#include <cups/http-private.h>
#include "cupsd.h"
#include <grp.h>
#include <sys/param.h>
#ifdef HAVE_INTTYPES_H
# include <inttypes.h>
#endif
# include <pthread.h>
#ifdef HAVE_DLFCN_H
# include <dlfcn.h>
#endif
#ifdef HAVE_CDSASSL
static OSStatus (*SSLCloseProc)(SSLContextRef context) = NULL;
static OSStatus (*SSLDisposeContextProc)(SSLContextRef context) = NULL;
static OSStatus (*SSLGetBufferedReadSizeProc)(SSLContextRef context, size_t *bufSize) = NULL;
static OSStatus (*SSLHandshakeProc)(SSLContextRef context) = NULL;
static OSStatus (*SSLNewContextProc)(Boolean isServer, SSLContextRef *contextPtr) = NULL;
static OSStatus (*SSLReadProc)(SSLContextRef context, void *data, size_t dataLength, size_t *processed) = NULL;
static OSStatus (*SSLSetCertificateProc)(SSLContextRef context, CFArrayRef certRefs);
static OSStatus (*SSLSetConnectionProc)(SSLContextRef context, SSLConnectionRef connection) = NULL;
static OSStatus (*SSLSetEnableCertVerifyProc)(SSLContextRef context, Boolean enableVerify) = NULL;
static OSStatus (*SSLSetIOFuncsProc)(SSLContextRef context, SSLReadFunc read, SSLWriteFunc write) = NULL;
static OSStatus (*SSLSetPeerDomainNameProc)(SSLContextRef context, const char *peerName, size_t peerNameLen);
static OSStatus (*SSLSetProtocolVersionProc)(SSLContextRef context, SSLProtocol version);
static OSStatus (*SSLWriteProc)(SSLContextRef context, const void *data, size_t dataLength, size_t *processed) = NULL;
CFTypeID (*SecIdentityGetTypeIDProc)(void) = NULL;
OSStatus (*SecIdentitySearchCopyNextProc)(SecIdentitySearchRef searchRef, SecIdentityRef *identity) = NULL;
OSStatus (*SecIdentitySearchCreateProc)(CFTypeRef keychainOrArray, CSSM_KEYUSE keyUsage, SecIdentitySearchRef *searchRef) = NULL;
OSStatus (*SecKeychainOpenProc)(const char *pathName, SecKeychainRef *keychain) = NULL;
static pthread_once_t cdsa_key_once = PTHREAD_ONCE_INIT;
#endif
static int check_if_modified(client_t *con,
struct stat *filestats);
static void decode_auth(client_t *con);
static char *get_file(client_t *con, struct stat *filestats,
char *filename, int len);
static http_status_t install_conf_file(client_t *con);
static int is_path_absolute(const char *path);
static int pipe_command(client_t *con, int infile, int *outfile,
char *command, char *options);
#ifdef HAVE_CDSASSL
static CFArrayRef CDSAGetServerCerts();
static OSStatus CDSAReadFunc(SSLConnectionRef connection, void *data,
size_t *dataLength);
static OSStatus CDSAWriteFunc(SSLConnectionRef connection,
const void *data, size_t *dataLength);
#endif
void
AcceptClient(listener_t *lis)
{
int i;
int count;
int val;
client_t *con,
*current;
unsigned address;
struct hostent *host;
static time_t last_dos = 0;
LogMessage(L_DEBUG2, "AcceptClient(lis=%p) %d NumClients = %d",
lis, lis->fd, NumClients);
if (NumClients == MaxClients)
return;
if ((con = calloc(1, sizeof(client_t))) == NULL)
{
LogMessage(L_ERROR, "Unable to allocate memory for client - %s",
strerror(errno));
return;
}
con->next = Clients;
Clients = con;
NumClients ++;
con->http.activity = time(NULL);
con->file = -1;
val = sizeof(struct sockaddr_in);
if ((con->http.fd = accept(lis->fd, (struct sockaddr *)&(con->http.hostaddr),
&val)) < 0)
{
LogMessage(L_ERROR, "Unable to accept client connection - %s.",
strerror(errno));
CloseClient(con);
return;
}
con->http.hostaddr.sin_port = lis->address.sin_port;
for (count = 0, current = Clients; current != NULL; current = current->next)
if (current != con && memcmp(&(current->http.hostaddr), &(con->http.hostaddr),
sizeof(con->http.hostaddr)) == 0)
{
count ++;
if (count >= MaxClientsPerHost)
break;
}
if (count >= MaxClientsPerHost)
{
if ((time(NULL) - last_dos) >= 60)
{
last_dos = time(NULL);
LogMessage(L_WARN, "Possible DoS attack - more than %d clients connecting from %s!",
MaxClientsPerHost, con->http.hostname);
}
CloseClient(con);
return;
}
#ifdef HAVE_DOMAINSOCKETS
if (con->http.hostaddr.sin_family == AF_LOCAL)
{
address = 0x7f000001;
host = NULL;
}
else
#endif
{
address = ntohl(con->http.hostaddr.sin_addr.s_addr);
if (HostNameLookups)
#ifndef __sgi
host = gethostbyaddr((char *)&(con->http.hostaddr.sin_addr),
sizeof(struct in_addr), AF_INET);
#else
host = gethostbyaddr(&(con->http.hostaddr.sin_addr),
sizeof(struct in_addr), AF_INET);
#endif
else
host = NULL;
}
if (address == 0x7f000001)
{
strlcpy(con->http.hostname, "localhost", sizeof(con->http.hostname));
}
else if (con->http.hostaddr.sin_addr.s_addr == ServerAddr.sin_addr.s_addr)
{
strlcpy(con->http.hostname, ServerName, sizeof(con->http.hostname));
}
else if (host == NULL)
{
sprintf(con->http.hostname, "%d.%d.%d.%d", (address >> 24) & 255,
(address >> 16) & 255, (address >> 8) & 255, address & 255);
if (HostNameLookups == 2)
{
LogMessage(L_WARN, "Name lookup failed - connection from %s closed!",
con->http.hostname);
CloseClient(con);
return;
}
}
else
strlcpy(con->http.hostname, host->h_name, sizeof(con->http.hostname));
if (HostNameLookups == 2 && con->http.hostaddr.sin_family == AF_INET)
{
if ((host = httpGetHostByName(con->http.hostname)) != NULL)
{
if (host->h_length != 4 || host->h_addrtype != AF_INET)
{
host = NULL;
}
else
{
for (i = 0; host->h_addr_list[i]; i ++)
if (memcmp(&(con->http.hostaddr.sin_addr), host->h_addr_list[i], 4) == 0)
break;
if (!host->h_addr_list[i])
host = NULL;
}
}
if (host == NULL)
{
LogMessage(L_WARN, "IP lookup failed - connection from %s closed!",
con->http.hostname);
CloseClient(con);
return;
}
}
LogMessage(L_DEBUG, "AcceptClient: %d from %s:%d.", con->http.fd,
con->http.hostname, ntohs(con->http.hostaddr.sin_port));
val = 1;
setsockopt(con->http.fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val));
fcntl(con->http.fd, F_SETFD, fcntl(con->http.fd, F_GETFD) | FD_CLOEXEC);
LogMessage(L_DEBUG2, "AcceptClient: Adding fd %d to InputSet...",
con->http.fd);
FD_SET(con->http.fd, InputSet);
if (NumClients == MaxClients)
PauseListening();
#ifdef HAVE_SSL
if (lis->encryption == HTTP_ENCRYPT_ALWAYS)
{
con->http.encryption = HTTP_ENCRYPT_ALWAYS;
EncryptClient(con);
}
#endif
}
void
CloseAllClients(void)
{
while (NumClients > 0)
CloseClient(Clients);
}
int
CloseClient(client_t *con)
{
int partial;
client_t *current,
*prev;
#if defined(HAVE_LIBSSL)
SSL_CTX *context;
SSL *conn;
unsigned long error;
#elif defined(HAVE_GNUTLS)
http_tls_t *conn;
int error;
gnutls_certificate_server_credentials *credentials;
#elif defined(HAVE_CDSASSL)
OSStatus status;
#endif
LogMessage(L_DEBUG, "CloseClient: %d", con->http.fd);
partial = 0;
#ifdef HAVE_SSL
if (con->http.tls)
{
partial = 1;
# ifdef HAVE_LIBSSL
conn = (SSL *)(con->http.tls);
context = SSL_get_SSL_CTX(conn);
switch (SSL_shutdown(conn))
{
case 1 :
LogMessage(L_INFO, "CloseClient: SSL shutdown successful!");
break;
case -1 :
LogMessage(L_ERROR, "CloseClient: Fatal error during SSL shutdown!");
default :
while ((error = ERR_get_error()) != 0)
LogMessage(L_ERROR, "CloseClient: %s", ERR_error_string(error, NULL));
break;
}
SSL_CTX_free(context);
SSL_free(conn);
# elif defined(HAVE_GNUTLS)
conn = (http_tls_t *)(con->http.tls);
credentials = (gnutls_certificate_server_credentials *)(conn->credentials);
error = gnutls_bye(conn->session, GNUTLS_SHUT_WR);
switch (error)
{
case GNUTLS_E_SUCCESS:
LogMessage(L_INFO, "CloseClient: SSL shutdown successful!");
break;
default:
LogMessage(L_ERROR, "CloseClient: %s", gnutls_strerror(error));
break;
}
gnutls_deinit(conn->session);
gnutls_certificate_free_credentials(*credentials);
free(credentials);
free(conn);
# elif defined(HAVE_CDSASSL)
status = (*SSLCloseProc)((SSLContextRef)con->http.tls);
(*SSLDisposeContextProc)((SSLContextRef)con->http.tls);
# endif
con->http.tls = NULL;
}
#endif
