BaConServer

[rikky]

I see.

Well there I can not help you.

What Apache does, is receive this data, just the way the BaconServer does,
Yes it is in there, somewhere in the documentation you send me here above (have to look it up)
It is NOT the browser that sends the stdin.
How could that even?

And then, after that, Apache converts this data into stdin.
Probably because the RFC for CGI demands this.

But then what?

The programmer of the Apache CGI's takes this stdin, While the programmer of the BaCon CGI's uses RECEIVE.

For the rest there is no difference.
You can not do some extra sorcery with it.
It's the same data.

Well the only thing, from a bacon view is that you can get out of a stdin loop with 

stndin = WAIT(STDIN_FILENO, 50)
While RECEIVE waits forever, if there is nothing. 

From the viewpoint of a cgi script maker, it's completely irrelevant how the data is grabbed.

Maybe from the viewpoint of a programming language maker this is different.
but if you want to conform to some official guidelines that other people have invented for some strange reasons,
then that is your job.
You should change the OPEN FOR SERVER keywords into something that spits out half the information via RECEIVE (the header, or half of it) and the rest via stdin., ... as it should. 
Horribly difficult, and to what end?

I'm perfectly fine with the way it is
(Apart from the missing timeout option for RECEIVE)



PS.
I missed the Code by John Spikowski at the end.
Working on it ...

[Pjot]

Well, I was just explaining my joke. And now it is explained, it is not funny anymore

So never mind. Your server is good as it is!

Best regards
Peter

[rikky]

Right,
I have a folder John_Spikowski ready

Put it somewhere in the srv folder of the BaConServer

John_Spikowski.tgz (1.66 KB)

Have the original John_Spikowski script in your Apache folder, and lay them next to each other.

Well I do agree, I should have taken environment variable names that confirm to the 'rules'
For now I had to rewrite a lot, and it is a mess.
There is even a conflict with ContentType when pressing the GET button.
So that is something for the todo list. (so much for the retirement )

but, I've got it sort of ready.

Every info John Spikowski can get, I can get.
Only via a different way.

 Rik

PS.  Ah, post have crossed. 

[rikky]

I wanted to update the server silently, but unfortunately there was a major bug.
RECEIVE, if it does not have a CHUNK, has a maximum length of 512 bytes.
I would not have imagined that this would be to little for a normal header, but is is occasionally.

So the RECEIVE routine in the subroutine SERV becomes:
  
REPEAT
 RECEIVE dat$ FROM handle CHUNK 1 SIZE size
 data$ = data$ & dat$
UNTIL RIGHT$(data$, 4) = Sep$
added some 'official' environment variables.
added a folder with cgi_examples.
added a MIT licence. (don't know what other licence to take)

 Rik.

[Pjot]

Thanks rik,

Looks good! Thanks for all the work.

As a bonus, it should not be too difficult to add functionality for handling TLS connections as well

BaCon has native support to define a private key and a server certificate. It should only be a matter of adding the CERTIFICATE keyword. If it works with a self-signed certificate then it's all good.

You can generate a key/certificate pair with the openssl command line utility as follows:

# openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out certificate.pem -keyout key.pem


Then add the statement

CERTIFICATE "key.pem", "certificate.pem"

and your server is done.

When you then connect to your server using https://localhost:8080 the connection should be TLS encrypted.

Best regards
Peter

[rikky]

Unfortunately, I cannot get it to work

OPTION TLS TRUE
CERTIFICATE "key.pem", "certificate.pem"

Putted the certificates everywhere.
In the home folder.
In the folder of the executable.
In the srv folder
Had a path to .../srv/BaConServer/certificates/key.pem etc.

I get a:
ERROR: signal for SEGMENTATION FAULT received - memory invalid or array out of bounds? Try to compile the program with TRAP LOCAL to find the cause.
SSL ACCEPT error: error:00000005:lib(0):func(0):DH lib

also this:
ERROR: signal for SEGMENTATION FAULT received - memory invalid or array out of bounds? Try to compile the program with TRAP LOCAL to find the cause.
SSL ACCEPT error: error:00000001:lib(0):func(0):reason(1)
at line 1509 in SERV_0.12.bac (see package first post):
RECEIVE dat$ FROM handle CHUNK 1 SIZE size
Also, in the normal non ssl program,
If I do the SeaChart like crazy, zooming in and out, going north and south and east and west again,
all the while quickly zooming in and out and in and going in yet another direction.
Then I get an:

Unable to fork process: Too many open files
Working on it, but unfortunately I forgot that I wasn't realy retired totally.
So I've got some real work to do now first.

 Rik.

