Bozohttpd

$NetBSD: CHANGES,v 1.47 2021/02/27 12:55:25 mrg Exp $

changes in bozohttpd 20210227:
	o  new support for content types: .tar.bz2, .tar.xz, .tar.lz,
	   .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
	   .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar.  should fix
	   netbsd PR#56026:
	   MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid

changes in bozohttpd 20210211:
	o  fix various NULL derefs from malformed headers.  mostly from
	   <emily@ingalls.rocks>.
	o  fix memory leaks in library interface: add bozo_cleanup().

changes in bozohttpd 20201014:
	o  also set -D_GNU_SOURCE in Makefile.boot.  from
	   hadrien.lacour@posteo.net.
	o  fix array size botch (assertion, not exploitable.)  from
	   martin@netbsd.org.
	o  also match %2F as well as %2f.  from leah@vuxu.org.
	o  many manual and help fixes.  clean ups for higher lint levels,
	   consistency/style clean ups.  various option fixes including made
	   -f imply -b.  from <henrik@gulbra.net> for freebsd.

changes in bozohttpd 20200912:
	o  add .m4a and .m4v file extensions.

changes in bozohttpd 20200820:
	o  make this work on sun2 by reducing mmap window there.
	o  fix SSL shutdown sequence.  from spz@netbsd.org.
	o  add readme support to directory indexing.  from jmcneill@netbsd.org
	o  add blocklist(8) support.  from jruoho@netbsd.org.

changes in bozohttpd 20190228:
	o  extend timeout facility to ssl and stop servers hanging forever
	   if the client never sends anything.  reported by Steffen in netbsd
	   PR#50655.
	o  don't display special files in the directory index.  they aren't
	   served, but links to them are generated.
	o  fix CGI '+' parameter handling, some error checking, and a double
	   free.  from rajeev_v_pillai@yahoo.com
	o  more directory indexing clean up.  from rajeev_v_pillai@yahoo.com

changes in bozohttpd 20181215:
	o  fix .htpasswd bypass for authenticated users.  reported by JP,
	   from leot@netbsd.org
	o  avoid possible null dereference when receiving a big request that
	   timeout.  reported by maya@netbsd.org, from leot@netbsd.org
	o  fix handling of -T option, from leot@netbsd.org
	o  cleanups and portability improvements, from maya@netbsd.org
	o  change directory indexing to use html tables, from
	   rajeev_v_pillai@yahoo.com

changes in bozohttpd 20181125:
	o  fixes for option parsing introduced in bozohttpd 20181123

changes in bozohttpd 20181121:
	o  add url remap support via .bzremap file, from martin@netbsd.org
	o  handle redirections for any protocol, not just http:
	o  fix a denial of service attack against header contents, which
	   is now bounded at 16KiB.  reported by JP
	o  reduce default timeouts, and add expand timeouts to handle the
	   initial line, each header, and the total time spent
	o  add -T option to expose new timeout settings
	o  minor RFC fixes related to timeout handling
	o  fix special file (.htpasswd, .bz*) bypass.  reported by JP

changes in bozohttpd 20170201:
	o  fix an infinite loop in cgi processing
	o  fixes and clean up for the testsuite
	o  no longer sends encoding header for compressed formats

changes in bozohttpd 20160517:

	o  disable multi-file daemon mode for now, it breaks
	o  return 404's instead of 403's when chdir of ~user dirs fail
	o  remove "noreturn" attribute from bozo_http_error() that was
	   causing incorrect runtime behaviour

changes in bozohttpd 20100509:
	o  major rework and clean up of internal interfaces.  move the main
	   program into main.c, the remaining parts are useable as library
	   add bindings for lua.  by Alistair G. Crooks <agc@netbsd.org>
	o  fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325

changes in bozohttpd 20090522:
	o  avoid dying in daemon mode for some uncommon, but recoverable, errors
	o  close leaking file descriptors for CGI and daemon mode
	o  handle poll errors properly

	- add .png support 
	- new "-x index.html" flag to change default file
	- new "-p public_html" flag to change default ~user directory
	- fixes cgi-bin support and more from chuck@research.att.com
	- add many new content-types, now support most common ones

changes in bozohttpd 5.06 (20000825):
	- add IPv6 support from itojun@iijlab.net
	- man page fixes from jlam@netbsd.org

changes in bozohttpd 5.05 (20000815):
	- fix a virtual host bug, from kleink@netbsd.org

changes in bozohttpd 5.04 (20000427):
	- fix virtual host support; URI takes precedence over Host:

#	$NetBSD: Makefile,v 1.31 2021/02/28 04:18:46 mrg Exp $
#
#	$eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
#
# berkeley (netbsd) makefile.  see Makefile.boot for other systems.

# compile-time options are:
#	NO_DEBUG		/* don't include debugging support */
#	NO_USER_SUPPORT		/* don't support /~user requests */
#	NO_CGIBIN_SUPPORT	/* don't support cgi-bin requests */
#	NO_DIRINDEX_SUPPORT	/* don't support directory indexing */
#	NO_DAEMON_MODE		/* don't support daemon mode */
#	NO_DYNAMIC_CONTENT	/* don't support dynamic content updates */
#	NO_SSL_SUPPORT		/* don't support ssl (https) */
#	DO_HTPASSWD		/* support .htpasswd files */
#	NO_LUA_SUPPORT		/* don't support Lua for dynamic content */
#	NO_BLOCKLIST_SUPPORT	/* don't support blocklist */
#
# other system specific defines:
#	HAVE_NBUTIL_H		/* netbsd compat is in <nbutil.h>
#				(don't forget to also enable -lnbutil)
#
# these are usually set via the "COPTS" variable, or some other method
# for setting CFLAGS relevant to your make, eg
#   % make COPTS="-DDO_HTPASSWD"

COPTS+=	-DDO_HTPASSWD
PROG=	bozohttpd
LINKS=	${BINDIR}/bozohttpd ${BINDIR}/httpd
MAN=	bozohttpd.8
MLINKS+=bozohttpd.8 httpd.8
SRCS=	bozohttpd.c ssl-bozo.c auth-bozo.c cgi-bozo.c daemon-bozo.c \
	tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c lua-bozo.c
SRCS+=	main.c

LDADD=	-lblocklist -lcrypt -llua -lm
DPADD=	${LIBBLOCKLIST} ${LIBCRYPT} ${LIBLUA} ${LIBM}

WARNS?=	4

.if defined(.OS.MAKE)
OPSYS=	${.OS.MAKE}
.else
OPSYS:=	${:!uname -s!:S/-//g:S/\///g}
.endif

.if ${OPSYS} == "QNX"
CPPFLAGS+=	-DHAVE_NBUTIL_H
LDADD+=		-lnbutil
.endif





LDADD+=	-lssl -lcrypto
DPADD+=	${LIBSSL} ${LIBCRYPTO}







#
# Build release things.
#
NROFF?=		nroff

PREHTMLFROB=	sed \
		    -e 's/&/\&amp;/' \

bozohttpd.8.html: bozohttpd.8
	$(PREHTMLFROB) $> | $(NROFF) -mdoc2html | $(HTMLFROB) > $@

bozohttpd.8.txt: bozohttpd.8
	$(NROFF) -mdoc -Tascii $> | $(TXTFROB) > $@

CLEANFILES+=	bozohttpd.8.html bozohttpd.8.txt

check:
	cd ${.CURDIR}/testsuite && ${MAKE} check

.if empty(BOZOVER)
BOZOVER!=	sed -n \
		    -e s/\"$$// -e \
		    's/\#define[ 	]*SERVER_SOFTWARE[ 	]*\"bozohttpd\///p'  ${.PARSEDIR}/bozohttpd.c
.endif

# Create a distfile: uses /tmp
BASE=bozohttpd-${BOZOVER}
TAR=${BASE}.tar
export-distfile:
	dir=`mktemp -d /tmp/bozo-export-XXXXXX`; \
	cd "$${dir}" || exit; \

# $eterna: Makefile.boot,v 1.9 2010/05/10 04:57:50 mrg Exp $
#
# very simple makefile to compile bozohttpd, should work with every make.
# see Makefile for a list of compile options that may be placed in CFLAGS.

CC=	cc
OPT=	-O
LARGE_CFLAGS=	-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
LOCAL_CFLAGS=	-DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE -D_DEFAULT_SOURCE
CFLAGS=	$(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS)

GROFF=	groff -Tascii
CRYPTOLIBDIR=	# -L/usr/local/lib
CRYPTOLIBS=	$(CRYPTOLIBDIR) -lcrypto -lssl

LIBS=	$(CRYPTOLIBS) $(EXTRALIBS)

FILES=	bozohttpd.c auth-bozo.c cgi-bozo.c content-bozo.c daemon-bozo.c \
	dir-index-bozo.c lua-bozo.c ssl-bozo.c tilde-luzah-bozo.c main.c

all:
	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(LIBS)

man:
	$(GROFF) -mandoc bozohttpd.8 > bozohttpd.cat8

clean:
	rm -f bozohttpd bozohttpd.cat8 *.o

/*	$NetBSD: auth-bozo.c,v 1.26 2020/10/15 02:19:23 mrg Exp $	*/

/*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/

/*
 * Copyright (c) 1997-2020 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.

#include <string.h>
#include <stdlib.h>
#include <unistd.h>

#include "bozohttpd.h"





static	ssize_t	base64_decode(const unsigned char *, size_t,
			    unsigned char *, size_t);

/*
 * Check if HTTP authentication is required
 */
int

			/* get dir=dirname(file) */
	snprintf(dir, sizeof(dir), "%s", file);
	if ((basename = strrchr(dir, '/')) == NULL)
		strcpy(dir, ".");
	else {
		*basename++ = '\0';

		if (bozo_check_special_files(request, basename, true))
			return 1;
	}
	request->hr_authrealm = bozostrdup(httpd, request, dir);

	if ((size_t)snprintf(authfile, sizeof(authfile), "%s/%s", dir,
			     AUTH_FILE) >= sizeof(authfile)) {
		return bozo_http_error(httpd, 404, request,

			    request->hr_authpass));
			if (strcmp(request->hr_authuser, user) != 0)
				continue;
			if (strcmp(crypt(request->hr_authpass, pass),
					pass) != 0)
				break;
			fclose(fp);

#ifndef NO_BLOCKLIST_SUPPORT
			pfilter_notify(BLOCKLIST_AUTH_OK, 200);
#endif /* !NO_BLOCKLIST_SUPPORT */

			return 0;
		}
	}
	fclose(fp);
	return bozo_http_error(httpd, 401, request, "bad auth");
}

void
bozo_auth_init(bozo_httpreq_t *request)
{
	request->hr_authuser = NULL;
	request->hr_authpass = NULL;
	request->hr_authrealm = NULL;
}

void
bozo_auth_cleanup(bozo_httpreq_t *request)
{

	if (request == NULL)

	if (strcasecmp(val, "authorization") == 0 &&
	    strncasecmp(str, "Basic ", 6) == 0) {
		char	authbuf[BUFSIZ];
		char	*pass = NULL;
		ssize_t	alen;

		/* free prior entries. */
		free(request->hr_authuser);
		free(request->hr_authpass);

		alen = base64_decode((unsigned char *)str + 6,
					(size_t)(len - 6),
					(unsigned char *)authbuf,
					sizeof(authbuf) - 1);
		if (alen != -1)
			authbuf[alen] = '\0';
		if (alen == -1 ||
		    (pass = strchr(authbuf, ':')) == NULL)
			return bozo_http_error(httpd, 400, request,
			    "bad authorization field");
		*pass++ = '\0';


		request->hr_authuser = bozostrdup(httpd, request, authbuf);
		request->hr_authpass = bozostrdup(httpd, request, pass);
		debug((httpd, DEBUG_FAT,
		    "decoded authorization `%s' as `%s':`%s'",
		    str, request->hr_authuser, request->hr_authpass));
			/* don't store in request->headers */
		return 1;
	}
	return 0;
}













void
bozo_auth_check_401(bozo_httpreq_t *request, int code)
{
	bozohttpd_t *httpd = request->hr_httpd;

	if (code == 401)
		bozo_printf(httpd,

.\"	$NetBSD: bozohttpd.8,v 1.88 2021/02/28 05:19:52 mrg Exp $
.\"
.\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
.\" Copyright (c) 1997-2021 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.

.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd February 27, 2021
.Dt BOZOHTTPD 8
.Os
.Sh NAME
.Nm bozohttpd
.Nd hyper text transfer protocol version 1.1 daemon
.Sh SYNOPSIS
.Nm
.Op Fl EGHVXdefhnsu
.Op Fl C Ar suffix cgihandler
.Op Fl I Ar port
.Op Fl L Ar prefix script
.Op Fl M Ar suffix type encoding encoding11
.Op Fl P Ar pidfile
.Op Fl R Ar readme
.Op Fl S Ar version
.Op Fl T Ar type timeout
.Op Fl U Ar username
.Op Fl Z Ar cert privkey
.Op Fl c Ar cgibin
.Op Fl i Ar address
.Op Fl p Ar pubdir
.Op Fl t Ar chrootdir
.Op Fl v Ar virtualroot

.It Fl c Ar cgibin
Enables the CGI/1.1 interface.
The
.Ar cgibin
directory is expected to contain the CGI programs to be used.
.Nm
looks for URL's in the form of
.Em /cgi-bin/<scriptname>
where
.Aq scriptname
is a valid CGI program in the
.Ar cgibin
directory.
In other words, all CGI URL's must begin with
.Em \%/cgi-bin/ .
Note that the CGI/1.1 interface is available with
.Em ~user
translation using
.Fl E
switch.
.It Fl d
Enables debug support.
.It Fl E
Enables CGI/1.1 interface for
.Em ~user
translation.
Note that enabling this support implies that users can run commands
as the web server user.
This may have security implications.
.It Fl e
Causes
.Nm
to not clear the environment when used with either the
.Fl t
or
.Fl U
options.
.It Fl f
Stops the
.Fl b
flag from detaching
.Nm
from the tty and going into the background.
This implies the
.Fl b
flag.
.It Fl G
Get the
.Nm
version string, print it on standard output, and exit.
.It Fl H
Causes directory index mode to hide files and directories
that start with a period, except for

the empty string is used instead.
Multiple
.Fl M
options may be passed.
.It Fl n
Stops
.Nm
from doing IP address to name resolution of remote hosts.
This affects the
.Ev REMOTE_HOST
environment variable for CGI programs and Lua scripts.



.It Fl P Ar pidfile
Causes
.Nm
to create a PID file in
.Ar pidfile
when run in daemon mode with the
.Fl b
option.
.It Fl p Ar pubdir
Changes the default user directory for
.Em /~user/
translations from
.Dq public_html
to
.Ar pubdir .
.It Fl R Ar readme
When directory indexing is enabled, include the contents of the file
.Ar readme
in the footer of the directory index.
.It Fl S Ar version
Sets the internal server version to
.Ar version .
.It Fl s
Forces logging to be set to stderr always.
.It Fl T Ar type timeout
Set the timeout for
.Ar type
to
.Ar timeout .
The valid values of
.Ar type
are
.Dq ssl timeout ,
.Dq initial timeout ,
.Dq header timeout ,
and
.Dq request timeout .
The default values are 30 seconds, 30 seconds, 10 seconds and 600 seconds,
respectively.
.It Fl t Ar chrootdir
Makes
.Nm
chroot to the specified directory
before answering requests.
Every other path should be specified relative
to the new root, if this option is used.

the form
.Em /~user/
into the directory
.Pa ~user/public_html
(but see the
.Fl p
option above).






.It Fl V
Sets the backup virtual host directory to the
.Ar slashdir
argument.
If no directory exists in
.Ar virtualroot
for the request, then
.Ar slashdir
will be used.
The default behavior is to return 404 (Not Found.)
.It Fl v Ar virtualroot
Enables virtual hosting support.
Directories in
.Ar virtualroot
will be searched for a matching virtual host name, when parsing
the HTML request.
If a matching name is found, it will be used

.Pa index.html
normally) is not present.
.It Fl x Ar index
Changes the default file read for directories from
.Dq index.html
to
.Ar index .



.It Fl Z Ar certificate_path privatekey_path
Sets the path to the server certificate file and the private key file
in PEM format.
It also causes
.Nm
to start SSL mode.
.It Fl z Ar ciphers
Sets the list of SSL ciphers (see
.Xr SSL_CTX_set_cipher_list 3 ) .
.El
.Pp
Note that in
.Nm
versions 20031005 and prior that supported the
.Fl C
and

directory index support (NO_DIRINDEX_SUPPORT),
daemon mode support (NO_DAEMON_MODE),
dynamic MIME content (NO_DYNAMIC_CONTENT),
Lua support (NO_LUA_SUPPORT),
and SSL support (NO_SSL_SUPPORT)
by defining the listed macros when building
.Nm .
.Ss HTTP BASIC AUTHORIZATION
.Nm
has support for HTTP Basic Authorization.
If a file named
.Pa .htpasswd
exists in the directory of the current request,
.Nm
will restrict access to documents in that directory
using the RFC 2617 HTTP
.Dq Basic
authentication scheme.
.Pp
Note:
This does not recursively protect any sub-directories.
.Pp
The
.Pa .htpasswd
file contains lines delimited with a colon containing
user names and passwords hashed with
.Xr crypt 3 ,
for example:
.Bd -literal
heather:$1$pZWI4tH/$DzDPl63i6VvVRv2lJNV7k1
jeremy:A.xewbx2DpQ8I
.Ed
.Pp
On
.Nx ,
the
.Xr pwhash 1
utility may be used to generate hashed passwords.
.Pp
While
.Nm
distributed with
.Nx
has support for HTTP Basic Authorization enabled by default,
in the portable distribution it is excluded.
Compile
.Nm
with
.Dq -DDO_HTPASSWD
on the compiler command line to enable this support.
It may require linking with the crypt library, using
.Dq -lcrypt .
.Ss BLOCKLIST SUPPORT
On
.Nx ,
.Nm
supports
.Xr blocklistd 8
by default.
The support can be disabled with the
.Dq -DNO_BLOCKLIST_SUPPORT
compilation option.
.Pp
Upon occurrence,
.Nm
reports two HTTP status codes to
.Xr blocklistd 8
as failures:
.Em 401
(``Unauthorized'')
and
.Em 403
(``Forbidden'') .
Of these,
.Em 401
is the one received upon authorization failure with the
HTTP Basic Authorization mechanism.
A successful authorization decreases the counter kept by
.Xr blocklistd 8 .
.Pp
Note that the implementation of the HTTP Basic Authorization mechanism
uses a redirection; a status code
.Em 401
is always initially received.
Therefore, a single authorization failure of
.Pa .htpasswd
is reported as two failures to
.Xr blocklistd 8 ,
but no failures are recorded upon successful authorization
due to the decrease of the failure counter.
.Ss SSL SUPPORT
.Nm
has support for TLSv1.1 and TLSv1.2 protocols that are included by
default.
It requires linking with the crypto and ssl library, using
.Dq -lcrypto -lssl .
To disable SSL SUPPORT compile

the client did not make a ranged request.
.Sh FILES
.Nm
looks for a couple of special files in directories that allow certain features
to be provided on a per-directory basis.
In addition to the
.Pa .htpasswd
used by HTTP basic authorization,
if a
.Pa .bzdirect
file is found (contents are irrelevant)
.Nm
will allow direct access.