if (con->http.fd > 0)
{
if (partial)
{
LogMessage(L_DEBUG2, "CloseClient: Removing fd %d from OutputSet...",
con->http.fd);
shutdown(con->http.fd, 0);
FD_CLR(con->http.fd, OutputSet);
}
else
{
LogMessage(L_DEBUG2, "CloseClient: Removing fd %d from InputSet and OutputSet...",
con->http.fd);
close(con->http.fd);
FD_CLR(con->http.fd, InputSet);
FD_CLR(con->http.fd, OutputSet);
con->http.fd = 0;
}
}
if (con->pipe_pid != 0)
{
LogMessage(L_DEBUG2, "CloseClient: %d Killing process ID %d...",
con->http.fd, con->pipe_pid);
kill(con->pipe_pid, SIGKILL);
}
if (con->file >= 0)
{
if (FD_ISSET(con->file, InputSet))
{
LogMessage(L_DEBUG2, "CloseClient: %d Removing fd %d from InputSet...",
con->http.fd, con->file);
FD_CLR(con->file, InputSet);
}
LogMessage(L_DEBUG2, "CloseClient: %d Closing data file %d.",
con->http.fd, con->file);
close(con->file);
con->file = -1;
}
if (!partial)
{
if (con->http.input_set)
free(con->http.input_set);
httpClearCookie(HTTP(con));
ClearString(&con->filename);
ClearString(&con->command);
ClearString(&con->options);
if (con->request)
{
ippDelete(con->request);
con->request = NULL;
}
if (con->response)
{
ippDelete(con->response);
con->response = NULL;
}
if (con->language)
{
cupsLangFree(con->language);
con->language = NULL;
}
if (NumClients == MaxClients)
ResumeListening();
for (current = Clients, prev = NULL; current != NULL; current = current->next)
{
if (current == con)
{
if (prev)
prev->next = current->next;
else
Clients = current->next;
break;
}
prev = current;
}
NumClients --;
free(con);
}
return (partial);
}
int
EncryptClient(client_t *con)
{
#if defined HAVE_LIBSSL
SSL_CTX *context;
SSL *conn;
unsigned long error;
context = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_use_PrivateKey_file(context, ServerKey, SSL_FILETYPE_PEM);
SSL_CTX_use_certificate_file(context, ServerCertificate, SSL_FILETYPE_PEM);
conn = SSL_new(context);
SSL_set_fd(conn, con->http.fd);
if (SSL_accept(conn) != 1)
{
LogMessage(L_ERROR, "EncryptClient: Unable to encrypt connection from %s!",
con->http.hostname);
while ((error = ERR_get_error()) != 0)
LogMessage(L_ERROR, "EncryptClient: %s", ERR_error_string(error, NULL));
SSL_CTX_free(context);
SSL_free(conn);
return (0);
}
LogMessage(L_DEBUG, "EncryptClient: %d Connection from %s now encrypted.",
con->http.fd, con->http.hostname);
con->http.tls = conn;
return (1);
#elif defined(HAVE_GNUTLS)
http_tls_t *conn;
int error;
gnutls_certificate_server_credentials *credentials;
conn = (http_tls_t *)malloc(sizeof(gnutls_session));
if (conn == NULL)
return (0);
credentials = (gnutls_certificate_server_credentials *)
malloc(sizeof(gnutls_certificate_server_credentials));
if (credentials == NULL)
{
LogMessage(L_ERROR, "EncryptClient: Unable to encrypt connection from %s!",
con->http.hostname);
LogMessage(L_ERROR, "EncryptClient: %s", strerror(errno));
free(conn);
return (0);
}
gnutls_certificate_allocate_credentials(credentials);
gnutls_certificate_set_x509_key_file(*credentials, ServerCertificate,
ServerKey, GNUTLS_X509_FMT_PEM);
gnutls_init(&(conn->session), GNUTLS_SERVER);
gnutls_set_default_priority(conn->session);
gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE, *credentials);
gnutls_transport_set_ptr(conn->session, con->http.fd);
error = gnutls_handshake(conn->session);
if (error != GNUTLS_E_SUCCESS)
{
LogMessage(L_ERROR, "EncryptClient: Unable to encrypt connection from %s!",
con->http.hostname);
LogMessage(L_ERROR, "EncryptClient: %s", gnutls_strerror(error));
gnutls_deinit(conn->session);
gnutls_certificate_free_credentials(*credentials);
free(conn);
free(credentials);
return (0);
}
LogMessage(L_DEBUG, "EncryptClient: %d Connection from %s now encrypted.",
con->http.fd, con->http.hostname);
conn->credentials = credentials;
con->http.tls = conn;
return (1);
#elif defined(HAVE_CDSASSL)
OSStatus error;
SSLContextRef conn;
char hostName[MAXHOSTNAMELEN];
conn = NULL;
error = 0;
if (ServerCertificatesArray == NULL)
ServerCertificatesArray = CDSAGetServerCerts();
if (ServerCertificatesArray == NULL)
{
LogMessage(L_ERROR,
"EncryptClient: Could not find signing key in keychain \"%s\"",
ServerCertificate);
error = errSSLBadConfiguration;
}
if (!error)
error = (*SSLNewContextProc)(true, &conn);
if (!error)
error = (*SSLSetIOFuncsProc)(conn, CDSAReadFunc, CDSAWriteFunc);
if (!error)
error = (*SSLSetProtocolVersionProc)(conn, kSSLProtocol3);
if (!error)
error = (*SSLSetConnectionProc)(conn, (SSLConnectionRef)con->http.fd);
if (!error)
{
gethostname(hostName, sizeof(hostName));
error = (*SSLSetPeerDomainNameProc)(conn, hostName, strlen(hostName) + 1);
}
if (!error)
error = (*SSLSetEnableCertVerifyProc)(conn, SSLVerifyCertificates);
if (!error)
error = (*SSLSetCertificateProc)(conn, ServerCertificatesArray);
if (!error)
{
do
{
error = (*SSLHandshakeProc)(conn);
}
while (error == errSSLWouldBlock);
}
if (error)
{
LogMessage(L_ERROR, "EncryptClient: Unable to encrypt connection from %s!",
con->http.hostname);
LogMessage(L_ERROR, "EncryptClient: SSL Error %d", (int)error);
con->http.error = error;
con->http.status = HTTP_ERROR;
if (conn != NULL)
(*SSLDisposeContextProc)(conn);
return (0);
}
LogMessage(L_DEBUG, "EncryptClient: %d Connection from %s now encrypted.",
con->http.fd, con->http.hostname);
con->http.tls = conn;
return (1);
#else
return (0);
#endif
}
int
IsCGI(client_t *con,
const char *filename,
struct stat *filestats,
mime_type_t *type)
{
const char *options;
LogMessage(L_DEBUG2, "IsCGI(con=%p, filename=\"%s\", filestats=%p, type=%s/%s)\n",
con, filename, filestats, type ? type->super : "unknown",
type ? type->type : "unknown");
if ((options = strchr(con->uri, '?')) != NULL)
options ++;
if (!type || strcasecmp(type->super, "application"))
{
LogMessage(L_DEBUG2, "IsCGI: Returning 0...");
return (0);
}
if (!strcasecmp(type->type, "x-httpd-cgi") &&
(filestats->st_mode & 0111))
{
SetString(&con->command, filename);
filename = strrchr(filename, '/') + 1;
if (options)
SetStringf(&con->options, "%s %s", filename, options);
else
SetStringf(&con->options, "%s", filename);
LogMessage(L_DEBUG2, "IsCGI: Returning 1 with command=\"%s\" and options=\"%s\"",
con->command, con->options);
return (1);
}
#ifdef HAVE_JAVA
else if (!strcasecmp(type->type, "x-httpd-java"))
{
SetString(&con->command, CUPS_JAVA);
if (options)
SetStringf(&con->options, "java %s %s", filename, options);
else
SetStringf(&con->options, "java %s", filename);
LogMessage(L_DEBUG2, "IsCGI: Returning 1 with command=\"%s\" and options=\"%s\"",
con->command, con->options);
return (1);
}
#endif
#ifdef HAVE_PERL
else if (!strcasecmp(type->type, "x-httpd-perl"))
{
SetString(&con->command, CUPS_PERL);
if (options)
SetStringf(&con->options, "perl %s %s", filename, options);
else
SetStringf(&con->options, "perl %s", filename);
LogMessage(L_DEBUG2, "IsCGI: Returning 1 with command=\"%s\" and options=\"%s\"",
con->command, con->options);
return (1);
}
#endif
#ifdef HAVE_PHP
else if (!strcasecmp(type->type, "x-httpd-php"))
{
SetString(&con->command, CUPS_PHP);
if (options)
SetStringf(&con->options, "php %s %s", filename, options);
else
SetStringf(&con->options, "php %s", filename);
LogMessage(L_DEBUG2, "IsCGI: Returning 1 with command=\"%s\" and options=\"%s\"",
con->command, con->options);
return (1);
}
#endif
#ifdef HAVE_PYTHON
else if (!strcasecmp(type->type, "x-httpd-python"))
{
SetString(&con->command, CUPS_PYTHON);
if (options)
SetStringf(&con->options, "python %s %s", filename, options);
else
SetStringf(&con->options, "python %s", filename);
LogMessage(L_DEBUG2, "IsCGI: Returning 1 with command=\"%s\" and options=\"%s\"",
con->command, con->options);
return (1);
}
#endif
