1 #include "first.h" 2 3 #include "server.h" 4 #include "stat_cache.h" 5 #include "keyvalue.h" 6 #include "log.h" 7 #include "connections.h" 8 #include "joblist.h" 9 #include "response.h" 10 #include "http_chunk.h" 11 12 #include "plugin.h" 13 14 #include <sys/types.h> 15 #include "sys-mmap.h" 16 17 #ifdef __WIN32 18 # include <winsock2.h> 19 #else 20 # include <sys/socket.h> 21 # include <sys/wait.h> 22 # include <netinet/in.h> 23 # include <arpa/inet.h> 24 #endif 25 26 #include <unistd.h> 27 #include <errno.h> 28 #include <stdlib.h> 29 #include <string.h> 30 #include <fdevent.h> 31 #include <signal.h> 32 #include <ctype.h> 33 #include <assert.h> 34 35 #include <stdio.h> 36 #include <fcntl.h> 37 38 static int pipe_cloexec(int pipefd[2]) { 39 #ifdef HAVE_PIPE2 40 if (0 == pipe2(pipefd, O_CLOEXEC)) return 0; 41 #endif 42 return 0 == pipe(pipefd) 43 #ifdef FD_CLOEXEC 44 && 0 == fcntl(pipefd[0], F_SETFD, FD_CLOEXEC) 45 && 0 == fcntl(pipefd[1], F_SETFD, FD_CLOEXEC) 46 #endif 47 ? 0 48 : -1; 49 } 50 51 enum {EOL_UNSET, EOL_N, EOL_RN}; 52 53 typedef struct { 54 char **ptr; 55 56 size_t size; 57 size_t used; 58 } char_array; 59 60 typedef struct { 61 pid_t *ptr; 62 size_t used; 63 size_t size; 64 } buffer_pid_t; 65 66 typedef struct { 67 array *cgi; 68 unsigned short execute_x_only; 69 unsigned short xsendfile_allow; 70 array *xsendfile_docroot; 71 } plugin_config; 72 73 typedef struct { 74 PLUGIN_DATA; 75 buffer_pid_t cgi_pid; 76 77 buffer *parse_response; 78 79 plugin_config **config_storage; 80 81 plugin_config conf; 82 } plugin_data; 83 84 typedef struct { 85 pid_t pid; 86 int fd; 87 int fdtocgi; 88 int fde_ndx; /* index into the fd-event buffer */ 89 int fde_ndx_tocgi; /* index into the fd-event buffer */ 90 91 connection *remote_conn; /* dumb pointer */ 92 plugin_data *plugin_data; /* dumb pointer */ 93 94 buffer *response; 95 buffer *response_header; 96 buffer *cgi_handler; /* dumb pointer */ 97 plugin_config conf; 98 } handler_ctx; 99 100 static handler_ctx * cgi_handler_ctx_init(void) { 101 handler_ctx *hctx = calloc(1, sizeof(*hctx)); 102 103 force_assert(hctx); 104 105 hctx->response = buffer_init(); 106 hctx->response_header = buffer_init(); 107 hctx->fd = -1; 108 hctx->fdtocgi = -1; 109 110 return hctx; 111 } 112 113 static void cgi_handler_ctx_free(handler_ctx *hctx) { 114 buffer_free(hctx->response); 115 buffer_free(hctx->response_header); 116 117 free(hctx); 118 } 119 120 enum {FDEVENT_HANDLED_UNSET, FDEVENT_HANDLED_FINISHED, FDEVENT_HANDLED_NOT_FINISHED, FDEVENT_HANDLED_COMEBACK, FDEVENT_HANDLED_ERROR}; 121 122 INIT_FUNC(mod_cgi_init) { 123 plugin_data *p; 124 125 p = calloc(1, sizeof(*p)); 126 127 force_assert(p); 128 129 p->parse_response = buffer_init(); 130 131 return p; 132 } 133 134 135 FREE_FUNC(mod_cgi_free) { 136 plugin_data *p = p_d; 137 buffer_pid_t *r = &(p->cgi_pid); 138 139 UNUSED(srv); 140 141 if (p->config_storage) { 142 size_t i; 143 for (i = 0; i < srv->config_context->used; i++) { 144 plugin_config *s = p->config_storage[i]; 145 146 if (NULL == s) continue; 147 148 array_free(s->cgi); 149 array_free(s->xsendfile_docroot); 150 151 free(s); 152 } 153 free(p->config_storage); 154 } 155 156 157 if (r->ptr) free(r->ptr); 158 159 buffer_free(p->parse_response); 160 161 free(p); 162 163 return HANDLER_GO_ON; 164 } 165 166 SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) { 167 plugin_data *p = p_d; 168 size_t i = 0; 169 170 config_values_t cv[] = { 171 { "cgi.assign", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ 172 { "cgi.execute-x-only", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ 173 { "cgi.x-sendfile", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ 174 { "cgi.x-sendfile-docroot", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 3 */ 175 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET} 176 }; 177 178 if (!p) return HANDLER_ERROR; 179 180 p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *)); 181 force_assert(p->config_storage); 182 183 for (i = 0; i < srv->config_context->used; i++) { 184 data_config const* config = (data_config const*)srv->config_context->data[i]; 185 plugin_config *s; 186 187 s = calloc(1, sizeof(plugin_config)); 188 force_assert(s); 189 190 s->cgi = array_init(); 191 s->execute_x_only = 0; 192 s->xsendfile_allow= 0; 193 s->xsendfile_docroot = array_init(); 194 195 cv[0].destination = s->cgi; 196 cv[1].destination = &(s->execute_x_only); 197 cv[2].destination = &(s->xsendfile_allow); 198 cv[3].destination = s->xsendfile_docroot; 199 200 p->config_storage[i] = s; 201 202 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { 203 return HANDLER_ERROR; 204 } 205 206 if (s->xsendfile_docroot->used) { 207 size_t j; 208 for (j = 0; j < s->xsendfile_docroot->used; ++j) { 209 data_string *ds = (data_string *)s->xsendfile_docroot->data[j]; 210 if (ds->type != TYPE_STRING) { 211 log_error_write(srv, __FILE__, __LINE__, "s", 212 "unexpected type for key cgi.x-sendfile-docroot; expected: cgi.x-sendfile-docroot = ( \"/allowed/path\", ... )"); 213 return HANDLER_ERROR; 214 } 215 if (ds->value->ptr[0] != '/') { 216 log_error_write(srv, __FILE__, __LINE__, "SBs", 217 "cgi.x-sendfile-docroot paths must begin with '/'; invalid: \"", ds->value, "\""); 218 return HANDLER_ERROR; 219 } 220 buffer_path_simplify(ds->value, ds->value); 221 buffer_append_slash(ds->value); 222 } 223 } 224 } 225 226 return HANDLER_GO_ON; 