Annotation of src/usr.bin/mandoc/cgi.c, Revision 1.53
1.53 ! schwarze 1: /* $OpenBSD: cgi.c,v 1.52 2015/11/05 17:47:53 schwarze Exp $ */
1.1 schwarze 2: /*
3: * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
1.45 schwarze 4: * Copyright (c) 2014, 2015 Ingo Schwarze <schwarze@usta.de>
1.1 schwarze 5: *
6: * Permission to use, copy, modify, and distribute this software for any
7: * purpose with or without fee is hereby granted, provided that the above
8: * copyright notice and this permission notice appear in all copies.
9: *
1.44 schwarze 10: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
1.1 schwarze 11: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
1.44 schwarze 12: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
1.1 schwarze 13: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17: */
1.33 schwarze 18: #include <sys/types.h>
19: #include <sys/time.h>
20:
1.1 schwarze 21: #include <ctype.h>
22: #include <errno.h>
23: #include <fcntl.h>
24: #include <limits.h>
1.32 schwarze 25: #include <stdint.h>
1.1 schwarze 26: #include <stdio.h>
27: #include <stdlib.h>
28: #include <string.h>
29: #include <unistd.h>
30:
1.47 schwarze 31: #include "mandoc_aux.h"
1.1 schwarze 32: #include "mandoc.h"
1.47 schwarze 33: #include "roff.h"
1.50 schwarze 34: #include "mdoc.h"
1.51 schwarze 35: #include "man.h"
1.1 schwarze 36: #include "main.h"
1.44 schwarze 37: #include "manconf.h"
1.1 schwarze 38: #include "mansearch.h"
1.7 schwarze 39: #include "cgi.h"
1.1 schwarze 40:
41: /*
42: * A query as passed to the search function.
43: */
44: struct query {
1.23 schwarze 45: char *manpath; /* desired manual directory */
46: char *arch; /* architecture */
47: char *sec; /* manual section */
1.25 schwarze 48: char *query; /* unparsed query expression */
1.5 schwarze 49: int equal; /* match whole names, not substrings */
1.1 schwarze 50: };
51:
52: struct req {
53: struct query q;
54: char **p; /* array of available manpaths */
55: size_t psz; /* number of available manpaths */
56: };
57:
58: static void catman(const struct req *, const char *);
59: static void format(const struct req *, const char *);
60: static void html_print(const char *);
61: static void html_putchar(char);
1.43 schwarze 62: static int http_decode(char *);
1.23 schwarze 63: static void http_parse(struct req *, const char *);
1.1 schwarze 64: static void http_print(const char *);
1.43 schwarze 65: static void http_putchar(char);
1.31 schwarze 66: static void http_printquery(const struct req *, const char *);
1.1 schwarze 67: static void pathgen(struct req *);
1.12 schwarze 68: static void pg_error_badrequest(const char *);
69: static void pg_error_internal(void);
70: static void pg_index(const struct req *);
71: static void pg_noresult(const struct req *, const char *);
1.6 schwarze 72: static void pg_search(const struct req *);
1.12 schwarze 73: static void pg_searchres(const struct req *,
74: struct manpage *, size_t);
1.19 schwarze 75: static void pg_show(struct req *, const char *);
1.1 schwarze 76: static void resp_begin_html(int, const char *);
77: static void resp_begin_http(int, const char *);
1.53 ! schwarze 78: static void resp_copy(const char *);
1.1 schwarze 79: static void resp_end_html(void);
80: static void resp_searchform(const struct req *);
1.10 schwarze 81: static void resp_show(const struct req *, const char *);
1.25 schwarze 82: static void set_query_attr(char **, char **);
83: static int validate_filename(const char *);
84: static int validate_manpath(const struct req *, const char *);
85: static int validate_urifrag(const char *);
1.1 schwarze 86:
87: static const char *scriptname; /* CGI script name */
88:
1.10 schwarze 89: static const int sec_prios[] = {1, 4, 5, 8, 6, 3, 7, 2, 9};
1.8 schwarze 90: static const char *const sec_numbers[] = {
91: "0", "1", "2", "3", "3p", "4", "5", "6", "7", "8", "9"
92: };
93: static const char *const sec_names[] = {
94: "All Sections",
95: "1 - General Commands",
96: "2 - System Calls",
1.34 schwarze 97: "3 - Library Functions",
98: "3p - Perl Library",
99: "4 - Device Drivers",
1.8 schwarze 100: "5 - File Formats",
101: "6 - Games",
1.34 schwarze 102: "7 - Miscellaneous Information",
103: "8 - System Manager\'s Manual",
104: "9 - Kernel Developer\'s Manual"
1.8 schwarze 105: };
106: static const int sec_MAX = sizeof(sec_names) / sizeof(char *);
107:
108: static const char *const arch_names[] = {
109: "amd64", "alpha", "armish", "armv7",
110: "aviion", "hppa", "hppa64", "i386",
111: "ia64", "landisk", "loongson", "luna88k",
112: "macppc", "mips64", "octeon", "sgi",
113: "socppc", "solbourne", "sparc", "sparc64",
114: "vax", "zaurus",
115: "amiga", "arc", "arm32", "atari",
116: "beagle", "cats", "hp300", "mac68k",
117: "mvme68k", "mvme88k", "mvmeppc", "palm",
118: "pc532", "pegasos", "pmax", "powerpc",
119: "sun3", "wgrisc", "x68k"
120: };
121: static const int arch_MAX = sizeof(arch_names) / sizeof(char *);
122:
1.1 schwarze 123: /*
124: * Print a character, escaping HTML along the way.