LogMessage(L_DEBUG2, "IsCGI: Returning 0...");
return (0);
}
int
ReadClient(client_t *con)
{
char line[32768],
operation[64],
version[64],
locale[64],
*ptr;
int major, minor;
http_status_t status;
ipp_state_t ipp_state;
int bytes;
char *filename;
char buf[1024];
struct stat filestats;
mime_type_t *type;
printer_t *p;
location_t *best;
static unsigned request_id = 0;
status = HTTP_CONTINUE;
LogMessage(L_DEBUG2, "ReadClient: %d, used=%d, file=%d", con->http.fd,
con->http.used, con->file);
if (con->http.error)
{
LogMessage(L_DEBUG2, "ReadClient: http error seen...");
return (CloseClient(con));
}
switch (con->http.state)
{
case HTTP_WAITING :
if (httpGets(line, sizeof(line) - 1, HTTP(con)) == NULL)
{
LogMessage(L_DEBUG2, "ReadClient: httpGets returned EOF...");
return (CloseClient(con));
}
if (line[0] == '\0')
break;
httpClearFields(HTTP(con));
con->http.activity = time(NULL);
con->http.version = HTTP_1_0;
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
con->http.data_encoding = HTTP_ENCODE_LENGTH;
con->http.data_remaining = 0;
con->http.deprecated_data_remaining = 0;
con->operation = HTTP_WAITING;
con->bytes = 0;
con->file = -1;
con->file_ready = 0;
con->pipe_pid = 0;
con->username[0] = '\0';
con->password[0] = '\0';
con->uri[0] = '\0';
ClearString(&con->command);
ClearString(&con->options);
if (con->language != NULL)
{
cupsLangFree(con->language);
con->language = NULL;
}
switch (sscanf(line, "%63s%1023s%63s", operation, con->uri, version))
{
case 1 :
LogMessage(L_ERROR, "Bad request line \"%s\" from %s!", line,
con->http.hostname);
SendError(con, HTTP_BAD_REQUEST);
return (CloseClient(con));
case 2 :
con->http.version = HTTP_0_9;
break;
case 3 :
if (sscanf(version, "HTTP/%d.%d", &major, &minor) != 2)
{
LogMessage(L_ERROR, "Bad request line \"%s\" from %s!", line,
con->http.hostname);
SendError(con, HTTP_BAD_REQUEST);
return (CloseClient(con));
}
if (major < 2)
{
con->http.version = (http_version_t)(major * 100 + minor);
if (con->http.version == HTTP_1_1 && KeepAlive)
con->http.keep_alive = HTTP_KEEPALIVE_ON;
else
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
}
else
{
SendError(con, HTTP_NOT_SUPPORTED);
return (CloseClient(con));
}
break;
}
if (con->uri[0] != '/' && strcmp(con->uri, "*"))
{
char method[HTTP_MAX_URI],
userpass[HTTP_MAX_URI],
hostname[HTTP_MAX_URI],
resource[HTTP_MAX_URI];
int port;
httpSeparate(con->uri, method, userpass, hostname, &port, resource);
if (strcasecmp(hostname, ServerName) &&
strcasecmp(hostname, "localhost") &&
!isdigit(hostname[0]))
{
LogMessage(L_ERROR, "Bad URI \"%s\" in request!", con->uri);
SendError(con, HTTP_METHOD_NOT_ALLOWED);
return (CloseClient(con));
}
strcpy(con->uri, resource);
}
if (strcmp(operation, "GET") == 0)
con->http.state = HTTP_GET;
else if (strcmp(operation, "PUT") == 0)
con->http.state = HTTP_PUT;
else if (strcmp(operation, "POST") == 0)
con->http.state = HTTP_POST;
else if (strcmp(operation, "DELETE") == 0)
con->http.state = HTTP_DELETE;
else if (strcmp(operation, "TRACE") == 0)
con->http.state = HTTP_TRACE;
else if (strcmp(operation, "OPTIONS") == 0)
con->http.state = HTTP_OPTIONS;
else if (strcmp(operation, "HEAD") == 0)
con->http.state = HTTP_HEAD;
else
{
LogMessage(L_ERROR, "Bad operation \"%s\"!", operation);
SendError(con, HTTP_BAD_REQUEST);
return (CloseClient(con));
}
con->start = time(NULL);
con->operation = con->http.state;
LogMessage(L_DEBUG, "ReadClient: %d %s %s HTTP/%d.%d", con->http.fd,
operation, con->uri,
con->http.version / 100, con->http.version % 100);
con->http.status = HTTP_OK;
case HTTP_OPTIONS :
case HTTP_DELETE :
case HTTP_GET :
case HTTP_HEAD :
case HTTP_POST :
case HTTP_PUT :
case HTTP_TRACE :
status = httpUpdate(HTTP(con));
if (status != HTTP_OK && status != HTTP_CONTINUE)
{
SendError(con, HTTP_BAD_REQUEST);
return (CloseClient(con));
}
break;
default :
break;
}
if (status == HTTP_OK)
{
if (con->http.fields[HTTP_FIELD_ACCEPT_LANGUAGE][0])
{
if ((ptr = strchr(con->http.fields[HTTP_FIELD_ACCEPT_LANGUAGE], ',')) != NULL)
*ptr = '\0';
if ((ptr = strchr(con->http.fields[HTTP_FIELD_ACCEPT_LANGUAGE], ';')) != NULL)
*ptr = '\0';
if ((ptr = strstr(con->http.fields[HTTP_FIELD_CONTENT_TYPE], "charset=")) != NULL)
{
snprintf(locale, sizeof(locale), "%s.%s",
con->http.fields[HTTP_FIELD_ACCEPT_LANGUAGE], ptr + 8);
if ((ptr = strchr(locale, ',')) != NULL)
*ptr = '\0';
}
else
snprintf(locale, sizeof(locale), "%s.%s",
con->http.fields[HTTP_FIELD_ACCEPT_LANGUAGE], DefaultCharset);
con->language = cupsLangGet(locale);
}
else
con->language = cupsLangGet(DefaultLocale);
decode_auth(con);
if (strncmp(con->http.fields[HTTP_FIELD_CONNECTION], "Keep-Alive", 10) == 0 &&
KeepAlive)
con->http.keep_alive = HTTP_KEEPALIVE_ON;
if (con->http.fields[HTTP_FIELD_HOST][0] == '\0' &&
con->http.version >= HTTP_1_1)
{
if (!SendError(con, HTTP_BAD_REQUEST))
return (CloseClient(con));
}
else if (con->operation == HTTP_OPTIONS)
{
if ((best = FindBest(con->uri, con->http.state)) != NULL &&
best->type != AUTH_NONE)
{
if (!SendHeader(con, HTTP_UNAUTHORIZED, NULL))
return (CloseClient(con));
}
if (strcasecmp(con->http.fields[HTTP_FIELD_CONNECTION], "Upgrade") == 0 &&
con->http.tls == NULL)
{
#ifdef HAVE_SSL
if (!SendHeader(con, HTTP_SWITCHING_PROTOCOLS, NULL))
return (CloseClient(con));
httpPrintf(HTTP(con), "Connection: Upgrade\r\n");
httpPrintf(HTTP(con), "Upgrade: TLS/1.0,HTTP/1.1\r\n");
httpPrintf(HTTP(con), "Content-Length: 0\r\n");
httpPrintf(HTTP(con), "\r\n");
EncryptClient(con);
#else
if (!SendError(con, HTTP_NOT_IMPLEMENTED))
return (CloseClient(con));
#endif
}
if (!SendHeader(con, HTTP_OK, NULL))
return (CloseClient(con));
httpPrintf(HTTP(con), "Allow: GET, HEAD, OPTIONS, POST, PUT\r\n");
httpPrintf(HTTP(con), "Content-Length: 0\r\n");
httpPrintf(HTTP(con), "\r\n");
}
else if (!is_path_absolute(con->uri))
{
if (!SendError(con, HTTP_FORBIDDEN))
return (CloseClient(con));
}
else
{
if (strcasecmp(con->http.fields[HTTP_FIELD_CONNECTION], "Upgrade") == 0 &&
con->http.tls == NULL)
{
#ifdef HAVE_SSL
if (!SendHeader(con, HTTP_SWITCHING_PROTOCOLS, NULL))
return (CloseClient(con));
httpPrintf(HTTP(con), "Connection: Upgrade\r\n");
httpPrintf(HTTP(con), "Upgrade: TLS/1.0,HTTP/1.1\r\n");
httpPrintf(HTTP(con), "Content-Length: 0\r\n");
httpPrintf(HTTP(con), "\r\n");
EncryptClient(con);
#else
if (!SendError(con, HTTP_NOT_IMPLEMENTED))
return (CloseClient(con));
#endif
}
if ((status = IsAuthorized(con)) != HTTP_OK)
{
LogMessage(L_DEBUG2, "ReadClient: Unauthorized request for %s...\n",
con->uri);
SendError(con, status);
return (CloseClient(con));
}
switch (con->http.state)
{
case HTTP_GET_SEND :
if (strncmp(con->uri, "/printers/", 10) == 0 &&
strcmp(con->uri + strlen(con->uri) - 4, ".ppd") == 0)
{
con->uri[strlen(con->uri) - 4] = '\0';
if ((p = FindPrinter(con->uri + 10)) != NULL)
snprintf(con->uri, sizeof(con->uri), "/ppd/%s.ppd", p->name);
else
{
if (!SendError(con, HTTP_NOT_FOUND))
return (CloseClient(con));
break;
}
}
if ((strncmp(con->uri, "/admin", 6) == 0 &&
strncmp(con->uri, "/admin/conf/", 12) != 0) ||
strncmp(con->uri, "/printers", 9) == 0 ||
strncmp(con->uri, "/classes", 8) == 0 ||
strncmp(con->uri, "/jobs", 5) == 0)
{
if (strncmp(con->uri, "/admin", 6) == 0)
{
SetStringf(&con->command, "%s/cgi-bin/admin.cgi", ServerBin);
if ((ptr = strchr(con->uri + 6, '?')) != NULL)
SetStringf(&con->options, "admin%s", ptr);
else
SetString(&con->options, "admin");
}
else if (strncmp(con->uri, "/printers", 9) == 0)
{
SetStringf(&con->command, "%s/cgi-bin/printers.cgi", ServerBin);
SetString(&con->options, con->uri + 9);
}
else if (strncmp(con->uri, "/classes", 8) == 0)
{
SetStringf(&con->command, "%s/cgi-bin/classes.cgi", ServerBin);
SetString(&con->options, con->uri + 8);
