README.md: Fix CMake build instructions

The previous instructions were simply wrong because `cmake ..` would attempt to configure the project from the parent directory, instead of the build directory.
page.c: Do not get filename on previews
2024-05-05 01:07:01 +02:00 · 2024-03-01 00:06:03 +01:00 · 2024-02-24 08:39:25 +01:00 · 2024-02-20 21:44:53 +01:00 · 2024-02-20 21:24:17 +01:00 · 2024-02-20 08:18:11 +01:00
12 changed files with 603 additions and 159 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@ build/
 slcl
 *.o
 *.d
+./Makefile
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.13)
-project(slcl C)
+project(slcl LANGUAGES C VERSION 0.2.0)
 add_executable(${PROJECT_NAME}
    auth.c
    base64.c
@ -12,10 +12,20 @@ add_executable(${PROJECT_NAME}
 )
 target_compile_options(${PROJECT_NAME} PRIVATE -Wall)
 target_compile_definitions(${PROJECT_NAME} PRIVATE _FILE_OFFSET_BITS=64)
-add_subdirectory(libweb)
+set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_LIST_DIR}/cmake)
+find_package(web 0.3.0)
+
+if(WEB_FOUND)
+    find_package(dynstr 0.1.0)
+else()
+    message(STATUS "Using in-tree libweb")
+    add_subdirectory(libweb)
+    #dynstr is already provided by libweb.
+endif()
+
 find_package(cJSON 1.0 REQUIRED)
 find_package(OpenSSL 2.0 REQUIRED)
-target_link_libraries(${PROJECT_NAME} PRIVATE libweb dynstr cjson OpenSSL::SSL)
+target_link_libraries(${PROJECT_NAME} PRIVATE web dynstr cjson OpenSSL::SSL)
 install(TARGETS ${PROJECT_NAME})
 install(FILES usergen
    TYPE BIN
--- a/51
+++ b/51
@ -1,51 +0,0 @@
-.POSIX:
-
-PREFIX = /usr/local
-DST = $(PREFIX)/bin
-PROJECT = slcl
-O = -Og
-CDEFS = -D_FILE_OFFSET_BITS=64 # Required for large file support on 32-bit.
-CFLAGS = $(O) $(CDEFS) -g -Wall -Ilibweb/include -Ilibweb/dynstr/include \
-	-MD -MF $(@:.o=.d)
-LIBS = -lcjson -lssl -lm -lcrypto
-DEPS = $(OBJECTS:.o=.d)
-DYNSTR = libweb/dynstr/libdynstr.a
-DYNSTR_FLAGS = -Llibweb/dynstr -ldynstr
-LIBWEB = libweb/libslweb.a
-SLWEB_FLAGS = -Llibweb -lweb
-OBJECTS = \
-	auth.o \
-	base64.o \
-	cftw.o \
-	hex.o \
-	jwt.o \
-	main.o \
-	page.o \
-	style.o
-
-all: $(PROJECT)
-
-install: all usergen
-	mkdir -p $(DST)
-	cp slcl usergen $(DST)
-	chmod 0755 $(DST)/slcl
-	chmod 0755 $(DST)/usergen
-	+cd doc && $(MAKE) PREFIX=$(PREFIX) install
-
-clean:
-	rm -f $(OBJECTS) $(DEPS)
-	+cd libweb && $(MAKE) clean
-	+cd libweb/dynstr && $(MAKE) clean
-
-FORCE:
-
-$(PROJECT): $(OBJECTS) $(DYNSTR) $(LIBWEB)
-	$(CC) $(OBJECTS) $(LDFLAGS) $(LIBS) $(SLWEB_FLAGS) $(DYNSTR_FLAGS) -o $@
-
-$(DYNSTR): FORCE
-	+cd libweb/dynstr && $(MAKE)
-
-$(LIBWEB): FORCE
-	+cd libweb && $(MAKE)
-
-include $(DEPS)
--- a/README.md
+++ b/README.md
@ -59,13 +59,13 @@ to `slcl`. If required, encryption should be done before uploading e.g.: using
 #### Mandatory packages

 ```sh
-sudo apt install build-essential libcjson-dev libssl-dev
+sudo apt install build-essential libcjson-dev libssl-dev m4 jq
 ```

 #### Optional packages

 ```sh
-sudo apt install cmake xxd jq
+sudo apt install cmake
 ```

 ## How to use
@ -74,7 +74,8 @@ sudo apt install cmake xxd jq
 Two build environments are provided for `slcl` - feel free to choose any of
 them:

- A mostly POSIX-compliant [`Makefile`](Makefile).
+- A [`configure`](configure) POSIX shell and mostly POSIX-compliant
+[`Makefile`](Makefile).
 - A [`CMakeLists.txt`](CMakeLists.txt).

 `slcl` can be built using the standard build process:
@ -82,15 +83,15 @@ them:
 #### Make

 ```sh
+$ ./configure
 $ make
 ```

 #### CMake

 ```sh
-$ mkdir build/
-$ cmake ..
-$ cmake --build .
+$ cmake -B build
+$ cmake --build build/
 ```

 ### Setting up
@ -181,9 +182,7 @@ slcl -p 7822 ~/my-db/
 `slcl` requires a temporary directory where files uploaded by users are
 temporarily stored until moved to the user directory. By default, `slcl`
 attempts to retrieve the path to the temporary directory by inspecting the
-`TMPDIR` environment variable, and falls back to `/tmp` (which is common
-among Unix-like operating systems such as GNU/Linux, although not defined
-by POSIX) if undefined.
+`TMPDIR` environment variable, and falls back to `/tmp` if undefined.

