search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[core] clean up srv before exiting for lighttpd -[vVh]
[lighttpd/svnmirror.git] / src / mod_cgi.c
blob19434ee82fd8aee38f58b2784029af19b9e98f51
1 #include "first.h"
2
3 #include "server.h"
4 #include "stat_cache.h"
5 #include "keyvalue.h"
6 #include "log.h"
7 #include "connections.h"
8 #include "joblist.h"
9 #include "http_chunk.h"
10 #include "network_backends.h"
11
12 #include "plugin.h"
13
14 #include <sys/types.h>
15 #include "sys-mmap.h"
16
17 #ifdef __WIN32
18 # include <winsock2.h>
19 #else
20 # include <sys/socket.h>
21 # include <sys/wait.h>
22 # include <netinet/in.h>
23 # include <arpa/inet.h>
24 #endif
25
26 #include <unistd.h>
27 #include <errno.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <fdevent.h>
31 #include <signal.h>
32 #include <ctype.h>
33 #include <assert.h>
34
35 #include <stdio.h>
36 #include <fcntl.h>
37
38 #ifdef HAVE_SYS_FILIO_H
39 # include <sys/filio.h>
40 #endif
41
42 #include "version.h"
43
44 enum {EOL_UNSET, EOL_N, EOL_RN};
45
46 typedef struct {
47 char **ptr;
48
49 size_t size;
50 size_t used;
51 } char_array;
52
53 typedef struct {
54 pid_t *ptr;
55 size_t used;
56 size_t size;
57 } buffer_pid_t;
58
59 typedef struct {
60 array *cgi;
61 unsigned short execute_x_only;
62 } plugin_config;
63
64 typedef struct {
65 PLUGIN_DATA;
66 buffer_pid_t cgi_pid;
67
68 buffer *tmp_buf;
69 buffer *parse_response;
70
71 plugin_config **config_storage;
72
73 plugin_config conf;
74 } plugin_data;
75
76 typedef struct {
77 pid_t pid;
78 int fd;
79 int fde_ndx; /* index into the fd-event buffer */
80
81 connection *remote_conn; /* dumb pointer */
82 plugin_data *plugin_data; /* dumb pointer */
83
84 buffer *response;
85 buffer *response_header;
86 } handler_ctx;
87
88 static handler_ctx * cgi_handler_ctx_init(void) {
89 handler_ctx *hctx = calloc(1, sizeof(*hctx));
90
91 force_assert(hctx);
92
93 hctx->response = buffer_init();
94 hctx->response_header = buffer_init();
95
96 return hctx;
97 }
98
99 static void cgi_handler_ctx_free(handler_ctx *hctx) {
100 buffer_free(hctx->response);
101 buffer_free(hctx->response_header);
102
103 free(hctx);
104 }
105
106 enum {FDEVENT_HANDLED_UNSET, FDEVENT_HANDLED_FINISHED, FDEVENT_HANDLED_NOT_FINISHED, FDEVENT_HANDLED_ERROR};
107
108 INIT_FUNC(mod_cgi_init) {
109 plugin_data *p;
110
111 p = calloc(1, sizeof(*p));
112
113 force_assert(p);
114
115 p->tmp_buf = buffer_init();
116 p->parse_response = buffer_init();
117
118 return p;
119 }
120
121
122 FREE_FUNC(mod_cgi_free) {
123 plugin_data *p = p_d;
124 buffer_pid_t *r = &(p->cgi_pid);
125
126 UNUSED(srv);
127
128 if (p->config_storage) {
129 size_t i;
130 for (i = 0; i < srv->config_context->used; i++) {
131 plugin_config *s = p->config_storage[i];
132
133 if (NULL == s) continue;
134
135 array_free(s->cgi);
136
137 free(s);
138 }
139 free(p->config_storage);
140 }
141
142
143 if (r->ptr) free(r->ptr);
144
145 buffer_free(p->tmp_buf);
146 buffer_free(p->parse_response);
147
148 free(p);
149
150 return HANDLER_GO_ON;
151 }
152
153 SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) {
154 plugin_data *p = p_d;
155 size_t i = 0;
156
157 config_values_t cv[] = {
158 { "cgi.assign", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
159 { "cgi.execute-x-only", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
160 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET}
161 };
162
163 if (!p) return HANDLER_ERROR;
164
165 p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *));
166 force_assert(p->config_storage);
167
168 for (i = 0; i < srv->config_context->used; i++) {
169 data_config const* config = (data_config const*)srv->config_context->data[i];
170 plugin_config *s;
171
172 s = calloc(1, sizeof(plugin_config));
173 force_assert(s);
174
175 s->cgi = array_init();
176 s->execute_x_only = 0;
177
178 cv[0].destination = s->cgi;
179 cv[1].destination = &(s->execute_x_only);
180
181 p->config_storage[i] = s;
182
183 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
184 return HANDLER_ERROR;
185 }
186 }
187
188 return HANDLER_GO_ON;
189 }
190
191
192 static int cgi_pid_add(server *srv, plugin_data *p, pid_t pid) {
193 int m = -1;
194 size_t i;
195 buffer_pid_t *r = &(p->cgi_pid);
196
197 UNUSED(srv);
198
199 for (i = 0; i < r->used; i++) {
200 if (r->ptr[i] > m) m = r->ptr[i];
201 }
202
203 if (r->size == 0) {
204 r->size = 16;
205 r->ptr = malloc(sizeof(*r->ptr) * r->size);
206 force_assert(r->ptr);