}
else
{
SetStringf(&con->command, "%s/cgi-bin/jobs.cgi", ServerBin);
SetString(&con->options, con->uri + 5);
}
if (con->options[0] == '/')
cups_strcpy(con->options, con->options + 1);
if (!SendCommand(con, con->command, con->options))
{
if (!SendError(con, HTTP_NOT_FOUND))
return (CloseClient(con));
}
else
LogRequest(con, HTTP_OK);
if (con->http.version <= HTTP_1_0)
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
}
else if (strncmp(con->uri, "/admin/conf/", 12) == 0 &&
(strchr(con->uri + 12, '/') != NULL ||
strlen(con->uri) == 12))
{
if (!SendError(con, HTTP_FORBIDDEN))
return (CloseClient(con));
break;
}
else
{
if ((filename = get_file(con, &filestats, buf,
sizeof(buf))) == NULL)
{
if (!SendError(con, HTTP_NOT_FOUND))
return (CloseClient(con));
break;
}
type = mimeFileType(MimeDatabase, filename, NULL);
if (IsCGI(con, filename, &filestats, type))
{
if (!SendCommand(con, con->command, con->options))
{
if (!SendError(con, HTTP_NOT_FOUND))
return (CloseClient(con));
}
else
LogRequest(con, HTTP_OK);
if (con->http.version <= HTTP_1_0)
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
break;
}
if (!check_if_modified(con, &filestats))
{
if (!SendError(con, HTTP_NOT_MODIFIED))
return (CloseClient(con));
}
else
{
if (type == NULL)
strcpy(line, "text/plain");
else
snprintf(line, sizeof(line), "%s/%s", type->super, type->type);
if (!SendFile(con, HTTP_OK, filename, line, &filestats))
return (CloseClient(con));
}
}
break;
case HTTP_POST_RECV :
LogMessage(L_DEBUG2, "POST %s", con->uri);
LogMessage(L_DEBUG2, "CONTENT_TYPE = %s", con->http.fields[HTTP_FIELD_CONTENT_TYPE]);
if (con->http.fields[HTTP_FIELD_CONTENT_LENGTH][0] &&
strtoimax(con->http.fields[HTTP_FIELD_CONTENT_LENGTH], (char **)NULL, 10) > MaxRequestSize &&
MaxRequestSize > 0)
{
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
return (CloseClient(con));
break;
}
else if (strtoimax(con->http.fields[HTTP_FIELD_CONTENT_LENGTH], (char **)NULL, 10) < 0)
{
if (!SendError(con, HTTP_BAD_REQUEST))
return (CloseClient(con));
break;
}
if (strcmp(con->http.fields[HTTP_FIELD_CONTENT_TYPE], "application/ipp") == 0)
con->request = ippNew();
else if ((strncmp(con->uri, "/admin", 6) == 0 &&
strncmp(con->uri, "/admin/conf/", 12) != 0) ||
strncmp(con->uri, "/printers", 9) == 0 ||
strncmp(con->uri, "/classes", 8) == 0 ||
strncmp(con->uri, "/jobs", 5) == 0)
{
if (strncmp(con->uri, "/admin", 6) == 0)
{
SetStringf(&con->command, "%s/cgi-bin/admin.cgi", ServerBin);
if ((ptr = strchr(con->uri + 6, '?')) != NULL)
SetStringf(&con->options, "admin%s", ptr);
else
SetString(&con->options, "admin");
}
else if (strncmp(con->uri, "/printers", 9) == 0)
{
SetStringf(&con->command, "%s/cgi-bin/printers.cgi", ServerBin);
SetString(&con->options, con->uri + 9);
}
else if (strncmp(con->uri, "/classes", 8) == 0)
{
SetStringf(&con->command, "%s/cgi-bin/classes.cgi", ServerBin);
SetString(&con->options, con->uri + 8);
}
else
{
SetStringf(&con->command, "%s/cgi-bin/jobs.cgi", ServerBin);
SetString(&con->options, con->uri + 5);
}
if (con->options[0] == '/')
cups_strcpy(con->options, con->options + 1);
LogMessage(L_DEBUG2, "ReadClient: %d command=\"%s\", options = \"%s\"",
con->http.fd, con->command, con->options);
if (con->http.version <= HTTP_1_0)
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
}
else
{
if ((filename = get_file(con, &filestats, buf,
sizeof(buf))) == NULL)
{
if (!SendError(con, HTTP_NOT_FOUND))
return (CloseClient(con));
break;
}
type = mimeFileType(MimeDatabase, filename, NULL);
if (!IsCGI(con, filename, &filestats, type))
{
if (!SendError(con, HTTP_UNAUTHORIZED))
return (CloseClient(con));
}
}
break;
case HTTP_PUT_RECV :
if (strncmp(con->uri, "/admin/conf/", 12) != 0 ||
strchr(con->uri + 12, '/') != NULL ||
strlen(con->uri) == 12)
{
if (!SendError(con, HTTP_FORBIDDEN))
return (CloseClient(con));
break;
}
LogMessage(L_DEBUG2, "PUT %s", con->uri);
LogMessage(L_DEBUG2, "CONTENT_TYPE = %s", con->http.fields[HTTP_FIELD_CONTENT_TYPE]);
if (con->http.fields[HTTP_FIELD_CONTENT_LENGTH][0] &&
strtoimax(con->http.fields[HTTP_FIELD_CONTENT_LENGTH], (char **)NULL, 10) > MaxRequestSize &&
MaxRequestSize > 0)
{
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
return (CloseClient(con));
break;
}
else if (atoi(con->http.fields[HTTP_FIELD_CONTENT_LENGTH]) < 0)
{
if (!SendError(con, HTTP_BAD_REQUEST))
return (CloseClient(con));
break;
}
SetStringf(&con->filename, "%s/%08x", RequestRoot, request_id ++);
con->file = open(con->filename, O_WRONLY | O_CREAT | O_TRUNC, 0640);
LogMessage(L_DEBUG2, "ReadClient: %d REQUEST %s=%d", con->http.fd,
con->filename, con->file);
if (con->file < 0)
{
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
return (CloseClient(con));
}
fchmod(con->file, 0640);
fchown(con->file, RunUser, Group);
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
break;
case HTTP_DELETE :
case HTTP_TRACE :
SendError(con, HTTP_NOT_IMPLEMENTED);
return (CloseClient(con));
case HTTP_HEAD :
if (strncmp(con->uri, "/printers/", 10) == 0 &&
strcmp(con->uri + strlen(con->uri) - 4, ".ppd") == 0)
{
con->uri[strlen(con->uri) - 4] = '\0';
if ((p = FindPrinter(con->uri + 10)) != NULL)
snprintf(con->uri, sizeof(con->uri), "/ppd/%s.ppd", p->name);
else
{
if (!SendError(con, HTTP_NOT_FOUND))
return (CloseClient(con));
break;
}
}
if ((strncmp(con->uri, "/admin/", 7) == 0 &&
strncmp(con->uri, "/admin/conf/", 12) != 0) ||
strncmp(con->uri, "/printers/", 10) == 0 ||
strncmp(con->uri, "/classes/", 9) == 0 ||
strncmp(con->uri, "/jobs/", 6) == 0)
{
if (!SendHeader(con, HTTP_OK, "text/html"))
return (CloseClient(con));
if (httpPrintf(HTTP(con), "\r\n") < 0)
return (CloseClient(con));
LogRequest(con, HTTP_OK);
}
else if (strncmp(con->uri, "/admin/conf/", 12) == 0 &&
(strchr(con->uri + 12, '/') != NULL ||
strlen(con->uri) == 12))
{
if (!SendError(con, HTTP_FORBIDDEN))
return (CloseClient(con));
break;
}
else if ((filename = get_file(con, &filestats, buf,
sizeof(buf))) == NULL)
{
if (!SendHeader(con, HTTP_NOT_FOUND, "text/html"))
return (CloseClient(con));
LogRequest(con, HTTP_NOT_FOUND);
}
else if (!check_if_modified(con, &filestats))
{
if (!SendError(con, HTTP_NOT_MODIFIED))
return (CloseClient(con));
LogRequest(con, HTTP_NOT_MODIFIED);
}
else
{
type = mimeFileType(MimeDatabase, filename, NULL);
if (type == NULL)
strcpy(line, "text/plain");
else
snprintf(line, sizeof(line), "%s/%s", type->super, type->type);
if (!SendHeader(con, HTTP_OK, line))
return (CloseClient(con));
if (httpPrintf(HTTP(con), "Last-Modified: %s\r\n",
httpGetDateString(filestats.st_mtime)) < 0)
return (CloseClient(con));
if (httpPrintf(HTTP(con), "Content-Length: %" PRIdMAX "\r\n",
(intmax_t)filestats.st_size) < 0)
return (CloseClient(con));
LogRequest(con, HTTP_OK);
}
if (httpPrintf(HTTP(con), "\r\n") < 0)
return (CloseClient(con));
con->http.state = HTTP_WAITING;
break;
default :
break;
}
}
}
switch (con->http.state)
{
case HTTP_PUT_RECV :
LogMessage(L_DEBUG2, "ReadClient() %d con->data_encoding = %s, con->data_remaining = %" PRIdMAX ", con->file = %d",
con->http.fd,
con->http.data_encoding == HTTP_ENCODE_CHUNKED ? "chunked" : "length",
(intmax_t)con->http.data_remaining, con->file);
if ((bytes = httpRead(HTTP(con), line, sizeof(line))) < 0)
return (CloseClient(con));
else if (bytes > 0)
{
con->bytes += bytes;
LogMessage(L_DEBUG2, "ReadClient: %d writing %d bytes to %d",
con->http.fd, bytes, con->file);
if (write(con->file, line, bytes) < bytes)
{
LogMessage(L_ERROR, "ReadClient: Unable to write %d bytes to %s: %s",
bytes, con->filename, strerror(errno));
close(con->file);
con->file = -1;
unlink(con->filename);
ClearString(&con->filename);
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
