/* * This file is a part of Winix * and is not publicly distributed * * Copyright (c) 2010-2013, Tomasz Sowa * All rights reserved. * */ #include #include #include #include #include #include #include #include #include #include #include "app.h" #include "plugin.h" #include "misc.h" #include "functions/functions.h" #include "utf8/utf8.h" App::App() { stdout_is_closed = false; last_sessions_save = std::time(0); fcgi_socket = -1; // temporary there is only one request cur.request = &req; cur.session = session_manager.GetTmpSession(); cur.mount = system.mounts.GetEmptyMount(); db.SetConn(db_conn); plugin.SetDb(&db); plugin.SetConfig(&config); plugin.SetCur(&cur); plugin.SetSystem(&system); plugin.SetFunctions(&functions); plugin.SetTemplates(&templates); plugin.SetSynchro(&synchro); plugin.SetSessionManager(&session_manager); req.SetConfig(&config); functions.SetConfig(&config); functions.SetCur(&cur); functions.SetDb(&db); functions.SetSystem(&system); functions.SetTemplates(&templates); functions.SetSynchro(&synchro); functions.SetSessionManager(&session_manager); system.SetConfig(&config); system.SetCur(&cur); system.SetDb(&db); system.SetSynchro(&synchro); system.SetFunctions(&functions); system.SetSessionManager(&session_manager); templates.SetConfig(&config); templates.SetCur(&cur); templates.SetDb(&db); templates.SetSystem(&system); templates.SetFunctions(&functions); templates.SetSessionManager(&session_manager); session_manager.SetLastContainer(&system.users.last); session_manager.SetConfig(&config); session_manager.SetCur(&cur); session_manager.SetSystem(&system); session_manager.SetSynchro(&synchro); post_multi_parser.SetConfig(&config); slog.SetCur(&cur); slog.SetLocale(&TemplatesFunctions::locale); } bool App::InitFCGI() { const char * sock = config.fcgi_socket.c_str(); unlink(sock); fcgi_socket = FCGX_OpenSocket(sock, 100); // !! dodac 100 do konfiga if( fcgi_socket < 0 ) { log << log1 << "App: An error during creating a fcgi socket" << logend; return false; } log << log3 << "App: FastCGI socket number: " << fcgi_socket << logend; chmod(sock, config.fcgi_socket_chmod); passwd * pw = getpwnam(config.fcgi_socket_user.c_str()); if( !pw ) { log << log1 << "App: there is no user: " << config.fcgi_socket_user << logend; return false; } group * gr = getgrnam(config.fcgi_socket_group.c_str()); if( !gr ) { log << log1 << "App: there is no group: " << config.fcgi_socket_group << logend; return false; } chown(sock, pw->pw_uid, gr->gr_gid); if( FCGX_Init() != 0 ) { log << log1 << "App: FCGX_Init fails" << logend; return false; } if( FCGX_InitRequest(&fcgi_request, fcgi_socket, FCGI_FAIL_ACCEPT_ON_INTR) != 0 ) { log << log1 << "App: FCGX_InitRequest fails" << logend; return false; } return true; } bool App::Init() { db_conn.SetConnParam(config.db_database, config.db_user, config.db_pass); db_conn.WaitForConnection(); db.LogQueries(config.log_db_query); cur.request->Clear(); compress.Init(); system.Init(); functions.Init(); templates.Init(); // init templates after functions are created // init notify after templates (it uses locales from templates) system.notify.ReadTemplates(); session_manager.InitBanList(); session_manager.InitTmpSession(); session_manager.LoadSessions(); CreateStaticTree(); post_parser.UTF8(config.utf8); post_parser.LogValueSize(config.log_post_value_size); // post_multi_parser has a pointer to the config cookie_parser.UTF8(config.utf8); plugin.Call((Session*)0, WINIX_PLUGIN_INIT); return true; } void App::Close() { session_manager.SaveSessions(); session_manager.DeleteSessions(); cur.request->Clear(); session_manager.UninitTmpSession(); } void App::BaseUrlRedirect(int code, bool add_subdomain) { system.PutUrlProto(config.use_ssl, cur.request->redirect_to); if( add_subdomain && !cur.request->subdomain.empty() ) { cur.request->redirect_to += cur.request->subdomain; cur.request->redirect_to += '.'; } cur.request->redirect_to += config.base_url; AssignString(cur.request->env_request_uri, cur.request->redirect_to, false); // cur.request->env_request_uri should not be UrlEncoded because it