 If a custom temporary directory is required, it can be defined via command
 line option `-t`. For example:
--- a/auth.c
+++ b/auth.c
@ -422,7 +422,7 @@ int auth_quota(const struct auth *const a, const char *const user,
            *available = true;
            *quota = strtoull(qs, &end, 10);

-            const unsigned long long mul = 1024 * 1024;
+            const unsigned long long mul = 1024ul * 1024ul;

            if (errno || *end != '\0')
            {
@ -436,7 +436,7 @@ int auth_quota(const struct auth *const a, const char *const user,
                goto end;
            }

-            *quota *= 1024 * 1024;
+            *quota *= mul;
            break;
        }
    }
--- a/cmake/Findweb.cmake
+++ b/cmake/Findweb.cmake
@ -0,0 +1,24 @@
+mark_as_advanced(WEB_LIBRARY WEB_INCLUDE_DIR)
+find_library(WEB_LIBRARY NAMES libweb web)
+
+find_path(WEB_INCLUDE_DIR
+    NAMES
+        handler.h
+        html.h
+        http.h
+        server.h
+        wildcard_cmp.h
+    PATH_SUFFIXES libweb include/libweb)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(web
+    DEFAULT_MSG WEB_LIBRARY WEB_INCLUDE_DIR)
+
+if(WEB_FOUND)
+    if(NOT TARGET web)
+        add_library(web UNKNOWN IMPORTED)
+        set_target_properties(web PROPERTIES
+            INTERFACE_INCLUDE_DIRECTORIES "${WEB_INCLUDE_DIR}"
+            IMPORTED_LOCATION "${WEB_LIBRARY}")
+    endif()
+endif()
--- a/168
+++ b/168
@ -0,0 +1,168 @@
+#! /bin/sh
+
+set -e
+
+default_prefix=/usr/local
+prefix=$default_prefix
+default_CC='c99'
+# FILE_OFFSET_BITS=64 is required for large file support on 32-bit platforms.
+default_CFLAGS='-O1 -g -D_FILE_OFFSET_BITS=64 -Wall -MD'
+default_LDFLAGS="-lcjson -lssl -lm -lcrypto"
+
+CC=${CC:-$default_CC}
+CFLAGS=${CFLAGS:-"$default_CFLAGS $default_NPCFLAGS"}
+LDFLAGS=${LDFLAGS:-$default_LDFLAGS}
+
+help()
+{
+	cat <<-EOF
+$0 [OPTION ...]
+
+--prefix      Set installation directory [$default_prefix]
+
+Some influential environment variables:
+  CC                  C compiler [$default_CC]
+  CFLAGS              C compiler flags [$default_CFLAGS]
+  LDFLAGS             Link-time flags [$default_LDFLAGS]
+EOF
+}
+
+while true; do
+	split_arg=0
+
+	if printf "%s" "$1" | grep -e '=' > /dev/null
+	then
+		key="$(printf "%s" "$1" | cut -d '=' -f1)"
+		value="$(printf "%s" "$1" | cut -d '=' -f2)"
+		split_arg=1
+	else
+		key="$1"
+		value="$2"
+	fi
+
+	case "$key" in
+		--prefix ) prefix="$value"; shift; test $split_arg -eq 0 && shift ;;
+		-h | --help ) help; exit 0 ;;
+		* ) test "$1" != "" && help && exit 1 || break ;;
+	esac
+done
+
+if pkg-config dynstr
+then
+	in_tree_dynstr=0
+	CFLAGS="$CFLAGS $(pkg-config --cflags dynstr)"
+	LDFLAGS="$LDFLAGS $(pkg-config --libs dynstr)"
+else
+	echo "Info: dynstr not found. Using in-tree copy" >&2
+	in_tree_dynstr=1
+	CFLAGS="$CFLAGS -Ilibweb/dynstr/include"
+	LDFLAGS="$LDFLAGS -Llibweb/dynstr -ldynstr"
+fi
+
+if pkg-config libweb
+then
+	in_tree_libweb=0
+	CFLAGS="$CFLAGS $(pkg-config --cflags libweb)"
+	LDFLAGS="$LDFLAGS $(pkg-config --libs libweb)"
+else
+	echo "Info: libweb not found. Using in-tree copy" >&2
+	in_tree_libweb=1
+	CFLAGS="$CFLAGS -Ilibweb/include"
+	LDFLAGS="$LDFLAGS -Llibweb -lweb"
+fi
+
+cleanup()
+{
+	rm -f $F
+}
+
+F=/tmp/Makefile.slcl
+trap cleanup EXIT
+
+cat <<EOF > $F
+.POSIX:
+
+CC = $CC
+PREFIX = $prefix
+DST = $prefix/bin
+CFLAGS = $CFLAGS
+LDFLAGS = $LDFLAGS
+EOF
+
+cat <<"EOF" >> $F
+PROJECT = slcl
+DEPS = $(OBJECTS:.o=.d)
+OBJECTS = \
+	auth.o \
+	base64.o \
+	cftw.o \
+	hex.o \
+	jwt.o \
+	main.o \
+	page.o \
+	style.o
+
+all: $(PROJECT)
+
+install: all usergen
+	mkdir -p $(DST)
+	cp slcl usergen $(DST)
+	chmod 0755 $(DST)/slcl
+	chmod 0755 $(DST)/usergen
+	+cd doc && $(MAKE) PREFIX=$(PREFIX) install
+
+FORCE:
+
+$(PROJECT): $(OBJECTS)
+	$(CC) $(OBJECTS) $(LDFLAGS) -o $@
+EOF
+
+if [ $in_tree_dynstr -ne 0 ]
+then
+cat <<"EOF" >> $F
+DYNSTR = libweb/dynstr/libdynstr.a
+$(PROJECT): $(DYNSTR)
+$(DYNSTR): FORCE
+	+cd libweb/dynstr && $(MAKE) CC=$(CC)
+EOF
+fi
+
+if [ $in_tree_libweb -ne 0 ]
+then
+cat <<"EOF" >> $F
+LIBWEB = libweb/libweb.a
+$(PROJECT): $(LIBWEB)
+$(LIBWEB): FORCE
+	+cd libweb && $(MAKE) CC=$(CC)
+EOF
+fi
+
+cat <<"EOF" >> $F
+clean:
+	rm -f $(OBJECTS) $(DEPS)
+EOF
+
+if [ $in_tree_dynstr -ne 0 ]
+then
+cat <<"EOF" >> $F
+	+cd libweb/dynstr && $(MAKE) clean
+EOF
+fi
+
+if [ $in_tree_libweb -ne 0 ]
+then
+cat <<"EOF" >> $F
+	+cd libweb && $(MAKE) clean
+EOF
+fi
+
+cat <<"EOF" >> $F
+distclean: clean
+	rm Makefile
+EOF
+
+cat <<"EOF" >> $F
+-include $(DEPS)
+EOF
+
+mv $F Makefile
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 0222b75e8554796548e079aa3393c512ae30ac24
+Subproject commit b4930f72bb9026c5a0871f4fa4cabe20cb0e6a9f
--- a/main.c
+++ b/main.c
@ -135,7 +135,8 @@ static int append_form(struct form **const forms, const char **const s,
 {
    int ret = -1;
    const char *end;
-    char *const data = alloc_form_data(*s, &end), *key = NULL, *value = NULL;
+    char *const data = alloc_form_data(*s, &end), *enckey = NULL,
+        *encvalue = NULL, *key = NULL, *value = NULL;
    struct form *f = NULL, *fs = NULL;

    if (!data)
@ -161,14 +162,16 @@ static int append_form(struct form **const forms, const char **const s,

    const size_t keylen = sep - data;

