linux_yz_door/jni/shttpd/shttpd.c

/*
 * Copyright (c) 2004-2005 Sergey Lyubka <valenok@gmail.com>
 * All rights reserved
 *
 * "THE BEER-WARE LICENSE" (Revision 42):
 * Sergey Lyubka wrote this file.  As long as you retain this notice you
 * can do whatever you want with this stuff. If we meet some day, and you think
 * this stuff is worth it, you can buy me a beer in return.
 */

/*
 * Small and portable HTTP server, http://shttpd.sourceforge.net
 * $Id: shttpd.c,v 1.57 2008/08/23 21:00:38 drozd Exp $
 */

#include "defs.h"

time_t	_shttpd_current_time;	/* Current UTC time		*/
int	_shttpd_tz_offset;	/* Time zone offset from UTC	*/
int	_shttpd_exit_flag;	/* Program exit flag		*/

const struct vec _shttpd_known_http_methods[] = {
	{"GET",		3},
	{"POST",	4},
	{"PUT",		3},
	{"DELETE",	6},
	{"HEAD",	4},
	{NULL,		0}
};

/*
 * This structure tells how HTTP headers must be parsed.
 * Used by parse_headers() function.
 */
#define	OFFSET(x)	offsetof(struct headers, x)
static const struct http_header http_headers[] = {
	{16, HDR_INT,	 OFFSET(cl),		"Content-Length: "	},
	{14, HDR_STRING, OFFSET(ct),		"Content-Type: "	},
	{12, HDR_STRING, OFFSET(useragent),	"User-Agent: "		},
	{19, HDR_DATE,	 OFFSET(ims),		"If-Modified-Since: "	},
	{15, HDR_STRING, OFFSET(auth),		"Authorization: "	},
	{9,  HDR_STRING, OFFSET(referer),	"Referer: "		},
	{8,  HDR_STRING, OFFSET(cookie),	"Cookie: "		},
	{10, HDR_STRING, OFFSET(location),	"Location: "		},
	{8,  HDR_INT,	 OFFSET(status),	"Status: "		},
	{7,  HDR_STRING, OFFSET(range),		"Range: "		},
	{12, HDR_STRING, OFFSET(connection),	"Connection: "		},
	{19, HDR_STRING, OFFSET(transenc),	"Transfer-Encoding: "	},
	{0,  HDR_INT,	 0,			NULL			}
};

struct shttpd_ctx *init_ctx(const char *config_file, int argc, char *argv[]);
static void process_connection(struct conn *, int, int);

int
_shttpd_is_true(const char *str)
{
	static const char	*trues[] = {"1", "yes", "true", "jawohl", NULL};
	const char		**p;

	for (p = trues; *p != NULL; p++)
		if (str && !strcmp(str, *p))
			return (TRUE);

	return (FALSE);
}

static void
free_list(struct llhead *head, void (*dtor)(struct llhead *))
{
	struct llhead	*lp, *tmp;

	LL_FOREACH_SAFE(head, lp, tmp) {
		LL_DEL(lp);
		dtor(lp);
	}
}

static void
listener_destructor(struct llhead *lp)
{
	struct listener	*listener = LL_ENTRY(lp, struct listener, link);

	(void) closesocket(listener->sock);
	free(listener);
}

static void
registered_uri_destructor(struct llhead *lp)
{
	struct registered_uri *ruri = LL_ENTRY(lp, struct registered_uri, link);

	free((void *) ruri->uri);
	free(ruri);
}

static void
acl_destructor(struct llhead *lp)
{
	struct acl	*acl = LL_ENTRY(lp, struct acl, link);
	free(acl);
}

int
_shttpd_url_decode(const char *src, int src_len, char *dst, int dst_len)
{
	int	i, j, a, b;
#define	HEXTOI(x)  (isdigit(x) ? x - '0' : x - 'W')

	for (i = j = 0; i < src_len && j < dst_len - 1; i++, j++)
		switch (src[i]) {
		case '%':
			if (isxdigit(((unsigned char *) src)[i + 1]) &&
			    isxdigit(((unsigned char *) src)[i + 2])) {
				a = tolower(((unsigned char *)src)[i + 1]);
				b = tolower(((unsigned char *)src)[i + 2]);
				dst[j] = (HEXTOI(a) << 4) | HEXTOI(b);
				i += 2;
			} else {
				dst[j] = '%';
			}
			break;
		default:
			dst[j] = src[i];
			break;
		}

	dst[j] = '\0';	/* Null-terminate the destination */

	return (j);
}

static const char *
is_alias(struct shttpd_ctx *ctx, const char *uri,
		struct vec *a_uri, struct vec *a_path)
{
	const char	*p, *s = ctx->options[OPT_ALIASES];
	size_t		len;

	DBG(("is_alias: aliases [%s]", s == NULL ? "" : s));

	FOR_EACH_WORD_IN_LIST(s, len) {

		if ((p = memchr(s, '=', len)) == NULL || p >= s + len || p == s)
			continue;

		if (memcmp(uri, s, p - s) == 0) {
			a_uri->ptr = s;
			a_uri->len = p - s;
			a_path->ptr = ++p;
			a_path->len = (s + len) - p;
			return (s);
		}
	}

	return (NULL);
}

void
_shttpd_stop_stream(struct stream *stream)
{
	if (stream->io_class != NULL && stream->io_class->close != NULL)
		stream->io_class->close(stream);

	stream->io_class= NULL;
	stream->flags |= FLAG_CLOSED;
	stream->flags &= ~(FLAG_R | FLAG_W | FLAG_ALWAYS_READY);

	DBG(("%d %s stopped. %lu of content data, %d now in a buffer",
	    stream->conn->rem.chan.sock, 
	    stream->io_class ? stream->io_class->name : "(null)",
	    (unsigned long) stream->io.total, (int) io_data_len(&stream->io)));
}

/*
 * Setup listening socket on given port, return socket
 */
static int
shttpd_open_listening_port(int port)
{
	int		sock, on = 1;
	struct usa	sa;

#ifdef _WIN32
	{WSADATA data;	WSAStartup(MAKEWORD(2,2), &data);}
#endif /* _WIN32 */

	sa.len				= sizeof(sa.u.sin);
	sa.u.sin.sin_family		= AF_INET;
	sa.u.sin.sin_port		= htons((uint16_t) port);
	sa.u.sin.sin_addr.s_addr	= htonl(INADDR_ANY);

	if ((sock = socket(PF_INET, SOCK_STREAM, 6)) == -1)
		goto fail;
	if (_shttpd_set_non_blocking_mode(sock) != 0)
		goto fail;
	if (setsockopt(sock, SOL_SOCKET,
	    SO_REUSEADDR,(char *) &on, sizeof(on)) != 0)
		goto fail;
	if (bind(sock, &sa.u.sa, sa.len) < 0)
		goto fail;
	if (listen(sock, 128) != 0)
		goto fail;

#ifndef _WIN32
	(void) fcntl(sock, F_SETFD, FD_CLOEXEC);
#endif /* !_WIN32 */

	return (sock);
fail:
	if (sock != -1)
		(void) closesocket(sock);
	_shttpd_elog(E_LOG, NULL, "open_listening_port(%d): %s", port, strerror(errno));
	return (-1);
}

/*
 * Check whether full request is buffered Return headers length, or 0
 */
int
_shttpd_get_headers_len(const char *buf, size_t buflen)
{
	const char	*s, *e;
	int		len = 0;

	for (s = buf, e = s + buflen - 1; len == 0 && s < e; s++)
		/* Control characters are not allowed but >=128 is. */
		if (!isprint(* (unsigned char *) s) && *s != '\r' &&
		    *s != '\n' && * (unsigned char *) s < 128)
			len = -1;
		else if (s[0] == '\n' && s[1] == '\n')
			len = s - buf + 2;
		else if (s[0] == '\n' && &s[1] < e &&
		    s[1] == '\r' && s[2] == '\n')
			len = s - buf + 3;

	return (len);
}

/*
 * Send error message back to a client.
 */
void
_shttpd_send_server_error(struct conn *c, int status, const char *reason)
{
	struct llhead		*lp;
	struct error_handler	*e;