207 } else if (r->used == r->size) {
208 r->size += 16;
209 r->ptr = realloc(r->ptr, sizeof(*r->ptr) * r->size);
210 force_assert(r->ptr);
211 }
212
213 r->ptr[r->used++] = pid;
214
215 return m;
216 }
217
218 static int cgi_pid_del(server *srv, plugin_data *p, pid_t pid) {
219 size_t i;
220 buffer_pid_t *r = &(p->cgi_pid);
221
222 UNUSED(srv);
223
224 for (i = 0; i < r->used; i++) {
225 if (r->ptr[i] == pid) break;
226 }
227
228 if (i != r->used) {
229 /* found */
230
231 if (i != r->used - 1) {
232 r->ptr[i] = r->ptr[r->used - 1];
233 }
234 r->used--;
235 }
236
237 return 0;
238 }
239
240 static int cgi_response_parse(server *srv, connection *con, plugin_data *p, buffer *in) {
241 char *ns;
242 const char *s;
243 int line = 0;
244
245 UNUSED(srv);
246
247 buffer_copy_buffer(p->parse_response, in);
248
249 for (s = p->parse_response->ptr;
250 NULL != (ns = strchr(s, '\n'));
251 s = ns + 1, line++) {
252 const char *key, *value;
253 int key_len;
254 data_string *ds;
255
256 /* strip the \n */
257 ns[0] = '\0';
258
259 if (ns > s && ns[-1] == '\r') ns[-1] = '\0';
260
261 if (line == 0 &&
262 0 == strncmp(s, "HTTP/1.", 7)) {
263 /* non-parsed header ... we parse them anyway */
264
265 if ((s[7] == '1' ||
266 s[7] == '0') &&
267 s[8] == ' ') {
268 int status;
269 /* after the space should be a status code for us */
270
271 status = strtol(s+9, NULL, 10);
272
273 if (status >= 100 &&
274 status < 1000) {
275 /* we expected 3 digits and didn't got them */
276 con->parsed_response |= HTTP_STATUS;
277 con->http_status = status;
278 }
279 }
280 } else {
281 /* parse the headers */
282 key = s;
283 if (NULL == (value = strchr(s, ':'))) {
284 /* we expect: "<key>: <value>\r\n" */
285 continue;
286 }
287
288 key_len = value - key;
289 value += 1;
290
291 /* skip LWS */
292 while (*value == ' ' || *value == '\t') value++;
293
294 if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) {
295 ds = data_response_init();
296 }
297 buffer_copy_string_len(ds->key, key, key_len);
298 buffer_copy_string(ds->value, value);
299
300 array_insert_unique(con->response.headers, (data_unset *)ds);
301
302 switch(key_len) {
303 case 4:
304 if (0 == strncasecmp(key, "Date", key_len)) {
305 con->parsed_response |= HTTP_DATE;
306 }
307 break;
308 case 6:
309 if (0 == strncasecmp(key, "Status", key_len)) {
310 int status = strtol(value, NULL, 10);
311 if (status >= 100 && status < 1000) {
312 con->http_status = status;
313 con->parsed_response |= HTTP_STATUS;
314 } else {
315 con->http_status = 502;
316 }
317 }
318 break;
319 case 8:
320 if (0 == strncasecmp(key, "Location", key_len)) {
321 con->parsed_response |= HTTP_LOCATION;
322 }
323 break;
324 case 10:
325 if (0 == strncasecmp(key, "Connection", key_len)) {
326 con->response.keep_alive = (0 == strcasecmp(value, "Keep-Alive")) ? 1 : 0;
327 con->parsed_response |= HTTP_CONNECTION;
328 }
329 break;
330 case 14:
331 if (0 == strncasecmp(key, "Content-Length", key_len)) {
332 con->response.content_length = strtoul(value, NULL, 10);
333 con->parsed_response |= HTTP_CONTENT_LENGTH;
334 }
335 break;
336 default:
337 break;
338 }
339 }
340 }
341
342 /* CGI/1.1 rev 03 - 7.2.1.2 */
343 if ((con->parsed_response & HTTP_LOCATION) &&
344 !(con->parsed_response & HTTP_STATUS)) {
345 con->http_status = 302;
346 }
347
348 return 0;
349 }
350
351
352 static int cgi_demux_response(server *srv, handler_ctx *hctx) {
353 plugin_data *p = hctx->plugin_data;
354 connection *con = hctx->remote_conn;
355
356 while(1) {
357 int n;
358 int toread;
359
360 #if defined(__WIN32)
361 buffer_string_prepare_copy(hctx->response, 4 * 1024);
362 #else
363 if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) {
364 buffer_string_prepare_copy(hctx->response, 4 * 1024);
365 } else {
366 if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT;
367 buffer_string_prepare_copy(hctx->response, toread);
368 }
369 #endif
370
371 if (-1 == (n = read(hctx->fd, hctx->response->ptr, hctx->response->size - 1))) {
372 if (errno == EAGAIN || errno == EINTR) {
373 /* would block, wait for signal */
374 return FDEVENT_HANDLED_NOT_FINISHED;
375 }
376 /* error */
377 log_error_write(srv, __FILE__, __LINE__, "sdd", strerror(errno), con->fd, hctx->fd);
378 return FDEVENT_HANDLED_ERROR;
379 }
380
381 if (n == 0) {
382 /* read finished */
383
384 con->file_finished = 1;
385
386 /* send final chunk */
387 http_chunk_close(srv, con);
388 joblist_append(srv, con);
389
390 return FDEVENT_HANDLED_FINISHED;
391 }
392
393 buffer_commit(hctx->response, n);