If a
.Pa .bzredirect
symbolic link is found,
.Nm
will perform a smart redirect to the target of this symlink.
The target is assumed to live on the same server.
If target starts with slash then absolute redirection is performed,
otherwise it's handled as relative.
If a
.Pa .bzabsredirect
symbolic link is found,
.Nm
will redirect to the absolute URL pointed to by this symlink.
This is useful to redirect to different servers.
Two forms of redirection are supported - symbolic link without schema will use
.Em http://
as default i.e. link to
.Em NetBSD.org
will redirect to
.Em http://NetBSD.org/
Otherwise provided schema will be used i.e. symbolic link to
.Em ftp://NetBSD.org/
will redirect to the provided URL.
If a
.Pa .bzremap
file is found at the root of a (virtual) server, it is expected to contain
rewrite mappings for URLs.
.Pp
These remappings are performed internally in the server before authentication
happens and can be used to hide implementation details, like the CGI handler
specific suffix for non cgi scripts in authorized directories.
.Pp
The map file consists of lines two paths separated by a colon, where the left
side needs to exactly match a (sub) path of the request and will be replaced
by the right side.
.Pp
The first match always wins.
.Pp
A
.Pa .bzremap
file could look like this:
.Bd -literal
/nic/update:/auth-dir/updipv4.pl
.Ed
.Pp
The remap file should be short, access to it is slow and needs to happen
on each request.
If a request path needs to include a colon
.Pq Li \&:
character, it can be escaped
with a backslash
.Pq Li \e
The right hand side of the colon is always used verbatim, no escape sequences
are interpreted.
.Sh EXAMPLES
To configure set of virtual hosts, one would use an
.Xr inetd.conf 5
entry like:
.Bd -literal
http stream tcp  nowait:600 _httpd /usr/libexec/httpd httpd -v /var/vroot /var/www
.Ed

with PHP, one must use the
.Fl C
option to specify a CGI handler for a particular file type.
Typically this will be like:
.Bd -literal
httpd -C .php /usr/pkg/bin/php-cgi /var/www
.Ed
.Pp
Note that a plain script interpreter can not be used directly as a cgihandler,
as there are no command line options passed from
.Nm
to avoid security issues.
.Pp
If no CGI-aware wrapper exists, a simple shell script like the following
might do.
.Pp
It would be invoked like:
.Bd -literal
httpd -C .pl /www-scripts/bin/run.perl /var/www
.Ed
and the script could look like:
.Bd -literal
#! /bin/sh

if [ -r "$SCRIPT_FILENAME" -a -x "$SCRIPT_FILENAME" ]; then
	exec /usr/pkg/bin/perl "$SCRIPT_FILENAME"
fi

exit 1
.Ed
.Sh SEE ALSO
.Xr inetd.conf 5 ,
.Xr inetd 8
.Sh HISTORY
.Nm
was first written in perl, based on another perl http server
called
.Dq tinyhttpd .
It was then rewritten from scratch in perl, and then once again in C.
From
.Dq bozohttpd
version 20060517, it has been integrated into
.Nx .
The focus has always been simplicity and security, with minimal features
and regular code audits.
This manual documents
.Nm
version 20210227.
.Sh AUTHORS
.An -nosplit
.Nm
was written by
.An Matthew R. Green
.Aq Mt mrg@eterna.com.au .
.Pp
The large list of contributors includes:
.Bl -dash
.It
.An Christoph Badura
.Aq Mt bad@bsd.de
provided Range: header support
.It
.An Marc Balmer
.Aq Mt mbalmer@NetBSD.org
added Lua support for dynamic content creation
.It




.An Sean Boudreau
.Aq Mt seanb@NetBSD.org
provided a security fix for virtual hosting
.It
.An Julian Coleman
.Aq Mt jdc@coris.org.uk
provided an IPv6 bugfix
.It
.An Chuck Cranor
.Aq Mt chuck@research.att.com
provided cgi-bin support fixes, and more
.It
.An Alistair G. Crooks
.Aq Mt agc@NetBSD.org
cleaned up many internal interfaces, made
.Nm
linkable as a library and provided the Lua binding
.It
.An DEGROOTE Arnaud
.Aq Mt degroote@NetBSD.org
provided a fix for daemon mode
.It
.An Andrew Doran
.Aq Mt ad@NetBSD.org
provided directory indexing support
.It
.An Roland Dowdeswell
.Aq Mt elric@NetBSD.org
added support for serving gzipped files and better SSL handling
.It
.An Per Ekman
.Aq Mt pek@pdc.kth.se
provided a fix for a minor (non-security) buffer overflow condition
.It

.Aq Mt emily@ingalls.rocks

provided fixes for some bad request parsing
.It
.An Jun-ichiro itojun Hagino, KAME
.Aq Mt itojun@iijlab.net
provided initial IPv6 support
.It
.An Martin Husemann
.Aq Mt martin@NetBSD.org
provided .bzabsredirect and .bzredir support, fixed various
redirection issues and more
.It
.An Arto Huusko
.Aq Mt arto.huusko@pp2.inet.fi
provided fixes cgi-bin
.It
.An Roland Illig
.Aq Mt roland.illig@gmx.de
provided some off-by-one fixes
.It
.An Zak Johnson
.Aq Mt zakj@nox.cx
provided cgi-bin enhancements
.It
.An Nicolas Jombart
.Aq Mt ecu@ipv42.net
provided fixes for HTTP basic authorization support
.It
.An Antti Kantee
.Aq Mt pooka@NetBSD.org
provided fixes for HTTP basic authorization support
.It
.An Thomas Klausner
.Aq Mt wiz@NetBSD.org
provided many fixes and enhancements for the man page
.It
.An Mateusz Kocielski
.Aq Mt shm@NetBSD.org
fixed memory leaks, various issues with userdir support,
information disclosure issues, added support for using CGI handlers
with directory indexing, found several security issues and provided
various other fixes
.It
.An Arnaud Lacombe
.Aq Mt alc@NetBSD.org
provided some clean up for memory leaks
.It
.An Johnny Lam
.Aq Mt jlam@NetBSD.org
provided man page fixes
.It
.An Dennis Lindroos
.Aq Mt denafcm@gmail.com
provided a cgi-bin fix
.It
.An Jared McNeill
.Aq Mt jmcneill@NetBSD.org
added support for readme in directory indexing
.It
.An Julio Merino
.Aq Mt jmmv@NetBSD.org
Added the
.Fl P
option (pidfile support) and provided some man page fixes
.It
.An Luke Mewburn
.Aq Mt lukem@NetBSD.org
provided many various fixes, including cgi-bin fixes and enhancements,
HTTP basic authorization support and much code clean up
.It
.An Rajeev V. Pillai
.Aq Mt rajeev_v_pillai@yahoo.com
provided several fixes for virtual hosting and directory indexing and
fixes for CGI
.It
.An Jeremy C. Reed
.Aq Mt reed@NetBSD.org
provided several clean up fixes, and man page updates
.It
.An Scott Reynolds
.Aq Mt scottr@NetBSD.org

.Aq Mt netbsd@eq.cz
provided minor compile fixes and a CGI content map fix
.It
.An Steve Rumble
.Aq Mt rumble@ephemeral.org
provided the
.Fl V
option
.It
.An Jukka Ruohonen
.Aq Mt jruoho@NetBSD.org
provided support for
.Xr blocklistd 8
.It
.An Thor Lancelot Simon
.Aq Mt tls@NetBSD.org
enhanced cgi-bin support
.It
.An Joerg Sonnenberger
.Aq Mt joerg@NetBSD.org
implemented If-Modified-Since support
.It
.An ISIHARA Takanori
.Aq Mt ishit@oak.dti.ne.jp
provided a man page fix
.It
.An Holger Weiss
.Aq Mt holger@CIS.FU-Berlin.DE
provided http authorization fixes
.It
.Aq Mt xs@kittenz.org
provided chroot and change-to-user support, and other various fixes

.It
.An S.P.Zeidler
.Aq Mt spz@NetBSD.org
fixed several SSL shutdown issues
.It
Coyote Point provided various CGI fixes
.El
.Pp
There are probably others I have forgotten (let me know if you care)
.Pp
Please send all updates to
.Nm
to
.Aq Mt mrg@eterna.com.au
for inclusion in future releases.
.Sh BUGS
.Nm
does not handle HTTP/1.1 chunked input from the client yet.

.\"	$NetBSD: bozohttpd.8,v 1.87 2020/10/15 09:54:22 wiz Exp $
.\"
.\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
.\" Copyright (c) 1997-2020 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd October 14, 2020
.Dt BOZOHTTPD 8
.Os
.Sh NAME
.Nm bozohttpd
.Nd hyper text transfer protocol version 1.1 daemon
.Sh SYNOPSIS
.Nm
.Op Fl EGHVXdefhnsu
.Op Fl C Ar suffix cgihandler
.Op Fl I Ar port
.Op Fl L Ar prefix script
.Op Fl M Ar suffix type encoding encoding11
.Op Fl P Ar pidfile
.Op Fl R Ar readme
.Op Fl S Ar version
.Op Fl T Ar type timeout
.Op Fl U Ar username
.Op Fl Z Ar cert privkey
.Op Fl c Ar cgibin
.Op Fl i Ar address
.Op Fl p Ar pubdir
.Op Fl t Ar chrootdir
.Op Fl v Ar virtualroot
.Op Fl x Ar index
.Op Fl z Ar ciphers
.Ar slashdir
.Op Ar myname
.Sh DESCRIPTION
The
.Nm
program reads a
.Em HTTP
request from the standard input, and sends a reply to the standard output.
Besides ~user translation and virtual hosting support (see below), all file
requests are from
.Ar slashdir
directory.
The server uses
.Ar myname
as its name, which defaults to the local hostname, obtained from
.Xr gethostname 3
(but see the
.Fl v
option for virtual hosting.)
.Nm
writes logs to
.Xr syslog 3
using the ftp facility (but see the
.Fl s
option for testing.)
.Nm
is designed to be small, simple and relatively featureless,
hopefully increasing its security.
.Ss OPTIONS
The following options are available:
.Bl -tag -width xxxcgibin
.It Fl b
Enables daemon mode, where
.Nm
detaches from the current terminal, running in the background and
servicing HTTP requests.
.It Fl C Ar suffix cgihandler
Adds a new CGI handler program for a particular file type.
The
.Ar suffix
should be any normal file suffix, and the
.Ar cgihandler
should be a full path to an interpreter.
This option is the only way to enable CGI programs that exist
outside of the cgibin directory to be executed.
Multiple
.Fl C
options may be passed.
.It Fl c Ar cgibin
Enables the CGI/1.1 interface.
The
.Ar cgibin
directory is expected to contain the CGI programs to be used.
.Nm
looks for URL's in the form of
.Em /cgi-bin/<scriptname>
where
.Aq scriptname
is a valid CGI program in the
.Ar cgibin
directory.
In other words, all CGI URL's must begin with
.Em \%/cgi-bin/ .
Note that the CGI/1.1 interface is available with
.Em ~user
translation using
.Fl E
switch.
.It Fl d
Enables debug support.
.It Fl E
Enables CGI/1.1 interface for
.Em ~user
translation.
Note that enabling this support implies that users can run commands
as the web server user.
This may have security implications.
.It Fl e
Causes
.Nm
to not clear the environment when used with either the
.Fl t
or
.Fl U
options.
.It Fl f
Stops the
.Fl b
flag from detaching
.Nm
from the tty and going into the background.
This implies the
.Fl b
flag.
.It Fl G
Get the
.Nm
version string, print it on standard output, and exit.
.It Fl H
Causes directory index mode to hide files and directories
that start with a period, except for
.Pa .. .
Also see
.Fl X .
.It Fl I Ar port
Causes
.Nm
to use
.Ar port
instead of the default
.Dq http
port.
When used with the
.Fl b
option, it changes the bound port.
Otherwise it forces redirections to use this port instead of the
value obtained via
.Xr getsockname 2 .
.It Fl i Ar address
Causes
.Ar address
to be used as the address to bind daemon mode.
If otherwise unspecified, the address used to bind is derived from the
.Ar myname ,
which defaults to the name returned by
.Xr gethostname 3 .
Only the last
.Fl i
option is used.
This option is only valid with the
.Fl b
option.
.It Fl L Ar prefix script
Adds a new Lua script for a particular prefix.
The
.Ar prefix
should be an arbitrary text, and the
.Ar script
should be a full path to a Lua script.
Multiple
.Fl L
options may be passed.
A separate Lua state is created for each prefix.
The Lua script can register callbacks using the
httpd.register_handler('<name>', function) Lua function,
which will trigger the execution of the Lua function
.Em function
when a URL in the form
.Em http://<hostname>/<prefix>/<name>
is being accessed.
The function is passed three tables as arguments, the server
environment, the request headers, and the decoded query string
plus any data that was sent as application/x-www-form-urlencoded.
.It Fl M Ar suffix type encoding encoding11
Adds a new entry to the table that converts file suffixes to
content type and encoding.
This option takes four additional arguments containing
the file prefix, its
.Dq Content-Type ,
.Dq Content-Encoding ,
and
.Dq Content-Encoding
for HTTP/1.1 connections, respectively.
If any of these are a single dash
.Pq Dq - ,
the empty string is used instead.
Multiple
.Fl M
options may be passed.
.It Fl n
Stops
.Nm
from doing IP address to name resolution of remote hosts.
This affects the
.Ev REMOTE_HOST
environment variable for CGI programs and Lua scripts.
.It Fl P Ar pidfile
Causes
.Nm
to create a PID file in
.Ar pidfile
when run in daemon mode with the
.Fl b
option.
.It Fl p Ar pubdir
Changes the default user directory for
.Em /~user/
translations from
.Dq public_html
to
.Ar pubdir .
.It Fl R Ar readme
When directory indexing is enabled, include the contents of the file
.Ar readme
in the footer of the directory index.
.It Fl S Ar version
Sets the internal server version to
.Ar version .
.It Fl s
Forces logging to be set to stderr always.
.It Fl T Ar type timeout
Set the timeout for
.Ar type
to
.Ar timeout .
The valid values of
.Ar type
are
.Dq ssl timeout ,
.Dq initial timeout ,
.Dq header timeout ,
and
.Dq request timeout .
The default values are 30 seconds, 30 seconds, 10 seconds and 600 seconds,
respectively.
.It Fl t Ar chrootdir
Makes
.Nm
chroot to the specified directory
before answering requests.
Every other path should be specified relative
to the new root, if this option is used.
Note that the current environment
is normally replaced with an empty environment with this option, unless the
.Fl e
option is also used.
.It Fl U Ar username
Causes
.Nm
to switch to the user and the groups of
.Ar username
after initialization.
This option, like
.Fl t
above, causes
.Nm
to clear the environment unless the
.Fl e
option is given.
.It Fl u
Enables the transformation of Uniform Resource Locators of
the form
.Em /~user/
into the directory
.Pa ~user/public_html
(but see the
.Fl p
option above).
.It Fl V
Sets the backup virtual host directory to the
.Ar slashdir
argument.
If no directory exists in
.Ar virtualroot
for the request, then
.Ar slashdir
will be used.
The default behavior is to return 404 (Not Found.)
.It Fl v Ar virtualroot
Enables virtual hosting support.
Directories in
.Ar virtualroot
will be searched for a matching virtual host name, when parsing
the HTML request.
If a matching name is found, it will be used
as both the server's real name,
.Op Ar myname ,
and as the
.Ar slashdir .
See the
.Sx EXAMPLES
section for an example of using this option.
.It Fl X
Enables directory indexing.
A directory index will be generated only when the default file (i.e.
.Pa index.html
normally) is not present.
.It Fl x Ar index
Changes the default file read for directories from
.Dq index.html
to
.Ar index .
.It Fl Z Ar certificate_path privatekey_path
Sets the path to the server certificate file and the private key file
in PEM format.
It also causes
.Nm
to start SSL mode.
.It Fl z Ar ciphers
Sets the list of SSL ciphers (see
.Xr SSL_CTX_set_cipher_list 3 ) .
.El
.Pp
Note that in
.Nm
versions 20031005 and prior that supported the
.Fl C
and
.Fl M
options, they took a single space-separated argument that was parsed.
since version 20040828, they take multiple options (2 in the case of
.Fl C
and 4 in the case of
.Fl M . )
.Ss INETD CONFIGURATION
As
.Nm
uses
.Xr inetd 8
by default to process incoming TCP connections for HTTP requests
(but see the
.Fl b
option),
.Nm
has little internal networking knowledge.
(Indeed, you can run it on the command line with little change of
functionality.)
A typical
.Xr inetd.conf 5
entry would be:
.Bd -literal
http stream tcp  nowait:600 _httpd /usr/libexec/httpd httpd /var/www
http stream tcp6 nowait:600 _httpd /usr/libexec/httpd httpd /var/www
.Ed
.Pp
This would serve web pages from
.Pa /var/www
on both IPv4 and IPv6 ports.
The
.Em :600
changes the
requests per minute to 600, up from the
.Xr inetd 8
default of 40.
.Pp
Using the
.Nx
.Xr inetd 8 ,
you can provide multiple IP-address based HTTP servers by having multiple
listening ports with different configurations.
.Ss NOTES
This server supports the
.Em HTTP/0.9 ,
.Em HTTP/1.0 ,
and
.Em HTTP/1.1
standards.
Support for these protocols is very minimal and many optional features are
not supported.
.Pp
.Nm
can be compiled without
CGI support (NO_CGIBIN_SUPPORT),
user transformations (NO_USER_SUPPORT),
directory index support (NO_DIRINDEX_SUPPORT),
daemon mode support (NO_DAEMON_MODE),
dynamic MIME content (NO_DYNAMIC_CONTENT),
Lua support (NO_LUA_SUPPORT),
and SSL support (NO_SSL_SUPPORT)
by defining the listed macros when building
.Nm .
.Ss HTTP BASIC AUTHORIZATION
.Nm
has support for HTTP Basic Authorization.
If a file named
.Pa .htpasswd
exists in the directory of the current request,
.Nm
will restrict access to documents in that directory
using the RFC 2617 HTTP
.Dq Basic
authentication scheme.
.Pp
Note:
This does not recursively protect any sub-directories.
.Pp
The
.Pa .htpasswd
file contains lines delimited with a colon containing
user names and passwords hashed with
.Xr crypt 3 ,
for example:
.Bd -literal
heather:$1$pZWI4tH/$DzDPl63i6VvVRv2lJNV7k1
jeremy:A.xewbx2DpQ8I
.Ed
.Pp
On
.Nx ,
the
.Xr pwhash 1
utility may be used to generate hashed passwords.
.Pp
While
.Nm
distributed with
.Nx
has support for HTTP Basic Authorization enabled by default,
in the portable distribution it is excluded.
Compile
.Nm
with
.Dq -DDO_HTPASSWD
on the compiler command line to enable this support.
It may require linking with the crypt library, using
.Dq -lcrypt .
.Ss BLOCKLIST SUPPORT
On
.Nx ,
.Nm
supports
.Xr blocklistd 8
by default.
The support can be disabled with the
.Dq -DNO_BLOCKLIST_SUPPORT
compilation option.
.Pp
Upon occurrence,
.Nm
reports two HTTP status codes to
.Xr blocklistd 8
as failures:
.Em 401
(``Unauthorized'')
and
.Em 403
(``Forbidden'') .
Of these,
.Em 401
is the one received upon authorization failure with the
HTTP Basic Authorization mechanism.
A successful authorization decreases the counter kept by
.Xr blocklistd 8 .
.Pp
Note that the implementation of the HTTP Basic Authorization mechanism
uses a redirection; a status code
.Em 401
is always initially received.
Therefore, a single authorization failure of
.Pa .htpasswd
is reported as two failures to
.Xr blocklistd 8 ,
but no failures are recorded upon successful authorization
due to the decrease of the failure counter.
.Ss SSL SUPPORT
.Nm
has support for TLSv1.1 and TLSv1.2 protocols that are included by
default.
It requires linking with the crypto and ssl library, using
.Dq -lcrypto -lssl .
To disable SSL SUPPORT compile
.Nm
with
.Dq -DNO_SSL_SUPPORT
on the compiler command line.
.Ss COMPRESSION
.Nm
supports a very basic form of compression.
.Nm
will serve the requested file postpended with
.Dq Pa .gz
if it exists, it is readable, the client requested gzip compression, and
the client did not make a ranged request.
.Sh FILES
.Nm
looks for a couple of special files in directories that allow certain features
to be provided on a per-directory basis.
In addition to the
.Pa .htpasswd
used by HTTP basic authorization,
if a
.Pa .bzdirect
file is found (contents are irrelevant)
.Nm
will allow direct access.
If a
.Pa .bzredirect
symbolic link is found,
.Nm
will perform a smart redirect to the target of this symlink.
The target is assumed to live on the same server.
If target starts with slash then absolute redirection is performed,
otherwise it's handled as relative.
If a
.Pa .bzabsredirect
symbolic link is found,
.Nm
will redirect to the absolute URL pointed to by this symlink.
This is useful to redirect to different servers.
Two forms of redirection are supported - symbolic link without schema will use
.Em http://
as default i.e. link to
.Em NetBSD.org
will redirect to
.Em http://NetBSD.org/
Otherwise provided schema will be used i.e. symbolic link to
.Em ftp://NetBSD.org/
will redirect to the provided URL.
If a
.Pa .bzremap
file is found at the root of a (virtual) server, it is expected to contain
rewrite mappings for URLs.
.Pp
These remappings are performed internally in the server before authentication
happens and can be used to hide implementation details, like the CGI handler
specific suffix for non cgi scripts in authorized directories.
.Pp
The map file consists of lines two paths separated by a colon, where the left
side needs to exactly match a (sub) path of the request and will be replaced
by the right side.
.Pp
The first match always wins.
.Pp
A
.Pa .bzremap
file could look like this:
.Bd -literal
/nic/update:/auth-dir/updipv4.pl
.Ed
.Pp
The remap file should be short, access to it is slow and needs to happen
on each request.
If a request path needs to include a colon
.Pq Li \&:
character, it can be escaped
with a backslash
.Pq Li \e
The right hand side of the colon is always used verbatim, no escape sequences
are interpreted.
.Sh EXAMPLES
To configure set of virtual hosts, one would use an
.Xr inetd.conf 5
entry like:
.Bd -literal
http stream tcp  nowait:600 _httpd /usr/libexec/httpd httpd -v /var/vroot /var/www
.Ed
.Pp
and inside
.Pa /var/vroot
create a directory (or a symlink to a directory) with the same name as
the virtual host, for each virtual host.
Lookups for these names are done in a case-insensitive manner, and may
include the port number part of the request, allowing for distinct
virtual hosts on the same name.
.Pp
To use
.Nm
with PHP, one must use the
.Fl C
option to specify a CGI handler for a particular file type.
Typically this will be like:
.Bd -literal
httpd -C .php /usr/pkg/bin/php-cgi /var/www
.Ed
.Pp
Note that a plain script interpreter can not be used directly as a cgihandler,
as there are no command line options passed from
.Nm
to avoid security issues.
.Pp
If no CGI-aware wrapper exists, a simple shell script like the following
might do.
.Pp
It would be invoked like:
.Bd -literal
httpd -C .pl /www-scripts/bin/run.perl /var/www
.Ed
and the script could look like:
.Bd -literal
#! /bin/sh

if [ -r "$SCRIPT_FILENAME" -a -x "$SCRIPT_FILENAME" ]; then
	exec /usr/pkg/bin/perl "$SCRIPT_FILENAME"
fi

