-const char cgi_rcs[] = "$Id: cgi.c,v 1.34 2001/10/18 22:22:09 david__schmidt Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.41 2002/01/17 20:56:22 jongfoster Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgi.c,v $
*
* Revisions :
* $Log: cgi.c,v $
+ * Revision 1.41 2002/01/17 20:56:22 jongfoster
+ * Replacing hard references to the URL of the config interface
+ * with #defines from project.h
+ *
+ * Revision 1.40 2002/01/09 14:26:46 oes
+ * Added support for thread-safe gmtime_r call.
+ *
+ * Revision 1.39 2001/11/16 00:48:13 jongfoster
+ * Fixing a compiler warning
+ *
+ * Revision 1.38 2001/11/13 00:31:21 jongfoster
+ * - Adding new CGIs for use by non-JavaScript browsers:
+ * edit-actions-url-form
+ * edit-actions-add-url-form
+ * edit-actions-remove-url-form
+ * - Fixing make_menu()'s HTML generation - it now quotes the href parameter.
+ * - Fixing || bug.
+ *
+ * Revision 1.37 2001/11/01 14:28:47 david__schmidt
+ * Show enablement/disablement status in almost all templates.
+ * There is a little trickiness here: apparent recursive resolution of
+ * @if-enabled-then@ caused the toggle template to show status out-of-phase with
+ * the actual enablement status. So a similar construct,
+ * @if-enabled-display-then@, is used to resolve the status display on non-'toggle'
+ * templates.
+ *
+ * Revision 1.36 2001/10/26 17:33:27 oes
+ * marginal bugfix
+ *
+ * Revision 1.35 2001/10/23 21:48:19 jongfoster
+ * Cleaning up error handling in CGI functions - they now send back
+ * a HTML error page and should never cause a FATAL error. (Fixes one
+ * potential source of "denial of service" attacks).
+ *
+ * CGI actions file editor that works and is actually useful.
+ *
+ * Ability to toggle JunkBuster remotely using a CGI call.
+ *
+ * You can turn off both the above features in the main configuration
+ * file, e.g. if you are running a multi-user proxy.
+ *
* Revision 1.34 2001/10/18 22:22:09 david__schmidt
* Only show "Local support" on templates conditionally:
* - if either 'admin-address' or 'proxy-info-url' are uncommented in config
- * - if not, no Local support section appears are removed automatically
+ * - if not, no Local support section appears
*
* Revision 1.33 2001/10/14 22:28:41 jongfoster
* Fixing stupid typo.
#ifdef FEATURE_CGI_EDIT_ACTIONS
#include "cgiedit.h"
#endif /* def FEATURE_CGI_EDIT_ACTIONS */
+#include "loadcfg.h"
+/* loadcfg.h is for g_bToggleIJB only */
const char cgi_h_rcs[] = CGI_H_VERSION;
{ "show-url-info",
cgi_show_url_info,
"Show which actions apply to a URL and why" },
-#ifdef FEATURE_CGI_EDIT_ACTIONS
{ "toggle",
cgi_toggle,
"Toggle JunkBuster on or off" },
+#ifdef FEATURE_CGI_EDIT_ACTIONS
{ "edit-actions",
cgi_edit_actions,
"Edit the actions list" },
-#endif /* def FEATURE_CGI_EDIT_ACTIONS */
-#ifdef FEATURE_CGI_EDIT_ACTIONS
+
+ { "eaa", /* Shortcut for edit-actions-add-url-form */
+ cgi_edit_actions_add_url_form,
+ NULL },
+ { "eau", /* Shortcut for edit-actions-url-form */
+ cgi_edit_actions_url_form,
+ NULL },
+ { "ear", /* Shortcut for edit-actions-remove-url-form */
+ cgi_edit_actions_remove_url_form,
+ NULL },
