1 #include "first.h" 2 3 #include "server.h" 4 #include "stat_cache.h" 5 #include "keyvalue.h" 6 #include "log.h" 7 #include "connections.h" 8 #include "joblist.h" 9 #include "response.h" 10 #include "http_chunk.h" 11 #include "network_backends.h" 12 13 #include "plugin.h" 14 15 #include <sys/types.h> 16 #include "sys-mmap.h" 17 18 #ifdef __WIN32 19 # include <winsock2.h> 20 #else 21 # include <sys/socket.h> 22 # include <sys/wait.h> 23 # include <netinet/in.h> 24 # include <arpa/inet.h> 25 #endif 26 27 #include <unistd.h> 28 #include <errno.h> 29 #include <stdlib.h> 30 #include <string.h> 31 #include <fdevent.h> 32 #include <signal.h> 33 #include <ctype.h> 34 #include <assert.h> 35 36 #include <stdio.h> 37 #include <fcntl.h> 38 39 enum {EOL_UNSET, EOL_N, EOL_RN}; 40 41 typedef struct { 42 char **ptr; 43 44 size_t size; 45 size_t used; 46 } char_array; 47 48 typedef struct { 49 pid_t *ptr; 50 size_t used; 51 size_t size; 52 } buffer_pid_t; 53 54 typedef struct { 55 array *cgi; 56 unsigned short execute_x_only; 57 unsigned short xsendfile_allow; 58 array *xsendfile_docroot; 59 } plugin_config; 60 61 typedef struct { 62 PLUGIN_DATA; 63 buffer_pid_t cgi_pid; 64 65 buffer *tmp_buf; 66 buffer *parse_response; 67 68 plugin_config **config_storage; 69 70 plugin_config conf; 71 } plugin_data; 72 73 typedef struct { 74 pid_t pid; 75 int fd; 76 int fdtocgi; 77 int fde_ndx; /* index into the fd-event buffer */ 78 int fde_ndx_tocgi; /* index into the fd-event buffer */ 79 80 connection *remote_conn; /* dumb pointer */ 81 plugin_data *plugin_data; /* dumb pointer */ 82 83 buffer *response; 84 buffer *response_header; 85 } handler_ctx; 86 87 static handler_ctx * cgi_handler_ctx_init(void) { 88 handler_ctx *hctx = calloc(1, sizeof(*hctx)); 89 90 force_assert(hctx); 91 92 hctx->response = buffer_init(); 93 hctx->response_header = buffer_init(); 94 hctx->fd = -1; 95 hctx->fdtocgi = -1; 96 97 return hctx; 98 } 99 100 static void cgi_handler_ctx_free(handler_ctx *hctx) { 101 buffer_free(hctx->response); 102 buffer_free(hctx->response_header); 103 104 free(hctx); 105 } 106 107 enum {FDEVENT_HANDLED_UNSET, FDEVENT_HANDLED_FINISHED, FDEVENT_HANDLED_NOT_FINISHED, FDEVENT_HANDLED_ERROR}; 108 109 INIT_FUNC(mod_cgi_init) { 110 plugin_data *p; 111 112 p = calloc(1, sizeof(*p)); 113 114 force_assert(p); 115 116 p->tmp_buf = buffer_init(); 117 p->parse_response = buffer_init(); 118 119 return p; 120 } 121 122 123 FREE_FUNC(mod_cgi_free) { 124 plugin_data *p = p_d; 125 buffer_pid_t *r = &(p->cgi_pid); 126 127 UNUSED(srv); 128 129 if (p->config_storage) { 130 size_t i; 131 for (i = 0; i < srv->config_context->used; i++) { 132 plugin_config *s = p->config_storage[i]; 133 134 if (NULL == s) continue; 135 136 array_free(s->cgi); 137 array_free(s->xsendfile_docroot); 138 139 free(s); 140 } 141 free(p->config_storage); 142 } 143 144 145 if (r->ptr) free(r->ptr); 146 147 buffer_free(p->tmp_buf); 148 buffer_free(p->parse_response); 149 150 free(p); 151 152 return HANDLER_GO_ON; 153 } 154 155 SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) { 156 plugin_data *p = p_d; 157 size_t i = 0; 158 159 config_values_t cv[] = { 160 { "cgi.assign", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ 161 { "cgi.execute-x-only", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ 162 { "cgi.x-sendfile", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ 163 { "cgi.x-sendfile-docroot", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 3 */ 164 { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET} 165 }; 166 167 if (!p) return HANDLER_ERROR; 168 169 p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *)); 170 force_assert(p->config_storage); 171 172 for (i = 0; i < srv->config_context->used; i++) { 173 data_config const* config = (data_config const*)srv->config_context->data[i]; 174 plugin_config *s; 175 176 s = calloc(1, sizeof(plugin_config)); 177 force_assert(s); 178 179 s->cgi = array_init(); 180 s->execute_x_only = 0; 181 s->xsendfile_allow= 0; 182 s->xsendfile_docroot = array_init(); 183 184 cv[0].destination = s->cgi; 185 cv[1].destination = &(s->execute_x_only); 186 cv[2].destination = &(s->xsendfile_allow); 187 cv[3].destination = s->xsendfile_docroot; 188 189 p->config_storage[i] = s; 190 191 if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { 192 return HANDLER_ERROR; 193 } 194 195 if (s->xsendfile_docroot->used) { 196 size_t j; 197 for (j = 0; j < s->xsendfile_docroot->used; ++j) { 198 data_string *ds = (data_string *)s->xsendfile_docroot->data[j]; 199 if (ds->type != TYPE_STRING) { 200 log_error_write(srv, __FILE__, __LINE__, "s", 201 "unexpected type for key cgi.x-sendfile-docroot; expected: cgi.x-sendfile-docroot = ( \"/allowed/path\", ... )"); 202 return HANDLER_ERROR; 203 } 204 if (ds->value->ptr[0] != '/') { 205 log_error_write(srv, __FILE__, __LINE__, "SBs", 206 "cgi.x-sendfile-docroot paths must begin with '/'; invalid: \"", ds->value, "\""); 207 return HANDLER_ERROR; 208 } 209 buffer_path_simplify(ds->value, ds->value); 210 buffer_append_slash(ds->value); 211 } 212 } 213 } 214 215 return HANDLER_GO_ON; 216 } 217 218 219 static int cgi_pid_add(server *srv, plugin_data *p, pid_t pid) { 220 int m = -1; 221 size_t i; 222 buffer_pid_t *r = &(p->cgi_pid); 223 224 UNUSED(srv); 225 226 for (i = 0; i < r->used; i++) { 227 if (r->ptr[i] > m) m = r->ptr[i]; 228 } 229 230 if (r->size == 0) { 231 r->size = 16; 232 r->ptr = malloc(sizeof(*r->ptr) * r->size); 233 force_assert(r->ptr); 234 } else if (r->used == r->size) { 235 r->size += 16; 236 r->ptr = realloc(r->ptr, sizeof(*r->ptr) * r->size); 237 force_assert(r->ptr); 238 } 239 240 r->ptr[r->used++] = pid; 241 242 return m; 243 } 244 245 static int cgi_pid_del(server *srv, plugin_data *p, pid_t pid) { 246 size_t i; 247 buffer_pid_t *r = &(p->cgi_pid); 248 249 UNUSED(srv); 250 251 for (i = 0; i < r->used; i++) { 252 if (r->ptr[i] == pid) break; 253 } 254 255 if (i != r->used) { 256 /* found */ 257 258 if (i != r->used - 1) { 259 r->ptr[i] = r->ptr[r->used - 1]; 260 } 261 r->used--; 262 } 263 264 return 0; 265 } 266 267 static int cgi_response_parse(server *srv, connection *con, plugin_data *p, buffer *in) { 268 char *ns; 269 const char *s; 270 int line = 0; 271 272 UNUSED(srv); 273 274 buffer_copy_buffer(p->parse_response, in); 275 276 for (s = p->parse_response->ptr; 277 NULL != (ns = strchr(s, '\n')); 278 s = ns + 1, line++) { 279 const char *key, *value; 280 int key_len; 281 data_string *ds; 282 283 /* strip the \n */ 284 ns[0] = '\0'; 285 286 if (ns > s && ns[-1] == '\r') ns[-1] = '\0'; 287 288 if (line == 0 && 289 0 == strncmp(s, "HTTP/1.", 7)) { 290 /* non-parsed header ... we parse them anyway */ 291 292 if ((s[7] == '1' || 293 s[7] == '0') && 294 s[8] == ' ') { 295 int status; 296 /* after the space should be a status code for us */ 297 298 status = strtol(s+9, NULL, 10); 299 300 if (status >= 100 && 301 status < 1000) { 302 /* we expected 3 digits and didn't got them */ 303 con->parsed_response |= HTTP_STATUS; 304 con->http_status = status; 305 } 306 } 307 } else { 308 /* parse the headers */ 309 key = s; 310 if (NULL == (value = strchr(s, ':'))) { 311 /* we expect: "<key>: <value>\r\n" */ 312 continue; 313 } 314 315 key_len = value - key; 316 value += 1; 317 318 /* skip LWS */ 319 while (*value == ' ' || *value == '\t') value++; 320 321 if (NULL == (ds = (data_string *)array_get_unused_element(con->response.headers, TYPE_STRING))) { 322 ds = data_response_init(); 323 } 324 buffer_copy_string_len(ds->key, key, key_len); 325 buffer_copy_string(ds->value, value); 326 327 array_insert_unique(con->response.headers, (data_unset *)ds); 328 329 switch(key_len) { 330 case 4: 331 if (0 == strncasecmp(key, "Date", key_len)) { 332 con->parsed_response |= HTTP_DATE; 333 } 334 break; 335 case 6: 336 if (0 == strncasecmp(key, "Status", key_len)) { 337 int status = strtol(value, NULL, 10); 338 if (status >= 100 && status < 1000) { 339 con->http_status = status; 340 con->parsed_response |= HTTP_STATUS; 341 } else { 342 con->http_status = 502; 343 } 344 } 345 break; 346 case 8: 347 if (0 == strncasecmp(key, "Location", key_len)) { 348 con->parsed_response |= HTTP_LOCATION; 349 } 350 break; 351 case 10: 352 if (0 == strncasecmp(key, "Connection", key_len)) { 353 con->response.keep_alive = (0 == strcasecmp(value, "Keep-Alive")) ? 1 : 0; 354 con->parsed_response |= HTTP_CONNECTION; 355 } 356 break; 357 case 14: 358 if (0 == strncasecmp(key, "Content-Length", key_len)) { 359 con->response.content_length = strtoul(value, NULL, 10); 360 con->parsed_response |= HTTP_CONTENT_LENGTH; 361 } 362 break; 363 default: 364 break; 365 } 366 } 367 } 368 369 /* CGI/1.1 rev 03 - 7.2.1.2 */ 370 if ((con->parsed_response & HTTP_LOCATION) && 371 !(con->parsed_response & HTTP_STATUS)) { 372 con->http_status = 302; 373 } 374 375 return 0; 376 } 377 378 379 static int cgi_demux_response(server *srv, handler_ctx *hctx) { 380 plugin_data *p = hctx->plugin_data; 381 connection *con = hctx->remote_conn; 382 383 while(1) { 384 int n; 385 int toread; 386 387 #if defined(__WIN32) 388 buffer_string_prepare_copy(hctx->response, 4 * 1024); 389 #else 390 if (ioctl(con->fd, FIONREAD, &toread) || toread == 0 || toread <= 4*1024) { 391 buffer_string_prepare_copy(hctx->response, 4 * 1024); 392 } else { 393 if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT; 394 buffer_string_prepare_copy(hctx->response, toread); 395 } 396 #endif 397 398 if (-1 == (n = read(hctx->fd, hctx->response->ptr, hctx->response->size - 1))) { 399 if (errno == EAGAIN || errno == EINTR) { 400 /* would block, wait for signal */ 401 fdevent_event_add(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 402 return FDEVENT_HANDLED_NOT_FINISHED; 403 } 404 /* error */ 405 log_error_write(srv, __FILE__, __LINE__, "sdd", strerror(errno), con->fd, hctx->fd); 406 return FDEVENT_HANDLED_ERROR; 407 } 408 409 if (n == 0) { 410 /* read finished */ 411 return FDEVENT_HANDLED_FINISHED; 412 } 413 414 buffer_commit(hctx->response, n); 415 416 /* split header from body */ 417 418 if (con->file_started == 0) { 419 int is_header = 0; 420 int is_header_end = 0; 421 size_t last_eol = 0; 422 size_t i, header_len; 423 424 buffer_append_string_buffer(hctx->response_header, hctx->response); 425 426 /** 427 * we have to handle a few cases: 428 * 429 * nph: 430 * 431 * HTTP/1.0 200 Ok\n 432 * Header: Value\n 433 * \n 434 * 435 * CGI: 436 * Header: Value\n 437 * Status: 200\n 438 * \n 439 * 440 * and different mixes of \n and \r\n combinations 441 * 442 * Some users also forget about CGI and just send a response and hope 443 * we handle it. No headers, no header-content seperator 444 * 445 */ 446 447 /* nph (non-parsed headers) */ 448 if (0 == strncmp(hctx->response_header->ptr, "HTTP/1.", 7)) is_header = 1; 449 450 header_len = buffer_string_length(hctx->response_header); 451 for (i = 0; !is_header_end && i < header_len; i++) { 452 char c = hctx->response_header->ptr[i]; 453 454 switch (c) { 455 case ':': 456 /* we found a colon 457 * 458 * looks like we have a normal header 459 */ 460 is_header = 1; 461 break; 462 case '\n': 463 /* EOL */ 464 if (is_header == 0) { 465 /* we got a EOL but we don't seem to got a HTTP header */ 466 467 is_header_end = 1; 468 469 break; 470 } 471 472 /** 473 * check if we saw a \n(\r)?