394
395 /* split header from body */
396
397 if (con->file_started == 0) {
398 int is_header = 0;
399 int is_header_end = 0;
400 size_t last_eol = 0;
401 size_t i, header_len;
402
403 buffer_append_string_buffer(hctx->response_header, hctx->response);
404
405 /**
406 * we have to handle a few cases:
407 *
408 * nph:
409 *
410 * HTTP/1.0 200 Ok\n
411 * Header: Value\n
412 * \n
413 *
414 * CGI:
415 * Header: Value\n
416 * Status: 200\n
417 * \n
418 *
419 * and different mixes of \n and \r\n combinations
420 *
421 * Some users also forget about CGI and just send a response and hope
422 * we handle it. No headers, no header-content seperator
423 *
424 */
425
426 /* nph (non-parsed headers) */
427 if (0 == strncmp(hctx->response_header->ptr, "HTTP/1.", 7)) is_header = 1;
428
429 header_len = buffer_string_length(hctx->response_header);
430 for (i = 0; !is_header_end && i < header_len; i++) {
431 char c = hctx->response_header->ptr[i];
432
433 switch (c) {
434 case ':':
435 /* we found a colon
436 *
437 * looks like we have a normal header
438 */
439 is_header = 1;
440 break;
441 case '\n':
442 /* EOL */
443 if (is_header == 0) {
444 /* we got a EOL but we don't seem to got a HTTP header */
445
446 is_header_end = 1;
447
448 break;
449 }
450
451 /**
452 * check if we saw a \n(\r)?\n sequence
453 */
454 if (last_eol > 0 &&
455 ((i - last_eol == 1) ||
456 (i - last_eol == 2 && hctx->response_header->ptr[i - 1] == '\r'))) {
457 is_header_end = 1;
458 break;
459 }
460
461 last_eol = i;
462
463 break;
464 }
465 }
466
467 if (is_header_end) {
468 if (!is_header) {
469 /* no header, but a body */
470
471 if (con->request.http_version == HTTP_VERSION_1_1) {
472 con->response.transfer_encoding = HTTP_TRANSFER_ENCODING_CHUNKED;
473 }
474
475 http_chunk_append_buffer(srv, con, hctx->response_header);
476 joblist_append(srv, con);
477 } else {
478 const char *bstart;
479 size_t blen;
480
481 /* the body starts after the EOL */
482 bstart = hctx->response_header->ptr + i;
483 blen = header_len - i;
484
485 /**
486 * i still points to the char after the terminating EOL EOL
487 *
488 * put it on the last \n again
489 */
490 i--;
491
492 /* string the last \r?\n */
493 if (i > 0 && (hctx->response_header->ptr[i - 1] == '\r')) {
494 i--;
495 }
496
497 buffer_string_set_length(hctx->response_header, i);
498
499 /* parse the response header */
500 cgi_response_parse(srv, con, p, hctx->response_header);
501
502 /* enable chunked-transfer-encoding */
503 if (con->request.http_version == HTTP_VERSION_1_1 &&
504 !(con->parsed_response & HTTP_CONTENT_LENGTH)) {
505 con->response.transfer_encoding = HTTP_TRANSFER_ENCODING_CHUNKED;
506 }
507
508 if (blen > 0) {
509 http_chunk_append_mem(srv, con, bstart, blen);
510 joblist_append(srv, con);
511 }
512 }
513
514 con->file_started = 1;
515 }
516 } else {
517 http_chunk_append_buffer(srv, con, hctx->response);
518 joblist_append(srv, con);
519 }
520
521 #if 0
522 log_error_write(srv, __FILE__, __LINE__, "ddss", con->fd, hctx->fd, connection_get_state(con->state), b->ptr);
523 #endif
524 }
525
526 return FDEVENT_HANDLED_NOT_FINISHED;
527 }
528
529 static handler_t cgi_connection_close(server *srv, handler_ctx *hctx) {
530 int status;
531 pid_t pid;
532 plugin_data *p = hctx->plugin_data;
533 connection *con = hctx->remote_conn;
534
535 #ifndef __WIN32
536
537 /* the connection to the browser went away, but we still have a connection
538 * to the CGI script
539 *
540 * close cgi-connection
541 */
542
543 if (hctx->fd != -1) {
544 /* close connection to the cgi-script */
545 fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
546 fdevent_unregister(srv->ev, hctx->fd);
547
548 if (close(hctx->fd)) {
549 log_error_write(srv, __FILE__, __LINE__, "sds", "cgi close failed ", hctx->fd, strerror(errno));
550 }
551
552 hctx->fd = -1;
553 hctx->fde_ndx = -1;
554 }
555
556 pid = hctx->pid;
557
558 con->plugin_ctx[p->id] = NULL;
559
560 /* is this a good idea ? */
561 cgi_handler_ctx_free(hctx);
562
563 /* if waitpid hasn't been called by response.c yet, do it here */
564 if (pid) {
565 /* check if the CGI-script is already gone */
566 switch(waitpid(pid, &status, WNOHANG)) {
567 case 0:
568 /* not finished yet */
569 #if 0
570 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) child isn't done yet, pid:", pid);
571 #endif
572 break;
573 case -1:
574 /* */
575 if (errno == EINTR) break;
576
577 /*
578 * errno == ECHILD happens if _subrequest catches the process-status before
