2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "smbd/service_task.h"
25 #include "web_server/web_server.h"
26 #include "smbd/service_stream.h"
27 #include "smbd/service.h"
28 #include "lib/events/events.h"
29 #include "system/time.h"
30 #include "lib/appweb/esp/esp.h"
31 #include "lib/appweb/ejs/ejsInternal.h"
32 #include "dlinklist.h"
33 #include "lib/tls/tls.h"
34 #include "scripting/ejs/smbcalls.h"
36 #define SWAT_SESSION_KEY "SwatSessionId"
37 #define HTTP_PREAUTH_URI "/scripting/preauth.esp"
39 /* state of the esp subsystem for a specific request */
41 struct websrv_context *web;
42 struct EspRequest *req;
43 struct MprVar variables[ESP_OBJ_MAX];
44 struct session_data *session;
48 output the http headers
50 static void http_output_headers(struct websrv_context *web)
55 uint32_t content_length = 0;
56 const char *response_string = "Unknown Code";
59 const char *response_string;
65 { 304, "Not Modified" },
66 { 400, "Bad request" },
67 { 401, "Unauthorized" },
70 { 500, "Internal Server Error" },
71 { 501, "Not implemented" }
73 for (i=0;i<ARRAY_SIZE(codes);i++) {
74 if (codes[i].code == web->output.response_code) {
75 response_string = codes[i].response_string;
79 if (web->output.headers == NULL) return;
80 s = talloc_asprintf(web, "HTTP/1.0 %u %s\r\n",
81 web->output.response_code, response_string);
82 if (s == NULL) return;
83 for (i=0;web->output.headers[i];i++) {
84 s = talloc_asprintf_append(s, "%s\r\n", web->output.headers[i]);
87 /* work out the content length */
88 content_length = web->output.content.length;
89 if (web->output.fd != -1) {
91 fstat(web->output.fd, &st);
92 content_length += st.st_size;
94 s = talloc_asprintf_append(s, "Content-Length: %u\r\n\r\n", content_length);
95 if (s == NULL) return;
97 b = web->output.content;
98 web->output.content = data_blob_string_const(s);
99 data_blob_append(web, &web->output.content, b.data, b.length);
104 return the local path for a URL
106 static const char *http_local_path(struct websrv_context *web, const char *url)
111 /* check that the url is OK */
112 if (url[0] != '/') return NULL;
114 for (i=0;url[i];i++) {
115 if ((!isalnum((unsigned char)url[i]) && !strchr("./_", url[i])) ||
116 (url[i] == '.' && strchr("/.", url[i+1]))) {
121 path = talloc_asprintf(web, "%s/%s", lp_swat_directory(), url+1);
122 if (path == NULL) return NULL;
124 if (directory_exist(path)) {
125 path = talloc_asprintf_append(path, "/index.esp");
131 called when esp wants to read a file to support include() calls
133 static int http_readFile(EspHandle handle, char **buf, int *len, const char *path)
135 struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
140 path = http_local_path(web, path);
141 if (path == NULL) goto failed;
143 fd = open(path, O_RDONLY);
144 if (fd == -1 || fstat(fd, &st) != 0 || !S_ISREG(st.st_mode)) goto failed;
146 *buf = talloc_size(handle, st.st_size+1);
147 if (*buf == NULL) goto failed;
149 if (read(fd, *buf, st.st_size) != st.st_size) goto failed;
151 (*buf)[st.st_size] = 0;
158 DEBUG(0,("Failed to read file %s - %s\n", path, strerror(errno)));
159 if (fd != -1) close(fd);
166 called when esp wants to find the real path of a file
168 static int http_mapToStorage(EspHandle handle, char *path, int len, const char *uri, int flags)