+ { "eas", /* Shortcut for edit-actions-for-url */
+ cgi_edit_actions_for_url,
+ NULL },
+ { "easa", /* Shortcut for edit-actions-section-add */
+ cgi_edit_actions_section_add,
+ NULL },
+ { "easr", /* Shortcut for edit-actions-section-remove */
+ cgi_edit_actions_section_remove,
+ NULL },
+ { "eass", /* Shortcut for edit-actions-section-swap */
+ cgi_edit_actions_section_swap,
+ NULL },
{ "edit-actions-for-url",
cgi_edit_actions_for_url,
NULL /* Edit the actions for (a) specified URL(s) */ },
{ "edit-actions-url",
cgi_edit_actions_url,
NULL /* Change a URL pattern in the actionsfile */ },
+ { "edit-actions-url-form",
+ cgi_edit_actions_url_form,
+ NULL /* Form to change a URL pattern in the actionsfile */ },
{ "edit-actions-add-url",
cgi_edit_actions_add_url,
NULL /* Add a URL pattern to the actionsfile */ },
+ { "edit-actions-add-url-form",
+ cgi_edit_actions_add_url_form,
+ NULL /* Form to add a URL pattern to the actionsfile */ },
{ "edit-actions-remove-url",
cgi_edit_actions_remove_url,
- NULL /* Add a URL pattern to the actionsfile */ },
- { "edit-actions-section-remove",
- cgi_edit_actions_section_remove,
- NULL /* Remove a section from the actionsfile */ },
+ NULL /* Remove a URL pattern from the actionsfile */ },
+ { "edit-actions-remove-url-form",
+ cgi_edit_actions_remove_url_form,
+ NULL /* Form to remove a URL pattern from the actionsfile */ },
{ "edit-actions-section-add",
cgi_edit_actions_section_add,
NULL /* Remove a section from the actionsfile */ },
+ { "edit-actions-section-remove",
+ cgi_edit_actions_section_remove,
+ NULL /* Remove a section from the actionsfile */ },
+ { "edit-actions-section-swap",
+ cgi_edit_actions_section_swap,
+ NULL /* Swap two sections in the actionsfile */ },
#endif /* def FEATURE_CGI_EDIT_ACTIONS */
{ "robots.txt",
cgi_robots_txt,
{ "send-banner",
cgi_send_banner,
NULL /* Send the transparent or \"Junkbuster\" gif */ },
+ { "t",
+ cgi_transparent_gif,
+ NULL /* Send a transparent gif (short name) */ },
{ NULL, /* NULL Indicates end of list and default page */
cgi_error_404,
NULL /* Unknown CGI page */ }
static struct http_response *dispatch_known_cgi(struct client_state * csp,
const char * path);
+static struct map *parse_cgi_parameters(char *argstring);
/*********************************************************************
*
* Function : dispatch_cgi
*
- * Description : Checks if a request URL has either the magical hostname
- * i.j.b or matches HOME_PAGE_URL/config/. If so, it passes
+ * Description : Checks if a request URL has either the magical
+ * hostname CGI_SITE_1_HOST (usully http://i.j.b/) or
+ * matches CGI_SITE_2_HOST CGI_SITE_2_PATH (usually
+ * http://ijbswa.sourceforge.net/config). If so, it passes
* the (rest of the) path onto dispatch_known_cgi, which
* calls the relevant CGI handler function.
*
* Should we intercept ?
*/
- /* Either the host matches CGI_PREFIX_HOST ..*/
- if ( (0 == strcmpic(host, CGI_PREFIX_HOST))
+ /* Note: "example.com" and "example.com." are equivalent hostnames. */
+
+ /* Either the host matches CGI_SITE_1_HOST ..*/
+ if ( ( (0 == strcmpic(host, CGI_SITE_1_HOST))
+ || (0 == strcmpic(host, CGI_SITE_1_HOST ".")))