	LL_FOREACH(&c->ctx->error_handlers, lp) {
		e = LL_ENTRY(lp, struct error_handler, link);

		if (e->code == status) {
			if (c->loc.io_class != NULL &&
			    c->loc.io_class->close != NULL)
				c->loc.io_class->close(&c->loc);
			io_clear(&c->loc.io);
			_shttpd_setup_embedded_stream(c,
			    e->callback, e->callback_data);
			return;
		}
	}

	io_clear(&c->loc.io);
	c->loc.io.head = _shttpd_snprintf(c->loc.io.buf, c->loc.io.size,
	    "HTTP/1.1 %d %s\r\n"
	    "Content-Type: text/plain\r\n"
	    "Content-Length: 12\r\n"
	    "\r\n"
	    "Error: %03d\r\n",
	    status, reason, status);
	c->loc.content_len = 10;
	c->status = status;
	_shttpd_stop_stream(&c->loc);
}

/*
 * Convert month to the month number. Return -1 on error, or month number
 */
static int
montoi(const char *s)
{
	static const char *ar[] = {
		"Jan", "Feb", "Mar", "Apr", "May", "Jun",
		"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
	};
	size_t	i;

	for (i = 0; i < sizeof(ar) / sizeof(ar[0]); i++)
		if (!strcmp(s, ar[i]))
			return (i);

	return (-1);
}

/*
 * Parse date-time string, and return the corresponding time_t value
 */
static time_t
date_to_epoch(const char *s)
{
	struct tm	tm, *tmp;
	char		mon[32];
	int		sec, min, hour, mday, month, year;

	(void) memset(&tm, 0, sizeof(tm));
	sec = min = hour = mday = month = year = 0;

	if (((sscanf(s, "%d/%3s/%d %d:%d:%d",
	    &mday, mon, &year, &hour, &min, &sec) == 6) ||
	    (sscanf(s, "%d %3s %d %d:%d:%d",
	    &mday, mon, &year, &hour, &min, &sec) == 6) ||
	    (sscanf(s, "%*3s, %d %3s %d %d:%d:%d",
	    &mday, mon, &year, &hour, &min, &sec) == 6) ||
	    (sscanf(s, "%d-%3s-%d %d:%d:%d",
	    &mday, mon, &year, &hour, &min, &sec) == 6)) &&
	    (month = montoi(mon)) != -1) {
		tm.tm_mday	= mday;
		tm.tm_mon	= month;
		tm.tm_year	= year;
		tm.tm_hour	= hour;
		tm.tm_min	= min;
		tm.tm_sec	= sec;
	}

	if (tm.tm_year > 1900)
		tm.tm_year -= 1900;
	else if (tm.tm_year < 70)
		tm.tm_year += 100;

	/* Set Daylight Saving Time field */
	tmp = localtime(&_shttpd_current_time);
	tm.tm_isdst = tmp->tm_isdst;

	return (mktime(&tm));
}

static void
remove_double_dots(char *s)
{
	char	*p = s;

	while (*s != '\0') {
		*p++ = *s++;
		if (s[-1] == '/' || s[-1] == '\\')
			while (*s == '.' || *s == '/' || *s == '\\')
				s++;
	}
	*p = '\0';
}

void
_shttpd_parse_headers(const char *s, int len, struct headers *parsed)
{
	const struct http_header	*h;
	union variant			*v;
	const char			*p, *e = s + len;

	DBG(("parsing headers (len %d): [%.*s]", len, len, s));

	/* Loop through all headers in the request */
	while (s < e) {

		/* Find where this header ends */
		for (p = s; p < e && *p != '\n'; ) p++;

		/* Is this header known to us ? */
		for (h = http_headers; h->len != 0; h++)
			if (e - s > h->len &&
			    !_shttpd_strncasecmp(s, h->name, h->len))
				break;

		/* If the header is known to us, store its value */
		if (h->len != 0) {

			/* Shift to where value starts */
			s += h->len;

			/* Find place to store the value */
			v = (union variant *) ((char *) parsed + h->offset);

			/* Fetch header value into the connection structure */
			if (h->type == HDR_STRING) {
				v->v_vec.ptr = s;
				v->v_vec.len = p - s;
				if (p[-1] == '\r' && v->v_vec.len > 0)
					v->v_vec.len--;
			} else if (h->type == HDR_INT) {
				v->v_big_int = strtoul(s, NULL, 10);
			} else if (h->type == HDR_DATE) {
				v->v_time = date_to_epoch(s);
			}
		}

		s = p + 1;	/* Shift to the next header */
	}
}

static const struct {
	const char	*extension;
	int		ext_len;
	const char	*mime_type;
} builtin_mime_types[] = {
	{"html",	4,	"text/html"			},
	{"htm",		3,	"text/html"			},
	{"txt",		3,	"text/plain"			},
	{"css",		3,	"text/css"			},
	{"ico",		3,	"image/x-icon"			},
	{"gif",		3,	"image/gif"			},
	{"jpg",		3,	"image/jpeg"			},
	{"jpeg",	4,	"image/jpeg"			},
	{"png",		3,	"image/png"			},
	{"svg",		3,	"image/svg+xml"			},
	{"torrent",	7,	"application/x-bittorrent"	},
	{"wav",		3,	"audio/x-wav"			},
	{"mp3",		3,	"audio/x-mp3"			},
	{"mid",		3,	"audio/mid"			},
	{"m3u",		3,	"audio/x-mpegurl"		},
	{"ram",		3,	"audio/x-pn-realaudio"		},
	{"ra",		2,	"audio/x-pn-realaudio"		},
	{"doc",		3,	"application/msword",		},
	{"exe",		3,	"application/octet-stream"	},
	{"zip",		3,	"application/x-zip-compressed"	},
	{"xls",		3,	"application/excel"		},
	{"tgz",		3,	"application/x-tar-gz"		},
	{"tar.gz",	6,	"application/x-tar-gz"		},
	{"tar",		3,	"application/x-tar"		},
	{"gz",		2,	"application/x-gunzip"		},
	{"arj",		3,	"application/x-arj-compressed"	},
	{"rar",		3,	"application/x-arj-compressed"	},
	{"rtf",		3,	"application/rtf"		},
	{"pdf",		3,	"application/pdf"		},
	{"swf",		3,	"application/x-shockwave-flash"	},
	{"mpg",		3,	"video/mpeg"			},
	{"mpeg",	4,	"video/mpeg"			},
	{"asf",		3,	"video/x-ms-asf"		},
	{"avi",		3,	"video/x-msvideo"		},
	{"bmp",		3,	"image/bmp"			},
	{NULL,		0,	NULL				}
};

void
_shttpd_get_mime_type(struct shttpd_ctx *ctx,
		const char *uri, int len, struct vec *vec)
{
	const char	*eq, *p = ctx->options[OPT_MIME_TYPES];
	int		i, n, ext_len;

	/* Firt, loop through the custom mime types if any */
	FOR_EACH_WORD_IN_LIST(p, n) {
		if ((eq = memchr(p, '=', n)) == NULL || eq >= p + n || eq == p)
			continue;
		ext_len = eq - p;
		if (len > ext_len && uri[len - ext_len - 1] == '.' &&
		    !_shttpd_strncasecmp(p, &uri[len - ext_len], ext_len)) {
			vec->ptr = eq + 1;
			vec->len = p + n - vec->ptr;
			return;
		}
	}

	/* If no luck, try built-in mime types */
	for (i = 0; builtin_mime_types[i].extension != NULL; i++) {
		ext_len = builtin_mime_types[i].ext_len;
		if (len > ext_len && uri[len - ext_len - 1] == '.' &&
		    !_shttpd_strncasecmp(builtin_mime_types[i].extension,
			    &uri[len - ext_len], ext_len)) {
			vec->ptr = builtin_mime_types[i].mime_type;
			vec->len = strlen(vec->ptr);
			return;
		}
	}

	/* Oops. This extension is unknown to us. Fallback to text/plain */
	vec->ptr = "text/plain";
	vec->len = strlen(vec->ptr);
}

/*
 * For given directory path, substitute it to valid index file.
 * Return 0 if index file has been found, -1 if not found
 */
static int
find_index_file(struct conn *c, char *path, size_t maxpath, struct stat *stp)
{
	char		buf[FILENAME_MAX];
	const char	*s = c->ctx->options[OPT_INDEX_FILES];
	size_t		len;