227 } 228 229 230 static int cgi_pid_add(server *srv, plugin_data *p, pid_t pid) { 231 int m = -1; 232 size_t i; 233 buffer_pid_t *r = &(p->cgi_pid); 234 235 UNUSED(srv); 236 237 for (i = 0; i < r->used; i++) { 238 if (r->ptr[i] > m) m = r->ptr[i]; 239 } 240 241 if (r->size == 0) { 242 r->size = 16; 243 r->ptr = malloc(sizeof(*r->ptr) * r->size); 244 force_assert(r->ptr); 245 } else if (r->used == r->size) { 246 r->size += 16; 247 r->ptr = realloc(r->ptr, sizeof(*r->ptr) * r->size); 248 force_assert(r->ptr); 249 } 250 251 r->ptr[r->used++] = pid; 252 253 return m; 254 } 255 256 static int cgi_pid_del(server *srv, plugin_data *p, pid_t pid) { 257 size_t i; 258 buffer_pid_t *r = &(p->cgi_pid); 259 260 UNUSED(srv); 261 262 for (i = 0; i < r->used; i++) { 263 if (r->ptr[i] == pid) break; 264 } 265 266 if (i != r->used) { 267 /* found */ 268 269 if (i != r->used - 1) { 270 r->ptr[i] = r->ptr[r->used - 1]; 271 } 272 r->used--; 273 } 274 275 return 0; 276 } 277 278 static int cgi_response_parse(server *srv, connection *con, plugin_data *p, buffer *in) { 279 char *ns; 280 const char *s; 281 int line = 0; 282 283 UNUSED(srv); 284 285 buffer_copy_buffer(p->parse_response, in); 286 287 for (s = p->parse_response->ptr; 288 NULL != (ns = strchr(s, '\n')); 289 s = ns + 1, line++) { 290 const char *key, *value; 291 int key_len; 292 data_string *ds; 293 294 /* strip the \n */ 295 ns[0] = '\0'; 296 297 if (ns > s && ns[-1] == '\r') ns[-1] = '\0'; 298 299 if (line == 0 && 300 0 == strncmp(s, "HTTP/1.", 7)) { 301 /* non-parsed header ... we parse them anyway */ 302 303 if ((s[7] == '1' || 304 s[7] == '0') && 305 s[8] == ' ') { 306 int status; 307 /* after the space should be a status code for us */ 308 309 status = strtol(s+9, NULL, 10); 310 311 if (status >= 100 && 312 status < 1000) { 313 /* we expected 3 digits and didn't got them */ 314 con->parsed_response |= HTTP_STATUS; 315 con->http_status = status; 316 } 317 } 318 } else { 319 /* parse the headers */ 320 key = s; 321 if (NULL == (value = strchr(s, ':'))) { 322 /* we expect: "<key>: <value>\r\n" */ 323 continue; 324 } 325 326 key_len = value - key; 327 value += 1; 328 329 /* skip LWS */ 330 while (*value == ' ' || *value == '\t') value++; 331 332 if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) { 333 ds = data_response_init(); 334 } 335 buffer_copy_string_len(ds->key, key, key_len); 336 buffer_copy_string(ds->value, value); 337 338 array_insert_unique(con->response.headers, (data_unset *)ds); 339 340 switch(key_len) { 341 case 4: 342 if (0 == strncasecmp(key, "Date", key_len)) { 343 con->parsed_response |= HTTP_DATE; 344 } 345 break; 346 case 6: 347 if (0 == strncasecmp(key, "Status", key_len)) { 348 int status = strtol(value, NULL, 10); 349 if (status >= 100 && status < 1000) { 350 con->http_status = status; 351 con->parsed_response |= HTTP_STATUS; 352 } else { 353 con->http_status = 502; 354 } 355 } 356 break; 357 case 8: 358 if (0 == strncasecmp(key, "Location", key_len)) { 359 con->parsed_response |= HTTP_LOCATION; 360 } 361 break; 362 case 10: 363 if (0 == strncasecmp(key, "Connection", key_len)) { 364 con->response.keep_alive = (0 == strcasecmp(value, "Keep-Alive")) ? 1 : 0; 365 con->parsed_response |= HTTP_CONNECTION; 366 } 367 break; 368 case 14: 369 if (0 == strncasecmp(key, "Content-Length", key_len)) { 370 con->response.content_length = strtoul(value, NULL, 10); 371 con->parsed_response |= HTTP_CONTENT_LENGTH; 372 } 373 break; 374 default: 375 break; 376 } 377 } 378 } 379 380 /* CGI/1.1 rev 03 - 7.2.1.2 */ 381 if ((con->parsed_response & HTTP_LOCATION) && 382 !(con->parsed_response & HTTP_STATUS)) { 383 con->http_status = 302; 384 } 385 386 return 0; 387 } 388 389 390 static int cgi_demux_response(server *srv, handler_ctx *hctx) { 391 plugin_data *p = hctx->plugin_data; 392 connection *con = hctx->remote_conn; 393 394 while(1) { 395 int n; 396 int toread; 397 398 #if defined(__WIN32) 399 buffer_string_prepare_copy(hctx->response, 4 * 1024); 400 #else 401 if (ioctl(hctx->fd, FIONREAD, &toread) || toread <= 4*1024) { 402 buffer_string_prepare_copy(hctx->response, 4 * 1024); 403 } else { 404 if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT; 405 buffer_string_prepare_copy(hctx->response, toread); 406 } 407 #endif 408 409 if (-1 == (n = read(hctx->fd, hctx->response->ptr, hctx->response->size - 1))) { 410 if (errno == EAGAIN || errno == EINTR) { 411 /* would block, wait for signal */ 412 fdevent_event_add(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 413 return FDEVENT_HANDLED_NOT_FINISHED; 414 } 415 /* error */ 416 log_error_write(srv, __FILE__, __LINE__, "sdd", strerror(errno), con->fd, hctx->fd); 417 return FDEVENT_HANDLED_ERROR; 418 } 419 420 if (n == 0) { 421 /* read finished */ 422 return FDEVENT_HANDLED_FINISHED; 423 } 424 425 buffer_commit(hctx->response, n); 426 427 /* split header from body */ 428 429 if (con->file_started == 0) { 430 int is_header = 0; 431 int is_header_end = 0; 432 size_t last_eol = 0; 433 size_t i, header_len; 434 435 buffer_append_string_buffer(hctx->response_header, hctx->response); 436 437 /** 438 * we have to handle a few cases: 439 * 440 * nph: 441 * 442 * HTTP/1.0 200 Ok\n 443 * Header: Value\n 444 * \n 445 * 446 * CGI: 447 * Header: Value\n 448 * Status: 200\n 449 * \n 450 * 451 * and different mixes of \n and \r\n combinations 452 * 453 * Some users also forget about CGI and just send a response and hope 454 * we handle it. No headers, no header-content seperator 455 * 456 */ 457 458 /* nph (non-parsed headers) */ 459 if (0 == strncmp(hctx->response_header->ptr, "HTTP/1.", 7)) is_header = 1; 460 461 header_len = buffer_string_length(hctx->response_header); 462 for (i = 0; !is_header_end && i < header_len; i++) { 463 char c = hctx->response_header->ptr[i]; 464 465 switch (c) { 466 case ':': 467 /* we found a colon 468 * 469 * looks like we have a normal header 470 */ 471 is_header = 1; 472 break; 473 case '\n': 474 /* EOL */ 475 if (is_header == 0) { 476 /* we got a EOL but we don't seem to got a HTTP header */ 477 478 is_header_end = 1; 479 480 break; 481 } 482 483 /** 484 * check if we saw a \n(\r)?