]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
75bd9771 | 2 | * "$Id: var.c 7460 2008-04-16 02:19:54Z mike $" |
ef416fc2 | 3 | * |
f8b3a85b | 4 | * CGI form variable and array functions for CUPS. |
ef416fc2 | 5 | * |
f8b3a85b | 6 | * Copyright 2007-2010 by Apple Inc. |
ef416fc2 | 7 | * Copyright 1997-2005 by Easy Software Products. |
8 | * | |
9 | * These coded instructions, statements, and computer programs are the | |
bc44d920 | 10 | * property of Apple Inc. and are protected by Federal copyright |
11 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
12 | * which should have been included with this file. If this file is | |
13 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
ef416fc2 | 14 | * |
15 | * Contents: | |
16 | * | |
f8b3a85b MS |
17 | * cgiCheckVariables() - Check for the presence of "required" |
18 | * variables. | |
ef55b745 | 19 | * cgiClearVariables() - Clear all form variables. |
f8b3a85b MS |
20 | * cgiGetArray() - Get an element from a form array. |
21 | * cgiGetCookie() - Get a cookie value. | |
22 | * cgiGetFile() - Get the file (if any) that was submitted in | |
23 | * the form. | |
ef416fc2 | 24 | * cgiGetSize() - Get the size of a form array value. |
f8b3a85b MS |
25 | * cgiGetVariable() - Get a CGI variable from the database. |
26 | * cgiInitialize() - Initialize the CGI variable "database". | |
ef416fc2 | 27 | * cgiIsPOST() - Determine whether this page was POSTed. |
28 | * cgiSetArray() - Set array element N to the specified string. | |
f8b3a85b | 29 | * cgiSetCookie() - Set a cookie value. |
ef416fc2 | 30 | * cgiSetSize() - Set the array size. |
f8b3a85b | 31 | * cgiSetVariable() - Set a CGI variable in the database. |
ef416fc2 | 32 | * cgi_add_variable() - Add a form variable. |
33 | * cgi_compare_variables() - Compare two variables. | |
f8b3a85b MS |
34 | * cgi_find_variable() - Find a variable. |
35 | * cgi_initialize_cookies() - Initialize cookies. | |
36 | * cgi_initialize_get() - Initialize form variables using the GET | |
37 | * method. | |
38 | * cgi_initialize_multipart() - Initialize variables and file using the POST | |
39 | * method. | |
ef416fc2 | 40 | * cgi_initialize_post() - Initialize variables using the POST method. |
41 | * cgi_initialize_string() - Initialize form variables from a string. | |
f8b3a85b MS |
42 | * cgi_passwd() - Catch authentication requests and notify the |
43 | * server. | |
44 | * cgi_set_sid() - Set the CUPS session ID. | |
ef416fc2 | 45 | * cgi_sort_variables() - Sort all form variables for faster lookup. |
46 | * cgi_unlink_file() - Remove the uploaded form. | |
47 | */ | |
48 | ||
49 | /*#define DEBUG*/ | |
50 | #include "cgi-private.h" | |
51 | #include <errno.h> | |
f8b3a85b MS |
52 | #include <cups/http.h> |
53 | #include <cups/md5.h> | |
54 | ||
55 | ||
56 | /* | |
57 | * Session ID name | |
58 | */ | |
59 | ||
60 | #define CUPS_SID "org.cups.sid" | |
ef416fc2 | 61 | |
62 | ||
63 | /* | |
64 | * Data structure to hold all the CGI form variables and arrays... | |
65 | */ | |
66 | ||
67 | typedef struct /**** Form variable structure ****/ | |
68 | { | |
69 | const char *name; /* Name of variable */ | |
70 | int nvalues, /* Number of values */ | |
71 | avalues; /* Number of values allocated */ | |
72 | const char **values; /* Value(s) of variable */ | |
73 | } _cgi_var_t; | |
74 | ||
75 | ||
76 | /* | |
77 | * Local globals... | |
78 | */ | |
79 | ||
f8b3a85b MS |
80 | static int num_cookies = 0;/* Number of cookies */ |
81 | static cups_option_t *cookies = NULL;/* Cookies */ | |
ef416fc2 | 82 | static int form_count = 0, /* Form variable count */ |
83 | form_alloc = 0; /* Number of variables allocated */ | |
84 | static _cgi_var_t *form_vars = NULL; | |
85 | /* Form variables */ | |
86 | static cgi_file_t *form_file = NULL; | |
87 | /* Uploaded file */ | |
88 | ||
89 | ||
90 | /* | |
91 | * Local functions... | |
92 | */ | |
93 | ||
94 | static void cgi_add_variable(const char *name, int element, | |
95 | const char *value); | |
96 | static int cgi_compare_variables(const _cgi_var_t *v1, | |
97 | const _cgi_var_t *v2); | |
98 | static _cgi_var_t *cgi_find_variable(const char *name); | |
f8b3a85b | 99 | static void cgi_initialize_cookies(void); |
ef416fc2 | 100 | static int cgi_initialize_get(void); |
101 | static int cgi_initialize_multipart(const char *boundary); | |
102 | static int cgi_initialize_post(void); | |
103 | static int cgi_initialize_string(const char *data); | |
104 | static const char *cgi_passwd(const char *prompt); | |
f8b3a85b | 105 | static const char *cgi_set_sid(void); |
ef416fc2 | 106 | static void cgi_sort_variables(void); |
107 | static void cgi_unlink_file(void); | |
108 | ||
109 | ||
110 | /* | |
111 | * 'cgiCheckVariables()' - Check for the presence of "required" variables. | |
112 | * | |
113 | * Names may be separated by spaces and/or commas. | |
114 | */ | |
