--- /dev/null
+#!/usr/bin/perl
+use POSIX qw(SIGALRM SIGTERM sigaction);
+
+use lib "./include";
+use Digest::SHA::PurePerl qw(sha1_base64);
+
+
+$VERSION = "1.7 (Demonic/Linux)";
+
+# HTTPi Hypertext Tiny Truncated Process Implementation
+# Copyright 1999-2010 Cameron Kaiser and Contributors # All rights reserved
+# Please read LICENSE # Do not strip this copyright message.
+
+###############################################################
+# WHITE HATS ONLY BELOW THIS POINT -- SEE DOCUMENTATION FIRST #
+###############################################################
+
+%system_content_types =
+ ("html" => "text/html",
+ "htm" => "text/html",
+ "txt" => "text/plain",
+ "xml" => "text/xml",
+ "xsl" => "text/xml",
+ "xhtml" => "application/xhtml+xml",
+ "css" => "text/css",
+ "gif" => "image/gif",
+ "jpeg" => "image/jpeg",
+ "jpg" => "image/jpeg",
+ "bmp" => "image/bmp",
+ "png" => "image/png",
+ "tif" => "image/tiff",
+ "tiff" => "image/tiff",
+ "ico" => "image/x-icon",
+ "svg" => "image/svg+xml",
+ "svgz" => "image/svg+xml",
+ "wbmp" => "image/vnd.wap.wbmp",
+ "wbm" => "image/vnd.wap.wbmp",
+ "xbm" => "image/x-xbitmap",
+ "mp3" => "audio/x-mpeg",
+ "wma" => "audio/x-ms-wma",
+ "wav" => "audio/x-wav",
+ "au" => "audio/basic",
+ "aif" => "audio/x-aiff",
+ "aiff" => "audio/x-aiff",
+ "ogg" => "audio/x-ogg",
+ "oga" => "audio/x-ogg",
+ "mid" => "audio/midi",
+ "wma" => "audio/x-ms-wma",
+ "mpeg" => "video/mpeg",
+ "mpg" => "video/mpeg",
+ "aac" => "audio/aac",
+ "ogv" => "video/x-ogg",
+ "ogx" => "application/x-ogg",
+ "avi" => "video/x-msvideo",
+ "wmv" => "video/x-ms-wmv",
+ "asf" => "video/x-ms-asf",
+ "mov" => "video/quicktime",
+ "mp4" => "video/mp4",
+ "rv" => "video/vnd.m-realvideo",
+ "rm" => "application/vnd.m-realmedia",
+ "ra" => "audio/vnd.m-realaudio",
+ "ram" => "audio/vnd.m-realaudio",
+ "pdf" => "application/pdf",
+ "fdf" => "application/vnd.fdf",
+ "class" => "application/octet-stream",
+ "jar" => "application/octet-stream",
+ "js" => "application/x-javascript",
+ "lnk" => "application/x-hyperlink",
+ "prg" => "application/x-c64-prg-binary",
+ "d64" => "application/x-c64-disk-image",
+ "tar" => "application/x-tar",
+ "sit" => "application/x-stuffit",
+ "Z" => "application/x-compress",
+ "gz" => "application/x-gzip",
+ "dmg" => "application/octet-stream",
+ "img" => "application/octet-stream",
+ "lzh" => "application/octet-stream",
+ "lha" => "application/octet-stream",
+ "exe" => "application/octet-stream",
+ "com" => "application/octet-stream",
+ "zip" => "application/x-zip-compressed",
+ "hqx" => "application/x-binhex",
+ "swf" => "x-shockwave-flash",
+ "flv" => "video/x-flv",
+
+ "bin" => "application/octet-stream");
+
+# comment in to enable logs
+$logfile = "./access.log";
+$path = "./htdocs";
+$sockaddr = 'S n a4 x8';
+
+$server_host = $ARGV[0];
+$server_port = $ARGV[1];
+
+die("$0 [host] [port] required. got >$server_host< >$server_port<") unless ($server_host and $server_port);
+
+%content_types =
+ ("html" => "text/html",
+ "htm" => "text/html",
+ "shtml" => "text/html"
+ );
+%restrictions = (
+ "/nw" => "^10\.##^Mozilla#MSIE",
+ "/status" => "####voyeur:daNrZR3TcSwD2",
+ "/" => "###(NPBot|WebZIP|HTTrack|eCatch|Offline Explorer|UdmSearch|WebCopier|internetseer|MSIECrawler|SuperBot|LinkWalker|Tutorial Crawler|WebReaper)",
+ );
+ # See documentation for interpreting this string.