\n sequence 485 */ 486 if (last_eol > 0 && 487 ((i - last_eol == 1) || 488 (i - last_eol == 2 && hctx->response_header->ptr[i - 1] == '\r'))) { 489 is_header_end = 1; 490 break; 491 } 492 493 last_eol = i; 494 495 break; 496 } 497 } 498 499 if (is_header_end) { 500 if (!is_header) { 501 /* no header, but a body */ 502 if (0 != http_chunk_append_buffer(srv, con, hctx->response_header)) { 503 return FDEVENT_HANDLED_ERROR; 504 } 505 } else { 506 const char *bstart; 507 size_t blen; 508 509 /* the body starts after the EOL */ 510 bstart = hctx->response_header->ptr + i; 511 blen = header_len - i; 512 513 /** 514 * i still points to the char after the terminating EOL EOL 515 * 516 * put it on the last \n again 517 */ 518 i--; 519 520 /* string the last \r?\n */ 521 if (i > 0 && (hctx->response_header->ptr[i - 1] == '\r')) { 522 i--; 523 } 524 525 buffer_string_set_length(hctx->response_header, i); 526 527 /* parse the response header */ 528 cgi_response_parse(srv, con, p, hctx->response_header); 529 530 if (con->http_status >= 300 && con->http_status < 400) { 531 /*(con->parsed_response & HTTP_LOCATION)*/ 532 size_t ulen = buffer_string_length(con->uri.path); 533 data_string *ds; 534 if (NULL != (ds = (data_string *) array_get_element(con->response.headers, "Location")) 535 && ds->value->ptr[0] == '/' 536 && (0 != strncmp(ds->value->ptr, con->uri.path->ptr, ulen) 537 || (ds->value->ptr[ulen] != '\0' && ds->value->ptr[ulen] != '/' && ds->value->ptr[ulen] != '?')) 538 && NULL == array_get_element(con->response.headers, "Set-Cookie")) { 539 if (++con->loops_per_request > 5) { 540 log_error_write(srv, __FILE__, __LINE__, "sb", "too many internal loops while processing request:", con->request.orig_uri); 541 con->http_status = 500; /* Internal Server Error */ 542 con->mode = DIRECT; 543 return FDEVENT_HANDLED_FINISHED; 544 } 545 546 buffer_copy_buffer(con->request.uri, ds->value); 547 548 if (con->request.content_length) { 549 if (con->request.content_length != con->request_content_queue->bytes_in) { 550 con->keep_alive = 0; 551 } 552 con->request.content_length = 0; 553 chunkqueue_reset(con->request_content_queue); 554 } 555 556 if (con->http_status != 307 && con->http_status != 308) { 557 /* Note: request body (if any) sent to initial dynamic handler 558 * and is not available to the internal redirect */ 559 con->request.http_method = HTTP_METHOD_GET; 560 } 561 562 connection_response_reset(srv, con); /*(includes con->http_status = 0)*/ 563 564 con->mode = DIRECT; 565 return FDEVENT_HANDLED_COMEBACK; 566 } 567 } 568 569 if (hctx->conf.xsendfile_allow) { 570 data_string *ds; 571 if (NULL != (ds = (data_string *) array_get_element(con->response.headers, "X-Sendfile"))) { 572 http_response_xsendfile(srv, con, ds->value, hctx->conf.xsendfile_docroot); 573 return FDEVENT_HANDLED_FINISHED; 574 } 575 } 576 577 if (blen > 0) { 578 if (0 != http_chunk_append_mem(srv, con, bstart, blen)) { 579 return FDEVENT_HANDLED_ERROR; 580 } 581 } 582 } 583 584 con->file_started = 1; 585 } else { 586 /*(reuse MAX_HTTP_REQUEST_HEADER as max size for response headers from backends)*/ 587 if (header_len > MAX_HTTP_REQUEST_HEADER) { 588 log_error_write(srv, __FILE__, __LINE__, "sb", "response headers too large for", con->uri.path); 589 con->http_status = 502; /* Bad Gateway */ 590 con->mode = DIRECT; 591 return FDEVENT_HANDLED_FINISHED; 592 } 593 } 594 } else { 595 if (0 != http_chunk_append_buffer(srv, con, hctx->response)) { 596 return FDEVENT_HANDLED_ERROR; 597 } 598 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) 599 && chunkqueue_length(con->write_queue) > 65536 - 4096) { 600 if (!con->is_writable) { 601 /*(defer removal of FDEVENT_IN interest since 602 * connection_state_machine() might be able to send data 603 * immediately, unless !con->is_writable, where 604 * connection_state_machine() might not loop back to call 605 * mod_cgi_handle_subrequest())*/ 606 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 607 } 608 break; 609 } 610 } 611 612 #if 0 613 log_error_write(srv, __FILE__, __LINE__, "ddss", con->fd, hctx->fd, connection_get_state(con->state), b->ptr); 614 #endif 615 } 616 617 return FDEVENT_HANDLED_NOT_FINISHED; 618 } 619 620 static void cgi_connection_close_fdtocgi(server *srv, handler_ctx *hctx) { 621 /*(closes only hctx->fdtocgi)*/ 622 fdevent_event_del(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi); 623 fdevent_unregister(srv->ev, hctx->fdtocgi); 624 fdevent_sched_close(srv->ev, hctx->fdtocgi, 0); 625 hctx->fdtocgi = -1; 626 } 627 628 static void cgi_connection_close(server *srv, handler_ctx *hctx) { 629 int status; 630 pid_t pid; 631 plugin_data *p = hctx->plugin_data; 632 connection *con = hctx->remote_conn; 633 634 #ifndef __WIN32 635 636 /* the connection to the browser went away, but we still have a connection 637 * to the CGI script 638 * 639 * close cgi-connection 640 */ 641 642 if (hctx->fd != -1) { 643 /* close connection to the cgi-script */ 644 fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd); 645 fdevent_unregister(srv->ev, hctx->fd); 646 fdevent_sched_close(srv->ev, hctx->fd, 0); 647 } 648 649 if (hctx->fdtocgi != -1) { 650 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/ 651 } 652 653 pid = hctx->pid; 654 655 con->plugin_ctx[p->id] = NULL; 656 657 cgi_handler_ctx_free(hctx); 658 659 /* if waitpid hasn't been called by response.c yet, do it here */ 660 if (pid) { 661 /* check if the CGI-script is already gone */ 662 switch(waitpid(pid, &status, WNOHANG)) { 663 case 0: 664 /* not finished yet */ 665 #if 0 666 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) child isn't done yet, pid:", pid); 667 #endif 668 break; 669 case -1: 670 /* */ 671 if (errno == EINTR) break; 672 673 /* 674 * errno == ECHILD happens if _subrequest catches the process-status before 675 * we have read the response of the cgi process 676 * 677 * -> catch status 678 * -> WAIT_FOR_EVENT 679 * -> read response 680 * -> we get here with waitpid == ECHILD 681 * 682 */ 683 if (errno != ECHILD) { 684 log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno)); 685 } 686 /* anyway: don't wait for it anymore */ 687 pid = 0; 688 break; 689 default: 690 if (WIFEXITED(status)) { 691 #if 0 692 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", pid); 693 #endif 694 } else { 695 log_error_write(srv, __FILE__, __LINE__, "sd", "cgi died, pid:", pid); 696 } 697 698 pid = 0; 699 break; 700 } 701 702 if (pid) { 703 kill(pid, SIGTERM); 704 705 /* cgi-script is still alive, queue the PID for removal */ 706 cgi_pid_add(srv, p, pid); 707 } 708 } 709 #endif 710 711 /* finish response (if not already con->file_started, con->file_finished) */ 712 if (con->mode == p->id) { 713 http_response_backend_done(srv, con); 714 } 715 } 716 717 static handler_t cgi_connection_close_callback(server *srv, connection *con, void *p_d) { 718 plugin_data *p = p_d; 719 handler_ctx *hctx = con->plugin_ctx[p->id]; 720 if (hctx) cgi_connection_close(srv, hctx); 721 722 return HANDLER_GO_ON; 723 } 724 725 726 static int cgi_write_request(server *srv, handler_ctx *hctx, int fd); 727 728 729 static handler_t cgi_handle_fdevent_send (server *srv, void *ctx, int revents) { 730 handler_ctx *hctx = ctx; 731 connection *con = hctx->remote_conn; 732 733 /*(joblist only actually necessary here in mod_cgi fdevent send if returning HANDLER_ERROR)*/ 734 joblist_append(srv, con); 735 736 if (revents & FDEVENT_OUT) { 737 if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) { 738 cgi_connection_close(srv, hctx); 739 return HANDLER_ERROR; 740 } 741 /* more request body to be sent to CGI */ 742 } 743 744 if (revents & FDEVENT_HUP) { 745 /* skip sending remaining data to CGI */ 746 if (con->request.content_length) { 747 chunkqueue *cq = con->request_content_queue; 748 chunkqueue_mark_written(cq, chunkqueue_length(cq)); 749 if (cq->bytes_in != (off_t)con->request.content_length) { 750 con->keep_alive = 0; 751 } 752 } 753 754 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/ 755 } else if (revents & FDEVENT_ERR) { 756 /* kill all connections to the cgi process */ 757 #if 1 758 log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR"); 759 #endif 760 cgi_connection_close(srv, hctx); 761 return HANDLER_ERROR; 762 } 763 764 return HANDLER_FINISHED; 765 } 766 767 768 static int cgi_recv_response(server *srv, handler_ctx *hctx) { 769 switch (cgi_demux_response(srv, hctx)) { 770 case FDEVENT_HANDLED_NOT_FINISHED: 771 break; 772 case FDEVENT_HANDLED_FINISHED: 773 /* we are done */ 774 775 #if 0 776 log_error_write(srv, __FILE__, __LINE__, "ddss", con->fd, hctx->fd, connection_get_state(con->state), "finished"); 777 #endif 778 cgi_connection_close(srv, hctx); 779 780 /* if we get a IN|HUP and have read everything don't exec the close twice */ 781 return HANDLER_FINISHED; 782 case FDEVENT_HANDLED_COMEBACK: 783 cgi_connection_close(srv, hctx); 784 return HANDLER_COMEBACK; 785 case FDEVENT_HANDLED_ERROR: 786 log_error_write(srv, __FILE__, __LINE__, "s", "demuxer failed: "); 787 788 cgi_connection_close(srv, hctx); 789 return HANDLER_FINISHED; 790 } 791 792 return HANDLER_GO_ON; 793 } 794 795 796 static handler_t cgi_handle_fdevent(server *srv, void *ctx, int revents) { 797 handler_ctx *hctx = ctx; 798 connection *con = hctx->remote_conn; 799 800 joblist_append(srv, con); 801 802 if (revents & FDEVENT_IN) { 803 handler_t rc = cgi_recv_response(srv, hctx);/*(might invalidate hctx)*/ 804 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/ 805 } 806 807 /* perhaps this issue is already handled */ 808 if (revents & FDEVENT_HUP) { 809 if (con->file_started) { 810 /* drain any remaining data from kernel pipe buffers 811 * even if (con->conf.stream_response_body 812 * & FDEVENT_STREAM_RESPONSE_BUFMIN) 813 * since event loop will spin on fd FDEVENT_HUP event 814 * until unregistered. */ 815 handler_t rc; 816 do { 817 rc = cgi_recv_response(srv,hctx);/*(might invalidate hctx)*/ 818 } while (rc == HANDLER_GO_ON); /*(unless HANDLER_GO_ON)*/ 819 return rc; /* HANDLER_FINISHED or HANDLER_COMEBACK