125: * This will pass non-ASCII straight to output: be warned!
126: */
127: static void
128: html_putchar(char c)
129: {
130:
131: switch (c) {
132: case ('"'):
133: printf(""e;");
134: break;
135: case ('&'):
136: printf("&");
137: break;
138: case ('>'):
139: printf(">");
140: break;
141: case ('<'):
142: printf("<");
143: break;
144: default:
145: putchar((unsigned char)c);
146: break;
147: }
148: }
149:
150: static void
1.31 schwarze 151: http_printquery(const struct req *req, const char *sep)
1.1 schwarze 152: {
153:
1.28 schwarze 154: if (NULL != req->q.query) {
155: printf("query=");
156: http_print(req->q.query);
1.1 schwarze 157: }
1.28 schwarze 158: if (0 == req->q.equal)
1.31 schwarze 159: printf("%sapropos=1", sep);
1.1 schwarze 160: if (NULL != req->q.sec) {
1.31 schwarze 161: printf("%ssec=", sep);
1.1 schwarze 162: http_print(req->q.sec);
163: }
164: if (NULL != req->q.arch) {
1.31 schwarze 165: printf("%sarch=", sep);
1.1 schwarze 166: http_print(req->q.arch);
167: }
1.41 schwarze 168: if (strcmp(req->q.manpath, req->p[0])) {
1.31 schwarze 169: printf("%smanpath=", sep);
1.28 schwarze 170: http_print(req->q.manpath);
1.1 schwarze 171: }
172: }
173:
174: static void
175: http_print(const char *p)
176: {
177:
178: if (NULL == p)
179: return;
180: while ('\0' != *p)
181: http_putchar(*p++);
182: }
183:
184: /*
185: * Call through to html_putchar().
186: * Accepts NULL strings.
187: */
188: static void
189: html_print(const char *p)
190: {
1.43 schwarze 191:
1.1 schwarze 192: if (NULL == p)
193: return;
194: while ('\0' != *p)
195: html_putchar(*p++);
196: }
197:
198: /*
1.23 schwarze 199: * Transfer the responsibility for the allocated string *val
200: * to the query structure.
1.1 schwarze 201: */
202: static void
1.23 schwarze 203: set_query_attr(char **attr, char **val)
1.1 schwarze 204: {
205:
1.23 schwarze 206: free(*attr);
207: if (**val == '\0') {
208: *attr = NULL;
209: free(*val);
210: } else
211: *attr = *val;
212: *val = NULL;
213: }
214:
215: /*
216: * Parse the QUERY_STRING for key-value pairs
217: * and store the values into the query structure.
218: */
219: static void
220: http_parse(struct req *req, const char *qs)
221: {
222: char *key, *val;
223: size_t keysz, valsz;
224:
225: req->q.manpath = NULL;
226: req->q.arch = NULL;
227: req->q.sec = NULL;
1.25 schwarze 228: req->q.query = NULL;
1.23 schwarze 229: req->q.equal = 1;
230:
231: key = val = NULL;
232: while (*qs != '\0') {
1.1 schwarze 233:
1.23 schwarze 234: /* Parse one key. */
235:
236: keysz = strcspn(qs, "=;&");
237: key = mandoc_strndup(qs, keysz);
238: qs += keysz;
239: if (*qs != '=')
240: goto next;
241:
242: /* Parse one value. */
243:
244: valsz = strcspn(++qs, ";&");
245: val = mandoc_strndup(qs, valsz);
246: qs += valsz;
247:
248: /* Decode and catch encoding errors. */
1.1 schwarze 249:
1.23 schwarze 250: if ( ! (http_decode(key) && http_decode(val)))
251: goto next;
1.1 schwarze 252:
1.23 schwarze 253: /* Handle key-value pairs. */
1.1 schwarze 254:
1.23 schwarze 255: if ( ! strcmp(key, "query"))
1.25 schwarze 256: set_query_attr(&req->q.query, &val);
1.1 schwarze 257:
1.23 schwarze 258: else if ( ! strcmp(key, "apropos"))
259: req->q.equal = !strcmp(val, "0");
260:
261: else if ( ! strcmp(key, "manpath")) {
1.13 schwarze 262: #ifdef COMPAT_OLDURI
1.23 schwarze 263: if ( ! strncmp(val, "OpenBSD ", 8)) {
1.13 schwarze 264: val[7] = '-';
265: if ('C' == val[8])
266: val[8] = 'c';
267: }
268: #endif
1.23 schwarze 269: set_query_attr(&req->q.manpath, &val);
270: }
271:
272: else if ( ! (strcmp(key, "sec")
1.13 schwarze 273: #ifdef COMPAT_OLDURI
1.23 schwarze 274: && strcmp(key, "sektion")
1.13 schwarze 275: #endif
1.23 schwarze 276: )) {
277: if ( ! strcmp(val, "0"))
278: *val = '\0';
279: set_query_attr(&req->q.sec, &val);
1.5 schwarze 280: }
1.23 schwarze 281:
282: else if ( ! strcmp(key, "arch")) {
283: if ( ! strcmp(val, "default"))
284: *val = '\0';
285: set_query_attr(&req->q.arch, &val);
286: }
287:
288: /*
289: * The key must be freed in any case.
290: * The val may have been handed over to the query
291: * structure, in which case it is now NULL.
