Annotation of mandoc/cgi.c, Revision 1.111
1.111 ! schwarze 1: /* $Id: cgi.c,v 1.110 2015/10/13 22:59:54 schwarze Exp $ */
1.6 kristaps 2: /*
1.42 kristaps 3: * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
1.106 schwarze 4: * Copyright (c) 2014, 2015 Ingo Schwarze <schwarze@usta.de>
1.6 kristaps 5: *
6: * Permission to use, copy, modify, and distribute this software for any
7: * purpose with or without fee is hereby granted, provided that the above
8: * copyright notice and this permission notice appear in all copies.
9: *
1.105 schwarze 10: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
1.6 kristaps 11: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
1.105 schwarze 12: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
1.6 kristaps 13: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17: */
18: #include "config.h"
1.93 schwarze 19:
20: #include <sys/types.h>
1.95 schwarze 21: #include <sys/time.h>
1.6 kristaps 22:
23: #include <ctype.h>
1.58 schwarze 24: #include <errno.h>
1.1 kristaps 25: #include <fcntl.h>
1.6 kristaps 26: #include <limits.h>
1.92 schwarze 27: #include <stdint.h>
1.1 kristaps 28: #include <stdio.h>
29: #include <stdlib.h>
30: #include <string.h>
1.6 kristaps 31: #include <unistd.h>
1.1 kristaps 32:
1.108 schwarze 33: #include "mandoc_aux.h"
1.4 schwarze 34: #include "mandoc.h"
1.108 schwarze 35: #include "roff.h"
1.111 ! schwarze 36: #include "mdoc.h"
1.8 kristaps 37: #include "main.h"
1.105 schwarze 38: #include "manconf.h"
1.52 schwarze 39: #include "mansearch.h"
1.67 schwarze 40: #include "cgi.h"
1.1 kristaps 41:
1.20 kristaps 42: /*
43: * A query as passed to the search function.
44: */
45: struct query {
1.83 schwarze 46: char *manpath; /* desired manual directory */
47: char *arch; /* architecture */
48: char *sec; /* manual section */
1.85 schwarze 49: char *query; /* unparsed query expression */
1.65 schwarze 50: int equal; /* match whole names, not substrings */
1.20 kristaps 51: };
52:
1.1 kristaps 53: struct req {
1.58 schwarze 54: struct query q;
55: char **p; /* array of available manpaths */
56: size_t psz; /* number of available manpaths */
1.1 kristaps 57: };
58:
1.32 kristaps 59: static void catman(const struct req *, const char *);
60: static void format(const struct req *, const char *);
1.6 kristaps 61: static void html_print(const char *);
1.10 kristaps 62: static void html_putchar(char);
1.104 schwarze 63: static int http_decode(char *);
1.83 schwarze 64: static void http_parse(struct req *, const char *);
1.36 kristaps 65: static void http_print(const char *);
1.104 schwarze 66: static void http_putchar(char);
1.91 schwarze 67: static void http_printquery(const struct req *, const char *);
1.54 schwarze 68: static void pathgen(struct req *);
1.72 schwarze 69: static void pg_error_badrequest(const char *);
70: static void pg_error_internal(void);
71: static void pg_index(const struct req *);
72: static void pg_noresult(const struct req *, const char *);
1.66 schwarze 73: static void pg_search(const struct req *);
1.72 schwarze 74: static void pg_searchres(const struct req *,
75: struct manpage *, size_t);
1.79 schwarze 76: static void pg_show(struct req *, const char *);
1.6 kristaps 77: static void resp_begin_html(int, const char *);
78: static void resp_begin_http(int, const char *);
79: static void resp_end_html(void);
80: static void resp_searchform(const struct req *);
1.70 schwarze 81: static void resp_show(const struct req *, const char *);
1.85 schwarze 82: static void set_query_attr(char **, char **);
83: static int validate_filename(const char *);
84: static int validate_manpath(const struct req *, const char *);
85: static int validate_urifrag(const char *);
1.6 kristaps 86:
1.58 schwarze 87: static const char *scriptname; /* CGI script name */
1.1 kristaps 88:
1.70 schwarze 89: static const int sec_prios[] = {1, 4, 5, 8, 6, 3, 7, 2, 9};
1.68 schwarze 90: static const char *const sec_numbers[] = {
91: "0", "1", "2", "3", "3p", "4", "5", "6", "7", "8", "9"
92: };
93: static const char *const sec_names[] = {
94: "All Sections",
95: "1 - General Commands",
96: "2 - System Calls",
1.96 schwarze 97: "3 - Library Functions",
98: "3p - Perl Library",
99: "4 - Device Drivers",
1.68 schwarze 100: "5 - File Formats",
101: "6 - Games",
1.96 schwarze 102: "7 - Miscellaneous Information",
103: "8 - System Manager\'s Manual",
104: "9 - Kernel Developer\'s Manual"
1.68 schwarze 105: };
106: static const int sec_MAX = sizeof(sec_names) / sizeof(char *);
107:
108: static const char *const arch_names[] = {
109: "amd64", "alpha", "armish", "armv7",
110: "aviion", "hppa", "hppa64", "i386",
111: "ia64", "landisk", "loongson", "luna88k",
112: "macppc", "mips64", "octeon", "sgi",
113: "socppc", "solbourne", "sparc", "sparc64",
114: "vax", "zaurus",
115: "amiga", "arc", "arm32", "atari",
116: "beagle", "cats", "hp300", "mac68k",
117: "mvme68k", "mvme88k", "mvmeppc", "palm",
118: "pc532", "pegasos", "pmax", "powerpc",
119: "sun3", "wgrisc", "x68k"
120: };
121: static const int arch_MAX = sizeof(arch_names) / sizeof(char *);
122:
1.6 kristaps 123: /*
1.20 kristaps 124: * Print a character, escaping HTML along the way.