\n sequence 474 */ 475 if (last_eol > 0 && 476 ((i - last_eol == 1) || 477 (i - last_eol == 2 && hctx->response_header->ptr[i - 1] == '\r'))) { 478 is_header_end = 1; 479 break; 480 } 481 482 last_eol = i; 483 484 break; 485 } 486 } 487 488 if (is_header_end) { 489 if (!is_header) { 490 /* no header, but a body */ 491 if (0 != http_chunk_append_buffer(srv, con, hctx->response_header)) { 492 return FDEVENT_HANDLED_ERROR; 493 } 494 } else { 495 const char *bstart; 496 size_t blen; 497 498 /* the body starts after the EOL */ 499 bstart = hctx->response_header->ptr + i; 500 blen = header_len - i; 501 502 /** 503 * i still points to the char after the terminating EOL EOL 504 * 505 * put it on the last \n again 506 */ 507 i--; 508 509 /* string the last \r?\n */ 510 if (i > 0 && (hctx->response_header->ptr[i - 1] == '\r')) { 511 i--; 512 } 513 514 buffer_string_set_length(hctx->response_header, i); 515 516 /* parse the response header */ 517 cgi_response_parse(srv, con, p, hctx->response_header); 518 519 if (p->conf.xsendfile_allow) { 520 data_string *ds; 521 if (NULL != (ds = (data_string *) array_get_element(con->response.headers, "X-Sendfile"))) { 522 http_response_xsendfile(srv, con, ds->value, p->conf.xsendfile_docroot); 523 return FDEVENT_HANDLED_FINISHED; 524 } 525 } 526 527 if (blen > 0) { 528 if (0 != http_chunk_append_mem(srv, con, bstart, blen)) { 529 return FDEVENT_HANDLED_ERROR; 530 } 531 } 532 } 533 534 con->file_started = 1; 535 } else { 536 /*(reuse MAX_HTTP_REQUEST_HEADER as max size for response headers from backends)*/ 537 if (header_len > MAX_HTTP_REQUEST_HEADER) { 538 log_error_write(srv, __FILE__, __LINE__, "sb", "response headers too large for", con->uri.path); 539 con->http_status = 502; /* Bad Gateway */ 540 con->mode = DIRECT; 541 return FDEVENT_HANDLED_FINISHED; 542 } 543 } 544 } else { 545 if (0 != http_chunk_append_buffer(srv, con, hctx->response)) { 546 return FDEVENT_HANDLED_ERROR; 547 } 548 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) 549 && chunkqueue_length(con->write_queue) > 65536 - 4096) { 550 if (!con->is_writable) { 551 /*(defer removal of FDEVENT_IN interest since 552 * connection_state_machine() might be able to send data 553 * immediately, unless !con->is_writable, where 554 * connection_state_machine() might not loop back to call 555 * mod_cgi_handle_subrequest())*/ 556 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 557 } 558 break; 559 } 560 } 561 562 #if 0 563 log_error_write(srv, __FILE__, __LINE__, "ddss", con->fd, hctx->fd, connection_get_state(con->state), b->ptr); 564 #endif 565 } 566 567 return FDEVENT_HANDLED_NOT_FINISHED; 568 } 569 570 static void cgi_connection_close_fdtocgi(server *srv, handler_ctx *hctx) { 571 /*(closes only hctx->fdtocgi)*/ 572 fdevent_event_del(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi); 573 fdevent_unregister(srv->ev, hctx->fdtocgi); 574 575 if (close(hctx->fdtocgi)) { 576 log_error_write(srv, __FILE__, __LINE__, "sds", "cgi stdin close failed ", hctx->fdtocgi, strerror(errno)); 577 } 578 hctx->fdtocgi = -1; 579 } 580 581 static void cgi_connection_close(server *srv, handler_ctx *hctx) { 582 int status; 583 pid_t pid; 584 plugin_data *p = hctx->plugin_data; 585 connection *con = hctx->remote_conn; 586 587 #ifndef __WIN32 588 589 /* the connection to the browser went away, but we still have a connection 590 * to the CGI script 591 * 592 * close cgi-connection 593 */ 594 595 if (hctx->fd != -1) { 596 /* close connection to the cgi-script */ 597 fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd); 598 fdevent_unregister(srv->ev, hctx->fd); 599 600 if (close(hctx->fd)) { 601 log_error_write(srv, __FILE__, __LINE__, "sds", "cgi close failed ", hctx->fd, strerror(errno)); 602 } 603 } 604 605 if (hctx->fdtocgi != -1) { 606 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/ 607 } 608 609 pid = hctx->pid; 610 611 con->plugin_ctx[p->id] = NULL; 612 613 cgi_handler_ctx_free(hctx); 614 615 /* if waitpid hasn't been called by response.c yet, do it here */ 616 if (pid) { 617 /* check if the CGI-script is already gone */ 618 switch(waitpid(pid, &status, WNOHANG)) { 619 case 0: 620 /* not finished yet */ 621 #if 0 622 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) child isn't done yet, pid:", pid); 623 #endif 624 break; 625 case -1: 626 /* */ 627 if (errno == EINTR) break; 628 629 /* 630 * errno == ECHILD happens if _subrequest catches the process-status before 631 * we have read the response of the cgi process 632 * 633 * -> catch status 634 * -> WAIT_FOR_EVENT 635 * -> read response 636 * -> we get here with waitpid == ECHILD 637 * 638 */ 639 if (errno != ECHILD) { 640 log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno)); 641 } 642 /* anyway: don't wait for it anymore */ 643 pid = 0; 644 break; 645 default: 646 if (WIFEXITED(status)) { 647 #if 0 648 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", pid); 649 #endif 650 } else { 651 log_error_write(srv, __FILE__, __LINE__, "sd", "cgi died, pid:", pid); 652 } 653 654 pid = 0; 655 break; 656 } 657 658 if (pid) { 659 kill(pid, SIGTERM); 660 661 /* cgi-script is still alive, queue the PID for removal */ 662 cgi_pid_add(srv, p, pid); 663 } 664 } 665 #endif 666 667 /* finish response (if not already con->file_started, con->file_finished) */ 668 if (con->mode == p->id) { 669 http_response_backend_done(srv, con); 670 } 671 } 672 673 static handler_t cgi_connection_close_callback(server *srv, connection *con, void *p_d) { 674 plugin_data *p = p_d; 675 handler_ctx *hctx = con->plugin_ctx[p->id]; 676 if (hctx) cgi_connection_close(srv, hctx); 677 678 return HANDLER_GO_ON; 679 } 680 681 682 static int cgi_write_request(server *srv, handler_ctx *hctx, int fd); 683 684 685 static handler_t cgi_handle_fdevent_send (server *srv, void *ctx, int revents) { 686 handler_ctx *hctx = ctx; 687 connection *con = hctx->remote_conn; 688 689 /*(joblist only actually necessary here in mod_cgi fdevent send if returning HANDLER_ERROR)*/ 690 joblist_append(srv, con); 691 692 if (revents & FDEVENT_OUT) { 693 if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) { 694 cgi_connection_close(srv, hctx); 695 return HANDLER_ERROR; 696 } 697 /* more request body to be sent to CGI */ 698 } 699 700 if (revents & FDEVENT_HUP) { 701 /* skip sending remaining data to CGI */ 702 if (con->request.content_length) { 703 chunkqueue *cq = con->request_content_queue; 704 chunkqueue_mark_written(cq, chunkqueue_length(cq)); 705 if (cq->bytes_in != (off_t)con->request.content_length) { 706 con->keep_alive = 0; 707 } 708 } 709 710 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/ 711 } else if (revents & FDEVENT_ERR) { 712 /* kill all connections to the cgi process */ 713 #if 1 714 log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR"); 715 #endif 716 cgi_connection_close(srv, hctx); 717 return HANDLER_ERROR; 718 } 719 720 return HANDLER_FINISHED; 721 } 722 723 724 static int cgi_recv_response(server *srv, handler_ctx *hctx) { 725 switch (cgi_demux_response(srv, hctx)) { 726 case FDEVENT_HANDLED_NOT_FINISHED: 727 break; 728 case FDEVENT_HANDLED_FINISHED: 729 /* we are done */ 730 731 #if 0 732 log_error_write(srv, __FILE__, __LINE__, "ddss", con->fd, hctx->fd, connection_get_state(con->state), "finished"); 733 #endif 734 cgi_connection_close(srv, hctx); 735 736 /* if we get a IN|HUP and have read everything don't exec the close twice */ 737 return HANDLER_FINISHED; 738 case FDEVENT_HANDLED_ERROR: 739 log_error_write(srv, __FILE__, __LINE__, "s", "demuxer failed: "); 740 741 cgi_connection_close(srv, hctx); 742 return HANDLER_FINISHED; 743 } 744 745 return HANDLER_GO_ON; 746 } 747 748 749 static handler_t cgi_handle_fdevent(server *srv, void *ctx, int revents) { 750 handler_ctx *hctx = ctx; 751 connection *con = hctx->remote_conn; 752 753 joblist_append(srv, con); 754 755 if (revents & FDEVENT_IN) { 756 handler_t rc = cgi_recv_response(srv, hctx);/*(might invalidate hctx)*/ 757 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/ 758 } 759 760 /* perhaps this issue is already handled */ 761 if (revents & FDEVENT_HUP) { 762 if (con->file_started) { 763 /* drain any remaining data from kernel pipe buffers 764 * even if (con->conf.stream_response_body 765 * & FDEVENT_STREAM_RESPONSE_BUFMIN) 766 * since event loop will spin on fd FDEVENT_HUP event 767 * until unregistered. */ 768 handler_t rc; 769 do { 770 rc = cgi_recv_response(srv,hctx);/*(might invalidate hctx)*/ 771 } while (rc == HANDLER_GO_ON); /*(unless HANDLER_GO_ON)*/ 772 return rc; /* HANDLER_FINISHED or HANDLER_ERROR */ 773 } else if (!buffer_string_is_empty(hctx->response_header)) { 774 /* unfinished header package which is a body in reality */ 775 con->file_started = 1; 776 if (0 != http_chunk_append_buffer(srv, con, hctx->response_header)) { 777 cgi_connection_close(srv, hctx); 778 return HANDLER_ERROR; 779 } 780 } else { 781 # if 0 782 log_error_write(srv, __FILE__, __LINE__, "sddd", "got HUP from cgi", con->fd, hctx->fd, revents); 783 # endif 784 } 785 cgi_connection_close(srv, hctx); 786 } else if (revents & FDEVENT_ERR) { 787 /* kill all connections to the cgi process */ 788 cgi_connection_close(srv, hctx); 789 #if 1 790 log_error_write(srv, __FILE__, __LINE__, "s", "cgi-FDEVENT_ERR"); 791 #endif 792 return HANDLER_ERROR; 793 } 794 795 return HANDLER_FINISHED; 796 } 797 798 799 static int cgi_env_add(char_array *env, const char *key, size_t key_len, const char *val, size_t val_len) { 800 char *dst; 801 802 if (!key || !val) return -1; 803 804 dst = malloc(key_len + val_len + 2); 805 force_assert(dst); 806 memcpy(dst, key, key_len); 807 dst[key_len] = '='; 808 memcpy(dst + key_len + 1, val, val_len); 809 dst[key_len + 1 + val_len] = '\0'; 810 811 if (env->size == 0) { 812 env->size = 16; 813 env->ptr = malloc(env->size * sizeof(*env->ptr)); 814 force_assert(env->ptr); 815 } else if (env->size == env->used) { 816 env->size += 16; 817 env->ptr = realloc(env->ptr, env->size * sizeof(*env->ptr)); 818 force_assert(env->ptr); 819 } 820 821 env->ptr[env->used++] = dst; 822 823 return 0; 824 } 825 826 /* returns: 0: continue, -1: fatal error, -2: connection reset */ 827 /* similar to network_write_file_chunk_mmap, but doesn't use send on windows (because we're on pipes), 828 * also mmaps and sends complete chunk instead of only small parts - the files 829 * are supposed to be temp files with reasonable chunk sizes. 830 * 831 * Also always use mmap; the files are "trusted", as we created them. 832 */ 833 static ssize_t cgi_write_file_chunk_mmap(server *srv, connection *con, int fd, chunkqueue *cq) { 834 chunk* const c = cq->first; 835 off_t offset, toSend, file_end; 836 ssize_t r; 837 size_t mmap_offset, mmap_avail; 838 char *data; 839 840 force_assert(NULL != c); 841 force_assert(FILE_CHUNK == c->type); 842 force_assert(c->offset >= 0 && c->offset <= c->file.length); 843 844 offset = c->file.start + c->offset; 845 toSend = c->file.length - c->offset; 846 file_end = c->file.start + c->file.length; /* offset to file end in this chunk */ 847 848 if (0 == toSend) { 849 chunkqueue_remove_finished_chunks(cq); 850 return 0; 851 } 852 853 if (0 != network_open_file_chunk(srv, con, cq)) return -1; 854 855 /* (re)mmap the buffer if range is not covered completely */ 856 if (MAP_FAILED == c->file.mmap.start 857 || offset < c->file.mmap.offset 858 || file_end > (off_t)(c->file.mmap.offset + c->file.mmap.length)) { 859 860 if (MAP_FAILED != c->file.mmap.start) { 861 munmap(c->file.mmap.start, c->file.mmap.length); 862 c->file.mmap.start = MAP_FAILED; 863 } 864 865 c->file.mmap.offset = mmap_align_offset(offset); 866 c->file.mmap.length = file_end - c->file.mmap.offset; 867 868 if (MAP_FAILED == (c->file.mmap.start = mmap(NULL, c->file.mmap.length, PROT_READ, MAP_PRIVATE, c->file.fd, c->file.mmap.offset))) { 869 if (toSend > 65536) toSend = 65536; 870 data = malloc(toSend); 871 force_assert(data); 872 if (-1 == lseek(c->file.fd, offset, SEEK_SET) 873 || 0 >= (toSend = read(c->file.fd, data, toSend))) { 874 if (-1 == toSend) { 875 log_error_write(srv, __FILE__, __LINE__, "ssbdo", "lseek/read failed:", 876 strerror(errno), c->file.name, c->file.fd, offset); 877 } else { /*(0 == toSend)*/ 878 log_error_write(srv, __FILE__, __LINE__, "sbdo", "unexpected EOF (input truncated?):", 879 c->file.name, c->file.fd, offset); 880 } 881 free(data); 882 return -1; 883 } 884 } 885 } 886 887 if (MAP_FAILED != c->file.mmap.start) { 888 force_assert(offset >= c->file.mmap.offset); 889 mmap_offset = offset - c->file.mmap.offset; 890 force_assert(c->file.mmap.length > mmap_offset); 891 mmap_avail = c->file.mmap.length - mmap_offset; 892 force_assert(toSend <= (off_t) mmap_avail); 893 894 data = c->file.mmap.start + mmap_offset; 895 } 896 897 r = write(fd, data, toSend); 898 899 if (MAP_FAILED == c->file.mmap.start) free(data); 900 901 if (r < 0) { 902 switch (errno) { 903 case EAGAIN: 904 case EINTR: 905 return 0; 906 case EPIPE: 907 case ECONNRESET: 908 return -2; 909 default: 910 log_error_write(srv, __FILE__, __LINE__, "ssd", 911 "write failed:", strerror(errno), fd); 912 return -1; 913 } 914 } 915 916 if (r >= 0) { 917 chunkqueue_mark_written(cq, r); 918 } 919 920 return r; 921 } 922 923 static int cgi_write_request(server *srv, handler_ctx *hctx, int fd) { 924 connection *con = hctx->remote_conn; 925 chunkqueue *cq = con->request_content_queue; 926 chunk *c; 927 928 /* old comment: windows doesn't support select() on pipes - wouldn't be easy to fix for all platforms. 929 * solution: if this is still a problem on windows, then substitute 930 * socketpair() for pipe() and closesocket() for close() on windows. 931 */ 932 933 for (c = cq->first; c; c = cq->first) { 934 ssize_t r = -1; 935 936 switch(c->type) { 937 case FILE_CHUNK: 938 r = cgi_write_file_chunk_mmap(srv, con, fd, cq); 939 break; 940 941 case MEM_CHUNK: 942 if ((r = write(fd, c->mem->ptr + c->offset, buffer_string_length(c->mem) - c->offset)) < 0) { 943 switch(errno) { 944 case EAGAIN: 945 case EINTR: 946 /* ignore and try again */ 947 r = 0; 948 break; 949 case EPIPE: 950 case ECONNRESET: 951 /* connection closed */ 952 r = -2; 953 break; 954 default: 955 /* fatal error */ 956 log_error_write(srv, __FILE__, __LINE__, "ss", "write failed due to: ", strerror(errno)); 957 r = -1; 958 break; 959 } 960 } else if (r > 0) { 961 chunkqueue_mark_written(cq, r); 962 } 963 break; 964 } 965 966 if (0 == r) break; /*(might block)*/ 967 968 switch (r) { 969 case -1: 970 /* fatal error */ 971 return -1; 972 case -2: 973 /* connection reset */ 974 log_error_write(srv, __FILE__, __LINE__, "s", "failed to send post data to cgi, connection closed by CGI"); 975 /* skip all remaining data */ 976 chunkqueue_mark_written(cq, chunkqueue_length(cq)); 977 break; 978 default: 979 break; 980 } 981 } 982 983 if (cq->bytes_out == (off_t)con->request.content_length) { 984 /* sent all request body input */ 985 /* close connection to the cgi-script */ 986 if (-1 == hctx->fdtocgi) { /*(received request body sent in initial send to pipe buffer)*/ 987 if (close(fd)) { 988 log_error_write(srv, __FILE__, __LINE__, "sds", "cgi stdin close failed ", fd, strerror(errno)); 989 } 990 } else { 991 cgi_connection_close_fdtocgi(srv, hctx); /*(closes only hctx->fdtocgi)*/ 992 } 993 } else { 994 off_t cqlen = cq->bytes_in - cq->bytes_out; 995 if (cq->bytes_in < (off_t)con->request.content_length && cqlen < 65536 - 16384) { 996 /*(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST)*/ 997 if (!(con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_POLLIN)) { 998 con->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN; 999 con->is_readable = 1; /* trigger optimistic read from client */ 1000 } 1001 } 1002 if (-1 == hctx->fdtocgi) { /*(not registered yet)*/ 1003 hctx->fdtocgi = fd; 1004 hctx->fde_ndx_tocgi = -1; 1005 fdevent_register(srv->ev, hctx->fdtocgi, cgi_handle_fdevent_send, hctx); 1006 } 1007 if (0 == cqlen) { /*(chunkqueue_is_empty(cq))*/ 1008 if ((fdevent_event_get_interest(srv->ev, hctx->fdtocgi) & FDEVENT_OUT)) { 1009 fdevent_event_set(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi, 0); 1010 } 1011 } else { 1012 /* more request body remains to be sent to CGI so register for fdevents */ 1013 fdevent_event_set(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi, FDEVENT_OUT); 1014 } 1015 } 1016 1017 return 0; 1018 } 1019 1020 static int cgi_create_env(server *srv, connection *con, plugin_data *p, handler_ctx *hctx, buffer *cgi_handler) { 1021 pid_t pid; 1022 1023 #ifdef HAVE_IPV6 1024 char b2[INET6_ADDRSTRLEN + 1]; 1025 #endif 1026 1027 int to_cgi_fds[2]; 1028 int from_cgi_fds[2]; 1029 struct stat st; 1030 1031 #ifndef __WIN32 1032 1033 if (!buffer_string_is_empty(cgi_handler)) { 1034 /* stat the exec file */ 1035 if (-1 == (stat(cgi_handler->ptr, &st))) { 1036 log_error_write(srv, __FILE__, __LINE__, "sbss", 1037 "stat for cgi-handler", cgi_handler, 1038 "failed:", strerror(errno)); 1039 return -1; 1040 } 1041 } 1042 1043 if (pipe(to_cgi_fds)) { 1044 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno)); 1045 return -1; 1046 } 1047 1048 if (pipe(from_cgi_fds)) { 1049 close(to_cgi_fds[0]); 1050 close(to_cgi_fds[1]); 1051 log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno)); 1052 return -1; 1053 } 1054 1055 /* fork, execve */ 1056 switch (pid = fork()) { 