exit 1
.Ed
.Sh SEE ALSO
.Xr inetd.conf 5 ,
.Xr inetd 8
.Sh HISTORY
.Nm
was first written in perl, based on another perl http server
called
.Dq tinyhttpd .
It was then rewritten from scratch in perl, and then once again in C.
From
.Dq bozohttpd
version 20060517, it has been integrated into
.Nx .
The focus has always been simplicity and security, with minimal features
and regular code audits.
This manual documents
.Nm
version 20201014.
.Sh AUTHORS
.An -nosplit
.Nm
was written by
.An Matthew R. Green
.Aq Mt mrg@eterna.com.au .
.Pp
The large list of contributors includes:
.Bl -dash
.It
.An Christoph Badura
.Aq Mt bad@bsd.de
provided Range: header support
.It
.An Marc Balmer
.Aq Mt mbalmer@NetBSD.org
added Lua support for dynamic content creation
.It
.An Sean Boudreau
.Aq Mt seanb@NetBSD.org
provided a security fix for virtual hosting
.It
.An Julian Coleman
.Aq Mt jdc@coris.org.uk
provided an IPv6 bugfix
.It
.An Chuck Cranor
.Aq Mt chuck@research.att.com
provided cgi-bin support fixes, and more
.It
.An Alistair G. Crooks
.Aq Mt agc@NetBSD.org
cleaned up many internal interfaces, made
.Nm
linkable as a library and provided the Lua binding
.It
.An DEGROOTE Arnaud
.Aq Mt degroote@NetBSD.org
provided a fix for daemon mode
.It
.An Andrew Doran
.Aq Mt ad@NetBSD.org
provided directory indexing support
.It
.An Roland Dowdeswell
.Aq Mt elric@NetBSD.org
added support for serving gzipped files and better SSL handling
.It
.An Per Ekman
.Aq Mt pek@pdc.kth.se
provided a fix for a minor (non-security) buffer overflow condition
.It
.An Jun-ichiro itojun Hagino, KAME
.Aq Mt itojun@iijlab.net
provided initial IPv6 support
.It
.An Martin Husemann
.Aq Mt martin@NetBSD.org
provided .bzabsredirect and .bzredir support, fixed various
redirection issues and more
.It
.An Arto Huusko
.Aq Mt arto.huusko@pp2.inet.fi
provided fixes cgi-bin
.It
.An Roland Illig
.Aq Mt roland.illig@gmx.de
provided some off-by-one fixes
.It
.An Zak Johnson
.Aq Mt zakj@nox.cx
provided cgi-bin enhancements
.It
.An Nicolas Jombart
.Aq Mt ecu@ipv42.net
provided fixes for HTTP basic authorization support
.It
.An Antti Kantee
.Aq Mt pooka@NetBSD.org
provided fixes for HTTP basic authorization support
.It
.An Thomas Klausner
.Aq Mt wiz@NetBSD.org
provided many fixes and enhancements for the man page
.It
.An Mateusz Kocielski
.Aq Mt shm@NetBSD.org
fixed memory leaks, various issues with userdir support,
information disclosure issues, added support for using CGI handlers
with directory indexing, found several security issues and provided
various other fixes
.It
.An Arnaud Lacombe
.Aq Mt alc@NetBSD.org
provided some clean up for memory leaks
.It
.An Johnny Lam
.Aq Mt jlam@NetBSD.org
provided man page fixes
.It
.An Dennis Lindroos
.Aq Mt denafcm@gmail.com
provided a cgi-bin fix
.It
.An Julio Merino
.Aq Mt jmmv@NetBSD.org
Added the
.Fl P
option (pidfile support) and provided some man page fixes
.It
.An Luke Mewburn
.Aq Mt lukem@NetBSD.org
provided many various fixes, including cgi-bin fixes and enhancements,
HTTP basic authorization support and much code clean up
.It
.An Rajeev V. Pillai
.Aq Mt rajeev_v_pillai@yahoo.com
provided several fixes for virtual hosting and directory indexing and
fixes for CGI
.It
.An Jeremy C. Reed
.Aq Mt reed@NetBSD.org
provided several clean up fixes, and man page updates
.It
.An Scott Reynolds
.Aq Mt scottr@NetBSD.org
provided various fixes
.It
.An Tyler Retzlaff
.Aq Mt rtr@eterna.com.au
provided SSL support, cgi-bin fixes and much other random other stuff
.It
.An rudolf
.Aq Mt netbsd@eq.cz
provided minor compile fixes and a CGI content map fix
.It
.An Steve Rumble
.Aq Mt rumble@ephemeral.org
provided the
.Fl V
option
.It
.An Thor Lancelot Simon
.Aq Mt tls@NetBSD.org
enhanced cgi-bin support
.It
.An Joerg Sonnenberger
.Aq Mt joerg@NetBSD.org
implemented If-Modified-Since support
.It
.An ISIHARA Takanori
.Aq Mt ishit@oak.dti.ne.jp
provided a man page fix
.It
.An Holger Weiss
.Aq Mt holger@CIS.FU-Berlin.DE
provided http authorization fixes
.It
.Aq Mt xs@kittenz.org
provided chroot and change-to-user support, and other various fixes
.It
.An Jukka Ruohonen
.Aq Mt jruoho@NetBSD.org
provided support for
.Xr blocklistd 8
.It
.An Jared McNeill
.Aq Mt jmcneill@NetBSD.org
added support for readme in directory indexing
.It
.An S.P.Zeidler
.Aq Mt spz@NetBSD.org
fixed several SSL shutdown issues
.It
Coyote Point provided various CGI fixes
.El
.Pp
There are probably others I have forgotten (let me know if you care)
.Pp
Please send all updates to
.Nm
to
.Aq Mt mrg@eterna.com.au
for inclusion in future releases.
.Sh BUGS
.Nm
does not handle HTTP/1.1 chunked input from the client yet.

/*	$NetBSD: bozohttpd.c,v 1.128 2021/02/27 12:55:25 mrg Exp $	*/

/*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/

/*
 * Copyright (c) 1997-2021 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.

 * bozohttpd.c:  minimal httpd; provides only these features:
 *	- HTTP/0.9 (by virtue of ..)
 *	- HTTP/1.0
 *	- HTTP/1.1
 *	- CGI/1.1 this will only be provided for "system" scripts
 *	- automatic "missing trailing slash" redirections
 *	- configurable translation of /~user/ to ~user/public_html,

 *	- access lists via libwrap via inetd/tcpd
 *	- virtual hosting
 *	- not that we do not even pretend to understand MIME, but
 *	  rely only on the HTTP specification
 *	- ipv6 support
 *	- automatic `index.html' generation
 *	- configurable server name

 *	- 14.44: Vary: seems unneeded.  ignore it for now.
 */

#ifndef INDEX_HTML
#define INDEX_HTML		"index.html"
#endif
#ifndef SERVER_SOFTWARE
#define SERVER_SOFTWARE		"bozohttpd/20210227"









#endif
#ifndef PUBLIC_HTML
#define PUBLIC_HTML		"public_html"
#endif

#ifndef USE_ARG
#define USE_ARG(x)	/*LINTED*/(void)&(x)

#include <ctype.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <pwd.h>
#include <grp.h>
#include <stdarg.h>
#include <stdlib.h>
#include <strings.h>
#include <string.h>
#include <syslog.h>
#include <time.h>
#include <unistd.h>

#include "bozohttpd.h"

#ifndef SSL_TIMEOUT
#define	SSL_TIMEOUT		"30"	/* wait for 30 seconds for ssl handshake  */
#endif
#ifndef INITIAL_TIMEOUT
#define	INITIAL_TIMEOUT		"30"	/* wait for 30 seconds initially */
#endif
#ifndef HEADER_WAIT_TIME
#define	HEADER_WAIT_TIME	"10"	/* need more headers every 10 seconds */
#endif
#ifndef TOTAL_MAX_REQ_TIME
#define	TOTAL_MAX_REQ_TIME	"600"	/* must have total request in 600 */
#endif					/* seconds */

/* if monotonic time is not available try real time. */
#ifndef CLOCK_MONOTONIC
#define CLOCK_MONOTONIC CLOCK_REALTIME
#endif

/* variables and functions */
#ifndef LOG_FTP
#define LOG_FTP LOG_DAEMON
#endif

/*
 * List of special file that we should never serve.
 */
struct {
	const char *file;
	const char *name;
} specials[] = {
	{ DIRECT_ACCESS_FILE, "rejected direct access request" },
	{ REDIRECT_FILE,      "rejected redirect request" },
	{ ABSREDIRECT_FILE,   "rejected absredirect request" },
	{ REMAP_FILE,         "rejected remap request" },
	{ AUTH_FILE,          "rejected authfile request" },
	{ NULL,               NULL },
};

volatile sig_atomic_t	bozo_timeout_hit;

/*
 * check there's enough space in the prefs and names arrays.
 */
static int
size_arrays(bozohttpd_t *httpd, bozoprefs_t *bozoprefs, size_t needed)
{
	size_t	len = sizeof(char *) * needed;

	if (bozoprefs->size == 0) {
		/* only get here first time around */

		bozoprefs->name = bozomalloc(httpd, len);


		bozoprefs->value = bozomalloc(httpd, len);




	} else if (bozoprefs->count == bozoprefs->size) {
		/* only uses 'needed' when filled array */



		bozoprefs->name = bozorealloc(httpd, bozoprefs->name, len);



		bozoprefs->value = bozorealloc(httpd, bozoprefs->value, len);

	}

	bozoprefs->size = needed;
	return 1;
}

static ssize_t
findvar(bozoprefs_t *bozoprefs, const char *name)
{
	size_t	i;

bozo_set_pref(bozohttpd_t *httpd, bozoprefs_t *bozoprefs,
	      const char *name, const char *value)
{
	ssize_t	i;

	if ((i = findvar(bozoprefs, name)) < 0) {
		/* add the element to the array */
		if (!size_arrays(httpd, bozoprefs, bozoprefs->size + 15))
			return 0;
		i = bozoprefs->count++;
		bozoprefs->name[i] = bozostrdup(httpd, NULL, name);
	} else {
		/* replace the element in the array */

		free(bozoprefs->value[i]);


	}
	bozoprefs->value[i] = bozostrdup(httpd, NULL, value);
	return 1;
}

static void
bozo_clear_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs)
{
	size_t	i;

	for (i = 0; i < prefs->count; i++) {
		free(prefs->name[i]);
		free(prefs->value[i]);
	}

	free(prefs->name);
	free(prefs->value);
}

/*
 * get a variable's value, or NULL
 */
char *
bozo_get_pref(bozoprefs_t *bozoprefs, const char *name)
{

	USE_ARG(httpd);
	debug((httpd, DEBUG_EXPLODING, "parse in: %s", in));
	*method = *file = *query = *proto = NULL;

	len = (ssize_t)strlen(in);
	val = bozostrnsep(&in, " \t\n\r", &len);
	if (len < 1 || val == NULL || in == NULL)
		return;
	*method = val;

	while (*in == ' ' || *in == '\t')
		in++;
	val = bozostrnsep(&in, " \t\n\r", &len);
	if (len < 1) {

	/* allocate private copies */
	*file = bozostrdup(httpd, NULL, *file);
	if (*query)
		*query = bozostrdup(httpd, NULL, *query);

	debug((httpd, DEBUG_FAT,
		"url: method: \"%s\" file: \"%s\" query: \"%s\" proto: \"%s\"",
		*method, *file, *query ? *query : "", *proto ? *proto : ""));
}

/*
 * cleanup a bozo_httpreq_t after use
 */
void
bozo_clean_request(bozo_httpreq_t *request)

	bozo_ssl_destroy(request->hr_httpd);

	/* clean up request */
	free(request->hr_remotehost);
	free(request->hr_remoteaddr);
	free(request->hr_serverport);
	free(request->hr_virthostname);
	free(request->hr_file_free);
	/* XXX this is gross */
	if (request->hr_file_free != request->hr_oldfile)
		free(request->hr_oldfile);
	else
		free(request->hr_file);
	free(request->hr_query);
	free(request->hr_host);
	bozo_user_free(request->hr_user);
	bozo_auth_cleanup(request);
	for (hdr = SIMPLEQ_FIRST(&request->hr_headers); hdr;
	    hdr = SIMPLEQ_NEXT(hdr, h_next)) {
		free(hdr->h_value);

/*
 * send a HTTP/1.1 408 response if we timeout.
 */
/* ARGSUSED */
static void
alarmer(int sig)
{
	USE_ARG(sig);
	bozo_timeout_hit = 1;
}


/*
 * set a timeout for "ssl", "initial", "header", or "request".
 */
int
bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs,
		 const char *target, const char *val)
{
	const char **cur, *timeouts[] = {
		"ssl timeout",
		"initial timeout",
		"header timeout",
		"request timeout",
		NULL,
	};
	/* adjust minlen if more timeouts appear with conflicting names */
	const size_t minlen = 1;
	size_t len = strlen(target);

	for (cur = timeouts; len >= minlen && *cur; cur++) {
		if (strncmp(target, *cur, len) == 0) {
			bozo_set_pref(httpd, prefs, *cur, val);
			return 0;
		}
	}
	return 1;
}

/*
 * a list of header quirks: currently, a list of headers that
 * can't be folded into a single line.
 */
const char *header_quirks[] = { "WWW-Authenticate", NULL };

		debug((httpd, DEBUG_FAT, "request %s is http/0.9",
			request->hr_file));
		return 0;
	}

	if (strncasecmp(proto, "HTTP/", 5) != 0)
		goto bad;
	strncpy(majorstr, proto + 5, sizeof(majorstr)-1);
	majorstr[sizeof(majorstr)-1] = 0;
	minorstr = strchr(majorstr, '.');
	if (minorstr == NULL)
		goto bad;
	*minorstr++ = 0;

	majorint = atoi(majorstr);

			request->hr_method = mmp->type;
			request->hr_methodstr = mmp->name;
			return 0;
		}

	return bozo_http_error(httpd, 404, request, "unknown method");
}

/* check header byte count */
static int
bozo_got_header_length(bozo_httpreq_t *request, size_t len)
{

	if (len > BOZO_HEADERS_MAX_SIZE - request->hr_header_bytes)
		return bozo_http_error(request->hr_httpd, 413, request,
			"too many headers");

	request->hr_header_bytes += len;

	return 0;
}

/*
 * This function reads a http request from stdin, returning a pointer to a
 * bozo_httpreq_t structure, describing the request.
 */
bozo_httpreq_t *
bozo_read_request(bozohttpd_t *httpd)
{
	struct	sigaction	sa;
	char	*str, *val, *method, *file, *proto, *query;
	char	*host, *addr, *port;
	char	bufport[10];
	char	hbuf[NI_MAXHOST], abuf[NI_MAXHOST];
	struct	sockaddr_storage ss;
	ssize_t	len;
	int	line = 0;
	socklen_t slen;
	bozo_httpreq_t *request;
	struct timespec ots, ts;

	/*
	 * if we're in daemon mode, bozo_daemon_fork() will return here twice
	 * for each call.  once in the child, returning 0, and once in the
	 * parent, returning 1 for each child.


	 */
	if (bozo_daemon_fork(httpd))
		return NULL;



	request = bozomalloc(httpd, sizeof(*request));
	memset(request, 0, sizeof(*request));
	request->hr_httpd = httpd;
	request->hr_allow = request->hr_host = NULL;
	request->hr_content_type = request->hr_content_length = NULL;
	request->hr_range = NULL;
	request->hr_last_byte_pos = -1;
	request->hr_if_modified_since = NULL;
	request->hr_virthostname = NULL;
	request->hr_file_free = NULL;
	request->hr_file = NULL;
	request->hr_oldfile = NULL;
	SIMPLEQ_INIT(&request->hr_replheaders);
	bozo_auth_init(request);

	slen = sizeof(ss);
	if (getpeername(0, (struct sockaddr *)(void *)&ss, &slen) < 0)

	slen = sizeof(ss);

	/*
	 * Override the bound port from the request value, so it works even
	 * if passed through a proxy that doesn't rewrite the port.
	 */
	if (httpd->bindport) {
		if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0)
			port = httpd->bindport;
		else
			port = NULL;
	} else {
		if (getsockname(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
			port = NULL;
		else {

	 */
	sa.sa_handler = alarmer;
	sigemptyset(&sa.sa_mask);
	sigaddset(&sa.sa_mask, SIGALRM);
	sa.sa_flags = 0;
	sigaction(SIGALRM, &sa, NULL);

	if (clock_gettime(CLOCK_MONOTONIC, &ots) != 0) {
		bozo_http_error(httpd, 500, NULL, "clock_gettime failed");
		goto cleanup;
	}

	/*
	 * now to try to setup SSL, and upon failure parent can signal the
	 * caller there was no request to process and it will wait for
	 * another.
	 */
	if (bozo_ssl_accept(httpd))
		return NULL;

	alarm(httpd->initial_timeout);
	while ((str = bozodgetln(httpd, STDIN_FILENO, &len, bozo_read)) != NULL) {
		alarm(0);

		if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) {
			bozo_http_error(httpd, 500, NULL, "clock_gettime failed");
			goto cleanup;
		}
		/*
		 * don't timeout if old tv_sec is not more than current
		 * tv_sec, or if current tv_sec is less than the request
		 * timeout (these shouldn't happen, but the first could
		 * if monotonic time is not available.)
		 *
		 * the other timeout and header size checks should ensure
		 * that even if time it set backwards or forwards a very
		 * long way, timeout will eventually happen, even if this
		 * one fails.
		 */
		if (ts.tv_sec > ots.tv_sec &&
		    ts.tv_sec > httpd->request_timeout &&
		    ts.tv_sec - httpd->request_timeout > ots.tv_sec)
			bozo_timeout_hit = 1;

		if (bozo_timeout_hit) {
			bozo_http_error(httpd, 408, NULL, "request timed out");
			goto cleanup;
		}
		line++;

		if (line == 1) {

			if (len < 1) {
				bozo_http_error(httpd, 404, NULL, "null method");

				goto cleanup;
			}
			bozowarn(httpd,
				  "got request ``%s'' from host %s to port %s",
				  str,
				  host ? host : addr ? addr : "<local>",
				  port ? port : "<stdin>");

			/* we allocate return space in file and query only */
			parse_request(httpd, str, &method, &file, &query, &proto);
			request->hr_file_free = request->hr_file = file;
			request->hr_query = query;
			if (method == NULL) {
				bozo_http_error(httpd, 404, NULL, "null method");

				goto cleanup;
			}
			if (file == NULL) {
				bozo_http_error(httpd, 404, NULL, "null file");

				goto cleanup;
			}

			/*
			 * note that we parse the proto first, so that we
			 * can more properly parse the method and the url.
			 */

		} else {		/* incoming headers */
			bozoheaders_t *hdr;

			if (*str == '\0')
				break;

			val = bozostrnsep(&str, ":", &len);
			debug((httpd, DEBUG_EXPLODING, "read_req2: after "
			    "bozostrnsep: str `%s' val `%s'",
			    str ? str : "<null>", val ? val : "<null>"));
			if (val == NULL || len == -1) {
				bozo_http_error(httpd, 404, request, "no header");
				goto cleanup;
			}
			if (str == NULL) {
				bozo_http_error(httpd, 404, request,
				    "malformed header");
				goto cleanup;
			}
			while (*str == ' ' || *str == '\t')
				len--, str++;
			while (*val == ' ' || *val == '\t')
				val++;

			if (bozo_got_header_length(request, len))
				goto cleanup;

			if (bozo_auth_check_headers(request, val, str, len))
				goto next_header;

			hdr = addmerge_reqheader(request, val, str, len);

			if (strcasecmp(hdr->h_header, "content-type") == 0)
				request->hr_content_type = hdr->h_value;
			else if (strcasecmp(hdr->h_header, "content-length") == 0)
				request->hr_content_length = hdr->h_value;
			else if (strcasecmp(hdr->h_header, "host") == 0) {
				if (request->hr_host) {
					/* RFC 7230 (HTTP/1.1): 5.4 */
					bozo_http_error(httpd, 400, request,
						"Only allow one Host: header");
					goto cleanup;
				}
				request->hr_host = bozostrdup(httpd, request,
							      hdr->h_value);
			}
			/* RFC 2616 (HTTP/1.1): 14.20 */
			else if (strcasecmp(hdr->h_header, "expect") == 0) {
				bozo_http_error(httpd, 417, request,
						"we don't support Expect:");
				goto cleanup;
			}
			else if (strcasecmp(hdr->h_header, "referrer") == 0 ||
			         strcasecmp(hdr->h_header, "referer") == 0)
				request->hr_referrer = hdr->h_value;
			else if (strcasecmp(hdr->h_header, "range") == 0)
				request->hr_range = hdr->h_value;
			else if (strcasecmp(hdr->h_header,
					"if-modified-since") == 0)
				request->hr_if_modified_since = hdr->h_value;
			else if (strcasecmp(hdr->h_header,
					"accept-encoding") == 0)
				request->hr_accept_encoding = hdr->h_value;

			debug((httpd, DEBUG_FAT, "adding header %s: %s",
			    hdr->h_header, hdr->h_value));
		}
next_header:
		alarm(httpd->header_timeout);
	}

	/* now, clear it all out */
	alarm(0);
	signal(SIGALRM, SIG_DFL);

	/* RFC1945, 8.3 */
	if (request->hr_method == HTTP_POST &&
	    request->hr_content_length == NULL) {
		bozo_http_error(httpd, 400, request, "missing content length");

		goto cleanup;
	}

	/* RFC 2616 (HTTP/1.1), 14.23 & 19.6.1.1 */
	if (request->hr_proto == httpd->consts.http_11 &&
	    /*(strncasecmp(request->hr_file, "http://", 7) != 0) &&*/
	    request->hr_host == NULL) {
		bozo_http_error(httpd, 400, request, "missing Host header");

		goto cleanup;
	}

	if (request->hr_range != NULL) {
		debug((httpd, DEBUG_FAT, "hr_range: %s", request->hr_range));
		/* support only simple ranges %d- and %d-%d */
		if (strchr(request->hr_range, ',') == NULL) {