	FOR_EACH_WORD_IN_LIST(s, len) {
		/* path must end with '/' character */
		_shttpd_snprintf(buf, sizeof(buf), "%s%.*s", path, len, s);
		if (_shttpd_stat(buf, stp) == 0) {
			_shttpd_strlcpy(path, buf, maxpath);
			_shttpd_get_mime_type(c->ctx, s, len, &c->mime_type);
			return (0);
		}
	}

	return (-1);
}

/*
 * Try to open requested file, return 0 if OK, -1 if error.
 * If the file is given arguments using PATH_INFO mechanism,
 * initialize pathinfo pointer.
 */
static int
get_path_info(struct conn *c, char *path, struct stat *stp)
{
	char	*p, *e;

	if (_shttpd_stat(path, stp) == 0)
		return (0);

	p = path + strlen(path);
	e = path + strlen(c->ctx->options[OPT_ROOT]) + 2;
	
	/* Strip directory parts of the path one by one */
	for (; p > e; p--)
		if (*p == '/') {
			*p = '\0';
			if (!_shttpd_stat(path, stp) && !S_ISDIR(stp->st_mode)) {
				c->path_info = p + 1;
				return (0);
			} else {
				*p = '/';
			}
		}

	return (-1);
}

static void
decide_what_to_do(struct conn *c)
{
	char		path[URI_MAX], buf[1024], *root;
	struct vec	alias_uri, alias_path;
	struct stat	st;
	int		rc;
	struct registered_uri	*ruri;

	DBG(("decide_what_to_do: [%s]", c->uri));

	if ((c->query = strchr(c->uri, '?')) != NULL)
		*c->query++ = '\0';

	_shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
	remove_double_dots(c->uri);
	
	root = c->ctx->options[OPT_ROOT];
	if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
		_shttpd_send_server_error(c, 400, "URI is too long");
		return;
	}

	(void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri);

	/* User may use the aliases - check URI for mount point */
	if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
		(void) _shttpd_snprintf(path, sizeof(path), "%.*s%s",
		    alias_path.len, alias_path.ptr, c->uri + alias_uri.len);
		DBG(("using alias %.*s -> %.*s", alias_uri.len, alias_uri.ptr,
		    alias_path.len, alias_path.ptr));
	}

#if !defined(NO_AUTH)
	if (_shttpd_check_authorization(c, path) != 1) {
		_shttpd_send_authorization_request(c);
	} else
#endif /* NO_AUTH */
	if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) {
		_shttpd_setup_embedded_stream(c,
		    ruri->callback, ruri->callback_data);
	} else
	if (strstr(path, HTPASSWD)) {
		/* Do not allow to view passwords files */
		_shttpd_send_server_error(c, 403, "Forbidden");
	} else
#if !defined(NO_AUTH)
	if ((c->method == METHOD_PUT || c->method == METHOD_DELETE) &&
	    (c->ctx->options[OPT_AUTH_PUT] == NULL ||
	     !_shttpd_is_authorized_for_put(c))) {
		_shttpd_send_authorization_request(c);
	} else
#endif /* NO_AUTH */
	if (c->method == METHOD_PUT) {
		c->status = _shttpd_stat(path, &st) == 0 ? 200 : 201;

		if (c->ch.range.v_vec.len > 0) {
			_shttpd_send_server_error(c, 501,
			    "PUT Range Not Implemented");
		} else if ((rc = _shttpd_put_dir(path)) == 0) {
			_shttpd_send_server_error(c, 200, "OK");
		} else if (rc == -1) {
			_shttpd_send_server_error(c, 500, "PUT Directory Error");
		} else if (c->rem.content_len == 0) {
			_shttpd_send_server_error(c, 411, "Length Required");
		} else if ((c->loc.chan.fd = _shttpd_open(path, O_WRONLY | O_BINARY |
		    O_CREAT | O_NONBLOCK | O_TRUNC, 0644)) == -1) {
			_shttpd_send_server_error(c, 500, "PUT Error");
		} else {
			DBG(("PUT file [%s]", c->uri));
			c->loc.io_class = &_shttpd_io_file;
			c->loc.flags |= FLAG_W | FLAG_ALWAYS_READY ;
		}
	} else if (c->method == METHOD_DELETE) {
		DBG(("DELETE [%s]", c->uri));
		if (_shttpd_remove(path) == 0)
			_shttpd_send_server_error(c, 200, "OK");
		else
			_shttpd_send_server_error(c, 500, "DELETE Error");
	} else if (get_path_info(c, path, &st) != 0) {
		_shttpd_send_server_error(c, 404, "Not Found");
	} else if (S_ISDIR(st.st_mode) && path[strlen(path) - 1] != '/') {
		(void) _shttpd_snprintf(buf, sizeof(buf),
			"Moved Permanently\r\nLocation: %s/", c->uri);
		_shttpd_send_server_error(c, 301, buf);
	} else if (S_ISDIR(st.st_mode) &&
	    find_index_file(c, path, sizeof(path) - 1, &st) == -1 &&
	    !IS_TRUE(c->ctx, OPT_DIR_LIST)) {
		_shttpd_send_server_error(c, 403, "Directory Listing Denied");
	} else if (S_ISDIR(st.st_mode) && IS_TRUE(c->ctx, OPT_DIR_LIST)) {
		if ((c->loc.chan.dir.path = _shttpd_strdup(path)) != NULL)
			_shttpd_get_dir(c);
		else
			_shttpd_send_server_error(c, 500, "GET Directory Error");
	} else if (S_ISDIR(st.st_mode) && !IS_TRUE(c->ctx, OPT_DIR_LIST)) {
		_shttpd_send_server_error(c, 403, "Directory listing denied");
#if !defined(NO_CGI)
	} else if (_shttpd_match_extension(path,
	    c->ctx->options[OPT_CGI_EXTENSIONS])) {
		if (c->method != METHOD_POST && c->method != METHOD_GET) {
			_shttpd_send_server_error(c, 501, "Bad method ");
		} else if ((_shttpd_run_cgi(c, path)) == -1) {
			_shttpd_send_server_error(c, 500, "Cannot exec CGI");
		} else {
			_shttpd_do_cgi(c);
		}
#endif /* NO_CGI */
#if !defined(NO_SSI)
	} else if (_shttpd_match_extension(path,
	    c->ctx->options[OPT_SSI_EXTENSIONS])) {
		if ((c->loc.chan.fd = _shttpd_open(path,
		    O_RDONLY | O_BINARY, 0644)) == -1) {
			_shttpd_send_server_error(c, 500, "SSI open error");
		} else {
			_shttpd_do_ssi(c);
		}
#endif /* NO_CGI */
	} else if (c->ch.ims.v_time && st.st_mtime <= c->ch.ims.v_time) {
		_shttpd_send_server_error(c, 304, "Not Modified");
	} else if ((c->loc.chan.fd = _shttpd_open(path,
	    O_RDONLY | O_BINARY, 0644)) != -1) {
		_shttpd_get_file(c, &st);
	} else {
		_shttpd_send_server_error(c, 500, "Internal Error");
	}
}

static int
set_request_method(struct conn *c)
{
	const struct vec	*v;

	/* Set the request method */
	for (v = _shttpd_known_http_methods; v->ptr != NULL; v++)
		if (!memcmp(c->rem.io.buf, v->ptr, v->len)) {
			c->method = v - _shttpd_known_http_methods;
			break;
		}

	return (v->ptr == NULL);
}

static void
parse_http_request(struct conn *c)
{
	char	*s, *e, *p, *start;
	int	uri_len, req_len, n;

	s = io_data(&c->rem.io);;
	req_len = c->rem.headers_len =
	    _shttpd_get_headers_len(s, io_data_len(&c->rem.io));

	if (req_len == 0 && io_space_len(&c->rem.io) == 0) {
		io_clear(&c->rem.io);
		_shttpd_send_server_error(c, 400, "Request is too big");
	}

	if (req_len == 0) {
		return;
	} else if (req_len < 16) {	/* Minimal: "GET / HTTP/1.0\n\n" */
		_shttpd_send_server_error(c, 400, "Bad request");
	} else if (set_request_method(c)) {
		_shttpd_send_server_error(c, 501, "Method Not Implemented");
	} else if ((c->request = _shttpd_strndup(s, req_len)) == NULL) {
		_shttpd_send_server_error(c, 500, "Cannot allocate request");
	}

	if (c->loc.flags & FLAG_CLOSED)
		return;

	io_inc_tail(&c->rem.io, req_len);

	DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s));
	c->rem.flags |= FLAG_HEADERS_PARSED;