125: * This will pass non-ASCII straight to output: be warned!
126: */
1.10 kristaps 127: static void
128: html_putchar(char c)
129: {
130:
131: switch (c) {
132: case ('"'):
133: printf(""e;");
134: break;
135: case ('&'):
136: printf("&");
137: break;
138: case ('>'):
139: printf(">");
140: break;
141: case ('<'):
142: printf("<");
143: break;
144: default:
145: putchar((unsigned char)c);
146: break;
147: }
148: }
1.57 schwarze 149:
1.36 kristaps 150: static void
1.91 schwarze 151: http_printquery(const struct req *req, const char *sep)
1.36 kristaps 152: {
153:
1.88 schwarze 154: if (NULL != req->q.query) {
155: printf("query=");
156: http_print(req->q.query);
1.53 schwarze 157: }
1.88 schwarze 158: if (0 == req->q.equal)
1.91 schwarze 159: printf("%sapropos=1", sep);
1.53 schwarze 160: if (NULL != req->q.sec) {
1.91 schwarze 161: printf("%ssec=", sep);
1.53 schwarze 162: http_print(req->q.sec);
163: }
164: if (NULL != req->q.arch) {
1.91 schwarze 165: printf("%sarch=", sep);
1.53 schwarze 166: http_print(req->q.arch);
167: }
1.102 schwarze 168: if (strcmp(req->q.manpath, req->p[0])) {
1.91 schwarze 169: printf("%smanpath=", sep);
1.88 schwarze 170: http_print(req->q.manpath);
1.53 schwarze 171: }
1.36 kristaps 172: }
173:
174: static void
175: http_print(const char *p)
176: {
177:
178: if (NULL == p)
179: return;
180: while ('\0' != *p)
181: http_putchar(*p++);
182: }
1.10 kristaps 183:
1.6 kristaps 184: /*
1.20 kristaps 185: * Call through to html_putchar().
186: * Accepts NULL strings.
1.6 kristaps 187: */
1.1 kristaps 188: static void
1.6 kristaps 189: html_print(const char *p)
1.1 kristaps 190: {
1.104 schwarze 191:
1.6 kristaps 192: if (NULL == p)
193: return;
1.1 kristaps 194: while ('\0' != *p)
1.10 kristaps 195: html_putchar(*p++);
1.1 kristaps 196: }
197:
198: /*
1.83 schwarze 199: * Transfer the responsibility for the allocated string *val
200: * to the query structure.
1.1 kristaps 201: */
202: static void
1.83 schwarze 203: set_query_attr(char **attr, char **val)
1.1 kristaps 204: {
205:
1.83 schwarze 206: free(*attr);
207: if (**val == '\0') {
208: *attr = NULL;
209: free(*val);
210: } else
211: *attr = *val;
212: *val = NULL;
213: }
214:
215: /*
216: * Parse the QUERY_STRING for key-value pairs
217: * and store the values into the query structure.
218: */
219: static void
220: http_parse(struct req *req, const char *qs)
221: {
222: char *key, *val;
223: size_t keysz, valsz;
224:
225: req->q.manpath = NULL;
226: req->q.arch = NULL;
227: req->q.sec = NULL;
1.85 schwarze 228: req->q.query = NULL;
1.83 schwarze 229: req->q.equal = 1;
230:
231: key = val = NULL;
232: while (*qs != '\0') {
1.24 kristaps 233:
1.83 schwarze 234: /* Parse one key. */
235:
236: keysz = strcspn(qs, "=;&");
237: key = mandoc_strndup(qs, keysz);
238: qs += keysz;
239: if (*qs != '=')
240: goto next;
241:
242: /* Parse one value. */
243:
244: valsz = strcspn(++qs, ";&");
245: val = mandoc_strndup(qs, valsz);
246: qs += valsz;
247:
248: /* Decode and catch encoding errors. */
1.1 kristaps 249:
1.83 schwarze 250: if ( ! (http_decode(key) && http_decode(val)))
251: goto next;
1.1 kristaps 252:
1.83 schwarze 253: /* Handle key-value pairs. */
1.1 kristaps 254:
1.83 schwarze 255: if ( ! strcmp(key, "query"))
1.85 schwarze 256: set_query_attr(&req->q.query, &val);
1.1 kristaps 257:
1.83 schwarze 258: else if ( ! strcmp(key, "apropos"))
259: req->q.equal = !strcmp(val, "0");
260:
261: else if ( ! strcmp(key, "manpath")) {
1.73 schwarze 262: #ifdef COMPAT_OLDURI
1.83 schwarze 263: if ( ! strncmp(val, "OpenBSD ", 8)) {
1.73 schwarze 264: val[7] = '-';
265: if ('C' == val[8])
266: val[8] = 'c';
267: }
268: #endif
1.83 schwarze 269: set_query_attr(&req->q.manpath, &val);
270: }
271:
272: else if ( ! (strcmp(key, "sec")
1.73 schwarze 273: #ifdef COMPAT_OLDURI
1.83 schwarze 274: && strcmp(key, "sektion")
1.73 schwarze 275: #endif
1.83 schwarze 276: )) {
277: if ( ! strcmp(val, "0"))
278: *val = '\0';
279: set_query_attr(&req->q.sec, &val);
1.65 schwarze 280: }
1.83 schwarze 281:
282: else if ( ! strcmp(key, "arch")) {
283: if ( ! strcmp(val, "default"))
284: *val = '\0';
285: set_query_attr(&req->q.arch, &val);
286: }
287:
288: /*
289: * The key must be freed in any case.
290: * The val may have been handed over to the query
291: * structure, in which case it is now NULL.