	 *    mapped offset = page align truncate (input offset)
	 *    mapped size   =
	 *        page align extend (input offset - mapped offset + input size)
	 *    write offset  = input offset - mapped offset
	 *
	 * we use the write offset in all writes
	 */
	mappedoffset = first_byte_pos & ~((off_t)httpd->page_size - 1);
	mappedsz = (size_t)
		(first_byte_pos - mappedoffset + sz + httpd->page_size - 1) &
		~(httpd->page_size - 1);
	wroffset = (size_t)(first_byte_pos - mappedoffset);

	addr = mmap(0, mappedsz, PROT_READ, MAP_SHARED, fd, mappedoffset);
	if (addr == MAP_FAILED) {
		bozowarn(httpd, "mmap failed: %s", strerror(errno));
		return -1;
	}
	mappedaddr = addr;

#ifdef MADV_SEQUENTIAL
	(void)madvise(addr, sz, MADV_SEQUENTIAL);

	len = strlen(url);
	if (buflen < len * 3 + 1) {
		buflen = len * 3 + 1;
		buf = bozorealloc(httpd, buf, buflen);
	}

	for (s = url, d = buf; *s;) {
		if (*s & 0x80)
			goto encode_it;
		switch (*s) {
		case ':':
		case '?':
		case '#':
		case '[':

		case ',':
		case ';':
		case '=':
		case '%':
		case '"':
			if (absolute)
				goto leave_it;
			/*FALLTHROUGH*/
		case '\n':
		case '\r':
		case ' ':
		encode_it:
			snprintf(d, 4, "%%%02X", (unsigned char)*s++);
			d += 3;

			break;

		default:
		leave_it:
			*d++ = *s++;

			break;
		}
	}
	*d = 0;

	return buf;
}

/*
 * do automatic redirection -- if there are query parameters or userdir for
 * the URL we will tack these on to the new (redirected) URL.

	scheme = absproto ? "" : httpd->sslinfo ? "https://" : "http://";

	if (absolute) {
		hostname = "";
		portbuf[0] = '\0';
	} else {
		const char *defport = httpd->sslinfo ? BOZO_HTTPS_PORT : BOZO_HTTP_PORT;

		if (request->hr_serverport &&
		    strcmp(request->hr_serverport, defport) != 0)
			snprintf(portbuf, sizeof(portbuf), ":%s",
			    request->hr_serverport);
		else
			portbuf[0] = '\0';

	bozo_flush(httpd, stdout);
	free(urlbuf);
	free(finalurl);
#ifndef NO_USER_SUPPORT
	free(userbuf);
#endif /* !NO_USER_SUPPORT */
}

/*
 * Like strncmp(), but s_esc may contain characters escaped by \.
 * The len argument does not include the backslashes used for escaping,
 * that is: it gives the raw len, after unescaping the string.
 */
static int
esccmp(const char *s_plain, const char *s_esc, size_t len)
{
	bool esc = false;

	while (len) {
		if (!esc && *s_esc == '\\') {
			esc = true;
			s_esc++;
			continue;
		}
		esc = false;
		if (*s_plain == 0 || *s_esc == 0 || *s_plain != *s_esc)
			return *s_esc - *s_plain;
		s_esc++;
		s_plain++; 
		len--;
	}
	return 0;
}

/*
 * Check if the request refers to a uri that is mapped via a .bzremap.
 * We have  /requested/path:/re/mapped/to/this.html lines in there,
 * and the : separator may be use in the left hand side escaped with
 * \ to encode a path containig a : character.
 */
static void
check_remap(bozo_httpreq_t *request)
{
	bozohttpd_t *httpd = request->hr_httpd;
	char *file = request->hr_file, *newfile;
	void *fmap;
	const char *replace = NULL, *map_to = NULL, *p;
	struct stat st;
	int mapfile;
	size_t avail, len, rlen, reqlen, num_esc = 0;
	bool escaped = false;

	mapfile = open(REMAP_FILE, O_RDONLY, 0);
	if (mapfile == -1)
		return;
	debug((httpd, DEBUG_FAT, "remap file found"));
	if (fstat(mapfile, &st) == -1) {
		bozowarn(httpd, "could not stat " REMAP_FILE ", errno: %d",
		    errno);
		goto out;
	}

	fmap = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, mapfile, 0);
	if (fmap == MAP_FAILED) {
		bozowarn(httpd, "could not mmap " REMAP_FILE ", error %d",
		    errno);
		goto out;
	}
	reqlen = strlen(file);
	for (p = fmap, avail = st.st_size; avail; ) {
		/*
		 * We have lines like:
		 *   /this/url:/replacement/that/url
		 * If we find a matching left hand side, replace will point
		 * to it and len will be its length. map_to will point to
		 * the right hand side and rlen wil be its length.
		 * If we have no match, both pointers will be NULL.
		 */

		/* skip empty lines */
		while ((*p == '\r' || *p == '\n') && avail) {
			p++;
			avail--;
		}
		replace = p;
		escaped = false;
		while (avail) {
			if (*p == '\r' || *p == '\n')
				break;
			if (!escaped && *p == ':')
				break;
			if (escaped) {
				escaped = false;
				num_esc++;
			} else if (*p == '\\') {
				escaped = true;
			}
			p++;
			avail--;
		}
		if (!avail || *p != ':') {
			replace = NULL;
			map_to = NULL;
			break;
		}
		len = p - replace - num_esc;
		/*
		 * reqlen < len: the left hand side is too long, can't be a
		 *   match
		 * reqlen == len: full string has to match
		 * reqlen > len: make sure there is a path separator at 'len'
		 * avail < 2: we are at eof, missing right hand side
		 */
		if (avail < 2 || reqlen < len || 
		    (reqlen == len && esccmp(file, replace, len) != 0) ||
		    (reqlen > len && (file[len] != '/' ||
					esccmp(file, replace, len) != 0))) {

			/* non-match, skip to end of line and continue */
			while (*p != '\r' && *p != '\n' && avail) {
				p++;
				avail--;
			}
			replace = NULL;
			map_to = NULL;
			continue;
		}
		p++;
		avail--;

		/* found a match, parse the target */
		map_to = p;
		while (*p != '\r' && *p != '\n' && avail) {
			p++;
			avail--;
		}
		rlen = p - map_to;
		break;
	}

	if (replace && map_to) {
		newfile = bozomalloc(httpd, strlen(file) + rlen - len + 1);
		memcpy(newfile, map_to, rlen);
		strcpy(newfile+rlen, file + len);
		debug((httpd, DEBUG_NORMAL, "remapping found '%s'",
		    newfile));
		free(request->hr_file_free);
		request->hr_file_free = request->hr_file = newfile;
	}

	munmap(fmap, st.st_size);
out:
	close(mapfile);
}

/*
 * deal with virtual host names; we do this:
 *	if we have a virtual path root (httpd->virtbase), and we are given a
 *	virtual host spec (Host: ho.st or http://ho.st/), see if this
 *	directory exists under httpd->virtbase.  if it does, use this as the
 #	new slashdir.
 */
static int
check_virtual(bozo_httpreq_t *request)
{
	bozohttpd_t *httpd = request->hr_httpd;
	char *file = request->hr_file, *s;
	size_t len;

	/*
	 * convert http://virtual.host/ to request->hr_host
	 */
	debug((httpd, DEBUG_OBESE,
	       "checking for http:// virtual host in '%s'", file));
	if (strncasecmp(file, "http://", 7) == 0) {
		/* we would do virtual hosting here? */
		file += 7;
		/* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */
		free(request->hr_host);
		request->hr_host = bozostrdup(httpd, request, file);
		if ((s = strchr(request->hr_host, '/')) != NULL)
			*s = '\0';
		s = strchr(file, '/');
		free(request->hr_file_free);
		request->hr_file_free = request->hr_file =
		    bozostrdup(httpd, request, s ? s : "/");
		debug((httpd, DEBUG_OBESE, "got host '%s' file is now '%s'",
		    request->hr_host, request->hr_file));
	} else if (!request->hr_host)
		goto use_slashdir;

	/*
	 * canonicalise hr_host - that is, remove any :80.
	 */
	len = strlen(request->hr_host);
	if (len > 3 &&
	    strcmp(request->hr_host + len - 3, ":" BOZO_HTTP_PORT) == 0) {
		request->hr_host[len - 3] = '\0';
		len = strlen(request->hr_host);
	}

	if (!httpd->virtbase) {

		/*
		 * if we don't use vhost support, then set virthostname if
		 * user supplied Host header. It will be used for possible
		 * redirections
		 */

		if (request->hr_host) {
			s = strrchr(request->hr_host, ':');
			if (s != NULL)
				/*
				 * truncate Host: as we want to copy it
				 * without port part
				 */
				*s = '\0';
			request->hr_virthostname = bozostrdup(httpd, request,
			  request->hr_host);
			if (s != NULL)
				/* fix Host: again, if we truncated it */
				*s = ':';
		}

		goto use_slashdir;
	}
	
	/*
	 * ok, we have a virtual host, use opendir(3) to find a case
	 * insensitive match for the virtual host we are asked for.
	 * note that if the virtual host is the same as the master,
	 * we don't need to do anything special.
	 */
	debug((httpd, DEBUG_OBESE,
	    "check_virtual: checking host `%s' under httpd->virtbase `%s' "
	    "for file `%s'",
	    request->hr_host, httpd->virtbase, request->hr_file));
	if (strncasecmp(httpd->virthostname, request->hr_host, len) != 0) {
		s = NULL;
		DIR *dirp;
		struct dirent *d;

		if ((dirp = opendir(httpd->virtbase)) != NULL) {
			while ((d = readdir(dirp)) != NULL) {
				if (strcmp(d->d_name, ".") == 0 ||
				    strcmp(d->d_name, "..") == 0) {
					continue;
				}
				debug((httpd, DEBUG_OBESE, "looking at dir '%s'",
			 	   d->d_name));
				if (strcmp(d->d_name, request->hr_host) == 0) {
					/* found it, punch it */
					debug((httpd, DEBUG_OBESE, "found it punch it"));
					request->hr_virthostname =
					    bozostrdup(httpd, request, d->d_name);
					bozoasprintf(httpd, &s, "%s/%s",

	/*
	 * ok, nailed the correct slashdir, chdir to it
	 */
	if (chdir(s) < 0)
		return bozo_http_error(httpd, 404, request,
					"can't chdir to slashdir");

	/*
	 * is there a mapping for this request?
	 */
	check_remap(request);

	return 0;
}

/*
 * checks to see if this request has a valid .bzredirect file.  returns
 * 0 when no redirection happend, or 1 when handle_redirect() has been
 * called, -1 on error.
 */
static int
check_bzredirect(bozo_httpreq_t *request)
{
	bozohttpd_t *httpd = request->hr_httpd;
	struct stat sb;
	char dir[MAXPATHLEN], redir[MAXPATHLEN], redirpath[MAXPATHLEN + 1],
	    path[MAXPATHLEN + 1];
	char *basename, *finalredir;
	int rv, absolute;

	/*
	 * if this pathname is really a directory, but doesn't end in /,
	 * use it as the directory to look for the redir file.
	 */
	if ((size_t)snprintf(dir, sizeof(dir), "%s", request->hr_file + 1) >=
	    sizeof(dir)) {
		bozo_http_error(httpd, 404, request, "file path too long");

		return -1;
	}
	debug((httpd, DEBUG_FAT, "check_bzredirect: dir %s", dir));
	basename = strrchr(dir, '/');

	if ((!basename || basename[1] != '\0') &&
	    lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode)) {
		strcpy(path, dir);
		basename = dir;
	} else if (basename == NULL) {
		strcpy(path, ".");
		strcpy(dir, "");
		basename = request->hr_file + 1;
	} else {
		*basename++ = '\0';

		strcpy(path, dir);
	}
	if (bozo_check_special_files(request, basename, true))
		return -1;

	debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path));

	if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path,
			     REDIRECT_FILE) >= sizeof(redir)) {
		return bozo_http_error(httpd, 404, request,
		    "redirectfile path too long");

	}
	if (lstat(redir, &sb) == 0) {
		if (!S_ISLNK(sb.st_mode))
			return 0;
		absolute = 0;
	} else {
		if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path,
				     ABSREDIRECT_FILE) >= sizeof(redir)) {
			bozo_http_error(httpd, 404, request,
					"redirectfile path too long");
			return -1;
		}
		if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode))
			return 0;
		absolute = 1;
	}
	debug((httpd, DEBUG_FAT, "check_bzredirect: calling readlink"));

		return 1;

	/* now we have the link pointer, redirect to the real place */
	if (!absolute && redirpath[0] != '/') {
		if ((size_t)snprintf(finalredir = redir, sizeof(redir), "%s%s/%s",
		  (strlen(dir) > 0 ? "/" : ""), dir, redirpath) >= sizeof(redir)) {
			bozo_http_error(httpd, 404, request,
					"redirect path too long");
			return -1;
		}
	} else
		finalredir = redirpath;

	debug((httpd, DEBUG_FAT, "check_bzredirect: new redir %s", finalredir));
	handle_redirect(request, finalredir, absolute);

			while (*s)
				*t++ = *s++;
			break;
		}
		debug((httpd, DEBUG_EXPLODING,
			"fu_%%: got s == %%, s[1]s[2] == %c%c",
			s[1], s[2]));
		if (s[1] == '\0' || s[2] == '\0')
			return bozo_http_error(httpd, 400, request,
			    "percent hack missing two chars afterwards");


		if (s[1] == '0' && s[2] == '0')
			return bozo_http_error(httpd, 404, request,
			    "percent hack was %00");


		if (s[1] == '2' && (s[2] == 'f' || s[2] == 'F'))
			return bozo_http_error(httpd, 404, request,
			    "percent hack was %2f (/)");



		buf[0] = *++s;
		buf[1] = *++s;
		buf[2] = '\0';
		s++;
		*t = (char)strtol(buf, NULL, 16);
		debug((httpd, DEBUG_EXPLODING,
				"fu_%%: strtol put '%02x' into *t", *t));
		if (*t++ == '\0')
			return bozo_http_error(httpd, 400, request,
			    "percent hack got a 0 back");



		while (*s && *s != '%') {
			if (end && s >= end)
				break;
			*t++ = *s++;
		}
	} while (*s);

	bozohttpd_t *httpd = request->hr_httpd;
	char	*file, *newfile = NULL;
	size_t	len;

	file = NULL;
	*isindex = 0;
	debug((httpd, DEBUG_FAT, "tf_req: file %s", request->hr_file));



	if (bozo_decode_url_percent(request, request->hr_file) ||
	    check_virtual(request))
		goto bad_done;

	file = request->hr_file;

	if (file[0] != '/') {
		bozo_http_error(httpd, 404, request, "unknown URL");
		goto bad_done;
	}

	/* omit additional slashes at the beginning */
	while (file[1] == '/')
		file++;

	/* fix file provided by user as it's used in other handlers */
	request->hr_file = file;

	len = strlen(file);

#ifndef NO_USER_SUPPORT
	/* first of all expand user path */
	if (len > 1 && httpd->enable_users && file[1] == '~') {
		if (file[2] == '\0') {
			bozo_http_error(httpd, 404, request,
					"missing username");
			goto bad_done;
		}
		if (strchr(file + 2, '/') == NULL) {
			char *userredirecturl;

			bozoasprintf(httpd, &userredirecturl, "%s/", file);
			handle_redirect(request, userredirecturl, 0);
			free(userredirecturl);
			return 0;
		}
		debug((httpd, DEBUG_FAT, "calling bozo_user_transform"));

		if (!bozo_user_transform(request))
			return 0;
		
		file = request->hr_file;
		len = strlen(file);
	}
#endif /* NO_USER_SUPPORT */


	switch (check_bzredirect(request)) {
	case -1:
		goto bad_done;
	case 0:
		break;
	default:
		return 0;
	}

	if (len > 1) {
		debug((httpd, DEBUG_FAT, "file[len-1] == %c", file[len-1]));
		if (file[len-1] == '/') {	/* append index.html */
			*isindex = 1;
			debug((httpd, DEBUG_FAT, "appending index.html"));
			newfile = bozomalloc(httpd,
					len + strlen(httpd->index_html) + 1);
			strcpy(newfile, file + 1);
			strcat(newfile, httpd->index_html);
		} else
			newfile = bozostrdup(httpd, request, file + 1);
	} else if (len == 1) {
		debug((httpd, DEBUG_EXPLODING, "tf_req: len == 1"));
		newfile = bozostrdup(httpd, request, httpd->index_html);
		*isindex = 1;
	} else {	/* len == 0 ? */
		bozo_http_error(httpd, 500, request, "request->hr_file is nul");

		goto bad_done;
	}

	if (newfile == NULL) {
		bozo_http_error(httpd, 500, request, "internal failure");
		goto bad_done;
	}

	/*
	 * stop traversing outside our domain
	 *
	 * XXX true security only comes from our parent using chroot(2)
	 * before execve(2)'ing us.  or our own built in chroot(2) support.
	 */
	
	debug((httpd, DEBUG_FAT, "newfile: %s", newfile));
	
	if (*newfile == '/' || strcmp(newfile, "..") == 0 ||
	    strstr(newfile, "/..") || strstr(newfile, "../")) {
		bozo_http_error(httpd, 403, request, "illegal request");
		goto bad_done;
	}

	if (bozo_auth_check(request, newfile))
		goto bad_done;

	if (strlen(newfile)) {
		request->hr_oldfile = request->hr_file_free;
		request->hr_file = newfile;
	}

	if (bozo_process_cgi(request) ||


	    bozo_process_lua(request))
		return 0;

	debug((httpd, DEBUG_FAT, "transform_request set: %s", newfile));
	return 1;

bad_done:
	debug((httpd, DEBUG_FAT, "transform_request returning: 0"));
	free(newfile);
	return 0;
}

/*

		fd = open(file, O_RDONLY);

	if (fd < 0) {
		debug((httpd, DEBUG_FAT, "open failed: %s", strerror(errno)));
		switch (errno) {
		case EPERM:
		case EACCES:
			bozo_http_error(httpd, 403, request,
					"no permission to open file");
			break;
		case ENAMETOOLONG:
			/*FALLTHROUGH*/
		case ENOENT:
			if (!bozo_dir_index(request, file, isindex))
				bozo_http_error(httpd, 404, request, "no file");

			break;
		default:
			bozo_http_error(httpd, 500, request, "open file");
		}
		goto cleanup_nofd;
	}
	if (fstat(fd, &sb) < 0) {
		bozo_http_error(httpd, 500, request, "can't fstat");
		goto cleanup;
	}
	if (S_ISDIR(sb.st_mode)) {
		handle_redirect(request, NULL, 0);
		goto cleanup;
	}

			cur_byte_pos += sz;
			szleft -= sz;
		}
	}
 cleanup:
	close(fd);
 cleanup_nofd:
	/* If SSL enabled send close_notify. */
	bozo_ssl_shutdown(request->hr_httpd);
	close(STDIN_FILENO);
	close(STDOUT_FILENO);
	/*close(STDERR_FILENO);*/
}

/* make sure we're not trying to access special files */
int
bozo_check_special_files(bozo_httpreq_t *request, const char *name, bool doerror)
{
	bozohttpd_t *httpd = request->hr_httpd;
	size_t i;
	int error = 0;

	for (i = 0; specials[i].file; i++) {
		if (strcmp(name, specials[i].file) == 0) {
			if (doerror) {


				error = bozo_http_error(httpd, 403, request,

					       specials[i].name);
			} else {
				error = -1;
			}
		}
	}

	return error;
}

/* generic header printing routine */
void
bozo_print_header(bozo_httpreq_t *request,
		struct stat *sbp, const char *type, const char *encoding)
{

		case '<':
		case '>':
			j += 4;
			break;
		case '&':
			j += 5;
			break;
		case '"':
			j += 6;
			break;
		}
	}

	if (j == 0)
		return NULL;

	/*

			memcpy(tmp + j, ">", 4);
			j += 4;
			break;
		case '&':
			memcpy(tmp + j, "&", 5);
			j += 5;
			break;
		case '"':
			memcpy(tmp + j, """, 6);
			j += 6;
			break;
		default:
			tmp[j++] = url[i];
		}
	}
	tmp[j] = 0;

	return tmp;
}

/* short map between error code, and short/long messages */
static struct errors_map {
	int	code;			/* HTTP return code */
	const char *shortmsg;		/* short version of message */
	const char *longmsg;		/* long version of message */
} errors_map[] = {
	{ 200,	"200 OK",		"The request was valid", },
	{ 400,	"400 Bad Request",	"The request was not valid", },
	{ 401,	"401 Unauthorized",	"No authorization", },
	{ 403,	"403 Forbidden",	"Access to this item has been denied",},
	{ 404, 	"404 Not Found",	"This item has not been found", },
	{ 408, 	"408 Request Timeout",	"This request took too long", },
	{ 413, 	"413 Payload Too Large", "Use smaller requests", },
	{ 417,	"417 Expectation Failed","Expectations not available", },
	{ 420,	"420 Enhance Your Calm","Chill, Winston", },
	{ 500,	"500 Internal Error",	"An error occured on the server", },
	{ 501,	"501 Not Implemented",	"This request is not available", },
	{ 0,	NULL,			NULL, },
};

	for (ep = errors_map; ep->code; ep++)
		if (ep->code == code)
			return (ep->longmsg);
	return (help);
}

#ifndef NO_BLOCKLIST_SUPPORT
static struct blocklist *blstate;

void
pfilter_notify(const int what, const int code)
{

	if (blstate == NULL)
		blstate = blocklist_open();

	if (blstate == NULL)
		return;

	(void)blocklist_r(blstate, what, 0, http_errors_short(code));
}
#endif /* !NO_BLOCKLIST_SUPPORT */

/* the follow functions and variables are used in handling HTTP errors */

int
bozo_http_error(bozohttpd_t *httpd, int code, bozo_httpreq_t *request,
		const char *msg)
{
	char portbuf[20];
	const char *header = http_errors_short(code);
	const char *reason = http_errors_long(code);
	const char *proto = (request && request->hr_proto) ?
				request->hr_proto : httpd->consts.http_11;
	int	size;
	bozoheaders_t *hdr;