115 | ||
116 | int /* O - 1 if all variables present, 0 otherwise */ | |
117 | cgiCheckVariables(const char *names) /* I - Variables to look for */ | |
118 | { | |
119 | char name[255], /* Current variable name */ | |
120 | *s; /* Pointer in string */ | |
121 | const char *val; /* Value of variable */ | |
122 | int element; /* Array element number */ | |
123 | ||
124 | ||
125 | if (names == NULL) | |
126 | return (1); | |
127 | ||
128 | while (*names != '\0') | |
129 | { | |
130 | while (*names == ' ' || *names == ',') | |
131 | names ++; | |
132 | ||
133 | for (s = name; *names != '\0' && *names != ' ' && *names != ','; s ++, names ++) | |
134 | *s = *names; | |
135 | ||
136 | *s = 0; | |
137 | if (name[0] == '\0') | |
138 | break; | |
139 | ||
140 | if ((s = strrchr(name, '-')) != NULL) | |
141 | { | |
142 | *s = '\0'; | |
143 | element = atoi(s + 1) - 1; | |
144 | val = cgiGetArray(name, element); | |
145 | } | |
146 | else | |
147 | val = cgiGetVariable(name); | |
148 | ||
149 | if (val == NULL) | |
150 | return (0); | |
151 | ||
152 | if (*val == '\0') | |
153 | return (0); /* Can't be blank, either! */ | |
154 | } | |
155 | ||
156 | return (1); | |
157 | } | |
158 | ||
159 | ||
ef55b745 MS |
160 | /* |
161 | * 'cgiClearVariables()' - Clear all form variables. | |
162 | */ | |
163 | ||
164 | void | |
165 | cgiClearVariables(void) | |
166 | { | |
167 | int i, j; /* Looping vars */ | |
168 | _cgi_var_t *v; /* Current variable */ | |
169 | ||
170 | ||
171 | for (v = form_vars, i = form_count; i > 0; v ++, i --) | |
172 | { | |
173 | _cupsStrFree(v->name); | |
174 | for (j = 0; j < v->nvalues; j ++) | |
175 | if (v->values[j]) | |
176 | _cupsStrFree(v->values[j]); | |
177 | } | |
178 | ||
179 | form_count = 0; | |
180 | ||
181 | cgi_unlink_file(); | |
182 | } | |
183 | ||
184 | ||
ef416fc2 | 185 | /* |
f8b3a85b | 186 | * 'cgiGetArray()' - Get an element from a form array. |
ef416fc2 | 187 | */ |
188 | ||
189 | const char * /* O - Element value or NULL */ | |
190 | cgiGetArray(const char *name, /* I - Name of array variable */ | |
191 | int element) /* I - Element number (0 to N) */ | |
192 | { | |
193 | _cgi_var_t *var; /* Pointer to variable */ | |
194 | ||
195 | ||
196 | if ((var = cgi_find_variable(name)) == NULL) | |
197 | return (NULL); | |
198 | ||
ef416fc2 | 199 | if (element < 0 || element >= var->nvalues) |
200 | return (NULL); | |
201 | ||
ef55b745 | 202 | return (_cupsStrRetain(var->values[element])); |
ef416fc2 | 203 | } |
204 | ||
205 | ||
f8b3a85b MS |
206 | /* |
207 | * 'cgiGetCookie()' - Get a cookie value. | |
208 | */ | |
209 | ||
210 | const char * /* O - Value or NULL */ | |
211 | cgiGetCookie(const char *name) /* I - Name of cookie */ | |
212 | { | |
213 | return (cupsGetOption(name, num_cookies, cookies)); | |
214 | } | |
215 | ||
216 | ||
ef416fc2 | 217 | /* |
218 | * 'cgiGetFile()' - Get the file (if any) that was submitted in the form. | |
219 | */ | |
220 | ||
221 | const cgi_file_t * /* O - Attached file or NULL */ | |
222 | cgiGetFile(void) | |
223 | { | |
224 | return (form_file); | |
225 | } | |
226 | ||
227 | ||
228 | /* | |
229 | * 'cgiGetSize()' - Get the size of a form array value. | |
230 | */ | |
231 | ||
232 | int /* O - Number of elements */ | |
233 | cgiGetSize(const char *name) /* I - Name of variable */ | |
234 | { | |
235 | _cgi_var_t *var; /* Pointer to variable */ | |
236 | ||
237 | ||
238 | if ((var = cgi_find_variable(name)) == NULL) | |
239 | return (0); | |
240 | ||
241 | return (var->nvalues); | |
242 | } | |
243 | ||
244 | ||
245 | /* | |
f8b3a85b | 246 | * 'cgiGetVariable()' - Get a CGI variable from the database. |
ef416fc2 | 247 | * |
248 | * Returns NULL if the variable doesn't exist. If the variable is an | |
f8b3a85b | 249 | * array of values, returns the last element. |
ef416fc2 | 250 | */ |
251 | ||
252 | const char * /* O - Value of variable */ | |
253 | cgiGetVariable(const char *name) /* I - Name of variable */ | |
254 | { | |
255 | const _cgi_var_t *var; /* Returned variable */ | |
256 | ||
257 | ||
258 | var = cgi_find_variable(name); | |
259 | ||
260 | #ifdef DEBUG | |
261 | if (var == NULL) | |
ae71f5de | 262 | DEBUG_printf(("cgiGetVariable(\"%s\") is returning NULL...\n", name)); |
ef416fc2 | 263 | else |
ae71f5de MS |
264 | DEBUG_printf(("cgiGetVariable(\"%s\") is returning \"%s\"...\n", name, |
265 | var->values[var->nvalues - 1])); | |
ef416fc2 | 266 | #endif /* DEBUG */ |
267 | ||
ef55b745 | 268 | return ((var == NULL) ? NULL : _cupsStrRetain(var->values[var->nvalues - 1])); |
ef416fc2 | 269 | } |
270 | ||
271 | ||
272 | /* | |
f8b3a85b | 273 | * 'cgiInitialize()' - Initialize the CGI variable "database". |
ef416fc2 | 274 | */ |
275 | ||
276 | int /* O - Non-zero if there was form data */ | |
277 | cgiInitialize(void) | |
278 | { | |
f8b3a85b MS |
279 | const char *method, /* Form posting method */ |
