|
Post by rikky on Jul 23, 2021 18:16:26 GMT 1
I see. Well there I can not help you. What Apache does, is receive this data, just the way the BaconServer does, Yes it is in there, somewhere in the documentation you send me here above (have to look it up) It is NOT the browser that sends the stdin. How could that even? And then, after that, Apache converts this data into stdin. Probably because the RFC for CGI demands this. But then what? The programmer of the Apache CGI's takes this stdin, While the programmer of the BaCon CGI's uses RECEIVE. For the rest there is no difference. You can not do some extra sorcery with it. It's the same data. Well the only thing, from a bacon view is that you can get out of a stdin loop with stndin = WAIT(STDIN_FILENO, 50) While RECEIVE waits forever, if there is nothing. From the viewpoint of a cgi script maker, it's completely irrelevant how the data is grabbed. Maybe from the viewpoint of a programming language maker this is different. but if you want to conform to some official guidelines that other people have invented for some strange reasons, then that is your job. You should change the OPEN FOR SERVER keywords into something that spits out half the information via RECEIVE (the header, or half of it) and the rest via stdin., ... as it should. Horribly difficult, and to what end? I'm perfectly fine with the way it is (Apart from the missing timeout option for RECEIVE) PS. I missed the Code by John Spikowski at the end. Working on it ...
|
|
|
Post by Pjot on Jul 23, 2021 20:48:23 GMT 1
Well, I was just explaining my joke. And now it is explained, it is not funny anymore So never mind. Your server is good as it is! Best regards Peter
|
|
|
Post by rikky on Jul 23, 2021 20:56:31 GMT 1
Right, I have a folder John_Spikowski ready Put it somewhere in the srv folder of the BaConServer John_Spikowski.tgz (1.66 KB) Have the original John_Spikowski script in your Apache folder, and lay them next to each other. Well I do agree, I should have taken environment variable names that confirm to the 'rules' For now I had to rewrite a lot, and it is a mess. There is even a conflict with ContentType when pressing the GET button. So that is something for the todo list. (so much for the retirement ) but, I've got it sort of ready. Every info John Spikowski can get, I can get. Only via a different way. Rik PS. Ah, post have crossed.
|
|
|
Post by rikky on Jul 24, 2021 10:16:40 GMT 1
I wanted to update the server silently, but unfortunately there was a major bug. RECEIVE, if it does not have a CHUNK, has a maximum length of 512 bytes. I would not have imagined that this would be to little for a normal header, but is is occasionally. So the RECEIVE routine in the subroutine SERV becomes: REPEAT RECEIVE dat$ FROM handle CHUNK 1 SIZE size data$ = data$ & dat$ UNTIL RIGHT$(data$, 4) = Sep$ added some 'official' environment variables. added a folder with cgi_examples. added a MIT licence. (don't know what other licence to take) Rik.
|
|
|
Post by Pjot on Jul 25, 2021 10:10:32 GMT 1
Thanks rik, Looks good! Thanks for all the work. As a bonus, it should not be too difficult to add functionality for handling TLS connections as well BaCon has native support to define a private key and a server certificate. It should only be a matter of adding the CERTIFICATE keyword. If it works with a self-signed certificate then it's all good. You can generate a key/certificate pair with the openssl command line utility as follows: # openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out certificate.pem -keyout key.pem
Then add the statement
CERTIFICATE "key.pem", "certificate.pem"
and your server is done.
When you then connect to your server using https://localhost:8080 the connection should be TLS encrypted. Best regards Peter
|
|
|
Post by rikky on Jul 26, 2021 8:03:48 GMT 1
Unfortunately, I cannot get it to work OPTION TLS TRUE CERTIFICATE "key.pem", "certificate.pem" Putted the certificates everywhere. In the home folder. In the folder of the executable. In the srv folder Had a path to .../srv/BaConServer/certificates/key.pem etc. I get a: ERROR: signal for SEGMENTATION FAULT received - memory invalid or array out of bounds? Try to compile the program with TRAP LOCAL to find the cause. SSL ACCEPT error: error:00000005:lib(0):func(0):DH lib
also this: ERROR: signal for SEGMENTATION FAULT received - memory invalid or array out of bounds? Try to compile the program with TRAP LOCAL to find the cause. SSL ACCEPT error: error:00000001:lib(0):func(0):reason(1) at line 1509 in SERV_0.12.bac (see package first post): RECEIVE dat$ FROM handle CHUNK 1 SIZE size Also, in the normal non ssl program, If I do the SeaChart like crazy, zooming in and out, going north and south and east and west again, all the while quickly zooming in and out and in and going in yet another direction. Then I get an: Unable to fork process: Too many open files Working on it, but unfortunately I forgot that I wasn't realy retired totally. So I've got some real work to do now first. Rik.