292: */
293: next:
294: free(key);
295: key = NULL;
296: free(val);
297: val = NULL;
298:
299: if (*qs != '\0')
300: qs++;
1.1 schwarze 301: }
302: }
303:
304: static void
305: http_putchar(char c)
306: {
307:
308: if (isalnum((unsigned char)c)) {
309: putchar((unsigned char)c);
310: return;
311: } else if (' ' == c) {
312: putchar('+');
313: return;
314: }
315: printf("%%%.2x", c);
316: }
317:
318: /*
319: * HTTP-decode a string. The standard explanation is that this turns
320: * "%4e+foo" into "n foo" in the regular way. This is done in-place
321: * over the allocated string.
322: */
323: static int
324: http_decode(char *p)
325: {
326: char hex[3];
1.3 tedu 327: char *q;
1.1 schwarze 328: int c;
329:
330: hex[2] = '\0';
331:
1.3 tedu 332: q = p;
333: for ( ; '\0' != *p; p++, q++) {
1.1 schwarze 334: if ('%' == *p) {
335: if ('\0' == (hex[0] = *(p + 1)))
1.48 schwarze 336: return 0;
1.1 schwarze 337: if ('\0' == (hex[1] = *(p + 2)))
1.48 schwarze 338: return 0;
1.1 schwarze 339: if (1 != sscanf(hex, "%x", &c))
1.48 schwarze 340: return 0;
1.1 schwarze 341: if ('\0' == c)
1.48 schwarze 342: return 0;
1.1 schwarze 343:
1.3 tedu 344: *q = (char)c;
345: p += 2;
1.1 schwarze 346: } else
1.3 tedu 347: *q = '+' == *p ? ' ' : *p;
1.1 schwarze 348: }
349:
1.3 tedu 350: *q = '\0';
1.48 schwarze 351: return 1;
1.1 schwarze 352: }
353:
354: static void
355: resp_begin_http(int code, const char *msg)
356: {
357:
358: if (200 != code)
1.2 tedu 359: printf("Status: %d %s\r\n", code, msg);
1.1 schwarze 360:
1.2 tedu 361: printf("Content-Type: text/html; charset=utf-8\r\n"
362: "Cache-Control: no-cache\r\n"
363: "Pragma: no-cache\r\n"
364: "\r\n");
1.1 schwarze 365:
366: fflush(stdout);
367: }
368:
369: static void
1.53 ! schwarze 370: resp_copy(const char *filename)
! 371: {
! 372: char buf[4096];
! 373: ssize_t sz;
! 374: int fd;
! 375:
! 376: if ((fd = open(filename, O_RDONLY)) != -1) {
! 377: fflush(stdout);
! 378: while ((sz = read(fd, buf, sizeof(buf))) > 0)
! 379: write(STDOUT_FILENO, buf, sz);
! 380: }
! 381: }
! 382:
! 383: static void
1.1 schwarze 384: resp_begin_html(int code, const char *msg)
385: {
386:
387: resp_begin_http(code, msg);
388:
1.37 schwarze 389: printf("<!DOCTYPE html>\n"
1.1 schwarze 390: "<HTML>\n"
391: "<HEAD>\n"
1.37 schwarze 392: "<META CHARSET=\"UTF-8\" />\n"
1.52 schwarze 393: "<LINK REL=\"stylesheet\" HREF=\"%s/mandoc.css\""
1.1 schwarze 394: " TYPE=\"text/css\" media=\"all\">\n"
1.7 schwarze 395: "<TITLE>%s</TITLE>\n"
1.1 schwarze 396: "</HEAD>\n"
397: "<BODY>\n"
398: "<!-- Begin page content. //-->\n",
1.52 schwarze 399: CSS_DIR, CUSTOMIZE_TITLE);
1.53 ! schwarze 400:
! 401: resp_copy(MAN_DIR "/header.html");
1.1 schwarze 402: }
403:
404: static void
405: resp_end_html(void)
406: {
407:
1.53 ! schwarze 408: resp_copy(MAN_DIR "/footer.html");
! 409:
1.1 schwarze 410: puts("</BODY>\n"
411: "</HTML>");
412: }
413:
414: static void
415: resp_searchform(const struct req *req)
416: {
417: int i;
418:
419: puts("<!-- Begin search form. //-->");
420: printf("<DIV ID=\"mancgi\">\n"
1.6 schwarze 421: "<FORM ACTION=\"%s\" METHOD=\"get\">\n"
1.1 schwarze 422: "<FIELDSET>\n"
1.8 schwarze 423: "<LEGEND>Manual Page Search Parameters</LEGEND>\n",
1.1 schwarze 424: scriptname);
1.8 schwarze 425:
426: /* Write query input box. */
427:
428: printf( "<TABLE><TR><TD>\n"
429: "<INPUT TYPE=\"text\" NAME=\"query\" VALUE=\"");
1.25 schwarze 430: if (NULL != req->q.query)
431: html_print(req->q.query);
1.8 schwarze 432: puts("\" SIZE=\"40\">");
433:
434: /* Write submission and reset buttons. */
435:
436: printf( "<INPUT TYPE=\"submit\" VALUE=\"Submit\">\n"
437: "<INPUT TYPE=\"reset\" VALUE=\"Reset\">\n");
438:
439: /* Write show radio button */
440:
441: printf( "</TD><TD>\n"
442: "<INPUT TYPE=\"radio\" ");
1.5 schwarze 443: if (req->q.equal)
1.26 schwarze 444: printf("CHECKED=\"checked\" ");
1.8 schwarze 445: printf( "NAME=\"apropos\" ID=\"show\" VALUE=\"0\">\n"
446: "<LABEL FOR=\"show\">Show named manual page</LABEL>\n");
447:
448: /* Write section selector. */
449:
1.26 schwarze 450: puts( "</TD></TR><TR><TD>\n"
1.8 schwarze 451: "<SELECT NAME=\"sec\">");
452: for (i = 0; i < sec_MAX; i++) {
453: printf("<OPTION VALUE=\"%s\"", sec_numbers[i]);
454: if (NULL != req->q.sec &&
455: 0 == strcmp(sec_numbers[i], req->q.sec))
1.26 schwarze 456: printf(" SELECTED=\"selected\"");
1.8 schwarze 457: printf(">%s</OPTION>\n", sec_names[i]);
458: }
459: puts("</SELECT>");
460:
461: /* Write architecture selector. */
462:
1.21 schwarze 463: printf( "<SELECT NAME=\"arch\">\n"
464: "<OPTION VALUE=\"default\"");