292: */
293: next:
294: free(key);
295: key = NULL;
296: free(val);
297: val = NULL;
298:
299: if (*qs != '\0')
300: qs++;
1.24 kristaps 301: }
1.1 kristaps 302: }
303:
1.36 kristaps 304: static void
305: http_putchar(char c)
306: {
307:
308: if (isalnum((unsigned char)c)) {
309: putchar((unsigned char)c);
310: return;
311: } else if (' ' == c) {
312: putchar('+');
313: return;
314: }
315: printf("%%%.2x", c);
316: }
317:
1.1 kristaps 318: /*
1.6 kristaps 319: * HTTP-decode a string. The standard explanation is that this turns
320: * "%4e+foo" into "n foo" in the regular way. This is done in-place
321: * over the allocated string.
1.1 kristaps 322: */
323: static int
1.24 kristaps 324: http_decode(char *p)
1.1 kristaps 325: {
326: char hex[3];
1.63 schwarze 327: char *q;
1.1 kristaps 328: int c;
329:
330: hex[2] = '\0';
331:
1.63 schwarze 332: q = p;
333: for ( ; '\0' != *p; p++, q++) {
1.1 kristaps 334: if ('%' == *p) {
335: if ('\0' == (hex[0] = *(p + 1)))
1.109 schwarze 336: return 0;
1.1 kristaps 337: if ('\0' == (hex[1] = *(p + 2)))
1.109 schwarze 338: return 0;
1.1 kristaps 339: if (1 != sscanf(hex, "%x", &c))
1.109 schwarze 340: return 0;
1.1 kristaps 341: if ('\0' == c)
1.109 schwarze 342: return 0;
1.1 kristaps 343:
1.63 schwarze 344: *q = (char)c;
345: p += 2;
1.1 kristaps 346: } else
1.63 schwarze 347: *q = '+' == *p ? ' ' : *p;
1.1 kristaps 348: }
349:
1.63 schwarze 350: *q = '\0';
1.109 schwarze 351: return 1;
1.1 kristaps 352: }
353:
1.6 kristaps 354: static void
355: resp_begin_http(int code, const char *msg)
356: {
357:
358: if (200 != code)
1.62 schwarze 359: printf("Status: %d %s\r\n", code, msg);
1.6 kristaps 360:
1.62 schwarze 361: printf("Content-Type: text/html; charset=utf-8\r\n"
362: "Cache-Control: no-cache\r\n"
363: "Pragma: no-cache\r\n"
364: "\r\n");
1.6 kristaps 365:
366: fflush(stdout);
367: }
368:
369: static void
370: resp_begin_html(int code, const char *msg)
371: {
372:
373: resp_begin_http(code, msg);
374:
1.98 kristaps 375: printf("<!DOCTYPE html>\n"
1.29 kristaps 376: "<HTML>\n"
377: "<HEAD>\n"
1.98 kristaps 378: "<META CHARSET=\"UTF-8\" />\n"
1.32 kristaps 379: "<LINK REL=\"stylesheet\" HREF=\"%s/man-cgi.css\""
380: " TYPE=\"text/css\" media=\"all\">\n"
381: "<LINK REL=\"stylesheet\" HREF=\"%s/man.css\""
1.29 kristaps 382: " TYPE=\"text/css\" media=\"all\">\n"
1.67 schwarze 383: "<TITLE>%s</TITLE>\n"
1.29 kristaps 384: "</HEAD>\n"
385: "<BODY>\n"
1.58 schwarze 386: "<!-- Begin page content. //-->\n",
1.67 schwarze 387: CSS_DIR, CSS_DIR, CUSTOMIZE_TITLE);
1.6 kristaps 388: }
389:
390: static void
391: resp_end_html(void)
392: {
393:
1.20 kristaps 394: puts("</BODY>\n"
395: "</HTML>");
1.6 kristaps 396: }
397:
398: static void
399: resp_searchform(const struct req *req)
400: {
1.27 kristaps 401: int i;
1.13 kristaps 402:
1.67 schwarze 403: puts(CUSTOMIZE_BEGIN);
1.6 kristaps 404: puts("<!-- Begin search form. //-->");
1.32 kristaps 405: printf("<DIV ID=\"mancgi\">\n"
1.66 schwarze 406: "<FORM ACTION=\"%s\" METHOD=\"get\">\n"
1.29 kristaps 407: "<FIELDSET>\n"
1.68 schwarze 408: "<LEGEND>Manual Page Search Parameters</LEGEND>\n",
1.58 schwarze 409: scriptname);
1.68 schwarze 410:
411: /* Write query input box. */
412:
413: printf( "<TABLE><TR><TD>\n"
414: "<INPUT TYPE=\"text\" NAME=\"query\" VALUE=\"");
1.85 schwarze 415: if (NULL != req->q.query)
416: html_print(req->q.query);
1.68 schwarze 417: puts("\" SIZE=\"40\">");
418:
419: /* Write submission and reset buttons. */
420:
421: printf( "<INPUT TYPE=\"submit\" VALUE=\"Submit\">\n"
422: "<INPUT TYPE=\"reset\" VALUE=\"Reset\">\n");
423:
424: /* Write show radio button */
425:
426: printf( "</TD><TD>\n"
427: "<INPUT TYPE=\"radio\" ");
1.65 schwarze 428: if (req->q.equal)
1.86 schwarze 429: printf("CHECKED=\"checked\" ");
1.68 schwarze 430: printf( "NAME=\"apropos\" ID=\"show\" VALUE=\"0\">\n"
431: "<LABEL FOR=\"show\">Show named manual page</LABEL>\n");
432:
433: /* Write section selector. */
434:
1.86 schwarze 435: puts( "</TD></TR><TR><TD>\n"
1.68 schwarze 436: "<SELECT NAME=\"sec\">");
437: for (i = 0; i < sec_MAX; i++) {
438: printf("<OPTION VALUE=\"%s\"", sec_numbers[i]);
439: if (NULL != req->q.sec &&
440: 0 == strcmp(sec_numbers[i], req->q.sec))
1.86 schwarze 441: printf(" SELECTED=\"selected\"");
1.68 schwarze 442: printf(">%s</OPTION>\n", sec_names[i]);
443: }
444: puts("</SELECT>");
445:
446: /* Write architecture selector. */
447:
1.81 schwarze 448: printf( "<SELECT NAME=\"arch\">\n"
449: "<OPTION VALUE=\"default\"");
450: if (NULL == req->q.arch)
1.86 schwarze 451: printf(" SELECTED=\"selected\"");
1.81 schwarze 452: puts(">All Architectures</OPTION>");