|
|
|
Post by Pjot on Jul 26, 2021 18:51:50 GMT 1
ERROR: signal for SEGMENTATION FAULT received - memory invalid or array out of bounds? Try to compile the program with TRAP LOCAL to find the cause. SSL ACCEPT error: error:00000005:lib(0):func(0):DH lib
Yes, well, the SSL ACCEPT error indicates that the incoming connection for SSL fails. As is mentioned in the documentation, if the ACCEPT fails then it returns a '-1'. Of course, a RECEIVE then fails also, because it uses the invalid handle returned from the failed ACCEPT. Instead, we need an additional line to intercept the '-1' returning from ACCEPT. You can add the following line of code right after the ACCEPT: IF handle < 0 THEN CONTINUE
But I did not realize you are using a FORK method in your code, and the impact of FORK on the open file descriptors created by SSL maybe unsure. You might run into some unexpected side effects. For example, the ENDFORK also closes file descriptors inherited from the parent process. Just for sake of the argument, this is a small server program which works for me when connecting my browser to https://localhost:51000 : OPTION TLS TRUE CERTIFICATE "key.pem", "certificate.pem" CATCH GOTO resume_on_error CONST Msg$ = "<html><head>Hello from BaCon!</head></html>" PRINT "Connect with your browser to 'https://localhost:51000'." OPEN "localhost:51000" FOR SERVER AS mynet WHILE TRUE client = ACCEPT(mynet) IF client < 0 THEN CONTINUE :' <--------- check ACCEPT return code RECEIVE dat$ FROM client PRINT dat$ SEND "HTTP/1.1 200 Ok\r\nContent-Length: " & STR$(LEN(Msg$)) & "\r\n\r\n" & Msg$ TO client CLOSE SERVER client WEND LABEL resume_on_error RESUME
HTH Peter
|
|
|
Post by rikky on Jul 27, 2021 8:29:49 GMT 1
Got something ugly. Full of 'PRINT LINENO's etc But it does do the fileselect, and the favicon and clicking to other folders and shows pdf and text. I needed FORK however Otherwise it prints the fileselect list, but stops already before making the svg icons, and even goes out of the WHILE loop, without giving an error. It does not do the SeaChart, nor any of the cgi's. It gives a : Runtime error: statement 'SEND' at line 13 in 'add.bac': Error sending to socket: Bad file descriptor although the file descriptor is the right one, I checked. tls.tgz (14.42 KB) PS: I forgot the most important thing. The tls doesn't seem to work. The browser shows a red ' https' with a red 'insecure' before it in the adressbar, and the console does not get tired of spitting SSL ACCEPT error's.
|
|
|
Post by Pjot on Jul 27, 2021 19:11:58 GMT 1
Hi rikky, Well, it works for me, meaning, the connection stays, but your server seems to hang: Regarding the red "https" meaning insecure, that's correct, because we are using a self-signed certificate. A browser will always consider such certificate to be invalid. If you want a real certificate then you have to create a CSR and send it to a CA (Certificate Authority) for signing. This will cost you money. Instead, you can go to Let's Encrypt to obtain a free certificate. Usually, a certificate has a limited validity, like 30 days, after which you have to renew it. In any case, using a certificate actually will ensure that the line is encrypted. The browser only complains that it cannot verify the authority of the certificate when it is self-signed. Best regards Peter
|
|
|
Post by rikky on Jul 28, 2021 7:19:06 GMT 1
I'm perfectly fine with a self signed certificate. If it gets encrypted then it's okee, I guess. What I mean is that if you EXEC$(some cgi script) or SYSTEM "some cgi script" then the handle for the SEND and RECEIVE is not working anymore inside of the sgi-script. (I think it has only changed the number) Meaning you can not SEND nor RECEIVE in your CGI script anymore. You can make a cgi script that prints everything that it wants on the website, and than catch that with result$ = EXEC$(cgi_cript) And then SEND the result$ TO handle This works, but you still need to RECEIVE in your script. This is probably why the professionals use STDIN. So you probably can send the RECEIVE information with EXEC$(command,stdin$) But what if this stdin$ is several hundreds of megabytes of binary (like in uploading something) Also I liked the extra possibilities of using SEND in the cgi script, like the <div> with the byte-counter in upload.bac, that was updated every 100 bytes by simply sending: IF MOD(total_size,100) = 0 THEN SEND "<script>" & NL$ TO handle SEND "document.getElementById('message').innerHTML = '" & \ STR$(total_size) & "';" & NL$ TO handle SEND "</script>" & NL$ TO handle END IF You can not do that with a cgi that PRINTS, for EXEC$ only returns after all the data is completely received, and the script has ended. I will do a renewed attempt removing the fork, see if that will help.
