1 /* ====================================================================
2  * The Apache Software License, Version 1.1
3  *
4  * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
5  * reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  *
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in
16  *    the documentation and/or other materials provided with the
17  *    distribution.
18  *
19  * 3. The end-user documentation included with the redistribution,
20  *    if any, must include the following acknowledgment:
21  *       "This product includes software developed by the
22  *        Apache Software Foundation (http://www.apache.org/)."
23  *    Alternately, this acknowledgment may appear in the software itself,
24  *    if and wherever such third-party acknowledgments normally appear.
25  *
26  * 4. The names "Apache" and "Apache Software Foundation" must
27  *    not be used to endorse or promote products derived from this
28  *    software without prior written permission. For written
29  *    permission, please contact apache@apache.org.
30  *
31  * 5. Products derived from this software may not be called "Apache",
32  *    nor may "Apache" appear in their name, without prior written
33  *    permission of the Apache Software Foundation.
34  *
35  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38  * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46  * SUCH DAMAGE.
47  * ====================================================================
48  *
49  * This software consists of voluntary contributions made by many
50  * individuals on behalf of the Apache Software Foundation.  For more
51  * information on the Apache Software Foundation, please see
52  * <http://www.apache.org/>.
53  *
54  * Portions of this software are based upon public domain software
55  * originally written at the National Center for Supercomputing Applications,
56  * University of Illinois, Urbana-Champaign.
57  */
58 
59 /*
60  * mod_dir.c: handle default index files, and trailing-/ redirects
61  */
62 
63 #include "httpd.h"
64 #include "http_config.h"
65 #include "http_core.h"
66 #include "http_request.h"
67 #include "http_protocol.h"
68 #include "http_log.h"
69 #include "http_main.h"
70 #include "util_script.h"
71 
72 __RCSID("$MirOS: src/usr.sbin/httpd/src/modules/standard/mod_dir.c,v 1.5 2007/07/03 07:19:18 tg Exp $");
73 
74 module MODULE_VAR_EXPORT dir_module;
75 
76 typedef struct dir_config_struct {
77     array_header *index_names;
78 } dir_config_rec;
79 
80 #define DIR_CMD_PERMS OR_INDEXES
81 
add_index(cmd_parms * cmd,void * dummy,char * arg)82 static const char *add_index(cmd_parms *cmd, void *dummy, char *arg)
83 {
84     dir_config_rec *d = dummy;
85 
86     if (!d->index_names) {
87 	d->index_names = ap_make_array(cmd->pool, 2, sizeof(char *));
88     }
89     *(char **)ap_push_array(d->index_names) = arg;
90     return NULL;
91 }
92 
93 static const command_rec dir_cmds[] =
94 {
95     {"DirectoryIndex", add_index, NULL,
96      DIR_CMD_PERMS, ITERATE,
97      "a list of file names"},
98     {NULL}
99 };
100 
create_dir_config(pool * p,char * dummy)101 static void *create_dir_config(pool *p, char *dummy)
102 {
103     dir_config_rec *new =
104     (dir_config_rec *) ap_pcalloc(p, sizeof(dir_config_rec));
105 
106     new->index_names = NULL;
107     return (void *) new;
108 }
109 
merge_dir_configs(pool * p,void * basev,void * addv)110 static void *merge_dir_configs(pool *p, void *basev, void *addv)
111 {
112     dir_config_rec *new = (dir_config_rec *) ap_pcalloc(p, sizeof(dir_config_rec));
113     dir_config_rec *base = (dir_config_rec *) basev;
114     dir_config_rec *add = (dir_config_rec *) addv;
115 
116     new->index_names = add->index_names ? add->index_names : base->index_names;
117     return new;
118 }
119 
handle_dir(request_rec * r)120 static int handle_dir(request_rec *r)
121 {
122     dir_config_rec *d =
123     (dir_config_rec *) ap_get_module_config(r->per_dir_config,
124                                          &dir_module);
125     char *dummy_ptr[1];
126     char **names_ptr;
127     int num_names;
128     int error_notfound = 0;
129 
130     if (r->uri[strlen(r->uri) - 1] != '/') {
131 	const char *xuri, *xargs;
132 
133 	xuri = ap_escape_html(r->pool, r->uri);
134 	if (r->args) {
135 		xargs = ap_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
136 		    "/?", r->args, NULL);
137 		r->mtime = 0;	/* dynamic, never cache this */
138 	} else {
139 		xargs = ap_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
140 		    "/", NULL);
141 		r->mtime = 1;	/* static, always cache this */
142 	}
143 	r->content_type = "text/html";
144 	ap_send_http_header(r);
145 	ap_rvputs(r, "<html><head><title>404: ", xuri, " is a directory"
146 	    "</title></head>\n<body>\n"
147 	    "<h1>404 Is A Directory</h1>\n<p>The file you have requested"
148 	    " was not found. Additionally, a directory with the same name"
149 	    " was found. If you want to retrieve the contents of that"
150 	    " directory, please add a trailing slash to your request URI."