1.68 schwarze 453: for (i = 0; i < arch_MAX; i++) {
454: printf("<OPTION VALUE=\"%s\"", arch_names[i]);
455: if (NULL != req->q.arch &&
456: 0 == strcmp(arch_names[i], req->q.arch))
1.86 schwarze 457: printf(" SELECTED=\"selected\"");
1.68 schwarze 458: printf(">%s</OPTION>\n", arch_names[i]);
459: }
460: puts("</SELECT>");
461:
462: /* Write manpath selector. */
463:
1.27 kristaps 464: if (req->psz > 1) {
1.68 schwarze 465: puts("<SELECT NAME=\"manpath\">");
1.27 kristaps 466: for (i = 0; i < (int)req->psz; i++) {
1.52 schwarze 467: printf("<OPTION ");
1.102 schwarze 468: if (strcmp(req->q.manpath, req->p[i]) == 0)
1.86 schwarze 469: printf("SELECTED=\"selected\" ");
1.52 schwarze 470: printf("VALUE=\"");
471: html_print(req->p[i]);
1.27 kristaps 472: printf("\">");
1.52 schwarze 473: html_print(req->p[i]);
1.27 kristaps 474: puts("</OPTION>");
475: }
476: puts("</SELECT>");
477: }
1.68 schwarze 478:
479: /* Write search radio button */
480:
481: printf( "</TD><TD>\n"
482: "<INPUT TYPE=\"radio\" ");
483: if (0 == req->q.equal)
1.86 schwarze 484: printf("CHECKED=\"checked\" ");
1.68 schwarze 485: printf( "NAME=\"apropos\" ID=\"search\" VALUE=\"1\">\n"
486: "<LABEL FOR=\"search\">Search with apropos query</LABEL>\n");
487:
488: puts("</TD></TR></TABLE>\n"
1.12 kristaps 489: "</FIELDSET>\n"
1.32 kristaps 490: "</FORM>\n"
491: "</DIV>");
1.20 kristaps 492: puts("<!-- End search form. //-->");
1.6 kristaps 493: }
494:
1.76 schwarze 495: static int
1.80 schwarze 496: validate_urifrag(const char *frag)
497: {
498:
499: while ('\0' != *frag) {
500: if ( ! (isalnum((unsigned char)*frag) ||
501: '-' == *frag || '.' == *frag ||
502: '/' == *frag || '_' == *frag))
1.109 schwarze 503: return 0;
1.80 schwarze 504: frag++;
505: }
1.109 schwarze 506: return 1;
1.80 schwarze 507: }
508:
509: static int
1.77 schwarze 510: validate_manpath(const struct req *req, const char* manpath)
511: {
512: size_t i;
513:
514: if ( ! strcmp(manpath, "mandoc"))
1.109 schwarze 515: return 1;
1.77 schwarze 516:
517: for (i = 0; i < req->psz; i++)
518: if ( ! strcmp(manpath, req->p[i]))
1.109 schwarze 519: return 1;
1.77 schwarze 520:
1.109 schwarze 521: return 0;
1.77 schwarze 522: }
523:
524: static int
1.76 schwarze 525: validate_filename(const char *file)
526: {
527:
528: if ('.' == file[0] && '/' == file[1])
529: file += 2;
530:
1.109 schwarze 531: return ! (strstr(file, "../") || strstr(file, "/..") ||
532: (strncmp(file, "man", 3) && strncmp(file, "cat", 3)));
1.76 schwarze 533: }
534:
1.6 kristaps 535: static void
1.72 schwarze 536: pg_index(const struct req *req)
1.6 kristaps 537: {
538:
539: resp_begin_html(200, NULL);
540: resp_searchform(req);
1.64 schwarze 541: printf("<P>\n"
1.86 schwarze 542: "This web interface is documented in the\n"
543: "<A HREF=\"%s/mandoc/man8/man.cgi.8\">man.cgi</A>\n"
544: "manual, and the\n"
545: "<A HREF=\"%s/mandoc/man1/apropos.1\">apropos</A>\n"
1.69 schwarze 546: "manual explains the query syntax.\n"
1.64 schwarze 547: "</P>\n",
548: scriptname, scriptname);
1.6 kristaps 549: resp_end_html();
550: }
551:
552: static void
1.72 schwarze 553: pg_noresult(const struct req *req, const char *msg)
1.59 schwarze 554: {
555: resp_begin_html(200, NULL);
556: resp_searchform(req);
557: puts("<P>");
558: puts(msg);
559: puts("</P>");
560: resp_end_html();
561: }
562:
563: static void
1.72 schwarze 564: pg_error_badrequest(const char *msg)
1.9 kristaps 565: {
566:
1.59 schwarze 567: resp_begin_html(400, "Bad Request");
568: puts("<H1>Bad Request</H1>\n"
569: "<P>\n");
570: puts(msg);
571: printf("Try again from the\n"
572: "<A HREF=\"%s\">main page</A>.\n"
1.58 schwarze 573: "</P>", scriptname);
1.9 kristaps 574: resp_end_html();
575: }
576:
577: static void
1.72 schwarze 578: pg_error_internal(void)
1.7 kristaps 579: {
580: resp_begin_html(500, "Internal Server Error");
1.58 schwarze 581: puts("<P>Internal Server Error</P>");
1.7 kristaps 582: resp_end_html();
583: }
584:
585: static void
1.72 schwarze 586: pg_searchres(const struct req *req, struct manpage *r, size_t sz)
1.1 kristaps 587: {
1.81 schwarze 588: char *arch, *archend;
1.70 schwarze 589: size_t i, iuse, isec;
1.81 schwarze 590: int archprio, archpriouse;
1.70 schwarze 591: int prio, priouse;
592: char sec;
1.19 kristaps 593:
1.76 schwarze 594: for (i = 0; i < sz; i++) {
595: if (validate_filename(r[i].file))
596: continue;
597: fprintf(stderr, "invalid filename %s in %s database\n",
598: r[i].file, req->q.manpath);
599: pg_error_internal();
600: return;
601: }
602:
1.52 schwarze 603: if (1 == sz) {
1.6 kristaps 604: /*
605: * If we have just one result, then jump there now
606: * without any delay.
