#include "first.h" #include "base.h" #include "log.h" #include "buffer.h" #include "fdevent.h" #include "http_header.h" #include "response.h" #include "connections.h" #include "plugin.h" #include "stat_cache.h" #include "sys-mmap.h" #include #include #include #include #include #include #include #include #include #if defined(HAVE_LIBXML_H) && defined(HAVE_SQLITE3_H) #define USE_PROPPATCH #include #include #include #endif #if defined(HAVE_LIBXML_H) && defined(HAVE_SQLITE3_H) \ && defined(HAVE_UUID) && defined(HAVE_UUID_UUID_H) #define USE_LOCKS #include #endif /** * this is a webdav for a lighttpd plugin * * at least a very basic one. * - for now it is read-only and we only support PROPFIND * */ #define WEBDAV_FILE_MODE S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH #define WEBDAV_DIR_MODE S_IRWXU | S_IRWXG | S_IRWXO /* plugin config for all request/connections */ typedef struct { unsigned short enabled; unsigned short is_readonly; unsigned short log_xml; buffer *sqlite_db_name; #ifdef USE_PROPPATCH sqlite3 *sql; sqlite3_stmt *stmt_update_prop; sqlite3_stmt *stmt_delete_prop; sqlite3_stmt *stmt_select_prop; sqlite3_stmt *stmt_select_propnames; sqlite3_stmt *stmt_delete_uri; sqlite3_stmt *stmt_move_uri; sqlite3_stmt *stmt_copy_uri; sqlite3_stmt *stmt_remove_lock; sqlite3_stmt *stmt_create_lock; sqlite3_stmt *stmt_read_lock; sqlite3_stmt *stmt_read_lock_by_uri; sqlite3_stmt *stmt_refresh_lock; #endif } plugin_config; typedef struct { PLUGIN_DATA; buffer *tmp_buf; request_uri uri; physical physical; plugin_config **config_storage; plugin_config conf; } plugin_data; typedef struct { plugin_config conf; } handler_ctx; /* init the plugin data */ INIT_FUNC(mod_webdav_init) { plugin_data *p; p = calloc(1, sizeof(*p)); p->tmp_buf = buffer_init(); p->uri.scheme = buffer_init(); p->uri.path = buffer_init(); p->uri.authority = buffer_init(); p->physical.path = buffer_init(); p->physical.rel_path = buffer_init(); p->physical.doc_root = buffer_init(); p->physical.basedir = buffer_init(); return p; } /* detroy the plugin data */ FREE_FUNC(mod_webdav_free) { plugin_data *p = p_d; UNUSED(srv); if (!p) return HANDLER_GO_ON; if (p->config_storage) { size_t i; for (i = 0; i < srv->config_context->used; i++) { plugin_config *s = p->config_storage[i]; if (NULL == s) continue; buffer_free(s->sqlite_db_name); #ifdef USE_PROPPATCH if (s->sql) { sqlite3_finalize(s->stmt_delete_prop); sqlite3_finalize(s->stmt_delete_uri); sqlite3_finalize(s->stmt_copy_uri); sqlite3_finalize(s->stmt_move_uri); sqlite3_finalize(s->stmt_update_prop); sqlite3_finalize(s->stmt_select_prop); sqlite3_finalize(s->stmt_select_propnames); sqlite3_finalize(s->stmt_read_lock); sqlite3_finalize(s->stmt_read_lock_by_uri); sqlite3_finalize(s->stmt_create_lock); sqlite3_finalize(s->stmt_remove_lock); sqlite3_finalize(s->stmt_refresh_lock); sqlite3_close(s->sql); } #endif free(s); } free(p->config_storage); } buffer_free(p->uri.scheme); buffer_free(p->uri.path); buffer_free(p->uri.authority); buffer_free(p->physical.path); buffer_free(p->physical.rel_path); buffer_free(p->physical.doc_root); buffer_free(p->physical.basedir); buffer_free(p->tmp_buf); free(p); return HANDLER_GO_ON; } /* handle plugin config and check values */ SETDEFAULTS_FUNC(mod_webdav_set_defaults) { plugin_data *p = p_d; size_t i = 0; config_values_t cv[] = { { "webdav.activate", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ { "webdav.is-readonly", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ { "webdav.sqlite-db-name", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ { "webdav.log-xml", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 3 */ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } }; if (!p) return HANDLER_ERROR; p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *)); for (i = 0; i < srv->config_context->used; i++) { data_config const* config = (data_config const*)srv->config_context->data[i]; plugin_config *s; s = calloc(1, sizeof(plugin_config)); s->sqlite_db_name = buffer_init(); cv[0].destination = &(s->enabled); cv[1].destination = &(s->is_readonly); cv[2].destination = s->sqlite_db_name; cv[3].destination = &(s->log_xml); p->config_storage[i] = s; if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { return HANDLER_ERROR; } if (!buffer_string_is_empty(s->sqlite_db_name)) { #ifdef USE_PROPPATCH const char *next_stmt; char *err; if (SQLITE_OK != sqlite3_open(s->sqlite_db_name->ptr, &(s->sql))) { log_error_write(srv, __FILE__, __LINE__, "sbs", "sqlite3_open failed for", s->sqlite_db_name, sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_exec(s->sql, "CREATE TABLE IF NOT EXISTS properties (" " resource TEXT NOT NULL," " prop TEXT NOT NULL," " ns TEXT NOT NULL," " value TEXT NOT NULL," " PRIMARY KEY(resource, prop, ns))", NULL, NULL, &err)) { if (0 != strcmp(err, "table properties already exists")) { log_error_write(srv, __FILE__, __LINE__, "ss", "can't open transaction:", err); sqlite3_free(err); return HANDLER_ERROR; } sqlite3_free(err); } if (SQLITE_OK != sqlite3_exec(s->sql, "CREATE TABLE IF NOT EXISTS locks (" " locktoken TEXT NOT NULL," " resource TEXT NOT NULL," " lockscope TEXT NOT NULL," " locktype TEXT NOT NULL," " owner TEXT NOT NULL," " depth INT NOT NULL," " timeout TIMESTAMP NOT NULL," " PRIMARY KEY(locktoken))", NULL, NULL, &err)) { if (0 != strcmp(err, "table locks already exists")) { log_error_write(srv, __FILE__, __LINE__, "ss", "can't open transaction:", err); sqlite3_free(err); return HANDLER_ERROR; } sqlite3_free(err); } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("SELECT value FROM properties WHERE resource = ? AND prop = ? AND ns = ?"), &(s->stmt_select_prop), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed:", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("SELECT ns, prop FROM properties WHERE resource = ?"), &(s->stmt_select_propnames), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed:", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("REPLACE INTO properties (resource, prop, ns, value) VALUES (?, ?, ?, ?)"), &(s->stmt_update_prop), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed:", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("DELETE FROM properties WHERE resource = ? AND prop = ? AND ns = ?"), &(s->stmt_delete_prop), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("DELETE FROM properties WHERE resource = ?"), &(s->stmt_delete_uri), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("INSERT INTO properties SELECT ?, prop, ns, value FROM properties WHERE resource = ?"), &(s->stmt_copy_uri), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("UPDATE OR REPLACE properties SET resource = ? WHERE resource = ?"), &(s->stmt_move_uri), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } /* LOCKS */ if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("INSERT INTO locks (locktoken, resource, lockscope, locktype, owner, depth, timeout) VALUES (?,?,?,?,?,?, CURRENT_TIME + 600)"), &(s->stmt_create_lock), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("DELETE FROM locks WHERE locktoken = ?"), &(s->stmt_remove_lock), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout-CURRENT_TIME FROM locks WHERE locktoken = ?"), &(s->stmt_read_lock), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout-CURRENT_TIME FROM locks WHERE resource = ?"), &(s->stmt_read_lock_by_uri), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } if (SQLITE_OK != sqlite3_prepare(s->sql, CONST_STR_LEN("UPDATE locks SET timeout = CURRENT_TIME + 600 WHERE locktoken = ?"), &(s->stmt_refresh_lock), &next_stmt)) { /* prepare failed */ log_error_write(srv, __FILE__, __LINE__, "ss", "sqlite3_prepare failed", sqlite3_errmsg(s->sql)); return HANDLER_ERROR; } #else log_error_write(srv, __FILE__, __LINE__, "s", "Sorry, no sqlite3 and libxml2 support include, compile with --with-webdav-props"); return HANDLER_ERROR; #endif } } return HANDLER_GO_ON; } #define PATCH_OPTION(x) \ p->conf.x = s->x; static int mod_webdav_patch_connection(server *srv, connection *con, plugin_data *p) { size_t i, j; plugin_config *s = p->config_storage[0]; PATCH_OPTION(enabled); PATCH_OPTION(is_readonly); PATCH_OPTION(log_xml); #ifdef USE_PROPPATCH