X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fcontext_loop.c;h=66261da1d0517334e8149147dacf73c98cc0ee7b;hb=a3ba94ad306d781296c53012f732f3a910015263;hp=b728b268bb9423b7288c463037d3996a42d9a464;hpb=fa1d6a0b8bfbad090a3e5f7f5808524e1db2ace5;p=citadel.git diff --git a/webcit/context_loop.c b/webcit/context_loop.c index b728b268b..66261da1d 100644 --- a/webcit/context_loop.c +++ b/webcit/context_loop.c @@ -177,10 +177,11 @@ wcsession *FindSession(wcsession **wclist, ParsedHttpHdrs *Hdr, pthread_mutex_t return TheSession; } -wcsession *CreateSession(int Lockable, wcsession **wclist, ParsedHttpHdrs *Hdr, pthread_mutex_t *ListMutex) +wcsession *CreateSession(int Lockable, int Static, wcsession **wclist, ParsedHttpHdrs *Hdr, pthread_mutex_t *ListMutex) { wcsession *TheSession; - lprintf(3, "Creating a new session\n"); + if (!Static) + lprintf(3, "Creating a new session\n"); TheSession = (wcsession *) malloc(sizeof(wcsession)); memset(TheSession, 0, sizeof(wcsession)); TheSession->Hdr = Hdr; @@ -203,7 +204,7 @@ wcsession *CreateSession(int Lockable, wcsession **wclist, ParsedHttpHdrs *Hdr, else { TheSession->wc_session = Hdr->HR.desired_session; } - + Hdr->HR.Static = Static; session_new_modules(TheSession); if (Lockable) { @@ -248,7 +249,7 @@ void do_404(void) { hprintf("HTTP/1.1 404 Not found\r\n"); hprintf("Content-Type: text/plain\r\n"); - wprintf("Not found\r\n"); + wc_printf("Not found\r\n"); end_burst(); } @@ -411,9 +412,10 @@ int ReadHTTPRequest (ParsedHttpHdrs *Hdr) StrBufExtract_token(HeaderName, Line, 0, ':'); pchs = ChrPtr(Line); + pche = pchs + StrLength(Line); pch = pchs + StrLength(HeaderName) + 1; pche = pchs + StrLength(Line); - while (isspace(*pch) && (pch < pche)) + while ((pch < pche) && isspace(*pch)) pch ++; StrBufCutLeft(Line, pch - pchs); @@ -477,6 +479,7 @@ void context_loop(ParsedHttpHdrs *Hdr) */ isbogus = ReadHTTPRequest(Hdr); + Hdr->HR.dav_depth = 32767; /* TODO: find a general way to have non-0 defaults */ if (!isbogus) isbogus = AnalyseHeaders(Hdr); @@ -486,7 +489,7 @@ void context_loop(ParsedHttpHdrs *Hdr) { wcsession *Bogus; - Bogus = CreateSession(0, NULL, Hdr, NULL); + Bogus = CreateSession(0, 1, NULL, Hdr, NULL); do_404(); @@ -504,7 +507,7 @@ void context_loop(ParsedHttpHdrs *Hdr) if ((Hdr->HR.Handler != NULL) && ((Hdr->HR.Handler->Flags & ISSTATIC) != 0)) { wcsession *Static; - Static = CreateSession(0, NULL, Hdr, NULL); + Static = CreateSession(0, 1, NULL, Hdr, NULL); Hdr->HR.Handler->F(); @@ -539,7 +542,7 @@ void context_loop(ParsedHttpHdrs *Hdr) * Create a new session if we have to */ if (TheSession == NULL) { - TheSession = CreateSession(1, &SessionList, Hdr, &SessionListMutex); + TheSession = CreateSession(1, 0, &SessionList, Hdr, &SessionListMutex); if ((StrLength(Hdr->c_username) == 0) && (!Hdr->HR.DontNeedAuth)) { @@ -612,11 +615,6 @@ void tmplput_current_user(StrBuf *Target, WCTemplputParams *TP) StrBufAppendTemplate(Target, TP, WC->wc_fullname, 