170 if (uri == NULL || strlen(uri) >= len) return -1;
171 strncpy(path, uri, len);
176 called when esp wants to output something
178 static int http_writeBlock(EspHandle handle, const char *buf, int size)
180 struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
182 status = data_blob_append(web, &web->output.content, buf, size);
183 if (!NT_STATUS_IS_OK(status)) return -1;
191 static void http_setHeader(EspHandle handle, const char *value, bool allowMultiple)
193 struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
194 char *p = strchr(value, ':');
196 if (p && !allowMultiple && web->output.headers) {
198 for (i=0;web->output.headers[i];i++) {
199 if (strncmp(web->output.headers[i], value, (p+1)-value) == 0) {
200 web->output.headers[i] = talloc_strdup(web, value);
206 web->output.headers = str_list_add(web->output.headers, value);
207 talloc_steal(web, web->output.headers);
211 set a http response code
213 static void http_setResponseCode(EspHandle handle, int code)
215 struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
216 web->output.response_code = code;
220 redirect to another web page
222 static void http_redirect(EspHandle handle, int code, char *url)
224 struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
225 const char *host = web->input.host;
227 /* form the full url, unless it already looks like a url */
228 if (strchr(url, ':') == NULL) {
230 struct socket_address *socket_address = socket_get_my_addr(web->conn->socket, web);
231 if (socket_address == NULL) goto internal_error;
232 host = talloc_asprintf(web, "%s:%u",
233 socket_address->addr, socket_address->port);
235 if (host == NULL) goto internal_error;
237 char *p = strrchr(web->input.url, '/');
238 if (p == web->input.url) {
239 url = talloc_asprintf(web, "http%s://%s/%s",
240 tls_enabled(web->tls)?"s":"",
243 int dirlen = p - web->input.url;
244 url = talloc_asprintf(web, "http%s://%s%*.*s/%s",
245 tls_enabled(web->tls)?"s":"",
247 dirlen, dirlen, web->input.url,
250 if (url == NULL) goto internal_error;
254 http_setHeader(handle, talloc_asprintf(web, "Location: %s", url), 0);
256 /* make sure we give a valid redirect code */
257 if (code >= 300 && code < 400) {
258 http_setResponseCode(handle, code);
260 http_setResponseCode(handle, 302);
265 http_error(web, 500, "Internal server error");
272 static void http_setCookie(EspHandle handle, const char *name, const char *value,
273 int lifetime, const char *path, bool secure)
275 struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
279 buf = talloc_asprintf(web, "Set-Cookie: %s=%s; path=%s; Expires=%s; %s",
280 name, value, path?path:"/",
281 http_timestring(web, time(NULL)+lifetime),
284 buf = talloc_asprintf(web, "Set-Cookie: %s=%s; path=%s; %s",
285 name, value, path?path:"/",
288 http_setHeader(handle, "Cache-control: no-cache=\"set-cookie\"", 0);
289 http_setHeader(handle, buf, 0);
294 return the session id
296 static const char *http_getSessionId(EspHandle handle)
298 struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
299 return web->session->id;
305 static void http_createSession(EspHandle handle, int timeout)
307 struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
309 web->session->lifetime = timeout;
310 http_setCookie(web, SWAT_SESSION_KEY, web->session->id,
