From 4d1d87b90f8029896c51dd09f0393b0770f9da73 Mon Sep 17 00:00:00 2001 From: nishi Date: Sat, 11 May 2024 00:11:33 +0000 Subject: [PATCH] memory safe, and manage git-svn-id: file:///raid/svn-main/nishi-mandshurica/trunk@68 f982e544-4a7d-3444-ad1a-fde59a2a69f1 --- Mandshurica/config.c | 1 + Mandshurica/db.c | 1 + Mandshurica/template.c | 13 ++++ Module/cookie.c | 10 +-- Module/http.c | 160 ++++++++++++++++++++++++++++------------ Webroot/bar.html | 2 +- Webroot/index.html.tmpl | 1 + 7 files changed, 133 insertions(+), 55 deletions(-) diff --git a/Mandshurica/config.c b/Mandshurica/config.c index 74ab251..94e5a69 100644 --- a/Mandshurica/config.c +++ b/Mandshurica/config.c @@ -211,6 +211,7 @@ int mandshurica_create_config(const char* path) { fprintf(f, "Set CookieDB %s/passwd.db\n", PREFIX); fprintf(f, "Set HTTPPort 1024\n"); fprintf(f, "Set HTTPRoot %s\n", WEBROOT_PREFIX); + fprintf(f, "Set InstancecName Sumire\n"); fprintf(f, "\n"); fprintf(f, "Set HTTPMIME.html text/html\n"); fprintf(f, "Set HTTPMIME.gif image/gif\n"); diff --git a/Mandshurica/db.c b/Mandshurica/db.c index ddfce62..761371b 100644 --- a/Mandshurica/db.c +++ b/Mandshurica/db.c @@ -82,6 +82,7 @@ char* mandshurica_db_get(struct ms_db* db, const char* key) { free(line); return ret; } + break; } } } diff --git a/Mandshurica/template.c b/Mandshurica/template.c index 062596f..142e8f5 100644 --- a/Mandshurica/template.c +++ b/Mandshurica/template.c @@ -114,6 +114,19 @@ char* mandshurica_parse_template(const char* data, struct ms_param param) { free(fb); } } + } else if(strcmp(op, "get") == 0) { + if(arg != NULL) { + char* val = mandshurica_get_param(arg); + if(val != NULL) { + char* tmp = ret; + ret = mandshurica_strcat(tmp, val); + free(tmp); + } else { + char* tmp = ret; + ret = mandshurica_strcat(tmp, "(not set)"); + free(tmp); + } + } } else if(strcmp(op, "version") == 0) { char* tmp = ret; ret = mandshurica_strcat(tmp, MANDSHURICA_VERSION); diff --git a/Module/cookie.c b/Module/cookie.c index ed0bcd8..ddcab9e 100644 --- a/Module/cookie.c +++ b/Module/cookie.c @@ -66,7 +66,7 @@ int mod_init(struct mandshurica_config* _config) { #define TOKEN_LENGTH 16 /* 47672401706823533450263330816 tokens are enoguh */ -char* generate_token(const char* username){ +char* generate_token(const char* username) { struct ms_db* db = mandshurica_db_open(config->mandshurica_get_param("LoginDB")); generate_again:; char* token = NULL; @@ -75,11 +75,11 @@ generate_again:; token[TOKEN_LENGTH] = 0; int i; const char ch[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; - for(i = 0; i < TOKEN_LENGTH; i++){ + for(i = 0; i < TOKEN_LENGTH; i++) { token[i] = ch[rand() % (26 + 26 + 10)]; } char* t = mandshurica_db_get(db, token); - if(t != NULL){ + if(t != NULL) { free(t); goto generate_again; } @@ -90,11 +90,11 @@ generate_again:; int mod_auth(const char* username, const char* password, char** ptr) { bool login = false; - if(*ptr != NULL){ + if(*ptr != NULL) { if(strcmp(*ptr, "/cookie-login") == 0) login = true; free(*ptr); } - if(login){ + if(login) { *ptr = NULL; struct