0); } -void tmplput_current_room(StrBuf *Target, WCTemplputParams *TP) -{ - StrBufAppendTemplate(Target, TP, WC->wc_roomname, 0); -} - void Header_HandleContentLength(StrBuf *Line, ParsedHttpHdrs *hdr) { hdr->HR.ContentLength = StrToi(Line); @@ -764,27 +762,27 @@ InitModule_CONTEXT RegisterHeaderHandler(HKEY("CONTENT-LENGTH"), Header_HandleContentLength); RegisterHeaderHandler(HKEY("CONTENT-TYPE"), Header_HandleContentType); RegisterHeaderHandler(HKEY("USER-AGENT"), Header_HandleUserAgent); - RegisterHeaderHandler(HKEY("X-FORWARDED-HOST"), Header_HandleXFFHost); + RegisterHeaderHandler(HKEY("X-FORWARDED-HOST"), Header_HandleXFFHost); /* Apache way... */ + RegisterHeaderHandler(HKEY("X-REAL-IP"), Header_HandleXFFHost); /* NGinX way... */ RegisterHeaderHandler(HKEY("HOST"), Header_HandleHost); RegisterHeaderHandler(HKEY("X-FORWARDED-FOR"), Header_HandleXFF); RegisterHeaderHandler(HKEY("ACCEPT-ENCODING"), Header_HandleAcceptEncoding); RegisterHeaderHandler(HKEY("IF-MODIFIED-SINCE"), Header_HandleIfModSince); - RegisterNamespace("CURRENT_USER", 0, 1, tmplput_current_user, CTX_NONE); - RegisterNamespace("CURRENT_ROOM", 0, 1, tmplput_current_room, CTX_NONE); - RegisterNamespace("NONCE", 0, 0, tmplput_nonce, 0); + RegisterNamespace("CURRENT_USER", 0, 1, tmplput_current_user, NULL, CTX_NONE); + RegisterNamespace("NONCE", 0, 0, tmplput_nonce, NULL, 0); - WebcitAddUrlHandler(HKEY("404"), do_404, ANONYMOUS|COOKIEUNNEEDED); + WebcitAddUrlHandler(HKEY("404"), "", 0, do_404, ANONYMOUS|COOKIEUNNEEDED); /* * Look for commonly-found probes of malware such as worms, viruses, trojans, and Microsoft Office. * Short-circuit these requests so we don't have to send them through the full processing loop. */ - WebcitAddUrlHandler(HKEY("scripts"), do_404, ANONYMOUS|BOGUS); /* /root.exe - Worms and trojans and viruses, oh my! */ - WebcitAddUrlHandler(HKEY("c"), do_404, ANONYMOUS|BOGUS); /* /winnt */ - WebcitAddUrlHandler(HKEY("MSADC"), do_404, ANONYMOUS|BOGUS); - WebcitAddUrlHandler(HKEY("_vti"), do_404, ANONYMOUS|BOGUS); /* Broken Microsoft DAV implementation */ - WebcitAddUrlHandler(HKEY("MSOffice"), do_404, ANONYMOUS|BOGUS); /* Stoopid MSOffice thinks everyone is IIS */ - WebcitAddUrlHandler(HKEY("nonexistenshit"), do_404, ANONYMOUS|BOGUS); /* Exploit found in the wild January 2009 */ + WebcitAddUrlHandler(HKEY("scripts"), "", 0, do_404, ANONYMOUS|BOGUS); /* /root.exe - Worms and trojans and viruses, oh my! */ + WebcitAddUrlHandler(HKEY("c"), "", 0, do_404, ANONYMOUS|BOGUS); /* /winnt */ + WebcitAddUrlHandler(HKEY("MSADC"), "", 0, do_404, ANONYMOUS|BOGUS); + WebcitAddUrlHandler(HKEY("_vti"), "", 0, do_404, ANONYMOUS|BOGUS); /* Broken Microsoft DAV implementation */ + WebcitAddUrlHandler(HKEY("MSOffice"), "", 0, do_404, ANONYMOUS|BOGUS); /* Stoopid MSOffice thinks everyone is IIS */ + WebcitAddUrlHandler(HKEY("nonexistenshit"), "", 0, do_404, ANONYMOUS|BOGUS); /* Exploit found in the wild January 2009 */ }