return (CloseClient(con));
}
}
if (con->http.state == HTTP_WAITING)
{
fstat(con->file, &filestats);
LogMessage(L_DEBUG2, "ReadClient() %d Closing data file %d, size = %" PRIdMAX ".",
con->http.fd, con->file, (intmax_t)filestats.st_size);
close(con->file);
con->file = -1;
if (filestats.st_size > MaxRequestSize &&
MaxRequestSize > 0)
{
LogMessage(L_DEBUG2, "ReadClient: %d Removing temp file %s",
con->http.fd, con->filename);
unlink(con->filename);
ClearString(&con->filename);
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
return (CloseClient(con));
}
status = install_conf_file(con);
if (!SendError(con, status))
return (CloseClient(con));
}
break;
case HTTP_POST_RECV :
LogMessage(L_DEBUG2, "ReadClient() %d con->data_encoding = %s, con->data_remaining = %" PRIdMAX ", con->file = %d",
con->http.fd,
con->http.data_encoding == HTTP_ENCODE_CHUNKED ? "chunked" : "length",
(intmax_t)con->http.data_remaining, con->file);
if (con->request != NULL)
{
if ((ipp_state = ippRead(&(con->http), con->request)) == IPP_ERROR)
{
LogMessage(L_ERROR, "ReadClient: %d IPP Read Error!",
con->http.fd);
SendError(con, HTTP_BAD_REQUEST);
return (CloseClient(con));
}
else if (ipp_state != IPP_DATA)
break;
else
con->bytes += ippLength(con->request);
}
if (con->file < 0 && con->http.state != HTTP_POST_SEND)
{
SetStringf(&con->filename, "%s/%08x", RequestRoot, request_id ++);
con->file = open(con->filename, O_WRONLY | O_CREAT | O_TRUNC, 0640);
LogMessage(L_DEBUG2, "ReadClient: %d REQUEST %s=%d", con->http.fd,
con->filename, con->file);
if (con->file < 0)
{
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
return (CloseClient(con));
}
fchmod(con->file, 0640);
fchown(con->file, RunUser, Group);
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
}
if (con->http.state != HTTP_POST_SEND)
{
if ((bytes = httpRead(HTTP(con), line, sizeof(line))) < 0)
return (CloseClient(con));
else if (bytes > 0)
{
con->bytes += bytes;
LogMessage(L_DEBUG2, "ReadClient: %d writing %d bytes to %d",
con->http.fd, bytes, con->file);
if (write(con->file, line, bytes) < bytes)
{
LogMessage(L_ERROR, "ReadClient: Unable to write %d bytes to %s: %s",
bytes, con->filename, strerror(errno));
close(con->file);
con->file = -1;
unlink(con->filename);
ClearString(&con->filename);
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
return (CloseClient(con));
}
}
else if (con->http.state == HTTP_POST_RECV)
return (1);
else if (con->http.state != HTTP_POST_SEND)
return (CloseClient(con));
}
if (con->http.state == HTTP_POST_SEND)
{
if (con->file >= 0)
{
fstat(con->file, &filestats);
LogMessage(L_DEBUG2, "ReadClient() %d Closing data file %d, size = %" PRIdMAX ".",
con->http.fd, con->file, (intmax_t)filestats.st_size);
close(con->file);
con->file = -1;
if (filestats.st_size > MaxRequestSize &&
MaxRequestSize > 0)
{
LogMessage(L_DEBUG2, "ReadClient: %d Removing temp file %s",
con->http.fd, con->filename);
unlink(con->filename);
ClearString(&con->filename);
if (con->request)
{
ippDelete(con->request);
con->request = NULL;
}
if (!SendError(con, HTTP_REQUEST_TOO_LARGE))
return (CloseClient(con));
}
if (con->command)
{
if (!SendCommand(con, con->command, con->options))
{
if (!SendError(con, HTTP_NOT_FOUND))
return (CloseClient(con));
}
else
LogRequest(con, HTTP_OK);
}
}
if (con->request)
return (ProcessIPPRequest(con));
}
break;
default :
break;
}
if (!con->http.keep_alive && con->http.state == HTTP_WAITING)
return (CloseClient(con));
else
return (1);
}
int
SendCommand(client_t *con,
char *command,
char *options)
{
int fd;
if (con->filename)
fd = open(con->filename, O_RDONLY);
else
fd = open("/dev/null", O_RDONLY);
if (fd < 0)
{
LogMessage(L_ERROR, "SendCommand: %d Unable to open \"%s\" for reading: %s",
con->http.fd, con->filename ? con->filename : "/dev/null",
strerror(errno));
return (0);
}
fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
con->pipe_pid = pipe_command(con, fd, &(con->file), command, options);
close(fd);
LogMessage(L_INFO, "Started \"%s\" (pid=%d)", command, con->pipe_pid);
LogMessage(L_DEBUG, "SendCommand: %d file=%d", con->http.fd, con->file);
if (con->pipe_pid == 0)
return (0);
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
LogMessage(L_DEBUG2, "SendCommand: Adding fd %d to InputSet...", con->file);
LogMessage(L_DEBUG2, "SendCommand: Adding fd %d to OutputSet...",
con->http.fd);
FD_SET(con->file, InputSet);
FD_SET(con->http.fd, OutputSet);
if (!SendHeader(con, HTTP_OK, NULL))
return (0);
if (con->http.version == HTTP_1_1)
{
con->http.data_encoding = HTTP_ENCODE_CHUNKED;
if (httpPrintf(HTTP(con), "Transfer-Encoding: chunked\r\n") < 0)
return (0);
}
con->file_ready = 0;
con->got_fields = 0;
con->field_col = 0;
return (1);
}
int
SendError(client_t *con,
http_status_t code)
{
char message[1024];
LogRequest(con, code);
LogMessage(L_DEBUG, "SendError: %d code=%d (%s)", con->http.fd, code,
httpStatus(code));
if (code >= HTTP_BAD_REQUEST)
con->http.keep_alive = HTTP_KEEPALIVE_OFF;
if (!SendHeader(con, code, NULL))
return (0);
#ifdef HAVE_SSL
if (code == HTTP_UPGRADE_REQUIRED)
if (httpPrintf(HTTP(con), "Connection: Upgrade\r\n") < 0)
return (0);
if (httpPrintf(HTTP(con), "Upgrade: TLS/1.0,HTTP/1.1\r\n") < 0)
return (0);
#endif
if ((con->http.version >= HTTP_1_1 && !con->http.keep_alive) ||
(code >= HTTP_BAD_REQUEST && code != HTTP_UPGRADE_REQUIRED))
{
if (httpPrintf(HTTP(con), "Connection: close\r\n") < 0)
return (0);
}
if (code >= HTTP_BAD_REQUEST)
{
snprintf(message, sizeof(message),
"<HTML><HEAD><TITLE>%d %s</TITLE></HEAD>"
"<BODY><H1>%s</H1>%s</BODY></HTML>\n",
code, httpStatus(code), httpStatus(code),
con->language ? con->language->messages[code] :
httpStatus(code));
if (httpPrintf(HTTP(con), "Content-Type: text/html\r\n") < 0)
return (0);
if (httpPrintf(HTTP(con), "Content-Length: %d\r\n",
(int)strlen(message)) < 0)
return (0);
if (httpPrintf(HTTP(con), "\r\n") < 0)
return (0);
if (httpPrintf(HTTP(con), "%s", message) < 0)
return (0);
}
else if (httpPrintf(HTTP(con), "\r\n") < 0)
return (0);
con->http.state = HTTP_WAITING;
return (1);
}
int
SendFile(client_t *con,
http_status_t code,
char *filename,
char *type,
struct stat *filestats)
{
con->file = open(filename, O_RDONLY);
LogMessage(L_DEBUG, "SendFile: %d file=%d", con->http.fd, con->file);
if (con->file < 0)
return (0);
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
con->pipe_pid = 0;
if (!SendHeader(con, code, type))
return (0);
if (httpPrintf(HTTP(con), "Last-Modified: %s\r\n", httpGetDateString(filestats->st_mtime)) < 0)
return (0);
if (httpPrintf(HTTP(con), "Content-Length: %" PRIdMAX "\r\n",
(intmax_t)filestats->st_size) < 0)
return (0);
if (httpPrintf(HTTP(con), "\r\n") < 0)
return (0);
LogMessage(L_DEBUG2, "SendFile: Adding fd %d to OutputSet...", con->http.fd);
FD_SET(con->http.fd, OutputSet);
return (1);
}
int
SendHeader(client_t *con,
http_status_t code,
char *type)
{
location_t *loc;
if (httpPrintf(HTTP(con), "HTTP/%d.%d %d %s\r\n", con->http.version / 100,
con->http.version % 100, code, httpStatus(code)) < 0)
return (0);
if (httpPrintf(HTTP(con), "Date: %s\r\n", httpGetDateString(time(NULL))) < 0)
return (0);
if (ServerHeader)
if (httpPrintf(HTTP(con), "Server: %s\r\n", ServerHeader) < 0)
return (0);
if (con->http.keep_alive && con->http.version >= HTTP_1_0)
{
if (httpPrintf(HTTP(con), "Connection: Keep-Alive\r\n") < 0)
return (0);
if (httpPrintf(HTTP(con), "Keep-Alive: timeout=%d\r\n", KeepAliveTimeout) < 0)
return (0);
}
if (code == HTTP_METHOD_NOT_ALLOWED)
if (httpPrintf(HTTP(con), "Allow: GET, HEAD, OPTIONS, POST\r\n") < 0)
return (0);
if (code == HTTP_UNAUTHORIZED)
{
loc = FindBest(con->uri, con->http.state);