or HANDLER_ERROR */ 820 } else if (!buffer_string_is_empty(hctx->response_header)) { 821 /* unfinished header package which is a body in reality */ 822 con->file_started = 1; 823 if (0 != http_chunk_append_buffer(srv, con, hctx->response_header)) { 824 cgi_connection_close(srv, hctx); 825 return HANDLER_ERROR; 826 } 827 } else { 828 # if 0 829 log_error_write(srv, __FILE__, __LINE__, "sddd", "got HUP from cgi", con->fd, hctx->fd, revents); 830 # endif 831 } 832 cgi_connection_close(srv, hctx); 833 } else if (revents & FDEVENT_ERR) { 834 /* kill all connections to the cgi process */ 835 cgi_connection_close(srv, hctx); 836 #if 1 837 log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR"); 838 #endif 839 return HANDLER_ERROR; 840 } 841 842 return HANDLER_FINISHED; 843 } 844 845 846 static int cgi_env_add(void *venv, const char *key, size_t key_len, const char *val, size_t val_len) { 847 char_array *env = venv; 848 char *dst; 849 850 if (!key || !val) return -1; 851 852 dst = malloc(key_len + val_len + 2); 853 force_assert(dst); 854 memcpy(dst, key, key_len); 855 dst[key_len] = '='; 856 memcpy(dst + key_len + 1, val, val_len); 857 dst[key_len + 1 + val_len] = '\0'; 858 859 if (env->size == 0) { 860 env->size = 16; 861 env->ptr = malloc(env->size * sizeof(*env->ptr)); 862 force_assert(env->ptr); 863 } else if (env->size == env->used) { 864 env->size += 16; 865 env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr)); 866 force_assert(env->ptr); 867 } 868 869 env->ptr[env->used++] = dst; 870 871 return 0; 872 } 873 874 /*(improved from network_write_mmap.c)*/ 875 static off_t mmap_align_offset(off_t start) { 876 static off_t pagemask = 0; 877 if (0 == pagemask) { 878 long pagesize = sysconf(_SC_PAGESIZE); 879 if (-1 == pagesize) pagesize = 4096; 880 pagemask = ~((off_t)pagesize - 1); /* pagesize always power-of-2 */ 881 } 882 return (start & pagemask); 883 } 884 885 /* returns: 0: continue, -1: fatal error, -2: connection reset */ 886 /* similar to network_write_file_chunk_mmap, but doesn't use send on windows (because we're on pipes), 887 * also mmaps and sends complete chunk instead of only small parts - the files 888 * are supposed to be temp files with reasonable chunk sizes. 889 * 890 * Also always use mmap; the files are "trusted", as we created them. 891 */ 892 static ssize_t cgi_write_file_chunk_mmap(server *srv, connection *con, int fd, chunkqueue *cq) { 893 chunk* const c = cq->first; 894 off_t offset, toSend, file_end; 895 ssize_t r; 896 size_t mmap_offset, mmap_avail; 897 char *data; 898 899 force_assert(NULL != c); 900 force_assert(FILE_CHUNK == c->type); 901 force_assert(c->offset >= 0 && c->offset <= c->file.length); 902 903 offset = c->file.start + c->offset; 904 toSend = c->file.length - c->offset; 905 file_end = c->file.start + c->file.length; /* offset to file end in this chunk */ 906 907 if (0 == toSend) { 908 chunkqueue_remove_finished_chunks(cq); 909 return 0; 910 } 911 912 /*(simplified from chunk.c:chunkqueue_open_file_chunk())*/ 913 UNUSED(con); 914 if (-1 == c->file.fd) { 915 if (-1 == (c->file.fd = fdevent_open_cloexec(c->file.name->ptr, O_RDONLY, 0))) { 916 log_error_write(srv, __FILE__, __LINE__, "ssb", "open failed:", strerror(errno), c->file.name); 917 return -1; 918 } 919 } 920 921 /* (re)mmap the buffer if range is not covered completely */ 922 if (MAP_FAILED == c->file.mmap.start 923 || offset < c->file.mmap.offset 924 || file_end > (off_t)(c->file.mmap.offset + c->file.mmap.length)) { 925 926 if (MAP_FAILED != c->file.mmap.start) { 927 munmap(c->file.mmap.start, c->file.mmap.length); 928 c->file.mmap.start = MAP_FAILED; 929 } 930 931 c->file.mmap.offset = mmap_align_offset(offset); 932 c->file.mmap.length = file_end - c->file.mmap.offset; 933 934 if (MAP_FAILED == (c->file.mmap.start = mmap(NULL, c->file.mmap.length, PROT_READ, MAP_PRIVATE, c->file.fd, c->file.mmap.offset))) { 935 if (toSend > 65536) toSend = 65536; 936 data = malloc(toSend); 937 force_assert(data); 938 if (-1 == lseek(c->file.fd, offset, SEEK_SET) 939 || 0 >= (toSend = read(c->file.fd, data, toSend))) { 940 if (-1 == toSend) { 941 log_error_write(srv, __FILE__, __LINE__, "ssbdo", "lseek/read failed:", 942 strerror(errno), c->file.name, c->file.fd, offset); 943 } else { /*(0 == toSend)*/ 944 log_error_write(srv, __FILE__, __LINE__, "sbdo", "unexpected EOF (input truncated?):", 945 c->file.name, c->file.fd, offset); 946 } 947 free(data); 948 return -1; 949 } 950 } 951 } 952 953 if (MAP_FAILED != c->file.mmap.start) { 954 force_assert(offset >= c->file.mmap.offset); 955 mmap_offset = offset - c->file.mmap.offset; 956 force_assert(c->file.mmap.length > mmap_offset); 957 mmap_avail = c->file.mmap.length - mmap_offset; 958 force_assert(toSend <= (off_t) mmap_avail); 959 960 data = c->file.mmap.start + mmap_offset; 961 } 962 963 r = write(fd, data, toSend); 964 965 if (MAP_FAILED == c->file.mmap.start) free(data); 966 967 if (r < 0) { 968 switch (errno) { 969 case EAGAIN: 970 case EINTR: 971 return 0; 972 case EPIPE: 973 case ECONNRESET: 974 return -2; 975 default: 976 log_error_write(srv, __FILE__, __LINE__, "ssd", 977 "write failed:", strerror(errno), fd); 978 return -1; 979 } 980 } 981 982 if (r >= 0) { 983 chunkqueue_mark_written(cq, r); 984 } 985 986 return r; 987 } 988 989 static int cgi_write_request(server *srv, handler_ctx *hctx, int fd) { 990 connection *con = hctx->remote_conn; 991 chunkqueue *cq = con->request_content_queue; 992 chunk *c; 993 994 /* old comment: windows doesn't support select() on pipes - wouldn't be easy to fix for all platforms. 