From f66a0169fc5b836a733c8cf241807523a011aba0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Wilfried=20G=C3=B6esgens?= <willi@citadel.org>
Date: Thu, 21 May 2009 20:11:29 +0000
Subject: [PATCH] * streamline gettext plugin * handle bogus requests directly
 via the 404 handler; move it to context_loop * handle static content without
 session locking

---
 webcit/context_loop.c | 123 +++++++++++++++++++++++++++---------------
 webcit/gettext.c      |   9 ++--
 webcit/wc_gettext.h   |   1 -
 webcit/webcit.c       |  13 +----
 4 files changed, 85 insertions(+), 61 deletions(-)

diff --git a/webcit/context_loop.c b/webcit/context_loop.c
index 50334cea8..93e7a5f82 100644
--- a/webcit/context_loop.c
+++ b/webcit/context_loop.c
@@ -195,40 +195,15 @@ int is_mobile_ua(char *user_agent) {
       return 0;
 }
 
-
-
-/*
- * Look for commonly-found probes of malware such as worms, viruses, trojans, and Microsoft Office.
- * Short-circuit these requests so we don't have to send them through the full processing loop.
- */
-int is_bogus(StrBuf *http_cmd) {////TODO!
-	const char *url;
-	int i, max;
-	const char *bogus_prefixes[] = {
-		"/scripts/root.exe",	/* Worms and trojans and viruses, oh my! */
-		"/c/winnt",
-		"/MSADC/",
-		"/_vti",		/* Broken Microsoft DAV implementation */
-		"/MSOffice",		/* Stoopid MSOffice thinks everyone is IIS */
-		"/nonexistenshit"	/* Exploit found in the wild January 2009 */
-	};
-
-	url = ChrPtr(http_cmd);
-	if (IsEmptyStr(url)) return(1);
-	++url;
-
-	max = sizeof(bogus_prefixes) / sizeof(char *);
-
-	for (i=0; i<max; ++i) {
-		if (!strncasecmp(url, bogus_prefixes[i], strlen(bogus_prefixes[i]))) {
-			return(2);
-		}
-	}
-
-	return(0);	/* probably ok */
+/* If it's a "force 404" situation then display the error and bail. */
+void do_404(void)
+{
+	hprintf("HTTP/1.1 404 Not found\r\n");
+	hprintf("Content-Type: text/plain\r\n");
+	wprintf("Not found\r\n");
+	end_burst();
 }
 
-
 int ReadHttpSubject(ParsedHttpHdrs *Hdr, StrBuf *Line, StrBuf *Buf)
 {
 	const char *Args;
@@ -253,8 +228,8 @@ int ReadHttpSubject(ParsedHttpHdrs *Hdr, StrBuf *Line, StrBuf *Buf)
 	/* the HTTP Version... */
 	StrBufExtract_token(Buf, Hdr->ReqLine, 1, ' ');
 	StrBufCutRight(Hdr->ReqLine, StrLength(Buf) + 1);
-	if ((StrLength(Buf) == 0) ||
-	    is_bogus(Hdr->ReqLine)) {
+	
+	if (StrLength(Buf) == 0) {
 		Hdr->eReqType = eGET;
 		return 1;
 	}
@@ -288,8 +263,9 @@ int ReadHttpSubject(ParsedHttpHdrs *Hdr, StrBuf *Line, StrBuf *Buf)
 		 * allows a front end web server to forward all /webcit requests to us
 		 * while still using the same web server port for other things.
 		 */
-		if ((Hdr->Handler->Flags & URLNAMESPACE) == 0)
-			break;
+		if ((Hdr->Handler->Flags & URLNAMESPACE) != 0)
+			continue;
+		break;
 	} while (1);
 	/* remove the handlername from the URL */
 	if (Pos != NULL) {
@@ -442,12 +418,64 @@ void context_loop(int *sock)
 	if (!isbogus)
 		isbogus = AnalyseHeaders(&Hdr);
 