465: if (NULL == req->q.arch)
1.26 schwarze 466: printf(" SELECTED=\"selected\"");
1.21 schwarze 467: puts(">All Architectures</OPTION>");
1.8 schwarze 468: for (i = 0; i < arch_MAX; i++) {
469: printf("<OPTION VALUE=\"%s\"", arch_names[i]);
470: if (NULL != req->q.arch &&
471: 0 == strcmp(arch_names[i], req->q.arch))
1.26 schwarze 472: printf(" SELECTED=\"selected\"");
1.8 schwarze 473: printf(">%s</OPTION>\n", arch_names[i]);
474: }
475: puts("</SELECT>");
476:
477: /* Write manpath selector. */
478:
1.1 schwarze 479: if (req->psz > 1) {
1.8 schwarze 480: puts("<SELECT NAME=\"manpath\">");
1.1 schwarze 481: for (i = 0; i < (int)req->psz; i++) {
482: printf("<OPTION ");
1.41 schwarze 483: if (strcmp(req->q.manpath, req->p[i]) == 0)
1.26 schwarze 484: printf("SELECTED=\"selected\" ");
1.1 schwarze 485: printf("VALUE=\"");
486: html_print(req->p[i]);
487: printf("\">");
488: html_print(req->p[i]);
489: puts("</OPTION>");
490: }
491: puts("</SELECT>");
492: }
1.8 schwarze 493:
494: /* Write search radio button */
495:
496: printf( "</TD><TD>\n"
497: "<INPUT TYPE=\"radio\" ");
498: if (0 == req->q.equal)
1.26 schwarze 499: printf("CHECKED=\"checked\" ");
1.8 schwarze 500: printf( "NAME=\"apropos\" ID=\"search\" VALUE=\"1\">\n"
501: "<LABEL FOR=\"search\">Search with apropos query</LABEL>\n");
502:
503: puts("</TD></TR></TABLE>\n"
1.1 schwarze 504: "</FIELDSET>\n"
505: "</FORM>\n"
506: "</DIV>");
507: puts("<!-- End search form. //-->");
508: }
509:
1.16 schwarze 510: static int
1.20 schwarze 511: validate_urifrag(const char *frag)
512: {
513:
514: while ('\0' != *frag) {
515: if ( ! (isalnum((unsigned char)*frag) ||
516: '-' == *frag || '.' == *frag ||
517: '/' == *frag || '_' == *frag))
1.48 schwarze 518: return 0;
1.20 schwarze 519: frag++;
520: }
1.48 schwarze 521: return 1;
1.20 schwarze 522: }
523:
524: static int
1.17 schwarze 525: validate_manpath(const struct req *req, const char* manpath)
526: {
527: size_t i;
528:
529: if ( ! strcmp(manpath, "mandoc"))
1.48 schwarze 530: return 1;
1.17 schwarze 531:
532: for (i = 0; i < req->psz; i++)
533: if ( ! strcmp(manpath, req->p[i]))
1.48 schwarze 534: return 1;
1.17 schwarze 535:
1.48 schwarze 536: return 0;
1.17 schwarze 537: }
538:
539: static int
1.16 schwarze 540: validate_filename(const char *file)
541: {
542:
543: if ('.' == file[0] && '/' == file[1])
544: file += 2;
545:
1.48 schwarze 546: return ! (strstr(file, "../") || strstr(file, "/..") ||
547: (strncmp(file, "man", 3) && strncmp(file, "cat", 3)));
1.16 schwarze 548: }
549:
1.1 schwarze 550: static void
1.12 schwarze 551: pg_index(const struct req *req)
1.1 schwarze 552: {
553:
554: resp_begin_html(200, NULL);
555: resp_searchform(req);
1.4 schwarze 556: printf("<P>\n"
1.26 schwarze 557: "This web interface is documented in the\n"
558: "<A HREF=\"%s/mandoc/man8/man.cgi.8\">man.cgi</A>\n"
559: "manual, and the\n"
560: "<A HREF=\"%s/mandoc/man1/apropos.1\">apropos</A>\n"
1.9 schwarze 561: "manual explains the query syntax.\n"
1.4 schwarze 562: "</P>\n",
563: scriptname, scriptname);
1.1 schwarze 564: resp_end_html();
565: }
566:
567: static void
1.12 schwarze 568: pg_noresult(const struct req *req, const char *msg)
1.1 schwarze 569: {
570: resp_begin_html(200, NULL);
571: resp_searchform(req);
572: puts("<P>");
573: puts(msg);
574: puts("</P>");
575: resp_end_html();
576: }
577:
578: static void
1.12 schwarze 579: pg_error_badrequest(const char *msg)
1.1 schwarze 580: {
581:
582: resp_begin_html(400, "Bad Request");
583: puts("<H1>Bad Request</H1>\n"
584: "<P>\n");
585: puts(msg);
586: printf("Try again from the\n"
587: "<A HREF=\"%s\">main page</A>.\n"
588: "</P>", scriptname);
589: resp_end_html();
590: }
591:
592: static void
1.12 schwarze 593: pg_error_internal(void)
1.1 schwarze 594: {
595: resp_begin_html(500, "Internal Server Error");
596: puts("<P>Internal Server Error</P>");
597: resp_end_html();
598: }
599:
600: static void
1.12 schwarze 601: pg_searchres(const struct req *req, struct manpage *r, size_t sz)
1.1 schwarze 602: {
1.21 schwarze 603: char *arch, *archend;
1.10 schwarze 604: size_t i, iuse, isec;
1.21 schwarze 605: int archprio, archpriouse;
1.10 schwarze 606: int prio, priouse;
607: char sec;
1.1 schwarze 608:
1.16 schwarze 609: for (i = 0; i < sz; i++) {
610: if (validate_filename(r[i].file))
611: continue;
612: fprintf(stderr, "invalid filename %s in %s database\n",
613: r[i].file, req->q.manpath);
614: pg_error_internal();
615: return;
616: }
617:
1.1 schwarze 618: if (1 == sz) {
619: /*
620: * If we have just one result, then jump there now
621: * without any delay.