995 * solution: if this is still a problem on windows, then substitute 996 * socketpair() for pipe() and closesocket() for close() on windows. 997 */ 998 999 for (c = cq->first; c; c = cq->first) { 1000 ssize_t r = -1; 1001 1002 switch(c->type) { 1003 case FILE_CHUNK: 1004 r = cgi_write_file_chunk_mmap(srv, con, fd, cq); 1005 break; 1006 1007 case MEM_CHUNK: 1008 if ((r = write(fd, c->mem->ptr + c->offset, buffer_string_length(c->mem) - c->offset)) < 0) { 1009 switch(errno) { 1010 case EAGAIN: 1011 case EINTR: 1012 /* ignore and try again */ 1013 r = 0; 1014 break; 1015 case EPIPE: 1016 case ECONNRESET: 1017 /* connection closed */ 1018 r = -2; 1019 break; 1020 default: 1021 /* fatal error */ 1022 log_error_write(srv, __FILE__, __LINE__, "ss", "write failed due to: ", strerror(errno)); 1023 r = -1; 1024 break; 1025 } 1026 } else if (r > 0) { 1027 chunkqueue_mark_written(cq, r); 1028 } 1029 break; 1030 } 1031 1032 if (0 == r) break; /*(might block)*/ 1033 1034 switch (r) { 1035 case -1: 1036 /* fatal error */ 1037 return -1; 1038 case -2: 1039 /* connection reset */ 1040 log_error_write(srv, __FILE__, __LINE__, "s", "failed to send post data to cgi, connection closed by CGI"); 1041 /* skip all remaining data */ 1042 chunkqueue_mark_written(cq, chunkqueue_length(cq)); 1043 break; 1044 default: 1045 break; 1046 } 1047 } 1048 1049 if (cq->bytes_out == (off_t)con->request.content_length) { 1050 /* sent all request body input */ 1051 /* close connection to the cgi-script */ 1052 if (-1 == hctx->fdtocgi) { /*(received request body sent in initial send to pipe buffer)*/ 1053 --srv->cur_fds; 1054 if (close(fd)) { 1055 log_error_write(srv, __FILE__, __LINE__, "sds", "cgi stdin close failed ", fd, strerror(errno)); 1056 } 1057 } else { 1058 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/ 1059 } 1060 } else { 1061 off_t cqlen = cq->bytes_in - cq->bytes_out; 1062 if (cq->bytes_in != con->request.content_length && cqlen < 65536 - 16384) { 1063 /*(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST)*/ 1064 if (!(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_POLLIN)) { 1065 con->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN; 1066 con->is_readable = 1; /* trigger optimistic read from client */ 1067 } 1068 } 1069 if (-1 == hctx->fdtocgi) { /*(not registered yet)*/ 1070 hctx->fdtocgi = fd; 1071 hctx->fde_ndx_tocgi = -1; 1072 fdevent_register(srv->ev, hctx->fdtocgi, cgi_handle_fdevent_send, hctx); 1073 } 1074 if (0 == cqlen) { /*(chunkqueue_is_empty(cq))*/ 1075 if ((fdevent_event_get_interest(srv->ev, hctx->fdtocgi) & FDEVENT_OUT)) { 1076 fdevent_event_set(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi, 0); 1077 } 1078 } else { 1079 /* more request body remains to be sent to CGI so register for fdevents */ 1080 fdevent_event_set(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi, FDEVENT_OUT); 1081 } 1082 } 1083 1084 return 0; 1085 } 1086 1087 static int cgi_create_env(server *srv, connection *con, plugin_data *p, handler_ctx *hctx, buffer *cgi_handler) { 1088 pid_t pid; 1089 1090 int to_cgi_fds[2]; 1091 int from_cgi_fds[2]; 1092 struct stat st; 1093 UNUSED(p); 1094 1095 #ifndef __WIN32 1096 1097 if (!buffer_string_is_empty(cgi_handler)) { 1098 /* stat the exec file */ 1099 if (-1 == (stat(cgi_handler->ptr, &st))) { 1100 log_error_write(srv, __FILE__, __LINE__, "sbss", 1101 "stat for cgi-handler", cgi_handler, 1102 "failed:", strerror(errno)); 1103 return -1; 1104 } 1105 } 1106 1107 if (pipe_cloexec(to_cgi_fds)) { 1108 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno)); 1109 return -1; 1110 } 1111 1112 if (pipe_cloexec(from_cgi_fds)) { 1113 close(to_cgi_fds[0]); 1114 close(to_cgi_fds[1]); 1115 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno)); 1116 return -1; 1117 } 1118 1119 /* fork, execve */ 1120 switch (pid = fork()) { 1121 case 0: { 1122 /* child */ 1123 char **args; 1124 int argc; 1125 int i = 0; 1126 char_array env; 1127 char *c; 1128 const char *s; 1129 http_cgi_opts opts = { 0, 0, NULL, NULL }; 1130 1131 /* move stdout to from_cgi_fd[1] */ 1132 dup2(from_cgi_fds[1], STDOUT_FILENO); 1133 #ifndef FD_CLOEXEC 1134 close(from_cgi_fds[1]); 1135 /* not needed */ 1136 close(from_cgi_fds[0]); 1137 #endif 1138 1139 /* move the stdin to to_cgi_fd[0] */ 1140 dup2(to_cgi_fds[0], STDIN_FILENO); 1141 #ifndef FD_CLOEXEC 1142 close(to_cgi_fds[0]); 1143 /* not needed */ 1144 close(to_cgi_fds[1]); 1145 #endif 1146 1147 /* create environment */ 1148 env.ptr = NULL; 1149 env.size = 0; 1150 env.used = 0; 1151 1152 http_cgi_headers(srv, con, &opts, cgi_env_add, &env); 1153 1154 /* for valgrind */ 1155 if (NULL != (s = getenv("LD_PRELOAD"))) { 1156 cgi_env_add(&env, CONST_STR_LEN("LD_PRELOAD"), s, strlen(s)); 1157 } 1158 1159 if (NULL != (s = getenv("LD_LIBRARY_PATH"))) { 1160 cgi_env_add(&env, CONST_STR_LEN("LD_LIBRARY_PATH"), s, strlen(s)); 1161 } 1162 #ifdef __CYGWIN__ 1163 /* CYGWIN needs SYSTEMROOT */ 1164 if (NULL != (s = getenv("SYSTEMROOT"))) { 1165 cgi_env_add(&env, CONST_STR_LEN("SYSTEMROOT"), s, strlen(s)); 1166 } 1167 #endif 1168 1169 if (env.size == env.used) { 1170 env.size += 16; 1171 env.ptr = realloc(env.ptr, env.size * sizeof(*env.ptr)); 1172 } 1173 1174 