&& (path[0] == '/') )
{
/* ..then the path will all be for us. Remove leading '/' */
path++;
}
- /* Or it's the host part HOME_PAGE_URL, and the path /config/ */
- else if ( (0 == strcmpic(host, HOME_PAGE_URL + 7 ))
- && (0 == strncmpic(path,"/config", 7)) )
+ /* Or it's the host part CGI_SITE_2_HOST, and the path CGI_SITE_2_PATH */
+ else if ( ( (0 == strcmpic(host, CGI_SITE_2_HOST ))
+ || (0 == strcmpic(host, CGI_SITE_2_HOST ".")) )
+ && (0 == strncmpic(path, CGI_SITE_2_PATH, strlen(CGI_SITE_2_PATH))) )
{
- /* take everything following "/config" */
- path += 7;
+ /* take everything following CGI_SITE_2_PATH */
+ path += strlen(CGI_SITE_2_PATH);
if (*path == '/')
{
- /* skip the forward slash after "/config" */
+ /* skip the forward slash after CGI_SITE_2_PATH */
path++;
}
else if (*path != '\0')
{
- /* wierdness: URL is /configXXX, where XXX is some string */
+ /*
+ * wierdness: URL is /configXXX, where XXX is some string
+ * Do *NOT* intercept.
+ */
return NULL;
}
}
return cgi_error_memory();
}
- err = map(exports, "host-html", 1, html_encode(csp->http->host), 0)
- || map(exports, "hostport", 1, csp->http->hostport, 1)
- || map(exports, "hostport-html", 1, html_encode(csp->http->hostport), 0)
- || map(exports, "path", 1, csp->http->path, 1)
- || map(exports, "path-html", 1, html_encode(csp->http->path), 0)
- || map(exports, "error", 1, safe_strerror(sys_err), 0)
- || map(exports, "host-ip", 1, csp->http->host_ip_addr_str, 1);
+ err = map(exports, "host", 1, html_encode(csp->http->host), 0);
+ if (!err) err = map(exports, "hostport", 1, html_encode(csp->http->hostport), 0);
+ if (!err) err = map(exports, "path", 1, html_encode(csp->http->path), 0);
+ if (!err) err = map(exports, "error", 1, html_encode_and_free_original(safe_strerror(sys_err)), 0);
+ if (!err) err = map(exports, "host-ip", 1, html_encode(csp->http->host_ip_addr_str), 0);
if (err)
{
current_time += time_offset;
/* get and save the gmt */
- t = gmtime(¤t_time);
+ {
+#ifdef HAVE_GMTIME_R
+ struct tm dummy;
+ t = gmtime_r(¤t_time, &dummy);
+#else
+ t = gmtime(¤t_time);
+#endif
+ }
/* Format: "Sun, 06 Nov 1994 08:49:37 GMT" */
snprintf(buf, 30,
{
rsp->content_length = rsp->body ? strlen(rsp->body) : 0;
}
- sprintf(buf, "Content-Length: %d", rsp->content_length);
- err = err || enlist(rsp->headers, buf);
+ if (!err)
+ {
+ sprintf(buf, "Content-Length: %d", rsp->content_length);
+ err = enlist(rsp->headers, buf);
+ }
/*
* Fill in the default headers:
*
* See http://www.w3.org/Protocols/rfc2068/rfc2068
*/
- err = err || enlist_unique(rsp->headers, "Content-Type: text/html", 13);
+ if (!err) err = enlist_unique(rsp->headers, "Content-Type: text/html", 13);
if (rsp->is_static)
{
* occasionally, e.g. if IJB gets upgraded.
*/
- get_http_time(0, buf);
- err = err || enlist_unique_header(rsp->headers, "Date", buf);
+ if (!err)
+ {
+ get_http_time(0, buf);
+ err = enlist_unique_header(rsp->headers, "Date", buf);
+ }
/* Some date in the past. */
- err = err || enlist_unique_header(rsp->headers, "Last-Modified", "Sat, 17 Jun 2000 12:00:00 GMT");
+ if (!err) err = enlist_unique_header(rsp->headers, "Last-Modified", "Sat, 17 Jun 2000 12:00:00 GMT");
- get_http_time(10 * 60, buf); /* 10 * 60sec = 10 minutes */
- err = err || enlist_unique_header(rsp->headers, "Expires", buf);
+ if (!err)
+ {
+ get_http_time(10 * 60, buf); /* 10 * 60sec = 10 minutes */
+ err = enlist_unique_header(rsp->headers, "Expires", buf);
+ }
}
else
{
* setting. However, to be certain, we also set both "Last-Modified"
* and "Expires" to the current time.