280 | *content_type, /* Content-Type of post data */ | |
281 | *cups_sid_cookie, /* SID cookie */ | |
282 | *cups_sid_form; /* SID form variable */ | |
ef416fc2 | 283 | |
284 | ||
285 | /* | |
286 | * Setup a password callback for authentication... | |
287 | */ | |
288 | ||
289 | cupsSetPasswordCB(cgi_passwd); | |
290 | ||
80ca4592 | 291 | /* |
292 | * Set the locale so that times, etc. are formatted properly... | |
293 | */ | |
294 | ||
295 | setlocale(LC_ALL, ""); | |
296 | ||
ef416fc2 | 297 | #ifdef DEBUG |
298 | /* | |
299 | * Disable output buffering to find bugs... | |
300 | */ | |
301 | ||
302 | setbuf(stdout, NULL); | |
ef416fc2 | 303 | #endif /* DEBUG */ |
304 | ||
f8b3a85b MS |
305 | /* |
306 | * Get cookies... | |
307 | */ | |
308 | ||
309 | cgi_initialize_cookies(); | |
310 | ||
311 | if ((cups_sid_cookie = cgiGetCookie(CUPS_SID)) == NULL) | |
312 | { | |
313 | fputs("DEBUG: " CUPS_SID " cookie not found, initializing!\n", stderr); | |
314 | cups_sid_cookie = cgi_set_sid(); | |
315 | } | |
316 | ||
317 | fprintf(stderr, "DEBUG: " CUPS_SID " cookie is \"%s\"\n", cups_sid_cookie); | |
318 | ||
ef416fc2 | 319 | /* |
320 | * Get the request method (GET or POST)... | |
321 | */ | |
322 | ||
323 | method = getenv("REQUEST_METHOD"); | |
324 | content_type = getenv("CONTENT_TYPE"); | |
325 | if (!method) | |
326 | return (0); | |
327 | ||
328 | /* | |
329 | * Grab form data from the corresponding location... | |
330 | */ | |
331 | ||
332 | if (!strcasecmp(method, "GET")) | |
333 | return (cgi_initialize_get()); | |
334 | else if (!strcasecmp(method, "POST") && content_type) | |
335 | { | |
336 | const char *boundary = strstr(content_type, "boundary="); | |
337 | ||
338 | if (boundary) | |
339 | boundary += 9; | |
340 | ||
341 | if (content_type && !strncmp(content_type, "multipart/form-data; ", 21)) | |
f8b3a85b MS |
342 | { |
343 | if (!cgi_initialize_multipart(boundary)) | |
344 | return (0); | |
345 | } | |
346 | else if (!cgi_initialize_post()) | |
347 | return (0); | |
348 | ||
349 | if ((cups_sid_form = cgiGetVariable(CUPS_SID)) == NULL || | |
350 | strcmp(cups_sid_cookie, cups_sid_form)) | |
351 | { | |
352 | if (cups_sid_form) | |
353 | fprintf(stderr, "DEBUG: " CUPS_SID " form variable is \"%s\"\n", | |
354 | cups_sid_form); | |
355 | else | |
356 | fputs("DEBUG: " CUPS_SID " form variable is not present.\n", stderr); | |
357 | ||
358 | cgiClearVariables(); | |
359 | return (0); | |
360 | } | |
ef416fc2 | 361 | else |
f8b3a85b | 362 | return (1); |
ef416fc2 | 363 | } |
364 | else | |
365 | return (0); | |
366 | } | |
367 | ||
368 | ||
369 | /* | |
370 | * 'cgiIsPOST()' - Determine whether this page was POSTed. | |
371 | */ | |
372 | ||
373 | int /* O - 1 if POST, 0 if GET */ | |
374 | cgiIsPOST(void) | |
375 | { | |
376 | const char *method; /* REQUEST_METHOD environment variable */ | |
377 | ||
378 | ||
379 | if ((method = getenv("REQUEST_METHOD")) == NULL) | |
380 | return (0); | |
381 | else | |
382 | return (!strcmp(method, "POST")); | |
383 | } | |
384 | ||
385 | ||
386 | /* | |
387 | * 'cgiSetArray()' - Set array element N to the specified string. | |
388 | * | |
389 | * If the variable array is smaller than (element + 1), the intervening | |
390 | * elements are set to NULL. | |
391 | */ | |
392 | ||
393 | void | |
394 | cgiSetArray(const char *name, /* I - Name of variable */ | |
395 | int element, /* I - Element number (0 to N) */ | |
396 | const char *value) /* I - Value of variable */ | |
397 | { | |
398 | int i; /* Looping var */ | |
399 | _cgi_var_t *var; /* Returned variable */ | |
400 | ||
401 | ||
402 | if (name == NULL || value == NULL || element < 0 || element > 100000) | |
403 | return; | |
404 | ||
405 | if ((var = cgi_find_variable(name)) == NULL) | |
406 | { | |
407 | cgi_add_variable(name, element, value); | |
408 | cgi_sort_variables(); | |
409 | } | |
410 | else | |
411 | { | |
412 | if (element >= var->avalues) | |
413 | { | |
91c84a35 MS |
414 | const char **temp; /* Temporary pointer */ |
415 | ||
416 | temp = (const char **)realloc((void *)(var->values), | |
417 | sizeof(char *) * (element + 16)); | |
418 | if (!temp) | |
419 | return; | |
420 | ||
ef416fc2 | 421 | var->avalues = element + 16; |
91c84a35 | 422 | var->values = temp; |
ef416fc2 | 423 | } |
424 | ||
425 | if (element >= var->nvalues) | |
426 | { | |
427 | for (i = var->nvalues; i < element; i ++) | |
428 | var->values[i] = NULL; | |
429 | ||
430 | var->nvalues = element + 1; | |
431 | } | |
432 | else if (var->values[element]) | |
ef55b745 | 433 | _cupsStrFree((char *)var->values[element]); |
ef416fc2 | 434 | |
ef55b745 | 435 | var->values[element] = _cupsStrAlloc(value); |
ef416fc2 | 436 | } |
437 | } | |
438 | ||
439 | ||
f8b3a85b MS |
440 | /* |
441 | * 'cgiSetCookie()' - Set a cookie value. | |
442 | */ | |
443 | ||
444 | void | |
445 | cgiSetCookie(const char *name, /* I - Name */ | |