	USE_ARG(msg);

	debug((httpd, DEBUG_FAT, "bozo_http_error %d: %s", code, msg));
	if (header == NULL || reason == NULL) {
		bozoerr(httpd, 1,
			"bozo_http_error() failed (short = %p, long = %p)",
			header, reason);
		return code;
	}

	if (request && request->hr_serverport &&
	    strcmp(request->hr_serverport, BOZO_HTTP_PORT) != 0)
		snprintf(portbuf, sizeof(portbuf), ":%s",
				request->hr_serverport);
	else
		portbuf[0] = '\0';

	if (request && request->hr_file) {
		char *file = NULL, *user = NULL;
		int file_alloc = 0;
		const char *hostname = BOZOHOST(httpd, request);

		/* bozo_escape_html() failure here is just too bad. */
		file = bozo_escape_html(NULL, request->hr_file);
		if (file == NULL) 
			file = request->hr_file;
		else
			file_alloc = 1;

#ifndef NO_USER_SUPPORT
		if (request->hr_user != NULL) {
			char *user_escaped;

			user_escaped = bozo_escape_html(NULL, request->hr_user);
			if (user_escaped == NULL)
				user_escaped = request->hr_user;
			/* expand username to ~user/ */
			bozoasprintf(httpd, &user, "~%s/", user_escaped);
			if (user_escaped != request->hr_user)
				free(user_escaped);
		}
#endif /* !NO_USER_SUPPORT */

		size = snprintf(httpd->errorbuf, BUFSIZ,
		    "<html><head><title>%s</title></head>\n"
		    "<body><h1>%s</h1>\n"
		    "%s%s: <pre>%s</pre>\n"
 		    "<hr><address><a href=\"//%s%s/\">%s%s</a></address>\n"
		    "</body></html>\n",
		    header, header,
		    user ? user : "", file,
		    reason, hostname, portbuf, hostname, portbuf);
		free(user);
		if (size >= (int)BUFSIZ) {
			bozowarn(httpd,

	}

	bozo_printf(httpd, "Content-Type: text/html\r\n");
	bozo_printf(httpd, "Content-Length: %d\r\n", size);
	bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
	if (request && request->hr_allow)
		bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow);
	/* RFC 7231 (HTTP/1.1) 6.5.7 */
	if (code == 408 && request &&
	    request->hr_proto == httpd->consts.http_11)
		bozo_printf(httpd, "Connection: close\r\n");
	bozo_printf(httpd, "\r\n");
	/* According to the RFC 2616 sec. 9.4 HEAD method MUST NOT return a
	 * message-body in the response */
	if (size && request && request->hr_method != HTTP_HEAD)
		bozo_printf(httpd, "%s", httpd->errorbuf);
	bozo_flush(httpd, stdout);

#ifndef NO_BLOCKLIST_SUPPORT
	switch(code) {

	case 401:
		pfilter_notify(BLOCKLIST_AUTH_FAIL, code);
		break;

	case 403:
		pfilter_notify(BLOCKLIST_ABUSIVE_BEHAVIOR, code);
		break;
	}
#endif /* !NO_BLOCKLIST_SUPPORT */

	return code;
}

/* Below are various modified libc functions */

/*
 * returns -1 in lenp if the string ran out before finding a delimiter,

			else
				len -= 1;
			break;
		}

	}
	httpd->getln_buffer[len] = '\0';
	debug((httpd, DEBUG_OBESE, "bozodgetln returns: '%s' with len %zd",
	       httpd->getln_buffer, len));
	*lenp = len;
	return httpd->getln_buffer;
}

/*
 * allocation frontends with error handling.
 *
 * note that these may access members of the httpd and/or request.
 */
void *
bozorealloc(bozohttpd_t *httpd, void *ptr, size_t size)
{
	void	*p;

	p = realloc(ptr, size);
	if (p)
		return p;
	
	bozo_http_error(httpd, 500, NULL, "memory allocation failure");
	exit(EXIT_FAILURE);
}

void *
bozomalloc(bozohttpd_t *httpd, size_t size)
{
	void	*p;

	p = malloc(size);
	if (p)
		return p;

	bozo_http_error(httpd, 500, NULL, "memory allocation failure");
	exit(EXIT_FAILURE);
}

char *
bozostrdup(bozohttpd_t *httpd, bozo_httpreq_t *request, const char *str)
{
	char	*p;

	p = strdup(str);
	if (p)
		return p;

	if (!request)
		bozoerr(httpd, EXIT_FAILURE, "strdup");

	bozo_http_error(httpd, 500, request, "memory allocation failure");
	exit(EXIT_FAILURE);
}

/* set default values in bozohttpd_t struct */
int
bozo_init_httpd(bozohttpd_t *httpd)
{

	httpd->consts.text_plain = "text/plain";

	/* mmap region size */
	httpd->mmapsz = BOZO_MMAPSZ;

	/* error buffer for bozo_http_error() */
	if ((httpd->errorbuf = malloc(BUFSIZ)) == NULL) {
		fprintf(stderr,
			"bozohttpd: memory_allocation failure\n");
		return 0;
	}
#ifndef NO_LUA_SUPPORT
	SIMPLEQ_INIT(&httpd->lua_states);
#endif
	return 1;
}

/* set default values in bozoprefs_t struct */
int
bozo_init_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs)
{
	int rv = 0;

	/* make sure everything is clean */
	(void) memset(prefs, 0x0, sizeof(*prefs));

	/* set up default values */
	if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE))
		rv = 1;
	if (!bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML))
		rv = 1;
	if (!bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML))
		rv = 1;
	if (!bozo_set_pref(httpd, prefs, "ssl timeout", SSL_TIMEOUT))
		rv = 1;
	if (!bozo_set_pref(httpd, prefs, "initial timeout", INITIAL_TIMEOUT))
		rv = 1;
	if (!bozo_set_pref(httpd, prefs, "header timeout", HEADER_WAIT_TIME))
		rv = 1;
	if (!bozo_set_pref(httpd, prefs, "request timeout", TOTAL_MAX_REQ_TIME))
		rv = 1;

	return rv;
}

/* set default values */
int
bozo_set_defaults(bozohttpd_t *httpd, bozoprefs_t *prefs)
{
	return bozo_init_httpd(httpd) && bozo_init_prefs(httpd, prefs);

	if ((cp = bozo_get_pref(prefs, "hide dots")) != NULL &&
	    strcmp(cp, "true") == 0) {
		httpd->hide_dots = 1;
	}
	if ((cp = bozo_get_pref(prefs, "directory indexing")) != NULL &&
	    strcmp(cp, "true") == 0) {
		httpd->dir_indexing = 1;
	}
	if ((cp = bozo_get_pref(prefs, "directory index readme")) != NULL) {
		httpd->dir_readme = bozostrdup(httpd, NULL, cp);
	}
	if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) {
		httpd->public_html = bozostrdup(httpd, NULL, cp);
	}
	if ((cp = bozo_get_pref(prefs, "ssl timeout")) != NULL) {
		httpd->ssl_timeout = atoi(cp);
	}
	if ((cp = bozo_get_pref(prefs, "initial timeout")) != NULL) {
		httpd->initial_timeout = atoi(cp);
	}
	if ((cp = bozo_get_pref(prefs, "header timeout")) != NULL) {
		httpd->header_timeout = atoi(cp);
	}
	if ((cp = bozo_get_pref(prefs, "request timeout")) != NULL) {
		httpd->request_timeout = atoi(cp);
	}
	httpd->server_software =
	    bozostrdup(httpd, NULL, bozo_get_pref(prefs, "server software"));
	httpd->index_html =
	    bozostrdup(httpd, NULL, bozo_get_pref(prefs, "index.html"));

	/*

	httpd->page_size = 4096;
#endif
	debug((httpd, DEBUG_OBESE, "myname is %s, slashdir is %s",
			httpd->virthostname, httpd->slashdir));

	return 1;
}

void
bozo_cleanup(bozohttpd_t *httpd, bozoprefs_t *prefs)
{
	bozo_clear_prefs(httpd, prefs);

	free(httpd->virthostname);
	free(httpd->errorbuf);
	free(httpd->getln_buffer);
	free(httpd->slashdir);
#define bozo_unconst(x) ((void *)(uintptr_t)x)
	free(bozo_unconst(httpd->server_software));
	free(bozo_unconst(httpd->index_html));
	free(bozo_unconst(httpd->dir_readme));
	free(bozo_unconst(httpd->public_html));
#undef bozo_unconst
}

int
bozo_get_version(char *buf, size_t size)
{
	return snprintf(buf, size, "%s", SERVER_SOFTWARE);
}

/*	$NetBSD: bozohttpd.h,v 1.68 2021/02/27 12:36:46 mrg Exp $	*/

/*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/

/*
 * Copyright (c) 1997-2021 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 */
#ifndef BOZOHTTPD_H_
#define BOZOHTTPD_H_	1

#include "netbsd_queue.h"

#include <stdbool.h>
#include <stdio.h>
#include <signal.h>

#include <sys/stat.h>

#ifndef NO_LUA_SUPPORT
#include <lua.h>
#endif

#ifndef NO_BLOCKLIST_SUPPORT
#include <blocklist.h>
void pfilter_notify(const int, const int);
#endif

/* QNX provides a lot of NetBSD things in nbutil.h */
#ifdef HAVE_NBUTIL_H
#include <nbutil.h>
#endif

/* lots of "const" but gets free()'ed etc at times, sigh */

	int		 enable_users;	/* enable public_html */
	int		 enable_cgi_users;	/* use the cgi handler */
	int		*sock;		/* bound sockets */
	int		 nsock;		/* number of above */
	struct pollfd	*fds;		/* current poll fd set */
	int		 request_times;	/* # times a request was processed */
	int		 dir_indexing;	/* handle directories */
	const char	*dir_readme;	/* include README footer in indexes */
	int		 hide_dots;	/* hide .* */
	int		 process_cgi;	/* use the cgi handler */
	char		*cgibin;	/* cgi-bin directory */
	unsigned	ssl_timeout;	/* ssl timeout */
	unsigned	initial_timeout;/* first line timeout */
	unsigned	header_timeout;	/* header lines timeout */
	unsigned	request_timeout;/* total session timeout */
#ifndef NO_LUA_SUPPORT
	int		 process_lua;	/* use the Lua handler */
	SIMPLEQ_HEAD(, lua_state_map)	lua_states;
#endif
	void		*sslinfo;	/* pointer to ssl struct */
	int		dynamic_content_map_size;/* size of dyn cont map */
	bozo_content_map_t	*dynamic_content_map;/* dynamic content map */

#define HTTP_PUT	0x05	/* not supported */
#define HTTP_DELETE	0x06	/* not supported */
#define HTTP_TRACE	0x07	/* not supported */
#define HTTP_CONNECT	0x08	/* not supported */
	const char *hr_methodstr;
	char	*hr_virthostname;	/* server name (if not identical
					   to hr_httpd->virthostname) */
	char	*hr_file_free;	/* pointer to file buffer to free() */
	char	*hr_file;	/* pointer into file buffer */
	char	*hr_oldfile;	/* if we added an index_html */
	char	*hr_query;
	char	*hr_host;	/* HTTP/1.1 Host: or virtual hostname,
				   possibly including a port number */
#ifndef NO_USER_SUPPORT
	char	*hr_user;	/* username if we hit userdir request */
#endif /* !NO_USER_SUPPORT */

#ifdef DO_HTPASSWD
	/*const*/ char *hr_authrealm;
	/*const*/ char *hr_authuser;
	/*const*/ char *hr_authpass;
#endif
	struct qheaders		hr_headers;
	struct qheaders		hr_replheaders;
	unsigned		hr_nheaders;
	size_t			hr_header_bytes;
} bozo_httpreq_t;

/* helper to access the "active" host name from a httpd/request pair */
#define	BOZOHOST(HTTPD,REQUEST)	((REQUEST)->hr_virthostname ?		\
					(REQUEST)->hr_virthostname :	\
					(HTTPD)->virthostname)

/* structure to hold string based (name, value) pairs with preferences */
typedef struct bozoprefs_t {
	size_t		  size;		/* size of the two arrays */
	size_t		  count;	/* # of entries in arrays */
	char		**name;		/* names of each entry */
	char		**value;	/* values for the name entries */
} bozoprefs_t;

/* sun2 has a tiny VA range */
#ifdef __mc68010__
#ifndef BOZO_WRSZ
#define BOZO_WRSZ	(16 * 1024)
#endif
#ifndef BOZO_MMAPSZ
#define BOZO_MMAPSZ	(BOZO_WRSZ * 4)
#endif
#endif

/* by default write in upto 64KiB chunks, and mmap in upto 64MiB chunks */
#ifndef BOZO_WRSZ
#define BOZO_WRSZ	(64 * 1024)
#endif
#ifndef BOZO_MMAPSZ
#define BOZO_MMAPSZ	(BOZO_WRSZ * 1024)
#endif

/* only allow this many total headers bytes */
#define BOZO_HEADERS_MAX_SIZE (16 * 1024)

/* debug flags */
#define DEBUG_NORMAL	1
#define DEBUG_FAT	2
#define DEBUG_OBESE	3
#define DEBUG_EXPLODING	4

#define	strornull(x)	((x) ? (x) : "<null>")

#if (defined(__GNUC__) && __GNUC__ >= 3) || defined(__lint__)
#define BOZO_PRINTFLIKE(x,y) __attribute__((__format__(__printf__, x,y)))
#define BOZO_DEAD __attribute__((__noreturn__))
#define BOZO_CHECKRET __attribute__((__warn_unused_result__))
#else
#define BOZO_PRINTFLIKE(x,y)
#define BOZO_DEAD
#define BOZO_CHECKRET
#endif

#ifdef NO_DEBUG
#define	debug(x)
#define have_debug	(0)
#else
void	debug__(bozohttpd_t *, int, const char *, ...) BOZO_PRINTFLIKE(3, 4);
#define debug(x)	debug__ x

#define have_debug	(1)
#endif /* NO_DEBUG */

#define BOZO_HTTP_PORT	"80"
#define BOZO_HTTPS_PORT	"443"

/*
 * bozohttpd special files.  avoid serving these out.
 *
 * When you add some .bz* file, make sure to also check it in
 * bozo_check_special_files()
 */

#ifndef DIRECT_ACCESS_FILE
#define DIRECT_ACCESS_FILE	".bzdirect"
#endif
#ifndef REDIRECT_FILE
#define REDIRECT_FILE		".bzredirect"
#endif
#ifndef ABSREDIRECT_FILE
#define ABSREDIRECT_FILE	".bzabsredirect"
#endif
#ifndef REMAP_FILE
#define REMAP_FILE		".bzremap"
#endif
#ifndef AUTH_FILE
#define AUTH_FILE		".htpasswd"
#endif

/* be sure to always return this error up */
int	bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);

int	bozo_check_special_files(bozo_httpreq_t *, const char *, bool) BOZO_CHECKRET;
char	*bozo_http_date(char *, size_t);
void	bozo_print_header(bozo_httpreq_t *, struct stat *, const char *,
			  const char *);
char	*bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url, int absolute);
char	*bozo_escape_html(bozohttpd_t *httpd, const char *url);
int	bozo_decode_url_percent(bozo_httpreq_t *, char *);

char	*bozostrnsep(char **, const char *, ssize_t *);
void	*bozomalloc(bozohttpd_t *, size_t);
void	*bozorealloc(bozohttpd_t *, void *, size_t);
char	*bozostrdup(bozohttpd_t *, bozo_httpreq_t *, const char *);

#define bozo_noop	do { /* nothing */ } while (/*CONSTCOND*/0)

#define have_core					(1)

/* ssl-bozo.c */
#ifdef NO_SSL_SUPPORT
#define bozo_ssl_set_opts(w, x, y)			bozo_noop
#define bozo_ssl_set_ciphers(w, x)			bozo_noop
#define bozo_ssl_init(x)				bozo_noop
#define bozo_ssl_accept(x)				(0)
#define bozo_ssl_shutdown(x)				bozo_noop
#define bozo_ssl_destroy(x)				bozo_noop
#define have_ssl					(0)
#else
void	bozo_ssl_set_opts(bozohttpd_t *, const char *, const char *);
void	bozo_ssl_set_ciphers(bozohttpd_t *, const char *);
void	bozo_ssl_init(bozohttpd_t *);
int	bozo_ssl_accept(bozohttpd_t *);
void	bozo_ssl_shutdown(bozohttpd_t *);
void	bozo_ssl_destroy(bozohttpd_t *);
#define have_ssl					(1)
#endif


/* auth-bozo.c */
#ifdef DO_HTPASSWD
void	bozo_auth_init(bozo_httpreq_t *);
int	bozo_auth_check(bozo_httpreq_t *, const char *);
void	bozo_auth_cleanup(bozo_httpreq_t *);
int	bozo_auth_check_headers(bozo_httpreq_t *, char *, char *, ssize_t);

void	bozo_auth_check_401(bozo_httpreq_t *, int);
void	bozo_auth_cgi_setenv(bozo_httpreq_t *, char ***);
int	bozo_auth_cgi_count(bozo_httpreq_t *);
#else
#define	bozo_auth_init(x)				bozo_noop
#define	bozo_auth_check(x, y)				(0)
#define	bozo_auth_cleanup(x)				bozo_noop
#define	bozo_auth_check_headers(y, z, a, b)		(0)

#define	bozo_auth_check_401(x, y)			bozo_noop
#define	bozo_auth_cgi_setenv(x, y)			bozo_noop
#define	bozo_auth_cgi_count(x)				(0)
#endif /* DO_HTPASSWD */


/* cgi-bozo.c */
#ifdef NO_CGIBIN_SUPPORT
#define bozo_cgi_setbin(h,s)				bozo_noop
#define	bozo_process_cgi(h)				(0)
#define have_cgibin					(0)
#else
void	bozo_cgi_setbin(bozohttpd_t *, const char *);
void	bozo_setenv(bozohttpd_t *, const char *, const char *, char **);
int	bozo_process_cgi(bozo_httpreq_t *);
#define have_cgibin					(1)
#endif /* NO_CGIBIN_SUPPORT */


/* lua-bozo.c */
#ifdef NO_LUA_SUPPORT
#define bozo_process_lua(h)				(0)
#define bozo_add_lua_map(h,s,t)				bozo_noop
#define have_lua					(0)
#else
void	bozo_add_lua_map(bozohttpd_t *, const char *, const char *);
int	bozo_process_lua(bozo_httpreq_t *);
#define have_lua					(1)
#endif /* NO_LUA_SUPPORT */


/* daemon-bozo.c */
#ifdef NO_DAEMON_MODE
#define bozo_daemon_init(x)				bozo_noop
#define bozo_daemon_fork(x)				(0)
#define bozo_daemon_closefds(x)				bozo_noop
#define have_daemon_mode				(0)
#else
void	bozo_daemon_init(bozohttpd_t *);
int	bozo_daemon_fork(bozohttpd_t *);
void	bozo_daemon_closefds(bozohttpd_t *);
#define have_daemon_mode				(1)
#endif /* NO_DAEMON_MODE */


/* tilde-luzah-bozo.c */
#ifdef NO_USER_SUPPORT
#define bozo_user_transform(x)				(0)
#define bozo_user_free(x)				/* nothing */
#define have_user					(0)
#else
int	bozo_user_transform(bozo_httpreq_t *);
#define bozo_user_free(x)				free(x)
#define have_user					(1)
#endif /* NO_USER_SUPPORT */


/* dir-index-bozo.c */
#ifdef NO_DIRINDEX_SUPPORT
#define bozo_dir_index(a, b, c)				(0)
#define have_dirindex					(0)
#else
int	bozo_dir_index(bozo_httpreq_t *, const char *, int);
#define have_dirindex					(1)
#endif /* NO_DIRINDEX_SUPPORT */


/* content-bozo.c */
const char *bozo_content_type(bozo_httpreq_t *, const char *);
const char *bozo_content_encoding(bozo_httpreq_t *, const char *);
bozo_content_map_t *bozo_match_content_map(bozohttpd_t *, const char *, int);
bozo_content_map_t *bozo_get_content_map(bozohttpd_t *, const char *);
#ifdef NO_DYNAMIC_CONTENT
#define bozo_add_content_map_mime(h,s,t,u,v)		bozo_noop
#define have_dynamic_content				(0)
#else
void	bozo_add_content_map_mime(bozohttpd_t *, const char *, const char *,
				  const char *, const char *);
#define have_dynamic_content				(1)
#endif

/* additional cgi-bozo.c */
#if have_cgibin && have_dynamic_content
void	bozo_add_content_map_cgi(bozohttpd_t *, const char *, const char *);
#else
#define	bozo_add_content_map_cgi(h,s,t)
#endif

/* I/O */
int bozo_printf(bozohttpd_t *, const char *, ...) BOZO_PRINTFLIKE(2, 3);
ssize_t bozo_read(bozohttpd_t *, int, void *, size_t);
ssize_t bozo_write(bozohttpd_t *, int, const void *, size_t);
int bozo_flush(bozohttpd_t *, FILE *);

/* misc */
int bozo_init_httpd(bozohttpd_t *);
int bozo_init_prefs(bozohttpd_t *, bozoprefs_t *);
int bozo_set_defaults(bozohttpd_t *, bozoprefs_t *);
int bozo_setup(bozohttpd_t *, bozoprefs_t *, const char *, const char *);
void bozo_cleanup(bozohttpd_t *, bozoprefs_t *);
bozo_httpreq_t *bozo_read_request(bozohttpd_t *);
void bozo_process_request(bozo_httpreq_t *);
void bozo_clean_request(bozo_httpreq_t *);
int bozo_set_timeout(bozohttpd_t *, bozoprefs_t *, const char *, const char *);
bozoheaders_t *addmerge_reqheader(bozo_httpreq_t *, const char *,
				  const char *, ssize_t);
bozoheaders_t *addmerge_replheader(bozo_httpreq_t *, const char *,
				   const char *, ssize_t);

/* variables */
int bozo_set_pref(bozohttpd_t *, bozoprefs_t *, const char *, const char *);
char *bozo_get_pref(bozoprefs_t *, const char *);

int bozo_get_version(char */*buf*/, size_t /*size*/);

extern volatile sig_atomic_t	bozo_timeout_hit;

#endif	/* BOZOHTTPD_H_ */

/*	$NetBSD: cgi-bozo.c,v 1.53 2021/02/27 12:36:46 mrg Exp $	*/

/*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/

/*
 * Copyright (c) 1997-2021 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.