+	if ((isbogus) ||
+	    ((Hdr.Handler != NULL) &&
+	     ((Hdr.Handler->Flags & BOGUS) != 0)))
+	{
+		wcsession *Bogus;
+		Bogus = (wcsession *)
+			malloc(sizeof(wcsession));
+		memset(Bogus, 0, sizeof(wcsession));
+		pthread_setspecific(MyConKey, (void *)Bogus);
+		Bogus->Hdr = &Hdr;
+		Bogus->WBuf = NewStrBuf();
+		Bogus->HBuf = NewStrBuf();
+		session_new_modules(Bogus);
+		do_404();
+		session_detach_modules(Bogus);
+		http_destroy_modules(&Hdr);
+		session_destroy_modules(&Bogus);
+		return;
+	}
+
+	if ((Hdr.Handler != NULL) && 
+	    ((Hdr.Handler->Flags & ISSTATIC) != 0))
+	{
+		wcsession *Static;
+
+		Static = (wcsession *)
+			malloc(sizeof(wcsession));
+		memset(Static, 0, sizeof(wcsession));
+		pthread_setspecific(MyConKey, (void *)Static);
+		Static->Hdr = &Hdr;
+		Static->WBuf = NewStrBuf();
+		Static->HBuf = NewStrBuf();
+		Static->serv_sock = (-1);
+		Static->chat_sock = (-1);
+		Static->is_mobile = -1;
+		session_new_modules(Static);
+		
+		Hdr.Handler->F();
+
+		/* How long did this transaction take? */
+		gettimeofday(&tx_finish, NULL);
+		
+		lprintf(9, "Transaction [%s] completed in %ld.%06ld seconds.\n",
+			ChrPtr(Hdr.this_page),
+			((tx_finish.tv_sec*1000000 + tx_finish.tv_usec) - (tx_start.tv_sec*1000000 + tx_start.tv_usec)) / 1000000,
+			((tx_finish.tv_sec*1000000 + tx_finish.tv_usec) - (tx_start.tv_sec*1000000 + tx_start.tv_usec)) % 1000000
+			);
+
+		session_detach_modules(Static);
+		http_destroy_modules(&Hdr);
+		session_destroy_modules(&Static);
+		return;
+	}
+
 	if (Hdr.got_auth == AUTH_BASIC) 
 		CheckAuthBasic(&Hdr);
 
 /*
-	if (isbogus)
-		StrBufPlain(ReqLine, HKEY("/404"));
 TODO    HKEY("/static/nocookies.html?force_close_session=yes"));
 */
 
@@ -738,7 +766,8 @@ void RegisterHeaderHandler(const char *Name, long Len, Header_Evaluator F)
 	pHdr->H = F;
 	Put(HttpHeaderHandler, Name, Len, pHdr, DestroyHttpHeaderHandler);
 }
-extern void blank_page(void); ///TODO: remove me
+
+
 void 
 InitModule_CONTEXT
 (void)
@@ -756,11 +785,17 @@ InitModule_CONTEXT
 	RegisterNamespace("CURRENT_ROOM", 0, 1, tmplput_current_room, CTX_NONE);
 	RegisterNamespace("NONCE", 0, 0, tmplput_nonce, 0);
 
-
-
-	WebcitAddUrlHandler(HKEY("blank"), blank_page, ANONYMOUS|BOGUS);
-
-	WebcitAddUrlHandler(HKEY("webcit"), blank_page, URLNAMESPACE);
+	WebcitAddUrlHandler(HKEY("404"), do_404, ANONYMOUS|COOKIEUNNEEDED);
+/*
+ * Look for commonly-found probes of malware such as worms, viruses, trojans, and Microsoft Office.
+ * Short-circuit these requests so we don't have to send them through the full processing loop.
+ */
+	WebcitAddUrlHandler(HKEY("scripts"), do_404, ANONYMOUS|BOGUS); /* /root.exe	/* Worms and trojans and viruses, oh my! */
+	WebcitAddUrlHandler(HKEY("c"), do_404, ANONYMOUS|BOGUS);        /* /winnt */
+	WebcitAddUrlHandler(HKEY("MSADC"), do_404, ANONYMOUS|BOGUS);
+	WebcitAddUrlHandler(HKEY("_vti"), do_404, ANONYMOUS|BOGUS);		/* Broken Microsoft DAV implementation */
+	WebcitAddUrlHandler(HKEY("MSOffice"), do_404, ANONYMOUS|BOGUS);		/* Stoopid MSOffice thinks everyone is IIS */
+	WebcitAddUrlHandler(HKEY("nonexistenshit"), do_404, ANONYMOUS|BOGUS);	/* Exploit found in the wild January 2009 */
 }
 	
 
diff --git a/webcit/gettext.c b/webcit/gettext.c
index 209162e80..501132188 100644
--- a/webcit/gettext.c
+++ b/webcit/gettext.c
@@ -47,7 +47,7 @@ typedef struct _lang_pref{
  * \param LocaleString the string from the browser http headers
  */
 