446 | const char *value, /* I - Value */ | |
447 | const char *path, /* I - Path (typically "/") */ | |
448 | const char *domain, /* I - Domain name */ | |
449 | time_t expires, /* I - Expiration date (0 for session) */ | |
450 | int secure) /* I - Require SSL */ | |
451 | { | |
452 | num_cookies = cupsAddOption(name, value, num_cookies, &cookies); | |
453 | ||
454 | printf("Set-Cookie: %s=%s;", name, value); | |
455 | if (path) | |
456 | printf("; path=%s", path); | |
457 | if (domain) | |
458 | printf("; domain=%s", domain); | |
459 | if (expires) | |
460 | { | |
461 | char date[256]; /* Date string */ | |
462 | ||
463 | printf("; expires=%s", httpGetDateString2(expires, date, sizeof(date))); | |
464 | } | |
465 | if (secure) | |
466 | puts("; secure;"); | |
467 | else | |
468 | puts(";"); | |
469 | } | |
470 | ||
471 | ||
ef416fc2 | 472 | /* |
473 | * 'cgiSetSize()' - Set the array size. | |
474 | */ | |
475 | ||
476 | void | |
477 | cgiSetSize(const char *name, /* I - Name of variable */ | |
478 | int size) /* I - Number of elements (0 to N) */ | |
479 | { | |
480 | int i; /* Looping var */ | |
481 | _cgi_var_t *var; /* Returned variable */ | |
482 | ||
483 | ||
484 | if (name == NULL || size < 0 || size > 100000) | |
485 | return; | |
486 | ||
487 | if ((var = cgi_find_variable(name)) == NULL) | |
488 | return; | |
489 | ||
490 | if (size >= var->avalues) | |
491 | { | |
91c84a35 MS |
492 | const char **temp; /* Temporary pointer */ |
493 | ||
494 | temp = (const char **)realloc((void *)(var->values), | |
495 | sizeof(char *) * (size + 16)); | |
496 | if (!temp) | |
497 | return; | |
498 | ||
ef416fc2 | 499 | var->avalues = size + 16; |
91c84a35 | 500 | var->values = temp; |
ef416fc2 | 501 | } |
502 | ||
503 | if (size > var->nvalues) | |
504 | { | |
505 | for (i = var->nvalues; i < size; i ++) | |
506 | var->values[i] = NULL; | |
507 | } | |
508 | else if (size < var->nvalues) | |
509 | { | |
510 | for (i = size; i < var->nvalues; i ++) | |
511 | if (var->values[i]) | |
ef55b745 | 512 | _cupsStrFree((void *)(var->values[i])); |
ef416fc2 | 513 | } |
514 | ||
515 | var->nvalues = size; | |
516 | } | |
517 | ||
518 | ||
519 | /* | |
f8b3a85b | 520 | * 'cgiSetVariable()' - Set a CGI variable in the database. |
ef416fc2 | 521 | * |
522 | * If the variable is an array, this truncates the array to a single element. | |
523 | */ | |
524 | ||
525 | void | |
526 | cgiSetVariable(const char *name, /* I - Name of variable */ | |
527 | const char *value) /* I - Value of variable */ | |
528 | { | |
529 | int i; /* Looping var */ | |
530 | _cgi_var_t *var; /* Returned variable */ | |
531 | ||
532 | ||
533 | if (name == NULL || value == NULL) | |
534 | return; | |
535 | ||
536 | if ((var = cgi_find_variable(name)) == NULL) | |
537 | { | |
538 | cgi_add_variable(name, 0, value); | |
539 | cgi_sort_variables(); | |
540 | } | |
541 | else | |
542 | { | |
543 | for (i = 0; i < var->nvalues; i ++) | |
544 | if (var->values[i]) | |
ef55b745 | 545 | _cupsStrFree((char *)var->values[i]); |
ef416fc2 | 546 | |
ef55b745 | 547 | var->values[0] = _cupsStrAlloc(value); |
ef416fc2 | 548 | var->nvalues = 1; |
549 | } | |
550 | } | |
551 | ||
552 | ||
553 | /* | |
554 | * 'cgi_add_variable()' - Add a form variable. | |
555 | */ | |
556 | ||
557 | static void | |
558 | cgi_add_variable(const char *name, /* I - Variable name */ | |
559 | int element, /* I - Array element number */ | |
560 | const char *value) /* I - Variable value */ | |
561 | { | |
91c84a35 | 562 | _cgi_var_t *var; /* New variable */ |
ef416fc2 | 563 | |
564 | ||
565 | if (name == NULL || value == NULL || element < 0 || element > 100000) | |
566 | return; | |
567 | ||
ae71f5de MS |
568 | DEBUG_printf(("cgi_add_variable: Adding variable \'%s\' with value " |
569 | "\'%s\'...\n", name, value)); | |
ef416fc2 | 570 | |
571 | if (form_count >= form_alloc) | |
572 | { | |
91c84a35 MS |
573 | _cgi_var_t *temp_vars; /* Temporary form pointer */ |
574 | ||
575 | ||
ef416fc2 | 576 | if (form_alloc == 0) |
91c84a35 | 577 | temp_vars = malloc(sizeof(_cgi_var_t) * 16); |
ef416fc2 | 578 | else |
91c84a35 MS |
579 | temp_vars = realloc(form_vars, (form_alloc + 16) * sizeof(_cgi_var_t)); |
580 | ||
581 | if (!temp_vars) | |
582 | return; | |
ef416fc2 | 583 | |
91c84a35 | 584 | form_vars = temp_vars; |
ef416fc2 | 585 | form_alloc += 16; |
586 | } | |
587 | ||
91c84a35 MS |
588 | var = form_vars + form_count; |
589 | ||
590 | if ((var->values = calloc(element + 1, sizeof(char *))) == NULL) | |
591 | return; | |
592 | ||
ef55b745 | 593 | var->name = _cupsStrAlloc(name); |
ef416fc2 | 594 | var->nvalues = element + 1; |
595 | var->avalues = element + 1; | |
ef55b745 | 596 | var->values[element] = _cupsStrAlloc(value); |
ef416fc2 | 597 | |
598 | form_count ++; | |
599 | } | |
600 | ||
601 | ||
602 | /* | |