*/
- err = err || enlist_unique_header(rsp->headers, "Cache-Control", "no-cache");
+ if (!err) err = enlist_unique_header(rsp->headers, "Cache-Control", "no-cache");
+
get_http_time(0, buf);
- err = err || enlist_unique_header(rsp->headers, "Date", buf);
- err = err || enlist_unique_header(rsp->headers, "Last-Modified", buf);
- err = err || enlist_unique_header(rsp->headers, "Expires", buf);
+ if (!err) err = enlist_unique_header(rsp->headers, "Date", buf);
+ if (!err) err = enlist_unique_header(rsp->headers, "Last-Modified", buf);
+ if (!err) err = enlist_unique_header(rsp->headers, "Expires", buf);
}
/*********************************************************************
*
- * Function : fill_template
+ * Function : template_load
*
* Description : CGI support function that loads a given HTML
* template from the confdir, ignoring comment
return err;
}
+
/*********************************************************************
*
* Function : default_exports
struct map *default_exports(const struct client_state *csp, const char *caller)
{
char buf[20];
- int err = 0;
+ jb_err err;
struct map * exports;
int local_help_exists = 0;
return NULL;
}
-
- err = map(exports, "version", 1, VERSION, 1)
- || map(exports, "my-ip-address", 1, csp->my_ip_addr_str ? csp->my_ip_addr_str : "unknown", 1)
- || map(exports, "my-hostname", 1, csp->my_hostname ? csp->my_hostname : "unknown", 1)
- || map(exports, "homepage", 1, HOME_PAGE_URL, 1)
- || map(exports, "default-cgi", 1, HOME_PAGE_URL "/config", 1)
- || map(exports, "menu", 1, make_menu(caller), 0)
- || map(exports, "code-status", 1, CODE_STATUS, 1);
+ err = map(exports, "version", 1, html_encode(VERSION), 0);
+ if (!err) err = map(exports, "my-ip-address", 1, html_encode(csp->my_ip_addr_str ? csp->my_ip_addr_str : "unknown"), 0);
+ if (!err) err = map(exports, "my-hostname", 1, html_encode(csp->my_hostname ? csp->my_hostname : "unknown"), 0);
+ if (!err) err = map(exports, "homepage", 1, html_encode(HOME_PAGE_URL), 0);
+ if (!err) err = map(exports, "default-cgi", 1, html_encode(CGI_PREFIX), 0);
+ if (!err) err = map(exports, "menu", 1, make_menu(caller), 0);
+ if (!err) err = map(exports, "code-status", 1, CODE_STATUS, 1);
+ if (!err) err = map_conditional(exports, "enabled-display", g_bToggleIJB);
snprintf(buf, 20, "%d", csp->config->hport);
- err = err || map(exports, "my-port", 1, buf, 1);
+ if (!err) err = map(exports, "my-port", 1, buf, 1);
if(!strcmp(CODE_STATUS, "stable"))
{
- err = err || map_block_killer(exports, "unstable");
+ if (!err) err = map_block_killer(exports, "unstable");
}
- if(csp->config->admin_address != NULL)
+ if (csp->config->admin_address != NULL)
{
- err = err || map(exports, "admin-address", 1, csp->config->admin_address, 1);
+ if (!err) err = map(exports, "admin-address", 1, html_encode(csp->config->admin_address), 0);
local_help_exists = 1;
}
else
{
- err = err || map_block_killer(exports, "have-adminaddr-info");
+ if (!err) err = map_block_killer(exports, "have-adminaddr-info");
}
- if(csp->config->proxy_info_url != NULL)
+ if (csp->config->proxy_info_url != NULL)
{
- err = err || map(exports, "proxy-info-url", 1, csp->config->proxy_info_url, 1);
+ if (!err) err = map(exports, "proxy-info-url", 1, html_encode(csp->config->proxy_info_url), 0);
local_help_exists = 1;
}
else
{
- err = err || map_block_killer(exports, "have-proxy-info");
- }
+ if (!err) err = map_block_killer(exports, "have-proxy-info");
+ }
if (local_help_exists == 0)
{
- err = err || map_block_killer(exports, "have-help-info");
+ if (!err) err = map_block_killer(exports, "have-help-info");
}
if (err)
}
+/*********************************************************************
+ *
+ * Function : map_block_keep
+ *
+ * Description : Convenience function. Removes the markers used
+ * by map-block-killer, to save a few bytes.