579 * we have read the response of the cgi process
580 *
581 * -> catch status
582 * -> WAIT_FOR_EVENT
583 * -> read response
584 * -> we get here with waitpid == ECHILD
585 *
586 */
587 if (errno != ECHILD) {
588 log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno));
589 }
590 /* anyway: don't wait for it anymore */
591 pid = 0;
592 break;
593 default:
594 if (WIFEXITED(status)) {
595 #if 0
596 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", pid);
597 #endif
598 } else {
599 log_error_write(srv, __FILE__, __LINE__, "sd", "cgi died, pid:", pid);
600 }
601
602 pid = 0;
603 break;
604 }
605
606 if (pid) {
607 kill(pid, SIGTERM);
608
609 /* cgi-script is still alive, queue the PID for removal */
610 cgi_pid_add(srv, p, pid);
611 }
612 }
613 #endif
614
615 if (con->state == CON_STATE_HANDLE_REQUEST) {
616 /* (not CON_STATE_ERROR and not CON_STATE_RESPONSE_END,
617 * i.e. not called from cgi_connection_close_callback()) */
618
619 /* Send an error if we haven't sent any data yet */
620 if (0 == con->file_started) {
621 con->http_status = 500;
622 con->mode = DIRECT;
623 } else if (0 == con->file_finished) {
624 http_chunk_close(srv, con);
625 con->file_finished = 1;
626 }
627 }
628
629 return HANDLER_GO_ON;
630 }
631
632 static handler_t cgi_connection_close_callback(server *srv, connection *con, void *p_d) {
633 plugin_data *p = p_d;
634 handler_ctx *hctx = con->plugin_ctx[p->id];
635
636 if (con->mode != p->id) return HANDLER_GO_ON;
637 if (NULL == hctx) return HANDLER_GO_ON;
638
639 return cgi_connection_close(srv, hctx);
640 }
641
642
643 static handler_t cgi_handle_fdevent(server *srv, void *ctx, int revents) {
644 handler_ctx *hctx = ctx;
645 connection *con = hctx->remote_conn;
646
647 joblist_append(srv, con);
648
649 if (revents & FDEVENT_IN) {
650 switch (cgi_demux_response(srv, hctx)) {
651 case FDEVENT_HANDLED_NOT_FINISHED:
652 break;
653 case FDEVENT_HANDLED_FINISHED:
654 /* we are done */
655
656 #if 0
657 log_error_write(srv, __FILE__, __LINE__, "ddss", con->fd, hctx->fd, connection_get_state(con->state), "finished");
658 #endif
659 cgi_connection_close(srv, hctx);
660
661 /* if we get a IN|HUP and have read everything don't exec the close twice */
662 return HANDLER_FINISHED;
663 case FDEVENT_HANDLED_ERROR:
664 log_error_write(srv, __FILE__, __LINE__, "s", "demuxer failed: ");
665
666 cgi_connection_close(srv, hctx);
667 return HANDLER_FINISHED;
668 }
669 }
670
671 if (revents & FDEVENT_OUT) {
672 /* nothing to do */
673 }
674
675 /* perhaps this issue is already handled */
676 if (revents & FDEVENT_HUP) {
677 /* check if we still have a unfinished header package which is a body in reality */
678 if (con->file_started == 0 && !buffer_string_is_empty(hctx->response_header)) {
679 con->file_started = 1;
680 http_chunk_append_buffer(srv, con, hctx->response_header);
681 }
682
683 # if 0
684 log_error_write(srv, __FILE__, __LINE__, "sddd", "got HUP from cgi", con->fd, hctx->fd, revents);
685 # endif
686
687 /* rtsigs didn't liked the close */
688 cgi_connection_close(srv, hctx);
689 } else if (revents & FDEVENT_ERR) {
690 /* kill all connections to the cgi process */
691 cgi_connection_close(srv, hctx);
692 #if 1
693 log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR");
694 #endif
695 return HANDLER_ERROR;
696 }
697
698 return HANDLER_FINISHED;
699 }
700
701
702 static int cgi_env_add(char_array *env, const char *key, size_t key_len, const char *val, size_t val_len) {
703 char *dst;
704
705 if (!key || !val) return -1;
706
707 dst = malloc(key_len + val_len + 2);
708 force_assert(dst);
709 memcpy(dst, key, key_len);
710 dst[key_len] = '=';
711 memcpy(dst + key_len + 1, val, val_len);
712 dst[key_len + 1 + val_len] = '\0';
713
714 if (env->size == 0) {
715 env->size = 16;
716 env->ptr = malloc(env->size * sizeof(*env->ptr));
717 force_assert(env->ptr);
718 } else if (env->size == env->used) {
719 env->size += 16;
720 env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr));
721 force_assert(env->ptr);
722 }
723
724 env->ptr[env->used++] = dst;
725
726 return 0;
727 }
728
729 /* returns: 0: continue, -1: fatal error, -2: connection reset */
730 /* similar to network_write_file_chunk_mmap, but doesn't use send on windows (because we're on pipes),
731 * also mmaps and sends complete chunk instead of only small parts - the files
732 * are supposed to be temp files with reasonable chunk sizes.
733 *
734 * Also always use mmap; the files are "trusted", as we created them.
