\0';
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
{
CloseClient(con);
return (0);
}
}
}
if (con->http.state == HTTP_WAITING)
{
fstat(con->file, &filestats);
LogMessage(L_DEBUG2, "ReadClient() %d Closing data file %d, size = %d.",
con->http.fd, con->file, (int)filestats.st_size);
close(con->file);
con->file = 0;
if (filestats.st_size > MaxRequestSize &&
MaxRequestSize > 0)
{
LogMessage(L_DEBUG2, "ReadClient() %d Removing temp file %s",
con->http.fd, con->filename);
unlink(con->filename);
con->filename[0] = '\0';
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
{
CloseClient(con);
return (0);
}
}
status = install_conf_file(con);
if (!SendError(con, status))
{
CloseClient(con);
return (0);
}
}
break;
case HTTP_POST_RECV :
LogMessage(L_DEBUG2, "ReadClient() %d con->data_encoding = %s, con->data_remaining = %d, con->file = %d",
con->http.fd,
con->http.data_encoding == HTTP_ENCODE_CHUNKED ? "chunked" : "length",
con->http.data_remaining, con->file);
if (con->request != NULL)
{
if ((ipp_state = ippRead(&(con->http), con->request)) == IPP_ERROR)
{
LogMessage(L_ERROR, "ReadClient() %d IPP Read Error!",
con->http.fd);
CloseClient(con);
return (0);
}
else if (ipp_state != IPP_DATA)
break;
else
con->bytes += ippLength(con->request);
}
if (con->file == 0 && con->http.state != HTTP_POST_SEND)
{
snprintf(con->filename, sizeof(con->filename), "%s/%08x",
RequestRoot, request_id ++);
con->file = open(con->filename, O_WRONLY | O_CREAT | O_TRUNC, 0640);
fchmod(con->file, 0640);
fchown(con->file, User, Group);
LogMessage(L_DEBUG2, "ReadClient() %d REQUEST %s=%d", con->http.fd,
con->filename, con->file);
if (con->file < 0)
{
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
{
CloseClient(con);
return (0);
}
}
}
if (con->http.state != HTTP_POST_SEND)
{
if ((bytes = httpRead(HTTP(con), line, sizeof(line))) < 0)
{
CloseClient(con);
return (0);
}
else if (bytes > 0)
{
con->bytes += bytes;
LogMessage(L_DEBUG2, "ReadClient() %d writing %d bytes to %d",
con->http.fd, bytes, con->file);
if (write(con->file, line, bytes) < bytes)
{
LogMessage(L_ERROR, "ReadClient: Unable to write %d bytes to %s: %s",
bytes, con->filename, strerror(errno));
close(con->file);
con->file = 0;
unlink(con->filename);
con->filename[0] = '\0';
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
{
CloseClient(con);
return (0);
}
}
}
else if (con->http.state != HTTP_POST_SEND)
{
CloseClient(con);
return (0);
}
}
if (con->http.state == HTTP_POST_SEND)
{
if (con->file)
{
fstat(con->file, &filestats);
LogMessage(L_DEBUG2, "ReadClient() %d Closing data file %d, size = %d.",
con->http.fd, con->file, (int)filestats.st_size);
close(con->file);
con->file = 0;
if (filestats.st_size > MaxRequestSize &&
MaxRequestSize > 0)
{
LogMessage(L_DEBUG2, "ReadClient() %d Removing temp file %s",
con->http.fd, con->filename);
unlink(con->filename);
con->filename[0] = '\0';
if (con->request)
{
ippDelete(con->request);
con->request = NULL;
}
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