622: */
1.2 tedu 623: printf("Status: 303 See Other\r\n");
1.18 schwarze 624: printf("Location: http://%s%s/%s/%s?",
625: HTTP_HOST, scriptname, req->q.manpath, r[0].file);
1.31 schwarze 626: http_printquery(req, "&");
1.2 tedu 627: printf("\r\n"
628: "Content-Type: text/html; charset=utf-8\r\n"
629: "\r\n");
1.1 schwarze 630: return;
631: }
632:
633: resp_begin_html(200, NULL);
634: resp_searchform(req);
635: puts("<DIV CLASS=\"results\">");
636: puts("<TABLE>");
637:
638: for (i = 0; i < sz; i++) {
639: printf("<TR>\n"
640: "<TD CLASS=\"title\">\n"
1.43 schwarze 641: "<A HREF=\"%s/%s/%s?",
1.1 schwarze 642: scriptname, req->q.manpath, r[i].file);
1.31 schwarze 643: http_printquery(req, "&");
1.1 schwarze 644: printf("\">");
645: html_print(r[i].names);
646: printf("</A>\n"
647: "</TD>\n"
648: "<TD CLASS=\"desc\">");
649: html_print(r[i].output);
650: puts("</TD>\n"
651: "</TR>");
652: }
653:
654: puts("</TABLE>\n"
655: "</DIV>");
1.10 schwarze 656:
657: /*
658: * In man(1) mode, show one of the pages
659: * even if more than one is found.
660: */
661:
662: if (req->q.equal) {
663: puts("<HR>");
664: iuse = 0;
665: priouse = 10;
1.21 schwarze 666: archpriouse = 3;
1.10 schwarze 667: for (i = 0; i < sz; i++) {
668: isec = strcspn(r[i].file, "123456789");
669: sec = r[i].file[isec];
670: if ('\0' == sec)
671: continue;
672: prio = sec_prios[sec - '1'];
1.21 schwarze 673: if (NULL == req->q.arch) {
674: archprio =
675: (NULL == (arch = strchr(
676: r[i].file + isec, '/'))) ? 3 :
677: (NULL == (archend = strchr(
678: arch + 1, '/'))) ? 0 :
679: strncmp(arch, "amd64/",
680: archend - arch) ? 2 : 1;
681: if (archprio < archpriouse) {
682: archpriouse = archprio;
683: priouse = prio;
684: iuse = i;
685: continue;
686: }
687: if (archprio > archpriouse)
688: continue;
689: }
1.10 schwarze 690: if (prio >= priouse)
691: continue;
692: priouse = prio;
693: iuse = i;
694: }
695: resp_show(req, r[iuse].file);
696: }
697:
1.1 schwarze 698: resp_end_html();
699: }
700:
701: static void
702: catman(const struct req *req, const char *file)
703: {
704: FILE *f;
705: size_t len;
706: int i;
707: char *p;
708: int italic, bold;
709:
710: if (NULL == (f = fopen(file, "r"))) {
1.10 schwarze 711: puts("<P>You specified an invalid manual file.</P>");
1.1 schwarze 712: return;
713: }
714:
715: puts("<DIV CLASS=\"catman\">\n"
716: "<PRE>");
717:
718: while (NULL != (p = fgetln(f, &len))) {
719: bold = italic = 0;
720: for (i = 0; i < (int)len - 1; i++) {
1.43 schwarze 721: /*
1.1 schwarze 722: * This means that the catpage is out of state.
723: * Ignore it and keep going (although the
724: * catpage is bogus).
725: */
726:
727: if ('\b' == p[i] || '\n' == p[i])
728: continue;
729:
730: /*
731: * Print a regular character.
732: * Close out any bold/italic scopes.
733: * If we're in back-space mode, make sure we'll
734: * have something to enter when we backspace.