#include <errno.h>
#include <paths.h>
#include <signal.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#include <assert.h>

#include <netinet/in.h>

#include "bozohttpd.h"

#define CGIBIN_PREFIX		"cgi-bin/"
#define CGIBIN_PREFIX_LEN	(sizeof(CGIBIN_PREFIX)-1)

#ifndef USE_ARG
#define USE_ARG(x)	/*LINTED*/(void)&(x)
#endif

/*
 * given the file name, return a CGI interpreter
 */
static const char *
content_cgihandler(bozohttpd_t *httpd, bozo_httpreq_t *request,
		   const char *file)
{
	bozo_content_map_t	*map;

	USE_ARG(request);
	debug((httpd, DEBUG_FAT, "content_cgihandler: trying file %s", file));
	map = bozo_match_content_map(httpd, file, 0);
	if (map)

	while (*value == ' ' || *value == '\t')
		len--, value++;

	*hdr_str = name;
	*hdr_val = value;

	return 0;
}

/*
 * handle parsing a CGI header output, transposing a Status: header
 * into the HTTP reply (ie, instead of "200 OK").
 */
static void
finish_cgi_output(bozohttpd_t *httpd, bozo_httpreq_t *request, int in, int nph)
{
	char	buf[BOZO_WRSZ];
	char	*str;
	ssize_t	len;
	ssize_t rbytes;
	SIMPLEQ_HEAD(, bozoheaders)	headers;
	bozoheaders_t *hdr, *nhdr;
	int	write_header, nheaders = 0;

	/* much of this code is like bozo_read_request()'s header loop. */
	SIMPLEQ_INIT(&headers);
	write_header = nph == 0;

	while (nph == 0 &&
		(str = bozodgetln(httpd, in, &len, bozo_read)) != NULL) {
		char	*hdr_name, *hdr_value;

		if (parse_header(request, str, len, &hdr_name, &hdr_value))
			break;

		/*
		 * The CGI 1.{1,2} spec both say that if the cgi program
		 * returns a `Status:' header field then the server MUST
		 * return it in the response.  If the cgi program does
		 * not return any `Status:' header then the server should
		 * respond with 200 OK.
		 * The CGI 1.1 and 1.2 specification differ slightly on
		 * this in that v1.2 says that the script MUST NOT return a
		 * `Status:' header if it is returning a `Location:' header.
		 * For compatibility we are going with the CGI 1.1 behavior.
		 */
		if (strcasecmp(hdr_name, "status") == 0) {
			debug((httpd, DEBUG_OBESE,
				"%s: writing HTTP header "
				"from status %s ..", __func__, hdr_value));
			bozo_printf(httpd, "%s %s\r\n", request->hr_proto,
				    hdr_value);
			bozo_flush(httpd, stdout);
			write_header = 0;
			free(hdr_name);
			break;
		}

		hdr = bozomalloc(httpd, sizeof *hdr);
		hdr->h_header = hdr_name;
		hdr->h_value = hdr_value;
		SIMPLEQ_INSERT_TAIL(&headers, hdr, h_next);
		nheaders++;
	}

	if (write_header) {
		debug((httpd, DEBUG_OBESE,
			"%s: writing HTTP header ..", __func__));
		bozo_printf(httpd,
			"%s 200 OK\r\n", request->hr_proto);
		bozo_flush(httpd, stdout);
	}

	if (nheaders) {
		debug((httpd, DEBUG_OBESE,
			"%s:  writing delayed HTTP headers ..", __func__));
		SIMPLEQ_FOREACH_SAFE(hdr, &headers, h_next, nhdr) {
			bozo_printf(httpd, "%s: %s\r\n", hdr->h_header,
				    hdr->h_value);
			free(hdr->h_header);
			free(hdr);
		}
		bozo_printf(httpd, "\r\n");
		bozo_flush(httpd, stdout);
	}

	/* CGI programs should perform their own timeouts */

	while ((rbytes = read(in, buf, sizeof buf)) > 0) {
		ssize_t wbytes;
		char *bp = buf;

		while (rbytes) {
			wbytes = bozo_write(httpd, STDOUT_FILENO, buf,
					    (size_t)rbytes);
			if (wbytes > 0) {
				rbytes -= wbytes;
				bp += wbytes;
			} else
				bozoerr(httpd, 1,
					"cgi output write failed: %s",
					strerror(errno));

	struct	bozohttpd_t *httpd = request->hr_httpd;
	size_t i;
	char *s, *str, **args;
	
	*args_len = 0;

	/* URI MUST not contain any unencoded '=' - RFC3875, section 4.4 */
	if (strchr(query, '='))
		return NULL;


	str = bozostrdup(httpd, request, query);

	/*
	 * there's no more arguments than '+' chars in the query string as it's
	 * the separator
	 */
	*args_len = 1;
	/* count '+' in str */
	for (s = str; (s = strchr(s, '+')) != NULL; (*args_len)++)
		s++;
	
	args = bozomalloc(httpd, sizeof(*args) * (*args_len + 1));
 
	args[0] = str;
	args[*args_len] = NULL;
	for (s = str, i = 1; (s = strchr(s, '+')) != NULL; i++) {
		*s = '\0';
		s++;
		args[i] = s;
	}

	/*
	 * check if search-strings are valid:
	 *
	 * RFC3875, section 4.4:
	 *

#define	XRESERVED_CHAR	";/?:@&=,$"

	for (i = 0; i < *args_len; i++) {
		s = args[i];
		/* search-word MUST have at least one schar */
		if (*s == '\0')
			goto parse_err;
		while (*s) {
			/* check if it's unreserved */
			if (isalpha((int)*s) || isdigit((int)*s) ||
			    strchr(UNRESERVED_CHAR, *s)) {
				s++;
				continue;
			}

		args[i] = bozostrdup(httpd, request, args[i]);
	free(str);

	return args;

parse_err:

	free(str);

	free(args);
	*args_len = 0;

	return NULL;

}

void
bozo_cgi_setbin(bozohttpd_t *httpd, const char *path)
{
	httpd->cgibin = bozostrdup(httpd, NULL, path);
	debug((httpd, DEBUG_OBESE, "cgibin (cgi-bin directory) is %s",
	       httpd->cgibin));
}

/* help build up the environ pointer */
void
bozo_setenv(bozohttpd_t *httpd, const char *env, const char *val,
		char **envp)
{

	bozohttpd_t *httpd = request->hr_httpd;
	char	buf[BOZO_WRSZ];
	char	date[40];
	bozoheaders_t *headp;
	const char *type, *clen, *info, *cgihandler;
	char	*query, *s, *t, *path, *env, *command, *file, *url;
	char	**envp, **curenvp, **argv, **search_string_argv = NULL;
	char	**lastenvp;
	char	*uri;
	size_t	i, len, search_string_argc = 0;
	ssize_t rbytes;
	pid_t	pid;
	int	envpsize, ix, nph;
	int	sv[2];

	else
		query = NULL;

	bozoasprintf(httpd, &url, "%s%s%s",
		     file,
		     query ? "?" : "",
		     query ? query : "");
	debug((httpd, DEBUG_NORMAL, "%s: url `%s'", __func__, url));

	path = NULL;
	envp = NULL;
	cgihandler = NULL;
	command = NULL;
	info = NULL;

	len = strlen(url);

	if (bozo_auth_check(request, url + 1))
		goto out;

	if (!httpd->cgibin ||
	    strncmp(url + 1, CGIBIN_PREFIX, CGIBIN_PREFIX_LEN) != 0) {
		cgihandler = content_cgihandler(httpd, request, file + 1);
		if (cgihandler == NULL) {
			debug((httpd, DEBUG_FAT,
				"%s: no handler, returning", __func__));
			goto out;
		}
		if (len == 0 || file[len - 1] == '/')
			append_index_html(httpd, &file);
		debug((httpd, DEBUG_NORMAL, "%s: cgihandler `%s'",
		    __func__, cgihandler));
	} else if (len - 1 == CGIBIN_PREFIX_LEN)	/* url is "/cgi-bin/" */
		append_index_html(httpd, &file);

	/* RFC3875 sect. 4.4. - search-string support */
	if (query != NULL) {
		search_string_argv = parse_search_string(request, query,
		    &search_string_argc);
	}

	debug((httpd, DEBUG_NORMAL, "parse_search_string args no: %zu",
	    search_string_argc));

	envpsize = 13 + request->hr_nheaders + 
	    (info && *info ? 1 : 0) +
	    (query && *query ? 1 : 0) +
	    (type && *type ? 1 : 0) +
	    (clen && *clen ? 1 : 0) +
	    (request->hr_remotehost && *request->hr_remotehost ? 1 : 0) +
	    (request->hr_remoteaddr && *request->hr_remoteaddr ? 1 : 0) +
	    (cgihandler ? 1 : 0) +
	    bozo_auth_cgi_count(request) +
	    (request->hr_serverport && *request->hr_serverport ? 1 : 0);

	debug((httpd, DEBUG_FAT,
		"%s: path `%s', cmd `%s', info `%s', "
		"query `%s', nph `%d', envpsize `%d'", __func__,
		path, command, strornull(info),
		strornull(query), nph, envpsize));

	envp = bozomalloc(httpd, sizeof(*envp) * envpsize);
	for (ix = 0; ix < envpsize; ix++)
		envp[ix] = NULL;
	curenvp = envp;
	lastenvp = envp + envpsize;

	SIMPLEQ_FOREACH(headp, &request->hr_headers, h_next) {
		const char *s2;
		env = bozomalloc(httpd, 6 + strlen(headp->h_header) + 1 +
		    strlen(headp->h_value));

		t = env;
		strcpy(t, "HTTP_");
		t += strlen(t);
		for (s2 = headp->h_header; *s2; t++, s2++)
			if (islower((unsigned)*s2))
				*t = toupper((unsigned)*s2);
			else if (*s2 == '-')
				*t = '_';
			else
				*t = *s2;
		*t = '\0';
		debug((httpd, DEBUG_OBESE, "setting header %s as %s = %s",
		    headp->h_header, env, headp->h_value));

	 * Apache does this when invoking content handlers, and PHP
	 * 5.3 requires it as a "security" measure.
	 */
	if (cgihandler)
		bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++);
	bozo_auth_cgi_setenv(request, &curenvp);

	debug((httpd, DEBUG_FAT, "%s: going exec %s with args:", __func__,
	    path));

	for (i = 0; argv[i] != NULL; i++) {
		debug((httpd, DEBUG_FAT, "%s: argv[%zu] = `%s'", __func__,
		    i, argv[i]));
	}

	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, sv) == -1)
		bozoerr(httpd, 1, "child socketpair failed: %s",
				strerror(errno));

	*curenvp = 0;
	assert(lastenvp > curenvp);

	/*
	 * We create 2 procs: one to become the CGI, one read from
	 * the CGI and output to the network, and this parent will
	 * continue reading from the network and writing to the
	 * CGI procsss.
	 */
	switch (fork()) {
	case -1: /* eep, failure */
		bozoerr(httpd, 1, "child fork failed: %s", strerror(errno));
		/*NOTREACHED*/
	case 0:
		close(sv[0]);
		dup2(sv[1], STDIN_FILENO);
		dup2(sv[1], STDOUT_FILENO);
		close(2);
		close(sv[1]);
		closelog();
		bozo_daemon_closefds(httpd);

		if (-1 == execve(path, argv, envp)) {
			int saveerrno = errno;
			bozo_http_error(httpd, 404, request,
				"Cannot execute CGI");
			/* don't log easy to trigger events */
			if (saveerrno != ENOENT &&
			    saveerrno != EISDIR &&
			    saveerrno != EACCES)
				bozoerr(httpd, 1, "child exec failed: %s: %s",
				      path, strerror(saveerrno));
			_exit(1);
		}
		/* NOT REACHED */
		bozoerr(httpd, 1, "child execve returned?!");
	}

	free(query);
	free(file);
	free(url);

	pid = fork();
	if (pid == -1)
		bozoerr(httpd, 1, "io child fork failed: %s", strerror(errno));
	else if (pid == 0) {
		/* child reader/writer */
		close(STDIN_FILENO);
		finish_cgi_output(httpd, request, sv[0], nph);
		/* if we do SSL, send a SSL_shutdown now */
		bozo_ssl_shutdown(request->hr_httpd);
		/* if we're done output, our parent is useless... */
		kill(getppid(), SIGKILL);
		debug((httpd, DEBUG_FAT, "done processing cgi output"));
		_exit(0);
	}
	close(STDOUT_FILENO);

	/* CGI programs should perform their own timeouts */

	while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) {
		ssize_t wbytes;
		char *bp = buf;

		while (rbytes) {
			wbytes = write(sv[0], buf, (size_t)rbytes);
			if (wbytes > 0) {

/*	$NetBSD: content-bozo.c,v 1.20 2021/02/27 12:55:25 mrg Exp $	*/

/*	$eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/

/*
 * Copyright (c) 1997-2021 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.

	{ ".txt",	"text/plain",			"",		"", NULL },
	{ ".swf",	"application/x-shockwave-flash","",		"", NULL },
	{ ".dcr",	"application/x-director",	"",		"", NULL },
	{ ".pac",	"application/x-ns-proxy-autoconfig", "",	"", NULL },
	{ ".pa",	"application/x-ns-proxy-autoconfig", "",	"", NULL },
	{ ".tar",	"multipart/x-tar",		"",		"", NULL },
	{ ".gtar",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".tar.gz",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".tar.bz2",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".tar.xz",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".tar.lz",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".tar.zst",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".tgz",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".tbz2",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".txz",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".tlz",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".tar.z",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".tar.Z",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".taz",	"application/x-gtar-compressed", "",		"", NULL },
	{ ".Z",		"application/x-compress",	"",		"", NULL },
	{ ".gz",	"application/x-gzip",		"",		"", NULL },
	{ ".z",		"unknown",			"",		"", NULL },
	{ ".bz2",	"application/x-bzip2",		"",		"", NULL },
	{ ".ogg",	"application/x-ogg",		"",		"", NULL },
	{ ".mkv",	"video/x-matroska",		"",		"", NULL },
	{ ".xbel",	"text/xml",			"",		"", NULL },

	{ ".roff",	"application/x-troff",		"",		"", NULL },
	{ ".man",	"application/x-troff-man",	"",		"", NULL },
	{ ".me",	"application/x-troff-me",	"",		"", NULL },
	{ ".ms",	"application/x-troff-ms",	"",		"", NULL },
	{ ".ustar",	"application/x-ustar",		"",		"", NULL },
	{ ".src",	"application/x-wais-source",	"",		"", NULL },
	{ ".zip",	"application/zip",		"",		"", NULL },
	{ ".zipx",	"application/zip",		"",		"", NULL },
	{ ".xz",	"application/x-xz",		"",		"", NULL },
	{ ".zst",	"application/x-zstd",		"",		"", NULL },
	{ ".sz",	"application/x-snappy-framed",	"",		"", NULL },
	{ ".lz",	"application/x-lzip",		"",		"", NULL },
	{ ".lzma",	"application/x-lzma",		"",		"", NULL },
	{ ".lzo",	"application/x-lzop",		"",		"", NULL },
	{ ".7z",	"application/x-7z-compressed",	"",		"", NULL },
	{ ".lzo",	"application/x-lzop",		"",		"", NULL },
	{ ".cab",	"application/vnd.ms-cab-compressed", "",	"", NULL },
	{ ".dmg",	"application/x-apple-diskimage","",		"", NULL },
	{ ".jar",	"application/java-archive",	"",		"", NULL },
	{ ".rar",	"application/x-rar-compressed",	"",		"", NULL },
	{ ".au",	"audio/basic",			"",		"", NULL },
	{ ".snd",	"audio/basic",			"",		"", NULL },
	{ ".mpga",	"audio/mpeg",			"",		"", NULL },
	{ ".mp2",	"audio/mpeg",			"",		"", NULL },
	{ ".m4a",	"audio/mp4",			"",		"", NULL },
	{ ".aif",	"audio/x-aiff",			"",		"", NULL },
	{ ".aiff",	"audio/x-aiff",			"",		"", NULL },
	{ ".aifc",	"audio/x-aiff",			"",		"", NULL },
	{ ".ram",	"audio/x-pn-realaudio",		"",		"", NULL },
	{ ".rpm",	"audio/x-pn-realaudio-plugin",	"",		"", NULL },
	{ ".ra",	"audio/x-realaudio",		"",		"", NULL },
	{ ".wav",	"audio/x-wav",			"",		"", NULL },

	{ ".sgm",	"text/x-sgml",			"",		"", NULL },
	{ ".mpeg",	"video/mpeg",			"",		"", NULL },
	{ ".mpg",	"video/mpeg",			"",		"", NULL },
	{ ".mpe",	"video/mpeg",			"",		"", NULL },
	{ ".ts",	"video/mpeg",			"",		"", NULL },
	{ ".vob",	"video/mpeg",			"",		"", NULL },
	{ ".mp4",	"video/mp4",			"",		"", NULL },
	{ ".m4v",	"video/mp4",			"",		"", NULL },
	{ ".qt",	"video/quicktime",		"",		"", NULL },
	{ ".mov",	"video/quicktime",		"",		"", NULL },
	{ ".avi",	"video/x-msvideo",		"",		"", NULL },
	{ ".movie",	"video/x-sgi-movie",		"",		"", NULL },
	{ ".ice",	"x-conference/x-cooltalk",	"",		"", NULL },
	{ ".wrl",	"x-world/x-vrml",		"",		"", NULL },
	{ ".vrml",	"x-world/x-vrml",		"",		"", NULL },
	{ ".svg",	"image/svg+xml",		"",		"", NULL },
	{ NULL,		NULL,		NULL,		NULL, NULL }
};

static bozo_content_map_t *
search_map(bozo_content_map_t *map, const char *name, size_t len)
{

	for ( ; map && map->name; map++) {
		const size_t namelen = strlen(map->name);

		if (namelen < len &&
		    strcasecmp(map->name, name + (len - namelen)) == 0)
			return map;
	}
	return NULL;
}

/* match a suffix on a file - dynamiconly means no static content search */
bozo_content_map_t *
bozo_match_content_map(bozohttpd_t *httpd, const char *name,
		       const int dynamiconly)
{
	bozo_content_map_t	*map;
	size_t			 len;

	len = strlen(name);
	map = search_map(httpd->dynamic_content_map, name, len);


	if (map == NULL && !dynamiconly)
		map = search_map(static_content_map, name, len);



	return map;
}

/*
 * given the file name, return a valid Content-Type: value.
 */

const char *
bozo_content_type(bozo_httpreq_t *request, const char *file)
{
	bozohttpd_t *httpd = request->hr_httpd;
	bozo_content_map_t	*map;

	map = bozo_match_content_map(httpd, file, 0);

/*	$NetBSD: daemon-bozo.c,v 1.22 2020/10/15 04:21:53 mrg Exp $	*/

/*	$eterna: daemon-bozo.c,v 1.24 2011/11/18 09:21:15 mrg Exp $	*/

/*
 * Copyright (c) 1997-2019 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.

#endif
#ifndef POLLRDBAND
#define POLLRDBAND 0
#endif
#ifndef INFTIM
#define INFTIM -1
#endif
#ifndef USE_ARG
#define USE_ARG(x)	/*LINTED*/(void)&(x)
#endif

static const char* pidfile_path = NULL;
static pid_t pidfile_pid = 0;


static void
sigchild(int signo)
{
	USE_ARG(signo);
	while (waitpid(-1, NULL, WNOHANG) > 0)

		/* nothing */;
}

/* Signal handler to exit in a controlled manner.  This ensures that
 * any atexit(3) handlers are properly executed. */

BOZO_DEAD static void
controlled_exit(int signo)
{
	USE_ARG(signo);
	exit(EXIT_SUCCESS);
}

static void
remove_pidfile(void)
{

void
bozo_daemon_init(bozohttpd_t *httpd)
{
	struct addrinfo h, *r, *r0;
	const char	*portnum;
	int e, i, on = 1;

	if (!httpd->background && !httpd->foreground)
		return;

	if (!httpd->background)
		httpd->background = 1;

	portnum = (httpd->bindport) ? httpd->bindport : "http";
	
	memset(&h, 0, sizeof(h));
	h.ai_family = PF_UNSPEC;
	h.ai_socktype = SOCK_STREAM;
	h.ai_flags = AI_PASSIVE;

	dup2(fd, 0);
	dup2(fd, 1);
	/*dup2(fd, 2);*/
	close(fd);
}

static int
daemon_poll_err(bozohttpd_t *httpd, int idx)
{
	if ((httpd->fds[idx].revents & (POLLNVAL|POLLERR|POLLHUP)) == 0)
		return 0;

	bozowarn(httpd, "poll on fd %d pid %d revents %d: %s",
	    httpd->fds[idx].fd, getpid(), httpd->fds[idx].revents,
	    strerror(errno));

			    errno == EAGAIN)
				sleep(1);

			goto again;
		}

		for (i = 0; i < httpd->nsock; i++) {
			if (daemon_poll_err(httpd, i))
				break;
			if (httpd->fds[i].revents == 0)
				continue;

			slen = sizeof(ss);
			fd = accept(httpd->fds[i].fd,
					(struct sockaddr *)(void *)&ss, &slen);

/*	$NetBSD: dir-index-bozo.c,v 1.34 2020/10/15 02:19:23 mrg Exp $	*/

/*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/

/*
 * Copyright (c) 1997-2020 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.