735 */
736 static int cgi_write_file_chunk_mmap(server *srv, connection *con, int fd, chunkqueue *cq) {
737 chunk* const c = cq->first;
738 off_t offset, toSend, file_end;
739 ssize_t r;
740 size_t mmap_offset, mmap_avail;
741 const char *data;
742
743 force_assert(NULL != c);
744 force_assert(FILE_CHUNK == c->type);
745 force_assert(c->offset >= 0 && c->offset <= c->file.length);
746
747 offset = c->file.start + c->offset;
748 toSend = c->file.length - c->offset;
749 file_end = c->file.start + c->file.length; /* offset to file end in this chunk */
750
751 if (0 == toSend) {
752 chunkqueue_remove_finished_chunks(cq);
753 return 0;
754 }
755
756 if (0 != network_open_file_chunk(srv, con, cq)) return -1;
757
758 /* (re)mmap the buffer if range is not covered completely */
759 if (MAP_FAILED == c->file.mmap.start
760 || offset < c->file.mmap.offset
761 || file_end > (off_t)(c->file.mmap.offset + c->file.mmap.length)) {
762
763 if (MAP_FAILED != c->file.mmap.start) {
764 munmap(c->file.mmap.start, c->file.mmap.length);
765 c->file.mmap.start = MAP_FAILED;
766 }
767
768 c->file.mmap.offset = mmap_align_offset(offset);
769 c->file.mmap.length = file_end - c->file.mmap.offset;
770
771 if (MAP_FAILED == (c->file.mmap.start = mmap(NULL, c->file.mmap.length, PROT_READ, MAP_PRIVATE, c->file.fd, c->file.mmap.offset))) {
772 log_error_write(srv, __FILE__, __LINE__, "ssbdoo", "mmap failed:",
773 strerror(errno), c->file.name, c->file.fd, c->file.mmap.offset, (off_t) c->file.mmap.length);
774 return -1;
775 }
776 }
777
778 force_assert(offset >= c->file.mmap.offset);
779 mmap_offset = offset - c->file.mmap.offset;
780 force_assert(c->file.mmap.length > mmap_offset);
781 mmap_avail = c->file.mmap.length - mmap_offset;
782 force_assert(toSend <= (off_t) mmap_avail);
783
784 data = c->file.mmap.start + mmap_offset;
785
786 if ((r = write(fd, data, toSend)) < 0) {
787 switch (errno) {
788 case EAGAIN:
789 case EINTR:
790 return 0;
791 case EPIPE:
792 case ECONNRESET:
793 return -2;
794 default:
795 log_error_write(srv, __FILE__, __LINE__, "ssd",
796 "write failed:", strerror(errno), fd);
797 return -1;
798 }
799 }
800
801 if (r >= 0) {
802 chunkqueue_mark_written(cq, r);
803 }
804
805 return 0;
806 }
807
808 static int cgi_create_env(server *srv, connection *con, plugin_data *p, buffer *cgi_handler) {
809 pid_t pid;
810
811 #ifdef HAVE_IPV6
812 char b2[INET6_ADDRSTRLEN + 1];
813 #endif
814
815 int to_cgi_fds[2];
816 int from_cgi_fds[2];
817 struct stat st;
818
819 #ifndef __WIN32
820
821 if (!buffer_string_is_empty(cgi_handler)) {
822 /* stat the exec file */
823 if (-1 == (stat(cgi_handler->ptr, &st))) {
824 log_error_write(srv, __FILE__, __LINE__, "sbss",
825 "stat for cgi-handler", cgi_handler,
826 "failed:", strerror(errno));
827 return -1;
828 }
829 }
830
831 if (pipe(to_cgi_fds)) {
832 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno));
833 return -1;
834 }
835
836 if (pipe(from_cgi_fds)) {
837 close(to_cgi_fds[0]);
838 close(to_cgi_fds[1]);
839 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno));
840 return -1;
841 }
842
843 /* fork, execve */
844 switch (pid = fork()) {
845 case 0: {
846 /* child */
847 char **args;
848 int argc;
849 int i = 0;
850 char buf[LI_ITOSTRING_LENGTH];
851 size_t n;
852 char_array env;
853 char *c;
854 const char *s;
855 server_socket *srv_sock = con->srv_socket;
856
857 /* move stdout to from_cgi_fd[1] */
858 close(STDOUT_FILENO);
859 dup2(from_cgi_fds[1], STDOUT_FILENO);
860 close(from_cgi_fds[1]);
861 /* not needed */
862 close(from_cgi_fds[0]);
863
864 /* move the stdin to to_cgi_fd[0] */
865 close(STDIN_FILENO);
866 dup2(to_cgi_fds[0], STDIN_FILENO);
867 close(to_cgi_fds[0]);
868 /* not needed */
869 close(to_cgi_fds[1]);
870
871 /* create environment */
872 env.ptr = NULL;
873 env.size = 0;
874 env.used = 0;
875
876 if (buffer_is_empty(con->conf.server_tag)) {
877 cgi_env_add(&env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_STR_LEN(PACKAGE_DESC));
878 } else {
879 cgi_env_add(&env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_BUF_LEN(con->conf.server_tag));
880 }
881
882 if (!buffer_string_is_empty(con->server_name)) {
883 size_t len = buffer_string_length(con->server_name);
884
885 if (con->server_name->ptr[0] == '[') {
886 const char *colon = strstr(con->server_name->ptr, "]:");
887 if (colon) len = (colon + 1) - con->server_name->ptr;
888 } else {
889 const char *colon = strchr(con->server_name->ptr, ':');
890 if (colon) len = colon - con->server_name->ptr;
891 }
892
893 cgi_env_add(&env, CONST_STR_LEN("SERVER_NAME"), con->server_name->ptr, len);
894 } else {
895 #ifdef HAVE_IPV6
896 s = inet_ntop(
897 srv_sock->addr.plain.sa_family,
898 srv_sock->addr.plain.sa_family == AF_INET6 ?