-    if (!(key = strndup(data, keylen)))
+    if (!(enckey = strndup(data, keylen)))
    {
-        fprintf(stderr, "%s: strndup(3) key: %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: strndup(3) enckey: %s\n",
+            __func__, strerror(errno));
        goto end;
    }
-    else if (!(value = strdup(sep + 1)))
+    else if (!(encvalue = strdup(sep + 1)))
    {
-        fprintf(stderr, "%s: strdup(3) value: %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: strdup(3) encvalue: %s\n",
+            __func__, strerror(errno));
        goto end;
    }
    else if (!(fs = realloc(*forms, (*n + 1) * sizeof **forms)))
@ -178,27 +181,39 @@ static int append_form(struct form **const forms, const char **const s,
    }

    *forms = fs;
-    f = &(*forms)[(*n)++];

    /* HTML input forms use '+' for whitespace, rather than %20. */
-    *f = (const struct form)
+    if ((ret = http_decode_url(enckey, true, &key)))
    {
-        .key = http_decode_url(key, true),
-        .value = http_decode_url(value, true)
-    };
-
-    if (!f->key || !f->value)
-    {
-        fprintf(stderr, "%s: http_decode_url key/value failed\n", __func__);
+        fprintf(stderr, "%s: http_decode_url enckey failed\n", __func__);
        goto end;
    }
+    else if ((ret = http_decode_url(encvalue, true, &value)))
+    {
+        fprintf(stderr, "%s: http_decode_url encvalue failed\n", __func__);
+        goto end;
+    }
+
+    f = &(*forms)[(*n)++];
+
+    *f = (const struct form)
+    {
+        .key = key,
+        .value = value
+    };

    *s = end;
    ret = 0;

 end:
-    free(key);
-    free(value);
+    if (ret)
+    {
+        free(key);
+        free(value);
+    }
+
+    free(enckey);
+    free(encvalue);
    free(data);
    return ret;
 }
@ -378,14 +393,24 @@ end:

 static bool path_isrel(const char *const path)
 {
-    if (!strcmp(path, "..") || !strcmp(path, ".") || strstr(path, "/../"))
+    if (!strcmp(path, "..")
+        || !strcmp(path, ".")
+        || !strncmp(path, "./", strlen("./"))
+        || !strncmp(path, "../", strlen("../"))
+        || strstr(path, "/./")
+        || strstr(path, "/../"))
        return true;

-    static const char suffix[] = "/..";
-    const size_t n = strlen(path), sn = strlen(suffix);
+    static const char *const suffixes[] = {"/.", "/.."};

-    if (n >= sn && !strcmp(path + n - sn, suffix))
-        return true;
+    for (size_t i = 0; i < sizeof suffixes / sizeof *suffixes; i++)
+    {
+        const char *const suffix = suffixes[i];
+        const size_t n = strlen(path), sn = strlen(suffix);
+
+        if (n >= sn && !strcmp(path + n - sn, suffix))
+            return true;
+    }

    return false;
 }
@ -410,7 +435,8 @@ static int getpublic(const struct http_payload *const p,
 {
    int ret = -1;
    struct auth *const a = user;
-    const char *const adir = auth_dir(a);
+    const char *const adir = auth_dir(a),
+        *const file = p->resource + strlen("/public/");
    struct dynstr d;

    dynstr_init(&d);
@ -420,6 +446,13 @@ static int getpublic(const struct http_payload *const p,
        fprintf(stderr, "%s: auth_dir failed\n", __func__);
        goto end;
    }
+    else if (!*file || filename_invalid(file))
+    {
+        fprintf(stderr, "%s: invalid filename %s\n",
+            __func__, p->resource);
+        ret = page_forbidden(r);
+        goto end;
+    }
    else if (path_invalid(p->resource))
    {
        fprintf(stderr, "%s: illegal relative path %s\n",
@ -878,7 +911,16 @@ static int check_length(const unsigned long long len,
    bool has_quota;
    unsigned long long quota;

-    if (auth_quota(a, username, &has_quota, &quota))
+    if (auth_cookie(a, c))
+    {
+        fprintf(stderr, "%s: auth_cookie failed\n", __func__);
+
+        if (page_forbidden(r))
+            return -1;
+
+        return 1;
+    }
+    else if (auth_quota(a, username, &has_quota, &quota))
    {
        fprintf(stderr, "%s: auth_quota failed\n", __func__);
        return -1;
@ -980,52 +1022,113 @@ end:
    return ret;
 }

+static int getnode_head(const struct http_payload *const p,
+    struct http_response *const r, void *const user)
+{
+    struct auth *const a = user;
+
+    if (auth_cookie(a, &p->cookie))
+    {
+        fprintf(stderr, "%s: auth_cookie failed\n", __func__);
+        return page_forbidden(r);
+    }
+
+    const char *const username = p->cookie.field,
+        *const resource = p->resource + strlen("/user/");
+
+    if (path_invalid(resource))
+    {
+        fprintf(stderr, "%s: illegal relative path %s\n", __func__, resource);
+        return page_forbidden(r);
+    }
+
+    int ret = -1;
+    struct dynstr dir, root, d;
+    const char *const adir = auth_dir(a),
+        *const sep = p->resource[strlen(p->resource) - 1] != '/' ? "/" : "";
+
+    dynstr_init(&dir);
+    dynstr_init(&d);
+    dynstr_init(&root);
+
+    if (!adir)
+    {
+        fprintf(stderr, "%s: auth_dir failed\n", __func__);
+        goto end;
+    }
+    else if (dynstr_append(&dir, "%s%s", p->resource, sep))
+    {
+        fprintf(stderr, "%s: dynstr_append dird failed\n", __func__);
+        goto end;
+    }
+    else if (dynstr_append(&root, "%s/user/%s/", adir, username)
+        || dynstr_append(&d, "%s%s", root.str, resource))
+    {
+        fprintf(stderr, "%s: dynstr_append failed\n", __func__);
+        goto end;
+    }
+
+    ret = page_head_resource(r, d.str);
+
+end:
+    dynstr_free(&dir);
+    dynstr_free(&d);
+    dynstr_free(&root);
+    return ret;
+}
+
 static int move_file(const char *const old, const char *const new)
 {
    int ret = -1;
-    FILE *const f = fopen(old, "rb");
-    const int fd = open(new, O_WRONLY | O_CREAT, 0600);
+    const int fd_old = open(old, O_RDONLY),
+        fd_new = open(new, O_WRONLY | O_CREAT, 0600);
    struct stat sb;