607: */
1.62 schwarze 608: printf("Status: 303 See Other\r\n");
1.78 schwarze 609: printf("Location: http://%s%s/%s/%s?",
610: HTTP_HOST, scriptname, req->q.manpath, r[0].file);
1.91 schwarze 611: http_printquery(req, "&");
1.62 schwarze 612: printf("\r\n"
613: "Content-Type: text/html; charset=utf-8\r\n"
614: "\r\n");
1.6 kristaps 615: return;
616: }
617:
1.12 kristaps 618: resp_begin_html(200, NULL);
1.19 kristaps 619: resp_searchform(req);
1.33 kristaps 620: puts("<DIV CLASS=\"results\">");
621: puts("<TABLE>");
1.1 kristaps 622:
1.41 kristaps 623: for (i = 0; i < sz; i++) {
1.20 kristaps 624: printf("<TR>\n"
625: "<TD CLASS=\"title\">\n"
1.104 schwarze 626: "<A HREF=\"%s/%s/%s?",
1.58 schwarze 627: scriptname, req->q.manpath, r[i].file);
1.91 schwarze 628: http_printquery(req, "&");
1.36 kristaps 629: printf("\">");
1.52 schwarze 630: html_print(r[i].names);
631: printf("</A>\n"
1.20 kristaps 632: "</TD>\n"
633: "<TD CLASS=\"desc\">");
1.52 schwarze 634: html_print(r[i].output);
1.20 kristaps 635: puts("</TD>\n"
636: "</TR>");
1.1 kristaps 637: }
1.16 kristaps 638:
1.33 kristaps 639: puts("</TABLE>\n"
640: "</DIV>");
1.70 schwarze 641:
642: /*
643: * In man(1) mode, show one of the pages
644: * even if more than one is found.
645: */
646:
647: if (req->q.equal) {
648: puts("<HR>");
649: iuse = 0;
650: priouse = 10;
1.81 schwarze 651: archpriouse = 3;
1.70 schwarze 652: for (i = 0; i < sz; i++) {
653: isec = strcspn(r[i].file, "123456789");
654: sec = r[i].file[isec];
655: if ('\0' == sec)
656: continue;
657: prio = sec_prios[sec - '1'];
1.81 schwarze 658: if (NULL == req->q.arch) {
659: archprio =
660: (NULL == (arch = strchr(
661: r[i].file + isec, '/'))) ? 3 :
662: (NULL == (archend = strchr(
663: arch + 1, '/'))) ? 0 :
664: strncmp(arch, "amd64/",
665: archend - arch) ? 2 : 1;
666: if (archprio < archpriouse) {
667: archpriouse = archprio;
668: priouse = prio;
669: iuse = i;
670: continue;
671: }
672: if (archprio > archpriouse)
673: continue;
674: }
1.70 schwarze 675: if (prio >= priouse)
676: continue;
677: priouse = prio;
678: iuse = i;
679: }
680: resp_show(req, r[iuse].file);
681: }
682:
1.6 kristaps 683: resp_end_html();
684: }
685:
1.1 kristaps 686: static void
1.32 kristaps 687: catman(const struct req *req, const char *file)
1.9 kristaps 688: {
1.10 kristaps 689: FILE *f;
690: size_t len;
691: int i;
692: char *p;
693: int italic, bold;
1.9 kristaps 694:
1.10 kristaps 695: if (NULL == (f = fopen(file, "r"))) {
1.70 schwarze 696: puts("<P>You specified an invalid manual file.</P>");
1.9 kristaps 697: return;
698: }
699:
1.32 kristaps 700: puts("<DIV CLASS=\"catman\">\n"
701: "<PRE>");
1.10 kristaps 702:
703: while (NULL != (p = fgetln(f, &len))) {
704: bold = italic = 0;
705: for (i = 0; i < (int)len - 1; i++) {
1.104 schwarze 706: /*
1.10 kristaps 707: * This means that the catpage is out of state.
708: * Ignore it and keep going (although the
709: * catpage is bogus).
710: */
711:
712: if ('\b' == p[i] || '\n' == p[i])
713: continue;
714:
715: /*
716: * Print a regular character.
717: * Close out any bold/italic scopes.
718: * If we're in back-space mode, make sure we'll
719: * have something to enter when we backspace.