contains slashes cur.request->redirect_type = code; } bool App::BaseUrlRedirect() { plugin.Call((Session*)0, WINIX_BASE_URL_REDIRECT); if( !cur.request->redirect_to.empty() ) return true; if( !config.base_url_redirect ) return false; if( config.base_url.empty() ) return false; if( cur.request->method == Request::post ) return false; if( Equal(config.base_url.c_str(), cur.request->env_http_host) ) return false; BaseUrlRedirect(config.base_url_redirect_code, false); log << log3 << "App: BaseUrlRedirect from: " << cur.request->env_http_host << logend; return true; } void App::CheckIfNeedSSLredirect() { if( cur.request->method == Request::post ) { // something comes via POST, don't do the redirect because you lose the date return; } if( config.use_ssl ) { if( !cur.request->using_ssl ) { if( !config.use_ssl_only_for_logged_users || cur.session->puser || (cur.request->function && cur.request->function->need_ssl) ) { log << log3 << "App: this operation should be used through SSL" << logend; BaseUrlRedirect(config.use_ssl_redirect_code, true); } } } else { if( cur.request->using_ssl ) { log << log3 << "App: this operation should NOT be used through SSL" << logend; BaseUrlRedirect(config.use_ssl_redirect_code, true); } } } void App::SetLocale() { size_t locale_id; if( cur.session->puser ) { locale_id = cur.session->puser->locale_id; if( !TemplatesFunctions::locale.HasLanguage(locale_id) ) locale_id = config.locale_default_id; } else { locale_id = config.locale_default_id; } TemplatesFunctions::locale.SetCurLang(locale_id); } bool App::CheckAccessFromPlugins() { PluginRes res = plugin.Call(WINIX_CHECK_PLUGIN_ACCESS); if( res.res_false > 0 ) { cur.request->status = WINIX_ERR_PERMISSION_DENIED; log << log2 << "App: access prevented by a plugin" << logend; return false; } return true; } void App::ProcessRequestThrow() { ReadRequest(); // when BaseUrlRedirect() return true we didn't have to set everything in cur.request->Read() // in the future cur.request->Read() can be split and at the beginning only environment variables will be read // and then BaseUrlRedirect() will be called (for performance) if( !BaseUrlRedirect() ) { session_manager.SetSession(); cur.session = session_manager.GetCurSession(); SetLocale(); if( cur.session->new_session ) { cur.session->plugin_data.Resize(plugin.Size()); plugin.Call(WINIX_SESSION_CREATED); } plugin.Call(WINIX_SESSION_CHANGED); functions.Parse(); // parsing directories,files,functions and parameters cur.mount = system.mounts.CalcCurMount(); if( cur.mount->type != system.mounts.MountTypeStatic() ) Make(); } SendAnswer(); } void App::ProcessRequest() { try { cur.request->RequestStarts(); system.load_avg.StartRequest(); log << log2 << config.log_delimiter << logend; ProcessRequestThrow(); SaveSessionsIfNeeded(); // !! przerzucic to na watek sesji system.load_avg.StopRequest(); } catch(const std::exception & e) { log << log1 << "App: there was an exception: std::exception: " << e.what() << logend; } catch(const Error & e) { log << log1 << "App: there was an exception: Error: " << e << logend; } catch(...) { log << log1 << "App: there was an unknown exception" << logend; } try { plugin.Call(WINIX_END_REQUEST); } catch(...) { log << log1 << "App: an exception when clearing after a request (exception from a plugin)" << logend; } // simple operations which should not throw an exception templates.RequestEnd(); cur.request->Clear(); cur.session->ClearOnEndRequest(); cur.session = session_manager.GetTmpSession(); log << logendrequest; } void App::Start() { while( !synchro.was_stop_signal && FCGX_Accept_r(&fcgi_request) == 0 ) { Lock(); if( !synchro.was_stop_signal ) ProcessRequest(); Unlock(); } } void App::SaveSessionsIfNeeded() { time_t t = std::time(0); if( last_sessions_save + 86400 > t ) return; // saving once a day for safety last_sessions_save = t; session_manager.SaveSessions(); } void App::CreateJSONAnswer() { Request & req = *cur.request; json_out_stream.Clear(); if( !req.return_info_only ) { json_out_stream << L"{\n"; for(size_t i=1 ; iSerialize(req.info, json_out_stream, true); } else { json_out_stream << L"{}"; log << log1 << "App: Request::info_serializer not defined" << logend; } log << log3 << "App: sending JSON answer"; if( !req.return_info_only ) json_out_stream << L"}\n"; else log << " (Request::info only)"; log << logend; } // !! zmienic na lepsza nazwe void App::MakePage() { bool sent = false; if( cur.request->page_generated || !cur.request->redirect_to.empty() || !cur.request->x_sendfile.empty() ) return; templates.SetEzcParameters( cur.request->gen_trim_white, cur.request->gen_skip_new_line, cur.request->gen_use_special_chars); if( cur.request->is_item && cur.request->item.file_type == WINIX_ITEM_FILETYPE_NONE && cur.request->item.content_type == Item::ct_raw && cur.request->status == WINIX_ERR_OK && cur.request->function ) { if( cur.request->function == &functions.fun_cat ) { cur.request->out_streams[0] << cur.request->item.content; // !! CHECK ME is it ok? sent = true; } else if( cur.request->function == &functions.fun_run ) { templates.GenerateRunRaw(); sent = true; } } if( !sent ) { templates.Generate(); } if( cur.request->return_json ) { CreateJSONAnswer(); } } void App::CheckPostRedirect() { if( cur.request->method == Request::post ) { if( cur.request->IsParam(L"postredirect") ) { cur.request->redirect_to = cur.request->ParamValue(L"postredirect"); cur.request->redirect_type = 303; } else if( cur.request->IsPostVar(L"postredirect") ) { cur.request->redirect_to = cur.request->PostVar(L"postredirect"); cur.request->redirect_type = 303; } } } // zmienic nazwe np na ProcessRequest // !! ta nazwa chyba juz zajeta... // !! IMPROVE ME need some refactoring void App::Make() { if( cur.request->dir_tab.empty() ) { log << log1 << "App: there is no a root dir (dir_tab is empty)" << logend; return; } if( cur.request->ParamValue(L"reqtype") == L"json" ) cur.request->return_json = true; if( cur.session->ip_ban && cur.session->ip_ban->IsIPBanned() ) { PT::Date date(cur.session->ip_ban->expires); log << log2 << "App: this IP address is banned until to: " << date << " UTC" << logend; slog << logerror << T("this_ip_is_banned_until") << ' ' << date << " UTC" << logend; cur.request->status = WINIX_ERR_PERMISSION_DENIED; } // cur.request->status can be changed by function_parser if( cur.request->status == WINIX_ERR_OK ) plugin.Call(WINIX_PREPARE_REQUEST); if( cur.request->status == WINIX_ERR_OK ) functions.CheckFunctionAndSymlink(); CheckAccessFromPlugins(); // !! CHECK ME CheckFunctionAndSymlink can set redirect_to // may it should be tested before calling CheckIfNeedSSLredirect? CheckIfNeedSSLredirect(); if( !cur.request->redirect_to.empty() ) return; if( cur.request->status == WINIX_ERR_OK ) functions.MakeFunction(); if( cur.session->spam_score > 0 ) log << log1 << "App: spam score: " << cur.session->spam_score << logend; if( cur.request->IsParam(L"noredirect") ) cur.request->redirect_to.clear(); if( cur.request->status == WINIX_ERR_OK ) plugin.Call(WINIX_PROCESS_REQUEST); CheckPostRedirect(); if( !cur.request->redirect_to.empty() ) return; if( cur.request->dir_tab.empty() ) { log << log1 << "App: there is no a root dir (dir_tab is empty -- after calling a function)" << logend; return; } if( !cur.request->info_serializer ) { json_generic_serializer.Clear(); // !! IMPROVE ME add to the end of a request cur.request->info_serializer = &json_generic_serializer; } plugin.Call(WINIX_CONTENT_MAKE); MakePage(); } void App::LogEnvironmentVariables() { for(char ** e = fcgi_request.envp ; *e ; ++e ) log << log1 << "Env: " << *e << logend; } void App::ReadRequest() { ReadEnvVariables(); CheckRequestMethod(); CheckSSL(); SetSubdomain(); LogAccess(); ReadGetPostVars(); cookie_parser.Parse(cur.request->env_http_cookie, cur.request->cookie_tab); accept_encoding_parser.ParseAndLog(cur.request->env_http_accept_encoding); if( config.log_env_variables ) LogEnvironmentVariables(); CheckIE(); CheckKonqueror(); if( cur.request->using_ssl ) log << log3 << "App: connection secure through SSL" << logend; } void App::SetEnv(const char * & env, const char * name) { const char * v = FCGX_GetParam(name, fcgi_request.envp); if( v ) env = v; // by default env is set to an empty string (in cur.request->Clear() method) } void App::ReadEnvVariables() { // we store that values because FCGX_GetParam has O(n) complexity // with this variables (env_*) we have O(1) SetEnv(cur.request->env_request_method, "REQUEST_METHOD"); // !! mozna nie uzywac tego, teraz mamy w strukturze fcgi_request SetEnv(cur.request->env_request_uri, "REQUEST_URI"); SetEnv(cur.request->env_http_cookie, "HTTP_COOKIE"); SetEnv(cur.request->env_remote_addr, "REMOTE_ADDR"); SetEnv(cur.request->env_http_host, "HTTP_HOST"); SetEnv(cur.request->env_http_user_agent, "HTTP_USER_AGENT"); SetEnv(cur.request->env_fcgi_role, "FCGI_ROLE"); SetEnv(cur.request->env_content_type, "CONTENT_TYPE"); SetEnv(cur.request->env_http_accept_encoding, "HTTP_ACCEPT_ENCODING"); SetEnv(cur.request->env_https, "HTTPS"); cur.request->ip = (int)inet_addr(cur.request->env_remote_addr); } void App::CheckRequestMethod() { cur.request->method = Request::unknown_method; if( ToSmall(cur.request->env_request_method[0]) == 'g' ) cur.request->method = Request::get; else if( ToSmall(cur.request->env_request_method[0]) == 'p' ) cur.request->method = Request::post; else if( ToSmall(cur.request->env_request_method[0]) == 'h' ) cur.request->method = Request::head; } void App::CheckSSL() { // !! CHECK ME // value "on" exists in lighttpd server // make sure that for other servers is "on" too if( EqualNoCase(cur.request->env_https, "on") ) cur.request->using_ssl = true; } void App::SetSubdomain() { CreateSubdomain(config.base_url.c_str(), cur.request->env_http_host, cur.request->subdomain); } void App::LogAccess() { log << log1; log.PrintDate(cur.request->start_date, config.log_time_zone_id); log << ' ' << cur.request->env_remote_addr << ' ' << cur.request->env_request_method << ' ' << cur.request->env_http_host << cur.request->env_request_uri << ' ' << cur.request->env_http_user_agent << logend; if( !cur.request->subdomain.empty() ) log << log3 << "Subdomain: " << cur.request->subdomain << logend; } void App::ReadGetPostVars() { // get parameters we have always //get_parser.Parse(cur.request->env_request_uri, cur.request->get_tab); if( cur.request->method == Request::post ) { if( IsSubStringNoCase("multipart/form-data", cur.request->env_content_type) ) { log << log3 << "App: post content type: multipart/form-data" << logend; post_multi_parser.Parse(fcgi_request.in, cur.request->post_tab, cur.request->post_file_tab); } else { post_parser.Parse(fcgi_request.in, cur.request->post_tab); } } } void App::CheckIE() { char * msie = strstr(cur.request->env_http_user_agent, "MSIE"); if( msie ) cur.request->browser_msie = true; else cur.request->browser_msie = false; } void App::CheckKonqueror() { char * kon = strstr(cur.request->env_http_user_agent, "Konqueror"); if( kon ) cur.request->browser_konqueror = true; else cur.request->browser_konqueror = false; } void App::PrepareSessionCookie() { if( !cur.session || cur.session->id==0 ) return; if( !cur.session->puser || !cur.session->remember_me ) { cur.request->AddCookie(config.http_session_id_name, cur.session->id); } else { PT::Date expires = cur.request->start_time + config.session_remember_max_idle; cur.request->AddCookie(config.http_session_id_name, cur.session->id, expires); } } bool App::PrepareHeadersStaticCreateResource(PT::WTextStream & out_path) { size_t i = 0; Item * dir = system.dirs.GetDir(system.mounts.pmount->dir_id); if( !dir ) { log << log1 << "App: cannot find the mount directory" << logend; return false; } size_t how_many_dirs = system.dirs.DirLevel(dir->id); const char * path = SkipDirs(cur.request->env_request_uri, how_many_dirs); // the path begins with a slash only if how_many_dirs is zero while( *path == '/' ) path += 1; while( path[i]!=0 && path[i]!='?' && path[i]!