	/* Set headers pointer. Headers follow the request line */
	c->headers = memchr(c->request, '\n', req_len);
	assert(c->headers != NULL);
	assert(c->headers < c->request + req_len);
	if (c->headers > c->request && c->headers[-1] == '\r')
		c->headers[-1] = '\0';
	*c->headers++ = '\0';

	/*
	 * Now make a copy of the URI, because it will be URL-decoded,
	 * and we need a copy of unmodified URI for the access log.
	 * First, we skip the REQUEST_METHOD and shift to the URI.
	 */
	for (p = c->request, e = p + req_len; *p != ' ' && p < e; p++);
	while (p < e && *p == ' ')
		p++;

	/* Now remember where URI starts, and shift to the end of URI */
	for (start = p; p < e && !isspace((unsigned char)*p); ) p++;
	uri_len = p - start;

	/* Skip space following the URI */
	while (p < e && *p == ' ')
		p++;

	/* Now comes the HTTP-Version in the form HTTP/<major>.<minor> */
	if (sscanf(p, "HTTP/%lu.%lu%n",
	    &c->major_version, &c->minor_version, &n) != 2 || p[n] != '\0') {
		_shttpd_send_server_error(c, 400, "Bad HTTP version");
	} else if (c->major_version > 1 ||
	    (c->major_version == 1 && c->minor_version > 1)) {
		_shttpd_send_server_error(c, 505, "HTTP version not supported");
	} else if (uri_len <= 0) {
		_shttpd_send_server_error(c, 400, "Bad URI");
	} else if ((c->uri = malloc(uri_len + 1)) == NULL) {
		_shttpd_send_server_error(c, 500, "Cannot allocate URI");
	} else {
		_shttpd_strlcpy(c->uri, (char *) start, uri_len + 1);
		_shttpd_parse_headers(c->headers,
		    (c->request + req_len) - c->headers, &c->ch);

		/* Remove the length of request from total, count only data */
		assert(c->rem.io.total >= (big_int_t) req_len);
		c->rem.io.total -= req_len;
		c->rem.content_len = c->ch.cl.v_big_int;
		decide_what_to_do(c);
	}
}

static void
add_socket(struct worker *worker, int sock, int is_ssl)
{
	struct shttpd_ctx	*ctx = worker->ctx;
	struct conn		*c;
	struct usa		sa;
	int			l = IS_TRUE(ctx, OPT_INETD) ? E_FATAL : E_LOG;
#if !defined(NO_SSL)
	SSL		*ssl = NULL;
#else
	is_ssl = is_ssl;	/* supress warnings */
#endif /* NO_SSL */

	sa.len = sizeof(sa.u.sin);
	(void) _shttpd_set_non_blocking_mode(sock);

	if (getpeername(sock, &sa.u.sa, &sa.len)) {
		_shttpd_elog(l, NULL, "add_socket: %s", strerror(errno));
#if !defined(NO_SSL)
	} else if (is_ssl && (ssl = SSL_new(ctx->ssl_ctx)) == NULL) {
		_shttpd_elog(l, NULL, "add_socket: SSL_new: %s", strerror(ERRNO));
		(void) closesocket(sock);
	} else if (is_ssl && SSL_set_fd(ssl, sock) == 0) {
		_shttpd_elog(l, NULL, "add_socket: SSL_set_fd: %s", strerror(ERRNO));
		(void) closesocket(sock);
		SSL_free(ssl);
#endif /* NO_SSL */
	} else if ((c = calloc(1, sizeof(*c) + 2 * URI_MAX)) == NULL) {
#if !defined(NO_SSL)
		if (ssl)
			SSL_free(ssl);
#endif /* NO_SSL */
		(void) closesocket(sock);
		_shttpd_elog(l, NULL, "add_socket: calloc: %s", strerror(ERRNO));
	} else {
		c->rem.conn	= c->loc.conn = c;
		c->ctx		= ctx;
		c->worker	= worker;
		c->sa		= sa;
		c->birth_time	= _shttpd_current_time;
		c->expire_time	= _shttpd_current_time + EXPIRE_TIME;

		(void) getsockname(sock, &sa.u.sa, &sa.len);
		c->loc_port = sa.u.sin.sin_port;

		_shttpd_set_close_on_exec(sock);

		c->loc.io_class	= NULL;
	
		c->rem.io_class	= &_shttpd_io_socket;
		c->rem.chan.sock = sock;

		/* Set IO buffers */
		c->loc.io.buf	= (char *) (c + 1);
		c->rem.io.buf	= c->loc.io.buf + URI_MAX;
		c->loc.io.size	= c->rem.io.size = URI_MAX;

#if !defined(NO_SSL)
		if (is_ssl) {
			c->rem.io_class	= &_shttpd_io_ssl;
			c->rem.chan.ssl.sock = sock;
			c->rem.chan.ssl.ssl = ssl;
			_shttpd_ssl_handshake(&c->rem);
		}
#endif /* NO_SSL */

		LL_TAIL(&worker->connections, &c->link);
		worker->num_conns++;
		
		DBG(("%s:%hu connected (socket %d)",
		    inet_ntoa(* (struct in_addr *) &sa.u.sin.sin_addr.s_addr),
		    ntohs(sa.u.sin.sin_port), sock));
	}
}

static struct worker *
first_worker(struct shttpd_ctx *ctx)
{
	return (LL_ENTRY(ctx->workers.next, struct worker, link));
}

static void
pass_socket(struct shttpd_ctx *ctx, int sock, int is_ssl)
{
	struct llhead	*lp;
	struct worker	*worker, *lazy;
	int		buf[3];

	lazy = first_worker(ctx);

	/* Find least busy worker */
	LL_FOREACH(&ctx->workers, lp) {
		worker = LL_ENTRY(lp, struct worker, link);
		if (worker->num_conns < lazy->num_conns)
			lazy = worker;
	}

	buf[0] = CTL_PASS_SOCKET;
	buf[1] = sock;
	buf[2] = is_ssl;

	(void) send(lazy->ctl[1], (void *) buf, sizeof(buf), 0);
}

static int
set_ports(struct shttpd_ctx *ctx, const char *p)
{
	int		sock, len, is_ssl, port;
	struct listener	*l;


	free_list(&ctx->listeners, &listener_destructor);

	FOR_EACH_WORD_IN_LIST(p, len) {

		is_ssl	= p[len - 1] == 's' ? 1 : 0;
		port	= atoi(p);

		if ((sock = shttpd_open_listening_port(port)) == -1) {
			_shttpd_elog(E_LOG, NULL, "cannot open port %d", port);
			goto fail;
		} else if (is_ssl && ctx->ssl_ctx == NULL) {
			(void) closesocket(sock);
			_shttpd_elog(E_LOG, NULL, "cannot add SSL socket, "
			    "please specify certificate file");
			goto fail;
		} else if ((l = calloc(1, sizeof(*l))) == NULL) {
			(void) closesocket(sock);
			_shttpd_elog(E_LOG, NULL, "cannot allocate listener");
			goto fail;
		} else {
			l->is_ssl = is_ssl;
			l->sock	= sock;
			l->ctx	= ctx;
			LL_TAIL(&ctx->listeners, &l->link);
			DBG(("shttpd_listen: added socket %d", sock));
		}
	}

	return (TRUE);
fail:
	free_list(&ctx->listeners, &listener_destructor);
	return (FALSE);
}

static void
read_stream(struct stream *stream)
{
	int	n, len;

	len = io_space_len(&stream->io);
	assert(len > 0);

	/* Do not read more that needed */
	if (stream->content_len > 0 &&
	    stream->io.total + len > stream->content_len)
		len = stream->content_len - stream->io.total;

	/* Read from underlying channel */
	assert(stream->io_class != NULL);
	n = stream->io_class->read(stream, io_space(&stream->io), len);

	if (n > 0)
		io_inc_head(&stream->io, n);
	else if (n == -1 && (ERRNO == EINTR || ERRNO == EWOULDBLOCK))
		n = n;	/* Ignore EINTR and EAGAIN */
	else if (!(stream->flags & FLAG_DONT_CLOSE))
		_shttpd_stop_stream(stream);

	DBG(("read_stream (%d %s): read %d/%d/%lu bytes (errno %d)",
	    stream->conn->rem.chan.sock,
	    stream->io_class ? stream->io_class->name : "(null)",
	    n, len, (unsigned long) stream->io.total, ERRNO));