720: */
721:
722: if ('\b' != p[i + 1]) {
723: if (italic)
724: printf("</I>");
725: if (bold)
726: printf("</B>");
727: italic = bold = 0;
728: html_putchar(p[i]);
729: continue;
730: } else if (i + 2 >= (int)len)
731: continue;
732:
733: /* Italic mode. */
734:
735: if ('_' == p[i]) {
736: if (bold)
737: printf("</B>");
738: if ( ! italic)
739: printf("<I>");
740: bold = 0;
741: italic = 1;
742: i += 2;
743: html_putchar(p[i]);
744: continue;
745: }
746:
1.104 schwarze 747: /*
1.10 kristaps 748: * Handle funny behaviour troff-isms.
749: * These grok'd from the original man2html.c.
750: */
751:
752: if (('+' == p[i] && 'o' == p[i + 2]) ||
753: ('o' == p[i] && '+' == p[i + 2]) ||
754: ('|' == p[i] && '=' == p[i + 2]) ||
755: ('=' == p[i] && '|' == p[i + 2]) ||
756: ('*' == p[i] && '=' == p[i + 2]) ||
757: ('=' == p[i] && '*' == p[i + 2]) ||
758: ('*' == p[i] && '|' == p[i + 2]) ||
759: ('|' == p[i] && '*' == p[i + 2])) {
760: if (italic)
761: printf("</I>");
762: if (bold)
763: printf("</B>");
764: italic = bold = 0;
765: putchar('*');
766: i += 2;
767: continue;
768: } else if (('|' == p[i] && '-' == p[i + 2]) ||
769: ('-' == p[i] && '|' == p[i + 1]) ||
770: ('+' == p[i] && '-' == p[i + 1]) ||
771: ('-' == p[i] && '+' == p[i + 1]) ||
772: ('+' == p[i] && '|' == p[i + 1]) ||
773: ('|' == p[i] && '+' == p[i + 1])) {
774: if (italic)
775: printf("</I>");
776: if (bold)
777: printf("</B>");
778: italic = bold = 0;
779: putchar('+');
780: i += 2;
781: continue;
782: }
783:
784: /* Bold mode. */
1.104 schwarze 785:
1.10 kristaps 786: if (italic)
787: printf("</I>");
788: if ( ! bold)
789: printf("<B>");
790: bold = 1;
791: italic = 0;
792: i += 2;
793: html_putchar(p[i]);
794: }
795:
1.104 schwarze 796: /*
1.10 kristaps 797: * Clean up the last character.
1.104 schwarze 798: * We can get to a newline; don't print that.
1.10 kristaps 799: */
1.9 kristaps 800:
1.10 kristaps 801: if (italic)
802: printf("</I>");
803: if (bold)
804: printf("</B>");
1.9 kristaps 805:
1.10 kristaps 806: if (i == (int)len - 1 && '\n' != p[i])
807: html_putchar(p[i]);
1.9 kristaps 808:
1.10 kristaps 809: putchar('\n');
810: }
811:
812: puts("</PRE>\n"
1.70 schwarze 813: "</DIV>");
1.10 kristaps 814:
815: fclose(f);
1.9 kristaps 816: }
817:
818: static void
1.32 kristaps 819: format(const struct req *req, const char *file)
1.7 kristaps 820: {
1.106 schwarze 821: struct manoutput conf;
1.8 kristaps 822: struct mparse *mp;
1.107 schwarze 823: struct roff_man *man;
1.8 kristaps 824: void *vp;
1.90 schwarze 825: int fd;
826: int usepath;
1.7 kristaps 827:
1.8 kristaps 828: if (-1 == (fd = open(file, O_RDONLY, 0))) {
1.70 schwarze 829: puts("<P>You specified an invalid manual file.</P>");
1.7 kristaps 830: return;
831: }
832:
1.110 schwarze 833: mchars_alloc();
834: mp = mparse_alloc(MPARSE_SO, MANDOCLEVEL_BADARG, NULL, req->q.manpath);
1.103 schwarze 835: mparse_readfd(mp, fd, file);
1.8 kristaps 836: close(fd);
1.7 kristaps 837:
1.106 schwarze 838: memset(&conf, 0, sizeof(conf));
839: conf.fragment = 1;
1.90 schwarze 840: usepath = strcmp(req->q.manpath, req->p[0]);
1.106 schwarze 841: mandoc_asprintf(&conf.man, "%s?query=%%N&sec=%%S%s%s%s%s",
1.90 schwarze 842: scriptname,
843: req->q.arch ? "&arch=" : "",
844: req->q.arch ? req->q.arch : "",
845: usepath ? "&manpath=" : "",
846: usepath ? req->q.manpath : "");
1.10 kristaps 847:
1.108 schwarze 848: mparse_result(mp, &man, NULL);
849: if (man == NULL) {
1.59 schwarze 850: fprintf(stderr, "fatal mandoc error: %s/%s\n",
851: req->q.manpath, file);
1.72 schwarze 852: pg_error_internal();
1.32 kristaps 853: mparse_free(mp);
1.110 schwarze 854: mchars_free();
1.32 kristaps 855: return;
856: }
857:
1.110 schwarze 858: vp = html_alloc(&conf);
1.7 kristaps 859:
1.111 ! schwarze 860: if (man->macroset == MACROSET_MDOC) {
! 861: mdoc_validate(man);
1.108 schwarze 862: html_mdoc(vp, man);
1.111 ! schwarze 863: } else
1.8 kristaps 864: html_man(vp, man);
1.32 kristaps 865:
1.8 kristaps 866: html_free(vp);
867: mparse_free(mp);
1.110 schwarze 868: mchars_free();
1.106 schwarze 869: free(conf.man);
1.7 kristaps 870: }
871:
872: static void
1.70 schwarze 873: resp_show(const struct req *req, const char *file)
874: {
1.76 schwarze 875:
876: if ('.' == file[0] && '/' == file[1])
1.71 schwarze 877: file += 2;
1.70 schwarze 878:
879: if ('c' == *file)
880: catman(req, file);
881: else
882: format(req, file);
883: }
884:
885: static void
1.84 schwarze 886: pg_show(struct req *req, const char *fullpath)
1.1 kristaps 887: {
1.84 schwarze 888: char *manpath;
889: const char *file;
1.25 kristaps 890:
1.84 schwarze 891: if ((file = strchr(fullpath, '/')) == NULL) {
1.72 schwarze 892: pg_error_badrequest(
1.59 schwarze 893: "You did not specify a page to show.");
1.25 kristaps 894: return;
1.104 schwarze 895: }
1.84 schwarze 896: manpath = mandoc_strndup(fullpath, file - fullpath);
897: file++;
1.6 kristaps 898:
1.84 schwarze 899: if ( ! validate_manpath(req, manpath)) {
1.77 schwarze 900: pg_error_badrequest(
901: "You specified an invalid manpath.");
1.84 schwarze 902: free(manpath);
1.77 schwarze 903: return;
904: }
905:
1.24 kristaps 906: /*
1.58 schwarze 907: * Begin by chdir()ing into the manpath.