env.ptr[env.used] = NULL; 1175 1176 /* set up args */ 1177 argc = 3; 1178 args = malloc(sizeof(*args) * argc); 1179 force_assert(args); 1180 i = 0; 1181 1182 if (!buffer_string_is_empty(cgi_handler)) { 1183 args[i++] = cgi_handler->ptr; 1184 } 1185 args[i++] = con->physical.path->ptr; 1186 args[i ] = NULL; 1187 1188 /* search for the last / */ 1189 if (NULL != (c = strrchr(con->physical.path->ptr, '/'))) { 1190 /* handle special case of file in root directory */ 1191 const char* physdir = (c == con->physical.path->ptr) ? "/" : con->physical.path->ptr; 1192 1193 /* temporarily shorten con->physical.path to directory without terminating '/' */ 1194 *c = '\0'; 1195 /* change to the physical directory */ 1196 if (-1 == chdir(physdir)) { 1197 log_error_write(srv, __FILE__, __LINE__, "ssb", "chdir failed:", strerror(errno), con->physical.path); 1198 } 1199 *c = '/'; 1200 } 1201 1202 /* we don't need the client socket */ 1203 for (i = 3; i < 256; i++) { 1204 if (i != srv->errorlog_fd) close(i); 1205 } 1206 1207 /* exec the cgi */ 1208 execve(args[0], args, env.ptr); 1209 1210 /* most log files may have been closed/redirected by this point, 1211 * though stderr might still point to lighttpd.breakage.log */ 1212 perror(args[0]); 1213 _exit(1); 1214 } 1215 case -1: 1216 /* error */ 1217 log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno)); 1218 close(from_cgi_fds[0]); 1219 close(from_cgi_fds[1]); 1220 close(to_cgi_fds[0]); 1221 close(to_cgi_fds[1]); 1222 return -1; 1223 default: { 1224 /* parent process */ 1225 1226 close(from_cgi_fds[1]); 1227 close(to_cgi_fds[0]); 1228 1229 /* register PID and wait for them asynchronously */ 1230 1231 hctx->pid = pid; 1232 hctx->fd = from_cgi_fds[0]; 1233 hctx->fde_ndx = -1; 1234 1235 ++srv->cur_fds; 1236 1237 if (0 == con->request.content_length) { 1238 close(to_cgi_fds[1]); 1239 } else { 1240 /* there is content to send */ 1241 if (-1 == fdevent_fcntl_set_nb(srv->ev, to_cgi_fds[1])) { 1242 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno)); 1243 close(to_cgi_fds[1]); 1244 cgi_connection_close(srv, hctx); 1245 return -1; 1246 } 1247 1248 if (0 != cgi_write_request(srv, hctx, to_cgi_fds[1])) { 1249 close(to_cgi_fds[1]); 1250 cgi_connection_close(srv, hctx); 1251 return -1; 1252 } 1253 1254 ++srv->cur_fds; 1255 } 1256 1257 fdevent_register(srv->ev, hctx->fd, cgi_handle_fdevent, hctx); 1258 if (-1 == fdevent_fcntl_set_nb(srv->ev, hctx->fd)) { 1259 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno)); 1260 cgi_connection_close(srv, hctx); 1261 return -1; 1262 } 1263 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 1264 1265 break; 1266 } 1267 } 1268 1269 return 0; 1270 #else 1271 return -1; 1272 #endif 1273 } 1274 1275 static buffer * cgi_get_handler(array *a, buffer *fn) { 1276 size_t k, s_len = buffer_string_length(fn); 1277 for (k = 0; k < a->used; ++k) { 1278 data_string *ds = (data_string *)a->data[k]; 1279 size_t ct_len = buffer_string_length(ds->key); 1280 1281 if (buffer_is_empty(ds->key)) continue; 1282 if (s_len < ct_len) continue; 1283 1284 if (0 == strncmp(fn->ptr + s_len - ct_len, ds->key->ptr, ct_len)) { 1285 return ds->value; 1286 } 1287 } 1288 1289 return NULL; 1290 } 1291 1292 #define PATCH(x) \ 1293 p->conf.x = s->x; 1294 static int mod_cgi_patch_connection(server *srv, connection *con, plugin_data *p) { 1295 size_t i, j; 1296 plugin_config *s = p->config_storage[0]; 1297 1298 PATCH(cgi); 1299 PATCH(execute_x_only); 1300 PATCH(xsendfile_allow); 1301 PATCH(xsendfile_docroot); 1302 1303 /* skip the first, the global context */ 1304 for (i = 1; i < srv->config_context->used; i++) { 1305 data_config *dc = (data_config *)srv->config_context->data[i]; 1306 s = p->config_storage[i]; 1307 1308 /* condition didn't match */ 1309 if (!config_check_cond(srv, con, dc)) continue; 1310 1311 /* merge config */ 1312 for (j = 0; j < dc->value->used; j++) { 1313 data_unset *du = dc->value->data[j]; 1314 1315 if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.assign"))) { 1316 PATCH(cgi); 1317 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.execute-x-only"))) { 1318 PATCH(execute_x_only); 1319 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile"))) { 1320 PATCH(xsendfile_allow); 1321 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile-docroot"))) { 1322 PATCH(xsendfile_docroot); 1323 } 1324 } 1325 } 1326 1327 return 0; 1328 } 1329 #undef PATCH 1330 1331 URIHANDLER_FUNC(cgi_is_handled) { 1332 plugin_data *p = p_d; 1333 buffer *fn = con->physical.path; 1334 stat_cache_entry *sce = NULL; 1335 struct stat stbuf; 1336 struct stat *st; 1337 buffer *cgi_handler; 1338 1339 if (con->mode != DIRECT) return HANDLER_GO_ON; 1340 1341 if (buffer_is_empty(fn)) return HANDLER_GO_ON; 1342 1343 mod_cgi_patch_connection(srv, con, p); 1344 1345 if (HANDLER_ERROR != stat_cache_get_entry(srv, con, con->physical.path, &sce)) { 1346 st = &sce->st; 1347 } else { 1348 /* CGI might be executable even if it is not readable 1349 * (stat_cache_get_entry() currently checks file is readable)*/ 1350 if (0 != stat(con->physical.path->ptr, &stbuf)) return HANDLER_GO_ON; 1351 st = &stbuf; 1352 } 1353 1354 if (!S_ISREG(st->st_mode)) return HANDLER_GO_ON; 1355 if (p->conf.execute_x_only == 1 && (st->st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) return HANDLER_GO_ON; 1356 1357 if (NULL != (cgi_handler = cgi_get_handler(p->conf.cgi, fn))) { 1358 