+
+$headers = <<"EOF";
+Server: TRB3-DAQ based on HTTPi/$VERSION
+MIME-Version: 1.0
+EOF
+
+
+%content_types = (%system_content_types, %content_types);
+undef %system_content_types;
+
+#if ($pid = fork()) { exit; }
+$0 = "dhttpi: binding port ...";
+$bindthis = pack($sockaddr, 2, $server_port, pack('C4', 0, 0, 0, 0));
+socket(S, 2, 1, 6);
+setsockopt(S, 1, 2, 1);
+bind(S, $bindthis) || die("$0: while binding port $server_port:\n\"$!\"\n");
+listen(S, 128);
+$0 = "dhttpi: connected and waiting ANY:$server_port";
+
+$statiosuptime = time();
+
+sub sock_to_host {
+ return ($cache_hn, $cache_port, $cache_ip)
+ if (length($cache_ip));
+
+ return (undef, undef, undef) if (!$sock);
+ my($AFC, $cache_port, $thataddr, $zero) = unpack($sockaddr, $sock);
+ $cache_ip = join('.', unpack("C4", $thataddr));
+ $cache_hn =
+ gethostbyaddr($thataddr, 2) ||
+ $cache_ip;
+ return ($cache_hn, $cache_port, $cache_ip);
+}
+
+
+sub htsponse {
+ ($currentcode, $currentstring) = (@_);
+ return if (0+$httpver < 1);
+ my($what) = <<"EOF";
+HTTP/$httpver $currentcode $currentstring
+${headers}Date: $rfcdate
+EOF
+ $what =~ s/\n/\r\n/g;
+ print STDOUT $what;
+ &hthead("Connection: close") if (0+$httpver > 1);
+}
+
+sub hthead {
+ my($header, $term) = (@_);
+ return if (0+$httpver < 1);
+ print STDOUT "$header\r\n" , ($term) ? "\r\n" : "";
+}
+
+sub htcontent {
+ my($what, $ctype, $mode) = (@_);
+ ($contentlength) = $mode || length($what);
+ &hthead("Content-Length: $contentlength");
+ &hthead("Content-Type: $ctype", 1);
+ return if ($method eq 'HEAD' || $mode);
+ print STDOUT $what;
+}
+
+sub log {
+ if ($logfile && open(J, ">>$logfile")) {
+ my $q = $address . (($variables) ? "?$variables" : "");
+ $contentlength += 0;
+ $contentlength = 0 if ($method eq 'HEAD');
+ my ($hostname, $port, $ip) = &sock_to_host();
+ $hostname ||= "-";
+ $httpuser ||= "-";
+ print J <<"EOF";
+$hostname - $httpuser [$date] "$method $q HTTP/$httpver" $currentcode $contentlength "$httpref" "$httpua"
+EOF
+ close(J);
+ }
+}
+
+
+sub bye { exit; }
+sub byebye { kill(9,$secondary_pid) if ($secondary_pid); exit; }
+
+sub dead {
+ &htsponse(500, "Server Error");
+ &hterror("Server Error", <<"EOF");
+The server cannot comply with your request for resource <tt>$::address</tt>.
+Please attempt to notify the administrators.
+<p>Useful(?) debugging information:
+<pre>
+@_
+</pre>
+EOF
+ &log; exit;
+}
+
+sub defaultsignals {
+ $SIG{'__DIE__'} = \&dead;
+ sigaction SIGALRM, new POSIX::SigAction \&bye
+ or die "sigalrm failed: $!\n";
+ sigaction SIGTERM, new POSIX::SigAction \&byebye
+ or die "sigterm failed: $!\n";
+}
+&defaultsignals;
+
+sub alarmsignals {
+ undef $SIG{'__DIE__'};
+ sigaction SIGALRM, new POSIX::SigAction sub { die; }
+ or die "sigalrm failed: $!\n";
+}
+
+sub master {
+ $0 = "dhttpi: handling request";
+$sock = getpeername(STDIN);
+$rfcdate = &rfctime(scalar gmtime, 1);
+$date = scalar localtime;
+($dow, $mon, $dt, $tm, $yr) = ($date =~
+ m/(...) (...) (..) (..:..:..) (....)/);
+$dt += 0;
+$dt = substr("0$dt", length("0$dt") - 2, 2);
+$date = "$dt/$mon/$yr:$tm +0000";
+
+select(STDOUT); $|=1; $address = 0;
+alarm 5;
+while (<STDIN>) {
+ if(/^([A-Z]+)\s+([^\s]+)\s+([^\s\r\l\n]*)/) {
+ $method = $1;
+ $address = $2;
+ $httpver = $3;
+ $httpref = '';
+ $httpua = '';
+ $httpver = ($httpver =~ m#HTTP/([0-9]\.[0-9]+)#) ?