{
CloseClient(con);
return (0);
}
}
if (con->command[0])
{
if (!SendCommand(con, con->command, con->options))
{
if (!SendError(con, HTTP_NOT_FOUND))
{
CloseClient(con);
return (0);
}
}
else
LogRequest(con, HTTP_OK);
}
}
if (con->request)
ProcessIPPRequest(con);
}
break;
default :
break;
}
if (!con->http.keep_alive && con->http.state == HTTP_WAITING)
{
CloseClient(con);
return (0);
}
else
return (1);
}
int
SendCommand(client_t *con,
char *command,
char *options)
{
int fd;
if (con->filename[0])
fd = open(con->filename, O_RDONLY);
else
fd = open("/dev/null", O_RDONLY);
con->pipe_pid = pipe_command(con, fd, &(con->file), command, options);
close(fd);
LogMessage(L_INFO, "Started \"%s\" (pid=%d)", command, con->pipe_pid);
LogMessage(L_DEBUG, "SendCommand() %d file=%d", con->http.fd, con->file);
if (con->pipe_pid == 0)
return (0);
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
LogMessage(L_DEBUG2, "SendCommand: Adding fd %d to InputSet...", con->file);
LogMessage(L_DEBUG2, "SendCommand: Adding fd %d to OutputSet...",
con->http.fd);
FD_SET(con->file, &InputSet);
FD_SET(con->http.fd, &OutputSet);
if (!SendHeader(con, HTTP_OK, NULL))
return (0);
if (con->http.version == HTTP_1_1)
{
con->http.data_encoding = HTTP_ENCODE_CHUNKED;
if (httpPrintf(HTTP(con), "Transfer-Encoding: chunked\r\n") < 0)
return (0);
}
con->got_fields = 0;
con->field_col = 0;
return (1);
}
int
SendError(client_t *con,
http_status_t code)
{
char message[1024];
if (con->operation > HTTP_WAITING)
LogRequest(con, code);
LogMessage(L_DEBUG, "SendError() %d code=%d", con->http.fd, code);
if (code >= HTTP_BAD_REQUEST)
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
if (!SendHeader(con, code, NULL))
return (0);
#ifdef HAVE_LIBSSL
if (code == HTTP_UPGRADE_REQUIRED)
if (httpPrintf(HTTP(con), "Connection: Upgrade\r\n") < 0)
return (0);
if (httpPrintf(HTTP(con), "Upgrade: TLS/1.0,HTTP/1.1\r\n") < 0)
return (0);
#endif
if (con->http.version >= HTTP_1_1 && !con->http.keep_alive)
{
if (httpPrintf(HTTP(con), "Connection: close\r\n") < 0)
return (0);
}
if (code >= HTTP_BAD_REQUEST)
{
snprintf(message, sizeof(message),
"<HTML><HEAD><TITLE>%d %s</TITLE></HEAD>"
"<BODY><H1>%s</H1>%s</BODY></HTML>\n",
code, httpStatus(code), httpStatus(code),
con->language ? con->language->messages[code] :
httpStatus(code));
if (httpPrintf(HTTP(con), "Content-Type: text/html\r\n") < 0)
return (0);
if (httpPrintf(HTTP(con), "Content-Length: %d\r\n", strlen(message)) < 0)
return (0);
if (httpPrintf(HTTP(con), "\r\n") < 0)
return (0);
if (httpPrintf(HTTP(con), "%s", message) < 0)
return (0);
}
else if (httpPrintf(HTTP(con), "\r\n") < 0)
return (0);
con->http.state = HTTP_WAITING;
return (1);
}
int
SendFile(client_t *con,
http_status_t code,
char *filename,
char *type,
struct stat *filestats)
{
con->file = open(filename, O_RDONLY);
LogMessage(L_DEBUG, "SendFile() %d file=%d", con->http.fd, con->file);
if (con->file < 0)
return (0);
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