-    if (!f)
+    if (fd_old < 0)
    {
-        fprintf(stderr, "%s: fopen(3): %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: open(2) fd_old: %s\n", __func__, strerror(errno));
        goto end;
    }
-    else if (fd < 0)
+    else if (fd_new < 0)
    {
        fprintf(stderr, "%s: open(2): %s\n", __func__, strerror(errno));
        goto end;
    }
-    else if (stat(old, &sb))
+    else if (fstat(fd_old, &sb))
    {
-        fprintf(stderr, "%s: stat(2): %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: fstat(2): %s\n", __func__, strerror(errno));
        goto end;
    }

    for (off_t i = 0; i < sb.st_size;)
    {
-        char buf[1024];
+        char buf[BUFSIZ];
        const off_t left = sb.st_size - i;
        const size_t rem = left > sizeof buf ? sizeof buf : left;
-        ssize_t w;
+        const ssize_t r = read(fd_old, buf, rem);

-        if (!fread(buf, rem, 1, f))
+        if (r < 0)
        {
-            fprintf(stderr, "%s: fread(3) failed, feof=%d, ferror=%d\n",
-                __func__, feof(f), ferror(f));
+            fprintf(stderr, "%s: read(2): %s\n", __func__, strerror(errno));
            goto end;
        }
-        else if ((w = write(fd, buf, rem)) < 0)
+
+        size_t wrem = r;
+        const void *p = buf;
+
+        while (wrem)
        {
-            fprintf(stderr, "%s: write(2): %s\n", __func__, strerror(errno));
-            goto end;
-        }
-        else if (w != rem)
-        {
-            fprintf(stderr, "%s: write(2): expected to write %zu bytes, "
-                "only %ju written\n", __func__, rem, (intmax_t)w);
-            goto end;
+            const ssize_t w = write(fd_new, p, wrem);
+
+            if (w < 0)
+            {
+                fprintf(stderr, "%s: write(2): %s\n",
+                    __func__, strerror(errno));
+                goto end;
+            }
+
+            p = (const char *)p + w;
+            wrem -= w;
        }

        i += rem;
@ -1034,15 +1137,15 @@ static int move_file(const char *const old, const char *const new)
    ret = 0;

 end:
-    if (fd >= 0 && close(fd))
+    if (fd_old >= 0 && close(fd_old))
    {
-        fprintf(stderr, "%s: close(2): %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: close(2) fd_old: %s\n", __func__, strerror(errno));
        ret = -1;
    }

-    if (f && fclose(f))
+    if (fd_new >= 0 && close(fd_new))
    {
-        fprintf(stderr, "%s: fclose(3): %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: close(2) fd_new: %s\n", __func__, strerror(errno));
        ret = -1;
    }

@ -1061,12 +1164,43 @@ static int rename_or_move(const char *const old, const char *const new)
    return res;
 }

+static int check_upload_dir(const char *const dir)
+{
+    struct stat sb;
+
+    if (stat(dir, &sb))
+    {
+        switch (errno)
+        {
+            case ENOENT:
+                /* Fall through. */
+            case ENOTDIR:
+                fprintf(stderr, "%s: cannot upload to non-existing dir %s\n",
+                    __func__, dir);
+                return 1;
+
+            default:
+                fprintf(stderr, "%s: stat(2) %s: %s\n",
+                    __func__, dir, strerror(errno));
+                return -1;
+        }
+    }
+    else if (!S_ISDIR(sb.st_mode))
+    {
+        fprintf(stderr, "%s: %s not a dir\n", __func__, dir);
+        return 1;
+    }
+
+    return 0;
+}
+
 static int upload_file(const struct http_post_file *const f,
    const char *const user, const char *const root, const char *const dir)
 {
    int ret = -1;
-    struct dynstr d;
+    struct dynstr dird, d;

+    dynstr_init(&dird);
    dynstr_init(&d);

    if (!root)
@ -1074,9 +1208,21 @@ static int upload_file(const struct http_post_file *const f,
        fprintf(stderr, "%s: auth_dir failed\n", __func__);
        goto end;
    }
-    else if (dynstr_append(&d, "%s/user/%s/%s%s", root, user, dir, f->filename))
+    else if (dynstr_append(&dird, "%s/user/%s/%s", root, user, dir))
    {
-        fprintf(stderr, "%s: dynstr_append failed\n", __func__);
+        fprintf(stderr, "%s: dynstr_append dird failed\n", __func__);
+        goto end;
+    }
+    else if ((ret = check_upload_dir(dird.str)))
+    {
+        if (ret < 0)
+            fprintf(stderr, "%s: check_upload_dir failed\n", __func__);
+
+        goto end;
+    }
+    else if (dynstr_append(&d, "%s%s", dird.str, f->filename))
+    {
+        fprintf(stderr, "%s: dynstr_append d failed\n", __func__);
        goto end;
    }
    else if (rename_or_move(f->tmpname, d.str))
@ -1088,6 +1234,7 @@ static int upload_file(const struct http_post_file *const f,
    ret = 0;

 end:
+    dynstr_free(&dird);
    dynstr_free(&d);
    return ret;
 }
@ -1187,11 +1334,15 @@ static int upload_files(const struct http_payload *const p,

    for (size_t i = 0; i < po->nfiles; i++)
    {
-        if (upload_file(&po->files[i], user, root, dir))
+        const int ret = upload_file(&po->files[i], user, root, dir);
+
+        if (ret < 0)
        {
            fprintf(stderr, "%s: upload_file failed\n", __func__);
            return -1;
        }
+        else if (ret)
+            return page_bad_request(r);
    }

    return redirect_to_dir(dir, r);
@ -1207,7 +1358,7 @@ static int upload(const struct http_payload *const p,
        fprintf(stderr, "%s: auth_cookie failed\n", __func__);
        return page_forbidden(r);
    }
-    else if (p->u.post.expect_continue)
+    else if (p->expect_continue)
    {
        *r = (const struct http_response)
        {
@ -1228,6 +1379,7 @@ static int createdir(const struct http_payload *const p,
    struct dynstr d, userd;
    struct form *forms = NULL;
    size_t n = 0;
+    char *encurl = NULL;

    dynstr_init(&d);
    dynstr_init(&userd);
@ -1254,7 +1406,7 @@ static int createdir(const struct http_payload *const p,
        goto end;
    }