603 | * 'cgi_compare_variables()' - Compare two variables. | |
604 | */ | |
605 | ||
606 | static int /* O - Result of comparison */ | |
607 | cgi_compare_variables( | |
608 | const _cgi_var_t *v1, /* I - First variable */ | |
609 | const _cgi_var_t *v2) /* I - Second variable */ | |
610 | { | |
611 | return (strcasecmp(v1->name, v2->name)); | |
612 | } | |
613 | ||
614 | ||
615 | /* | |
f8b3a85b | 616 | * 'cgi_find_variable()' - Find a variable. |
ef416fc2 | 617 | */ |
618 | ||
619 | static _cgi_var_t * /* O - Variable pointer or NULL */ | |
620 | cgi_find_variable(const char *name) /* I - Name of variable */ | |
621 | { | |
622 | _cgi_var_t key; /* Search key */ | |
623 | ||
624 | ||
625 | if (form_count < 1 || name == NULL) | |
626 | return (NULL); | |
627 | ||
628 | key.name = name; | |
629 | ||
630 | return ((_cgi_var_t *)bsearch(&key, form_vars, form_count, sizeof(_cgi_var_t), | |
631 | (int (*)(const void *, const void *))cgi_compare_variables)); | |
632 | } | |
633 | ||
634 | ||
f8b3a85b MS |
635 | /* |
636 | * 'cgi_initialize_cookies()' - Initialize cookies. | |
637 | */ | |
638 | ||
639 | static void | |
640 | cgi_initialize_cookies(void) | |
641 | { | |
642 | const char *cookie; /* HTTP_COOKIE environment variable */ | |
643 | char name[128], /* Name string */ | |
644 | value[512], /* Value string */ | |
645 | *ptr; /* Pointer into name/value */ | |
646 | ||
647 | ||
648 | if ((cookie = getenv("HTTP_COOKIE")) == NULL) | |
649 | return; | |
650 | ||
651 | while (*cookie) | |
652 | { | |
653 | /* | |
654 | * Skip leading whitespace... | |
655 | */ | |
656 | ||
657 | while (isspace(*cookie & 255)) | |
658 | cookie ++; | |
659 | if (!*cookie) | |
660 | break; | |
661 | ||
662 | /* | |
663 | * Copy the name... | |
664 | */ | |
665 | ||
666 | for (ptr = name; *cookie && *cookie != '=';) | |
667 | if (ptr < (name + sizeof(name) - 1)) | |
668 | *ptr++ = *cookie++; | |
669 | else | |
670 | break; | |
671 | ||
672 | if (*cookie != '=') | |
673 | break; | |
674 | ||
675 | *ptr = '\0'; | |
676 | cookie ++; | |
677 | ||
678 | /* | |
679 | * Then the value... | |
680 | */ | |
681 | ||
682 | if (*cookie == '\"') | |
683 | { | |
684 | for (cookie ++, ptr = value; *cookie && *cookie != '\"';) | |
685 | if (ptr < (value + sizeof(value) - 1)) | |
686 | *ptr++ = *cookie++; | |
687 | else | |
688 | break; | |
689 | ||
690 | if (*cookie == '\"') | |
691 | cookie ++; | |
692 | } | |
693 | else | |
694 | { | |
695 | for (ptr = value; *cookie && *cookie != ';';) | |
696 | if (ptr < (value + sizeof(value) - 1)) | |
697 | *ptr++ = *cookie++; | |
698 | else | |
699 | break; | |
700 | } | |
701 | ||
702 | if (*cookie == ';') | |
703 | cookie ++; | |
704 | else if (*cookie) | |
705 | break; | |
706 | ||
707 | *ptr = '\0'; | |
708 | ||
709 | /* | |
710 | * Then add the cookie to an array as long as the name doesn't start with | |
711 | * "$"... | |
712 | */ | |
713 | ||
714 | if (name[0] != '$') | |
715 | num_cookies = cupsAddOption(name, value, num_cookies, &cookies); | |
716 | } | |
717 | } | |
718 | ||
719 | ||
ef416fc2 | 720 | /* |
721 | * 'cgi_initialize_get()' - Initialize form variables using the GET method. | |
722 | */ | |
723 | ||
724 | static int /* O - 1 if form data read */ | |
725 | cgi_initialize_get(void) | |
726 | { | |
727 | char *data; /* Pointer to form data string */ | |
728 | ||
729 | ||
ae71f5de | 730 | DEBUG_puts("cgi_initialize_get: Initializing variables using GET method..."); |
ef416fc2 | 731 | |
732 | /* | |
733 | * Check to see if there is anything for us to read... | |
734 | */ | |
735 | ||
736 | data = getenv("QUERY_STRING"); | |
737 | if (data == NULL || strlen(data) == 0) | |
738 | return (0); | |
739 | ||
740 | /* | |
741 | * Parse it out and return... | |
742 | */ | |
743 | ||
744 | return (cgi_initialize_string(data)); | |
745 | } | |
746 | ||
747 | ||
748 | /* | |
f8b3a85b MS |
749 | * 'cgi_initialize_multipart()' - Initialize variables and file using the POST |
750 | * method. | |
ef416fc2 | 751 | * |
752 | * TODO: Update to support files > 2GB. | |
753 | */ | |
754 | ||
755 | static int /* O - 1 if form data was read */ | |
756 | cgi_initialize_multipart( | |
757 | const char *boundary) /* I - Boundary string */ | |
758 | { | |
759 | char line[10240], /* MIME header line */ | |
760 | name[1024], /* Form variable name */ | |
761 | filename[1024], /* Form filename */ | |
762 | mimetype[1024], /* MIME media type */ | |
763 | bstring[256], /* Boundary string to look for */ | |
764 | *ptr, /* Pointer into name/filename */ | |
765 | *end; /* End of buffer */ | |
766 | int ch, /* Character from file */ | |
767 | fd, /* Temporary file descriptor */ | |
768 | blen; /* Length of boundary string */ | |
769 | ||
770 | ||
771 | DEBUG_printf(("cgi_initialize_multipart(boundary=\"%s\")\n", boundary)); | |
772 | ||
773 | /* | |
774 | * Read multipart form data until we run out... | |
775 | */ | |