con->pipe_pid = 0;
if (!SendHeader(con, code, type))
return (0);
if (httpPrintf(HTTP(con), "Last-Modified: %s\r\n", httpGetDateString(filestats->st_mtime)) < 0)
return (0);
if (httpPrintf(HTTP(con), "Content-Length: %lu\r\n",
(unsigned long)filestats->st_size) < 0)
return (0);
if (httpPrintf(HTTP(con), "\r\n") < 0)
return (0);
LogMessage(L_DEBUG2, "SendFile: Adding fd %d to OutputSet...", con->http.fd);
FD_SET(con->http.fd, &OutputSet);
return (1);
}
int
SendHeader(client_t *con,
http_status_t code,
char *type)
{
location_t *loc;
if (httpPrintf(HTTP(con), "HTTP/%d.%d %d %s\r\n", con->http.version / 100,
con->http.version % 100, code, httpStatus(code)) < 0)
return (0);
if (httpPrintf(HTTP(con), "Date: %s\r\n", httpGetDateString(time(NULL))) < 0)
return (0);
if (httpPrintf(HTTP(con), "Server: CUPS/1.1\r\n") < 0)
return (0);
if (con->http.keep_alive && con->http.version >= HTTP_1_0)
{
if (httpPrintf(HTTP(con), "Connection: Keep-Alive\r\n") < 0)
return (0);
if (httpPrintf(HTTP(con), "Keep-Alive: timeout=%d\r\n", KeepAliveTimeout) < 0)
return (0);
}
if (code == HTTP_METHOD_NOT_ALLOWED)
if (httpPrintf(HTTP(con), "Allow: GET, HEAD, OPTIONS, POST\r\n") < 0)
return (0);
if (code == HTTP_UNAUTHORIZED)
{
loc = FindBest(con->uri, con->http.state);
if (loc->type != AUTH_DIGEST)
{
if (httpPrintf(HTTP(con), "WWW-Authenticate: Basic realm=\"CUPS\"\r\n") < 0)
return (0);
}
else
{
if (httpPrintf(HTTP(con), "WWW-Authenticate: Digest realm=\"CUPS\" "
"nonce=\"%s\"\r\n", con->http.hostname) < 0)
return (0);
}
}
if (con->language != NULL)
{
if (httpPrintf(HTTP(con), "Content-Language: %s\r\n",
con->language->language) < 0)
return (0);
if (type != NULL)
if (httpPrintf(HTTP(con), "Content-Type: %s; charset=%s\r\n", type,
cupsLangEncoding(con->language)) < 0)
return (0);
}
else if (type != NULL)
if (httpPrintf(HTTP(con), "Content-Type: %s\r\n", type) < 0)
return (0);
return (1);
}
int
WriteClient(client_t *con)
{
int bytes;
char buf[HTTP_MAX_BUFFER + 1];
char *bufptr;
ipp_state_t ipp_state;
if (con->http.state != HTTP_GET_SEND &&
con->http.state != HTTP_POST_SEND)
return (1);
if (con->response != NULL)
{
ipp_state = ippWrite(&(con->http), con->response);
bytes = ipp_state != IPP_ERROR && ipp_state != IPP_DATA;
}
else if ((bytes = read(con->file, buf, HTTP_MAX_BUFFER)) > 0)
{
if (con->pipe_pid && !con->got_fields)
{
buf[bytes] = '\0';
for (bufptr = buf; !con->got_fields && *bufptr; bufptr ++)
if (*bufptr == '\n')
{
if (bufptr > buf && bufptr[-1] == '\r')
bufptr[-1] = '\0';
*bufptr++ = '\0';
httpPrintf(HTTP(con), "%s\r\n", buf);
LogMessage(L_DEBUG2, "WriteClient() %d %s", con->http.fd, buf);
bytes -= (bufptr - buf);
memcpy(buf, bufptr, bytes + 1);
bufptr = buf - 1;
if (con->field_col == 0)
con->got_fields = 1;
else
con->field_col = 0;
}
else if (*bufptr != '\r')
con->field_col ++;
if (bytes > 0 && !con->got_fields)
{
httpPrintf(HTTP(con), "%s", buf);
con->http.activity = time(NULL);
return (1);
}
else if (bytes == 0)
{
con->http.activity = time(NULL);