if (loc->type != AUTH_DIGEST)
{
if (httpPrintf(HTTP(con), "WWW-Authenticate: Basic realm=\"CUPS\"\r\n") < 0)
return (0);
}
else
{
if (httpPrintf(HTTP(con), "WWW-Authenticate: Digest realm=\"CUPS\", "
"nonce=\"%s\"\r\n", con->http.hostname) < 0)
return (0);
}
}
if (con->language != NULL)
{
if (httpPrintf(HTTP(con), "Content-Language: %s\r\n",
con->language->language) < 0)
return (0);
if (type != NULL)
if (httpPrintf(HTTP(con), "Content-Type: %s; charset=%s\r\n", type,
cupsLangEncoding(con->language)) < 0)
return (0);
}
else if (type != NULL)
if (httpPrintf(HTTP(con), "Content-Type: %s\r\n", type) < 0)
return (0);
return (1);
}
void
UpdateCGI(void)
{
int bytes;
char *lineptr,
*message;
int loglevel;
static int bufused = 0;
static char buffer[1024];
if ((bytes = read(CGIPipes[0], buffer + bufused,
sizeof(buffer) - bufused - 1)) > 0)
{
bufused += bytes;
buffer[bufused] = '\0';
lineptr = strchr(buffer, '\n');
}
else if (bytes < 0 && errno == EINTR)
return;
else
{
lineptr = buffer + bufused;
lineptr[1] = 0;
}
if (bytes == 0 && bufused == 0)
lineptr = NULL;
while (lineptr != NULL)
{
*lineptr++ = '\0';
if (strncmp(buffer, "EMERG:", 6) == 0)
{
loglevel = L_EMERG;
message = buffer + 6;
}
else if (strncmp(buffer, "ALERT:", 6) == 0)
{
loglevel = L_ALERT;
message = buffer + 6;
}
else if (strncmp(buffer, "CRIT:", 5) == 0)
{
loglevel = L_CRIT;
message = buffer + 5;
}
else if (strncmp(buffer, "ERROR:", 6) == 0)
{
loglevel = L_ERROR;
message = buffer + 6;
}
else if (strncmp(buffer, "WARNING:", 8) == 0)
{
loglevel = L_WARN;
message = buffer + 8;
}
else if (strncmp(buffer, "NOTICE:", 6) == 0)
{
loglevel = L_NOTICE;
message = buffer + 6;
}
else if (strncmp(buffer, "INFO:", 5) == 0)
{
loglevel = L_INFO;
message = buffer + 5;
}
else if (strncmp(buffer, "DEBUG:", 6) == 0)
{
loglevel = L_DEBUG;
message = buffer + 6;
}
else if (strncmp(buffer, "DEBUG2:", 7) == 0)
{
loglevel = L_DEBUG2;
message = buffer + 7;
}
else if (strncmp(buffer, "PAGE:", 5) == 0)
{
loglevel = L_PAGE;
message = buffer + 5;
}
else
{
loglevel = L_DEBUG;
message = buffer;
}
while (isspace(*message))
message ++;
LogMessage(loglevel, "[CGI] %s", message);
strcpy(buffer, lineptr);
bufused -= lineptr - buffer;
if (bufused < 0)
bufused = 0;
lineptr = strchr(buffer, '\n');
}
if (bytes <= 0)
{
LogMessage(L_ERROR, "UpdateCGI: error reading from CGI error pipe - %s",
strerror(errno));
}
}
int
WriteClient(client_t *con)
{
int bytes;
char buf[HTTP_MAX_BUFFER + 1];
char *bufptr;
ipp_state_t ipp_state;
#ifdef DEBUG
LogMessage(L_DEBUG2, "WriteClient(con=%p) %d response=%p, file=%d pipe_pid=%d",
con, con->http.fd, con->response, con->file, con->pipe_pid);
#endif
if (con->http.state != HTTP_GET_SEND &&
con->http.state != HTTP_POST_SEND)
return (1);
if (con->response != NULL)
{
ipp_state = ippWrite(&(con->http), con->response);
bytes = ipp_state != IPP_ERROR && ipp_state != IPP_DATA;
}
else if ((bytes = read(con->file, buf, HTTP_MAX_BUFFER)) > 0)
{
#ifdef DEBUG
LogMessage(L_DEBUG2, "WriteClient: Read %d bytes from file %d...",
bytes, con->file);
#endif
if (con->pipe_pid && !con->got_fields)
{
buf[bytes] = '\0';
for (bufptr = buf; !con->got_fields && *bufptr; bufptr ++)
if (*bufptr == '\n')
{
if (bufptr > buf && bufptr[-1] == '\r')
bufptr[-1] = '\0';
*bufptr++ = '\0';
httpPrintf(HTTP(con), "%s\r\n", buf);
LogMessage(L_DEBUG2, "WriteClient: %d %s", con->http.fd, buf);
bytes -= (bufptr - buf);
memmove(buf, bufptr, bytes + 1);
bufptr = buf - 1;
if (con->field_col == 0)
con->got_fields = 1;
else
con->field_col = 0;
}
else if (*bufptr != '\r')
con->field_col ++;
if (bytes > 0 && !con->got_fields)
{
httpPrintf(HTTP(con), "%s", buf);
con->http.activity = time(NULL);
return (1);
}
else if (bytes == 0)
{
con->http.activity = time(NULL);
return (1);
}
}
if (httpWrite(HTTP(con), buf, bytes) < 0)
{
CloseClient(con);
return (0);
}
con->bytes += bytes;
}
if (bytes <= 0)
{
LogRequest(con, HTTP_OK);
if (con->http.data_encoding == HTTP_ENCODE_CHUNKED)
{
if (httpPrintf(HTTP(con), "0\r\n\r\n") < 0)
{
CloseClient(con);
return (0);
}
}
con->http.state = HTTP_WAITING;
LogMessage(L_DEBUG2, "WriteClient: Removing fd %d from OutputSet...",
con->http.fd);
FD_CLR(con->http.fd, OutputSet);
if (con->file >= 0)
{
if (FD_ISSET(con->file, InputSet))
{
LogMessage(L_DEBUG2, "WriteClient: Removing fd %d from InputSet...",
con->file);
FD_CLR(con->file, InputSet);
}
if (con->pipe_pid)
kill(con->pipe_pid, SIGTERM);
LogMessage(L_DEBUG2, "WriteClient: %d Closing data file %d.",
con->http.fd, con->file);
close(con->file);
con->file = -1;
con->pipe_pid = 0;
}
if (con->filename)
{
LogMessage(L_DEBUG2, "WriteClient: %d Removing temp file %s",
con->http.fd, con->filename);
unlink(con->filename);
ClearString(&con->filename);
}
if (con->request != NULL)
{
ippDelete(con->request);
con->request = NULL;
}
if (con->response != NULL)
{
ippDelete(con->response);
con->response = NULL;
}
ClearString(&con->command);
ClearString(&con->options);
if (!con->http.keep_alive)
{
CloseClient(con);
return (0);
}
}
else
{
con->file_ready = 0;
if (con->pipe_pid && !FD_ISSET(con->file, InputSet))
{
LogMessage(L_DEBUG2, "WriteClient: Adding fd %d to InputSet...", con->file);
FD_SET(con->file, InputSet);
}
}
if (bytes >= 1024)
LogMessage(L_DEBUG2, "WriteClient: %d %d bytes", con->http.fd, bytes);
con->http.activity = time(NULL);
return (1);
}
static int
check_if_modified(client_t *con,
struct stat *filestats)
{
char *ptr;
time_t date;
int size;
size = 0;
date = 0;
ptr = con->http.fields[HTTP_FIELD_IF_MODIFIED_SINCE];
if (*ptr == '\0')
return (1);
LogMessage(L_DEBUG2, "check_if_modified: %d If-Modified-Since=\"%s\"",
con->http.fd, ptr);
while (*ptr != '\0')
{
while (isspace(*ptr) || *ptr == ';')
ptr ++;
if (strncasecmp(ptr, "length=", 7) == 0)
{
ptr += 7;
size = atoi(ptr);
while (isdigit(*ptr))
ptr ++;
}
else if (isalpha(*ptr))
{
date = httpGetDateTime(ptr);
while (*ptr != '\0' && *ptr != ';')
ptr ++;
}
}
LogMessage(L_DEBUG2, "check_if_modified() %d sizes=%d,%" PRIdMAX " dates=%d,%d",
con->http.fd, size, (intmax_t)filestats->st_size, (int)date,
(int)filestats->st_mtime);
return ((size != filestats->st_size && size != 0) ||
(date < filestats->st_mtime && date != 0) ||
(size == 0 && date == 0));
}
static void
decode_auth(client_t *con)
{
char *s,
value[1024];
const char *username;
s = con->http.fields[HTTP_FIELD_AUTHORIZATION];
LogMessage(L_DEBUG2, "decode_auth(%p): Authorization string = \"%s\"",
con, s);
if (strncmp(s, "Basic", 5) == 0)
{
s += 5;
while (isspace(*s))
s ++;
httpDecode64(value, s);
if ((s = strchr(value, ':')) == NULL)
{
LogMessage(L_DEBUG, "decode_auth: %d no colon in auth string \"%s\"",
con->http.fd, value);
return;
}
*s++ = '\0';
strlcpy(con->username, value, sizeof(con->username));
strlcpy(con->password, s, sizeof(con->password));
}
else if (strncmp(s, "Local", 5) == 0)
{
s += 5;
while (isspace(*s))
s ++;
if ((username = FindCert(s)) != NULL)
strlcpy(con->username, username, sizeof(con->username));
}
else if (strncmp(s, "Digest", 5) == 0)
{
if (httpGetSubField(&(con->http), HTTP_FIELD_AUTHORIZATION, "username",
value))
strlcpy(con->username, value, sizeof(con->username));
if (httpGetSubField(&(con->http), HTTP_FIELD_AUTHORIZATION, "response",
value))
strlcpy(con->password, value, sizeof(con->password));
}
LogMessage(L_DEBUG2, "decode_auth: %d username=\"%s\"",
con->http.fd, con->username);
}
static char *
get_file(client_t *con,
struct stat *filestats,
char *filename,
int len)
{
int status;
char *ptr;
int plen;
if (strncmp(con->uri, "/ppd/", 5) == 0)
snprintf(filename, len, "%s%s", ServerRoot, con->uri);
else if (strncmp(con->uri, "/admin/conf/", 12) == 0)
snprintf(filename, len, "%s%s", ServerRoot, con->uri + 11);