handler_ctx *hctx = cgi_handler_ctx_init(); 1359 hctx->remote_conn = con; 1360 hctx->plugin_data = p; 1361 hctx->cgi_handler = cgi_handler; 1362 memcpy(&hctx->conf, &p->conf, sizeof(plugin_config)); 1363 con->plugin_ctx[p->id] = hctx; 1364 con->mode = p->id; 1365 } 1366 1367 return HANDLER_GO_ON; 1368 } 1369 1370 TRIGGER_FUNC(cgi_trigger) { 1371 plugin_data *p = p_d; 1372 size_t ndx; 1373 /* the trigger handle only cares about lonely PID which we have to wait for */ 1374 #ifndef __WIN32 1375 1376 for (ndx = 0; ndx < p->cgi_pid.used; ndx++) { 1377 int status; 1378 1379 switch(waitpid(p->cgi_pid.ptr[ndx], &status, WNOHANG)) { 1380 case 0: 1381 /* not finished yet */ 1382 #if 0 1383 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) child isn't done yet, pid:", p->cgi_pid.ptr[ndx]); 1384 #endif 1385 break; 1386 case -1: 1387 if (errno == ECHILD) { 1388 /* someone else called waitpid... remove the pid to stop looping the error each time */ 1389 log_error_write(srv, __FILE__, __LINE__, "s", "cgi child vanished, probably someone else called waitpid"); 1390 1391 cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]); 1392 ndx--; 1393 continue; 1394 } 1395 1396 log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno)); 1397 1398 return HANDLER_ERROR; 1399 default: 1400 1401 if (WIFEXITED(status)) { 1402 #if 0 1403 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", p->cgi_pid.ptr[ndx]); 1404 #endif 1405 } else if (WIFSIGNALED(status)) { 1406 /* FIXME: what if we killed the CGI script with a kill(..., SIGTERM) ? 1407 */ 1408 if (WTERMSIG(status) != SIGTERM) { 1409 log_error_write(srv, __FILE__, __LINE__, "sd", "cleaning up CGI: process died with signal", WTERMSIG(status)); 1410 } 1411 } else { 1412 log_error_write(srv, __FILE__, __LINE__, "s", "cleaning up CGI: ended unexpectedly"); 1413 } 1414 1415 cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]); 1416 /* del modified the buffer structure 1417 * and copies the last entry to the current one 1418 * -> recheck the current index 1419 */ 1420 ndx--; 1421 } 1422 } 1423 #endif 1424 return HANDLER_GO_ON; 1425 } 1426 1427 /* 1428 * - HANDLER_GO_ON : not our job 1429 * - HANDLER_FINISHED: got response 1430 * - HANDLER_WAIT_FOR_EVENT: waiting for response 1431 */ 1432 SUBREQUEST_FUNC(mod_cgi_handle_subrequest) { 1433 plugin_data *p = p_d; 1434 handler_ctx *hctx = con->plugin_ctx[p->id]; 1435 chunkqueue *cq = con->request_content_queue; 1436 1437 if (con->mode != p->id) return HANDLER_GO_ON; 1438 if (NULL == hctx) return HANDLER_GO_ON; 1439 1440 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) 1441 && con->file_started) { 1442 if (chunkqueue_length(con->write_queue) > 65536 - 4096) { 1443 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 1444 } else if (!(fdevent_event_get_interest(srv->ev, hctx->fd) & FDEVENT_IN)) { 1445 /* optimistic read from backend, which might re-enable FDEVENT_IN */ 1446 handler_t rc = cgi_recv_response(srv, hctx); /*(might invalidate hctx)*/ 1447 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/ 1448 } 1449 } 1450 1451 if (cq->bytes_in != (off_t)con->request.content_length) { 1452 /*(64k - 4k to attempt to avoid temporary files 1453 * in conjunction with FDEVENT_STREAM_REQUEST_BUFMIN)*/ 1454 if (cq->bytes_in - cq->bytes_out > 65536 - 4096 1455 && (con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_BUFMIN)){ 1456 con->conf.stream_request_body &= ~FDEVENT_STREAM_REQUEST_POLLIN; 1457 if (-1 != hctx->fd) return HANDLER_WAIT_FOR_EVENT; 1458 } else { 1459 handler_t r = connection_handle_read_post_state(srv, con); 1460 if (!chunkqueue_is_empty(cq)) { 1461 if (fdevent_event_get_interest(srv->ev, hctx->fdtocgi) & FDEVENT_OUT) { 1462 return (r == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : r; 1463 } 1464 } 1465 if (r != HANDLER_GO_ON) return r; 1466 1467 /* CGI environment requires that Content-Length be set. 1468 * Send 411 Length Required if Content-Length missing. 1469 * (occurs here if client sends Transfer-Encoding: chunked 1470 * and module is flagged to stream request body to backend) */ 1471 if (-1 == con->request.content_length) { 1472 return connection_handle_read_post_error(srv, con, 411); 1473 } 1474 } 1475 } 1476 1477 if (-1 == hctx->fd) { 1478 if (cgi_create_env(srv, con, p, hctx, hctx->cgi_handler)) { 1479 con->http_status = 500; 1480 con->mode = DIRECT; 1481 1482 return HANDLER_FINISHED; 1483 } 1484 #if 0 1485 log_error_write(srv, __FILE__, __LINE__, "sdd", "subrequest, pid =", hctx, hctx->pid); 1486 #endif 1487 } else if (!chunkqueue_is_empty(con->request_content_queue)) { 1488 if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) { 1489 cgi_connection_close(srv, hctx); 1490 return HANDLER_ERROR; 1491 } 1492 } 1493 1494 /* if not done, wait for CGI to close stdout, so we read EOF on pipe */ 1495 return HANDLER_WAIT_FOR_EVENT; 1496 } 1497 1498 1499 int mod_cgi_plugin_init(plugin *p); 1500 int mod_cgi_plugin_init(plugin *p) { 1501 p->version = LIGHTTPD_VERSION_ID; 1502 p->name = buffer_init_string("cgi"); 1503 1504 p->connection_reset = cgi_connection_close_callback; 1505 p->handle_subrequest_start = cgi_is_handled; 1506 p->handle_subrequest = mod_cgi_handle_subrequest; 1507 p->handle_trigger = cgi_trigger; 1508 p->init = mod_cgi_init; 1509 p->cleanup = mod_cgi_free; 1510 p->set_defaults = mod_fastcgi_set_defaults; 1511 1512 p->data = NULL; 1513 1514 return 0; 1515 } 1516