311 web->session->lifetime, "/", 0);
318 static void http_destroySession(EspHandle handle)
320 struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
321 talloc_free(web->session);
327 setup for a raw http level error
329 void http_error(struct websrv_context *web, int code, const char *info)
332 s = talloc_asprintf(web,"<HTML><HEAD><TITLE>Error %u</TITLE></HEAD><BODY><H1>Error %u</H1><pre>%s</pre><p></BODY></HTML>\r\n\r\n",
335 stream_terminate_connection(web->conn, "http_error: out of memory");
338 http_writeBlock(web, s, strlen(s));
339 http_setResponseCode(web, code);
340 http_output_headers(web);
341 EVENT_FD_NOT_READABLE(web->conn->event.fde);
342 EVENT_FD_WRITEABLE(web->conn->event.fde);
343 web->output.output_pending = True;
347 map a unix error code to a http error
349 void http_error_unix(struct websrv_context *web, const char *info)
361 info = talloc_asprintf(web, "%s<p>%s<p>\n", info, strerror(errno));
362 http_error(web, code, info);
367 a simple file request
369 static void http_simple_request(struct websrv_context *web)
371 const char *url = web->input.url;
375 path = http_local_path(web, url);
376 if (path == NULL) goto invalid;
379 web->output.fd = open(path, O_RDONLY);
380 if (web->output.fd == -1) {
381 DEBUG(0,("Failed to read file %s - %s\n", path, strerror(errno)));
382 http_error_unix(web, path);
386 if (fstat(web->output.fd, &st) != 0 || !S_ISREG(st.st_mode)) {
387 close(web->output.fd);
394 http_error(web, 400, "Malformed URL");
398 setup the standard ESP arrays
400 static void http_setup_arrays(struct esp_state *esp)
402 struct websrv_context *web = esp->web;
403 struct esp_data *edata = talloc_get_type(web->task->private, struct esp_data);
404 struct EspRequest *req = esp->req;
405 struct socket_address *socket_address = socket_get_my_addr(web->conn->socket, esp);
406 struct socket_address *peer_address = socket_get_peer_addr(web->conn->socket, esp);
409 #define SETVAR(type, name, value) do { \
410 const char *v = value; \
411 if (v) espSetStringVar(req, type, name, v); \
414 SETVAR(ESP_REQUEST_OBJ, "CONTENT_LENGTH",
415 talloc_asprintf(esp, "%u", web->input.content_length));
416 SETVAR(ESP_REQUEST_OBJ, "QUERY_STRING", web->input.query_string);
417 SETVAR(ESP_REQUEST_OBJ, "REQUEST_METHOD", web->input.post_request?"POST":"GET");
418 SETVAR(ESP_REQUEST_OBJ, "REQUEST_URI", web->input.url);
419 p = strrchr(web->input.url, '/');
420 SETVAR(ESP_REQUEST_OBJ, "SCRIPT_NAME", p+1);
421 SETVAR(ESP_REQUEST_OBJ, "SCRIPT_FILENAME", web->input.url);
423 struct MprVar mpv = mprObject("socket_address");
424 mprSetPtrChild(&mpv, "socket_address", peer_address);
425 espSetVar(req, ESP_REQUEST_OBJ, "REMOTE_SOCKET_ADDRESS", mpv);
427 SETVAR(ESP_REQUEST_OBJ, "REMOTE_ADDR", peer_address->addr);
429 p = socket_get_peer_name(web->conn->socket, esp);
430 SETVAR(ESP_REQUEST_OBJ, "REMOTE_HOST", p);
431 SETVAR(ESP_REQUEST_OBJ, "REMOTE_USER", "");
432 SETVAR(ESP_REQUEST_OBJ, "CONTENT_TYPE", web->input.content_type);
434 SETVAR(ESP_REQUEST_OBJ, "SESSION_ID", web->session->id);
436 SETVAR(ESP_REQUEST_OBJ, "COOKIE_SUPPORT", web->input.cookie?"True":"False");
438 SETVAR(ESP_HEADERS_OBJ, "HTT_REFERER", web->input.referer);
439 SETVAR(ESP_HEADERS_OBJ, "HOST", web->input.host);
440 SETVAR(ESP_HEADERS_OBJ, "ACCEPT_ENCODING", web->input.accept_encoding);