151 	    "<br />Do not forget to update your bookmarks!</p>\n<p>The failed"
152 	    " path was: <tt>", xuri, "</tt></p><p>Use the following hypertext"
153 	    " reference to go to <a href=\"", xargs, "\">", xuri, "/</a>"
154 	    "<br />and do not forget to update your bookmarks and future"
155 	    " behaviour!</p>\n", ap_psignature("<hr />", r),
156 	    "</body></html>\n", NULL);
157 	ap_kill_timeout(r);
158 	ap_finalize_request_protocol(r);
159 	ap_rflush(r);
160 	return 0; /*HTTP_NOT_FOUND;*/
161     } else if (r->uri[0] == '\0') {
162         char *ifile;
163         if (r->args != NULL)
164             ifile = ap_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
165                             "/", "?", r->args, NULL);
166         else
167             ifile = ap_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
168                             "/", NULL);
169 
170         ap_table_setn(r->headers_out, "Location",
171                   ap_construct_url(r->pool, ifile, r));
172         return HTTP_MOVED_PERMANENTLY;
173     }
174 
175     /* KLUDGE --- make the sub_req lookups happen in the right directory.
176      * Fixing this in the sub_req_lookup functions themselves is difficult,
177      * and would probably break virtual includes...
178      */
179 
180     if (r->filename[strlen(r->filename) - 1] != '/') {
181         r->filename = ap_pstrcat(r->pool, r->filename, "/", NULL);
182     }
183 
184     if (d->index_names) {
185 	names_ptr = (char **)d->index_names->elts;
186 	num_names = d->index_names->nelts;
187     }
188     else {
189 	dummy_ptr[0] = DEFAULT_INDEX;
190 	names_ptr = dummy_ptr;
191 	num_names = 1;
192     }
193 
194     for (; num_names; ++names_ptr, --num_names) {
195         char *name_ptr = *names_ptr;
196         request_rec *rr = ap_sub_req_lookup_uri(name_ptr, r);
197 
198         if (rr->status == HTTP_OK && S_ISREG(rr->finfo.st_mode)) {
199             char *new_uri = ap_escape_uri(r->pool, rr->uri);
200 
201             if (rr->args != NULL)
202                 new_uri = ap_pstrcat(r->pool, new_uri, "?", rr->args, NULL);
203             else if (r->args != NULL)
204                 new_uri = ap_pstrcat(r->pool, new_uri, "?", r->args, NULL);
205 
206             ap_destroy_sub_req(rr);
207             ap_internal_redirect(new_uri, r);
208             return OK;
209         }
210 
211         /* If the request returned a redirect, propagate it to the client */
212 
213         if (ap_is_HTTP_REDIRECT(rr->status) ||
214             (rr->status == HTTP_NOT_ACCEPTABLE && num_names == 1) ||
215             (rr->status == HTTP_UNAUTHORIZED && num_names == 1)) {
216 
217             ap_pool_join(r->pool, rr->pool);
218             error_notfound = rr->status;
219             r->notes = ap_overlay_tables(r->pool, r->notes, rr->notes);
220             r->headers_out = ap_overlay_tables(r->pool, r->headers_out,
221                                             rr->headers_out);
222             r->err_headers_out = ap_overlay_tables(r->pool, r->err_headers_out,
223                                                 rr->err_headers_out);
224             return error_notfound;
225         }
226 
227         /* If the request returned something other than 404 (or 200),
228          * it means the module encountered some sort of problem. To be
229          * secure, we should return the error, rather than create
230          * along a (possibly unsafe) directory index.
231          *
232          * So we store the error, and if none of the listed files
233          * exist, we return the last error response we got, instead
234          * of a directory listing.
235          */
236         if (rr->status && rr->status != HTTP_NOT_FOUND && rr->status != HTTP_OK)
237             error_notfound = rr->status;
238 
239         ap_destroy_sub_req(rr);
240     }
241 
242     if (error_notfound)
243         return error_notfound;
244 
245     if (r->method_number != M_GET)
246         return DECLINED;
247 
248     /* nothing for us to do, pass on through */
249 
250     return DECLINED;
251 }
252 
253 
254 static const handler_rec dir_handlers[] =
255 {
256     {DIR_MAGIC_TYPE, handle_dir},
257     {NULL}
258 };
259 
260 module MODULE_VAR_EXPORT dir_module =
261 {
262     STANDARD_MODULE_STUFF,
263     NULL,                       /* initializer */
264     create_dir_config,          /* dir config creater */
265     merge_dir_configs,          /* dir merger --- default is to override */
266     NULL,                       /* server config */
267     NULL,                       /* merge server config */
268     dir_cmds,                   /* command table */
269     dir_handlers,               /* handlers */
270     NULL,                       /* filename translation */
271     NULL,                       /* check_user_id */
272     NULL,                       /* check auth */
273     NULL,                       /* check access */
274     NULL,                       /* type_checker */
275     NULL,                       /* fixups */
276     NULL,                       /* logger */
277     NULL,                       /* header parser */
278     NULL,                       /* child_init */
279     NULL,                       /* child_exit */
280     NULL                        /* post read-request */
281 };
282