+ ($1) : (0.9);
+ $address =~ s#^http://[^/]+/#/#;
+ $0 = $execstring = "dhttpi: $method $address $httpver";
+ next unless ($httpver < 1);
+ } else {
+ s/[\r\l\n\s]+$//;
+ (/^Host:\s+(.+)/i) && ($httphost = substr($1, 0, 255))
+ && ($httphost =~ s/:\d+$//);
+ (/^Referer:\s+(.+)/i) && ($httpref = substr($1, 0, 1024));
+ (/^User-agent:\s+(.+)/i) && ($httpua = substr($1, 0, 1024));
+ (/^Content-length:\s+(\d+)/i) &&
+ ($ENV{'CONTENT_LENGTH'} = $httpcl = 0+$1);
+ (/^Content-type:\s+(.+)/i) &&
+ ($ENV{'CONTENT_TYPE'} = $httpct = substr($1, 0, 255));
+ (/^Expect:\s+/) && ($expect = 1);
+ (/^Cookie:\s+(.+)/i) &&
+ ($ENV{'HTTP_COOKIE'} = substr($1, 0, 16384));
+ (/^Authorization:\s+Basic (.+)/i) &&
+ ($httprawu = substr($1, 0, 1024));
+ (/^Range:\s+(.+)/i) &&
+ ($ENV{'CONTENT_RANGE'} = substr($1, 0, 255));
+ (/^If-Modified-Since:\s+(.+)/i) &&
+ ($modsince = $ENV{'HTTP_IF_MODIFIED_SINCE'} =
+ substr($1, 0, 255));
+ (/^Accept:\s+(.+)/i) &&
+ ($ENV{'HTTP_ACCEPT'} = substr($1, 0, 255));
+ (/^Accept-([a-zA-Z0-9]+):\s+(.+)/i) &&
+ ($ENV{'HTTP_ACCEPT_'.uc(substr($1, 0, 16))} =
+ substr($2, 0, 255));
+ (/^X-Requested-With:\s+(.+)/i) &&
+ ($ENV{'HTTP_X_REQUESTED_WITH'} = substr($1, 0, 1024));
+
+ (/^Origin:\s+(.+)/i) &&
+ ($ENV{'HTTP_ORIGIN'} = substr($1, 0, 1024));
+ (/^Upgrade:\s+(.+)/i) &&
+ ($ENV{'HTTP_UPGRADE'} = substr($1, 0, 1024));
+ (/^Sec-WebSocket-Protocol:\s+(.+)/i) &&
+ ($ENV{'WEBSOCKET_PROTOCOL'} = substr($1, 0, 1024));
+ (/^Sec-WebSocket-Version:\s+(-?\d+)/i) &&
+ ($ENV{'WEBSOCKET_VERSION'} = substr($1, 0, 8));
+ (/^Sec-WebSocket-Extensions:\s+(-?\d+)/i) &&
+ ($ENV{'WEBSOCKET_EXTENSIONS'} = substr($1, 0, 1024));
+ (/^Sec-WebSocket-Key:\s+(\S+)/i) &&
+ ($ENV{'WEBSOCKET_KEY'} = substr($1, 0, 1024));
+
+ next unless (/^$/);
+ }
+ if ($expect) {
+ &htsponse(417, "Expectation Failed");
+ &hterror("Expectation Failed",
+ "The server does not support this method.");
+ &log; exit;
+ }
+ if (!length($address) || (0+$httpver > 1 && !$httphost)) {
+ &htsponse(400, "Bad Request");
+ &hterror("Bad Request",
+ "The server cannot understand your request.");
+ &log; exit;
+ }
+ if ($method !~ /^(GET|HEAD|POST)$/) {
+ &htsponse(501, "Not Implemented");
+ &hterror("Not Implemented",
+ "Only GET, HEAD and POST are supported.");
+ &log; exit;
+ }
+
+
+ if ($ENV{'HTTP_UPGRADE'} eq 'websocket') {
+ if ($method ne "GET" || !$ENV{'WEBSOCKET_KEY'}) {
+ &htsponse(400, "Bad request");
+ &hterror("Bad request",