1057 case 0: { 1058 /* child */ 1059 char **args; 1060 int argc; 1061 int i = 0; 1062 char buf[LI_ITOSTRING_LENGTH]; 1063 size_t n; 1064 char_array env; 1065 char *c; 1066 const char *s; 1067 server_socket *srv_sock = con->srv_socket; 1068 1069 /* move stdout to from_cgi_fd[1] */ 1070 close(STDOUT_FILENO); 1071 dup2(from_cgi_fds[1], STDOUT_FILENO); 1072 close(from_cgi_fds[1]); 1073 /* not needed */ 1074 close(from_cgi_fds[0]); 1075 1076 /* move the stdin to to_cgi_fd[0] */ 1077 close(STDIN_FILENO); 1078 dup2(to_cgi_fds[0], STDIN_FILENO); 1079 close(to_cgi_fds[0]); 1080 /* not needed */ 1081 close(to_cgi_fds[1]); 1082 1083 /* create environment */ 1084 env.ptr = NULL; 1085 env.size = 0; 1086 env.used = 0; 1087 1088 cgi_env_add(&env, CONST_STR_LEN("SERVER_SOFTWARE"), CONST_BUF_LEN(con->conf.server_tag)); 1089 1090 if (!buffer_string_is_empty(con->server_name)) { 1091 size_t len = buffer_string_length(con->server_name); 1092 1093 if (con->server_name->ptr[0] == '[') { 1094 const char *colon = strstr(con->server_name->ptr, "]:"); 1095 if (colon) len = (colon + 1) - con->server_name->ptr; 1096 } else { 1097 const char *colon = strchr(con->server_name->ptr, ':'); 1098 if (colon) len = colon - con->server_name->ptr; 1099 } 1100 1101 cgi_env_add(&env, CONST_STR_LEN("SERVER_NAME"), con->server_name->ptr, len); 1102 } else { 1103 #ifdef HAVE_IPV6 1104 s = inet_ntop( 1105 srv_sock->addr.plain.sa_family, 1106 srv_sock->addr.plain.sa_family == AF_INET6 ? 1107 (const void *) &(srv_sock->addr.ipv6.sin6_addr) : 1108 (const void *) &(srv_sock->addr.ipv4.sin_addr), 1109 b2, sizeof(b2)-1); 1110 #else 1111 s = inet_ntoa(srv_sock->addr.ipv4.sin_addr); 1112 #endif 1113 force_assert(s); 1114 cgi_env_add(&env, CONST_STR_LEN("SERVER_NAME"), s, strlen(s)); 1115 } 1116 cgi_env_add(&env, CONST_STR_LEN("GATEWAY_INTERFACE"), CONST_STR_LEN("CGI/1.1")); 1117 1118 s = get_http_version_name(con->request.http_version); 1119 force_assert(s); 1120 cgi_env_add(&env, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s)); 1121 1122 li_utostrn(buf, sizeof(buf), 1123 #ifdef HAVE_IPV6 1124 ntohs(srv_sock->addr.plain.sa_family == AF_INET6 ? srv_sock->addr.ipv6.sin6_port : srv_sock->addr.ipv4.sin_port) 1125 #else 1126 ntohs(srv_sock->addr.ipv4.sin_port) 1127 #endif 1128 ); 1129 cgi_env_add(&env, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf)); 1130 1131 switch (srv_sock->addr.plain.sa_family) { 1132 #ifdef HAVE_IPV6 1133 case AF_INET6: 1134 s = inet_ntop( 1135 srv_sock->addr.plain.sa_family, 1136 (const void *) &(srv_sock->addr.ipv6.sin6_addr), 1137 b2, sizeof(b2)-1); 1138 break; 1139 case AF_INET: 1140 s = inet_ntop( 1141 srv_sock->addr.plain.sa_family, 1142 (const void *) &(srv_sock->addr.ipv4.sin_addr), 1143 b2, sizeof(b2)-1); 1144 break; 1145 #else 1146 case AF_INET: 1147 s = inet_ntoa(srv_sock->addr.ipv4.sin_addr); 1148 break; 1149 #endif 1150 default: 1151 s = ""; 1152 break; 1153 } 1154 force_assert(s); 1155 cgi_env_add(&env, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s)); 1156 1157 s = get_http_method_name(con->request.http_method); 1158 force_assert(s); 1159 cgi_env_add(&env, CONST_STR_LEN("REQUEST_METHOD"), s, strlen(s)); 1160 1161 if (!buffer_string_is_empty(con->request.pathinfo)) { 1162 cgi_env_add(&env, CONST_STR_LEN("PATH_INFO"), CONST_BUF_LEN(con->request.pathinfo)); 1163 } 1164 if (!buffer_string_is_empty(con->uri.query)) { 1165 cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query)); 1166 } else { 1167 cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_STR_LEN("")); 1168 } 1169 if (con->error_handler_saved_status >= 0) { 1170 cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.uri)); 1171 } else { 1172 cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)); 1173 } 1174 /* set REDIRECT_STATUS for php compiled with --force-redirect 1175 * (if REDIRECT_STATUS has not already been set by error handler) */ 1176 if (0 == con->error_handler_saved_status) { 1177 cgi_env_add(&env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200")); 1178 } 1179 1180 1181 switch (con->dst_addr.plain.sa_family) { 1182 #ifdef HAVE_IPV6 1183 case AF_INET6: 1184 s = inet_ntop( 1185 con->dst_addr.plain.sa_family, 1186 (const void *) &(con->dst_addr.ipv6.sin6_addr), 1187 b2, sizeof(b2)-1); 1188 break; 1189 case AF_INET: 1190 s = inet_ntop( 1191 con->dst_addr.plain.sa_family, 1192 (const void *) &(con->dst_addr.ipv4.sin_addr), 1193 b2, sizeof(b2)-1); 1194 break; 1195 #else 1196 case AF_INET: 1197 s = inet_ntoa(con->dst_addr.ipv4.sin_addr); 1198 break; 1199 #endif 1200 default: 1201 s = ""; 1202 break; 1203 } 1204 force_assert(s); 1205 cgi_env_add(&env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s)); 1206 1207 li_utostrn(buf, sizeof(buf), 1208 #ifdef HAVE_IPV6 1209 ntohs(con->dst_addr.plain.sa_family == AF_INET6 ? con->dst_addr.ipv6.sin6_port : con->dst_addr.ipv4.sin_port) 1210 #else 1211 ntohs(con->dst_addr.ipv4.sin_port) 1212 #endif 1213 ); 1214 cgi_env_add(&env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf)); 1215 1216 if (buffer_is_equal_caseless_string(con->uri.scheme, CONST_STR_LEN("https"))) { 1217 cgi_env_add(&env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")); 1218 } 1219 1220 li_itostrn(buf, sizeof(buf), con->request.content_length); 1221 cgi_env_add(&env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf)); 1222 cgi_env_add(&env, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(con->physical.path)); 1223 cgi_env_add(&env, CONST_STR_LEN("SCRIPT_NAME"), CONST_BUF_LEN(con->uri.path)); 1224 cgi_env_add(&env, CONST_STR_LEN("DOCUMENT_ROOT"), CONST_BUF_LEN(con->physical.basedir)); 1225 1226 /* for valgrind */ 1227 if (NULL != (s = getenv("LD_PRELOAD"))) { 1228 