441 SETVAR(ESP_HEADERS_OBJ, "ACCEPT_LANGUAGE", web->input.accept_language);
442 SETVAR(ESP_HEADERS_OBJ, "ACCEPT_CHARSET", web->input.accept_charset);
443 SETVAR(ESP_HEADERS_OBJ, "COOKIE", web->input.cookie);
444 SETVAR(ESP_HEADERS_OBJ, "USER_AGENT", web->input.user_agent);
446 if (socket_address) {
447 SETVAR(ESP_SERVER_OBJ, "SERVER_ADDR", socket_address->addr);
448 SETVAR(ESP_SERVER_OBJ, "SERVER_NAME", socket_address->addr);
449 SETVAR(ESP_SERVER_OBJ, "SERVER_HOST", socket_address->addr);
450 SETVAR(ESP_SERVER_OBJ, "SERVER_PORT",
451 talloc_asprintf(esp, "%u", socket_address->port));
454 SETVAR(ESP_SERVER_OBJ, "DOCUMENT_ROOT", lp_swat_directory());
455 SETVAR(ESP_SERVER_OBJ, "SERVER_PROTOCOL", tls_enabled(web->tls)?"https":"http");
456 SETVAR(ESP_SERVER_OBJ, "SERVER_SOFTWARE", "SWAT");
457 SETVAR(ESP_SERVER_OBJ, "GATEWAY_INTERFACE", "CGI/1.1");
458 SETVAR(ESP_SERVER_OBJ, "TLS_SUPPORT", tls_support(edata->tls_params)?"True":"False");
462 /* the esp scripting lirary generates exceptions when
463 it hits a major error. We need to catch these and
464 report a internal server error via http
467 static jmp_buf ejs_exception_buf;
468 static const char *exception_reason;
470 void ejs_exception(const char *reason)
474 ejsSetErrorMsg(0, "%s", reason);
475 exception_reason = ep->error;
477 exception_reason = reason;
479 DEBUG(0,("%s", exception_reason));
480 longjmp(ejs_exception_buf, -1);
483 void ejs_exception(const char *reason)
485 DEBUG(0,("%s", reason));
491 process a esp request
493 static void esp_request(struct esp_state *esp, const char *url)
495 struct websrv_context *web = esp->web;
498 char *emsg = NULL, *buf;
500 if (http_readFile(web, &buf, &size, url) != 0) {
501 http_error_unix(web, url);
506 if (setjmp(ejs_exception_buf) != 0) {
507 http_error(web, 500, exception_reason);
512 res = espProcessRequest(esp->req, url, buf, &emsg);
513 if (res != 0 && emsg) {
514 http_writeBlock(web, "<pre>", 5);
515 http_writeBlock(web, emsg, strlen(emsg));
516 http_writeBlock(web, "</pre>", 6);
523 perform pre-authentication on every page is /scripting/preauth.esp
524 exists. If this script generates any non-whitepace output at all,
525 then we don't run the requested URL.
527 note that the preauth is run even for static pages such as images.
529 static BOOL http_preauth(struct esp_state *esp)
531 const char *path = http_local_path(esp->web, HTTP_PREAUTH_URI);
534 http_error(esp->web, 500, "Internal server error");
537 if (!file_exist(path)) {
538 /* if the preath script is not installed then allow access */
541 esp_request(esp, HTTP_PREAUTH_URI);
542 for (i=0;i<esp->web->output.content.length;i++) {
543 if (!isspace(esp->web->output.content.data[i])) {
544 /* if the preauth has generated content, then force it to be
545 html, so that we can show the login page for failed
547 http_setHeader(esp->web, "Content-Type: text/html", 0);
551 data_blob_free(&esp->web->output.content);
557 handling of + and % escapes in http variables
559 static const char *http_unescape(TALLOC_CTX *mem_ctx, const char *p)
561 char *s0 = talloc_strdup(mem_ctx, p);
563 if (s == NULL) return NULL;
567 if (*s == '+') *s = ' ';
568 if (*s == '%' && sscanf(s+1, "%02x", &v) == 1) {
570 memmove(s+1, s+3, strlen(s+3)+1);
579 set a form or GET variable