return (1);
}
}
if (httpWrite(HTTP(con), buf, bytes) < 0)
{
CloseClient(con);
return (0);
}
con->bytes += bytes;
}
if (bytes <= 0)
{
LogRequest(con, HTTP_OK);
if (con->http.data_encoding == HTTP_ENCODE_CHUNKED)
{
if (httpPrintf(HTTP(con), "0\r\n\r\n") < 0)
{
CloseClient(con);
return (0);
}
}
con->http.state = HTTP_WAITING;
LogMessage(L_DEBUG2, "WriteClient: Removing fd %d from OutputSet...",
con->http.fd);
FD_CLR(con->http.fd, &OutputSet);
if (con->file)
{
LogMessage(L_DEBUG2, "WriteClient: Removing fd %d from InputSet...",
con->file);
FD_CLR(con->file, &InputSet);
if (con->pipe_pid)
kill(con->pipe_pid, SIGTERM);
LogMessage(L_DEBUG2, "WriteClient: %d Closing data file %d.",
con->http.fd, con->file);
close(con->file);
con->file = 0;
con->pipe_pid = 0;
}
if (con->filename[0])
{
LogMessage(L_DEBUG2, "WriteClient: %d Removing temp file %s",
con->http.fd, con->filename);
unlink(con->filename);
con->filename[0] = '\0';
}
if (con->request != NULL)
{
ippDelete(con->request);
con->request = NULL;
}
if (con->response != NULL)
{
ippDelete(con->response);
con->response = NULL;
}
if (!con->http.keep_alive)
{
CloseClient(con);
return (0);
}
}
if (bytes >= 1024)
LogMessage(L_DEBUG2, "WriteClient() %d %d bytes", con->http.fd, bytes);
con->http.activity = time(NULL);
return (1);
}
static int
check_if_modified(client_t *con,
struct stat *filestats)
{
char *ptr;
time_t date;
int size;
size = 0;
date = 0;
ptr = con->http.fields[HTTP_FIELD_IF_MODIFIED_SINCE];
if (*ptr == '\0')
return (1);
LogMessage(L_DEBUG2, "check_if_modified() %d If-Modified-Since=\"%s\"",
con->http.fd, ptr);
while (*ptr != '\0')
{
while (isspace(*ptr) || *ptr == ';')
ptr ++;
if (strncasecmp(ptr, "length=", 7) == 0)
{
ptr += 7;
size = atoi(ptr);
while (isdigit(*ptr))
ptr ++;
}
else if (isalpha(*ptr))
{
date = httpGetDateTime(ptr);
while (*ptr != '\0' && *ptr != ';')
ptr ++;
}
}
LogMessage(L_DEBUG2, "check_if_modified() %d sizes=%d,%d dates=%d,%d",
con->http.fd, size, (int)filestats->st_size, (int)date,
(int)filestats->st_mtime);
return ((size != filestats->st_size && size != 0) ||
(date < filestats->st_mtime && date != 0) ||
(size == 0 && date == 0));
}
static void
decode_auth(client_t *con)
{
char *s,
value[1024];
const char *username;
s = con->http.fields[HTTP_FIELD_AUTHORIZATION];
LogMessage(L_DEBUG2, "decode_auth(%p): Authorization string = \"%s\"",
con, s);
if (strncmp(s, "Basic", 5) == 0)
{
s += 5;
while (isspace(*s))
s ++;
httpDecode64(value, s);
if ((s = strchr(value, ':')) == NULL)
{
LogMessage(L_DEBUG, "decode_auth() %d no colon in auth string \"%s\"",
con->http.fd, value);
return;
}
*s++ = '\0';
strlcpy(con->username, value, sizeof(con->username));
strlcpy(con->password, s, sizeof(con->password));
}
else if (strncmp(s, "Local", 5) == 0)
{
s += 5;
while (isspace(*s))
s ++;
if ((username = FindCert(s)) != NULL)
strlcpy(con->username, username, sizeof(con->username));
}
else if (strncmp(s, "Digest", 5) == 0)
{
if (httpGetSubField(&(con->http), HTTP_FIELD_AUTHORIZATION, "username",