PATCH_OPTION(sql); PATCH_OPTION(stmt_update_prop); PATCH_OPTION(stmt_delete_prop); PATCH_OPTION(stmt_select_prop); PATCH_OPTION(stmt_select_propnames); PATCH_OPTION(stmt_delete_uri); PATCH_OPTION(stmt_move_uri); PATCH_OPTION(stmt_copy_uri); PATCH_OPTION(stmt_remove_lock); PATCH_OPTION(stmt_refresh_lock); PATCH_OPTION(stmt_create_lock); PATCH_OPTION(stmt_read_lock); PATCH_OPTION(stmt_read_lock_by_uri); #endif /* skip the first, the global context */ for (i = 1; i < srv->config_context->used; i++) { data_config *dc = (data_config *)srv->config_context->data[i]; s = p->config_storage[i]; /* condition didn't match */ if (!config_check_cond(srv, con, dc)) continue; /* merge config */ for (j = 0; j < dc->value->used; j++) { data_unset *du = dc->value->data[j]; if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.activate"))) { PATCH_OPTION(enabled); } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.is-readonly"))) { PATCH_OPTION(is_readonly); } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.log-xml"))) { PATCH_OPTION(log_xml); } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("webdav.sqlite-db-name"))) { #ifdef USE_PROPPATCH PATCH_OPTION(sql); PATCH_OPTION(stmt_update_prop); PATCH_OPTION(stmt_delete_prop); PATCH_OPTION(stmt_select_prop); PATCH_OPTION(stmt_select_propnames); PATCH_OPTION(stmt_delete_uri); PATCH_OPTION(stmt_move_uri); PATCH_OPTION(stmt_copy_uri); PATCH_OPTION(stmt_remove_lock); PATCH_OPTION(stmt_refresh_lock); PATCH_OPTION(stmt_create_lock); PATCH_OPTION(stmt_read_lock); PATCH_OPTION(stmt_read_lock_by_uri); #endif } } } return 0; } URIHANDLER_FUNC(mod_webdav_uri_handler) { plugin_data *p = p_d; UNUSED(srv); if (buffer_is_empty(con->uri.path)) return HANDLER_GO_ON; mod_webdav_patch_connection(srv, con, p); if (!p->conf.enabled) return HANDLER_GO_ON; switch (con->request.http_method) { case HTTP_METHOD_OPTIONS: /* we fake a little bit but it makes MS W2k happy and it let's us mount the volume */ http_header_response_set(con, HTTP_HEADER_OTHER, CONST_STR_LEN("DAV"), CONST_STR_LEN("1,2")); http_header_response_set(con, HTTP_HEADER_OTHER, CONST_STR_LEN("MS-Author-Via"), CONST_STR_LEN("DAV")); if (p->conf.is_readonly) { http_header_response_append(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Allow"), CONST_STR_LEN("PROPFIND")); } else { http_header_response_append(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Allow"), CONST_STR_LEN("PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK, UNLOCK")); } break; default: break; } /* not found */ return HANDLER_GO_ON; } static int webdav_gen_prop_tag(server *srv, connection *con, char *prop_name, char *prop_ns, char *value, buffer *b) { UNUSED(srv); UNUSED(con); if (value) { buffer_append_string_len(b,CONST_STR_LEN("<")); buffer_append_string(b, prop_name); buffer_append_string_len(b, CONST_STR_LEN(" xmlns=\"")); buffer_append_string(b, prop_ns); buffer_append_string_len(b, CONST_STR_LEN("\">")); buffer_append_string(b, value); buffer_append_string_len(b,CONST_STR_LEN("")); } else { buffer_append_string_len(b,CONST_STR_LEN("<")); buffer_append_string(b, prop_name); buffer_append_string_len(b, CONST_STR_LEN(" xmlns=\"")); buffer_append_string(b, prop_ns); buffer_append_string_len(b, CONST_STR_LEN("\"/>")); } return 0; } static int webdav_gen_response_status_tag(server *srv, connection *con, physical *dst, int status, buffer *b) { UNUSED(srv); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_buffer(b, dst->rel_path); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); if (con->request.http_version == HTTP_VERSION_1_1) { buffer_copy_string_len(b, CONST_STR_LEN("HTTP/1.1 ")); } else { buffer_copy_string_len(b, CONST_STR_LEN("HTTP/1.0 ")); } http_status_append(b, status); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); return 0; } static int webdav_delete_file(server *srv, connection *con, handler_ctx *hctx, physical *dst, buffer *b) { int status = 0; /* try to unlink it */ if (-1 == unlink(dst->path->ptr)) { switch(errno) { case EACCES: case EPERM: /* 403 */ status = 403; break; default: status = 501; break; } webdav_gen_response_status_tag(srv, con, dst, status, b); } else { #ifdef USE_PROPPATCH sqlite3_stmt *stmt = hctx->conf.stmt_delete_uri; if (!stmt) { status = 403; webdav_gen_response_status_tag(srv, con, dst, status, b); } else { sqlite3_reset(stmt); /* bind the values to the insert */ sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(dst->rel_path), SQLITE_TRANSIENT); if (SQLITE_DONE != sqlite3_step(stmt)) { /* */ } } #else UNUSED(hctx); #endif } return (status != 0); } static int webdav_delete_dir(server *srv, connection *con, handler_ctx *hctx, physical *dst, buffer *b) { DIR *dir; int have_multi_status = 0; physical d; d.path = buffer_init(); d.rel_path = buffer_init(); if (NULL != (dir = opendir(dst->path->ptr))) { struct dirent *de; while(NULL != (de = readdir(dir))) { struct stat st; size_t nlen; if ((de->d_name[0] == '.' && de->d_name[1] == '\0') || (de->d_name[0] == '.' && de->d_name[1] == '.' && de->d_name[2] == '\0')) { continue; /* ignore the parent dir */ } nlen = strlen(de->d_name); buffer_copy_buffer(d.path, dst->path); buffer_append_path_len(d.path, de->d_name, nlen); buffer_copy_buffer(d.rel_path, dst->rel_path); buffer_append_path_len(d.rel_path, de->d_name, nlen); /* stat and unlink afterwards */ if (-1 == stat(d.path->ptr, &st)) { /* don't about it yet, rmdir will fail too */ } else if (S_ISDIR(st.st_mode)) { have_multi_status = webdav_delete_dir(srv, con, hctx, &d, b); /* try to unlink it */ if (-1 == rmdir(d.path->ptr)) { int status; switch(errno) { case EACCES: case EPERM: /* 403 */ status = 403; break; default: status = 501; break; } have_multi_status = 1; webdav_gen_response_status_tag(srv, con, &d, status, b); } else { #ifdef USE_PROPPATCH sqlite3_stmt *stmt = hctx->conf.stmt_delete_uri; if (stmt) { sqlite3_reset(stmt); /* bind the values to the insert */ sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(d.rel_path), SQLITE_TRANSIENT); if (SQLITE_DONE != sqlite3_step(stmt)) { /* */ } } #endif } } else { have_multi_status = webdav_delete_file(srv, con, hctx, &d, b); } } closedir(dir); buffer_free(d.path); buffer_free(d.rel_path); } return have_multi_status; } /* don't want to block when open()ing a fifo */ #if defined(O_NONBLOCK) # define FIFO_NONBLOCK O_NONBLOCK #else # define FIFO_NONBLOCK 0 #endif #ifndef O_BINARY #define O_BINARY 0 #endif static int webdav_copy_file(server *srv, connection *con, handler_ctx *hctx, physical *src, physical *dst, int overwrite) { char *data; ssize_t rd, wr, offset; int status = 0, ifd, ofd; UNUSED(srv); UNUSED(con); if (-1 == (ifd = open(src->path->ptr, O_RDONLY | O_BINARY | FIFO_NONBLOCK))) { return 403; } if (-1 == (ofd = open(dst->path->ptr, O_WRONLY|O_TRUNC|O_CREAT|(overwrite ? 0 : O_EXCL), WEBDAV_FILE_MODE))) { /* opening the destination failed for some reason */ switch(errno) { case EEXIST: status = 412; break; case EISDIR: status = 409; break; case ENOENT: /* at least one part in the middle wasn't existing */ status = 409; break; default: status = 403; break; } close(ifd); return status; } data = malloc(131072); force_assert(data); while (0 < (rd = read(ifd, data, 131072))) { offset = 0; do { wr = write(ofd, data+offset, (size_t)(rd-offset)); } while (wr >= 0 ? (offset += wr) != rd : (errno == EINTR)); if (-1 == wr) { status = (errno == ENOSPC) ? 507 : 403; break; } } if (0 != rd && 0 == status) status = 403; free(data); close(ifd); if (0 != close(ofd)) { if (0 == status) status = (errno == ENOSPC) ? 