#ifndef NO_DIRINDEX_SUPPORT

#include <sys/param.h>

#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
#include <assert.h>

#include "bozohttpd.h"









/*
 * output a directory index.  return 1 if it actually did something..
 */
int
bozo_dir_index(bozo_httpreq_t *request, const char *dirpath, int isindex)
{
	bozohttpd_t *httpd = request->hr_httpd;
	struct stat sb;
	struct dirent **de, **deo;

	DIR *dp;
	char buf[MAXPATHLEN];

	char *file = NULL, *printname = NULL, *p;
	int k, j, fd;
	ssize_t rlen;

	if (!isindex || !httpd->dir_indexing)
		return 0;

	if (strlen(dirpath) <= strlen(httpd->index_html))
		dirpath = ".";
	else {
		file = bozostrdup(httpd, request, dirpath);

		file[strlen(file) - strlen(httpd->index_html)] = '\0';
		dirpath = file;
	}
	debug((httpd, DEBUG_FAT, "bozo_dir_index: dirpath '%s'", dirpath));
	if (stat(dirpath, &sb) < 0 ||
	    (dp = opendir(dirpath)) == NULL) {
		if (errno == EPERM)
			bozo_http_error(httpd, 403, request,
					"no permission to open directory");
		else if (errno == ENOENT)
			bozo_http_error(httpd, 404, request, "no file");
		else
			bozo_http_error(httpd, 500, request, "open directory");

		goto done;
		/* NOTREACHED */
	}

	bozo_printf(httpd, "%s 200 OK\r\n", request->hr_proto);

	if (request->hr_proto != httpd->consts.http_09) {

		bozoasprintf(httpd, &printname, "~%s/%s",
			     request->hr_user, request->hr_file);
	} else
		printname = bozostrdup(httpd, request, request->hr_file);
#else
	printname = bozostrdup(httpd, request, request->hr_file);
#endif /* !NO_USER_SUPPORT */
	if ((p = strstr(printname, httpd->index_html)) != NULL) {
		if (strcmp(printname, httpd->index_html) == 0)
			strcpy(printname, "/");	/* is ``slashdir'' */
		else
			*p = '\0';		/* strip unwanted ``index_html'' */
	}
	if ((p = bozo_escape_html(httpd, printname)) != NULL) {
		free(printname);
		printname = p;
	}

	bozo_printf(httpd,
		"<!DOCTYPE html>\r\n"
		"<html><head><meta charset=\"utf-8\"/>\r\n"
		"<style type=\"text/css\">\r\n"
		"table {\r\n"
		"\tborder-top: 1px solid black;\r\n"
		"\tborder-bottom: 1px solid black;\r\n"
		"}\r\n"
		"th { background: aquamarine; }\r\n"
		"tr:nth-child(even) { background: lavender; }\r\n"
		"</style>\r\n");
	bozo_printf(httpd, "<title>Index of %s</title></head>\r\n",
		printname);
	bozo_printf(httpd, "<body><h1>Index of %s</h1>\r\n",
		printname);
	bozo_printf(httpd,



		"<table cols=3>\r\n<thead>\r\n"
		"<tr><th>Name<th>Last modified<th align=right>Size\r\n"
		"<tbody>\r\n");




	for (j = k = scandir(dirpath, &de, NULL, alphasort), deo = de;
	    j--; de++) {
		int nostat = 0;
		char *name = (*de)->d_name;
		char *urlname, *htmlname;

		if (strcmp(name, ".") == 0 ||
		    (strcmp(name, "..") != 0 &&
		     httpd->hide_dots && name[0] == '.'))
			continue;

		if (bozo_check_special_files(request, name, false))
			continue;

		snprintf(buf, sizeof buf, "%s/%s", dirpath, name);
		if (stat(buf, &sb))
			nostat = 1;



		urlname = bozo_escape_rfc3986(httpd, name, 0);
		htmlname = bozo_escape_html(httpd, name);
		if (htmlname == NULL)
			htmlname = name;
		bozo_printf(httpd, "<tr><td>");
		if (strcmp(name, "..") == 0) {
			bozo_printf(httpd, "<a href=\"../\">");
			bozo_printf(httpd, "Parent Directory");
		} else if (!nostat && S_ISDIR(sb.st_mode)) {
			bozo_printf(httpd, "<a href=\"%s/\">", urlname);
			bozo_printf(httpd, "%s/", htmlname);
		} else if (strchr(name, ':') != NULL) {
			/* RFC 3986 4.2 */
			bozo_printf(httpd, "<a href=\"./%s\">", urlname);
			bozo_printf(httpd, "%s", htmlname);
		} else {
			bozo_printf(httpd, "<a href=\"%s\">", urlname);
			bozo_printf(httpd, "%s", htmlname);
		}
		if (htmlname != name)
			free(htmlname);
		bozo_printf(httpd, "</a>");











		if (nostat)
			bozo_printf(httpd, "<td>?<td>?\r\n");
		else {
			unsigned long long len;

			strftime(buf, sizeof buf, "%d-%b-%Y %R", gmtime(&sb.st_mtime));
			bozo_printf(httpd, "<td>%s", buf);










			len = ((unsigned long long)sb.st_size + 1023) / 1024;
			bozo_printf(httpd, "<td align=right>%llukB", len);

		}
		bozo_printf(httpd, "\r\n");
	}

	closedir(dp);
	while (k--)
        	free(deo[k]);
	free(deo);
	bozo_printf(httpd, "</table>\r\n");
	if (httpd->dir_readme != NULL) {
		if (httpd->dir_readme[0] == '/')
			snprintf(buf, sizeof buf, "%s", httpd->dir_readme);
		else
			snprintf(buf, sizeof buf, "%s/%s", dirpath, httpd->dir_readme);
		fd = open(buf, O_RDONLY);
		if (fd != -1) {
			bozo_flush(httpd, stdout);
			do {
				rlen = read(fd, buf, sizeof buf);
				if (rlen <= 0)
					break;
				bozo_write(httpd, STDOUT_FILENO, buf, rlen);
			} while (1);
			close(fd);
		}
	}
	bozo_printf(httpd, "</body></html>\r\n\r\n");
	bozo_flush(httpd, stdout);

done:
	free(file);
	free(printname);
	return 1;
}
#endif /* NO_DIRINDEX_SUPPORT */

MAN=	libbozohttpd.3
WARNS=	4

INCS=	bozohttpd.h
INCSDIR=	/usr/include





LDADD+=	-lssl -lcrypto
DPADD+=	${LIBSSL} ${LIBCRYPTO}







.include <bsd.lib.mk>

.\" $NetBSD: libbozohttpd.3,v 1.6 2021/02/27 12:36:46 mrg Exp $
.\"
.\" $eterna: libbozohttpd.3,v 1.2 2010/05/10 02:48:23 mrg Exp $
.\"
.\" Copyright (c) 2009, 2021 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This manual page is derived from software contributed to The
.\" NetBSD Foundation by Alistair Crooks (agc@NetBSD.org)
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions

.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd February 11, 2021
.Dt LIBBOZOHTTPD 3
.Os
.Sh NAME
.Nm libbozohttpd
.Nd embedded web server library
.Sh LIBRARY
.Lb libbozohttpd
.Sh SYNOPSIS
.In bozohttpd.h
.Ft int
.Fo bozo_set_pref
.Fa "bozohttpd_t *httpd" "bozoprefs_t *prefs" "char *name" "char *value"
.Fc
.Ft char *
.Fo bozo_get_pref
.Fa "bozoprefs_t *prefs" "char *name"
.Fc
.Ft int
.Fo bozo_set_defaults

.Fo bozo_process_request
.Fa "bozo_httpreq_t *"
.Fc
.Ft void
.Fo bozo_clean_request
.Fa "bozo_httpreq_t *"
.Fc
.Ft void
.Fo bozo_cleanup
.Fa "bozohttpd_t *httpd" "bozoprefs_t *prefs"
.Fc
.Sh DESCRIPTION
.Nm
is a library interface to the
.Xr bozohttpd 8
web server.
The
.Nm

.Fn bozo_set_pref
function
and queried using the two
.Fn bozo_get_pref
function.
This is the main interface for selecting options, and for
setting preferences.
The memory allocated by
.Fn bozo_setup
for both the httpd structure and the preferences will be freed.
.Sh SEE ALSO
.Xr gethostname 3 ,
.Xr ssl 3 ,
.Xr services 5 ,
.Xr httpd 8
.Sh HISTORY
The

/*	$NetBSD: lua-bozo.c,v 1.15 2017/05/28 22:37:36 alnsn Exp $	*/

/*
 * Copyright (c) 2013 Marc Balmer <marc@msys.ch>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions

#if LUA_VERSION_NUM < 502
#define LUA_HTTPDLIBNAME "httpd"
#endif

#define FORM	"application/x-www-form-urlencoded"

static bozohttpd_t *
httpd_instance(lua_State *L)
{
	bozohttpd_t *httpd;

	lua_pushstring(L, "bozohttpd");
	lua_gettable(L, LUA_REGISTRYINDEX);
	httpd = lua_touserdata(L, -1);
	lua_pop(L, 1);

	return httpd;
}

static int
lua_flush(lua_State *L)
{
	bozohttpd_t *httpd = httpd_instance(L);

	bozo_flush(httpd, stdout);
	return 0;
}

static int
lua_print(lua_State *L)
{
	bozohttpd_t *httpd = httpd_instance(L);






	bozo_printf(httpd, "%s\r\n", lua_tostring(L, 1));
	return 0;
}

static int
lua_read(lua_State *L)
{
	bozohttpd_t *httpd = httpd_instance(L);
	luaL_Buffer lbuf;
	char *data;
	lua_Integer len;


	ssize_t n;


	len = luaL_checkinteger(L, 1);
	data = luaL_buffinitsize(L, &lbuf, (size_t)len);

	if ((n = bozo_read(httpd, STDIN_FILENO, data, len)) >= 0) {


		luaL_pushresultsize(&lbuf, n);
		return 1;
	} else {
		lua_pushnil(L);

		lua_pushstring(L, "bozo_read() call failed");
		return 2;
	}
}

static int
lua_register_handler(lua_State *L)
{
	bozohttpd_t *httpd = httpd_instance(L);
	lua_state_map_t *map;
	lua_handler_t *handler;
	const char *name;
	int ref;

	lua_pushstring(L, "lua_state_map");
	lua_gettable(L, LUA_REGISTRYINDEX);
	map = lua_touserdata(L, -1);



	lua_pop(L, 1);

	name = luaL_checkstring(L, 1);

	luaL_checktype(L, 2, LUA_TFUNCTION);
	lua_pushvalue(L, 2);
	ref = luaL_ref(L, LUA_REGISTRYINDEX);

	handler = bozomalloc(httpd, sizeof(lua_handler_t));

	handler->name = bozostrdup(httpd, NULL, name);
	handler->ref = ref;
	SIMPLEQ_INSERT_TAIL(&map->handlers, handler, h_next);
	httpd->process_lua = 1;
	return 0;
}

static int
lua_write(lua_State *L)
{
	bozohttpd_t *httpd = httpd_instance(L);
	const char *data;
	size_t len;


	ssize_t n;


	data = luaL_checklstring(L, 1, &len);
	if ((n = bozo_write(httpd, STDIN_FILENO, data, len)) >= 0) {
		lua_pushinteger(L, n);
		return 1;
	} else {
		lua_pushnil(L);
		lua_pushstring(L, "bozo_write() call failed");
		return 2;
	}
}

static int
luaopen_httpd(lua_State *L)
{
	static struct luaL_Reg functions[] = {
		{ "flush",		lua_flush },
		{ "print",		lua_print },
		{ "read",		lua_read },
		{ "register_handler",	lua_register_handler },
		{ "write",		lua_write },
		{ NULL, NULL }
	};

-- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-- POSSIBILITY OF SUCH DAMAGE.
--

-- command line args
dofile "optparse.lua"

opt = OptionParser{usage="%prog [options] root [vhost]", version="20180502"}                           

opt.add_option{"-C", "--cgimap", action="store", dest="cgimap", help="--cgimap 's t'"}
opt.add_option{"-E", "--enable-user-cgibin", action="store_true", dest="enableusercgibin", help="--enable-user-cgibin"}
opt.add_option{"-H", "--hide-dots", action="store_true", dest="hidedots", help="--hide-dots"}
opt.add_option{"-I", "--portnum", action="store", dest="portnum", help="--portnum number"}
opt.add_option{"-M", "--dynamicmime", action="store", dest="dynmime", help="--dynamicmime 'suffix type a b'"}
opt.add_option{"-S", "--server-software", action="store", dest="serversw", help="--server-software name"}

httpd = bozohttpd.new()
bozohttpd.init_httpd(httpd)
prefs = bozohttpd.init_prefs()

-- parse command line args
options,args = opt.parse_args()
if options.portnum then
        bozohttpd.set_pref(httpd, prefs, "port number", options.portnum)
end
if options.background then
        bozohttpd.set_pref(httpd, prefs, "background", options.background)
end
if options.numeric then
        bozohttpd.set_pref(httpd, prefs, "numeric", "true")
end
if options.logstderr then
        bozohttpd.set_pref(httpd, prefs, "log to stderr", "true")
end
if options.foreground then
        bozohttpd.set_pref(httpd, prefs, "foreground", "true")
end
if options.trustedref then
        bozohttpd.set_pref(httpd, prefs, "trusted referal", "true")
end
if options.dynmime then
	suffix, type, s1, s2 = string.find(options.dynmime,
					"(%S+)%s+(%S+)%s+(%S+)%s+(%S+)")
        bozohttpd.dynamic_mime(httpd, suffix, type, s1, s2)
end
if options.serversw then
        bozohttpd.set_pref(httpd, prefs, "server software", options.serversw)
end
if options.ssl then
	cert, priv = string.find(options.ssl, "(%S+)%s+(%S+)")
        bozohttpd.dynamic_mime(httpd, cert, priv)
end
if options.username then
        bozohttpd.set_pref(httpd, prefs, "username", options.username)
end
if options.unknownslash then
        bozohttpd.set_pref(httpd, prefs, "unknown slash", "true")
end
if options.virtbase then
        bozohttpd.set_pref(httpd, prefs, "virtual base", options.virtbase)
end
if options.indexhtml then
        bozohttpd.set_pref(httpd, prefs, "index.html", options.indexhtml)
end
if options.dirtyenv then
        bozohttpd.set_pref(httpd, prefs, "dirty environment", "true")
end
if options.bindaddr then
        bozohttpd.set_pref(httpd, prefs, "bind address", options.bindaddr)
end
if options.cgibin then
        bozohttpd.cgi_setbin(httpd, options.cgibin)
end
if options.cgimap then
	name, handler = string.find(options.cgimap, "(%S+)%s+(%S+)")
        bozohttpd.cgi_map(httpd, name, handler)
end
if options.public_html then
        bozohttpd.set_pref(httpd, prefs, "public_html", options.public_html)
end
if options.chroot then
        bozohttpd.set_pref(httpd, prefs, "chroot dir", options.chroot)
end
if options.enableusers then
        bozohttpd.set_pref(httpd, prefs, "enable users", "true")
end
if options.hidedots then
        bozohttpd.set_pref(httpd, prefs, "hide dots", "true")
end
if options.enableusercgibin then
        bozohttpd.set_pref(httpd, prefs, "enable user cgibin", "true")
end
if options.dirindex then
        bozohttpd.set_pref(httpd, prefs, "directory indexing", "true")
end

if #args < 1 then
	print("At least one arg needed for root directory")
else
	-- set up connections
	local vhost = args[2] or ""
	bozohttpd.setup(httpd, prefs, vhost, args[1])

	-- loop, serving requests
	local numreps = options.background or 0
	repeat
		req = bozohttpd.read_request(httpd)
		bozohttpd.process_request(req)
		bozohttpd.clean_request(req)
	until numreps == 0
end

#ifndef __UNCONST
#define __UNCONST(a) ((void *)(unsigned long)(const void *)(a))
#endif /* !__UNCONST */

int luaopen_bozohttpd(lua_State *);



















/* init() */
static int
l_new(lua_State *L)
{
	bozohttpd_t	*httpd;

	httpd = lua_newuserdata(L, sizeof(*httpd));

	prefs = lua_newuserdata(L, sizeof(*prefs));
	(void) memset(prefs, 0x0, sizeof(*prefs));
	httpd = lua_touserdata(L, 1);
	(void) bozo_init_prefs(httpd, prefs);
	return 1;
}

/* bozo_set_pref(httpd, prefs, name, value) */
static int
l_bozo_set_pref(lua_State *L)
{
	bozohttpd_t	*httpd;
	bozoprefs_t	*prefs;
	const char	*name;
	const char	*value;

	httpd = lua_touserdata(L, 1);
	prefs = lua_touserdata(L, 2);
	name = luaL_checkstring(L, 3);
	value = luaL_checkstring(L, 4);
	lua_pushnumber(L, bozo_set_pref(httpd, prefs, name, value));
	return 1;
}

/* bozo_get_pref(prefs, name) */
static int
l_bozo_get_pref(lua_State *L)
{

	httpd = lua_touserdata(L, 1);
	req = bozo_read_request(httpd);
	lua_pushlightuserdata(L, req);
	return 1;
}

/* bozo_process_request(req) */
static int
l_bozo_process_request(lua_State *L)
{
	bozo_httpreq_t	*req;


	req = lua_touserdata(L, 1);
	if (req == NULL) {
		return 0;
	}
	bozo_process_request(req);
	lua_pushnumber(L, 1);
	return 1;
}

/* bozo_clean_request(req) */
static int
l_bozo_clean_request(lua_State *L)
{
	bozo_httpreq_t	*req;

	req = lua_touserdata(L, 1);
	if (req == NULL) {
		return 0;
	}
	bozo_clean_request(req);
	lua_pushnumber(L, 1);
	return 1;
}

/* dynamic_mime(httpd, one, two, three, four) */
static int

	s[0] = luaL_checkstring(L, 2);
	s[1] = luaL_checkstring(L, 3);
	bozo_add_content_map_cgi(httpd, s[0], s[1]);
	lua_pushnumber(L, 1);
	return 1;
}

const struct luaL_Reg libluabozohttpd[] = {
	{ "new",		l_new },
	{ "init_httpd",		l_init_httpd },
	{ "init_prefs",		l_init_prefs },

	{ "set_pref",		l_bozo_set_pref },
	{ "get_pref",		l_bozo_get_pref },
	{ "setup",		l_bozo_setup },

	{ NULL,			NULL }
};

int 
luaopen_bozohttpd(lua_State *L)
{
#if LUA_VERSION_NUM >= 502
        luaL_newlib(L, libluabozohttpd);
#else
        luaL_register(L, "bozohttpd", libluabozohttpd); 
#endif
	return 1;
}

    option_descriptions[#option_descriptions+1] = optdesc
    for _,v in ipairs(optdesc) do
      option_of[v] = optdesc
    end
  end
  function o.parse_args()
    -- expand options (e.g. "--input=file" -> "--input", "file")
    local arg = {table.unpack(arg)}
    for i=#arg,1,-1 do local v = arg[i]
      local flag, val = v:match('^(%-%-%w+)=(.*)')
      if flag then
        arg[i] = flag
        table.insert(arg, i+1, val)
      end
    end

/*	$NetBSD: main.c,v 1.27 2021/02/27 12:36:46 mrg Exp $	*/

/*	$eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $	*/
/* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp 	*/

/*
 * Copyright (c) 1997-2021 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.