-    char *name = NULL, *dir = NULL;
+    const char *name = NULL, *dir = NULL;

    for (size_t i = 0; i < n; i++)
    {
@ -1341,7 +1493,12 @@ static int createdir(const struct http_payload *const p,
            .status = HTTP_STATUS_SEE_OTHER
        };

-        if (http_response_add_header(r, "Location", userd.str))
+        if (!(encurl = http_encode_url(userd.str)))
+        {
+            fprintf(stderr, "%s: http_encode_url failed\n", __func__);
+            goto end;
+        }
+        else if (http_response_add_header(r, "Location", encurl))
        {
            fprintf(stderr, "%s: http_response_add_header failed\n", __func__);
            goto end;
@ -1354,6 +1511,7 @@ end:
    forms_free(forms, n);
    dynstr_free(&userd);
    dynstr_free(&d);
+    free(encurl);
    return ret;
 }

@ -1924,6 +2082,7 @@ static int add_urls(struct handler *const h, void *const user)
        {.url = "/index.html", .op = HTTP_OP_GET, .f = serve_index},
        {.url = "/style.css", .op = HTTP_OP_GET, .f = serve_style},
        {.url = "/user/*", .op = HTTP_OP_GET, .f = getnode},
+        {.url = "/user/*", .op = HTTP_OP_HEAD, .f = getnode_head},
        {.url = "/login", .op = HTTP_OP_POST, .f = login},
        {.url = "/logout", .op = HTTP_OP_POST, .f = logout},
        {.url = "/public/*", .op = HTTP_OP_GET, .f = getpublic},
@ -1967,14 +2126,31 @@ int main(int argc, char *argv[])
    {
        .length = check_length,
        .tmpdir = tmpdir,
-        .user = a
+        .user = a,
+        .post =
+        {
+            /* Arbitrary limit. */
+            .max_files = 10000,
+            /* File upload only requires one pair. */
+            .max_pairs = 1
+        }
    };

+    unsigned short outport;
+
    if (!(h = handler_alloc(&cfg))
        || add_urls(h, a)
-        || handler_listen(h, port))
+        || handler_listen(h, port, &outport))
        goto end;

+    printf("Listening on port %hu\n", outport);
+
+    if (handler_loop(h))
+    {
+        fprintf(stderr, "%s: handler_loop failed\n", __func__);
+        goto end;
+    }
+
    ret = EXIT_SUCCESS;

 end:
--- a/page.c
+++ b/page.c
@ -108,6 +108,7 @@ static int prepare_name(struct html_node *const n, struct stat *const sb,
    struct html_node *a;
    struct dynstr d, dname;
    const char *const sep = S_ISDIR(sb->st_mode) ? "/" : "";
+    char *encurl = NULL;

    dynstr_init(&d);
    dynstr_init(&dname);
@ -122,7 +123,12 @@ static int prepare_name(struct html_node *const n, struct stat *const sb,
        fprintf(stderr, "%s: html_node_add_child failed\n", __func__);
        goto end;
    }
-    else if (html_node_add_attr(a, "href", d.str))
+    else if (!(encurl = http_encode_url(d.str)))
+    {
+        fprintf(stderr, "%s: http_encode_url failed\n", __func__);
+        goto end;
+    }
+    else if (html_node_add_attr(a, "href", encurl))
    {
        fprintf(stderr, "%s: html_node_add_attr href failed\n", __func__);
        goto end;
@ -143,6 +149,7 @@ static int prepare_name(struct html_node *const n, struct stat *const sb,
 end:
    dynstr_free(&d);
    dynstr_free(&dname);
+    free(encurl);
    return ret;
 }

@ -303,6 +310,7 @@ static int prepare_preview(struct html_node *const n,
    const struct stat *const sb, const char *const dir, const char *const name)
 {
    int ret = -1;
+    char *encurl = NULL;
    struct html_node *a;
    struct dynstr d;

@ -315,9 +323,22 @@ static int prepare_preview(struct html_node *const n,
        fprintf(stderr, "%s: html_node_add_child form failed\n", __func__);
        goto end;
    }
-    else if (dynstr_append(&d, "%s%s?preview=1", dir, name))
+    else if (dynstr_append(&d, "%s%s", dir, name))
    {
-        fprintf(stderr, "%s: dynstr_append failed\n", __func__);
+        fprintf(stderr, "%s: dynstr_append d failed\n", __func__);
+        goto end;
+    }
+    else if (!(encurl = http_encode_url(d.str)))
+    {
+        fprintf(stderr, "%s: http_encode_url failed\n", __func__);
+        goto end;
+    }
+
+    dynstr_free(&d);
+
+    if (dynstr_append(&d, "%s?preview=1", encurl))
+    {
+        fprintf(stderr, "%s: dynstr_append encd failed\n", __func__);
        goto end;
    }
    else if (html_node_add_attr(a, "href", d.str))
@ -335,6 +356,7 @@ static int prepare_preview(struct html_node *const n,

 end:
    dynstr_free(&d);
+    free(encurl);
    return ret;
 }

@ -1272,20 +1294,24 @@ end:
 }

 static int serve_file(struct http_response *const r,
-    const struct stat *const sb, const char *const res, const bool preview)
+    const struct stat *const sb, const char *const res, const bool preview,
+    const int fd, bool *const fdopened)
 {
    int ret = -1;
-    FILE *const f = fopen(res, "rb");
+    FILE *f = NULL;
    struct dynstr b, d;
    char *bn;

    dynstr_init(&b);
    dynstr_init(&d);

-    if (!f)
+    if (preview)
    {
-        fprintf(stderr, "%s: fopen(3): %s\n", __func__, strerror(errno));
-        goto end;
+        if (dynstr_append(&d, "inline"))
+        {
+            fprintf(stderr, "%s: dynstr_append inline failed\n", __func__);
+            goto end;
+        }
    }
    else if (dynstr_append(&b, "%s", res))
    {
@ -1297,20 +1323,20 @@ static int serve_file(struct http_response *const r,
        fprintf(stderr, "%s: basename(3) failed\n", __func__);
        goto end;
    }
-    else if (preview)
-    {
-        if (dynstr_append(&d, "inline"))
-        {
-            fprintf(stderr, "%s: dynstr_append inline failed\n", __func__);
-            goto end;
-        }
-    }
    else if (dynstr_append(&d, "attachment; filename=\"%s\"", bn))
    {
        fprintf(stderr, "%s: dynstr_append attachment failed\n", __func__);
        goto end;
    }