507 : 403; log_error_write(srv, __FILE__, __LINE__, "sbss", "close ", dst->path, "failed: ", strerror(errno)); } #ifdef USE_PROPPATCH if (0 == status) { /* copy worked fine, copy connected properties */ sqlite3_stmt *stmt = hctx->conf.stmt_copy_uri; if (stmt) { sqlite3_reset(stmt); /* bind the values to the insert */ sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(dst->rel_path), SQLITE_TRANSIENT); sqlite3_bind_text(stmt, 2, CONST_BUF_LEN(src->rel_path), SQLITE_TRANSIENT); if (SQLITE_DONE != sqlite3_step(stmt)) { /* */ } } } #else UNUSED(hctx); #endif return status; } static int webdav_copy_dir(server *srv, connection *con, handler_ctx *hctx, physical *src, physical *dst, int overwrite) { DIR *srcdir; int status = 0; if (NULL != (srcdir = opendir(src->path->ptr))) { struct dirent *de; physical s, d; s.path = buffer_init(); s.rel_path = buffer_init(); d.path = buffer_init(); d.rel_path = buffer_init(); while (NULL != (de = readdir(srcdir))) { struct stat st; size_t nlen; if ((de->d_name[0] == '.' && de->d_name[1] == '\0') || (de->d_name[0] == '.' && de->d_name[1] == '.' && de->d_name[2] == '\0')) { continue; } nlen = strlen(de->d_name); buffer_copy_buffer(s.path, src->path); buffer_append_path_len(s.path, de->d_name, nlen); buffer_copy_buffer(d.path, dst->path); buffer_append_path_len(d.path, de->d_name, nlen); buffer_copy_buffer(s.rel_path, src->rel_path); buffer_append_path_len(s.rel_path, de->d_name, nlen); buffer_copy_buffer(d.rel_path, dst->rel_path); buffer_append_path_len(d.rel_path, de->d_name, nlen); if (-1 == stat(s.path->ptr, &st)) { /* why ? */ } else if (S_ISDIR(st.st_mode)) { /* a directory */ if (-1 == mkdir(d.path->ptr, WEBDAV_DIR_MODE) && errno != EEXIST) { /* WTH ? */ } else { #ifdef USE_PROPPATCH sqlite3_stmt *stmt = hctx->conf.stmt_copy_uri; if (0 != (status = webdav_copy_dir(srv, con, hctx, &s, &d, overwrite))) { break; } /* directory is copied, copy the properties too */ if (stmt) { sqlite3_reset(stmt); /* bind the values to the insert */ sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(dst->rel_path), SQLITE_TRANSIENT); sqlite3_bind_text(stmt, 2, CONST_BUF_LEN(src->rel_path), SQLITE_TRANSIENT); if (SQLITE_DONE != sqlite3_step(stmt)) { /* */ } } #endif } } else if (S_ISREG(st.st_mode)) { /* a plain file */ if (0 != (status = webdav_copy_file(srv, con, hctx, &s, &d, overwrite))) { break; } } } buffer_free(s.path); buffer_free(s.rel_path); buffer_free(d.path); buffer_free(d.rel_path); closedir(srcdir); } return status; } #ifdef USE_LOCKS static void webdav_activelock(buffer *b, const buffer *locktoken, const char *lockscope, const char *locktype, int depth, int timeout) { buffer_append_string_len(b, CONST_STR_LEN("\n")); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_len(b, CONST_STR_LEN("\n")); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_len(b, CONST_STR_LEN("\n")); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string(b, depth == 0 ? "0" : "infinity"); buffer_append_string_len(b, CONST_STR_LEN("\n")); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_len(b, CONST_STR_LEN("Second-")); buffer_append_int(b, timeout); buffer_append_string_len(b, CONST_STR_LEN("\n")); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_len(b, CONST_STR_LEN("\n")); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_buffer(b, locktoken); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_len(b, CONST_STR_LEN("\n")); buffer_append_string_len(b, CONST_STR_LEN("\n")); } static void webdav_get_live_property_lockdiscovery(server *srv, connection *con, handler_ctx *hctx, physical *dst, buffer *b) { sqlite3_stmt *stmt = hctx->conf.stmt_read_lock_by_uri; if (!stmt) { /*(should not happen)*/ buffer_append_string_len(b, CONST_STR_LEN("\n\n")); return; } UNUSED(srv); UNUSED(con); /* SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout * FROM locks * WHERE resource = ? */ sqlite3_reset(stmt); sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(dst->rel_path), SQLITE_TRANSIENT); buffer_append_string_len(b, CONST_STR_LEN("\n")); while (SQLITE_ROW == sqlite3_step(stmt)) { const char *lockscope = (const char *)sqlite3_column_text(stmt, 2); const char *locktype = (const char *)sqlite3_column_text(stmt, 3); const int depth = sqlite3_column_int(stmt, 5); const int timeout = sqlite3_column_int(stmt, 6); buffer locktoken = { NULL, 0, 0 }; locktoken.ptr = (char *)sqlite3_column_text(stmt, 0); locktoken.used = sqlite3_column_bytes(stmt, 0); if (locktoken.used) ++locktoken.used; locktoken.size = locktoken.used; if (timeout > 0) { webdav_activelock(b, &locktoken, lockscope, locktype, depth, timeout); } } buffer_append_string_len(b, CONST_STR_LEN("\n")); } #endif static int webdav_get_live_property(server *srv, connection *con, handler_ctx *hctx, physical *dst, char *prop_name, buffer *b) { stat_cache_entry *sce = NULL; int found = 0; UNUSED(hctx); if (HANDLER_ERROR != (stat_cache_get_entry(srv, con, dst->path, &sce))) { char ctime_buf[] = "2005-08-18T07:27:16Z"; char mtime_buf[] = "Thu, 18 Aug 2005 07:27:16 GMT"; if (0 == strcmp(prop_name, "resourcetype")) { if (S_ISDIR(sce->st.st_mode)) { buffer_append_string_len(b, CONST_STR_LEN("")); } else { buffer_append_string_len(b, CONST_STR_LEN("")); } found = 1; } else if (0 == strcmp(prop_name, "getcontenttype")) { if (S_ISDIR(sce->st.st_mode)) { buffer_append_string_len(b, CONST_STR_LEN("httpd/unix-directory")); found = 1; } else if(S_ISREG(sce->st.st_mode)) { const buffer *type = stat_cache_mimetype_by_ext(con, CONST_BUF_LEN(dst->path)); if (NULL != type) { buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_buffer(b, type); buffer_append_string_len(b, CONST_STR_LEN("")); found = 1; } } } else if (0 == strcmp(prop_name, "creationdate")) { buffer_append_string_len(b, CONST_STR_LEN("")); strftime(ctime_buf, sizeof(ctime_buf), "%Y-%m-%dT%H:%M:%SZ", gmtime(&(sce->st.st_ctime))); buffer_append_string(b, ctime_buf); buffer_append_string_len(b, CONST_STR_LEN("")); found = 1; } else if (0 == strcmp(prop_name, "getlastmodified")) { buffer_append_string_len(b,CONST_STR_LEN("")); strftime(mtime_buf, sizeof(mtime_buf), "%a, %d %b %Y %H:%M:%S GMT", gmtime(&(sce->st.st_mtime))); buffer_append_string(b, mtime_buf); buffer_append_string_len(b, CONST_STR_LEN("")); found = 1; } else if (0 == strcmp(prop_name, "getcontentlength")) { buffer_append_string_len(b,CONST_STR_LEN("")); buffer_append_int(b, sce->st.st_size); buffer_append_string_len(b, CONST_STR_LEN("")); found = 1; } else if (0 == strcmp(prop_name, "getcontentlanguage")) { buffer_append_string_len(b,CONST_STR_LEN("")); buffer_append_string_len(b, CONST_STR_LEN("en")); buffer_append_string_len(b, CONST_STR_LEN("")); found = 1; } else if (0 == strcmp(prop_name, "getetag")) { etag_create(con->physical.etag, &sce->st, con->etag_flags); etag_mutate(con->physical.etag, con->physical.etag); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_append_string_buffer(b, con->physical.etag); buffer_append_string_len(b, CONST_STR_LEN("")); buffer_clear(con->physical.etag); found = 1; #ifdef USE_LOCKS } else if (0 == strcmp(prop_name, "lockdiscovery")) { webdav_get_live_property_lockdiscovery(srv, con, hctx, dst, b); found = 1; } else if (0 == strcmp(prop_name, "supportedlock")) { buffer_append_string_len(b,CONST_STR_LEN("")); buffer_append_string_len(b,CONST_STR_LEN("")); buffer_append_string_len(b,CONST_STR_LEN("")); buffer_append_string_len(b,CONST_STR_LEN("")); buffer_append_string_len(b,CONST_STR_LEN("")); buffer_append_string_len(b, CONST_STR_LEN("")); found = 1; #endif } } return found ? 0 : -1; } static int webdav_get_property(server *srv, connection *con, handler_ctx *hctx, physical *dst, char *prop_name, char *prop_ns, buffer *b) { if (0 == strcmp(prop_ns, "DAV:")) { /* a local 'live' property */ return webdav_get_live_property(srv, con, hctx, dst, prop_name, b); } else { int found = 0; #ifdef USE_PROPPATCH sqlite3_stmt *stmt = hctx->conf.stmt_select_prop; if (stmt) { /* perhaps it is in sqlite3 */ sqlite3_reset(stmt); /* bind the values to the insert */ sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(dst->rel_path), SQLITE_TRANSIENT); sqlite3_bind_text(stmt, 2, prop_name, strlen(prop_name), SQLITE_TRANSIENT); sqlite3_bind_text(stmt, 3, prop_ns, strlen(prop_ns), SQLITE_TRANSIENT); /* it is the PK */ while (SQLITE_ROW == sqlite3_step(stmt)) { /* there is a row for us, we only expect a single col 'value' */ webdav_gen_prop_tag(srv, con, prop_name, prop_ns, (char *)sqlite3_column_text(stmt, 0), b); found = 1; } } #endif return found ? 