776 | ||
777 | name[0] = '\0'; | |
778 | filename[0] = '\0'; | |
779 | mimetype[0] = '\0'; | |
780 | ||
781 | snprintf(bstring, sizeof(bstring), "\r\n--%s", boundary); | |
782 | blen = strlen(bstring); | |
783 | ||
784 | while (fgets(line, sizeof(line), stdin)) | |
785 | { | |
786 | if (!strcmp(line, "\r\n")) | |
787 | { | |
788 | /* | |
789 | * End of headers, grab value... | |
790 | */ | |
791 | ||
792 | if (filename[0]) | |
793 | { | |
794 | /* | |
795 | * Read an embedded file... | |
796 | */ | |
797 | ||
798 | if (form_file) | |
799 | { | |
800 | /* | |
801 | * Remove previous file... | |
802 | */ | |
803 | ||
804 | cgi_unlink_file(); | |
805 | } | |
806 | ||
807 | /* | |
808 | * Allocate memory for the new file... | |
809 | */ | |
810 | ||
811 | if ((form_file = calloc(1, sizeof(cgi_file_t))) == NULL) | |
812 | return (0); | |
813 | ||
814 | form_file->name = strdup(name); | |
815 | form_file->filename = strdup(filename); | |
816 | form_file->mimetype = strdup(mimetype); | |
817 | ||
818 | fd = cupsTempFd(form_file->tempfile, sizeof(form_file->tempfile)); | |
819 | ||
820 | if (fd < 0) | |
821 | return (0); | |
822 | ||
823 | atexit(cgi_unlink_file); | |
824 | ||
825 | /* | |
826 | * Copy file data to the temp file... | |
827 | */ | |
828 | ||
829 | ptr = line; | |
830 | ||
831 | while ((ch = getchar()) != EOF) | |
832 | { | |
833 | *ptr++ = ch; | |
834 | ||
835 | if ((ptr - line) >= blen && !memcmp(ptr - blen, bstring, blen)) | |
836 | { | |
837 | ptr -= blen; | |
838 | break; | |
839 | } | |
840 | ||
841 | if ((ptr - line - blen) >= 8192) | |
842 | { | |
843 | /* | |
844 | * Write out the first 8k of the buffer... | |
845 | */ | |
846 | ||
847 | write(fd, line, 8192); | |
848 | memmove(line, line + 8192, ptr - line - 8192); | |
849 | ptr -= 8192; | |
850 | } | |
851 | } | |
852 | ||
853 | /* | |
854 | * Write the rest of the data and close the temp file... | |
855 | */ | |
856 | ||
857 | if (ptr > line) | |
858 | write(fd, line, ptr - line); | |
859 | ||
860 | close(fd); | |
861 | } | |
862 | else | |
863 | { | |
864 | /* | |
865 | * Just get a form variable; the current code only handles | |
866 | * form values up to 10k in size... | |
867 | */ | |
868 | ||
869 | ptr = line; | |
870 | end = line + sizeof(line) - 1; | |
871 | ||
872 | while ((ch = getchar()) != EOF) | |
873 | { | |
874 | if (ptr < end) | |
875 | *ptr++ = ch; | |
876 | ||
877 | if ((ptr - line) >= blen && !memcmp(ptr - blen, bstring, blen)) | |
878 | { | |
879 | ptr -= blen; | |
880 | break; | |
881 | } | |
882 | } | |
883 | ||
884 | *ptr = '\0'; | |
885 | ||
886 | /* | |
887 | * Set the form variable... | |
888 | */ | |
889 | ||
890 | if ((ptr = strrchr(name, '-')) != NULL && isdigit(ptr[1] & 255)) | |
891 | { | |
892 | /* | |
893 | * Set a specific index in the array... | |
894 | */ | |
895 | ||
896 | *ptr++ = '\0'; | |
897 | if (line[0]) | |
898 | cgiSetArray(name, atoi(ptr) - 1, line); | |
899 | } | |
900 | else if (cgiGetVariable(name)) | |
901 | { | |
902 | /* | |
903 | * Add another element in the array... | |
904 | */ | |
905 | ||
906 | cgiSetArray(name, cgiGetSize(name), line); | |
907 | } | |
908 | else | |
909 | { | |
910 | /* | |
911 | * Just set the line... | |
912 | */ | |
913 | ||
914 | cgiSetVariable(name, line); | |
915 | } | |
916 | } | |
917 | ||
918 | /* | |
919 | * Read the rest of the current line... | |
920 | */ | |
921 | ||
922 | fgets(line, sizeof(line), stdin); | |
923 | ||
924 | /* | |
925 | * Clear the state vars... | |
926 | */ | |
927 | ||
928 | name[0] = '\0'; | |
929 | filename[0] = '\0'; | |
930 | mimetype[0] = '\0'; | |
931 | } | |
932 | else if (!strncasecmp(line, "Content-Disposition:", 20)) | |
933 | { | |
934 | if ((ptr = strstr(line + 20, " name=\"")) != NULL) | |
935 | { | |
936 | strlcpy(name, ptr + 7, sizeof(name)); | |
937 | ||
938 | if ((ptr = strchr(name, '\"')) != NULL) | |
939 | *ptr = '\0'; | |
940 | } | |
941 | ||
942 | if ((ptr = strstr(line + 20, " filename=\"")) != NULL) | |
943 | { | |
944 | strlcpy(filename, ptr + 11, sizeof(filename)); | |
945 | ||
946 | if ((ptr = strchr(filename, '\"')) != NULL) | |
947 | *ptr = '\0'; | |
948 | } | |
949 | } | |
950 | else if (!strncasecmp(line, "Content-Type:", 13)) | |
951 | { | |
952 | for (ptr = line + 13; isspace(*ptr & 255); ptr ++); | |
953 | ||
954 | strlcpy(mimetype, ptr, sizeof(mimetype)); | |
955 | ||
956 | for (ptr = mimetype + strlen(mimetype) - 1; | |
957 | ptr > mimetype && isspace(*ptr & 255); | |
958 | *ptr-- = '\0'); | |
959 | } | |
960 | } | |
961 | ||
962 | /* | |
963 | * Return 1 for "form data found"... | |
964 | */ | |
965 | ||
966 | return (1); | |
967 | } | |
968 | ||
969 | ||
970 | /* | |
971 | * 'cgi_initialize_post()' - Initialize variables using the POST method. | |
972 | */ | |
973 | ||
974 | static int /* O - 1 if form data was read */ | |
975 | cgi_initialize_post(void) | |
976 | { | |