|
|
|
Post by rikky on Jul 28, 2021 18:30:47 GMT 1
Nope. The handle is still not reachable, and I get an error: IforgotWhatNumber, saying something evil, which kicks me out of the WHILE 0=0 loop. But the solution is simple, I suppose. Have such a thing as asking for a user/password, etc, that you want encrypted, send with its own specially dedicated NEW server. Problem solved.
|
|
|
Post by rikky on Aug 2, 2021 17:04:45 GMT 1
Updated to version 1.0 SERV_TLS is the encripted version of SERV It doesn't do SEND nor RECEIVE in a CGI, so I have chosen in this case to incorporate all the cgi's inside of the BaconServer itself. This is only one of many solutions, just a proof of work. An 'official' CGI script for the TLS version has to be made Apache style, with PRINT For the CGI version does an EXEC$("script") instead of a SYSTEM "script". This is unfortunate, but since we have Bacon, it's easy to hack the Server, so why not do that? Incorporating the Seachart however proved difficult, but possible. But it makes a mess of the Server. It's rubbish. So Seachart doesn't work with the TLS version (yet) Personally I don't need an encrypted Seachart. Chances that hackers come into my Seachart when I'm sailing are very very slim. Theoretically the Seachart last published on Navigation Gps should work out of the box in TLS. Since it was made for Apache. (haven't tested though) However I think encryption is very necessary. Just imagine you do not have a boat, but a wheelchair or an exoskeleton, or a combination of the two. An exoskeleton costs a fortune, if you have to ask Elon Musk for one. But it is practically the same as a boat. You have something you want to control in an unfriendly environment. You have a battery, you have some motors for the wheels. Suppose you want your wheelchair to climb some stairs. Then you need some extra legs also. all equipped with a Raspi and a Server. But if you have sensors on the wheel itself, you have to go wirelessly. The lan wire won't last two spins. Then you need TLS. You do not want some kids with a smartphone hacking into your wheel/leg. So I think the (TLS) Server is perfect for the intranet of usefull things. Controlling batteries / tank levels and starting/stopping Generator(s) via Arduino and Apache , I have all ready. But it's not BaCon unfortunately. Thinking about it. Rik. Edit: Btw, I have removed all my political contents about zombie vaccines, for political shit doesn't belong on a programming blog, but I'm not so sure about the above remark of Elon Musk. Should I remove that too?
|
|
|
Post by Pjot on Aug 3, 2021 11:14:31 GMT 1
Thanks rikky,
Unfortunately I receive an error, I think it may be the 'favicon.ico' which is not there?
3/8/2021 12:13:3 SSH_CLIENT : GET / HTTP/1.1 Host: localhost:8082 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: nl,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1
Runtime error: function 'FILETYPE' at line 2031 in 'SERV_TLS.bac': Unable to stat file: No such file or directory
BR Peter
|
|
|
Post by rikky on Aug 3, 2021 14:33:21 GMT 1
That's odd. This is the main folder you are requesting, not the favicon. If it were the favicon it would say: GET /favicon.ico HTTP/1.1 If it is not there, the server servs a BaCon.svg. In my case the TLS_Server does this only if the ip = localhost. But this might be browser related, for if I : curl -k https://localhost:8082/favicon.ico then I get my BaCon.svg Anyway, I cannot reproduce the error. here full_path$ should point to your main folder, which in my case is /home/pi/Downloads/BaConServer/srv Try to put a : PRINT "full_path$ : " & full_path$ somewhere around line 2028.5 See what that gives.
|
|
|
Post by Pjot on Aug 3, 2021 17:36:32 GMT 1
Rik, When I add the following code just after line 2028: PRINT CURDIR$
...then I can see the following output when connecting to your server: 3/8/2021 18:32:44 SSH_CLIENT : GET / HTTP/1.1 Host: localhost:8082 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: nl,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1
/home/peter/programming/bacon/BaConServer/srv/BaConServer/certificates Runtime error: function 'FILETYPE' at line 2034 in 'SERV_TLS.bac': Unable to stat file: No such file or directory
Apparently, the program thinks it is in some other directory, where the "./srv" directory does not exist... HTH Peter
|
|