cgi_env_add(&env, CONST_STR_LEN("LD_PRELOAD"), s, strlen(s)); 1229 } 1230 1231 if (NULL != (s = getenv("LD_LIBRARY_PATH"))) { 1232 cgi_env_add(&env, CONST_STR_LEN("LD_LIBRARY_PATH"), s, strlen(s)); 1233 } 1234 #ifdef __CYGWIN__ 1235 /* CYGWIN needs SYSTEMROOT */ 1236 if (NULL != (s = getenv("SYSTEMROOT"))) { 1237 cgi_env_add(&env, CONST_STR_LEN("SYSTEMROOT"), s, strlen(s)); 1238 } 1239 #endif 1240 1241 for (n = 0; n < con->request.headers->used; n++) { 1242 data_string *ds; 1243 1244 ds = (data_string *)con->request.headers->data[n]; 1245 1246 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) { 1247 buffer_copy_string_encoded_cgi_varnames(p->tmp_buf, CONST_BUF_LEN(ds->key), 1); 1248 1249 cgi_env_add(&env, CONST_BUF_LEN(p->tmp_buf), CONST_BUF_LEN(ds->value)); 1250 } 1251 } 1252 1253 for (n = 0; n < con->environment->used; n++) { 1254 data_string *ds; 1255 1256 ds = (data_string *)con->environment->data[n]; 1257 1258 if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) { 1259 buffer_copy_string_encoded_cgi_varnames(p->tmp_buf, CONST_BUF_LEN(ds->key), 0); 1260 1261 cgi_env_add(&env, CONST_BUF_LEN(p->tmp_buf), CONST_BUF_LEN(ds->value)); 1262 } 1263 } 1264 1265 if (env.size == env.used) { 1266 env.size += 16; 1267 env.ptr = realloc(env.ptr, env.size * sizeof(*env.ptr)); 1268 } 1269 1270 env.ptr[env.used] = NULL; 1271 1272 /* set up args */ 1273 argc = 3; 1274 args = malloc(sizeof(*args) * argc); 1275 force_assert(args); 1276 i = 0; 1277 1278 if (!buffer_string_is_empty(cgi_handler)) { 1279 args[i++] = cgi_handler->ptr; 1280 } 1281 args[i++] = con->physical.path->ptr; 1282 args[i ] = NULL; 1283 1284 /* search for the last / */ 1285 if (NULL != (c = strrchr(con->physical.path->ptr, '/'))) { 1286 /* handle special case of file in root directory */ 1287 const char* physdir = (c == con->physical.path->ptr) ? "/" : con->physical.path->ptr; 1288 1289 /* temporarily shorten con->physical.path to directory without terminating '/' */ 1290 *c = '\0'; 1291 /* change to the physical directory */ 1292 if (-1 == chdir(physdir)) { 1293 log_error_write(srv, __FILE__, __LINE__, "ssb", "chdir failed:", strerror(errno), con->physical.path); 1294 } 1295 *c = '/'; 1296 } 1297 1298 /* we don't need the client socket */ 1299 for (i = 3; i < 256; i++) { 1300 if (i != srv->errorlog_fd) close(i); 1301 } 1302 1303 /* exec the cgi */ 1304 execve(args[0], args, env.ptr); 1305 1306 /* most log files may have been closed/redirected by this point, 1307 * though stderr might still point to lighttpd.breakage.log */ 1308 perror(args[0]); 1309 _exit(1); 1310 } 1311 case -1: 1312 /* error */ 1313 log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno)); 1314 close(from_cgi_fds[0]); 1315 close(from_cgi_fds[1]); 1316 close(to_cgi_fds[0]); 1317 close(to_cgi_fds[1]); 1318 return -1; 1319 default: { 1320 /* parent process */ 1321 1322 close(from_cgi_fds[1]); 1323 close(to_cgi_fds[0]); 1324 1325 /* register PID and wait for them asynchronously */ 1326 1327 hctx->pid = pid; 1328 hctx->fd = from_cgi_fds[0]; 1329 hctx->fde_ndx = -1; 1330 1331 if (0 == con->request.content_length) { 1332 close(to_cgi_fds[1]); 1333 } else { 1334 /* there is content to send */ 1335 if (-1 == fdevent_fcntl_set(srv->ev, to_cgi_fds[1])) { 1336 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno)); 1337 close(to_cgi_fds[1]); 1338 cgi_connection_close(srv, hctx); 1339 return -1; 1340 } 1341 1342 if (0 != cgi_write_request(srv, hctx, to_cgi_fds[1])) { 1343 close(to_cgi_fds[1]); 1344 cgi_connection_close(srv, hctx); 1345 return -1; 1346 } 1347 } 1348 1349 fdevent_register(srv->ev, hctx->fd, cgi_handle_fdevent, hctx); 1350 fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 1351 1352 if (-1 == fdevent_fcntl_set(srv->ev, hctx->fd)) { 1353 log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno)); 1354 cgi_connection_close(srv, hctx); 1355 return -1; 1356 } 1357 1358 break; 1359 } 1360 } 1361 1362 return 0; 1363 #else 1364 return -1; 1365 #endif 1366 } 1367 1368 static buffer * cgi_get_handler(array *a, buffer *fn) { 1369 size_t k, s_len = buffer_string_length(fn); 1370 for (k = 0; k < a->used; ++k) { 1371 data_string *ds = (data_string *)a->data[k]; 1372 size_t ct_len = buffer_string_length(ds->key); 1373 1374 if (buffer_is_empty(ds->key)) continue; 1375 if (s_len < ct_len) continue; 1376 1377 if (0 == strncmp(fn->ptr + s_len - ct_len, ds->key->ptr, ct_len)) { 1378 return ds->value; 1379 } 1380 } 1381 1382 return NULL; 1383 } 1384 1385 #define PATCH(x) \ 1386 p->conf.x = s->x; 1387 static int mod_cgi_patch_connection(server *srv, connection *con, plugin_data *p) { 1388 size_t i, j; 1389 plugin_config *s = p->config_storage[0]; 1390 1391 PATCH(cgi); 1392 PATCH(execute_x_only); 1393 PATCH(xsendfile_allow); 1394 PATCH(xsendfile_docroot); 1395 1396 /* skip the first, the global context */ 1397 for (i = 1; i < srv->config_context->used; i++) { 1398 data_config *dc = (data_config *)srv->config_context->data[i]; 1399 s = p->config_storage[i]; 1400 1401 /* condition didn't match */ 1402 if (!config_check_cond(srv, con, dc)) continue; 1403 1404 /* merge config */ 1405 for (j = 0; j < dc->value->used; j++) { 1406 data_unset *du = dc->value->data[j]; 1407 1408 if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.assign"))) { 1409 PATCH(cgi); 1410 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.execute-x-only"))) { 1411 PATCH(execute_x_only); 1412 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile"))) { 1413 PATCH(xsendfile_allow); 1414 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile-docroot"))) { 1415 PATCH(xsendfile_docroot); 1416 } 1417 } 1418 } 1419 1420 return 0; 1421 } 1422 #undef PATCH 1423 1424 URIHANDLER_FUNC(cgi_is_handled) { 1425 plugin_data *p = p_d; 1426 