581 static void esp_putvar(struct esp_state *esp, const char *var, const char *value)
583 if (strcasecmp(var, SWAT_SESSION_KEY) == 0) {
584 /* special case support for browsers without cookie
586 esp->web->input.session_key = talloc_strdup(esp, value);
588 mprSetPropertyValue(&esp->variables[ESP_FORM_OBJ],
589 http_unescape(esp, var),
590 mprCreateStringVar(http_unescape(esp, value), 0));
596 parse the variables in a POST style request
598 static NTSTATUS http_parse_post(struct esp_state *esp)
600 DATA_BLOB b = esp->web->input.partial;
606 p = memchr(b.data, '&', b.length);
610 len = p - (char *)b.data;
612 line = talloc_strndup(esp, (char *)b.data, len);
613 NT_STATUS_HAVE_NO_MEMORY(line);
615 p = strchr(line,'=');
618 esp_putvar(esp, line, p+1);
633 parse the variables in a GET style request
635 static NTSTATUS http_parse_get(struct esp_state *esp)
637 struct websrv_context *web = esp->web;
641 p = strchr(web->input.url, '?');
642 web->input.query_string = p+1;
645 s = talloc_strdup(esp, esp->web->input.query_string);
646 NT_STATUS_HAVE_NO_MEMORY(s);
648 for (tok=strtok_r(s,"&;", &pp);tok;tok=strtok_r(NULL,"&;", &pp)) {
652 esp_putvar(esp, tok, p+1);
659 called when a session times out
661 static void session_timeout(struct event_context *ev, struct timed_event *te,
662 struct timeval t, void *private)
664 struct session_data *s = talloc_get_type(private, struct session_data);
671 static int session_destructor(void *ptr)
673 struct session_data *s = talloc_get_type(ptr, struct session_data);
674 DLIST_REMOVE(s->edata->sessions, s);
679 setup the session for this request
681 static void http_setup_session(struct esp_state *esp)
683 const char *session_key = SWAT_SESSION_KEY;
685 const char *cookie = esp->web->input.cookie;
686 const char *key = NULL;
687 struct esp_data *edata = talloc_get_type(esp->web->task->private, struct esp_data);
688 struct session_data *s;
689 BOOL generated_key = False;
691 /* look for our session key */
692 if (cookie && (p = strstr(cookie, session_key)) &&
693 p[strlen(session_key)] == '=') {
694 p += strlen(session_key)+1;
695 key = talloc_strndup(esp, p, strcspn(p, ";"));
698 if (key == NULL && esp->web->input.session_key) {
699 key = esp->web->input.session_key;
700 } else if (key == NULL) {
701 key = generate_random_str_list(esp, 16, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ");
702 generated_key = True;
705 /* try to find this session in the existing session list */
706 for (s=edata->sessions;s;s=s->next) {
707 if (strcmp(key, s->id) == 0) {
713 /* create a new session */
714 s = talloc_zero(edata, struct session_data);
715 s->id = talloc_steal(s, key);
719 s->lifetime = lp_parm_int(-1, "web", "sessiontimeout", 900);
720 DLIST_ADD(edata->sessions, s);
721 talloc_set_destructor(s, session_destructor);
722 if (!generated_key) {
723 mprSetPropertyValue(&esp->variables[ESP_REQUEST_OBJ],
724 "SESSION_EXPIRED", mprCreateStringVar("True", 0));
728 http_setCookie(esp->web, session_key, key, s->lifetime, "/", 0);
731 mprCopyVar(&esp->variables[ESP_SESSION_OBJ], s->data, MPR_DEEP_COPY);
734 esp->web->session = s;
738 /* callbacks for esp processing */
739 static const struct Esp esp_control = {
740 .maxScriptSize = 60000,
741 .writeBlock = http_writeBlock,
742 .setHeader = http_setHeader,