0 : -1; } /* not found */ return -1; } typedef struct { char *ns; char *prop; } webdav_property; static webdav_property live_properties[] = { { "DAV:", "creationdate" }, /*{ "DAV:", "displayname" },*//*(not implemented)*/ { "DAV:", "getcontentlanguage" }, { "DAV:", "getcontentlength" }, { "DAV:", "getcontenttype" }, { "DAV:", "getetag" }, { "DAV:", "getlastmodified" }, { "DAV:", "resourcetype" }, /*{ "DAV:", "source" },*//*(not implemented)*/ #ifdef USE_LOCKS { "DAV:", "lockdiscovery" }, { "DAV:", "supportedlock" }, #endif { NULL, NULL } }; typedef struct { webdav_property **ptr; size_t used; size_t size; } webdav_properties; static int webdav_get_props(server *srv, connection *con, handler_ctx *hctx, physical *dst, webdav_properties *props, buffer *b_200, buffer *b_404) { size_t i; if (props && props->used) { for (i = 0; i < props->used; i++) { webdav_property *prop; prop = props->ptr[i]; if (0 != webdav_get_property(srv, con, hctx, dst, prop->prop, prop->ns, b_200)) { webdav_gen_prop_tag(srv, con, prop->prop, prop->ns, NULL, b_404); } } } else { for (i = 0; live_properties[i].prop; i++) { /* a local 'live' property */ webdav_get_live_property(srv, con, hctx, dst, live_properties[i].prop, b_200); } } return 0; } #ifdef USE_PROPPATCH static int webdav_parse_chunkqueue(server *srv, connection *con, handler_ctx *hctx, chunkqueue *cq, xmlDoc **ret_xml) { xmlParserCtxtPtr ctxt; xmlDoc *xml; int res; int err; chunk *c; UNUSED(con); /* read the chunks in to the XML document */ ctxt = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL); for (c = cq->first; cq->bytes_out != cq->bytes_in; c = cq->first) { size_t weWant = cq->bytes_out - cq->bytes_in; size_t weHave; int mapped; void *data; switch(c->type) { case FILE_CHUNK: weHave = c->file.length - c->offset; if (weHave > weWant) weHave = weWant; /* xml chunks are always memory, mmap() is our friend */ mapped = (c->file.mmap.start != MAP_FAILED); if (mapped) { data = c->file.mmap.start + c->offset; } else { if (-1 == c->file.fd && /* open the file if not already open */ -1 == (c->file.fd = fdevent_open_cloexec(c->mem->ptr, O_RDONLY, 0))) { log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno)); return -1; } if (MAP_FAILED != (c->file.mmap.start = mmap(0, c->file.length, PROT_READ, MAP_PRIVATE, c->file.fd, 0))) { /* chunk_reset() or chunk_free() will cleanup for us */ c->file.mmap.length = c->file.length; data = c->file.mmap.start + c->offset; mapped = 1; } else { ssize_t rd; if (weHave > 65536) weHave = 65536; data = malloc(weHave); force_assert(data); if (-1 == lseek(c->file.fd, c->file.start + c->offset, SEEK_SET) || 0 > (rd = read(c->file.fd, data, weHave))) { log_error_write(srv, __FILE__, __LINE__, "ssbd", "lseek/read failed: ", strerror(errno), c->mem, c->file.fd); free(data); return -1; } weHave = (size_t)rd; } } if (XML_ERR_OK != (err = xmlParseChunk(ctxt, data, weHave, 0))) { log_error_write(srv, __FILE__, __LINE__, "sodd", "xmlParseChunk failed at:", cq->bytes_out, weHave, err); } chunkqueue_mark_written(cq, weHave); if (!mapped) free(data); break; case MEM_CHUNK: /* append to the buffer */ weHave = buffer_string_length(c->mem) - c->offset; if (weHave > weWant) weHave = weWant; if (hctx->conf.log_xml) { log_error_write(srv, __FILE__, __LINE__, "ss", "XML-request-body:", c->mem->ptr + c->offset); } if (XML_ERR_OK != (err = xmlParseChunk(ctxt, c->mem->ptr + c->offset, weHave, 0))) { log_error_write(srv, __FILE__, __LINE__, "sodd", "xmlParseChunk failed at:", cq->bytes_out, weHave, err); } chunkqueue_mark_written(cq, weHave); break; } } switch ((err = xmlParseChunk(ctxt, 0, 0, 1))) { case XML_ERR_DOCUMENT_END: case XML_ERR_OK: break; default: log_error_write(srv, __FILE__, __LINE__, "sd", "xmlParseChunk failed at final packet:", err); break; } xml = ctxt->myDoc; res = ctxt->wellFormed; xmlFreeParserCtxt(ctxt); if (res == 0) { xmlFreeDoc(xml); } else { *ret_xml = xml; } return res; } #endif #ifdef USE_LOCKS static int webdav_lockdiscovery(connection *con, buffer *locktoken, const char *lockscope, const char *locktype, int depth) { buffer *b = chunkqueue_append_buffer_open(con->write_queue); http_header_response_set(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Lock-Token"), CONST_BUF_LEN(locktoken)); http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/xml; charset=\"utf-8\"")); buffer_copy_string_len(b, CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); webdav_activelock(b, locktoken, lockscope, locktype, depth, 600); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); chunkqueue_append_buffer_commit(con->write_queue); return 0; } #endif /** * check if resource is having the right locks to access to resource * * * */ static int webdav_has_lock(server *srv, connection *con, handler_ctx *hctx, buffer *uri) { int has_lock = 1; #ifdef USE_LOCKS buffer *vb; UNUSED(srv); /** * This implementation is more fake than real * we need a parser for the If: header to really handle the full scope * * X-Litmus: locks: 11 (owner_modify) * If: () * - a tagged check: * if http://127.0.0.1:1025/dav/litmus/lockme is locked with * opaquelocktoken:2165478d-0611-49c4-be92-e790d68a38f1, go on * * X-Litmus: locks: 16 (fail_cond_put) * If: ( ["-1622396671"]) * - untagged: * go on if the resource has the etag [...] and the lock */ if (NULL != (vb = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("If")))) { /* Ooh, ooh. A if tag, now the fun begins. * * this can only work with a real parser **/ } else { /* we didn't provided a lock-token -> */ /* if the resource is locked -> 423 */ sqlite3_stmt *stmt = hctx->conf.stmt_read_lock_by_uri; sqlite3_reset(stmt); sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(uri), SQLITE_TRANSIENT); while (SQLITE_ROW == sqlite3_step(stmt)) { has_lock = 0; } } #else UNUSED(srv); UNUSED(con); UNUSED(hctx); UNUSED(uri); #endif return has_lock; } static int mod_webdav_depth(connection *con) { buffer *b = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Depth")); if (NULL != b && 1 == buffer_string_length(b)) { if (b->ptr[0] == '0') return 0; if (b->ptr[0] == '1') return 1; } return -1; /* (Depth: infinity) */ } static handler_t mod_webdav_propfind(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) { buffer *b; DIR *dir; int depth = mod_webdav_depth(con); struct stat st; buffer *prop_200; buffer *prop_404; webdav_properties *req_props; stat_cache_entry *sce = NULL; /* they want to know the properties of the directory */ req_props = NULL; /* is there a content-body ? */ switch (stat_cache_get_entry(srv, con, con->physical.path, &sce)) { case HANDLER_ERROR: if (errno == ENOENT) { con->http_status = 404; return HANDLER_FINISHED; } else if (errno == EACCES) { con->http_status = 403; return HANDLER_FINISHED; } else { con->http_status = 500; return HANDLER_FINISHED; } break; default: break; } if (S_ISDIR(sce->st.st_mode) && con->physical.path->ptr[buffer_string_length(con->physical.path)-1] != '/') { http_response_redirect_to_directory(srv, con); return HANDLER_FINISHED; } #ifdef USE_PROPPATCH /* any special requests or just allprop ? */ if (con->request.content_length) { xmlDocPtr xml; if (con->state == CON_STATE_READ_POST) { handler_t r = connection_handle_read_post_state(srv, con); if (r != HANDLER_GO_ON) return r; } if (1 == webdav_parse_chunkqueue(srv, con, hctx, con->request_content_queue, &xml)) { xmlNode *rootnode = xmlDocGetRootElement(xml); force_assert(rootnode); if (0 == xmlStrcmp(rootnode->name, BAD_CAST "propfind")) { xmlNode *cmd; req_props = calloc(1, sizeof(*req_props)); for (cmd = rootnode->children; cmd; cmd = cmd->next) { if (0 == xmlStrcmp(cmd->name, BAD_CAST "prop")) { /* get prop by name */ xmlNode *prop; for (prop = cmd->children; prop; prop = prop->next) { if (prop->type == XML_TEXT_NODE) continue; /* ignore WS */ if (prop->ns && (0 == xmlStrcmp(prop->ns->href, BAD_CAST "")) && (0 != xmlStrcmp(prop->ns->prefix, BAD_CAST ""))) { size_t i; log_error_write(srv, __FILE__, __LINE__, "ss", "no name space for:", prop->name); xmlFreeDoc(xml); for (i = 0; i < req_props->used; i++) { free(req_props->ptr[i]->ns); free(req_props->ptr[i]->prop); free(req_props->ptr[i]); } free(req_props->ptr); free(req_props); con->http_status = 400; return HANDLER_FINISHED; } /* add property to requested list */ if (req_props->size == 0) { req_props->size = 16; req_props->ptr = malloc(sizeof(*(req_props->ptr)) * req_props->size); } else if (req_props->used == req_props->size) { req_props->size += 16; req_props->ptr = realloc(req_props->ptr, sizeof(*(req_props->ptr)) * req_props->size); } req_props->ptr[req_props->used] = malloc(sizeof(webdav_property)); req_props->ptr[req_props->used]->ns = (char *)xmlStrdup(prop->ns ? prop->ns->href : (xmlChar *)""); req_props->ptr[req_props->used]->prop = (char *)xmlStrdup(prop->name); req_props->used++; } } else if (0 == xmlStrcmp(cmd->name, BAD_CAST "propname")) { sqlite3_stmt *stmt = p->conf.stmt_select_propnames; if (stmt) { /* get