else if (con->language != NULL)
snprintf(filename, len, "%s/%s%s", DocumentRoot, con->language->language,
con->uri);
else
snprintf(filename, len, "%s%s", DocumentRoot, con->uri);
if ((ptr = strchr(filename, '?')) != NULL)
*ptr = '\0';
if ((status = stat(filename, filestats)) != 0 && con->language != NULL)
{
if (strncmp(con->uri, "/ppd/", 5) != 0 &&
strncmp(con->uri, "/admin/conf/", 12) != 0)
{
snprintf(filename, len, "%s%s", DocumentRoot, con->uri);
if ((ptr = strchr(filename, '?')) != NULL)
*ptr = '\0';
status = stat(filename, filestats);
}
}
if (!status && S_ISDIR(filestats->st_mode))
{
if (filename[strlen(filename) - 1] != '/')
strlcat(filename, "/", len);
ptr = filename + strlen(filename);
plen = len - (ptr - filename);
strlcpy(ptr, "index.html", plen);
status = stat(filename, filestats);
#ifdef HAVE_JAVA
if (status)
{
strlcpy(ptr, "index.class", plen);
status = stat(filename, filestats);
}
#endif
#ifdef HAVE_PERL
if (status)
{
strlcpy(ptr, "index.pl", plen);
status = stat(filename, filestats);
}
#endif
#ifdef HAVE_PHP
if (status)
{
strlcpy(ptr, "index.php", plen);
status = stat(filename, filestats);
}
#endif
#ifdef HAVE_PYTHON
if (status)
{
strlcpy(ptr, "index.pyc", plen);
status = stat(filename, filestats);
}
if (status)
{
strlcpy(ptr, "index.py", plen);
status = stat(filename, filestats);
}
#endif
}
LogMessage(L_DEBUG2, "get_file() %d filename=%s size=%" PRIdMAX "",
con->http.fd, filename, status ? -1 : (intmax_t)filestats->st_size);
if (status)
return (NULL);
else
return (filename);
}
static http_status_t
install_conf_file(client_t *con)
{
cups_file_t *in,
*out;
char buffer[1024];
int bytes;
char conffile[1024],
newfile[1024],
oldfile[1024];
struct stat confinfo;
snprintf(conffile, sizeof(conffile), "%s%s", ServerRoot, con->uri + 11);
snprintf(newfile, sizeof(newfile), "%s%s.N", ServerRoot, con->uri + 11);
snprintf(oldfile, sizeof(oldfile), "%s%s.O", ServerRoot, con->uri + 11);
LogMessage(L_INFO, "Installing config file \"%s\"...", conffile);
if (stat(conffile, &confinfo))
{
confinfo.st_uid = User;
confinfo.st_gid = Group;
confinfo.st_mode = ConfigFilePerm;
}
if ((in = cupsFileOpen(con->filename, "rb")) == NULL)
{
LogMessage(L_ERROR, "Unable to open request file \"%s\" - %s",
con->filename, strerror(errno));
return (HTTP_SERVER_ERROR);
}
if ((out = cupsFileOpen(newfile, "wb")) == NULL)
{
cupsFileClose(in);
LogMessage(L_ERROR, "Unable to open config file \"%s\" - %s",
newfile, strerror(errno));
return (HTTP_SERVER_ERROR);
}
fchmod(cupsFileNumber(out), confinfo.st_mode);
fchown(cupsFileNumber(out), confinfo.st_uid, confinfo.st_gid);
while ((bytes = cupsFileRead(in, buffer, sizeof(buffer))) > 0)
if (cupsFileWrite(out, buffer, bytes) < bytes)
{
LogMessage(L_ERROR, "Unable to copy to config file \"%s\" - %s",
newfile, strerror(errno));
cupsFileClose(in);
cupsFileClose(out);
unlink(newfile);
return (HTTP_SERVER_ERROR);
}
cupsFileClose(in);
if (cupsFileClose(out))
{
LogMessage(L_ERROR, "Error file closing config file \"%s\" - %s",
newfile, strerror(errno));
unlink(newfile);
return (HTTP_SERVER_ERROR);
}
unlink(con->filename);
ClearString(&con->filename);
if (unlink(oldfile))
if (errno != ENOENT)
{
LogMessage(L_ERROR, "Unable to remove backup config file \"%s\" - %s",
oldfile, strerror(errno));
unlink(newfile);
return (HTTP_SERVER_ERROR);
}
if (rename(conffile, oldfile))
if (errno != ENOENT)
{
LogMessage(L_ERROR, "Unable to rename old config file \"%s\" - %s",
conffile, strerror(errno));
unlink(newfile);
return (HTTP_SERVER_ERROR);
}
if (rename(newfile, conffile))
{
LogMessage(L_ERROR, "Unable to rename new config file \"%s\" - %s",
newfile, strerror(errno));
rename(oldfile, conffile);
unlink(newfile);
return (HTTP_SERVER_ERROR);
}
if (strcmp(con->uri, "/admin/conf/cupsd.conf") == 0)
NeedReload = RELOAD_CUPSD;
else
NeedReload = RELOAD_ALL;
ReloadTime = time(NULL);
return (HTTP_CREATED);
}
static int
is_path_absolute(const char *path)
{
if (path[0] != '/')
return (0);
while ((path = strstr(path, "/..")) != NULL)
{
if (!path[3] || path[3] == '/')
return (0);
path ++;
}
return (1);
}
static int
pipe_command(client_t *con,
int infile,
int *outfile,
char *command,
char *options)
{
int i;
int pid;
char *commptr;
char *uriptr;
int fds[2];
int argc;
int envc;
char argbuf[10240],
*argv[100],
*envp[100];
char content_length[1024],
content_type[1024],
cups_datadir[1024],
cups_serverroot[1024],
http_cookie[1024],
http_user_agent[1024],
ipp_port[1024],
lang[1024],
ld_library_path[1024],
ld_preload[1024],
dyld_library_path[1024],
shlib_path[1024],
nlspath[1024],
*query_string,
remote_addr[1024],
remote_host[1024],
remote_user[1024],
script_name[1024],
server_name[1024],
server_port[1024],
tmpdir[1024],
vg_args[1024],
ld_assume_kernel[1024];
unsigned address;
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
struct sigaction action;
#endif
static const char * const locale_encodings[] =
{
"ASCII",
"ISO8859-1",
"ISO8859-2",
"ISO8859-3",
"ISO8859-4",
"ISO8859-5",
"ISO8859-6",
"ISO8859-7",
"ISO8859-8",
"ISO8859-9",
"ISO8859-10",
"UTF-8",
"ISO8859-13",
"ISO8859-14",
"ISO8859-15",
"CP874",
"CP1250",
"CP1251",
"CP1252",
"CP1253",
"CP1254",
"CP1255",
"CP1256",
"CP1257",
"CP1258",
"KOI8R",
"KOI8U"
};
static const char * const encryptions[] =
{
"CUPS_ENCRYPTION=IfRequested",
"CUPS_ENCRYPTION=Never",
"CUPS_ENCRYPTION=Required",
"CUPS_ENCRYPTION=Always"
};
LogMessage(L_DEBUG2, "pipe_command: command=\"%s\", options=\"%s\"",
command, options);
strlcpy(argbuf, options, sizeof(argbuf));
argv[0] = argbuf;
query_string = NULL;
for (commptr = argbuf, argc = 1; *commptr != '\0' && argc < 99; commptr ++)
{
if (*commptr == ' ' || *commptr == '+' || (*commptr == '?' && argc == 1))
{
*commptr++ = '\0';
while (*commptr == ' ')
commptr ++;
if (*commptr)
{
argv[argc] = commptr;
argc ++;
}
else
break;
if (argc == 2 && strchr(commptr, '=') && con->operation == HTTP_GET)
SetStringf(&query_string, "QUERY_STRING=%s", commptr);
commptr --;
}
else if (*commptr == '%' && isxdigit(commptr[1] & 255) &&
isxdigit(commptr[2] & 255))
{
if (commptr[1] >= '0' && commptr[1] <= '9')
*commptr = (commptr[1] - '0') << 4;
else
*commptr = (tolower(commptr[1]) - 'a' + 10) << 4;
if (commptr[2] >= '0' && commptr[2] <= '9')
*commptr |= commptr[2] - '0';
else
*commptr |= tolower(commptr[2]) - 'a' + 10;
cups_strcpy(commptr + 1, commptr + 3);
if (!*commptr)
break;
}
}
argv[argc] = NULL;
if (argv[0][0] == '\0')
argv[0] = strrchr(command, '/') + 1;
address = ntohl(con->http.hostaddr.sin_addr.s_addr);
if (con->language)
snprintf(lang, sizeof(lang), "LANG=%s.%s", con->language->language,
locale_encodings[con->language->encoding]);
else
strcpy(lang, "LANG=C");
sprintf(ipp_port, "IPP_PORT=%d", LocalPort);
sprintf(server_port, "SERVER_PORT=%d", ntohs(con->http.hostaddr.sin_port));
if (!strcmp(con->http.hostname, "localhost"))
strlcpy(server_name, "SERVER_NAME=localhost", sizeof(server_name));
else
snprintf(server_name, sizeof(server_name), "SERVER_NAME=%s", ServerName);
snprintf(remote_host, sizeof(remote_host), "REMOTE_HOST=%s", con->http.hostname);
snprintf(remote_addr, sizeof(remote_addr), "REMOTE_ADDR=%d.%d.%d.%d",
(address >> 24) & 255, (address >> 16) & 255,
(address >> 8) & 255, address & 255);
snprintf(remote_user, sizeof(remote_user), "REMOTE_USER=%s", con->username);
snprintf(tmpdir, sizeof(tmpdir), "TMPDIR=%s", TempDir);
snprintf(cups_datadir, sizeof(cups_datadir), "CUPS_DATADIR=%s", DataDir);
snprintf(cups_serverroot, sizeof(cups_serverroot), "CUPS_SERVERROOT=%s", ServerRoot);
envc = 0;
envp[envc ++] = "PATH=/bin:/usr/bin";
envp[envc ++] = "SERVER_SOFTWARE=CUPS/1.1";
envp[envc ++] = "GATEWAY_INTERFACE=CGI/1.1";
if (con->http.version == HTTP_1_1)