	/*
	 * Close the local stream if everything was read
	 * XXX We do not close the remote stream though! It may be
	 * a POST data completed transfer, we do not want the socket
	 * to be closed.
	 */
	if (stream->content_len > 0 && stream == &stream->conn->loc) {
		assert(stream->io.total <= stream->content_len);
		if (stream->io.total == stream->content_len)
			_shttpd_stop_stream(stream);
	}

	stream->conn->expire_time = _shttpd_current_time + EXPIRE_TIME;
}

static void
write_stream(struct stream *from, struct stream *to)
{
	int	n, len;

	len = io_data_len(&from->io);
	assert(len > 0);

	/* TODO: should be assert on CAN_WRITE flag */
	n = to->io_class->write(to, io_data(&from->io), len);
	to->conn->expire_time = _shttpd_current_time + EXPIRE_TIME;
	DBG(("write_stream (%d %s): written %d/%d bytes (errno %d)",
	    to->conn->rem.chan.sock,
	    to->io_class ? to->io_class->name : "(null)", n, len, ERRNO));

	if (n > 0)
		io_inc_tail(&from->io, n);
	else if (n == -1 && (ERRNO == EINTR || ERRNO == EWOULDBLOCK))
		n = n;	/* Ignore EINTR and EAGAIN */
	else if (!(to->flags & FLAG_DONT_CLOSE))
		_shttpd_stop_stream(to);
}


static void
connection_desctructor(struct llhead *lp)
{
	struct conn		*c = LL_ENTRY(lp, struct conn, link);
	static const struct vec	vec = {"close", 5};
	int			do_close;

	DBG(("Disconnecting %d (%.*s)", c->rem.chan.sock,
	    c->ch.connection.v_vec.len, c->ch.connection.v_vec.ptr));

	if (c->request != NULL && c->ctx->access_log != NULL)
		_shttpd_log_access(c->ctx->access_log, c);

	/* In inetd mode, exit if request is finished. */
	if (IS_TRUE(c->ctx, OPT_INETD))
		exit(0);

	if (c->loc.io_class != NULL && c->loc.io_class->close != NULL)
		c->loc.io_class->close(&c->loc);

	/*
	 * Check the "Connection: " header before we free c->request
	 * If it its 'keep-alive', then do not close the connection
	 */
	do_close = (c->ch.connection.v_vec.len >= vec.len &&
	    !_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) ||
	    (c->major_version < 1 ||
	    (c->major_version >= 1 && c->minor_version < 1));

	if (c->request)
		free(c->request);
	if (c->uri)
		free(c->uri);

	/* Keep the connection open only if we have Content-Length set */
	if (!do_close && c->loc.content_len > 0) {
		c->loc.io_class = NULL;
		c->loc.flags = 0;
		c->loc.content_len = 0;
		c->rem.flags = FLAG_W | FLAG_R | FLAG_SSL_ACCEPTED;
		c->query = c->request = c->uri = c->path_info = NULL;
		c->mime_type.len = 0;
		(void) memset(&c->ch, 0, sizeof(c->ch));
		io_clear(&c->loc.io);
		c->birth_time = _shttpd_current_time;
		if (io_data_len(&c->rem.io) > 0)
			process_connection(c, 0, 0);
	} else {
		if (c->rem.io_class != NULL)
			c->rem.io_class->close(&c->rem);

		LL_DEL(&c->link);
		c->worker->num_conns--;
		assert(c->worker->num_conns >= 0);

		free(c);
	}
}

static void
worker_destructor(struct llhead *lp)
{
	struct worker	*worker = LL_ENTRY(lp, struct worker, link);

	free_list(&worker->connections, connection_desctructor);
	free(worker);
}

static int
is_allowed(const struct shttpd_ctx *ctx, const struct usa *usa)
{
	const struct acl	*acl;
	const struct llhead	*lp;
	int			allowed = '+';
	uint32_t		ip;

	LL_FOREACH(&ctx->acl, lp) {
		acl = LL_ENTRY(lp, struct acl, link);
		(void) memcpy(&ip, &usa->u.sin.sin_addr, sizeof(ip));
		if (acl->ip == (ntohl(ip) & acl->mask))
			allowed = acl->flag;
	}

	return (allowed == '+');
}

static void
add_to_set(int fd, fd_set *set, int *max_fd)
{
	FD_SET(fd, set);
	if (fd > *max_fd)
		*max_fd = fd;
}

static void
process_connection(struct conn *c, int remote_ready, int local_ready)
{
	/* Read from remote end if it is ready */
	if (remote_ready && io_space_len(&c->rem.io))
		read_stream(&c->rem);

	/* If the request is not parsed yet, do so */
	if (!(c->rem.flags & FLAG_HEADERS_PARSED))
		parse_http_request(c);

	DBG(("loc: %d [%.*s]", (int) io_data_len(&c->loc.io),
	    (int) io_data_len(&c->loc.io), io_data(&c->loc.io)));
	DBG(("rem: %d [%.*s]", (int) io_data_len(&c->rem.io),
	    (int) io_data_len(&c->rem.io), io_data(&c->rem.io)));

	/* Read from the local end if it is ready */
	if (local_ready && io_space_len(&c->loc.io))
		read_stream(&c->loc);

	if (io_data_len(&c->rem.io) > 0 && (c->loc.flags & FLAG_W) &&
	    c->loc.io_class != NULL && c->loc.io_class->write != NULL)
		write_stream(&c->rem, &c->loc);

	if (io_data_len(&c->loc.io) > 0 && c->rem.io_class != NULL)
		write_stream(&c->loc, &c->rem); 

	/* Check whether we should close this connection */
	if ((_shttpd_current_time > c->expire_time) ||
	    (c->rem.flags & FLAG_CLOSED) ||
	    ((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io)))
		connection_desctructor(&c->link);
}

static int
num_workers(const struct shttpd_ctx *ctx)
{
	char	*p = ctx->options[OPT_THREADS];
	return (p ? atoi(p) : 1);
}

static void
handle_connected_socket(struct shttpd_ctx *ctx,
		struct usa *sap, int sock, int is_ssl)
{
#if !defined(_WIN32)
	if (sock >= (int) FD_SETSIZE) {
		_shttpd_elog(E_LOG, NULL, "ctx %p: discarding "
		    "socket %d, too busy", ctx, sock);
		(void) closesocket(sock);
	} else
#endif /* !_WIN32 */
		if (!is_allowed(ctx, sap)) {
		_shttpd_elog(E_LOG, NULL, "%s is not allowed to connect",
		    inet_ntoa(sap->u.sin.sin_addr));
		(void) closesocket(sock);
	} else if (num_workers(ctx) > 1) {
		pass_socket(ctx, sock, is_ssl);
	} else {
		add_socket(first_worker(ctx), sock, is_ssl);
	}
}

static int
do_select(int max_fd, fd_set *read_set, fd_set *write_set, int milliseconds)
{
	struct timeval	tv;
	int		n;

	tv.tv_sec = milliseconds / 1000;
	tv.tv_usec = (milliseconds % 1000) * 1000;

	/* Check IO readiness */
	if ((n = select(max_fd + 1, read_set, write_set, NULL, &tv)) < 0) {
#ifdef _WIN32
		/*
		 * On windows, if read_set and write_set are empty,
		 * select() returns "Invalid parameter" error
		 * (at least on my Windows XP Pro). So in this case,
		 * we sleep here.
		 */
		Sleep(milliseconds);
#endif /* _WIN32 */
		DBG(("select: %d", ERRNO));
	}

	return (n);
}

static int
multiplex_worker_sockets(const struct worker *worker, int *max_fd,
		fd_set *read_set, fd_set *write_set)
{
	struct llhead	*lp;
	struct conn	*c;
	int		nowait = FALSE;

	/* Add control socket */
	add_to_set(worker->ctl[0], read_set, max_fd);

	/* Multiplex streams */
	LL_FOREACH(&worker->connections, lp) {
		c = LL_ENTRY(lp, struct conn, link);
		
		/* If there is a space in remote IO, check remote socket */
		if (io_space_len(&c->rem.io))
			add_to_set(c->rem.chan.fd, read_set, max_fd);

#if !defined(NO_CGI)
		/*
		 * If there is a space in local IO, and local endpoint is
		 * CGI, check local socket for read availability
		 */
		if (io_space_len(&c->loc.io) && (c->loc.flags & FLAG_R) &&
		    c->loc.io_class == &_shttpd_io_cgi)
			add_to_set(c->loc.chan.fd, read_set, max_fd);