all property names (EMPTY) */ sqlite3_reset(stmt); /* bind the values to the insert */ sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(con->uri.path), SQLITE_TRANSIENT); if (SQLITE_DONE != sqlite3_step(stmt)) { } } } else if (0 == xmlStrcmp(cmd->name, BAD_CAST "allprop")) { /* get all properties (EMPTY) */ } } } xmlFreeDoc(xml); } else { con->http_status = 400; return HANDLER_FINISHED; } } #endif con->http_status = 207; http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/xml; charset=\"utf-8\"")); b = chunkqueue_append_buffer_open(con->write_queue); buffer_copy_string_len(b, CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); /* allprop */ prop_200 = buffer_init(); prop_404 = buffer_init(); { /* Depth: 0 or Depth: 1 */ webdav_get_props(srv, con, hctx, &(con->physical), req_props, prop_200, prop_404); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("")); buffer_append_string_buffer(b, con->uri.scheme); buffer_append_string_len(b,CONST_STR_LEN("://")); buffer_append_string_buffer(b, con->uri.authority); buffer_append_string_encoded(b, CONST_BUF_LEN(con->uri.path), ENCODING_REL_URI); buffer_append_string_len(b,CONST_STR_LEN("\n")); if (!buffer_string_is_empty(prop_200)) { buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_buffer(b, prop_200); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("HTTP/1.1 200 OK\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); } if (!buffer_string_is_empty(prop_404)) { buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_buffer(b, prop_404); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("HTTP/1.1 404 Not Found\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); } buffer_append_string_len(b,CONST_STR_LEN("\n")); } if (depth == 1) { if (NULL != (dir = opendir(con->physical.path->ptr))) { struct dirent *de; physical d; physical *dst = &(con->physical); d.path = buffer_init(); d.rel_path = buffer_init(); while(NULL != (de = readdir(dir))) { size_t nlen; if (de->d_name[0] == '.' && (de->d_name[1] == '\0' || (de->d_name[1] == '.' && de->d_name[2] == '\0'))) { continue; /* ignore the parent and target dir */ } nlen = strlen(de->d_name); buffer_copy_buffer(d.path, dst->path); buffer_append_path_len(d.path, de->d_name, nlen); buffer_copy_buffer(d.rel_path, dst->rel_path); buffer_append_path_len(d.rel_path, de->d_name, nlen); buffer_clear(prop_200); buffer_clear(prop_404); webdav_get_props(srv, con, hctx, &d, req_props, prop_200, prop_404); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("")); buffer_append_string_buffer(b, con->uri.scheme); buffer_append_string_len(b,CONST_STR_LEN("://")); buffer_append_string_buffer(b, con->uri.authority); buffer_append_string_encoded(b, CONST_BUF_LEN(d.rel_path), ENCODING_REL_URI); if (0 == stat(d.path->ptr, &st) && S_ISDIR(st.st_mode)) { /* Append a '/' on subdirectories */ buffer_append_string_len(b,CONST_STR_LEN("/")); } buffer_append_string_len(b,CONST_STR_LEN("\n")); if (!buffer_string_is_empty(prop_200)) { buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_buffer(b, prop_200); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("HTTP/1.1 200 OK\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); } if (!buffer_string_is_empty(prop_404)) { buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_buffer(b, prop_404); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("HTTP/1.1 404 Not Found\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); } buffer_append_string_len(b,CONST_STR_LEN("\n")); } closedir(dir); buffer_free(d.path); buffer_free(d.rel_path); } } if (req_props) { size_t i; for (i = 0; i < req_props->used; i++) { free(req_props->ptr[i]->ns); free(req_props->ptr[i]->prop); free(req_props->ptr[i]); } free(req_props->ptr); free(req_props); } buffer_free(prop_200); buffer_free(prop_404); buffer_append_string_len(b,CONST_STR_LEN("\n")); if (p->conf.log_xml) { log_error_write(srv, __FILE__, __LINE__, "sb", "XML-response-body:", b); } chunkqueue_append_buffer_commit(con->write_queue); con->file_finished = 1; return HANDLER_FINISHED; } static handler_t mod_webdav_mkcol(connection *con, plugin_data *p) { if (p->conf.is_readonly) { con->http_status = 403; return HANDLER_FINISHED; } if (con->request.content_length != 0) { /* we don't support MKCOL with a body */ con->http_status = 415; return HANDLER_FINISHED; } /* let's create the directory */ if (-1 == mkdir(con->physical.path->ptr, WEBDAV_DIR_MODE)) { switch(errno) { case EPERM: con->http_status = 403; break; case ENOENT: case ENOTDIR: con->http_status = 409; break; case EEXIST: default: con->http_status = 405; /* not allowed */ break; } } else { con->http_status = 201; con->file_finished = 1; } return HANDLER_FINISHED; } static handler_t mod_webdav_delete(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) { struct stat st; if (p->conf.is_readonly) { con->http_status = 403; return HANDLER_FINISHED; } /* does the client have a lock for this connection ? */ if (!webdav_has_lock(srv, con, hctx, con->uri.path)) { con->http_status = 423; return HANDLER_FINISHED; } /* stat and unlink afterwards */ if (-1 == stat(con->physical.path->ptr, &st)) { /* don't about it yet, unlink will fail too */ switch(errno) { case ENOENT: con->http_status = 404; break; default: con->http_status = 403; break; } } else if (S_ISDIR(st.st_mode)) { buffer *multi_status_resp; if (con->physical.path->ptr[buffer_string_length(con->physical.path)-1] != '/') { http_response_redirect_to_directory(srv, con); return HANDLER_FINISHED; } multi_status_resp = buffer_init(); if (webdav_delete_dir(srv, con, hctx, &(con->physical), multi_status_resp)) { /* we got an error somewhere in between, build a 207 */ buffer *b; http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/xml; charset=\"utf-8\"")); b = chunkqueue_append_buffer_open(con->write_queue); buffer_copy_string_len(b, CONST_STR_LEN("\n")); buffer_append_string_len(b,CONST_STR_LEN("\n")); buffer_append_string_buffer(b, multi_status_resp); buffer_append_string_len(b,CONST_STR_LEN("\n")); if (p->conf.log_xml) { log_error_write(srv, __FILE__, __LINE__, "sb", "XML-response-body:", b); } chunkqueue_append_buffer_commit(con->write_queue); con->http_status = 207; con->file_finished = 1; } else { /* everything went fine, remove the directory */ if (-1 == rmdir(con->physical.path->ptr)) { switch(errno) { case EPERM: con->http_status = 403; break; case ENOENT: con->http_status = 404; break; default: con->http_status = 501; break; } } else { con->http_status = 204; } } buffer_free(multi_status_resp); } else if (-1 == unlink(con->physical.path->ptr)) { switch(errno) { case EPERM: con->http_status = 403; break; case ENOENT: con->http_status = 404; break; default: con->http_status = 501; break; } } else { con->http_status = 204; } return HANDLER_FINISHED; } static handler_t mod_webdav_put(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) { buffer *b; int fd; chunkqueue *cq = con->request_content_queue; chunk *c; if (p->conf.is_readonly) { con->http_status = 403; return HANDLER_FINISHED; } /* is a exclusive lock set on the source */ /* (check for lock once before potentially reading large input) */ if (0 == cq->bytes_in && !webdav_has_lock(srv, con, hctx, con->uri.path)) { con->http_status = 423; return HANDLER_FINISHED; } if (con->state == CON_STATE_READ_POST) { handler_t r = connection_handle_read_post_state(srv, con); if (r != HANDLER_GO_ON) return r; } /* RFC2616 Section 9.6 PUT requires us to send 501 on all Content-* we don't support * - most important Content-Range * * * Example: Content-Range: bytes 100-1037/1038 */ if (NULL != (b = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Content-Range")))) { const char *num = b->ptr; off_t offset; char *err = NULL; if (0 != strncmp(num, "bytes ", 6)) { con->http_status = 501; /* not implemented */ return HANDLER_FINISHED; } /* we only support - ... */ num += 6; /* skip WS */ while (*num == ' ' || *num == '\t') num++; if (*num == '\0') { con->http_status = 501; /* not implemented */ return HANDLER_FINISHED; } offset = strtoll(num, &err, 10); if (*err != '-' || offset < 0) { con->http_status = 501; /* not implemented */ return HANDLER_FINISHED; } if (-1 == (fd = open(con->physical.path->ptr, O_WRONLY, WEBDAV_FILE_MODE))) { switch (errno) { case ENOENT: con->http_status = 404; /* not