1.24 kristaps 908: * This way we can pick up the database files, which are
909: * relative to the manpath root.
910: */
911:
1.84 schwarze 912: if (chdir(manpath) == -1) {
1.77 schwarze 913: fprintf(stderr, "chdir %s: %s\n",
1.84 schwarze 914: manpath, strerror(errno));
1.77 schwarze 915: pg_error_internal();
1.84 schwarze 916: free(manpath);
1.76 schwarze 917: return;
918: }
919:
1.84 schwarze 920: if (strcmp(manpath, "mandoc")) {
921: free(req->q.manpath);
922: req->q.manpath = manpath;
923: } else
924: free(manpath);
925:
926: if ( ! validate_filename(file)) {
1.76 schwarze 927: pg_error_badrequest(
928: "You specified an invalid manual file.");
1.24 kristaps 929: return;
930: }
1.79 schwarze 931:
1.70 schwarze 932: resp_begin_html(200, NULL);
933: resp_searchform(req);
1.84 schwarze 934: resp_show(req, file);
1.70 schwarze 935: resp_end_html();
1.6 kristaps 936: }
937:
938: static void
1.66 schwarze 939: pg_search(const struct req *req)
1.6 kristaps 940: {
1.52 schwarze 941: struct mansearch search;
942: struct manpaths paths;
943: struct manpage *res;
1.97 schwarze 944: char **argv;
945: char *query, *rp, *wp;
1.52 schwarze 946: size_t ressz;
1.97 schwarze 947: int argc;
1.6 kristaps 948:
949: /*
1.24 kristaps 950: * Begin by chdir()ing into the root of the manpath.
951: * This way we can pick up the database files, which are
952: * relative to the manpath root.
953: */
954:
1.58 schwarze 955: if (-1 == (chdir(req->q.manpath))) {
1.77 schwarze 956: fprintf(stderr, "chdir %s: %s\n",
957: req->q.manpath, strerror(errno));
958: pg_error_internal();
1.24 kristaps 959: return;
960: }
961:
1.52 schwarze 962: search.arch = req->q.arch;
963: search.sec = req->q.sec;
1.94 schwarze 964: search.outkey = "Nd";
965: search.argmode = req->q.equal ? ARG_NAME : ARG_EXPR;
1.101 schwarze 966: search.firstmatch = 1;
1.52 schwarze 967:
968: paths.sz = 1;
969: paths.paths = mandoc_malloc(sizeof(char *));
970: paths.paths[0] = mandoc_strdup(".");
1.24 kristaps 971:
972: /*
1.97 schwarze 973: * Break apart at spaces with backslash-escaping.
1.6 kristaps 974: */
975:
1.97 schwarze 976: argc = 0;
977: argv = NULL;
978: rp = query = mandoc_strdup(req->q.query);
979: for (;;) {
980: while (isspace((unsigned char)*rp))
981: rp++;
982: if (*rp == '\0')
983: break;
984: argv = mandoc_reallocarray(argv, argc + 1, sizeof(char *));
985: argv[argc++] = wp = rp;
986: for (;;) {
987: if (isspace((unsigned char)*rp)) {
988: *wp = '\0';
989: rp++;
990: break;
991: }
992: if (rp[0] == '\\' && rp[1] != '\0')
993: rp++;
994: if (wp != rp)
995: *wp = *rp;
996: if (*rp == '\0')
997: break;
998: wp++;
999: rp++;
1000: }
1.6 kristaps 1001: }
1002:
1.97 schwarze 1003: if (0 == mansearch(&search, &paths, argc, argv, &res, &ressz))
1.72 schwarze 1004: pg_noresult(req, "You entered an invalid query.");
1.59 schwarze 1005: else if (0 == ressz)
1.72 schwarze 1006: pg_noresult(req, "No results found.");
1.59 schwarze 1007: else
1.72 schwarze 1008: pg_searchres(req, res, ressz);
1.6 kristaps 1009:
1.97 schwarze 1010: free(query);
1011: mansearch_free(res, ressz);
1.52 schwarze 1012: free(paths.paths[0]);
1013: free(paths.paths);
1.1 kristaps 1014: }
1015:
1016: int
1017: main(void)
1018: {
1.66 schwarze 1019: struct req req;
1.95 schwarze 1020: struct itimerval itimer;
1.66 schwarze 1021: const char *path;
1.83 schwarze 1022: const char *querystring;
1.1 kristaps 1023: int i;
1.95 schwarze 1024:
1025: /* Poor man's ReDoS mitigation. */
1026:
1.99 schwarze 1027: itimer.it_value.tv_sec = 2;
1.95 schwarze 1028: itimer.it_value.tv_usec = 0;
1.99 schwarze 1029: itimer.it_interval.tv_sec = 2;
1.95 schwarze 1030: itimer.it_interval.tv_usec = 0;
1031: if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) {
1032: fprintf(stderr, "setitimer: %s\n", strerror(errno));
1033: pg_error_internal();
1.109 schwarze 1034: return EXIT_FAILURE;
1.95 schwarze 1035: }
1.6 kristaps 1036:
1.24 kristaps 1037: /* Scan our run-time environment. */
1.6 kristaps 1038:
1.58 schwarze 1039: if (NULL == (scriptname = getenv("SCRIPT_NAME")))
1040: scriptname = "";
1.24 kristaps 1041:
1.80 schwarze 1042: if ( ! validate_urifrag(scriptname)) {
1043: fprintf(stderr, "unsafe SCRIPT_NAME \"%s\"\n",
1044: scriptname);
1045: pg_error_internal();
1.109 schwarze 1046: return EXIT_FAILURE;
1.80 schwarze 1047: }
1048:
1.24 kristaps 1049: /*
1.67 schwarze 1050: * First we change directory into the MAN_DIR so that
1.24 kristaps 1051: * subsequent scanning for manpath directories is rooted
1052: * relative to the same position.