+ "Illegal websocket opening handshake");
+ &log; exit;
+ }
+
+ $ENV{'WEBSOCKET_ACCEPT'} =
+ sha1_base64($ENV{'WEBSOCKET_KEY'} . "258EAFA5-E914-47DA-95CA-C5AB0DC85B11") . "=";
+
+
+ }
+
+
+
+ ($address, $variables) = split(/\?/, $address);
+ $address =~ s/%([0-9a-fA-F]{2})/pack("H2", $1)/eg;
+ $address=~ s#^/?#/#;
+ 1 while $address =~ s#/\.(/|$)#\1#;
+ 1 while $address =~ s#/[^/]*/\.\.(/|$)#\1#;
+ 1 while $address =~ s#^/\.\.(/|$)#\1#;
+ $fail = 0;
+ J: foreach(sort { length $a <=> length $b }
+ keys %restrictions) {
+ next if ($address !~ /^$_/);
+ ($allowip, $denyip, $allowua, $denyua, $auser) =
+ split(/#/, $restrictions{$_});
+ if ($allowip || $denyip) {
+ ($hostname, $port, $ip) = &sock_to_host();
+ ($allowip && $ip !~ /$allowip/) && ($fail = 1,
+ last J);
+ ($denyip && $ip =~ /$denyip/) && ($fail = 1,
+ last J);
+ }
+ ($allowua && $httpua !~ /$allowua/) &&
+ ($fail = 2, last J);
+ ($denyua && $httpua =~ /$denyua/) &&
+ ($fail = 2, last J);
+ }
+ if ($fail) {
+ &htsponse(403, "Forbidden");
+ if ($fail == 1) {
+ &hterror("Forbidden (Client Disallowed)", <<"EOF");
+Your network address (<i>$ip</i>) is not allowed to access this resource.
+EOF
+ &log; exit;
+ } else {
+ &hterror("Forbidden (Browser Disallowed)", <<"EOF");
+The browser you are using (<i>$httpua</i>) is not capable of or
+is not allowed access to this resource.
+EOF
+ &log; exit;
+ }
+ }
+ if ($auser) {
+ $httprawu =~ tr#A-Za-z0-9+/##cd;
+ $httprawu =~ tr#A-Za-z0-9+/# -_#;
+ $httprawu = unpack("u", pack("c", 32+0.75*length($httprawu))
+ . $httprawu);
+ ($httpuser, $httppw) = split(/:/, $httprawu);
+ $fail = 1;
+ foreach $user (split(/,/, $auser)) {
+ ($user, $pw) = split(/:/, $user);
+ ($fail = 0, last) if ($user eq $httpuser &&
+ crypt($httppw, substr($pw, 0, 2)) eq $pw);
+ }
+ if ($fail) {
+ $httpuser = '';
+ &htsponse(401, "Authorization Required");
+ &hthead("WWW-Authenticate: Basic realm=\"$address\"");
+ &hterror("Authorization Required", <<"EOF");
+You must provide a username and password to use this resource. Either you
+entered this information incorrectly, or your browser does not know how to
+present the credentials required.
+EOF
+ &log; exit;
+ }
+ }
+
+ alarm 0;
+
+
+
+
+ $raddress = "$path$address"
+ ;
+ 1 while ($raddress =~ s#//#/#);
+ &hterror301("http://$server_host:$server_port$address/")
+ if ($address !~ m#/$# && -d $raddress);
+ $raddress = (-r "${raddress}index.shtml") ?