found */ break; default: con->http_status = 403; /* not found */ break; } return HANDLER_FINISHED; } if (-1 == lseek(fd, offset, SEEK_SET)) { con->http_status = 501; /* not implemented */ close(fd); return HANDLER_FINISHED; } con->http_status = 200; /* modified */ } else { /* take what we have in the request-body and write it to a file */ /* if the file doesn't exist, create it */ if (-1 == (fd = open(con->physical.path->ptr, O_WRONLY|O_TRUNC, WEBDAV_FILE_MODE))) { if (errno != ENOENT || -1 == (fd = open(con->physical.path->ptr, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, WEBDAV_FILE_MODE))) { /* we can't open the file */ con->http_status = 403; return HANDLER_FINISHED; } else { con->http_status = 201; /* created */ } } else { con->http_status = 200; /* modified */ } } con->file_finished = 1; for (c = cq->first; c; c = cq->first) { int r = 0; int mapped; void *data; size_t dlen; /* copy all chunks */ switch(c->type) { case FILE_CHUNK: mapped = (c->file.mmap.start != MAP_FAILED); dlen = c->file.length - c->offset; if (mapped) { data = c->file.mmap.start + c->offset; } else { if (-1 == c->file.fd && /* open the file if not already open */ -1 == (c->file.fd = fdevent_open_cloexec(c->mem->ptr, O_RDONLY, 0))) { log_error_write(srv, __FILE__, __LINE__, "ss", "open failed: ", strerror(errno)); close(fd); return HANDLER_ERROR; } if (MAP_FAILED != (c->file.mmap.start = mmap(NULL, c->file.length, PROT_READ, MAP_PRIVATE, c->file.fd, 0))) { /* chunk_reset() or chunk_free() will cleanup for us */ c->file.mmap.length = c->file.length; data = c->file.mmap.start + c->offset; mapped = 1; } else { ssize_t rd; if (dlen > 65536) dlen = 65536; data = malloc(dlen); force_assert(data); if (-1 == lseek(c->file.fd, c->file.start + c->offset, SEEK_SET) || 0 > (rd = read(c->file.fd, data, dlen))) { log_error_write(srv, __FILE__, __LINE__, "ssbd", "lseek/read failed: ", strerror(errno), c->mem, c->file.fd); free(data); close(fd); return HANDLER_ERROR; } dlen = (size_t)rd; } } if ((r = write(fd, data, dlen)) < 0) { switch(errno) { case ENOSPC: con->http_status = 507; break; default: con->http_status = 403; break; } } if (!mapped) free(data); break; case MEM_CHUNK: if ((r = write(fd, c->mem->ptr + c->offset, buffer_string_length(c->mem) - c->offset)) < 0) { switch(errno) { case ENOSPC: con->http_status = 507; break; default: con->http_status = 403; break; } } break; } if (r > 0) { chunkqueue_mark_written(cq, r); } else { break; } } if (0 != close(fd)) { log_error_write(srv, __FILE__, __LINE__, "sbss", "close ", con->physical.path, "failed: ", strerror(errno)); return HANDLER_ERROR; } return HANDLER_FINISHED; } static handler_t mod_webdav_copymove(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) { buffer *b; struct stat st; buffer *destination = NULL; char *sep, *sep2, *start; int overwrite = 1; if (p->conf.is_readonly) { con->http_status = 403; return HANDLER_FINISHED; } /* is a exclusive lock set on the source */ if (con->request.http_method == HTTP_METHOD_MOVE) { if (!webdav_has_lock(srv, con, hctx, con->uri.path)) { con->http_status = 423; return HANDLER_FINISHED; } } if (NULL == (destination = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Destination")))) { con->http_status = 400; return HANDLER_FINISHED; } if (NULL != (b = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Overwrite")))) { if (buffer_string_length(b) != 1 || (b->ptr[0] != 'F' && b->ptr[0] != 'T') ) { con->http_status = 400; return HANDLER_FINISHED; } overwrite = (b->ptr[0] == 'F' ? 0 : 1); } /* let's parse the Destination * * http://127.0.0.1:1025/dav/litmus/copydest * * - host has to be the same as the Host: header we got * - we have to stay inside the document root * - the query string is thrown away * */ start = destination->ptr; sep = start + buffer_string_length(con->uri.scheme); if (0 != strncmp(start, con->uri.scheme->ptr, sep - start) || sep[0] != ':' || sep[1] != '/' || sep[2] != '/') { con->http_status = 400; return HANDLER_FINISHED; } buffer_copy_buffer(p->uri.scheme, con->uri.scheme); /*(unused?)*/ start = sep + 3; if (NULL == (sep = strchr(start, '/'))) { con->http_status = 400; return HANDLER_FINISHED; } if (NULL != (sep2 = memchr(start, '@', sep - start))) { /* skip login information */ start = sep2 + 1; } buffer_copy_string_len(p->uri.authority, start, sep - start); start = sep + 1; if (NULL == (sep = strchr(start, '?'))) { /* no query string, good */ buffer_copy_string(p->uri.path, start); } else { buffer_copy_string_len(p->uri.path, start, sep - start); } if (!buffer_is_equal(p->uri.authority, con->uri.authority)) { /* not the same host */ con->http_status = 502; return HANDLER_FINISHED; } buffer_urldecode_path(p->uri.path); if (!buffer_is_valid_UTF8(p->uri.path)) { /* invalid UTF-8 after url-decode */ con->http_status = 400; return HANDLER_FINISHED; } buffer_path_simplify(p->uri.path, p->uri.path); if (buffer_string_is_empty(p->uri.path) || p->uri.path->ptr[0] != '/') { con->http_status = 400; return HANDLER_FINISHED; } /* we now have a URI which is clean. transform it into a physical path */ buffer_copy_buffer(p->physical.doc_root, con->physical.doc_root); buffer_copy_buffer(p->physical.rel_path, p->uri.path); if (con->conf.force_lowercase_filenames) { buffer_to_lower(p->physical.rel_path); } /* Destination physical path * src con->physical.path might have been remapped with mod_alias. * (but mod_alias does not modify con->physical.rel_path) * Find matching prefix to support use of mod_alias to remap webdav root. * Aliasing of paths underneath the webdav root might not work. * Likewise, mod_rewrite URL rewriting might thwart this comparison. * Use mod_redirect instead of mod_alias to remap paths *under* webdav root. * Use mod_redirect instead of mod_rewrite on *any* parts of path to webdav. * (Related, use mod_auth to protect webdav root, but avoid attempting to * use mod_auth on paths underneath webdav root, as Destination is not * validated with mod_auth) * * tl;dr: webdav paths and webdav properties are managed by mod_webdav, * so do not modify paths externally or else undefined behavior * or corruption may occur */ { /* find matching URI prefix * check if remaining con->physical.rel_path matches suffix * of con->physical.basedir so that we can use it to * remap Destination physical path */ size_t i, remain; sep = con->uri.path->ptr; sep2 = p->uri.path->ptr; for (i = 0; sep[i] && sep[i] == sep2[i]; ++i) ; if (sep[i] == '\0' && (sep2[i] == '\0' || sep2[i] == '/' || (i > 0 && sep[i-1] == '/'))) { /* src and dst URI match or dst is nested inside src; invalid COPY or MOVE */ con->http_status = 403; return HANDLER_FINISHED; } while (i != 0 && sep[--i] != '/') ; /* find matching directory path */ remain = buffer_string_length(con->uri.path) - i; if (!con->conf.force_lowercase_filenames ? buffer_is_equal_right_len(con->physical.path, con->physical.rel_path, remain) :(buffer_string_length(con->physical.path) >= remain && 0 == strncasecmp(con->physical.path->ptr+buffer_string_length(con->physical.path)-remain, con->physical.rel_path->ptr+i, remain))) { /* (at this point, p->physical.rel_path is identical to (or lowercased version of) p->uri.path) */ buffer_copy_string_len(p->physical.path, con->physical.path->ptr, buffer_string_length(con->physical.path)-remain); buffer_append_string_len(p->physical.path, p->physical.rel_path->ptr+i, buffer_string_length(p->physical.rel_path)-i); buffer_copy_buffer(p->physical.basedir, con->physical.basedir); buffer_append_slash(p->physical.basedir); } else { /* unable to perform physical path remap here; * assume doc_root/rel_path and no remapping */ buffer_copy_buffer(p->physical.path, p->physical.doc_root); buffer_append_slash(p->physical.path); buffer_copy_buffer(p->physical.basedir, p->physical.path); buffer_append_path_len(p->physical.path, CONST_BUF_LEN(p->physical.rel_path)); } } /* let's see if the source is a directory * if yes, we fail with 501 */ if (-1 == stat(con->physical.path->ptr, &st)) { /* don't about it yet, unlink will fail too */ switch(errno) { case ENOENT: con->http_status = 404; break; default: con->http_status = 403; break; } } else if (S_ISDIR(st.st_mode)) { int r; int created = 0; /* src is a directory */ if (con->physical.path->ptr[buffer_string_length(con->physical.path)-1] != '/') { http_response_redirect_to_directory(srv, con); return HANDLER_FINISHED; } if (-1 == stat(p->physical.path->ptr, &st)) { if (-1 == mkdir(p->physical.path->ptr, WEBDAV_DIR_MODE)) { con->http_status = 403; return HANDLER_FINISHED; } created = 1; } else if (!S_ISDIR(st.st_mode)) { if (overwrite == 0) { /* copying into a non-dir ? */ con->http_status = 409; return HANDLER_FINISHED; } else { unlink(p->physical.path->ptr); if (-1 == mkdir(p->physical.path->ptr, WEBDAV_DIR_MODE)) { con->http_status = 403; return HANDLER_FINISHED; } created = 1; } } /* copy the content of src to dest */ if (0 != (r = webdav_copy_dir(srv, con, hctx, &(con->physical), &(p->physical), overwrite))) { con->http_status = r; return HANDLER_FINISHED; } if (con->request.http_method == HTTP_METHOD_MOVE) { b = buffer_init(); webdav_delete_dir(srv, con, hctx, &(con->physical), b); /* content */ buffer_free(b); rmdir(con->physical.path->ptr); } con->http_status = created ? 