735: */
736:
737: if ('\b' != p[i + 1]) {
738: if (italic)
739: printf("</I>");
740: if (bold)
741: printf("</B>");
742: italic = bold = 0;
743: html_putchar(p[i]);
744: continue;
745: } else if (i + 2 >= (int)len)
746: continue;
747:
748: /* Italic mode. */
749:
750: if ('_' == p[i]) {
751: if (bold)
752: printf("</B>");
753: if ( ! italic)
754: printf("<I>");
755: bold = 0;
756: italic = 1;
757: i += 2;
758: html_putchar(p[i]);
759: continue;
760: }
761:
1.43 schwarze 762: /*
1.1 schwarze 763: * Handle funny behaviour troff-isms.
764: * These grok'd from the original man2html.c.
765: */
766:
767: if (('+' == p[i] && 'o' == p[i + 2]) ||
768: ('o' == p[i] && '+' == p[i + 2]) ||
769: ('|' == p[i] && '=' == p[i + 2]) ||
770: ('=' == p[i] && '|' == p[i + 2]) ||
771: ('*' == p[i] && '=' == p[i + 2]) ||
772: ('=' == p[i] && '*' == p[i + 2]) ||
773: ('*' == p[i] && '|' == p[i + 2]) ||
774: ('|' == p[i] && '*' == p[i + 2])) {
775: if (italic)
776: printf("</I>");
777: if (bold)
778: printf("</B>");
779: italic = bold = 0;
780: putchar('*');
781: i += 2;
782: continue;
783: } else if (('|' == p[i] && '-' == p[i + 2]) ||
784: ('-' == p[i] && '|' == p[i + 1]) ||
785: ('+' == p[i] && '-' == p[i + 1]) ||
786: ('-' == p[i] && '+' == p[i + 1]) ||
787: ('+' == p[i] && '|' == p[i + 1]) ||
788: ('|' == p[i] && '+' == p[i + 1])) {
789: if (italic)
790: printf("</I>");
791: if (bold)
792: printf("</B>");
793: italic = bold = 0;
794: putchar('+');
795: i += 2;
796: continue;
797: }
798:
799: /* Bold mode. */
1.43 schwarze 800:
1.1 schwarze 801: if (italic)
802: printf("</I>");
803: if ( ! bold)
804: printf("<B>");
805: bold = 1;
806: italic = 0;
807: i += 2;
808: html_putchar(p[i]);
809: }
810:
1.43 schwarze 811: /*
1.1 schwarze 812: * Clean up the last character.
1.43 schwarze 813: * We can get to a newline; don't print that.
1.1 schwarze 814: */
815:
816: if (italic)
817: printf("</I>");
818: if (bold)
819: printf("</B>");
820:
821: if (i == (int)len - 1 && '\n' != p[i])
822: html_putchar(p[i]);
823:
824: putchar('\n');
825: }
826:
827: puts("</PRE>\n"
1.10 schwarze 828: "</DIV>");
1.1 schwarze 829:
830: fclose(f);
831: }
832:
833: static void
834: format(const struct req *req, const char *file)
835: {
1.45 schwarze 836: struct manoutput conf;
1.1 schwarze 837: struct mparse *mp;
1.46 schwarze 838: struct roff_man *man;
1.1 schwarze 839: void *vp;
1.30 schwarze 840: int fd;
841: int usepath;
1.1 schwarze 842:
843: if (-1 == (fd = open(file, O_RDONLY, 0))) {
1.10 schwarze 844: puts("<P>You specified an invalid manual file.</P>");
1.1 schwarze 845: return;
846: }
847:
1.49 schwarze 848: mchars_alloc();
849: mp = mparse_alloc(MPARSE_SO, MANDOCLEVEL_BADARG, NULL, req->q.manpath);
1.42 schwarze 850: mparse_readfd(mp, fd, file);
1.1 schwarze 851: close(fd);
852:
1.45 schwarze 853: memset(&conf, 0, sizeof(conf));
854: conf.fragment = 1;
1.30 schwarze 855: usepath = strcmp(req->q.manpath, req->p[0]);
1.45 schwarze 856: mandoc_asprintf(&conf.man, "%s?query=%%N&sec=%%S%s%s%s%s",
1.30 schwarze 857: scriptname,
858: req->q.arch ? "&arch=" : "",
859: req->q.arch ? req->q.arch : "",
860: usepath ? "&manpath=" : "",
861: usepath ? req->q.manpath : "");
1.1 schwarze 862:
1.47 schwarze 863: mparse_result(mp, &man, NULL);
864: if (man == NULL) {
1.1 schwarze 865: fprintf(stderr, "fatal mandoc error: %s/%s\n",
866: req->q.manpath, file);
1.12 schwarze 867: pg_error_internal();
1.1 schwarze 868: mparse_free(mp);
1.49 schwarze 869: mchars_free();
1.1 schwarze 870: return;
871: }
872:
1.49 schwarze 873: vp = html_alloc(&conf);
1.1 schwarze 874:
1.50 schwarze 875: if (man->macroset == MACROSET_MDOC) {
876: mdoc_validate(man);
1.47 schwarze 877: html_mdoc(vp, man);
1.51 schwarze 878: } else {
879: man_validate(man);
1.1 schwarze 880: html_man(vp, man);
1.51 schwarze 881: }
1.1 schwarze 882:
883: html_free(vp);
884: mparse_free(mp);
1.49 schwarze 885: mchars_free();
1.45 schwarze 886: free(conf.man);
1.1 schwarze 887: }
888:
889: static void
1.10 schwarze 890: resp_show(const struct req *req, const char *file)
891: {
1.16 schwarze 892:
893: if ('.' == file[0] && '/' == file[1])
1.11 schwarze 894: file += 2;
1.10 schwarze 895:
896: if ('c' == *file)
897: catman(req, file);
898: else
899: format(req, file);
900: }
901:
902: static void
1.24 schwarze 903: pg_show(struct req *req, const char *fullpath)
1.1 schwarze 904: {
1.24 schwarze 905: char *manpath;
906: const char *file;
1.1 schwarze 907:
1.24 schwarze 908: if ((file = strchr(fullpath, '/')) == NULL) {
1.12 schwarze 909: pg_error_badrequest(
1.1 schwarze 910: "You did not specify a page to show.");
911: return;
1.43 schwarze 912: }
1.24 schwarze 913: manpath = mandoc_strndup(fullpath, file - fullpath);
914: file++;
1.1 schwarze 915:
1.24 schwarze 916: if ( ! validate_manpath(req, manpath)) {
1.17 schwarze 917: pg_error_badrequest(
918: "You specified an invalid manpath.");
1.24 schwarze 919: free(manpath);
1.17 schwarze 920: return;
921: }
922:
1.1 schwarze 923: /*
924: * Begin by chdir()ing into the manpath.