+    if (!(f = fdopen(fd, "rb")))
+    {
+        fprintf(stderr, "%s: fdopen(3): %s\n", __func__, strerror(errno));
+        goto end;
+    }
+
+    *fdopened = true;
+
    *r = (const struct http_response)
    {
        .status = HTTP_STATUS_OK,
@ -1380,28 +1406,63 @@ static bool preview(const struct page_resource *const pr)

 int page_resource(const struct page_resource *const pr)
 {
+    int ret = -1;
    struct stat sb;
+    const int fd = open(pr->res, O_RDONLY);
+    bool fdopened = false;

-    if (stat(pr->res, &sb))
+    if (fd < 0)
    {
-        fprintf(stderr, "%s: stat(2) %s: %s\n",
-            __func__, pr->res, strerror(errno));
-
        if (errno == ENOENT || errno == ENOTDIR)
-            return page_not_found(pr->r);
+            ret = page_not_found(pr->r);
        else
-            return -1;
+            fprintf(stderr, "%s: open(2) %s: %s\n",
+                __func__, pr->res, strerror(errno));
+
+        goto end;
+    }
+    else if (fstat(fd, &sb))
+    {
+        fprintf(stderr, "%s: fstat(2) %s: %s\n",
+            __func__, pr->res, strerror(errno));
+        goto end;
    }

    const mode_t m = sb.st_mode;

    if (S_ISDIR(m))
-        return list_dir(pr);
+    {
+        if (list_dir(pr))
+        {
+            fprintf(stderr, "%s: list_dir failed\n", __func__);
+            goto end;
+        }
+    }
    else if (S_ISREG(m))
-        return serve_file(pr->r, &sb, pr->res, preview(pr));
+    {
+        if (serve_file(pr->r, &sb, pr->res, preview(pr), fd, &fdopened))
+        {
+            fprintf(stderr, "%s: serve_file failed\n", __func__);
+            goto end;
+        }
+    }
+    else
+    {
+        fprintf(stderr, "%s: unexpected st_mode %jo\n", __func__, (intmax_t)m);
+        goto end;
+    }

-    fprintf(stderr, "%s: unexpected st_mode %jd\n", __func__, (intmax_t)m);
-    return -1;
+    ret = 0;
+
+end:
+    if (!fdopened && fd >= 0 && close(fd))
+    {
+        fprintf(stderr, "%s: close(2) %s: %s\n",
+            __func__, pr->res, strerror(errno));
+        ret = -1;
+    }
+
+    return ret;
 }

 static char *resolve_link(const char *const res)
@ -1444,18 +1505,26 @@ static char *resolve_link(const char *const res)
 int page_public(struct http_response *const r, const char *const res)
 {
    int ret = -1;
+    const int fd = open(res, O_RDONLY);
    struct stat sb;
    char *path = NULL;
+    bool fdopened = false;

-    if (stat(res, &sb))
+    if (fd < 0)
    {
-        fprintf(stderr, "%s: stat(2) %s: %s\n",
-            __func__, res, strerror(errno));
-
        if (errno == ENOENT)
-            return page_not_found(r);
+            ret = page_not_found(r);
        else
-            goto end;
+            fprintf(stderr, "%s: stat(2) %s: %s\n",
+                __func__, res, strerror(errno));
+
+        goto end;
+    }
+    else if (fstat(fd, &sb))
+    {
+        fprintf(stderr, "%s: fstat(2) %s: %s\n",
+            __func__, res, strerror(errno));
+        goto end;
    }

    const mode_t m = sb.st_mode;
@ -1470,7 +1539,7 @@ int page_public(struct http_response *const r, const char *const res)
        fprintf(stderr, "%s: resolve_link failed\n", __func__);
        goto end;
    }
-    else if (serve_file(r, &sb, path, false))
+    else if (serve_file(r, &sb, path, false, fd, &fdopened))
    {
        fprintf(stderr, "%s: serve_file failed\n", __func__);
        goto end;
@ -1479,6 +1548,13 @@ int page_public(struct http_response *const r, const char *const res)
    ret = 0;

 end:
+    if (!fdopened && fd >= 0 && close(fd))
+    {
+        fprintf(stderr, "%s: close(2) %s: %s\n",
+            __func__, res, strerror(errno));
+        ret = -1;
+    }
+
    free(path);
    return ret;
 }
@ -2199,3 +2275,36 @@ end:

    return ret;
 }
+
+int page_head_resource(struct http_response *const r, const char *const res)
+{
+    struct stat sb;
+
+    if (stat(res, &sb))
+    {
+        if (errno == ENOENT || errno == ENOTDIR)
+            return page_not_found(r);
+        else
+        {
+            fprintf(stderr, "%s: stat(2) %s: %s\n",
+                __func__, res, strerror(errno));
+            return -1;
+        }
+    }
+
+    const mode_t m = sb.st_mode;
+
+    if (!S_ISDIR(m) && !S_ISREG(m))
+    {
+        fprintf(stderr, "%s: unexpected st_mode %jd\n", __func__, (intmax_t)m);
+        return -1;
+    }
+
+    *r = (const struct http_response)
+    {
+        .status = HTTP_STATUS_OK,
+        .n = sb.st_size
+    };
+
+    return 0;
+}
--- a/page.h
+++ b/page.h
@ -43,6 +43,7 @@ int page_failed_login(struct http_response *r);
 int page_forbidden(struct http_response *r);
 int page_bad_request(struct http_response *r);
 int page_resource(const struct page_resource *r);
+int page_head_resource(struct http_response *r, const char *res);
 int page_public(struct http_response *r, const char *res);
 int page_share(struct http_response *r, const char *path);
 int page_quota_exceeded(struct http_response *r, unsigned long long len,
--- a/13
+++ b/13
@ -9,7 +9,7 @@ usage()

 to_hex()
 {
-    od -An -t x1 | tr -d ' '
+    od -An -t x1 | tr -d ' ' | tr -d '\n'
 }

 to_bin()
@ -17,6 +17,13 @@ to_bin()
    sed -e 's,\([0-9a-f]\{2\}\),\\\\\\x\1,g' | xargs printf
 }