201 : 204; con->file_finished = 1; } else { /* it is just a file, good */ int r; int destdir = 0; /* does the client have a lock for this connection ? */ if (!webdav_has_lock(srv, con, hctx, p->uri.path)) { con->http_status = 423; return HANDLER_FINISHED; } /* destination exists */ if (0 == (r = stat(p->physical.path->ptr, &st))) { if (S_ISDIR(st.st_mode)) { /* file to dir/ * append basename to physical path */ destdir = 1; if (NULL != (sep = strrchr(con->physical.path->ptr, '/'))) { buffer_append_string(p->physical.path, sep); r = stat(p->physical.path->ptr, &st); } } } if (-1 == r) { con->http_status = destdir ? 204 : 201; /* we will create a new one */ con->file_finished = 1; switch(errno) { case ENOTDIR: con->http_status = 409; return HANDLER_FINISHED; } } else if (overwrite == 0) { /* destination exists, but overwrite is not set */ con->http_status = 412; return HANDLER_FINISHED; } else { con->http_status = 204; /* resource already existed */ } if (con->request.http_method == HTTP_METHOD_MOVE) { /* try a rename */ if (0 == rename(con->physical.path->ptr, p->physical.path->ptr)) { #ifdef USE_PROPPATCH sqlite3_stmt *stmt; stmt = p->conf.stmt_move_uri; if (stmt) { sqlite3_reset(stmt); /* bind the values to the insert */ sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(p->uri.path), SQLITE_TRANSIENT); sqlite3_bind_text(stmt, 2, CONST_BUF_LEN(con->uri.path), SQLITE_TRANSIENT); if (SQLITE_DONE != sqlite3_step(stmt)) { log_error_write(srv, __FILE__, __LINE__, "ss", "sql-move failed:", sqlite3_errmsg(p->conf.sql)); } } #endif return HANDLER_FINISHED; } /* rename failed, fall back to COPY + DELETE */ } if (0 != (r = webdav_copy_file(srv, con, hctx, &(con->physical), &(p->physical), overwrite))) { con->http_status = r; return HANDLER_FINISHED; } if (con->request.http_method == HTTP_METHOD_MOVE) { b = buffer_init(); webdav_delete_file(srv, con, hctx, &(con->physical), b); buffer_free(b); } } return HANDLER_FINISHED; } static handler_t mod_webdav_proppatch(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) { struct stat st; if (p->conf.is_readonly) { con->http_status = 403; return HANDLER_FINISHED; } if (!webdav_has_lock(srv, con, hctx, con->uri.path)) { con->http_status = 423; return HANDLER_FINISHED; } /* check if destination exists */ if (-1 == stat(con->physical.path->ptr, &st)) { switch(errno) { case ENOENT: con->http_status = 404; break; default: con->http_status = 403; break; } return HANDLER_FINISHED; } if (S_ISDIR(st.st_mode) && con->physical.path->ptr[buffer_string_length(con->physical.path)-1] != '/') { http_response_redirect_to_directory(srv, con); return HANDLER_FINISHED; } #ifdef USE_PROPPATCH if (con->request.content_length) { xmlDocPtr xml; if (con->state == CON_STATE_READ_POST) { handler_t r = connection_handle_read_post_state(srv, con); if (r != HANDLER_GO_ON) return r; } if (1 == webdav_parse_chunkqueue(srv, con, hctx, con->request_content_queue, &xml)) { xmlNode *rootnode = xmlDocGetRootElement(xml); if (0 == xmlStrcmp(rootnode->name, BAD_CAST "propertyupdate")) { xmlNode *cmd; char *err = NULL; int empty_ns = 0; /* send 400 on a empty namespace attribute */ /* start response */ if (SQLITE_OK != sqlite3_exec(p->conf.sql, "BEGIN TRANSACTION", NULL, NULL, &err)) { log_error_write(srv, __FILE__, __LINE__, "ss", "can't open transaction:", err); sqlite3_free(err); goto propmatch_cleanup; } /* a UPDATE request, we know 'set' and 'remove' */ for (cmd = rootnode->children; cmd; cmd = cmd->next) { xmlNode *props; /* either set or remove */ if ((0 == xmlStrcmp(cmd->name, BAD_CAST "set")) || (0 == xmlStrcmp(cmd->name, BAD_CAST "remove"))) { sqlite3_stmt *stmt; stmt = (0 == xmlStrcmp(cmd->name, BAD_CAST "remove")) ? p->conf.stmt_delete_prop : p->conf.stmt_update_prop; for (props = cmd->children; props; props = props->next) { if (0 == xmlStrcmp(props->name, BAD_CAST "prop")) { xmlNode *prop; char *propval = NULL; int r; prop = props->children; if (prop->ns && (0 == xmlStrcmp(prop->ns->href, BAD_CAST "")) && (0 != xmlStrcmp(prop->ns->prefix, BAD_CAST ""))) { log_error_write(srv, __FILE__, __LINE__, "ss", "no name space for:", prop->name); empty_ns = 1; break; } sqlite3_reset(stmt); /* bind the values to the insert */ sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(con->uri.path), SQLITE_TRANSIENT); sqlite3_bind_text(stmt, 2, (char *)prop->name, strlen((char *)prop->name), SQLITE_TRANSIENT); if (prop->ns) { sqlite3_bind_text(stmt, 3, (char *)prop->ns->href, strlen((char *)prop->ns->href), SQLITE_TRANSIENT); } else { sqlite3_bind_text(stmt, 3, "", 0, SQLITE_TRANSIENT); } if (stmt == p->conf.stmt_update_prop) { propval = prop->children ? (char *)xmlNodeListGetString(xml, prop->children, 0) : NULL; sqlite3_bind_text(stmt, 4, propval ? propval : "", propval ? strlen(propval) : 0, SQLITE_TRANSIENT); } if (SQLITE_DONE != (r = sqlite3_step(stmt))) { log_error_write(srv, __FILE__, __LINE__, "ss", "sql-set failed:", sqlite3_errmsg(p->conf.sql)); } if (propval) xmlFree(propval); } } if (empty_ns) break; } } if (empty_ns) { if (SQLITE_OK != sqlite3_exec(p->conf.sql, "ROLLBACK", NULL, NULL, &err)) { log_error_write(srv, __FILE__, __LINE__, "ss", "can't rollback transaction:", err); sqlite3_free(err); goto propmatch_cleanup; } con->http_status = 400; } else { if (SQLITE_OK != sqlite3_exec(p->conf.sql, "COMMIT", NULL, NULL, &err)) { log_error_write(srv, __FILE__, __LINE__, "ss", "can't commit transaction:", err); sqlite3_free(err); goto propmatch_cleanup; } con->http_status = 200; } con->file_finished = 1; xmlFreeDoc(xml); return HANDLER_FINISHED; } propmatch_cleanup: xmlFreeDoc(xml); } else { con->http_status = 400; return HANDLER_FINISHED; } } #endif con->http_status = 501; return HANDLER_FINISHED; } #ifdef USE_LOCKS static handler_t mod_webdav_lock(server *srv, connection *con, plugin_data *p, handler_ctx *hctx) { /** * a mac wants to write * * LOCK /dav/expire.txt HTTP/1.1\r\n * User-Agent: WebDAVFS/1.3 (01308000) Darwin/8.1.0 (Power Macintosh)\r\n * Accept: * / *\r\n * Depth: 0\r\n * Timeout: Second-600\r\n * Content-Type: text/xml; charset=\"utf-8\"\r\n * Content-Length: 229\r\n * Connection: keep-alive\r\n * Host: 192.168.178.23:1025\r\n * \r\n * \n * \n * \n * \n * \n * http://www.apple.com/webdav_fs/\n * \n * \n */ int depth = mod_webdav_depth(con); if (depth != 0 && depth != -1) { con->http_status = 400; return HANDLER_FINISHED; } if (con->request.content_length) { xmlDocPtr xml; buffer *hdr_if = NULL; int created = 0; struct stat st; if (con->state == CON_STATE_READ_POST) { handler_t r = connection_handle_read_post_state(srv, con); if (r != HANDLER_GO_ON) return r; } hdr_if = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("If")); if (0 != stat(con->physical.path->ptr, &st)) { if (errno == ENOENT) { int fd = open(con->physical.path->ptr, O_WRONLY|O_CREAT|O_APPEND|O_BINARY|FIFO_NONBLOCK, WEBDAV_FILE_MODE); if (fd >= 0) { close(fd); created = 1; } else { log_error_write(srv, __FILE__, __LINE__, "sBss", "create file", con->physical.path, ":", strerror(errno)); con->http_status = 403; /* Forbidden */ return HANDLER_FINISHED; } } else { log_error_write(srv, __FILE__, __LINE__, "sBss", "stat", con->physical.path, ":", strerror(errno)); con->http_status = 403; /* Forbidden */ return HANDLER_FINISHED; } } else if (hdr_if == NULL && depth == -1) { /* we don't support Depth: Infinity