925: * This way we can pick up the database files, which are
926: * relative to the manpath root.
927: */
928:
1.24 schwarze 929: if (chdir(manpath) == -1) {
1.17 schwarze 930: fprintf(stderr, "chdir %s: %s\n",
1.24 schwarze 931: manpath, strerror(errno));
1.17 schwarze 932: pg_error_internal();
1.24 schwarze 933: free(manpath);
1.16 schwarze 934: return;
935: }
936:
1.24 schwarze 937: if (strcmp(manpath, "mandoc")) {
938: free(req->q.manpath);
939: req->q.manpath = manpath;
940: } else
941: free(manpath);
942:
943: if ( ! validate_filename(file)) {
1.16 schwarze 944: pg_error_badrequest(
945: "You specified an invalid manual file.");
1.1 schwarze 946: return;
947: }
1.19 schwarze 948:
1.10 schwarze 949: resp_begin_html(200, NULL);
950: resp_searchform(req);
1.24 schwarze 951: resp_show(req, file);
1.10 schwarze 952: resp_end_html();
1.1 schwarze 953: }
954:
955: static void
1.6 schwarze 956: pg_search(const struct req *req)
1.1 schwarze 957: {
958: struct mansearch search;
959: struct manpaths paths;
960: struct manpage *res;
1.36 schwarze 961: char **argv;
962: char *query, *rp, *wp;
1.1 schwarze 963: size_t ressz;
1.36 schwarze 964: int argc;
1.1 schwarze 965:
966: /*
967: * Begin by chdir()ing into the root of the manpath.
968: * This way we can pick up the database files, which are
969: * relative to the manpath root.
970: */
971:
972: if (-1 == (chdir(req->q.manpath))) {
1.17 schwarze 973: fprintf(stderr, "chdir %s: %s\n",
974: req->q.manpath, strerror(errno));
975: pg_error_internal();
1.1 schwarze 976: return;
977: }
978:
979: search.arch = req->q.arch;
980: search.sec = req->q.sec;
1.35 schwarze 981: search.outkey = "Nd";
982: search.argmode = req->q.equal ? ARG_NAME : ARG_EXPR;
1.40 schwarze 983: search.firstmatch = 1;
1.1 schwarze 984:
985: paths.sz = 1;
986: paths.paths = mandoc_malloc(sizeof(char *));
987: paths.paths[0] = mandoc_strdup(".");
988:
989: /*
1.36 schwarze 990: * Break apart at spaces with backslash-escaping.
1.1 schwarze 991: */
992:
1.36 schwarze 993: argc = 0;
994: argv = NULL;
995: rp = query = mandoc_strdup(req->q.query);
996: for (;;) {
997: while (isspace((unsigned char)*rp))
998: rp++;
999: if (*rp == '\0')
1000: break;
1001: argv = mandoc_reallocarray(argv, argc + 1, sizeof(char *));
1002: argv[argc++] = wp = rp;
1003: for (;;) {
1004: if (isspace((unsigned char)*rp)) {
1005: *wp = '\0';
1006: rp++;
1007: break;
1008: }
1009: if (rp[0] == '\\' && rp[1] != '\0')
1010: rp++;
1011: if (wp != rp)
1012: *wp = *rp;
1013: if (*rp == '\0')
1014: break;
1015: wp++;
1016: rp++;
1017: }
1.1 schwarze 1018: }
1019:
1.36 schwarze 1020: if (0 == mansearch(&search, &paths, argc, argv, &res, &ressz))
1.12 schwarze 1021: pg_noresult(req, "You entered an invalid query.");
1.1 schwarze 1022: else if (0 == ressz)
1.12 schwarze 1023: pg_noresult(req, "No results found.");
1.1 schwarze 1024: else
1.12 schwarze 1025: pg_searchres(req, res, ressz);
1.1 schwarze 1026:
1.36 schwarze 1027: free(query);
1028: mansearch_free(res, ressz);
1.1 schwarze 1029: free(paths.paths[0]);
1030: free(paths.paths);
1031: }
1032:
1033: int
1034: main(void)
1035: {
1.6 schwarze 1036: struct req req;
1.33 schwarze 1037: struct itimerval itimer;
1.6 schwarze 1038: const char *path;
1.23 schwarze 1039: const char *querystring;
1.1 schwarze 1040: int i;
1.33 schwarze 1041:
1042: /* Poor man's ReDoS mitigation. */
1043:
1.38 schwarze 1044: itimer.it_value.tv_sec = 2;
1.33 schwarze 1045: itimer.it_value.tv_usec = 0;
1.38 schwarze 1046: itimer.it_interval.tv_sec = 2;
1.33 schwarze 1047: itimer.it_interval.tv_usec = 0;
1048: if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) {
1049: fprintf(stderr, "setitimer: %s\n", strerror(errno));
1050: pg_error_internal();
1.48 schwarze 1051: return EXIT_FAILURE;
1.33 schwarze 1052: }
1.1 schwarze 1053:
1054: /* Scan our run-time environment. */
1055:
1056: if (NULL == (scriptname = getenv("SCRIPT_NAME")))
1057: scriptname = "";
1058:
1.20 schwarze 1059: if ( ! validate_urifrag(scriptname)) {
1060: fprintf(stderr, "unsafe SCRIPT_NAME \"%s\"\n",
1061: scriptname);
1062: pg_error_internal();
1.48 schwarze 1063: return EXIT_FAILURE;
1.20 schwarze 1064: }
1065:
1.1 schwarze 1066: /*
1.7 schwarze 1067: * First we change directory into the MAN_DIR so that
1.1 schwarze 1068: * subsequent scanning for manpath directories is rooted
1069: * relative to the same position.