1053: */
1054:
1.67 schwarze 1055: if (-1 == chdir(MAN_DIR)) {
1.58 schwarze 1056: fprintf(stderr, "MAN_DIR: %s: %s\n",
1.67 schwarze 1057: MAN_DIR, strerror(errno));
1.72 schwarze 1058: pg_error_internal();
1.109 schwarze 1059: return EXIT_FAILURE;
1.104 schwarze 1060: }
1.24 kristaps 1061:
1062: memset(&req, 0, sizeof(struct req));
1.54 schwarze 1063: pathgen(&req);
1.1 kristaps 1064:
1.24 kristaps 1065: /* Next parse out the query string. */
1.1 kristaps 1066:
1.58 schwarze 1067: if (NULL != (querystring = getenv("QUERY_STRING")))
1068: http_parse(&req, querystring);
1.77 schwarze 1069:
1.102 schwarze 1070: if (req.q.manpath == NULL)
1071: req.q.manpath = mandoc_strdup(req.p[0]);
1072: else if ( ! validate_manpath(&req, req.q.manpath)) {
1.77 schwarze 1073: pg_error_badrequest(
1074: "You specified an invalid manpath.");
1.109 schwarze 1075: return EXIT_FAILURE;
1.77 schwarze 1076: }
1.1 kristaps 1077:
1.80 schwarze 1078: if ( ! (NULL == req.q.arch || validate_urifrag(req.q.arch))) {
1079: pg_error_badrequest(
1080: "You specified an invalid architecture.");
1.109 schwarze 1081: return EXIT_FAILURE;
1.80 schwarze 1082: }
1083:
1.66 schwarze 1084: /* Dispatch to the three different pages. */
1.1 kristaps 1085:
1.66 schwarze 1086: path = getenv("PATH_INFO");
1087: if (NULL == path)
1088: path = "";
1089: else if ('/' == *path)
1090: path++;
1091:
1092: if ('\0' != *path)
1093: pg_show(&req, path);
1.85 schwarze 1094: else if (NULL != req.q.query)
1.66 schwarze 1095: pg_search(&req);
1096: else
1.72 schwarze 1097: pg_index(&req);
1.1 kristaps 1098:
1.83 schwarze 1099: free(req.q.manpath);
1100: free(req.q.arch);
1101: free(req.q.sec);
1.85 schwarze 1102: free(req.q.query);
1.52 schwarze 1103: for (i = 0; i < (int)req.psz; i++)
1104: free(req.p[i]);
1.24 kristaps 1105: free(req.p);
1.109 schwarze 1106: return EXIT_SUCCESS;
1.24 kristaps 1107: }
1108:
1109: /*
1110: * Scan for indexable paths.
1111: */
1112: static void
1.54 schwarze 1113: pathgen(struct req *req)
1.24 kristaps 1114: {
1.54 schwarze 1115: FILE *fp;
1116: char *dp;
1117: size_t dpsz;
1118:
1.74 schwarze 1119: if (NULL == (fp = fopen("manpath.conf", "r"))) {
1120: fprintf(stderr, "%s/manpath.conf: %s\n",
1121: MAN_DIR, strerror(errno));
1122: pg_error_internal();
1123: exit(EXIT_FAILURE);
1124: }
1.24 kristaps 1125:
1.54 schwarze 1126: while (NULL != (dp = fgetln(fp, &dpsz))) {
1.55 schwarze 1127: if ('\n' == dp[dpsz - 1])
1128: dpsz--;
1.54 schwarze 1129: req->p = mandoc_realloc(req->p,
1130: (req->psz + 1) * sizeof(char *));
1.80 schwarze 1131: dp = mandoc_strndup(dp, dpsz);
1132: if ( ! validate_urifrag(dp)) {
1133: fprintf(stderr, "%s/manpath.conf contains "
1134: "unsafe path \"%s\"\n", MAN_DIR, dp);
1135: pg_error_internal();
1136: exit(EXIT_FAILURE);
1137: }
1138: if (NULL != strchr(dp, '/')) {
1139: fprintf(stderr, "%s/manpath.conf contains "
1140: "path with slash \"%s\"\n", MAN_DIR, dp);
1141: pg_error_internal();
1142: exit(EXIT_FAILURE);
1143: }
1144: req->p[req->psz++] = dp;
1.74 schwarze 1145: }
1146:
1147: if ( req->p == NULL ) {
1148: fprintf(stderr, "%s/manpath.conf is empty\n", MAN_DIR);
1149: pg_error_internal();
1150: exit(EXIT_FAILURE);
1.24 kristaps 1151: }
1152: }
CVSweb