+mktemp_posix()
+{
+    m4 <<EOF
+mkstemp(${TMPDIR:-/tmp}/tmp.XXXXXX)
+EOF
+}
+
 if [ $# != 1 ]; then
    usage >&2
    exit 1
@ -68,7 +75,7 @@ do
 done

 echo >&2
-TMP=$(mktemp)
+TMP=$(mktemp_posix)

 cleanup()
 {
@ -86,5 +93,5 @@ jq ".users += [
    \"quota\": \"$QUOTA\"
 }]" "$DB" > $TMP

+mkdir -p "$DIR/user/$USER"
 mv $TMP "$DB"
-mkdir "$DIR/user/$USER"
Author	SHA1	Message	Date
Xavier Del Campo Romero	32af8ddd3d	README.md: Fix CMake build instructions The previous instructions were simply wrong because `cmake ..` would attempt to configure the project from the parent directory, instead of the build directory.	2024-05-05 01:07:01 +02:00
Xavier Del Campo Romero	b4572c6217	page.c: Do not get filename on previews This change should provide the same behaviour, but would avoid unnecessary calls to dynstr_append and basename(3) when a preview is to be served.	2024-03-01 00:06:03 +01:00
Xavier Del Campo Romero	fb8896bccd	README.md: Update dependencies list - jq is required by usergen. - Despite being part of a POSIX.1-2008 environment, m4 is not provided by Debian or Ubuntu by default.	2024-02-24 08:39:25 +01:00
Xavier Del Campo Romero	dd29f9096a	usergen: Do not abort on existing directory Otherwise, it would not be possible to replace user credentials if the directory already exists.	2024-02-20 21:44:53 +01:00
Xavier Del Campo Romero	8bcf0bf855	main.c: Improve relative path detection Otherwise, the following resources would be considered valid: - /user/../test - /user/./test - /user/a/. - /user/a/./test	2024-02-20 21:24:17 +01:00
Xavier Del Campo Romero	afc5cf0dfc	main.c: Reject invalid /public/ requests Otherwise: - slcl would accept /public/ (i.e., without a file name) as a valid resource. This would incorrectly map the public/ directory on the database, making slcl to return -1 because public/ is not a regular file. - slcl would accept directory names (e.g.: /public/dir/), which is never expected since slcl stores all public files into a single directory.	2024-02-20 08:18:11 +01:00
Xavier Del Campo Romero	b7f232366c	main.c: Force valid cookie on check_length Otherwise, a malicious user could send multipart/form-data requests without a valid cookie.	2024-02-20 00:17:40 +01:00
Xavier Del Campo Romero	6c3bfa270b	page.c: Use open(2) fdopen(3) and fstat(2) Now, the same file descriptor can be reused for all of the operations above, instead of calling stat(2) and fopen(3) separately.	2024-02-19 23:35:09 +01:00
Xavier Del Campo Romero	78c8c4dabb	page.c: URL-encode href Otherwise, files with special characters, such as '%', could not be downloaded or previewed.	2024-02-19 23:35:09 +01:00
Xavier Del Campo Romero	55008f2f64	main.c: const-qualify name and dir There was no reason why these should not be const-qualified. It was probably missed during the implementation.	2024-02-19 23:35:08 +01:00
Xavier Del Campo Romero	1f8aa578a4	main.c: URL-encode created directories Otherwise, directories with special characters, such as "%", would not be accessible when performing the redirection.	2024-02-19 23:35:08 +01:00
Xavier Del Campo Romero	a578ad6537	main.c: Use fstat(2) on move_file This allows to reuse the same file descriptor to both open(2) and fstat(2) the file.	2024-02-19 23:35:08 +01:00
Xavier Del Campo Romero	f6b84b765d	Bump libweb to 0.3.0 The following commits fix a couple of security issues on libweb. Because of afe0681c0b26bb64bad55d7e86770f346cfa043e, slcl had to be updated to set up its struct http_cfg_post. commit afe0681c0b26bb64bad55d7e86770f346cfa043e Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Mon Feb 19 23:00:56 2024 +0100 Limit maximum multipart/form-data pairs and files A malicious user could inject an infinite number of empty files or key/value pairs into a request in order to exhaust the device's resources. commit 9d9e0c2979f43297b2ebbf84f14f064f3f9ced0e Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Mon Feb 19 22:49:09 2024 +0100 html.c: Avoid half-init objects on html_node_add_attr The previous implementation would leave half-initialised objects if one of the calls to strdup(3) failed. Now, n->attrs is only modified when all previous memory allocations were successful.	2024-02-19 23:35:08 +01:00
Xavier Del Campo Romero	0f889b409e	main.c: Add missing relative path check	2024-02-19 16:59:54 +01:00
Xavier Del Campo Romero	c198199a81	CMakeLists.txt: Bump version to 0.2.0	2024-02-12 23:15:15 +01:00
Xavier Del Campo Romero	69c9f975ba	Bump libweb to 0.2.0	2024-02-12 23:15:14 +01:00
Xavier Del Campo Romero	6d6c350479	usergen: Fix password generation For longer passwords, od(1) might introduce a newline character, causing printf(1) to interpret its input string incorrectly.	2024-01-26 20:32:28 +01:00
Xavier Del Campo Romero	8ebefdb9ab	Bump libweb The following commits introduced performance improvements and bugfixes: Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Sat Jan 20 01:09:18 2024 +0100 server.c: Fix wrong priority for do_exit Under some specific circumstances, poll(2) would return a positive integer, but do_exit might had been previously set. This caused libweb to ignore SIGTERM, with the potential risk for an endless loop. Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Sat Jan 20 01:05:05 2024 +0100 http.c: Solve performance issues on POST uploads Profiling showed that reading multipart/form POST uploads byte-by-byte was too slow and typically led to maximum CPU usage. Therefore, the older approach (as done up to commit 7efc2b3a) was more efficient, even if the resulting code was a bit uglier.	2024-01-26 20:31:34 +01:00
Xavier Del Campo Romero	974d263b7e	configure: Avoid file extension conversion	2024-01-26 20:31:18 +01:00
Xavier Del Campo Romero	d9d1811f89	configure: Fix typo slweb was renamed to libweb some time ago: commit `28ae865e5e` Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Tue Oct 10 23:43:47 2023 +0200 Apply slweb renaming to libweb	2023-11-24 01:52:52 +01:00
Xavier Del Campo Romero	3062a63e14	.gitignore: Ignore only ./Makefile Future commits might introduce Makefiles on other directories that should not be ignored.	2023-11-24 01:52:00 +01:00