[Pjot]

Jul 26, 2021 8:03:48 GMT 1 rikky said:

ERROR: signal for SEGMENTATION FAULT received - memory invalid or array out of bounds? Try to compile the program with TRAP LOCAL to find the cause.
SSL ACCEPT error: error:00000005:lib(0):func(0):DH lib


Yes, well, the SSL ACCEPT error indicates that the incoming connection for SSL fails. As is mentioned in the documentation, if the ACCEPT fails then it returns a '-1'. Of course, a RECEIVE then fails also, because it uses the invalid handle returned from the failed ACCEPT.

Instead, we need an additional line to intercept the '-1' returning from ACCEPT. You can add the following line of code right after the ACCEPT:

IF handle < 0 THEN CONTINUE

But I did not realize you are using a FORK method in your code, and the impact of FORK on the open file descriptors created by SSL maybe unsure. You might run into some unexpected side effects. For example, the ENDFORK also closes file descriptors inherited from the parent process.

Just for sake of the argument, this is a small server program which works for me when connecting my browser to https://localhost:51000 :


OPTION TLS TRUE
CERTIFICATE "key.pem", "certificate.pem"
CATCH GOTO resume_on_error
CONST Msg$ = "<html><head>Hello from BaCon!</head></html>"
PRINT "Connect with your browser to 'https://localhost:51000'."
OPEN "localhost:51000" FOR SERVER AS mynet
WHILE TRUE
   client = ACCEPT(mynet)
   IF client < 0 THEN CONTINUE   :' <--------- check ACCEPT return code
   RECEIVE dat$ FROM client
   PRINT dat$
   SEND "HTTP/1.1 200 Ok\r\nContent-Length: " & STR$(LEN(Msg$)) & "\r\n\r\n" & Msg$ TO client
   CLOSE SERVER client
WEND
LABEL resume_on_error
   RESUME

HTH
Peter

[rikky]

Got something ugly.
Full of 'PRINT LINENO's etc
But it does do the fileselect, and the favicon and clicking to other folders and shows pdf and text.

I needed FORK however
Otherwise it prints the fileselect list, but stops already before making the svg icons, and even goes out of the WHILE loop, without giving an error.

It does not do the SeaChart, nor any of the cgi's.

It gives a :
Runtime error: statement 'SEND' at line 13 in 'add.bac': Error sending to socket: Bad file descriptor
although the file descriptor is the right one, I checked.


tls.tgz (14.42 KB)



PS:
I forgot the most important thing.
The tls doesn't seem to work.
The browser shows a red 'https'  with a red 'insecure' before it in the adressbar, and the console does not get tired of spitting SSL ACCEPT error's. 

[Pjot]

Hi rikky,

Well, it works for me, meaning, the connection stays, but your server seems to hang:

Connect with your browser to 'https://localhost:51000'.
Start loop
HANDLE : 94529994725072
End loop
Start loop

-------------------------------

-----------------------------------
-----------------------------------
27/7/2021 20:15:34
SSH_CLIENT :
GET / HTTP/1.1
Host: localhost:51000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: nl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

adressbar$ : /
adress$ : /
FILETYPE : ./srv
EXEC$(./srv/bcaccess)

bcaccess : ./srv/bcaccess

result:
sh: 1: ./srv/bcaccess: Exec format error
done ...
CHECK_REQUEST
1220
1240
1146
1169
842
859
866
901
903
HANDLE : 94529994786512
End loop
Start loop

Regarding the red "https" meaning insecure, that's correct, because we are using a self-signed certificate. A browser will always consider such certificate to be invalid.

If you want a real certificate then you have to create a CSR and send it to a CA (Certificate Authority) for signing. This will cost you money. Instead, you can go to Let's Encrypt to obtain a free certificate. Usually, a certificate has a limited validity, like 30 days, after which you have to renew it.

In any case, using a certificate actually will ensure that the line is encrypted. The browser only complains that it cannot verify the authority of the certificate when it is self-signed.

Best regards
Peter

[rikky]

I'm perfectly fine with a self signed certificate.
If it gets encrypted then it's okee, I guess.

What I mean is that if you EXEC$(some cgi script) or SYSTEM "some cgi script" then the handle for the SEND and RECEIVE is not  working anymore inside of the sgi-script. (I think it has only changed the number)

Runtime error: statement 'SEND' at line 11 in '/home/pi/Playroom/BaConServer/BaConServer/srv/cgi_examples/login.bac': Error sending to socket: Bad file descriptor

Meaning you can not SEND nor RECEIVE in your CGI script anymore.

You can make a cgi script that prints everything that it wants on the website, and than catch that with result$ = EXEC$(cgi_cript)
And then SEND the result$ TO handle

This works, but you still need to RECEIVE in your script.