='#' ) ++i; if( i > 0 ) out_path.write(path, i); return true; } void App::PrepareHeadersStatic() { if( PathHasUpDir(cur.request->env_request_uri) ) { log << log1 << "App: incorrect path for a static file" << logend; PrepareHeadersForbidden(); return; } const std::wstring & index_str = system.mounts.pmount->FirstArg(system.mounts.MountParStatic()); size_t index = Toi(index_str); if( index >= config.static_dirs.size() ) { log << log1 << "App: static dir with index " << index << " is not defined in the config" << logend; PrepareHeadersForbidden(); return; } PT::WTextStream path; path << config.static_dirs[index] << L"/"; if( !PrepareHeadersStaticCreateResource(path) ) { PrepareHeadersForbidden(); return; } cur.request->out_headers.Add(config.http_header_send_file, path); cur.request->out_headers.Add(L"Status", L"200 OK"); log << log2 << "App: sending a file from a static mountpoint: " << path << logend; } void App::PrepareHeaderContentType() { std::wstring * value = 0; if( cur.request->return_json ) { value = &cur.request->out_headers.Add(L"Content-Type", L"application/json"); } else { switch( config.content_type_header ) { case 1: value = &cur.request->out_headers.Add(L"Content-Type", L"application/xhtml+xml"); break; case 2: value = &cur.request->out_headers.Add(L"Content-Type", L"application/xml"); break; case 0: default: value = &cur.request->out_headers.Add(L"Content-Type", L"text/html"); } } if( value && config.utf8 ) *value += L"; charset=UTF-8"; } void App::PrepareHeadersForbidden() { cur.request->out_headers.Add(L"Status", L"403 Forbidden"); PrepareHeaderContentType(); } void App::PrepareHeadersRedirect() { switch(cur.request->redirect_type) { case 300: cur.request->out_headers.Add(L"Status", L"300 Multiple Choices"); break; case 301: cur.request->out_headers.Add(L"Status", L"301 Moved Permanently"); break; case 302: cur.request->out_headers.Add(L"Status", L"302 Found"); break; case 307: cur.request->out_headers.Add(L"Status", L"307 Temporary Redirect"); break; case 303: default: cur.request->out_headers.Add(L"Status", L"303 See Other"); break; } cur.request->out_headers.Add(L"Location", cur.request->redirect_to); log << log2 << "App: redirect to: " << cur.request->redirect_to << logend; } void App::PrepareHeadersSendFile() { cur.request->out_headers.Add(L"Status", L"200 OK"); cur.request->out_headers.Add(config.http_header_send_file, cur.request->x_sendfile); log << log2 << "App: sending file: " << cur.request->x_sendfile << logend; } void App::PrepareHeadersCompression(int compress_encoding) { if( compress_encoding == 0 || compress_encoding == 1 ) cur.request->out_headers.Add(L"Content-Encoding", L"deflate"); else cur.request->out_headers.Add(L"Content-Encoding", L"gzip"); } void App::PrepareHeadersNormal(Header header) { switch( header ) { case h_404: cur.request->out_headers.Add(L"Status", L"404 Not Found"); PrepareHeaderContentType(); break; case h_403: PrepareHeadersForbidden(); break; default: cur.request->out_headers.Add(L"Status", L"200 OK"); PrepareHeaderContentType(); } } // we can improve SendHeaders and SendCookies methods by checking // whether there is a new line character in either a name or a value // and if such character exists and is being sent to the client it breaks the http headers and content // and if compression is enabled the client's browser will not be able to decompress the stream void App::SendHeaders() { PT::Space::TableSingle::iterator i; PT::Space & headers = cur.request->out_headers; plugin.Call(WINIX_PREPARE_TO_SEND_HTTP_HEADERS, &headers); for(i=headers.table_single.begin() ; i != headers.table_single.end() ; ++i) { PT::WideToUTF8(i->first, aheader_name); PT::WideToUTF8(i->second, aheader_value); FCGX_PutS(aheader_name.c_str(), fcgi_request.out); FCGX_PutS(": ", fcgi_request.out); FCGX_PutS(aheader_value.c_str(), fcgi_request.out); FCGX_PutS("\r\n", fcgi_request.out); if( config.log_http_answer_headers ) log << "HTTP Header: " << aheader_name << ": " << aheader_value << logend; } } void App::SendCookies() { PT::Space::TableSingle::iterator i; PT::Space & cookies = cur.request->out_cookies; plugin.Call(WINIX_PREPARE_TO_SEND_HTTP_COOKIES, &cookies); for(i=cookies.table_single.begin() ; i != cookies.table_single.end() ; ++i) { PT::WideToUTF8(i->first, aheader_name); PT::WideToUTF8(i->second, aheader_value); FCGX_PutS("Set-Cookie: ", fcgi_request.out); FCGX_PutS(aheader_name.c_str(), fcgi_request.out); FCGX_PutS("=", fcgi_request.out); FCGX_PutS(aheader_value.c_str(), fcgi_request.out); FCGX_PutS("\r\n", fcgi_request.out); if( config.log_http_answer_headers ) log << "HTTP Header: " << "Set-Cookie: " << aheader_name << "=" << aheader_value << logend; } } void App::PrepareHeaders(bool compressing, int compress_encoding, Header header) { PrepareSessionCookie(); if( cur.request->send_as_attachment ) cur.request->out_headers.Add(L"Content-Disposition", L"attachment"); if( !cur.request->redirect_to.empty() ) { PrepareHeadersRedirect(); } else if( system.mounts.pmount->type == system.mounts.MountTypeStatic() ) { PrepareHeadersStatic(); } else if( !cur.request->x_sendfile.empty() ) { PrepareHeadersSendFile(); } else { PrepareHeadersNormal(header); } if( compressing ) PrepareHeadersCompression(compress_encoding); } void App::FilterCompressSend(bool compressing, int compress_encoding, const std::wstring & source_ref) { const std::wstring * source = &source_ref; bool raw = cur.request->is_item && cur.request->item.content_type == Item::ct_raw && cur.request->status == WINIX_ERR_OK && cur.request->function && (cur.request->function == &functions.fun_cat || cur.request->function == &functions.fun_run); if( config.html_filter && cur.request->use_html_filter && !raw && !cur.request->return_json ) { TemplatesFunctions::html_filter.Filter(*source, clean_html); source = &clean_html; } else { html_with_debug = *source; source = &html_with_debug; } if( config.utf8 ) PT::WideToUTF8(*source, source_a); else AssignString(*source, source_a); // !! IMPROVE ME add to log the binary stream as well if( config.log_server_answer ) log << log1 << "App: the server's answer is:\n" << source_a << "\nApp: end of the server's answer" << logend; if( compressing ) compress.CompressAndPut(source_a.c_str(), source_a.length(), fcgi_request.out, compress_encoding); else FCGX_PutS(source_a.c_str(), fcgi_request.out); if( cur.request->return_json ) json_out_stream.Clear(); } int App::SelectDeflateVersion() { if( cur.request->browser_msie ) return 0; // raw deflate else return 1; // deflate } void App::SelectCompression(size_t source_len, bool & compression_allowed, int & compression_encoding) { compression_allowed = false; compression_encoding = 0; if( config.compression && cur.request->redirect_to.empty() && cur.request->x_sendfile.empty() && !cur.request->browser_konqueror && /* !! sprawdzic czy Konqueror bedzie obslugiwal raw deflate */ source_len >= config.compression_page_min_size ) { if( config.compression_encoding == 1 || config.compression_encoding == 10 ) { if( accept_encoding_parser.AcceptDeflate() ) { compression_allowed = true; compression_encoding = SelectDeflateVersion(); } else if( config.compression_encoding == 10 && accept_encoding_parser.AcceptGzip() ) { compression_allowed = true; compression_encoding = 2; // gzip } } if( config.compression_encoding == 2 || config.compression_encoding == 20 ) { if( accept_encoding_parser.AcceptGzip() ) { compression_allowed = true; compression_encoding = 2; // gzip } else if( config.compression_encoding == 20 && accept_encoding_parser.AcceptDeflate() ) { compression_allowed = true; compression_encoding = SelectDeflateVersion(); } } } } bool App::CanSendContent(Header header) { if( !cur.request->redirect_to.empty() || !cur.request->x_sendfile.empty() ) // if there is a redirect or a file to send then we do not send a content return false; /* we don't have to check the HEAD method the server (lighttpd) doesn't send the body of its own */ if( cur.request->method == Request::head ) return false; return true; } void App::SendTextAnswer() { const std::wstring * source; Header header = h_200; Error status = cur.request->status; bool compressing; int compress_encoding; if( cur.request->return_json ) source = &json_out_stream.Str(); else source = &cur.request->out_streams[0].Str(); SelectCompression(source->length(), compressing, compress_encoding); if( status == WINIX_ERR_NO_ITEM || status == WINIX_ERR_NO_FUNCTION || status == WINIX_ERR_UNKNOWN_PARAM ) { header = h_404; log << log2 << "App: http response: 404 Not Found" << logend; } if( status == WINIX_ERR_PERMISSION_DENIED || status == WINIX_ERR_CANT_CHANGE_USER || status == WINIX_ERR_CANT_CHANGE_GROUP ) { header = h_403; log << log2 << "App: http response: 403 Forbidden" << logend; } if( cur.request->use_200_status_for_not_found_and_permission_denied && (header == h_404 || header == h_403) ) { log << log3 << "App: changing the http response to: 200 OK" << logend; header = h_200; } PrepareHeaders(compressing, compress_encoding, header); SendHeaders(); SendCookies(); FCGX_PutS("\r\n", fcgi_request.out); if( CanSendContent(header) ) { // filtering (html), compressing and sending back to the web browser FilterCompressSend(compressing, compress_encoding, *source); } } void App::SendData(const BinaryPage & page, FCGX_Stream * out) { const size_t buf_size = 4096; if( send_data_buf.size() != buf_size ) send_data_buf.resize(buf_size); BinaryPage::const_iterator i = page.begin(); BinaryPage::const_iterator end = page.end(); while( i != end ) { size_t s = 0; for( ; i != end && s < buf_size ; ++i, ++s) send_data_buf[s] = *i; if( s > 0 ) FCGX_PutStr(send_data_buf.c_str(), s, out); } } void App::SendBinaryAnswer() { BinaryPage & source = cur.request->out_bin_stream; Header header = h_200; Error status = cur.request->status; bool compressing; int compress_encoding; SelectCompression(source.size(), compressing, compress_encoding); if( status == WINIX_ERR_NO_ITEM || status == WINIX_ERR_NO_FUNCTION || status == WINIX_ERR_UNKNOWN_PARAM ) header = h_404; if( status == WINIX_ERR_PERMISSION_DENIED || status == WINIX_ERR_CANT_CHANGE_USER || status == WINIX_ERR_CANT_CHANGE_GROUP ) header = h_403; // !! IMPROVE ME add header: content-size PrepareHeaders(compressing, compress_encoding, header); if( CanSendContent(header) ) { if( compressing ) { out_bin_stream_compressed.clear(); // !! IMPROVE ME add to the end of a request compress.Compressing(source, out_bin_stream_compressed, compress_encoding); SendData(out_bin_stream_compressed, fcgi_request.out); out_bin_stream_compressed.clear(); } else { SendData(source, fcgi_request.out); } } } void App::SendAnswer() { if( cur.request->send_bin_stream ) SendBinaryAnswer(); else SendTextAnswer(); } void App::LogUser(const char * msg, uid_t id) { log << log3 << msg << " "; passwd * p = getpwuid(id); if( p ) log << p->pw_name; else log << (int)id; log << logend; } void App::LogGroup(const char * msg, gid_t id, bool put_logend) { log << log3 << msg << " "; group * g = getgrgid(id); if( g ) log << g->gr_name; else log << (int)id; if( put_logend ) log << logend; } void App::LogUsers() { uid_t eid, rid; eid = geteuid(); rid = getuid(); if( eid == rid ) { LogUser("App: effective/real user:", eid); } else { LogUser("App: effective user:", eid); LogUser("App: real user:", rid); } } void App::LogEffectiveGroups(std::vector & tab) { log << log3 << "App: effective groups:"; for(size_t i=0 ; i tab; gid_t rgid; int len; rgid = getgid(); len = getgroups(0, 0); if( len <= 0 ) { log << log3 << "App: I can't read how many groups there are" << logend; return; } tab.resize(len); len = getgroups(len, &(tab[0])); if( len == -1 ) { log << log3 << "App: I can't read groups" << logend; return; } if( len == 1 && rgid == tab[0] ) { LogGroup("App: effective/real group:", rgid); } else { tab.resize(len); LogEffectiveGroups(tab); LogGroup("App: real group:", rgid); } } void App::LogUserGroups() { LogUsers(); LogGroups(); } bool App::DropPrivileges(const std::string & user, uid_t uid, gid_t gid, bool additional_groups) { if( additional_groups ) { if( initgroups(user.c_str(), gid) < 0 ) { log << log1 << "App: I can't init groups for user: " << user << logend; return false; } } else { if( setgroups(1, &gid) < 0 ) { log << log1 << "App: I can't init groups for user: " << user << logend; return false; } } // for setting real and saved gid too if( setgid(gid) ) { log << log1 << "App: I can't change real and saved gid" << logend; return false; } if( setuid(uid) < 0 ) { log << log1 << "App: I can't drop privileges to user: " << user << " (uid:" << (int)uid << ")" << logend; return false; } if( getuid()==0 || geteuid()==0 ) { log << log1 << "App: sorry, for security reasons you should not run me as the root" << logend; return false; } return true; } bool App::DropPrivileges() { if( getuid()!