Xavier Del Campo Romero	f0368253d1	Bump libweb The following commit should increase performance for slcl: commit b0accd099fa8c5110d4c3c68830ad6fd810ca3ec Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Fri Nov 24 00:52:50 2023 +0100 http.c: Unify read operations So far, libweb would perform different read operations depending on its state: - For HTTP headers or request bodies, one byte at a time was read. - For multipart/form-data, up to BUFSIZ bytes at a time were read. However, this caused a significant extra number of syscalls for no reason and would increase code complexity, specially when parsing multiform/form-data boundaries. Now, http_read always reads up to BUFSIZ bytes at a time and process them on a loop. Apart from reducing code complexity, this should increase performance due to the (much) lower number of syscalls required.	2023-11-24 01:38:51 +01:00
Xavier Del Campo Romero	c322356670	CMakeLists.txt: Fix wrong parameters for project When VERSION is given, LANGUAGES becomes mandatory.	2023-11-23 00:07:45 +01:00
Xavier Del Campo Romero	1768210ea4	Upgrade to new libweb interface Recent commits from libweb brought a few breaking changes. The one below affected slcl, so it had to be updated according to the new interface: commit 98f5f52461b0c1ab1ee3331722bd32e2db9e1d41 Author: Xavier Del Campo <xavier.delcampo@midokura.com> Date: Thu Nov 16 12:23:08 2023 +0100 Split handler_loop from handler_listen Some applications might set up a struct handler object to listen on any port i.e., 0, but still need a way to determine which port number was eventually selected by the implementation. Therefore, handler_listen has been reduced to the server initialization bit, whereas the main loop has been split into its own function, namely handler_loop. Because of these changes, it no longer made sense for libweb to write the selected port to standard output, as this is something now applications can do on their own.	2023-11-23 00:06:09 +01:00
Xavier Del Campo Romero	daffea4660	main.c: Treat non-existing upload dir as non-fatal When a user attempts to upload a file into a non-existing directory, slcl would not check whether the directory exists. Then, rename(3) would fail and slcl would treat this as a fatal error, effectively closing itself. Since this is an example of ill-formed user input, it must be treated as a non-fatal error, and instead slcl should return a bad request page.	2023-11-23 00:01:41 +01:00
Xavier Del Campo Romero	0854bc0030	Bump libweb More bugfixes related to partial boundary parsing were provided by this commit: commit b71a6174e12b4709acaf8bc151938ba12d2a54f6 Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Sun Nov 12 23:31:57 2023 +0100 http.c: Fix more issues with partial boundaries - http_memmem must not check strlen(a) > n because, in case of a partial boundary, it would wrongfully return NULL. - If one or more characters from a partial boundary are found at the end of a buffer, but the next buffer does not start with the rest of the boundary, the accumulated boundary must be reset, and then look for a new boundary.	2023-11-12 23:36:17 +01:00
Xavier Del Campo Romero	34d00e10af	Bump libweb Several bugfixes related to partial boundary parsing were provided by this commit: commit 7d02b225fe11fb0c7233cd2ea576485ee920f203 Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Sun Nov 12 06:16:26 2023 +0100 http.c: Fix several issues with partial boundaries - Writing to m->boundary[len] did not make any sense, as len is not meant to change between calls to read_mf_boundary_byte. - For the same reason, memset(3)ing "len + 1" did not make any sense. - When a partial boundary is found, http_memmem must still return st. - Calling reset_boundary with prev == 0 did not make sense, since that case typically means a partial boundary was found on a previous iteration, so m->blen must not be reset.	2023-11-12 06:54:56 +01:00
Xavier Del Campo Romero	8dff21942e	libweb: Bump new signature for http_decode_url The new signature allows callers to distinguish decoding errors from fatal errors. This is important for slcl to avoid crashing when ill-formed data is received from a client.	2023-11-12 01:30:43 +01:00
Xavier Del Campo Romero	fada861c5f	README.md: Remove wrong comment about /tmp /tmp is at least defined by POSIX.1-2017 at section 10 (Directory Structure and Devices).	2023-10-25 22:29:48 +02:00
Xavier Del Campo Romero	4956df1891	Bump libweb to v0.1.0-rc6	2023-10-25 22:13:23 +02:00
Xavier Del Campo Romero	fb6105b1b2	CMakeLists.txt: set project VERSION	2023-10-25 22:13:23 +02:00
Xavier Del Campo Romero	fe59dacc14	Bump libweb to v0.1.0-rc5	2023-10-25 22:13:23 +02:00
Xavier Del Campo Romero	6fa38f4d83	Replace handwritten Makefile with configure script	2023-10-25 22:13:23 +02:00
Xavier Del Campo Romero	b2be8b4658	CMake: Find system libweb or dynstr if available So far, slcl's build system would always build libweb and dynstr. However, this is discouraged by distribution packagers.	2023-10-25 13:45:12 +02:00
Xavier Del Campo Romero	fc3db39277	usergen: Call mkdir(1) before database swap No changes must be committed to the database if mkdir(1) fails.	2023-10-19 17:35:39 +02:00
Xavier Del Campo Romero	8b24f8dcbb	usergen: Replace use of non-standard mktemp(1) Despite common use in several POSIX operating systems, mktemp(1) is not defined by POSIX.1-2008, nor even POSIX.1-2017. As long as it is not introduced, m4(1)'s mkstemp can be used with similar effect.	2023-10-19 17:35:38 +02:00
Xavier Del Campo Romero	9376361bcb	main.c: Use BUFSIZ instead of arbitrary value According to C99 7.19.1p3: BUFSIZ is a macro that expands to an integer constant expression that is the size of the buffer used by the setbuf function. In other words, this means BUFSIZ is the most optimal length for a buffer that reads a file into memory in chunks using fread(3).	2023-10-19 15:32:22 +02:00
Xavier Del Campo Romero	1da12097cb	CMakeLists.txt: Fix wrong library name	2023-10-14 13:10:37 +02:00
Xavier Del Campo Romero	d96e5685ee	auth.c: Fix potential signed integer overflow For platforms where int is a 16-bit data type, this operation might overflow and possibly cause either unexpected behaviour and/or a compiler warning. Therefore, it is safer to promote each integer constant accordingly.	2023-10-14 13:08:25 +02:00
Xavier Del Campo Romero	472b4ddbf1	Implement HEAD support	2023-10-14 01:08:02 +02:00