buffer *fn = con->physical.path; 1427 stat_cache_entry *sce = NULL; 1428 1429 if (con->mode != DIRECT) return HANDLER_GO_ON; 1430 1431 if (buffer_is_empty(fn)) return HANDLER_GO_ON; 1432 1433 mod_cgi_patch_connection(srv, con, p); 1434 1435 if (HANDLER_ERROR == stat_cache_get_entry(srv, con, con->physical.path, &sce)) return HANDLER_GO_ON; 1436 if (!S_ISREG(sce->st.st_mode)) return HANDLER_GO_ON; 1437 if (p->conf.execute_x_only == 1 && (sce->st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) return HANDLER_GO_ON; 1438 1439 if (NULL != cgi_get_handler(p->conf.cgi, fn)) { 1440 handler_ctx *hctx = cgi_handler_ctx_init(); 1441 hctx->remote_conn = con; 1442 hctx->plugin_data = p; 1443 con->plugin_ctx[p->id] = hctx; 1444 con->mode = p->id; 1445 } 1446 1447 return HANDLER_GO_ON; 1448 } 1449 1450 TRIGGER_FUNC(cgi_trigger) { 1451 plugin_data *p = p_d; 1452 size_t ndx; 1453 /* the trigger handle only cares about lonely PID which we have to wait for */ 1454 #ifndef __WIN32 1455 1456 for (ndx = 0; ndx < p->cgi_pid.used; ndx++) { 1457 int status; 1458 1459 switch(waitpid(p->cgi_pid.ptr[ndx], &status, WNOHANG)) { 1460 case 0: 1461 /* not finished yet */ 1462 #if 0 1463 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) child isn't done yet, pid:", p->cgi_pid.ptr[ndx]); 1464 #endif 1465 break; 1466 case -1: 1467 if (errno == ECHILD) { 1468 /* someone else called waitpid... remove the pid to stop looping the error each time */ 1469 log_error_write(srv, __FILE__, __LINE__, "s", "cgi child vanished, probably someone else called waitpid"); 1470 1471 cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]); 1472 ndx--; 1473 continue; 1474 } 1475 1476 log_error_write(srv, __FILE__, __LINE__, "ss", "waitpid failed: ", strerror(errno)); 1477 1478 return HANDLER_ERROR; 1479 default: 1480 1481 if (WIFEXITED(status)) { 1482 #if 0 1483 log_error_write(srv, __FILE__, __LINE__, "sd", "(debug) cgi exited fine, pid:", p->cgi_pid.ptr[ndx]); 1484 #endif 1485 } else if (WIFSIGNALED(status)) { 1486 /* FIXME: what if we killed the CGI script with a kill(..., SIGTERM) ? 1487 */ 1488 if (WTERMSIG(status) != SIGTERM) { 1489 log_error_write(srv, __FILE__, __LINE__, "sd", "cleaning up CGI: process died with signal", WTERMSIG(status)); 1490 } 1491 } else { 1492 log_error_write(srv, __FILE__, __LINE__, "s", "cleaning up CGI: ended unexpectedly"); 1493 } 1494 1495 cgi_pid_del(srv, p, p->cgi_pid.ptr[ndx]); 1496 /* del modified the buffer structure 1497 * and copies the last entry to the current one 1498 * -> recheck the current index 1499 */ 1500 ndx--; 1501 } 1502 } 1503 #endif 1504 return HANDLER_GO_ON; 1505 } 1506 1507 /* 1508 * - HANDLER_GO_ON : not our job 1509 * - HANDLER_FINISHED: got response 1510 * - HANDLER_WAIT_FOR_EVENT: waiting for response 1511 */ 1512 SUBREQUEST_FUNC(mod_cgi_handle_subrequest) { 1513 plugin_data *p = p_d; 1514 handler_ctx *hctx = con->plugin_ctx[p->id]; 1515 chunkqueue *cq = con->request_content_queue; 1516 1517 if (con->mode != p->id) return HANDLER_GO_ON; 1518 if (NULL == hctx) return HANDLER_GO_ON; 1519 1520 if ((con->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) 1521 && con->file_started) { 1522 if (chunkqueue_length(con->write_queue) > 65536 - 4096) { 1523 fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN); 1524 } else if (!(fdevent_event_get_interest(srv->ev, hctx->fd) & FDEVENT_IN)) { 1525 /* optimistic read from backend, which might re-enable FDEVENT_IN */ 1526 handler_t rc = cgi_recv_response(srv, hctx); /*(might invalidate hctx)*/ 1527 if (rc != HANDLER_GO_ON) return rc; /*(unless HANDLER_GO_ON)*/ 1528 } 1529 } 1530 1531 if (cq->bytes_in != (off_t)con->request.content_length) { 1532 /*(64k - 4k to attempt to avoid temporary files 1533 * in conjunction with FDEVENT_STREAM_REQUEST_BUFMIN)*/ 1534 if (cq->bytes_in - cq->bytes_out > 65536 - 4096 1535 && (con->conf.stream_request_body & FDEVENT_STREAM_REQUEST_BUFMIN)){ 1536 con->conf.stream_request_body &= ~FDEVENT_STREAM_REQUEST_POLLIN; 1537 if (-1 != hctx->fd) return HANDLER_WAIT_FOR_EVENT; 1538 } else { 1539 handler_t r = connection_handle_read_post_state(srv, con); 1540 if (!chunkqueue_is_empty(cq)) { 1541 if (fdevent_event_get_interest(srv->ev, hctx->fdtocgi) & FDEVENT_OUT) { 1542 return (r == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : r; 1543 } 1544 } 1545 if (r != HANDLER_GO_ON) return r; 1546 } 1547 } 1548 1549 if (-1 == hctx->fd) { 1550 buffer *handler = cgi_get_handler(p->conf.cgi, con->physical.path); 1551 if (!handler) return HANDLER_GO_ON; /*(should not happen; checked in cgi_is_handled())*/ 1552 if (cgi_create_env(srv, con, p, hctx, handler)) { 1553 con->http_status = 500; 1554 con->mode = DIRECT; 1555 1556 return HANDLER_FINISHED; 1557 } 1558 #if 0 1559 log_error_write(srv, __FILE__, __LINE__, "sdd", "subrequest, pid =", hctx, hctx->pid); 1560 #endif 1561 } else if (!chunkqueue_is_empty(con->request_content_queue)) { 1562 if (0 != cgi_write_request(srv, hctx, hctx->fdtocgi)) { 1563 cgi_connection_close(srv, hctx); 1564 return HANDLER_ERROR; 1565 } 1566 } 1567 1568 /* if not done, wait for CGI to close stdout, so we read EOF on pipe */ 1569 return HANDLER_WAIT_FOR_EVENT; 1570 } 1571 1572 1573 int mod_cgi_plugin_init(plugin *p); 1574 int mod_cgi_plugin_init(plugin *p) { 1575 p->version = LIGHTTPD_VERSION_ID; 1576 p->name = buffer_init_string("cgi"); 1577 1578 p->connection_reset = cgi_connection_close_callback; 1579 p->handle_subrequest_start = cgi_is_handled; 1580 p->handle_subrequest = mod_cgi_handle_subrequest; 1581 p->handle_trigger = cgi_trigger; 1582 p->init = mod_cgi_init; 1583 p->cleanup = mod_cgi_free; 1584 p->set_defaults = mod_fastcgi_set_defaults; 1585 1586 p->data = NULL; 1587 1588 return 0; 1589 } 1590