743 .redirect = http_redirect,
744 .setResponseCode = http_setResponseCode,
745 .readFile = http_readFile,
746 .mapToStorage = http_mapToStorage,
747 .setCookie = http_setCookie,
748 .createSession = http_createSession,
749 .destroySession = http_destroySession,
750 .getSessionId = http_getSessionId
754 process a complete http request
756 void http_process_input(struct websrv_context *web)
759 struct esp_state *esp;
760 struct esp_data *edata = talloc_get_type(web->task->private, struct esp_data);
762 void *save_mpr_ctx = mprMemCtx();
763 void *ejs_save = ejs_save_state();
765 const char *file_type = NULL;
766 BOOL esp_enable = False;
768 const char *extension;
769 const char *mime_type;
772 {"gif", "image/gif"},
773 {"png", "image/png"},
774 {"jpg", "image/jpeg"},
775 {"txt", "text/plain"},
776 {"ico", "image/x-icon"},
778 {"esp", "text/html", True}
781 esp = talloc_zero(web, struct esp_state);
782 if (esp == NULL) goto internal_error;
788 if (espOpen(&esp_control) != 0) goto internal_error;
790 for (i=0;i<ARRAY_SIZE(esp->variables);i++) {
791 esp->variables[i] = mprCreateUndefinedVar();
793 esp->variables[ESP_HEADERS_OBJ] = mprCreateObjVar("headers", ESP_HASH_SIZE);
794 esp->variables[ESP_FORM_OBJ] = mprCreateObjVar("form", ESP_HASH_SIZE);
795 esp->variables[ESP_APPLICATION_OBJ] = mprCreateObjVar("application", ESP_HASH_SIZE);
796 esp->variables[ESP_COOKIES_OBJ] = mprCreateObjVar("cookies", ESP_HASH_SIZE);
797 esp->variables[ESP_FILES_OBJ] = mprCreateObjVar("files", ESP_HASH_SIZE);
798 esp->variables[ESP_REQUEST_OBJ] = mprCreateObjVar("request", ESP_HASH_SIZE);
799 esp->variables[ESP_SERVER_OBJ] = mprCreateObjVar("server", ESP_HASH_SIZE);
800 esp->variables[ESP_SESSION_OBJ] = mprCreateObjVar("session", ESP_HASH_SIZE);
802 if (edata->application_data) {
803 mprCopyVar(&esp->variables[ESP_APPLICATION_OBJ],
804 edata->application_data, MPR_DEEP_COPY);
807 smb_setup_ejs_functions();
809 if (web->input.url == NULL) {
810 http_error(web, 400, "You must specify a GET or POST request");
811 mprSetCtx(save_mpr_ctx);
812 ejs_restore_state(ejs_save);
816 /* parse any form or get variables */
817 if (web->input.post_request) {
818 status = http_parse_post(esp);
819 if (!NT_STATUS_IS_OK(status)) {
820 http_error(web, 400, "Malformed POST data");
821 mprSetCtx(save_mpr_ctx);
822 ejs_restore_state(ejs_save);
826 if (strchr(web->input.url, '?')) {
827 status = http_parse_get(esp);
828 if (!NT_STATUS_IS_OK(status)) {
829 http_error(web, 400, "Malformed GET data");
830 mprSetCtx(save_mpr_ctx);
831 ejs_restore_state(ejs_save);
836 http_setup_session(esp);
838 esp->req = espCreateRequest(web, web->input.url, esp->variables);
839 if (esp->req == NULL) goto internal_error;
841 /* work out the mime type */
842 p = strrchr(web->input.url, '.');
846 for (i=0;p && i<ARRAY_SIZE(mime_types);i++) {
847 if (strcmp(mime_types[i].extension, p+1) == 0) {
848 file_type = mime_types[i].mime_type;
849 esp_enable = mime_types[i].esp_enable;
852 if (file_type == NULL) {
853 file_type = "text/html";
856 /* setup basic headers */
857 http_setResponseCode(web, 200);
858 http_setHeader(web, talloc_asprintf(esp, "Date: %s",
859 http_timestring(esp, time(NULL))), 0);
860 http_setHeader(web, "Server: Samba", 0);
861 http_setHeader(web, "Connection: close", 0);