899 (const void *) &(srv_sock->addr.ipv6.sin6_addr) :
900 (const void *) &(srv_sock->addr.ipv4.sin_addr),
901 b2, sizeof(b2)-1);
902 #else
903 s = inet_ntoa(srv_sock->addr.ipv4.sin_addr);
904 #endif
905 force_assert(s);
906 cgi_env_add(&env, CONST_STR_LEN("SERVER_NAME"), s, strlen(s));
907 }
908 cgi_env_add(&env, CONST_STR_LEN("GATEWAY_INTERFACE"), CONST_STR_LEN("CGI/1.1"));
909
910 s = get_http_version_name(con->request.http_version);
911 force_assert(s);
912 cgi_env_add(&env, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s));
913
914 li_utostrn(buf, sizeof(buf),
915 #ifdef HAVE_IPV6
916 ntohs(srv_sock->addr.plain.sa_family == AF_INET6 ? srv_sock->addr.ipv6.sin6_port : srv_sock->addr.ipv4.sin_port)
917 #else
918 ntohs(srv_sock->addr.ipv4.sin_port)
919 #endif
920 );
921 cgi_env_add(&env, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf));
922
923 switch (srv_sock->addr.plain.sa_family) {
924 #ifdef HAVE_IPV6
925 case AF_INET6:
926 s = inet_ntop(
927 srv_sock->addr.plain.sa_family,
928 (const void *) &(srv_sock->addr.ipv6.sin6_addr),
929 b2, sizeof(b2)-1);
930 break;
931 case AF_INET:
932 s = inet_ntop(
933 srv_sock->addr.plain.sa_family,
934 (const void *) &(srv_sock->addr.ipv4.sin_addr),
935 b2, sizeof(b2)-1);
936 break;
937 #else
938 case AF_INET:
939 s = inet_ntoa(srv_sock->addr.ipv4.sin_addr);
940 break;
941 #endif
942 default:
943 s = "";
944 break;
945 }
946 force_assert(s);
947 cgi_env_add(&env, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s));
948
949 s = get_http_method_name(con->request.http_method);
950 force_assert(s);
951 cgi_env_add(&env, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s));
952
953 if (!buffer_string_is_empty(con->request.pathinfo)) {
954 cgi_env_add(&env, CONST_STR_LEN("PATH_INFO"), CONST_BUF_LEN(con->request.pathinfo));
955 }
956 cgi_env_add(&env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200"));
957 if (!buffer_string_is_empty(con->uri.query)) {
958 cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query));
959 }
960 if (!buffer_string_is_empty(con->request.orig_uri)) {
961 cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri));
962 }
963
964
965 switch (con->dst_addr.plain.sa_family) {
966 #ifdef HAVE_IPV6
967 case AF_INET6:
968 s = inet_ntop(
969 con->dst_addr.plain.sa_family,
970 (const void *) &(con->dst_addr.ipv6.sin6_addr),
971 b2, sizeof(b2)-1);
972 break;
973 case AF_INET:
974 s = inet_ntop(
975 con->dst_addr.plain.sa_family,
976 (const void *) &(con->dst_addr.ipv4.sin_addr),
977 b2, sizeof(b2)-1);
978 break;
979 #else
980 case AF_INET:
981 s = inet_ntoa(con->dst_addr.ipv4.sin_addr);
982 break;
983 #endif
984 default:
985 s = "";
986 break;
987 }
988 force_assert(s);
989 cgi_env_add(&env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s));
990
991 li_utostrn(buf, sizeof(buf),
992 #ifdef HAVE_IPV6
993 ntohs(con->dst_addr.plain.sa_family == AF_INET6 ? con->dst_addr.ipv6.sin6_port : con->dst_addr.ipv4.sin_port)
994 #else
995 ntohs(con->dst_addr.ipv4.sin_port)
996 #endif
997 );
998 cgi_env_add(&env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf));
999
1000 if (buffer_is_equal_caseless_string(con->uri.scheme, CONST_STR_LEN("https"))) {
1001 cgi_env_add(&env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on"));
1002 }
1003
1004 li_itostrn(buf, sizeof(buf), con->request.content_length);
1005 cgi_env_add(&env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf));
1006 cgi_env_add(&env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(con->physical.path));
1007 cgi_env_add(&env, CONST_STR_LEN("SCRIPT_NAME"), CONST_BUF_LEN(con->uri.path));
1008 cgi_env_add(&env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(con->physical.basedir));
1009
1010 /* for valgrind */
1011 if (NULL != (s = getenv("LD_PRELOAD"))) {
1012 cgi_env_add(&env, CONST_STR_LEN("LD_PRELOAD"), s, strlen(s));
1013 }
1014
1015 if (NULL != (s = getenv("LD_LIBRARY_PATH"))) {
1016 cgi_env_add(&env, CONST_STR_LEN("LD_LIBRARY_PATH"), s, strlen(s));
1017 }
1018 #ifdef __CYGWIN__
1019 /* CYGWIN needs SYSTEMROOT */
1020 if (NULL != (s = getenv("SYSTEMROOT"))) {
1021 cgi_env_add(&env, CONST_STR_LEN("SYSTEMROOT"), s, strlen(s));
1022 }
1023 #endif
1024
1025 for (n = 0; n < con->request.headers->used; n++) {
1026 data_string *ds;
1027
1028 ds = (data_string *)con->request.headers->data[n];
1029
1030 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
1031 buffer_copy_string_encoded_cgi_varnames(p->tmp_buf, CONST_BUF_LEN(ds->key), 1);
1032
1033 cgi_env_add(&env, CONST_BUF_LEN(p->tmp_buf), CONST_BUF_LEN(ds->value));
1034 }
1035 }
1036
1037 for (n = 0; n < con->environment->used; n++) {
1038 data_string *ds;
1039
1040 ds = (data_string *)con->environment->data[n];
1041
1042 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
1043 buffer_copy_string_encoded_cgi_varnames(p->tmp_buf, CONST_BUF_LEN(ds->key), 0);
1044