+ "${raddress}index.shtml" : "${raddress}index.html"
+ if (-d $raddress);
+ IRED: ($hostname, $port, $ip) = &sock_to_host();
+ if(!sysopen(S, $raddress, 0)) { &hterror404; } else {
+ if ((-x $raddress)
+ ) {
+ $currentcode = 100; &nsecmodel;
+ $ENV{'REQUEST_METHOD'} = $method;
+ $ENV{'SERVER_NAME'} = $server_host;
+ $ENV{'SERVER_PROTOCOL'} = "HTTP/$httpver";
+ $ENV{'SERVER_SOFTWARE'} = "HTTPi/$VERSION";
+ $ENV{'SERVER_PORT'} = "$server_port";
+ $ENV{'SERVER_URL'} = "http://$server_host:$server_port/";
+ $ENV{'SCRIPT_FILENAME'} = $raddress;
+ $ENV{'SCRIPT_NAME'} = $address;
+ $ENV{'REMOTE_HOST'} = $hostname;
+ $ENV{'REMOTE_ADDR'} = $ip;
+ $ENV{'REMOTE_PORT'} = $port;
+ $ENV{'QUERY_STRING'} = $variables;
+ $ENV{'HTTP_USER_AGENT'} = $httpua;
+ $ENV{'HTTP_REFERER'} = $httpref;
+ undef $pid;
+ if ($pid = fork()) { kill 15, $$; exit; }
+ elsif (!defined($pid)) {
+ die
+ "temporary(?) fork error, please retry request: $!\n";
+ } else {
+ require $raddress;
+ exit;
+ }
+ }
+ ($x,$x,$x,$x,$x,$x,$x,$length,$x,$mtime) = stat(S);
+ $ctype = 0;
+ foreach(keys %content_types) {
+ if ($raddress =~ /\.$_$/i) {
+ $ctype = $content_types{$_};
+ }
+ }
+ $mtime = &rfctime($mtime);
+SERVEIT:
+ if ($mtime eq $modsince) {
+ &htsponse(304, "Not Modified");
+ &hthead("Last-Modified: $mtime", 1);
+ &log; exit;
+ }
+ $ctype ||= 'text/plain';
+ if ($pid = fork()) { kill 15, $$; exit; }
+ $contentlength ||= $length;
+ &htsponse(200, "OK");
+ &hthead("Last-Modified: $mtime");
+ &htcontent("", $ctype, $length);
+ &nsecmodel;
+ $bytecount = 0;
+ unless ($method eq 'HEAD') {
+ while(!eof(S)) {
+ read(S, $q, 32768);
+ print STDOUT $q;
+ $bytecount += 32768;
+ $0 = $execstring .
+ " ($bytecount bytes sent)";
+ }
+ }
+ alarm 0;
+ }
+ exit;
+}
+
+exit;
+}
+
+
+sub nsecmodel {
+ &log;
+ ($x,$x,$x,$x,$uid,$gid) = stat(S);
+ (!$uid || !$gid || $uid < 2 ) &&
+ die "resource is root-owned, secured or not stat-able\n";
+ if (!$<) {
+ ($) = "$gid $gid") || die "can't set egid to $gid";
+ ($> = $uid) || die "can't set euid to $uid";
+ ($( = "$gid $gid") || die "can't set rgid to $gid";
+ ($< = $uid) || die "can't set ruid to $uid";
+ }
+}
+
+sub rfctime {
+ my $mtime = shift;
+ $mtime = (scalar gmtime $mtime) if (!(shift));
+ my ($dow, $mon, $dt, $tm, $yr) =
+ ($mtime =~ m/(...) (...) (..) (..:..:..) (....)/);
+ $dt += 0; $yr += 0;
+ return "$dow, $dt $mon $yr $tm GMT";
+}
+
+sub hterror {
+ my($errstr, @expl) = (@_);
+ &htcontent(<<"EOF", "text/html");
+<html>
+<body>
+<h1>$errstr</h1>
+@expl
+<hr>
+<address><a href = "http://httpi.floodgap.com/">httpi/$VERSION</a>
+by Cameron Kaiser</address>
+</body>
+</html>
+EOF
+ }
+
+sub hterror404 {
+ &htsponse(404, "Not Found");
+ &hterror("Not Found",
+ "The resource <tt>$address</tt> was not found on this system.");
+ &log; exit;
+}
+
+sub hterror301 {
+ &htsponse(301, "Moved Permanently");
+ &hthead("Location: @_");
+ &hterror("Resource Moved Permanently",
+ "This resource has moved <a href = \"@_\">here</a>.");
+ &log; exit;
+}
+
+
+$0 = "dhttpi: on ANY:$server_port, ready!";
+$master_pid = $$;
+for (;;) {
+ if ($secondary_pid = fork()) {
+ waitpid($secondary_pid, 0);
+ $0 = "dhttpi: on ANY:$server_port, last request " .
+ scalar localtime;
+ } else {
+ $0 = "dhttpi (child of $master_pid): waiting for connect";
+ $addr=accept(NS,S);
+ open(STDIN, "<&NS");
+ open(STDOUT, ">&NS");
+ &defaultsignals;
+ &master;
+ exit;
+ }
+}
jspc29 / labtools.git / commitdiff