862 http_setHeader(web, talloc_asprintf(esp, "Content-Type: %s", file_type), 0);
864 http_setup_arrays(esp);
866 /* possibly do pre-authentication */
867 if (http_preauth(esp)) {
869 esp_request(esp, web->input.url);
871 http_simple_request(web);
875 if (web->conn == NULL) {
876 /* the connection has been terminated above us, probably
881 if (!web->output.output_pending) {
882 http_output_headers(web);
883 EVENT_FD_WRITEABLE(web->conn->event.fde);
884 web->output.output_pending = True;
887 /* copy any application data to long term storage in edata */
888 talloc_free(edata->application_data);
889 edata->application_data = talloc_zero(edata, struct MprVar);
890 mprSetCtx(edata->application_data);
891 mprCopyVar(edata->application_data, &esp->variables[ESP_APPLICATION_OBJ],
895 /* copy any session data */
897 talloc_free(web->session->data);
898 web->session->data = talloc_zero(web->session, struct MprVar);
899 if (esp->variables[ESP_SESSION_OBJ].properties == NULL ||
900 esp->variables[ESP_SESSION_OBJ].properties[0].numItems == 0) {
901 talloc_free(web->session);
904 mprSetCtx(web->session->data);
905 mprCopyVar(web->session->data, &esp->variables[ESP_SESSION_OBJ],
907 /* setup the timeout for the session data */
909 talloc_free(web->session->te);
910 web->session->te = event_add_timed(web->conn->event.ctx, web->session,
911 timeval_current_ofs(web->session->lifetime, 0),
912 session_timeout, web->session);
917 mprSetCtx(save_mpr_ctx);
918 ejs_restore_state(ejs_save);
924 if (web->conn != NULL) {
925 http_error(web, 500, "Internal server error");
927 mprSetCtx(save_mpr_ctx);
928 ejs_restore_state(ejs_save);
933 parse one line of header input
935 NTSTATUS http_parse_header(struct websrv_context *web, const char *line)
938 web->input.end_of_headers = True;
939 } else if (strncasecmp(line,"GET ", 4)==0) {
940 web->input.url = talloc_strndup(web, &line[4], strcspn(&line[4], " \t"));
941 } else if (strncasecmp(line,"POST ", 5)==0) {
942 web->input.post_request = True;
943 web->input.url = talloc_strndup(web, &line[5], strcspn(&line[5], " \t"));
944 } else if (strchr(line, ':') == NULL) {
945 http_error(web, 400, "This server only accepts GET and POST requests");
946 return NT_STATUS_INVALID_PARAMETER;
947 } else if (strncasecmp(line,"Content-Length: ", 16)==0) {
948 web->input.content_length = strtoul(&line[16], NULL, 10);
950 #define PULL_HEADER(v, s) do { \
951 if (strncmp(line, s, strlen(s)) == 0) { \
952 web->input.v = talloc_strdup(web, &line[strlen(s)]); \
953 return NT_STATUS_OK; \
956 PULL_HEADER(content_type, "Content-Type: ");
957 PULL_HEADER(user_agent, "User-Agent: ");
958 PULL_HEADER(referer, "Referer: ");
959 PULL_HEADER(host, "Host: ");
960 PULL_HEADER(accept_encoding, "Accept-Encoding: ");
961 PULL_HEADER(accept_language, "Accept-Language: ");
962 PULL_HEADER(accept_charset, "Accept-Charset: ");
963 PULL_HEADER(cookie, "Cookie: ");
966 /* ignore all other headers for now */
972 setup the esp processor - called at task initialisation
974 NTSTATUS http_setup_esp(struct task_server *task)
976 struct esp_data *edata;
978 edata = talloc_zero(task, struct esp_data);
979 NT_STATUS_HAVE_NO_MEMORY(edata);
981 task->private = edata;
983 edata->tls_params = tls_initialise(edata);
984 NT_STATUS_HAVE_NO_MEMORY(edata->tls_params);