1045 cgi_env_add(&env, CONST_BUF_LEN(p->tmp_buf), CONST_BUF_LEN(ds->value));
1046 }
1047 }
1048
1049 if (env.size == env.used) {
1050 env.size += 16;
1051 env.ptr = realloc(env.ptr, env.size * sizeof(*env.ptr));
1052 }
1053
1054 env.ptr[env.used] = NULL;
1055
1056 /* set up args */
1057 argc = 3;
1058 args = malloc(sizeof(*args) * argc);
1059 force_assert(args);
1060 i = 0;
1061
1062 if (!buffer_string_is_empty(cgi_handler)) {
1063 args[i++] = cgi_handler->ptr;
1064 }
1065 args[i++] = con->physical.path->ptr;
1066 args[i ] = NULL;
1067
1068 /* search for the last / */
1069 if (NULL != (c = strrchr(con->physical.path->ptr, '/'))) {
1070 /* handle special case of file in root directory */
1071 const char* physdir = (c == con->physical.path->ptr) ? "/" : con->physical.path->ptr;
1072
1073 /* temporarily shorten con->physical.path to directory without terminating '/' */
1074 *c = '\0';
1075 /* change to the physical directory */
1076 if (-1 == chdir(physdir)) {
1077 log_error_write(srv, __FILE__, __LINE__, "ssb", "chdir failed:", strerror(errno), con->physical.path);
1078 }
1079 *c = '/';
1080 }
1081
1082 /* we don't need the client socket */
1083 for (i = 3; i < 256; i++) {
1084 if (i != srv->errorlog_fd) close(i);
1085 }
1086
1087 /* exec the cgi */
1088 execve(args[0], args, env.ptr);
1089
1090 /* most log files may have been closed/redirected by this point,
1091 * though stderr might still point to lighttpd.breakage.log */
1092 perror(args[0]);
1093 _exit(1);
1094 }
1095 case -1:
1096 /* error */
1097 log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno));
1098 close(from_cgi_fds[0]);
1099 close(from_cgi_fds[1]);
1100 close(to_cgi_fds[0]);
1101 close(to_cgi_fds[1]);
1102 return -1;
1103 default: {
1104 handler_ctx *hctx;
1105 /* parent proces */
1106
1107 close(from_cgi_fds[1]);
1108 close(to_cgi_fds[0]);
1109
1110 if (con->request.content_length) {
1111 chunkqueue *cq = con->request_content_queue;
1112 chunk *c;
1113
1114 assert(chunkqueue_length(cq) == (off_t)con->request.content_length);
1115
1116 /* NOTE: yes, this is synchronous sending of CGI post data;
1117 * if you need something asynchronous (recommended with large
1118 * request bodies), use mod_fastcgi + fcgi-cgi.
1119 *
1120 * Also: windows doesn't support select() on pipes - wouldn't be
1121 * easy to fix for all platforms.
1122 */
1123
1124 /* there is content to send */
1125 for (c = cq->first; c; c = cq->first) {
1126 int r = -1;
1127
1128 switch(c->type) {
1129 case FILE_CHUNK:
1130 r = cgi_write_file_chunk_mmap(srv, con, to_cgi_fds[1], cq);
1131 break;
1132
1133 case MEM_CHUNK:
1134 if ((r = write(to_cgi_fds[1], c->mem->ptr + c->offset, buffer_string_length(c->mem) - c->offset)) < 0) {
1135 switch(errno) {
1136 case EAGAIN:
1137 case EINTR:
1138 /* ignore and try again */
1139 r = 0;
1140 break;
1141 case EPIPE:
1142 case ECONNRESET:
1143 /* connection closed */
1144 r = -2;
1145 break;
1146 default:
1147 /* fatal error */
1148 log_error_write(srv, __FILE__, __LINE__, "ss", "write failed due to: ", strerror(errno));
1149 r = -1;
1150 break;
1151 }
1152 } else if (r > 0) {
1153 chunkqueue_mark_written(cq, r);
1154 }
1155 break;
1156 }
1157
1158 switch (r) {
1159 case -1:
1160 /* fatal error */
1161 close(from_cgi_fds[0]);
1162 close(to_cgi_fds[1]);
1163 kill(pid, SIGTERM);
1164 cgi_pid_add(srv, p, pid);
1165 return -1;
1166 case -2:
1167 /* connection reset */
1168 log_error_write(srv, __FILE__, __LINE__, "s", "failed to send post data to cgi, connection closed by CGI");
1169 /* skip all remaining data */
1170 chunkqueue_mark_written(cq, chunkqueue_length(cq));
1171 break;
1172 default:
1173 break;
1174 }
1175 }
1176 }
1177
1178 close(to_cgi_fds[1]);
1179
1180 /* register PID and wait for them asyncronously */
1181 con->mode = p->id;
1182 buffer_reset(con->physical.path);
1183
1184 hctx = cgi_handler_ctx_init();
1185
1186 hctx->remote_conn = con;
1187 hctx->plugin_data = p;
1188 hctx->pid = pid;
1189 hctx->fd = from_cgi_fds[0];
1190 hctx->fde_ndx = -1;
1191
1192 con->plugin_ctx[p->id] = hctx;
1193
1194 fdevent_register(srv->ev, hctx->fd, cgi_handle_fdevent, hctx);
1195 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN);
1196
1197 if (-1 == fdevent_fcntl_set(srv->ev, hctx->fd)) {
1198 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
1199 cgi_connection_close(srv, hctx);
1200 return -1;
1201 }
1202
1203 break;
1204 }
1205 }
1206
1207 return 0;
1208 #else
1209 return -1;
1210 #endif
1211 }
1212
1213 #define PATCH(x) \
1214 p->conf.x = s->x;
1215 static int mod_cgi_patch_connection(server *srv, connection *con, plugin_data *p) {
1216 size_t i, j;
1217 plugin_config *s = p->config_storage[0];
1218
1219 PATCH(cgi);
1220 PATCH(execute_x_only);
1221
1222 /* skip the first, the global context */
1223 for (i = 1; i < srv->config_context->used; i++) {
1224 data_config *dc = (data_config *)srv->config_context->data[i];