value))
strlcpy(con->username, value, sizeof(con->username));
if (httpGetSubField(&(con->http), HTTP_FIELD_AUTHORIZATION, "response",
value))
strlcpy(con->password, value, sizeof(con->password));
}
LogMessage(L_DEBUG2, "decode_auth() %d username=\"%s\"",
con->http.fd, con->username);
}
static char *
get_file(client_t *con,
struct stat *filestats)
{
int status;
char *params;
static char filename[1024];
if (strncmp(con->uri, "/ppd/", 5) == 0)
snprintf(filename, sizeof(filename), "%s%s", ServerRoot, con->uri);
else if (strncmp(con->uri, "/admin/conf/", 12) == 0)
snprintf(filename, sizeof(filename), "%s%s", ServerRoot, con->uri + 11);
else if (con->language != NULL)
snprintf(filename, sizeof(filename), "%s/%s%s", DocumentRoot, con->language->language,
con->uri);
else
snprintf(filename, sizeof(filename), "%s%s", DocumentRoot, con->uri);
if ((params = strchr(filename, '?')) != NULL)
*params = '\0';
if ((status = stat(filename, filestats)) != 0 && con->language != NULL)
{
if (strncmp(con->uri, "/ppd/", 5) != 0 &&
strncmp(con->uri, "/admin/conf/", 12) != 0)
{
snprintf(filename, sizeof(filename), "%s%s", DocumentRoot, con->uri);
status = stat(filename, filestats);
}
}
if (!status && S_ISDIR(filestats->st_mode))
{
if (filename[strlen(filename) - 1] == '/')
strlcat(filename, "index.html", sizeof(filename));
else
strlcat(filename, "/index.html", sizeof(filename));
status = stat(filename, filestats);
}
LogMessage(L_DEBUG2, "get_file() %d filename=%s size=%d",
con->http.fd, filename, status ? -1 : (int)filestats->st_size);
if (status)
return (NULL);
else
return (filename);
}
static http_status_t
install_conf_file(client_t *con)
{
FILE *in,
*out;
char buffer[1024];
int bytes;
char conffile[1024],
newfile[1024],
oldfile[1024];
struct stat confinfo;
snprintf(conffile, sizeof(conffile), "%s%s", ServerRoot, con->uri + 11);
snprintf(newfile, sizeof(newfile), "%s%s.N", ServerRoot, con->uri + 11);
snprintf(oldfile, sizeof(oldfile), "%s%s.O", ServerRoot, con->uri + 11);
LogMessage(L_INFO, "Installing config file \"%s\"...", conffile);
if (stat(conffile, &confinfo))
{
confinfo.st_uid = User;
confinfo.st_gid = Group;
confinfo.st_mode = 0640;
}
if ((in = fopen(con->filename, "rb")) == NULL)
{
LogMessage(L_ERROR, "Unable to open request file \"%s\" - %s",
con->filename, strerror(errno));
return (HTTP_SERVER_ERROR);
}
if ((out = fopen(newfile, "wb")) == NULL)
{
fclose(in);
LogMessage(L_ERROR, "Unable to open config file \"%s\" - %s",
newfile, strerror(errno));
return (HTTP_SERVER_ERROR);
}
fchmod(fileno(out), confinfo.st_mode);
fchown(fileno(out), confinfo.st_uid, confinfo.st_gid);
while ((bytes = fread(buffer, 1, sizeof(buffer), in)) > 0)
if (fwrite(buffer, 1, bytes, out) < bytes)
{
LogMessage(L_ERROR, "Unable to copy to config file \"%s\" - %s",
newfile, strerror(errno));
fclose(in);
fclose(out);
unlink(newfile);
return (HTTP_SERVER_ERROR);
}
fclose(in);
if (fclose(out))
{
LogMessage(L_ERROR, "Error file closing config file \"%s\" - %s",