ms_db* db = mandshurica_db_open(config->mandshurica_get_param("CookieDB")); if(db != NULL) { diff --git a/Module/http.c b/Module/http.c index bb3e991..f1fabe9 100644 --- a/Module/http.c +++ b/Module/http.c @@ -54,29 +54,33 @@ const char mod_type[] = MS_MOD_SRV; struct mandshurica_config* config; -char* get_cookie(const char* cookie, const char* key){ +char* get_cookie(const char* cookie, const char* key) { char* str = mandshurica_strdup(cookie); int i; int start = 0; - for(i = 0; str[i] != 0; i++){ - if(str[i] == '='){ + for(i = 0; str[i] != 0; i++) { + if(str[i] == '=') { char* k = malloc(i - start + 1); k[i] = 0; memcpy(k, str + start, i - start); - if(strcmp(key, k) == 0){ + if(strcmp(key, k) == 0) { int epos = i + 1; - for(; str[i] != 0 && str[i] != ';'; i++); + for(; str[i] != 0 && str[i] != ';'; i++) + ; char* v = malloc(i - epos + 1); - v[i] = 0; + v[i - epos] = 0; memcpy(v, str + epos, i - epos); - for(; str[i] != 0 && str[i] != ' ' && str[i] != '\t'; i++); + for(; str[i] != 0 && str[i] != ' ' && str[i] != '\t'; i++) + ; start = i + 1; free(k); free(str); return v; - }else{ - for(; str[i] != 0 && str[i] != ';'; i++); - for(; str[i] != 0 && str[i] != ' ' && str[i] != '\t'; i++); + } else { + for(; str[i] != 0 && str[i] != ';'; i++) + ; + for(; str[i] != 0 && str[i] != ' ' && str[i] != '\t'; i++) + ; start = i + 1; } free(k); @@ -199,7 +203,7 @@ void http_handler(int sock) { int i; for(i = 0; i < len; i++) { cbuf[0] = buf[i]; -force_back:; + force_back:; if(conlen > 0 || nolen) { conlen--; postbuf[conincr] = cbuf[0]; @@ -224,14 +228,14 @@ force_back:; send(sock, "Content-Length: 0\r\n", 19, 0); send(sock, "\r\n", 2, 0); } else if(form) { - if(strcmp(path, "/cookie-logout") == 0){ + if(strcmp(path, "/cookie-logout") == 0) { bool did_logout = false; - if(cookie != NULL){ + if(cookie != NULL) { char* token = get_cookie(cookie, "TOKEN"); - if(token != NULL){ + if(token != NULL) { struct ms_db* db = mandshurica_db_open(config->mandshurica_get_param("LoginDB")); char* usr = mandshurica_db_get(db, token); - if(usr != NULL){ + if(usr != NULL) { free(usr); did_logout = true; } @@ -239,13 +243,13 @@ force_back:; } free(token); } - if(did_logout){ + if(did_logout) { param.login = false; char* type; uint64_t len; char* data = NULL; char* s; - + struct stat st; char* lastmod = NULL; const char* pth = mandshurica_strcat(webroot, "/logout-success/"); @@ -278,31 +282,55 @@ force_back:; free(lastmod); } send(sock, "Content-Length: ", 16, 0); - + char* lenstr = malloc(513); sprintf(lenstr, "%llu", len); send(sock, lenstr, strlen(lenstr), 0); free(lenstr); - - send(sock, "\r\n", 2, 0); - send(sock, "Set-Cookie: TOKEN=; HttpOnly; MaxAge=0\r\n", 40, 0); + send(sock, "\r\n", 2, 0); + bool use_cookie = false; + for(j = 0; (*config->libs)[j] != NULL; j++) { + const char* type = (const char*)dlsym((*config->libs)[j]->lib, "mod_type"); + if(strcmp(type, MS_MOD_AUTH) == 0) { + const char* authtype = (const char*)dlsym((*config->libs)[j]->lib, "mod_auth_type"); + if(strcmp(authtype, "Cookie") == 0) { + use_cookie = true; + } + } + } + if(use_cookie) { + send(sock, "Set-Cookie: TOKEN=; HttpOnly; MaxAge=0\r\n", 40, 0); + send(sock, "\r\n", 2, 0); + } send(sock, data, len, 0); free(type); } else { send(sock, "HTTP/1.1 200 OK\r\n", 9 + 8, 0); send(sock, "Connection: keep-alive\r\n", 24, 0); send(sock, "Content-Length: 0\r\n", 19, 0); - send(sock, "Set-Cookie: TOKEN=; HttpOnly; MaxAge=0\r\n", 40, 0); - send(sock, "\r\n", 2, 0); + bool use_cookie = false; + for(j = 0; (*config->libs)[j] != NULL; j++) { + const char* type = (const char*)dlsym((*config->libs)[j]->lib, "mod_type"); + if(strcmp(type, MS_MOD_AUTH) == 0) { + const char* authtype = (const char*)dlsym((*config->libs)[j]->lib, "mod_auth_type"); + if(strcmp(authtype, "Cookie") == 0) { + use_cookie = true; + } + } + } + if(use_cookie) { + send(sock, "Set-Cookie: TOKEN=; HttpOnly; MaxAge=0\r\n", 40, 0); + send(sock, "\r\n", 2, 0); + } send(sock, "\r\n", 2, 0); } - }else{ + } else { char* type; uint64_t len; char* data = NULL; char* s; - + struct stat st; char* lastmod = NULL; const char* pth = mandshurica_strcat(webroot, "/logout-fail/"); @@ -335,12 +363,12 @@ force_back:; free(lastmod); } send(sock, "Content-Length: ", 16, 0); - + char* lenstr = malloc(513); sprintf(lenstr, "%llu", len); send(sock, lenstr, strlen(lenstr), 0); free(lenstr); - + send(sock, "\r\n", 2, 0); send(sock, "\r\n", 2, 0); send(sock, data, len, 0); @@ -353,13 +381,13 @@ force_back:; send(sock, "\r\n", 2, 0); } } - }else{ + } else { bool sent = false; for(j = 0; (*config->libs)[j] != NULL; j++) { const char* type = (const char*)dlsym((*config->libs)[j]->lib, "mod_type"); if(strcmp(type, MS_MOD_AUTH) == 0) { const char* httppath = (const char*)dlsym((*config->libs)[j]->lib, "mod_http_path"); - run_again:; + run_again:; if(httppath != NULL) { if(strcmp(httppath, path) == 0) { int (*mod_auth)(const char*, const char*, char**) = (int (*)(const char*, const char*, char**))dlsym((*config->libs)[j]->lib, "mod_auth"); @@ -374,7 +402,7 @@ force_back:; uint64_t len; char* data = NULL; char* s; - + struct stat st; char* lastmod = NULL; const char* pth = mandshurica_strcat(webroot, "/login-success/"); @@ -407,18 +435,30 @@ force_back:; free(lastmod); } send(sock, "Content-Length: ", 16, 0); - + char* lenstr = malloc(513); sprintf(lenstr, "%llu", len); send(sock, lenstr, strlen(lenstr), 0); free(lenstr); - - send(sock, "\r\n", 2, 0); - send(sock, "Set-Cookie: ", 11, 0); - send(sock, "TOKEN=", 6, 0); - send(sock, token, strlen(token), 0); - send(sock, "; HttpOnly", 10, 0); + send(sock, "\r\n", 2, 0); + bool use_cookie = false; + for(j = 0; (*config->libs)[j] != NULL; j++) { + const char* type = (const char*)dlsym((*config->libs)[j]->lib, "mod_type"); + if(strcmp(type, MS_MOD_AUTH) == 0) { + const char* authtype = (const char*)dlsym((*config->libs)[j]->lib, "mod_auth_type"); + if(strcmp(authtype, "Cookie") == 0) { + use_cookie = true; + } + } + } + if(use_cookie) { + send(sock, "Set-Cookie: ", 11, 0); + send(sock, "TOKEN=", 6, 0); + send(sock, token, strlen(token), 0); + send(sock, "; HttpOnly", 10, 0); + send(sock, "\r\n", 2, 