on directories */ if (S_ISDIR(st.st_mode)) { con->http_status = 409; /* Conflict */ return HANDLER_FINISHED; } } if (1 == webdav_parse_chunkqueue(srv, con, hctx, con->request_content_queue, &xml)) { xmlNode *rootnode = xmlDocGetRootElement(xml); force_assert(rootnode); if (0 == xmlStrcmp(rootnode->name, BAD_CAST "lockinfo")) { xmlNode *lockinfo; const xmlChar *lockscope = NULL, *locktype = NULL; /* TODO: compiler says unused: *owner = NULL; */ for (lockinfo = rootnode->children; lockinfo; lockinfo = lockinfo->next) { if (0 == xmlStrcmp(lockinfo->name, BAD_CAST "lockscope")) { xmlNode *value; for (value = lockinfo->children; value; value = value->next) { if ((0 == xmlStrcmp(value->name, BAD_CAST "exclusive")) || (0 == xmlStrcmp(value->name, BAD_CAST "shared"))) { lockscope = value->name; } else { con->http_status = 400; xmlFreeDoc(xml); return HANDLER_FINISHED; } } } else if (0 == xmlStrcmp(lockinfo->name, BAD_CAST "locktype")) { xmlNode *value; for (value = lockinfo->children; value; value = value->next) { if ((0 == xmlStrcmp(value->name, BAD_CAST "write"))) { locktype = value->name; } else { con->http_status = 400; xmlFreeDoc(xml); return HANDLER_FINISHED; } } } else if (0 == xmlStrcmp(lockinfo->name, BAD_CAST "owner")) { } } if (lockscope && locktype) { sqlite3_stmt *stmt = p->conf.stmt_read_lock_by_uri; /* is this resourse already locked ? */ /* SELECT locktoken, resource, lockscope, locktype, owner, depth, timeout * FROM locks * WHERE resource = ? */ if (stmt) { sqlite3_reset(stmt); sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(con->uri.path), SQLITE_TRANSIENT); /* it is the PK */ while (SQLITE_ROW == sqlite3_step(stmt)) { /* we found a lock * 1. is it compatible ? * 2. is it ours */ char *sql_lockscope = (char *)sqlite3_column_text(stmt, 2); if (strcmp(sql_lockscope, "exclusive")) { con->http_status = 423; } else if (0 == xmlStrcmp(lockscope, BAD_CAST "exclusive")) { /* resourse is locked with a shared lock * client wants exclusive */ con->http_status = 423; } } if (con->http_status == 423) { xmlFreeDoc(xml); return HANDLER_FINISHED; } } stmt = p->conf.stmt_create_lock; if (stmt) { /* create a lock-token */ uuid_t id; char uuid[37] /* 36 + \0 */; uuid_generate(id); uuid_unparse(id, uuid); buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("opaquelocktoken:")); buffer_append_string(p->tmp_buf, uuid); /* "CREATE TABLE locks (" * " locktoken TEXT NOT NULL," * " resource TEXT NOT NULL," * " lockscope TEXT NOT NULL," * " locktype TEXT NOT NULL," * " owner TEXT NOT NULL," * " depth INT NOT NULL," */ sqlite3_reset(stmt); sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(p->tmp_buf), SQLITE_TRANSIENT); sqlite3_bind_text(stmt, 2, CONST_BUF_LEN(con->uri.path), SQLITE_TRANSIENT); sqlite3_bind_text(stmt, 3, (const char *)lockscope, xmlStrlen(lockscope), SQLITE_TRANSIENT); sqlite3_bind_text(stmt, 4, (const char *)locktype, xmlStrlen(locktype), SQLITE_TRANSIENT); /* owner */ sqlite3_bind_text(stmt, 5, "", 0, SQLITE_TRANSIENT); /* depth */ sqlite3_bind_int(stmt, 6, depth); if (SQLITE_DONE != sqlite3_step(stmt)) { log_error_write(srv, __FILE__, __LINE__, "ss", "create lock:", sqlite3_errmsg(p->conf.sql)); } /* looks like we survived */ webdav_lockdiscovery(con, p->tmp_buf, (const char *)lockscope, (const char *)locktype, depth); con->http_status = created ? 201 : 200; con->file_finished = 1; } } } xmlFreeDoc(xml); return HANDLER_FINISHED; } else { con->http_status = 400; return HANDLER_FINISHED; } } else { buffer *b; if (NULL != (b = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("If")))) { buffer *locktoken = b; sqlite3_stmt *stmt = p->conf.stmt_refresh_lock; /* remove the < > around the token */ if (buffer_string_length(locktoken) < 5) { con->http_status = 400; return HANDLER_FINISHED; } buffer_copy_string_len(p->tmp_buf, locktoken->ptr + 2, buffer_string_length(locktoken) - 4); sqlite3_reset(stmt); sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(p->tmp_buf), SQLITE_TRANSIENT); if (SQLITE_DONE != sqlite3_step(stmt)) { log_error_write(srv, __FILE__, __LINE__, "ss", "refresh lock:", sqlite3_errmsg(p->conf.sql)); } webdav_lockdiscovery(con, p->tmp_buf, "exclusive", "write", 0); con->http_status = 200; con->file_finished = 1; return HANDLER_FINISHED; } else { /* we need a lock-token to refresh */ con->http_status = 400; return HANDLER_FINISHED; } } } #endif #ifdef USE_LOCKS static handler_t mod_webdav_unlock(server *srv, connection *con, plugin_data *p) { buffer *b; if (NULL != (b = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Lock-Token")))) { buffer *locktoken = b; sqlite3_stmt *stmt = p->conf.stmt_remove_lock; /* remove the < > around the token */ if (buffer_string_length(locktoken) < 3) { con->http_status = 400; return HANDLER_FINISHED; } /** * FIXME: * * if the resourse is locked: * - by us: unlock * - by someone else: 401 * if the resource is not locked: * - 412 * */ buffer_copy_string_len(p->tmp_buf, locktoken->ptr + 1, buffer_string_length(locktoken) - 2); sqlite3_reset(stmt); sqlite3_bind_text(stmt, 1, CONST_BUF_LEN(p->tmp_buf), SQLITE_TRANSIENT); if (SQLITE_DONE != sqlite3_step(stmt)) { log_error_write(srv, __FILE__, __LINE__, "ss", "remove lock:", sqlite3_errmsg(p->conf.sql)); } if (0 == sqlite3_changes(p->conf.sql)) { con->http_status = 401; } else { con->http_status = 204; } return HANDLER_FINISHED; } else { /* we need a lock-token to unlock */ con->http_status = 400; return HANDLER_FINISHED; } } #endif SUBREQUEST_FUNC(mod_webdav_subrequest_handler_huge) { plugin_data *p = p_d; handler_ctx *hctx = con->plugin_ctx[p->id]; if (NULL == hctx) return HANDLER_GO_ON; if (!hctx->conf.enabled) return HANDLER_GO_ON; /* physical path is setup */ if (buffer_is_empty(con->physical.path)) return HANDLER_GO_ON; switch (con->request.http_method) { case HTTP_METHOD_PROPFIND: return mod_webdav_propfind(srv, con, p, hctx); case HTTP_METHOD_MKCOL: return mod_webdav_mkcol(con, p); case HTTP_METHOD_DELETE: return mod_webdav_delete(srv, con, p, hctx); case HTTP_METHOD_PUT: return mod_webdav_put(srv, con, p, hctx); case HTTP_METHOD_MOVE: case HTTP_METHOD_COPY: return mod_webdav_copymove(srv, con, p, hctx); case HTTP_METHOD_PROPPATCH: return mod_webdav_proppatch(srv, con, p, hctx); #ifdef USE_LOCKS case HTTP_METHOD_LOCK: return mod_webdav_lock(srv, con, p, hctx); case HTTP_METHOD_UNLOCK: return mod_webdav_unlock(srv, con, p); #else case HTTP_METHOD_LOCK: case HTTP_METHOD_UNLOCK: con->http_status = 501; return HANDLER_FINISHED; #endif default: return HANDLER_GO_ON; /* not found */ } } SUBREQUEST_FUNC(mod_webdav_subrequest_handler) { handler_t r; plugin_data *p = p_d; if (con->mode != p->id) return HANDLER_GO_ON; r = mod_webdav_subrequest_handler_huge(srv, con, p_d); if (con->http_status >= 400) con->mode = DIRECT; return r; } PHYSICALPATH_FUNC(mod_webdav_physical_handler) { plugin_data *p = p_d; if (!p->conf.enabled) return HANDLER_GO_ON; /* physical path is setup */ if (buffer_is_empty(con->physical.path)) return HANDLER_GO_ON; UNUSED(srv); switch (con->request.http_method) { case HTTP_METHOD_PROPFIND: case HTTP_METHOD_PROPPATCH: case HTTP_METHOD_PUT: case HTTP_METHOD_COPY: case HTTP_METHOD_MOVE: case HTTP_METHOD_MKCOL: case HTTP_METHOD_DELETE: case HTTP_METHOD_LOCK: case HTTP_METHOD_UNLOCK: { handler_ctx *hctx = calloc(1, sizeof(*hctx)); memcpy(&hctx->conf, &p->conf, sizeof(plugin_config)); con->plugin_ctx[p->id] = hctx; con->conf.stream_request_body = 0; con->mode = p->id; break; } default: break; } return HANDLER_GO_ON; } static handler_t mod_webdav_connection_reset(server *srv, connection *con, void *p_d) { plugin_data *p = p_d; handler_ctx *hctx = con->plugin_ctx[p->id]; if (hctx) { free(hctx); con->plugin_ctx[p->id] = NULL; } UNUSED(srv); return HANDLER_GO_ON; } /* this function is called at dlopen() time and inits the callbacks */ int mod_webdav_plugin_init(plugin *p); int mod_webdav_plugin_init(plugin *p) { p->version = LIGHTTPD_VERSION_ID; p->name = buffer_init_string("webdav"); p->init = mod_webdav_init; p->handle_uri_clean = mod_webdav_uri_handler; p->handle_physical = mod_webdav_physical_handler; p->handle_subrequest = mod_webdav_subrequest_handler; p->connection_reset = mod_webdav_connection_reset; p->set_defaults = mod_webdav_set_defaults; p->cleanup = mod_webdav_free; p->data = NULL; return 0; }