newfile, strerror(errno));
unlink(newfile);
return (HTTP_SERVER_ERROR);
}
unlink(con->filename);
con->filename[0] = '\0';
if (unlink(oldfile))
if (errno != ENOENT)
{
LogMessage(L_ERROR, "Unable to remove backup config file \"%s\" - %s",
oldfile, strerror(errno));
unlink(newfile);
return (HTTP_SERVER_ERROR);
}
if (rename(conffile, oldfile))
if (errno != ENOENT)
{
LogMessage(L_ERROR, "Unable to rename old config file \"%s\" - %s",
conffile, strerror(errno));
unlink(newfile);
return (HTTP_SERVER_ERROR);
}
if (rename(newfile, conffile))
{
LogMessage(L_ERROR, "Unable to rename new config file \"%s\" - %s",
newfile, strerror(errno));
rename(oldfile, conffile);
unlink(newfile);
return (HTTP_SERVER_ERROR);
}
if (strcmp(con->uri, "/admin/conf/cupsd.conf") == 0)
NeedReload = TRUE;
return (HTTP_CREATED);
}
static int
pipe_command(client_t *con,
int infile,
int *outfile,
char *command,
char *options)
{
int pid;
char *commptr;
int fd;
int fds[2];
int argc;
int envc;
char argbuf[10240],
*argv[100],
*envp[100];
char lang[1024],
content_length[1024],
content_type[1024],
ipp_port[1024],
server_port[1024],
server_name[1024],
remote_host[1024],
remote_user[1024],
tmpdir[1024],
ldpath[1024],
nlspath[1024],
datadir[1024],
root[1024],
query_string[10240];
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
sigset_t oldmask,
newmask;
struct sigaction action;
#endif
strlcpy(argbuf, options, sizeof(argbuf));
argv[0] = argbuf;
for (commptr = argbuf, argc = 1; *commptr != '\0' && argc < 99; commptr ++)
if (*commptr == ' ' || *commptr == '+')
{
*commptr++ = '\0';
while (*commptr == ' ')
commptr ++;
if (*commptr != '\0')
{
argv[argc] = commptr;
argc ++;
}
commptr --;
}
else if (*commptr == '%')
{
if (commptr[1] >= '0' && commptr[1] <= '9')
*commptr = (commptr[1] - '0') << 4;
else
*commptr = (tolower(commptr[1]) - 'a' + 10) << 4;
if (commptr[2] >= '0' && commptr[2] <= '9')
*commptr |= commptr[2] - '0';
else
*commptr |= tolower(commptr[2]) - 'a' + 10;
strcpy(commptr + 1, commptr + 3);
}
else if (*commptr == '?')
break;
argv[argc] = NULL;
if (argv[0][0] == '\0')
argv[0] = strrchr(command, '/') + 1;
snprintf(lang, sizeof(lang), "LANG=%s",
con->language ? con->language->language : "C");
sprintf(ipp_port, "IPP_PORT=%d", ntohs(con->http.hostaddr.sin_port));
sprintf(server_port, "SERVER_PORT=%d", ntohs(con->http.hostaddr.sin_port));
snprintf(server_name, sizeof(server_name), "SERVER_NAME=%s", ServerName);
snprintf(remote_host, sizeof(remote_host), "REMOTE_HOST=%s", con->http.hostname);
snprintf(remote_user, sizeof(remote_user), "REMOTE_USER=%s", con->username);
snprintf(tmpdir, sizeof(tmpdir), "TMPDIR=%s", TempDir);
snprintf(datadir, sizeof(datadir), "CUPS_DATADIR=%s", DataDir);
snprintf(root, sizeof(root), "CUPS_SERVERROOT=%s", ServerRoot);
if (getenv("LD_LIBRARY_PATH") != NULL)
snprintf(ldpath, sizeof(ldpath), "LD_LIBRARY_PATH=%s",
getenv("LD_LIBRARY_PATH"));
else if (getenv("DYLD_LIBRARY_PATH") != NULL)
snprintf(ldpath, sizeof(ldpath), "DYLD_LIBRARY_PATH=%s",