0); + } send(sock, "\r\n", 2, 0); send(sock, data, len, 0); free(type); @@ -426,11 +466,23 @@ force_back:; send(sock, "HTTP/1.1 200 OK\r\n", 9 + 8, 0); send(sock, "Connection: keep-alive\r\n", 24, 0); send(sock, "Content-Length: 0\r\n", 19, 0); - send(sock, "Set-Cookie: ", 11, 0); - send(sock, "TOKEN=", 6, 0); - send(sock, token, strlen(token), 0); - send(sock, "; HttpOnly", 10, 0); - send(sock, "\r\n", 2, 0); + bool use_cookie = false; + for(j = 0; (*config->libs)[j] != NULL; j++) { + const char* type = (const char*)dlsym((*config->libs)[j]->lib, "mod_type"); + if(strcmp(type, MS_MOD_AUTH) == 0) { + const char* authtype = (const char*)dlsym((*config->libs)[j]->lib, "mod_auth_type"); + if(strcmp(authtype, "Cookie") == 0) { + use_cookie = true; + } + } + } + if(use_cookie) { + send(sock, "Set-Cookie: ", 11, 0); + send(sock, "TOKEN=", 6, 0); + send(sock, token, strlen(token), 0); + send(sock, "; HttpOnly", 10, 0); + send(sock, "\r\n", 2, 0); + } send(sock, "\r\n", 2, 0); } free(token); @@ -444,7 +496,7 @@ force_back:; uint64_t len; char* data = NULL; char* s; - + struct stat st; char* lastmod = NULL; const char* pth = mandshurica_strcat(webroot, "/login-fail/"); @@ -477,12 +529,12 @@ force_back:; free(lastmod); } send(sock, "Content-Length: ", 16, 0); - + char* lenstr = malloc(513); sprintf(lenstr, "%llu", len); send(sock, lenstr, strlen(lenstr), 0); free(lenstr); - + send(sock, "\r\n", 2, 0); send(sock, "\r\n", 2, 0); send(sock, data, len, 0); @@ -553,16 +605,26 @@ force_back:; } else if(buf[i] == '\n') { count++; if(count == 2) { - if(headers != NULL){ + if(headers != NULL) { int j; + bool use_cookie = false; + for(j = 0; (*config->libs)[j] != NULL; j++) { + const char* type = (const char*)dlsym((*config->libs)[j]->lib, "mod_type"); + if(strcmp(type, MS_MOD_AUTH) == 0) { + const char* authtype = (const char*)dlsym((*config->libs)[j]->lib, "mod_auth_type"); + if(strcmp(authtype, "Cookie") == 0) { + use_cookie = true; + } + } + } for(j = 0; headers[j] != NULL; j += 2) { - if(mandshurica_strcaseequ(headers[j], "Cookie")){ + if(use_cookie && mandshurica_strcaseequ(headers[j], "Cookie")) { cookie = mandshurica_strdup(headers[j + 1]); char* v = get_cookie(headers[j + 1], "TOKEN"); - if(v != NULL){ + if(v != NULL) { struct ms_db* db = mandshurica_db_open(config->mandshurica_get_param("LoginDB")); char* username = mandshurica_db_get(db, v); - if(username != NULL){ + if(username != NULL) { param.login = true; free(username); } diff --git a/Webroot/bar.html b/Webroot/bar.html index cadeedb..4f2e154 100644 --- a/Webroot/bar.html +++ b/Webroot/bar.html @@ -1,3 +1,3 @@
-Home@ifnot login@ Login@endif@@if login@ Logout@endif@ +Home@if login@ | Manage@endif@@ifnot login@ | Login@endif@@if login@ | Logout@endif@
diff --git a/Webroot/index.html.tmpl b/Webroot/index.html.tmpl index 531ecbb..c99155a 100644 --- a/Webroot/index.html.tmpl +++ b/Webroot/index.html.tmpl @@ -6,4 +6,5 @@ vim: syntax=html @include body-start.html@

Mandshurica

@include bar.html@ +This is the main page of @get InstanceName@ @include end.html@ -- 2.43.0