		/*
		 * If there is some data read from remote socket, and
		 * local endpoint is CGI, check local for write availability
		 */
		if (io_data_len(&c->rem.io) && (c->loc.flags & FLAG_W) &&
		    c->loc.io_class == &_shttpd_io_cgi)
			add_to_set(c->loc.chan.fd, write_set, max_fd);
#endif /* NO_CGI */

		/*
		 * If there is some data read from local endpoint, check the
		 * remote socket for write availability
		 */
		if (io_data_len(&c->loc.io) && !(c->loc.flags & FLAG_SUSPEND))
			add_to_set(c->rem.chan.fd, write_set, max_fd);

		/*
		 * Set select wait interval to zero if FLAG_ALWAYS_READY set
		 */
		if (io_space_len(&c->loc.io) && (c->loc.flags & FLAG_R) &&
		    (c->loc.flags & FLAG_ALWAYS_READY))
			nowait = TRUE;
		
		if (io_data_len(&c->rem.io) && (c->loc.flags & FLAG_W) &&
		    (c->loc.flags & FLAG_ALWAYS_READY))
			nowait = TRUE;
	}

	return (nowait);
}

int
shttpd_join(struct shttpd_ctx *ctx,
		fd_set *read_set, fd_set *write_set, int *max_fd)
{
	struct llhead	*lp;
	struct listener	*l;
	int		nowait = FALSE;

	/* Add listening sockets to the read set */
	LL_FOREACH(&ctx->listeners, lp) {
		l = LL_ENTRY(lp, struct listener, link);
		add_to_set(l->sock, read_set, max_fd);
		DBG(("FD_SET(%d) (listening)", l->sock));
	}

	if (num_workers(ctx) == 1)
		nowait = multiplex_worker_sockets(first_worker(ctx), max_fd,
		    read_set, write_set);

	return (nowait);
}


static void
process_worker_sockets(struct worker *worker, fd_set *read_set)
{
	struct llhead	*lp, *tmp;
	int		cmd, skt[2], sock = worker->ctl[0];
	struct conn	*c;

	/* Check if new socket is passed to us over the control socket */
	if (FD_ISSET(worker->ctl[0], read_set))
		while (recv(sock, (void *) &cmd, sizeof(cmd), 0) == sizeof(cmd))
			switch (cmd) {
			case CTL_PASS_SOCKET:
				(void)recv(sock, (void *) &skt, sizeof(skt), 0);
				add_socket(worker, skt[0], skt[1]);
				break;
			case CTL_WAKEUP:
				(void)recv(sock, (void *) &c, sizeof(c), 0);
				c->loc.flags &= FLAG_SUSPEND;
				break;
			default:
				_shttpd_elog(E_FATAL, NULL, "ctx %p: ctl cmd %d",
				    worker->ctx, cmd);
				break;
			}

	/* Process all connections */
	LL_FOREACH_SAFE(&worker->connections, lp, tmp) {
		c = LL_ENTRY(lp, struct conn, link);
		process_connection(c, FD_ISSET(c->rem.chan.sock, read_set),
		    c->loc.io_class != NULL &&
		    ((c->loc.flags & FLAG_ALWAYS_READY)
#if !defined(NO_CGI)
		    || (c->loc.io_class == &_shttpd_io_cgi &&
		     FD_ISSET(c->loc.chan.fd, read_set))
#endif /* NO_CGI */
		    ));
	}
}

/*
 * One iteration of server loop. This is the core of the data exchange.
 */
void
shttpd_poll(struct shttpd_ctx *ctx, int milliseconds)
{
	struct llhead	*lp;
	struct listener	*l;
	fd_set		read_set, write_set;
	int		sock, max_fd = -1;
	struct usa	sa;

	_shttpd_current_time = time(0);
	FD_ZERO(&read_set);
	FD_ZERO(&write_set);

	if (shttpd_join(ctx, &read_set, &write_set, &max_fd))
		milliseconds = 0;

	if (do_select(max_fd, &read_set, &write_set, milliseconds) < 0)
		return;;

	/* Check for incoming connections on listener sockets */
	LL_FOREACH(&ctx->listeners, lp) {
		l = LL_ENTRY(lp, struct listener, link);
		if (!FD_ISSET(l->sock, &read_set))
			continue;
		do {
			sa.len = sizeof(sa.u.sin);
			if ((sock = accept(l->sock, &sa.u.sa, &sa.len)) != -1)
				handle_connected_socket(ctx,&sa,sock,l->is_ssl);
		} while (sock != -1);
	}

	if (num_workers(ctx) == 1)
		process_worker_sockets(first_worker(ctx), &read_set);
}

/*
 * Deallocate shttpd object, free up the resources
 */
void
shttpd_fini(struct shttpd_ctx *ctx)
{
	size_t	i;

	free_list(&ctx->workers, worker_destructor);
	free_list(&ctx->registered_uris, registered_uri_destructor);
	free_list(&ctx->acl, acl_destructor);
	free_list(&ctx->listeners, listener_destructor);
#if !defined(NO_SSI)
	free_list(&ctx->ssi_funcs, _shttpd_ssi_func_destructor);
#endif /* !NO_SSI */

	for (i = 0; i < NELEMS(ctx->options); i++)
		if (ctx->options[i] != NULL)
			free(ctx->options[i]);

	if (ctx->access_log)		(void) fclose(ctx->access_log);
	if (ctx->error_log)		(void) fclose(ctx->error_log);

	/* TODO: free SSL context */

	free(ctx);
}

/*
 * UNIX socketpair() implementation. Why? Because Windows does not have it.
 * Return 0 on success, -1 on error.
 */
int
shttpd_socketpair(int sp[2])
{
	struct sockaddr_in	sa;
	int			sock, ret = -1;
	socklen_t		len = sizeof(sa);

	sp[0] = sp[1] = -1;

	(void) memset(&sa, 0, sizeof(sa));
	sa.sin_family 		= AF_INET;
	sa.sin_port		= htons(0);
	sa.sin_addr.s_addr	= htonl(INADDR_LOOPBACK);

	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) != -1 &&
	    !bind(sock, (struct sockaddr *) &sa, len) &&
	    !listen(sock, 1) &&
	    !getsockname(sock, (struct sockaddr *) &sa, &len) &&
	    (sp[0] = socket(AF_INET, SOCK_STREAM, 6)) != -1 &&
	    !connect(sp[0], (struct sockaddr *) &sa, len) &&
	    (sp[1] = accept(sock,(struct sockaddr *) &sa, &len)) != -1) {

		/* Success */
		ret = 0;
	} else {

		/* Failure, close descriptors */
		if (sp[0] != -1)
			(void) closesocket(sp[0]);
		if (sp[1] != -1)
			(void) closesocket(sp[1]);
	}

	(void) closesocket(sock);
	(void) _shttpd_set_non_blocking_mode(sp[0]);
	(void) _shttpd_set_non_blocking_mode(sp[1]);

#ifndef _WIN32
	(void) fcntl(sp[0], F_SETFD, FD_CLOEXEC);
	(void) fcntl(sp[1], F_SETFD, FD_CLOEXEC);
#endif /* _WIN32*/

	return (ret);
}

static int isbyte(int n) { return (n >= 0 && n <= 255); }

static int
set_inetd(struct shttpd_ctx *ctx, const char *flag)
{
	ctx = NULL; /* Unused */

	if (_shttpd_is_true(flag)) {
		shttpd_set_option(ctx, "ports", NULL);
		(void) freopen("/dev/null", "a", stderr);
		add_socket(first_worker(ctx), 0, 0);
	}

	return (TRUE);
}

static int
set_uid(struct shttpd_ctx *ctx, const char *uid)
{
	struct passwd	*pw;

	ctx = NULL; /* Unused */

#if !defined(_WIN32)
	if ((pw = getpwnam(uid)) == NULL)
		_shttpd_elog(E_FATAL, 0, "%s: unknown user [%s]", __func__, uid);
	else if (setgid(pw->pw_gid) == -1)
		_shttpd_elog(E_FATAL, NULL, "%s: setgid(%s): %s",
		    __func__, uid, strerror(errno));
	else if (setuid(pw->pw_uid) == -1)
		_shttpd_elog(E_FATAL, NULL, "%s: setuid(%s): %s",
		    __func__, uid, strerror(errno));
#endif /* !_WIN32 */
	return (TRUE);
}

static int
set_acl(struct shttpd_ctx *ctx, const char *s)
{
	struct acl	*acl = NULL;
	char		flag;
	int		len, a, b, c, d, n, mask;