This is probably why the professionals use STDIN.
So you probably can send the RECEIVE information with EXEC$(command,stdin$)
But what if this stdin$ is several hundreds of megabytes of binary (like in uploading something)

Also I liked the extra possibilities of using SEND in the cgi script, like the <div> with the byte-counter in upload.bac, that was updated every 100 bytes by simply sending: 

IF MOD(total_size,100) = 0 THEN
       
  SEND "<script>" & NL$ TO handle
  SEND "document.getElementById('message').innerHTML = '" & \
        STR$(total_size) & "';" & NL$ TO handle
  SEND "</script>" & NL$ TO handle
       
END IF
You can not do that with a cgi that PRINTS, for EXEC$ only returns after all the data is completely received, and the script has ended.

I will do a renewed attempt removing the fork, see if that will help.

[rikky]

Nope.
The handle is still not reachable,
and I get an error: IforgotWhatNumber, saying something evil, which kicks me out of the WHILE 0=0 loop.

But the solution is simple, I suppose.

Have such a thing as asking for a user/password, etc, that you want encrypted, send with its own specially dedicated NEW server.
Problem solved.

[rikky]

Updated to version 1.0

SERV_TLS is the encripted version of SERV

It doesn't do SEND nor RECEIVE in a CGI, so I have chosen in this case to incorporate all the cgi's inside of the BaconServer itself.
This is only one of many solutions, just a proof of work.

An 'official' CGI script for the TLS version has to be made Apache style, with PRINT
For the CGI version does an EXEC$("script") instead of a SYSTEM "script".

This is unfortunate, but since we have Bacon, it's easy to hack the Server, so why not do that?

Incorporating the Seachart however proved difficult, but possible.
But it makes a mess of the Server. It's rubbish.
So Seachart doesn't work with the TLS version (yet)
Personally I don't need an encrypted Seachart.
Chances that hackers come into my Seachart when I'm sailing are very very slim.
Theoretically the Seachart last published on Navigation Gps should work out of the box in TLS.
Since it was made for Apache. (haven't tested though)

However I think encryption is very necessary.
Just imagine you do not have a boat, but a wheelchair or an exoskeleton, or a combination of the two.
An exoskeleton costs a fortune, if you have to ask Elon Musk for one.
But it is practically the same as a boat.
You have something you want to control in an unfriendly environment.
You have a battery, you have some motors for the wheels.
Suppose you want your wheelchair to climb some stairs.
Then you need some extra legs also.
all equipped with a Raspi and a Server.
But if you have sensors on the wheel itself, you have to go wirelessly.
The lan wire won't last two spins.
Then you need TLS.
You do not want some kids with a smartphone hacking into your wheel/leg.

So I think the (TLS) Server is perfect for the intranet of usefull things.

Controlling batteries / tank levels and starting/stopping Generator(s) via Arduino and Apache , I have all ready.
But it's not BaCon unfortunately.

Thinking about it.

 Rik.

Edit:
Btw, I have removed all my political contents about zombie vaccines, for political shit doesn't belong on a programming blog, but I'm not so sure about the above remark of Elon Musk.
Should I remove that too? 

[Pjot]

Thanks rikky,

Unfortunately I receive an error, I think it may be the 'favicon.ico' which is not there?

3/8/2021 12:13:3
SSH_CLIENT :
GET / HTTP/1.1
Host: localhost:8082
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: nl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

Runtime error: function 'FILETYPE' at line 2031 in 'SERV_TLS.bac': Unable to stat file: No such file or directory


BR
Peter

[rikky]

That's odd. 

This is the main folder you are requesting, not the favicon.
If it were the favicon it would say: GET /favicon.ico  HTTP/1.1
If it is not there, the server servs a BaCon.svg.
In my case the TLS_Server does this only if the ip = localhost.
But this might be browser related, for if I : curl -k https://localhost:8082/favicon.ico
then I get my BaCon.svg

Anyway, I cannot reproduce the error. 

2031 ELIF FILETYPE(full_path$) != 2 THEN

here full_path$ should point to your main folder, which in my case is
/home/pi/Downloads/BaConServer/srv

Try to put a :  PRINT "full_path$ : " & full_path$ somewhere around line 2028.5
See what that gives.

[Pjot]

Rik,

When I add the following code just after line 2028:

PRINT CURDIR$

...then I can see the following output when connecting to your server:

3/8/2021 18:32:44
SSH_CLIENT :
GET / HTTP/1.1
Host: localhost:8082
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: nl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

/home/peter/programming/bacon/BaConServer/srv/BaConServer/certificates
Runtime error: function 'FILETYPE' at line 2034 in 'SERV_TLS.bac': Unable to stat file: No such file or directory

Apparently, the program thinks it is in some other directory, where the "./srv" directory does not exist...

HTH
Peter