getenv("DYLD_LIBRARY_PATH"));
else
ldpath[0] = '\0';
if (getenv("NLSPATH") != NULL)
snprintf(nlspath, sizeof(nlspath), "NLSPATH=%s", getenv("NLSPATH"));
else
nlspath[0] = '\0';
envp[0] = "PATH=/bin:/usr/bin";
envp[1] = "SERVER_SOFTWARE=CUPS/1.1";
envp[2] = "GATEWAY_INTERFACE=CGI/1.1";
envp[3] = "SERVER_PROTOCOL=HTTP/1.1";
envp[4] = ipp_port;
envp[5] = server_name;
envp[6] = server_port;
envp[7] = remote_host;
envp[8] = remote_user;
envp[9] = lang;
envp[10] = TZ;
envp[11] = tmpdir;
envp[12] = datadir;
envp[13] = root;
envc = 14;
if (ldpath[0])
envp[envc ++] = ldpath;
if (nlspath[0])
envp[envc ++] = nlspath;
if (con->operation == HTTP_GET)
{
envp[envc ++] = "REQUEST_METHOD=GET";
if (*commptr)
{
*commptr++ = '\0';
snprintf(query_string, sizeof(query_string), "QUERY_STRING=%s", commptr);
envp[envc ++] = query_string;
}
}
else
{
sprintf(content_length, "CONTENT_LENGTH=%d", con->bytes);
snprintf(content_type, sizeof(content_type), "CONTENT_TYPE=%s",
con->http.fields[HTTP_FIELD_CONTENT_TYPE]);
envp[envc ++] = "REQUEST_METHOD=POST";
envp[envc ++] = content_length;
envp[envc ++] = content_type;
}
if (con->http.encryption == HTTP_ENCRYPT_ALWAYS)
{
envp[envc ++] = "HTTPS=ON";
envp[envc ++] = "CUPS_ENCRYPTION=Always";
}
envp[envc] = NULL;
if (pipe(fds))
{
LogMessage(L_ERROR, "Unable to create pipes for CGI %s - %s",
argv[0], strerror(errno));
return (0);
}
#ifdef HAVE_SIGSET
sighold(SIGTERM);
sighold(SIGCHLD);
#elif defined(HAVE_SIGACTION)
sigemptyset(&newmask);
sigaddset(&newmask, SIGTERM);
sigaddset(&newmask, SIGCHLD);
sigprocmask(SIG_BLOCK, &newmask, &oldmask);
#endif
if ((pid = fork()) == 0)
{
#ifdef HAVE_SIGSET
sigset(SIGCHLD, SIG_DFL);
sigset(SIGTERM, SIG_DFL);
sigrelse(SIGTERM);
sigrelse(SIGCHLD);
#elif defined(HAVE_SIGACTION)
memset(&action, 0, sizeof(action));
sigemptyset(&action.sa_mask);
sigaddset(&action.sa_mask, SIGCHLD);
action.sa_handler = SIG_DFL;
sigaction(SIGCHLD, &action, NULL);
sigemptyset(&action.sa_mask);
sigaddset(&action.sa_mask, SIGTERM);
action.sa_handler = SIG_DFL;
sigaction(SIGTERM, &action, NULL);
sigprocmask(SIG_SETMASK, &oldmask, NULL);
#else
signal(SIGCHLD, SIG_DFL);
signal(SIGTERM, SIG_DFL);
#endif
if (getuid() == 0)
{
if (setgid(Group))
exit(errno);
if (setuid(User))
exit(errno);
}
setgroups(0, NULL);
if (infile)
{
close(0);
if (dup(infile) < 0)
exit(errno);
}
close(1);
if (dup(fds[1]) < 0)
exit(errno);
close(2);
open("/dev/null", O_WRONLY);
for (fd = 3; fd < MaxFDs; fd ++)
close(fd);
umask(077);
execve(command, argv, envp);
exit(errno);
return (0);
}
else if (pid < 0)
{
LogMessage(L_ERROR, "Unable to fork for CGI %s - %s", argv[0],
strerror(errno));
close(fds[0]);
close(fds[1]);
pid = 0;
}
else
{
AddCert(pid, con->username);
LogMessage(L_DEBUG, "CGI %s started - PID = %d", command, pid);
*outfile = fds[0];
close(fds[1]);
}
#ifdef HAVE_SIGSET
sigrelse(SIGTERM);
sigrelse(SIGCHLD);
#elif defined(HAVE_SIGACTION)
sigprocmask(SIG_SETMASK, &oldmask, NULL);
#endif
return (pid);
}