	/* Delete the old ACLs if any */
	free_list(&ctx->acl, acl_destructor);

	FOR_EACH_WORD_IN_LIST(s, len) {

		mask = 32;

		if (sscanf(s, "%c%d.%d.%d.%d%n",&flag,&a,&b,&c,&d,&n) != 5) {
			_shttpd_elog(E_FATAL, NULL, "[%s]: subnet must be "
			    "[+|-]x.x.x.x[/x]", s);
		} else if (flag != '+' && flag != '-') {
			_shttpd_elog(E_FATAL, NULL, "flag must be + or -: [%s]", s);
		} else if (!isbyte(a)||!isbyte(b)||!isbyte(c)||!isbyte(d)) {
			_shttpd_elog(E_FATAL, NULL, "bad ip address: [%s]", s);
		} else	if ((acl = malloc(sizeof(*acl))) == NULL) {
			_shttpd_elog(E_FATAL, NULL, "%s", "cannot malloc subnet");
		} else if (sscanf(s + n, "/%d", &mask) == 0) { 
			/* Do nothing, no mask specified */
		} else if (mask < 0 || mask > 32) {
			_shttpd_elog(E_FATAL, NULL, "bad subnet mask: %d [%s]", n, s);
		}

		acl->ip = (a << 24) | (b << 16) | (c << 8) | d;
		acl->mask = mask ? 0xffffffffU << (32 - mask) : 0;
		acl->flag = flag;
		LL_TAIL(&ctx->acl, &acl->link);
	}

	return (TRUE);
}

#ifndef NO_SSL
/*
 * Dynamically load SSL library. Set up ctx->ssl_ctx pointer.
 */
static int
set_ssl(struct shttpd_ctx *ctx, const char *pem)
{
	SSL_CTX		*CTX;
	void		*lib;
	struct ssl_func	*fp;
	int		retval = FALSE;

	/* Load SSL library dynamically */
	if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
		_shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
		return (FALSE);
	}

	for (fp = ssl_sw; fp->name != NULL; fp++)
		if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
			_shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name);
			return (FALSE);
		}

	/* Initialize SSL crap */
	SSL_library_init();

	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
		_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
	else if (SSL_CTX_use_certificate_file(CTX, pem, SSL_FILETYPE_PEM) == 0)
		_shttpd_elog(E_LOG, NULL, "cannot open %s", pem);
	else if (SSL_CTX_use_PrivateKey_file(CTX, pem, SSL_FILETYPE_PEM) == 0)
		_shttpd_elog(E_LOG, NULL, "cannot open %s", pem);
	else
		retval = TRUE;

	ctx->ssl_ctx = CTX;

	return (retval);
}
#endif /* NO_SSL */

static int
open_log_file(FILE **fpp, const char *path)
{
	int	retval = TRUE;

	if (*fpp != NULL)
		(void) fclose(*fpp);

	if (path == NULL) {
		*fpp = NULL;
	} else if ((*fpp = fopen(path, "a")) == NULL) {
		_shttpd_elog(E_LOG, NULL, "cannot open log file %s: %s",
		    path, strerror(errno));
		retval = FALSE;
	}

	return (retval);
}

static int set_alog(struct shttpd_ctx *ctx, const char *path) {
	return (open_log_file(&ctx->access_log, path));
}

static int set_elog(struct shttpd_ctx *ctx, const char *path) {
	return (open_log_file(&ctx->error_log, path));
}

static void show_cfg_page(struct shttpd_arg *arg);

static int
set_cfg_uri(struct shttpd_ctx *ctx, const char *uri)
{
	free_list(&ctx->registered_uris, &registered_uri_destructor);

	if (uri != NULL)
		shttpd_register_uri(ctx, uri, &show_cfg_page, ctx);

	return (TRUE);
}

static struct worker *
add_worker(struct shttpd_ctx *ctx)
{
	struct worker	*worker;

	if ((worker = calloc(1, sizeof(*worker))) == NULL)
		_shttpd_elog(E_FATAL, NULL, "Cannot allocate worker");
	LL_INIT(&worker->connections);
	worker->ctx = ctx;
	(void) shttpd_socketpair(worker->ctl);
	LL_TAIL(&ctx->workers, &worker->link);

	return (worker);
}

#if !defined(NO_THREADS)
static void
poll_worker(struct worker *worker, int milliseconds)
{
	fd_set		read_set, write_set;
	int		max_fd = -1;

	FD_ZERO(&read_set);
	FD_ZERO(&write_set);

	if (multiplex_worker_sockets(worker, &max_fd, &read_set, &write_set))
		milliseconds = 0;

	if (do_select(max_fd, &read_set, &write_set, milliseconds) < 0)
		return;;

	process_worker_sockets(worker, &read_set);
}

static void
worker_function(void *param)
{
	struct worker *worker = param;

	while (worker->exit_flag == 0)
		poll_worker(worker, 1000 * 10);

	free_list(&worker->connections, connection_desctructor);
	free(worker);
}

static int
set_workers(struct shttpd_ctx *ctx, const char *value)
{
	int		new_num, old_num;
	struct llhead	*lp, *tmp;
	struct worker	*worker;

       	new_num = atoi(value);
	old_num = 0;
	LL_FOREACH(&ctx->workers, lp)
		old_num++;

	if (new_num == 1) {
		if (old_num > 1)
			/* Stop old threads */
			LL_FOREACH_SAFE(&ctx->workers, lp, tmp) {
				worker = LL_ENTRY(lp, struct worker, link);
				LL_DEL(&worker->link);
				worker = LL_ENTRY(lp, struct worker, link);
				worker->exit_flag = 1;
			}
		(void) add_worker(ctx);
	} else {
		/* FIXME: we cannot here reduce the number of threads */
		while (new_num > 1 && new_num > old_num) {
			worker = add_worker(ctx);
			_beginthread(worker_function, 0, worker);
			old_num++;
		}
	}

	return (TRUE);
}
#endif /* NO_THREADS */

static const struct opt {
	int		index;		/* Index in shttpd_ctx		*/
	const char	*name;		/* Option name in config file	*/
	const char	*description;	/* Description			*/
	const char	*default_value;	/* Default option value		*/
	int (*setter)(struct shttpd_ctx *, const char *);
} known_options[] = {
	{OPT_ROOT, "root", "\tWeb root directory", ".", NULL},
	{OPT_INDEX_FILES, "index_files", "Index files", INDEX_FILES, NULL},
#ifndef NO_SSL
	{OPT_SSL_CERTIFICATE, "ssl_cert", "SSL certificate file", NULL,set_ssl},
#endif /* NO_SSL */
	{OPT_PORTS, "ports", "Listening ports", LISTENING_PORTS, set_ports},
	{OPT_DIR_LIST, "dir_list", "Directory listing", "yes", NULL},
	{OPT_CFG_URI, "cfg_uri", "Config uri", NULL, set_cfg_uri},
	{OPT_PROTECT, "protect", "URI to htpasswd mapping", NULL, NULL},
#ifndef NO_CGI
	{OPT_CGI_EXTENSIONS, "cgi_ext", "CGI extensions", CGI_EXT, NULL},
	{OPT_CGI_INTERPRETER, "cgi_interp", "CGI interpreter", NULL, NULL},
	{OPT_CGI_ENVIRONMENT, "cgi_env", "Additional CGI env vars", NULL, NULL},
#endif /* NO_CGI */
	{OPT_SSI_EXTENSIONS, "ssi_ext",	"SSI extensions", SSI_EXT, NULL},
#ifndef NO_AUTH
	{OPT_AUTH_REALM, "auth_realm", "Authentication domain name",REALM,NULL},
	{OPT_AUTH_GPASSWD, "auth_gpass", "Global passwords file", NULL, NULL},
	{OPT_AUTH_PUT, "auth_PUT", "PUT,DELETE auth file", NULL, NULL},
#endif /* !NO_AUTH */
#ifdef _WIN32
	{OPT_SERVICE, "service", "Manage WinNNT service (install"
	    "|uninstall)", NULL, _shttpd_set_nt_service},
	{OPT_HIDE, "systray", "Hide console, show icon on systray",
		"no", _shttpd_set_systray},
#else
	{OPT_INETD, "inetd", "Inetd mode", "no", set_inetd},
	{OPT_UID, "uid", "\tRun as user", NULL, set_uid},
#endif /* _WIN32 */
	{OPT_ACCESS_LOG, "access_log", "Access log file", NULL, set_alog},
	{OPT_ERROR_LOG, "error_log", "Error log file", NULL, set_elog},
	{OPT_MIME_TYPES, "mime_types", "Additional mime types list", NULL,NULL},
	{OPT_ALIASES, "aliases", "Path=URI mappings", NULL, NULL},
	{OPT_ACL, "acl", "\tAllow/deny IP addresses/subnets", NULL, set_acl},
#if !defined(NO_THREADS)
	{OPT_THREADS, "threads", "Number of worker threads", "1", set_workers},
#endif /* !NO_THREADS */
	{-1, NULL, NULL, NULL, NULL}
};

static const struct opt *
find_opt(const char *opt_name)
{
	int	i;

	for (i = 0; known_options[i].name != NULL; i++)
		if (!strcmp(opt_name, known_options[i].name))
			return (known_options + i);