envp[envc ++] = "SERVER_PROTOCOL=HTTP/1.1";
else if (con->http.version == HTTP_1_0)
envp[envc ++] = "SERVER_PROTOCOL=HTTP/1.0";
else
envp[envc ++] = "SERVER_PROTOCOL=HTTP/0.9";
envp[envc ++] = "REDIRECT_STATUS=1";
envp[envc ++] = "CUPS_SERVER=localhost";
envp[envc ++] = ipp_port;
envp[envc ++] = server_name;
envp[envc ++] = server_port;
envp[envc ++] = remote_addr;
envp[envc ++] = remote_host;
envp[envc ++] = remote_user;
envp[envc ++] = lang;
envp[envc ++] = TZ;
envp[envc ++] = tmpdir;
envp[envc ++] = cups_datadir;
envp[envc ++] = cups_serverroot;
if (getenv("VG_ARGS") != NULL)
{
snprintf(vg_args, sizeof(vg_args), "VG_ARGS=%s", getenv("VG_ARGS"));
envp[envc ++] = vg_args;
}
if (getenv("LD_ASSUME_KERNEL") != NULL)
{
snprintf(ld_assume_kernel, sizeof(ld_assume_kernel), "LD_ASSUME_KERNEL=%s",
getenv("LD_ASSUME_KERNEL"));
envp[envc ++] = ld_assume_kernel;
}
if (getenv("LD_LIBRARY_PATH") != NULL)
{
snprintf(ld_library_path, sizeof(ld_library_path), "LD_LIBRARY_PATH=%s",
getenv("LD_LIBRARY_PATH"));
envp[envc ++] = ld_library_path;
}
if (getenv("LD_PRELOAD") != NULL)
{
snprintf(ld_preload, sizeof(ld_preload), "LD_PRELOAD=%s",
getenv("LD_PRELOAD"));
envp[envc ++] = ld_preload;
}
if (getenv("DYLD_LIBRARY_PATH") != NULL)
{
snprintf(dyld_library_path, sizeof(dyld_library_path), "DYLD_LIBRARY_PATH=%s",
getenv("DYLD_LIBRARY_PATH"));
envp[envc ++] = dyld_library_path;
}
if (getenv("SHLIB_PATH") != NULL)
{
snprintf(shlib_path, sizeof(shlib_path), "SHLIB_PATH=%s",
getenv("SHLIB_PATH"));
envp[envc ++] = shlib_path;
}
if (getenv("NLSPATH") != NULL)
{
snprintf(nlspath, sizeof(nlspath), "NLSPATH=%s", getenv("NLSPATH"));
envp[envc ++] = nlspath;
}
if (con->http.cookie)
{
snprintf(http_cookie, sizeof(http_cookie), "HTTP_COOKIE=%s",
con->http.cookie);
envp[envc ++] = http_cookie;
}
if (con->http.fields[HTTP_FIELD_USER_AGENT][0])
{
snprintf(http_user_agent, sizeof(http_user_agent), "HTTP_USER_AGENT=%s",
con->http.fields[HTTP_FIELD_USER_AGENT]);
envp[envc ++] = http_user_agent;
}
snprintf(script_name, sizeof(script_name), "SCRIPT_NAME=%s", con->uri);
if ((uriptr = strchr(script_name, '?')) != NULL)
*uriptr = '\0';
envp[envc ++] = script_name;
if (con->operation == HTTP_GET)
{
envp[envc ++] = "REQUEST_METHOD=GET";
if (query_string)
{
envp[envc ++] = query_string;
}
}
else
{
sprintf(content_length, "CONTENT_LENGTH=%d", con->bytes);
snprintf(content_type, sizeof(content_type), "CONTENT_TYPE=%s",
con->http.fields[HTTP_FIELD_CONTENT_TYPE]);
envp[envc ++] = "REQUEST_METHOD=POST";
envp[envc ++] = content_length;
envp[envc ++] = content_type;
}
if (con->http.encryption == HTTP_ENCRYPT_ALWAYS)
envp[envc ++] = "HTTPS=ON";
envp[envc ++] = (char *)encryptions[LocalEncryption];
envp[envc] = NULL;
if (LogLevel == L_DEBUG2)
{
for (i = 0; i < argc; i ++)
LogMessage(L_DEBUG2, "pipe_command: argv[%d] = \"%s\"", i, argv[i]);
for (i = 0; i < envc; i ++)
LogMessage(L_DEBUG2, "pipe_command: envp[%d] = \"%s\"", i, envp[i]);
}
if (cupsdOpenPipe(fds))
{
ClearString(&query_string);
LogMessage(L_ERROR, "Unable to create pipes for CGI %s - %s",
argv[0], strerror(errno));
return (0);
}
HoldSignals();
if ((pid = fork()) == 0)
{
if (!RunUser)
{
if (setgid(Group))
exit(errno);
if (setgroups(1, &Group))
exit(errno);
if (setuid(User))
exit(errno);
}
else
{
setgroups(1, &Group);
}
if (infile)
{
close(0);
if (dup(infile) < 0)
exit(errno);
}
close(1);
if (dup(fds[1]) < 0)
exit(errno);
close(2);
dup(CGIPipes[1]);
umask(077);
#ifdef HAVE_SIGSET
sigset(SIGTERM, SIG_DFL);
sigset(SIGCHLD, SIG_DFL);
#elif defined(HAVE_SIGACTION)
memset(&action, 0, sizeof(action));
sigemptyset(&action.sa_mask);
action.sa_handler = SIG_DFL;
sigaction(SIGTERM, &action, NULL);
sigaction(SIGCHLD, &action, NULL);
#else
signal(SIGTERM, SIG_DFL);
signal(SIGCHLD, SIG_DFL);
#endif
ReleaseSignals();
execve(command, argv, envp);
exit(errno);
return (0);
}
else if (pid < 0)
{
LogMessage(L_ERROR, "Unable to fork for CGI %s - %s", argv[0],
strerror(errno));
cupsdClosePipe(fds);
pid = 0;
}
else
{
AddCert(pid, con->username);
LogMessage(L_DEBUG, "CGI %s started - PID = %d", command, pid);
*outfile = fds[0];
close(fds[1]);
}
ReleaseSignals();
ClearString(&query_string);
return (pid);
}
#if defined(HAVE_CDSASSL)
static const char SecurityLibPath[] = "/System/Library/Frameworks/Security.framework/Security";
static
void cups_cdsa_once_init()
{
#ifdef HAVE_DLFCN_H
void *cdsa_lib = NULL;
cdsa_lib = dlopen(SecurityLibPath, RTLD_LAZY);
SSLCloseProc = dlsym(cdsa_lib, "SSLClose");
SSLDisposeContextProc = dlsym(cdsa_lib, "SSLDisposeContext");
SSLGetBufferedReadSizeProc = dlsym(cdsa_lib, "SSLGetBufferedReadSizeName");
SSLHandshakeProc = dlsym(cdsa_lib, "SSLHandshake");
SSLNewContextProc = dlsym(cdsa_lib, "SSLNewContext");
SSLReadProc = dlsym(cdsa_lib, "SSLRead");
SSLSetCertificateProc = dlsym(cdsa_lib, "SSLSetCertificate");
SSLSetConnectionProc = dlsym(cdsa_lib, "SSLSetConnection");
SSLSetEnableCertVerifyProc = dlsym(cdsa_lib, "SSLSetEnableCertVerify");
SSLSetIOFuncsProc = dlsym(cdsa_lib, "SSLSetIOFuncs");
SSLSetPeerDomainNameProc = dlsym(cdsa_lib, "SSLSetPeerDomainName");
SSLSetProtocolVersionProc = dlsym(cdsa_lib, "SSLSetProtocolVersionEnabled");
SSLWriteProc = dlsym(cdsa_lib, "SSLWrite");
SecIdentityGetTypeIDProc = dlsym(cdsa_lib, "SecIdentityGetTypeID");
SecIdentitySearchCopyNextProc = dlsym(cdsa_lib, "SecIdentitySearchCopyNext");
SecIdentitySearchCreateProc = dlsym(cdsa_lib, "SecIdentitySearchCreate");
SecKeychainOpenProc = dlsym(cdsa_lib, "SecKeychainOpen");
#else
SSLGetBufferedReadSizeProc = SSLGetBufferedReadSize;
SSLNewContextProc = SSLNewContext;
SSLSetIOFuncsProc = SSLSetIOFuncs;
SSLSetConnectionProc = SSLSetConnection;
SSLSetEnableCertVerifyProc = SSLSetEnableCertVerify;
SSLHandshakeProc = SSLHandshake;
SSLDisposeContextProc = SSLDisposeContext;
SSLCloseProc = SSLClose;
SSLReadProc = SSLRead;
SSLWriteProc = SSLWrite;
SecKeychainOpenProc = SecKeychainOpen;
SecIdentitySearchCreateProc = SecIdentitySearchCreate;
SecIdentitySearchCopyNextProc = SecIdentitySearchCopyNext;
#endif
}
void cupsd_cdsa_init(void)
{
pthread_once(&cdsa_key_once, cups_cdsa_once_init);
return;
}
static CFArrayRef
CDSAGetServerCerts(void)
{
OSStatus err;
SecKeychainRef kcRef;
SecIdentitySearchRef srchRef;
SecIdentityRef identity;
CFArrayRef ca;
kcRef = NULL;
srchRef = NULL;
identity = NULL;
ca = NULL;
cupsd_cdsa_init();
err = (*SecKeychainOpenProc)(ServerCertificate, &kcRef);
if (err)
LogMessage(L_ERROR, "Cannot open keychain \"%s\", error %d.",
ServerCertificate, (int)err);
else
{
err = (*SecIdentitySearchCreateProc)(kcRef, CSSM_KEYUSE_SIGN, &srchRef);
if (err)
LogMessage(L_DEBUG2,
"Cannot find signing key in keychain \"%s\", error %d",
ServerCertificate, (int)err);
else
{
err = (*SecIdentitySearchCopyNextProc)(srchRef, &identity);
if (err)
LogMessage(L_DEBUG2,
"Cannot find signing key in keychain \"%s\", error %d",
ServerCertificate, (int)err);
else
{
if (CFGetTypeID(identity) != (*SecIdentityGetTypeIDProc)())
LogMessage(L_ERROR, "SecIdentitySearchCopyNext CFTypeID failure!");
else
{
ca = CFArrayCreate(NULL, (const void **)&identity, 1, NULL);
if (ca == nil)
LogMessage(L_ERROR, "CFArrayCreate error");
}
}
}
}
return ca;
}
static OSStatus
CDSAReadFunc(SSLConnectionRef connection,
void *data,
size_t *dataLength)
{
ssize_t bytes;
bytes = recv((int)connection, data, *dataLength, 0);
if (bytes >= 0)
{
*dataLength = bytes;
return (0);
}
else
return (-1);
}
static OSStatus
CDSAWriteFunc(SSLConnectionRef connection,
const void *data,
size_t *dataLength)
{
ssize_t bytes;
bytes = write((int)connection, data, *dataLength);
if (bytes >= 0)
{
*dataLength = bytes;
return (0);
}
else
return (-1);
}
#endif