+ * i.e. removes "@if-<name>-start@" and "@if-<name>-end@"
+ *
+ * Parameters :
+ * 1 : exports = map to extend
+ * 2 : name = name of conditional block
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory error.
+ *
+ *********************************************************************/
+jb_err map_block_keep(struct map *exports, const char *name)
+{
+ jb_err err;
+ char buf[500]; /* Will do, since the names are hardwired */
+
+ assert(exports);
+ assert(name);
+ assert(strlen(name) < 490);
+
+ snprintf(buf, 500, "if-%s-start", name);
+ err = map(exports, buf, 1, "", 1);
+
+ if (err)
+ {
+ return err;
+ }
+
+ snprintf(buf, 500, "if-%s-end", name);
+ return map(exports, buf, 1, "", 1);
+}
+
+
/*********************************************************************
*
* Function : map_conditional
*
* Parameters : self = name of CGI to leave out, can be NULL
*
- * Returns : menu string
+ * Returns : menu string, or NULL on out-of-memory error.
*
*********************************************************************/
char *make_menu(const char *self)
{
const struct cgi_dispatcher *d;
- char buf[BUFFER_SIZE];
- char *result = NULL;
+ char *result = strdup("");
if (self == NULL)
{
{
if (d->description && strcmp(d->name, self))
{
- snprintf(buf, BUFFER_SIZE, "<li><a href=%s/config/%s>%s</a></li>\n",
- HOME_PAGE_URL, d->name, d->description);
- result = strsav(result, buf);
+ string_append(&result, "<li><a href=\"" CGI_PREFIX);
+ string_append(&result, d->name);
+ string_append(&result, "\">");
+ string_append(&result, d->description);
+ string_append(&result, "</a></li>\n");
}
}
- return(result);
+ return result;
}
*********************************************************************/
char *dump_map(const struct map *the_map)
{
- struct map_entry *cur_entry = the_map->first;
- char *ret = NULL;
+ struct map_entry *cur_entry;
+ char *ret = strdup("");
- ret = strsav(ret, "<table>\n");
+ string_append(&ret, "<table>\n");
- while (cur_entry)
+ for (cur_entry = the_map->first;
+ (cur_entry != NULL) && (ret != NULL);
+ cur_entry = cur_entry->next)
{
- ret = strsav(ret, "<tr><td><b>");
- ret = strsav(ret, cur_entry->name);
- ret = strsav(ret, "</b></td><td>");
- ret = strsav(ret, cur_entry->value);
- ret = strsav(ret, "</td></tr>\n");
- cur_entry = cur_entry->next;
+ string_append(&ret, "<tr><td><b>");
+ string_join (&ret, html_encode(cur_entry->name));
+ string_append(&ret, "</b></td><td>");
+ string_join (&ret, html_encode(cur_entry->value));
+ string_append(&ret, "</td></tr>\n");
}
- ret = strsav(ret, "</table>\n");
- return(ret);
-
+ string_append(&ret, "</table>\n");
+ return ret;
}