	_shttpd_elog(E_FATAL, NULL, "no such option: [%s]", opt_name);

	/* UNREACHABLE */
	return (NULL);
}

int
shttpd_set_option(struct shttpd_ctx *ctx, const char *opt, const char *val)
{
	const struct opt	*o = find_opt(opt);
	int			retval = TRUE;

	/* Call option setter first, so it can use both new and old values */
	if (o->setter != NULL)
		retval = o->setter(ctx, val);

	/* Free old value if any */
	if (ctx->options[o->index] != NULL)
		free(ctx->options[o->index]);
	
	/* Set new option value */
	ctx->options[o->index] = val ? _shttpd_strdup(val) : NULL;

	return (retval);
}

static void
show_cfg_page(struct shttpd_arg *arg)
{
	struct shttpd_ctx	*ctx = arg->user_data;
	char			opt_name[20], value[BUFSIZ];
	const struct opt	*o;

	opt_name[0] = value[0] = '\0';

	if (!strcmp(shttpd_get_env(arg, "REQUEST_METHOD"), "POST")) {
		if (arg->flags & SHTTPD_MORE_POST_DATA)
			return;
		(void) shttpd_get_var("o", arg->in.buf, arg->in.len,
		    opt_name, sizeof(opt_name));
		(void) shttpd_get_var("v", arg->in.buf, arg->in.len,
		    value, sizeof(value));
		shttpd_set_option(ctx, opt_name, value[0] ? value : NULL);
	}

	shttpd_printf(arg, "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n"
	    "<html><body><h1>SHTTPD v. %s</h1>", shttpd_version());

	shttpd_printf(arg, "%s", "<table border=1"
	    "<tr><th>Option</th><th>Description</th>"
	    "<th colspan=2>Value</th></tr>");

	if (opt_name[0] != '\0' && value[0] != '\0')
		shttpd_printf(arg, "<p style='color: green'>Saved: %s=%s</p>",
		    opt_name, value[0] ? value : "NULL");


	for (o = known_options; o->name != NULL; o++) {
		shttpd_printf(arg,
		    "<form method=post><tr><td>%s</td><td>%s</td>"
		    "<input type=hidden name=o value='%s'>"
		    "<td><input type=text name=v value='%s'></td>"
		    "<td><input type=submit value=save></td></form></tr>",
		    o->name, o->description, o->name,
		    ctx->options[o->index] ? ctx->options[o->index] : "");
	}

	shttpd_printf(arg, "%s", "</table></body></html>");
	arg->flags |= SHTTPD_END_OF_OUTPUT;
}

/*
 * Show usage string and exit.
 */
void
_shttpd_usage(const char *prog)
{
	const struct opt	*o;

	(void) fprintf(stderr,
	    "SHTTPD version %s (c) Sergey Lyubka\n"
	    "usage: %s [options] [config_file]\n", VERSION, prog);

#if !defined(NO_AUTH)
	fprintf(stderr, "  -A <htpasswd_file> <realm> <user> <passwd>\n");
#endif /* NO_AUTH */

	for (o = known_options; o->name != NULL; o++) {
		(void) fprintf(stderr, "  -%s\t%s", o->name, o->description);
		if (o->default_value != NULL)
			fprintf(stderr, " (default: %s)", o->default_value);
		fputc('\n', stderr);
	}

	exit(EXIT_FAILURE);
}

static void
set_opt(struct shttpd_ctx *ctx, const char *opt, const char *value)
{
	const struct opt	*o;

	o = find_opt(opt);
	if (ctx->options[o->index] != NULL)
		free(ctx->options[o->index]);
	ctx->options[o->index] = _shttpd_strdup(value);
}

static void
process_command_line_arguments(struct shttpd_ctx *ctx, char *argv[])
{
	const char		*config_file = CONFIG_FILE;
	char			line[BUFSIZ], opt[BUFSIZ],
				val[BUFSIZ], path[FILENAME_MAX], *p;
	FILE			*fp;
	size_t			i, line_no = 0;

	/* First find out, which config file to open */
	for (i = 1; argv[i] != NULL && argv[i][0] == '-'; i += 2)
		if (argv[i + 1] == NULL)
			_shttpd_usage(argv[0]);

	if (argv[i] != NULL && argv[i + 1] != NULL) {
		/* More than one non-option arguments are given w*/
		_shttpd_usage(argv[0]);
	} else if (argv[i] != NULL) {
		/* Just one non-option argument is given, this is config file */
		config_file = argv[i];
	} else {
		/* No config file specified. Look for one where shttpd lives */
		if ((p = strrchr(argv[0], DIRSEP)) != 0) {
			_shttpd_snprintf(path, sizeof(path), "%.*s%s",
			    p - argv[0] + 1, argv[0], config_file);
			config_file = path;
		}
	}

	fp = fopen(config_file, "r");

	/* If config file was set in command line and open failed, exit */
	if (fp == NULL && argv[i] != NULL)
		_shttpd_elog(E_FATAL, NULL, "cannot open config file %s: %s",
		    config_file, strerror(errno));

	if (fp != NULL) {

		_shttpd_elog(E_LOG, NULL, "Loading config file %s", config_file);

		/* Loop over the lines in config file */
		while (fgets(line, sizeof(line), fp) != NULL) {

			line_no++;

			/* Ignore empty lines and comments */
			if (line[0] == '#' || line[0] == '\n')
				continue;

			if (sscanf(line, "%s %[^\n#]", opt, val) != 2)
				_shttpd_elog(E_FATAL, NULL, "line %d in %s is invalid",
				    line_no, config_file);

			set_opt(ctx, opt, val);
		}

		(void) fclose(fp);
	}

	/* Now pass through the command line options */
	for (i = 1; argv[i] != NULL && argv[i][0] == '-'; i += 2)
		set_opt(ctx, &argv[i][1], argv[i + 1]);
}

struct shttpd_ctx *
shttpd_init(int argc, char *argv[])
{
	struct shttpd_ctx	*ctx;
	struct tm		*tm;
	const struct opt	*o;

	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
		_shttpd_elog(E_FATAL, NULL, "cannot allocate shttpd context");

	LL_INIT(&ctx->registered_uris);
	LL_INIT(&ctx->error_handlers);
	LL_INIT(&ctx->acl);
	LL_INIT(&ctx->ssi_funcs);
	LL_INIT(&ctx->listeners);
	LL_INIT(&ctx->workers);

	/* Initialize options. First pass: set default option values */
	for (o = known_options; o->name != NULL; o++)
		ctx->options[o->index] = o->default_value ?
			_shttpd_strdup(o->default_value) : NULL;

	/* Second and third passes: config file and argv */
	if (argc > 0 && argv != NULL)
		process_command_line_arguments(ctx, argv);

	/* Call setter functions */
	for (o = known_options; o->name != NULL; o++)
		if (o->setter && ctx->options[o->index] != NULL)
			if (o->setter(ctx, ctx->options[o->index]) == FALSE) {
				shttpd_fini(ctx);
				return (NULL);
			}

	_shttpd_current_time = time(NULL);
	tm = localtime(&_shttpd_current_time);
	_shttpd_tz_offset = 0;

	if (num_workers(ctx) == 1)
		(void) add_worker(ctx);
#if 0
	tm->tm_gmtoff - 3600 * (tm->tm_isdst > 0 ? 1 : 0);
#endif

#ifdef _WIN32
	{WSADATA data;	WSAStartup(MAKEWORD(2,2), &data);}
#endif /* _WIN32 */

	return (ctx);
}