=0 && geteuid()!=0 ) return true; log << log2 << "App: dropping privileges" << logend; if( config.user.empty() ) { log << log1 << "App: you should specify user name in the config file " << "to which I have to drop privileges" << logend; return false; } if( config.group.empty() ) { log << log1 << "App: you should specify group name in the config file " << "to which I have to drop privileges" << logend; return false; } passwd * p = getpwnam(config.user.c_str()); group * g = getgrnam(config.group.c_str()); if( !p ) { log << log1 << "App: there is no such a user as: \"" << config.user << "\"" << logend; return false; } if( !g ) { log << log1 << "App: there is no such a group as: \"" << config.group << "\"" << logend; return false; } if( !DropPrivileges(config.user, p->pw_uid, g->gr_gid, config.additional_groups) ) return false; return true; } bool App::Demonize() { // in linux fork() should be used twice int pid = fork(); if( pid == -1 ) { log << log1 << "App: I can't demonize myself (fork problem)" << logend; return false; } if( pid != 0 ) { // parent exit(0); } // child if( setsid() == -1 ) { log << log1 << "App: I can't demonize myself (setsid problem)" << logend; return false; } return true; } // this method is called from a signal routine void App::SetStopSignal() { synchro.was_stop_signal = true; } bool App::WasStopSignal() { return synchro.was_stop_signal; } bool App::Lock() { return synchro.Lock(); } void App::Unlock() { synchro.Unlock(); } void App::WaitForThreads() { // special thread hangs on fetchStatURL -- I don't know why // but it doesn't matter, don't use pthread_join on it //pthread_join(signal_thread, 0); system.thread_manager.StopAll(); } void App::FetchPageOnExit() { // !! CHANGE ME use curl instead of BSD's fetch... // this allows to port to Linux systems // stupid trick to break FCGX_Accept_r() function // even with FCGX_InitRequest(..., ..., FCGI_FAIL_ACCEPT_ON_INTR) the FCGX_Accept_r // doesn't want to break on a signal // so we request one page from the server for exiting from FCGX_Accept_r url_stat url; fetchStatURL(url_to_fetch_on_exit.c_str(), &url, ""); } void * App::SpecialThreadForSignals(void * app_object) { sigset_t set; App * app = reinterpret_cast(app_object); sigemptyset(&set); sigaddset(&set, SIGTERM); sigaddset(&set, SIGINT); // waiting for SIGTERM or SIGINT sigwait(&set, 0); app->Lock(); app->synchro.was_stop_signal = true; FCGX_ShutdownPending(); // here we don't have to use SSL version so we always use config.url_proto PT::WideToUTF8(app->config.url_proto, app->url_to_fetch_on_exit); PT::WideToUTF8(app->config.base_url, app->url_to_fetch_on_exit, false); app->Unlock(); // this thread will hang on this method // but will be terminated when the main thread exits app->FetchPageOnExit(); pthread_exit(0); return 0; } void App::StartThreads() { // make sure system.thread_manager.Init() was called beforehand // it is called in Init() -> system.Init() // special thread only for signals pthread_create(&signal_thread, 0, SpecialThreadForSignals, this); system.thread_manager.Add(&session_manager, L"session_manager"); system.thread_manager.StartAll(); } void App::CreateStaticTree() { if( config.upload_dir.empty() ) { log << log1 << "App: config: upload_dir not set, you are not allowed to upload static content" << logend; return; } CreateDirs(L"/", config.upload_dir.c_str(), config.upload_dirs_chmod); CreateDirs(config.upload_dir.c_str(), L"simplefs/normal", config.upload_dirs_chmod); CreateDirs(config.upload_dir.c_str(), L"simplefs/thumb", config.upload_dirs_chmod); CreateDirs(config.upload_dir.c_str(), L"hashfs/normal", config.upload_dirs_chmod); CreateDirs(config.upload_dir.c_str(), L"hashfs/thumb", config.upload_dirs_chmod); CreateDirs(config.upload_dir.c_str(), L"tmp", config.upload_dirs_chmod); }