1225 s = p->config_storage[i];
1226
1227 /* condition didn't match */
1228 if (!config_check_cond(srv, con, dc)) continue;
1229
1230 /* merge config */
1231 for (j = 0; j < dc->value->used; j++) {
1232 data_unset *du = dc->value->data[j];
1233
1234 if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.assign"))) {
1235 PATCH(cgi);
1236 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.execute-x-only"))) {
1237 PATCH(execute_x_only);
1238 }
1239 }
1240 }
1241
1242 return 0;
1243 }
1244 #undef PATCH
1245
1246 URIHANDLER_FUNC(cgi_is_handled) {
1247 size_t k, s_len;
1248 plugin_data *p = p_d;
1249 buffer *fn = con->physical.path;
1250 stat_cache_entry *sce = NULL;
1251
1252 if (con->mode != DIRECT) return HANDLER_GO_ON;
1253
1254 if (buffer_is_empty(fn)) return HANDLER_GO_ON;
1255
1256 mod_cgi_patch_connection(srv, con, p);
1257
1258 if (HANDLER_ERROR == stat_cache_get_entry(srv, con, con->physical.path, &sce)) return HANDLER_GO_ON;
1259 if (!S_ISREG(sce->st.st_mode)) return HANDLER_GO_ON;
1260 if (p->conf.execute_x_only == 1 && (sce->st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) return HANDLER_GO_ON;
1261
1262 s_len = buffer_string_length(fn);
1263
1264 for (k = 0; k < p->conf.cgi->used; k++) {
1265 data_string *ds = (data_string *)p->conf.cgi->data[k];
1266 size_t ct_len = buffer_string_length(ds->key);
1267
1268 if (buffer_is_empty(ds->key)) continue;
1269 if (s_len < ct_len) continue;
1270
1271 if (0 == strncmp(fn->ptr + s_len - ct_len, ds->key->ptr, ct_len)) {
1272 if (cgi_create_env(srv, con, p, ds->value)) {
1273 con->mode = DIRECT;
1274 con->http_status = 500;
1275
1276 buffer_reset(con->physical.path);
1277 return HANDLER_FINISHED;
1278 }
1279 /* one handler is enough for the request */
1280 break;
1281 }
1282 }
1283
1284 return HANDLER_GO_ON;
1285 }
1286
1287 TRIGGER_FUNC(cgi_trigger) {
1288 plugin_data *p = p_d;
1289 size_t ndx;
1290 /* the trigger handle only cares about lonely PID which we have to wait for */
1291 #ifndef __WIN32
1292
1293 for (ndx = 0; ndx < p->cgi_pid.used; ndx++) {
1294 int status;
1295
1296 switch(waitpid(p->cgi_pid.ptr[ndx], &status, WNOHANG)) {
1297 case 0:
1298 /* not finished yet */
1299 #if 0
1300 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) child isn't done yet, pid:", p->cgi_pid.ptr[ndx]);
1301 #endif
1302 break;
1303 case -1:
1304 if (errno == ECHILD) {
1305 /* someone else called waitpid... remove the pid to stop looping the error each time */
1306 log_error_write(srv, __FILE__, __LINE__, "s", "cgi child vanished, probably someone else called waitpid");
1307
1308 cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]);
1309 ndx--;
1310 continue;
1311 }
1312
1313 log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno));
1314
1315 return HANDLER_ERROR;
1316 default:
1317
1318 if (WIFEXITED(status)) {
1319 #if 0
1320 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", p->cgi_pid.ptr[ndx]);
1321 #endif
1322 } else if (WIFSIGNALED(status)) {
1323 /* FIXME: what if we killed the CGI script with a kill(..., SIGTERM) ?
1324 */
1325 if (WTERMSIG(status) != SIGTERM) {
1326 log_error_write(srv, __FILE__, __LINE__, "sd", "cleaning up CGI: process died with signal", WTERMSIG(status));
1327 }
1328 } else {
1329 log_error_write(srv, __FILE__, __LINE__, "s", "cleaning up CGI: ended unexpectedly");
1330 }
1331
1332 cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]);
1333 /* del modified the buffer structure
1334 * and copies the last entry to the current one
1335 * -> recheck the current index
1336 */
1337 ndx--;
1338 }
1339 }
1340 #endif
1341 return HANDLER_GO_ON;
1342 }
1343
1344 /*
1345 * - HANDLER_GO_ON : not our job
1346 * - HANDLER_FINISHED: got response
1347 * - HANDLER_WAIT_FOR_EVENT: waiting for response
1348 */
1349 SUBREQUEST_FUNC(mod_cgi_handle_subrequest) {
1350 plugin_data *p = p_d;
1351 handler_ctx *hctx = con->plugin_ctx[p->id];
1352 UNUSED(srv);
1353
1354 if (con->mode != p->id) return HANDLER_GO_ON;
1355 if (NULL == hctx) return HANDLER_GO_ON;
1356
1357 #if 0
1358 log_error_write(srv, __FILE__, __LINE__, "sdd", "subrequest, pid =", hctx, hctx->pid);
1359 #endif
1360
1361 /* if not done, wait for CGI to close stdout, so we read EOF on pipe */
1362 return con->file_finished ? HANDLER_FINISHED : HANDLER_WAIT_FOR_EVENT;
1363 }
1364
1365
1366 int mod_cgi_plugin_init(plugin *p);
1367 int mod_cgi_plugin_init(plugin *p) {
1368 p->version = LIGHTTPD_VERSION_ID;
1369 p->name = buffer_init_string("cgi");
1370
1371 p->connection_reset = cgi_connection_close_callback;
1372 p->handle_subrequest_start = cgi_is_handled;
1373 p->handle_subrequest = mod_cgi_handle_subrequest;
1374 p->handle_trigger = cgi_trigger;
1375 p->init = mod_cgi_init;
1376 p->cleanup = mod_cgi_free;
1377 p->set_defaults = mod_fastcgi_set_defaults;
1378
1379 p->data = NULL;
1380
1381 return 0;
1382 }
Fast, efficient, small footprint web server