977 | char *content_length, /* Length of input data (string) */ | |
978 | *data; /* Pointer to form data string */ | |
979 | int length, /* Length of input data */ | |
980 | nbytes, /* Number of bytes read this read() */ | |
981 | tbytes, /* Total number of bytes read */ | |
982 | status; /* Return status */ | |
983 | ||
984 | ||
ae71f5de | 985 | DEBUG_puts("cgi_initialize_post: Initializing variables using POST method..."); |
ef416fc2 | 986 | |
987 | /* | |
988 | * Check to see if there is anything for us to read... | |
989 | */ | |
990 | ||
991 | content_length = getenv("CONTENT_LENGTH"); | |
992 | if (content_length == NULL || atoi(content_length) <= 0) | |
993 | return (0); | |
994 | ||
995 | /* | |
996 | * Get the length of the input stream and allocate a buffer for it... | |
997 | */ | |
998 | ||
999 | length = atoi(content_length); | |
1000 | data = malloc(length + 1); | |
1001 | ||
1002 | if (data == NULL) | |
1003 | return (0); | |
1004 | ||
1005 | /* | |
1006 | * Read the data into the buffer... | |
1007 | */ | |
1008 | ||
1009 | for (tbytes = 0; tbytes < length; tbytes += nbytes) | |
1010 | if ((nbytes = read(0, data + tbytes, length - tbytes)) < 0) | |
080811b1 | 1011 | { |
ef416fc2 | 1012 | if (errno != EAGAIN) |
1013 | { | |
1014 | free(data); | |
1015 | return (0); | |
1016 | } | |
080811b1 MS |
1017 | else |
1018 | nbytes = 0; | |
1019 | } | |
f11a948a MS |
1020 | else if (nbytes == 0) |
1021 | { | |
1022 | /* | |
1023 | * CUPS STR #3176: OpenBSD: Early end-of-file on POST data causes 100% CPU | |
1024 | * | |
1025 | * This should never happen, but does on OpenBSD. If we see early end-of- | |
1026 | * file, treat this as an error and process no data. | |
1027 | */ | |
1028 | ||
1029 | free(data); | |
1030 | return (0); | |
1031 | } | |
ef416fc2 | 1032 | |
1033 | data[length] = '\0'; | |
1034 | ||
1035 | /* | |
1036 | * Parse it out... | |
1037 | */ | |
1038 | ||
1039 | status = cgi_initialize_string(data); | |
1040 | ||
1041 | /* | |
1042 | * Free the data and return... | |
1043 | */ | |
1044 | ||
1045 | free(data); | |
1046 | ||
1047 | return (status); | |
1048 | } | |
1049 | ||
1050 | ||
1051 | /* | |
1052 | * 'cgi_initialize_string()' - Initialize form variables from a string. | |
1053 | */ | |
1054 | ||
1055 | static int /* O - 1 if form data was processed */ | |
1056 | cgi_initialize_string(const char *data) /* I - Form data string */ | |
1057 | { | |
1058 | int done; /* True if we're done reading a form variable */ | |
1059 | char *s, /* Pointer to current form string */ | |
1060 | ch, /* Temporary character */ | |
1061 | name[255], /* Name of form variable */ | |
f8b3a85b | 1062 | value[65536]; /* Variable value */ |
ef416fc2 | 1063 | |
1064 | ||
1065 | /* | |
1066 | * Check input... | |
1067 | */ | |
1068 | ||
1069 | if (data == NULL) | |
1070 | return (0); | |
1071 | ||
1072 | /* | |
1073 | * Loop until we've read all the form data... | |
1074 | */ | |
1075 | ||
1076 | while (*data != '\0') | |
1077 | { | |
1078 | /* | |
1079 | * Get the variable name... | |
1080 | */ | |
1081 | ||
1082 | for (s = name; *data != '\0'; data ++) | |
1083 | if (*data == '=') | |
1084 | break; | |
1085 | else if (*data >= ' ' && s < (name + sizeof(name) - 1)) | |
1086 | *s++ = *data; | |
1087 | ||
1088 | *s = '\0'; | |
1089 | if (*data == '=') | |
1090 | data ++; | |
1091 | else | |
1092 | return (0); | |
1093 | ||
1094 | /* | |
1095 | * Read the variable value... | |
1096 | */ | |
1097 | ||
1098 | for (s = value, done = 0; !done && *data != '\0'; data ++) | |
1099 | switch (*data) | |
1100 | { | |
1101 | case '&' : /* End of data... */ | |
1102 | done = 1; | |
1103 | break; | |
1104 | ||
1105 | case '+' : /* Escaped space character */ | |
1106 | if (s < (value + sizeof(value) - 1)) | |
1107 | *s++ = ' '; | |
1108 | break; | |
1109 | ||
1110 | case '%' : /* Escaped control character */ | |
1111 | /* | |
1112 | * Read the hex code... | |
1113 | */ | |
1114 | ||
1115 | if (s < (value + sizeof(value) - 1)) | |
1116 | { | |
1117 | data ++; | |
1118 | ch = *data - '0'; | |
1119 | if (ch > 9) | |
1120 | ch -= 7; | |
1121 | *s = ch << 4; | |
1122 | ||
1123 | data ++; | |
1124 | ch = *data - '0'; | |
1125 | if (ch > 9) | |
1126 | ch -= 7; | |
1127 | *s++ |= ch; | |
1128 | } | |
1129 | else | |
1130 | data += 2; | |
1131 | break; | |
1132 | ||
1133 | default : /* Other characters come straight through */ | |
1134 | if (*data >= ' ' && s < (value + sizeof(value) - 1)) | |
1135 | *s++ = *data; | |
1136 | break; | |
1137 | } | |
1138 | ||
1139 | *s = '\0'; /* nul terminate the string */ | |
1140 | ||
1141 | /* | |
1142 | * Remove trailing whitespace... | |
1143 | */ | |
1144 | ||
1145 | if (s > value) | |
1146 | s --; | |
1147 | ||
58dc1933 | 1148 | while (s >= value && isspace(*s & 255)) |
ef416fc2 | 1149 | *s-- = '\0'; |
1150 | ||
1151 | /* | |
1152 | * Add the string to the variable "database"... | |