1070: */
1071:
1.7 schwarze 1072: if (-1 == chdir(MAN_DIR)) {
1.1 schwarze 1073: fprintf(stderr, "MAN_DIR: %s: %s\n",
1.7 schwarze 1074: MAN_DIR, strerror(errno));
1.12 schwarze 1075: pg_error_internal();
1.48 schwarze 1076: return EXIT_FAILURE;
1.43 schwarze 1077: }
1.1 schwarze 1078:
1079: memset(&req, 0, sizeof(struct req));
1080: pathgen(&req);
1081:
1082: /* Next parse out the query string. */
1083:
1084: if (NULL != (querystring = getenv("QUERY_STRING")))
1085: http_parse(&req, querystring);
1.17 schwarze 1086:
1.41 schwarze 1087: if (req.q.manpath == NULL)
1088: req.q.manpath = mandoc_strdup(req.p[0]);
1089: else if ( ! validate_manpath(&req, req.q.manpath)) {
1.17 schwarze 1090: pg_error_badrequest(
1091: "You specified an invalid manpath.");
1.48 schwarze 1092: return EXIT_FAILURE;
1.17 schwarze 1093: }
1.1 schwarze 1094:
1.20 schwarze 1095: if ( ! (NULL == req.q.arch || validate_urifrag(req.q.arch))) {
1096: pg_error_badrequest(
1097: "You specified an invalid architecture.");
1.48 schwarze 1098: return EXIT_FAILURE;
1.20 schwarze 1099: }
1100:
1.6 schwarze 1101: /* Dispatch to the three different pages. */
1.1 schwarze 1102:
1.6 schwarze 1103: path = getenv("PATH_INFO");
1104: if (NULL == path)
1105: path = "";
1106: else if ('/' == *path)
1107: path++;
1108:
1109: if ('\0' != *path)
1110: pg_show(&req, path);
1.25 schwarze 1111: else if (NULL != req.q.query)
1.6 schwarze 1112: pg_search(&req);
1113: else
1.12 schwarze 1114: pg_index(&req);
1.1 schwarze 1115:
1.23 schwarze 1116: free(req.q.manpath);
1117: free(req.q.arch);
1118: free(req.q.sec);
1.25 schwarze 1119: free(req.q.query);
1.1 schwarze 1120: for (i = 0; i < (int)req.psz; i++)
1121: free(req.p[i]);
1122: free(req.p);
1.48 schwarze 1123: return EXIT_SUCCESS;
1.1 schwarze 1124: }
1125:
1126: /*
1127: * Scan for indexable paths.
1128: */
1129: static void
1130: pathgen(struct req *req)
1131: {
1132: FILE *fp;
1133: char *dp;
1134: size_t dpsz;
1135:
1.14 schwarze 1136: if (NULL == (fp = fopen("manpath.conf", "r"))) {
1137: fprintf(stderr, "%s/manpath.conf: %s\n",
1138: MAN_DIR, strerror(errno));
1139: pg_error_internal();
1140: exit(EXIT_FAILURE);
1141: }
1.1 schwarze 1142:
1143: while (NULL != (dp = fgetln(fp, &dpsz))) {
1144: if ('\n' == dp[dpsz - 1])
1145: dpsz--;
1146: req->p = mandoc_realloc(req->p,
1147: (req->psz + 1) * sizeof(char *));
1.20 schwarze 1148: dp = mandoc_strndup(dp, dpsz);
1149: if ( ! validate_urifrag(dp)) {
1150: fprintf(stderr, "%s/manpath.conf contains "
1151: "unsafe path \"%s\"\n", MAN_DIR, dp);
1152: pg_error_internal();
1153: exit(EXIT_FAILURE);
1154: }
1155: if (NULL != strchr(dp, '/')) {
1156: fprintf(stderr, "%s/manpath.conf contains "
1157: "path with slash \"%s\"\n", MAN_DIR, dp);
1158: pg_error_internal();
1159: exit(EXIT_FAILURE);
1160: }
1161: req->p[req->psz++] = dp;
1.14 schwarze 1162: }
1163:
1164: if ( req->p == NULL ) {
1165: fprintf(stderr, "%s/manpath.conf is empty\n", MAN_DIR);
1166: pg_error_internal();
1167: exit(EXIT_FAILURE);
1.1 schwarze 1168: }
1169: }