-void httplang_to_locale(StrBuf *LocaleString)
+void httplang_to_locale(StrBuf *LocaleString, wcsession *sess)
 {
 	LangStruct wanted_locales[SEARCH_LANG];
 	LangStruct *ls;
@@ -152,7 +152,7 @@ void httplang_to_locale(StrBuf *LocaleString)
 		/** fall back to C */
 		nBest=0;
 	}
-	WC->selected_language=nBest;
+	sess->selected_language=nBest;
 	lprintf(9, "language found: %s\n", AvailLangLoaded[WC->selected_language]);
 	FreeStrBuf(&Buf);
 	FreeStrBuf(&SBuf);
@@ -397,10 +397,11 @@ SessionNewModule_GETTEXT
 #ifdef ENABLE_NLS
 	void *vLine;
 	////TODO: make me a header getter
-	if (GetHash(WC->Hdr->HTTPHeaders, HKEY("ACCEPT-LANGUAGE"), &vLine) && 
+	if ((sess->Hdr->HTTPHeaders!= NULL) &&
+	    GetHash(sess->Hdr->HTTPHeaders, HKEY("ACCEPT-LANGUAGE"), &vLine) && 
 	    (vLine != NULL)) {
 		StrBuf *accept_language = (StrBuf*) vLine;
-		httplang_to_locale(accept_language);
+		httplang_to_locale(accept_language, sess);
 	}
 #endif
 }
diff --git a/webcit/wc_gettext.h b/webcit/wc_gettext.h
index e1f427965..dc05f0e16 100644
--- a/webcit/wc_gettext.h
+++ b/webcit/wc_gettext.h
@@ -15,4 +15,3 @@ void offer_languages(StrBuf *Target, int nArgs, WCTemplateToken *Token, void *Co
 void set_selected_language(const char *);
 void go_selected_language(void);
 void stop_selected_language(void);
-void httplang_to_locale(StrBuf *LocaleString);
diff --git a/webcit/webcit.c b/webcit/webcit.c
index 5629c9ec1..7531ac49e 100644
--- a/webcit/webcit.c
+++ b/webcit/webcit.c
@@ -400,14 +400,6 @@ void end_ajax_response(void) {
         wDumpContent(0);
 }
 
-	/* If it's a "force 404" situation then display the error and bail. */
-void do_404(void)
-{
-	hprintf("HTTP/1.1 404 Not found\r\n");
-	hprintf("Content-Type: text/plain\r\n");
-	wprintf("Not found\r\n");
-	end_burst();
-}
 
 
 /*
@@ -755,14 +747,11 @@ InitModule_WEBCIT
 (void)
 {
 	char dir[SIZ];
-	WebcitAddUrlHandler(HKEY("404"), do_404, ANONYMOUS|COOKIEUNNEEDED);
 	WebcitAddUrlHandler(HKEY("blank"), blank_page, ANONYMOUS|COOKIEUNNEEDED|ISSTATIC);
-
-
-	WebcitAddUrlHandler(HKEY("blank"), blank_page, ANONYMOUS);
 	WebcitAddUrlHandler(HKEY("do_template"), url_do_template, ANONYMOUS);
 	WebcitAddUrlHandler(HKEY("sslg"), seconds_since_last_gexp, AJAX|LOGCHATTY);
 	WebcitAddUrlHandler(HKEY("ajax_servcmd"), ajax_servcmd, 0);
+	WebcitAddUrlHandler(HKEY("webcit"), blank_page, URLNAMESPACE);
 
 	RegisterConditional(HKEY("COND:IMPMSG"), 0, ConditionalImportantMesage, CTX_NONE);
 	RegisterNamespace("CSSLOCAL", 0, 0, tmplput_csslocal, CTX_NONE);
-- 
2.30.2