1153 | */ | |
1154 | ||
1155 | if ((s = strrchr(name, '-')) != NULL && isdigit(s[1] & 255)) | |
1156 | { | |
1157 | *s++ = '\0'; | |
1158 | if (value[0]) | |
1159 | cgiSetArray(name, atoi(s) - 1, value); | |
1160 | } | |
1161 | else if (cgiGetVariable(name) != NULL) | |
1162 | cgiSetArray(name, cgiGetSize(name), value); | |
1163 | else | |
1164 | cgiSetVariable(name, value); | |
1165 | } | |
1166 | ||
1167 | return (1); | |
1168 | } | |
1169 | ||
1170 | ||
1171 | /* | |
1172 | * 'cgi_passwd()' - Catch authentication requests and notify the server. | |
1173 | * | |
1174 | * This function sends a Status header and exits, forcing authentication | |
1175 | * for this request. | |
1176 | */ | |
1177 | ||
1178 | static const char * /* O - NULL (no return) */ | |
1179 | cgi_passwd(const char *prompt) /* I - Prompt (not used) */ | |
1180 | { | |
1181 | (void)prompt; | |
1182 | ||
f301802f | 1183 | fprintf(stderr, "DEBUG: cgi_passwd(prompt=\"%s\") called!\n", |
1184 | prompt ? prompt : "(null)"); | |
ef416fc2 | 1185 | |
1186 | /* | |
1187 | * Send a 401 (unauthorized) status to the server, so it can notify | |
1188 | * the client that authentication is required. | |
1189 | */ | |
1190 | ||
1191 | puts("Status: 401\n"); | |
1192 | exit(0); | |
1193 | ||
1194 | /* | |
1195 | * This code is never executed, but is present to satisfy the compiler. | |
1196 | */ | |
1197 | ||
1198 | return (NULL); | |
1199 | } | |
1200 | ||
1201 | ||
f8b3a85b MS |
1202 | /* |
1203 | * 'cgi_set_sid()' - Set the CUPS session ID. | |
1204 | */ | |
1205 | ||
1206 | static const char * /* O - New session ID */ | |
1207 | cgi_set_sid(void) | |
1208 | { | |
1209 | char buffer[512], /* SID data */ | |
1210 | sid[33]; /* SID string */ | |
1211 | _cups_md5_state_t md5; /* MD5 state */ | |
1212 | unsigned char sum[16]; /* MD5 sum */ | |
1213 | const char *remote_addr, /* REMOTE_ADDR */ | |
1214 | *server_name, /* SERVER_NAME */ | |
1215 | *server_port; /* SERVER_PORT */ | |
1216 | ||
1217 | ||
1218 | if ((remote_addr = getenv("REMOTE_ADDR")) == NULL) | |
1219 | remote_addr = "REMOTE_ADDR"; | |
1220 | if ((server_name = getenv("SERVER_NAME")) == NULL) | |
1221 | server_name = "SERVER_NAME"; | |
1222 | if ((server_port = getenv("SERVER_PORT")) == NULL) | |
1223 | server_port = "SERVER_PORT"; | |
1224 | ||
1225 | CUPS_SRAND(time(NULL)); | |
1226 | snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X", | |
1227 | remote_addr, server_name, server_port, | |
1228 | (unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255, | |
1229 | (unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255, | |
1230 | (unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255, | |
1231 | (unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255); | |
1232 | _cupsMD5Init(&md5); | |
1233 | _cupsMD5Append(&md5, (unsigned char *)buffer, (int)strlen(buffer)); | |
1234 | _cupsMD5Finish(&md5, sum); | |
1235 | ||
1236 | cgiSetCookie(CUPS_SID, httpMD5String(sum, sid), "/", server_name, 0, 0); | |
1237 | ||
1238 | return (cupsGetOption(CUPS_SID, num_cookies, cookies)); | |
1239 | } | |
1240 | ||
1241 | ||
ef416fc2 | 1242 | /* |
1243 | * 'cgi_sort_variables()' - Sort all form variables for faster lookup. | |
1244 | */ | |
1245 | ||
1246 | static void | |
1247 | cgi_sort_variables(void) | |
1248 | { | |
1249 | #ifdef DEBUG | |
1250 | int i; | |
1251 | ||
1252 | ||
ae71f5de | 1253 | DEBUG_puts("cgi_sort_variables: Sorting variables..."); |
ef416fc2 | 1254 | #endif /* DEBUG */ |
1255 | ||
1256 | if (form_count < 2) | |
1257 | return; | |
1258 | ||
1259 | qsort(form_vars, form_count, sizeof(_cgi_var_t), | |
1260 | (int (*)(const void *, const void *))cgi_compare_variables); | |
1261 | ||
1262 | #ifdef DEBUG | |
ae71f5de | 1263 | DEBUG_puts("cgi_sort_variables: Sorted variable list is:"); |
ef416fc2 | 1264 | for (i = 0; i < form_count; i ++) |
ae71f5de MS |
1265 | DEBUG_printf(("cgi_sort_variables: %d: %s (%d) = \"%s\" ...\n", i, |
1266 | form_vars[i].name, form_vars[i].nvalues, | |
1267 | form_vars[i].values[0])); | |
ef416fc2 | 1268 | #endif /* DEBUG */ |
1269 | } | |
1270 | ||
1271 | ||
1272 | /* | |
1273 | * 'cgi_unlink_file()' - Remove the uploaded form. | |
1274 | */ | |
1275 | ||
1276 | static void | |
1277 | cgi_unlink_file(void) | |
1278 | { | |
1279 | if (form_file) | |
1280 | { | |
1281 | /* | |
1282 | * Remove the temporary file... | |
1283 | */ | |
1284 | ||
1285 | unlink(form_file->tempfile); | |
1286 | ||
1287 | /* | |
1288 | * Free memory used... | |
1289 | */ | |
1290 | ||
1291 | free(form_file->name); | |
1292 | free(form_file->filename); | |
1293 | free(form_file->mimetype); | |
1294 | free(form_file); | |
1295 | ||
1296 | form_file = NULL; | |
1297 | } | |
1298 | } | |
1299 | ||
1300 | ||
1301 | /* | |
75bd9771 | 1302 | * End of "$Id: var.c 7460 2008-04-16 02:19:54Z mike $". |
ef416fc2 | 1303 | */ |