/* print a usage message, and then exit */
BOZO_DEAD static void
usage(bozohttpd_t *httpd, char *progname)
{
	bozowarn(httpd, "usage: %s [options] slashdir [virtualhostname]",
			progname);
	bozowarn(httpd, "options:");

	if (have_daemon_mode)
		bozowarn(httpd, "   -b\t\t\tbackground in daemon mode");
	if (have_cgibin &&
	    have_dynamic_content)
		bozowarn(httpd, "   -C suffix handler\tadd this CGI handler "
				"for paths ending with `suffix'");
	if (have_cgibin)
		bozowarn(httpd, "   -c cgibin\t\tenable cgi-bin support in "
				"this directory");
	if (have_debug)
		bozowarn(httpd, "   -d\t\t\tenable debug support");

	if (have_user &&
	    have_cgibin)
		bozowarn(httpd, "   -E\t\t\tenable CGI support for user dirs");
	if (have_core)



		bozowarn(httpd, "   -e\t\t\tdon't clean the environment "
				"(-t and -U only)");
	if (have_daemon_mode)
		bozowarn(httpd, "   -f\t\t\tforeground in daemon mode");

	if (have_core)
		bozowarn(httpd, "   -G\t\t\tprint version number and exit");
	if (have_dirindex)
		bozowarn(httpd, "   -H\t\t\thide files starting with a period "
				"(.) in index mode");
	if (have_core)
		bozowarn(httpd, "   -I port\t\tbind or use on this port");
	if (have_daemon_mode)
		bozowarn(httpd, "   -i address\t\tbind on this address "
				"(daemon mode only)");
	if (have_lua)
		bozowarn(httpd, "   -L prefix script\tadd this Lua script for "
				"paths starting with `prefix'");
	if (have_dynamic_content)
		bozowarn(httpd, "   -M suffix t c c11\tadd this mime entry");

	if (have_core)
		bozowarn(httpd, "   -n\t\t\tdon't resolve host names");
	if (have_daemon_mode)
		bozowarn(httpd, "   -P pidfile\t\tpid file path");
	if (have_user)
		bozowarn(httpd, "   -p dir\t\t\"public_html\" directory name");

	if (have_core) {
		bozowarn(httpd, "   -S version\t\tset server version string");
		bozowarn(httpd, "   -s\t\t\talways log to stderr");
		bozowarn(httpd, "   -T type timeout\t"
				"set <ssl|initial|header|request> timeout");
		bozowarn(httpd, "   -t dir\t\tchroot to `dir'");
		bozowarn(httpd, "   -U user\t\tchange user to `user'");
	}
	if (have_user)
		bozowarn(httpd, "   -u\t\t\tenable ~user/public_html support");

	if (have_core) {
		bozowarn(httpd, "   -V\t\t\tUnknown virtual hosts go to "
				"`slashdir'");
		bozowarn(httpd, "   -v virtualroot\tenable virtual host "
				"support in this directory");
	}

	if (have_dirindex)
		bozowarn(httpd, "   -X\t\t\tdirectory index support");




	if (have_core)
		bozowarn(httpd, "   -x index\t\tdefault \"index.html\" "
				"file name");

	if (have_ssl) {


		bozowarn(httpd, "   -Z cert privkey\tspecify path to server "
				"certificate and private key file\n"
				"\t\t\tin pem format and enable bozohttpd in "
				"SSL mode");
		bozowarn(httpd, "   -z ciphers\t\tspecify SSL ciphers");
	}

	bozoerr(httpd, 1, "%s failed to start", progname);
}

int
main(int argc, char **argv)
{
	bozo_httpreq_t	*request;

	bozo_set_defaults(&httpd, &prefs);

	/*
	 * -r option was removed, do not reuse it for a while
	 */

	while ((c = getopt(argc, argv,
	    "C:EGHI:L:M:P:R:S:T:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) {
		switch (c) {

		case 'b':






			if (!have_daemon_mode)



 no_daemon_mode:



				bozoerr(&httpd, 1, "Daemon mode not enabled");











































































			/*
			 * test suite support - undocumented
			 * background == 2 (aka, -b -b) means to
			 * only process 1 per kid
			 */
			val = bozo_get_pref(&prefs, "background") == NULL ?
			    "1" : "2";
			bozo_set_pref(&httpd, &prefs, "background", val);
			break;

		case 'C':



			if (!have_dynamic_content ||



			    !have_cgibin)





















				bozoerr(&httpd, 1,
				    "dynamic CGI handler support not enabled");


			/* make sure there's two arguments */
			if (argc - optind < 1)
				usage(&httpd, progname);
			bozo_add_content_map_cgi(&httpd, optarg,
					argv[optind++]);
			break;

		case 'c':
			if (!have_cgibin)
				bozoerr(&httpd, 1, "CGI not enabled");

			bozo_cgi_setbin(&httpd, optarg);
			break;

		case 'd':
			if (!have_debug)


				bozowarn(&httpd, "Debugging not enabled");


			httpd.debug++;


			break;




		case 'E':
			if (!have_user ||
			    !have_cgibin)
				bozoerr(&httpd, 1, "CGI not enabled");











			bozo_set_pref(&httpd, &prefs, "enable user cgibin",
				      "true");
			break;








		case 'e':










			bozo_set_pref(&httpd, &prefs, "dirty environment",
				      "true");
			break;

		case 'f':
			if (!have_daemon_mode)
				goto no_daemon_mode;

			bozo_set_pref(&httpd, &prefs, "foreground", "true");
			break;

		case 'G':
			{
				char	version[128];

				bozo_get_version(version, sizeof(version));
				printf("bozohttpd version %s\n", version);
			}
			return 0;

		case 'H':
			if (!have_dirindex)
 no_dirindex_support:
				bozoerr(&httpd, 1,
					"directory indexing not enabled");

			bozo_set_pref(&httpd, &prefs, "hide dots", "true");
			break;

		case 'I':
			bozo_set_pref(&httpd, &prefs, "port number", optarg);
			break;

		case 'i':
			if (!have_daemon_mode)
				goto no_daemon_mode;

			bozo_set_pref(&httpd, &prefs, "bind address", optarg);
			break;

		case 'L':
			if (!have_lua)
				bozoerr(&httpd, 1, "Lua support not enabled");

			/* make sure there's two argument */
			if (argc - optind < 1)
				usage(&httpd, progname);
			bozo_add_lua_map(&httpd, optarg, argv[optind]);
			optind++;
			break;

		case 'M':
			if (!have_dynamic_content)
				bozoerr(&httpd, 1,
				    "dynamic mime content support not enabled");

			/* make sure there're four arguments */
			if (argc - optind < 3)
				usage(&httpd, progname);
			bozo_add_content_map_mime(&httpd, optarg, argv[optind],
			    argv[optind+1], argv[optind+2]);
			optind += 3;
			break;

		case 'n':
			bozo_set_pref(&httpd, &prefs, "numeric", "true");
			break;

		case 'P':
			if (!have_daemon_mode)
				goto no_daemon_mode;

			bozo_set_pref(&httpd, &prefs, "pid file", optarg);
			break;

		case 'p':
			if (!have_user)
 no_user_support:
				bozoerr(&httpd, 1, "User support not enabled");

			bozo_set_pref(&httpd, &prefs, "public_html", optarg);
			break;

		case 'R':
			bozo_set_pref(&httpd, &prefs, "directory index readme",
				      optarg);
			break;

		case 'S':
			bozo_set_pref(&httpd, &prefs, "server software",
				      optarg);
			break;

		case 's':
			bozo_set_pref(&httpd, &prefs, "log to stderr", "true");
			break;

		case 'T':
			/* make sure there're two arguments */
			if (argc - optind < 1)
				usage(&httpd, progname);
			if (bozo_set_timeout(&httpd, &prefs,
					     optarg, argv[optind])) {
				bozoerr(&httpd, 1,
					"invalid type '%s'", optarg);
				/* NOTREACHED */
			}
			optind++;
			break;

		case 't':
			bozo_set_pref(&httpd, &prefs, "chroot dir", optarg);
			break;

		case 'U':
			bozo_set_pref(&httpd, &prefs, "username", optarg);
			break;

		case 'u':
			if (!have_user)
				goto no_user_support;

			bozo_set_pref(&httpd, &prefs, "enable users", "true");
			break;

		case 'V':
			bozo_set_pref(&httpd, &prefs, "unknown slash", "true");
			break;

		case 'v':
			bozo_set_pref(&httpd, &prefs, "virtual base", optarg);
			break;

		case 'X':
			if (!have_dirindex)
				goto no_dirindex_support;

			bozo_set_pref(&httpd, &prefs, "directory indexing",
				      "true");
			break;

		case 'x':
			bozo_set_pref(&httpd, &prefs, "index.html", optarg);
			break;

		case 'Z':
			if (!have_ssl)
 no_ssl:
				bozoerr(&httpd, 1, "ssl support not enabled");

			/* make sure there's two arguments */
			if (argc - optind < 1)
				usage(&httpd, progname);
			bozo_ssl_set_opts(&httpd, optarg, argv[optind++]);
			break;

		case 'z':
			if (!have_ssl)
				goto no_ssl;

			bozo_ssl_set_ciphers(&httpd, optarg);
			break;

		default:
			usage(&httpd, progname);
			/* NOTREACHED */
		}
	}

	 */
	do {
		if ((request = bozo_read_request(&httpd)) != NULL) {
			bozo_process_request(request);
			bozo_clean_request(request);
		}
	} while (httpd.background);

	bozo_cleanup(&httpd, &prefs);

	return (0);
}

-- $NetBSD: printenv.lua,v 1.4 2020/08/25 20:02:33 leot Exp $

-- this small Lua script demonstrates the use of Lua in (bozo)httpd
-- it will simply output the "environment"

-- Keep in mind that bozohttpd forks for each request when started in
-- daemon mode, you can set global variables here, but they will have
-- the same value on each invocation.  You can not keep state between
-- two calls.

-- You can test this example by running the following command:
-- /usr/libexec/httpd -b -f -I 8080 -L test printenv.lua .
-- and then navigate to: http://127.0.0.1:8080/test/printenv

#	$eterna: Makefile,v 1.1 2009/05/22 21:51:39 mrg Exp $

# build a 100% lean bozohttpd-small.c
PROG=	bozohttpd-small
NOMAN=	# defined
SRCS=	bozohttpd-small.c content-bozo-small.c ssl-bozo.c main.c:

LEAN_IFDEF_FLAGS=	-UDEBUG -DNO_USER_SUPPORT \
			-DNO_CGIBIN_SUPPORT -DNO_DIRINDEX_SUPPORT \
			-DNO_DAEMON_MODE -DNO_DYNAMIC_CONTENT \
			-DNO_SSL_SUPPORT -UDO_HTPASSWD \
			-DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT

CFLAGS=	-I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS}

bozohttpd-small.c: bozohttpd.c
	unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp ;\
	if [ $$? -ne 1 ]; then echo "unifdef returned $?, expecting 1" 2>&1; false; fi
	mv -f $@.tmp $@

/*	$NetBSD: ssl-bozo.c,v 1.29 2020/10/15 04:21:53 mrg Exp $	*/

/*	$eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $	*/

/*
 * Copyright (c) 1997-2020 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.

 *
 */

/* this code implements SSL and backend IO for bozohttpd */

#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>

#include "bozohttpd.h"

#ifndef USE_ARG
#define USE_ARG(x)	/*LINTED*/(void)&(x)
#endif

#ifndef NO_SSL_SUPPORT

#include <openssl/ssl.h>
#include <openssl/err.h>





#ifndef BOZO_SSL_CIPHERS
#define BOZO_SSL_CIPHERS 					\
	"AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:"		\
	"AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:"		\
	"AES:"							\
	"-SHA:"							\
	"!aNULL:!eNULL:"					\
	"!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:"			\
	"!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:"		\
	"!KRB5-DES-CBC3-SHA"
#endif

#ifndef BOZO_SSL_OPTIONS
#define BOZO_SSL_OPTIONS					\
	((long)(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1))
#endif

  /* this structure encapsulates the ssl info */

/* this structure encapsulates the ssl info */
typedef struct sslinfo_t {
	SSL_CTX			*ssl_context;

int
bozo_ssl_accept(bozohttpd_t *httpd)
{
	sslinfo_t *sslinfo = httpd->sslinfo;

	if (sslinfo == NULL || !sslinfo->ssl_context)
		return 0;

	alarm(httpd->ssl_timeout);

	sslinfo->bozossl = SSL_new(sslinfo->ssl_context);
	if (sslinfo->bozossl == NULL)
		bozoerr(httpd, 1, "SSL_new failed");

	SSL_set_rfd(sslinfo->bozossl, 0);
	SSL_set_wfd(sslinfo->bozossl, 1);

	const int ret = SSL_accept(sslinfo->bozossl);
	bozo_check_error_queue(httpd, "accept", ret);

	alarm(0);

	if (bozo_timeout_hit) {
		SSL_free(sslinfo->bozossl);
		sslinfo->bozossl = NULL;
		return 1;
	}

	return ret != 1;
}

void
bozo_ssl_shutdown(bozohttpd_t *httpd)
{
	const sslinfo_t *sslinfo = httpd->sslinfo;

	if (sslinfo && sslinfo->bozossl)
		SSL_shutdown(sslinfo->bozossl);
}

void
bozo_ssl_destroy(bozohttpd_t *httpd)
{
	const sslinfo_t *sslinfo = httpd->sslinfo;

	if (sslinfo && sslinfo->bozossl)

	sslinfo->certificate_file = bozostrdup(httpd, NULL, cert);
	sslinfo->privatekey_file = bozostrdup(httpd, NULL, priv);
	debug((httpd, DEBUG_NORMAL, "using cert/priv files: %s & %s",
	    sslinfo->certificate_file,
	    sslinfo->privatekey_file));
	if (!httpd->bindport)
		httpd->bindport = bozostrdup(httpd, NULL, BOZO_HTTPS_PORT);
}

void
bozo_ssl_set_ciphers(bozohttpd_t *httpd, const char *ciphers)
{
	sslinfo_t *sslinfo = bozo_get_sslinfo(httpd);

	sslinfo->ciphers = bozostrdup(httpd, NULL, ciphers);
	debug((httpd, DEBUG_NORMAL, "using ciphers: %s", sslinfo->ciphers));
}

#endif /* NO_SSL_SUPPORT */

/*
 * These functions are always present, so that caller code can simply
 * use bozo_*() for IO, regardless of SSL.
 */
int
bozo_printf(bozohttpd_t *httpd, const char *fmt, ...)
{
	va_list	args;
	int	cc;

	USE_ARG(httpd);

	va_start(args, fmt);
#ifndef NO_SSL_SUPPORT
	if (httpd->sslinfo)
		cc = bozo_ssl_printf(httpd, fmt, args);
	else
#endif
		cc = vprintf(fmt, args);
	va_end(args);
	return cc;
}

ssize_t
bozo_read(bozohttpd_t *httpd, int fd, void *buf, size_t len)
{
#ifndef NO_SSL_SUPPORT
	if (httpd->sslinfo)
		return bozo_ssl_read(httpd, fd, buf, len);
#endif
	USE_ARG(httpd);
	return read(fd, buf, len);
}

ssize_t
bozo_write(bozohttpd_t *httpd, int fd, const void *buf, size_t len)
{
#ifndef NO_SSL_SUPPORT
	if (httpd->sslinfo)
		return bozo_ssl_write(httpd, fd, buf, len);
#endif
	USE_ARG(httpd);
	return write(fd, buf, len);
}

int
bozo_flush(bozohttpd_t *httpd, FILE *fp)
{
#ifndef NO_SSL_SUPPORT
	if (httpd->sslinfo)
		return 0;
#endif
	USE_ARG(httpd);
	return fflush(fp);
}

#	$NetBSD: Makefile,v 1.14 2021/02/11 09:23:55 mrg Exp $
#	$eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $

SIMPLETESTS=	t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15 t16 t17 t18
CGITESTS=	t11
BIGFILETESTS=	partial4000 partial8000

BOZOHTTPD?=	../bozohttpd
BOZOHTTPD?=	../debug/bozohttpd-debug
WGET?=		wget
DATA?=		$(.CURDIR)/data 

fi

h=`hostname || uname -n`

sedcmd="s/^Date: .*/Date: nowish/;
	s/^Last-Modified: .*/Last-Modified: nowish/;
	s/[a-zA-Z0-9-]*\.eterna\.com\.au/$h/g;
	s/[a-zA-Z0-9-]*\.eterna23\.net/$h/g;
	s/^Server: .*/^Server: bozotic HTTP server version 5.08/;
	s/^Content-Length: .*/Content-Length: 223/;"

sed -e "$sedcmd" < "$2" > "f1.tmp.$$"
sed -e "$sedcmd" < "$3" > "f2.tmp.$$"

${cmd} "f1.tmp.$$" "f2.tmp.$$"
rv=$?
rm -f "f1.tmp.$$" "f2.tmp.$$"

exit $rv

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 194
Server: bozohttpd/20181215
Allow: GET, HEAD, POST

<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found</h1>
cgi-bin/echo.bat: <pre>This item has not been found</pre>
<hr><address><a href="// /"> </a></address>
</body></html>

get /nic/update HTTP/1.1
Host:

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 197
Server: bozohttpd/20170201
Allow: GET, HEAD, POST

<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found</h1>
auth-dir/updipv4.pl: <pre>This item has not been found</pre>
<hr><address><a href="// /"> </a></address>
</body></html>

get /update:all HTTP/1.1
Host:

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 196
Server: bozohttpd/20170201
Allow: GET, HEAD, POST

<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found</h1>
auth-dir/updall.pl: <pre>This item has not been found</pre>
<hr><address><a href="// /"> </a></address>
</body></html>

GET / HTTP/1.1
Host:
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd

HTTP/1.1 413 Payload Too Large
Content-Type: text/html
Content-Length: 239
Server: bozohttpd/20180824
Allow: GET, HEAD, POST

<html><head><title>413 Payload Too Large</title></head>
<body><h1>413 Payload Too Large</h1>
/: <pre>Use smaller requests</pre>
<hr><address><a href="//space-bird.eterna23.net/">space-bird.eterna23.net</a></address>
</body></html>

GET / HTTP/1.1
Host:
Host:

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 224
Server: bozohttpd/20181118
Allow: GET, HEAD, POST

<html><head><title>400 Bad Request</title></head>
<body><h1>400 Bad Request</h1>
/: <pre>The request was not valid</pre>
<hr><address><a href="//space-bird.eterna23.net/">space-bird.eterna23.net</a></address>
</body></html>

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 251
Server: bozohttpd/20201014
Allow: GET, HEAD, POST

<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found</h1>
/: <pre>This item has not been found</pre>
<hr><address><a href="//yesterday-when-i-was-mad.eterna23.net/">yesterday-when-i-was-mad.eterna23.net</a></address>
</body></html>

HTTP/0.9 200 OK
this is the bozohttpd testsuite ./data/index.html file

HTTP/0.9 403 Forbidden
Content-Type: text/html
Content-Length: 260
Server: bozohttpd/20201014

<html><head><title>403 Forbidden</title></head>
<body><h1>403 Forbidden</h1>
/..: <pre>Access to this item has been denied</pre>
<hr><address><a href="//yesterday-when-i-was-mad.eterna23.net/">yesterday-when-i-was-mad.eterna23.net</a></address>
</body></html>

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 229
Server: bozotic HTTP server version 5.08
Allow: GET, HEAD, POST

<html><head><title>400 Bad Request</title></head>
<body><h1>400 Bad Request</h1>
/: <pre>The request was not valid</pre>
<hr><address><a href="//madrugada.eterna.com.au/">madrugada.eterna.com.au</a></address>
</body></html>

HTTP/1.0 403 Forbidden
Content-Type: text/html
Content-Length: 336
Server: bozohttpd/20030206

<html><head><title>403 Forbidden</title></head>
<body><h1>403 Forbidden</h1>
/cgi-bin/..M-@M-/..M-@M-/..M-@M-/..M-@M-/..M-@M-/../winnt/system32/cmd.exe: <pre>Access to this item has been denied</pre>
<hr><address><a href="//what-time-is-love.eterna.com.au/">what-time-is-love.eterna.com.au</a></address>
</body></html>

HTTP/1.0 404 Not Found
Content-Type: text/html
Content-Length: 335
Server: bozohttpd/5.15

<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found</h1>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: <pre>This item has not been found</pre>
<hr><address><a href="//splode.eterna.com.au/">splode.eterna.com.au</a></address>
</body></html>

#! /bin/sh
# $NetBSD: test-bigfile,v 1.6 2018/12/14 23:57:22 maya Exp $

test="$1"; shift	# partial4000 or partial8000
bozohttpd="$1"; shift
wget="$1"; shift
datadir="$1"; shift
verbose="$1"; shift

tmperr="tmp.$test.err"

if [ "yes" = "$verbose" ]; then
	echo "Running test $test"
else
	exec 2>"$tmperr"
fi

bozotestport=11111

# copy beginning file
cp "${datadir}/bigfile.${test}" ./bigfile

# fire up bozohttpd
${bozohttpd} -b -b -I ${bozotestport} -n -s -f "$@" "${datadir}" "${host}" &
bozopid=$!

"${wget}" -c http://localhost:${bozotestport}/bigfile

kill -9 $bozopid

if cmp ./bigfile "${datadir}/bigfile"; then

#! /bin/sh
# $NetBSD: test-simple,v 1.6 2018/12/14 23:57:22 maya Exp $

test="$1"; shift
bozohttpd="$1"; shift
datadir="$1"; shift
curdir="$1"; shift
verbose="$1"; shift

/*	$NetBSD: tilde-luzah-bozo.c,v 1.16 2018/11/22 08:54:08 mrg Exp $	*/

/*	$eterna: tilde-luzah-bozo.c,v 1.16 2011/11/18 09:21:15 mrg Exp $	*/

/*
 * Copyright (c) 1997-2018 Matthew R. Green
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.

 * bozo_user_transform does this:
 *	- chdir's /~user/public_html
 *	- returns the rest of the file, index.html appended if required
 *	- returned malloced file to serve in request->hr_file,
 *        ala transform_request().
 *
 * transform_request() is supposed to check that we have user support
 * enabled.  returns 0 if handled/error, 1 if continue.
 */
int
bozo_user_transform(bozo_httpreq_t *request)
{
	bozohttpd_t *httpd = request->hr_httpd;
	char	*s, *file = NULL, *user;
	struct	passwd *pw;

		while (*s == '/')
			s++;
	}

	if (pw == NULL) {
		free(request->hr_user);
		request->hr_user = NULL;
		bozo_http_error(httpd, 404, request, "no such user");
		return 0;
	}

	debug((httpd, DEBUG_OBESE, "user %s dir %s/%s uid %d gid %d",
	      pw->pw_name, pw->pw_dir, httpd->public_html,
	      pw->pw_uid, pw->pw_gid));

	if (chdir(pw->pw_dir) < 0) {
		bozowarn(httpd, "chdir1 error: %s: %s", pw->pw_dir,
			strerror(errno));
		bozo_http_error(httpd, 404, request, "can't chdir to homedir");

		return 0;
	}
	if (chdir(httpd->public_html) < 0) {
		bozowarn(httpd, "chdir2 error: %s: %s", httpd->public_html,
			strerror(errno));
		bozo_http_error(httpd, 404, request,
				"can't chdir to public_html");
		return 0;
	}
	if (s == NULL || *s == '\0') {
		file = bozostrdup(httpd, request, "/");
	} else {
		file = bozomalloc(httpd, strlen(s) + 2);
		strcpy(file, "/");